GNU C Library NEWS -- history of user-visible changes.
-Copyright (C) 1992-2023 Free Software Foundation, Inc.
+Copyright (C) 1992-2024 Free Software Foundation, Inc.
See the end for copying conditions.
Please send GNU C library bug reports via <https://sourceware.org/bugzilla/>
using `glibc' in the "product" field.
\f
+Version 2.40
+
+Major new features:
+
+* The <stdbit.h> header type-generic macros have been changed when using
+ GCC 14.1 or later to use __builtin_stdc_bit_ceil etc. built-in functions
+ in order to support unsigned __int128 and/or unsigned _BitInt(N) operands
+ with arbitrary precisions when supported by the target.
+
+* The GNU C Library now supports a feature test macro _ISOC23_SOURCE to
+ enable features from the ISO C23 standard. Only some features from
+ this standard are supported by the GNU C Library. The older name
+ _ISOC2X_SOURCE is still supported. Features from C23 are also enabled
+ by _GNU_SOURCE, or by compiling with the GCC options -std=c23,
+ -std=gnu23, -std=c2x or -std=gnu2x.
+
+* A new tunable, glibc.rtld.enable_secure, used to run a program
+ as if it were a setuid process. This is currently a testing tool to allow
+ more extensive verification tests for AT_SECURE programs and not meant to
+ be a security feature.
+
+Deprecated and removed features, and other changes affecting compatibility:
+
+ [Add deprecations, removals and changes affecting compatibility here]
+
+Changes to build and runtime requirements:
+
+ [Add changes to build and runtime requirements here]
+
+Security related changes:
+
+The following CVEs were fixed in this release, details of which can be
+found in the advisories directory of the release tarball:
+
+ [The release manager will add the list generated by
+ scripts/process-advisories.sh just before the release.]
+
+The following bugs are resolved with this release:
+
+ [The release manager will add the list generated by
+ scripts/list-fixed-bugs.py just before the release.]
+\f
+Version 2.39
+
+Major new features:
+
+* A new tunable, glibc.cpu.plt_rewrite, can be used to enable PLT
+ rewrite on x86-64. When enabled with non-lazy binding, the dynamic
+ linker will rewrite indirect branches in PLT with direct branches.
+
+* Sync with Linux kernel 6.6 shadow stack interface. The --enable-cet
+ configure option is only supported on x86-64.
+
+* struct statvfs now has an f_type member, equal to the f_type statfs member;
+ on the Hurd this was always available under a reserved name,
+ and under Linux a spare has been allocated: it was always zero
+ in previous versions of glibc, and zero is not a valid result.
+
+* On Linux, the functions posix_spawnattr_getcgroup_np and
+ posix_spawnattr_setcgroup_np have been added, along with the
+ POSIX_SPAWN_SETCGROUP flag. They allow posix_spawn and posix_spawnp
+ to set the cgroupv2 in the new process in a race-free manner. These
+ functions are GNU extensions and require a kernel with clone3 support.
+
+* On Linux, the pidfd_spawn and pidfd_spawp functions have been added.
+ They have a similar prototype and semantic as posix_spawn, but instead of
+ returning a process ID, they return a file descriptor that can be used
+ along other pidfd functions (like pidfd_send_signal, poll, or waitid).
+ The pidfd functionality avoids the issue of PID reuse with the traditional
+ posix_spawn interface.
+
+* On Linux, the pidfd_getpid function has been added. It allows retrieving
+ the process ID associated with the process file descriptor created by
+ pid_spawn, fork_np, or pidfd_open.
+
+* scanf-family functions now support the wN format length modifiers for
+ arguments pointing to types intN_t, int_leastN_t, uintN_t or
+ uint_leastN_t (for example, %w32d to read int32_t or int_least32_t in
+ decimal, or %w32x to read uint32_t or uint_least32_t in hexadecimal)
+ and the wfN format length modifiers for arguments pointing to types
+ int_fastN_t or uint_fastN_t, as specified in draft ISO C2X.
+
+* A new tunable, glibc.mem.decorate_maps, can be used to add additional
+ information on underlying memory allocated by the glibc (for instance,
+ on thread stack created by pthread_create or memory allocated by
+ malloc).
+
+* The <stdbit.h> header has been added from ISO C2X, with
+ stdc_leading_zeros, stdc_leading_ones, stdc_trailing_zeros,
+ stdc_trailing_ones, stdc_first_leading_zero, stdc_first_leading_one,
+ stdc_first_trailing_zero, stdc_first_trailing_one, stdc_count_zeros,
+ stdc_count_ones, stdc_has_single_bit, stdc_bit_width, stdc_bit_floor
+ and stdc_bit_ceil function families, each having functions for
+ unsigned char, unsigned short, unsigned int, unsigned long int and
+ unsigned long long int, and a type-generic macro.
+
+* On AArch64 new symbols were added to libmvec and now math.h has
+ annotations to allow GCC 9 or newer to auto-vectorize calls to the
+ following scalar math functions when -ffast-math is specified:
+ acos, acosf, asin, asinf, atan, atanf, atan2, atan2f, cos, cosf,
+ exp, expf, exp10, exp10f, exp2, exp2f, expm1, expm1f, log, logf,
+ log10, log10f, log1p, log1pf, log2, log2f, sin, sinf, tan, tanf.
+
+Deprecated and removed features, and other changes affecting compatibility:
+
+* The ldconfig program now skips file names containing ';' or ending in
+ ".dpkg.tmp" or ".dpkg.new", to avoid examining temporary files created
+ by the RPM and dpkg package managers.
+
+* libcrypt has been removed from the GNU C Library. The configure
+ options "--enable-crypt" and "--enable-nss-crypt" are no longer
+ available. <crypt.h>, libcrypt.a, and libcrypt.so.1 will not be
+ installed. For now <unistd.h> continues to declare the crypt
+ function by default, to avoid introducing vulnerabilities into
+ existing applications due to a missing prototype. This declaration
+ is deprecated and may be removed in a future glibc release.
+
+ The replacement for libcrypt is libxcrypt, maintained separately from
+ GNU libc, but available under compatible licensing terms, and providing
+ binary backward compatibility with the former libcrypt. It is currently
+ distributed from <https://github.com/besser82/libxcrypt/>.
+
+ As a consequence of this removal, GNU libc no longer makes any use of
+ the NSS cryptography library (Network Security Services; not to be
+ confused with Name Service Switch). Distributors of binary packages
+ of GNU libc are advised to check whether their build processes can be
+ simplified.
+
+* The dynamic linker calls the malloc and free functions in more cases
+ during TLS access if a shared object with dynamic TLS is loaded and
+ unloaded. This can result in an infinite recursion if a malloc
+ replacement library or its dependencies use dynamic TLS instead of
+ initial-exec TLS.
+
+* The ia64*-*-linux-gnu configurations are no longer supported.
+
+Changes to build and runtime requirements:
+
+* Building on LoongArch requires at a minimum binutils 2.41 for vector
+ instructions.
+
+Security related changes:
+
+The following CVEs were fixed in this release, details of which can be
+found in the advisories directory of the release tarball:
+
+ GLIBC-SA-2023-0002:
+ getaddrinfo: Stack read overflow in no-aaaa mode (CVE-2023-4527)
+
+ GLIBC-SA-2023-0003:
+ getaddrinfo: Potential use-after-free (CVE-2023-4806)
+
+ GLIBC-SA-2023-0004:
+ tunables: local privilege escalation through buffer overflow
+ (CVE-2023-4911)
+
+ GLIBC-SA-2024-0001:
+ syslog: Heap buffer overflow in __vsyslog_internal (CVE-2023-6246)
+
+ GLIBC-SA-2024-0002:
+ syslog: Heap buffer overflow in __vsyslog_internal (CVE-2023-6779)
+
+ GLIBC-SA-2024-0003:
+ syslog: Integer overflow in __vsyslog_internal (CVE-2023-6780)
+
+The following bugs are resolved with this release:
+
+ [14522] localedata: fy_DE: LC_IDENTIFICATION data looks weird
+ [19305] libc: qsort() should return early if (nmemb <= 1)
+ [19479] localedata: gbm_IN: new Garhwali Locale
+ [19924] dynamic-link: TLS performance degradation after dlopen
+ [19956] localedata: ssy_ER: rename from aa_ER@saaho
+ [21719] libc: stdlib/msort : optimizing merge sort
+ [22526] localedata: th_TH LC_COLLATE does not use copy "iso14651_t1"
+ [23012] localedata: el_GR: Greece now uses the 24h format for time
+ [23172] localedata: miq_NI: Provide actually abbreviated month names
+ [24006] localedata: Cyclic dependencies via copy in locales
+ [24013] localedata: am_pm definitions for es_ES
+ [24386] localedata: crh_RU: new locale
+ [24877] localedata: [Redundant Data] Remove redundant data between
+ en_NZ and en_AU
+ [25868] localedata: Incorrect trailing spaces in weekday names for
+ nn_NO
+ [26752] localedata: Please add the new locale zgh_MA
+ [27069] dynamic-link: Need a way to tell if a tunable is set by user
+ [27163] localedata: Error on test glk_IR with localedef
+ [27312] localedata: su_ID: new Sundanese locale
+ [27547] manual: "Summary of malloc-Related Functions" shows wrong
+ argument order for `aligned_alloc` and `memalign`
+ [27574] libc: glibc should probably not define __WORDSIZE=64 for
+ __sparcv9
+ [27601] localedata: License information update in
+ localedata/locales/ast_ES
+ [28558] localedata: it_IT LC_MONETARY outdated p_cs_precedes and
+ n_cs_precedes
+ [28787] localedata: Add information for Occitan
+ [29039] dynamic-link: Corrupt DTV after reuse of a TLS module ID
+ following dlclose with unused TLS
+ [29486] localedata: New Zealand locales (en_NZ & mi_NZ) first day of
+ week should be Monday
+ [29504] localedata: Incorrect/misleading Time Format For ms_MY (AM/PM)
+ [29506] localedata: UTF-8 HANGUL SYLLABLE bugs
+ [30349] libc: Support returning a pidfd from posix_spawn()
+ [30412] localedata: d_t_fmt in id_ID uses %r placeholder but am_pm and
+ t_fmt_ampm are undefined
+ [30605] localedata: New locale for Komi language
+ [30649] localedata: [PATCH] Add transliteration of common emojis to
+ smileys
+ [30694] locale: The iconv program no longer tells the user which given
+ encoding name was wrong
+ [30709] nscd: nscd fails to build with cleanup handler if built with
+ -fexceptions
+ [30737] libc: fdopendir() is not robust - returns bogus DIR* instead
+ of flagging an error
+ [30740] build: [m68k] undefined reference to
+ `_wordcopy_fwd_dest_aligned'
+ [30745] libc: Slight bug in cache info codes for x86
+ [30750] network: Unaligned accesses in resolver
+ [30773] math: [m68k] busybox awk is broken (lshift.S related)
+ [30789] libc: [2.38 Regression] sem_open will fail on multithreaded
+ scenarios when semaphore file doesn't exist (O_CREAT)
+ [30800] nscd: Improper assert in prune_cache triggers if clock jumps
+ backwards
+ [30804] libc: F_GETLK, F_SETLK, and F_SETLKW value change for
+ powerpc64 with -D_FILE_OFFSET_BITS=64
+ [30842] network: Stack read overflow in getaddrinfo in no-aaaa mode
+ (CVE-2023-4527)
+ [30843] network: potential use-after-free in getcanonname
+ (CVE-2023-4806)
+ [30854] localedata: Update locale data to Unicode 15.1.0
+ [30884] network: Memory leak in getaddrinfo after fix for bug 30843
+ (CVE-2023-5156)
+ [30932] libc: Fortify Source has false-positives when too many files
+ are open
+ [30945] malloc: Core affinity setting incurs lock contentions between
+ threads
+ [30960] math: signed integer overflow in
+ glibc/sysdeps/s390/fpu/feenablxcpt.c
+ [30964] locale: Number grouping check mishandles multibyte thousands
+ separator
+ [30981] dynamic-link: dlclose does not properly implement force-first
+ handling
+ [30988] math: fesetexcept raises floating-point exception traps on
+ ppc, ppc64, ppc64le
+ [30989] math: fesetexcept raises floating-point exception traps on
+ i386
+ [30990] libc: fesetexceptflag raises floating-point exception traps on
+ i386, x86_64
+ [30998] math: fesetexceptflag clears too many floating-point exception
+ flags on alpha
+ [31019] manual: The documentation of feenableexcept is incomplete
+ [31022] math: feupdateenv (FE_DFL_ENV) crashes on riscv
+ [31035] libc: Library search path terminates on relative non-directory
+ name
+ [31042] libc: [s390x] .init and .fini padding
+ [31068] libc: sysdeps: sparc: invalid data access in memset due to
+ regression
+ [31078] manual: Code example in "Noncanonical Mode Example" has unused
+ 'char *name;'
+ [31086] localedata: Errors in Tibetan, Dzongkha data
+ [31113] string: Wrong unwind information for rawmemchr on aarch64
+ [31151] libc: [RISC-V] missing support for profile/audit PLT setup
+ [31163] nss: getaddrinfo returns EAI_NONAME in oom situation
+ [31183] stdio: Wide stream buffer size reduced MB_LEN_MAX bytes after
+ bug 17522 fix
+ [31184] dynamic-link: FAIL: elf/tst-tlsgap
+ [31185] dynamic-link: Incorrect thread point access in
+ _dl_tlsdesc_undefweak and _dl_tlsdesc_dynamic
+ [31187] dynamic-link: Some CET tests fail with GCC 14
+ [31204] localedata: Fix decimal point and thousands separator for
+ uz_UZ
+ [31205] localedata: Inconsistent (mon_)grouping formats
+ [31218] dynamic-link: PLT rewrite overflows large displacement on x32
+ [31221] localedata: Add localedata for ISO code "tok" (Toki Pona)
+ [31230] dynamic-link: PLT rewrite failed without SELinux
+ [31239] localedata: anp_IN locale: abbreviated month names are the
+ same as the full month names
+ [31244] nptl: pthread_cancel hangs on sparc32
+ [31257] localedata: Sync with CLDR: “Turkey” -> “Türkiye”
+ [31266] string: sparc: string/tst-memmove-overflow fails on 32-bit
+ sparcv9
+ [31276] libc: Wrong condition for heap allocation in qsort_r
+\f
Version 2.38
Major new features:
Deprecated and removed features, and other changes affecting compatibility:
-* libcrypt is no longer built by default, one may use the "--enable-crypt"
+* libcrypt is no longer built by default; one may use the "--enable-crypt"
option to build libcrypt. libcrypt is likely to be removed from the
GNU C Library in a future release, so it is recommended that
applications port away from it to an alternative such as libxcrypt.
5.4.228, 4.19.270 or 4.14.303.
* The "--disable-experimental-malloc" option is no longer available. The
- per-thread cache can still be disable per-application using tunables
+ per-thread cache can still be disabled per-application using tunables
(glibc.malloc.tcache_count set to zero).
* The configure option "--enable-tunables" has been removed. The tunable
Changes to build and runtime requirements:
- [Add changes to build and runtime requirements here]
+* Building libmvec on AArch64 requires at a minimum GCC 10.1.0 for SVE
+ ACLE.
Security related changes:
The following bugs are resolved with this release:
- [The release manager will add the list generated by
- scripts/list-fixed-bugs.py just before the release.]
+ [178] string: Please add strlcpy and strlcat (attached)
+ [14697] nptl: Behavior of exit is nonconformant with respect to
+ threads and stdio
+ [15142] stdio: Missing locking in _IO_cleanup
+ [18096] glob: null deref in wordexp/parse_dollars/parse_arith
+ [18906] stdio: fopen: ccs value may affect open mode
+ [24466] stdio: Feature request: provide special printf formats for
+ intXX_t
+ [25457] nss: hosts lookup fails for ipv4mapped ipv6 addresses
+ [28519] libc: system and popen should pass "--" between /bin/sh and
+ argument
+ [29016] stdio: popen() sets errno to ENOMEM when shell does not exist
+ [29591] string: wcsnlen length can overflow in page cross case.
+ [30053] time: strftime %s returns -1 after 2038 on 32 bits systems
+ [30068] stdio: incorrect printf output for integers with thousands
+ separator and width field (CVE-2023-25139)
+ [30111] time: support_descriptors_list fails after 2038 on 32 bits
+ systems
+ [30125] dynamic-link: [regression, bisected] glibc-2.37 creates new
+ symlink for libraries without soname
+ [30130] math: [s390] The _FPU_SETCW macro yields compile error with
+ Clang
+ [30156] time: Potential ntp_gettime abi break
+ [30235] libc: Missing fallback in getlogin if loginuid is unset
+ [30258] dynamic-link: sprof cannot read and display shared object
+ profiling data correctly
+ [30263] libc: Add test coverage for abs(), labs(), and llabs().
+ [30305] math: Incorrect asm constraint in feraiseexcept on x86-64
+ [30402] libc: FAIL: elf/tst-glibcelf
+ [30425] dynamic-link: Symbol lookup during dlclose may fail
+ unnecessarily
+ [30435] dynamic-link: Root dir wrongly marked as nonexist in open_path
+ [30477] libc: [RISCV]: time64 does not work on riscv32
+ [30515] dynamic-link: _dl_find_object incorrectly returns 1 during
+ early startup
+ [30527] network: resolv_conf lock not unlocked on allocation failure
+ [30550] math: powerpc64le: GCC-specific code for isinf() is being used
+ on clang
+ [30555] string: strerror can incorrectly return NULL
+ [30579] malloc: trim_threshold in realloc lead to high memory usage
+ [30662] nscd: Group and password cache use errno in place of errval
\f
Version 2.37