Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 18 Apr 2012 05:07:56 -0400
From: Rich Felker <dalias@...ifal.cx>
To: musl@...ts.openwall.com
Subject: musl 0.8.8 released; all users should upgrade or patch

Hi everyone,

I've released musl 0.8.8 including a fix for the buffer overflow issue
discovered yesterday. Release summary:

    Fix for critical buffer overflow vulnerability in fprintf with
    unbuffered files. Major math library correctness and performance
    improvements, including x86 assembly. New floating point
    parser/converter with correct rounding, new scanf that corrects
    many corner-case errors, and new wcstod/f/ld (previously missing).
    Various compatibility improvements and small bug fixes.

    http://www.etalabs.net/musl/releases/musl-0.8.8.tar.gz

With this release, musl seems to have complete interface-level
coverage of ISO C99 and POSIX 2008. There are still some features
missing, however; for example, the 'm' modifier to scanf (for auto
malloc) does not work. Further development in the 0.8 series will aim
to fix these last deficiencies, bring the wctype functions up to date
with current Unicode, and further optimize, clean up, and simplify the
math, float parsing, and scanf code. I'd also like to get the
in-progress _BSD_SOURCE feature test macro patchset finished and
integrated. If all goes well, we might just have one or two more
releases in this series before 0.9 begins.

Looking towards 0.9, at that point I'd like to be optimizing the regex
engine (TRE), adding dlopen support for static-linked programs,
porting to at least one or two more important targets (like mips),
adding a few more important encodings to iconv, and writing
documentation for musl.

And probably some other things I forgot.

Just looked back at the list archives and my original goals for 1.0,
and it seems we're nearly there, and already exceeding the goals in
some areas like application compatibility. A big thanks goes out to
everyone who's been testing and reporting the issues you run into
building apps!

Rich

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.