[ISSUE] Wen Musl 1.2?

[ISSUE] Wen Musl 1.2?

[pezcore]

[-- Attachment #1: Type: text/plain, Size: 653 bytes --]

New issue by pezcore on void-packages repository

https://github.com/void-linux/void-packages/issues/50064

Description:
On 2024-04-27, `xbps` reports the latest available version of `musl` to be `1.1.24` which was released on 13 October, 2019, which is 4.5 years ago. Does Void plan on upgrading `musl` to `1.2.x` in the future and if so, what is the status of this effort?

It seem the pressure to upgrade musl to the 1.2.x series is quite strong because All versions prior to 1.2.2 are affected by [CVE-2020-28928](https://www.openwall.com/lists/musl/2020/11/19/1), and some open source tools and libraries seem to be dropping support for 1.1.x.

Re: Wen Musl 1.2?

[oreo639]

[-- Attachment #1: Type: text/plain, Size: 627 bytes --]

New comment by oreo639 on void-packages repository

https://github.com/void-linux/void-packages/issues/50064#issuecomment-2081176949

Comment:
There is already a gh discussion for this: https://github.com/void-linux/void-packages/discussions/45104

> It seem the pressure to upgrade musl to the 1.2.x series is quite strong because All versions prior to 1.2.2 are affected by [CVE-2020-28928](https://www.openwall.com/lists/musl/2020/11/19/1), and some open source tools and libraries seem to be dropping support for 1.1.x.

https://github.com/void-linux/void-packages/blob/master/srcpkgs/musl/patches/CVE-2020-28928.patch

Re: Wen Musl 1.2?

[oreo639]

[-- Attachment #1: Type: text/plain, Size: 631 bytes --]

New comment by oreo639 on void-packages repository

https://github.com/void-linux/void-packages/issues/50064#issuecomment-2081176949

Comment:
There is already a gh discussion for this btw: https://github.com/void-linux/void-packages/discussions/45104

> It seem the pressure to upgrade musl to the 1.2.x series is quite strong because All versions prior to 1.2.2 are affected by [CVE-2020-28928](https://www.openwall.com/lists/musl/2020/11/19/1), and some open source tools and libraries seem to be dropping support for 1.1.x.

https://github.com/void-linux/void-packages/blob/master/srcpkgs/musl/patches/CVE-2020-28928.patch

Re: [ISSUE] [CLOSED] Wen Musl 1.2?

[classabbyamp]

[-- Attachment #1: Type: text/plain, Size: 656 bytes --]

Closed issue by pezcore on void-packages repository

https://github.com/void-linux/void-packages/issues/50064

Description:
On 2024-04-27, `xbps` reports the latest available version of `musl` to be `1.1.24` which was released on 13 October, 2019, which is 4.5 years ago. Does Void plan on upgrading `musl` to `1.2.x` in the future and if so, what is the status of this effort?

It seem the pressure to upgrade musl to the 1.2.x series is quite strong because All versions prior to 1.2.2 are affected by [CVE-2020-28928](https://www.openwall.com/lists/musl/2020/11/19/1), and some open source tools and libraries seem to be dropping support for 1.1.x.