GNU C Library NEWS -- history of user-visible changes.
-Copyright (C) 1992-2023 Free Software Foundation, Inc.
+Copyright (C) 1992-2024 Free Software Foundation, Inc.
See the end for copying conditions.
Please send GNU C library bug reports via <https://sourceware.org/bugzilla/>
using `glibc' in the "product" field.
\f
+Version 2.40
+
+Major new features:
+
+* The <stdbit.h> header type-generic macros have been changed when using
+ GCC 14.1 or later to use __builtin_stdc_bit_ceil etc. built-in functions
+ in order to support unsigned __int128 and/or unsigned _BitInt(N) operands
+ with arbitrary precisions when supported by the target.
+
+* The GNU C Library now supports a feature test macro _ISOC23_SOURCE to
+ enable features from the ISO C23 standard. Only some features from
+ this standard are supported by the GNU C Library. The older name
+ _ISOC2X_SOURCE is still supported. Features from C23 are also enabled
+ by _GNU_SOURCE, or by compiling with the GCC options -std=c23,
+ -std=gnu23, -std=c2x or -std=gnu2x.
+
+* A new tunable, glibc.rtld.enable_secure, used to run a program
+ as if it were a setuid process. This is currently a testing tool to allow
+ more extensive verification tests for AT_SECURE programs and not meant to
+ be a security feature.
+
+Deprecated and removed features, and other changes affecting compatibility:
+
+ [Add deprecations, removals and changes affecting compatibility here]
+
+Changes to build and runtime requirements:
+
+ [Add changes to build and runtime requirements here]
+
+Security related changes:
+
+The following CVEs were fixed in this release, details of which can be
+found in the advisories directory of the release tarball:
+
+ [The release manager will add the list generated by
+ scripts/process-advisories.sh just before the release.]
+
+The following bugs are resolved with this release:
+
+ [The release manager will add the list generated by
+ scripts/list-fixed-bugs.py just before the release.]
+\f
Version 2.39
Major new features:
+* A new tunable, glibc.cpu.plt_rewrite, can be used to enable PLT
+ rewrite on x86-64. When enabled with non-lazy binding, the dynamic
+ linker will rewrite indirect branches in PLT with direct branches.
+
+* Sync with Linux kernel 6.6 shadow stack interface. The --enable-cet
+ configure option is only supported on x86-64.
+
* struct statvfs now has an f_type member, equal to the f_type statfs member;
on the Hurd this was always available under a reserved name,
and under Linux a spare has been allocated: it was always zero
and the wfN format length modifiers for arguments pointing to types
int_fastN_t or uint_fastN_t, as specified in draft ISO C2X.
+* A new tunable, glibc.mem.decorate_maps, can be used to add additional
+ information on underlying memory allocated by the glibc (for instance,
+ on thread stack created by pthread_create or memory allocated by
+ malloc).
+
+* The <stdbit.h> header has been added from ISO C2X, with
+ stdc_leading_zeros, stdc_leading_ones, stdc_trailing_zeros,
+ stdc_trailing_ones, stdc_first_leading_zero, stdc_first_leading_one,
+ stdc_first_trailing_zero, stdc_first_trailing_one, stdc_count_zeros,
+ stdc_count_ones, stdc_has_single_bit, stdc_bit_width, stdc_bit_floor
+ and stdc_bit_ceil function families, each having functions for
+ unsigned char, unsigned short, unsigned int, unsigned long int and
+ unsigned long long int, and a type-generic macro.
+
+* On AArch64 new symbols were added to libmvec and now math.h has
+ annotations to allow GCC 9 or newer to auto-vectorize calls to the
+ following scalar math functions when -ffast-math is specified:
+ acos, acosf, asin, asinf, atan, atanf, atan2, atan2f, cos, cosf,
+ exp, expf, exp10, exp10f, exp2, exp2f, expm1, expm1f, log, logf,
+ log10, log10f, log1p, log1pf, log2, log2f, sin, sinf, tan, tanf.
+
Deprecated and removed features, and other changes affecting compatibility:
* The ldconfig program now skips file names containing ';' or ending in
- ".tmp", to avoid examining temporary files created by the RPM and dpkg
- package managers.
+ ".dpkg.tmp" or ".dpkg.new", to avoid examining temporary files created
+ by the RPM and dpkg package managers.
* libcrypt has been removed from the GNU C Library. The configure
options "--enable-crypt" and "--enable-nss-crypt" are no longer
available. <crypt.h>, libcrypt.a, and libcrypt.so.1 will not be
- installed, and <unistd.h> will not declare the crypt function.
+ installed. For now <unistd.h> continues to declare the crypt
+ function by default, to avoid introducing vulnerabilities into
+ existing applications due to a missing prototype. This declaration
+ is deprecated and may be removed in a future glibc release.
The replacement for libcrypt is libxcrypt, maintained separately from
GNU libc, but available under compatible licensing terms, and providing
of GNU libc are advised to check whether their build processes can be
simplified.
+* The dynamic linker calls the malloc and free functions in more cases
+ during TLS access if a shared object with dynamic TLS is loaded and
+ unloaded. This can result in an infinite recursion if a malloc
+ replacement library or its dependencies use dynamic TLS instead of
+ initial-exec TLS.
+
+* The ia64*-*-linux-gnu configurations are no longer supported.
+
Changes to build and runtime requirements:
* Building on LoongArch requires at a minimum binutils 2.41 for vector
Security related changes:
- CVE-2023-4527: If the system is configured in no-aaaa mode via
- /etc/resolv.conf, getaddrinfo is called for the AF_UNSPEC address
- family, and a DNS response is received over TCP that is larger than
- 2048 bytes, getaddrinfo may potentially disclose stack contents via
- the returned address data, or crash.
+The following CVEs were fixed in this release, details of which can be
+found in the advisories directory of the release tarball:
+
+ GLIBC-SA-2023-0002:
+ getaddrinfo: Stack read overflow in no-aaaa mode (CVE-2023-4527)
+
+ GLIBC-SA-2023-0003:
+ getaddrinfo: Potential use-after-free (CVE-2023-4806)
- CVE-2023-4806: When an NSS plugin only implements the
- _gethostbyname2_r and _getcanonname_r callbacks, getaddrinfo could use
- memory that was freed during buffer resizing, potentially causing a
- crash or read or write to arbitrary memory.
+ GLIBC-SA-2023-0004:
+ tunables: local privilege escalation through buffer overflow
+ (CVE-2023-4911)
- CVE-2023-5156: The fix for CVE-2023-4806 introduced a memory leak when
- an application calls getaddrinfo for AF_INET6 with AI_CANONNAME,
- AI_ALL and AI_V4MAPPED flags set.
+ GLIBC-SA-2024-0001:
+ syslog: Heap buffer overflow in __vsyslog_internal (CVE-2023-6246)
- CVE-2023-4911: If a tunable of the form NAME=NAME=VAL is passed in the
- environment of a setuid program and NAME is valid, it may result in a
- buffer overflow, which could be exploited to achieve escalated
- privileges. This flaw was introduced in glibc 2.34.
+ GLIBC-SA-2024-0002:
+ syslog: Heap buffer overflow in __vsyslog_internal (CVE-2023-6779)
+
+ GLIBC-SA-2024-0003:
+ syslog: Integer overflow in __vsyslog_internal (CVE-2023-6780)
The following bugs are resolved with this release:
- [The release manager will add the list generated by
- scripts/list-fixed-bugs.py just before the release.]
+ [14522] localedata: fy_DE: LC_IDENTIFICATION data looks weird
+ [19305] libc: qsort() should return early if (nmemb <= 1)
+ [19479] localedata: gbm_IN: new Garhwali Locale
+ [19924] dynamic-link: TLS performance degradation after dlopen
+ [19956] localedata: ssy_ER: rename from aa_ER@saaho
+ [21719] libc: stdlib/msort : optimizing merge sort
+ [22526] localedata: th_TH LC_COLLATE does not use copy "iso14651_t1"
+ [23012] localedata: el_GR: Greece now uses the 24h format for time
+ [23172] localedata: miq_NI: Provide actually abbreviated month names
+ [24006] localedata: Cyclic dependencies via copy in locales
+ [24013] localedata: am_pm definitions for es_ES
+ [24386] localedata: crh_RU: new locale
+ [24877] localedata: [Redundant Data] Remove redundant data between
+ en_NZ and en_AU
+ [25868] localedata: Incorrect trailing spaces in weekday names for
+ nn_NO
+ [26752] localedata: Please add the new locale zgh_MA
+ [27069] dynamic-link: Need a way to tell if a tunable is set by user
+ [27163] localedata: Error on test glk_IR with localedef
+ [27312] localedata: su_ID: new Sundanese locale
+ [27547] manual: "Summary of malloc-Related Functions" shows wrong
+ argument order for `aligned_alloc` and `memalign`
+ [27574] libc: glibc should probably not define __WORDSIZE=64 for
+ __sparcv9
+ [27601] localedata: License information update in
+ localedata/locales/ast_ES
+ [28558] localedata: it_IT LC_MONETARY outdated p_cs_precedes and
+ n_cs_precedes
+ [28787] localedata: Add information for Occitan
+ [29039] dynamic-link: Corrupt DTV after reuse of a TLS module ID
+ following dlclose with unused TLS
+ [29486] localedata: New Zealand locales (en_NZ & mi_NZ) first day of
+ week should be Monday
+ [29504] localedata: Incorrect/misleading Time Format For ms_MY (AM/PM)
+ [29506] localedata: UTF-8 HANGUL SYLLABLE bugs
+ [30349] libc: Support returning a pidfd from posix_spawn()
+ [30412] localedata: d_t_fmt in id_ID uses %r placeholder but am_pm and
+ t_fmt_ampm are undefined
+ [30605] localedata: New locale for Komi language
+ [30649] localedata: [PATCH] Add transliteration of common emojis to
+ smileys
+ [30694] locale: The iconv program no longer tells the user which given
+ encoding name was wrong
+ [30709] nscd: nscd fails to build with cleanup handler if built with
+ -fexceptions
+ [30737] libc: fdopendir() is not robust - returns bogus DIR* instead
+ of flagging an error
+ [30740] build: [m68k] undefined reference to
+ `_wordcopy_fwd_dest_aligned'
+ [30745] libc: Slight bug in cache info codes for x86
+ [30750] network: Unaligned accesses in resolver
+ [30773] math: [m68k] busybox awk is broken (lshift.S related)
+ [30789] libc: [2.38 Regression] sem_open will fail on multithreaded
+ scenarios when semaphore file doesn't exist (O_CREAT)
+ [30800] nscd: Improper assert in prune_cache triggers if clock jumps
+ backwards
+ [30804] libc: F_GETLK, F_SETLK, and F_SETLKW value change for
+ powerpc64 with -D_FILE_OFFSET_BITS=64
+ [30842] network: Stack read overflow in getaddrinfo in no-aaaa mode
+ (CVE-2023-4527)
+ [30843] network: potential use-after-free in getcanonname
+ (CVE-2023-4806)
+ [30854] localedata: Update locale data to Unicode 15.1.0
+ [30884] network: Memory leak in getaddrinfo after fix for bug 30843
+ (CVE-2023-5156)
+ [30932] libc: Fortify Source has false-positives when too many files
+ are open
+ [30945] malloc: Core affinity setting incurs lock contentions between
+ threads
+ [30960] math: signed integer overflow in
+ glibc/sysdeps/s390/fpu/feenablxcpt.c
+ [30964] locale: Number grouping check mishandles multibyte thousands
+ separator
+ [30981] dynamic-link: dlclose does not properly implement force-first
+ handling
+ [30988] math: fesetexcept raises floating-point exception traps on
+ ppc, ppc64, ppc64le
+ [30989] math: fesetexcept raises floating-point exception traps on
+ i386
+ [30990] libc: fesetexceptflag raises floating-point exception traps on
+ i386, x86_64
+ [30998] math: fesetexceptflag clears too many floating-point exception
+ flags on alpha
+ [31019] manual: The documentation of feenableexcept is incomplete
+ [31022] math: feupdateenv (FE_DFL_ENV) crashes on riscv
+ [31035] libc: Library search path terminates on relative non-directory
+ name
+ [31042] libc: [s390x] .init and .fini padding
+ [31068] libc: sysdeps: sparc: invalid data access in memset due to
+ regression
+ [31078] manual: Code example in "Noncanonical Mode Example" has unused
+ 'char *name;'
+ [31086] localedata: Errors in Tibetan, Dzongkha data
+ [31113] string: Wrong unwind information for rawmemchr on aarch64
+ [31151] libc: [RISC-V] missing support for profile/audit PLT setup
+ [31163] nss: getaddrinfo returns EAI_NONAME in oom situation
+ [31183] stdio: Wide stream buffer size reduced MB_LEN_MAX bytes after
+ bug 17522 fix
+ [31184] dynamic-link: FAIL: elf/tst-tlsgap
+ [31185] dynamic-link: Incorrect thread point access in
+ _dl_tlsdesc_undefweak and _dl_tlsdesc_dynamic
+ [31187] dynamic-link: Some CET tests fail with GCC 14
+ [31204] localedata: Fix decimal point and thousands separator for
+ uz_UZ
+ [31205] localedata: Inconsistent (mon_)grouping formats
+ [31218] dynamic-link: PLT rewrite overflows large displacement on x32
+ [31221] localedata: Add localedata for ISO code "tok" (Toki Pona)
+ [31230] dynamic-link: PLT rewrite failed without SELinux
+ [31239] localedata: anp_IN locale: abbreviated month names are the
+ same as the full month names
+ [31244] nptl: pthread_cancel hangs on sparc32
+ [31257] localedata: Sync with CLDR: “Turkey” -> “Türkiye”
+ [31266] string: sparc: string/tst-memmove-overflow fails on 32-bit
+ sparcv9
+ [31276] libc: Wrong condition for heap allocation in qsort_r
\f
Version 2.38