ahill/maplelinux-bootstrap
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updated treetap and patched musl

Browse Source
This commit is contained in:
Alexander Hill 2025-11-14 22:47:02 -05:00
parent f8787a8911
commit ae63c7e1d6
8 changed files with 142 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
bootstrap.sh
View File

@ -21,10 +21,10 @@ export TT_SYSROOT=$BOOTSTRAP/root
export TT_TARGET=$TARGET
# Fetch sources required for a bootstrap
./treetap fetch sources/busybox.spec
./treetap fetch sources/linux.spec
./treetap fetch sources/llvm.spec
./treetap fetch sources/musl.spec
./treetap fetch sources/busybox/busybox.spec
./treetap fetch sources/linux/linux.spec
./treetap fetch sources/llvm/llvm.spec
./treetap fetch sources/musl/musl.spec
# Simplified filesystem heirarchy with symlinks for compatibility
mkdir -p $BOOTSTRAP/root/{bin,boot/EFI/BOOT,dev,etc,home,lib,proc,run,sys,tmp,usr/{include,share},var/{cache,lib,log,spool,tmp}}

4
sources/busybox.spec
View File

@ -1,4 +0,0 @@
SRC_HASH="b8cc24c9574d809e7279c3be349795c5d5ceb6fdf19ca709f80cde50e47de314"
SRC_NAME="busybox"
SRC_URL="https://busybox.net/downloads/busybox-1.36.1.tar.bz2"
SRC_VERSION="1.36.1"

28
sources/busybox/busybox.spec Executable file
View File

@ -0,0 +1,28 @@
# Maintainer: Alexander Hill <ahill@breadpudding.dev>
SRC_HASH="b8cc24c9574d809e7279c3be349795c5d5ceb6fdf19ca709f80cde50e47de314"
SRC_NAME="busybox"
SRC_URL="https://busybox.net/downloads/busybox-1.36.1.tar.bz2"
SRC_VERSION="1.36.1"
build() {
tar xf ../$SRC_FILENAME
cd busybox-*/
# NOTE: For some reason, Busybox hard-codes GNU tools in the Makefile. This
# simple hack allows the environment to override the Makefile. ~ahill
sed -i "s/?*= \$(CROSS_COMPILE)/?= /" Makefile
make -O -j $TT_PROCS defconfig
# FIXME: tc complains about undefined values, causing the compilation to
# fail. What causes this? ~ahill
sed -i "s/CONFIG_TC=.*/CONFIG_TC=n/" .config
make -O -j $TT_PROCS
}
clean() {
rm -rf busybox-*/
}
package() {
# NOTE: Busybox doesn't have a proper DESTDIR, so we just set CONFIG_PREFIX
# during the install to work around this limitation. ~ahill
make -O -j $TT_PROCS install CONFIG_PREFIX=$TT_INSTALLDIR
}

1
sources/linux.spec → sources/linux/linux.spec
View File

@ -1,3 +1,4 @@
# Maintainer: Alexander Hill <ahill@breadpudding.dev>
SRC_HASH="5a8de64a75fca706c01c6c0a77cf75a74618439db195e25f1f0268af6b2fb1da"
SRC_NAME="linux"
SRC_URL="https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-6.17.8.tar.xz"

1
sources/llvm.spec → sources/llvm/llvm.spec
View File

@ -1,3 +1,4 @@
# Maintainer: Alexander Hill <ahill@breadpudding.dev>
SRC_HASH="1794be4bf974e99a3fe1da4b2b9b1456c02ae9479c942f365441d8d207bd650c"
SRC_NAME="llvm"
SRC_URL="https://github.com/llvm/llvm-project/releases/download/llvmorg-21.1.5/llvm-project-21.1.5.src.tar.xz"

74
sources/musl/CVE-2025-26519.patch Normal file
View File

@ -0,0 +1,74 @@
>From e5adcd97b5196e29991b524237381a0202a60659 Mon Sep 17 00:00:00 2001
From: Rich Felker <dalias@aerifal.cx>
Date: Sun, 9 Feb 2025 10:07:19 -0500
Subject: [PATCH] iconv: fix erroneous input validation in EUC-KR decoder
as a result of incorrect bounds checking on the lead byte being
decoded, certain invalid inputs which should produce an encoding
error, such as "\xc8\x41", instead produced out-of-bounds loads from
the ksc table.
in a worst case, the loaded value may not be a valid unicode scalar
value, in which case, if the output encoding was UTF-8, wctomb would
return (size_t)-1, causing an overflow in the output pointer and
remaining buffer size which could clobber memory outside of the output
buffer.
bug report was submitted in private by Nick Wellnhofer on account of
potential security implications.
---
src/locale/iconv.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/locale/iconv.c b/src/locale/iconv.c
index 9605c8e9..008c93f0 100644
--- a/src/locale/iconv.c
+++ b/src/locale/iconv.c
@@ -502,7 +502,7 @@ size_t iconv(iconv_t cd, char **restrict in, size_t *restrict inb, char **restri
if (c >= 93 || d >= 94) {
c += (0xa1-0x81);
d += 0xa1;
- if (c >= 93 || c>=0xc6-0x81 && d>0x52)
+ if (c > 0xc6-0x81 || c==0xc6-0x81 && d>0x52)
goto ilseq;
if (d-'A'<26) d = d-'A';
else if (d-'a'<26) d = d-'a'+26;
--
2.21.0
>From c47ad25ea3b484e10326f933e927c0bc8cded3da Mon Sep 17 00:00:00 2001
From: Rich Felker <dalias@aerifal.cx>
Date: Wed, 12 Feb 2025 17:06:30 -0500
Subject: [PATCH] iconv: harden UTF-8 output code path against input decoder
bugs
the UTF-8 output code was written assuming an invariant that iconv's
decoders only emit valid Unicode Scalar Values which wctomb can encode
successfully, thereby always returning a value between 1 and 4.
if this invariant is not satisfied, wctomb returns (size_t)-1, and the
subsequent adjustments to the output buffer pointer and remaining
output byte count overflow, moving the output position backwards,
potentially past the beginning of the buffer, without storing any
bytes.
---
src/locale/iconv.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/locale/iconv.c b/src/locale/iconv.c
index 008c93f0..52178950 100644
--- a/src/locale/iconv.c
+++ b/src/locale/iconv.c
@@ -545,6 +545,10 @@ size_t iconv(iconv_t cd, char **restrict in, size_t *restrict inb, char **restri
if (*outb < k) goto toobig;
memcpy(*out, tmp, k);
} else k = wctomb_utf8(*out, c);
+ /* This failure condition should be unreachable, but
+ * is included to prevent decoder bugs from translating
+ * into advancement outside the output buffer range. */
+ if (k>4) goto ilseq;
*out += k;
*outb -= k;
break;
--
2.21.0

15
sources/musl.spec → sources/musl/musl.spec
View File

@ -1,13 +1,20 @@
# Maintainer: Alexander Hill <ahill@breadpudding.dev>
SRC_HASH="a9a118bbe84d8764da0ea0d28b3ab3fae8477fc7e4085d90102b8596fc7c75e4"
SRC_NAME="musl"
SRC_PATCHES="
c0ffd0493dcde91850e39428a31577892aad20e83bc4bf4a5c37350649ce7932 CVE-2025-26519.patch
"
SRC_URL="https://musl.libc.org/releases/musl-1.2.5.tar.gz"
SRC_VERSION="1.2.5"
# TODO: CVE-2025-26519
SRC_VERSION="1.2.5r1"
build() {
tar xf ../musl-*.tar*
tar xf ../$SRC_FILENAME
cd musl-*/
# NOTE: CVE-2025-26519 patches are temporary and shouldn't be needed once
# 1.2.6 or 1.3.0 is released. ~ahill
# https://www.openwall.com/lists/musl/2025/02/13/1/1
# https://www.openwall.com/lists/musl/2025/02/13/1/2
patch -p1 < ../CVE-2025-26519.patch
./configure \
--bindir=$TT_BINDIR \
--build=$TT_BUILD \

30
treetap
View File

@ -18,16 +18,19 @@
# Changelog #
#############
# November 14, 2025 (1.1.0)
# + Added the ability to incorporate patches into the build [ahill]
# November 13, 2025 (1.0.2)
# + Added the target triple to the package path
# * Prevented fetch from re-downloading packages given a valid hash
# * Renamed all TREETAP_* variables to TT_*
# + Added the target triple to the package path [ahill]
# * Prevented fetch from re-downloading packages given a valid hash [ahill]
# * Renamed all TREETAP_* variables to TT_* [ahill]
# November 11, 2025 (1.0.1)
# - Removed bashisms to become POSIX compliant
# - Removed bashisms to become POSIX compliant [ahill]
# November 9, 2025 (1.0.0)
# * Initial release
# * Initial release [ahill]
####################
# Global Variables #
@ -36,7 +39,7 @@
[ -z "$TT_DIR" ] && TT_DIR="$(pwd)/.treetap"
[ -z "$TT_PKGDIR" ] && TT_PKGDIR="$TT_DIR/packages"
[ -z "$TT_SYSROOT" ] && TT_SYSROOT=/
TT_VERSION="1.0.2"
TT_VERSION="1.1.0"
#####################
# Utility Functions #
@ -140,9 +143,22 @@ package_uninstall() {
source_build() {
source_spec $1
mkdir -p $TT_BUILDDIR
if [ ! -z "$SRC_PATCHES" ]; then
echo "Validating patches for $SRC_NAME $SRC_VERSION"
cd $(dirname $1)
echo $SRC_PATCHES | sha256sum -c - > /dev/null
# Is this even the right way to check a return value? ~ahill
if [ ! "$?" = "0" ]; then
echo "Failed to validate patches for $SRC_NAME $SRC_VERSION"
exit 1
fi
echo $SRC_PATCHES | while read line; do
cp $(echo $line | cut -d" " -f2) $TT_BUILDDIR/
done
fi
echo "Building $SRC_NAME $SRC_VERSION"
PUSHD=$(pwd)
cd $TT_BUILDDIR
echo "Building $SRC_NAME $SRC_VERSION"
build > build-$(date +%Y%m%d%H%M%S).log 2>&1
cd $PUSHD
exit 0