Debian Patches
Status for musl/1.2.5-3.1~deb13u1
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| static-pie.patch | Enable linking to a static position independent executable This also enables address space layout randomization (ASLR). $ cat hello.c int main() { printf("main = 0x%lxd\n", main); return 0; } $ gcc -fPIE -static-pie -o hello hello.c -specs musl-gcc.specs $ ldd hello statically linked $ file hello $ ./hello main = 0x7f858c4e72b9d $ ./hello main = 0x7f0854d312b9d $ ./hello main = 0x7f7179a1d2b9d $ ./hello main = 0x7f37f981b2b9d $ readelf -l hello Elf file type is DYN (Shared object file) Entry point 0x104f There are 7 program headers, starting at offset 64 Program Headers: Type Offset VirtAddr PhysAddr FileSiz MemSiz Flags Align LOAD 0x0000000000000000 0x0000000000000000 0x0000000000000000 0x0000000000000308 0x0000000000000308 R 0x1000 LOAD 0x0000000000001000 0x0000000000001000 0x0000000000001000 0x0000000000003eb7 0x0000000000003eb7 R E 0x1000 LOAD 0x0000000000005000 0x0000000000005000 0x0000000000005000 0x000000000000136c 0x000000000000136c R 0x1000 LOAD 0x0000000000006e50 0x0000000000007e50 0x0000000000007e50 0x00000000000002e0 0x00000000000009a0 RW 0x1000 DYNAMIC 0x0000000000006e70 0x0000000000007e70 0x0000000000007e70 0x0000000000000180 0x0000000000000180 RW 0x8 GNU_STACK 0x0000000000000000 0x0000000000000000 0x0000000000000000 0x0000000000000000 0x0000000000000000 RW 0x10 GNU_RELRO 0x0000000000006e50 0x0000000000007e50 0x0000000000007e50 0x00000000000001b0 0x00000000000001b0 R 0x1 Section to Segment mapping: Segment Sections... 00 .hash .gnu.hash .dynsym .dynstr .rela.dyn 01 .init .plt .text .fini 02 .rodata .eh_frame 03 .init_array .fini_array .data.rel.ro .dynamic .got .got.plt .data .bss 04 .dynamic 05 06 .init_array .fini_array .data.rel.ro .dynamic .got |
Harald Hoyer <harald@redhat.com> | no | debian | https://www.openwall.com/lists/musl/2020/04/27/2 | 2020-04-27 |
| CVE-2025-26519-0001_iconv_fix_erroneous_input_validation_in_EUC_KR_decod.patch | iconv: fix erroneous input validation in EUC-KR decoder as a result of incorrect bounds checking on the lead byte being decoded, certain invalid inputs which should produce an encoding error, such as "\xc8\x41", instead produced out-of-bounds loads from the ksc table. in a worst case, the loaded value may not be a valid unicode scalar value, in which case, if the output encoding was UTF-8, wctomb would return (size_t)-1, causing an overflow in the output pointer and remaining buffer size which could clobber memory outside of the output buffer. bug report was submitted in private by Nick Wellnhofer on account of potential security implications. |
Rich Felker <dalias@aerifal.cx> | no | debian | 2025-02-09 | |
| CVE-2025-26519-0002_iconv_harden_UTF_8_output_code_path_against_input_de.patch | iconv: harden UTF-8 output code path against input decoder bugs the UTF-8 output code was written assuming an invariant that iconv's decoders only emit valid Unicode Scalar Values which wctomb can encode successfully, thereby always returning a value between 1 and 4. if this invariant is not satisfied, wctomb returns (size_t)-1, and the subsequent adjustments to the output buffer pointer and remaining output byte count overflow, moving the output position backwards, potentially past the beginning of the buffer, without storing any bytes. |
Rich Felker <dalias@aerifal.cx> | no | debian | 2025-02-12 | |
| renameat2.patch | add renameat2 linux syscall wrapper This syscall is available since Linux 3.15 and also implemented in glibc from version 2.28. It is commonly used in filesystem or security contexts. Constants RENAME_NOREPLACE, RENAME_EXCHANGE, RENAME_WHITEOUT are guarded by _GNU_SOURCE as with glibc. |
Tony Ambardar <tony.ambardar@gmail.com> | no | 2024-05-06 | ||
| 0001-fix-pathological-slowness-incorrect-mappings-in-icon.patch | fix pathological slowness & incorrect mappings in iconv gb18030 decoder in order to implement the "UTF" aspect of gb18030 (ability to represent arbitrary unicode characters not present in the 2-byte mapping), we have to apply the index obtained from the encoded 4-byte sequence into the set of unmapped characters. this was done by scanning repeatedly over the table of mapped characters and counting off mapped characters below a running index by which to adjust the running index by on each iteration. this iterative process eventually leaves us with the value of the Nth unmapped character replacing the index, but depending on which particular character that is, the number of iterations needed to find it can be in the tens of thousands, and each iteration traverses the whole 126x190 table in the inner loop. this can lead to run times exceeding an entire second per character on moderate-speed machines. on top of that, the transformation logic produced wrong results for BMP characters above the the surrogate range, as a result of not correctly accounting for it being excluded, and for characters outside the BMP, as a result of a misunderstanding of how gb18030 encodes them. this patch replaces the unmapped character lookup with a single linear search of a list of unmapped ranges. there are only 206 such ranges, and these are permanently assigned and unchangeable as a consequence of the character encoding having to be stable, so a simple array of 16-bit start/length values for each range consumes only 824 bytes, a very reasonable size cost here. this new table accounts for the previously-incorrect surrogate handling, and non-BMP characters are handled correctly by a single offset, without the need for any unmapped-range search. there are still a small number of mappings that are incorrect due to late changes made in the definition of gb18030, swapping PUA codepoints with proper Unicode characters. correcting these requires a postprocessing step that will be added later. |
Rich Felker <dalias@aerifal.cx> | no | 2026-03-30 | ||
| 0002-qsort-fix-leonardo-heap-corruption-from-bug-in-doubl.patch | qsort: fix leonardo heap corruption from bug in doubleword ctz primitive the pntz function, implementing a "count trailing zeros" variant for a bit vector consisting of two size_t words, erroneously returned zero rather than the number of bits in the low word when the first bit set was the low bit of the high word. as a result, a loop in the trinkle function which should have a guaranteed small bound on the number of iterations, could run unboundedly, thereby overflowing a stack-based working-space array which was sized for the bound. CVE-2026-40200 has been assigned for this issue. |
Rich Felker <dalias@aerifal.cx> | no | 2026-04-09 |
All known versions for source package 'musl'
- 1.2.6-1 (forky, sid)
- 1.2.5-3.1~deb13u1 (trixie)
- 1.2.3-1 (bookworm)