This page contains links to obsolete versions of musl which are mostly of historical interest. Current versions and latest git links can be found on the main download page.
Versions 0.9.15 through 1.0.4 and 1.1.0 through 1.1.7 are affected by CVE-2015-1817 and should not be used without patching.
All versions prior to 1.1.16 are affected by CVE-2016-8859 and should not be used without patching.
Versions 1.1.2 through 1.1.16 are affected by CVE-2017-15650 and should not be exposed to untrusted nameservers without patching.
This release makes major internal changes to the way threads, dynamic thread-local storage, and multi-threaded set*id() work. There is now a global thread list that is complete and consistent whenever the lock protecting it can be obtained, including at the moment of kernel-level task exit, and the lock protocol is async-signal-safe. This allows set*id() to safely synchronize privilege change for all live threads without a /proc dependency which turned out to have fundamental race conditions. Availability of the thread list has also allowed dlopen to install new TLS for each thread at library load time, rather than deferring installation to first access, which improves global-dynamic model performance and eliminates working but theoretically-unsafe calls from the TLSDESC asm into C code when the TLSDESC model is used to access dynamic TLS.
Major changes have also been made to the dynamic linker's library dependency handling, for the purposes of correcting dlsym dependency-order resolution of symbols and providing dependency-order execution of shared library constructors. Calls to dlopen from multiple threads can now run ctors concurrently, serializing only on shared dependencies, and recursive calls to dlopen behave more correctly (believed to be to the maximum extent possible) with regard to non-deadlock and to ensuring that dependencies have been constructed.
Support for the priority inheritance mutex type has also been added, with the ability to create PI mutexes conditional on a probe for support by the kernel.
Notable regressions in sscanf and pthread_key_create introduced in 1.1.21 have also been fixed, along with various other bugs and minor conformance issues.
This release makes improvements with respect to default thread stack size, including increasing the default from 80k to 128k, increasing the default guard size from 4k to 8k, and allowing the default to be increased via ELF headers so that programs that need larger stacks can be build without source-level changes, using just LDFLAGS. Insufficient stack size for AIO threads on kernels that don't honor the constant MINSIGSTKSZ is also fixed.
The glob core has been rewritten to fix inability to see past searchable-but-unreadable path components, and to avoid excessive stack usage and unnecessary syscalls. The tsearch AVL tree implementation has also been rewritten for better size and performance. The math library adds more native single-instruction implementations for arm, s390x, powerpc, and x86_64.
Various bugs are fixed, including several possible deadlocks, one of which was a new regression in 1.1.20.
This release introduces the ability to replace/interpose the allocator (malloc) subject to certain restrictions, adds an experimental m68k port, and makes notable improvements to stdio (application-provided buffers), getaddrinfo (AI_ADDRCONFIG, support for IPv4-only kernel configurations), the dynamic linker (safety against dlopen of libraries using initial-exec TLS model, reclaiming unused memory on FDPIC archs, better dladdr results), and handling of default thread stack size (pthread_setattr_default_np now works more reliably).
Many bugs have been fixed, including potentially dangerous regressions in iconv (only for new conversions to legacy encodings) and visibly incorrect behavior in printf on non-x86 archs (%a format with precision specifier), in getopt_long_only when short options are a prefix for a long option, in complex arc-trig/hyperbolic functions, in strftime and mktime (timezone-specific issues), and numerous less-obvious places.
This release features major new iconv functionality including support for stateful encodings (so far, ISO-2022-JP and UTF-16/32 with BOM-determined endianness), conversion to JIS-based Japanese encodings (previously only from direction was supported), EBCDIC codesets (so far IBM1047), and DOS Cyrillic (CP866). Character data has been updated for alignment with Unicode 10.0. The fopencookie stdio extension function and strftime padding extensions have been added, and many smaller compatibility improvements and bug fixes have been made.
This release corrects regressions in glob() and armv4t build failure introduced in the previous release, and includes an important bug fix for posix_spawnp in the presence of a large PATH environment variable.
This release fixes numerous bugs affecting visible behavior and safety/internal consistency, including a stack-based buffer overflow in dns parsing and multiple sources of invalid memory accesses that may lead to crashes. See the release notes in WHATSNEW for details.
Many new features have also been added, including deferred symbol binding in the dynamic linker (RTLD_LAZY emulation), an option to overrid argv when running ldso to execute a program, support for starting new sessions via posix_spawn (POSIX_SPAWN_SETSID, accepted for standardization), and ability to query the active thread-local locale (via _NL_LOCALE_NAME extension). Improvements in compatibility with applications, build tools, and platforms have also been made.
This release fixes a serious under-allocation bug in regexec due to integer overflow (CVE-2016-8859) and related issues. Implementation-defined regex anchoring behavior in BRE subexpressions has also been changed to match other implementations. A bug causing all static-pie binaries with initialized TLS to crash at startup has been fixed. Overflow handling in printf has been overhauled to correctly handle obscure corner cases. Additional noteworthy bugs have been fixed in swprintf, strtod, getopt_long_only, and time conversion and zone handling. A major MIPS-specific regression in 1.1.15 that prevented tcsetattr from working at all has also been fixed.
A new port to s390x (64-bit S/390), header-level support for Linux 4.7, 4.8, and 4.9 features, and a facility to increase default thread stack size via pthread_setattr_default_np have also been added in this release, along with other minor features and compatibility improvements.
This release adds new 64-bit MIPS and PowerPC ports, soft-float ABI support for the 32-bit PowerPC arch, and support for revision 6 of the MIPS ISA (not backwards compatible with original MIPS). Serious bugs in memmem, ungetwc, and putenv have been fixed, as well as bug that could break thread-local storage on PowerPC depending on the compiler used to build musl, and a number of low-impact bugs in various interfaces. The pthread_tryjoin_np, pthread_timedjoin_np, and sched_getcpu extension functions, and header-level support for new Linux 4.5 and 4.6 features, have also been added, and the configure script now honors standard options for cross-compiling more correctly.
This release primarily fixes regressions that slipped into 1.1.13, including a significant stdio regression causing fputs and puts to fail on zero-length strings, ARM hard-float build failure on clang due to a compiler bug which is now detected and worked around, a hang at the entry point of the dynamic linker on SH/FDPIC, and make clean/make distclean no longer working in unconfigured trees. A minor longstanding bug in crypt-sha256/512 was also fixed, and further improvements to the build system have been made.
This release adds support for out-of-tree builds, search domains in resolv.conf, VDSO-accelerated clock_gettime on MIPS, and building SMP-safe/ready SH binaries for the open-hardware J2. Performance of atomics and synchronization primitives has been greatly improved on most "ll/sc model" RISC archs. Regex BRE now supports the widely-used extensions \|, \+, and \? and larger regular expressions are now supported. A number of minor application and toolchain compatibility improvements have also been made, including changes which reduce the risk of assembler and linker bugs leading to malfunctioning binaries.
Two potentially dangerous bugs have been fixed: a single-byte heap overflow in getdelim and a pointer indexing error in dynamic TLS allocation. Other bugs fixed include various issues in parsing and error handling for resolv.conf and related files, incorrect error return values for some functions, and failures to accept null pointer arguments in some functions for which they have defined behavior. Some arch-specific bugs affecting ARM, MIPS, and SH/FDPIC have also been fixed.
This release features arch-independent support for FDPIC, an ABI variant that allows text segment sharing without MMU by relaxing the usual ELF requirement that data reside at a fixed displacement relative to code, and arch-specific support for FDPIC on SH2. CFI (call frame information) generation support has also been added for x86_64 asm, improving debugging backtraces, especially when a program is stopped during a syscall.
Several toolchain and application compatibility improvements have been made, most notably in regards to the new byte-based C locale, where nl_langinfo(CODESET) now returns "ASCII" rather than "UTF-8-CODE-UNITS"; the latter broke many applications which assumed the returned string would be a meaningful, well-known character encoding name.
Bugs fixed include deadlock at exit when stdin or stdout was closed, a missing memory barrier in pthread_join, and minor corner case bugs in various interfaces.
This release introduces a new C locale aligned with future POSIX requirements, allowing it to be used for applying regex and other character-based operations to data which is not necessarily valid UTF-8. The C locale is only used when explicitly requested via environment variables or the application; default behavior is still governed by the C.UTF-8 locale, which operates on whole multibyte characters.
Support for musl's first NOMMU target, SH-2, is also added in this release, along with groundwork for future NOMMU targets. A new musl-clang compiler wrapper is provided to reuse a non-musl-targeted host clang for building programs against musl, as was already possible with gcc. Major performance enhancements have been made to the dynamic linker. On ARM systems that support it, the vdso is now used to accelerate clock_gettime. And debugger backtraces on i386 are improved by a newly-added script to auto-generate call frame information for asm source files.
The uselocale regression that slipped into the 1.1.10 release, as well as many non-critical bugs, have been fixed. Most of these only affected rarely-used interfaces or unusual usage cases. One significant x86[_64] bug that could lead to soft-deadlock in libc-internal locking, and multiple MIPS-, PowerPC-, ARM-, and AArch64-specific bugs, were also fixed.
This release fixes regressions introduced as part of the dynamic linker bootstrap overhaul in musl 1.1.9, and adds several new features and improvements. Internal cleanup and optimizations have been made to the locale system. A fail-safe/allocation-free locale_t object for the C locale is now available via newlocale(), and the iconv_open function now supports "" and "CHAR" as aliases for the native (UTF-8) encoding. A new crt start file, rcrt1.o, is provided for producing static-linked position independent executables (PIE). Minor PIE-related arch-specific bugs, and a bug in the ungetc and ungetwc stdio functions which caused them to fail on files in EOF status, have also been fixed.
A new regression in uselocale made it into this release. To avoid breaking programs that call uselocale, all users of musl 1.1.10 should apply the following patch:
This release features significant overhauls in dynamic linking that now make it possible to build libc.so itself with stack protector hardening. Runtime dynamic linker error messages (dlerror) are now thread-local, and long path and symbol names in messages are no longer truncated. The sigsetjmp/siglongjmp functions have been redesigned to restore signal mask after restoring the context, rather than before, to prevent the possibility of unbounded stack growth when using siglongjmp to return from a signal handler while under heavy signal load. Global code size and performance improvements have been made for toolchains supporting protected visibility.
Various bugs have been fixed, including issues when detached threads exit with robust mutexes held, static TLS alignment errors, wrongful continuation of several path search operations after transient failures, two memory leaks, a crash on OOM, and significant malfunction of the duplocale function. Many arch-specific fixes were also made, including broken stack protector on powerpc and x32 and several issues on mips, sh, aarch64, and x32.