Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <56C6ECF6.2070400@opensource.dyc.edu>
Date: Fri, 19 Feb 2016 05:22:46 -0500
From: "Anthony G. Basile" <basile@...nsource.dyc.edu>
To: musl@...ts.openwall.com
Subject: Re: musl 1.1.13 released

On 2/16/16 10:16 PM, Rich Felker wrote:
> On Mon, Feb 15, 2016 at 11:35:28PM -0500, Rich Felker wrote:
>> This release adds support for out-of-tree builds, search domains in
>> resolv.conf, VDSO-accelerated clock_gettime on MIPS, and building
>> SMP-safe/ready SH binaries for the open-hardware J2. Performance of
>> atomics and synchronization primitives has been greatly improved on
>> most "ll/sc model" RISC archs. Regex BRE now supports the widely-used
>> extensions \|, \+, and \? and larger regular expressions are now
>> supported. A number of minor application and toolchain compatibility
>> improvements have also been made, including changes which reduce the
>> risk of assembler and linker bugs leading to malfunctioning binaries.
>>
>> Two potentially dangerous bugs have been fixed: a single-byte heap
>> overflow in getdelim and a pointer indexing error in dynamic TLS
>> allocation. Other bugs fixed include various issues in parsing and
>> error handling for resolv.conf and related files, incorrect error
>> return values for some functions, and failures to accept null pointer
>> arguments in some functions for which they have defined behavior. Some
>> arch-specific bugs affecting ARM, MIPS, and SH/FDPIC have also been
>> fixed.
>>
>> http://www.musl-libc.org/releases/musl-1.1.13.tar.gz
>> http://www.musl-libc.org/releases/musl-1.1.13.tar.gz.asc
> 
> It's been found that this release has a fairly significant regression
> caused by fixing a bug in fwrite's return value. Users should apply
> the attached patch to avoid problems with puts("") and fputs("",f)
> malfunctioning.
> 
> Rich
> 

Thanks I was in the middle of debugging this.  I hit it with coreutils
`yes ""` on arm.

We've had these sorts of bugs in the past.  Wouldn't it be wise to push
out a new release?  Something like musl-1.1.13.1?  I can deal with
applying the patch but pushing out a another release signals to the
community that there is an update.  Just thought.

-- 
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.