aboutsummaryrefslogtreecommitdiff
path: root/libjava/java/security/SignedObject.java
blob: 93a99e51a6b332ba56d8fa82810088b235c9f4a3 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177

/* SignedObject.java --- Signed Object Class
   Copyright (C) 1999 Free Software Foundation, Inc.

This file is part of GNU Classpath.

GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.

GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
General Public License for more details.

You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING.  If not, write to the
Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA.

Linking this library statically or dynamically with other modules is
making a combined work based on this library.  Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.

As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module.  An independent module is a module which is not derived from
or based on this library.  If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so.  If you do not wish to do so, delete this
exception statement from your version. */

package java.security;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.Serializable;

/**
   SignedObject is used for storing rutime objects whose integrity
   cannot be compromised without being detected.

   SignedObject contains a Serializable object which is yet to be 
   signed and its signature.

   The signed copy is a "deep copy" (in serialized form) of the 
   original object. Any changes to the original will not affect 
   the original.

   Several things to note are that, first there is no need to 
   initialize the signature engine as this class will handle that 
   automatically. Second, verification will only succeed if the
   public key corresponds to the private key used to generate 
   the SignedObject.

   For fexibility, the signature engine can be specified in the 
   constructor or the verify method. The programmer who writes 
   code that verifies the SignedObject has not changed should be 
   aware of the Signature engine they use. A malicious Signature 
   may choose to always return true on verification and 
   bypass the secrity check.

   The GNU provider provides the NIST standard DSA which uses DSA 
   and SHA-1. It can be specified by SHA/DSA, SHA-1/DSA or its 
   OID. If the RSA signature algorithm is provided then
   it could be MD2/RSA. MD5/RSA, or SHA-1/RSA. The algorithm must
   be specified because there is no default.

   @author Mark Benvenuto <ivymccough@worldnet.att.net>

   @since JDK 1.2
 */
public final class SignedObject implements Serializable
{
  private byte[] content;
  private byte[] signature;
  private String thealgorithm;

  /**
     Constructs a new SignedObject from a Serializeable object. The 
     object is signed with private key and signature engine

     @param object the object to sign
     @param signingKey the key to sign with
     @param signingEngine the signature engine to use

     @throws IOException serialization error occurred
     @throws InvalidKeyException invalid key
     @throws SignatureException signing error
   */
  public SignedObject(Serializable object, PrivateKey signingKey,
		      Signature signingEngine) throws IOException,
    InvalidKeyException, SignatureException
  {
    thealgorithm = signingEngine.getAlgorithm();

    ByteArrayOutputStream ostream = new ByteArrayOutputStream();
    ObjectOutputStream p = new ObjectOutputStream(ostream);
    p.writeObject(object);
    p.flush();

    content = ostream.toByteArray();

    signingEngine.initSign(signingKey);
    signingEngine.update(content);
    signature = signingEngine.sign();
  }

  /**
     Returns the encapsulated object. The object is 
     de-serialized before being returned.

     @return the encapsulated object

     @throws IOException de-serialization error occurred
     @throws ClassNotFoundException de-serialization error occurred
   */
  public Object getObject() throws IOException, ClassNotFoundException
  {
    ByteArrayInputStream istream = new ByteArrayInputStream(content);

    return new ObjectInputStream(istream).readObject();
  }

  /**
     Returns the signature of the encapsulated object.

     @return a byte array containing the signature
   */
  public byte[] getSignature()
  {
    return signature;
  }

  /**
     Returns the name of the signature algorithm.

     @return the name of the signature algorithm.
   */
  public String getAlgorithm()
  {
    return thealgorithm;
  }

  /**
     Verifies the SignedObject by checking that the signature that 
     this class contains for the encapsulated object.

     @param verificationKey the public key to use
     @param verificationEngine the signature engine to use

     @return true if signature is correct, false otherwise

     @throws InvalidKeyException invalid key
     @throws SignatureException signature verification failed
   */
  public boolean verify(PublicKey verificationKey,
			Signature verificationEngine) throws
    InvalidKeyException, SignatureException
  {
    verificationEngine.initVerify(verificationKey);
    verificationEngine.update(content);
    return verificationEngine.verify(signature);
  }

  //     readObject is called to restore the state of the SignedObject from a
  //     stream.
  //private void readObject(ObjectInputStream s)
  //                 throws IOException, ClassNotFoundException
}
generated by cgit v1.1 at 2025-11-05 19:54:54 +0000
d='n738' href='#n738'>738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 970 971 972 973 974 975 976 977 978 979 980 981 982 983 984 985 986 987 988 989 990 991 992 993 994 995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 1200 1201 1202 1203 1204 1205 1206 1207 1208 1209 1210 1211 1212 1213 1214 1215 1216 1217 1218 1219 1220 1221 1222 1223 1224 1225 1226 1227 1228 1229 1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 1242 1243 1244 1245 1246 1247 1248 1249 1250 1251 1252 1253 1254 1255 1256 1257 1258 1259 1260 1261 1262 1263 1264 1265 1266 1267 1268 1269 1270 1271 1272 1273 1274 1275 1276 1277 1278 1279 1280 1281 1282 1283 1284 1285 1286 1287 1288 1289 1290 1291 1292 1293 1294 1295 1296 1297 1298 1299 1300 1301 1302 1303 1304 1305 1306 1307 1308 1309 1310 1311 1312 1313 1314 1315 1316 1317 1318 1319 1320 1321 1322 1323 1324 1325 1326 1327 1328 1329 1330 1331 1332 1333 1334 1335 1336 1337 1338 1339 1340 1341 1342 1343 1344 1345 1346 1347 1348 1349 1350 1351 1352 1353 1354 1355 1356 1357 1358 1359 1360 1361 1362 1363 1364 1365 1366 1367 1368 1369 1370 1371 1372 1373 1374 1375 1376 1377 1378 1379 1380 1381 1382 1383 1384 1385 1386 1387 1388 1389 1390 1391 1392 1393 1394 1395 1396 1397 1398 1399 1400 1401 1402 1403 1404 1405 1406 1407 1408 1409 1410 1411 1412 1413 1414 1415 1416 1417 1418 1419 1420 1421 1422 1423 1424 1425 1426 1427 1428 1429 1430 1431 1432 1433 1434 1435 1436 1437 1438 1439 1440 1441 1442 1443 1444 1445 1446 1447 1448 1449 1450 1451 1452 1453 1454 1455 1456 1457 1458 1459 1460 1461 1462 1463 1464 1465 1466 1467 1468 1469 1470 1471 1472 1473 1474 1475 1476 1477 1478 1479 1480 1481 1482 1483 1484 1485 1486 1487 1488 1489 1490 1491 1492 1493 1494 1495 1496 1497 1498 1499 1500 1501 1502 1503 1504 1505 1506 1507 1508 1509 1510 1511 1512 1513 1514 1515 1516 1517 1518 1519 1520 1521 1522 1523 1524 1525 1526 1527 1528 1529 1530 1531 1532 1533 1534 1535 1536 1537 1538 1539 1540 1541 1542 1543 1544 1545 1546 1547 1548 1549 1550 1551 1552 1553 1554 1555 1556 1557 1558 1559 1560 1561 1562 1563 1564 1565 1566 1567 1568 1569 1570 1571 1572 1573 1574 1575 1576 1577 1578 1579 1580 1581 1582 1583 1584 1585 1586 1587 1588 1589 1590 1591 1592 1593 1594 1595 1596 1597 1598 1599 1600 1601 1602 1603 1604 1605 1606 1607 1608 1609 1610 1611 1612 1613 1614 1615 1616 1617 1618 1619 1620 1621 1622 1623 1624 1625 1626 1627 1628 1629 1630 1631 1632 1633 1634 1635 1636 1637 1638 1639 1640 1641 1642 1643 1644 1645 1646 1647 1648 1649 1650 1651 1652 1653 1654 1655 1656 1657 1658 1659 1660 1661 1662 1663 1664 1665 1666 1667 1668 1669 1670 1671 1672 1673 1674 1675 1676 1677 1678 1679 1680 1681 1682 1683 1684 1685 1686 1687 1688 1689 1690 1691 1692 1693 1694 1695 1696 1697 1698 1699 1700 1701 1702 1703 1704 1705 1706 1707 1708 1709 1710 1711 1712 1713 1714 1715 1716 1717 1718 1719 1720 1721 1722 1723 1724 1725 1726 1727 1728 1729 1730 1731 1732 1733 1734 1735 1736 1737 1738 1739 1740 1741 1742 1743 1744 1745 1746 1747 1748 1749 1750 1751 1752 1753 1754 1755 1756 1757 1758 1759 1760 1761 1762 1763 1764 1765 1766 1767 1768 1769 1770 1771 1772 1773 1774 1775 1776 1777 1778 1779 1780 1781 1782 1783 1784 1785 1786 1787 1788 1789 1790 1791 1792 1793 1794 1795 1796 1797 1798 1799 1800 1801 1802 1803 1804 1805 1806 1807 1808 1809 1810 1811 1812 1813 1814 1815 1816 1817 1818 1819 1820 1821 1822 1823 1824 1825 1826 1827 1828 1829 1830 1831 1832 1833 1834 1835 1836 1837 1838 1839 1840 1841 1842 1843 1844 1845 1846 1847 1848 1849 1850 1851 1852 1853 1854 1855 1856 1857 1858 1859 1860 1861 1862 1863 1864 1865 1866 1867 1868 1869 1870 1871 1872 1873 1874 1875 1876 1877 1878 1879 1880 1881 1882 1883 1884 1885 1886 1887 1888 1889 1890 1891 1892 1893 1894 1895 1896 1897 1898 1899 1900 1901 1902 1903 1904 1905 1906 1907 1908 1909 1910 1911 1912 1913 1914 1915 1916 1917 1918 1919 1920 1921 1922 1923 1924 1925 1926 1927 1928 1929 1930 1931 1932 1933 1934 1935 1936 1937 1938 1939 1940 1941 1942 1943 1944 1945 1946 1947 1948 1949 1950 1951 1952 1953 1954 1955 1956 1957 1958 1959 1960 1961 1962 1963 1964 1965 1966 1967 1968 1969 1970 1971 1972 1973 1974 1975 1976 1977 1978 1979 1980 1981 1982 1983 1984 1985 1986 1987 1988 1989 1990 1991 1992 1993 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024 2025 2026 2027 2028 2029 2030 2031 2032 2033 2034 2035 2036 2037 2038 2039 2040 2041 2042 2043 2044 2045 2046 2047 2048 2049 2050 2051 2052 2053 2054 2055 2056 2057 2058 2059 2060 2061 2062 2063 2064 2065 2066 2067 2068 2069 2070 2071 2072 2073 2074 2075 2076 2077 2078 2079 2080 2081 2082 2083 2084 2085 2086 2087 2088 2089 2090 2091 2092 2093 2094 2095 2096 2097 2098 2099 2100 2101 2102 2103 2104 2105 2106 2107 2108 2109 2110 2111 2112 2113 2114 2115 2116 2117 2118 2119 2120 2121 2122 2123 2124 2125 2126 2127 2128 2129 2130 2131 2132 2133 2134 2135 2136 2137 2138 2139 2140 2141 2142 2143 2144 2145 2146 2147 2148 2149 2150 2151 2152 2153 2154 2155 2156 2157 2158 2159 2160 2161 2162 2163 2164 2165 2166 2167 2168 2169 2170 2171 2172 2173 2174 2175 2176 2177 2178 2179 2180 2181 2182 2183 2184 2185 2186 2187 2188 2189 2190 2191 2192 2193 2194 2195 2196 2197 2198 2199 2200 2201 2202 2203 2204 2205 2206 2207 2208 2209 2210 2211 2212 2213 2214 2215 2216 2217 2218 2219 2220 2221 2222 2223 2224 2225 2226 2227 2228 2229 2230 2231 2232 2233 2234 2235 2236 2237 2238 2239 2240 2241 2242 2243 2244 2245 2246 2247 2248 2249 2250 2251 2252 2253 2254 2255 2256 2257 2258 2259 2260 2261 2262 2263 2264 2265 2266 2267 2268 2269 2270 2271 2272 2273 2274 2275 2276 2277 2278 2279 2280 2281 2282 2283 2284 2285 2286 2287 2288 2289 2290 2291 2292 2293 2294 2295 2296 2297 2298 2299 2300 2301 2302 2303 2304 2305 2306 2307 2308 2309 2310 2311 2312 2313 2314 2315 2316 2317 2318 2319 2320 2321 2322 2323 2324 2325 2326 2327 2328 2329 2330 2331 2332 2333 2334 2335 2336 2337 2338 2339 2340 2341 2342 2343 2344 2345 2346 2347 2348 2349 2350 2351 2352 2353 2354 2355 2356 2357 2358 2359 2360 2361 2362 2363 2364 2365 2366 2367 2368 2369 2370 2371 2372 2373 2374 2375 2376 2377 2378 2379 2380 2381 2382 2383 2384 2385 2386 2387 2388 2389 2390 2391 2392 2393 2394 2395 2396 2397 2398 
0.5.0 - initial release



0.5.9 - signal ABI bugfix, various cleanup and fixes:

sigset_t was wrongly defined as 1024 bytes instead of 1024 bits,
breaking the intended ABI compatibility with the LSB/glibc sigaction
structure. users should upgrade immediately and rebuild any libraries
or object files that might be using the incorrect definitions.

improved security against DoS with tcb shadow passwords by checking
that the file opened was really an ordinary file.

fixed a bug in the implementation of atomic ops that could have
allowed the compiler to incorrectly reorder them (in practice, gcc
with the default settings on i386 was not reordering them).

greatly improved conformance to the C and POSIX standards regarding
what the standard header files make visible. _POSIX_C_SOURCE is now
needed to get POSIX functions in standard C headers, and _XOPEN_SOURCE
or _GNU_SOURCE are required to get XSI interfaces or GNU extensions,
respectively.

many internal improvements have been made to the syscall-related code
in preparation for porting to x86_64 and other archs.



0.6.0 - x86_64 port, various important bugs fixed

new x86_64 (amd64) architecture port, contributed by Nicholas J. Kain,
along with PORTING guide. source tree layout and build system have
been improved to accommodate further ports.

various bugs that were introduced while making the headers respect C
and POSIX namespace standards have been fixed. conformance to the
standards has been improved.

fixed an inefficiency in qsort that triggered a bug (occasionaly
internal compiler error) in some versions of gcc.

fixed a major bug in the printf %n specifier that prevented it from
working and caused memory corruption.



0.7.0 - major improvements to posix conformance and completeness

implemented posix shared memory and semaphore interfaces.

implemented all remaining required pthread and clock interfaces.

major fixes to signal semantics.

greatly improved temporary file name generation for safety against
denial of service due to intentional name collisions.

added syscall wrappers for the linux inotify interface.

malloc(0) now returns a non-null pointer.

fixed printf %n specifier (again), pthread_once (it was always
hanging), and non-default-type mutex behavior.

added ucontext/sigcontext support in headers to facilitate building
libgcc with dwarf2 unwind support, and possibly other low-level tools.

improved musl-gcc compiler wrapper.

implemented many small missing functions here and there, minor header
fixes, etc.



0.7.1 - improvements to completeness, bug fixes

implemented flockfile, wprintf, and robust mutex functions.

fixed stack corruption bug in times(), minor header bugs, and some
error return value bugs in thread interfaces.



0.7.5 - new features, major optimization, and robustness

implemented POSIX timers.

optimized and simplified many thread-related functions.

eliminated resource leak races in thread cancellation. (almost all
existing implementations, including glibc, have these leaks.)

overhauled stdio implementation to take advantage of readv/writev for
reduced syscall load, and improved stdio's handling of error status.

added syscall header and interface for applications to use and
greatly simplified internal system for making syscalls.

strangthened tmpnam/tempnam/tmpfile filename generation and made the
straight C functions not depend on POSIX symbols.

fixed pthread cancellation ABI on i386 to match the LSB/glibc ABI

better double-free handling in malloc

various minor bug fixes



0.7.6 - major bug fixes

fixed rare but serious under-allocation bug in malloc.

fixed signedness bug in strchr that prevented finding high bytes.

fixed serious parsing bugs in strtold.

fixed statvfs syscall (it was always failing with EINVAL).

fixed race condition in set*id() functions with threads (possible
deadlock). further audit still needed though.

fseek no longer sets the stream error flag on failed seeks (this was
wrong and broke some programs, notably GNU m4).

nl_langinfo is no longer a dummy function. (the functionality was
previously implemented but accidentally left unused).

various small fixes have been made to the implementations and
prototypes for nonstandard and obsolete functions



0.7.7 - more bug fixes and program-compatibility improvements

fixed floating point formatting and rounding bugs in printf.

fixed broken %N$ positional argument specifiers in printf.

fixed misaligned read/overread bug in strchr which could lead to
crashes scanning tiny strings at the end of a page when the next page
is not readable, or on archs (not yet supported) that forbid
misaligned reads.

fixed breakage of statvfs on x86_64

fixed crash in getmntent_r

fixed bug in POSIX timers created with NULL sigevent argument

improved semaphore performance, and sem_wait is now interruptable by
signals, as required by POSIX.

added many compatibility and system-level interfaces, increasing the
proportion of busybox that works with musl.



0.7.8 - more bug fixes and compatibility improvements

fixed problems with ipv6 dns and address printing code that made ipv6
support practically unusable, and some other getaddrinfo bugs.

fixed broken sendmsg/recvmsg functions on x86_64 (caused by incorrect
msghdr structure).

fixed broken sigsetjmp asm on x86_64.

worked around a problem with input buffering on terminals reblocking
after getting a blank line, due to a bug in the linux readv syscall.

various improvements to the "rsyscall" system used to implement
threaded setuid, setgid, etc.

exiting/cancelling the a timer handler thread no longer kills the
timer.

fixed incorrect trailing zeros on some %g conversions in printf.

fixed buggy byte-swapping functions and moved them to inlines in
byteswap.h.

many small improvements to header/application compatibility, support
for nonstandard macros, etc.



0.7.9 release notes

new pthread cancellation implementation:
- safe against resource-leak/side-effect-leak race conditions
- safe against interruption by signal handlers
- reduced bloat in all cancellable functions
- reduced bloat for blocking cancellation

new interfaces implemented:
- realpath (limited functionality)
- wordexp (limited functionality)
- flock (nonstandard)
- forkpty (nonstandard)
- posix_fadvise
- posix_fallocate

general bug fixes:
- syslog function failure to communicate with syslogd
- bug in siginfo_t definition if wait.h was included before signal.h
- incorrect struct definitions for most of sysv ipc
- pthread_exit/cancel on timer handler wrongly destroying the timer
- linux dup2 ebusy workaround
- obscure issues in non-threaded programs using some pthread functions
- getopt_long allowed mismatch in last char of option name
- incorrect parsing of obscure ip address forms
- initgroups not working reliably (uninitialized var)
- shadow pass treating empty expiry field as pass-expired-in-1970
- bogus longjmp if pthread_exit was called from cancellation handlers

x86_64-specific bug fixes:
- fcntl file locking
- thread stack alignment
- broken select timeouts due to incorrect timeval definition



0.7.10 release notes

new features:
- ipv6 numeric string parsing
- eventfd syscall wrappers

optimizations:
- new qsort implementation using the smoothsort algorithm
- much smaller/faster sigset_t handling functions
- lowered spin count before futex wait in synchronization functions

general bug fixes:
- incorrect floating point round-to-even behavior in printf
- major bugs in pthread barrier implementation
- off-by-one error in scanf %n results
- scanf failure to report EOF when scanning for literal text
- minor missing/incorrect prototype issues
- dependency on undefined call order in fclose

compiler issue workarounds:
- incorrect inlining of variadic functions on recent gcc versions
- pcc preprocessor bug with recursive macro expansion



0.7.11 release notes

new features:
- integrated dynamic linker
- dynamic loading (dlopen/dlsym) (for dynamic-linked programs only)
- XSI search.h API
- POSIX message queues
- POSIX spawn interfaces
- BSD pseudo-random number generator API (random/srandom/initstate/etc.)
- floating point environment (limited usefulness due to gcc bugs)

general bug fixes:
- possible crashes with wordexp due to uninitialized variable
- race condition in pthread_kill (also present and unfixed in glibc/nptl)
- pthread exit destructors called too late
- dangerous unbounded vla in glob
- brk/sbrk legacy functions mismatching legacy semantics
- wcsncpy dest buffer overflow
- strncat and wcsncat possible overflows due to double-termination



0.7.12 release notes

new features:
- support for textrels in shared objects
- rpath support in dynamic linker
- stdio_ext.h functions (for better gnu software compatibility)

bug fixes:
- some compilers miscompiling dlopen due to misuse of longjmp
- safe handling of invalid long-double bit patterns (affects printf)
- workaround for bugs in linux mprotect syscall
- thread-safety for random() functions
- various minor issues



0.8.0 release notes

new features:
- chinese and japanese legacy charset support in iconv
- zero-syscall clock_gettime support (dynamic-linked x86_64 only)
- futex-based locking for stdio (previously used spinlocks)
- LD_PRELOAD and RTLD_NEXT support in dynamic linker
- strptime (mostly working but incomplete)
- posix aio (mostly working but not entirely conformant)
- memory streams (fmemopen, open_memstream, ...)
- stub/dummy implementations for various useless legacy functions
- if_nameindex

security hardening:
- setuid, etc. should not longer be able to "partially fail" with threads
- ensure suid programs start with fd 0,1,2 open
- improved openpty/forkpty failure checks

threads/synchronization bug fixes:
- dangerous spurious wakeup in pthread_join lead to early return
- race condition enabling async cancellation (delayed/lost cancellation)
- destruction/unmapping race conditions in semaphores, mutexes, rwlocks
- recursive rwlock_rdlock deadlock when a writer is waiting
- race condition in sigqueue with fork
- timer expiration thread exit wasn't running dtors
- timer threads weren't blocking signals
- close was wrongly cancellable after succeeding on some devices
- robust mutex list was not reset on fork

general bug fixes:
- incorrect logic in fread (spurious blocking; crash on write-only files)
- many corner cases and overflow cases for strtol-family functions
- various printf integer formatting issues with flags/width/precision
- incorrect iconv return value on failure
- broken FD_* macros on 64-bit targets
- clock function returning wrong value (real time not cpu time)
- siglongjmp signal mask clobbering (off-by-one pointer error)
- dynamic linker weak symbol resolution issues
- fdopendir failure to set errno
- various minor header fixes



0.8.1 release notes

bug fixes:
- mismatching prototypes caused build failure on 64-bit
- other minor prototype errors in the headers have been fixed
- various other small omissions fixed



0.8.2 release notes

new features:
- ptrace syscall support

bug fixes:
- const error (only a warning with many compilers) in lio_listio
- minor portability fixes aimed at supporting new arch targets



0.8.3 release notes

new features:
- arm port (experimental)
- better musl-gcc wrapper script for building against musl
- added clone system call

bug fixes:
- numerous header file typos, copy/paste errors, omissions
- statfs and statvfs ABI are now LSB-conformant (and actually work)



0.8.4 release notes

new features: 
- arm dynamic linker support
- process-shared pthread barriers now work
- efficient futex-requeue-based cond var broadcast
- more optional cancellation points are now cancellable
- printf accepts null pointers with %s, prints as "(null)"
- recursive mutexes are now fully reentrant
- __cxa_atexit support
- real vfork
- dynamic linker now gold-compatible
- prlimit syscall
- support for large limits with setrlimit/getrlimit (even on 32-bit)
- glob now supports GLOB_PERIOD option (GNU extension)

bug fixes:
- many serious issues in condition variables
- rwlock failure-to-wake deadlock issues
- various small header files bugs/omissions
- wrong failure return for pthread_create
- path handling issues on execvp
- lock count corruption with robust recursive mutexes on owner death
- integer overflows in atoi, etc. reading most-negative value
- spurious mremaps on every realloc of large memory chunks
- pthread cancellation failure in single-threaded programs

security:
- avoid fd_set overflow in dns lookups



0.8.5 release notes

new features:
- stdio operations are now cancellable (only when low-level io happens)
- global ctor/dtor support in main program start code and shared libs
- dynamic linker support for PIE executables (but missing startup code)
- vfork support on x86_64
- complete set of locale_t functions (all ignore the locale argument)
- provide define float_t and double_t in math.h
- lighter/faster cancellation cleanup handler register/unregister

bug fixes:
- gcc wrapper now supports -shared, -nostdlib, -nostartfiles
- removed one wrongly-classified character from iswspace set (zwsp)
- fixed crashes in dns lookup on some errors, e.g. resolv.conf missing
- "make install" no longer tries to build shared libc if disabled
- ptrace argument handling bugs fixed
- work around visibility-hidden bugs in gcc 3.x
- fix thread-pointer-loss issue when it's initialized in signal handlers
- various minor typo/misc fixes in headers

compatibility:
- glob behaves more like traditional implementations w.r.t. GLOB_MARK
- added legacy futimes, lutimes functions
- more compatibility macros in sys/param.h (nonstandard header)
- setfs[ug]id syscall wrappers (linux specific)
- fgetpwent function (nonstandard)
- utmp.h matches traditional version more closely
- caddr_t now matches glibc type (void * instead of long)
- dummy (always-fail) dlopen and dlsym functions for static linked programs
- [efg]cvt functions (previously posix, removed from standard)
- get_current_dir_name function (nonstandard)



0.8.6 release notes

bug fixes:
- fix crash in dns lookups for all static-linked, non-threaded programs



0.8.7 release notes

new features:
- c++ support with g++'s libstdc++
- c99 math library (float, long double, complex, etc.)
- numerous wchar_t functions
- a64l, l64a functions
- getdate function

compatibility:
- c89 compatibility in math.h
- syscall.h alias for sys/syscall.h
- memory.h alias for string.h
- getcwd supports null buffer argument (auto-allocation)

bug fixes:
- major fenv (floating point environment) fixes and optimizations
- strptime mishandling of day/month names
- strtoull wrongly rejecting the highest 16 possible values as overflow
- math.h constant expression fixes for INFINITY/NAN/etc.
- scanf mishandling of "0" with "%x"



0.8.8 release notes

new feature:
- major math correctness and performance improvements
- many math functions implemented in asm for i386
- some math functions (mostly long double) in asm for x86_64
- new floating point parser/converter with correct rounding
- implement wcstod, wcstof, and wcstold
- new scanf implementation - cleaner, faster, more correct
- minimal/incomplete strfmon implementation

compatibility:
- header fixes for c++
- regex code resync with TRE; support common regex extensions
- support for compiling apps with gcc's -funsigned-char
- sysconf now returns dynamic limits for open files, processes
- give dlerror proper error status stickiness
- make alloca work even with -fno-builtin

critical security fixes:
- stack-based buffer overflow in fprintf on unbuffered files

other bug fixes:
- rare gcc register allocation (miscompilation) bug in syscall wrappers
- printf was rejecting the valid (but redundant) %lf format specifier
- fixed big data bloat (missing const) in math functions
- many math fixes related to floating point exceptions and rounding
- corrected DECIMAL_DIG definitions
- tgammal was wrongly setting global signgam
- crash in wordfree with uninitialized we_offs
- fix wordexp not null-initializing the we_offs initial slots



0.8.9 release notes

bug fixes:
- major breakage in strtol and family: failure to accept leading spaces
- incorrect name for MATH_ERREXCEPT in math.h

compatibility:
- prototypes for a few additional nonstandard functions



0.8.10 release notes

new features:
- correct over/underflow detection (ERANGE setting) for strtod
- new musl-gcc wrapper, specfile based, faster and more robust
- meaningful return strings for dlerror
- new iswalpha, iswpunct, and wcwidth; sync'd to Unicode 6.1
- towupper/towlower sync'd with Unicode 6.1
- new futex-based libc-internal locks instead of spinlocks
- experimental stack protector support (minimal; no random canary)
- experimental gdb shared library tracking support

compatibility:
- getusershell family functions
- getresuid and getresgid syscall wrappers
- byte swapping macros in endian.h
- getdtablesize was wrongly declared in unistd.h for _XOPEN_SOURCE

bug fixes:
- iconv_open wrongly rejecting most dest charsets (broken in 0.8.0)
- sysconf failure when correct value is -1 (broken in 0.8.8)
- scanf and strtod family functions overreading past NAN (4 bytes vs 3)
- scanf and strtod wrongly treating "0.00000000001", etc. as 0
- many bugs in towupper/towlower (never seriously tested before)
- int8_t definition was wrong when gcc -funsigned-char was used



0.9.0 release notes

license change: MIT

new features:
- configure script, improved build system
- full stack protector support
- PIE support on x86 and x86_64
- new O(1) space, O(nm) time implementation of fnmatch
- improved support for sse2 floating point mode on x86

compatibility:
- added linux unshare syscall
- exp10/pow10 function
- sqrtl support on arm (previously missing)
- removed minimal linux/*.h headers that could conflict with real ones
- support for _LARGEFILE64_SOURCE (mapped to standard fcns with #define)
- better c89 compatibility in headers
- stub versions of sched_* functions (previously missing)
- pthread stacks no longer executable (compat with hardened kernels)
- new ar.h and lastlog.h (legacy junk)
- various other header improvements

optimization:
- additional x86_64 math asm
- better formula for acos use in i386 asm

bug fixes:
- large (up to a few %) errors in strtod for certain values due to bug
- mbsnrtowcs and wcsnrtombs were completely broken (bad exit logic)
- wide printf %.0s could fail due to uninitialized variable
- missing dlerror strings for dlsym in some cases



0.9.1 release notes

new features:
- dynamic linker can be used as a program to explicitly load/run executables
- ldd command, usable by making a symlink to the dynamic linker named ldd

bug fixes:
- major bugs in POSIX BRE parsing inherited from TRE regex code
- character matching bug in regex on ARM: WCHAR_MAX was assumed to be signed
- various obscure fixes related to signals and pthread cancellation
- remquot subnormal remainder bug
- buggy macros in (nonstandard) sys/param.h
- major bug in pthread barriers on x86_64 (out of bounds write)
- utimes (legacy) function was making wrong syscall (utime instead of utimes)
- avoid using "old" syscalls that don't exist on arm eabi linux
- broken strrchr(str, 0)
- broken mbsinit(0)
- broken wcsncmp
- syntax error in nextafter macro in tgmath.h
- missing support for -pie in musl-gcc wrapper
- abort could wrongly fail to terminate the program in some cases

compatibility:
- increase default thread stack size to 80k
- support _BSD_SOURCE feature test macro
- support _LARGEFILE64_SOURCE feature test macro (merely exposes alt names)
- lots of legacy-compatibility improvements in headers
- various minor GNU extension functions
- sysconf reporting number of available CPUs/cores
- various LSB/glibc ABI interfaces aimed at compatibility with some binaries
- use fistpll asm mnemonic instead of fistpq for compat with clang



0.9.2 release notes

bug fixes:
- pointer overflow in printf (crash on 32bit userspace, 64bit kernel)
- printf %ls over-read bug
- strtod failure to read -0x as negative zero
- flush stdio after dtors, not before
- wrong file position for buffered input streams on exit
- popen was broken when stdin/out were already closed
- broken wcwidth tables (missing many characters)
- fwrite: wrong return value of partial/failed write
- broken utf-16 conversions
- bad buffer length check in getlogin_r
- bad perror("") behavior; did not match perror(0)
- broken sysinfo syscall/structure
- stdint.h const macro signedness bugs
- broken include guards in some headers
- bogus localeconv values
- cancellation-safety for popen and pclose
- fma corner cases wrong on i386
- fcntl F_GETOWN errno missing on failure.
- char signedness bug in dynamic linker broke dlopen on arm
- mprotect failure in dynamic linker caused crash instead of error

build system:
- configure check to work around hacked-up gcc versions
- test for old binutils that can't support musl dynamic linker

compatibility:
- make _GNU_SOURCE imply _LARGEFILE64_SOURCE
- syscall wrapper for lots of nonstandard and/or legacy linux syscalls
- versionsort stub
- timegm function (inverse of gmtime)
- various minor header tweaks
- make __freading/__fwriting semantics match traditional ones
- added gnulib-compatibility stdio interfaces
- added pthread_attr_setstack interface
- make strerror_r return partial string when buffer is too small
- duplocale should accept LC_GLOBAL_LOCALE
- align ptsname_r to upcoming posix requirements
- support invalid ld80 bit patterns as extra nans.



0.9.3 release notes

new features:
- mips (32-bit, o32 abi) port, currently static-linked only
- newly overhauled crypt implementation
- improved library pathname info for debugger from the dynamic linker
- getaddrinfo (and getservbyname) now support /etc/services lookups
- pipe2 syscall wrapper
- splice and vmsplice syscall wrappers
- syscall wrappers for extended attribute interfaces
- ioperm/iopl syscall wrappers on archs that support these operations

bug fixes:
- dlsym RTLD_NEXT library search order was wrong
- multiple dlopen pathname and library name handling errors
- potential race condition in detached thread exit
- broken internal-lock-handling code not updated for futex-based __lock
- sem_trywait spurious EAGAIN errors arising from CAS failures
- workaround kernel bug in cmsghdr size_t vs socklen_t issue (64-bit)
- getservby* crash on null protocol argument
- logic error skipping failed interfaces in if_nameindex
- various minor header/declaration related issues

arm-specific bug fixes:
- broken crti/crtn startup code when gcc crtbegin/end files are linked
- sigsetjmp tail call optimization failure broke the function
- incorrect little-endian assumptions in atomic.h functions
- use of blx instruction in asm (not supported on pre-v5 arm)

build system:
- only use expensive -ffloat-store cflag on archs/compilers that need it
- make musl-gcc wrapper support -lgcc (mainly for self-hosting)



0.9.4 release notes

new features:
- blowfish crypt
- dynamic linking on mips
- arm hard float support
- BSD fgetln function in stdio
- minor header improvements for compatibility
- support for CROSS_COMPILE variable to configure
- legacy significand function
- better support for SUSv3-targeted programs

performance:
- assembly (string ops based) memcpy for i386 and x86_64
- reduce printf overhead

bug fixes:
- failure of strtod, etc. to process extremely long strings correctly
- read overrun in wcsstr for short needles
- various major mips issues that prevented most software from working
- erroneous floating point exception behavior in i386/x86_64 exp asm
- crashes on null arguments to legacy err.h functions
- various header file/type issues
- extremely rare/obscure race condition with robust mutexes
- crypt now never returns null (most programs don't check, then crash)
- missing xattr remove functions



0.9.5 release notes

compatibility and headers:
- POSIX+XSI+BSD features enabled by default with no macros defined
- most programs can now be built without adding -D_GNU_SOURCE
- added C99 restrict keyword where required in all prototypes
- greater C89 compatibility
- cleaner, more-compatible public syscall.h
- many other header fixes
- support for compiling musl with clang/llvm

new features:
- sha 256/512 password hash functions in crypt
- GNU hash support in dynamic linker
- partial C11 coverage
- dladdr function added
- dynamic linker reports all errors instead of exiting on first error
- syscall wrappers added for most remaining linux syscalls
- provide POSIX O_SEARCH open mode using linux O_PATH

bug fixes:
- most atexit functions were being skipped when exiting
- some BSD functions were not being exposed under _BSD_SOURCE
- issues loading ssp-protected DSO into non-ssp program with dlopen

debloating:
- eliminate .eh_frame (10-15% loaded size bloat)
- optimal inline syscall asm for ARM and MIPS
- no longer force -O3 for shared libs



0.9.6 release notes

bug fixes:
- serious breakage in definition of O_ACCMODE mask (missing a bit)

new features:
- O_EXEC open mode
- md5 crypt hash function



0.9.7 release notes

new features:
- thread-local storage (__thread/_Thread_local)
- microblaze port
- getopt option parsing reset support
- vsyscall (sysenter, etc.) support on i386 (faster syscalls)
- memmem function (GNU extension)
- mips fenv support
- accept "nan(n-char-sequence)" in strtod/scanf family functions
- configure now supports compiling with pcc

quality and correctness improvements:
- close-on-exec flag for all library-internal file descriptors
- cancellation-safety and corner-case overhaul in shm_open/sem_open
- close EINTR vs EINPROGRESS issue
- mark binaries as not requiring executable stack
- better gdb compatibility in dynamic linker
- support recursive dlopen (dlopen called from constructors)
- posix_spawn/system/popen no longer momentarily double commit charge
- all stdio functions wait for locks

bug fixes:
- broken sysvipc *ctl functions on 64-bit archs
- broken shmdt on some archs
- getaddrinfo failure with port "0"
- dirname handling of trailing slash
- vfork race in posix_spawn



0.9.8 release notes

new features:
- powerpc port
- dl_iterate_phdr interface
- added mips-specific syscalls
- thread priority scheduling
- C11 CMPLX macro in complex.h
- x86 port io functions in sys/io.h

compatibility:
- improved headers for trace/debugging/machine-access
- stub functions for unsupported thread-related functionality

bug fixes:
- numerous math bugs (mostly exception flags and excess-precision issues)
- register clobber error in i386 vsyscall asm (did not affect most callers)
- various incorrect definitions in mips headers
- broken dlsym asm on mips
- empty prefix handling in configure script (--prefix="")
- ldso search path logic issues
- lock handling for stdio memory streams at exit time
- invalid SO_REUSEPORT definition in socket.h (not supported by Linux)
- broken redirection attempt to /dev/null in configure script



0.9.9 release notes

new features:
- tgamma implementation (no longer lgamma wrapper with low precision)
- various gnu extensions: sigandset, sigorset, etc.
- futimesat function (obsolete)
- various linux syscalls: arch_prctl, personality, etc.

optimizations:
- hyperbolic, inverse hyperbolic, and inverse trig, bessel functions
- is* comparison macros in math.h now expand inline properly

library bugs fixed:
- calling getenv from shared library ctors was broken
- invalid read in mmap-serviced aligned_alloc/memalign (possible crash)
- wrong errno result in fallback path of pipe2 
- various math functions raising spurious exceptions
- mmap errno value on invalid offsets
- backwards alignment logic in strlcpy
- integer overflows in bessel functions
- large (up to 60ulp) error in erfcf
- dlsym/dlclose crashing on invalid library handles
- failure to handle arch variations for cloexec/nonblock flags
- lio_listio wrong return value for LIO_WAIT mode
- dladdr failure to resolve PLT addresses
- time_t/struct tm conversion off-by-one-day in december
- malloc corruption on nonstandard kernels with non-page-aligned brk

arch-specific bugs fixed:
- arm ctors/dtors were not working with recent gcc versions
- arm and mips setjmp/longjmp wrongly saved/restored fenv state
- loss of precision in i386/x86_64 expl

header bugs fixed:
- incorrect PRI/SCN macros in inttypes.h for some types
- arm sys/user.h regressions
- failure of offsetof() to be an integer constant expression
- tgmath return value type problems

header compatibility improvements:
- _GNU_SOURCE now enables everything; _ALL_SOURCE also works
- scsi/scsi.h and scsi/sg.h are now provided
- additional MAP_* flags for mmap
- additional F_* commands and flags for fcntl
- additional socket option, IPPROTO_* values, and multicase macros
- thread-related waitpid flags
- EHWPOISON added to errno.h
- additional macros for mount, swap, and reboot operations
- expose additional link.h structures
- always ensure sizeof(NULL)==sizeof(void *), even in c++
- additional flags for poll, epoll, inotify, timerfd, timex, dlfcn
- register names in signal.h/ucontext.h for x86
- ipc.h ipc_perm nonstandard struct field name compatibility improve



0.9.10 release notes

new features:
- getifaddrs 
- pthread_getattr_np (widely used by garbage collectors)
- mkostemps, mkostemp, mkstemps functions (mkostemp is future-POSIX)
- strcasestr and strverscmp (previously stubs)

improvements:
- major performance improvements in mbtowc
- avoid filling caller-provided thread stacks with large TLS
- debloat unnecessary static buffers
- robust posix_spawn based on CLONE_VM instead of vfork
- new system() and popen() based on posix_spawn
- better strerror strings
- further emulation of atomic close-on-exec/nonblock options for old kernels
- provide macro constants for new-ish kernel features

compatibility:
- several nonstandard but widely-available pwd/grp/shadow functions
- program_invocation_[short_]name
- re-added useconds_t type used by some programs
- some legacy arpa headers
- dn_skipname function (legacy resolver API)
- additional ABI aliases for supporting glibc-linked libraries/binaries

general bugs fixed:
- stale locks and bogus munmap call when pthread_create fails
- uninitialized argument to munmap when dynlink load_library fails
- incorrect error returns in gethostby*_r
- memory leak in gethostbyname family
- blank ai_canonname in getaddrinfo for non-CNAME records
- undefined HZ macro in scsi/sg.h
- wrong return value for wmemmove on forward-copy
- namespace conformance in strings.h
- various utmp.h bugs
- unnecessary DT_SONAME in libc.so caused problems on some systems
- multiple bugs in syslog, some possibly dangerous
- non-functional setpriority function
- slight mishandling of 0xf5 byte in UTF-8 decoder
- misaligned memory accesses in mbsrtowcs

arch-specific bugs fixed:
- crash in shared library loading on arm
- missing __aeabi_atexit needed by arm eabi
- wrong float_t definition on x86_64
- various low-impact type size/alignment mismatches in some headers
- epoll struct alignment wrong on non-x86[_64] archs
- broken pipe2 fallback code on mips with old kernels



0.9.11 release notes

new features:
- %m allocation modifier for scanf
- week number and ISO week-based-year functionality in strftime
- per-process and per-thread cputime clocks
- ethernet address conversion interfaces
- legacy classful ipv4 network address interfaces
- minimal dlinfo function (nonstandard)

other improvements:
- dynamic linker path file can now use newlines to separate paths
- math optimizations for archs with extended precision (i386)
- musl-gcc wrapper now exposes gcc's intrinsic headers
- quality of rand and rand_r pseudo-random sequences
- support for large device minor numbers (greater than 8 bits)
- various header conformance and compatibility fixes

directly user-visible bugs fixed:
- scanf losing characters on unbuffered streams and fmemopen streams
- failure of mbsrtowcs to record stop position when dest is full
- failure of iconv to convert to legacy codepages
- non-working pthread_[sg]etschedparam functions (wrong syscall arguments)

other potentially-serious bugs fixed:
- resource leaks in sem_open
- various bugs in thread exit synchronization
- invalid access in aio notification after aiocb free/reuse
- synchronization in dynamic linker when new thread dlopens during ctors
- lack of error handling for failure to read dynamic linker path file
- creation by mmap or shmget of objects larger than PTRDIFF_MAX

minor conformance bugs fixed:
- overflow handling for the clock function
- workaround for incorrect exceptions in fma due to compiler bugs
- workaround wrong kernel type for sem_nsems field in struct semid_ds

arch-specific bugs fixed:
- x86_64 sigsetjmp clobbered the signal mask rather than saving it
- misaligned stack when calling ctors/dtors (crashing on x86_64)



0.9.12 release notes

new features:
- zoneinfo time zone support
- PIE support on all supported archs
- named sub-archs for endian and float ABI variants
- improved support for non-root installs of the dynamic linker
- ability to selectively build only performance-critical modules with -O3
- simple buffer overflow detection in free/realloc
- inet_ntop now presents v4-mapped addresses in ::ffff:a.b.c.d form
- ldd now reports libc and the dynamic linker in its output

compatibility:
- support for new init/fini array (needed for ctors/dtors on newer gcc)
- C++ ABI fully matches glibc/LSB, at least on x86
- many added ABI compatibility symbols for using glibc-linked libs
- support for STB_GNU_UNIQUE symbol bindings (found in some C++ libs)
- macros/types for new Linux kernel features in headers

bugs fixed:
- crashes in scanf on literal mismatches (regression from adding %m)
- dl_iterate_phdr was passing invalid phdr pointers to its callback
- getaddrinfo with null host and AF_UNSPEC was failing to report IPv6
- integer overflows in date/time conversion code
- misinterpretation of pre-1930s dates as post-2038 on 32-bit archs
- make install failed to install bits headers if make was not run first
- shm_open was wrongly cancellable
- low- or no-impact heap corruption in memalign
- explicitly running the dynamic linker on PIE programs did not work
- missing macros and sysconf for some supported POSIX option groups
- missing close-on-exec flags for several internal fd uses

arch-specific bugs:
- wrong SIG_ATOMIC_MIN/MAX macros on x86_64
- erfcl was missing on archs where long double is same as double
- broken dynamic-model TLS in static-linked arm/mips/powerpc programs



0.9.13 release notes

new features:
- iconv support for EUC-KR and Big5 (including HKSCS) encodings
- field widths (POSIX 2008 feature) in strftime
- recursive rpath and $ORIGIN support in dynamic linker
- cpu affinity interfaces
- support for armhf (hardfloat) floating point environment (fenv)
- support for SSE fenv on i386 (for apps using -mfpmath=sse -msse2)
- strftime %s format (seconds since the epoch, future POSIX requirement)
- configure script now saves its command line as a comment in config.mak
- legacy functions valloc and euidaccess

performance:
- optimized asm memcpy for arm
- optimized asm memset for i386 and x86_64
- optimized C versions of memcpy and memset for all archs
- eliminated major spurious syscalls from posix_spawn
- some math asm for armhf (hardfloat)

workarounds for:
- qemu-user's rt_sigaction syscall does not allow old to alias new
- qemu-user's madvise always succeeds (broke pthread_getattr_np)
- passing PT_INTERP to dlopen attempted to double-load libc
- gcc 4.8.x generating self-referential (infinite recursion) memcpy/memset
- linux's lack of support for fchdir, fchmod, fchown, fstat on O_PATH fds

bugs fixed:
- failure to honor flags for fchmodat and faccessat (linux syscall api flaws)
- SIGEV_THREAD timer id corruption and race condition issues
- timer thread TLS incorrectly keeping values from previous expiry run
- ecvt/fcvt decimal position off-by-one
- in symbol-versioned libs, symbol resolved to oldest instead of newest
- posix_spawn not correctly reporting errno from exec failure
- "make install" was not atomic (overwrote files rather than replacing)
- integer overflows in strftime
- unset/empty TZ variable was mishandled
- strftime could crash if the struct tm did not have valid tm_zone field
- failure of fenv functions to handle invalid arguments (required by ISO C)
- failure of some math functions (C and i386 asm) to raise underflow flag
- broken dn_expand function (previously not used internally)
- race conditions with signals during fork
- incorrect access check in mktemp (obsolete function)
- unnecessary arbitrary limits on size of program headers in dynamic loader
- text formatting bugs in output of err.h functions

arch-specific bugs:
- fesetenv(FE_DFL_ENV) crashed on i386
- breakage of arm crt code when libc is compiled as thumb
- arm/armhf (hardfloat) misidentified by configure
- ambiguity of wait (exit status) macros on mips with signal number 127
- wrong value of _NSIG and SIGRTMAX on mips



0.9.14 release notes

bugs fixed:
- failure to properly install dynamic linker with DESTDIR set (symlink wrong)
- rare deadlock in libc-internal locking routines
- dynamic linker used fallback paths wrongly on (possibly transient) errors
- popen broken when stdin or stdout was already closed in parent
- deadlock/memory-corruption in multithreaded set*id and setrlimit functions
- realpath failed when file was not readable
- readpath mistakenly had cancellation points in it
- crashes in scanf with invalid %m conversion specifiers
- misclassificiation of some invalid ld80 float representation in fpclassify
- various overflow and underflow flag issues in math functions
- domain handling errors for acoshf and acoshl
- wrong values for some sysconf properties
- lack of proper memory barriers on arm

mips-specific bugs:
- broken sysv ipc structures
- multiple stack-related bugs in clone, leading to crashes in parent or child
- overflow writing sigset_t in multithreaded set*id and setrlimit functions

other improvements:
- size and performance improvements to various math functions
- wait.h as a compatibility alias for sys/wait.h
- various header improvements
- support for runtime-variable page size on archs that need it (mainly mips)



0.9.15 release notes

new features:
- support for mixing IPv4 and v6 nameserver addresses in resolv.conf
- RFC 3678 multicast structures/macros in netinet/in.h
- putspent and fgetspent functions (shadow password API)
- timef function (obsolete, removed in POSIX 2008)
- fanotify syscalls (Linux-specific feature)
- semtimedop syscall (Linux-specific sysvipc extension)
- quotactl syscall and header (filesystem quotas support)
- drem and finite functions (obsolete BSD functions)
- getloadavg function (non-standard)
- herror function (non-standard and obsolete)
- libc.so now stores and prints its version information
- expose constants for new Linux features including O_TMPFILE
- implement FNM_LEADING_DIR option to fnmatch (GNU extension)
- posix_close function (accepted for inclusion in next POSIX issue)

bugs fixed:
- buffer overflow in mbsrtowcs
- clobbering of gr_name in getgrnam_r and getgrgid_r
- execle ignoring the environment argument
- setenv crash on malloc failure
- out-of-bounds access in fnmatch with FNM_PATHNAME and certain patterns
- failure of malloc to set errno when failing to extend heap
- incorrect errno value from getcwd with zero size
- spurious failure in faccessat with AT_EACCESS flag with suid/sgid programs
- several fd leaks due to missing close-on-exec flag
- misspellings/typos in macro names in several headers
- incorrect failure return value in inet_pton
- various numeric ip address parsing and validation fixes
- namespace conformance issues in several headers
- minor header issues
- zombie processes left by faccessat with AT_EACCESS
- timezone file parser failing/crashing on 64-bit archs
- hang in localtime with near-overflowing time_t values on 64-bit archs
- timezone path search was only trying first path
- incorrect handling of excessive-length TZ environment strings
- timezone file loading was wrongly enforcing O_NOFOLLOW/rejecting symlinks
- iswspace was wrongly returning true for the null character
- various bugs in wordexp
- putgrent could write corrupt lines after write failures
- dn_expand misinterpreted in-packet offsets greater than 255
- spurious strftime/wcsftime failure on len+1==bufsize case
- incorrect underflow flag in fma corner cases
- log*(0) wrongly returned +inf in downward-rounding mode
- failure of fchmod, fstat, fchdir, and fchown to produce EBADF

arch-specific bugs fixed:
- i386: failure of fesetround to set sse rounding mode
- i386: floating point limit constants misinterpreted due to excess precision
- powerpc: broken thread pointer access when compiled with clang
- microblaze: dynamic linker entry point code possibly clobbering argv

strict conformance issues:
- NULL definition re-aligned with POSIX (requires (void *) cast)
- alignment of math.h is* comparison functions with C11 annex F requirements



1.0.0 release notes

new features:
- support for mips softfloat ABI variant
- legacy setkey and encrypt API for DES
- support for BSD version of struct tcphdr in addition to GNU version
- added ipv6 and icmpv6 protocol lookups to getprotoent-family functions

new experimental ports:
- sh (SuperH)
- x32 (ILP32 ABI for x86_64)

compatibility:
- improved c89 compiler support in math.h
- eliminate some compiler warnings in public headers
- added some missing things for LFS64 APIs
- added fallback emulation of accept4 for older kernels

bugs fixed:
- buffer overflow in printf when printing smallest denormal exactly
- rounding errors in printf in some just-over-halfway cases
- posix_spawn did not accept null pid pointer (crashed)
- ftello gave incorrect result for unflushed append-mode streams
- mishandling of n=0 case in wcsxfrm (wild buffer overrun)
- possible system breakage during libc upgrade due to install.sh bugs
- nftw FTW_MOUNT flag prevented walking any directories at all
- ptsname/ptsname_r returned negated error codes
- getprotoent function returned junk after listing valid protocols
- wrong error code from readdir when the directory has been deleted
- various prototype/argument-type fixes, mostly to legacy functions
- various header namespace violations

arch-specific bugs fixed:
- fesetenv(FE_DFL_ENV) was broken on i386 and x86_64
- strerror(EDQUOT) did not work on mips
- recvmsg/sendmsg were broken on powerpc
- sysv ipc was broken on powerpc and mips
- statfs/statvfs were broken on mips
- sigaltstack was broken on mips



1.1.0 release notes

new features:
- relro memory protection in dynamic linker
- malloc can now extend heap with mmap if brk fails
- vdso clock_gettime/gettimeofday/time acceleration on x86_64
- thread/library-safe versions of search.h functions (nonstandard)
- getauxval function (nonstandard)
- sysconf extensions to query physical memory size

bugs fixed:
- floating point printf output corruption from carry into uninitialized slot
- possible runaway carry overflow in printf floating point
- printf %g failure to strip trailing zeros in some cases
- search past end of haystack in memmem
- off-by-one error in confstr return value
- crashes in some near-empty static programs that use stack protector
- deadlock race in pthread_once
- non-working clock_gettime fallback for old kernels

arch-specific bugs fixed:
- crash from missing syscall asm register clobbers on real microblaze kernel
- crash in all nontrivial dynamic linker use on microblaze
- incorrect rlimit constants on mips
- broken, possibly dangerous, use of getrlimit syscall on x32 in sysconf



1.1.1 release notes

new features:
- new options --preload and --library-path to dynamic linker
- public execvpe function (nonstandard extension)
- iconv support for cp437 and cp850

bugs fixed:
- false negatives with some periodic needles in strstr, wcsstr, and memmem
- crash on invalid zoneinfo files
- incorrect zero-padding of some outputs for strftime %s specifier
- misreporting of errors in configure script when $CC does not work at all
- treating not-yet-implemented strptime specifiers as errors

compatibility:
- configure now detects serious constant-folding bug in gcc 4.9.0
- removed __yield symbol (unused) that clashed with some compilers
- improvements to sysconf's handling of unsupported/invalid arguments

arch-specific bugs fixed:
- misdetection of superh ABI variant by configure on gcc 3.x
- missing SO_RCVBUFFORCE and SO_SNDBUFFORCE in mips socket.h
- build regression on armv6 and later with -mthumb



1.1.2 release notes

new features:
- multi-protocol matches (tcp and udp) in getaddrinfo
- support for AI_V4MAPPED and AI_ALL flags to getaddrinfo
- reverse name lookups from /etc/hosts
- reverse service lookups from /etc/services
- support for service aliases in /etc/services
- ipsec and tunneling protocols to getprotoent-family functions
- res_send, res_mkquery, res_querydomain, and dn_comp functions
- ipv6 scope id handling for link-local scope addresses
- previously-unimplemented %C and %y in strptime now work
- vdso clock_gettime acceleration on i386 (new kernel feature)
- better O_CLOEXEC/SOCK_CLOEXEC fallbacks for old kernels

bugs fixed:
- buffer overflow in dns response parsing (CVE-2014-3484)
- possible infinite loop in dns response parsing
- sendfile off_t 32/64-bit size mismatch
- incorrect end pointer in some cases when wcsrtombs stops early
- incorrect if_nametoindex return value when interface does not exist
- dummy "ent" function aliases that possibly shadowed real ones
- tmpfile fd leak on memory exhaustion
- getaddrinfo returning EAI_NONAME for some transient failures

arch-specific bugs fixed:
- broken kernel side RLIM_INFINITY on mips
- incorrect syscall argument 6/7 types for pselect on x32



1.1.3 release notes

new features:
- address sorting in getaddrinfo, etc. modeled on rfc 3484/6724
- default timezone taken from /etc/localtime when $TZ is unset
- getopt double-colon extension for optional arguments
- support for TLSDESC-based (gnu2) TLS dialect on i386 and x86_64
- sendmmsg/recvmmsg (linux-specific)
- fmtmsg (last mandatory XSI function that was missing)

compatibility:
- treat dns rcode=2 as temporary failure, not negative result
- working thread-pointer for pre-2.6 kernels on i386
- further ABI-compat symbols: __xmknod[at], __sysv_signal

bugs fixed:
- memmem false positives/false negatives/crashes from invalid logic
- gethostby*_r not setting result pointer to null on failure
- aliasing violations in syscall.h SYSLOG_NAMES feature
- fanotify_mark syscall arguments wrong

arch-specific bugs fixed:
- various subtle relocation bugs in powerpc and sh dynamic linker



1.1.4 release notes

new features:
- experimental locale support for LC_MESSAGES and LC_TIME
- non-stub gettext family functions for message translation
- or1k (OpenRISC 1000) port
- syslog options LOG_CONS and LOG_PERROR
- issetugid function (from OpenBSD)
- improved if_nameindex and getifaddrs functions

compatibility:
- work around bug #61144 in gcc 4.9.0 and 4.9.1
- support getauxval(AT_SECURE) even on kernels without AT_SECURE

bugs fixed:
- empty dynamic linker error messages (regression in 1.1.3)
- if_nameindex omitted unconfigured and ipv6-only interfaces
- incorrect return value for fwide function
- failure of wide printf/scanf functions to set wide orientation
- multiple issues in legacy function getpass
- dynamic linker did not accept colon as a separator for LD_PRELOAD
- errno clobber in syslog caused wrong output for %m specifier
- crash in regexec for nonzero nmatch argument with REG_NOSUB
- minor bugs in rarely-used nl_langinfo item lookups

arch-specific bugs fixed:
- broken relocations in mips dynamic linker (regression in 1.1.3)
- register state corruption in setjmp asm for microblaze
- broken struct stat st_ino field on microblaze
- broken struct stat st_dev field on big endian mips
- broken asm register constraints in atomics on powerpc
- missing barriers in atomics on mips, powerpc, microblaze, and sh



1.1.5 release notes

new features:
- full C11 coverage (threads, UTF-16/32 API, timespec_get, etc.)
- malloc_usable_size function (nonstandard)
- support for new F_OFD_* fcntl operations (linux 3.15, POSIX-future)
- new _DEFAULT_SOURCE feature test macro to request default profile

performance:
- private-futex support
- redesigned cond var implementation with major performance improvement
- tweaked spinning in userspace before performing futex waits

bugs fixed:
- failure of dn_expand to null-terminate name for crafted DNS packets
- corruption of cond var mutex state when switching mutexes
- use of uninitialized memory with application-provided thread stacks
- false ownership of orphaned mutexes due to tid reuse
- possible failure-to-wake for robust mutexes on owner death
- subtle errors in robust mutex unrecoverable status handling
- missing memory/compiler barrier spinning to obtain locks
- wrong behavior in various zero-length stdio operations
- buffer overflow in swab with odd argument
- incorrect sequence generation in the rand48 family of prng functions
- missing cancellation check in non-wait paths of sem_wait, pthread_join
- missing barrier in pthread_once fast path
- memory leak in regexec when input contains illegal sequence
- various parser bugs in regcomp
- wrong return value on overflow in some strtoul-family functions
- broken CPU_EQUAL macro in sched.h
- dlerror not working in static-linked programs
- mishandling of negative non-whole-hour TZ offsets
- incorrect case mappings for U+00DF
- namespace pollution via accidentally-non-static function named "dummy"
- missing __fpclassifyl and __signbitl definitions for ld64 archs



1.1.6 release notes

new features:
- getopt '-' flag for processing non-option arguments
- getopt_long argument permutation extension
- getopt_long abbreviated options
- ns_parserr and related DNS-packet-parsing functions
- fnmatch FNM_CASEFOLD extension
- support for translation of getopt error messages
- login_tty function (legacy)

performance:
- efficient atomics on armv7+ targets
- pthread_once shrink-wrapping of fast path

compatibility:
- baseline arm binaries now work on new cpus/kernels without kuser_helper
- dynamic linker now honors DT_RUNPATH without DT_RPATH (new binutils)
- arm asm is now compatible with clang's internal assembler
- suppress macro implementations of functions when headers are used in C++
- increased message length limit for syslog

bugs fixed:
- open ignored file creation mode argument for O_TMPFILE
- wrong printf formatting for %#.0o with value zero
- missing private state for uchar.h functions (null ps pointer)
- sched_getaffinity left uninitialized data in output bit array
- wrong return values for pthread_getaffinity_np and pthread_setaffinity_np
- buggy handling of multibyte option chars with arguments in getopt
- printf failed to report or stop on write errors
- printf failed to honor '+' modifier when printing NANs
- wcsnrtombs returned the wrong value in one code path
- syslog failed to check for connect error
- multi-threaded set*id() had spurious failures from ugly workaround code
- various minor header conformance bugs (signedness, constant expressions, ...)

arch-specific bugs fixed:
- on or1k, some syscalls with 64-bit arguments were broken (misaligned)
- usage of sahf instruction on x86_64 crashed on some early cpu models



1.1.7 release notes

new features:
- alternate passwd/group backend support via nscd protocol
- masked cancellation mode extension (experimental)
- aio cancellation
- aarch64 port (experimental)

performance:
- significant memset asm optimizations on i386 and x86_64

compatibility:
- suppress EINTR in semaphores for old kernels where futex restart is broken
- always set optarg in getopt_long
- support SOCK_RAW socket type in getaddrinfo
- report success instead of EINPROGRESS when close is interrupted

bugs fixed:
- multithreaded set*id() was not async-signal safe, had various race bugs
- getspnam_r returned results for partial username matches
- wordexp bad character checker mis-counted parentheses
- close on fd with pending aio could lead to file corruption
- old aio implementation had numerous conformance bugs
- malloc init code could deadlock due to race condition
- pthread_exit did not disable cancellation
- pthread_cond_wait could wrongly consume signal on cancellation
- execvp wrongly stopped path search on EACCESS
- fsync, fdatasync, and msync were not honored as cancellation points
- fchmodat was subject to fd leak race (missing O_CLOEXEC)
- fchmodat failed to report EOPNOTSUPP in race path
- passwd/group lookup functions had various minor error-reporting bugs
- isatty had false-positives/device-state-corruption for OSS sound devices
- configure script failed to detect gcc with translated messages
- FLT_ROUNDS macro failed to reflect rounding mode changes in fenv

arch-specific bugs fixed:
- mips fesetenv did not handle FE_DFL_ENV
- mips POLLWRNORM and POLLWRBAND macros had wrong values
- x32 pthread synchronization object type definitions were wrong
- powerpc minimum signal stack size was insufficient



1.1.8 release notes

bugs fixed:
- stack-based buffer overflow in inet_pton (CVE-2015-1817)
- regcomp crash/mem-corruption with illegal bytes after backslash
- regcomp wrongly allowed backrefs in ER
- regcomp miscompiled character class brace-repetitions
- regcomp wrongly processed \0 as an unmatchable backref
- new FLT_ROUNDS definition failed to work in C++ code

arch-specific bugs fixed:
- aarch64 was missing max_align_t definition



1.1.9 release notes

new features:
- ability to protect libc code itself with stack protector
- sigsetjmp now restores signal mask after restoring context, not before
- thread-local dlerror status/messages
- dlerror messages are no longer truncated
- diagnostics for constraint violations with ctype.h macros

optimizations:
- reduce cost of PIC on archs where PLT calls need a fixed GOT register
- spin locks no longer constantly invalidate cache lines while spinning
- code size reduction in static-linked TLS init

bugs fixed:
- failure to process robust mutexes on detached-thread exit
- possible memory corruption due to robust mutex list on detached-thread exit
- crash on memory exhaustion in getgr* internals
- misaligned memory accesses in static binaries with low-alignment TLS blocks
- multiple cases of wrongful path search continuation after transient failure
- small memory leak on failure of dlopen with RPATH $ORIGIN
- several small math bugs related to exception flags with non-finite args
- mmap leak in sem_open failure path for link call
- duplocale clobbered new locale struct with memcpy of old
- futimes crashed with null timeval argument

arch-specific bugs fixed:
- stack protector spuriously aborted after forking on x32
- stack protector spuriously aborted with flockfile on powerpc
- theoretically-possible clobbering of syscall return value on mips
- random thread-pointer setup failure on sh (uninitialized return value)
- possible crash in dlsym on sh due to incorrectly-computed branch target
- broken fesetenv(FE_DFL_ENV) on mips
- dynamic linker name for sh ignored fpu/nofpu and endianness
- various minor aarch64 bugs
- dangling pointers in x32 syscall timespec fixup code



1.1.10 release notes

new features:
- fail-safe (allocation-free) C locale for newlocale to return
- all locale categories track requested locale name
- rcrt1.o start file for static PIE

optimizations:
- inline atomics for sh4a
- removed heavy atomics from locale-related code paths
- removed global data accesses from CURRENT_LOCALE macro & callers
- dynamic linker stage 1 size reduction

compatibility:
- better configure detection of unsupported compiler options
- support for more relocation types in libc.so, not currently used
- iconv_open accepts "" and "CHAR" as aliases for native (UTF-8)
- additional LFS64 macros in sys/resource.h

regressions fixed:
- dynamic linker crash on NONE-type relocations (only mips affected)
- inability to build as thumb2 on arm
- failure to run under qemu-i386 user-level emulation
- inability to access globals from libc on powerpc
- PIE link errors in Scrt1.o under unusual usage on some archs

other bugs fixed:
- failure of ungetc/ungetwc to work on FILE streams in EOF state
- possible null pointer dereference in gettext
- possible initial stack misalignment on mips with PIE



1.1.11 release notes

new features:
- byte-based C locale
- vdso clock_gettime on arm
- musl-clang wrapper
- sh2 nommu target support

performance:
- major speed-up for dynamic linker symbol lookups with GNU hash

compatibility:
- strverscmp now matches GNU behavior in corner cases
- empty TZ environment variable gives GMT rather than system default
- reconnection on syslog server socket loss (syslogd restart)
- mmap fallback in simple_malloc when brk fails
- support for %m and %s with null pointers in wide printf variants
- call frame information in i386 asm for improved debugger support

bugs fixed:
- spurious errors from pwd/grp functions when nscd backend is absent
- possible invalid access on calloc with simple_malloc
- null pointer dereferences after calling uselocale((locale_t)0)
- erroneous support for cancellation in stdio caused data loss
- inconsistent handling of atexit called from atexit handler
- missing locking in error paths for ungetwc
- btowc mishandling of out-of-range non-EOF inputs
- negated return value of ns_skiprr, failure in related functions
- incorrect void return type for syncfs, missing error status
- possible failure of tempnam due to missing null termination
- negated tm_gmtoff field in struct tm
- off-by-one error in getsubopt leaving equals sign in value result

arch-specific bugs fixed:
- soft deadlocks on i386/x86_64 due to missing barrier in internal locks
- regression in arm pre-v7 support for kernels with kuser helper removed
- runaway PC on mips detached thread exit (due to kernel regression)
- mismatched ABI for local-dynamic model TLS on mips and powerpc
- incorrect value of some SO_* constants on mips
- broken 64-bit syscall argument passing on aarch64



1.1.12 release notes

new features:
- fdpic abi on sh2 for shareable text segment without mmu
- general fdpic elf support in dynamic linker
- CFI generation for x86_64 asm source files
- protection against silently building a libc.so with missing symbols

compatibility: