GNU C Library NEWS -- history of user-visible changes.
-Copyright (C) 1992-2022 Free Software Foundation, Inc.
+Copyright (C) 1992-2023 Free Software Foundation, Inc.
See the end for copying conditions.
Please send GNU C library bug reports via <https://sourceware.org/bugzilla/>
using `glibc' in the "product" field.
\f
+Version 2.38
+
+Major new features:
+
+* When C2X features are enabled and the base argument is 0 or 2, the
+ following functions support binary integers prefixed by 0b or 0B as
+ input: strtol, strtoll, strtoul, strtoull, strtol_l, strtoll_l,
+ strtoul_l, strtoull_l, strtoimax, strtoumax, strtoq, strtouq, wcstol,
+ wcstoll, wcstoul, wcstoull, wcstol_l, wcstoll_l, wcstoul_l,
+ wcstoull_l, wcstoimax, wcstoumax, wcstoq, wcstouq. Similarly, the
+ following functions support binary integers prefixed by 0b or 0B as
+ input to the %i format: fscanf, scanf, sscanf, vscanf, vsscanf,
+ vfscanf, fwscanf, wscanf, swscanf, vfwscanf, vwscanf, vswscanf.
+
+* PRIb* and PRIB* macros from C2X have been added to <inttypes.h>.
+
+Deprecated and removed features, and other changes affecting compatibility:
+
+* In the Linux kernel for the hppa/parisc architecture some of the
+ MADV_XXX constants were changed to have the same values as the other
+ architectures. New programs compiled with this glibc version and which
+ use the madvise call will require at least Linux kernel version 6.2,
+ alternatively stable kernels from versions 6.1.6, 5.15.87, 5.10.163,
+ 5.4.228, 4.19.270 or 4.14.303.
+
+* The --disable-experimental-malloc is no longer available. The per-thread
+ cache can still be disable per-application using tunables
+ (glibc.malloc.tcache_count set to zero).
+
+* The configure option --enable-tunables has been removed. The tunable
+ feature is now always enabled.
+
+Changes to build and runtime requirements:
+
+ [Add changes to build and runtime requirements here]
+
+Security related changes:
+
+ CVE-2023-25139: When the printf family of functions is called with a
+ format specifier that uses an <apostrophe> (enable grouping) and a
+ minimum width specifier, the resulting output could be larger than
+ reasonably expected by a caller that computed a tight bound on the
+ buffer size. The resulting larger than expected output could result
+ in a buffer overflow in the printf family of functions.
+
+The following bugs are resolved with this release:
+
+ [The release manager will add the list generated by
+ scripts/list-fixed-bugs.py just before the release.]
+\f
+Version 2.37
+
+Major new features:
+
+* The getent tool now supports the --no-addrconfig option. The output of
+ getent with --no-addrconfig may contain addresses of families not
+ configured on the current host i.e. as-if you had not passed
+ AI_ADDRCONFIG to getaddrinfo calls.
+
+Deprecated and removed features, and other changes affecting compatibility:
+
+* The dynamic linker no longer loads shared objects from the "tls"
+ subdirectories on the library search path or the subdirectory that
+ corresponds to the AT_PLATFORM system name, or employs the legacy AT_HWCAP
+ search mechanism, which was deprecated in version 2.33.
+
+Security related changes:
+
+ CVE-2022-39046: When the syslog function is passed a crafted input
+ string larger than 1024 bytes, it reads uninitialized memory from the
+ heap and prints it to the target log file, potentially revealing a
+ portion of the contents of the heap.
+
+The following bugs are resolved with this release:
+
+ [12154] network: Cannot resolve hosts which have wildcard aliases
+ [12165] libc: readdir: Do not skip entries with zero d_ino values
+ [19444] build: build failures with -O1 due to -Wmaybe-uninitialized
+ [24774] nptl: pthread_rwlock_timedwrlock stalls on ARM
+ [24816] nss: nss/tst-nss-files-hosts-long fails when no interface has
+ AF_INET6 address (ie docker)
+ [27087] stdio: PowerPC: Redefinition error with Clang from IEEE
+ redirection headers
+ [28846] network: CMSG_NXTHDR may trigger -Wstrict-overflow warning
+ [28937] dynamic-link: New DSO dependency sorter does not put new map
+ first if in a cycle
+ [29249] libc: csu/libc-tls.c:202: undefined reference to
+ `_startup_fatal_not_constant'
+ [29305] network: Inefficient buffer space usage in nss_dns for
+ gethostbyname and other functions
+ [29375] libc: don't hide MAP_ANONYMOUS behind _GNU_SOURCE
+ [29402] nscd: nscd: No such file or directory
+ [29415] nscd: getaddrinfo with AI_ADDRCONFIG returns addresses with
+ wrong family
+ [29427] dynamic-link: Inconsistency detected by ld.so: dl-printf.c:
+ 200: _dl_debug_vdprintf: Assertion `! "invalid format specifier"'
+ failed!
+ [29463] math: math/test-float128-y1 fails on x86_64
+ [29485] build: Make hangs when the test misc/tst-pidfile returns
+ FAIL_UNSUPPORTED
+ [29490] dynamic-link: [bisected] new __brk_call causes dynamic loader
+ segfault on alpha
+ [29499] build: Check failed on misc/tst-glibcsyscalls while building
+ for RISCV64 on a unmatched hardware
+ [29501] build: Check failed on stdlib/tst-strfrom while building for
+ RISCV64 on a unmatched hardware
+ [29502] libc: alpha sys/acct.h out of date
+ [29514] build: Need to use -fPIE not -fpie
+ [29528] dynamic-link: __libc_early_init not called after dlmopen that
+ reuses namespace
+ [29536] libc: syslog fail to create large messages (CVE-2022-39046)
+ [29537] libc: [2.34 regression]: Alignment issue on m68k when using
+ futexes on qemu-user
+ [29539] libc: LD_TRACE_LOADED_OBJECTS changed how vDSO library are
+ printed
+ [29544] libc: Regression in syslog(3) calls breaks RFC due to extra
+ whitespace
+ [29564] build: Incorrect way to change MAKEFLAGS in Makerules
+ [29576] build: librtld.os: in function `_dl_start_profile':
+ (.text+0x9444): undefined reference to `strcpy'
+ [29578] libc: Definition of SUN_LEN() is wrong
+ [29583] build: iconv failures on 32bit platform due to missing large
+ file support
+ [29600] dynamic-link: dlmopen hangs after loading certain libraries
+ [29604] localedata: Update locale data to Unicode 15.0.0
+ [29605] nscd: Regression in NSCD backend of getaddrinfo
+ [29607] nscd: nscd repeatably crashes calling __strlen_avx2 when hosts
+ cache is enabled
+ [29611] string: Optimized AVX2 string functions unconditionally use
+ BMI2 instructions
+ [29624] malloc: errno is not cleared when entering main
+ [29638] libc: stdlib: arc4random fallback is never used
+ [29657] libc: Incorrect struct stat for 64-bit time on linux/generic
+ platforms
+ [29698] build: Configuring for AArch32 on ARMv8+ disables
+ optimizations
+ [29727] locale: __strtol_internal out-of-bounds read when parsing
+ thousands grouping
+ [29730] libc: broken y2038 support in fstatat on MIPS N64
+ [29746] libc: ppoll() does not switch to __ppoll64 when
+ -D_TIME_BITS=64 and -D_FORTIFY_SOURCE=2 is given on 32bit
+ [29771] libc: Restore IPC_64 support in sysvipc *ctl functions
+ [29780] build: possible parallel make issue in glibc-2.36 (siglist-
+ aux.S: No such file or directory)
+ [29864] libc: __libc_start_main() should obtain program headers
+ address (_dl_phdr) from the auxv, not the ELF header.
+ [29951] time: daylight variable not set correctly if last DST change
+ coincides with offset change
+ [30039] stdio: __vsprintf_internal does not handle unspecified buffer
+ length in fortify mode
+\f
Version 2.36
Major new features: