Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <56C6ECF6.2070400@opensource.dyc.edu>
Date: Fri, 19 Feb 2016 05:22:46 -0500
From: "Anthony G. Basile" <basile@...nsource.dyc.edu>
To: musl@...ts.openwall.com
Subject: Re: musl 1.1.13 released

On 2/16/16 10:16 PM, Rich Felker wrote:
> On Mon, Feb 15, 2016 at 11:35:28PM -0500, Rich Felker wrote:
>> This release adds support for out-of-tree builds, search domains in
>> resolv.conf, VDSO-accelerated clock_gettime on MIPS, and building
>> SMP-safe/ready SH binaries for the open-hardware J2. Performance of
>> atomics and synchronization primitives has been greatly improved on
>> most "ll/sc model" RISC archs. Regex BRE now supports the widely-used
>> extensions \|, \+, and \? and larger regular expressions are now
>> supported. A number of minor application and toolchain compatibility
>> improvements have also been made, including changes which reduce the
>> risk of assembler and linker bugs leading to malfunctioning binaries.
>>
>> Two potentially dangerous bugs have been fixed: a single-byte heap
>> overflow in getdelim and a pointer indexing error in dynamic TLS
>> allocation. Other bugs fixed include various issues in parsing and
>> error handling for resolv.conf and related files, incorrect error
>> return values for some functions, and failures to accept null pointer
>> arguments in some functions for which they have defined behavior. Some
>> arch-specific bugs affecting ARM, MIPS, and SH/FDPIC have also been
>> fixed.
>>
>> http://www.musl-libc.org/releases/musl-1.1.13.tar.gz
>> http://www.musl-libc.org/releases/musl-1.1.13.tar.gz.asc
> 
> It's been found that this release has a fairly significant regression
> caused by fixing a bug in fwrite's return value. Users should apply
> the attached patch to avoid problems with puts("") and fputs("",f)
> malfunctioning.
> 
> Rich
> 

Thanks I was in the middle of debugging this.  I hit it with coreutils
`yes ""` on arm.

We've had these sorts of bugs in the past.  Wouldn't it be wise to push
out a new release?  Something like musl-1.1.13.1?  I can deal with
applying the patch but pushing out a another release signals to the
community that there is an update.  Just thought.

-- 
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.