GNU C Library NEWS -- history of user-visible changes.
-Copyright (C) 1992-2014 Free Software Foundation, Inc.
+Copyright (C) 1992-2015 Free Software Foundation, Inc.
See the end for copying conditions.
Please send GNU C library bug reports via <http://sourceware.org/bugzilla/>
using `glibc' in the "product" field.
\f
+Version 2.21
+
+* The following bugs are resolved with this release:
+
+ 6652, 10672, 12847, 12926, 13862, 14132, 14138, 14171, 14498, 15215,
+ 15884, 16469, 16617, 16619, 16657, 16740, 16857, 17192, 17266, 17344,
+ 17363, 17370, 17371, 17411, 17460, 17475, 17485, 17501, 17506, 17508,
+ 17522, 17555, 17570, 17571, 17572, 17573, 17574, 17581, 17582, 17583,
+ 17584, 17585, 17589, 17594, 17601, 17608, 17616, 17625, 17630, 17633,
+ 17634, 17647, 17653, 17657, 17664, 17665, 17668, 17682, 17717, 17719,
+ 17722, 17723, 17724, 17725, 17732, 17733, 17744, 17745, 17746, 17747,
+ 17775
+
+* i386 memcpy functions optimized with SSE2 unaligned load/store.
+
+* CVE-2104-7817 The wordexp function could ignore the WRDE_NOCMD flag
+ under certain input conditions resulting in the execution of a shell for
+ command substitution when the applicaiton did not request it. The
+ implementation now checks WRDE_NOCMD immediately before executing the
+ shell and returns the error WRDE_CMDSUB as expected.
+
+* CVE-2012-3406 printf-style functions could run into a stack overflow when
+ processing format strings with a large number of format specifiers.
+
+* CVE-2014-9402 The nss_dns implementation of getnetbyname could run into an
+ infinite loop if the DNS response contained a PTR record of an unexpected
+ format.
+
+* The minimum GCC version that can be used to build this version of the GNU
+ C Library is GCC 4.6. Older GCC versions, and non-GNU compilers, can
+ still be used to compile programs using the GNU C Library.
+
+* The GNU C Library is now built with -Werror by default. This can be
+ disabled by configuring with --disable-werror.
+
+* New locales: tu_IN, bh_IN, raj_IN, ce_RU.
+
+* The obsolete sigvec function has been removed. This was the original
+ 4.2BSD interface that inspired the POSIX.1 sigaction interface, which
+ programs have been using instead for about 25 years. Of course, ABI
+ compatibility for old binaries using sigvec remains intact.
+
+* Merged gettext 0.19.3 into the intl subdirectory. This fixes building
+ with newer versions of bison.
+\f
Version 2.20
* The following bugs are resolved with this release:
6804, 9894, 12994, 13347, 13651, 14308, 14770, 15119, 15132, 15347, 15514,
- 15698, 15804, 15894, 15946, 16002, 16064, 16095, 16198, 16284, 16287,
- 16315, 16348, 16349, 16354, 16357, 16362, 16447, 16516, 16532, 16539,
- 16545, 16561, 16562, 16564, 16574, 16599, 16600, 16609, 16610, 16611,
- 16613, 16619, 16623, 16629, 16632, 16634, 16639, 16642, 16648, 16649,
- 16670, 16674, 16677, 16680, 16681, 16683, 16689, 16695, 16701, 16706,
- 16707, 16712, 16713, 16714, 16724, 16731, 16739, 16740, 16743, 16754,
- 16758, 16759, 16760, 16770, 16786, 16789, 16791, 16796, 16799, 16800,
- 16815, 16823, 16824, 16831, 16838, 16839, 16849, 16854, 16876, 16877,
- 16878, 16882, 16885, 16888, 16890, 16892, 16912, 16915, 16916, 16917,
- 16918, 16922, 16927, 16928, 16932, 16943, 16958, 16965, 16966, 16967,
- 16977, 16978, 16984, 16990, 16996, 17009, 17022, 17031, 17042, 17048,
- 17050, 17058, 17061, 17062, 17069, 17075, 17078, 17079, 17084, 17086,
- 17088, 17092, 17097, 17125, 17135, 17137, 17150, 17153, 17213, 17259,
- 17261, 17262.
+ 15698, 15804, 15894, 15946, 16002, 16064, 16095, 16194, 16198, 16275,
+ 16284, 16287, 16315, 16348, 16349, 16354, 16357, 16362, 16447, 16516,
+ 16532, 16539, 16545, 16561, 16562, 16564, 16574, 16599, 16600, 16609,
+ 16610, 16611, 16613, 16619, 16623, 16629, 16632, 16634, 16639, 16642,
+ 16648, 16649, 16670, 16674, 16677, 16680, 16681, 16683, 16689, 16695,
+ 16701, 16706, 16707, 16712, 16713, 16714, 16724, 16731, 16739, 16740,
+ 16743, 16754, 16758, 16759, 16760, 16770, 16786, 16789, 16791, 16796,
+ 16799, 16800, 16815, 16823, 16824, 16831, 16838, 16839, 16849, 16854,
+ 16876, 16877, 16878, 16882, 16885, 16888, 16890, 16892, 16912, 16915,
+ 16916, 16917, 16918, 16922, 16927, 16928, 16932, 16943, 16958, 16965,
+ 16966, 16967, 16977, 16978, 16984, 16990, 16996, 17009, 17022, 17031,
+ 17042, 17048, 17050, 17058, 17061, 17062, 17069, 17075, 17078, 17079,
+ 17084, 17086, 17088, 17092, 17097, 17125, 17135, 17137, 17150, 17153,
+ 17187, 17213, 17259, 17261, 17262, 17263, 17319, 17325, 17354.
+
+* Optimized strchrnul implementation for AArch64. Contributed by ARM Ltd.
* Reverted change of ABI data structures for s390 and s390x:
On s390 and s390x the size of struct ucontext and jmp_buf was increased in
2.19. This change is reverted in 2.20. The introduced 2.19 symbol versions
of getcontext, setjmp, _setjmp, __sigsetjmp, longjmp, _longjmp, siglongjmp
are preserved pointing straight to the same implementation as the old ones.
- Given that, new callers wil simply provide a too-big buffer to these
+ Given that, new callers will simply provide a too-big buffer to these
functions. Any applications/libraries out there that embed jmp_buf or
ucontext_t in an ABI-relevant data structure that have already been rebuilt
against 2.19 headers will have to rebuilt again. This is necessary in any
handle the new instruction encodings. This is known to affect Valgrind
versions up through 3.9 (but will be fixed in the forthcoming 3.10
release), and might affect other tools that do instruction emulation.
+
+* Support for loadable gconv transliteration modules has been removed.
+ The support for transliteration modules has been non-functional for
+ over a decade, and the removal is prompted by security defects. The
+ normal gconv conversion modules are still supported. Transliteration
+ with //TRANSLIT is still possible, and the //IGNORE specifier
+ continues to be supported. (CVE-2014-5119)
+
+* Decoding a crafted input sequence in the character sets IBM933, IBM935,
+ IBM937, IBM939, IBM1364 could result in an out-of-bounds array read,
+ resulting a denial-of-service security vulnerability in applications which
+ use functions related to iconv. (CVE-2014-6040)
\f
Version 2.19
projects / thirdparty / glibc.git / blobdiff