Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 27 Aug 2017 06:36:06 +0200
From: Szabolcs Nagy <>
Subject: open issues

list of issues since last release that don't seem to be resolved.
first ones that looked like bugs to me, then other issues.
list goes backward in time, some issues may be missed.

- update contributors in copyright file
- fflush(0) does not lock f
- getenv/setenv/putenv ub
- fix ioctl on mips, add SIOCGSTAMPNS
- ipc/ftok.c overflowing shift
- __progname fallbacks so it's never 0
- mbsnrtowcs and mbsnrtowcs confuses byte and wchar counts
- memset ub because s[0] = s[0] = c
- handle whitespace before %% in scanf
- mips64 utime issue?
  "tar binary can't fix the modification/access times on any extracted symbolic links,"
- oob reads in memmem (and signed << ub)
- use-after-free in __unlock of pthread struct
- newly created thread may run with signals blocked
  < sergei> there seems to be a race condition in pthread_create.c between lines 134 and 298
  < sergei> if line 298 is executed before 134 (assuming syscall returned 0), startlock will be overwritten with zero, the condition will be evaluated to false and __restore_sigs will not be executed
  < sergei> the newly created thread will run with all signals blocked
  < sergei> i have a patch that fixes the issue for me:
- scanf, wrong types in va_arg
- missed underflow in fma
  new fma, depends on a_clz_64
- fix nftw when called with paths ending in slash
- fix syscall number differences compared to linux uapi
- getservbyport(_r) should not report numeric ports
- add s390x and powerpc64 to supported arches
- define IPPORT_RESERVED in netinet/in.h and netdb.h 
- GLOB_PERIOD is inconsistent with glibc
- mmap should not return EPERM when it means ENOMEM
- getopt_long does not report failure correctly
- make dlsym and reloc time lookup consistent
- ldso ctor dependency ordering and recursive dlopen fix
- align arm hwcap.h with glibc (nsz)

feature request:
- pending linux uapi updates: v4.10, v4.11, v4.12 (nsz)
- non-thread-safe apis (gethostbyname) can detect some misuse and crash
- avoid mmapping inaccessible parts of a binary as rx
- syslog.h prioritynames compund literal causes problems
- align fnmatch \ in bracket semantics with glibc
- pthread_attr_init behaviour (to use whatever was set in pthread_setattr_default_np)
- fix stdbool.h in c++ code?
- add sysconf support for _SC_LEVEL1_DCACHE_LINESIZE
- change GMT to UTC
- [RFC PATCH 0/5] Add explicit_bzero, vectorize and 'normalize' various string functions
- strlen variant without aliasing violation
- |32 is not needed in (t|32) != 'c'
- __malloc_donate instead of current hack in ldso
- optimize __malloc0 to clear memory faster
- code size optimize wmemcpy
- [PATCH 0/8] the new __lock and follow up patches
- more correct va_arg use in fcntl
- use better name than index in __tz.c
- use O_TMPFILE in tmpfile if possible
- fix user.h so gdb builds cleanly on all targets
- towlower performance
- RES_OPTIONS support for resolv.conf options overriding
  related libc-alpha discussion
- strptime %z %Z
- add microMIPS32 support
- IDNA support in name lookups
- improve LIBCC detection in configure?
- precise complex math
- strtoul of width specifier clobbers errno in strftime
- provide sgidefs.h on mips
- add GLOB_TILDE support
- crypt_blowfish: support $2b$ prefix
- strftime _-0
- static-pie relro
  < fabled> how does static pie musl libc init work?
  < fabled> the reason i ask is, that relro is not enabled then
  < fabled> it should do mprotect() for the relro area
  < nsz> ah i see if you have 'static int *const p = &x;' then that relative reloc should be in relro
- fts64
- realpath without /proc
- new tsearch
- avoid readv in stdio with 0 length buffer because that's broken on /proc
- add fortify _chk functions
- memchr optimization

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.