The latest musl source is always available via the git revision control system. Efforts are made to keep the master branch in a state that not only compiles and works, but that works at least as well or better than the latest release.
The following command can be used to checkout a copy of the musl git repository:
$ git clone git://git.musl-libc.org/musl
Source and revision history are also browsable online via cgit.
musl generally follows a time-based release cycle, with versions spaced roughly one to three months apart. Version numbering, however, is based on an evolving roadmap for particular compatibility and feature goals. Releases are timed so as to make fixes for major bugs available in release form as soon as possible while leaving ample time for testing after significant invasive changes.
See below for release notes summaries and download links.
This series is actively developed but intended for use in production environments as long as appropriate testing is performed, and should be preferred whenever there is a need for supporting an arbitrary, expanding set of packages or environments.
This release features significant overhauls in dynamic linking that now make it possible to build libc.so itself with stack protector hardening. Runtime dynamic linker error messages (dlerror) are now thread-local, and long path and symbol names in messages are no longer truncated. The sigsetjmp/siglongjmp functions have been redesigned to restore signal mask after restoring the context, rather than before, to prevent the possibility of unbounded stack growth when using siglongjmp to return from a signal handler while under heavy signal load. Global code size and performance improvements have been made for toolchains supporting protected visibility.
Various bugs have been fixed, including issues when detached threads exit with robust mutexes held, static TLS alignment errors, wrongful continuation of several path search operations after transient failures, two memory leaks, a crash on OOM, and significant malfunction of the duplocale function. Many arch-specific fixes were also made, including broken stack protector on powerpc and x32 and several issues on mips, sh, aarch64, and x32.
This series does not add new features and avoids changes that might affect building packages against musl or using applications in environments where they are already known to work. It is intended mostly for developers targetting a fixed profile of application software and kernel, such as in embedded development.
This maintenance release brings the 1.0 branch up to date with all important bug fixes that have been applied to mainline as of 1.1.8, including fixes for CVE-2015-1817 and many other bugs, some of which may also impact security. All users of earlier 1.0-series releases should patch or upgrade. This is likely to be the last release in the 1.0 series unless additional high or critical severity security bugs are found before the end of 2015.
Earlier versions of musl have been moved to a separate page.