Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 3 Dec 2013 23:35:54 -0500
From: Rich Felker <>
Subject: Re: draft release notes for 0.9.15

On Wed, Dec 04, 2013 at 03:42:06AM +0100, Szabolcs Nagy wrote:
> * Rich Felker <> [2013-12-03 20:33:20 -0500]:
> > See draft below. Comments welcome, especially on what's the most
> > important to go in the short release blurb since there's so much..
> my list would be:
> new features:
> v4 and v6 nameserver in resolv.conf
> multicast structures in netinet/in.h
> shadow password api
> can print musl version info
> bug fixes:
> mbsrtowcs buffer overflow
> group file handling
> execle environ passing
> setenv crash
> timezone
> ip address parsing
> faccessat
> fnmatch
> fd leaks

That's a big list. Of these, I think setenv is probably not worth
mentioning. It's rare (and probably buggy) to be calling setenv many
times; most sane usage just calls it a finite number of times at
startup, where memory exhaustion is really unlikely.

Based on this, here's a proposed draft blurb:

    Major bug fixes include a buffer overflow in mbsrtowcs, various
    group file handling errors, failure of execle to pass on the new
    environment, and timezone-parsing crashes on 64-bit systems. Also
    fixed are several file descriptor leak (close-on-exec) issues,
    handling of invalid IP address strings, several fnmatch corner
    cases possibly leading to out-of-bound access, and failure of
    faccessat with the AT_EACCESS flag. This release also adds support
    for mixing IPv4 and v6 nameservers in resolv.conf, expanded shadow
    password API, IPv6 multicast structures, and the ability for to report the version installed.

That might still need to be trimmed down a bit to freecode's (formerly
freshmeat) release blurb limit but it works for all our other uses.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.