Auto merge of #137127 - pietroalbini:pa-musl-cve-2025-26519, r=jieyouxu · rust-lang/rust@5bc6231 (original) (raw)

`@@ -30,6 +30,47 @@ MUSL=musl-1.2.3

30

`# may have been downloaded in a previous run

31

`if [ ! -d $MUSL ]; then

32

` curl https://www.musl-libc.org/releases/$MUSL.tar.gz | tar xzf -

33

+

34

Apply patches for CVE-2025-26519. At the time of adding these patches no release containing them

35

has been published by the musl project, so we just apply them directly on top of the version we

36

were distributing already. The patches should be removed once we upgrade to musl >= 1.2.6.

37

38

Advisory: https://www.openwall.com/lists/musl/2025/02/13/1

39

40

Patches applied:

41

- https://www.openwall.com/lists/musl/2025/02/13/1/1

42

- https://www.openwall.com/lists/musl/2025/02/13/1/2

43

44

ignore-tidy-tab

45

ignore-tidy-linelength

46

patch -p1 -d $MUSL <<EOF

47

--- a/src/locale/iconv.c

48

+++ b/src/locale/iconv.c

49

@@ -502,7 +502,7 @@ size_t iconv(iconv_t cd, char **restrict in, size_t *restrict inb, char **restri

50

if (c >= 93 || d >= 94) {

51

c += (0xa1-0x81);

52

d += 0xa1;

53

if (c >= 93 || c>=0xc6-0x81 && d>0x52)

54

if (c > 0xc6-0x81 || c==0xc6-0x81 && d>0x52)

55

goto ilseq;

56

if (d-'A'<26) d = d-'A';

57

else if (d-'a'<26) d = d-'a'+26;

58

EOF

59

patch -p1 -d $MUSL <<EOF

60

--- a/src/locale/iconv.c

61

+++ b/src/locale/iconv.c

62

@@ -545,6 +545,10 @@ size_t iconv(iconv_t cd, char **restrict in, size_t *restrict inb, char **restri

63

if (*outb < k) goto toobig;

64

memcpy(*out, tmp, k);

65

} else k = wctomb_utf8(*out, c);

66

/* This failure condition should be unreachable, but

67

- is included to prevent decoder bugs from translating

68

- into advancement outside the output buffer range. */

69

if (k>4) goto ilseq;

70

*out += k;

71

*outb -= k;

72

break;

73

EOF

33

74

`fi

34

75

35

76

`cd $MUSL