GNU C Library NEWS -- history of user-visible changes.
-Copyright (C) 1992-2023 Free Software Foundation, Inc.
+Copyright (C) 1992-2024 Free Software Foundation, Inc.
See the end for copying conditions.
Please send GNU C library bug reports via <https://sourceware.org/bugzilla/>
using `glibc' in the "product" field.
\f
+Version 2.40
+
+Major new features:
+
+* The <stdbit.h> header type-generic macros have been changed when using
+ GCC 14.1 or later to use __builtin_stdc_bit_ceil etc. built-in functions
+ in order to support unsigned __int128 and/or unsigned _BitInt(N) operands
+ with arbitrary precisions when supported by the target.
+
+* The GNU C Library now supports a feature test macro _ISOC23_SOURCE to
+ enable features from the ISO C23 standard. Only some features from
+ this standard are supported by the GNU C Library. The older name
+ _ISOC2X_SOURCE is still supported. Features from C23 are also enabled
+ by _GNU_SOURCE, or by compiling with the GCC options -std=c23,
+ -std=gnu23, -std=c2x or -std=gnu2x.
+
+* A new tunable, glibc.rtld.enable_secure, used to run a program
+ as if it were a setuid process. This is currently a testing tool to allow
+ more extensive verification tests for AT_SECURE programs and not meant to
+ be a security feature.
+
+Deprecated and removed features, and other changes affecting compatibility:
+
+ [Add deprecations, removals and changes affecting compatibility here]
+
+Changes to build and runtime requirements:
+
+ [Add changes to build and runtime requirements here]
+
+Security related changes:
+
+The following CVEs were fixed in this release, details of which can be
+found in the advisories directory of the release tarball:
+
+ [The release manager will add the list generated by
+ scripts/process-advisories.sh just before the release.]
+
+The following bugs are resolved with this release:
+
+ [The release manager will add the list generated by
+ scripts/list-fixed-bugs.py just before the release.]
+\f
+Version 2.39
+
+Major new features:
+
+* A new tunable, glibc.cpu.plt_rewrite, can be used to enable PLT
+ rewrite on x86-64. When enabled with non-lazy binding, the dynamic
+ linker will rewrite indirect branches in PLT with direct branches.
+
+* Sync with Linux kernel 6.6 shadow stack interface. The --enable-cet
+ configure option is only supported on x86-64.
+
+* struct statvfs now has an f_type member, equal to the f_type statfs member;
+ on the Hurd this was always available under a reserved name,
+ and under Linux a spare has been allocated: it was always zero
+ in previous versions of glibc, and zero is not a valid result.
+
+* On Linux, the functions posix_spawnattr_getcgroup_np and
+ posix_spawnattr_setcgroup_np have been added, along with the
+ POSIX_SPAWN_SETCGROUP flag. They allow posix_spawn and posix_spawnp
+ to set the cgroupv2 in the new process in a race-free manner. These
+ functions are GNU extensions and require a kernel with clone3 support.
+
+* On Linux, the pidfd_spawn and pidfd_spawp functions have been added.
+ They have a similar prototype and semantic as posix_spawn, but instead of
+ returning a process ID, they return a file descriptor that can be used
+ along other pidfd functions (like pidfd_send_signal, poll, or waitid).
+ The pidfd functionality avoids the issue of PID reuse with the traditional
+ posix_spawn interface.
+
+* On Linux, the pidfd_getpid function has been added. It allows retrieving
+ the process ID associated with the process file descriptor created by
+ pid_spawn, fork_np, or pidfd_open.
+
+* scanf-family functions now support the wN format length modifiers for
+ arguments pointing to types intN_t, int_leastN_t, uintN_t or
+ uint_leastN_t (for example, %w32d to read int32_t or int_least32_t in
+ decimal, or %w32x to read uint32_t or uint_least32_t in hexadecimal)
+ and the wfN format length modifiers for arguments pointing to types
+ int_fastN_t or uint_fastN_t, as specified in draft ISO C2X.
+
+* A new tunable, glibc.mem.decorate_maps, can be used to add additional
+ information on underlying memory allocated by the glibc (for instance,
+ on thread stack created by pthread_create or memory allocated by
+ malloc).
+
+* The <stdbit.h> header has been added from ISO C2X, with
+ stdc_leading_zeros, stdc_leading_ones, stdc_trailing_zeros,
+ stdc_trailing_ones, stdc_first_leading_zero, stdc_first_leading_one,
+ stdc_first_trailing_zero, stdc_first_trailing_one, stdc_count_zeros,
+ stdc_count_ones, stdc_has_single_bit, stdc_bit_width, stdc_bit_floor
+ and stdc_bit_ceil function families, each having functions for
+ unsigned char, unsigned short, unsigned int, unsigned long int and
+ unsigned long long int, and a type-generic macro.
+
+* On AArch64 new symbols were added to libmvec and now math.h has
+ annotations to allow GCC 9 or newer to auto-vectorize calls to the
+ following scalar math functions when -ffast-math is specified:
+ acos, acosf, asin, asinf, atan, atanf, atan2, atan2f, cos, cosf,
+ exp, expf, exp10, exp10f, exp2, exp2f, expm1, expm1f, log, logf,
+ log10, log10f, log1p, log1pf, log2, log2f, sin, sinf, tan, tanf.
+
+Deprecated and removed features, and other changes affecting compatibility:
+
+* The ldconfig program now skips file names containing ';' or ending in
+ ".dpkg.tmp" or ".dpkg.new", to avoid examining temporary files created
+ by the RPM and dpkg package managers.
+
+* libcrypt has been removed from the GNU C Library. The configure
+ options "--enable-crypt" and "--enable-nss-crypt" are no longer
+ available. <crypt.h>, libcrypt.a, and libcrypt.so.1 will not be
+ installed. For now <unistd.h> continues to declare the crypt
+ function by default, to avoid introducing vulnerabilities into
+ existing applications due to a missing prototype. This declaration
+ is deprecated and may be removed in a future glibc release.
+
+ The replacement for libcrypt is libxcrypt, maintained separately from
+ GNU libc, but available under compatible licensing terms, and providing
+ binary backward compatibility with the former libcrypt. It is currently
+ distributed from <https://github.com/besser82/libxcrypt/>.
+
+ As a consequence of this removal, GNU libc no longer makes any use of
+ the NSS cryptography library (Network Security Services; not to be
+ confused with Name Service Switch). Distributors of binary packages
+ of GNU libc are advised to check whether their build processes can be
+ simplified.
+
+* The dynamic linker calls the malloc and free functions in more cases
+ during TLS access if a shared object with dynamic TLS is loaded and
+ unloaded. This can result in an infinite recursion if a malloc
+ replacement library or its dependencies use dynamic TLS instead of
+ initial-exec TLS.
+
+* The ia64*-*-linux-gnu configurations are no longer supported.
+
+Changes to build and runtime requirements:
+
+* Building on LoongArch requires at a minimum binutils 2.41 for vector
+ instructions.
+
+Security related changes:
+
+The following CVEs were fixed in this release, details of which can be
+found in the advisories directory of the release tarball:
+
+ GLIBC-SA-2023-0002:
+ getaddrinfo: Stack read overflow in no-aaaa mode (CVE-2023-4527)
+
+ GLIBC-SA-2023-0003:
+ getaddrinfo: Potential use-after-free (CVE-2023-4806)
+
+ GLIBC-SA-2023-0004:
+ tunables: local privilege escalation through buffer overflow
+ (CVE-2023-4911)
+
+ GLIBC-SA-2024-0001:
+ syslog: Heap buffer overflow in __vsyslog_internal (CVE-2023-6246)
+
+ GLIBC-SA-2024-0002:
+ syslog: Heap buffer overflow in __vsyslog_internal (CVE-2023-6779)
+
+ GLIBC-SA-2024-0003:
+ syslog: Integer overflow in __vsyslog_internal (CVE-2023-6780)
+
+The following bugs are resolved with this release:
+
+ [14522] localedata: fy_DE: LC_IDENTIFICATION data looks weird
+ [19305] libc: qsort() should return early if (nmemb <= 1)
+ [19479] localedata: gbm_IN: new Garhwali Locale
+ [19924] dynamic-link: TLS performance degradation after dlopen
+ [19956] localedata: ssy_ER: rename from aa_ER@saaho
+ [21719] libc: stdlib/msort : optimizing merge sort
+ [22526] localedata: th_TH LC_COLLATE does not use copy "iso14651_t1"
+ [23012] localedata: el_GR: Greece now uses the 24h format for time
+ [23172] localedata: miq_NI: Provide actually abbreviated month names
+ [24006] localedata: Cyclic dependencies via copy in locales
+ [24013] localedata: am_pm definitions for es_ES
+ [24386] localedata: crh_RU: new locale
+ [24877] localedata: [Redundant Data] Remove redundant data between
+ en_NZ and en_AU
+ [25868] localedata: Incorrect trailing spaces in weekday names for
+ nn_NO
+ [26752] localedata: Please add the new locale zgh_MA
+ [27069] dynamic-link: Need a way to tell if a tunable is set by user
+ [27163] localedata: Error on test glk_IR with localedef
+ [27312] localedata: su_ID: new Sundanese locale
+ [27547] manual: "Summary of malloc-Related Functions" shows wrong
+ argument order for `aligned_alloc` and `memalign`
+ [27574] libc: glibc should probably not define __WORDSIZE=64 for
+ __sparcv9
+ [27601] localedata: License information update in
+ localedata/locales/ast_ES
+ [28558] localedata: it_IT LC_MONETARY outdated p_cs_precedes and
+ n_cs_precedes
+ [28787] localedata: Add information for Occitan
+ [29039] dynamic-link: Corrupt DTV after reuse of a TLS module ID
+ following dlclose with unused TLS
+ [29486] localedata: New Zealand locales (en_NZ & mi_NZ) first day of
+ week should be Monday
+ [29504] localedata: Incorrect/misleading Time Format For ms_MY (AM/PM)
+ [29506] localedata: UTF-8 HANGUL SYLLABLE bugs
+ [30349] libc: Support returning a pidfd from posix_spawn()
+ [30412] localedata: d_t_fmt in id_ID uses %r placeholder but am_pm and
+ t_fmt_ampm are undefined
+ [30605] localedata: New locale for Komi language
+ [30649] localedata: [PATCH] Add transliteration of common emojis to
+ smileys
+ [30694] locale: The iconv program no longer tells the user which given
+ encoding name was wrong
+ [30709] nscd: nscd fails to build with cleanup handler if built with
+ -fexceptions
+ [30737] libc: fdopendir() is not robust - returns bogus DIR* instead
+ of flagging an error
+ [30740] build: [m68k] undefined reference to
+ `_wordcopy_fwd_dest_aligned'
+ [30745] libc: Slight bug in cache info codes for x86
+ [30750] network: Unaligned accesses in resolver
+ [30773] math: [m68k] busybox awk is broken (lshift.S related)
+ [30789] libc: [2.38 Regression] sem_open will fail on multithreaded
+ scenarios when semaphore file doesn't exist (O_CREAT)
+ [30800] nscd: Improper assert in prune_cache triggers if clock jumps
+ backwards
+ [30804] libc: F_GETLK, F_SETLK, and F_SETLKW value change for
+ powerpc64 with -D_FILE_OFFSET_BITS=64
+ [30842] network: Stack read overflow in getaddrinfo in no-aaaa mode
+ (CVE-2023-4527)
+ [30843] network: potential use-after-free in getcanonname
+ (CVE-2023-4806)
+ [30854] localedata: Update locale data to Unicode 15.1.0
+ [30884] network: Memory leak in getaddrinfo after fix for bug 30843
+ (CVE-2023-5156)
+ [30932] libc: Fortify Source has false-positives when too many files
+ are open
+ [30945] malloc: Core affinity setting incurs lock contentions between
+ threads
+ [30960] math: signed integer overflow in
+ glibc/sysdeps/s390/fpu/feenablxcpt.c
+ [30964] locale: Number grouping check mishandles multibyte thousands
+ separator
+ [30981] dynamic-link: dlclose does not properly implement force-first
+ handling
+ [30988] math: fesetexcept raises floating-point exception traps on
+ ppc, ppc64, ppc64le
+ [30989] math: fesetexcept raises floating-point exception traps on
+ i386
+ [30990] libc: fesetexceptflag raises floating-point exception traps on
+ i386, x86_64
+ [30998] math: fesetexceptflag clears too many floating-point exception
+ flags on alpha
+ [31019] manual: The documentation of feenableexcept is incomplete
+ [31022] math: feupdateenv (FE_DFL_ENV) crashes on riscv
+ [31035] libc: Library search path terminates on relative non-directory
+ name
+ [31042] libc: [s390x] .init and .fini padding
+ [31068] libc: sysdeps: sparc: invalid data access in memset due to
+ regression
+ [31078] manual: Code example in "Noncanonical Mode Example" has unused
+ 'char *name;'
+ [31086] localedata: Errors in Tibetan, Dzongkha data
+ [31113] string: Wrong unwind information for rawmemchr on aarch64
+ [31151] libc: [RISC-V] missing support for profile/audit PLT setup
+ [31163] nss: getaddrinfo returns EAI_NONAME in oom situation
+ [31183] stdio: Wide stream buffer size reduced MB_LEN_MAX bytes after
+ bug 17522 fix
+ [31184] dynamic-link: FAIL: elf/tst-tlsgap
+ [31185] dynamic-link: Incorrect thread point access in
+ _dl_tlsdesc_undefweak and _dl_tlsdesc_dynamic
+ [31187] dynamic-link: Some CET tests fail with GCC 14
+ [31204] localedata: Fix decimal point and thousands separator for
+ uz_UZ
+ [31205] localedata: Inconsistent (mon_)grouping formats
+ [31218] dynamic-link: PLT rewrite overflows large displacement on x32
+ [31221] localedata: Add localedata for ISO code "tok" (Toki Pona)
+ [31230] dynamic-link: PLT rewrite failed without SELinux
+ [31239] localedata: anp_IN locale: abbreviated month names are the
+ same as the full month names
+ [31244] nptl: pthread_cancel hangs on sparc32
+ [31257] localedata: Sync with CLDR: “Turkey” -> “Türkiye”
+ [31266] string: sparc: string/tst-memmove-overflow fails on 32-bit
+ sparcv9
+ [31276] libc: Wrong condition for heap allocation in qsort_r
+\f
Version 2.38
Major new features:
wcstoull_l, wcstoimax, wcstoumax, wcstoq, wcstouq. Similarly, the
following functions support binary integers prefixed by 0b or 0B as
input to the %i format: fscanf, scanf, sscanf, vscanf, vsscanf,
- vfscanf, fwscanf, wscanf, swscanf, vfwscanf, vwscanf, vswscanf.
+ vfscanf, fwscanf, wscanf, swscanf, vfwscanf, vwscanf, vswscanf; those
+ functions also support the %b format for binary integers, with or
+ without such a prefix and independent of standards mode.
-* PRIb* and PRIB* macros from C2X have been added to <inttypes.h>.
+* PRIb*, PRIB* and SCNb* macros from C2X have been added to
+ <inttypes.h>.
* printf-family functions now support the wN format length modifiers for
arguments of type intN_t, int_leastN_t, uintN_t or uint_leastN_t (for
- x86_64-gnu
-* Added libmvec vector math library support to AArch64. It requires
- GCC version >= 10.1.0. It can be disabled via --disable-mathvec,
- however that is not a supported configuration as it changes the ABI.
- The symbol names follow the AArch64 vector ABI, they are declared
- in math.h and have to be called manually at this point.
+* Vector math library libmvec support has been added to AArch64. It
+ requires GCC version >= 10.1.0. It can be disabled via
+ "--disable-mathvec", however that is not a supported configuration as
+ it changes the ABI. The symbol names follow the AArch64 vector ABI,
+ they are declared in math.h and have to be called manually at this point.
* The strlcpy and strlcat functions have been added. They are derived
from OpenBSD, and are expected to be added to a future POSIX version.
+* A new configure option, "--enable-fortify-source", can be used to build the
+ GNU C Library with _FORTIFY_SOURCE. The level of fortification can either be
+ provided, or is set to the highest value supported by the compiler. If not
+ explicitly enabled, then fortify source is forcibly disabled so to keep
+ original behavior unchanged.
+
Deprecated and removed features, and other changes affecting compatibility:
+* libcrypt is no longer built by default; one may use the "--enable-crypt"
+ option to build libcrypt. libcrypt is likely to be removed from the
+ GNU C Library in a future release, so it is recommended that
+ applications port away from it to an alternative such as libxcrypt.
+
* In the Linux kernel for the hppa/parisc architecture some of the
MADV_XXX constants were changed to have the same values as the other
architectures. New programs compiled with this glibc version and which
alternatively stable kernels from versions 6.1.6, 5.15.87, 5.10.163,
5.4.228, 4.19.270 or 4.14.303.
-* The --disable-experimental-malloc is no longer available. The per-thread
- cache can still be disable per-application using tunables
+* The "--disable-experimental-malloc" option is no longer available. The
+ per-thread cache can still be disabled per-application using tunables
(glibc.malloc.tcache_count set to zero).
-* The configure option --enable-tunables has been removed. The tunable
+* The configure option "--enable-tunables" has been removed. The tunable
feature is now always enabled.
Changes to build and runtime requirements:
- [Add changes to build and runtime requirements here]
+* Building libmvec on AArch64 requires at a minimum GCC 10.1.0 for SVE
+ ACLE.
Security related changes:
The following bugs are resolved with this release:
- [The release manager will add the list generated by
- scripts/list-fixed-bugs.py just before the release.]
+ [178] string: Please add strlcpy and strlcat (attached)
+ [14697] nptl: Behavior of exit is nonconformant with respect to
+ threads and stdio
+ [15142] stdio: Missing locking in _IO_cleanup
+ [18096] glob: null deref in wordexp/parse_dollars/parse_arith
+ [18906] stdio: fopen: ccs value may affect open mode
+ [24466] stdio: Feature request: provide special printf formats for
+ intXX_t
+ [25457] nss: hosts lookup fails for ipv4mapped ipv6 addresses
+ [28519] libc: system and popen should pass "--" between /bin/sh and
+ argument
+ [29016] stdio: popen() sets errno to ENOMEM when shell does not exist
+ [29591] string: wcsnlen length can overflow in page cross case.
+ [30053] time: strftime %s returns -1 after 2038 on 32 bits systems
+ [30068] stdio: incorrect printf output for integers with thousands
+ separator and width field (CVE-2023-25139)
+ [30111] time: support_descriptors_list fails after 2038 on 32 bits
+ systems
+ [30125] dynamic-link: [regression, bisected] glibc-2.37 creates new
+ symlink for libraries without soname
+ [30130] math: [s390] The _FPU_SETCW macro yields compile error with
+ Clang
+ [30156] time: Potential ntp_gettime abi break
+ [30235] libc: Missing fallback in getlogin if loginuid is unset
+ [30258] dynamic-link: sprof cannot read and display shared object
+ profiling data correctly
+ [30263] libc: Add test coverage for abs(), labs(), and llabs().
+ [30305] math: Incorrect asm constraint in feraiseexcept on x86-64
+ [30402] libc: FAIL: elf/tst-glibcelf
+ [30425] dynamic-link: Symbol lookup during dlclose may fail
+ unnecessarily
+ [30435] dynamic-link: Root dir wrongly marked as nonexist in open_path
+ [30477] libc: [RISCV]: time64 does not work on riscv32
+ [30515] dynamic-link: _dl_find_object incorrectly returns 1 during
+ early startup
+ [30527] network: resolv_conf lock not unlocked on allocation failure
+ [30550] math: powerpc64le: GCC-specific code for isinf() is being used
+ on clang
+ [30555] string: strerror can incorrectly return NULL
+ [30579] malloc: trim_threshold in realloc lead to high memory usage
+ [30662] nscd: Group and password cache use errno in place of errval
\f
Version 2.37
projects / thirdparty / glibc.git / blobdiff