Skip to content

Tags

Tags give the ability to mark specific points in history as being important
  • glibc-2.40.9000
    Open master branch for glibc 2.41 development
    
  • glibc-2.40
    3d1aed87 · Add ChangeLog file ·
    The GNU C Library version 2.40 is now available
    
    The GNU C Library
    =================
    
    The GNU C Library version 2.40 is now available.
    
    The GNU C Library is used as *the* C library in the GNU system and
    in GNU/Linux systems, as well as many other systems that use Linux
    as the kernel.
    
    The GNU C Library is primarily designed to be a portable
    and high performance C library.  It follows all relevant
    standards including ISO C11 and POSIX.1-2017.  It is also
    internationalized and has one of the most complete
    internationalization interfaces known.
    
    The GNU C Library webpage is at http://www.gnu.org/software/libc/
    
    Packages for the 2.40 release may be downloaded from:
            http://ftpmirror.gnu.org/libc/
            http://ftp.gnu.org/gnu/libc/
    
    The mirror list is at http://www.gnu.org/order/ftp.html
    
    Distributions are encouraged to track the release/* branches
    corresponding to the releases they are using.  The release
    branches will be updated with conservative bug fixes and new
    features while retaining backwards compatibility.
    
    NEWS for version 2.40
    =====================
    
    Major new features:
    
    * The <stdbit.h> header type-generic macros have been changed when using
      GCC 14.1 or later to use __builtin_stdc_bit_ceil etc. built-in functions
      in order to support unsigned __int128 and/or unsigned _BitInt(N) operands
      with arbitrary precisions when supported by the target.
    
    * The GNU C Library now supports a feature test macro _ISOC23_SOURCE to
      enable features from the ISO C23 standard.  Only some features from
      this standard are supported by the GNU C Library.  The older name
      _ISOC2X_SOURCE is still supported.  Features from C23 are also enabled
      by _GNU_SOURCE, or by compiling with the GCC options -std=c23,
      -std=gnu23, -std=c2x or -std=gnu2x.
    
    * The following ISO C23 function families (introduced in TS
      18661-4:2015) are now supported in <math.h>.  Each family includes
      functions for float, double, long double, _FloatN and _FloatNx, and a
      type-generic macro in <tgmath.h>.
    
      - Exponential functions: exp2m1, exp10m1.
    
      - Logarithmic functions: log2p1, log10p1, logp1.
    
    * A new tunable, glibc.rtld.enable_secure, can be used to run a program
      as if it were a setuid process. This is currently a testing tool to allow
      more extensive verification tests for AT_SECURE programs and not meant to
      be a security feature.
    
    * On Linux, the epoll header was updated to include epoll ioctl definitions
      and the related structure added in Linux kernel 6.9.
    
    * The fortify functionality has been significantly enhanced for building
      programs with clang against the GNU C Library.
    
    * Many functions have been added to the vector library for aarch64:
        acosh, asinh, atanh, cbrt, cosh, erf, erfc, hypot, pow, sinh, tanh
    
    * On x86, memset can now use non-temporal stores to improve the performance
      of large writes. This behaviour is controlled by a new tunable
      x86_memset_non_temporal_threshold.
    
    Deprecated and removed features, and other changes affecting compatibility:
    
    * Architectures which use a 32-bit seconds-since-epoch field in struct
      lastlog, struct utmp, struct utmpx (such as i386, powerpc64le, rv32,
      rv64, x86-64) switched from a signed to an unsigned type for that
      field.  This allows these fields to store timestamps beyond the year
      2038, until the year 2106.  Please note that applications are still
      expected to migrate off the interfaces declared in <utmp.h> and
      <utmpx.h> (except for login_tty) due to locking and session management
      problems.
    
    * __rseq_size now denotes the size of the active rseq area (20 bytes
      initially), not the size of struct rseq (32 bytes initially).
    
    Security related changes:
    
    The following CVEs were fixed in this release, details of which can be
    found in the advisories directory of the release tarball:
    
      GLIBC-SA-2024-0004:
        ISO-2022-CN-EXT: fix out-of-bound writes when writing escape
        sequence (CVE-2024-2961)
    
      GLIBC-SA-2024-0005:
        nscd: Stack-based buffer overflow in netgroup cache (CVE-2024-33599)
    
      GLIBC-SA-2024-0006:
        nscd: Null pointer crash after notfound response (CVE-2024-33600)
    
      GLIBC-SA-2024-0007:
        nscd: netgroup cache may terminate daemon on memory allocation
        failure (CVE-2024-33601)
    
      GLIBC-SA-2024-0008:
        nscd: netgroup cache assumes NSS callback uses in-buffer strings
        (CVE-2024-33602)
    
    The following bugs were resolved with this release:
    
      [19622] network: Support aliasing with struct sockaddr
      [21271] localedata: cv_RU: update translations
      [23774] localedata: lv_LV collates Y/y incorrectly
      [23865] string: wcsstr is quadratic-time
      [25119] localedata: Change Czech weekday names to lowercase
      [27777] stdio: fclose does a linear search, takes ages when many FILE*
        are opened
      [29770] libc: prctl does not match manual page ABI on powerpc64le-
        linux-gnu
      [29845] localedata: Update hr_HR locale currency to €
      [30701] time: getutxent misbehaves on 32-bit x86 when _TIME_BITS=64
      [31316] build: Fails test misc/tst-dirname "Didn't expect signal from
        child: got `Illegal instruction'" on non SSE CPUs
      [31317] dynamic-link: [RISCV] static PIE crashes during self
        relocation
      [31325] libc: mips: clone3 is wrong for o32
      [31335] math: Compile glibc with -march=x86-64-v3 should disable FMA4
        multi-arch version
      [31339] libc: arm32 loader crash after cleanup in 2.36
      [31340] manual: A bad sentence in section 22.3.5 (resource.texi)
      [31357] dynamic-link: $(objpfx)tst-rtld-list-diagnostics.out rule
        doesn't work with test wrapper
      [31370] localedata: wcwidth() does not treat
        DEFAULT_IGNORABLE_CODE_POINTs as zero-width
      [31371] dynamic-link: x86-64: APX and Tile registers aren't preserved
        in ld.so trampoline
      [31372] dynamic-link: _dl_tlsdesc_dynamic doesn't preserve all caller-
        saved registers
      [31383] libc: _FORTIFY_SOURCE=3 and __fortified_attr_access vs size of
        0 and zero size types
      [31385] build: sort-makefile-lines.py doesn't check variable with _
        nor with "^# variable"
      [31402] libc: clone (NULL, NULL, ...) clobbers %r7 register on
        s390{,x}
      [31405] libc: Improve dl_iterate_phdr using _dl_find_object
      [31411] localedata: Add Latgalian locale
      [31412] build: GCC 6 failed to build i386 glibc on Fedora 39
      [31429] build: Glibc failed to build with -march=x86-64-v3
      [31468] libc: sigisemptyset returns true when the set contains signals
        larger than 34
      [31476] network: Automatic activation of single-request options break
        resolv.conf reloading
      [31479] libc: Missing #include <sys/rseq.h> in sched_getcpu.c may
        result in a loss of rseq acceleration
      [31501] dynamic-link: _dl_tlsdesc_dynamic_xsavec may clobber %rbx
      [31518] manual: documentation: FLT_MAX_10_EXP questionable text, evtl.
        wrong,
      [31530] localedata: Locale file for Moksha - mdf_RU
      [31553] malloc: elf/tst-decorate-maps fails on ppc64el
      [31596] libc: On the llvm-arm32 platform, dlopen("not_exist.so", -1)
        triggers segmentation fault
      [31600] math: math: x86 ceill traps when FE_INEXACT is enabled
      [31601] math: math: x86 floor traps when FE_INEXACT is enabled
      [31603] math: math: x86 trunc traps when FE_INEXACT is enabled
      [31612] libc: arc4random fails to fallback to /dev/urandom if
        getrandom is not present
      [31629] build: powerpc64: Configuring with "--with-cpu=power10" and
        'CFLAGS=-O2 -mcpu=power9' fails to build glibc
      [31640] dynamic-link: POWER10 ld.so crashes in
        elf_machine_load_address with GCC 14
      [31661] libc: NPROCESSORS_CONF and NPROCESSORS_ONLN not available in
        getconf
      [31676] dynamic-link: Configuring with CC="gcc -march=x86-64-v3"
        --with-rtld-early-cflags=-march=x86-64 results in linker failure
      [31677] nscd: nscd: netgroup cache: invalid memcpy under low
        memory/storage conditions
      [31678] nscd: nscd: Null pointer dereferences after failed netgroup
        cache insertion
      [31679] nscd: nscd: netgroup cache may terminate daemon on memory
        allocation failure
      [31680] nscd: nscd: netgroup cache assumes NSS callback uses in-buffer
        strings
      [31682] math: [PowerPC] Floating point exception error for math test
        test-ceil-except-2 test-floor-except-2 test-trunc-except-2
      [31686] dynamic-link: Stack-based buffer overflow in
        parse_tunables_string
      [31695] libc: pidfd_spawn/pidfd_spawnp leak an fd if clone3 succeeds
        but execve fails
      [31719] dynamic-link: --enable-hardcoded-path-in-tests doesn't work
        with -Wl,--enable-new-dtags
      [31730] libc: backtrace_symbols_fd prints different strings than
        backtrace_symbols returns
      [31753] build: FAIL: link-static-libc with GCC 6/7/8
      [31755] libc: procutils_read_file doesn't start with a leading
        underscore
      [31756] libc: write_profiling is only in libc.a
      [31757] build: Should XXXf128_do_not_use functions be excluded?
      [31759] math: Extra nearbyint symbols in libm.a
      [31760] math: Missing math functions
      [31764] build: _res_opcodes should be a compat symbol only
      [31765] dynamic-link: _dl_mcount_wrapper is exported without prototype
      [31766] stdio: _IO_stderr_ _IO_stdin_ _IO_stdout should be compat
        symbols
      [31768] string: Extra stpncpy symbol in libc.a
      [31770] libc: clone3 is in libc.a
      [31774] libc: Missing __isnanf128 in libc.a
      [31775] math: Missing exp10 exp10f32x exp10f64 fmod fmodf fmodf32
        fmodf32x fmodf64 in libm.a
      [31777] string: Extra memchr strlen symbols in libc.a
      [31781] math: Missing math functions in libm.a
      [31782] build: Test build failure with recent GCC trunk (x86/tst-cpu-
        features-supports.c:69:3: error: parameter to builtin not valid:
        avx5124fmaps)
      [31785] string: loongarch: Extra strnlen symbols in libc.a
      [31786] string: powerpc: Extra strchrnul and strncasecmp_l symbols in
        libc.a
      [31787] math: powerpc: Extra llrintf, llrintf, llrintf32, and
        llrintf32 symbols in libc.a
      [31788] libc: microblaze: Extra cacheflush symbol in libc.a
      [31789] libc: powerpc: Extra versionsort symbol in libc.a
      [31790] libc: s390: Extra getutent32, getutent32_r, getutid32,
        getutid32_r, getutline32, getutline32_r, getutmp32, getutmpx32,
        getutxent32, getutxid32, getutxline32, pututline32, pututxline32,
        updwtmp32, updwtmpx32 in libc.a
      [31797] build: g++ -static requirement should be able to opt-out
      [31798] libc: pidfd_getpid.c is miscompiled by GCC 6.4
      [31802] time: difftime is pure not const
      [31808] time: The supported time_t range is not documented.
      [31840] stdio: Memory leak in _IO_new_fdopen (fdopen) on seek failure
      [31867] build: "CPU ISA level is lower than required" on SSE2-free
        CPUs
      [31876] time: "Date and time" documentation fixes for POSIX.1-2024 etc
      [31883] build: ISA level support configure check relies on bashism /
        is otherwise broken for arithmetic
      [31892] build: Always install mtrace.
      [31917] libc: clang mq_open fortify wrapper does not handle 4 argument
        correctly
      [31927] libc: clang open fortify wrapper does not handle argument
        correctly
      [31931] time: tzset may fault on very short TZ string
      [31934] string: wcsncmp crash on s390x on vlbb instruction
      [31963] stdio: Crash in _IO_link_in within __gcov_exit
      [31965] dynamic-link: rseq extension mechanism does not work as
        intended
      [31980] build: elf/tst-tunables-enable_secure-env fails on ppc
    
    Release Notes
    =============
    
    https://sourceware.org/glibc/wiki/Release/2.40
    
    Contributors
    ============
    
    This release was made possible by the contributions of many people.
    The maintainers are grateful to everyone who has contributed
    changes or bug reports.  These include:
    
    Adam Sampson
    Adhemerval Zanella
    Alejandro Colomar
    Alexandre Ferrieux
    Amrita H S
    Andreas K. Hüttel
    Andreas Schwab
    Andrew Pinski
    Askar Safin
    Aurelien Jarno
    Avinal Kumar
    Carlos Llamas
    Carlos O'Donell
    Charles Fol
    Christoph Müllner
    DJ Delorie
    Daniel Cederman
    Darius Rad
    David Paleino
    Dragan Stanojević (Nevidljivi)
    Evan Green
    Fangrui Song
    Flavio Cruz
    Florian Weimer
    Gabi Falk
    H.J. Lu
    Jakub Jelinek
    Jan Kurik
    Joe Damato
    Joe Ramsay
    Joe Simmons-Talbott
    Joe Talbott
    John David Anglin
    Joseph Myers
    Jules Bertholet
    Julian Zhu
    Junxian Zhu
    Konstantin Kharlamov
    Luca Boccassi
    Maciej W. Rozycki
    Manjunath Matti
    Mark Wielaard
    MayShao-oc
    Meng Qinggang
    Michael Jeanson
    Michel Lind
    Mike FABIAN
    Mohamed Akram
    Noah Goldstein
    Palmer Dabbelt
    Paul Eggert
    Philip Kaludercic
    Samuel Dobron
    Samuel Thibault
    Sayan Paul
    Sergey Bugaev
    Sergey Kolosov
    Siddhesh Poyarekar
    Simon Chopin
    Stafford Horne
    Stefan Liebler
    Sunil K Pandey
    Szabolcs Nagy
    Wilco Dijkstra
    Xi Ruoyao
    Xin Wang
    Yinyu Cai
    YunQiang Su
    
    We would like to call out the following and thank them for their
    tireless patch review:
    
    Adhemerval Zanella
    Alejandro Colomar
    Andreas K. Hüttel
    Arjun Shankar
    Aurelien Jarno
    Bruno Haible
    Carlos O'Donell
    DJ Delorie
    Dmitry V. Levin
    Evan Green
    Fangrui Song
    Florian Weimer
    H.J. Lu
    Jonathan Wakely
    Joseph Myers
    Mathieu Desnoyers
    Maxim Kuvyrkov
    Michael Jeanson
    Noah Goldstein
    Palmer Dabbelt
    Paul Eggert
    Paul E. Murphy
    Peter Bergner
    Philippe Mathieu-Daudé
    Sam James
    Siddhesh Poyarekar
    Simon Chopin
    Stefan Liebler
    Sunil K Pandey
    Szabolcs Nagy
    Xi Ruoyao
    Zack Weinberg
    
    --
    Andreas K. Hüttel
    dilfridge@gentoo.org
    Gentoo Linux developer
    (council, toolchain, base-system, perl, releng)
    https://wiki.gentoo.org/wiki/User:Dilfridge
    https://www.akhuettel.de/
    
    
  • glibc-2.14.9000
    Open master branch for glibc 2.15 development
    
  • glibc-2.39.9000
    Open master branch for glibc 2.40 development
    
  • glibc-2.39
    The GNU C Library version 2.39 is now available
    
    The GNU C Library
    =================
    
    The GNU C Library version 2.39 is now available.
    
    The GNU C Library is used as *the* C library in the GNU system and
    in GNU/Linux systems, as well as many other systems that use Linux
    as the kernel.
    
    The GNU C Library is primarily designed to be a portable
    and high performance C library.  It follows all relevant
    standards including ISO C11 and POSIX.1-2017.  It is also
    internationalized and has one of the most complete
    internationalization interfaces known.
    
    The GNU C Library webpage is at http://www.gnu.org/software/libc/
    
    Packages for the 2.39 release may be downloaded from:
            http://ftpmirror.gnu.org/libc/
            http://ftp.gnu.org/gnu/libc/
    
    The mirror list is at http://www.gnu.org/order/ftp.html
    
    Distributions are encouraged to track the release/* branches
    corresponding to the releases they are using.  The release
    branches will be updated with conservative bug fixes and new
    features while retaining backwards compatibility.
    
    NEWS for version 2.39
    =====================
    
    Major new features:
    
    * A new tunable, glibc.cpu.plt_rewrite, can be used to enable PLT
      rewrite on x86-64.  When enabled with non-lazy binding, the dynamic
      linker will rewrite indirect branches in PLT with direct branches.
    
    * Sync with Linux kernel 6.6 shadow stack interface.  The --enable-cet
      configure option is only supported on x86-64.
    
    * struct statvfs now has an f_type member, equal to the f_type statfs member;
      on the Hurd this was always available under a reserved name,
      and under Linux a spare has been allocated: it was always zero
      in previous versions of glibc, and zero is not a valid result.
    
    * On Linux, the functions posix_spawnattr_getcgroup_np and
      posix_spawnattr_setcgroup_np have been added, along with the
      POSIX_SPAWN_SETCGROUP flag.  They allow posix_spawn and posix_spawnp
      to set the cgroupv2 in the new process in a race-free manner.  These
      functions are GNU extensions and require a kernel with clone3 support.
    
    * On Linux, the pidfd_spawn and pidfd_spawp functions have been added.
      They have a similar prototype and semantic as posix_spawn, but instead of
      returning a process ID, they return a file descriptor that can be used
      along other pidfd functions (like pidfd_send_signal, poll, or waitid).
      The pidfd functionality avoids the issue of PID reuse with the traditional
      posix_spawn interface.
    
    * On Linux, the pidfd_getpid function has been added.  It allows retrieving
      the process ID associated with the process file descriptor created by
      pid_spawn, fork_np, or pidfd_open.
    
    * scanf-family functions now support the wN format length modifiers for
      arguments pointing to types intN_t, int_leastN_t, uintN_t or
      uint_leastN_t (for example, %w32d to read int32_t or int_least32_t in
      decimal, or %w32x to read uint32_t or uint_least32_t in hexadecimal)
      and the wfN format length modifiers for arguments pointing to types
      int_fastN_t or uint_fastN_t, as specified in draft ISO C2X.
    
    * A new tunable, glibc.mem.decorate_maps, can be used to add additional
      information on underlying memory allocated by the glibc (for instance,
      on thread stack created by pthread_create or memory allocated by
      malloc).
    
    * The <stdbit.h> header has been added from ISO C2X, with
      stdc_leading_zeros, stdc_leading_ones, stdc_trailing_zeros,
      stdc_trailing_ones, stdc_first_leading_zero, stdc_first_leading_one,
      stdc_first_trailing_zero, stdc_first_trailing_one, stdc_count_zeros,
      stdc_count_ones, stdc_has_single_bit, stdc_bit_width, stdc_bit_floor
      and stdc_bit_ceil function families, each having functions for
      unsigned char, unsigned short, unsigned int, unsigned long int and
      unsigned long long int, and a type-generic macro.
    
    * On AArch64 new symbols were added to libmvec and now math.h has
      annotations to allow GCC 9 or newer to auto-vectorize calls to the
      following scalar math functions when -ffast-math is specified:
      acos, acosf, asin, asinf, atan, atanf, atan2, atan2f, cos, cosf,
      exp, expf, exp10, exp10f, exp2, exp2f, expm1, expm1f, log, logf,
      log10, log10f, log1p, log1pf, log2, log2f, sin, sinf, tan, tanf.
    
    Deprecated and removed features, and other changes affecting compatibility:
    
    * The ldconfig program now skips file names containing ';' or ending in
      ".dpkg.tmp" or ".dpkg.new", to avoid examining temporary files created
      by the RPM and dpkg package managers.
    
    * libcrypt has been removed from the GNU C Library.  The configure
      options "--enable-crypt" and "--enable-nss-crypt" are no longer
      available.  <crypt.h>, libcrypt.a, and libcrypt.so.1 will not be
      installed.  For now <unistd.h> continues to declare the crypt
      function by default, to avoid introducing vulnerabilities into
      existing applications due to a missing prototype.  This declaration
      is deprecated and may be removed in a future glibc release.
    
      The replacement for libcrypt is libxcrypt, maintained separately from
      GNU libc, but available under compatible licensing terms, and providing
      binary backward compatibility with the former libcrypt.  It is currently
      distributed from <https://github.com/besser82/libxcrypt/>.
    
      As a consequence of this removal, GNU libc no longer makes any use of
      the NSS cryptography library (Network Security Services; not to be
      confused with Name Service Switch).  Distributors of binary packages
      of GNU libc are advised to check whether their build processes can be
      simplified.
    
    * The dynamic linker calls the malloc and free functions in more cases
      during TLS access if a shared object with dynamic TLS is loaded and
      unloaded.  This can result in an infinite recursion if a malloc
      replacement library or its dependencies use dynamic TLS instead of
      initial-exec TLS.
    
    * The ia64*-*-linux-gnu configurations are no longer supported.
    
    Changes to build and runtime requirements:
    
    * Building on LoongArch requires at a minimum binutils 2.41 for vector
      instructions.
    
    Security related changes:
    
    The following CVEs were fixed in this release, details of which can be
    found in the advisories directory of the release tarball:
    
      GLIBC-SA-2023-0002:
        getaddrinfo: Stack read overflow in no-aaaa mode (CVE-2023-4527)
    
      GLIBC-SA-2023-0003:
        getaddrinfo: Potential use-after-free (CVE-2023-4806)
    
      GLIBC-SA-2023-0004:
        tunables: local privilege escalation through buffer overflow
        (CVE-2023-4911)
    
      GLIBC-SA-2024-0001:
        syslog: Heap buffer overflow in __vsyslog_internal (CVE-2023-6246)
    
      GLIBC-SA-2024-0002:
        syslog: Heap buffer overflow in __vsyslog_internal (CVE-2023-6779)
    
      GLIBC-SA-2024-0003:
        syslog: Integer overflow in __vsyslog_internal (CVE-2023-6780)
    
    The following bugs are resolved with this release:
    
      [14522] localedata: fy_DE: LC_IDENTIFICATION data looks weird
      [19305] libc: qsort() should return early if (nmemb <= 1)
      [19479] localedata: gbm_IN: new Garhwali Locale
      [19924] dynamic-link: TLS performance degradation after dlopen
      [19956] localedata: ssy_ER: rename from aa_ER@saaho
      [21719] libc: stdlib/msort : optimizing merge sort
      [22526] localedata: th_TH  LC_COLLATE does not use copy "iso14651_t1"
      [23012] localedata: el_GR: Greece now uses the 24h format for time
      [23172] localedata: miq_NI: Provide actually abbreviated month names
      [24006] localedata: Cyclic dependencies via copy in locales
      [24013] localedata: am_pm definitions for es_ES
      [24386] localedata: crh_RU: new locale
      [24877] localedata: [Redundant Data] Remove redundant data between
        en_NZ and en_AU
      [25868] localedata: Incorrect trailing spaces in weekday names for
        nn_NO
      [26752] localedata: Please add the new locale zgh_MA
      [27069] dynamic-link: Need a way to tell if a tunable is set by user
      [27163] localedata: Error on test glk_IR with localedef
      [27312] localedata: su_ID: new Sundanese locale
      [27547] manual: "Summary of malloc-Related Functions" shows wrong
        argument order for  `aligned_alloc` and `memalign`
      [27574] libc: glibc should probably not define __WORDSIZE=64 for
        __sparcv9
      [27601] localedata: License information update in
        localedata/locales/ast_ES
      [28558] localedata: it_IT LC_MONETARY outdated p_cs_precedes and
        n_cs_precedes
      [28787] localedata: Add information for Occitan
      [29039] dynamic-link: Corrupt DTV after reuse of a TLS module ID
        following dlclose with unused TLS
      [29486] localedata: New Zealand locales (en_NZ & mi_NZ) first day of
        week should be Monday
      [29504] localedata: Incorrect/misleading Time Format For ms_MY (AM/PM)
      [29506] localedata: UTF-8 HANGUL SYLLABLE bugs
      [30349] libc: Support returning a pidfd from posix_spawn()
      [30412] localedata: d_t_fmt in id_ID uses %r placeholder but am_pm and
        t_fmt_ampm are undefined
      [30605] localedata: New locale for Komi language
      [30649] localedata: [PATCH] Add transliteration of common emojis to
        smileys
      [30694] locale: The iconv program no longer tells the user which given
        encoding name was wrong
      [30709] nscd: nscd fails to build with cleanup handler if built with
        -fexceptions
      [30737] libc: fdopendir() is not robust - returns bogus DIR* instead
        of flagging an error
      [30740] build: [m68k] undefined reference to
        `_wordcopy_fwd_dest_aligned'
      [30745] libc: Slight bug in cache info codes for x86
      [30750] network: Unaligned accesses in resolver
      [30773] math: [m68k] busybox awk is broken (lshift.S related)
      [30789] libc: [2.38 Regression] sem_open will fail on multithreaded
        scenarios when semaphore file doesn't exist (O_CREAT)
      [30800] nscd: Improper assert in prune_cache triggers if clock jumps
        backwards
      [30804] libc: F_GETLK, F_SETLK, and F_SETLKW value change for
        powerpc64 with -D_FILE_OFFSET_BITS=64
      [30842] network: Stack read overflow in getaddrinfo in no-aaaa mode
        (CVE-2023-4527)
      [30843] network: potential use-after-free in getcanonname
        (CVE-2023-4806)
      [30854] localedata: Update locale data to Unicode 15.1.0
      [30884] network: Memory leak in getaddrinfo after fix for bug 30843
        (CVE-2023-5156)
      [30932] libc: Fortify Source has false-positives when too many files
        are open
      [30945] malloc: Core affinity setting incurs lock contentions between
        threads
      [30960] math: signed integer overflow in
        glibc/sysdeps/s390/fpu/feenablxcpt.c
      [30964] locale: Number grouping check mishandles multibyte thousands
        separator
      [30981] dynamic-link: dlclose does not properly implement force-first
        handling
      [30988] math: fesetexcept raises floating-point exception traps on
        ppc, ppc64, ppc64le
      [30989] math: fesetexcept raises floating-point exception traps on
        i386
      [30990] libc: fesetexceptflag raises floating-point exception traps on
        i386, x86_64
      [30998] math: fesetexceptflag clears too many floating-point exception
        flags on alpha
      [31019] manual: The documentation of feenableexcept is incomplete
      [31022] math: feupdateenv (FE_DFL_ENV) crashes on riscv
      [31035] libc: Library search path terminates on relative non-directory
        name
      [31042] libc: [s390x] .init and .fini padding
      [31068] libc: sysdeps: sparc: invalid data access in memset due to
        regression
      [31078] manual: Code example in "Noncanonical Mode Example" has unused
        'char *name;'
      [31086] localedata: Errors in Tibetan, Dzongkha data
      [31113] string: Wrong unwind information for rawmemchr on aarch64
      [31151] libc: [RISC-V] missing support for profile/audit PLT setup
      [31163] nss: getaddrinfo returns EAI_NONAME in oom situation
      [31183] stdio: Wide stream buffer size reduced MB_LEN_MAX bytes after
        bug 17522 fix
      [31184] dynamic-link: FAIL: elf/tst-tlsgap
      [31185] dynamic-link: Incorrect thread point access in
        _dl_tlsdesc_undefweak and _dl_tlsdesc_dynamic
      [31187] dynamic-link: Some CET tests fail with GCC 14
      [31204] localedata: Fix decimal point and thousands separator for
        uz_UZ
      [31205] localedata: Inconsistent (mon_)grouping formats
      [31218] dynamic-link: PLT rewrite overflows large displacement on x32
      [31221] localedata: Add localedata for ISO code "tok" (Toki Pona)
      [31230] dynamic-link: PLT rewrite failed without SELinux
      [31239] localedata: anp_IN locale: abbreviated month names are the
        same as the full month names
      [31244] nptl: pthread_cancel hangs on sparc32
      [31257] localedata: Sync with  CLDR: “Turkey” -> “Türkiye”
      [31266] string: sparc: string/tst-memmove-overflow fails on 32-bit
        sparcv9
      [31276] libc: Wrong condition for heap allocation in qsort_r
    
    Release Notes
    =============
    
    https://sourceware.org/glibc/wiki/Release/2.39
    
    Contributors
    ============
    
    This release was made possible by the contributions of many people.
    The maintainers are grateful to everyone who has contributed
    changes or bug reports.  These include:
    
    Adam Jackson
    Adhemerval Zanella Netto
    Amrita H S
    Andreas K. Hüttel
    Andreas Larsson
    Andreas Schwab
    Arjun Shankar
    Aurelien Jarno
    Bruno Haible
    Bruno Victal
    Carlos O'Donell
    Christoph Müllner
    Colin Leroy-Mira
    DJ Delorie
    Daniel Cederman
    Dennis Brendel
    Flavio Cruz
    Florian Weimer
    Frederic Cambus
    Gaël PORTAY
    Guy-Fleury Iteriteka
    H.J. Lu
    Hector Martin
    Jan Palus
    Janet Blackquill
    Joe Ramsay
    Joe Simmons-Talbott
    John David Anglin
    Joseph Myers
    Kir Kolyshkin
    Kuan-Wei Chiu
    Ludwig Rydberg
    MAHESH BODAPATI
    Mahesh Bodapati
    Manjunath Matti
    Mark Wielaard
    Matthew Sterrett
    Maxim Kuvyrkov
    Mike FABIAN
    Noah Goldstein
    Paul Eggert
    Qingqing Li
    Romain Geissler
    RushingAlien
    Sajan Karumanchi
    Sam James
    Samuel Thibault
    Sergei Trofimovich
    Sergey Bugaev
    Sergio Durigan Junior
    Siddhesh Poyarekar
    Simon Chopin
    Stefan Liebler
    Sunil K Pandey
    Szabolcs Nagy
    Tobias Klauser
    Valery Ushakov
    Volker Weißmann
    Wilco Dijkstra
    Xi Ruoyao
    Yang Yujie
    Yanzhang Wang
    Ying Huang
    caiyinyu
    dengjianbo
    lijianglin
    наб
    
    We would like to call out the following and thank them for their
    tireless patch review:
    
    Adhemerval Zanella
    Alejandro Colomar
    Andreas K. Hüttel
    Andreas Schwab
    Arjun Shankar
    Carlos O'Donell
    DJ Delorie
    Florian Weimer
    H.J. Lu
    Joe Simmons-Talbott
    Mike Fabian
    Noah Goldstein
    Paul E. Murphy
    Peter Bergner
    Premachandra Mallappa
    Rajalakshmi Srinivasaraghavan
    Samuel Thibault
    Siddhesh Poyarekar
    Stefan Liebler
    Sunil K Pandey
    Szabolcs Nagy
    
    --
    Andreas K. Hüttel
    dilfridge@gentoo.org
    Gentoo Linux developer
    (council, toolchain, base-system, perl, releng)
    https://wiki.gentoo.org/wiki/User:Dilfridge
    https://www.akhuettel.de/
    
    
  • glibc-2.38.9000
    Open master branch for glibc 2.39 development
    
  • glibc-2.38
    36f2487f · NEWS: Fix typos ·
    The GNU C Library version 2.38 is now available
    
    The GNU C Library
    =================
    
    The GNU C Library version 2.38 is now available.
    
    The GNU C Library is used as *the* C library in the GNU system and
    in GNU/Linux systems, as well as many other systems that use Linux
    as the kernel.
    
    The GNU C Library is primarily designed to be a portable
    and high performance C library.  It follows all relevant
    standards including ISO C11 and POSIX.1-2017.  It is also
    internationalized and has one of the most complete
    internationalization interfaces known.
    
    The GNU C Library webpage is at http://www.gnu.org/software/libc/
    
    Packages for the 2.38 release may be downloaded from:
            http://ftpmirror.gnu.org/libc/
            http://ftp.gnu.org/gnu/libc/
    
    The mirror list is at http://www.gnu.org/order/ftp.html
    
    Distributions are encouraged to track the release/* branches
    corresponding to the releases they are using.  The release
    branches will be updated with conservative bug fixes and new
    features while retaining backwards compatibility.
    
    NEWS for version 2.38
    =====================
    
    Major new features:
    
    * When C2X features are enabled and the base argument is 0 or 2, the
      following functions support binary integers prefixed by 0b or 0B as
      input: strtol, strtoll, strtoul, strtoull, strtol_l, strtoll_l,
      strtoul_l, strtoull_l, strtoimax, strtoumax, strtoq, strtouq, wcstol,
      wcstoll, wcstoul, wcstoull, wcstol_l, wcstoll_l, wcstoul_l,
      wcstoull_l, wcstoimax, wcstoumax, wcstoq, wcstouq.  Similarly, the
      following functions support binary integers prefixed by 0b or 0B as
      input to the %i format: fscanf, scanf, sscanf, vscanf, vsscanf,
      vfscanf, fwscanf, wscanf, swscanf, vfwscanf, vwscanf, vswscanf; those
      functions also support the %b format for binary integers, with or
      without such a prefix and independent of standards mode.
    
    * PRIb*, PRIB* and SCNb* macros from C2X have been added to
      <inttypes.h>.
    
    * printf-family functions now support the wN format length modifiers for
      arguments of type intN_t, int_leastN_t, uintN_t or uint_leastN_t (for
      example, %w32d to print int32_t or int_least32_t in decimal, or %w32x
      to print uint32_t or uint_least32_t in hexadecimal) and the wfN format
      length modifiers for arguments of type int_fastN_t or uint_fastN_t, as
      specified in draft ISO C2X.
    
    * A new tunable, glibc.pthread.stack_hugetlb, can be used to disable
      Transparent Huge Pages (THP) in stack allocation at pthread_create.
    
    * Support for x86_64 running on Hurd has been added.  This port requires
      as least binutils 2.40 and GCC 13:
    
        - x86_64-gnu
    
    * Vector math library libmvec support has been added to AArch64.  It
      requires GCC version >= 10.1.0.  It can be disabled via
      "--disable-mathvec", however that is not a supported configuration as
      it changes the ABI. The symbol names follow the AArch64 vector ABI,
      they are declared in math.h and have to be called manually at this point.
    
    * The strlcpy and strlcat functions have been added.  They are derived
      from OpenBSD, and are expected to be added to a future POSIX version.
    
    * A new configure option, "--enable-fortify-source", can be used to build the
      GNU C Library with _FORTIFY_SOURCE. The level of fortification can either be
      provided, or is set to the highest value supported by the compiler. If not
      explicitly enabled, then fortify source is forcibly disabled so to keep
      original behavior unchanged.
    
    Deprecated and removed features, and other changes affecting compatibility:
    
    * libcrypt is no longer built by default; one may use the "--enable-crypt"
      option to build libcrypt.  libcrypt is likely to be removed from the
      GNU C Library in a future release, so it is recommended that
      applications port away from it to an alternative such as libxcrypt.
    
    * In the Linux kernel for the hppa/parisc architecture some of the
      MADV_XXX constants were changed to have the same values as the other
      architectures.  New programs compiled with this glibc version and which
      use the madvise call will require at least Linux kernel version 6.2,
      alternatively stable kernels from versions 6.1.6, 5.15.87, 5.10.163,
      5.4.228, 4.19.270 or 4.14.303.
    
    * The "--disable-experimental-malloc" option is no longer available.  The
      per-thread cache can still be disabled per-application using tunables
      (glibc.malloc.tcache_count set to zero).
    
    * The configure option "--enable-tunables" has been removed.  The tunable
      feature is now always enabled.
    
    Changes to build and runtime requirements:
    
    * Building libmvec on AArch64 requires at a minimum GCC 10.1.0 for SVE
      ACLE.
    
    Security related changes:
    
      CVE-2023-25139: When the printf family of functions is called with a
      format specifier that uses an <apostrophe> (enable grouping) and a
      minimum width specifier, the resulting output could be larger than
      reasonably expected by a caller that computed a tight bound on the
      buffer size.  The resulting larger than expected output could result
      in a buffer overflow in the printf family of functions.
    
    The following bugs are resolved with this release:
    
      [178] string: Please add strlcpy and strlcat (attached)
      [14697] nptl: Behavior of exit is nonconformant with respect to
        threads and stdio
      [15142] stdio: Missing locking in _IO_cleanup
      [18096] glob: null deref in wordexp/parse_dollars/parse_arith
      [18906] stdio: fopen: ccs value may affect open mode
      [24466] stdio: Feature request: provide special printf formats for
        intXX_t
      [25457] nss: hosts lookup fails for ipv4mapped ipv6 addresses
      [28519] libc: system and popen should pass "--" between /bin/sh and
        argument
      [29016] stdio: popen() sets errno to ENOMEM when shell does not exist
      [29591] string: wcsnlen length can overflow in page cross case.
      [30053] time: strftime %s returns -1 after 2038 on 32 bits systems
      [30068] stdio: incorrect printf output for integers with thousands
        separator and width field (CVE-2023-25139)
      [30111] time: support_descriptors_list fails after 2038 on 32 bits
        systems
      [30125] dynamic-link: [regression, bisected] glibc-2.37 creates new
        symlink for libraries without soname
      [30130] math: [s390] The _FPU_SETCW macro yields compile error with
        Clang
      [30156] time: Potential ntp_gettime abi break
      [30235] libc: Missing fallback in getlogin if loginuid is unset
      [30258] dynamic-link: sprof cannot read and display shared object
        profiling data correctly
      [30263] libc: Add test coverage for abs(), labs(), and llabs().
      [30305] math: Incorrect asm constraint in feraiseexcept on x86-64
      [30402] libc: FAIL: elf/tst-glibcelf
      [30425] dynamic-link: Symbol lookup during dlclose may fail
        unnecessarily
      [30435] dynamic-link: Root dir wrongly marked as nonexist in open_path
      [30477] libc: [RISCV]: time64 does not work on riscv32
      [30515] dynamic-link: _dl_find_object incorrectly returns 1 during
        early startup
      [30527] network: resolv_conf lock not unlocked on allocation failure
      [30550] math: powerpc64le: GCC-specific code for isinf() is being used
        on clang
      [30555] string: strerror can incorrectly return NULL
      [30579] malloc: trim_threshold in realloc lead to high memory usage
      [30662] nscd: Group and password cache use errno in place of errval
    
    Release Notes
    =============
    
    https://sourceware.org/glibc/wiki/Release/2.38
    
    Contributors
    ============
    
    This release was made possible by the contributions of many people.
    The maintainers are grateful to everyone who has contributed
    changes or bug reports.  These include:
    
    Adam Yi
    Adhemerval Zanella Netto
    Alejandro Colomar
    Andreas Arnez
    Andreas K. Hüttel
    Andreas Schwab
    Arjun Shankar
    Arsen Arsenović
    Aurelien Jarno
    Ayush Mittal
    Bert Wesarg
    Carlos O'Donell
    Cupertino Miranda
    DJ Delorie
    Dridi Boukelmoune
    Flavio Cruz
    Florian Weimer
    Frédéric Bérat
    Gavin Smith
    Guy-Fleury Iteriteka
    H.J. Lu
    Hsiangkai Wang
    Indu Bhagat
    Jan-Benedict Glaw
    Joan Bruguera
    Joe Ramsay
    Joe Simmons-Talbott
    John David Anglin
    Joseph Myers
    Julian Squires
    Jun Tang
    Kacper Piwiński
    Kito Cheng
    Mahesh Bodapati
    Martin Coufal
    Maxim Kuvyrkov
    Nisha Menon
    Noah Goldstein
    Paul Eggert
    Paul Pluzhnikov
    Paul Zimmermann
    Pavel Kozlov
    Qihao Chencao
    Qixing ksyx Xue
    Richard Henderson
    Robert Morell
    Romain Geissler
    Ronan Pigott
    Roy Eldar
    Sachin Monga
    Sam James
    Samuel Thibault
    Sergey Bugaev
    Siddhesh Poyarekar
    Simon Kissane
    Stefan Liebler
    Szabolcs Nagy
    Tulio Magno Quites Machado Filho
    Vitaly Buka
    Wilco Dijkstra
    Xi Ruoyao
    Ying Huang
    abushwang
    caiyinyu
    quxm
    Леонид Юрьев (Leonid Yuriev)
    наб
    
    We would like to call out the following and thank them for their
    tireless patch review:
    
    Adhemerval Zanella
    Andreas K. Hüttel
    Arjun Shankar
    Aurelien Jarno
    Carlos Eduardo Seo
    Carlos O'Donell
    DJ Delorie
    Florian Weimer
    Joe Simmons-Talbott
    Noah Goldstein
    Palmer Dabbelt
    Paul E. Murphy
    Rajalakshmi Srinivasaraghavan
    Richard Henderson
    Siddhesh Poyarekar
    Szabolcs Nagy
    Wilco Dijkstra
    
    --
    Andreas K. Hüttel
    dilfridge@gentoo.org
    Gentoo Linux developer
    (council, toolchain, base-system, perl, releng)
    https://wiki.gentoo.org/wiki/User:Dilfridge
    https://www.akhuettel.de/
    
  • glibc-2.37.9000
    Open master branch for glibc 2.38 development
    
  • glibc-2.37
    The GNU C Library version 2.37 is now available
    
    The GNU C Library
    =================
    
    The GNU C Library version 2.37 is now available.
    
    The GNU C Library is used as *the* C library in the GNU system and
    in GNU/Linux systems, as well as many other systems that use Linux
    as the kernel.
    
    The GNU C Library is primarily designed to be a portable
    and high performance C library.  It follows all relevant
    standards including ISO C11 and POSIX.1-2017.  It is also
    internationalized and has one of the most complete
    internationalization interfaces known.
    
    The GNU C Library webpage is at http://www.gnu.org/software/libc/
    
    Packages for the 2.37 release may be downloaded from:
            http://ftpmirror.gnu.org/libc/
            http://ftp.gnu.org/gnu/libc/
    
    The mirror list is at http://www.gnu.org/order/ftp.html
    
    NEWS for version 2.37
    =====================
    
    Major new features:
    
    * The getent tool now supports the --no-addrconfig option. The output of
      getent with --no-addrconfig may contain addresses of families not
      configured on the current host i.e. as-if you had not passed
      AI_ADDRCONFIG to getaddrinfo calls.
    
    Deprecated and removed features, and other changes affecting compatibility:
    
    * The dynamic linker no longer loads shared objects from the "tls"
      subdirectories on the library search path or the subdirectory that
      corresponds to the AT_PLATFORM system name, or employs the legacy AT_HWCAP
      search mechanism, which was deprecated in version 2.33.
    
    Security related changes:
    
      CVE-2022-39046: When the syslog function is passed a crafted input
      string larger than 1024 bytes, it reads uninitialized memory from the
      heap and prints it to the target log file, potentially revealing a
      portion of the contents of the heap.
    
    The following bugs are resolved with this release:
    
      [12154] network: Cannot resolve hosts which have wildcard aliases
      [12165] libc: readdir: Do not skip entries with zero d_ino values
      [19444] build: build failures with -O1 due to -Wmaybe-uninitialized
      [24774] nptl: pthread_rwlock_timedwrlock stalls on ARM
      [24816] nss: nss/tst-nss-files-hosts-long fails when no interface has
        AF_INET6 address (ie docker)
      [27087] stdio: PowerPC: Redefinition error with Clang from IEEE
        redirection headers
      [28846] network: CMSG_NXTHDR may trigger -Wstrict-overflow warning
      [28937] dynamic-link: New DSO dependency sorter does not put new map
        first if in a cycle
      [29249] libc: csu/libc-tls.c:202: undefined reference to
        `_startup_fatal_not_constant'
      [29305] network: Inefficient buffer space usage in nss_dns for
        gethostbyname and other functions
      [29375] libc: don't hide MAP_ANONYMOUS behind _GNU_SOURCE
      [29402] nscd: nscd: No such file or directory
      [29415] nscd: getaddrinfo with AI_ADDRCONFIG returns addresses with
        wrong family
      [29427] dynamic-link: Inconsistency detected by ld.so: dl-printf.c:
        200: _dl_debug_vdprintf: Assertion `! "invalid format specifier"'
        failed!
      [29463] math: math/test-float128-y1 fails on x86_64
      [29485] build: Make hangs when the test misc/tst-pidfile returns
        FAIL_UNSUPPORTED
      [29490] dynamic-link: [bisected] new __brk_call causes dynamic loader
        segfault on alpha
      [29499] build: Check failed on misc/tst-glibcsyscalls while building
        for RISCV64 on a unmatched hardware
      [29501] build: Check failed on stdlib/tst-strfrom while building for
        RISCV64 on a unmatched hardware
      [29502] libc: alpha sys/acct.h out of date
      [29514] build: Need to use -fPIE not -fpie
      [29528] dynamic-link: __libc_early_init not called after dlmopen that
        reuses namespace
      [29536] libc: syslog fail to create large messages (CVE-2022-39046)
      [29537] libc: [2.34 regression]: Alignment issue on m68k when using
        futexes on qemu-user
      [29539] libc: LD_TRACE_LOADED_OBJECTS changed how vDSO library are
        printed
      [29544] libc: Regression in syslog(3) calls breaks RFC due to extra
        whitespace
      [29564] build: Incorrect way to change MAKEFLAGS in Makerules
      [29576] build: librtld.os: in function `_dl_start_profile':
        (.text+0x9444): undefined reference to `strcpy'
      [29578] libc: Definition of SUN_LEN() is wrong
      [29583] build: iconv failures on 32bit platform due to missing large
        file support
      [29600] dynamic-link: dlmopen hangs after loading certain libraries
      [29604] localedata: Update locale data to Unicode 15.0.0
      [29605] nscd: Regression in NSCD backend of getaddrinfo
      [29607] nscd: nscd repeatably crashes calling __strlen_avx2 when hosts
        cache is enabled
      [29611] string: Optimized AVX2 string functions unconditionally use
        BMI2 instructions
      [29624] malloc: errno is not cleared when entering main
      [29638] libc: stdlib: arc4random fallback is never used
      [29657] libc: Incorrect struct stat for 64-bit time on linux/generic
        platforms
      [29698] build: Configuring for AArch32 on ARMv8+ disables
        optimizations
      [29727] locale: __strtol_internal out-of-bounds read when parsing
        thousands grouping
      [29730] libc: broken y2038 support in fstatat on MIPS N64
      [29746] libc: ppoll() does not switch to __ppoll64 when
        -D_TIME_BITS=64 and -D_FORTIFY_SOURCE=2 is given on 32bit
      [29771] libc: Restore IPC_64 support in sysvipc *ctl functions
      [29780] build: possible parallel make issue in glibc-2.36 (siglist-
        aux.S: No such file or directory)
      [29864] libc: __libc_start_main() should obtain program headers
        address (_dl_phdr) from the auxv, not the ELF header.
      [29951] time: daylight variable not set correctly if last DST change
        coincides with offset change
      [30039] stdio: __vsprintf_internal does not handle unspecified buffer
        length in fortify mode
    
    Release Notes
    =============
    
    https://sourceware.org/glibc/wiki/Release/2.37
    
    Contributors
    ============
    
    This release was made possible by the contributions of many people.
    The maintainers are grateful to everyone who has contributed
    changes or bug reports.  These include:
    
    Adhemerval Zanella
    Adhemerval Zanella Netto
    Alan Modra
    Alistair Francis
    Andreas K. Hüttel
    Andreas Schwab
    Arjun Shankar
    Aurelien Jarno
    Carlos Eduardo Seo
    Carlos O'Donell
    Chenghua Xu
    Cristian Rodríguez
    Damien Zammit
    Fabian Vogt
    Fangrui Song
    Felix Riemann
    Flavio Cruz
    Florian Weimer
    H.J. Lu
    Jakub Wilk
    Javier Pello
    John David Anglin
    Joseph Myers
    Jörg Sonnenberger
    Kito Cheng
    Letu Ren
    Lucas A. M. Magalhaes
    Ludovic Courtès
    Martin Jansa
    Martin Joerg
    Michael Hudson-Doyle
    Mike FABIAN
    Noah Goldstein
    Paul Eggert
    Paul Pluzhnikov
    Qingqing Li
    Rajalakshmi Srinivasaraghavan
    Raphael Moreira Zinsly
    Richard Henderson
    Sajan Karumanchi
    Samuel Thibault
    Sergei Trofimovich
    Sergey Bugaev
    Shahab Vahedi
    Siddhesh Poyarekar
    Stefan Liebler
    Sunil K Pandey
    Szabolcs Nagy
    Tom Honermann
    Tulio Magno Quites Machado Filho
    Vladislav Khmelevsky
    Wilco Dijkstra
    Xi Ruoyao
    Xiaolin Tang
    Xiaoming Ni
    Xing Li
    Yu Chien Peter Lin
    YunQiang Su
    Zong Li
    caiyinyu
    fanquake
    Łukasz Stelmach
    наб
    
    We would like to call out the following and thank them for their
    tireless patch review:
    
    Adhemerval Zanella
    Arjun Shankar
    Aurelien Jarno
    Carlos O'Donell
    Cristian Rodríguez
    DJ Delorie
    Fangrui Song
    Florian Weimer
    H.J. Lu
    Noah Goldstein
    Palmer Dabbelt
    Paul E. Murphy
    Philippe Mathieu-Daudé
    Premachandra Mallappa
    Sam James
    Siddhesh Poyarekar
    Sunil K Pandey
    Szabolcs Nagy
    Tulio Magno Quites Machado Filho
    Wilco Dijkstra
    Yann Droneaud
    
  • glibc-2.36.9000
    Open master branch for glibc 2.37 development
    
  • glibc-2.36
    The GNU C Library version 2.36 is now available
    
    The GNU C Library
    =================
    
    The GNU C Library version 2.36 is now available.
    
    The GNU C Library is used as *the* C library in the GNU system and
    in GNU/Linux systems, as well as many other systems that use Linux
    as the kernel.
    
    The GNU C Library is primarily designed to be a portable
    and high performance C library.  It follows all relevant
    standards including ISO C11 and POSIX.1-2017.  It is also
    internationalized and has one of the most complete
    internationalization interfaces known.
    
    The GNU C Library webpage is at http://www.gnu.org/software/libc/
    
    Packages for the 2.36 release may be downloaded from:
            http://ftpmirror.gnu.org/libc/
            http://ftp.gnu.org/gnu/libc/
    
    The mirror list is at http://www.gnu.org/order/ftp.html
    
    NEWS for version 2.36
    =====================
    
    Major new features:
    
    * Support for DT_RELR relative relocation format has been added to
      glibc.  This is a new ELF dynamic tag that improves the size of
      relative relocations in shared object files and position independent
      executables (PIE).  DT_RELR generation requires linker support for
      -z pack-relative-relocs option, which is supported for some targets
      in recent binutils versions.  Lazy binding doesn't apply to DT_RELR.
    
    * On Linux, the pidfd_open, pidfd_getfd, and pidfd_send_signal functions
      have been added.  The pidfd functionality provides access to a process
      while avoiding the issue of PID reuse on tranditional Unix systems.
    
    * On Linux, the process_madvise function has been added. It has the
      same functionality as madvise but alters the target process identified
      by the pidfd.
    
    * On Linux, the process_mrelease function has been added.  It allows a
      caller to release the memory of a dying process.  The release of the
      memory is carried out in the context of the caller, using the caller's
      CPU affinity, and priority with CPU usage accounted to the caller.
    
    * The “no-aaaa” DNS stub resolver option has been added.  System
      administrators can use it to suppress AAAA queries made by the stub
      resolver, including AAAA lookups triggered by NSS-based interfaces
      such as getaddrinfo.  Only DNS lookups are affected: IPv6 data in
      /etc/hosts is still used, getaddrinfo with AI_PASSIVE will still
      produce IPv6 addresses, and configured IPv6 name servers are still
      used.  To produce correct Name Error (NXDOMAIN) results, AAAA queries
      are translated to A queries.  The new resolver option is intended
      primarily for diagnostic purposes, to rule out that AAAA DNS queries
      have adverse impact.  It is incompatible with EDNS0 usage and DNSSEC
      validation by applications.
    
    * On Linux, the fsopen, fsmount, move_mount, fsconfig, fspick, open_tree,
      and mount_setattr have been added.  They are part of the new Linux kernel
      mount APIs that allow applications to more flexibly configure and operate
      on filesystem mounts.  The new mount APIs are specifically designed to work
      with namespaces.
    
    * localedef now accepts locale definition files encoded in UTF-8.
      Previously, input bytes not within the ASCII range resulted in
      unpredictable output.
    
    * Support for the mbrtoc8 and c8rtomb multibyte/UTF-8 character conversion
      functions has been added per the ISO C2X N2653 and C++20 P0482R6 proposals.
      Support for the char8_t typedef has been added per the ISO C2X N2653
      proposal.  The functions are declared in uchar.h in C2X mode or when the
      _GNU_SOURCE macro or C++20 __cpp_char8_t feature test macro is defined.
      The char8_t typedef is declared in uchar.h in C2X mode or when the
      _GNU_SOURCE macro is defined and the C++20 __cpp_char8_t feature test macro
      is not defined (if __cpp_char8_t is defined, then char8_t is a builtin type).
    
    * The functions arc4random, arc4random_buf, and arc4random_uniform have been
      added.  The functions wrap getrandom and/or /dev/urandom to return high-
      quality randomness from the kernel.
    
    * Support for LoongArch running on Linux has been added.  This port requires
      as least binutils 2.38, GCC 12, and Linux 5.19.  Currently only hard-float
      ABI is supported:
    
        - loongarch64-linux-gnu
    
      The LoongArch ABI is 64-bit little-endian.
    
    Deprecated and removed features, and other changes affecting compatibility:
    
    * Support for prelink will be removed in the next release; this includes
      removal of the LD_TRACE_PRELINKING, and LD_USE_LOAD_BIAS, environment
      variables and their functionality in the dynamic loader.
    
    * The Linux kernel version check has been removed along with the
      LD_ASSUME_KERNEL environment variable.  The minimum kernel used to built
      glibc is still provided through NT_GNU_ABI_TAG ELF note and also printed
      when libc.so is issued directly.
    
    * On Linux, The LD_LIBRARY_VERSION environment variable has been removed.
    
    The following bugs are resolved with this release:
    
      [14932] dynamic-link: dlsym(handle, "foo") and dlsym(RTLD_NEXT, "foo")
        return different result with versioned "foo"
      [16355] libc: syslog.h's SYSLOG_NAMES namespace violation and utter
        mess
      [23293] dynamic-link: aarch64: getauxval is broken when run as ld.so
        ./exe and ld.so adjusts argv on the stack
      [24595] nptl: [2.28 Regression]: Deadlock in atfork handler which
        calls dlclose
      [25744] locale: mbrtowc with Big5-HKSCS returns 2 instead of 1 when
        consuming the second byte of certain double byte characters
      [25812] stdio: Libio vtable protection is sometimes only partially
        enforced
      [27054] libc: pthread_atfork handlers that call pthread_atfork
        deadlock
      [27924] dynamic-link: ld.so: Support DT_RELR relative relocation
        format
      [28128] build: declare_symbol_alias doesn't work for assembly codes
      [28566] network: getnameinfo with NI_NOFQDN is not thread safe
      [28752] nss: Segfault in getpwuid when stat fails
      [28815] libc: realpath should not copy to resolved buffer on error
      [28828] stdio: fputwc crashes
      [28838] libc: FAIL: elf/tst-p_align3
      [28845] locale: ld-monetary.c should be updated to match ISO C and
        other standards.
      [28850] libc: linux: __get_nprocs_sched reads uninitialized memory
        from the stack
      [28852] libc: getaddrinfo leaks memory with AI_ALL
      [28853] libc: tst-spawn6 changes current foreground process group
        (breaks test isolation)
      [28857] libc: FAIL: elf/tst-audit24a
      [28860] build: --enable-kernel=5.1.0 build fails because of missing
        __convert_scm_timestamps
      [28865] libc: linux: _SC_NPROCESSORS_CONF and _SC_NPROCESSORS_ONLN are
        inaccurate without /sys and /proc
      [28868] dynamic-link: Dynamic loader DFS algorithm segfaults on
        missing libraries
      [28880] libc: Program crashes if date beyone 2038
      [28883] libc: sysdeps/unix/sysv/linux/select.c: __select64
        !__ASSUME_TIME64_SYSCALLS && !__ASSUME_PSELECT fails on Microblaze
      [28896] string: strncmp-avx2-rtm and wcsncmp-avx2-rtm fallback on non-
        rtm variants when avoiding overflow
      [28922] build: The .d dependency files aren't always generated
      [28931] libc: hosts lookup broken for SUCCESS=CONTINUE and
        SUCCESS=MERGE
      [28936] build: nm: No such file
      [28950] localedata: Add locale for ISO code "tok" (Toki Pona)
      [28953] nss: NSS lookup result can be incorrect if function lookup
        clobbers errno
      [28970] math: benchtest: libmvec benchmark doesn't build with make
        bench.
      [28991] libc: sysconf(_SC_NPROCESSORS_CONF) should read
        /sys/devices/system/cpu/possible
      [28993] libc: closefrom() iterates until max int if no access to
        /proc/self/fd/
      [28996] libc: realpath fails to copy partial result to resolved buffer
        on ENOENT and EACCES
      [29027] math: [ia64] fabs fails with sNAN input
      [29029] nptl: poll() spuriously returns EINTR during thread
        cancellation and with cancellation disabled
      [29030] string: GLIBC 2.35 regression - Fortify crash on certain valid
        uses of mbsrtowcs (*** buffer overflow detected ***: terminated)
      [29062] dynamic-link: Memory leak in _dl_find_object_update if object
        is promoted to global scope
      [29069] libc: fstatat64_time64_statx wrapper broken on MIPS N32 with
        -D_FILE_OFFSET_BITS=64 and -D_TIME_BITS=64
      [29071] dynamic-link: m68k: Removal of ELF_DURING_STARTUP optimization
        broke ld.so
      [29097] time: fchmodat does not handle 64 bit time_t for
        AT_SYMLINK_NOFOLLOW
      [29109] libc: posix_spawn() always returns 1 (EPERM) on clone()
        failure
      [29141] libc: _FORTIFY_SOURCE=3 fail for gcc 12/glibc 2.35
      [29162] string: [PATCH] string.h syntactic error:
        include/bits/string_fortified.h:110: error: expected ',' or ';'
        before '__fortified_attr_access'
      [29165] libc: [Regression] broken argv adjustment
      [29187] dynamic-link: [regression] broken argv adjustment for nios2
      [29193] math: sincos produces a different output than sin/cos
      [29197] string: __strncpy_power9() uses uninitialised register vs18
        value for filling after \0
      [29203] libc: daemon is not y2038 aware
      [29204] libc: getusershell is not 2038 aware
      [29207] libc: posix_fallocate fallback implementation is not y2038
        aware
      [29208] libc: fpathconf(_PC_ASYNC_IO) is not y2038 aware
      [29209] libc: isfdtype is not y2038 aware
      [29210] network: ruserpass is not y2038 aware
      [29211] libc: __open_catalog is not y2038 aware
      [29213] libc: gconv_parseconfdir is not y2038 aware
      [29214] nptl: pthread_setcanceltype fails to set type
      [29225] network: Mistyped define statement in socket/sys/socket.h in
        line 184
      [29274] nptl: __read_chk is not a cancellation point
      [29279] libc: undefined reference to `mbstowcs_chk' after
        464d189b9622932a75302290625de84931656ec0
      [29304] libc: mq_timedreceive does not handle 64 bit syscall return
        correct for !__ASSUME_TIME64_SYSCALLS
      [29403] libc: st_atim, st_mtim, st_ctim stat struct members are
        missing on microblaze with largefile
    
    Release Notes
    =============
    
    https://sourceware.org/glibc/wiki/Release/2.36
    
    Contributors
    ============
    
    This release was made possible by the contributions of many people.
    The maintainers are grateful to everyone who has contributed
    changes or bug reports.  These include:
    
    =Joshua Kinard
    Adhemerval Zanella
    Adhemerval Zanella Netto
    Alan Modra
    Andreas Schwab
    Arjun Shankar
    Arnout Vandecappelle (Essensium/Mind)
    Carlos O'Donell
    Cristian Rodríguez
    DJ Delorie
    Danila Kutenin
    Darius Rad
    Dmitriy Fedchenko
    Dmitry V. Levin
    Emil Soleyman-Zomalan
    Fangrui Song
    Florian Weimer
    Gleb Fotengauer-Malinovskiy
    Guilherme Janczak
    H.J. Lu
    Ilyahoo Proshel
    Jason A. Donenfeld
    Joan Bruguera
    John David Anglin
    Jonathan Wakely
    Joseph Myers
    José Bollo
    Kito Cheng
    Maciej W. Rozycki
    Mark Wielaard
    Matheus Castanho
    Max Gautier
    Michael Hudson-Doyle
    Nicholas Guriev
    Noah Goldstein
    Paul E. Murphy
    Raghuveer Devulapalli
    Ricardo Bittencourt
    Sam James
    Samuel Thibault
    Sergei Trofimovich
    Siddhesh Poyarekar
    Stafford Horne
    Stefan Liebler
    Steve Grubb
    Su Lifan
    Sunil K Pandey
    Szabolcs Nagy
    Tejas Belagod
    Tom Coldrick
    Tom Honermann
    Tulio Magno Quites Machado Filho
    WANG Xuerui
    Wangyang Guo
    Wilco Dijkstra
    Xi Ruoyao
    Xiaoming Ni
    Yang Yanchao
    caiyinyu
    
    
  • glibc-2.35.9000
    Open master branch for glibc 2.36 development
    
  • glibc-2.35
    The GNU C Library version 2.35 is now available
    
    The GNU C Library
    =================
    
    The GNU C Library version 2.35 is now available.
    
    The GNU C Library is used as *the* C library in the GNU system and
    in GNU/Linux systems, as well as many other systems that use Linux
    as the kernel.
    
    The GNU C Library is primarily designed to be a portable
    and high performance C library.  It follows all relevant
    standards including ISO C11 and POSIX.1-2017.  It is also
    internationalized and has one of the most complete
    internationalization interfaces known.
    
    The GNU C Library webpage is at http://www.gnu.org/software/libc/
    
    Packages for the 2.35 release may be downloaded from:
            http://ftpmirror.gnu.org/libc/
            http://ftp.gnu.org/gnu/libc/
    
    The mirror list is at http://www.gnu.org/order/ftp.html
    
    NEWS for version 2.35
    =====================
    
    Major new features:
    
    * Unicode 14.0.0 Support: Character encoding, character type info, and
      transliteration tables are all updated to Unicode 14.0.0, using
      generator scripts contributed by Mike FABIAN (Red Hat).
    
    * Bump r_version in the debugger interface to 2 and add a new field,
      r_next, support multiple namespaces.
    
    * Support for the C.UTF-8 locale has been added to glibc.  The locale
      supports full code-point sorting for all valid Unicode code points.  A
      limitation in the framework for fnmatch, regexec, and regcomp requires
      a compromise to save space and only ASCII-based range expressions are
      supported for now (see bug 28255).  The full size of the locale is
      only ~400KiB, with 346KiB coming from LC_CTYPE information for
      Unicode.  This locale harmonizes downstream C.UTF-8 already shipping
      in various downstream distributions.  The locale is not built into
      glibc, and must be installed.
    
    * <math.h> functions that round their results to a narrower type, and
      corresponding <tgmath.h> macros, are added from TS 18661-1:2014, TS
      18661-3:2015 and draft ISO C2X:
    
      - fsqrt, fsqrtl, dsqrtl and corresponding fMsqrtfN, fMsqrtfNx,
        fMxsqrtfN and fMxsqrtfNx functions.
    
      - ffma, ffmal, dfmal and corresponding fMfmafN, fMfmafNx, fMxfmafN and
        fMxfmafNx functions.
    
    * <math.h> functions for floating-point maximum and minimum,
      corresponding to new operations in IEEE 754-2019, and corresponding
      <tgmath.h> macros, are added from draft ISO C2X: fmaximum,
      fmaximum_num, fmaximum_mag, fmaximum_mag_num, fminimum, fminimum_num,
      fminimum_mag, fminimum_mag_num and corresponding functions for float,
      long double, _FloatN and _FloatNx.
    
    * <math.h> macros for single-precision float constants are added as a
      GNU extension: M_Ef, M_LOG2Ef, M_LOG10Ef, M_LN2f, M_LN10f, M_PIf,
      M_PI_2f, M_PI_4f, M_1_PIf, M_2_PIf, M_2_SQRTPIf, M_SQRT2f and
      M_SQRT1_2f.
    
    * The __STDC_IEC_60559_BFP__ and __STDC_IEC_60559_COMPLEX__ macros are
      predefined as specified in TS 18661-1:2014.
    
    * The exp10 functions in <math.h> now have a corresponding type-generic
      macro in <tgmath.h>.
    
    * The ISO C2X macro _PRINTF_NAN_LEN_MAX has been added to <stdio.h>.
    
    * printf-family functions now support the %b format for output of
      integers in binary, as specified in draft ISO C2X, and the %B variant
      of that format recommended by draft ISO C2X.
    
    * A new DSO sorting algorithm has been added in the dynamic linker that uses
      topological sorting by depth-first search (DFS), solving performance issues
      of the existing sorting algorithm when encountering particular circular
      object dependency cases.
    
    * A new tunable, glibc.rtld.dynamic_sort, can be used to select between
      the two DSO sorting algorithms.  The default setting of '2' uses the
      new DFS-based algorithm.  The setting '1' switches to the old
      algorithm used in glibc 2.33 and earlier.
    
    * ABI support for a new function '__memcmpeq'. '__memcmpeq' is meant
      to be used by compilers for optimizing usage of 'memcmp' when its
      return value is only used for its boolean status.
    
    * Support for automatically registering threads with the Linux rseq
      system call has been added.  This system call is implemented starting
      from Linux 4.18.  The Restartable Sequences ABI accelerates user-space
      operations on per-cpu data.  It allows user-space to perform updates
      on per-cpu data without requiring heavy-weight atomic operations.
      Automatically registering threads allows all libraries, including
      libc, to make immediate use of the rseq support by using the
      documented ABI, via the __rseq_flags, __rseq_offset, and __rseq_size
      variables.  The GNU C Library manual has details on integration of
      Restartable Sequences.
    
    * A symbolic link to the dynamic linker is now installed under
      /usr/bin/ld.so (or more precisely, '${bindir}/ld.so').
    
    * All programs and the testsuite in glibc are now built as position independent
      executables (PIE) by default on toolchains and architectures that support it.
      Further, if the toolchain and architecture supports it, even static programs
      are built as PIE and the resultant glibc can be used to build static PIE
      executables.  A new option --disable-default-pie has been added to disable
      this behavior and get a non-PIE build.  This option replaces
      --enable-static-pie, which no longer has any effect on the build
      configuration.
    
    * On Linux, a new tunable, glibc.malloc.hugetlb, can be used to
      either make malloc issue madvise plus MADV_HUGEPAGE on mmap and sbrk
      or to use huge pages directly with mmap calls with the MAP_HUGETLB
      flags).  The former can improve performance when Transparent Huge Pages
      is set to 'madvise' mode while the latter uses the system reserved
      huge pages.
    
    * The printf family of functions now handles the flagged %#m conversion
      specifier, printing errno as an error constant (similar to strerrorname_np).
    
    * The function _dl_find_object has been added.  In-process unwinders
      can use it to efficiently locate unwinding information for a code
      address.
    
    * Support for OpenRISC running on Linux has been added.  This port requires
      as least binutils 2.35, GCC 11, and Linux 5.4.  Currently only soft-float
      ABI is supported:
    
        - or1k-linux-gnu
    
      The OpenRISC ABI is 32-bit big-endian and uses 64-bit time (y2038 safe) and
      64-bit file offsets (LFS default).
    
    * A new configure option, --with-rtld-early-cflags, can be used to
      specify additional compiler flags for building the early startup code
      of the dynamic linker.  On targets which have CPU compatibility
      checks, this can help to ensure that proper diagnostics are printed if
      the dynamic loader runs on an incompatible CPU.
    
    * On Linux, the epoll_pwait2 function has been added.  It is similar to
      epoll_wait with the difference the timeout has nanoseconds resolution.
    
    * The function posix_spawn_file_actions_addtcsetpgrp_np has been added,
      enabling posix_spawn and posix_spawnp to set the controlling terminal in
      the new process in a race free manner.  This function is a GNU extension.
    
    * Source fortification (_FORTIFY_SOURCE) level 3 is now available for
      applications compiling with glibc and gcc 12 and later. Level 3 leverages
      the __builtin_dynamic_object_size function to deliver additional
      fortification balanced against additional runtime cost (checking non-constant
      bounds).
    
    Deprecated and removed features, and other changes affecting compatibility:
    
    * On x86-64, the LD_PREFER_MAP_32BIT_EXEC environment variable support
      has been removed since the first PT_LOAD segment is no longer executable
      due to defaulting to -z separate-code.
    
    * The r_version update in the debugger interface makes the glibc binary
      incompatible with GDB binaries built without the following commits:
    
      c0154a4a21a gdb: Don't assume r_ldsomap when r_version > 1 on Linux
      4eb629d50d4 gdbserver: Check r_version < 1 for Linux debugger interface
    
      when audit modules or dlmopen are used.
    
    * Intel MPX support (lazy PLT, ld.so profile, and LD_AUDIT) has been removed.
    
    * The --enable-static-pie option is no longer available.  The glibc build
      configuration script now automatically detects static-pie support in the
      toolchain and architecture and enables it if available.
    
    * The catchsegv script and associated libSegFault.so shared object have
      been removed.  There are widely-deployed out-of-process alternatives for
      catching coredumps and backtraces.
    
    * Support for prelink will be removed in the next release; this includes
      removal of the LD_TRACE_PRELINKING, and LD_USE_LOAD_BIAS, environment
      variables and their functionality in the dynamic loader.
    
    Changes to build and runtime requirements:
    
    * The audit module interface version LAV_CURRENT is increased to enable
      proper bind-now support.  The loader now advertises via the la_symbind
      flags that PLT trace is not possible.  New audit modules require the
      new dynamic loader supporing the latest LAV_CURRENT version. Old audit
      modules are still loaded for all targets except aarch64.
    
    * The audit interface on aarch64 is extended to support both the indirect
      result location register (x8) and NEON Q register.  Old audit modules are
      rejected by the loader.  Audit modules must be rebuilt to use the newer
      structure sizes and the latest module interface version for LAV_CURRENT.
    
    Security related changes:
    
      CVE-2022-23219: Passing an overlong file name to the clnt_create
      legacy function could result in a stack-based buffer overflow when
      using the "unix" protocol.  Reported by Martin Sebor.
    
      CVE-2022-23218: Passing an overlong file name to the svcunix_create
      legacy function could result in a stack-based buffer overflow.
    
      CVE-2021-3998: Passing a path longer than PATH_MAX to the realpath
      function could result in a memory leak and potential access of
      uninitialized memory.  Reported by Qualys.
    
      CVE-2021-3999: Passing a buffer of size exactly 1 byte to the getcwd
      function may result in an off-by-one buffer underflow and overflow
      when the current working directory is longer than PATH_MAX and also
      corresponds to the / directory through an unprivileged mount
      namespace.  Reported by Qualys.
    
    The following bugs are resolved with this release:
    
      [12889] nptl: Race condition in pthread_kill
      [14232] nptl: tst-cancel7 and tst-cancelx7 race condition
      [14913] libc: [mips] Clean up MIPS 64-bit register-dump.h output
      [15310] dynamic-link: _dl_sort_fini is O(n^3) causing slow exit when
        many dsos
      [15333] libc: Use 64-bit stat functions in installed programs
      [15533] dynamic-link: LD_AUDIT introduces an avoidable performance
        degradation
      [15971] dynamic-link: No interface for debugger access to libraries
        loaded with dlmopen
      [17318] locale: [RFE] Provide a C.UTF-8 locale by default
      [17645] dynamic-link: RFE: Improve performance of dynamic loader for
        deeply nested DSO dependencies.
      [19193] nptl: pthread_kill, pthread_cancel return ESRCH for a thread
        ID whose lifetime has not ended
      [22542] network: buffer overflow in sunrpc clnt_create
        (CVE-2022-23219)
      [22716] malloc: [PATCH] mtrace.pl: use TRACE_PRELINKING instead of
        TRACE_LOADED_OBJECTS
      [25947] malloc: memory leak in muntrace
      [26045] math: fmaxf(inf, nan) does not always work
      [26108] math: exp10() has problems with <tgmath.h>
      [26779] build: benign use after realloc at localealias.c:329
      [27609] dynamic-link: [2.32/2.33/2.34 Regression] In elf/dl-open.c
        (_dl_open) we might use __LM_ID_CALLER to index GL(dl_ns)[]
      [27945] build: build-many-glibcs.py doesn't configure GCC with
        --enable-initfini-array
      [27991] build: x86: sysdeps/x86/configure.ac breaks when
        libc_cv_include_x86_isa_level is loaded from cache
      [28036] nptl: Incorrect types for pthread_mutexattr_set/getrobust_np
        in __REDIRECT_NTH macro
      [28061] dynamic-link: A failing dlmopen called by an auditor crashed
      [28062] dynamic-link: Suppress audit calls when a (new) namespace is
        empty
      [28126] libc: nftw aborts for paths longer than PATH_MAX
      [28129] dynamic-link: Unnecessary check DT_DEBUG in ld.so
      [28153] libc: [test] gmon/tst-gmon-gprof* may have a f3 line when
        built with ld.lld
      [28182] libc: _TIME_BITS=64 in C++ has issues with fcntl, ioctl, prctl
      [28185] math: Inaccurate j0f function (again)
      [28199] locale: iconvconfig prefix flag behaves differently in glibc
        2.34
      [28203] dynamic-link: aarch64: elf_machine_{load_address,dynamic}
        should drop _GLOBAL_OFFSET_TABLE_[0] in favor of __ehdr_start for
        robustness
      [28213] librt: NULL pointer dereference in mq_notify (CVE-2021-38604)
      [28223] libc: mips: clone does not align stack
      [28253] dynamic-link: Missing colon in LD_SHOW_AUXV output after
        AT_MINSIGSTKSZ
      [28256] malloc: Conditional jump or move depends on uninitialised
        value(s) in __GI___tunables_init
      [28260] build: io/tst-closefrom, misc/tst-close_range, posix/tst-
        spawn5 fail if stray fds are open
      [28310] libc: Do not use affinity mask for sysconf
        (_SC_NPROCESSORS_CONF)
      [28338] time: undefined behavior in __tzfile_compute with oddball TZif
        file
      [28340] dynamic-link: ld.so crashes while loading a DSO with a read-
        only dynamic section
      [28349] libc: Segfault for ping -R on qemux86 caused by recvmsg()
      [28350] libc: ping receives SIGABRT on lib32-qemux86-64 caused by
        recvmsg()
      [28353] network: Race condition on __opensock
      [28357] dynamic-link: deadlock between pthread_create and ctors
      [28358] math: f64xdivf128 and f64xmulf128 spurious underflows
      [28361] nptl: Fix for bug 12889 causes setxid deadlock
      [28368] build: -Waddress instances in stdio-common/vfprintf-internal.c
      [28390] localedata: Update locale data to Unicode 14.0.0
      [28397] math: tgmath.h should not define fmaxmag, fminmag macros for
        C2X
      [28400] libc: [2.35 Regression] string/test-strncasecmp: cannot set
        locale "en_US.UTF-8"
      [28407] nptl: pthread_kill assumes that kill (getpid ()) is equivalent
        to tgkill (getpid (), gettid())
      [28455] dynamic-link: -Wl,--enable-new-dtags doesn't work
      [28457] dynamic-link: Missing reldepmod4.so dependency for
        globalmod1.so
      [28469] time: linux: struct timex is not correctly set for 32-bit
        systems with TIMESIZE=64
      [28470] regex: Buffer read overrun in regular expression searching
      [28475] string: Incorrect access attribute on memfrob
      [28524] libc: Conversion from ISO-2022-JP-3 with iconv may emit
        spurious NUL character on state reset
      [28532] libc: powerpc64[le]: CFI for assembly templated syscalls is
        incorrect
      [28550] dynamic-link: FAIL: tst-dso-
        ordering9_112-ecbda(GLIBC_TUNABLES=glibc.rtld.dynamic_sort=1)
        execution test
      [28554] build: Undefined generate-md5
      [28572] libc: Misaligned accesses in test-memcpy and test-mempcpy on
        hppa
      [28607] nptl: Masked signals are delivered on thread exit
      [28624] libc: openjdk 8/9 assume uni processor and gets stuck due to
        lack of cpu counting /proc fallback with glibc 2.34
      [28646] string: [2.35 Regression] mock -r fedora-36-x86_64
        /tmp/java-1.8.0-openjdk-1.8.0.312.b07-2.fc36.src.rpm& fails to build
      [28648] dynamic-link: Running ld.so on statically linked binaries
        crashes
      [28656] dynamic-link: LD_PREFER_MAP_32BIT_EXEC no longer works due to
        binutils changes
      [28676] dynamic-link: p_align on PT_LOAD segment in DSO isn't honored
      [28678] nptl: nptl/tst-create1 hangs sporadically
      [28688] dynamic-link: PT_LOAD p_align check is too strict
      [28700] nss: "dns [!UNAVAIL=return] files" default for hosts database
        is not useful
      [28707] time: assert in tzfile.c __tzfile_read striking with truncated
        timezones generated by tzcode-2021d and later
      [28713] math: GCC 12 miscompiles libm
      [28732] dynamic-link: FAIL: elf/tst-dl_find_object
      [28738] build: LIBC_LINKER_FEATURE doesn't work on linker -z option
      [28745] dynamic-link: _dl_find_object miscompilation on powerpc64le
      [28746] libc: _FORTIFY_SOURCE does not work for stpcpy
      [28749] libc: Inconsistency detected by ld.so: rtld.c: 1632: dl_main:
        Assertion `GL(dl_rtld_map).l_libname' failed!
      [28755] string: overflow bug in wcsncmp_avx2 and wcsncmp_evex
      [28757] nptl: GDB printer tests failed with new GDB
      [28765] math: x86_64 libmvec atan2 accuracy
      [28766] manual: Document libmvec accuracy
      [28768] network: Buffer overflow in svcunix_create with long pathnames
        (CVE-2022-23218)
      [28769] libc: Off-by-one buffer overflow/underflow in getcwd()
        (CVE-2021-3999)
      [28770] libc: Unexpected return value from realpath() for too long
        results (CVE-2021-3998)
      [28771] libc: %ebx optimization macros are incompatible with .altmacro
        in Systemtap probes
      [28780] build: --disable-default-pie doesn't work on static programs
      [28782] libc: x86-64 ISA level for glibc itself is always
        x86-64-baseline
      [28792] glob: possible wrong behaviour with patterns with double [
        with no closing ]
      [28837] libc: FAIL: socket/tst-socket-timestamp-compat
      [28847] locale: Empty mon_decimal_point in LC_MONETARY results in non-
        empty mon_decimal_point_wc
    
    Release Notes
    =============
    
    https://sourceware.org/glibc/wiki/Release/2.35
    
    Contributors
    ============
    
    This release was made possible by the contributions of many people.
    The maintainers are grateful to everyone who has contributed
    changes or bug reports.  These include:
    
    Adhemerval Zanella
    Akila Welihinda
    Alexandra Hájková
    Andrea Monaco
    Andreas Schwab
    Anton Blanchard
    Arjun Shankar
    Aurelien Jarno
    Ben Woodard
    Carlos O'Donell
    Chung-Lin Tang
    Cristian Rodríguez
    DJ Delorie
    Fangrui Song
    Florian Weimer
    H.J. Lu
    Hans-Peter Nilsson
    Jangwoong Kim
    Jiaxun Yang
    John David Anglin
    Jonathan Wakely
    Joseph Myers
    Khem Raj
    Kurt Kanzenbach
    Luca Boccassi
    Mark Wielaard
    Martin Sebor
    Matheus Castanho
    Matt Whitlock
    Maxim Kuvyrkov
    Michael Kerrisk
    Mike FABIAN
    Naohiro Tamura
    Naohiro Tamura via Libc-alpha
    Nart Tlisha
    Nikita Popov
    Noah Goldstein
    Patrick McGehearty
    Paul A. Clarke
    Paul E. Murphy
    Paul Eggert
    Paul Zimmermann
    Robbie Harwood
    Romain GEISSLER
    Rongwei Wang
    Samuel Thibault
    Sergey Bugaev
    Siddhesh Poyarekar
    Stafford Horne
    Stefan Liebler
    Sunil K Pandey
    Szabolcs Nagy
    Thomas Petazzoni
    Tulio Magno Quites Machado Filho
    Wilco Dijkstra
    Xi Ruoyao
    maminjie
    
    
  • glibc-2.34.9000
    Open master branch for glibc 2.35 development
    
  • glibc-2.34
    The GNU C Library version 2.34 is now available
    
    The GNU C Library
    =================
    
    The GNU C Library version 2.34 is now available.
    
    The GNU C Library is used as *the* C library in the GNU system and
    in GNU/Linux systems, as well as many other systems that use Linux
    as the kernel.
    
    The GNU C Library is primarily designed to be a portable
    and high performance C library.  It follows all relevant
    standards including ISO C11 and POSIX.1-2017.  It is also
    internationalized and has one of the most complete
    internationalization interfaces known.
    
    The GNU C Library webpage is at http://www.gnu.org/software/libc/
    
    Packages for the X.Y release may be downloaded from:
            http://ftpmirror.gnu.org/libc/
            http://ftp.gnu.org/gnu/libc/
    
    The mirror list is at http://www.gnu.org/order/ftp.html
    
    NEWS for version 2.34
    =====================
    
    Major new features:
    
    * In order to support smoother in-place-upgrades and to simplify
      the implementation of the runtime all functionality formerly
      implemented in the libraries libpthread, libdl, libutil, libanl has
      been integrated into libc.  New applications do not need to link with
      -lpthread, -ldl, -lutil, -lanl anymore.  For backwards compatibility,
      empty static archives libpthread.a, libdl.a, libutil.a, libanl.a are
      provided, so that the linker options keep working.  Applications which
      have been linked against glibc 2.33 or earlier continue to load the
      corresponding shared objects (which are now empty).  The integration
      of those libraries into libc means that additional symbols become
      available by default.  This can cause applications that contain weak
      references to take unexpected code paths that would only have been
      used in previous glibc versions when e.g. preloading libpthread.so.0,
      potentially exposing application bugs.
    
    * When _DYNAMIC_STACK_SIZE_SOURCE or _GNU_SOURCE are defined,
      PTHREAD_STACK_MIN is no longer constant and is redefined to
      sysconf(_SC_THREAD_STACK_MIN).  This supports dynamic sized register
      sets for modern architectural features like Arm SVE.
    
    * Add _SC_MINSIGSTKSZ and _SC_SIGSTKSZ.  When _DYNAMIC_STACK_SIZE_SOURCE
      or _GNU_SOURCE are defined, MINSIGSTKSZ and SIGSTKSZ are no longer
      constant on Linux.  MINSIGSTKSZ is redefined to sysconf(_SC_MINSIGSTKSZ)
      and SIGSTKSZ is redefined to sysconf (_SC_SIGSTKSZ).  This supports
      dynamic sized register sets for modern architectural features like
      Arm SVE.
    
    * The dynamic linker implements the --list-diagnostics option, printing
      a dump of information related to IFUNC resolver operation and
      glibc-hwcaps subdirectory selection.
    
    * On Linux, the function execveat has been added.  It operates similar to
      execve and it is is already used to implement fexecve without requiring
      /proc to be mounted.  However, different than fexecve, if the syscall is not
      supported by the kernel an error is returned instead of trying a fallback.
    
    * The ISO C2X function timespec_getres has been added.
    
    * The feature test macro __STDC_WANT_IEC_60559_EXT__, from draft ISO
      C2X, is supported to enable declarations of functions defined in Annex F
      of C2X.  Those declarations are also enabled when
      __STDC_WANT_IEC_60559_BFP_EXT__, as specified in TS 18661-1, is
      defined, and when _GNU_SOURCE is defined.
    
    * On powerpc64*, glibc can now be compiled without scv support using the
      --disable-scv configure option.
    
    * Add support for 64-bit time_t on configurations like x86 where time_t
      is traditionally 32-bit.  Although time_t still defaults to 32-bit on
      these configurations, this default may change in future versions.
      This is enabled with the _TIME_BITS preprocessor macro set to 64 and is
      only supported when LFS (_FILE_OFFSET_BITS=64) is also enabled.  It is
      only enabled for Linux and the full support requires a minimum kernel
      version of 5.1.
    
    * The main gconv-modules file in glibc now contains only a small set of
      essential converter modules and the rest have been moved into a supplementary
      configuration file gconv-modules-extra.conf in the gconv-modules.d directory
      in the same GCONV_PATH.  Similarly, external converter modules directories
      may have supplementary configuration files in a gconv-modules.d directory
      with names ending with .conf to logically classify the converter modules in
      that directory.
    
    * On Linux, a new tunable, glibc.pthread.stack_cache_size, can be used
      to configure the size of the thread stack cache.
    
    * The function _Fork has been added as an async-signal-safe fork replacement
      since Austin Group issue 62 droped the async-signal-safe requirement for
      fork (and it will be included in the future POSIX standard).  The new _Fork
      function does not run any atfork function neither resets any internal state
      or lock (such as the malloc one), and only sets up a minimal state required
      to call async-signal-safe functions (such as raise or execve).  This function
      is currently a GNU extension.
    
    * On Linux, the close_range function has been added.  It allows efficiently
      closing a range of file descriptors on recent kernels (version 5.9).
    
    * The function closefrom has been added.  It closes all file descriptors
      greater than or equal to a given integer.  This function is a GNU extension,
      although it is also present in other systems.
    
    * The posix_spawn_file_actions_addclosefrom_np function has been added,
      enabling posix_spawn and posix_spawnp to close all file descriptors greater
      than or equal to a given integer.  This function is a GNU extension,
      although Solaris also provides a similar function.
    
    Deprecated and removed features, and other changes affecting compatibility:
    
    * The function pthread_mutex_consistent_np has been deprecated; programs
      should use the equivalent standard function pthread_mutex_consistent
      instead.
    
    * The function pthread_mutexattr_getrobust_np has been deprecated;
      programs should use the equivalent standard function
      pthread_mutexattr_getrobust instead.
    
    * The function pthread_mutexattr_setrobust_np has been deprecated;
      programs should use the equivalent standard function
      pthread_mutexattr_setrobust instead.
    
    * The function pthread_yield has been deprecated; programs should use
      the equivalent standard function sched_yield instead.
    
    * The function inet_neta declared in <arpa/inet.h> has been deprecated.
    
    * Various rarely-used functions declared in <resolv.h> and
      <arpa/nameser.h> have been deprecated.  Applications are encouraged to
      use dedicated DNS processing libraries if applicable.  For <resolv.h>,
      this affects the functions dn_count_labels, fp_nquery, fp_query,
      fp_resstat, hostalias, loc_aton, loc_ntoa, p_cdname, p_cdnname,
      p_class, p_fqname, p_fqnname, p_option, p_query, p_rcode, p_time,
      p_type, putlong, putshort, res_hostalias, res_isourserver,
      res_nameinquery, res_queriesmatch, res_randomid, sym_ntop, sym_ntos,
      sym_ston.  For <arpa/nameser.h>, the functions ns_datetosecs,
      ns_format_ttl, ns_makecanon, ns_parse_ttl, ns_samedomain, ns_samename,
      ns_sprintrr, ns_sprintrrf, ns_subdomain have been deprecated.
    
    * Various symbols previously defined in libresolv have been moved to libc
      in order to prepare for libresolv moving entirely into libc (see earlier
      entry for merging libraries into libc).  The symbols __dn_comp,
      __dn_expand, __dn_skipname, __res_dnok, __res_hnok, __res_mailok,
      __res_mkquery, __res_nmkquery, __res_nquery, __res_nquerydomain,
      __res_nsearch, __res_nsend, __res_ownok, __res_query, __res_querydomain,
      __res_search, __res_send formerly in libresolv have been renamed and no
      longer have a __ prefix.  They are now available in libc.
    
    * The pthread cancellation handler is now installed with SA_RESTART and
      pthread_cancel will always send the internal SIGCANCEL on a cancellation
      request.  It should not be visible to applications since the cancellation
      handler should either act upon cancellation (if asynchronous cancellation
      is enabled) or ignore the cancellation internal signal.  However there are
      buggy kernel interfaces (for instance some CIFS versions) that could still
      see a spurious EINTR error when cancellation interrupts a blocking syscall.
    
    * Previously, glibc installed its various shared objects under versioned
      file names such as libc-2.33.so.  The ABI sonames (e.g., libc.so.6)
      were provided as symbolic links.  Starting with glibc 2.34, the shared
      objects are installed under their ABI sonames directly, without
      symbolic links.  This increases compatibility with distribution
      package managers that delete removed files late during the package
      upgrade or downgrade process.
    
    * The symbols mallwatch and tr_break are now deprecated and no longer used in
      mtrace.  Similar functionality can be achieved by using conditional
      breakpoints within mtrace functions from within gdb.
    
    * The __morecore and __after_morecore_hook malloc hooks and the default
      implementation __default_morecore have been removed from the API.  Existing
      applications will continue to link against these symbols but the interfaces
      no longer have any effect on malloc.
    
    * Debugging features in malloc such as the MALLOC_CHECK_ environment variable
      (or the glibc.malloc.check tunable), mtrace() and mcheck() have now been
      disabled by default in the main C library.  Users looking to use these
      features now need to preload a new debugging DSO libc_malloc_debug.so to get
      this functionality back.
    
    * The deprecated functions malloc_get_state and malloc_set_state have been
      moved from the core C library into libc_malloc_debug.so.  Legacy applications
      that still use these functions will now need to preload libc_malloc_debug.so
      in their environment using the LD_PRELOAD environment variable.
    
    * The deprecated memory allocation hooks __malloc_hook, __realloc_hook,
      __memalign_hook and __free_hook are now removed from the API.  Compatibility
      symbols are present to support legacy programs but new applications can no
      longer link to these symbols.  These hooks no longer have any effect on glibc
      functionality.  The malloc debugging DSO libc_malloc_debug.so currently
      supports hooks and can be preloaded to get this functionality back for older
      programs.  However this is a transitional measure and may be removed in a
      future release of the GNU C Library.  Users may port away from these hooks by
      writing and preloading their own malloc interposition library.
    
    Changes to build and runtime requirements:
    
    * On Linux, the shm_open, sem_open, and related functions now expect the
      file shared memory file system to be mounted at /dev/shm.  These functions
      no longer search among the system's mount points for a suitable
      replacement if /dev/shm is not available.
    
    Security related changes:
    
      CVE-2021-27645: The nameserver caching daemon (nscd), when processing
      a request for netgroup lookup, may crash due to a double-free,
      potentially resulting in degraded service or Denial of Service on the
      local system.  Reported by Chris Schanzle.
    
      CVE-2021-33574: The mq_notify function has a potential use-after-free
      issue when using a notification type of SIGEV_THREAD and a thread
      attribute with a non-default affinity mask.
    
      CVE-2021-35942: The wordexp function may overflow the positional
      parameter number when processing the expansion resulting in a crash.
      Reported by Philippe Antoine.
    
    The following bugs are resolved with this release:
    
      [4737] libc: fork is not async-signal-safe
      [5781] math: Slow dbl-64 sin/cos/sincos for special values
      [10353] libc: Methods for deleting all file descriptors greater than
        given integer (closefrom)
      [14185] glob: fnmatch() fails when '*' wildcard is applied on the file
        name containing multi-byte character(s)
      [14469] math: Inaccurate j0f function
      [14470] math: Inaccurate j1f function
      [14471] math: Inaccurate y0f function
      [14472] math: Inaccurate y1f function
      [14744] nptl: kill -32 $pid or kill -33 $pid on a process cancels a
        random thread
      [15271] dynamic-link: dlmopen()ed shared library with LM_ID_NEWLM
        crashes if it fails dlsym() twice
      [15648] nptl: multiple definition of `__lll_lock_wait_private'
      [16063] nptl: Provide a pthread_once variant in libc directly
      [17144] libc: syslog is not thread-safe if NO_SIGPIPE is not defined
      [17145] libc: syslog with LOG_CONS leaks console file descriptor
      [17183] manual: description of ENTRY struct in <search.h> in glibc
        manual is incorrect
      [18435] nptl: pthread_once hangs when init routine throws an exception
      [18524] nptl: Missing calloc error checking in
        __cxa_thread_atexit_impl
      [19329] dynamic-link: dl-tls.c assert failure at concurrent
        pthread_create and dlopen
      [19366] nptl: returning from a thread should disable cancellation
      [19511] nptl: 8MB memory leak in pthread_create in case of failure
        when non-root user changes priority
      [20802] dynamic-link: getauxval NULL pointer dereference after static
        dlopen
      [20813] nptl: pthread_exit is inconsistent between libc and libpthread
      [22057] malloc: malloc_usable_size is broken with mcheck
      [22668] locale: LC_COLLATE: the last character of ellipsis is not
        ordered correctly
      [23323] libc: [RFE] CSU startup hardening.
      [23328] malloc: Remove malloc hooks and ensure related APIs return no
        data.
      [23462] dynamic-link: Static binary with dynamic string tokens ($LIB,
        $PLATFORM, $ORIGIN) crashes
      [23489] libc: "gcc -lmcheck" aborts on free when using posix_memalign
      [23554] nptl: pthread_getattr_np reports wrong stack size with
        MULTI_PAGE_ALIASING
      [24106] libc: Bash interpreter in ldd script is taken from host
      [24773] dynamic-link: dlerror in an secondary namespace does not use
        the right free implementation
      [25036] localedata: Update collation order for Swedish
      [25383] libc: where_is_shmfs/__shm_directory/SHM_GET_NAME may cause
        shm_open to pick wrong directory
      [25680] dynamic-link: ifuncmain9picstatic and ifuncmain9picstatic
        crash in IFUNC resolver due to stack canary (--enable-stack-
        protector=all)
      [26874] build: -Warray-bounds in _IO_wdefault_doallocate
      [26983] math: [x86_64] x86_64 tgamma has too large ULP error
      [27111] dynamic-link: pthread_create and tls access use link_map
        objects that may be concurrently freed by dlclose
      [27132] malloc: memusagestat is linked to system librt, leading to
        undefined symbols on major version upgrade
      [27136] dynamic-link: dtv setup at thread creation may leave an entry
        uninitialized
      [27249] libc: libSegFault.so does not output signal number properly
      [27304] nptl: pthread_cond_destroy does not pass private flag to futex
        system calls
      [27318] dynamic-link: glibc fails to load binaries when built with
        -march=sandybridge:  CPU ISA level is lower than required
      [27343] nss: initgroups() SIGSEGVs when called on a system without
        nsswich.conf (in a chroot)
      [27346] dynamic-link: x86: PTWRITE feature check is missing
      [27389] network: NSS chroot hardening causes regressions in chroot
        deployments
      [27403] dynamic-link: aarch64: tlsdesc htab is not freed on dlclose
      [27444] libc: sysconf reports unsupported option (-1) for
        _SC_LEVEL1_ICACHE_LINESIZE on X86 since v2.33
      [27462] nscd: double-free in nscd (CVE-2021-27645)
      [27468] malloc: aarch64: realloc crash with heap tagging: FAIL:
        malloc/tst-malloc-thread-fail
      [27498] dynamic-link: __dl_iterate_phdr lacks unwinding information
      [27511] libc: S390 memmove assumes Vector Facility when MIE Facility 3
        is present
      [27522] glob: glob, glob64 incorrectly marked as __THROW
      [27555] dynamic-link: Static tests fail with --enable-stack-
        protector=all
      [27559] libc: fstat(AT_FDCWD) succeeds (it shouldn't) and returns
        information for the current directory
      [27577] dynamic-link: elf/ld.so --help doesn't work
      [27605] libc: tunables can't control xsave/xsavec selection in
        dl_runtime_resolve_*
      [27623] libc: powerpc: Missing registers in sc[v] clobbers list
      [27645] libc: [linux] sysconf(_SC_NPROCESSOR...) breaks down on
        containers
      [27646] dynamic-link: Linker error for non-existing NSS symbols (e.g.
        _nss_files_getcanonname_r) from within a dlmopen namespace.
      [27648] libc: FAIL: misc/tst-select
      [27650] stdio: vfscanf returns too early if a match is longer than
        INT_MAX
      [27651] libc: Performance regression after updating to 2.33
      [27655] string: Wrong size calculation in string/test-strnlen.c
      [27706] libc: select fails to update timeout on error
      [27709] libc: arm: FAIL: debug/tst-longjmp_chk2
      [27721] dynamic-link: x86: ld_audit ignores bind now for TLSDESC and
        tries resolving them lazily
      [27744] nptl: Support different libpthread/ld.so load orders in
        libthread_db
      [27749] libc: Data race __run_exit_handlers
      [27761] libc: getconf: Segmentation fault when passing '-vq' as
        argument
      [27832] nss: makedb.c:797:7: error: 'writev' specified size 4294967295
        exceeds maximum object size 2147483647
      [27870] malloc: MALLOC_CHECK_ causes realloc(valid_ptr, TOO_LARGE) to
        not set ENOMEM
      [27872] build: Obsolete configure option --enable-stackguard-
        randomization
      [27873] build: tst-cpu-features-cpuinfo fail when building on AMD cpu
      [27882] localedata: Use U+00AF MACRON in more EBCDIC charsets
      [27892] libc: powerpc: scv ABI error handling fails to check
        IS_ERR_VALUE
      [27896] nptl: mq_notify does not handle separately allocated thread
        attributes (CVE-2021-33574)
      [27901] libc: TEST_STACK_ALIGN doesn't work
      [27902] libc: The x86-64 clone wrapper fails to align child stack
      [27914] nptl: Install SIGSETXID handler with SA_ONSTACK
      [27939] libc: aarch64: clone does not align the stack
      [27968] libc: s390x: clone does not align the stack
      [28011] libc: Wild read in wordexp (parse_param) (CVE-2021-35942)
      [28024] string: s390(31bit): Wrong result of memchr (MEMCHR_Z900_G5)
        with n >= 0x80000000
      [28028] malloc: malloc: tcache shutdown sequence does not work if the
        thread never allocated anything
      [28033] libc: Need to check RTM_ALWAYS_ABORT for RTM
      [28064] string: x86_64:wcslen implementation list has wcsnlen
      [28067] libc: FAIL: posix/tst-spawn5
      [28068] malloc: FAIL: malloc/tst-mallocalign1-mcheck
      [28071] time: clock_gettime, gettimeofday, time lost vDSO acceleration
        on older kernels
      [28075] nis: Out-of-bounds static buffer read in nis_local_domain
      [28089] build: tst-tls20 fails when linker defaults to --as-needed
      [28090] build: elf/tst-cpu-features-cpuinfo-static fails on certain
        AMD64 cpus
      [28091] network: ns_name_skip may return 0 for domain names without
        terminator
    
    Release Notes
    =============
    
    https://sourceware.org/glibc/wiki/Release/2.34
    
    Contributors
    ============
    
    This release was made possible by the contributions of many people.
    The maintainers are grateful to everyone who has contributed
    changes or bug reports.  These include:
    
    Adhemerval Zanella
    Alejandro Colomar \(man-pages\)
    Alexandra Hájková
    Alice Xu
    Alyssa Ross
    Andreas Roeseler
    Andreas Schwab
    Anton Blanchard
    Arjun Shankar
    Armin Brauns
    Bruno Haible
    Carlos O'Donell
    Cooper Qu
    DJ Delorie
    Dan Raymond
    Darius Rad
    David Hughes
    Fangrui Song
    Florian Weimer
    H.J. Lu
    Hanataka Shinya
    Hugo Gabriel Eyherabide
    Jakub Jelinek
    JeffyChen
    John David Anglin
    Joseph Myers
    Khem Raj
    Lirong Yuan
    Lucas A. M. Magalhaes
    Lukasz Majewski
    Maninder Singh
    Mark Harris
    Martin Sebor
    Matheus Castanho
    Michal Nazarewicz
    Mike Hommey
    Naohiro Tamura
    Nicholas Piggin
    Noah Goldstein
    Paul Eggert
    Paul Zimmermann
    Pedro Franco de Carvalho
    Raoni Fassina Firmino
    Raphael Moreira Zinsly
    Romain GEISSLER
    Sajan Karumanchi
    Samuel Thibault
    Sebastian Rasmussen
    Sergei Trofimovich
    Shen-Ta Hsieh
    Siddhesh Poyarekar
    Stafford Horne
    Stefan Liebler
    Sunil K Pandey
    Szabolcs Nagy
    Tulio Magno Quites Machado Filho
    Vineet Gupta
    Vitaly Buka
    Vitaly Chikunov
    Wilco Dijkstra
    Xeonacid
    Xiaoming Ni
    Yang Xu
    liuhongt
    noah
    Érico Nogueira
    
    
  • glibc-2.33.9000
    Open master branch for glibc 2.34 development
  • glibc-2.33
    The GNU C Library
    =================
    
    The GNU C Library version 2.33 is now available.
    
    The GNU C Library is used as *the* C library in the GNU system and
    in GNU/Linux systems, as well as many other systems that use Linux
    as the kernel.
    
    The GNU C Library is primarily designed to be a portable
    and high performance C library.  It follows all relevant
    standards including ISO C11 and POSIX.1-2017.  It is also
    internationalized and has one of the most complete
    internationalization interfaces known.
    
    The GNU C Library webpage is at http://www.gnu.org/software/libc/
    
    Packages for the 2.32 release may be downloaded from:
            http://ftpmirror.gnu.org/libc/
            http://ftp.gnu.org/gnu/libc/
    
    The mirror list is at http://www.gnu.org/order/ftp.html
    
    NEWS for version 2.33
    =====================
    
    Major new features:
    
    * The dynamic linker accepts the --list-tunables argument which prints
      all the supported tunables.  This option is disable if glibc is
      configured with tunables disabled (--enable-tunables=no).
    
    * The dynamic linker accepts the --argv0 argument and provides opportunity
      to change argv[0] string.
    
    * The dynamic linker loads optimized implementations of shared objects
      from subdirectories under the glibc-hwcaps directory on the library
      search path if the system's capabilities meet the requirements for
      that subdirectory.  Initially supported subdirectories include
      "power9" and "power10" for the powerpc64le-linux-gnu architecture,
      "z13", "z14", "z15" for s390x-linux-gnu, and "x86-64-v2", "x86-64-v3",
      "x86-64-v4" for x86_64-linux-gnu.  In the x86_64-linux-gnu case, the
      subdirectory names correspond to the vendor-independent x86-64
      microarchitecture levels defined in the x86-64 psABI supplement.
    
    * The new --help option of the dynamic linker provides usage and
      information and library search path diagnostics.
    
    * The mallinfo2 function is added to report statistics as per mallinfo,
      but with larger field widths to accurately report values that are
      larger than fit in an integer.
    
    * Add <sys/platform/x86.h> to provide query macros for x86 CPU features.
    
    * Support for the RISC-V ISA running on Linux has been expanded to run on
      32-bit hardware.  This is supported for the following ISA and ABI pairs:
    
        - rv32imac ilp32
        - rv32imafdc ilp32
        - rv32imafdc ilp32d
    
      The 32-bit RISC-V port requires at least Linux 5.4, GCC 7.1 and binutils
      2.28.
    
    * A new fortification level _FORTIFY_SOURCE=3 is available.  At this level,
      glibc may use additional checks that may have an additional performance
      overhead.  At present these checks are available only on LLVM 9 and later.
      The latest GCC available at this time (10.2) does not support this level of
      fortification.
    
    Deprecated and removed features, and other changes affecting compatibility:
    
    * The mallinfo function is marked deprecated.  Callers should call
      mallinfo2 instead.
    
    * When dlopen is used in statically linked programs, alternative library
      implementations from HWCAP subdirectories are no longer loaded.
      Instead, the default implementation is used.
    
    * The deprecated <sys/vtimes.h> header and the function vtimes have been
      removed.  To support old binaries, the vtimes function continues to exist
      as a compatibility symbol.  Applications should use the getrlimit or
      prlimit.
    
    * Following a change in the tzdata 2018a release upstream, the zdump
      program is now installed in the /usr/bin subdirectory.  Previously,
      the /usr/sbin subdirectory was used.
    
    * On s390(x), the type float_t is now derived from the macro
      __FLT_EVAL_METHOD__ that is defined by the compiler, instead of being
      hardcoded to double.  This does not affect the ABI of any libraries
      that are part of the GNU C Library, but may affect the ABI of other
      libraries that use this type in their interfaces.  The new definition
      improves consistency with compiler behavior in many scenarios.
    
    * A future version of glibc will stop loading shared objects from the
      "tls" subdirectories on the library search path, the subdirectory that
      corresponds to the AT_PLATFORM system name, and also stop employing
      the legacy AT_HWCAP search mechanism.  Applications should switch to
      the new glibc-hwcaps mechanism instead; if they do not do that, only
      the baseline version (directly from the search path directory) will be
      loaded.
    
    Changes to build and runtime requirements:
    
    * On Linux, the system administrator needs to configure /dev/pts with
      the intended access modes for pseudo-terminals.  glibc no longer
      attemps to adjust permissions of terminal devices.  The previous glibc
      defaults ("tty" group, user read/write and group write) already
      corresponded to what most systems used, so that grantpt did not
      perform any adjustments.
    
    * On Linux, the posix_openpt and getpt functions no longer attempt to
      use legacy (BSD) pseudo-terminals and assume that if /dev/ptmx exists
      (and pseudo-terminals are supported), a devpts file system is mounted
      on /dev/pts.  Current systems already meet these requirements.
    
    * s390x requires GCC 7.1 or newer.  See gcc Bug 98269.
    
    Security related changes:
    
      CVE-2021-3326: An assertion failure during conversion from the
      ISO-20220-JP-3 character set using the iconv function has been fixed.
      This assertion was triggered by certain valid inputs in which the
      converted output contains a combined sequence of two wide characters
      crossing a buffer boundary.  Reported by Tavis Ormandy.
    
      CVE-2020-27618: An infinite loop has been fixed in the iconv program when
      invoked with input containing redundant shift sequences in the IBM1364,
      IBM1371, IBM1388, IBM1390, or IBM1399 character sets.
    
      CVE-2020-29562: An assertion failure has been fixed in the iconv function
      when invoked with UCS4 input containing an invalid character.
    
      CVE-2019-25013: A buffer overflow has been fixed in the iconv function when
      invoked with EUC-KR input containing invalid multibyte input sequences.
    
    The following bugs are resolved with this release:
    
      [10635] libc: realpath portability patches
      [16124] dynamic-link: ld.so should allow to change argv[0]
      [17924] malloc: 'free' should not set errno
      [18683] libc: Linux faccessat implementation can incorrectly ignore
        AT_EACCESS
      [22899] libc: Use 64-bit readdir() in generic POSIX getcwd()
      [23249] libc: Epyc and other current AMD CPUs do not select the
        "haswell" platform subdirectory
      [24080] dynamic-link: Definition of "haswell" platform is inconsistent
        with GCC
      [24202] libc: m68k setjmp() saves incorrect 'a5' register in --enable-
        stack-protector=all
      [24941] libc: Make grantpt usable after multi-threaded fork in more
        cases
      [24970] libc: realpath mishandles EOVERFLOW; stat not needed anyway
      [24973] locale: iconv encounters segmentation fault when converting
        0x00 0xfe in EUC-KR to UTF-8 (CVE-2019-25013)
      [25399] string: undefined reference to `__warn_memset_zero_len' when
        changing gnuc version
      [25859] libc: glibc parser for /sys/devices/system/cpu/online is
        incorrect
      [25938] dynamic-link: ld.so.cache should store meaning of hwcap mask
        bits
      [25971] libc: s390 bits/hwcap.h out of sync with kernel
      [26053] libc: unlockpt fails with ENOTTY for non-ptmx descriptors
      [26100] libc: Race in syslog(3) with regards to tag printing.
      [26124] libc: Export <cpu-features.h>
      [26130] nscd: Inconsistent nscd cache during pruning
      [26203] libc: GLRO(dl_x86_cpu_features) may not be intialized
      [26224] locale: iconv hangs when converting some invalid inputs from
        several IBM character sets (CVE-2020-27618)
      [26341] libc: realpath cyclically call __alloca(path_max) to consume
        too much stack space
      [26343] manual: invalid documented return type for strerrorname_np(),
        strerrordesc_np(), sigdescr_np(), sigabbrev_np()
      [26376] libc: Namespace violation in stdio.h and sys/stat.h if build
        with optimization.
      [26383] locale: bind_textdomain_codeset doesn't accept //TRANSLIT
        anymore
      [26394] time: [2.33 Regression] FAIL: nptl/tst-join14
      [26534] math: libm.so 2.32 SIGILL in pow() due to FMA4 instruction on
        non-FMA4 system
      [26552] dynamic-link: CPU_FEATURE_USABLE_P should be more conservative
      [26553] libc: mtx_init allows type set to "mtx_recursive" only
      [26555] string: strerrorname_np does not return the documented value
      [26592] libc: pointer arithmetic overflows in realpath
      [26600] network: Transaction ID collisions cause slow DNS lookups in
        getaddrinfo
      [26606] libc: [2.33 Regression] pselect is broken on x32
      [26615] libc: powerpc: libc segfaults when LD_PRELOADed with libgcc
      [26620] glob: fnmatch with collating symbols results in segmentation
        fault
      [26625] libc: [2.33 Regression] CET is disabled
      [26636] libc: 32-bit shmctl(IPC_INFO) crashes when shminfo struct is
        at the end of a memory mapping
      [26637] libc: semctl SEM_STAT_ANY fails to pass the buffer specified
        by the caller to the kernel
      [26639] libc: msgctl IPC_INFO and MSG_INFO return garbage
      [26647] build: [-Werror=array-parameter=] due to different
        declarations for __sigsetjmp
      [26648] libc: mkstemp is likely to fail on systems with non-stricly-
        monotonic clocks
      [26649] stdio: printf should handle non-normal x86 long double numbers
        gracefully (CVE-2020-29573)
      [26686] build: -Warray-parameter instances building with GCC 11
      [26687] build: -Warray-bounds instances building with GCC 11
      [26690] stdio: Aliasing violation in __vfscanf_internal
      [26691] nptl: Use a minimum guard size of 64 KiB on aarch64
      [26726] build: GCC warning calling new_composite_name with an array of
        one element
      [26736] libc: FAIL: misc/tst-sysvshm-linux
      [26737] libc: Random FAIL: rt/tst-shm
      [26791] libc: Missing O_CLOEXEC in sysconf.c
      [26798] dynamic-link: aarch64: variant PCS symbols may be incorrectly
        lazy bound
      [26801] nptl: pthread_mutex_clocklock with CLOCK_MONOTONIC can fail on
        PI mutexes
      [26818] string: aarch64: string tests may run ifunc variants that are
        not safe
      [26821] libc: Memory leak test failures on Fedora 33
      [26824] libc: FAIL: elf/tst-cpu-features-supports with recent trunk:
        FSGSBASE/LM/RDRAND check failure
      [26833] time: adjtime() with delta == NULL segfaults on armv7 32bit
        platform
      [26853] libc: aarch64: Missing unwind information in statically linked
        startup code
      [26923] locale: Assertion failure in iconv when converting invalid
        UCS4 (CVE-2020-29562)
      [26926] dynamic-link: aarch64: library dependencies are not bti
        protected
      [26932] libc: sh: Multiple floating point functions defined as stubs
        only since 2.31
      [26964] nptl: pthread_mutex_timedlock returning EAGAIN after futex is
        locked
      [26988] dynamic-link: aarch64: BTI mprotect address is not page
        aligned
      [27002] build: libc_freeres_fn build failure with GCC 11
      [27004] dynamic-link: ld.so is miscompiled by GCC 11
      [27008] dynamic-link: ld.so.cache should have endianness markup
      [27042] libc: [alpha] anonymous union in struct stat confuses
        detection logic
      [27053] libc: Conformance regression in system(3) (and probably also
        pclose(3))
      [27072] dynamic-link: static pie ifunc resolvers run before hwcap is
        setup
      [27077] network: Do not reload /etc/nsswitch.conf from chroot
      [27083] libc: Unsafe unbounded alloca in addmntent
      [27104] dynamic-link: The COMMON_CPUID_INDEX_MAX handshake does not
        work
      [27130] string: "rep movsb" performance issue
      [27150] libc: alpha: wait4() is unavailable in static linking
      [27177] dynamic-link:
        GLIBC_TUNABLES=glibc.cpu.x86_ibt=on:glibc.cpu.x86_shstk=on doesn't
        work
      [27222] dynamic-link: Incorrect sysdeps/x86/tst-cpu-features-cpuinfo.c
      [27237] malloc: deadlock in malloc/tst-malloc-stats-cancellation
      [27256] locale: Assertion failure in ISO-2022-JP-3 gconv module
        related to combining characters (CVE-2021-3326)
    
    Release Notes
    =============
    
    https://sourceware.org/glibc/wiki/Release/2.33
    
    Contributors
    ============
    
    This release was made possible by the contributions of many people.
    The maintainers are grateful to everyone who has contributed
    changes or bug reports.  These include:
    
    Adhemerval Zanella
    Alexandra Hájková
    Alistair Francis
    Andreas Schwab
    Anssi Hannula
    Arjun Shankar
    Benno Schulenberg
    Carlos O'Donell
    Chen Li
    Cooper Qu
    Corinna Vinschen
    DJ Delorie
    Dmitry V. Levin
    Fangrui Song
    Florian Weimer
    Guillaume Gardet
    H.J. Lu
    Jakub Jelinek
    Jangwoong Kim
    Jeremie Koenig
    Jim Wilson
    John David Anglin
    John McCabe
    Jonathan Wakely
    Jonny Grant
    Joseph Myers
    Lode Willems
    Lucas A. M. Magalhaes
    Lukasz Majewski
    Maciej W. Rozycki
    Mao Han
    Marc Aurèle La France
    Marius Hillenbrand
    Mark Wielaard
    Martin Liska
    Martin Sebor
    Matheus Castanho
    Matt Turner
    Maximilian Krüger
    Michael Colavita
    Ondřej Hošek
    Patrick McGehearty
    Patsy Griffin
    Paul E. Murphy
    Paul Eggert
    Paul Zimmermann
    Prasanth R
    Raoni Fassina Firmino
    Raphael M Zinsly
    Raphael Moreira Zinsly
    Richard Braun
    Richard Earnshaw
    Rolf Eike Beer
    Sajan Karumanchi
    Samuel Thibault
    Sergei Trofimovich
    Shuo Wang
    Siddhesh Poyarekar
    Stafford Horne
    Stefan Liebler
    Szabolcs Nagy
    Thorsten Kukuk
    Tulio Magno Quites Machado Filho
    Vincent Chen
    Vincent Mihalkovic
    Vineet Gupta
    W. Hashimoto
    Wilco Dijkstra
    Xiaoming Ni
    Zong Li
    liqingqing
    Érico Rolim
    
    
  • glibc-2.32.9000
    Open master branch for glibc 2.33 development.
    
  • glibc-2.32
    The GNU C Library
    =================
    
    The GNU C Library version 2.32 is now available.
    
    The GNU C Library is used as *the* C library in the GNU system and
    in GNU/Linux systems, as well as many other systems that use Linux
    as the kernel.
    
    The GNU C Library is primarily designed to be a portable
    and high performance C library.  It follows all relevant
    standards including ISO C11 and POSIX.1-2017.  It is also
    internationalized and has one of the most complete
    internationalization interfaces known.
    
    The GNU C Library webpage is at http://www.gnu.org/software/libc/
    
    Packages for the 2.32 release may be downloaded from:
            http://ftpmirror.gnu.org/libc/
            http://ftp.gnu.org/gnu/libc/
    
    The mirror list is at http://www.gnu.org/order/ftp.html
    
    NEWS for version 2.32
    =====================
    
    Major new features:
    
    * Unicode 13.0.0 Support: Character encoding, character type info, and
      transliteration tables are all updated to Unicode 13.0.0, using
      generator scripts contributed by Mike FABIAN (Red Hat).
    
    * New locale added: ckb_IQ (Kurdish/Sorani spoken in Iraq)
    
    * Support for Synopsys ARC HS cores (ARCv2 ISA) running Linux has been
      added. This port requires at least binutils-2.32, gcc-8.3 and Linux-5.1.
      Three ABIs are supported:
    
         - arc-linux-gnu
         - arc-linux-gnuhf
         - arceb-linux-gnu
    
      The arc* ABI is little-endian while arceb is big-endian. All ABIs use
      64-bit time (y2038 safe) and 64-bit file offsets (LFS default).
    
    * The GNU C Library now loads audit modules listed in the DT_AUDIT and
      DT_DEPAUDIT dynamic section entries of the main executable.
    
    * powerpc64le supports IEEE128 long double libm/libc redirects when
      using the -mabi=ieeelongdouble to compile C code on supported GCC
      toolchains.  It is recommended to use GCC 8 or newer when testing
      this option.
    
    * To help detect buffer overflows and other out-of-bounds accesses
      several APIs have been annotated with GCC 'access' attribute.  This
      should help GCC 10 issue better warnings.
    
    * On Linux, functions the pthread_attr_setsigmask_np and
      pthread_attr_getsigmask_np have been added.  They allow applications
      to specify the signal mask of a thread created with pthread_create.
    
    * The GNU C Library now provides the header file <sys/single_threaded.h>
      which declares the variable __libc_single_threaded.  Applications are
      encouraged to use this variable for single-thread optimizations,
      instead of weak references to symbols historically defined in
      libpthread.
    
    * The functions sigabbrev_np and sigdescr_np have been added.  The
      sigabbrev_np returns the abbreviated signal name (e.g. "HUP" for SIGHUP)
      while sigdescr_np returns a string describing the signal number (e.g
      "Hangup" for SIGHUP).  Different than strsignal, sigdescr_np does not
      attempt to translate the return description, both functions return
      NULL for an invalid signal number.
    
      They should be used instead of sys_siglist or sys_sigabbrev and they
      are both thread and async-signal safe.  These functions are GNU extensions.
    
    * The functions strerrorname_np and strerrordesc_np have been added.  The
      strerroname_np returns error number name (e.g. "EINVAL" for EINVAL) while
      strerrordesc_np returns string describing error number
      (e.g "Invalid argument" for EINVAL).  Different than strerror,
      strerrordesc_np does not attempt to translate the return description, both
      functions return NULL for an invalid error number.
    
      They should be used instead of sys_errlist and sys_nerr, both are
      thread and async-signal safe.  These functions are GNU extensions.
    
    * AArch64 now supports standard branch protection security hardening
      in glibc when it is built with a GCC that is configured with
      --enable-standard-branch-protection (or if -mbranch-protection=standard
      flag is passed when building both GCC target libraries and glibc,
      in either case a custom GCC is needed).  This includes branch target
      identification (BTI) and pointer authentication for return addresses
      (PAC-RET).  They require armv8.5-a and armv8.3-a architecture
      extensions respectively for the protection to be effective,
      otherwise the used instructions are nops.  User code can use PAC-RET
      without libc support, but BTI requires a libc that is built with BTI
      support, otherwise runtime objects linked into user code will not be
      BTI compatible.
    
    Deprecated and removed features, and other changes affecting compatibility:
    
    * Remove configure option --enable-obsolete-rpc.  Sun RPC is removed
      from glibc.  This includes the rpcgen program, librpcsvc, and the Sun
      RPC header files.  Backward compatibility for old programs is kept
      only for architectures and ABIs that have been added in or before
      glibc 2.31.  New programs need to use TI-RPC
      <http://git.linux-nfs.org/?p=steved/libtirpc.git;a=summary> and
      rpcsvc-proto <https://github.com/thkukuk/rpcsvc-proto>.
    
    * Remove configure option --enable-obsolete-nsl.  libnsl is only built
      as shared library for backward compatibility and the NSS modules "nis"
      and "nisplus" are not built at all and libnsl's headers aren't
      installed.  This compatibility is kept only for architectures and ABIs
      that have been added in or before version 2.28.  Replacement
      implementations based on TI-RPC, which additionally support IPv6, are
      available from <https://github.com/thkukuk/>.  This change does not
      affect the "compat" NSS module, which does not depended on libnsl
      since 2.27 and thus can be used without NIS.
    
    * The deprecated <sys/sysctl.h> header and the sysctl function have been
      removed.  To support old binaries, the sysctl function continues to
      exist as a compatibility symbol (on those architectures which had it),
      but always fails with ENOSYS.  This reflects the removal of the system
      call from all architectures, starting with Linux 5.5.
    
    * The sstk function is no longer available to newly linked binaries.
      Its implementation always returned with a failure, and the function
      was not declared in any header file.
    
    * The legacy signal handling functions siginterrupt, sigpause, sighold,
      sigrelse, sigignore and sigset, and the sigmask macro have been
      deprecated.  Applications should use the sigsuspend, sigprocmask and
      sigaction functions instead.
    
    * ldconfig now defaults to the new format for ld.so.cache. glibc has
      already supported this format for almost 20 years.
    
    * The deprecated arrays sys_siglist, _sys_siglist, and sys_sigabbrev
      are no longer available to newly linked binaries, and their declarations
      have been removed from <string.h>.  They are exported solely as
      compatibility symbols to support old binaries.  All programs should use
      strsignal instead.
    
    * The deprecated symbols sys_errlist, _sys_errlist, sys_nerr, and _sys_nerr
      are no longer available to newly linked binaries, and their declarations
      have been removed from from <stdio.h>.  They are exported solely as
      compatibility symbols to support old binaries.  All programs should use
      strerror or strerror_r instead.
    
    * Both strerror and strerror_l now share the same internal buffer in the
      calling thread, meaning that the returned string pointer may be invalided
      or contents might be overwritten on subsequent calls in the same thread or
      if the thread is terminated.  It makes strerror MT-safe.
    
    * Using weak references to libpthread functions such as pthread_create
      or pthread_key_create to detect the singled-threaded nature of a
      program is an obsolescent feature.  Future versions of glibc will
      define pthread_create within libc.so.6 itself, so such checks will
      always flag the program as multi-threaded.  Applications should check
      the __libc_single_threaded variable declared in
      <sys/single_threaded.h> instead.
    
    * The "files" NSS module no longer supports the "key" database (used for
      secure RPC).  The contents of the /etc/publickey file will be ignored,
      regardless of the settings in /etc/nsswitch.conf.  (This method of
      storing RPC keys only supported the obsolete and insecure AUTH_DES
      flavor of secure RPC.)
    
    * The __morecore and __after_morecore_hook malloc hooks and the default
      implementation __default_morecore have been deprecated.  Applications
      should use malloc interposition to change malloc behavior, and mmap to
      allocate anonymous memory.  A future version of glibc may require that
      applications which use the malloc hooks must preload a special shared
      object, to enable the hooks.
    
    * The hesiod NSS module has been deprecated and will be removed in a
      future version of glibc.  System administrators are encouraged to
      switch to other approaches for networked account databases, such as
      LDAP.
    
    Changes to build and runtime requirements:
    
    * powerpc64le requires GCC 7.4 or newer.  This is required for supporting
      long double redirects.
    
    Security related changes:
    
      CVE-2016-10228: An infinite loop has been fixed in the iconv program when
      invoked with the -c option and when processing invalid multi-byte input
      sequences.  Reported by Jan Engelhardt.
    
      CVE-2020-10029: Trigonometric functions on x86 targets suffered from stack
      corruption when they were passed a pseudo-zero argument.  Reported by Guido
      Vranken / ForAllSecure Mayhem.
    
      CVE-2020-1752: A use-after-free vulnerability in the glob function when
      expanding ~user has been fixed.
    
      CVE-2020-6096: A signed comparison vulnerability in the ARMv7 memcpy and
      memmove functions has been fixed.  Discovered by Jason Royes and Samual
      Dytrych of the Cisco Security Assessment and Penetration Team (See
      TALOS-2020-1019).
    
    The following bugs are resolved with this release:
    
      [9809] localedata: ckb_IQ: new Kurdish Sorani locale
      [10441] manual: Backtraces code example lacks error checking
      [10815] librt: [timer_create / SIGEV_THREAD] signalmask of
        timer_sigev_thread dangerous
      [14231] stdio: stdio-common tests memory requirements
      [14578] libc: /proc-based emulation for lchmod, fchmodat
      [16272] dynamic-link: dlopen()ing a DT_FILTER library crashes if
        filtee has constructor
      [19519] locale: iconv(1) with -c option hangs on illegal multi-byte
        sequences (CVE-2016-10228)
      [19737] admin: Doc page “20.5.2 Infinity and NaN” has incorrect HTML
        character entities for infinity & pi
      [20338] libc: Parsing of /etc/gshadow can return bad pointers causing
        segfaults in applications
      [20543] libc: Please move from .gnu.linkonce to comdat
      [22489] network: gcc warns about implicit convertion in
        ICMP6_FILTER_SETPASS with -Wsign-conversion
      [22525] localedata: or_IN  LC_COLLATE does not use copy "iso14651_t1"
      [23294] math: Complex _FloatN functions are redirected to the wrong
        function with -mlong-double-64
      [23296] libc: Data race in setting function descriptor during lazy
        binding
      [23668] dynamic-link: ldconfig: Default to the new format for
        ld.so.cache
      [23819] hurd: hurd: Add C11 thread support
      [23990] build: test-container error out on failure to exec child.
      [23991] build: shell-container typo in run_command_array
      [24638] manual: Error in example of parsing a template string
      [24654] manual: Wrong declaration of wcschr in libc manual
      [24943] dynamic-link: Support DT_AUDIT, DT_DEPAUDIT in the dynamic
        linker
      [25051] dynamic-link: aarch64, powerpc64 uses surplus static tls for
        dynamically loaded dsos
      [25098] nptl: nptl: ctype classification functions are not AS-Safe
      [25219] libc: improve out-of-bounds checking with GCC 10 attribute
        access
      [25262] libc: getcontext/setcontext/swapcontext unnecessarily save and
        restore EAX, ECX and EDX
      [25397] dynamic-link: Legacy bitmap doesn't cover jitted code
      [25414] glob: 'glob' use-after-free bug (CVE-2020-1752)
      [25420] network: Race condition in resolv_conf.c can result in caching
        stale configuration forever
      [25487] math: sinl() stack corruption from crafted input
        (CVE-2020-10029)
      [25506] build: configure: broken detection of STT_GNU_IFUNC when GCC
        defaults to PIE
      [25523] libc: MIPS/Linux inline syscall template is miscompiled
      [25620] libc: Signed comparison vulnerability in the ARMv7 memcpy()
        (CVE-2020-6096)
      [25623] libc: test-sysvmsg, test-sysvsem, test-sysvshm fail with 2.31
        on 32 bit and old kernel
      [25635] libc: arm: Wrong sysdep order selection for soft-fp
      [25639] localedata: Some names of days and months wrongly spelt in
        Occitan
      [25657] libc: sigprocmask() and sigisemptyset() manipulate different
        amount of sigset_t bytes
      [25691] stdio: printf: memory leak when printing long multibyte
        strings
      [25715] libc: system() returns wrong errors when posix_spawn fails
      [25733] malloc: mallopt(M_MXFAST) can set global_max_fast to 0
      [25734] locale: mbrtowc with Big5-HKSCS fails to reset conversion
        state for conversions that produce two Unicode code points
      [25765] nptl: Incorrect futex syscall in __pthread_disable_asynccancel
        for linux x86_64 leads to livelock
      [25788] dynamic-link: [i386] -fno-omit-frame-pointer in CFLAGS causes
        test failures, invalid instruction in ld.so
      [25790] glob: Typo in tst-fnmatch.input
      [25810] libc: x32: Incorrect syscall entries with pointer, off_t and
        size_t
      [25819] localedata: Update locale data to Unicode 13.0.0
      [25824] libc: Abnormal function of strnlen in aarch64
      [25887] dynamic-link: Wasted space in _dl_x86_feature_1[1]
      [25896] libc: Incorrect prctl
      [25902] libc: Bad LOADARGS_N
      [25905] dynamic-link: VSX registers are corrupted during PLT
        resolution when glibc is built with --disable-multi-arch and --with-
        cpu=power9
      [25933] string: Off by one error in __strncmp_avx2 when
        length=VEC_SIZE*4 and strings are at page boundaries can cause a
        segfault
      [25942] nptl: Deadlock on stack_cache_lock between __nptl_setxid and
        exiting detached thread
      [25966] libc: Incorrect access of __x86_shared_non_temporal_threshold
        for x32
      [25976] nss: internal_end*ent in nss_compat may clobber errno, hiding
        ERANGE
      [25999] nptl: Use-after-free issue in pthread_getaddr_default_np
      [26073] math: getpayload() has wrong return value
      [26076] dynamic-link: dlmopen crashes after failing to load
        dependencies in audit mode
      [26120] localedata: column width of  of some Korean
        JUNGSEONG/JONGSEONG characters wrong (should be 0)
      [26128] libc: Incorrect bit_cpu_CLFLUSHOPT
      [26133] libc: Incorrect need_arch_feature_F16C
      [26137] libc: strtod() triggers exception FE_INEXACT on reasonable
        input
      [26149] libc: PKU is usable only if OSPKE is set
      [26173] libc: powerpc64*: Add @notoc to calls to functions that do not
        preserve r2
      [26208] libc: Incorrect bit_cpu_CLFSH
      [26210] network: Incorrect use of hidden symbols for global sunrpc
        variables
      [26211] stdio: printf integer overflow calculating allocation size
      [26214] stdio: printf_fp double free
      [26215] stdio: printf_fp memory leak
      [26232] time: FAIL: support/tst-timespec for 32-bit targets
      [26258] nss: nss_compat should not read input files with mmap
      [26332] string: Incorrect cache line size load causes memory
        corruption in memset
    
    Release Notes
    =============
    
    https://sourceware.org/glibc/wiki/Release/2.32
    
    Contributors
    ============
    
    This release was made possible by the contributions of many people.
    The maintainers are grateful to everyone who has contributed
    changes or bug reports.  These include:
    
    Adhemerval Zanella
    Alan Modra
    Alex Butler
    Alexander Anisimov
    Alistair Francis
    Andrea Corallo
    Andreas K. Hüttel
    Andreas Schwab
    Anton Blanchard
    Anton Blanchard via Libc-alpha
    Arjun Shankar
    Aurelien Jarno
    Aurélien Aptel
    Carlos O'Donell
    Chung-Lin Tang
    DJ Delorie
    David Kilroy
    Evgeny Eremin
    Eyal Itkin
    Fangrui Song
    Florian Weimer
    Gabriel F. T. Gomes
    Girish Joshi
    H.J. Lu
    John David Anglin
    John Marshall
    Jonathan Wakely
    Joseph Myers
    Josh Triplett
    Jwtiyar Nariman
    Krzysztof Koch
    Lexi Shao
    Lucas A. M. Magalhaes
    Lukasz Majewski
    Maciej W. Rozycki
    Martin Sebor
    Matheus Castanho
    Mathieu Desnoyers
    Michael Hudson-Doyle
    Mike FABIAN
    Patsy Franklin
    Paul E. Murphy
    Paul Eggert
    Paul Zimmermann
    Petr Vorel
    Rafał Lużyński
    Rajalakshmi Srinivasaraghavan
    Raphael Moreira Zinsly
    Rogerio Alves
    Samuel Thibault
    Sergey
    Shen-Ta Hsieh
    Siddhesh Poyarekar
    Simon Marchi
    Stefan Liebler
    Sudakshina Das
    Sunil K Pandey
    Szabolcs Nagy
    Tulio Magno Quites Machado Filho
    Vineet Gupta
    WANG Xuerui
    Wilco Dijkstra
    guojinhui
    kokoye2007
    mayshao
    mayshao-oc
    
    
  • glibc-2.31.9000
    Open master branch for 2.32 development