Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20260320155146.GA11687@brightrain.aerifal.cx>
Date: Fri, 20 Mar 2026 11:51:47 -0400
From: Rich Felker <dalias@...c.org>
To: musl@...ts.openwall.com
Subject: musl 1.2.6 released

This release includes the fix for CVE-2025-26519 affecting iconv that
was previously only available as patches, lifts the artificial group
count limit in initgroups, adds the new POSIX-2024 posix_getdents
interface and Linux-specific renameat2 interface, extends TLSDESC and
vdso clock_gettime support to more archs, and fixes longstanding known
wrong behavior of pwrite with O_APPEND-mode files, making use of the
new RWF_NOAPPEND flag added in Linux 6.9, with fallback to report an
error rather than silently giving wrong behavior on older kernels.

Fixes for a number of other bugs, new/future conformance requirements,
and compatibility issues are also included. Most of these are minor or
specific to niche archs or unusual usage of libc interfaces. Some of
the more notable ones include possible loss or delay of wake events
under a race condition in sem_post, failure by printf to honor hex
float precision correctly in some cases, and wrong choice of canonical
"zero compression" in converting IPv6 addresses to strings.

https://musl.libc.org/releases/musl-1.2.6.tar.gz
https://musl.libc.org/releases/musl-1.2.6.tar.gz.asc



Special thanks goes out to musl's release sponsors for supporting the
project financially via Patreon and GitHub Sponsors at the $32/month
level or higher:

* Andrew Kelley / ziglang
* Danny McClanahan
* Eric Pruitt
* Evan Phoenix
* Gabriel Silveira
* Josh
* Laurent Bercot
* Matt Campbell
* Moinak Bhattacharyya
* Neal Gompa
* Nikolay Govorov

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.