Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20131204024206.GU1685@port70.net>
Date: Wed, 4 Dec 2013 03:42:06 +0100
From: Szabolcs Nagy <nsz@...t70.net>
To: musl@...ts.openwall.com
Subject: Re: draft release notes for 0.9.15

* Rich Felker <dalias@...ifal.cx> [2013-12-03 20:33:20 -0500]:
> See draft below. Comments welcome, especially on what's the most
> important to go in the short release blurb since there's so much..

my list would be:

new features:
v4 and v6 nameserver in resolv.conf
multicast structures in netinet/in.h
shadow password api
libc.so can print musl version info

bug fixes:
mbsrtowcs buffer overflow
group file handling
execle environ passing
setenv crash
timezone
ip address parsing
faccessat
fnmatch
fd leaks

> DRAFT 0.9.15 release notes
> 
> new features:
> - support for mixing IPv4 and v6 nameserver addresses in resolv.conf
> - RFC 3678 multicast structures/macros in netinet/in.h
> - putspent and fgetspent functions (shadow password API)
> - timef function (obsolete, removed in POSIX 2008)
> - semtimedop syscall (Linux-specific sysvipc extension)
> - drem and finite functions (obsolete BSD functions)
> - getloadavg function (non-standard)
> - libc.so now stores and prints its version information
> - expose constants for new Linux features including O_TMPFILE
> 
> bugs fixed:

- fnmatch out-of-bounds access and spurious failures with FNM_PATHNAME and escaped / pattern

> - buffer overflow in mbsrtowcs
> - clobbering of gr_name in getgrnam_r and getgrgid_r
> - execle ignoring the environment argument
> - setenv crash on malloc failure
> - failure of malloc to set errno when failing to extend heap
> - incorrect errno value from getcwd with zero size
> - spurious failure in faccessat with AT_EACCESS flag with suid/sgid programs
> - several fd leaks due to missing close-on-exec flag
> - misspellings/typos in macro names in several headers
> - incorrect failure return value in inet_pton
> - various numeric ip address parsing and validation fixes
> - namespace conformance issues in several headers
> - minor header issues
> - zombie processes left by faccessat with AT_EACCESS
> - timezone file parser failing/crashing on 64-bit archs
> - timezone path search was only trying first path
> - incorrect handling of excessive-length TZ environment strings
> - timezone file loading was wrongly enforcing O_NOFOLLOW/rejecting symlinks
> - iswspace was wrongly returning true for the null character
> - various bugs in wordexp
> - putgrent could write corrupt lines after write failures
> - dn_expand misinterpreted in-packet offsets greater than 255
> - spurious strftime/wcsftime failure on len+1==bufsize case
> - incorrect underflow flag in fma corner cases
> - log*(0) wrongly returned +inf in downward-rounding mode
> 
> i386-specific bugs fixed:
> - failure of fesetround to set sse rounding mode
> - floating point limit constants interpreted wrong due to excess precision
> 
> powerpc-specific bugs fixed:
> - broken thread pointer access when compiled with clang
> 
> strict conformance issues:
> - NULL definition re-aligned with POSIX (requires (void *) cast)
> - alignment of math.h is* comparison functions with C11 annex F requirements

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.