From 4d6626b099830846d335715d119f090cf2ebfde2 Mon Sep 17 00:00:00 2001
From: ed <s@ocv.me>
Date: Thu, 13 Feb 2025 20:53:47 +0000
Subject: [PATCH] workaround musl 1.2.5 cve

---
 scripts/docker/innvikler.sh | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/scripts/docker/innvikler.sh b/scripts/docker/innvikler.sh
index d16561c5..a41f653b 100644
--- a/scripts/docker/innvikler.sh
+++ b/scripts/docker/innvikler.sh
@@ -1,6 +1,13 @@
 #!/bin/ash
 set -ex
 
+# patch musl cve https://www.openwall.com/lists/musl/2025/02/13/1
+apk add -U grep
+grep -aobRE 'euckr[^\w]ksc5601[^\w]ksx1001[^\w]cp949[^\w]' /lib/ | awk -F: '$2>999{printf "%d %s\n",$2,$1}' | while read ofs fn
+do printf -- '-----\0-------\0-------\0-----\0' | dd bs=1 iflag=fullblock conv=notrunc seek=$ofs of=$fn; done 2>&1 |
+tee /dev/stderr | grep -E copied, | wc -l | grep '^2$'
+apk del grep
+
 # cleanup for flavors with python build steps (dj/iv)
 rm -rf /var/cache/apk/* /root/.cache