--------------------------------------------------------------------------------Fedora Update Notification
FEDORA-2021-4892dbbf76
2021-06-08 01:05:58.761448
--------------------------------------------------------------------------------Name        : musl
Product     : Fedora 33
Version     : 1.2.2
Release     : 1.fc33
URL         : https://musl.libc.org
Summary     : Fully featured lightweight standard C library for Linux
Description :
musl is a C standard library to power a new generation
of Linux-based devices. It is lightweight, fast, simple,
free, and strives to be correct in the sense of standards
conformance and safety.

--------------------------------------------------------------------------------Update Information:

#### What's new for 1.2.2  The release adds the `_Fork` function from the
upcoming edition of POSIX and takes advantage of the interpretation dropping the
async-signal-safety requirement from `fork` to provide a consistent execution
environment (not restricted to calling only async-signal-safe functions) after a
multithreaded parent forks. This solves deadlocks which would otherwise be
effectively unfixable in some language runtimes that expose `fork` as part of
their contract with applications, as well as various library and application
software that could and should be fixed, but hasn't been. A number of related
issues in synchronization between `fork`, `abort`, async IO, `posix_spawn`,
`pthread_exit`, and other components have been fixed as part of this change.
The `realpath` function has been rewritten to do its own path traversal, rather
than depending on procfs magic symlink contents for `O_PATH` file descriptors.
This makes it work prior to mount of `/proc` and in container or chroot
environments where `/proc` contents may not accurately reflect the pathname as
visible to the calling process.  The C versions of the square root functions,
used on archs without a native FPU instruction for square root, have also been
rewritten with significant improvements to performance, especially on archs that
lack FPU entirely. This rewrite also fixes the lack of accurate `sqrtl` on archs
with quad-precision `long double`.  New functions added include the
aforementioned `_Fork`, `reallocarray` from OpenBSD, `gettid` along with
`SIGEV_THREAD_ID` timer notification support, and `tcgetwinsize`/`tcsetwinsize`
from POSIX-future.  A buffer overflow (CVE-2020-28928) in `wcsnrtombs` has been
fixed with the function essentially rewritten. This function is not widely used
and the bug is not relevant to software that does not use it directly (it's not
used by other libc components), but it may be serious for software that does. An
assortment of lesser bugs have also been fixed.
--------------------------------------------------------------------------------ChangeLog:

* Sun May 30 2021 Neal Gompa  - 1.2.2-1
- Update to 1.2.2
* Tue Jan 26 2021 Fedora Release Engineering  - 1.2.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
--------------------------------------------------------------------------------References:

  [ 1 ] Bug #1900056 - CVE-2020-28928 musl: infinite loop in wcsnrtombs function [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1900056
  [ 2 ] Bug #1916568 - musl-1.2.2 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1916568
--------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-4892dbbf76' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
--------------------------------------------------------------------------------_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Fedora 33: musl 2021-4892dbbf76

June 7, 2021

#### What's new for 1.2.2 The release adds the `_Fork` function from the upcoming edition of POSIX and takes advantage of the interpretation dropping the async-signal-safety requir...

Summary

musl is a C standard library to power a new generation

of Linux-based devices. It is lightweight, fast, simple,

free, and strives to be correct in the sense of standards

conformance and safety.

#### What's new for 1.2.2 The release adds the `_Fork` function from the

upcoming edition of POSIX and takes advantage of the interpretation dropping the

async-signal-safety requirement from `fork` to provide a consistent execution

environment (not restricted to calling only async-signal-safe functions) after a

multithreaded parent forks. This solves deadlocks which would otherwise be

effectively unfixable in some language runtimes that expose `fork` as part of

their contract with applications, as well as various library and application

software that could and should be fixed, but hasn't been. A number of related

issues in synchronization between `fork`, `abort`, async IO, `posix_spawn`,

`pthread_exit`, and other components have been fixed as part of this change.

The `realpath` function has been rewritten to do its own path traversal, rather

than depending on procfs magic symlink contents for `O_PATH` file descriptors.

This makes it work prior to mount of `/proc` and in container or chroot

environments where `/proc` contents may not accurately reflect the pathname as

visible to the calling process. The C versions of the square root functions,

used on archs without a native FPU instruction for square root, have also been

rewritten with significant improvements to performance, especially on archs that

lack FPU entirely. This rewrite also fixes the lack of accurate `sqrtl` on archs

with quad-precision `long double`. New functions added include the

aforementioned `_Fork`, `reallocarray` from OpenBSD, `gettid` along with

`SIGEV_THREAD_ID` timer notification support, and `tcgetwinsize`/`tcsetwinsize`

from POSIX-future. A buffer overflow (CVE-2020-28928) in `wcsnrtombs` has been

fixed with the function essentially rewritten. This function is not widely used

and the bug is not relevant to software that does not use it directly (it's not

used by other libc components), but it may be serious for software that does. An

assortment of lesser bugs have also been fixed.

* Sun May 30 2021 Neal Gompa - 1.2.2-1

- Update to 1.2.2

* Tue Jan 26 2021 Fedora Release Engineering - 1.2.1-2

- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild

[ 1 ] Bug #1900056 - CVE-2020-28928 musl: infinite loop in wcsnrtombs function [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1900056

[ 2 ] Bug #1916568 - musl-1.2.2 is available

https://bugzilla.redhat.com/show_bug.cgi?id=1916568

su -c 'dnf upgrade --advisory FEDORA-2021-4892dbbf76' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

FEDORA-2021-4892dbbf76 2021-06-08 01:05:58.761448 Product : Fedora 33 Version : 1.2.2 Release : 1.fc33 URL : https://musl.libc.org Summary : Fully featured lightweight standard C library for Linux Description : musl is a C standard library to power a new generation of Linux-based devices. It is lightweight, fast, simple, free, and strives to be correct in the sense of standards conformance and safety. #### What's new for 1.2.2 The release adds the `_Fork` function from the upcoming edition of POSIX and takes advantage of the interpretation dropping the async-signal-safety requirement from `fork` to provide a consistent execution environment (not restricted to calling only async-signal-safe functions) after a multithreaded parent forks. This solves deadlocks which would otherwise be effectively unfixable in some language runtimes that expose `fork` as part of their contract with applications, as well as various library and application software that could and should be fixed, but hasn't been. A number of related issues in synchronization between `fork`, `abort`, async IO, `posix_spawn`, `pthread_exit`, and other components have been fixed as part of this change. The `realpath` function has been rewritten to do its own path traversal, rather than depending on procfs magic symlink contents for `O_PATH` file descriptors. This makes it work prior to mount of `/proc` and in container or chroot environments where `/proc` contents may not accurately reflect the pathname as visible to the calling process. The C versions of the square root functions, used on archs without a native FPU instruction for square root, have also been rewritten with significant improvements to performance, especially on archs that lack FPU entirely. This rewrite also fixes the lack of accurate `sqrtl` on archs with quad-precision `long double`. New functions added include the aforementioned `_Fork`, `reallocarray` from OpenBSD, `gettid` along with `SIGEV_THREAD_ID` timer notification support, and `tcgetwinsize`/`tcsetwinsize` from POSIX-future. A buffer overflow (CVE-2020-28928) in `wcsnrtombs` has been fixed with the function essentially rewritten. This function is not widely used and the bug is not relevant to software that does not use it directly (it's not used by other libc components), but it may be serious for software that does. An assortment of lesser bugs have also been fixed. * Sun May 30 2021 Neal Gompa - 1.2.2-1 - Update to 1.2.2 * Tue Jan 26 2021 Fedora Release Engineering - 1.2.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild [ 1 ] Bug #1900056 - CVE-2020-28928 musl: infinite loop in wcsnrtombs function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1900056 [ 2 ] Bug #1916568 - musl-1.2.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1916568 su -c 'dnf upgrade --advisory FEDORA-2021-4892dbbf76' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/ Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure