Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Mon, 18 Jun 2012 15:02:16 +0200
From: John Spencer <maillist-musl@...fooze.de>
To: musl@...ts.openwall.com
CC: Szabolcs Nagy <nsz@...t70.net>, Rich Felker <dalias@...ifal.cx>, 
 Reuben Thomas <rrt@...d.org>,
 Bruno Haible <bruno@...sp.org>
Subject: Re: Re: musl bugs found through gnulib

On 06/18/2012 10:21 AM, Szabolcs Nagy wrote:
> * Rich Felker<dalias@...ifal.cx>  [2012-06-17 19:54:26 -0400]:
>
>> On Mon, Jun 18, 2012 at 12:49:44AM +0200, Bruno Haible wrote:
>>> Replacements of *printf, because of
>>>    checking whether printf supports infinite 'long double' arguments... no
>> I'm just going to change isnanl to handle the invalid bit patterns
>> because I'm sick of this issue...
>>
please don't do this. this would be a win of Evil against Good.

do you see were this goes ?
first they wanted you to implement __freadahead, now they want 4 such 
functions plus a broken __MUSL__ macro.
this is usually refered to using the proverb "give them the small finger 
and they take the entire hand".

the tactics of the gnulib folks is to wear you down, until they have no 
work to do at all.

also note how Bruno changed the subjects in "gnulib portability issues" 
thread on the gnulib ML into something that suggests the opposite, i.e. 
that musl is broken.

there's only one broken program out there, which is gnu coreutils' "od".
if someone wants to use coreutils and cares about this uncommon issue, 
he/she can simply use a patch for this specific program.

> i wonder if these gnulib bugs will get fixed..
>
> gnulib should go over an audit
> (otherwise it's not credible considering all
> the false tests so far)
>
> some of the gnulib tests will find musl bugs
> but many tests are wrong
>
> i think we should not invest too much time
> into gnulib but work on a proper libc
> testsuit instead..

full ACK. now that we know which tests are responsible for detecting 
many musl functions (wrongly) as broken, we can simply create some 
"gnulib-fix" program that makes these tests always succeed, thus keeping 
their bloat outside.
PLUS add a warning at a prominent spot that programs using GNULIB should 
be built statically to avoid future incompatibilities due to their 
illegal poking at internals.

sabotage currently uses the following approach to beat gnulib into 
functioning:

empty_file() {
     rm -f "$1"
     touch "$1"
}

./configure -C --prefix=/ || exit 1

#fixing gnulib

cd lib
for i in printf.c fprintf.c freadahead.c closein.c fseterr.c vfprintf.c ; do
     empty_file "$i"
done

echo "#define __printf__ printf" >> config.h
echo "#define rpl_fprintf fprintf" >> config.h

cd ..

sed -i 's,atexit (close_stdin),,' gzip.c
# probably better to just echo "void close_stdin(void) {}" > close_in.c

--JS

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.