Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sat, 28 Jul 2018 15:55:37 -0400
From: Rich Felker <dalias@...c.org>
To: musl@...ts.openwall.com
Subject: Re: Timeline for 1.1.20?

On Sat, Jul 28, 2018 at 01:43:34PM -0400, Christopher Friedt wrote:
> Rich,
> 
> have you considered a CI environment of some kind (e.g. Travis, GitLab)?
> 
> GitLab is my favourite, particularly because it can be hosted locally (i.e.
> can interact with hardware if you so desire).
> 
> That means you can e.g. run quick unit tests inside of a Docker image for
> various arches, and then run integration & system tests natively before a
> release.
> 
> I'm particularly a big fan of the TDD approach, where unit tests are
> written and passing for new features (and unit tests continue to pass for
> old features) before a pull request is merge.

Yes, but I don't know how to set it up, and any proper approach to
setting it up really shouldn't require the project maintainer to know
how, since it should revolve around a separate CI project pulling
musl, libc-test, and possibly other sources (e.g. mcm) as either
subrepos or part of the build scripts, then evaluating the resutls.

As for the immediate need, though, it's *not* fancy CI processes but
actual test coverage. I'm really wary of projects that have fancy
process frameworks but nothing to show for it.

In particular, coverage for changes since 1.1.19 would include:

- getrandom/getentropy basic functionality check
- setvbuf non-stub inplementation: basic functionality, check for
  writes outside the buffer, etc.
- malloc interposition: check that partial replacement doesn't result
  in unsafe behavior.
- pthread_create: confirm that scheduling and other attributes still
  work as expected after refactoring work.
- getddrinfo AI_ADDRCONFIG (can't really be tested without network
  namespaces though)

Particular bugfixes that call for functionality or regression tests:

b123f23 fix getopt wrongly treating colons in optstring as valid option chars
0cf5058 fix nl_langinfo_l(CODESET, loc) reporting wrong locale's value
282b1cd fix fmaf wrong result
ae2a01d fix wrong result in casin and many related complex functions
10e4bd3 fix incorrect results for catan with some inputs
4bf0717 fix return value of nice function
3f6dc30 fix out of bounds write for zero length buffer in gethostname
9be4ed5 getopt_long_only: don't prefix-match long-options that match short ones
55a661f fix iconv buffer overflow converting to legacy JIS-based encodings
99f4237 fix iconv conversion to UTF-32 with implicit (big) endianness
165a1e3 fix iconv mapping of big5-hkscs characters that map to two unicode chars
029c622 fix output size handling for multi-unicode-char big5-hkscs characters
5c8e692 inet_ntop: do not compress single zeros in IPv6
8b8fb7f correctly handle non-matching symbols in dladdr
9cad27a fix writes outside buffer by ungetc after setvbuf
b3fa0f2 fix regression in alignment of dirent structs produced by readdir

Some fixes that would not be confirmed with just libc-test, but that
needs more of a framework for covering multiple build configurations:

a7c53e0 fix out-of-tree build of crt files with stack protector enabled
e3c682a work around arm gcc's rejection of r7 asm constraints in thumb mode

For now it will have to suffice that we tested them by hand at the
time of fixing.

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.