-
glibc-2.27
The GNU C Library ================= The GNU C Library version 2.27 is now available. The GNU C Library is used as *the* C library in the GNU system and in GNU/Linux systems, as well as many other systems that use Linux as the kernel. The GNU C Library is primarily designed to be a portable and high performance C library. It follows all relevant standards including ISO C11 and POSIX.1-2008. It is also internationalized and has one of the most complete internationalization interfaces known. The GNU C Library webpage is at https://www.gnu.org/software/libc/ Packages for the 2.27 release may be downloaded from: https://ftpmirror.gnu.org/libc/ https://ftp.gnu.org/gnu/libc/ The mirror list is at https://www.gnu.org/order/ftp.html NEWS for version 2.27 ===================== Major new features: * The GNU C Library can now be compiled with support for building static PIE executables (See --enable-static-pie in INSTALL). These static PIE executables are like static executables but can be loaded at any address and provide additional security hardening benefits at the cost of some memory and performance. When the library is built with --enable-static-pie the resulting libc.a is usable with GCC 8 and above to create static PIE executables using the GCC option '-static-pie'. This feature is currently supported on i386, x86_64 and x32 with binutils 2.29 or later, and on aarch64 with binutils 2.30 or later. * Optimized x86-64 asin, atan2, exp, expf, log, pow, atan, sin, cosf, sinf, sincosf and tan with FMA, contributed by Arjan van de Ven and H.J. Lu from Intel. * Optimized x86-64 trunc and truncf for processors with SSE4.1. * Optimized generic expf, exp2f, logf, log2f, powf, sinf, cosf and sincosf. * In order to support faster and safer process termination the malloc API family of functions will no longer print a failure address and stack backtrace after detecting heap corruption. The goal is to minimize the amount of work done after corruption is detected and to avoid potential security issues in continued process execution. Reducing shutdown time leads to lower overall process restart latency, so there is benefit both from a security and performance perspective. * The abort function terminates the process immediately, without flushing stdio streams. Previous glibc versions used to flush streams, resulting in deadlocks and further data corruption. This change also affects process aborts as the result of assertion failures. * On platforms where long double has the IEEE binary128 format (aarch64, alpha, mips64, riscv, s390 and sparc), the math library now implements _Float128 interfaces for that type, as defined by ISO/IEC TS 18661-3:2015. These are the same interfaces added in version 2.26 for some platforms where this format is supported but is not the format of long double. * On platforms with support for _Float64x (aarch64, alpha, i386, ia64, mips64, powerpc64le, riscv, s390, sparc and x86_64), the math library now implements interfaces for that type, as defined by ISO/IEC TS 18661-3:2015. These are corresponding interfaces to those supported for _Float128. * The math library now implements interfaces for the _Float32, _Float64 and _Float32x types, as defined by ISO/IEC TS 18661-3:2015. These are corresponding interfaces to those supported for _Float128. * glibc now implements the memfd_create and mlock2 functions on Linux. * Support for memory protection keys was added. The <sys/mman.h> header now declares the functions pkey_alloc, pkey_free, pkey_mprotect, pkey_set, pkey_get. * The copy_file_range function was added. * Optimized memcpy, mempcpy, memmove, and memset for sparc M7. * The ldconfig utility now processes `include' directives using the C/POSIX collation ordering. Previous glibc versions used locale-specific ordering, the change might break systems that relied on that. * Support for two grammatical forms of month names has been added. In a call to strftime, the "%B" and "%b" format specifiers will now produce the grammatical form required when the month is used as part of a complete date. New "%OB" and "%Ob" specifiers produce the form required when the month is named by itself. For instance, in Greek and in many Slavic and Baltic languages, "%B" will produce the month in genitive case, and "%OB" will produce the month in nominative case. In a call to strptime, "%B", "%b", "%h", "%OB", "%Ob", and "%Oh" are all valid and will all accept any known form of month name---standalone or complete, abbreviated or full. In a call to nl_langinfo, the query constants MON_1..12 and ABMON_1..12 return the strings used by "%B" and "%b", respectively. New query constants ALTMON_1..12 and _NL_ABALTMON_1..12 return the strings used by "%OB" and "%Ob", respectively. In a locale definition file, use "alt_mon" and "ab_alt_mon" to define the strings for %OB and %Ob, respectively; these have the same syntax as "mon" and "abmon". These arrays are optional; if they are not provided then they have the same content as "mon" and "abmon", respectively. These features are provided for locales which define "alt_mon" and/or "ab_alt_mon" in their locale source data. This release includes such alternative month name data for the following languages: Belarusian, Croatian, Greek, Lithuanian, Polish, Russian, and Ukrainian. This feature is currently a GNU extension, but it is expected to be added to the next revision of POSIX, and it is also already available on some BSD-derived operating systems. This feature will cause existing statically compiled applications to fail to load locales and fall back to the builtin C/POSIX locales. See notes below for other changes affecting compatibility. * Support for the RISC-V ISA running on Linux has been added. This port requires at least binutils-2.30, gcc-7.3.0, and linux-4.15; and is supported for the following ISA and ABI pairs: - rv64imac lp64 - rv64imafdc lp64 - rv64imafdc lp64d Deprecated and removed features, and other changes affecting compatibility: * Statically compiled applications attempting to load locales compiled for the GNU C Library version 2.27 will fail and fall back to the builtin C/POSIX locale. The reason for this is that the addition of the new "%OB" and "%Ob", support for two grammatical forms of the month names, also extends the locale data binary format. Static applications needing locale support must be recompiled to match the runtime and data they are deployed with. In some distributions there is an upgrade window where dynamically linked applications may use a new library but the old locale data and also fall back to the builtin C/POSIX locales; restarting the application process is sufficient to fix this. * Support for statically linked applications which call dlopen is deprecated and will be removed in a future version of glibc. Applications which call dlopen need to be linked dynamically instead. * Support for old programs which use internal stdio data structures and functions is deprecated. This includes programs which use the C++ streams provided by libstdc++ in GCC 2.95. Programs which use the internal symbols _IO_adjust_wcolumn, _IO_default_doallocate, _IO_default_finish, _IO_default_pbackfail, _IO_default_uflow, _IO_default_xsgetn, _IO_default_xsputn, _IO_doallocbuf, _IO_do_write, _IO_file_attach, _IO_file_close, _IO_file_close_it, _IO_file_doallocate, _IO_file_fopen, _IO_file_init, _IO_file_jumps, _IO_fileno, _IO_file_open, _IO_file_overflow, _IO_file_read, _IO_file_seek, _IO_file_seekoff, _IO_file_setbuf, _IO_file_stat, _IO_file_sync, _IO_file_underflow, _IO_file_write, _IO_file_xsputn, _IO_flockfile, _IO_flush_all, _IO_flush_all_linebuffered, _IO_free_backup_area, _IO_free_wbackup_area, _IO_init, _IO_init_marker, _IO_init_wmarker, _IO_iter_begin, _IO_iter_end, _IO_iter_file, _IO_iter_next, _IO_least_wmarker, _IO_link_in, _IO_list_all, _IO_list_lock, _IO_list_resetlock, _IO_list_unlock, _IO_marker_delta, _IO_marker_difference, _IO_remove_marker, _IO_seekmark, _IO_seekwmark, _IO_str_init_readonly, _IO_str_init_static, _IO_str_overflow, _IO_str_pbackfail, _IO_str_seekoff, _IO_str_underflow, _IO_switch_to_main_wget_area, _IO_switch_to_wget_mode, _IO_unsave_wmarkers, _IO_wdefault_doallocate, _IO_wdefault_finish, _IO_wdefault_pbackfail, _IO_wdefault_setbuf, _IO_wdefault_uflow, _IO_wdefault_xsgetn, _IO_wdefault_xsputn, _IO_wdoallocbuf, _IO_wdo_write, _IO_wfile_jumps, _IO_wfile_overflow, _IO_wfile_sync, _IO_wfile_underflow, _IO_wfile_xsputn, _IO_wmarker_delta, or _IO_wsetb may stop working with a future version of glibc. Unlike other symbol removals, these old applications will not be supported using compatibility symbols. * On GNU/Linux, the obsolete Linux constant PTRACE_SEIZE_DEVEL is no longer defined by <sys/ptrace.h>. * libm no longer supports SVID error handling (calling a user-provided matherr function on error) or the _LIB_VERSION variable to control error handling. (SVID error handling and the _LIB_VERSION variable still work for binaries linked against older versions of the GNU C Library.) The libieee.a library is no longer provided. math.h no longer defines struct exception, or the macros X_TLOSS, DOMAIN, SING, OVERFLOW, UNDERFLOW, TLOSS, PLOSS and HUGE. * The libm functions pow10, pow10f and pow10l are no longer supported for new programs. Programs should use the standard names exp10, exp10f and exp10l for these functions instead. * The mcontext_t type is no longer the same as struct sigcontext. On platforms where it was previously the same, this changes the C++ name mangling for interfaces involving this type. * The add-ons mechanism for building additional packages at the same time as glibc has been removed. The --enable-add-ons configure option is now ignored. * The --without-fp configure option is now ignored. Whether hardware floating-point instructions are used is now configured based on whether the compiler used at configure time (without any options implied by a --with-cpu= configure option) uses such instructions. * The res_hnok, res_dnok, res_mailok and res_ownok functions now check that the specified string can be parsed as a domain name. * In the malloc_info output, the <heap> element may contain another <aspace> element, "subheaps", which contains the number of sub-heaps. * The libresolv function p_secstodate is no longer supported for new programs. * The tilepro-*-linux-gnu configuration is no longer supported. * The nonstandard header files <libio.h> and <_G_config.h> are deprecated and will be removed in a future release. Software that is still using either header should be updated to use standard <stdio.h> interfaces instead. libio.h was originally the header for a set of supported GNU extensions, but they have not been maintained as such in many years, they are now standing in the way of improvements to stdio, and we don't think there are any remaining external users. _G_config.h was never intended for public use, but predates the bits convention. Changes to build and runtime requirements: * bison version 2.7 or later is required to generate code in the 'intl' subdirectory. Security related changes: CVE-2009-5064: The ldd script would sometimes run the program under examination directly, without preventing code execution through the dynamic linker. (The glibc project disputes that this is a security vulnerability; only trusted binaries must be examined using the ldd script.) CVE-2017-15670: The glob function, when invoked with GLOB_TILDE, suffered from a one-byte overflow during ~ operator processing (either on the stack or the heap, depending on the length of the user name). Reported by Tim Rühsen. CVE-2017-15671: The glob function, when invoked with GLOB_TILDE, would sometimes fail to free memory allocated during ~ operator processing, leading to a memory leak and, potentially, to a denial of service. CVE-2017-15804: The glob function, when invoked with GLOB_TILDE and without GLOB_NOESCAPE, could write past the end of a buffer while unescaping user names. Reported by Tim Rühsen. CVE-2017-17426: The malloc function, when called with an object size near the value SIZE_MAX, would return a pointer to a buffer which is too small, instead of NULL. This was a regression introduced with the new malloc thread cache in glibc 2.26. Reported by Iain Buclaw. CVE-2017-1000408: Incorrect array size computation in _dl_init_paths leads to the allocation of too much memory. (This is not a security bug per se, it is mentioned here only because of the CVE assignment.) Reported by Qualys. CVE-2017-1000409: Buffer overflow in _dl_init_paths due to miscomputation of the number of search path components. (This is not a security vulnerability per se because no trust boundary is crossed if the fix for CVE-2017-1000366 has been applied, but it is mentioned here only because of the CVE assignment.) Reported by Qualys. CVE-2017-16997: Incorrect handling of RPATH or RUNPATH containing $ORIGIN for AT_SECURE or SUID binaries could be used to load libraries from the current directory. CVE-2018-1000001: Buffer underflow in realpath function when getcwd function succeeds without returning an absolute path due to unexpected behaviour of the Linux kernel getcwd syscall. Reported by halfdog. CVE-2018-6485: The posix_memalign and memalign functions, when called with an object size near the value of SIZE_MAX, would return a pointer to a buffer which is too small, instead of NULL. Reported by Jakub Wilk. Release Notes ============= https://sourceware.org/glibc/wiki/Release/2.27 Contributors ============ This release was made possible by the contributions of many people. The maintainers are grateful to everyone who has contributed changes or bug reports. These include: Adhemerval Zanella Akhilesh Kumar Alan Hayward Alan Modra Alexandre Oliva Alexey Makhalov Andreas Schwab Arjun Shankar Arnold Robbins Aurelien Jarno Bernd Edlinger Carlos O'Donell Chris Metcalf Christian Brauner Claude Paroz DJ Delorie David S. Miller Dmitry V. Levin Dragan Stanojević - Nevidljivi Egmont Koblinger Eric Blake Florian Weimer Gabriel F. T. Gomes Guido Trentalancia Gustavo Romero H.J. Lu Il'ya Malakhov Istvan Kurucsai James Clarke John David Anglin Jonathan Wakely Jose E. Marchesi Joseph Myers Julen Ruiz Aizpuru Juro Bystricky Luke Shumaker Markus Trippelsdorf Martin Sebor Michael Collison Mike FABIAN Palmer Dabbelt Patrick McGehearty Patsy Franklin Paul Clarke Paul Eggert Paul Pluzhnikov Peter Zelezny Rafal Luzynski Rajalakshmi Srinivasaraghavan Rical Jasan Richard Henderson Rogerio Alves Romain Naour Samuel Thibault Sergei Trofimovich Siddhesh Poyarekar Stanislav Brabec Stefan Liebler Steve Ellcey Szabolcs Nagy Thierry Vignaud Thomas Schwinge Thorsten Glaser Tobias Klauser Tulio Magno Quites Machado Filho Victor Rodriguez Wang Boshi Wei-Lun Chao Wilco Dijkstra Will Hawkins Yury Norov Zack Weinberg -
glibc-2.26.9000
Open master branch for glibc 2.27 development
-
glibc-2.16.90
Open master branch for glibc 2.17 development
-
glibc-2.25.90
Open master branch for glibc 2.26 development
-
glibc-2.16-ports-before-merge
Last change to the ports tree before the merge into glibc master
-
glibc-2.26
FROM: Siddhesh Poyarekar <siddhesh@sourceware.org> SUBJECT: The GNU C Library version 2.26 is now available The GNU C Library ================= The GNU C Library version 2.26 is now available. The GNU C Library is used as *the* C library in the GNU system and in GNU/Linux systems, as well as many other systems that use Linux as the kernel. The GNU C Library is primarily designed to be a portable and high performance C library. It follows all relevant standards including ISO C11 and POSIX.1-2008. It is also internationalized and has one of the most complete internationalization interfaces known. The GNU C Library webpage is at http://www.gnu.org/software/libc/ Packages for the 2.26 release may be downloaded from: http://ftpmirror.gnu.org/libc/ http://ftp.gnu.org/gnu/libc/ The mirror list is at http://www.gnu.org/order/ftp.html NEWS for version 2.26 ===================== Major new features: * A per-thread cache has been added to malloc. Access to the cache requires no locks and therefore significantly accelerates the fast path to allocate and free small amounts of memory. Refilling an empty cache requires locking the underlying arena. Performance measurements show significant gains in a wide variety of user workloads. Workloads were captured using a special instrumented malloc and analyzed with a malloc simulator. Contributed by DJ Delorie with the help of Florian Weimer, and Carlos O'Donell. * Unicode 10.0.0 Support: Character encoding, character type info, and transliteration tables are all updated to Unicode 10.0.0, using generator scripts contributed by Mike FABIAN (Red Hat). These updates cause user visible changes, especially the changes in wcwidth for many emoji characters cause problems when emoji sequences are rendered with pango, see for example: https://bugzilla.gnome.org/show_bug.cgi?id=780669#c5 * Collation of Hungarian has been overhauled and is now consistent with "The Rules of Hungarian Orthography, 12th edition" (Bug 18934). Contributed by Egmont Koblinger. * Improvements to the DNS stub resolver, contributed by Florian Weimer: - The GNU C Library will now detect when /etc/resolv.conf has been modified and reload the changed configuration. The new resolver option “no-reload” (RES_NORELOAD) disables this behavior. - The GNU C Library now supports an arbitrary number of search domains (configured using the “search” directive in /etc/resolv.conf); previously, there was a hard limit of six domains. For backward compatibility, applications that directly modify the ‘_res’ global object are still limited to six search domains. - When the “rotate” (RES_ROTATE) resolver option is active, the GNU C Library will now randomly pick a name server from the configuration as a starting point. (Previously, the second name server was always used.) * The tunables feature is now enabled by default. This allows users to tweak behavior of the GNU C Library using the GLIBC_TUNABLES environment variable. * New function reallocarray, which resizes an allocated block (like realloc) to the product of two sizes, with a guaranteed clean failure upon integer overflow in the multiplication. Originally from OpenBSD, contributed by Dennis Wölfing and Rüdiger Sonderfeld. * New wrappers for the Linux-specific system calls preadv2 and pwritev2. These are extended versions of preadv and pwritev, respectively, taking an additional flags argument. The set of supported flags depends on the running kernel; full support currently requires kernel 4.7 or later. * posix_spawnattr_setflags now supports the flag POSIX_SPAWN_SETSID, to create a new session ID for the spawned process. This feature is scheduled to be added to the next major revision of POSIX; for the time being, it is available under _GNU_SOURCE. * errno.h is now safe to use from C-preprocessed assembly language on all supported operating systems. In this context, it will only define the Exxxx constants, as preprocessor macros expanding to integer literals. * On ia64, powerpc64le, x86-32, and x86-64, the math library now implements 128-bit floating point as defined by ISO/IEC/IEEE 60559:2011 (IEEE 754-2008) and ISO/IEC TS 18661-3:2015. Contributed by Paul E. Murphy, Gabriel F. T. Gomes, Tulio Magno Quites Machado Filho, and Joseph Myers. To compile programs that use this feature, the compiler must support 128-bit floating point with the type name _Float128 (as defined by TS 18661-3) or __float128 (the nonstandard name used by GCC for C++, and for C prior to version 7). _GNU_SOURCE or __STDC_WANT_IEC_60559_TYPES_EXT__ must be defined to make the new interfaces visible. The new functions and macros correspond to those present for other floating-point types (except for a few obsolescent interfaces not supported for the new type), with F128 or f128 suffixes; for example, strtof128, HUGE_VAL_F128 and cosf128. Following TS 18661-3, there are no printf or scanf formats for the new type; the strfromf128 and strtof128 interfaces should be used instead. Deprecated and removed features, and other changes affecting compatibility: * The synchronization that pthread_spin_unlock performs has been changed to now be equivalent to a C11 atomic store with release memory order to the spin lock's memory location. Previously, several (but not all) architectures used stronger synchronization (e.g., containing what is often called a full barrier). This change can improve performance, but may affect odd fringe uses of spin locks that depend on the previous behavior (e.g., using spin locks as atomic variables to try to implement Dekker's mutual exclusion algorithm). * The port to Native Client running on ARMv7-A (--host=arm-nacl) has been removed. * Sun RPC is deprecated. The rpcgen program, librpcsvc, and Sun RPC headers will only be built and installed when the GNU C Library is configured with --enable-obsolete-rpc. This allows alternative RPC implementations, such as TIRPC or rpcsvc-proto, to be used. * The NIS(+) name service modules, libnss_nis, libnss_nisplus, and libnss_compat, are deprecated, and will not be built or installed by default. The NIS(+) support library, libnsl, is also deprecated. By default, a compatibility shared library will be built and installed, but not headers or development libraries. Only a few NIS-related programs require this library. (In particular, the GNU C Library has never required programs that use 'gethostbyname' to be linked with libnsl.) Replacement implementations based on TIRPC, which additionally support IPv6, are available from <https://github.com/thkukuk/>. The configure option --enable-obsolete-nsl will cause libnsl's headers, and the NIS(+) name service modules, to be built and installed. * The DNS stub resolver no longer performs EDNS fallback. If EDNS or DNSSEC support is enabled, the configured recursive resolver must support EDNS. (Responding to EDNS-enabled queries with responses which are not EDNS-enabled is fine, but FORMERR responses are not.) * res_mkquery and res_nmkquery no longer support the IQUERY opcode. DNS servers have not supported this opcode for a long time. * The _res_opcodes variable has been removed from libresolv. It had been exported by accident. * <string.h> no longer includes inline versions of any string functions, as this kind of optimization is better done by the compiler. The macros __USE_STRING_INLINES and __NO_STRING_INLINES no longer have any effect. * The nonstandard header <xlocale.h> has been removed. Most programs should use <locale.h> instead. If you have a specific need for the definition of locale_t with no other declarations, please contact libc-alpha@sourceware.org and explain. * The obsolete header <sys/ultrasound.h> has been removed. * The obsolete signal constant SIGUNUSED is no longer defined by <signal.h>. * The obsolete function cfree has been removed. Applications should use free instead. * The stack_t type no longer has the name struct sigaltstack. This changes the C++ name mangling for interfaces involving this type. * The ucontext_t type no longer has the name struct ucontext. This changes the C++ name mangling for interfaces involving this type. * On M68k GNU/Linux and MIPS GNU/Linux, the fpregset_t type no longer has the name struct fpregset. On Nios II GNU/Linux, the mcontext_t type no longer has the name struct mcontext. On SPARC GNU/Linux, the struct mc_fq, struct rwindow, struct fpq and struct fq types are no longer defined in sys/ucontext.h, the mc_fpu_t type no longer has the name struct mc_fpu, the gwindows_t type no longer has the name struct gwindows and the fpregset_t type no longer has the name struct fpu. This changes the C++ name mangling for interfaces involving those types. * On S/390 GNU/Linux, the constants defined by <sys/ptrace.h> have been synced with the kernel: - PTRACE_GETREGS, PTRACE_SETREGS, PTRACE_GETFPREGS and PTRACE_SETFPREGS are not supported on this architecture and have been removed. - PTRACE_SINGLEBLOCK, PTRACE_SECCOMP_GET_FILTER, PTRACE_PEEKUSR_AREA, PTRACE_POKEUSR_AREA, PTRACE_GET_LAST_BREAK, PTRACE_ENABLE_TE, PTRACE_DISABLE_TE and PTRACE_TE_ABORT_RAND have been added. Programs that assume the GET/SETREGS ptrace requests are universally available will now fail to build, instead of malfunctioning at runtime. Changes to build and runtime requirements: * Linux kernel 3.2 or later is required at runtime, on all architectures supported by that kernel. (This is a change from version 2.25 only for x86-32 and x86-64.) * GNU Binutils 2.25 or later is now required to build the GNU C Library. * On most architectures, GCC 4.9 or later is required to build the GNU C Library. On powerpc64le, GCC 6.2 or later is required. Older GCC versions and non-GNU compilers are still supported when compiling programs that use the GNU C Library. (We do not know exactly how old, and some GNU extensions to C may be _de facto_ required. If you are interested in helping us make this statement less vague, please contact libc-alpha@sourceware.org.) Security related changes: * The DNS stub resolver limits the advertised UDP buffer size to 1200 bytes, to avoid fragmentation-based spoofing attacks (CVE-2017-12132). * LD_LIBRARY_PATH is now ignored in binaries running in privileged AT_SECURE mode to guard against local privilege escalation attacks (CVE-2017-1000366). * Avoid printing a backtrace from the __stack_chk_fail function since it is called on a corrupt stack and a backtrace is unreliable on a corrupt stack (CVE-2010-3192). * A use-after-free vulnerability in clntudp_call in the Sun RPC system has been fixed (CVE-2017-12133). Contributors ============ This release was made possible by the contributions of many people. The maintainers are grateful to everyone who has contributed changes or bug reports. These include: Adhemerval Zanella Akhilesh Kumar Alan Modra Alexey Neyman Andreas Schwab Arjun Shankar Benjamin Cama Carlos O'Donell Chris Leonard Christian Borntraeger Christian Brauner Christopher Chittleborough Chung-Lin Tang DJ Delorie Dennis Wölfing Dmitry Bilunov Dmitry V. Levin Egmont Koblinger Eyolf Østrem Florian Weimer Gabriel F. T. Gomes Gordana Cmiljanovic H.J. Lu Ihar Hrachyshka Ivo Raisr Jiong Wang John David Anglin Joseph Myers Justus Winter Kir Kolyshkin Marko Myllynen Massimeddu Cireddu Matthew Krupcale Mike FABIAN Mike Frysinger Mousa Moradi Nathan Rossi Paul Clarke Paul E. Murphy Paul Eggert Peng Wu Phil Blundell Prakhar Bahuguna Rabin Vincent Rafal Luzynski Rajalakshmi Srinivasaraghavan Rical Jasan Rogerio A. Cardoso Samuel Thibault Santhosh Thottingal Siddhesh Poyarekar Slava Barinov Stefan Liebler Steve Ellcey Sunyeop Lee Szabolcs Nagy Thorsten Kukuk Tulio Magno Quites Machado Filho Uros Bizjak Vladimir Mezentsev Wainer dos Santos Moschetta Wilco Dijkstra Wladimir J. van der Laan Yury Norov Zack Weinberg -
glibc-2.25
The GNU C Library ================= The GNU C Library version 2.25 is now available. The GNU C Library is used as *the* C library in the GNU system and in GNU/Linux systems, as well as many other systems that use Linux as the kernel. The GNU C Library is primarily designed to be a portable and high performance C library. It follows all relevant standards including ISO C11 and POSIX.1-2008. It is also internationalized and has one of the most complete internationalization interfaces known. The GNU C Library webpage is at http://www.gnu.org/software/libc/ Packages for the 2.25 release may be downloaded from: http://ftpmirror.gnu.org/libc/ http://ftp.gnu.org/gnu/libc/ The mirror list is at http://www.gnu.org/order/ftp.html NEWS for version 2.25 ===================== * The feature test macro __STDC_WANT_LIB_EXT2__, from ISO/IEC TR 24731-2:2010, is supported to enable declarations of functions from that TR. Note that not all functions from that TR are supported by the GNU C Library. * The feature test macro __STDC_WANT_IEC_60559_BFP_EXT__, from ISO/IEC TS 18661-1:2014, is supported to enable declarations of functions and macros from that TS. Note that not all features from that TS are supported by the GNU C Library. * The feature test macro __STDC_WANT_IEC_60559_FUNCS_EXT__, from ISO/IEC TS 18661-4:2015, is supported to enable declarations of functions and macros from that TS. Note that most features from that TS are not supported by the GNU C Library. * The nonstandard feature selection macros _REENTRANT and _THREAD_SAFE are now treated as compatibility synonyms for _POSIX_C_SOURCE=199506L. Since the GNU C Library defaults to a much newer revision of POSIX, this will only affect programs that specifically request an old conformance mode. For instance, a program compiled with -std=c89 -D_REENTRANT will see a change in the visible declarations, but a program compiled with just -D_REENTRANT, or -std=c99 -D_POSIX_C_SOURCE=200809L -D_REENTRANT, will not. Some C libraries once required _REENTRANT and/or _THREAD_SAFE to be defined by all multithreaded code, but glibc has not required this for many years. * The inclusion of <sys/sysmacros.h> by <sys/types.h> is deprecated. This means that in a future release, the macros “major”, “minor”, and “makedev” will only be available from <sys/sysmacros.h>. These macros are not part of POSIX nor XSI, and their names frequently collide with user code; see for instance glibc bug 19239 and Red Hat bug 130601. <stdlib.h> includes <sys/types.h> under _GNU_SOURCE, and C++ code presently cannot avoid being compiled under _GNU_SOURCE, exacerbating the problem. * New <fenv.h> features from TS 18661-1:2014 are added to libm: the fesetexcept, fetestexceptflag, fegetmode and fesetmode functions, the femode_t type and the FE_DFL_MODE and FE_SNANS_ALWAYS_SIGNAL macros. * Integer width macros from TS 18661-1:2014 are added to <limits.h>: CHAR_WIDTH, SCHAR_WIDTH, UCHAR_WIDTH, SHRT_WIDTH, USHRT_WIDTH, INT_WIDTH, UINT_WIDTH, LONG_WIDTH, ULONG_WIDTH, LLONG_WIDTH, ULLONG_WIDTH; and to <stdint.h>: INT8_WIDTH, UINT8_WIDTH, INT16_WIDTH, UINT16_WIDTH, INT32_WIDTH, UINT32_WIDTH, INT64_WIDTH, UINT64_WIDTH, INT_LEAST8_WIDTH, UINT_LEAST8_WIDTH, INT_LEAST16_WIDTH, UINT_LEAST16_WIDTH, INT_LEAST32_WIDTH, UINT_LEAST32_WIDTH, INT_LEAST64_WIDTH, UINT_LEAST64_WIDTH, INT_FAST8_WIDTH, UINT_FAST8_WIDTH, INT_FAST16_WIDTH, UINT_FAST16_WIDTH, INT_FAST32_WIDTH, UINT_FAST32_WIDTH, INT_FAST64_WIDTH, UINT_FAST64_WIDTH, INTPTR_WIDTH, UINTPTR_WIDTH, INTMAX_WIDTH, UINTMAX_WIDTH, PTRDIFF_WIDTH, SIG_ATOMIC_WIDTH, SIZE_WIDTH, WCHAR_WIDTH, WINT_WIDTH. * New <math.h> features are added from TS 18661-1:2014: - Signaling NaN macros: SNANF, SNAN, SNANL. - Nearest integer functions: roundeven, roundevenf, roundevenl, fromfp, fromfpf, fromfpl, ufromfp, ufromfpf, ufromfpl, fromfpx, fromfpxf, fromfpxl, ufromfpx, ufromfpxf, ufromfpxl. - llogb functions: the llogb, llogbf and llogbl functions, and the FP_LLOGB0 and FP_LLOGBNAN macros. - Max-min magnitude functions: fmaxmag, fmaxmagf, fmaxmagl, fminmag, fminmagf, fminmagl. - Comparison macros: iseqsig. - Classification macros: iscanonical, issubnormal, iszero. - Total order functions: totalorder, totalorderf, totalorderl, totalordermag, totalordermagf, totalordermagl. - Canonicalize functions: canonicalize, canonicalizef, canonicalizel. - NaN functions: getpayload, getpayloadf, getpayloadl, setpayload, setpayloadf, setpayloadl, setpayloadsig, setpayloadsigf, setpayloadsigl. * The functions strfromd, strfromf, and strfroml, from ISO/IEC TS 18661-1:2014, are added to libc. They convert a floating-point number into string. * Most of glibc can now be built with the stack smashing protector enabled. It is recommended to build glibc with --enable-stack-protector=strong. Implemented by Nick Alcock (Oracle). * The function explicit_bzero, from OpenBSD, has been added to libc. It is intended to be used instead of memset() to erase sensitive data after use; the compiler will not optimize out calls to explicit_bzero even if they are "unnecessary" (in the sense that no _correct_ program can observe the effects of the memory clear). * On ColdFire, MicroBlaze, Nios II and SH3, the float_t type is now defined to float instead of double. This does not affect the ABI of any libraries that are part of the GNU C Library, but may affect the ABI of other libraries that use this type in their interfaces. * On x86_64, when compiling with -mfpmath=387 or -mfpmath=sse+387, the float_t and double_t types are now defined to long double instead of float and double. These options are not the default, and this does not affect the ABI of any libraries that are part of the GNU C Library, but it may affect the ABI of other libraries that use this type in their interfaces, if they are compiled or used with those options. * The getentropy and getrandom functions, and the <sys/random.h> header file have been added. * The buffer size for byte-oriented stdio streams is now limited to 8192 bytes by default. Previously, on Linux, the default buffer size on most file systems was 4096 bytes (and thus remains unchanged), except on network file systems, where the buffer size was unpredictable and could be as large as several megabytes. * The <sys/quota.h> header now includes the <linux/quota.h> header. Support for the Linux quota interface which predates kernel version 2.4.22 has been removed. * The malloc_get_state and malloc_set_state functions have been removed. Already-existing binaries that dynamically link to these functions will get a hidden implementation in which malloc_get_state is a stub. As far as we know, these functions are used only by GNU Emacs and this change will not adversely affect already-built Emacs executables. Any undumped Emacs executables, which normally exist only during an Emacs build, should be rebuilt by re-running “./configure; make” in the Emacs build tree. * The “ip6-dotint” and “no-ip6-dotint” resolver options, and the corresponding RES_NOIP6DOTINT flag from <resolv.h> have been removed. “no-ip6-dotint” had already been the default, and support for the “ip6-dotint” option was removed from the Internet in 2006. * The "ip6-bytestring" resolver option and the corresponding RES_USEBSTRING flag from <resolv.h> have been removed. The option relied on a backwards-incompatible DNS extension which was never deployed on the Internet. * The flags RES_AAONLY, RES_PRIMARY, RES_NOCHECKNAME, RES_KEEPTSIG, RES_BLAST defined in the <resolv.h> header file have been deprecated. They were already unimplemented. * The "inet6" option in /etc/resolv.conf and the RES_USE_INET6 flag for _res.flags are deprecated. The flag was standardized in RFC 2133, but removed again from the IETF name lookup interface specification in RFC 2553. Applications should use getaddrinfo instead. * DNSSEC-related declarations and definitions have been removed from the <arpa/nameser.h> header file, and libresolv will no longer attempt to decode the data part of DNSSEC record types. Previous versions of glibc only implemented minimal support for the previous version of DNSSEC, which is incompatible with the currently deployed version. * The resource record type classification macros ns_t_qt_p, ns_t_mrr_p, ns_t_rr_p, ns_t_udp_p, ns_t_xfr_p have been removed from the <arpa/nameser.h> header file because the distinction between RR types and meta-RR types is not officially standardized, subject to revision, and thus not suitable for encoding in a macro. * The types res_sendhookact, res_send_qhook, re_send_rhook, and the qhook and rhook members of the res_state type in <resolv.h> have been removed. The glibc stub resolver did not support these hooks, but the header file did not reflect that. * For multi-arch support it is recommended to use a GCC which has been built with support for GNU indirect functions. This ensures that correct debugging information is generated for functions selected by IFUNC resolvers. This support can either be enabled by configuring GCC with '--enable-gnu-indirect-function', or by enabling it by default by setting 'default_gnu_indirect_function' variable for a particular architecture in the GCC source file 'gcc/config.gcc'. * GDB pretty printers have been added for mutex and condition variable structures in POSIX Threads. When installed and loaded in gdb these pretty printers show various pthread variables in human-readable form when read using the 'print' or 'display' commands in gdb. * Tunables feature added to allow tweaking of the runtime for an application program. This feature can be enabled with the '--enable-tunables' configure flag. The GNU C Library manual has details on usage and README.tunables has instructions on adding new tunables to the library. * A new version of condition variables functions have been implemented in the NPTL implementation of POSIX Threads to provide stronger ordering guarantees. * A new version of pthread_rwlock functions have been implemented to use a more scalable algorithm primarily through not using a critical section anymore to make state changes. Security related changes: * On ARM EABI (32-bit), generating a backtrace for execution contexts which have been created with makecontext could fail to terminate due to a missing .cantunwind annotation. This has been observed to lead to a hang (denial of service) in some Go applications compiled with gccgo. Reported by Andreas Schwab. (CVE-2016-6323) * The DNS stub resolver functions would crash due to a NULL pointer dereference when processing a query with a valid DNS question type which was used internally in the implementation. The stub resolver now uses a question type which is outside the range of valid question type values. (CVE-2015-5180) Contributors ============ This release was made possible by the contributions of many people. The maintainers are grateful to everyone who has contributed changes or bug reports. These include: Adhemerval Zanella Alan Modra Alexandre Oliva Andreas Schwab Andrew Senkevich Aurelien Jarno Brent W. Baccala Carlos O'Donell Chris Metcalf Chung-Lin Tang DJ Delorie David S. Miller Denis Kaganovich Dmitry V. Levin Ernestas Kulik Florian Weimer Gabriel F T Gomes Gabriel F. T. Gomes H.J. Lu Jakub Jelinek James Clarke James Greenhalgh Jim Meyering John David Anglin Joseph Myers Maciej W. Rozycki Mark Wielaard Martin Galvan Martin Pitt Mike Frysinger Märt Põder Nick Alcock Paul E. Murphy Paul Murphy Rajalakshmi Srinivasaraghavan Rasmus Villemoes Rical Jasan Richard Henderson Roland McGrath Samuel Thibault Siddhesh Poyarekar Stefan Liebler Steve Ellcey Svante Signell Szabolcs Nagy Tom Tromey Torvald Riegel Tulio Magno Quites Machado Filho Wilco Dijkstra Yury Norov Zack Weinberg -
glibc-2.24
The GNU C Library ================= The GNU C Library version 2.24 is now available. The GNU C Library is used as *the* C library in the GNU system and in GNU/Linux systems, as well as many other systems that use Linux as the kernel. The GNU C Library is primarily designed to be a portable and high performance C library. It follows all relevant standards including ISO C11 and POSIX.1-2008. It is also internationalized and has one of the most complete internationalization interfaces known. The GNU C Library webpage is at http://www.gnu.org/software/libc/ Packages for the 2.24 release may be downloaded from: http://ftpmirror.gnu.org/libc/ http://ftp.gnu.org/gnu/libc/ The mirror list is at http://www.gnu.org/order/ftp.html NEWS for version 2.24 ===================== * The minimum Linux kernel version that this version of the GNU C Library can be used with is 3.2, except on i[4567]86 and x86_64, where Linux kernel version 2.6.32 or later suffices (on architectures that already required kernel versions more recent than 3.2, those requirements remain unchanged). Linux 3.2 or later kernel headers are required on all architectures. * The pap_AN locale has been deleted. This has been deprecated for a long time. It has been replaced by pap_AW & pap_CW, both of which have long been included in previous releases. * The readdir_r and readdir64_r functions have been deprecated. It is recommended to use readdir and readdir64 instead. * The type “union wait” has been removed. It was deprecated in the early 1990s and never part of POSIX. Application code should use the int type instead of “union wait”. * A new NSS action is added to facilitate large distributed system administration. The action, MERGE, allows remote user stores like LDAP to be merged into local user stores like /etc/groups in order to provide easy to use, updated, and managed sets of merged credentials. The new action can be used by configuring it in /etc/nsswitch.conf: group: files [SUCCESS=merge] nis Implemented by Stephen Gallagher (Red Hat). * The deprecated __malloc_initialize_hook variable has been removed from the API. * The long unused localedef --old-style option has been removed. It hasn't done anything in over 16 years. Scripts using this option can safely drop it. * nextupl, nextup, nextupf, nextdownl, nextdown and nextdownf are added to libm. They are defined by TS 18661 and IEEE754-2008. The nextup functions return the next representable value in the direction of positive infinity and the nextdown functions return the next representable value in the direction of negative infinity. These are currently enabled as GNU extensions. Security related changes: * An unnecessary stack copy in _nss_dns_getnetbyname_r was removed. It could result in a stack overflow when getnetbyname was called with an overly long name. (CVE-2016-3075) * Previously, getaddrinfo copied large amounts of address data to the stack, even after the fix for CVE-2013-4458 has been applied, potentially resulting in a stack overflow. getaddrinfo now uses a heap allocation instead. Reported by Michael Petlan. (CVE-2016-3706) * The glob function suffered from a stack-based buffer overflow when it was called with the GLOB_ALTDIRFUNC flag and encountered a long file name. Reported by Alexander Cherepanov. (CVE-2016-1234) * The Sun RPC UDP client could exhaust all available stack space when flooded with crafted ICMP and UDP messages. Reported by Aldy Hernandez' alloca plugin for GCC. (CVE-2016-4429) * The IPv6 name server management code in libresolv could result in a memory leak for each thread which is created, performs a failing naming lookup, and exits. Over time, this could result in a denial of service due to memory exhaustion. Reported by Matthias Schiffer. (CVE-2016-5417) The following bugs are resolved with this release: [1170] localedata: ne_NP: update Nepali locale definition file [3629] manual: stpcpy description in string.texi refers to MS-DOG instead of MS-DOS. [6527] malloc: [powerpc] Malloc alignment insufficient for PowerPC [6796] math: fdim() does not set errno on overflow [10354] libc: posix_spawn should use vfork() in more cases than presently [11213] localedata: localedata: add copyright disclaimer to locale files [12143] localedata: chr_US: new Cherokee locale [12450] localedata: sgs_LT: new locale [12676] localedata: ln_CD: new locale [13237] localedata: LC_ADDRESS.country_name: update all locales w/latest CLDR data [13304] math: fma, fmaf, fmal produce wrong results [14259] build: --localedir arg to configure is ignored [14499] nptl: Does posix_spawn invoke atfork handlers / use vfork? [14750] libc: Race condition in posix_spawn vfork usage vs signal handlers [14934] localedata: es_CL: wrong first weekday chilean locale [15262] localedata: LC_MESSAGES.yesexpr/noexpr: inconsistent use of romanisation [15263] localedata: LC_MESSAGES.yesexpr/noexpr: inconsistent use of 1/0 and +/- [15264] localedata: LC_MESSAGES.yesstr/nostr: lacking in many locales [15368] nptl: raise() is not async-signal-safe [15479] math: ceil, floor, round and trunc raise inexact exception [15578] localedata: kk_KZ: various updates [16003] localedata: pap_AN: punt old locale [16137] localedata: iw_IL: punt old locale [16190] localedata: eo: new esperanto locale [16374] localedata: lv_LV: change currency symbol in LC_MONETARY to euro [16742] malloc: race condition: pthread_atfork() called before first malloc() results in unexpected locking behaviour/deadlocks [16975] localedata: LC_MESSAGES.yesexpr/noexpr: revisit capitalization in all locales [16983] localedata: postal_fmt does not allow %l and %n modifiers [17565] localedata: pt_PT: wrong (work-)week start [17899] math: [powerpc] floorl returns negative zero with FE_DOWNWARD [17950] build: Build fails with -msse [18205] localedata: be_BY*: wrong first_weekday and first_workday [18433] libc: posix_spawn does not return correctly upon failure to execute [18453] localedata: charmaps/IBM875: incorrect codes [18712] string: bits/string2.h incompatible with -O2 -Werror=packed -Wsystem-headers [18896] localedata: he_IL: improvements for currency [18911] localedata: ro_RO: Correcting week day name for "Tuesday" in Romanian locale data [18960] locale: s390: _nl_locale_subfreeres uses larl opcode on misaligned symbol [19056] libc: Deprecate readdir_r [19133] localedata: pt_*: days & months should be lowercase in Portuguese language [19198] localedata: nl_NL: small improvements for Dutch locales [19257] network: Per-thread memory leak in __res_vinit with IPv6 nameservers (CVE-2016-5417) [19269] build: tst-audit4 and tst-audit10 failures with gcc-6 on non avx machine [19400] locale: Language missing in "iso-639.def", trivial fix in description [19431] malloc: Deadlock between fflush, getdelim, and fork [19505] libc: Incorrect file descriptor validity checks in posix_spawn_file_actions_add{open,close,dup2} [19509] dynamic-link: dlsym, dlvsym do not report errors through dlerror when using RTLD_NEXT [19512] locale: Stale `#ifndef HAVE_BUILTIN_EXPECT' in `intl/{gettextP,loadinfo}.h' [19534] libc: execle, execlp may use malloc [19568] localedata: *_CH: Swiss locales have inconsistent start of week [19573] network: res_nclose and __res_maybe_init disagree about name server initialization, breaking Hesiod [19575] localedata: Status of GB18030 tables [19581] localedata: sr_* date_fmt string contains additional newline [19583] string: SSSE3_Fast_Copy_Backward flag needs to be enabled for AMD Excavator core [19592] math: [ldbl-128ibm] ceill incorrect in non-default rounding modes [19593] math: [ldbl-128ibm] truncl incorrect in non-default rounding modes [19594] math: [ldbl-128ibm] roundl incorrect in non-default rounding modes [19595] math: [ldbl-128ibm] fmodl incorrect for results in subnormal double range [19602] math: [ldbl-128ibm] fmodl handling of equal arguments with low part zero incorrect [19603] math: [ldbl-128ibm] remainderl, remquol incorrect sign handling in equality tests [19610] dynamic-link: ldconfig -X removes stale symbolic links [19613] libc: s390x (64 bit) macro expansion WCOREDUMP and others [19633] locale: strfmon_l applies global locale to number formatting [19642] network: Memory leak in getnameinfo [19648] libc: test-skeleton.c: Do not set RLIMIT_DATA [19653] libc: Potential for NULL pointer dereference (CWE-476) in glibc-2.22 [19654] math: [x86_64] Need testcase for BZ #19590 fix [19671] localedata: Missing Sanity Check for malloc() in 'tst-fmon.c' & 'tst-numeric.c' [19674] math: [ldbl-128ibm] powl incorrect overflow handling [19677] math: [ldbl-128ibm] remainderl equality test incorrect for zero low part [19678] math: [ldbl-128ibm] nextafterl, nexttowardl incorrect sign of zero result [19679] dynamic-link: gcc-4.9.3 C++ exception handling broken due to unaligned stack [19726] locale: Converting UCS4LE to INTERNAL with iconv() does not update pointers and lengths in error-case. [19727] locale: Converting from/to UTF-xx with iconv() does not always report errors on UTF-16 surrogates values. [19755] nscd: nscd assertion failure in gc [19758] dynamic-link: Typo in EXTRA_LD_ENVVARS for x86-64 [19759] libc: mempcpy shouldn't be inlined [19762] dynamic-link: HAS_CPU_FEATURE/HAS_ARCH_FEATURE are easy to misuse [19765] libc: s390 needs an optimized mempcpy [19779] glob: glob: buffer overflow with GLOB_ALTDIRFUNC due to incorrect NAME_MAX limit assumption (CVE-2016-1234) [19783] build: benchtests don't support --enable-hardcoded-path-in-tests [19787] network: Missing and incorrect truncation checks in getnameinfo [19790] math: [ldbl-128ibm] nearbyintl incorrect in non-default rounding modes [19791] network: Assertion failure in res_query.c with un-connectable name server addresses [19792] libc: MIPS: backtrace yields infinite backtrace with makecontext [19822] math: libm.so install clobbers old version [19825] network: resolv: send_vc can return uninitialized data in second response to getaddrinfo [19830] network: nss_dns: should check RDATA length against buffer length [19831] network: nss_dns: getaddrinfo returns uninitialized data when confronted with A/AAAA records of invalid size [19837] nss: nss_db: No retries for some long lines with a larger buffer [19848] math: powl(10,n) for n=-4,-5,-6,-7 is off by more than 1 ULP [19853] stdio: Printing IBM long double in decimal with high precision is sometimes incorrect [19860] build: x86_64: compile errors for tst-audit10 and tst-auditmod10b [19861] nptl: libpthread IFUNC resolver for fork can lead to crash [19862] network: resolv, nss_dns: Remove remaining logging of unexpected record types [19865] network: Assertion failure or memory leak in _nss_dns_getcanonname_r [19868] network: nss_dns: netent code does not skip over non-PTR records [19879] network: nss_dns: Stack overflow in getnetbyname implementation (CVE-2016-3075) [19881] string: Improve x86-64 memset [19907] string: Incorrect memcpy tests [19916] dynamic-link: S390: fprs/vrs are not saved/restored while resolving symbols [19925] libc: termios.h XCASE namespace [19928] string: memmove-vec-unaligned-erms.S is slow with large data size [19929] libc: limits.h NL_NMAX namespace [19931] stdio: Memory leak in vfprintf [19957] libc: clone(CLONE_VM) access invalid parent memory [19963] localedata: en_IL: New locale [19989] stdio: stdio.h cuserid namespace [19994] network: getaddrinfo does not restore RES_USE_INET6 flag in gethosts [19996] locale: langinfo.h nl_langinfo_l namespace [20005] stdio: fflush on a file opened with fmemopen resets position to 0 [20010] network: getaddrinfo: Stack overflow in hostent translation (CVE-2016-3706) [20012] stdio: libio: fmemopen append mode failure [20014] stdio: stdio.h namespace for pre-threads POSIX [20017] network: resolv: Use gmtime_r instead of gmtime in p_secstodate [20023] libc: fcntl.h timespec namespace [20024] math: [x86_64] vectorized sincos trashes the stack [20031] network: nss_hesiod: Heap overflow in get_txt_records [20041] time: sys/time.h timespec namespace [20043] libc: unistd.h missing cuserid for UNIX98 and before [20044] libc: unistd.h missing pthread_atfork for UNIX98 [20051] libc: ttyslot in wrong header under wrong conditions [20054] libc: gethostname not declared for XPG4 [20055] libc: termios.h missing tcgetsid for XPG4 [20072] dynamic-link: x86 init_cpu_features is called twice in static executable [20073] libc: sys/stat.h fchmod namespace [20074] libc: stdlib.h rand_r namespace [20076] libc: sys/stat.h missing S_IFSOCK, S_ISSOCK for XPG4 [20094] libc: stdlib.h should not declare grantpt, ptsname, unlockpt for XPG3 [20111] libc: struct sockaddr_storage cannot be aggregate-copied [20112] network: sunrpc: stack (frame) overflow in Sun RPC clntudp_call (CVE-2016-4429) [20115] string: Extra alignment in memset-vec-unaligned-erms.S [20119] libc: Wrong mask for processors level type from CPUID [20139] dynamic-link: Upper part of zmm is zeroed if Glibc is built with AS not supporting AVX512 [20151] math: [ldbl-128/ldbl-128ibm] j0l, j1l, y0l, y1l return sNaN for sNaN argument [20153] math: [ldbl-128ibm] sqrtl (sNaN) returns sNaN [20156] math: [ldbl-128ibm] ceill, rintl etc. return sNaN for sNaN argument [20157] math: [powerpc] fabsl (sNaN) wrongly raises "invalid" [20160] math: [powerpc] ceil, rint etc. return sNaN for sNaN input [20178] libc: posix_spawn{p} should not call exit [20191] stdio: libio: vtables hardening [20195] string: FMA4 detection requires CPUID execution with register eax=0x80000001 [20198] libc: quick_exit incorrectly destroys C++11 thread objects. [20205] math: [i386/x86_64] nextafterl incorrect incrementing negative subnormals [20212] math: acos (sNaN) returns sNaN [20213] math: asin (sNaN) returns sNaN [20214] network: Linux header sync with linux/in6.h and ipv6.h again. [20218] math: [i386] asinhl (sNaN) returns sNaN [20219] math: [i386] atanhl (sNaN) returns sNaN [20222] stdio: fopencookie: Mangle function pointers [20224] math: [i386] cbrtl (sNaN) returns sNaN [20225] math: ldexp, scalbn, scalbln return sNaN for sNaN input [20226] math: [i386/x86_64] expl, exp10l, expm1l return sNaN for sNaN input [20227] math: [i386/x86_64] logl (sNaN) returns sNaN [20228] math: [i386/x86_64] log10l (sNaN) returns sNaN [20229] math: [i386/x86_64] log1pl (sNaN) returns sNaN [20232] math: [ldbl-128] expm1l (sNaN) returns sNaN [20233] math: [ldbl-128ibm] expm1l (sNaN) returns sNaN [20234] math: [ldbl-128ibm] log1pl (sNaN) returns sNaN [20235] math: [i386/x86_64] log2l (sNaN) returns sNaN [20237] nss: nss_db: get*ent segfaults without preceding set*ent [20240] math: modf (sNaN) returns sNaN [20248] libc: debug/tst-longjump_chk2 calls printf from a signal handler [20250] math: frexp (sNaN) returns sNaN [20252] math: atan2 (sNaN, qNaN) fails to raise "invalid" [20255] math: [i386] fdim, fdimf return with excess range and precision / double rounding [20256] math: [i386/x86_64] fdiml returns sNaN for sNaN input [20260] string: ../sysdeps/x86/bits/string.h:1092:3: error: array subscript is below array bounds [-Werror=array-bounds] [20262] nis: _nss_nis_initgroups_dyn always returns NSS_STATUS_NOTFOUND [20263] nptl: robust mutex deadlocks if other thread requests timedlock (Only arm/linux) [20277] libc: $dp is not initialized correctly in sysdeps/hppa/start.S [20284] malloc: malloc: Corrupt arena avoidance causes unnecessary mmap fallbacks [20296] math: [i386/x86_64] scalbl returns sNaN for sNaN input, missing "invalid" exceptions [20314] nptl: make[4]: *** [/usr/include/stdlib.h] Error 1 [20316] localedata: id_ID: Februari instead of Pebruari [20327] string: POWER8 strcasecmp returns incorrect result [20347] math: Failure: Test: j0_downward (0xap+0) [20348] libc: FAIL: misc/tst-preadvwritev64 [20349] libc: 64-bit value is passed differently in p{readv,writev}{64} [20350] libc: There is no test for p{read,write}64 [20357] math: Incorrect cos result for 1.5174239687223976 [20384] build: Don't run libmvec-sincos-avx* tests on non avx machines Contributors ============ This release was made possible by the contributions of many people. The maintainers are grateful to everyone who has contributed changes or bug reports. These include: Adhemerval Zanella Andreas Schwab Andrew Senkevich Anton Blanchard Arnas Udovičius Aurelien Jarno Carlos Eduardo Seo Carlos O'Donell Chris Metcalf Chung-Lin Tang Claude Paroz Dimitris Pappas Dmitry V. Levin Dylan Alex Simon Eduardo Trápani Florian Weimer Gabriel F. T. Gomes Gunnar Hjalmarsson Gustavo Romero Guy Rutenberg H.J. Lu Hongjiu Zhang Jiyoung Yun John David Anglin Joseph Myers Khem Raj Maciej W. Rozycki Mark Wielaard Marko Myllynen Martin Galvan Matthew Fortune Matthias Wallnoefer Mike FABIAN Mike Frysinger Neskie Manuel Nick Alcock Paras pradhan Paul E. Murphy Paul Pluzhnikov Rajalakshmi Srinivasaraghavan Rical Jasan Richard Henderson Robin van der Vliet Roland McGrath Samuel Thibault Siddhesh Poyarekar Simion Onea Stefan Liebler Stephen Gallagher Szabolcs Nagy Timur Birsh Torvald Riegel Tulio Magno Quites Machado Filho Wilco Dijkstra Will Newton Yvan Roux Zack Weinberg -
glibc-2.23
The GNU C Library ================= The GNU C Library version 2.23 is now available. The GNU C Library is used as *the* C library in the GNU system and in GNU/Linux systems, as well as many other systems that use Linux as the kernel. The GNU C Library is primarily designed to be a portable and high performance C library. It follows all relevant standards including ISO C11 and POSIX.1-2008. It is also internationalized and has one of the most complete internationalization interfaces known. The GNU C Library webpage is at http://www.gnu.org/software/libc/ Packages for the 2.23 release may be downloaded from: http://ftpmirror.gnu.org/libc/ http://ftp.gnu.org/gnu/libc/ The mirror list is at http://www.gnu.org/order/ftp.html NEWS for version 2.23 ===================== * Unicode 8.0.0 Support: Character encoding, character type info, and transliteration tables are all updated to Unicode 8.0.0, using new and/or improved generator scripts contributed by Mike FABIAN (Red Hat). These updates cause user visible changes, such as the fixes for bugs 89, 16061, and 18568. * sched_setaffinity, pthread_setaffinity_np no longer attempt to guess the kernel-internal CPU set size. This means that requests that change the CPU affinity which failed before (for example, an all-ones CPU mask) will now succeed. Applications that need to determine the effective CPU affinities need to call sched_getaffinity or pthread_getaffinity_np after setting it because the kernel can adjust it (and the previous size check would not detect this in the majority of cases). * The fts.h header can now be used with -D_FILE_OFFSET_BITS=64. With LFS the following new symbols are used: fts64_children, fts64_close, fts64_open, fts64_read and fts64_set. * getaddrinfo now detects certain invalid responses on an internal netlink socket. If such responses are received, an affected process will terminate with an error message of "Unexpected error <number> on netlink descriptor <number>" or "Unexpected netlink response of size <number> on descriptor <number>". The most likely cause for these errors is a multi-threaded application which erroneously closes and reuses the netlink file descriptor while it is used by getaddrinfo. * A defect in the malloc implementation, present since glibc 2.15 (2012) or glibc 2.10 via --enable-experimental-malloc (2009), could result in the unnecessary serialization of memory allocation requests across threads. The defect is now corrected. Users should see a substantial increase in the concurent throughput of allocation requests for applications which trigger this bug. Affected applications typically create create and destroy threads frequently. (Bug 19048 was reported and analyzed by Ericsson.) * There is now a --disable-timezone-tools configure option for disabling the building and installing of the timezone related utilities (zic, zdump, and tzselect). This is useful for people who build the timezone data and code independent of the GNU C Library. * The obsolete header <regexp.h> has been removed. Programs that require this header must be updated to use <regex.h> instead. * The obsolete functions bdflush, create_module, get_kernel_syms, query_module and uselib are no longer available to newly linked binaries; the header <sys/kdaemon.h> has been removed. These functions and header were specific to systems using the Linux kernel and could not usefully be used with the GNU C Library on systems with version 2.6 or later of the Linux kernel. * Optimized string, wcsmbs and memory functions for IBM z13. Implemented by Stefan Liebler. * Newly linked programs that define a variable called signgam will no longer have it set by the lgamma, lgammaf and lgammal functions. Programs that require signgam to be set by those functions must ensure that they use the variable provided by the GNU C Library and declared in <math.h>, without defining their own copy. * The minimum GCC version that can be used to build this version of the GNU C Library is GCC 4.7. Older GCC versions, and non-GNU compilers, can still be used to compile programs using the GNU C Library. Security related changes: * An out-of-bounds value in a broken-out struct tm argument to strftime no longer causes a crash. Reported by Adam Nielsen. (CVE-2015-8776) * The LD_POINTER_GUARD environment variable can no longer be used to disable the pointer guard feature. It is always enabled. Previously, LD_POINTER_GUARD could be used to disable security hardening in binaries running in privileged AT_SECURE mode. Reported by Hector Marco-Gisbert. (CVE-2015-8777) * An integer overflow in hcreate and hcreate_r could lead to an out-of-bounds memory access. Reported by Szabolcs Nagy. (CVE-2015-8778) * The catopen function no longer has unbounded stack usage. Reported by Max. (CVE-2015-8779) * The nan, nanf and nanl functions no longer have unbounded stack usage depending on the length of the string passed as an argument to the functions. Reported by Joseph Myers. (CVE-2014-9761) * A stack-based buffer overflow was found in libresolv when invoked from libnss_dns, allowing specially crafted DNS responses to seize control of execution flow in the DNS client. The buffer overflow occurs in the functions send_dg (send datagram) and send_vc (send TCP) for the NSS module libnss_dns.so.2 when calling getaddrinfo with AF_UNSPEC family. The use of AF_UNSPEC triggers the low-level resolver code to send out two parallel queries for A and AAAA. A mismanagement of the buffers used for those queries could result in the response of a query writing beyond the alloca allocated buffer created by _nss_dns_gethostbyname4_r. Buffer management is simplified to remove the overflow. Thanks to the Google Security Team and Red Hat for reporting the security impact of this issue, and Robert Holiday of Ciena for reporting the related bug 18665. (CVE-2015-7547) The following bugs are resolved with this release: [89] localedata: Locales nb_NO and nn_NO should transliterate æøå [887] math: Math library function "logb" and "nextafter" inconsistent [2542] math: Incorrect return from float gamma (-0X1.FA471547C2FE5P+1) [2543] math: Incorrect return from float gamma (-0X1.9260DCP+1) [2558] math: Incorrect return from double gamma (-0X1.FA471547C2FE5P+1) [2898] libc: [improve] warning: the use of `mktemp' is dangerous, better use `mkstemp' [4404] localedata: German translation of "Alarm clock" is misleading [6799] math: nextafter() and nexttoward() doen't set errno on overflow/underflow errors [6803] math: scalb(), scalbln(), scalbn() do not set errno on overflow/underflow [10432] nis: _nss_nis_setnetgrent assertion failure [11460] libc: fts has no LFS support [12926] network: getaddrinfo()/make_request() may spin forever [13065] nptl: Race condition in pthread barriers [13690] nptl: pthread_mutex_unlock potentially cause invalid access [14341] dynamic-link: Dynamic linker crash when DT_JMPREL and DT_REL{,A} are not contiguous [14551] math: [ldbl-128ibm] strtold overflow handling for IBM long double [14912] libc: Rename non-installed bits/*.h headers [15002] libc: Avoid undefined behavior in posix_fallocate overflow check [15367] math: Let gcc use __builtin_isinf [15384] math: One constant fewer in ieee754/dbl-64/wordsize-64/s_finite.c [15421] math: lgamma wrongly sets signgam for ISO C [15470] math: [arm] On ARM llrintl() and llroundl() do not raise FE_INVALID with argument out of range [15491] math: [i386/x86_64] x86 nearbyint implementations wrongly clear all exceptions [15786] dynamic-link: ifunc resolver functions can smash function arguments [15918] math: Unnecessary check for equality in hypotf() [16061] localedata: Review / update transliteration data [16068] math: [i386/x86_64] x86 and x86_64 fesetenv exclude state they should include [16141] time: strptime %z offset restriction [16171] math: drem should be alias of remainder [16296] math: fegetround is pure? [16347] math: [ldbl-128ibm] ldbl-128/e_lgammal_r.c may not be suitable. [16364] libc: sleep may leave SIGCHLD blocked on sync cancellation on GNU/Linux [16399] math: [mips] lrint / llrint / lround / llround missing exceptions [16415] math: Clean up ldbl-128 / ldbl-128ibm expm1l for large positive arguments [16422] math: [powerpc] math-float, math-double failing llrint tests with "Exception "Inexact" set" on ppc32 [16495] localedata: nl_NL: date_fmt: shuffle year/month around [16517] math: Missing underflow exception from tanf/tan/tanl [16519] math: Missing underflow exception from sinhf [16520] math: Missing underflow exception from tanhf [16521] math: Missing underflow exception from exp2 [16620] math: [ldbl-128ibm] exp10l spurious overflows / bad directed rounding results [16734] stdio: fopen calls mmap to allocate its buffer [16961] math: nan function incorrect handling of bad sequences [16962] math: nan function unbounded stack allocation (CVE-2014-9761) [16973] localedata: Fix lang_lib/lang_term as per ISO 639-2 [16985] locale: localedef: confusing error message when opening output fails [17118] math: ctanh(INFINITY + 2 * I) returns incorrect value [17197] locale: Redundant shift character in iconv conversion output at block boundary [17243] libc: trunk/posix/execl.c:53: va_args problem ? [17244] libc: trunk/sysdeps/unix/sysv/linux/semctl.c:116: va_args muxup ? [17250] dynamic-link: static linking breaks nss loading (getaddrinfo/getpwnam/etc...) [17404] libc: atomic_exchange_rel lacking a barrier on MIPS16, GCC before 4.7? [17441] math: isnan() should use __builtin_isnan() in GCC [17514] nptl: Assert failure unlocking ERRORCHECK mutex after timedlock (related to lock elision) [17787] manual: Exponent on page 324 of the PDF ends prematurely [17886] time: strptime should be able to parse "Z" as a timezone with %z [17887] time: strptime should be able to parse "+01:00" style timezones [17905] libc: catopen() Multiple unbounded stack allocations (CVE-2015-8779) [18084] libc: backtrace (..., 0) dumps core on x86 [18086] libc: nice() sets errno to 0 on success [18240] libc: hcreate, hcreate_r should fail with ENOMEM if element count is too large (CVE-2015-8778) [18251] dynamic-link: SONAME missing when audit modules provides path [18265] libc: add attributes for wchar string and memory functions [18370] math: csqrt missing underflows [18421] libc: [hppa] read-only segment has dynamic relocations [18472] libc: Obsolete syscall wrappers should be compat symbols [18480] libc: hppa glibc miscompilation in sched_setaffinity() [18491] localedata: Update tr_TR LC_CTYPE as part of Unicode updates [18525] localedata: Remove locale timezone information [18560] libc: [powerpc] spurious bits/ipc.h definitions [18568] localedata: Update locale data to Unicode 8.0 [18589] locale: sort-test.sh fails at random [18595] math: ctan, ctanh missing underflows [18604] libc: assert macro-expands its argument [18610] math: S390: fetestexcept() reports any exception if DXC-code contains a vector instruction exception. [18611] math: j1, jn missing errno setting on underflow [18618] localedata: sync Chechen locale definitions with other *_RU locales [18647] math: powf(-0x1.000002p0, 0x1p30) returns 0 instead of +inf [18661] libc: Some x86-64 assembly codes don't align stack to 16 bytes [18665] network: In send_dg, the recvfrom function is NOT always using the buffer size of a newly created buffer (CVE-2015-7547) [18674] libc: [i386] trunk/sysdeps/i386/tst-auditmod3b.c:84: possible missing break ? [18675] libc: fpathconf(_PC_NAME_MAX) fails against large filesystems for 32bit processes [18681] libc: regexp.h is obsolete and buggy, and should be desupported [18699] math: tilegx cproj() for various complex infinities does not yield infinity [18724] libc: Harden put*ent functions against data injection [18743] nptl: PowerPC: findutils testcase fails with --enable-lock-elision [18755] build: build errors with -DNDEBUG [18757] stdio: fmemopen fails to set errno on failure [18778] dynamic-link: ld.so crashes if failed dlopen causes libpthread to be forced unloaded [18781] libc: openat64 lacks O_LARGEFILE [18787] libc: [hppa] sysdeps/unix/sysv/linux/hppa/bits/atomic.h:71:6: error: can’t find a register in class ‘R1_REGS’ while reloading ‘asm’ [18789] math: [ldbl-128ibm] sinhl inaccurate near 0 [18790] math: [ldbl-128ibm] tanhl inaccurate [18795] libc: stpncpy fortification misses buffer lengths that are statically too large [18796] build: build fails for --disable-mathvec [18803] math: hypot missing underflows [18820] stdio: fmemopen may leak memory on failure [18823] math: csqrt spurious underflows [18824] math: fma spurious underflows [18825] math: pow missing underflows [18857] math: [ldbl-128ibm] nearbyintl wrongly uses signaling comparisons [18868] nptl: pthread_barrier_init typo has in-theory-undefined behavior [18870] build: sem_open.c fails to compile with missing symbol FUTEX_SHARED [18872] stdio: Fix memory leak in printf_positional [18873] libc: posix_fallocate overflow check ineffective [18875] math: Excess precision leads incorrect libm [18877] libc: arm: mmap offset regression [18887] libc: memory corruption when using getmntent on blank lines [18918] localedata: hu_HU: change time to HH:MM:SS format [18921] libc: Regression: extraneous stat() and fstat() performed by opendir() [18928] dynamic-link: LD_POINTER_GUARD is not ignored for privileged binaries (CVE-2015-8777) [18951] math: tgamma missing underflows [18952] math: [ldbl-128/ldbl-128ibm] lgammal spurious "invalid", incorrect signgam [18953] localedata: lt_LT: change currency symbol to the euro [18956] math: powf inaccuracy [18961] math: [i386] exp missing underflows [18966] math: [i386] exp10 missing underflows [18967] math: math.h XSI POSIX namespace (gamma, isnan, scalb) [18969] build: multiple string test failures due to missing locale dependencies [18970] libc: Reference of pthread_setcancelstate in libc.a [18977] math: float / long double Bessel functions not in XSI POSIX [18980] math: i386 libm functions return with excess range and precision [18981] math: i386 scalb*, ldexp return with excess range and precision [18982] stdio: va_list and vprintf [18985] time: Passing out of range data to strftime() causes a segfault (CVE-2015-8776) [19003] math: [x86_64] fma4 version of pow inappropriate contraction [19007] libc: FAIL: elf/check-localplt with -z now and binutils 2.26 [19012] locale: iconv_open leaks memory on error path [19016] math: clog, clog10 inaccuracy [19018] nptl: Mangle function pointers in tls_dtor_list [19032] math: [i386] acosh (-qNaN) spurious "invalid" exception [19046] math: ldbl-128 / ldbl-128ibm lgamma bad overflow handling [19048] malloc: malloc: arena free list can become cyclic, increasing contention [19049] math: [powerpc] erfc incorrect zero sign [19050] math: [powerpc] log* incorrect zero sign [19058] math: [x86_64] Link fail with -fopenmp and -flto [19059] math: nexttoward overflow incorrect in non-default rounding modes [19071] math: ldbl-96 lroundl incorrect just below powers of 2 [19074] network: Data race in _res_hconf_reorder_addrs [19076] math: [ldbl-128ibm] log1pl (-1) wrong sign of infinity [19077] math: [ldbl-128ibm] logl (1) incorrect sign of zero result [19078] math: [ldbl-128ibm] expl overflow incorrect in non-default rounding modes [19079] math: dbl-64/wordsize-64 lround based on llround incorrect for ILP32 [19085] math: ldbl-128 lrintl, lroundl missing exceptions for 32-bit long [19086] manual: posix_fallocate64 documented argument order is wrong. [19088] math: lround, llround missing exceptions close to overflow threshold [19094] math: lrint, llrint missing exceptions close to overflow threshold [19095] math: dbl-64 lrint incorrect for 64-bit long [19122] dynamic-link: Unnecessary PLT relocations in librtld.os [19124] dynamic-link: ld.so failed to build with older assmebler [19125] math: [powerpc32] llroundf, llround incorrect exceptions [19129] dynamic-link: [arm] Concurrent lazy TLSDESC resolution can crash [19134] math: [powerpc32] lround, lroundf spurious exceptions [19137] libc: i386/epoll_pwait.S doesn't support cancellation [19143] nptl: Remove CPU set size checking from sched_setaffinity, pthread_setaffinity_np [19156] math: [ldbl-128] j0l spurious underflows [19164] nptl: tst-getcpu fails with many possible CPUs [19168] math: math/test-ildoubl and math/test-ldouble failure [19174] nptl: PowerPC: TLE enabled pthread mutex performs poorly. [19178] dynamic-link: ELF_RTYPE_CLASS_EXTERN_PROTECTED_DATA confuses prelink [19181] math: [i386/x86_64] fesetenv (FE_DFL_ENV), fesetenv (FE_NOMASK_ENV) do not clear SSE exceptions [19182] malloc: malloc deadlock between ptmalloc_lock_all and _int_new_arena/reused_arena [19189] math: [ldbl-128] log1pl (-qNaN) spurious "invalid" exception [19201] math: dbl-64 remainder incorrect sign of zero result [19205] math: bits/math-finite.h conditions do not match math.h and bits/mathcalls.h [19209] math: bits/math-finite.h wrongly maps ldexp to scalbn [19211] math: lgamma functions do not set signgam for -ffinite-math-only for C99-based standards [19212] libc: features.h not -Wundef clean [19213] math: [i386/x86_64] log* (1) incorrect zero sign for -ffinite- math-only [19214] libc: Family and model identification for AMD CPU's are incorrect. [19219] libc: GLIBC build fails for ia64 with missing __nearbyintl [19228] math: [powerpc] nearbyint wrongly clears "inexact", leaves traps disabled [19235] math: [powerpc64] lround, lroundf, llround, llroundf spurious "inexact" exceptions [19238] math: [powerpc] round, roundf spurious "inexact" for integer arguments [19242] libc: strtol incorrect in Turkish locales [19243] malloc: reused_arena can pick an arena on the free list, leading to an assertion failure and reference count corruption [19253] time: tzset() ineffective when temporary TZ did not include DST rules [19266] math: strtod ("NAN(I)") incorrect in Turkish locales [19270] math: [hppa] Shared libm missing __isnanl [19285] libc: [hppa] sysdeps/unix/sysv/linux/hppa/bits/mman.h: missing MAP_HUGETLB and MAP_STACK defines [19313] nptl: Wrong __cpu_mask for x32 [19347] libc: grantpt: try to force a specific gid even without pt_chown [19349] math: [ldbl-128ibm] tanhl inaccurate for small arguments [19350] math: [ldbl-128ibm] sinhl spurious overflows [19351] math: [ldbl-128ibm] logl inaccurate near 1 [19363] time: x32: times() return value wrongly truncates/sign extends from 32bit [19367] dynamic-link: Improve branch prediction on Silvermont [19369] network: Default domain name not reset by res_ninit when "search" / "domain" entry is removed from resolv.conf [19375] math: powerpc: incorrect results for POWER7 logb with negative subnormals [19385] localedata: bg_BG: time separator should be colon, not comma [19408] libc: linux personality syscall wrapper may erroneously return an error on 32-bit architectures [19415] libc: dladdr returns wrong names on hppa [19432] libc: iconv rejects redundant escape sequences in IBM900, IBM903, IBM905, IBM907, and IBM909 [19439] math: Unix98 isinf and isnan functions conflict with C++11 [19443] build: build failures with -DDEBUG [19451] build: Make check fails on test-double-vlen2 [19462] libc: Glibc failed to build with -Os [19465] math: Wrong code with -Os [19466] time: time/tst-mktime2.c is compiled into an infinite loop with -Os [19467] string: Fast_Unaligned_Load needs to be enabled for Excavator core CPU's. [19475] libc: Glibc 2.22 doesn't build on sparc [PATCH] [19486] math: S390: Math tests fail with "Exception Inexact set". [19529] libc: [ARM]: FAIL: stdlib/tst-makecontext [19550] libc: [mips] mmap negative offset handling inconsistent with other architectures [19590] math: Fail to build shared objects that use libmvec.so functions. Contributors ============ This release was made possible by the contributions of many people. The maintainers are grateful to everyone who has contributed changes or bug reports. These include: Adhemerval Zanella Alan Modra Amit Pawar Andreas Schwab Andrew Bennett Andrew Senkevich Andrew Stubbs Anton Blanchard Arjun Shankar Arslanbek Astemirov Aurelien Jarno Brett Neumeier Carlos Eduardo Seo Carlos O'Donell Chris Metcalf Chung-Lin Tang Damyan Ivanov Daniel Marjamäki David Kastrup David Lamparter David S. Miller Dmitry V. Levin Egmont Koblinger Evert Flavio Cruz Florian Weimer Gabriel F. T. Gomes Geoffrey Thomas Gleb Fotengauer-Malinovskiy Gunnar Hjalmarsson H.J. Lu Helge Deller James Perkins John David Anglin Joseph Myers Justus Winter Khem Raj Ludovic Courtès Maciej W. Rozycki Manolis Ragkousis Marcin Kościelnicki Mark Wielaard Marko Myllynen Martin Sebor Maxim Ostapenko Mike FABIAN Mike Frysinger Namhyung Kim Ondrej Bilka Ondřej Bílka Paul E. Murphy Paul Eggert Paul Murphy Paul Pluzhnikov Petar Jovanovic Phil Blundell Rajalakshmi Srinivasaraghavan Rasmus Villemoes Richard Henderson Rob Wu Roland McGrath Samuel Thibault Siddhesh Poyarekar Stan Shebs Stefan Liebler Steve Ellcey Szabolcs Nagy Thomas Schwinge Torvald Riegel Tulio Magno Quites Machado Filho Vincent Bernat Wilco Dijkstra Zack Weinberg -
glibc-2.22
The GNU C Library ================= The GNU C Library version 2.22 is now available. The GNU C Library is used as *the* C library in the GNU system and in GNU/Linux systems, as well as many other systems that use Linux as the kernel. The GNU C Library is primarily designed to be a portable and high performance C library. It follows all relevant standards including ISO C11 and POSIX.1-2008. It is also internationalized and has one of the most complete internationalization interfaces known. The GNU C Library webpage is at http://www.gnu.org/software/libc/ Packages for the 2.22 release may be downloaded from: http://ftpmirror.gnu.org/libc/ http://ftp.gnu.org/gnu/libc/ The mirror list is at http://www.gnu.org/order/ftp.html NEWS for version 2.22 ===================== * The following bugs are resolved with this release: 438, 4719, 6544, 6792, 11216, 12836, 13028, 13064, 13151, 13152, 14094, 14292, 14841, 14906, 14958, 15319, 15467, 15790, 15969, 16159, 16339, 16350, 16351, 16352, 16353, 16361, 16512, 16526, 16538, 16559, 16560, 16704, 16783, 16850, 17053, 17090, 17195, 17269, 17293, 17322, 17403, 17475, 17523, 17542, 17569, 17581, 17588, 17596, 17620, 17621, 17628, 17631, 17692, 17711, 17715, 17776, 17779, 17792, 17833, 17836, 17841, 17912, 17916, 17930, 17932, 17944, 17949, 17964, 17965, 17967, 17969, 17977, 17978, 17987, 17991, 17996, 17998, 17999, 18007, 18019, 18020, 18029, 18030, 18032, 18034, 18036, 18038, 18039, 18042, 18043, 18046, 18047, 18049, 18068, 18080, 18093, 18100, 18104, 18110, 18111, 18116, 18125, 18128, 18134, 18138, 18185, 18196, 18197, 18206, 18210, 18211, 18217, 18219, 18220, 18221, 18234, 18244, 18245, 18247, 18287, 18319, 18324, 18333, 18346, 18371, 18383, 18397, 18400, 18409, 18410, 18412, 18418, 18422, 18434, 18444, 18457, 18468, 18469, 18470, 18479, 18483, 18495, 18496, 18497, 18498, 18502, 18507, 18508, 18512, 18513, 18519, 18520, 18522, 18527, 18528, 18529, 18530, 18532, 18533, 18534, 18536, 18539, 18540, 18542, 18544, 18545, 18546, 18547, 18549, 18553, 18557, 18558, 18569, 18583, 18585, 18586, 18592, 18593, 18594, 18602, 18612, 18613, 18619, 18633, 18641, 18643, 18648, 18657, 18676, 18694, 18696. * Cache information can be queried via sysconf() function on s390 e.g. with _SC_LEVEL1_ICACHE_SIZE as argument. * A buffer overflow in gethostbyname_r and related functions performing DNS requests has been fixed. If the NSS functions were called with a misaligned buffer, the buffer length change due to pointer alignment was not taken into account. This could result in application crashes or, potentially arbitrary code execution, using crafted, but syntactically valid DNS responses. (CVE-2015-1781) * The time zone file parser has been made more robust against crafted time zone files, avoiding heap buffer overflows related to the processing of the tzh_ttisstdcnt and tzh_ttisgmtcnt fields, and a stack overflow due to large time zone data files. Overly long time zone specifiers in the TZ variable no longer result in stack overflows and crashes. * A powerpc and powerpc64 optimization for TLS, similar to TLS descriptors for LD and GD on x86 and x86-64, has been implemented. You will need binutils-2.24 or later to enable this optimization. * Character encoding and ctype tables were updated to Unicode 7.0.0, using new generator scripts contributed by Pravin Satpute and Mike FABIAN (Red Hat). These updates cause user visible changes, such as the fix for bug 17998. * CVE-2014-8121 The NSS backends shared internal state between the getXXent and getXXbyYY NSS calls for the same database, causing a denial-of-service condition in some applications. * Added vector math library named libmvec with the following vectorized x86_64 implementations: cos, cosf, sin, sinf, sincos, sincosf, log, logf, exp, expf, pow, powf. The library can be disabled with --disable-mathvec. Use of the functions is enabled with -fopenmp -ffast-math starting from -O1 for GCC version >= 4.9.0. Shared library libmvec.so is linked in as needed when using -lm (no need to specify -lmvec explicitly for not static builds). Visit <https://sourceware.org/glibc/wiki/libmvec> for detailed information. * A new fmemopen implementation has been added with the goal of POSIX compliance. The new implementation fixes the following long-standing issues: BZ#6544, BZ#11216, BZ#12836, BZ#13151, BZ#13152, and BZ#14292. The old implementation is still present for use be by existing binaries. * The 32-bit sparc sigaction ABI was inadvertently broken in the 2.20 and 2.21 releases. It has been fixed to match 2.19 and older, but binaries built against 2.20 and 2.21 might need to be recompiled. See BZ#18694. * Port to Native Client running on ARMv7-A (--host=arm-nacl). Contributed by Roland McGrath (Google). Contributors ============ This release was made possible by the contributions of many people. The maintainers are grateful to everyone who has contributed changes or bug reports. These include: Adhemerval Zanella Alan Modra Alexandre Oliva Andreas Schwab Andrew Senkevich Andriy Rysin Arjun Shankar Aurelien Jarno Benno Schulenberg Brad Hubbard Carlos O'Donell Chris Metcalf Christian Schmidt Chung-Lin Tang Cong Wang Cyril Hrubis Daniel Marjamäki David S. Miller Dmitry V. Levin Eric Rannaud Evangelos Foutras Feng Gao Florian Weimer Gleb Fotengauer-Malinovskiy H.J. Lu Igor Zamyatin J William Piggott James Cowgill James Lemke John David Anglin Joseph Myers Kevin Easton Khem Raj Leonhard Holz Mark Wielaard Marko Myllynen Martin Galvan Martin Sebor Matthew Fortune Mel Gorman Mike Frysinger Miroslav Lichvar Nathan Lynch Ondřej Bílka Paul Eggert Paul Pluzhnikov Pavel Kopyl Pravin Satpute Rajalakshmi Srinivasaraghavan Rical Jasan Richard Henderson Roland McGrath Rüdiger Sonderfeld Samuel Thibault Siddhesh Poyarekar Stefan Liebler Steve Ellcey Szabolcs Nagy Torvald Riegel Tulio Magno Quites Machado Filho Vincent Bernat Wilco Dijkstra Yaakov Selkowitz Zack Weinberg -
glibc-2.21
The GNU C Library ================= The GNU C Library version 2.21 is now available. The GNU C Library is used as *the* C library in the GNU system and in GNU/Linux systems, as well as many other systems that use Linux as the kernel. The GNU C Library is primarily designed to be a portable and high performance C library. It follows all relevant standards including ISO C11 and POSIX.1-2008. It is also internationalized and has one of the most complete internationalization interfaces known. The GNU C Library webpage is at http://www.gnu.org/software/libc/ Packages for the 2.21 release may be downloaded from: http://ftpmirror.gnu.org/libc/ http://ftp.gnu.org/gnu/libc/ The mirror list is at http://www.gnu.org/order/ftp.html NEWS for version 2.21 ===================== * The following bugs are resolved with this release: 6652, 10672, 12674, 12847, 12926, 13862, 14132, 14138, 14171, 14498, 15215, 15378, 15884, 16009, 16418, 16191, 16469, 16576, 16617, 16618, 16619, 16657, 16740, 16857, 17192, 17266, 17273, 17344, 17363, 17370, 17371, 17411, 17460, 17475, 17485, 17501, 17506, 17508, 17522, 17555, 17570, 17571, 17572, 17573, 17574, 17582, 17583, 17584, 17585, 17589, 17594, 17601, 17608, 17616, 17625, 17630, 17633, 17634, 17635, 17647, 17653, 17657, 17658, 17664, 17665, 17668, 17682, 17702, 17717, 17719, 17722, 17723, 17724, 17725, 17732, 17733, 17744, 17745, 17746, 17747, 17748, 17775, 17777, 17780, 17781, 17782, 17791, 17793, 17796, 17797, 17801, 17803, 17806, 17834, 17844, 17848, 17868, 17869, 17870, 17885, 17892. * CVE-2015-1472 Under certain conditions wscanf can allocate too little memory for the to-be-scanned arguments and overflow the allocated buffer. The implementation now correctly computes the required buffer size when using malloc. * A new semaphore algorithm has been implemented in generic C code for all machines. Previous custom assembly implementations of semaphore were difficult to reason about or ensure that they were safe. The new version of semaphore supports machines with 64-bit or 32-bit atomic operations. The new semaphore algorithm is used by sem_init, sem_open, sem_post, sem_wait, sem_timedwait, sem_trywait, and sem_getvalue. * Port to Altera Nios II has been contributed by Mentor Graphics. * Optimized strcpy, stpcpy, strncpy, stpncpy, strcmp, and strncmp implementations for powerpc64/powerpc64le. Implemented by Adhemerval Zanella (IBM). * Added support for TSX lock elision of pthread mutexes on powerpc32, powerpc64 and powerpc64le. This may improve lock scaling of existing programs on HTM capable systems. The lock elision code is only enabled with --enable-lock-elision=yes. Also, the TSX lock elision implementation for powerpc will issue a transaction abort on every syscall to avoid side effects being visible outside transactions. * Optimized strcpy, stpcpy, strchrnul and strrchr implementations for AArch64. Contributed by ARM Ltd. * i386 memcpy functions optimized with SSE2 unaligned load/store. * CVE-2104-7817 The wordexp function could ignore the WRDE_NOCMD flag under certain input conditions resulting in the execution of a shell for command substitution when the applicaiton did not request it. The implementation now checks WRDE_NOCMD immediately before executing the shell and returns the error WRDE_CMDSUB as expected. * CVE-2012-3406 printf-style functions could run into a stack overflow when processing format strings with a large number of format specifiers. * CVE-2014-9402 The nss_dns implementation of getnetbyname could run into an infinite loop if the DNS response contained a PTR record of an unexpected format. * The minimum GCC version that can be used to build this version of the GNU C Library is GCC 4.6. Older GCC versions, and non-GNU compilers, can still be used to compile programs using the GNU C Library. * The GNU C Library is now built with -Werror by default. This can be disabled by configuring with --disable-werror. * New locales: tu_IN, bh_IN, raj_IN, ce_RU. * The obsolete sigvec function has been removed. This was the original 4.2BSD interface that inspired the POSIX.1 sigaction interface, which programs have been using instead for about 25 years. Of course, ABI compatibility for old binaries using sigvec remains intact. * Merged gettext 0.19.3 into the intl subdirectory. This fixes building with newer versions of bison. * Support for MIPS o32 FPXX, FP64A and FP64 ABI Extensions. The original MIPS o32 hard-float ABI requires an FPU where double-precision registers overlay two consecutive single-precision registers. MIPS32R2 introduced a new FPU mode (FR=1) where double-precision registers extend the corresponding single-precision registers which is incompatible with the o32 hard-float ABI. The MIPS SIMD ASE and the MIPSR6 architecture both require the use of FR=1 making a transition necessary. New o32 ABI extensions enable users to migrate over time from the original o32 ABI through to the updated o32 FP64 ABI. To achieve this the dynamic linker now tracks the ABI of any loaded object and verifies that new objects are compatible. Mode transitions will also be requested as required and unsupportable objects will be rejected. The ABI checks include both soft and hard float ABIs for o32, n32 and n64. GCC 5 with GNU binutils 2.25 onwards: It is strongly recommended that all o32 system libraries are built using the new o32 FPXX ABI (-mfpxx) to facilitate the transition as this is compatible with the original and all new o32 ABI extensions. Configure a MIPS GCC compiler using --with-fp-32=xx to set this by default. Contributors ============ This release was made possible by the contributions of many people. The maintainers are grateful to everyone who has contributed changes or bug reports. These include: Adhemerval Zanella Alan Hayward Alexandre Oliva Allan McRae Anders Kaseorg Andreas Krebbel Andreas Schwab Andrew Pinski Andrew Senkevich Anton Blanchard Arjun Shankar Aurelien Jarno Bram Brooks Moses Carlos O'Donell Chris Metcalf Chung-Lin Tang David Holsgrove David S. Miller Eric Biggers Florian Weimer Gratian Crisan H.J. Lu J. Brown James Lemke Jeff Law Jose E. Marchesi Joseph Myers Kaz Kojima Kostya Serebryany Leonhard Holz Ma Shimiao Maciej W. Rozycki Marcus Shawcroft Marek Polacek Martin Sebor Matthew Fortune Mike Frysinger Ondřej Bílka Paul Eggert Paul Pluzhnikov Petar Jovanovic Pravin Satpute Rajalakshmi Srinivasaraghavan Rasmus Villemoes Renlin Li Richard Earnshaw Richard Henderson Roland McGrath Ryan Cumming Samuel Thibault Siddhesh Poyarekar Stefan Liebler Steve Ellcey Tatiana Udalova Tim Lammens Tom de Vries Torvald Riegel Vladimir A. Nazarenko Wilco Dijkstra Will Newton -
glibc-2.20
The GNU C Library ================= The GNU C Library version 2.20 is now available. The GNU C Library is used as *the* C library in the GNU systems and is widely used on systems with the Linux kernel. The GNU C Library is primarily designed to be a portable and high performance C library. It follows all relevant standards including ISO C11 and POSIX.1-2008. It is also internationalized and has one of the most complete internationalization interfaces known. The GNU C Library webpage is at http://www.gnu.org/software/libc/ Packages for the 2.20 release may be downloaded from: http://ftpmirror.gnu.org/libc/ http://ftp.gnu.org/gnu/libc/ The mirror list is at http://www.gnu.org/order/ftp.html NEWS for version 2.20 ==================== * The following bugs are resolved with this release: 6804, 9894, 12994, 13347, 13651, 14308, 14770, 15119, 15132, 15347, 15514, 15698, 15804, 15894, 15946, 16002, 16064, 16095, 16194, 16198, 16275, 16284, 16287, 16315, 16348, 16349, 16354, 16357, 16362, 16447, 16516, 16532, 16539, 16545, 16561, 16562, 16564, 16574, 16599, 16600, 16609, 16610, 16611, 16613, 16619, 16623, 16629, 16632, 16634, 16639, 16642, 16648, 16649, 16670, 16674, 16677, 16680, 16681, 16683, 16689, 16695, 16701, 16706, 16707, 16712, 16713, 16714, 16724, 16731, 16739, 16740, 16743, 16754, 16758, 16759, 16760, 16770, 16786, 16789, 16791, 16796, 16799, 16800, 16815, 16823, 16824, 16831, 16838, 16839, 16849, 16854, 16876, 16877, 16878, 16882, 16885, 16888, 16890, 16892, 16912, 16915, 16916, 16917, 16918, 16922, 16927, 16928, 16932, 16943, 16958, 16965, 16966, 16967, 16977, 16978, 16984, 16990, 16996, 17009, 17022, 17031, 17042, 17048, 17050, 17058, 17061, 17062, 17069, 17075, 17078, 17079, 17084, 17086, 17088, 17092, 17097, 17125, 17135, 17137, 17150, 17153, 17187, 17213, 17259, 17261, 17262, 17263, 17319, 17325, 17354. * Reverted change of ABI data structures for s390 and s390x: On s390 and s390x the size of struct ucontext and jmp_buf was increased in 2.19. This change is reverted in 2.20. The introduced 2.19 symbol versions of getcontext, setjmp, _setjmp, __sigsetjmp, longjmp, _longjmp, siglongjmp are preserved pointing straight to the same implementation as the old ones. Given that, new callers will simply provide a too-big buffer to these functions. Any applications/libraries out there that embed jmp_buf or ucontext_t in an ABI-relevant data structure that have already been rebuilt against 2.19 headers will have to rebuilt again. This is necessary in any case to revert the breakage in their ABI caused by the glibc change. * Support for file description locks is added to systems running the Linux kernel. The standard file locking interfaces are extended to operate on file descriptions, not file descriptors, via the use of F_OFD_GETLK, F_OFD_SETLK, and F_OFD_SETLKW. File description locks are associated with an open file instead of a process. * Optimized strchr implementation for AArch64. Contributed by ARM Ltd. * The minimum Linux kernel version that this version of the GNU C Library can be used with is 2.6.32. * Running the testsuite no longer terminates as soon as a test fails. Instead, a file tests.sum (xtests.sum from "make xcheck") is generated, with PASS or FAIL lines for individual tests. A summary of the results is printed, including a list of failing lists, and "make check" exits with error status if there were any unexpected failures. "make check stop-on-test-failure=y" may be used to keep the old behavior. * The am33 port, which had not worked for several years, has been removed from ports. * The _BSD_SOURCE and _SVID_SOURCE feature test macros are no longer supported; they now act the same as _DEFAULT_SOURCE (but generate a warning). Except for cases where _BSD_SOURCE enabled BSD interfaces that conflicted with POSIX (support for which was removed in 2.19), the interfaces those macros enabled remain available when compiling with _GNU_SOURCE defined, with _DEFAULT_SOURCE defined, or without any feature test macros defined. * Optimized strcmp implementation for ARMv7. Contributed by ARM Ltd. * Added support for TX lock elision of pthread mutexes on s390 and s390x. This may improve lock scaling of existing programs on TX capable systems. The lock elision code is only built with --enable-lock-elision=yes and then requires a GCC version supporting the TX builtins. With lock elision default mutexes are elided via __builtin_tbegin, if the cpu supports transactions. By default lock elision is not enabled and the elision code is not built. * CVE-2014-4043 The posix_spawn_file_actions_addopen implementation did not copy the path argument. This allowed programs to cause posix_spawn to deference a dangling pointer, or use an unexpected pathname argument if the string was modified after the posix_spawn_file_actions_addopen invocation. * All supported architectures now use the main glibc sysdeps directory instead of some being in a separate "ports" directory (which was distributed separately before glibc 2.17). * The NPTL implementation of POSIX pthreads is no longer an "add-on". On configurations that support it (all Linux configurations), it's now used regardless of the --enable-add-ons switch to configure. It is no longer possible to build such configurations without pthreads support. * Locale names, including those obtained from environment variables (LANG and the LC_* variables), are more tightly checked for proper syntax. setlocale will now fail (with EINVAL) for locale names that are overly long, contain slashes without starting with a slash, or contain ".." path components. (CVE-2014-0475) Previously, some valid locale names were silently replaced with the "C" locale when running in AT_SECURE mode (e.g., in a SUID program). This is no longer necessary because of the additional checks. * On x86-64, the dynamic linker's lazy-binding support is now compatible with application code using Intel MPX instructions. (With all previous versions, the MPX register state could be clobbered when making calls into or out of a shared library.) Note that while the new dynamic linker is compatible with all known x86 hardware whether or not it supports Intel MPX, some x86 instruction-set emulators might fail to handle the new instruction encodings. This is known to affect Valgrind versions up through 3.9 (but will be fixed in the forthcoming 3.10 release), and might affect other tools that do instruction emulation. * Support for loadable gconv transliteration modules has been removed. The support for transliteration modules has been non-functional for over a decade, and the removal is prompted by security defects. The normal gconv conversion modules are still supported. Transliteration with //TRANSLIT is still possible, and the //IGNORE specifier continues to be supported. (CVE-2014-5119) * Decoding a crafted input sequence in the character sets IBM933, IBM935, IBM937, IBM939, IBM1364 could result in an out-of-bounds array read, resulting a denial-of-service security vulnerability in applications which use functions related to iconv. (CVE-2014-6040) Contributors ============ This release was made possible by the contributions of many people. The maintainers are grateful to everyone who has contributed changes or bug reports. These include: Adam Conrad Adhemerval Zanella Alan Modra Allan McRae Andi Kleen Andreas Krebbel Andreas Schwab Arjun Shankar Aurelien Jarno Bernard Ogden Carlos O'Donell Chris Metcalf David Holsgrove David S. Miller David Svoboda Dominik Vogt Dylan Alex Simon Eric Wong Florian Weimer Guo Yixuan H.J. Lu Ian Bolton Igor Zamyatin Jeff Layton Jim Meyering Joey Ye Jose E. Marchesi Joseph Anthony Pasquale Holsten Joseph Myers Julian Brown Khem Raj Konstantin Serebryany Kyle McMartin Ling Ma Ludovic Courtès Maciej W. Rozycki Marcus Shawcroft Mark Wielaard Marko Myllynen Meador Inge Mike Frysinger Ondřej Bílka Paul Eggert Paul Pluzhnikov Peter TB Brett Rajalakshmi Srinivasaraghavan Rasmus Villemoes Richard Earnshaw Richard Henderson Roland McGrath Sami Kerola Samuel Thibault Sean Anderson Serge Hallyn Siddhesh Poyarekar Sihai Yao Stefan Liebler Steve Ellcey Tomas Dohnalek Torvald Riegel Venkataramanan Kumar Vidya Ranganathan Wilco Wilco Dijkstra Will Newton Yang Yingliang Yufeng Zhang Yury Gribov Yvan Roux