The GNU C Library ================= The GNU C Library version 2.29 is now available. The GNU C Library is used as *the* C library in the GNU system and in GNU/Linux systems, as well as many other systems that use Linux as the kernel. The GNU C Library is primarily designed to be a portable and high performance C library. It follows all relevant standards including ISO C11 and POSIX.1-2008. It is also internationalized and has one of the most complete internationalization interfaces known. The GNU C Library webpage is at http://www.gnu.org/software/libc/ Packages for the 2.29 release may be downloaded from: http://ftpmirror.gnu.org/libc/ http://ftp.gnu.org/gnu/libc/ The mirror list is at http://www.gnu.org/order/ftp.html NEWS for version 2.29 ==================== * The getcpu wrapper function has been added, which returns the currently used CPU and NUMA node. This function is Linux-specific. * A new convenience target has been added for distribution maintainers to build and install all locales as directories with files. The new target is run by issuing the following command in your build tree: 'make localedata/install-locale-files', with an optional DESTDIR to set the install root if you wish to install into a non-default configured location. * Optimized generic exp, exp2, log, log2, pow, sinf, cosf, sincosf and tanf. * The reallocarray function is now declared under _DEFAULT_SOURCE, not just for _GNU_SOURCE, to match BSD environments. * For powercp64le ABI, Transactional Lock Elision is now enabled iff kernel indicates that it will abort the transaction prior to entering the kernel (PPC_FEATURE2_HTM_NOSC on hwcap2). On older kernels the transaction is suspended, and this caused some undefined side-effects issues by aborting transactions manually. Glibc avoided it by abort transactions manually on each syscall, but it lead to performance issues on newer kernels where the HTM state is saved and restore lazily (the state being saved even when the process actually does not use HTM). * The functions posix_spawn_file_actions_addchdir_np and posix_spawn_file_actions_addfchdir_np have been added, enabling posix_spawn and posix_spawnp to run the new process in a different directory. These functions are GNU extensions. The function posix_spawn_file_actions_addchdir_np is similar to the Solaris function of the same name. * The popen and system do not run atfork handlers anymore (BZ#17490). Although it is a possible POSIX violation, the POSIX rationale in pthread_atfork documentation regarding atfork handlers is to handle inconsistent mutex state after a fork call in a multi-threaded process. In both popen and system there is no direct access to user-defined mutexes. * Support for the C-SKY ABIV2 running on Linux has been added. This port requires at least binutils-2.32, gcc-9.0, and linux-4.20. Two ABIs are supported: - C-SKY ABIV2 soft-float little-endian - C-SKY ABIV2 hard-float little-endian * strftime's default formatting of a locale's alternative year (%Ey) has been changed to zero-pad the year to a minimum of two digits, like "%y". This improves the display of Japanese era years during the first nine years of a new era, and is expected to be harmless for all other locales (only Japanese locales regularly have alternative year numbers less than 10). Zero-padding can be overridden with the '_' or '-' flags (which are GNU extensions). * As a GNU extension, the '_' and '-' flags can now be applied to "%EY" to control how the year number is formatted; they have the same effect that they would on "%Ey". Deprecated and removed features, and other changes affecting compatibility: * The glibc.tune tunable namespace has been renamed to glibc.cpu and the tunable glibc.tune.cpu has been renamed to glibc.cpu.name. * The type of the pr_uid and pr_gid members of struct elf_prpsinfo, defined in <sys/procfs.h>, has been corrected to match the type actually used by the Linux kernel. This affects the size and layout of that structure on MicroBlaze, MIPS (n64 ABI only), Nios II and RISC-V. * For the MIPS n32 ABI, the type of the pr_sigpend and pr_sighold members of struct elf_prstatus, and the pr_flag member of struct elf_prpsinfo, defined in <sys/procfs.h>, has been corrected to match the type actually used by the Linux kernel. This affects the size and layout of those structures. * An archaic GNU extension to scanf, under which '%as', '%aS', and '%a[...]' meant to scan a string and allocate space for it with malloc, is now restricted to programs compiled in C89 or C++98 mode with _GNU_SOURCE defined. This extension conflicts with C99's use of '%a' to scan a hexadecimal floating-point number, which is now available to programs compiled as C99 or C++11 or higher, regardless of _GNU_SOURCE. POSIX.1-2008 includes the feature of allocating a buffer for string input with malloc, using the modifier letter 'm' instead. Programs using '%as', '%aS', or '%a[...]' with the old GNU meaning should change to '%ms', '%mS', or '%m[...]' respectively. Programs that wish to use the C99 '%a' no longer need to avoid _GNU_SOURCE. GCC's -Wformat warnings can detect most uses of this extension, as long as all functions that call vscanf, vfscanf, or vsscanf are annotated with __attribute__ ((format (scanf, ...))). Changes to build and runtime requirements: * Python 3.4 or later is required to build the GNU C Library. * On most architectures, GCC 5 or later is required to build the GNU C Library. (On powerpc64le, GCC 6.2 or later is still required, as before.) Older GCC versions and non-GNU compilers are still supported when compiling programs that use the GNU C Library. Security related changes: CVE-2018-19591: A file descriptor leak in if_nametoindex can lead to a denial of service due to resource exhaustion when processing getaddrinfo calls with crafted host names. Reported by Guido Vranken. CVE-2019-6488: On x32, the size_t parameter may be passed in the lower 32 bits of a 64-bit register with with non-zero upper 32 bit. When it happened, accessing the 32-bit size_t value as the full 64-bit register in the assembly string/memory functions would cause a buffer overflow. Reported by H.J. Lu. CVE-2016-10739: The getaddrinfo function could successfully parse IPv4 addresses with arbitrary trailing characters, potentially leading to data or command injection issues in applications. Release Notes ============= https://sourceware.org/glibc/wiki/Release/2.29 Contributors ============ This release was made possible by the contributions of many people. The maintainers are grateful to everyone who has contributed changes or bug reports. These include: Adhemerval Zanella Albert ARIBAUD (3ADEV) Alexandra Hájková Andreas K. Hüttel Andreas Schwab Anton Youdkevitch Arjun Shankar Assaf Gordon Aurelien Jarno Carlos O'Donell Charles-Antoine Couret DJ Delorie Darius Rad David S. Miller Dmitry V. Levin Florian Weimer Fredrik Noring Gabriel F. T. Gomes H.J. Lu Ilya Leoshkevich Ilya Yu. Malakhov Istvan Kurucsai Jim Wilson Joseph Myers Justus Winter Kemi Wang Leonardo Sandoval Mao Han Martin Jansa Martin Kuchta Martin Sebor Mingli Yu Moritz Eckert PanderMusubi Paul Clarke Paul Eggert Paul Pluzhnikov Pochang Chen Rafael Avila de Espindola Rafael Ávila de Espíndola Rafal Luzynski Rajalakshmi Srinivasaraghavan Rogerio Alves Samuel Thibault Sergi Almacellas Abellana Siddhesh Poyarekar Stefan Liebler Steve Ellcey Szabolcs Nagy TAMUKI Shoichi Tobias Klauser Tulio Magno Quites Machado Filho Uroš Bizjak Wilco Dijkstra Zack Weinberg Zong Li