-
glibc-2.23
The GNU C Library ================= The GNU C Library version 2.23 is now available. The GNU C Library is used as *the* C library in the GNU system and in GNU/Linux systems, as well as many other systems that use Linux as the kernel. The GNU C Library is primarily designed to be a portable and high performance C library. It follows all relevant standards including ISO C11 and POSIX.1-2008. It is also internationalized and has one of the most complete internationalization interfaces known. The GNU C Library webpage is at http://www.gnu.org/software/libc/ Packages for the 2.23 release may be downloaded from: http://ftpmirror.gnu.org/libc/ http://ftp.gnu.org/gnu/libc/ The mirror list is at http://www.gnu.org/order/ftp.html NEWS for version 2.23 ===================== * Unicode 8.0.0 Support: Character encoding, character type info, and transliteration tables are all updated to Unicode 8.0.0, using new and/or improved generator scripts contributed by Mike FABIAN (Red Hat). These updates cause user visible changes, such as the fixes for bugs 89, 16061, and 18568. * sched_setaffinity, pthread_setaffinity_np no longer attempt to guess the kernel-internal CPU set size. This means that requests that change the CPU affinity which failed before (for example, an all-ones CPU mask) will now succeed. Applications that need to determine the effective CPU affinities need to call sched_getaffinity or pthread_getaffinity_np after setting it because the kernel can adjust it (and the previous size check would not detect this in the majority of cases). * The fts.h header can now be used with -D_FILE_OFFSET_BITS=64. With LFS the following new symbols are used: fts64_children, fts64_close, fts64_open, fts64_read and fts64_set. * getaddrinfo now detects certain invalid responses on an internal netlink socket. If such responses are received, an affected process will terminate with an error message of "Unexpected error <number> on netlink descriptor <number>" or "Unexpected netlink response of size <number> on descriptor <number>". The most likely cause for these errors is a multi-threaded application which erroneously closes and reuses the netlink file descriptor while it is used by getaddrinfo. * A defect in the malloc implementation, present since glibc 2.15 (2012) or glibc 2.10 via --enable-experimental-malloc (2009), could result in the unnecessary serialization of memory allocation requests across threads. The defect is now corrected. Users should see a substantial increase in the concurent throughput of allocation requests for applications which trigger this bug. Affected applications typically create create and destroy threads frequently. (Bug 19048 was reported and analyzed by Ericsson.) * There is now a --disable-timezone-tools configure option for disabling the building and installing of the timezone related utilities (zic, zdump, and tzselect). This is useful for people who build the timezone data and code independent of the GNU C Library. * The obsolete header <regexp.h> has been removed. Programs that require this header must be updated to use <regex.h> instead. * The obsolete functions bdflush, create_module, get_kernel_syms, query_module and uselib are no longer available to newly linked binaries; the header <sys/kdaemon.h> has been removed. These functions and header were specific to systems using the Linux kernel and could not usefully be used with the GNU C Library on systems with version 2.6 or later of the Linux kernel. * Optimized string, wcsmbs and memory functions for IBM z13. Implemented by Stefan Liebler. * Newly linked programs that define a variable called signgam will no longer have it set by the lgamma, lgammaf and lgammal functions. Programs that require signgam to be set by those functions must ensure that they use the variable provided by the GNU C Library and declared in <math.h>, without defining their own copy. * The minimum GCC version that can be used to build this version of the GNU C Library is GCC 4.7. Older GCC versions, and non-GNU compilers, can still be used to compile programs using the GNU C Library. Security related changes: * An out-of-bounds value in a broken-out struct tm argument to strftime no longer causes a crash. Reported by Adam Nielsen. (CVE-2015-8776) * The LD_POINTER_GUARD environment variable can no longer be used to disable the pointer guard feature. It is always enabled. Previously, LD_POINTER_GUARD could be used to disable security hardening in binaries running in privileged AT_SECURE mode. Reported by Hector Marco-Gisbert. (CVE-2015-8777) * An integer overflow in hcreate and hcreate_r could lead to an out-of-bounds memory access. Reported by Szabolcs Nagy. (CVE-2015-8778) * The catopen function no longer has unbounded stack usage. Reported by Max. (CVE-2015-8779) * The nan, nanf and nanl functions no longer have unbounded stack usage depending on the length of the string passed as an argument to the functions. Reported by Joseph Myers. (CVE-2014-9761) * A stack-based buffer overflow was found in libresolv when invoked from libnss_dns, allowing specially crafted DNS responses to seize control of execution flow in the DNS client. The buffer overflow occurs in the functions send_dg (send datagram) and send_vc (send TCP) for the NSS module libnss_dns.so.2 when calling getaddrinfo with AF_UNSPEC family. The use of AF_UNSPEC triggers the low-level resolver code to send out two parallel queries for A and AAAA. A mismanagement of the buffers used for those queries could result in the response of a query writing beyond the alloca allocated buffer created by _nss_dns_gethostbyname4_r. Buffer management is simplified to remove the overflow. Thanks to the Google Security Team and Red Hat for reporting the security impact of this issue, and Robert Holiday of Ciena for reporting the related bug 18665. (CVE-2015-7547) The following bugs are resolved with this release: [89] localedata: Locales nb_NO and nn_NO should transliterate æøå [887] math: Math library function "logb" and "nextafter" inconsistent [2542] math: Incorrect return from float gamma (-0X1.FA471547C2FE5P+1) [2543] math: Incorrect return from float gamma (-0X1.9260DCP+1) [2558] math: Incorrect return from double gamma (-0X1.FA471547C2FE5P+1) [2898] libc: [improve] warning: the use of `mktemp' is dangerous, better use `mkstemp' [4404] localedata: German translation of "Alarm clock" is misleading [6799] math: nextafter() and nexttoward() doen't set errno on overflow/underflow errors [6803] math: scalb(), scalbln(), scalbn() do not set errno on overflow/underflow [10432] nis: _nss_nis_setnetgrent assertion failure [11460] libc: fts has no LFS support [12926] network: getaddrinfo()/make_request() may spin forever [13065] nptl: Race condition in pthread barriers [13690] nptl: pthread_mutex_unlock potentially cause invalid access [14341] dynamic-link: Dynamic linker crash when DT_JMPREL and DT_REL{,A} are not contiguous [14551] math: [ldbl-128ibm] strtold overflow handling for IBM long double [14912] libc: Rename non-installed bits/*.h headers [15002] libc: Avoid undefined behavior in posix_fallocate overflow check [15367] math: Let gcc use __builtin_isinf [15384] math: One constant fewer in ieee754/dbl-64/wordsize-64/s_finite.c [15421] math: lgamma wrongly sets signgam for ISO C [15470] math: [arm] On ARM llrintl() and llroundl() do not raise FE_INVALID with argument out of range [15491] math: [i386/x86_64] x86 nearbyint implementations wrongly clear all exceptions [15786] dynamic-link: ifunc resolver functions can smash function arguments [15918] math: Unnecessary check for equality in hypotf() [16061] localedata: Review / update transliteration data [16068] math: [i386/x86_64] x86 and x86_64 fesetenv exclude state they should include [16141] time: strptime %z offset restriction [16171] math: drem should be alias of remainder [16296] math: fegetround is pure? [16347] math: [ldbl-128ibm] ldbl-128/e_lgammal_r.c may not be suitable. [16364] libc: sleep may leave SIGCHLD blocked on sync cancellation on GNU/Linux [16399] math: [mips] lrint / llrint / lround / llround missing exceptions [16415] math: Clean up ldbl-128 / ldbl-128ibm expm1l for large positive arguments [16422] math: [powerpc] math-float, math-double failing llrint tests with "Exception "Inexact" set" on ppc32 [16495] localedata: nl_NL: date_fmt: shuffle year/month around [16517] math: Missing underflow exception from tanf/tan/tanl [16519] math: Missing underflow exception from sinhf [16520] math: Missing underflow exception from tanhf [16521] math: Missing underflow exception from exp2 [16620] math: [ldbl-128ibm] exp10l spurious overflows / bad directed rounding results [16734] stdio: fopen calls mmap to allocate its buffer [16961] math: nan function incorrect handling of bad sequences [16962] math: nan function unbounded stack allocation (CVE-2014-9761) [16973] localedata: Fix lang_lib/lang_term as per ISO 639-2 [16985] locale: localedef: confusing error message when opening output fails [17118] math: ctanh(INFINITY + 2 * I) returns incorrect value [17197] locale: Redundant shift character in iconv conversion output at block boundary [17243] libc: trunk/posix/execl.c:53: va_args problem ? [17244] libc: trunk/sysdeps/unix/sysv/linux/semctl.c:116: va_args muxup ? [17250] dynamic-link: static linking breaks nss loading (getaddrinfo/getpwnam/etc...) [17404] libc: atomic_exchange_rel lacking a barrier on MIPS16, GCC before 4.7? [17441] math: isnan() should use __builtin_isnan() in GCC [17514] nptl: Assert failure unlocking ERRORCHECK mutex after timedlock (related to lock elision) [17787] manual: Exponent on page 324 of the PDF ends prematurely [17886] time: strptime should be able to parse "Z" as a timezone with %z [17887] time: strptime should be able to parse "+01:00" style timezones [17905] libc: catopen() Multiple unbounded stack allocations (CVE-2015-8779) [18084] libc: backtrace (..., 0) dumps core on x86 [18086] libc: nice() sets errno to 0 on success [18240] libc: hcreate, hcreate_r should fail with ENOMEM if element count is too large (CVE-2015-8778) [18251] dynamic-link: SONAME missing when audit modules provides path [18265] libc: add attributes for wchar string and memory functions [18370] math: csqrt missing underflows [18421] libc: [hppa] read-only segment has dynamic relocations [18472] libc: Obsolete syscall wrappers should be compat symbols [18480] libc: hppa glibc miscompilation in sched_setaffinity() [18491] localedata: Update tr_TR LC_CTYPE as part of Unicode updates [18525] localedata: Remove locale timezone information [18560] libc: [powerpc] spurious bits/ipc.h definitions [18568] localedata: Update locale data to Unicode 8.0 [18589] locale: sort-test.sh fails at random [18595] math: ctan, ctanh missing underflows [18604] libc: assert macro-expands its argument [18610] math: S390: fetestexcept() reports any exception if DXC-code contains a vector instruction exception. [18611] math: j1, jn missing errno setting on underflow [18618] localedata: sync Chechen locale definitions with other *_RU locales [18647] math: powf(-0x1.000002p0, 0x1p30) returns 0 instead of +inf [18661] libc: Some x86-64 assembly codes don't align stack to 16 bytes [18665] network: In send_dg, the recvfrom function is NOT always using the buffer size of a newly created buffer (CVE-2015-7547) [18674] libc: [i386] trunk/sysdeps/i386/tst-auditmod3b.c:84: possible missing break ? [18675] libc: fpathconf(_PC_NAME_MAX) fails against large filesystems for 32bit processes [18681] libc: regexp.h is obsolete and buggy, and should be desupported [18699] math: tilegx cproj() for various complex infinities does not yield infinity [18724] libc: Harden put*ent functions against data injection [18743] nptl: PowerPC: findutils testcase fails with --enable-lock-elision [18755] build: build errors with -DNDEBUG [18757] stdio: fmemopen fails to set errno on failure [18778] dynamic-link: ld.so crashes if failed dlopen causes libpthread to be forced unloaded [18781] libc: openat64 lacks O_LARGEFILE [18787] libc: [hppa] sysdeps/unix/sysv/linux/hppa/bits/atomic.h:71:6: error: can’t find a register in class ‘R1_REGS’ while reloading ‘asm’ [18789] math: [ldbl-128ibm] sinhl inaccurate near 0 [18790] math: [ldbl-128ibm] tanhl inaccurate [18795] libc: stpncpy fortification misses buffer lengths that are statically too large [18796] build: build fails for --disable-mathvec [18803] math: hypot missing underflows [18820] stdio: fmemopen may leak memory on failure [18823] math: csqrt spurious underflows [18824] math: fma spurious underflows [18825] math: pow missing underflows [18857] math: [ldbl-128ibm] nearbyintl wrongly uses signaling comparisons [18868] nptl: pthread_barrier_init typo has in-theory-undefined behavior [18870] build: sem_open.c fails to compile with missing symbol FUTEX_SHARED [18872] stdio: Fix memory leak in printf_positional [18873] libc: posix_fallocate overflow check ineffective [18875] math: Excess precision leads incorrect libm [18877] libc: arm: mmap offset regression [18887] libc: memory corruption when using getmntent on blank lines [18918] localedata: hu_HU: change time to HH:MM:SS format [18921] libc: Regression: extraneous stat() and fstat() performed by opendir() [18928] dynamic-link: LD_POINTER_GUARD is not ignored for privileged binaries (CVE-2015-8777) [18951] math: tgamma missing underflows [18952] math: [ldbl-128/ldbl-128ibm] lgammal spurious "invalid", incorrect signgam [18953] localedata: lt_LT: change currency symbol to the euro [18956] math: powf inaccuracy [18961] math: [i386] exp missing underflows [18966] math: [i386] exp10 missing underflows [18967] math: math.h XSI POSIX namespace (gamma, isnan, scalb) [18969] build: multiple string test failures due to missing locale dependencies [18970] libc: Reference of pthread_setcancelstate in libc.a [18977] math: float / long double Bessel functions not in XSI POSIX [18980] math: i386 libm functions return with excess range and precision [18981] math: i386 scalb*, ldexp return with excess range and precision [18982] stdio: va_list and vprintf [18985] time: Passing out of range data to strftime() causes a segfault (CVE-2015-8776) [19003] math: [x86_64] fma4 version of pow inappropriate contraction [19007] libc: FAIL: elf/check-localplt with -z now and binutils 2.26 [19012] locale: iconv_open leaks memory on error path [19016] math: clog, clog10 inaccuracy [19018] nptl: Mangle function pointers in tls_dtor_list [19032] math: [i386] acosh (-qNaN) spurious "invalid" exception [19046] math: ldbl-128 / ldbl-128ibm lgamma bad overflow handling [19048] malloc: malloc: arena free list can become cyclic, increasing contention [19049] math: [powerpc] erfc incorrect zero sign [19050] math: [powerpc] log* incorrect zero sign [19058] math: [x86_64] Link fail with -fopenmp and -flto [19059] math: nexttoward overflow incorrect in non-default rounding modes [19071] math: ldbl-96 lroundl incorrect just below powers of 2 [19074] network: Data race in _res_hconf_reorder_addrs [19076] math: [ldbl-128ibm] log1pl (-1) wrong sign of infinity [19077] math: [ldbl-128ibm] logl (1) incorrect sign of zero result [19078] math: [ldbl-128ibm] expl overflow incorrect in non-default rounding modes [19079] math: dbl-64/wordsize-64 lround based on llround incorrect for ILP32 [19085] math: ldbl-128 lrintl, lroundl missing exceptions for 32-bit long [19086] manual: posix_fallocate64 documented argument order is wrong. [19088] math: lround, llround missing exceptions close to overflow threshold [19094] math: lrint, llrint missing exceptions close to overflow threshold [19095] math: dbl-64 lrint incorrect for 64-bit long [19122] dynamic-link: Unnecessary PLT relocations in librtld.os [19124] dynamic-link: ld.so failed to build with older assmebler [19125] math: [powerpc32] llroundf, llround incorrect exceptions [19129] dynamic-link: [arm] Concurrent lazy TLSDESC resolution can crash [19134] math: [powerpc32] lround, lroundf spurious exceptions [19137] libc: i386/epoll_pwait.S doesn't support cancellation [19143] nptl: Remove CPU set size checking from sched_setaffinity, pthread_setaffinity_np [19156] math: [ldbl-128] j0l spurious underflows [19164] nptl: tst-getcpu fails with many possible CPUs [19168] math: math/test-ildoubl and math/test-ldouble failure [19174] nptl: PowerPC: TLE enabled pthread mutex performs poorly. [19178] dynamic-link: ELF_RTYPE_CLASS_EXTERN_PROTECTED_DATA confuses prelink [19181] math: [i386/x86_64] fesetenv (FE_DFL_ENV), fesetenv (FE_NOMASK_ENV) do not clear SSE exceptions [19182] malloc: malloc deadlock between ptmalloc_lock_all and _int_new_arena/reused_arena [19189] math: [ldbl-128] log1pl (-qNaN) spurious "invalid" exception [19201] math: dbl-64 remainder incorrect sign of zero result [19205] math: bits/math-finite.h conditions do not match math.h and bits/mathcalls.h [19209] math: bits/math-finite.h wrongly maps ldexp to scalbn [19211] math: lgamma functions do not set signgam for -ffinite-math-only for C99-based standards [19212] libc: features.h not -Wundef clean [19213] math: [i386/x86_64] log* (1) incorrect zero sign for -ffinite- math-only [19214] libc: Family and model identification for AMD CPU's are incorrect. [19219] libc: GLIBC build fails for ia64 with missing __nearbyintl [19228] math: [powerpc] nearbyint wrongly clears "inexact", leaves traps disabled [19235] math: [powerpc64] lround, lroundf, llround, llroundf spurious "inexact" exceptions [19238] math: [powerpc] round, roundf spurious "inexact" for integer arguments [19242] libc: strtol incorrect in Turkish locales [19243] malloc: reused_arena can pick an arena on the free list, leading to an assertion failure and reference count corruption [19253] time: tzset() ineffective when temporary TZ did not include DST rules [19266] math: strtod ("NAN(I)") incorrect in Turkish locales [19270] math: [hppa] Shared libm missing __isnanl [19285] libc: [hppa] sysdeps/unix/sysv/linux/hppa/bits/mman.h: missing MAP_HUGETLB and MAP_STACK defines [19313] nptl: Wrong __cpu_mask for x32 [19347] libc: grantpt: try to force a specific gid even without pt_chown [19349] math: [ldbl-128ibm] tanhl inaccurate for small arguments [19350] math: [ldbl-128ibm] sinhl spurious overflows [19351] math: [ldbl-128ibm] logl inaccurate near 1 [19363] time: x32: times() return value wrongly truncates/sign extends from 32bit [19367] dynamic-link: Improve branch prediction on Silvermont [19369] network: Default domain name not reset by res_ninit when "search" / "domain" entry is removed from resolv.conf [19375] math: powerpc: incorrect results for POWER7 logb with negative subnormals [19385] localedata: bg_BG: time separator should be colon, not comma [19408] libc: linux personality syscall wrapper may erroneously return an error on 32-bit architectures [19415] libc: dladdr returns wrong names on hppa [19432] libc: iconv rejects redundant escape sequences in IBM900, IBM903, IBM905, IBM907, and IBM909 [19439] math: Unix98 isinf and isnan functions conflict with C++11 [19443] build: build failures with -DDEBUG [19451] build: Make check fails on test-double-vlen2 [19462] libc: Glibc failed to build with -Os [19465] math: Wrong code with -Os [19466] time: time/tst-mktime2.c is compiled into an infinite loop with -Os [19467] string: Fast_Unaligned_Load needs to be enabled for Excavator core CPU's. [19475] libc: Glibc 2.22 doesn't build on sparc [PATCH] [19486] math: S390: Math tests fail with "Exception Inexact set". [19529] libc: [ARM]: FAIL: stdlib/tst-makecontext [19550] libc: [mips] mmap negative offset handling inconsistent with other architectures [19590] math: Fail to build shared objects that use libmvec.so functions. Contributors ============ This release was made possible by the contributions of many people. The maintainers are grateful to everyone who has contributed changes or bug reports. These include: Adhemerval Zanella Alan Modra Amit Pawar Andreas Schwab Andrew Bennett Andrew Senkevich Andrew Stubbs Anton Blanchard Arjun Shankar Arslanbek Astemirov Aurelien Jarno Brett Neumeier Carlos Eduardo Seo Carlos O'Donell Chris Metcalf Chung-Lin Tang Damyan Ivanov Daniel Marjamäki David Kastrup David Lamparter David S. Miller Dmitry V. Levin Egmont Koblinger Evert Flavio Cruz Florian Weimer Gabriel F. T. Gomes Geoffrey Thomas Gleb Fotengauer-Malinovskiy Gunnar Hjalmarsson H.J. Lu Helge Deller James Perkins John David Anglin Joseph Myers Justus Winter Khem Raj Ludovic Courtès Maciej W. Rozycki Manolis Ragkousis Marcin Kościelnicki Mark Wielaard Marko Myllynen Martin Sebor Maxim Ostapenko Mike FABIAN Mike Frysinger Namhyung Kim Ondrej Bilka Ondřej Bílka Paul E. Murphy Paul Eggert Paul Murphy Paul Pluzhnikov Petar Jovanovic Phil Blundell Rajalakshmi Srinivasaraghavan Rasmus Villemoes Richard Henderson Rob Wu Roland McGrath Samuel Thibault Siddhesh Poyarekar Stan Shebs Stefan Liebler Steve Ellcey Szabolcs Nagy Thomas Schwinge Torvald Riegel Tulio Magno Quites Machado Filho Vincent Bernat Wilco Dijkstra Zack Weinberg
-
glibc-2.24
The GNU C Library ================= The GNU C Library version 2.24 is now available. The GNU C Library is used as *the* C library in the GNU system and in GNU/Linux systems, as well as many other systems that use Linux as the kernel. The GNU C Library is primarily designed to be a portable and high performance C library. It follows all relevant standards including ISO C11 and POSIX.1-2008. It is also internationalized and has one of the most complete internationalization interfaces known. The GNU C Library webpage is at http://www.gnu.org/software/libc/ Packages for the 2.24 release may be downloaded from: http://ftpmirror.gnu.org/libc/ http://ftp.gnu.org/gnu/libc/ The mirror list is at http://www.gnu.org/order/ftp.html NEWS for version 2.24 ===================== * The minimum Linux kernel version that this version of the GNU C Library can be used with is 3.2, except on i[4567]86 and x86_64, where Linux kernel version 2.6.32 or later suffices (on architectures that already required kernel versions more recent than 3.2, those requirements remain unchanged). Linux 3.2 or later kernel headers are required on all architectures. * The pap_AN locale has been deleted. This has been deprecated for a long time. It has been replaced by pap_AW & pap_CW, both of which have long been included in previous releases. * The readdir_r and readdir64_r functions have been deprecated. It is recommended to use readdir and readdir64 instead. * The type “union wait” has been removed. It was deprecated in the early 1990s and never part of POSIX. Application code should use the int type instead of “union wait”. * A new NSS action is added to facilitate large distributed system administration. The action, MERGE, allows remote user stores like LDAP to be merged into local user stores like /etc/groups in order to provide easy to use, updated, and managed sets of merged credentials. The new action can be used by configuring it in /etc/nsswitch.conf: group: files [SUCCESS=merge] nis Implemented by Stephen Gallagher (Red Hat). * The deprecated __malloc_initialize_hook variable has been removed from the API. * The long unused localedef --old-style option has been removed. It hasn't done anything in over 16 years. Scripts using this option can safely drop it. * nextupl, nextup, nextupf, nextdownl, nextdown and nextdownf are added to libm. They are defined by TS 18661 and IEEE754-2008. The nextup functions return the next representable value in the direction of positive infinity and the nextdown functions return the next representable value in the direction of negative infinity. These are currently enabled as GNU extensions. Security related changes: * An unnecessary stack copy in _nss_dns_getnetbyname_r was removed. It could result in a stack overflow when getnetbyname was called with an overly long name. (CVE-2016-3075) * Previously, getaddrinfo copied large amounts of address data to the stack, even after the fix for CVE-2013-4458 has been applied, potentially resulting in a stack overflow. getaddrinfo now uses a heap allocation instead. Reported by Michael Petlan. (CVE-2016-3706) * The glob function suffered from a stack-based buffer overflow when it was called with the GLOB_ALTDIRFUNC flag and encountered a long file name. Reported by Alexander Cherepanov. (CVE-2016-1234) * The Sun RPC UDP client could exhaust all available stack space when flooded with crafted ICMP and UDP messages. Reported by Aldy Hernandez' alloca plugin for GCC. (CVE-2016-4429) * The IPv6 name server management code in libresolv could result in a memory leak for each thread which is created, performs a failing naming lookup, and exits. Over time, this could result in a denial of service due to memory exhaustion. Reported by Matthias Schiffer. (CVE-2016-5417) The following bugs are resolved with this release: [1170] localedata: ne_NP: update Nepali locale definition file [3629] manual: stpcpy description in string.texi refers to MS-DOG instead of MS-DOS. [6527] malloc: [powerpc] Malloc alignment insufficient for PowerPC [6796] math: fdim() does not set errno on overflow [10354] libc: posix_spawn should use vfork() in more cases than presently [11213] localedata: localedata: add copyright disclaimer to locale files [12143] localedata: chr_US: new Cherokee locale [12450] localedata: sgs_LT: new locale [12676] localedata: ln_CD: new locale [13237] localedata: LC_ADDRESS.country_name: update all locales w/latest CLDR data [13304] math: fma, fmaf, fmal produce wrong results [14259] build: --localedir arg to configure is ignored [14499] nptl: Does posix_spawn invoke atfork handlers / use vfork? [14750] libc: Race condition in posix_spawn vfork usage vs signal handlers [14934] localedata: es_CL: wrong first weekday chilean locale [15262] localedata: LC_MESSAGES.yesexpr/noexpr: inconsistent use of romanisation [15263] localedata: LC_MESSAGES.yesexpr/noexpr: inconsistent use of 1/0 and +/- [15264] localedata: LC_MESSAGES.yesstr/nostr: lacking in many locales [15368] nptl: raise() is not async-signal-safe [15479] math: ceil, floor, round and trunc raise inexact exception [15578] localedata: kk_KZ: various updates [16003] localedata: pap_AN: punt old locale [16137] localedata: iw_IL: punt old locale [16190] localedata: eo: new esperanto locale [16374] localedata: lv_LV: change currency symbol in LC_MONETARY to euro [16742] malloc: race condition: pthread_atfork() called before first malloc() results in unexpected locking behaviour/deadlocks [16975] localedata: LC_MESSAGES.yesexpr/noexpr: revisit capitalization in all locales [16983] localedata: postal_fmt does not allow %l and %n modifiers [17565] localedata: pt_PT: wrong (work-)week start [17899] math: [powerpc] floorl returns negative zero with FE_DOWNWARD [17950] build: Build fails with -msse [18205] localedata: be_BY*: wrong first_weekday and first_workday [18433] libc: posix_spawn does not return correctly upon failure to execute [18453] localedata: charmaps/IBM875: incorrect codes [18712] string: bits/string2.h incompatible with -O2 -Werror=packed -Wsystem-headers [18896] localedata: he_IL: improvements for currency [18911] localedata: ro_RO: Correcting week day name for "Tuesday" in Romanian locale data [18960] locale: s390: _nl_locale_subfreeres uses larl opcode on misaligned symbol [19056] libc: Deprecate readdir_r [19133] localedata: pt_*: days & months should be lowercase in Portuguese language [19198] localedata: nl_NL: small improvements for Dutch locales [19257] network: Per-thread memory leak in __res_vinit with IPv6 nameservers (CVE-2016-5417) [19269] build: tst-audit4 and tst-audit10 failures with gcc-6 on non avx machine [19400] locale: Language missing in "iso-639.def", trivial fix in description [19431] malloc: Deadlock between fflush, getdelim, and fork [19505] libc: Incorrect file descriptor validity checks in posix_spawn_file_actions_add{open,close,dup2} [19509] dynamic-link: dlsym, dlvsym do not report errors through dlerror when using RTLD_NEXT [19512] locale: Stale `#ifndef HAVE_BUILTIN_EXPECT' in `intl/{gettextP,loadinfo}.h' [19534] libc: execle, execlp may use malloc [19568] localedata: *_CH: Swiss locales have inconsistent start of week [19573] network: res_nclose and __res_maybe_init disagree about name server initialization, breaking Hesiod [19575] localedata: Status of GB18030 tables [19581] localedata: sr_* date_fmt string contains additional newline [19583] string: SSSE3_Fast_Copy_Backward flag needs to be enabled for AMD Excavator core [19592] math: [ldbl-128ibm] ceill incorrect in non-default rounding modes [19593] math: [ldbl-128ibm] truncl incorrect in non-default rounding modes [19594] math: [ldbl-128ibm] roundl incorrect in non-default rounding modes [19595] math: [ldbl-128ibm] fmodl incorrect for results in subnormal double range [19602] math: [ldbl-128ibm] fmodl handling of equal arguments with low part zero incorrect [19603] math: [ldbl-128ibm] remainderl, remquol incorrect sign handling in equality tests [19610] dynamic-link: ldconfig -X removes stale symbolic links [19613] libc: s390x (64 bit) macro expansion WCOREDUMP and others [19633] locale: strfmon_l applies global locale to number formatting [19642] network: Memory leak in getnameinfo [19648] libc: test-skeleton.c: Do not set RLIMIT_DATA [19653] libc: Potential for NULL pointer dereference (CWE-476) in glibc-2.22 [19654] math: [x86_64] Need testcase for BZ #19590 fix [19671] localedata: Missing Sanity Check for malloc() in 'tst-fmon.c' & 'tst-numeric.c' [19674] math: [ldbl-128ibm] powl incorrect overflow handling [19677] math: [ldbl-128ibm] remainderl equality test incorrect for zero low part [19678] math: [ldbl-128ibm] nextafterl, nexttowardl incorrect sign of zero result [19679] dynamic-link: gcc-4.9.3 C++ exception handling broken due to unaligned stack [19726] locale: Converting UCS4LE to INTERNAL with iconv() does not update pointers and lengths in error-case. [19727] locale: Converting from/to UTF-xx with iconv() does not always report errors on UTF-16 surrogates values. [19755] nscd: nscd assertion failure in gc [19758] dynamic-link: Typo in EXTRA_LD_ENVVARS for x86-64 [19759] libc: mempcpy shouldn't be inlined [19762] dynamic-link: HAS_CPU_FEATURE/HAS_ARCH_FEATURE are easy to misuse [19765] libc: s390 needs an optimized mempcpy [19779] glob: glob: buffer overflow with GLOB_ALTDIRFUNC due to incorrect NAME_MAX limit assumption (CVE-2016-1234) [19783] build: benchtests don't support --enable-hardcoded-path-in-tests [19787] network: Missing and incorrect truncation checks in getnameinfo [19790] math: [ldbl-128ibm] nearbyintl incorrect in non-default rounding modes [19791] network: Assertion failure in res_query.c with un-connectable name server addresses [19792] libc: MIPS: backtrace yields infinite backtrace with makecontext [19822] math: libm.so install clobbers old version [19825] network: resolv: send_vc can return uninitialized data in second response to getaddrinfo [19830] network: nss_dns: should check RDATA length against buffer length [19831] network: nss_dns: getaddrinfo returns uninitialized data when confronted with A/AAAA records of invalid size [19837] nss: nss_db: No retries for some long lines with a larger buffer [19848] math: powl(10,n) for n=-4,-5,-6,-7 is off by more than 1 ULP [19853] stdio: Printing IBM long double in decimal with high precision is sometimes incorrect [19860] build: x86_64: compile errors for tst-audit10 and tst-auditmod10b [19861] nptl: libpthread IFUNC resolver for fork can lead to crash [19862] network: resolv, nss_dns: Remove remaining logging of unexpected record types [19865] network: Assertion failure or memory leak in _nss_dns_getcanonname_r [19868] network: nss_dns: netent code does not skip over non-PTR records [19879] network: nss_dns: Stack overflow in getnetbyname implementation (CVE-2016-3075) [19881] string: Improve x86-64 memset [19907] string: Incorrect memcpy tests [19916] dynamic-link: S390: fprs/vrs are not saved/restored while resolving symbols [19925] libc: termios.h XCASE namespace [19928] string: memmove-vec-unaligned-erms.S is slow with large data size [19929] libc: limits.h NL_NMAX namespace [19931] stdio: Memory leak in vfprintf [19957] libc: clone(CLONE_VM) access invalid parent memory [19963] localedata: en_IL: New locale [19989] stdio: stdio.h cuserid namespace [19994] network: getaddrinfo does not restore RES_USE_INET6 flag in gethosts [19996] locale: langinfo.h nl_langinfo_l namespace [20005] stdio: fflush on a file opened with fmemopen resets position to 0 [20010] network: getaddrinfo: Stack overflow in hostent translation (CVE-2016-3706) [20012] stdio: libio: fmemopen append mode failure [20014] stdio: stdio.h namespace for pre-threads POSIX [20017] network: resolv: Use gmtime_r instead of gmtime in p_secstodate [20023] libc: fcntl.h timespec namespace [20024] math: [x86_64] vectorized sincos trashes the stack [20031] network: nss_hesiod: Heap overflow in get_txt_records [20041] time: sys/time.h timespec namespace [20043] libc: unistd.h missing cuserid for UNIX98 and before [20044] libc: unistd.h missing pthread_atfork for UNIX98 [20051] libc: ttyslot in wrong header under wrong conditions [20054] libc: gethostname not declared for XPG4 [20055] libc: termios.h missing tcgetsid for XPG4 [20072] dynamic-link: x86 init_cpu_features is called twice in static executable [20073] libc: sys/stat.h fchmod namespace [20074] libc: stdlib.h rand_r namespace [20076] libc: sys/stat.h missing S_IFSOCK, S_ISSOCK for XPG4 [20094] libc: stdlib.h should not declare grantpt, ptsname, unlockpt for XPG3 [20111] libc: struct sockaddr_storage cannot be aggregate-copied [20112] network: sunrpc: stack (frame) overflow in Sun RPC clntudp_call (CVE-2016-4429) [20115] string: Extra alignment in memset-vec-unaligned-erms.S [20119] libc: Wrong mask for processors level type from CPUID [20139] dynamic-link: Upper part of zmm is zeroed if Glibc is built with AS not supporting AVX512 [20151] math: [ldbl-128/ldbl-128ibm] j0l, j1l, y0l, y1l return sNaN for sNaN argument [20153] math: [ldbl-128ibm] sqrtl (sNaN) returns sNaN [20156] math: [ldbl-128ibm] ceill, rintl etc. return sNaN for sNaN argument [20157] math: [powerpc] fabsl (sNaN) wrongly raises "invalid" [20160] math: [powerpc] ceil, rint etc. return sNaN for sNaN input [20178] libc: posix_spawn{p} should not call exit [20191] stdio: libio: vtables hardening [20195] string: FMA4 detection requires CPUID execution with register eax=0x80000001 [20198] libc: quick_exit incorrectly destroys C++11 thread objects. [20205] math: [i386/x86_64] nextafterl incorrect incrementing negative subnormals [20212] math: acos (sNaN) returns sNaN [20213] math: asin (sNaN) returns sNaN [20214] network: Linux header sync with linux/in6.h and ipv6.h again. [20218] math: [i386] asinhl (sNaN) returns sNaN [20219] math: [i386] atanhl (sNaN) returns sNaN [20222] stdio: fopencookie: Mangle function pointers [20224] math: [i386] cbrtl (sNaN) returns sNaN [20225] math: ldexp, scalbn, scalbln return sNaN for sNaN input [20226] math: [i386/x86_64] expl, exp10l, expm1l return sNaN for sNaN input [20227] math: [i386/x86_64] logl (sNaN) returns sNaN [20228] math: [i386/x86_64] log10l (sNaN) returns sNaN [20229] math: [i386/x86_64] log1pl (sNaN) returns sNaN [20232] math: [ldbl-128] expm1l (sNaN) returns sNaN [20233] math: [ldbl-128ibm] expm1l (sNaN) returns sNaN [20234] math: [ldbl-128ibm] log1pl (sNaN) returns sNaN [20235] math: [i386/x86_64] log2l (sNaN) returns sNaN [20237] nss: nss_db: get*ent segfaults without preceding set*ent [20240] math: modf (sNaN) returns sNaN [20248] libc: debug/tst-longjump_chk2 calls printf from a signal handler [20250] math: frexp (sNaN) returns sNaN [20252] math: atan2 (sNaN, qNaN) fails to raise "invalid" [20255] math: [i386] fdim, fdimf return with excess range and precision / double rounding [20256] math: [i386/x86_64] fdiml returns sNaN for sNaN input [20260] string: ../sysdeps/x86/bits/string.h:1092:3: error: array subscript is below array bounds [-Werror=array-bounds] [20262] nis: _nss_nis_initgroups_dyn always returns NSS_STATUS_NOTFOUND [20263] nptl: robust mutex deadlocks if other thread requests timedlock (Only arm/linux) [20277] libc: $dp is not initialized correctly in sysdeps/hppa/start.S [20284] malloc: malloc: Corrupt arena avoidance causes unnecessary mmap fallbacks [20296] math: [i386/x86_64] scalbl returns sNaN for sNaN input, missing "invalid" exceptions [20314] nptl: make[4]: *** [/usr/include/stdlib.h] Error 1 [20316] localedata: id_ID: Februari instead of Pebruari [20327] string: POWER8 strcasecmp returns incorrect result [20347] math: Failure: Test: j0_downward (0xap+0) [20348] libc: FAIL: misc/tst-preadvwritev64 [20349] libc: 64-bit value is passed differently in p{readv,writev}{64} [20350] libc: There is no test for p{read,write}64 [20357] math: Incorrect cos result for 1.5174239687223976 [20384] build: Don't run libmvec-sincos-avx* tests on non avx machines Contributors ============ This release was made possible by the contributions of many people. The maintainers are grateful to everyone who has contributed changes or bug reports. These include: Adhemerval Zanella Andreas Schwab Andrew Senkevich Anton Blanchard Arnas Udovičius Aurelien Jarno Carlos Eduardo Seo Carlos O'Donell Chris Metcalf Chung-Lin Tang Claude Paroz Dimitris Pappas Dmitry V. Levin Dylan Alex Simon Eduardo Trápani Florian Weimer Gabriel F. T. Gomes Gunnar Hjalmarsson Gustavo Romero Guy Rutenberg H.J. Lu Hongjiu Zhang Jiyoung Yun John David Anglin Joseph Myers Khem Raj Maciej W. Rozycki Mark Wielaard Marko Myllynen Martin Galvan Matthew Fortune Matthias Wallnoefer Mike FABIAN Mike Frysinger Neskie Manuel Nick Alcock Paras pradhan Paul E. Murphy Paul Pluzhnikov Rajalakshmi Srinivasaraghavan Rical Jasan Richard Henderson Robin van der Vliet Roland McGrath Samuel Thibault Siddhesh Poyarekar Simion Onea Stefan Liebler Stephen Gallagher Szabolcs Nagy Timur Birsh Torvald Riegel Tulio Magno Quites Machado Filho Wilco Dijkstra Will Newton Yvan Roux Zack Weinberg
-
glibc-2.25
The GNU C Library ================= The GNU C Library version 2.25 is now available. The GNU C Library is used as *the* C library in the GNU system and in GNU/Linux systems, as well as many other systems that use Linux as the kernel. The GNU C Library is primarily designed to be a portable and high performance C library. It follows all relevant standards including ISO C11 and POSIX.1-2008. It is also internationalized and has one of the most complete internationalization interfaces known. The GNU C Library webpage is at http://www.gnu.org/software/libc/ Packages for the 2.25 release may be downloaded from: http://ftpmirror.gnu.org/libc/ http://ftp.gnu.org/gnu/libc/ The mirror list is at http://www.gnu.org/order/ftp.html NEWS for version 2.25 ===================== * The feature test macro __STDC_WANT_LIB_EXT2__, from ISO/IEC TR 24731-2:2010, is supported to enable declarations of functions from that TR. Note that not all functions from that TR are supported by the GNU C Library. * The feature test macro __STDC_WANT_IEC_60559_BFP_EXT__, from ISO/IEC TS 18661-1:2014, is supported to enable declarations of functions and macros from that TS. Note that not all features from that TS are supported by the GNU C Library. * The feature test macro __STDC_WANT_IEC_60559_FUNCS_EXT__, from ISO/IEC TS 18661-4:2015, is supported to enable declarations of functions and macros from that TS. Note that most features from that TS are not supported by the GNU C Library. * The nonstandard feature selection macros _REENTRANT and _THREAD_SAFE are now treated as compatibility synonyms for _POSIX_C_SOURCE=199506L. Since the GNU C Library defaults to a much newer revision of POSIX, this will only affect programs that specifically request an old conformance mode. For instance, a program compiled with -std=c89 -D_REENTRANT will see a change in the visible declarations, but a program compiled with just -D_REENTRANT, or -std=c99 -D_POSIX_C_SOURCE=200809L -D_REENTRANT, will not. Some C libraries once required _REENTRANT and/or _THREAD_SAFE to be defined by all multithreaded code, but glibc has not required this for many years. * The inclusion of <sys/sysmacros.h> by <sys/types.h> is deprecated. This means that in a future release, the macros “major”, “minor”, and “makedev” will only be available from <sys/sysmacros.h>. These macros are not part of POSIX nor XSI, and their names frequently collide with user code; see for instance glibc bug 19239 and Red Hat bug 130601. <stdlib.h> includes <sys/types.h> under _GNU_SOURCE, and C++ code presently cannot avoid being compiled under _GNU_SOURCE, exacerbating the problem. * New <fenv.h> features from TS 18661-1:2014 are added to libm: the fesetexcept, fetestexceptflag, fegetmode and fesetmode functions, the femode_t type and the FE_DFL_MODE and FE_SNANS_ALWAYS_SIGNAL macros. * Integer width macros from TS 18661-1:2014 are added to <limits.h>: CHAR_WIDTH, SCHAR_WIDTH, UCHAR_WIDTH, SHRT_WIDTH, USHRT_WIDTH, INT_WIDTH, UINT_WIDTH, LONG_WIDTH, ULONG_WIDTH, LLONG_WIDTH, ULLONG_WIDTH; and to <stdint.h>: INT8_WIDTH, UINT8_WIDTH, INT16_WIDTH, UINT16_WIDTH, INT32_WIDTH, UINT32_WIDTH, INT64_WIDTH, UINT64_WIDTH, INT_LEAST8_WIDTH, UINT_LEAST8_WIDTH, INT_LEAST16_WIDTH, UINT_LEAST16_WIDTH, INT_LEAST32_WIDTH, UINT_LEAST32_WIDTH, INT_LEAST64_WIDTH, UINT_LEAST64_WIDTH, INT_FAST8_WIDTH, UINT_FAST8_WIDTH, INT_FAST16_WIDTH, UINT_FAST16_WIDTH, INT_FAST32_WIDTH, UINT_FAST32_WIDTH, INT_FAST64_WIDTH, UINT_FAST64_WIDTH, INTPTR_WIDTH, UINTPTR_WIDTH, INTMAX_WIDTH, UINTMAX_WIDTH, PTRDIFF_WIDTH, SIG_ATOMIC_WIDTH, SIZE_WIDTH, WCHAR_WIDTH, WINT_WIDTH. * New <math.h> features are added from TS 18661-1:2014: - Signaling NaN macros: SNANF, SNAN, SNANL. - Nearest integer functions: roundeven, roundevenf, roundevenl, fromfp, fromfpf, fromfpl, ufromfp, ufromfpf, ufromfpl, fromfpx, fromfpxf, fromfpxl, ufromfpx, ufromfpxf, ufromfpxl. - llogb functions: the llogb, llogbf and llogbl functions, and the FP_LLOGB0 and FP_LLOGBNAN macros. - Max-min magnitude functions: fmaxmag, fmaxmagf, fmaxmagl, fminmag, fminmagf, fminmagl. - Comparison macros: iseqsig. - Classification macros: iscanonical, issubnormal, iszero. - Total order functions: totalorder, totalorderf, totalorderl, totalordermag, totalordermagf, totalordermagl. - Canonicalize functions: canonicalize, canonicalizef, canonicalizel. - NaN functions: getpayload, getpayloadf, getpayloadl, setpayload, setpayloadf, setpayloadl, setpayloadsig, setpayloadsigf, setpayloadsigl. * The functions strfromd, strfromf, and strfroml, from ISO/IEC TS 18661-1:2014, are added to libc. They convert a floating-point number into string. * Most of glibc can now be built with the stack smashing protector enabled. It is recommended to build glibc with --enable-stack-protector=strong. Implemented by Nick Alcock (Oracle). * The function explicit_bzero, from OpenBSD, has been added to libc. It is intended to be used instead of memset() to erase sensitive data after use; the compiler will not optimize out calls to explicit_bzero even if they are "unnecessary" (in the sense that no _correct_ program can observe the effects of the memory clear). * On ColdFire, MicroBlaze, Nios II and SH3, the float_t type is now defined to float instead of double. This does not affect the ABI of any libraries that are part of the GNU C Library, but may affect the ABI of other libraries that use this type in their interfaces. * On x86_64, when compiling with -mfpmath=387 or -mfpmath=sse+387, the float_t and double_t types are now defined to long double instead of float and double. These options are not the default, and this does not affect the ABI of any libraries that are part of the GNU C Library, but it may affect the ABI of other libraries that use this type in their interfaces, if they are compiled or used with those options. * The getentropy and getrandom functions, and the <sys/random.h> header file have been added. * The buffer size for byte-oriented stdio streams is now limited to 8192 bytes by default. Previously, on Linux, the default buffer size on most file systems was 4096 bytes (and thus remains unchanged), except on network file systems, where the buffer size was unpredictable and could be as large as several megabytes. * The <sys/quota.h> header now includes the <linux/quota.h> header. Support for the Linux quota interface which predates kernel version 2.4.22 has been removed. * The malloc_get_state and malloc_set_state functions have been removed. Already-existing binaries that dynamically link to these functions will get a hidden implementation in which malloc_get_state is a stub. As far as we know, these functions are used only by GNU Emacs and this change will not adversely affect already-built Emacs executables. Any undumped Emacs executables, which normally exist only during an Emacs build, should be rebuilt by re-running “./configure; make” in the Emacs build tree. * The “ip6-dotint” and “no-ip6-dotint” resolver options, and the corresponding RES_NOIP6DOTINT flag from <resolv.h> have been removed. “no-ip6-dotint” had already been the default, and support for the “ip6-dotint” option was removed from the Internet in 2006. * The "ip6-bytestring" resolver option and the corresponding RES_USEBSTRING flag from <resolv.h> have been removed. The option relied on a backwards-incompatible DNS extension which was never deployed on the Internet. * The flags RES_AAONLY, RES_PRIMARY, RES_NOCHECKNAME, RES_KEEPTSIG, RES_BLAST defined in the <resolv.h> header file have been deprecated. They were already unimplemented. * The "inet6" option in /etc/resolv.conf and the RES_USE_INET6 flag for _res.flags are deprecated. The flag was standardized in RFC 2133, but removed again from the IETF name lookup interface specification in RFC 2553. Applications should use getaddrinfo instead. * DNSSEC-related declarations and definitions have been removed from the <arpa/nameser.h> header file, and libresolv will no longer attempt to decode the data part of DNSSEC record types. Previous versions of glibc only implemented minimal support for the previous version of DNSSEC, which is incompatible with the currently deployed version. * The resource record type classification macros ns_t_qt_p, ns_t_mrr_p, ns_t_rr_p, ns_t_udp_p, ns_t_xfr_p have been removed from the <arpa/nameser.h> header file because the distinction between RR types and meta-RR types is not officially standardized, subject to revision, and thus not suitable for encoding in a macro. * The types res_sendhookact, res_send_qhook, re_send_rhook, and the qhook and rhook members of the res_state type in <resolv.h> have been removed. The glibc stub resolver did not support these hooks, but the header file did not reflect that. * For multi-arch support it is recommended to use a GCC which has been built with support for GNU indirect functions. This ensures that correct debugging information is generated for functions selected by IFUNC resolvers. This support can either be enabled by configuring GCC with '--enable-gnu-indirect-function', or by enabling it by default by setting 'default_gnu_indirect_function' variable for a particular architecture in the GCC source file 'gcc/config.gcc'. * GDB pretty printers have been added for mutex and condition variable structures in POSIX Threads. When installed and loaded in gdb these pretty printers show various pthread variables in human-readable form when read using the 'print' or 'display' commands in gdb. * Tunables feature added to allow tweaking of the runtime for an application program. This feature can be enabled with the '--enable-tunables' configure flag. The GNU C Library manual has details on usage and README.tunables has instructions on adding new tunables to the library. * A new version of condition variables functions have been implemented in the NPTL implementation of POSIX Threads to provide stronger ordering guarantees. * A new version of pthread_rwlock functions have been implemented to use a more scalable algorithm primarily through not using a critical section anymore to make state changes. Security related changes: * On ARM EABI (32-bit), generating a backtrace for execution contexts which have been created with makecontext could fail to terminate due to a missing .cantunwind annotation. This has been observed to lead to a hang (denial of service) in some Go applications compiled with gccgo. Reported by Andreas Schwab. (CVE-2016-6323) * The DNS stub resolver functions would crash due to a NULL pointer dereference when processing a query with a valid DNS question type which was used internally in the implementation. The stub resolver now uses a question type which is outside the range of valid question type values. (CVE-2015-5180) Contributors ============ This release was made possible by the contributions of many people. The maintainers are grateful to everyone who has contributed changes or bug reports. These include: Adhemerval Zanella Alan Modra Alexandre Oliva Andreas Schwab Andrew Senkevich Aurelien Jarno Brent W. Baccala Carlos O'Donell Chris Metcalf Chung-Lin Tang DJ Delorie David S. Miller Denis Kaganovich Dmitry V. Levin Ernestas Kulik Florian Weimer Gabriel F T Gomes Gabriel F. T. Gomes H.J. Lu Jakub Jelinek James Clarke James Greenhalgh Jim Meyering John David Anglin Joseph Myers Maciej W. Rozycki Mark Wielaard Martin Galvan Martin Pitt Mike Frysinger Märt Põder Nick Alcock Paul E. Murphy Paul Murphy Rajalakshmi Srinivasaraghavan Rasmus Villemoes Rical Jasan Richard Henderson Roland McGrath Samuel Thibault Siddhesh Poyarekar Stefan Liebler Steve Ellcey Svante Signell Szabolcs Nagy Tom Tromey Torvald Riegel Tulio Magno Quites Machado Filho Wilco Dijkstra Yury Norov Zack Weinberg
-
glibc-2.26
FROM: Siddhesh Poyarekar <siddhesh@sourceware.org> SUBJECT: The GNU C Library version 2.26 is now available The GNU C Library ================= The GNU C Library version 2.26 is now available. The GNU C Library is used as *the* C library in the GNU system and in GNU/Linux systems, as well as many other systems that use Linux as the kernel. The GNU C Library is primarily designed to be a portable and high performance C library. It follows all relevant standards including ISO C11 and POSIX.1-2008. It is also internationalized and has one of the most complete internationalization interfaces known. The GNU C Library webpage is at http://www.gnu.org/software/libc/ Packages for the 2.26 release may be downloaded from: http://ftpmirror.gnu.org/libc/ http://ftp.gnu.org/gnu/libc/ The mirror list is at http://www.gnu.org/order/ftp.html NEWS for version 2.26 ===================== Major new features: * A per-thread cache has been added to malloc. Access to the cache requires no locks and therefore significantly accelerates the fast path to allocate and free small amounts of memory. Refilling an empty cache requires locking the underlying arena. Performance measurements show significant gains in a wide variety of user workloads. Workloads were captured using a special instrumented malloc and analyzed with a malloc simulator. Contributed by DJ Delorie with the help of Florian Weimer, and Carlos O'Donell. * Unicode 10.0.0 Support: Character encoding, character type info, and transliteration tables are all updated to Unicode 10.0.0, using generator scripts contributed by Mike FABIAN (Red Hat). These updates cause user visible changes, especially the changes in wcwidth for many emoji characters cause problems when emoji sequences are rendered with pango, see for example: https://bugzilla.gnome.org/show_bug.cgi?id=780669#c5 * Collation of Hungarian has been overhauled and is now consistent with "The Rules of Hungarian Orthography, 12th edition" (Bug 18934). Contributed by Egmont Koblinger. * Improvements to the DNS stub resolver, contributed by Florian Weimer: - The GNU C Library will now detect when /etc/resolv.conf has been modified and reload the changed configuration. The new resolver option “no-reload” (RES_NORELOAD) disables this behavior. - The GNU C Library now supports an arbitrary number of search domains (configured using the “search” directive in /etc/resolv.conf); previously, there was a hard limit of six domains. For backward compatibility, applications that directly modify the ‘_res’ global object are still limited to six search domains. - When the “rotate” (RES_ROTATE) resolver option is active, the GNU C Library will now randomly pick a name server from the configuration as a starting point. (Previously, the second name server was always used.) * The tunables feature is now enabled by default. This allows users to tweak behavior of the GNU C Library using the GLIBC_TUNABLES environment variable. * New function reallocarray, which resizes an allocated block (like realloc) to the product of two sizes, with a guaranteed clean failure upon integer overflow in the multiplication. Originally from OpenBSD, contributed by Dennis Wölfing and Rüdiger Sonderfeld. * New wrappers for the Linux-specific system calls preadv2 and pwritev2. These are extended versions of preadv and pwritev, respectively, taking an additional flags argument. The set of supported flags depends on the running kernel; full support currently requires kernel 4.7 or later. * posix_spawnattr_setflags now supports the flag POSIX_SPAWN_SETSID, to create a new session ID for the spawned process. This feature is scheduled to be added to the next major revision of POSIX; for the time being, it is available under _GNU_SOURCE. * errno.h is now safe to use from C-preprocessed assembly language on all supported operating systems. In this context, it will only define the Exxxx constants, as preprocessor macros expanding to integer literals. * On ia64, powerpc64le, x86-32, and x86-64, the math library now implements 128-bit floating point as defined by ISO/IEC/IEEE 60559:2011 (IEEE 754-2008) and ISO/IEC TS 18661-3:2015. Contributed by Paul E. Murphy, Gabriel F. T. Gomes, Tulio Magno Quites Machado Filho, and Joseph Myers. To compile programs that use this feature, the compiler must support 128-bit floating point with the type name _Float128 (as defined by TS 18661-3) or __float128 (the nonstandard name used by GCC for C++, and for C prior to version 7). _GNU_SOURCE or __STDC_WANT_IEC_60559_TYPES_EXT__ must be defined to make the new interfaces visible. The new functions and macros correspond to those present for other floating-point types (except for a few obsolescent interfaces not supported for the new type), with F128 or f128 suffixes; for example, strtof128, HUGE_VAL_F128 and cosf128. Following TS 18661-3, there are no printf or scanf formats for the new type; the strfromf128 and strtof128 interfaces should be used instead. Deprecated and removed features, and other changes affecting compatibility: * The synchronization that pthread_spin_unlock performs has been changed to now be equivalent to a C11 atomic store with release memory order to the spin lock's memory location. Previously, several (but not all) architectures used stronger synchronization (e.g., containing what is often called a full barrier). This change can improve performance, but may affect odd fringe uses of spin locks that depend on the previous behavior (e.g., using spin locks as atomic variables to try to implement Dekker's mutual exclusion algorithm). * The port to Native Client running on ARMv7-A (--host=arm-nacl) has been removed. * Sun RPC is deprecated. The rpcgen program, librpcsvc, and Sun RPC headers will only be built and installed when the GNU C Library is configured with --enable-obsolete-rpc. This allows alternative RPC implementations, such as TIRPC or rpcsvc-proto, to be used. * The NIS(+) name service modules, libnss_nis, libnss_nisplus, and libnss_compat, are deprecated, and will not be built or installed by default. The NIS(+) support library, libnsl, is also deprecated. By default, a compatibility shared library will be built and installed, but not headers or development libraries. Only a few NIS-related programs require this library. (In particular, the GNU C Library has never required programs that use 'gethostbyname' to be linked with libnsl.) Replacement implementations based on TIRPC, which additionally support IPv6, are available from <https://github.com/thkukuk/>. The configure option --enable-obsolete-nsl will cause libnsl's headers, and the NIS(+) name service modules, to be built and installed. * The DNS stub resolver no longer performs EDNS fallback. If EDNS or DNSSEC support is enabled, the configured recursive resolver must support EDNS. (Responding to EDNS-enabled queries with responses which are not EDNS-enabled is fine, but FORMERR responses are not.) * res_mkquery and res_nmkquery no longer support the IQUERY opcode. DNS servers have not supported this opcode for a long time. * The _res_opcodes variable has been removed from libresolv. It had been exported by accident. * <string.h> no longer includes inline versions of any string functions, as this kind of optimization is better done by the compiler. The macros __USE_STRING_INLINES and __NO_STRING_INLINES no longer have any effect. * The nonstandard header <xlocale.h> has been removed. Most programs should use <locale.h> instead. If you have a specific need for the definition of locale_t with no other declarations, please contact libc-alpha@sourceware.org and explain. * The obsolete header <sys/ultrasound.h> has been removed. * The obsolete signal constant SIGUNUSED is no longer defined by <signal.h>. * The obsolete function cfree has been removed. Applications should use free instead. * The stack_t type no longer has the name struct sigaltstack. This changes the C++ name mangling for interfaces involving this type. * The ucontext_t type no longer has the name struct ucontext. This changes the C++ name mangling for interfaces involving this type. * On M68k GNU/Linux and MIPS GNU/Linux, the fpregset_t type no longer has the name struct fpregset. On Nios II GNU/Linux, the mcontext_t type no longer has the name struct mcontext. On SPARC GNU/Linux, the struct mc_fq, struct rwindow, struct fpq and struct fq types are no longer defined in sys/ucontext.h, the mc_fpu_t type no longer has the name struct mc_fpu, the gwindows_t type no longer has the name struct gwindows and the fpregset_t type no longer has the name struct fpu. This changes the C++ name mangling for interfaces involving those types. * On S/390 GNU/Linux, the constants defined by <sys/ptrace.h> have been synced with the kernel: - PTRACE_GETREGS, PTRACE_SETREGS, PTRACE_GETFPREGS and PTRACE_SETFPREGS are not supported on this architecture and have been removed. - PTRACE_SINGLEBLOCK, PTRACE_SECCOMP_GET_FILTER, PTRACE_PEEKUSR_AREA, PTRACE_POKEUSR_AREA, PTRACE_GET_LAST_BREAK, PTRACE_ENABLE_TE, PTRACE_DISABLE_TE and PTRACE_TE_ABORT_RAND have been added. Programs that assume the GET/SETREGS ptrace requests are universally available will now fail to build, instead of malfunctioning at runtime. Changes to build and runtime requirements: * Linux kernel 3.2 or later is required at runtime, on all architectures supported by that kernel. (This is a change from version 2.25 only for x86-32 and x86-64.) * GNU Binutils 2.25 or later is now required to build the GNU C Library. * On most architectures, GCC 4.9 or later is required to build the GNU C Library. On powerpc64le, GCC 6.2 or later is required. Older GCC versions and non-GNU compilers are still supported when compiling programs that use the GNU C Library. (We do not know exactly how old, and some GNU extensions to C may be _de facto_ required. If you are interested in helping us make this statement less vague, please contact libc-alpha@sourceware.org.) Security related changes: * The DNS stub resolver limits the advertised UDP buffer size to 1200 bytes, to avoid fragmentation-based spoofing attacks (CVE-2017-12132). * LD_LIBRARY_PATH is now ignored in binaries running in privileged AT_SECURE mode to guard against local privilege escalation attacks (CVE-2017-1000366). * Avoid printing a backtrace from the __stack_chk_fail function since it is called on a corrupt stack and a backtrace is unreliable on a corrupt stack (CVE-2010-3192). * A use-after-free vulnerability in clntudp_call in the Sun RPC system has been fixed (CVE-2017-12133). Contributors ============ This release was made possible by the contributions of many people. The maintainers are grateful to everyone who has contributed changes or bug reports. These include: Adhemerval Zanella Akhilesh Kumar Alan Modra Alexey Neyman Andreas Schwab Arjun Shankar Benjamin Cama Carlos O'Donell Chris Leonard Christian Borntraeger Christian Brauner Christopher Chittleborough Chung-Lin Tang DJ Delorie Dennis Wölfing Dmitry Bilunov Dmitry V. Levin Egmont Koblinger Eyolf Østrem Florian Weimer Gabriel F. T. Gomes Gordana Cmiljanovic H.J. Lu Ihar Hrachyshka Ivo Raisr Jiong Wang John David Anglin Joseph Myers Justus Winter Kir Kolyshkin Marko Myllynen Massimeddu Cireddu Matthew Krupcale Mike FABIAN Mike Frysinger Mousa Moradi Nathan Rossi Paul Clarke Paul E. Murphy Paul Eggert Peng Wu Phil Blundell Prakhar Bahuguna Rabin Vincent Rafal Luzynski Rajalakshmi Srinivasaraghavan Rical Jasan Rogerio A. Cardoso Samuel Thibault Santhosh Thottingal Siddhesh Poyarekar Slava Barinov Stefan Liebler Steve Ellcey Sunyeop Lee Szabolcs Nagy Thorsten Kukuk Tulio Magno Quites Machado Filho Uros Bizjak Vladimir Mezentsev Wainer dos Santos Moschetta Wilco Dijkstra Wladimir J. van der Laan Yury Norov Zack Weinberg
-
glibc-2.16-ports-before-merge
Last change to the ports tree before the merge into glibc master
-
glibc-2.25.90
Open master branch for glibc 2.26 development
-
glibc-2.16.90
Open master branch for glibc 2.17 development
-
glibc-2.26.9000
Open master branch for glibc 2.27 development
-
glibc-2.27
The GNU C Library ================= The GNU C Library version 2.27 is now available. The GNU C Library is used as *the* C library in the GNU system and in GNU/Linux systems, as well as many other systems that use Linux as the kernel. The GNU C Library is primarily designed to be a portable and high performance C library. It follows all relevant standards including ISO C11 and POSIX.1-2008. It is also internationalized and has one of the most complete internationalization interfaces known. The GNU C Library webpage is at https://www.gnu.org/software/libc/ Packages for the 2.27 release may be downloaded from: https://ftpmirror.gnu.org/libc/ https://ftp.gnu.org/gnu/libc/ The mirror list is at https://www.gnu.org/order/ftp.html NEWS for version 2.27 ===================== Major new features: * The GNU C Library can now be compiled with support for building static PIE executables (See --enable-static-pie in INSTALL). These static PIE executables are like static executables but can be loaded at any address and provide additional security hardening benefits at the cost of some memory and performance. When the library is built with --enable-static-pie the resulting libc.a is usable with GCC 8 and above to create static PIE executables using the GCC option '-static-pie'. This feature is currently supported on i386, x86_64 and x32 with binutils 2.29 or later, and on aarch64 with binutils 2.30 or later. * Optimized x86-64 asin, atan2, exp, expf, log, pow, atan, sin, cosf, sinf, sincosf and tan with FMA, contributed by Arjan van de Ven and H.J. Lu from Intel. * Optimized x86-64 trunc and truncf for processors with SSE4.1. * Optimized generic expf, exp2f, logf, log2f, powf, sinf, cosf and sincosf. * In order to support faster and safer process termination the malloc API family of functions will no longer print a failure address and stack backtrace after detecting heap corruption. The goal is to minimize the amount of work done after corruption is detected and to avoid potential security issues in continued process execution. Reducing shutdown time leads to lower overall process restart latency, so there is benefit both from a security and performance perspective. * The abort function terminates the process immediately, without flushing stdio streams. Previous glibc versions used to flush streams, resulting in deadlocks and further data corruption. This change also affects process aborts as the result of assertion failures. * On platforms where long double has the IEEE binary128 format (aarch64, alpha, mips64, riscv, s390 and sparc), the math library now implements _Float128 interfaces for that type, as defined by ISO/IEC TS 18661-3:2015. These are the same interfaces added in version 2.26 for some platforms where this format is supported but is not the format of long double. * On platforms with support for _Float64x (aarch64, alpha, i386, ia64, mips64, powerpc64le, riscv, s390, sparc and x86_64), the math library now implements interfaces for that type, as defined by ISO/IEC TS 18661-3:2015. These are corresponding interfaces to those supported for _Float128. * The math library now implements interfaces for the _Float32, _Float64 and _Float32x types, as defined by ISO/IEC TS 18661-3:2015. These are corresponding interfaces to those supported for _Float128. * glibc now implements the memfd_create and mlock2 functions on Linux. * Support for memory protection keys was added. The <sys/mman.h> header now declares the functions pkey_alloc, pkey_free, pkey_mprotect, pkey_set, pkey_get. * The copy_file_range function was added. * Optimized memcpy, mempcpy, memmove, and memset for sparc M7. * The ldconfig utility now processes `include' directives using the C/POSIX collation ordering. Previous glibc versions used locale-specific ordering, the change might break systems that relied on that. * Support for two grammatical forms of month names has been added. In a call to strftime, the "%B" and "%b" format specifiers will now produce the grammatical form required when the month is used as part of a complete date. New "%OB" and "%Ob" specifiers produce the form required when the month is named by itself. For instance, in Greek and in many Slavic and Baltic languages, "%B" will produce the month in genitive case, and "%OB" will produce the month in nominative case. In a call to strptime, "%B", "%b", "%h", "%OB", "%Ob", and "%Oh" are all valid and will all accept any known form of month name---standalone or complete, abbreviated or full. In a call to nl_langinfo, the query constants MON_1..12 and ABMON_1..12 return the strings used by "%B" and "%b", respectively. New query constants ALTMON_1..12 and _NL_ABALTMON_1..12 return the strings used by "%OB" and "%Ob", respectively. In a locale definition file, use "alt_mon" and "ab_alt_mon" to define the strings for %OB and %Ob, respectively; these have the same syntax as "mon" and "abmon". These arrays are optional; if they are not provided then they have the same content as "mon" and "abmon", respectively. These features are provided for locales which define "alt_mon" and/or "ab_alt_mon" in their locale source data. This release includes such alternative month name data for the following languages: Belarusian, Croatian, Greek, Lithuanian, Polish, Russian, and Ukrainian. This feature is currently a GNU extension, but it is expected to be added to the next revision of POSIX, and it is also already available on some BSD-derived operating systems. This feature will cause existing statically compiled applications to fail to load locales and fall back to the builtin C/POSIX locales. See notes below for other changes affecting compatibility. * Support for the RISC-V ISA running on Linux has been added. This port requires at least binutils-2.30, gcc-7.3.0, and linux-4.15; and is supported for the following ISA and ABI pairs: - rv64imac lp64 - rv64imafdc lp64 - rv64imafdc lp64d Deprecated and removed features, and other changes affecting compatibility: * Statically compiled applications attempting to load locales compiled for the GNU C Library version 2.27 will fail and fall back to the builtin C/POSIX locale. The reason for this is that the addition of the new "%OB" and "%Ob", support for two grammatical forms of the month names, also extends the locale data binary format. Static applications needing locale support must be recompiled to match the runtime and data they are deployed with. In some distributions there is an upgrade window where dynamically linked applications may use a new library but the old locale data and also fall back to the builtin C/POSIX locales; restarting the application process is sufficient to fix this. * Support for statically linked applications which call dlopen is deprecated and will be removed in a future version of glibc. Applications which call dlopen need to be linked dynamically instead. * Support for old programs which use internal stdio data structures and functions is deprecated. This includes programs which use the C++ streams provided by libstdc++ in GCC 2.95. Programs which use the internal symbols _IO_adjust_wcolumn, _IO_default_doallocate, _IO_default_finish, _IO_default_pbackfail, _IO_default_uflow, _IO_default_xsgetn, _IO_default_xsputn, _IO_doallocbuf, _IO_do_write, _IO_file_attach, _IO_file_close, _IO_file_close_it, _IO_file_doallocate, _IO_file_fopen, _IO_file_init, _IO_file_jumps, _IO_fileno, _IO_file_open, _IO_file_overflow, _IO_file_read, _IO_file_seek, _IO_file_seekoff, _IO_file_setbuf, _IO_file_stat, _IO_file_sync, _IO_file_underflow, _IO_file_write, _IO_file_xsputn, _IO_flockfile, _IO_flush_all, _IO_flush_all_linebuffered, _IO_free_backup_area, _IO_free_wbackup_area, _IO_init, _IO_init_marker, _IO_init_wmarker, _IO_iter_begin, _IO_iter_end, _IO_iter_file, _IO_iter_next, _IO_least_wmarker, _IO_link_in, _IO_list_all, _IO_list_lock, _IO_list_resetlock, _IO_list_unlock, _IO_marker_delta, _IO_marker_difference, _IO_remove_marker, _IO_seekmark, _IO_seekwmark, _IO_str_init_readonly, _IO_str_init_static, _IO_str_overflow, _IO_str_pbackfail, _IO_str_seekoff, _IO_str_underflow, _IO_switch_to_main_wget_area, _IO_switch_to_wget_mode, _IO_unsave_wmarkers, _IO_wdefault_doallocate, _IO_wdefault_finish, _IO_wdefault_pbackfail, _IO_wdefault_setbuf, _IO_wdefault_uflow, _IO_wdefault_xsgetn, _IO_wdefault_xsputn, _IO_wdoallocbuf, _IO_wdo_write, _IO_wfile_jumps, _IO_wfile_overflow, _IO_wfile_sync, _IO_wfile_underflow, _IO_wfile_xsputn, _IO_wmarker_delta, or _IO_wsetb may stop working with a future version of glibc. Unlike other symbol removals, these old applications will not be supported using compatibility symbols. * On GNU/Linux, the obsolete Linux constant PTRACE_SEIZE_DEVEL is no longer defined by <sys/ptrace.h>. * libm no longer supports SVID error handling (calling a user-provided matherr function on error) or the _LIB_VERSION variable to control error handling. (SVID error handling and the _LIB_VERSION variable still work for binaries linked against older versions of the GNU C Library.) The libieee.a library is no longer provided. math.h no longer defines struct exception, or the macros X_TLOSS, DOMAIN, SING, OVERFLOW, UNDERFLOW, TLOSS, PLOSS and HUGE. * The libm functions pow10, pow10f and pow10l are no longer supported for new programs. Programs should use the standard names exp10, exp10f and exp10l for these functions instead. * The mcontext_t type is no longer the same as struct sigcontext. On platforms where it was previously the same, this changes the C++ name mangling for interfaces involving this type. * The add-ons mechanism for building additional packages at the same time as glibc has been removed. The --enable-add-ons configure option is now ignored. * The --without-fp configure option is now ignored. Whether hardware floating-point instructions are used is now configured based on whether the compiler used at configure time (without any options implied by a --with-cpu= configure option) uses such instructions. * The res_hnok, res_dnok, res_mailok and res_ownok functions now check that the specified string can be parsed as a domain name. * In the malloc_info output, the <heap> element may contain another <aspace> element, "subheaps", which contains the number of sub-heaps. * The libresolv function p_secstodate is no longer supported for new programs. * The tilepro-*-linux-gnu configuration is no longer supported. * The nonstandard header files <libio.h> and <_G_config.h> are deprecated and will be removed in a future release. Software that is still using either header should be updated to use standard <stdio.h> interfaces instead. libio.h was originally the header for a set of supported GNU extensions, but they have not been maintained as such in many years, they are now standing in the way of improvements to stdio, and we don't think there are any remaining external users. _G_config.h was never intended for public use, but predates the bits convention. Changes to build and runtime requirements: * bison version 2.7 or later is required to generate code in the 'intl' subdirectory. Security related changes: CVE-2009-5064: The ldd script would sometimes run the program under examination directly, without preventing code execution through the dynamic linker. (The glibc project disputes that this is a security vulnerability; only trusted binaries must be examined using the ldd script.) CVE-2017-15670: The glob function, when invoked with GLOB_TILDE, suffered from a one-byte overflow during ~ operator processing (either on the stack or the heap, depending on the length of the user name). Reported by Tim Rühsen. CVE-2017-15671: The glob function, when invoked with GLOB_TILDE, would sometimes fail to free memory allocated during ~ operator processing, leading to a memory leak and, potentially, to a denial of service. CVE-2017-15804: The glob function, when invoked with GLOB_TILDE and without GLOB_NOESCAPE, could write past the end of a buffer while unescaping user names. Reported by Tim Rühsen. CVE-2017-17426: The malloc function, when called with an object size near the value SIZE_MAX, would return a pointer to a buffer which is too small, instead of NULL. This was a regression introduced with the new malloc thread cache in glibc 2.26. Reported by Iain Buclaw. CVE-2017-1000408: Incorrect array size computation in _dl_init_paths leads to the allocation of too much memory. (This is not a security bug per se, it is mentioned here only because of the CVE assignment.) Reported by Qualys. CVE-2017-1000409: Buffer overflow in _dl_init_paths due to miscomputation of the number of search path components. (This is not a security vulnerability per se because no trust boundary is crossed if the fix for CVE-2017-1000366 has been applied, but it is mentioned here only because of the CVE assignment.) Reported by Qualys. CVE-2017-16997: Incorrect handling of RPATH or RUNPATH containing $ORIGIN for AT_SECURE or SUID binaries could be used to load libraries from the current directory. CVE-2018-1000001: Buffer underflow in realpath function when getcwd function succeeds without returning an absolute path due to unexpected behaviour of the Linux kernel getcwd syscall. Reported by halfdog. CVE-2018-6485: The posix_memalign and memalign functions, when called with an object size near the value of SIZE_MAX, would return a pointer to a buffer which is too small, instead of NULL. Reported by Jakub Wilk. Release Notes ============= https://sourceware.org/glibc/wiki/Release/2.27 Contributors ============ This release was made possible by the contributions of many people. The maintainers are grateful to everyone who has contributed changes or bug reports. These include: Adhemerval Zanella Akhilesh Kumar Alan Hayward Alan Modra Alexandre Oliva Alexey Makhalov Andreas Schwab Arjun Shankar Arnold Robbins Aurelien Jarno Bernd Edlinger Carlos O'Donell Chris Metcalf Christian Brauner Claude Paroz DJ Delorie David S. Miller Dmitry V. Levin Dragan Stanojević - Nevidljivi Egmont Koblinger Eric Blake Florian Weimer Gabriel F. T. Gomes Guido Trentalancia Gustavo Romero H.J. Lu Il'ya Malakhov Istvan Kurucsai James Clarke John David Anglin Jonathan Wakely Jose E. Marchesi Joseph Myers Julen Ruiz Aizpuru Juro Bystricky Luke Shumaker Markus Trippelsdorf Martin Sebor Michael Collison Mike FABIAN Palmer Dabbelt Patrick McGehearty Patsy Franklin Paul Clarke Paul Eggert Paul Pluzhnikov Peter Zelezny Rafal Luzynski Rajalakshmi Srinivasaraghavan Rical Jasan Richard Henderson Rogerio Alves Romain Naour Samuel Thibault Sergei Trofimovich Siddhesh Poyarekar Stanislav Brabec Stefan Liebler Steve Ellcey Szabolcs Nagy Thierry Vignaud Thomas Schwinge Thorsten Glaser Tobias Klauser Tulio Magno Quites Machado Filho Victor Rodriguez Wang Boshi Wei-Lun Chao Wilco Dijkstra Will Hawkins Yury Norov Zack Weinberg
-
glibc-2.27.9000
Open master branch for glibc 2.28 development
-
glibc-2.28
The GNU C Library ================= The GNU C Library version 2.28 is now available. The GNU C Library is used as *the* C library in the GNU system and in GNU/Linux systems, as well as many other systems that use Linux as the kernel. The GNU C Library is primarily designed to be a portable and high performance C library. It follows all relevant standards including ISO C11 and POSIX.1-2008. It is also internationalized and has one of the most complete internationalization interfaces known. The GNU C Library webpage is at http://www.gnu.org/software/libc/ Packages for the 2.28 release may be downloaded from: http://ftpmirror.gnu.org/libc/ http://ftp.gnu.org/gnu/libc/ The mirror list is at http://www.gnu.org/order/ftp.html NEWS for version 2.28 ===================== Major new features: * The localization data for ISO 14651 is updated to match the 2016 Edition 4 release of the standard, this matches data provided by Unicode 9.0.0. This update introduces significant improvements to the collation of Unicode characters. This release deviates slightly from the standard in that the collation element ordering for lowercase and uppercase LATIN script characters is adjusted to ensure that regular expressions with ranges like [a-z] and [A-Z] don't interleave e.g. A is not matched by [a-z]. With the update many locales have been updated to take advantage of the new collation information. The new collation information has increased the size of the compiled locale archive or binary locales. * The GNU C Library can now be compiled with support for Intel CET, AKA Intel Control-flow Enforcement Technology. When the library is built with --enable-cet, the resulting glibc is protected with indirect branch tracking (IBT) and shadow stack (SHSTK). CET-enabled glibc is compatible with all existing executables and shared libraries. This feature is currently supported on i386, x86_64 and x32 with GCC 8 and binutils 2.29 or later. Note that CET-enabled glibc requires CPUs capable of multi-byte NOPs, like x86-64 processors as well as Intel Pentium Pro or newer. NOTE: --enable-cet has been tested for i686, x86_64 and x32 on non-CET processors. --enable-cet has been tested for x86_64 and x32 on CET SDVs, but Intel CET support hasn't been validated for i686. * The GNU C Library now has correct support for ABSOLUTE symbols (SHN_ABS-relative symbols). Previously such ABSOLUTE symbols were relocated incorrectly or in some cases discarded. The GNU linker can make use of the newer semantics, but it must communicate it to the dynamic loader by setting the ELF file's identification (EI_ABIVERSION field) to indicate such support is required. * Unicode 11.0.0 Support: Character encoding, character type info, and transliteration tables are all updated to Unicode 11.0.0, using generator scripts contributed by Mike FABIAN (Red Hat). * <math.h> functions that round their results to a narrower type are added from TS 18661-1:2014 and TS 18661-3:2015: - fadd, faddl, daddl and corresponding fMaddfN, fMaddfNx, fMxaddfN and fMxaddfNx functions. - fsub, fsubl, dsubl and corresponding fMsubfN, fMsubfNx, fMxsubfN and fMxsubfNx functions. - fmul, fmull, dmull and corresponding fMmulfN, fMmulfNx, fMxmulfN and fMxmulfNx functions. - fdiv, fdivl, ddivl and corresponding fMdivfN, fMdivfNx, fMxdivfN and fMxdivfNx functions. * Two grammatical forms of month names are now supported for the following languages: Armenian, Asturian, Catalan, Czech, Kashubian, Occitan, Ossetian, Scottish Gaelic, Upper Sorbian, and Walloon. The following languages now support two grammatical forms in abbreviated month names: Catalan, Greek, and Kashubian. * Newly added locales: Lower Sorbian (dsb_DE) and Yakut (sah_RU) also include the support for two grammatical forms of month names. * Building and running on GNU/Hurd systems now works without out-of-tree patches. * The renameat2 function has been added, a variant of the renameat function which has a flags argument. If the flags are zero, the renameat2 function acts like renameat. If the flag is not zero and there is no kernel support for renameat2, the function will fail with an errno value of EINVAL. This is different from the existing gnulib function renameatu, which performs a plain rename operation in case of a RENAME_NOREPLACE flags and a non-existing destination (and therefore has a race condition that can clobber the destination inadvertently). * The statx function has been added, a variant of the fstatat64 function with an additional flags argument. If there is no direct kernel support for statx, glibc provides basic stat support based on the fstatat64 function. * IDN domain names in getaddrinfo and getnameinfo now use the system libidn2 library if installed. libidn2 version 2.0.5 or later is recommended. If libidn2 is not available, internationalized domain names are not encoded or decoded even if the AI_IDN or NI_IDN flags are passed to getaddrinfo or getnameinfo. (getaddrinfo calls with non-ASCII names and AI_IDN will fail with an encoding error.) Flags which used to change the IDN encoding and decoding behavior (AI_IDN_ALLOW_UNASSIGNED, AI_IDN_USE_STD3_ASCII_RULES, NI_IDN_ALLOW_UNASSIGNED, NI_IDN_USE_STD3_ASCII_RULES) have been deprecated. They no longer have any effect. * Parsing of dynamic string tokens in DT_RPATH, DT_RUNPATH, DT_NEEDED, DT_AUXILIARY, and DT_FILTER has been expanded to support the full range of ELF gABI expressions including such constructs as '$ORIGIN$ORIGIN' (if valid). For SUID/GUID applications the rules have been further restricted, and where in the past a dynamic string token sequence may have been interpreted as a literal string it will now cause a load failure. These load failures were always considered unspecified behaviour from the perspective of the dynamic loader, and for safety are now load errors e.g. /foo/${ORIGIN}.so in DT_NEEDED results in a load failure now. * Support for ISO C threads (ISO/IEC 9899:2011) has been added. The implementation includes all the standard functions provided by <threads.h>: - thrd_current, thrd_equal, thrd_sleep, thrd_yield, thrd_create, thrd_detach, thrd_exit, and thrd_join for thread management. - mtx_init, mtx_lock, mtx_timedlock, mtx_trylock, mtx_unlock, and mtx_destroy for mutual exclusion. - call_once for function call synchronization. - cnd_broadcast, cnd_destroy, cnd_init, cnd_signal, cnd_timedwait, and cnd_wait for conditional variables. - tss_create, tss_delete, tss_get, and tss_set for thread-local storage. Application developers must link against libpthread to use ISO C threads. Deprecated and removed features, and other changes affecting compatibility: * The nonstandard header files <libio.h> and <_G_config.h> are no longer installed. Software that was using either header should be updated to use standard <stdio.h> interfaces instead. * The stdio functions 'getc' and 'putc' are no longer defined as macros. This was never required by the C standard, and the macros just expanded to call alternative names for the same functions. If you hoped getc and putc would provide performance improvements over fgetc and fputc, instead investigate using (f)getc_unlocked and (f)putc_unlocked, and, if necessary, flockfile and funlockfile. * All stdio functions now treat end-of-file as a sticky condition. If you read from a file until EOF, and then the file is enlarged by another process, you must call clearerr or another function with the same effect (e.g. fseek, rewind) before you can read the additional data. This corrects a longstanding C99 conformance bug. It is most likely to affect programs that use stdio to read interactive input from a terminal. (Bug #1190.) * The macros 'major', 'minor', and 'makedev' are now only available from the header <sys/sysmacros.h>; not from <sys/types.h> or various other headers that happen to include <sys/types.h>. These macros are rarely used, not part of POSIX nor XSI, and their names frequently collide with user code; see https://sourceware.org/bugzilla/show_bug.cgi?id=19239 for further explanation. <sys/sysmacros.h> is a GNU extension. Portable programs that require these macros should first include <sys/types.h>, and then include <sys/sysmacros.h> if __GNU_LIBRARY__ is defined. * The tilegx*-*-linux-gnu configurations are no longer supported. * The obsolete function ustat is no longer available to newly linked binaries; the headers <ustat.h> and <sys/ustat.h> have been removed. This function has been deprecated in favor of fstatfs and statfs. * The obsolete function nfsservctl is no longer available to newly linked binaries. This function was specific to systems using the Linux kernel and could not usefully be used with the GNU C Library on systems with version 3.1 or later of the Linux kernel. * The obsolete function name llseek is no longer available to newly linked binaries. This function was specific to systems using the Linux kernel and was not declared in a header. Programs should use the lseek64 name for this function instead. * The AI_IDN_ALLOW_UNASSIGNED and NI_IDN_ALLOW_UNASSIGNED flags for the getaddrinfo and getnameinfo functions have been deprecated. The behavior previously selected by them is now always enabled. * The AI_IDN_USE_STD3_ASCII_RULES and NI_IDN_USE_STD3_ASCII_RULES flags for the getaddrinfo and getnameinfo functions have been deprecated. The STD3 restriction (rejecting '_' in host names, among other things) has been removed, for increased compatibility with non-IDN name resolution. * The fcntl function now have a Long File Support variant named fcntl64. It is added to fix some Linux Open File Description (OFD) locks usage on non LFS mode. As for others *64 functions, fcntl64 semantics are analogous with fcntl and LFS support is handled transparently. Also for Linux, the OFD locks act as a cancellation entrypoint. * The obsolete functions encrypt, encrypt_r, setkey, setkey_r, cbc_crypt, ecb_crypt, and des_setparity are no longer available to newly linked binaries, and the headers <rpc/des_crypt.h> and <rpc/rpc_des.h> are no longer installed. These functions encrypted and decrypted data with the DES block cipher, which is no longer considered secure. Software that still uses these functions should switch to a modern cryptography library, such as libgcrypt. * Reflecting the removal of the encrypt and setkey functions above, the macro _XOPEN_CRYPT is no longer defined. As a consequence, the crypt function is no longer declared unless _DEFAULT_SOURCE or _GNU_SOURCE is enabled. * The obsolete function fcrypt is no longer available to newly linked binaries. It was just another name for the standard function crypt, and it has not appeared in any header file in many years. * We have tentative plans to hand off maintenance of the passphrase-hashing library, libcrypt, to a separate development project that will, we hope, keep up better with new passphrase-hashing algorithms. We will continue to declare 'crypt' in <unistd.h>, and programs that use 'crypt' or 'crypt_r' should not need to change at all; however, distributions will need to install <crypt.h> and libcrypt from a separate project. In this release, if the configure option --disable-crypt is used, glibc will not install <crypt.h> or libcrypt, making room for the separate project's versions of these files. The plan is to make this the default behavior in a future release. Changes to build and runtime requirements: GNU make 4.0 or later is now required to build glibc. Security related changes: CVE-2016-6261, CVE-2016-6263, CVE-2017-14062: Various vulnerabilities have been fixed by removing the glibc-internal IDNA implementation and using the system-provided libidn2 library instead. Originally reported by Hanno Böck and Christian Weisgerber. CVE-2017-18269: An SSE2-based memmove implementation for the i386 architecture could corrupt memory. Reported by Max Horn. CVE-2018-11236: Very long pathname arguments to realpath function could result in an integer overflow and buffer overflow. Reported by Alexey Izbyshev. CVE-2018-11237: The mempcpy implementation for the Intel Xeon Phi architecture could write beyond the target buffer, resulting in a buffer overflow. Reported by Andreas Schwab. The following bugs are resolved with this release: [1190] stdio: fgetc()/fread() behaviour is not POSIX compliant [6889] manual: 'PWD' mentioned but not specified [13575] libc: SSIZE_MAX defined as LONG_MAX is inconsistent with ssize_t, when __WORDSIZE != 64 [13762] regex: re_search etc. should return -2 on memory exhaustion [13888] build: /tmp usage during testing [13932] math: dbl-64 pow unexpectedly slow for some inputs [14092] nptl: Support C11 threads [14095] localedata: Review / update collation data from Unicode / ISO 14651 [14508] libc: -Wformat warnings [14553] libc: Namespace pollution loff_t in sys/types.h [14890] libc: Make NT_PRFPREG canonical. [15105] libc: Extra PLT references with -Os [15512] libc: __bswap_constant_16 not compiled when -Werror -Wsign- conversion is given [16335] manual: Feature test macro documentation incomplete and out of date [16552] libc: Unify umount implementations in terms of umount2 [17082] libc: htons et al.: statement-expressions prevent use on global scope with -O1 and higher [17343] libc: Signed integer overflow in /stdlib/random_r.c [17438] localedata: pt_BR: wrong d_fmt delimiter [17662] libc: please implement binding for the new renameat2 syscall [17721] libc: __restrict defined as /* Ignore */ even in c11 [17979] libc: inconsistency between uchar.h and stdint.h [18018] dynamic-link: Additional $ORIGIN handling issues (CVE-2011-0536) [18023] libc: extend_alloca is broken (questionable pointer comparison, horrible machine code) [18124] libc: hppa: setcontext erroneously returns -1 as exit code for last constant. [18471] libc: llseek should be a compat symbol [18473] soft-fp: [powerpc-nofpu] __sqrtsf2, __sqrtdf2 should be compat symbols [18991] nss: nss_files skips large entry in database [19239] libc: Including stdlib.h ends up with macros major and minor being defined [19463] libc: linknamespace failures when compiled with -Os [19485] localedata: csb_PL: Update month translations + add yesstr/nostr [19527] locale: Normalized charset name not recognized by setlocale [19667] string: Missing Sanity Check for malloc calls in file 'testcopy.c' [19668] libc: Missing Sanity Check for malloc() in file 'tst-setcontext- fpscr.c' [19728] network: out of bounds stack read in libidn function idna_to_ascii_4i (CVE-2016-6261) [19729] network: out of bounds heap read on invalid utf-8 inputs in stringprep_utf8_nfkc_normalize (CVE-2016-6263) [19818] dynamic-link: Absolute (SHN_ABS) symbols incorrectly relocated by the base address [20079] libc: Add SHT_X86_64_UNWIND to elf.h [20251] libc: 32bit programs pass garbage in struct flock for OFD locks [20419] dynamic-link: files with large allocated notes crash in open_verify [20530] libc: bswap_16 should use __builtin_bswap16() when available [20890] dynamic-link: ldconfig: fsync the files before atomic rename [20980] manual: CFLAGS environment variable replaces vital options [21163] regex: Assertion failure in pop_fail_stack when executing a malformed regexp (CVE-2015-8985) [21234] manual: use of CFLAGS makes glibc detect no optimization [21269] dynamic-link: i386 sigaction sa_restorer handling is wrong [21313] build: Compile Error GCC 5.4.0 MIPS with -0S [21314] build: Compile Error GCC 5.2.0 MIPS with -0s [21508] locale: intl/tst-gettext failure with latest msgfmt [21547] localedata: Tibetan script collation broken (Dzongkha and Tibetan) [21812] network: getifaddrs() returns entries with ifa_name == NULL [21895] libc: ppc64 setjmp/longjmp not fully interoperable with static dlopen [21942] dynamic-link: _dl_dst_substitute incorrectly handles $ORIGIN: with AT_SECURE=1 [22241] localedata: New locale: Yakut (Sakha) locale for Russia (sah_RU) [22247] network: Integer overflow in the decode_digit function in puny_decode.c in libidn (CVE-2017-14062) [22342] nscd: NSCD not properly caching netgroup [22391] nptl: Signal function clear NPTL internal symbols inconsistently [22550] localedata: es_ES locale (and other es_* locales): collation should treat ñ as a primary different character, sync the collation for Spanish with CLDR [22638] dynamic-link: sparc: static binaries are broken if glibc is built by gcc configured with --enable-default-pie [22639] time: year 2039 bug for localtime etc. on 64-bit platforms [22644] string: memmove-sse2-unaligned on 32bit x86 produces garbage when crossing 2GB threshold (CVE-2017-18269) [22646] localedata: redundant data (LC_TIME) for es_CL, es_CU, es_EC and es_BO [22735] time: Misleading typo in time.h source comment regarding CLOCKS_PER_SECOND [22753] libc: preadv2/pwritev2 fallback code should handle offset=-1 [22761] libc: No trailing `%n' conversion specifier in FMT passed from `__assert_perror_fail ()' to `__assert_fail_base ()' [22766] libc: all glibc internal dlopen should use RTLD_NOW for robust dlopen failures [22786] libc: Stack buffer overflow in realpath() if input size is close to SSIZE_MAX (CVE-2018-11236) [22787] dynamic-link: _dl_check_caller returns false when libc is linked through an absolute DT_NEEDED path [22792] build: tcb-offsets.h dependency dropped [22797] libc: pkey_get() uses non-reserved name of argument [22807] libc: PTRACE_* constants missing for powerpc [22818] glob: posix/tst-glob_lstat_compat failure on alpha [22827] dynamic-link: RISC-V ELF64 parser mis-reads flag in ldconfig [22830] malloc: malloc_stats doesn't restore cancellation state on stderr [22848] localedata: ca_ES: update date definitions from CLDR [22862] build: _DEFAULT_SOURCE is defined even when _ISOC11_SOURCE is [22884] math: RISCV fmax/fmin handle signalling NANs incorrectly [22896] localedata: Update locale data for an_ES [22902] math: float128 test failures with GCC 8 [22918] libc: multiple common of `__nss_shadow_database' [22919] libc: sparc32: backtrace yields infinite backtrace with makecontext [22926] libc: FTBFS on powerpcspe [22932] localedata: lt_LT: Update of abbreviated month names from CLDR required [22937] localedata: Greek (el_GR, el_CY) locales actually need ab_alt_mon [22947] libc: FAIL: misc/tst-preadvwritev2 [22963] localedata: cs_CZ: Add alternative month names [22987] math: [powerpc/sparc] fdim inlines errno, exceptions handling [22996] localedata: change LC_PAPER to en_US in es_BO locale [22998] dynamic-link: execstack tests are disabled when SELinux is disabled [23005] network: Crash in __res_context_send after memory allocation failure [23007] math: strtod cannot handle -nan [23024] nss: getlogin_r is performing NSS lookups when loginid isn't set [23036] regex: regex equivalence class regression [23037] libc: initialize msg_flags to zero for sendmmsg() calls [23069] libc: sigaction broken on riscv64-linux-gnu [23094] localedata: hr_HR: wrong thousands_sep and mon_thousands_sep [23102] dynamic-link: Incorrect parsing of multiple consecutive $variable patterns in runpath entries (e.g. $ORIGIN$ORIGIN) [23137] nptl: s390: pthread_join sometimes block indefinitely (on 31bit and libc build with -Os) [23140] localedata: More languages need two forms of month names [23145] libc: _init/_fini aren't marked as hidden [23152] localedata: gd_GB: Fix typo in "May" (abbreviated) [23171] math: C++ iseqsig for long double converts arguments to double [23178] nscd: sudo will fail when it is run in concurrent with commands that changes /etc/passwd [23196] string: __mempcpy_avx512_no_vzeroupper mishandles large copies (CVE-2018-11237) [23206] dynamic-link: static-pie + dlopen breaks debugger interaction [23208] localedata: New locale - Lower Sorbian (dsb) [23233] regex: Memory leak in build_charclass_op function in file posix/regcomp.c [23236] stdio: Harden function pointers in _IO_str_fields [23250] nptl: Offset of __private_ss differs from GCC [23253] math: tgamma test suite failures on i686 with -march=x86-64 -mtune=generic -mfpmath=sse [23259] dynamic-link: Unsubstituted ${ORIGIN} remains in DT_NEEDED for AT_SECURE [23264] libc: posix_spawnp wrongly executes ENOEXEC in non compat mode [23266] nis: stringop-truncation warning with new gcc8.1 in nisplus- parser.c [23272] math: fma(INFINITY,INFIITY,0.0) should be INFINITY [23277] math: nan function should not have const attribute [23279] math: scanf and strtod wrong for some hex floating-point [23280] math: wscanf rounds wrong; wcstod is ok for negative numbers and directed rounding [23290] localedata: IBM273 is not equivalent to ISO-8859-1 [23303] build: undefined reference to symbol '__parse_hwcap_and_convert_at_platform@@GLIBC_2.23' [23307] dynamic-link: Absolute symbols whose value is zero ignored in lookup [23313] stdio: libio vtables validation and standard file object interposition [23329] libc: The __libc_freeres infrastructure is not properly run across DSO boundaries. [23349] libc: Various glibc headers no longer compatible with <linux/time.h> [23351] malloc: Remove unused code related to heap dumps and malloc checking [23363] stdio: stdio-common/tst-printf.c has non-free license [23396] regex: Regex equivalence regression in single-byte locales [23422] localedata: oc_FR: More updates of locale data [23442] build: New warning with GCC 8 [23448] libc: Out of bounds access in IBM-1390 converter [23456] libc: Wrong index_cpu_LZCNT [23458] build: tst-get-cpu-features-static isn't added to tests [23459] libc: COMMON_CPUID_INDEX_80000001 isn't populated for Intel processors [23467] dynamic-link: x86/CET: A property note parser bug Release Notes ============= https://sourceware.org/glibc/wiki/Release/2.28 Contributors ============ This release was made possible by the contributions of many people. The maintainers are grateful to everyone who has contributed changes or bug reports. These include: Adhemerval Zanella Agustina Arzille Alan Modra Alexandre Oliva Amit Pawar Andreas Schwab Andrew Senkevich Andrew Waterman Aurelien Jarno Carlos O'Donell Chung-Lin Tang DJ Delorie Daniel Alvarez David Michael Dmitry V. Levin Dragan Stanojevic - Nevidljivi Florian Weimer Flávio Cruz Francois Goichon Gabriel F. T. Gomes H.J. Lu Herman ten Brugge Hongbo Zhang Igor Gnatenko Jesse Hathaway John David Anglin Joseph Myers Leonardo Sandoval Maciej W. Rozycki Mark Wielaard Martin Sebor Michael Wolf Mike FABIAN Patrick McGehearty Patsy Franklin Paul Pluzhnikov Quentin PAGÈS Rafal Luzynski Rajalakshmi Srinivasaraghavan Raymond Nicholson Rical Jasan Richard Braun Robert Buj Rogerio Alves Samuel Thibault Sean McKean Siddhesh Poyarekar Stefan Liebler Steve Ellcey Sylvain Lesage Szabolcs Nagy Thomas Schwinge Tulio Magno Quites Machado Filho Valery Timiriliyev Vincent Chen Wilco Dijkstra Zack Weinberg Zong Li
-
glibc-2.28.9000
Open master branch for glibc 2.29 development