\f
Version 2.28.1
+Major new features:
+
+* The entry for the new Japanese era has been added for ja_JP locale.
+
+Deprecated and removed features, and other changes affecting compatibility:
+
+* For powercp64le ABI, Transactional Lock Elision is now enabled iff kernel
+ indicates that it will abort the transaction prior to entering the kernel
+ (PPC_FEATURE2_HTM_NOSC on hwcap2). On older kernels the transaction is
+ suspended, and this caused some undefined side-effects issues by aborting
+ transactions manually. Glibc avoided it by abort transactions manually on
+ each syscall, but it lead to performance issues on newer kernels where the
+ HTM state is saved and restore lazily (the state being saved even when the
+ process actually does not use HTM).
+
+* The copy_file_range function fails with ENOSYS if the kernel does not
+ support the system call of the same name. Previously, user space
+ emulation was performed, but its behavior did not match the kernel
+ behavior, which was deemed too confusing. Applications which use the
+ copy_file_range function will have to be run on kernels which implement
+ the copy_file_range system call. Support for most architectures was added
+ in version 4.5 of the mainline Linux kernel.
+
The following bugs are resolved with this release:
+ [18035] Fix pldd hang
[19444] build failures with -O1 due to -Wmaybe-uninitialized
+ [20018] getaddrinfo should reject IP addresses with trailing characters
[20209] localedata: Spelling mistake for Sunday in Greenlandic kl_GL
+ [20568] Fix crash in _IO_wfile_sync
[22927] libanl: properly cleanup if first helper thread creation failed
[23400] stdlib/test-bz22786.c creates temporary files in glibc source tree
[23497] readdir64@GLIBC_2.1 cannot parse the kernel directory stream
[23717] Fix stack overflow in stdlib/tst-setcontext9
[23821] si_band in siginfo_t has wrong type long int on sparc64
[23822] ia64 static libm.a is missing exp2f, log2f and powf symbols
+ [23864] libc: [riscv] missing kernel-features.h undefines
+ [23844] pthread_rwlock_trywrlock results in hang
[23927] Linux if_nametoindex() does not close descriptor (CVE-2018-19591)
[23972] __old_getdents64 uses wrong d_off value on overflow
[24018] gettext may return NULL
[24022] riscv may lack <asm/syscalls.h>
+ [24024] strerror() might set errno to ENOMEM due to -fno-math-error
[24027] malloc: Integer overflow in realloc
[24034] tst-cancel21-static fails with SIGBUS on pre-ARMv7 when using GCC 8
+ [24040] riscv64: unterminated call chain in __thread_start
+ [24097] Can't use 64-bit register for size_t in assembly codes for x32 (CVE-2019-6488)
+ [24155] x32 memcmp can treat positive length as 0 (if sign bit in RDX is set) (CVE-2019-7309)
+ [24161] __run_fork_handlers self-deadlocks in malloc/tst-mallocfork2
+ [24228] old x86 applications that use legacy libio crash on exit
+ [24476] dlfcn: Guard __dlerror_main_freeres with __libc_once_get (once)
+ [24744] io: Remove the copy_file_range emulation.
+ [25203] libio: Disable vtable validation for pre-2.1 interposed handles
+ [25204] Ignore LD_PREFER_MAP_32BIT_EXEC for SUID programs
+ [25225] ld.so fails to link on x86 if GCC defaults to -fcf-protection
+ [25232] No const correctness for strchr et al. for Clang++
+ [25414] 'glob' use-after-free bug (CVE-2020-1752)
+ [25423] Array overflow in backtrace on powerpc
+ [25933] Off by one error in __strncmp_avx2
Security related changes:
CVE-2018-19591: A file descriptor leak in if_nametoindex can lead to a
denial of service due to resource exhaustion when processing getaddrinfo
calls with crafted host names. Reported by Guido Vranken.
+
+ CVE-2019-6488: On x32, the size_t parameter may be passed in the lower
+ 32 bits of a 64-bit register with with non-zero upper 32 bit. When it
+ happened, accessing the 32-bit size_t value as the full 64-bit register
+ in the assembly string/memory functions would cause a buffer overflow.
+ Reported by H.J. Lu.
+
+ CVE-2019-7309: x86-64 memcmp used signed Jcc instructions to check
+ size. For x86-64, memcmp on an object size larger than SSIZE_MAX
+ has undefined behavior. On x32, the size_t argument may be passed
+ in the lower 32 bits of the 64-bit RDX register with non-zero upper
+ 32 bits. When it happened with the sign bit of RDX register set,
+ memcmp gave the wrong result since it treated the size argument as
+ zero. Reported by H.J. Lu.
+
+ CVE-2016-10739: The getaddrinfo function could successfully parse IPv4
+ addresses with arbitrary trailing characters, potentially leading to data
+ or command injection issues in applications.
+
+ CVE-2019-9169: Attempted case-insensitive regular-expression match
+ via proceed_next_node in posix/regexec.c leads to heap-based buffer
+ over-read. Reported by Hongxu Chen.
+
+ CVE-2019-19126: ld.so failed to ignore the LD_PREFER_MAP_32BIT_EXEC
+ environment variable during program execution after a security
+ transition, allowing local attackers to restrict the possible mapping
+ addresses for loaded libraries and thus bypass ASLR for a setuid
+ program. Reported by Marcin KoĆcielnicki.
+
+ CVE-2020-1752: A use-after-free vulnerability in the glob function when
+ expanding ~user has been fixed.
+
\f
Version 2.28
[23459] libc: COMMON_CPUID_INDEX_80000001 isn't populated for Intel
processors
[23467] dynamic-link: x86/CET: A property note parser bug
+ [24112] network: Do not send DNS queries for non-host names (where all
+ answers will be rejected)
\f
Version 2.27