From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/4353 Path: news.gmane.org!not-for-mail From: Rich Felker Newsgroups: gmane.linux.lib.musl.general Subject: Re: draft release notes for 0.9.15 Date: Tue, 3 Dec 2013 23:35:54 -0500 Message-ID: <20131204043554.GX24286@brightrain.aerifal.cx> References: <20131204013320.GA20447@brightrain.aerifal.cx> <20131204024206.GU1685@port70.net> Reply-To: musl@lists.openwall.com NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: ger.gmane.org 1386131761 2143 80.91.229.3 (4 Dec 2013 04:36:01 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Wed, 4 Dec 2013 04:36:01 +0000 (UTC) To: musl@lists.openwall.com Original-X-From: musl-return-4357-gllmg-musl=m.gmane.org@lists.openwall.com Wed Dec 04 05:36:08 2013 Return-path: Envelope-to: gllmg-musl@plane.gmane.org Original-Received: from mother.openwall.net ([195.42.179.200]) by plane.gmane.org with smtp (Exim 4.69) (envelope-from ) id 1Vo4C0-0005z6-59 for gllmg-musl@plane.gmane.org; Wed, 04 Dec 2013 05:36:08 +0100 Original-Received: (qmail 20328 invoked by uid 550); 4 Dec 2013 04:36:06 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: Original-Received: (qmail 20317 invoked from network); 4 Dec 2013 04:36:06 -0000 Content-Disposition: inline In-Reply-To: <20131204024206.GU1685@port70.net> User-Agent: Mutt/1.5.21 (2010-09-15) Xref: news.gmane.org gmane.linux.lib.musl.general:4353 Archived-At: On Wed, Dec 04, 2013 at 03:42:06AM +0100, Szabolcs Nagy wrote: > * Rich Felker [2013-12-03 20:33:20 -0500]: > > See draft below. Comments welcome, especially on what's the most > > important to go in the short release blurb since there's so much.. > > my list would be: > > new features: > v4 and v6 nameserver in resolv.conf > multicast structures in netinet/in.h > shadow password api > libc.so can print musl version info > > bug fixes: > mbsrtowcs buffer overflow > group file handling > execle environ passing > setenv crash > timezone > ip address parsing > faccessat > fnmatch > fd leaks That's a big list. Of these, I think setenv is probably not worth mentioning. It's rare (and probably buggy) to be calling setenv many times; most sane usage just calls it a finite number of times at startup, where memory exhaustion is really unlikely. Based on this, here's a proposed draft blurb: Major bug fixes include a buffer overflow in mbsrtowcs, various group file handling errors, failure of execle to pass on the new environment, and timezone-parsing crashes on 64-bit systems. Also fixed are several file descriptor leak (close-on-exec) issues, handling of invalid IP address strings, several fnmatch corner cases possibly leading to out-of-bound access, and failure of faccessat with the AT_EACCESS flag. This release also adds support for mixing IPv4 and v6 nameservers in resolv.conf, expanded shadow password API, IPv6 multicast structures, and the ability for libc.so to report the version installed. That might still need to be trimmed down a bit to freecode's (formerly freshmeat) release blurb limit but it works for all our other uses. Rich