The GNU C Library version 2.40 is now available The GNU C Library ================= The GNU C Library version 2.40 is now available. The GNU C Library is used as *the* C library in the GNU system and in GNU/Linux systems, as well as many other systems that use Linux as the kernel. The GNU C Library is primarily designed to be a portable and high performance C library. It follows all relevant standards including ISO C11 and POSIX.1-2017. It is also internationalized and has one of the most complete internationalization interfaces known. The GNU C Library webpage is at http://www.gnu.org/software/libc/ Packages for the 2.40 release may be downloaded from: http://ftpmirror.gnu.org/libc/ http://ftp.gnu.org/gnu/libc/ The mirror list is at http://www.gnu.org/order/ftp.html Distributions are encouraged to track the release/* branches corresponding to the releases they are using. The release branches will be updated with conservative bug fixes and new features while retaining backwards compatibility. NEWS for version 2.40 ===================== Major new features: * The <stdbit.h> header type-generic macros have been changed when using GCC 14.1 or later to use __builtin_stdc_bit_ceil etc. built-in functions in order to support unsigned __int128 and/or unsigned _BitInt(N) operands with arbitrary precisions when supported by the target. * The GNU C Library now supports a feature test macro _ISOC23_SOURCE to enable features from the ISO C23 standard. Only some features from this standard are supported by the GNU C Library. The older name _ISOC2X_SOURCE is still supported. Features from C23 are also enabled by _GNU_SOURCE, or by compiling with the GCC options -std=c23, -std=gnu23, -std=c2x or -std=gnu2x. * The following ISO C23 function families (introduced in TS 18661-4:2015) are now supported in <math.h>. Each family includes functions for float, double, long double, _FloatN and _FloatNx, and a type-generic macro in <tgmath.h>. - Exponential functions: exp2m1, exp10m1. - Logarithmic functions: log2p1, log10p1, logp1. * A new tunable, glibc.rtld.enable_secure, can be used to run a program as if it were a setuid process. This is currently a testing tool to allow more extensive verification tests for AT_SECURE programs and not meant to be a security feature. * On Linux, the epoll header was updated to include epoll ioctl definitions and the related structure added in Linux kernel 6.9. * The fortify functionality has been significantly enhanced for building programs with clang against the GNU C Library. * Many functions have been added to the vector library for aarch64: acosh, asinh, atanh, cbrt, cosh, erf, erfc, hypot, pow, sinh, tanh * On x86, memset can now use non-temporal stores to improve the performance of large writes. This behaviour is controlled by a new tunable x86_memset_non_temporal_threshold. Deprecated and removed features, and other changes affecting compatibility: * Architectures which use a 32-bit seconds-since-epoch field in struct lastlog, struct utmp, struct utmpx (such as i386, powerpc64le, rv32, rv64, x86-64) switched from a signed to an unsigned type for that field. This allows these fields to store timestamps beyond the year 2038, until the year 2106. Please note that applications are still expected to migrate off the interfaces declared in <utmp.h> and <utmpx.h> (except for login_tty) due to locking and session management problems. * __rseq_size now denotes the size of the active rseq area (20 bytes initially), not the size of struct rseq (32 bytes initially). Security related changes: The following CVEs were fixed in this release, details of which can be found in the advisories directory of the release tarball: GLIBC-SA-2024-0004: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961) GLIBC-SA-2024-0005: nscd: Stack-based buffer overflow in netgroup cache (CVE-2024-33599) GLIBC-SA-2024-0006: nscd: Null pointer crash after notfound response (CVE-2024-33600) GLIBC-SA-2024-0007: nscd: netgroup cache may terminate daemon on memory allocation failure (CVE-2024-33601) GLIBC-SA-2024-0008: nscd: netgroup cache assumes NSS callback uses in-buffer strings (CVE-2024-33602) The following bugs were resolved with this release: [19622] network: Support aliasing with struct sockaddr [21271] localedata: cv_RU: update translations [23774] localedata: lv_LV collates Y/y incorrectly [23865] string: wcsstr is quadratic-time [25119] localedata: Change Czech weekday names to lowercase [27777] stdio: fclose does a linear search, takes ages when many FILE* are opened [29770] libc: prctl does not match manual page ABI on powerpc64le- linux-gnu [29845] localedata: Update hr_HR locale currency to € [30701] time: getutxent misbehaves on 32-bit x86 when _TIME_BITS=64 [31316] build: Fails test misc/tst-dirname "Didn't expect signal from child: got `Illegal instruction'" on non SSE CPUs [31317] dynamic-link: [RISCV] static PIE crashes during self relocation [31325] libc: mips: clone3 is wrong for o32 [31335] math: Compile glibc with -march=x86-64-v3 should disable FMA4 multi-arch version [31339] libc: arm32 loader crash after cleanup in 2.36 [31340] manual: A bad sentence in section 22.3.5 (resource.texi) [31357] dynamic-link: $(objpfx)tst-rtld-list-diagnostics.out rule doesn't work with test wrapper [31370] localedata: wcwidth() does not treat DEFAULT_IGNORABLE_CODE_POINTs as zero-width [31371] dynamic-link: x86-64: APX and Tile registers aren't preserved in ld.so trampoline [31372] dynamic-link: _dl_tlsdesc_dynamic doesn't preserve all caller- saved registers [31383] libc: _FORTIFY_SOURCE=3 and __fortified_attr_access vs size of 0 and zero size types [31385] build: sort-makefile-lines.py doesn't check variable with _ nor with "^# variable" [31402] libc: clone (NULL, NULL, ...) clobbers %r7 register on s390{,x} [31405] libc: Improve dl_iterate_phdr using _dl_find_object [31411] localedata: Add Latgalian locale [31412] build: GCC 6 failed to build i386 glibc on Fedora 39 [31429] build: Glibc failed to build with -march=x86-64-v3 [31468] libc: sigisemptyset returns true when the set contains signals larger than 34 [31476] network: Automatic activation of single-request options break resolv.conf reloading [31479] libc: Missing #include <sys/rseq.h> in sched_getcpu.c may result in a loss of rseq acceleration [31501] dynamic-link: _dl_tlsdesc_dynamic_xsavec may clobber %rbx [31518] manual: documentation: FLT_MAX_10_EXP questionable text, evtl. wrong, [31530] localedata: Locale file for Moksha - mdf_RU [31553] malloc: elf/tst-decorate-maps fails on ppc64el [31596] libc: On the llvm-arm32 platform, dlopen("not_exist.so", -1) triggers segmentation fault [31600] math: math: x86 ceill traps when FE_INEXACT is enabled [31601] math: math: x86 floor traps when FE_INEXACT is enabled [31603] math: math: x86 trunc traps when FE_INEXACT is enabled [31612] libc: arc4random fails to fallback to /dev/urandom if getrandom is not present [31629] build: powerpc64: Configuring with "--with-cpu=power10" and 'CFLAGS=-O2 -mcpu=power9' fails to build glibc [31640] dynamic-link: POWER10 ld.so crashes in elf_machine_load_address with GCC 14 [31661] libc: NPROCESSORS_CONF and NPROCESSORS_ONLN not available in getconf [31676] dynamic-link: Configuring with CC="gcc -march=x86-64-v3" --with-rtld-early-cflags=-march=x86-64 results in linker failure [31677] nscd: nscd: netgroup cache: invalid memcpy under low memory/storage conditions [31678] nscd: nscd: Null pointer dereferences after failed netgroup cache insertion [31679] nscd: nscd: netgroup cache may terminate daemon on memory allocation failure [31680] nscd: nscd: netgroup cache assumes NSS callback uses in-buffer strings [31682] math: [PowerPC] Floating point exception error for math test test-ceil-except-2 test-floor-except-2 test-trunc-except-2 [31686] dynamic-link: Stack-based buffer overflow in parse_tunables_string [31695] libc: pidfd_spawn/pidfd_spawnp leak an fd if clone3 succeeds but execve fails [31719] dynamic-link: --enable-hardcoded-path-in-tests doesn't work with -Wl,--enable-new-dtags [31730] libc: backtrace_symbols_fd prints different strings than backtrace_symbols returns [31753] build: FAIL: link-static-libc with GCC 6/7/8 [31755] libc: procutils_read_file doesn't start with a leading underscore [31756] libc: write_profiling is only in libc.a [31757] build: Should XXXf128_do_not_use functions be excluded? [31759] math: Extra nearbyint symbols in libm.a [31760] math: Missing math functions [31764] build: _res_opcodes should be a compat symbol only [31765] dynamic-link: _dl_mcount_wrapper is exported without prototype [31766] stdio: _IO_stderr_ _IO_stdin_ _IO_stdout should be compat symbols [31768] string: Extra stpncpy symbol in libc.a [31770] libc: clone3 is in libc.a [31774] libc: Missing __isnanf128 in libc.a [31775] math: Missing exp10 exp10f32x exp10f64 fmod fmodf fmodf32 fmodf32x fmodf64 in libm.a [31777] string: Extra memchr strlen symbols in libc.a [31781] math: Missing math functions in libm.a [31782] build: Test build failure with recent GCC trunk (x86/tst-cpu- features-supports.c:69:3: error: parameter to builtin not valid: avx5124fmaps) [31785] string: loongarch: Extra strnlen symbols in libc.a [31786] string: powerpc: Extra strchrnul and strncasecmp_l symbols in libc.a [31787] math: powerpc: Extra llrintf, llrintf, llrintf32, and llrintf32 symbols in libc.a [31788] libc: microblaze: Extra cacheflush symbol in libc.a [31789] libc: powerpc: Extra versionsort symbol in libc.a [31790] libc: s390: Extra getutent32, getutent32_r, getutid32, getutid32_r, getutline32, getutline32_r, getutmp32, getutmpx32, getutxent32, getutxid32, getutxline32, pututline32, pututxline32, updwtmp32, updwtmpx32 in libc.a [31797] build: g++ -static requirement should be able to opt-out [31798] libc: pidfd_getpid.c is miscompiled by GCC 6.4 [31802] time: difftime is pure not const [31808] time: The supported time_t range is not documented. [31840] stdio: Memory leak in _IO_new_fdopen (fdopen) on seek failure [31867] build: "CPU ISA level is lower than required" on SSE2-free CPUs [31876] time: "Date and time" documentation fixes for POSIX.1-2024 etc [31883] build: ISA level support configure check relies on bashism / is otherwise broken for arithmetic [31892] build: Always install mtrace. [31917] libc: clang mq_open fortify wrapper does not handle 4 argument correctly [31927] libc: clang open fortify wrapper does not handle argument correctly [31931] time: tzset may fault on very short TZ string [31934] string: wcsncmp crash on s390x on vlbb instruction [31963] stdio: Crash in _IO_link_in within __gcov_exit [31965] dynamic-link: rseq extension mechanism does not work as intended [31980] build: elf/tst-tunables-enable_secure-env fails on ppc Release Notes ============= https://sourceware.org/glibc/wiki/Release/2.40 Contributors ============ This release was made possible by the contributions of many people. The maintainers are grateful to everyone who has contributed changes or bug reports. These include: Adam Sampson Adhemerval Zanella Alejandro Colomar Alexandre Ferrieux Amrita H S Andreas K. Hüttel Andreas Schwab Andrew Pinski Askar Safin Aurelien Jarno Avinal Kumar Carlos Llamas Carlos O'Donell Charles Fol Christoph Müllner DJ Delorie Daniel Cederman Darius Rad David Paleino Dragan Stanojević (Nevidljivi) Evan Green Fangrui Song Flavio Cruz Florian Weimer Gabi Falk H.J. Lu Jakub Jelinek Jan Kurik Joe Damato Joe Ramsay Joe Simmons-Talbott Joe Talbott John David Anglin Joseph Myers Jules Bertholet Julian Zhu Junxian Zhu Konstantin Kharlamov Luca Boccassi Maciej W. Rozycki Manjunath Matti Mark Wielaard MayShao-oc Meng Qinggang Michael Jeanson Michel Lind Mike FABIAN Mohamed Akram Noah Goldstein Palmer Dabbelt Paul Eggert Philip Kaludercic Samuel Dobron Samuel Thibault Sayan Paul Sergey Bugaev Sergey Kolosov Siddhesh Poyarekar Simon Chopin Stafford Horne Stefan Liebler Sunil K Pandey Szabolcs Nagy Wilco Dijkstra Xi Ruoyao Xin Wang Yinyu Cai YunQiang Su We would like to call out the following and thank them for their tireless patch review: Adhemerval Zanella Alejandro Colomar Andreas K. Hüttel Arjun Shankar Aurelien Jarno Bruno Haible Carlos O'Donell DJ Delorie Dmitry V. Levin Evan Green Fangrui Song Florian Weimer H.J. Lu Jonathan Wakely Joseph Myers Mathieu Desnoyers Maxim Kuvyrkov Michael Jeanson Noah Goldstein Palmer Dabbelt Paul Eggert Paul E. Murphy Peter Bergner Philippe Mathieu-Daudé Sam James Siddhesh Poyarekar Simon Chopin Stefan Liebler Sunil K Pandey Szabolcs Nagy Xi Ruoyao Zack Weinberg -- Andreas K. Hüttel dilfridge@gentoo.org Gentoo Linux developer (council, toolchain, base-system, perl, releng) https://wiki.gentoo.org/wiki/User:Dilfridge https://www.akhuettel.de/