workaround musl 1.2.5 cve

2025-08-17 09:02:15 -06:00 · 2025-02-13 20:53:47 +00:00 · 2025-02-13 20:53:47 +00:00 · 4d6626b099
parent 7a55833bb2
commit 4d6626b099
1 changed files with 7 additions and 0 deletions
--- a/scripts/docker/innvikler.sh
+++ b/scripts/docker/innvikler.sh
@ -1,6 +1,13 @@
 #!/bin/ash
 set -ex

+# patch musl cve https://www.openwall.com/lists/musl/2025/02/13/1
+apk add -U grep
+grep -aobRE 'euckr[^\w]ksc5601[^\w]ksx1001[^\w]cp949[^\w]' /lib/ | awk -F: '$2>999{printf "%d %s\n",$2,$1}' | while read ofs fn
+do printf -- '-----\0-------\0-------\0-----\0' | dd bs=1 iflag=fullblock conv=notrunc seek=$ofs of=$fn; done 2>&1 |
+tee /dev/stderr | grep -E copied, | wc -l | grep '^2$'
+apk del grep
+
 # cleanup for flavors with python build steps (dj/iv)
 rm -rf /var/cache/apk/* /root/.cache