Debian Patches
Status for musl/1.2.6-1
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| static-pie.patch | Enable linking to a static position independent executable This also enables address space layout randomization (ASLR). $ cat hello.c int main() { printf("main = 0x%lxd\n", main); return 0; } $ gcc -fPIE -static-pie -o hello hello.c -specs musl-gcc.specs $ ldd hello statically linked $ file hello $ ./hello main = 0x7f858c4e72b9d $ ./hello main = 0x7f0854d312b9d $ ./hello main = 0x7f7179a1d2b9d $ ./hello main = 0x7f37f981b2b9d $ readelf -l hello Elf file type is DYN (Shared object file) Entry point 0x104f There are 7 program headers, starting at offset 64 Program Headers: Type Offset VirtAddr PhysAddr FileSiz MemSiz Flags Align LOAD 0x0000000000000000 0x0000000000000000 0x0000000000000000 0x0000000000000308 0x0000000000000308 R 0x1000 LOAD 0x0000000000001000 0x0000000000001000 0x0000000000001000 0x0000000000003eb7 0x0000000000003eb7 R E 0x1000 LOAD 0x0000000000005000 0x0000000000005000 0x0000000000005000 0x000000000000136c 0x000000000000136c R 0x1000 LOAD 0x0000000000006e50 0x0000000000007e50 0x0000000000007e50 0x00000000000002e0 0x00000000000009a0 RW 0x1000 DYNAMIC 0x0000000000006e70 0x0000000000007e70 0x0000000000007e70 0x0000000000000180 0x0000000000000180 RW 0x8 GNU_STACK 0x0000000000000000 0x0000000000000000 0x0000000000000000 0x0000000000000000 0x0000000000000000 RW 0x10 GNU_RELRO 0x0000000000006e50 0x0000000000007e50 0x0000000000007e50 0x00000000000001b0 0x00000000000001b0 R 0x1 Section to Segment mapping: Segment Sections... 00 .hash .gnu.hash .dynsym .dynstr .rela.dyn 01 .init .plt .text .fini 02 .rodata .eh_frame 03 .init_array .fini_array .data.rel.ro .dynamic .got .got.plt .data .bss 04 .dynamic 05 06 .init_array .fini_array .data.rel.ro .dynamic .got |
Harald Hoyer <harald@redhat.com> | no | debian | https://www.openwall.com/lists/musl/2020/04/27/2 | 2020-04-27 |
| 0001-fix-pathological-slowness-incorrect-mappings-in-icon.patch | fix pathological slowness & incorrect mappings in iconv gb18030 decoder in order to implement the "UTF" aspect of gb18030 (ability to represent arbitrary unicode characters not present in the 2-byte mapping), we have to apply the index obtained from the encoded 4-byte sequence into the set of unmapped characters. this was done by scanning repeatedly over the table of mapped characters and counting off mapped characters below a running index by which to adjust the running index by on each iteration. this iterative process eventually leaves us with the value of the Nth unmapped character replacing the index, but depending on which particular character that is, the number of iterations needed to find it can be in the tens of thousands, and each iteration traverses the whole 126x190 table in the inner loop. this can lead to run times exceeding an entire second per character on moderate-speed machines. on top of that, the transformation logic produced wrong results for BMP characters above the the surrogate range, as a result of not correctly accounting for it being excluded, and for characters outside the BMP, as a result of a misunderstanding of how gb18030 encodes them. this patch replaces the unmapped character lookup with a single linear search of a list of unmapped ranges. there are only 206 such ranges, and these are permanently assigned and unchangeable as a consequence of the character encoding having to be stable, so a simple array of 16-bit start/length values for each range consumes only 824 bytes, a very reasonable size cost here. this new table accounts for the previously-incorrect surrogate handling, and non-BMP characters are handled correctly by a single offset, without the need for any unmapped-range search. there are still a small number of mappings that are incorrect due to late changes made in the definition of gb18030, swapping PUA codepoints with proper Unicode characters. correcting these requires a postprocessing step that will be added later. |
Rich Felker <dalias@aerifal.cx> | no | 2026-03-30 | ||
| 0002-qsort-fix-leonardo-heap-corruption-from-bug-in-doubl.patch | qsort: fix leonardo heap corruption from bug in doubleword ctz primitive the pntz function, implementing a "count trailing zeros" variant for a bit vector consisting of two size_t words, erroneously returned zero rather than the number of bits in the low word when the first bit set was the low bit of the high word. as a result, a loop in the trinkle function which should have a guaranteed small bound on the number of iterations, could run unboundedly, thereby overflowing a stack-based working-space array which was sized for the bound. CVE-2026-40200 has been assigned for this issue. |
Rich Felker <dalias@aerifal.cx> | no | 2026-04-09 |
All known versions for source package 'musl'
- 1.2.6-1 (forky, sid)
- 1.2.5-3.1~deb13u1 (trixie)
- 1.2.3-1 (bookworm)