GNU C Library NEWS -- history of user-visible changes.
-Copyright (C) 1992-2017 Free Software Foundation, Inc.
+Copyright (C) 1992-2019 Free Software Foundation, Inc.
See the end for copying conditions.
-Please send GNU C library bug reports via <http://sourceware.org/bugzilla/>
+Please send GNU C library bug reports via <https://sourceware.org/bugzilla/>
using `glibc' in the "product" field.
\f
-Version 2.26
+Version 2.31
-* Unicode 10.0.0 Support: Character encoding, character type info, and
- transliteration tables are all updated to Unicode 10.0.0, using
+Major new features:
+
+* The GNU C Library now supports a feature test macro _ISOC2X_SOURCE to
+ enable features from the draft ISO C2X standard. Only some features from
+ this draft standard are supported by the GNU C Library, and as the draft
+ is under active development, the set of features enabled by this macro is
+ liable to change. Features from C2X are also enabled by _GNU_SOURCE, or
+ by compiling with "gcc -std=gnu2x".
+
+* The <math.h> functions that round their results to a narrower type now
+ have corresponding type-generic macros in <tgmath.h>, as defined in TS
+ 18661-1:2014 and TS 18661-3:2015 as amended by the resolution of
+ Clarification Request 13 to TS 18661-3.
+
+Deprecated and removed features, and other changes affecting compatibility:
+
+* The totalorder and totalordermag functions, and the corresponding
+ functions for other floating-point types, now take pointer arguments to
+ avoid signaling NaNs possibly being converted to quiet NaNs in argument
+ passing. This is in accordance with the resolution of Clarification
+ Request 25 to TS 18661-1, as applied for C2X. Existing binaries that pass
+ floating-point arguments directly will continue to work.
+
+Changes to build and runtime requirements:
+
+ [Add changes to build and runtime requirements here]
+
+Security related changes:
+
+ [Add security related changes here]
+
+The following bugs are resolved with this release:
+
+ [The release manager will add the list generated by
+ scripts/list-fixed-bugs.py just before the release.]
+
+\f
+Version 2.30
+
+Major new features:
+
+* Unicode 12.1.0 Support: Character encoding, character type info, and
+ transliteration tables are all updated to Unicode 12.1.0, using
generator scripts contributed by Mike FABIAN (Red Hat).
-* errno.h is now safe to use from C-preprocessed assembly language on all
- supported operating systems. In this context, it will only define the
- Exxxx constants, as preprocessor macros expanding to integer literals.
+* The dynamic linker accepts the --preload argument to preload shared
+ objects, in addition to the LD_PRELOAD environment variable.
-* The rpcgen, librpcsvc and related headers will only be built and
- installed when glibc is configured with --enable-obsolete-rpc.
- This allows alternative RPC implementations, like TIRPC, to be used
- by default. Applications needing features missing from TIRPC should
- consider the rpcsvc-proto project developed by Thorsten Kukuk (SUSE).
+* The twalk_r function has been added. It is similar to the existing
+ twalk function, but it passes an additional caller-supplied argument
+ to the callback function.
-* The NIS(+) name service modules, libnss_nis, libnss_nisplus, and
- libnss_compat, are deprecated, and will not be built or installed by
- default. Replacement implementations based on TIRPC, which
- additionally support IPv6, are available from
- <https://github.com/thkukuk/libnss_{compat,nis,nisplus}>.
+* On Linux, the getdents64, gettid, and tgkill functions have been added.
-* The NIS(+) support library, libnsl, is deprecated. By default, a
- compatibility shared library will be built and installed, but not
- headers or development libraries.
+* Minguo (Republic of China) calendar support has been added as an
+ alternative calendar for the following locales: zh_TW, cmn_TW, hak_TW,
+ nan_TW, lzh_TW.
- Only a few NIS-related programs require this library.
- A replacement implementation based on TIRPC is available from
- <https://github.com/thkukuk/libnsl>. Like the replacement NIS(+)
- name service modules, the replacement supports IPv6, and it can be
- coinstalled with the compatibility shared library from glibc.
+* The entry for the new Japanese era has been added for ja_JP locale.
-* New configure option --enable-obsolete-nsl will cause libnsl's
- headers, and the NIS(+) name service modules, to be built and
- installed. This option may be removed in a future release.
+* Memory allocation functions malloc, calloc, realloc, reallocarray, valloc,
+ pvalloc, memalign, and posix_memalign fail now with total object size
+ larger than PTRDIFF_MAX. This is to avoid potential undefined behavior with
+ pointer subtraction within the allocated object, where results might
+ overflow the ptrdiff_t type.
-* Extensive new collation tests for Hungarian locales based on
- "The Rules of Hungarian Orthography, 12th edition" and the work of
- Egmont Koblinger (Bug 18934).
+* The dynamic linker no longer refuses to load objects which reference
+ versioned symbols whose implementation has moved to a different soname
+ since the object has been linked. The old error message, symbol
+ FUNCTION-NAME, version SYMBOL-VERSION not defined in file DSO-NAME with
+ link time reference, is gone.
-* The DNS stub resolver no longer performs EDNS fallback. If EDNS or DNSSEC
- support is enabled, the configured recursive resolver must support EDNS.
- (Responding to EDNS-enabled queries with responses which are not
- EDNS-enabled is fine, but FORMERR responses are not.)
+* Add new POSIX-proposed pthread_cond_clockwait, pthread_mutex_clocklock,
+ pthread_rwlock_clockrdlock, pthread_rwlock_clockwrlock and sem_clockwait
+ functions. These behave similarly to their "timed" equivalents, but also
+ accept a clockid_t parameter to determine which clock their timeout should
+ be measured against. All functions allow waiting against CLOCK_MONOTONIC
+ and CLOCK_REALTIME. The decision of which clock to be used is made at the
+ time of the wait (unlike with pthread_condattr_setclock, which requires
+ the clock choice at initialization time).
-* res_mkquery and res_nmkquery no longer support the IQUERY opcode. DNS
- servers have not supported this opcode for a long time.
+* On AArch64 the GNU IFUNC resolver call ABI changed: old resolvers still
+ work, new resolvers can use a second argument which can be extended in
+ the future, currently it contains the AT_HWCAP2 value.
-* The legacy cfree function has been removed. Applications should use the
- free function instead.
+Deprecated and removed features, and other changes affecting compatibility:
-* posix_spawnattr_setflags now supports POSIX_SPAWN_SETSID flag to create a
- new session ID for the posix_spawn and posix_spawnp. It is scheduled to
- be added on next major revision of POSIX, so current support is enabled
- with _GNU_SOURCE.
+* The copy_file_range function fails with ENOSYS if the kernel does not
+ support the system call of the same name. Previously, user space
+ emulation was performed, but its behavior did not match the kernel
+ behavior, which was deemed too confusing. Applications which use the
+ copy_file_range function can no longer rely on glibc to provide a fallback
+ on kernels that do not support the copy_file_range system call, and if
+ this function returns ENOSYS, they will need to use their own fallback.
+ Support for copy_file_range for most architectures was added in version
+ 4.5 of the mainline Linux kernel.
-* The minimum Linux kernel version that this version of the GNU C Library
- can be used with on i[4567]86 and x86_64 is 3.2. A Linux 3.2 or later
- kernel was already required on all other architectures.
+* The functions clock_gettime, clock_getres, clock_settime,
+ clock_getcpuclockid, clock_nanosleep were removed from the librt library
+ for new applications (on architectures which had them). Instead, the
+ definitions in libc will be used automatically, which have been available
+ since glibc 2.17.
-* The obsolete <sys/ultrasound.h> header file has been removed.
+* The obsolete and never-implemented XSI STREAMS header files <stropts.h>
+ and <sys/stropts.h> have been removed.
-* The port to Native Client running on ARMv7-A (--host=arm-nacl) has been
- removed.
+* Support for the "inet6" option in /etc/resolv.conf and the RES_USE_INET6
+ resolver flag (deprecated in glibc 2.25) have been removed.
-* <string.h> no longer includes inline versions of any string functions,
- as this kind of optimization is better done by the compiler. The macros
- __USE_STRING_INLINES and __NO_STRING_INLINES no longer have any effect.
+* The obsolete RES_INSECURE1 and RES_INSECURE2 option flags for the DNS stub
+ resolver have been removed from <resolv.h>.
-* The nonstandard header <xlocale.h> has been removed. Most programs should
- use <locale.h> instead. If you have a specific need for the definition
- of locale_t with no other declarations, please talk to us.
+* With --enable-bind-now, installed programs are now linked with the
+ BIND_NOW flag.
-* The obsolete signal constant SIGUNUSED is no longer defined by <signal.h>.
+* Support for the PowerPC SPE ISA extension (powerpc-*-*gnuspe*
+ configurations) has been removed, following the deprecation of this
+ subarchitecture in version 8 of GCC, and its removal in version 9.
-* The reallocarray function has been added to libc. It is a realloc
- replacement with a check for integer overflow when calculating total
- allocation size.
+* On 32-bit Arm, support for the port-based I/O emulation and the <sys/io.h>
+ header have been removed.
-* New preadv2 and pwritev2 has been added. They are Linux extensions to
- preadv and pwritev with an additional flag argument where it is possible
- to set high priority or use O_DSYNC or O_SYNC for a specific IO operation.
- For complete support it requires Linux kernel version 4.6, otherwise a
- compat implementation will be used (which refuses all flags and routes it
- to preadv or pwritev).
+* The Linux-specific <sys/sysctl.h> header and the sysctl function have been
+ deprecated and will be removed from a future version of glibc.
+ Application should directly access /proc instead. For obtaining random
+ bits, the getentropy function can be used.
-* The stack_t type no longer has the name struct sigaltstack. This changes
- the C++ name mangling for interfaces involving this type.
+Changes to build and runtime requirements:
-* The ucontext_t type no longer has the name struct ucontext. This changes
- the C++ name mangling for interfaces involving this type.
+* GCC 6.2 or later is required to build the GNU C Library.
-* On M68k GNU/Linux and MIPS GNU/Linux, the fpregset_t type no longer has
- the name struct fpregset. On Nios II GNU/Linux, the mcontext_t type no
- longer has the name struct mcontext. On SPARC GNU/Linux, the struct
- mc_fq, struct rwindow, struct fpq and struct fq types are no longer
- defined in sys/ucontext.h, the mc_fpu_t type no longer has the name struct
- mc_fpu, the gwindows_t type no longer has the name struct gwindows and the
- fpregset_t type no longer has the name struct fpu. This changes the C++
- name mangling for interfaces involving those types.
+ Older GCC versions and non-GNU compilers are still supported when
+ compiling programs that use the GNU C Library.
-* The synchronization that pthread_spin_unlock performs has been changed
- to now be equivalent to a C11 atomic store with release memory order to
- the spin lock's memory location. This ensures correct synchronization
- for the spin lock's operations and critical sections protected by a spin
- lock. Previously, several (but not all) architectures used stronger
- synchronization (e.g., containing what is often called a full barrier).
- This change can improve performance, but may affect odd fringe uses of
- spin locks that depend on the previous behavior (e.g., using spin locks
- as atomic variables to try to implement Dekker's mutual exclusion
- algorithm).
+Security related changes:
-* The tunables feature is now enabled by default. This allows users to tweak
- behavior of the GNU C Library using the GLIBC_TUNABLES environment variable.
+ CVE-2019-7309: x86-64 memcmp used signed Jcc instructions to check
+ size. For x86-64, memcmp on an object size larger than SSIZE_MAX
+ has undefined behavior. On x32, the size_t argument may be passed
+ in the lower 32 bits of the 64-bit RDX register with non-zero upper
+ 32 bits. When it happened with the sign bit of RDX register set,
+ memcmp gave the wrong result since it treated the size argument as
+ zero. Reported by H.J. Lu.
-* The s390 specific ptrace requests are adjusted to the kernel ones. Request 12
- is now used for PTRACE_SINGLEBLOCK instead of PTRACE_GETREGS. The requests
- PTRACE_GETREGS, PTRACE_SETREGS, PTRACE_GETFPREGS and PTRACE_SETFPREGS were
- removed as those are not supported by the s390 kernel. The requests
- PTRACE_SINGLEBLOCK, PTRACE_SECCOMP_GET_FILTER, PTRACE_PEEKUSR_AREA,
- PTRACE_POKEUSR_AREA, PTRACE_GET_LAST_BREAK, PTRACE_ENABLE_TE,
- PTRACE_DISABLE_TE and PTRACE_TE_ABORT_RAND were added as those are supported
- by the s390 kernel.
+ CVE-2019-9169: Attempted case-insensitive regular-expression match
+ via proceed_next_node in posix/regexec.c leads to heap-based buffer
+ over-read. Reported by Hongxu Chen.
-* The minimum GCC version that can be used to build this version of the GNU
- C Library is GCC 4.9. Older GCC versions, and non-GNU compilers, can
- still be used to compile programs using the GNU C Library.
+The following bugs are resolved with this release:
-* The minimum GNU Binutils version that can be used to build this version of
- the GNU C Library is Binutils 2.25.
+ [2872] locale: Transliteration Cyrillic -> ASCII fails
+ [6399] libc: gettid() should have a wrapper
+ [16573] malloc: mtrace hangs when MALLOC_TRACE is defined
+ [16976] glob: fnmatch unbounded stack VLA for collating symbols
+ [17396] localedata: globbing for locale by [[.collating-element.]]
+ [18035] dynamic-link: pldd does no longer work, enters infinite loop
+ [18465] malloc: memusagestat is built using system C library
+ [18830] locale: iconv -c -f ascii with >buffer size worth of input before
+ invalid input drops valid char
+ [20188] nptl: libpthread IFUNC resolver for vfork can lead to crash
+ [20568] locale: Segfault with wide characters and setlocale/fgetwc/UTF-8
+ [21897] localedata: Afar locales: Fix mon, abmon, and abday
+ [22964] localedata: The Japanese Era name will be changed on May 1, 2019
+ [23352] malloc: __malloc_check_init still defined in public header
+ malloc.h.
+ [23403] nptl: Wrong alignment of TLS variables
+ [23501] libc: nftw() doesn't return dangling symlink's inode
+ [23733] malloc: Check the count before calling tcache_get()
+ [23741] malloc: Missing __attribute_alloc_size__ in many allocation
+ functions
+ [23831] localedata: nl_NL missing LC_NUMERIC thousands_sep
+ [23844] nptl: pthread_rwlock_trywrlock results in hang
+ [23983] argparse: Missing compat versions of argp_failure and argp_error
+ for long double = double
+ [23984] libc: Missing compat versions of err.h and error.h functions for
+ long double = double
+ [23996] localedata: Dutch salutations
+ [24040] libc: riscv64: unterminated call chain in __thread_start
+ [24047] network: libresolv should use IP_RECVERR/IPV6_RECVERR to avoid
+ long timeouts
+ [24051] stdio: puts and putchar ouput to _IO_stdout instead of stdout
+ [24059] nss: nss_files: get_next_alias calls fgets_unlocked without
+ checking for NULL.
+ [24114] regex: regexec buffer read overrun in "grep -i
+ '\(\(\)*.\)*\(\)\(\)\1'"
+ [24122] libc: Segfaults if 0 returned from la_version
+ [24153] stdio: Some input functions do not react to stdin assignment
+ [24155] string: x32 memcmp can treat positive length as 0 (if sign bit in
+ RDX is set) (CVE-2019-7309)
+ [24161] nptl: __run_fork_handlers self-deadlocks in malloc/tst-mallocfork2
+ [24164] libc: Systemtap probes need to use "nr" constraint on 32-bit Arm,
+ not the default "nor"
+ [24166] dynamic-link: Dl_serinfo.dls_serpath[1] in dlfcn.h causes UBSAN
+ false positives, change to modern flexible array
+ [24180] nptl: pthread_mutex_trylock does not use the correct order of
+ instructions while maintaining the robust mutex list due to missing
+ compiler barriers.
+ [24194] librt: Non-compatibility symbols for clock_gettime etc. cause
+ unnecessary librt dependencies
+ [24200] localedata: Revert first_weekday removal in en_IE locale
+ [24211] nptl: Use-after-free in Systemtap probe in pthread_join
+ [24215] nptl: pthread_timedjoin_np should be a cancellation point
+ [24216] malloc: Check for large bin list corruption when inserting
+ unsorted chunk
+ [24228] stdio: old x86 applications that use legacy libio crash on exit
+ [24231] dynamic-link: [sparc64] R_SPARC_H34 implementation falls through
+ to R_SPARC_H44
+ [24293] localedata: Missing Minguo calendar support for TW locales
+ [24296] localedata: Orthographic mistakes in 'day' and 'abday' sections in
+ tt_RU (Tatar) locale
+ [24307] localedata: Update locale data to Unicode 12.0.0
+ [24323] dynamic-link: dlopen should not be able open PIE objects
+ [24335] build: "Obsolete types detected" with Linux 5.0 headers
+ [24369] localedata: Orthographic mistakes in 'mon' and 'abmon' sections in
+ tt_RU (Tatar) locale
+ [24370] localedata: Add lang_name for tt_RU locale
+ [24372] locale: Binary locale files are not architecture independent
+ [24394] time: strptime %Ey mis-parses final year of era
+ [24476] dynamic-link: __libc_freeres triggers bad free in libdl if dlerror
+ was not used
+ [24506] dynamic-link: FAIL: elf/tst-pldd with --enable-hardcoded-path-in-
+ tests
+ [24531] malloc: Malloc tunables give tcache assertion failures
+ [24532] libc: conform/arpa/inet.h failures due to linux kernel 64-bit
+ time_t changes
+ [24535] localedata: Update locale data to Unicode 12.1.0
+ [24537] build: nptl/tst-eintr1 test case can hit task limits on some
+ kernels and break testing
+ [24544] build: elf/tst-pldd doesn't work if you install with a --prefix
+ [24556] build: [GCC 9] error: ‘%s’ directive argument is null
+ [-Werror=format-overflow=]
+ [24570] libc: alpha: compat msgctl uses __IPC_64
+ [24584] locale: Data race in __wcsmbs_clone_conv
+ [24588] stdio: Remove codecvt vtables from libio
+ [24603] math: sysdeps/ieee754/dbl-64/branred.c is slow when compiled with
+ -O3 -march=skylake
+ [24614] localedata: nl_NL LC_MONETARY doesn't match CLDR 35
+ [24632] stdio: Old binaries which use freopen with default stdio handles
+ crash
+ [24640] libc: __ppc_get_timebase_freq() always return 0 when using static
+ linked glibc
+ [24652] localedata: szl_PL spelling correction
+ [24695] nss: nss_db: calling getpwent after endpwent crashes
+ [24696] nss: endgrent() clobbers errno=ERRNO for 'group: db files' entry
+ in /etc/nsswitch.conf
+ [24699] libc: mmap64 with very large offset broken on MIPS64 n32
+ [24740] libc: getdents64 type confusion
+ [24741] dynamic-link: ld.so should not require that a versioned symbol is
+ always implemented in the same library
+ [24744] libc: Remove copy_file_range emulation
+ [24757] malloc: memusagestat is linked against system libpthread
+ [24794] libc: Partial test suite run builds corrupt test-in-container
+ testroot
+
+\f
+Version 2.29
+
+Major new features:
+
+* The getcpu wrapper function has been added, which returns the currently
+ used CPU and NUMA node. This function is Linux-specific.
+
+* A new convenience target has been added for distribution maintainers
+ to build and install all locales as directories with files. The new
+ target is run by issuing the following command in your build tree:
+ 'make localedata/install-locale-files', with an optional DESTDIR
+ to set the install root if you wish to install into a non-default
+ configured location.
+
+* Optimized generic exp, exp2, log, log2, pow, sinf, cosf, sincosf and tanf.
+
+* The reallocarray function is now declared under _DEFAULT_SOURCE, not just
+ for _GNU_SOURCE, to match BSD environments.
+
+* For powercp64le ABI, Transactional Lock Elision is now enabled iff kernel
+ indicates that it will abort the transaction prior to entering the kernel
+ (PPC_FEATURE2_HTM_NOSC on hwcap2). On older kernels the transaction is
+ suspended, and this caused some undefined side-effects issues by aborting
+ transactions manually. Glibc avoided it by abort transactions manually on
+ each syscall, but it lead to performance issues on newer kernels where the
+ HTM state is saved and restore lazily (the state being saved even when the
+ process actually does not use HTM).
+
+* The functions posix_spawn_file_actions_addchdir_np and
+ posix_spawn_file_actions_addfchdir_np have been added, enabling
+ posix_spawn and posix_spawnp to run the new process in a different
+ directory. These functions are GNU extensions. The function
+ posix_spawn_file_actions_addchdir_np is similar to the Solaris function
+ of the same name.
+
+* The popen and system do not run atfork handlers anymore (BZ#17490).
+ Although it is a possible POSIX violation, the POSIX rationale in
+ pthread_atfork documentation regarding atfork handlers is to handle
+ inconsistent mutex state after a fork call in a multi-threaded process.
+ In both popen and system there is no direct access to user-defined mutexes.
+
+* Support for the C-SKY ABIV2 running on Linux has been added. This port
+ requires at least binutils-2.32, gcc-9.0, and linux-4.20. Two ABIs are
+ supported:
+ - C-SKY ABIV2 soft-float little-endian
+ - C-SKY ABIV2 hard-float little-endian
+
+* strftime's default formatting of a locale's alternative year (%Ey)
+ has been changed to zero-pad the year to a minimum of two digits,
+ like "%y". This improves the display of Japanese era years during
+ the first nine years of a new era, and is expected to be harmless
+ for all other locales (only Japanese locales regularly have
+ alternative year numbers less than 10). Zero-padding can be
+ overridden with the '_' or '-' flags (which are GNU extensions).
+
+* As a GNU extension, the '_' and '-' flags can now be applied to
+ "%EY" to control how the year number is formatted; they have the
+ same effect that they would on "%Ey".
+
+Deprecated and removed features, and other changes affecting compatibility:
+
+* The glibc.tune tunable namespace has been renamed to glibc.cpu and the
+ tunable glibc.tune.cpu has been renamed to glibc.cpu.name.
+
+* The type of the pr_uid and pr_gid members of struct elf_prpsinfo, defined
+ in <sys/procfs.h>, has been corrected to match the type actually used by
+ the Linux kernel. This affects the size and layout of that structure on
+ MicroBlaze, MIPS (n64 ABI only), Nios II and RISC-V.
+
+* For the MIPS n32 ABI, the type of the pr_sigpend and pr_sighold members of
+ struct elf_prstatus, and the pr_flag member of struct elf_prpsinfo,
+ defined in <sys/procfs.h>, has been corrected to match the type actually
+ used by the Linux kernel. This affects the size and layout of those
+ structures.
+
+* An archaic GNU extension to scanf, under which '%as', '%aS', and '%a[...]'
+ meant to scan a string and allocate space for it with malloc, is now
+ restricted to programs compiled in C89 or C++98 mode with _GNU_SOURCE
+ defined. This extension conflicts with C99's use of '%a' to scan a
+ hexadecimal floating-point number, which is now available to programs
+ compiled as C99 or C++11 or higher, regardless of _GNU_SOURCE.
+
+ POSIX.1-2008 includes the feature of allocating a buffer for string input
+ with malloc, using the modifier letter 'm' instead. Programs using
+ '%as', '%aS', or '%a[...]' with the old GNU meaning should change to
+ '%ms', '%mS', or '%m[...]' respectively. Programs that wish to use the
+ C99 '%a' no longer need to avoid _GNU_SOURCE.
+
+ GCC's -Wformat warnings can detect most uses of this extension, as long
+ as all functions that call vscanf, vfscanf, or vsscanf are annotated with
+ __attribute__ ((format (scanf, ...))).
+
+Changes to build and runtime requirements:
+
+* Python 3.4 or later is required to build the GNU C Library.
+
+* On most architectures, GCC 5 or later is required to build the GNU C
+ Library. (On powerpc64le, GCC 6.2 or later is still required, as before.)
+
+ Older GCC versions and non-GNU compilers are still supported when
+ compiling programs that use the GNU C Library.
-* Support is added, on powerpc64le, x86_64, x86 and ia64, for interfaces
- supporting the _Float128 type from ISO/IEC TS 18661-3:2015. Most of the
- interfaces are taken from TS 18661-3. The type-generic macros in <math.h>
- and <tgmath.h> support this type. The GNU C Library now requires GCC 6.2
- or later to build for powerpc64le. When used with GCC versions before GCC
- 7, these interfaces may be used with the type under the non-standard name
- __float128.
+Security related changes:
+
+ CVE-2018-19591: A file descriptor leak in if_nametoindex can lead to a
+ denial of service due to resource exhaustion when processing getaddrinfo
+ calls with crafted host names. Reported by Guido Vranken.
+
+ CVE-2019-6488: On x32, the size_t parameter may be passed in the lower
+ 32 bits of a 64-bit register with with non-zero upper 32 bit. When it
+ happened, accessing the 32-bit size_t value as the full 64-bit register
+ in the assembly string/memory functions would cause a buffer overflow.
+ Reported by H.J. Lu.
+
+ CVE-2016-10739: The getaddrinfo function could successfully parse IPv4
+ addresses with arbitrary trailing characters, potentially leading to data
+ or command injection issues in applications.
+
+The following bugs are resolved with this release:
+
+ [10425] localedata: it_IT/it_CH: LC_TIME format is wrong
+ [10496] localedata: 12h time representation in multiple locales faulty
+ [10797] localedata: it_IT locale numeric does not have a separator for
+ thousands
+ [11319] libc: dprintf doesn't handle errors properly
+ [16346] time: mktime: potentially unsafe use of localtime_offset
+ [17248] build: glibc should not sort CFLAGS (support gcc plugins and
+ --param options)
+ [17405] libc: Implement posix_spawn_file_actions_addchdir_np,
+ posix_spawn_file_actions_addfchdir_np
+ [17426] localedata: Indian locales: set the correct date format
+ [17490] stdio: popen should not invoke atfork handlers
+ [17783] libc: TIOCSER_TEMT conditions inconsistent
+ [18040] regex: use-after-free in regexec/get_subexp
+ [18093] libc: Corrupted aux-cache causes ldconfig to segfault
+ [20018] network: getaddrinfo should reject IP addresses with trailing
+ characters (CVE-2016-10739)
+ [20209] localedata: Spelling mistake for Sunday in Greenlandic kl_GL
+ [20271] libc: Missing "\n" in __libc_fatal calls
+ [20480] dynamic-link: Patch: ifunc not executable, crashes sudo qemu
+ [20544] libc: RFE: atexit, __cxa_atexit, on_exit should assert function
+ pointer argument is non-NULL
+ [21037] stdio: open_memstream and freopen
+ [21286] libc: bits/siginfo.h is missing enum definition for TRAP_HWBKPT
+ [21716] time: Crash in glibc's mktime in low-memory situations
+ [22834] stdio: Subprocess forked by popen may crash in Linux when
+ multithreads call popen
+ [22927] network: crash in vn_gai_enqueue_request if requests_tail was NULL
+ and pthread_create fails.
+ [23032] hurd: sysdeps/htl/pt-barrier-init.c:39: bad call to memcmp ?
+ [23125] libc: riscv64: endless loop when throwing an exception from a
+ constructor
+ [23275] nptl: Race in pthread_mutex_lock while promoting to
+ PTHREAD_MUTEX_ELISION_NP.
+ [23400] libc: stdlib/test-bz22786.c creates temporary files in glibc
+ source tree
+ [23479] math: [mips] bits/fenv.h should not define some macros for soft-
+ float
+ [23490] libc: sysdeps/unix/sysv/linux/x86/tst-cet-property-2.c:49: off by
+ one error
+ [23497] libc: readdir64@GLIBC_2.1 cannot parse the kernel directory stream
+ [23509] dynamic-link: CET enabled glibc is incompatible with the older
+ linker
+ [23520] nscd: nscd: Use-after-free in addgetnetgrentX and its callers
+ [23521] nss: get_next_alias nss_files file stream leak
+ [23538] nptl: Hang in pthread_cond_broadcast
+ [23562] libc: Wrong type for si_band in Linux-specific siginfo_t
+ [23578] regex: Invalid memory access if regex pattern contains NUL byte
+ [23579] libc: Errors misreported in preadv2
+ [23597] build: support/test-container.c doesn't work with different
+ filesystems
+ [23603] time: mktime signed integer overflow on large timestamps
+ [23606] libc: Missing ENDBR32 in sysdeps/i386/start.S
+ [23614] libc: powerpc: missing CFI register information in __mpn_*
+ functions
+ [23637] string: Generic strstr/strcasestr fails with huge needles
+ [23640] libc: no way to easily clear FD_CLOEXEC in
+ posix_spawn_file_actions_adddup2()
+ [23649] libc: [microblaze/mips/nios2/riscv] sys/procfs.h pr_uid, pr_gid
+ have wrong type
+ [23656] libc: [mips n32] sys/procfs.h pr_sigpend, pr_sighold, pr_flag have
+ wrong type
+ [23679] libc: gethostid: Missing NULL check for gethostbyname_r result
+ [23689] libc: Bug in documentation for rusage.ru_ixrss in
+ bits/types/struct_rusage.h
+ [23690] dynamic-link: Segfault in _dl_profile_fixup with a high number of
+ threads
+ [23707] dynamic-link: Missing unwind info in sysdeps/powerpc/powerpc32/dl-
+ start.S
+ [23709] string: glibc 2.25 lacks sse2 optimized strstr()
+ [23716] dynamic-link: _dl_runtime_resolve_shstk isn't selected properly
+ [23717] libc: glibc: stdlib/tst-setcontext9 test suite failure on
+ powerpc64le
+ [23724] localedata: Albanian date formats are incorrect
+ [23735] math: libnldbl_nonshared.a references internal libm symbols
+ [23740] localedata: kl_GL: Month names and date formats need update
+ [23744] regex: regex refactorings to remove BE, avoid duplication
+ [23745] time: mktime fix for Gnulib + coreutils
+ [23758] time: Improve the width of alternate representation for year in
+ strftime
+ [23783] libc: [mips] Missing CMSPAR bits/termios.h
+ [23789] time: mktime does not set errno on failure
+ [23791] localedata: Wrong monetary format for ca_ES locale
+ [23793] locale: c32rtomb and mbrtoc32 should not alias wcrtomb and mbrtowc
+ [23794] locale: c16rtomb does not handle surrogate pairs
+ [23821] libc: si_band in siginfo_t has wrong type long int on sparc64
+ [23822] math: ia64 static libm.a is missing exp2f, log2f and powf symbols
+ [23836] time: time/tst-mktime2 test failure on Arm (32-bit)
+ [23848] libc: [sparc] Some socket syscalls wrongly assumed to be present
+ [23861] nptl: rdlock stalls indefinitely on an unlocked pthread rwlock
+ [23862] libc: [sh] missing kernel-features.h undefines
+ [23864] libc: [riscv] missing kernel-features.h undefines
+ [23867] libc: [arm/microblaze] __ASSUME_MLOCK2 incorrect
+ [23907] malloc: Incorrect double-free malloc tcache check disregards
+ tcache size
+ [23913] libc: off-by-one in function maybe_script_execute in
+ sysdeps/posix/spawni.c
+ [23915] libc: [arm] __ASSUME_COPY_FILE_RANGE incorrect
+ [23923] locale: Add --no-hard-links option to localedef
+ [23927] network: Linux if_nametoindex() does not close descriptor
+ (CVE-2018-19591)
+ [23961] math: powf can overflow to inf without setting errno in non-
+ nearest rounding mode
+ [23967] libc: [2.28 Regression]: New sigaction implementation breaks m68k
+ [23972] libc: __old_getdents64 uses wrong d_off value on overflow
+ [23993] libc: glibc 2.29 doesn't build with gcc 4.9
+ [23995] localedata: Remove execution flags from localedata/locales/bi_VU
+ [24011] localedata: Fixed small type in comment for locale bs_BA
+ [24018] libc: gettext() may return NULL
+ [24022] build: riscv build failure with Linux kernel 4.20-rc7
+ [24023] build: [2.29 Regression] FAIL: elf/check-localplt
+ [24024] string: strerror() might set errno to ENOMEM due to -fno-math-
+ error
+ [24027] malloc: glibc: realloc() ncopies 32-bit integer overflow
+ [24034] libc: tst-cancel21-static fails with SIGBUS on pre-ARMv7 when
+ using GCC 8
+ [24046] localedata: en_US locale doesn't define date_fmt
+ [24063] manual: @var{errno} should be @code{errno}
+ [24066] soft-fp: Inconsistent _FP_W_TYPE_SIZE check
+ [24088] libc: VSCR field is not being correctly read in ucontext_t on
+ ppc64le
+ [24096] time: Specifying '_' or '-' flag for "%EY" does not produce the
+ expected result
+ [24097] string: Can't use 64-bit register for size_t in assembly codes for
+ x32 (CVE-2019-6488)
+ [24110] hurd: SS_DISABLE never set in stack_t value returned by
+ sigaltstack
+ [24112] network: Do not send DNS queries for non-host names (where all
+ answers will be rejected)
+ [24130] libc: alpha __remqu corrupts $f3 register
- New <stdlib.h> functions from ISO/IEC TS 18661-3:
+\f
+Version 2.28
+
+Major new features:
+
+* The localization data for ISO 14651 is updated to match the 2016
+ Edition 4 release of the standard, this matches data provided by
+ Unicode 9.0.0. This update introduces significant improvements to the
+ collation of Unicode characters. This release deviates slightly from
+ the standard in that the collation element ordering for lowercase and
+ uppercase LATIN script characters is adjusted to ensure that regular
+ expressions with ranges like [a-z] and [A-Z] don't interleave e.g. A
+ is not matched by [a-z]. With the update many locales have been
+ updated to take advantage of the new collation information. The new
+ collation information has increased the size of the compiled locale
+ archive or binary locales.
+
+* The GNU C Library can now be compiled with support for Intel CET, AKA
+ Intel Control-flow Enforcement Technology. When the library is built
+ with --enable-cet, the resulting glibc is protected with indirect
+ branch tracking (IBT) and shadow stack (SHSTK). CET-enabled glibc is
+ compatible with all existing executables and shared libraries. This
+ feature is currently supported on i386, x86_64 and x32 with GCC 8 and
+ binutils 2.29 or later. Note that CET-enabled glibc requires CPUs
+ capable of multi-byte NOPs, like x86-64 processors as well as Intel
+ Pentium Pro or newer. NOTE: --enable-cet has been tested for i686,
+ x86_64 and x32 on non-CET processors. --enable-cet has been tested
+ for x86_64 and x32 on CET SDVs, but Intel CET support hasn't been
+ validated for i686.
+
+* The GNU C Library now has correct support for ABSOLUTE symbols
+ (SHN_ABS-relative symbols). Previously such ABSOLUTE symbols were
+ relocated incorrectly or in some cases discarded. The GNU linker can
+ make use of the newer semantics, but it must communicate it to the
+ dynamic loader by setting the ELF file's identification (EI_ABIVERSION
+ field) to indicate such support is required.
+
+* Unicode 11.0.0 Support: Character encoding, character type info, and
+ transliteration tables are all updated to Unicode 11.0.0, using
+ generator scripts contributed by Mike FABIAN (Red Hat).
- - String Conversion Functions: strfromf128 and strtof128.
+* <math.h> functions that round their results to a narrower type are added
+ from TS 18661-1:2014 and TS 18661-3:2015:
+
+ - fadd, faddl, daddl and corresponding fMaddfN, fMaddfNx, fMxaddfN and
+ fMxaddfNx functions.
+
+ - fsub, fsubl, dsubl and corresponding fMsubfN, fMsubfNx, fMxsubfN and
+ fMxsubfNx functions.
+
+ - fmul, fmull, dmull and corresponding fMmulfN, fMmulfNx, fMxmulfN and
+ fMxmulfNx functions.
+
+ - fdiv, fdivl, ddivl and corresponding fMdivfN, fMdivfNx, fMxdivfN and
+ fMxdivfNx functions.
+
+* Two grammatical forms of month names are now supported for the following
+ languages: Armenian, Asturian, Catalan, Czech, Kashubian, Occitan, Ossetian,
+ Scottish Gaelic, Upper Sorbian, and Walloon. The following languages now
+ support two grammatical forms in abbreviated month names: Catalan, Greek,
+ and Kashubian.
+
+* Newly added locales: Lower Sorbian (dsb_DE) and Yakut (sah_RU) also
+ include the support for two grammatical forms of month names.
+
+* Building and running on GNU/Hurd systems now works without out-of-tree
+ patches.
+
+* The renameat2 function has been added, a variant of the renameat function
+ which has a flags argument. If the flags are zero, the renameat2 function
+ acts like renameat. If the flag is not zero and there is no kernel
+ support for renameat2, the function will fail with an errno value of
+ EINVAL. This is different from the existing gnulib function renameatu,
+ which performs a plain rename operation in case of a RENAME_NOREPLACE
+ flags and a non-existing destination (and therefore has a race condition
+ that can clobber the destination inadvertently).
+
+* The statx function has been added, a variant of the fstatat64
+ function with an additional flags argument. If there is no direct
+ kernel support for statx, glibc provides basic stat support based on
+ the fstatat64 function.
+
+* IDN domain names in getaddrinfo and getnameinfo now use the system libidn2
+ library if installed. libidn2 version 2.0.5 or later is recommended. If
+ libidn2 is not available, internationalized domain names are not encoded
+ or decoded even if the AI_IDN or NI_IDN flags are passed to getaddrinfo or
+ getnameinfo. (getaddrinfo calls with non-ASCII names and AI_IDN will fail
+ with an encoding error.) Flags which used to change the IDN encoding and
+ decoding behavior (AI_IDN_ALLOW_UNASSIGNED, AI_IDN_USE_STD3_ASCII_RULES,
+ NI_IDN_ALLOW_UNASSIGNED, NI_IDN_USE_STD3_ASCII_RULES) have been
+ deprecated. They no longer have any effect.
+
+* Parsing of dynamic string tokens in DT_RPATH, DT_RUNPATH, DT_NEEDED,
+ DT_AUXILIARY, and DT_FILTER has been expanded to support the full
+ range of ELF gABI expressions including such constructs as
+ '$ORIGIN$ORIGIN' (if valid). For SUID/GUID applications the rules
+ have been further restricted, and where in the past a dynamic string
+ token sequence may have been interpreted as a literal string it will
+ now cause a load failure. These load failures were always considered
+ unspecified behaviour from the perspective of the dynamic loader, and
+ for safety are now load errors e.g. /foo/${ORIGIN}.so in DT_NEEDED
+ results in a load failure now.
+
+* Support for ISO C threads (ISO/IEC 9899:2011) has been added. The
+ implementation includes all the standard functions provided by
+ <threads.h>:
+
+ - thrd_current, thrd_equal, thrd_sleep, thrd_yield, thrd_create,
+ thrd_detach, thrd_exit, and thrd_join for thread management.
+
+ - mtx_init, mtx_lock, mtx_timedlock, mtx_trylock, mtx_unlock, and
+ mtx_destroy for mutual exclusion.
+
+ - call_once for function call synchronization.
+
+ - cnd_broadcast, cnd_destroy, cnd_init, cnd_signal, cnd_timedwait, and
+ cnd_wait for conditional variables.
+
+ - tss_create, tss_delete, tss_get, and tss_set for thread-local storage.
+
+ Application developers must link against libpthread to use ISO C threads.
+
+Deprecated and removed features, and other changes affecting compatibility:
+
+* The nonstandard header files <libio.h> and <_G_config.h> are no longer
+ installed. Software that was using either header should be updated to
+ use standard <stdio.h> interfaces instead.
+
+* The stdio functions 'getc' and 'putc' are no longer defined as macros.
+ This was never required by the C standard, and the macros just expanded
+ to call alternative names for the same functions. If you hoped getc and
+ putc would provide performance improvements over fgetc and fputc, instead
+ investigate using (f)getc_unlocked and (f)putc_unlocked, and, if
+ necessary, flockfile and funlockfile.
+
+* All stdio functions now treat end-of-file as a sticky condition. If you
+ read from a file until EOF, and then the file is enlarged by another
+ process, you must call clearerr or another function with the same effect
+ (e.g. fseek, rewind) before you can read the additional data. This
+ corrects a longstanding C99 conformance bug. It is most likely to affect
+ programs that use stdio to read interactive input from a terminal.
+ (Bug #1190.)
+
+* The macros 'major', 'minor', and 'makedev' are now only available from
+ the header <sys/sysmacros.h>; not from <sys/types.h> or various other
+ headers that happen to include <sys/types.h>. These macros are rarely
+ used, not part of POSIX nor XSI, and their names frequently collide with
+ user code; see https://sourceware.org/bugzilla/show_bug.cgi?id=19239 for
+ further explanation.
+
+ <sys/sysmacros.h> is a GNU extension. Portable programs that require
+ these macros should first include <sys/types.h>, and then include
+ <sys/sysmacros.h> if __GNU_LIBRARY__ is defined.
+
+* The tilegx*-*-linux-gnu configurations are no longer supported.
+
+* The obsolete function ustat is no longer available to newly linked
+ binaries; the headers <ustat.h> and <sys/ustat.h> have been removed. This
+ function has been deprecated in favor of fstatfs and statfs.
+
+* The obsolete function nfsservctl is no longer available to newly linked
+ binaries. This function was specific to systems using the Linux kernel
+ and could not usefully be used with the GNU C Library on systems with
+ version 3.1 or later of the Linux kernel.
+
+* The obsolete function name llseek is no longer available to newly linked
+ binaries. This function was specific to systems using the Linux kernel
+ and was not declared in a header. Programs should use the lseek64 name
+ for this function instead.
+
+* The AI_IDN_ALLOW_UNASSIGNED and NI_IDN_ALLOW_UNASSIGNED flags for the
+ getaddrinfo and getnameinfo functions have been deprecated. The behavior
+ previously selected by them is now always enabled.
+
+* The AI_IDN_USE_STD3_ASCII_RULES and NI_IDN_USE_STD3_ASCII_RULES flags for
+ the getaddrinfo and getnameinfo functions have been deprecated. The STD3
+ restriction (rejecting '_' in host names, among other things) has been
+ removed, for increased compatibility with non-IDN name resolution.
+
+* The fcntl function now have a Long File Support variant named fcntl64. It
+ is added to fix some Linux Open File Description (OFD) locks usage on non
+ LFS mode. As for others *64 functions, fcntl64 semantics are analogous with
+ fcntl and LFS support is handled transparently. Also for Linux, the OFD
+ locks act as a cancellation entrypoint.
+
+* The obsolete functions encrypt, encrypt_r, setkey, setkey_r, cbc_crypt,
+ ecb_crypt, and des_setparity are no longer available to newly linked
+ binaries, and the headers <rpc/des_crypt.h> and <rpc/rpc_des.h> are no
+ longer installed. These functions encrypted and decrypted data with the
+ DES block cipher, which is no longer considered secure. Software that
+ still uses these functions should switch to a modern cryptography library,
+ such as libgcrypt.
+
+* Reflecting the removal of the encrypt and setkey functions above, the
+ macro _XOPEN_CRYPT is no longer defined. As a consequence, the crypt
+ function is no longer declared unless _DEFAULT_SOURCE or _GNU_SOURCE is
+ enabled.
+
+* The obsolete function fcrypt is no longer available to newly linked
+ binaries. It was just another name for the standard function crypt,
+ and it has not appeared in any header file in many years.
+
+* We have tentative plans to hand off maintenance of the passphrase-hashing
+ library, libcrypt, to a separate development project that will, we hope,
+ keep up better with new passphrase-hashing algorithms. We will continue
+ to declare 'crypt' in <unistd.h>, and programs that use 'crypt' or
+ 'crypt_r' should not need to change at all; however, distributions will
+ need to install <crypt.h> and libcrypt from a separate project.
+
+ In this release, if the configure option --disable-crypt is used, glibc
+ will not install <crypt.h> or libcrypt, making room for the separate
+ project's versions of these files. The plan is to make this the default
+ behavior in a future release.
+
+Changes to build and runtime requirements:
+
+ GNU make 4.0 or later is now required to build glibc.
- New <math.h> features from ISO/IEC TS 18661-3:
+Security related changes:
- - Very Large Number macro: HUGE_VAL_F128.
+ CVE-2016-6261, CVE-2016-6263, CVE-2017-14062: Various vulnerabilities have
+ been fixed by removing the glibc-internal IDNA implementation and using
+ the system-provided libidn2 library instead. Originally reported by Hanno
+ Böck and Christian Weisgerber.
- - Signaling NaN macro: SNANF128.
+ CVE-2017-18269: An SSE2-based memmove implementation for the i386
+ architecture could corrupt memory. Reported by Max Horn.
- - Trigonometric Functions: acosf128, asinf128, atanf128, atan2f128,
- cosf128, sinf128, tanf128.
+ CVE-2018-11236: Very long pathname arguments to realpath function could
+ result in an integer overflow and buffer overflow. Reported by Alexey
+ Izbyshev.
- - Hyperbolic Functions: acoshf128, asinhf128, atanhf128, coshf128,
- sinhf128, tanhf128.
+ CVE-2018-11237: The mempcpy implementation for the Intel Xeon Phi
+ architecture could write beyond the target buffer, resulting in a buffer
+ overflow. Reported by Andreas Schwab.
- - Exponential and Logarithmic Functions: expf128, exp2f128, expm1f128,
- frexpf128, ilogbf128, ldexpf128, llogbf128, logf128, log10f128,
- log1pf128, log2f128, logbf128, modff128, scalbnf128, scalblnf128.
+The following bugs are resolved with this release:
- - Power and Absolute Functions: cbrtf128, fabsf128, hypotf128, powf128,
- sqrtf128.
+ [1190] stdio: fgetc()/fread() behaviour is not POSIX compliant
+ [6889] manual: 'PWD' mentioned but not specified
+ [13575] libc: SSIZE_MAX defined as LONG_MAX is inconsistent with ssize_t,
+ when __WORDSIZE != 64
+ [13762] regex: re_search etc. should return -2 on memory exhaustion
+ [13888] build: /tmp usage during testing
+ [13932] math: dbl-64 pow unexpectedly slow for some inputs
+ [14092] nptl: Support C11 threads
+ [14095] localedata: Review / update collation data from Unicode / ISO
+ 14651
+ [14508] libc: -Wformat warnings
+ [14553] libc: Namespace pollution loff_t in sys/types.h
+ [14890] libc: Make NT_PRFPREG canonical.
+ [15105] libc: Extra PLT references with -Os
+ [15512] libc: __bswap_constant_16 not compiled when -Werror -Wsign-
+ conversion is given
+ [16335] manual: Feature test macro documentation incomplete and out of
+ date
+ [16552] libc: Unify umount implementations in terms of umount2
+ [17082] libc: htons et al.: statement-expressions prevent use on global
+ scope with -O1 and higher
+ [17343] libc: Signed integer overflow in /stdlib/random_r.c
+ [17438] localedata: pt_BR: wrong d_fmt delimiter
+ [17662] libc: please implement binding for the new renameat2 syscall
+ [17721] libc: __restrict defined as /* Ignore */ even in c11
+ [17979] libc: inconsistency between uchar.h and stdint.h
+ [18018] dynamic-link: Additional $ORIGIN handling issues (CVE-2011-0536)
+ [18023] libc: extend_alloca is broken (questionable pointer comparison,
+ horrible machine code)
+ [18124] libc: hppa: setcontext erroneously returns -1 as exit code for
+ last constant.
+ [18471] libc: llseek should be a compat symbol
+ [18473] soft-fp: [powerpc-nofpu] __sqrtsf2, __sqrtdf2 should be compat
+ symbols
+ [18991] nss: nss_files skips large entry in database
+ [19239] libc: Including stdlib.h ends up with macros major and minor being
+ defined
+ [19463] libc: linknamespace failures when compiled with -Os
+ [19485] localedata: csb_PL: Update month translations + add yesstr/nostr
+ [19527] locale: Normalized charset name not recognized by setlocale
+ [19667] string: Missing Sanity Check for malloc calls in file 'testcopy.c'
+ [19668] libc: Missing Sanity Check for malloc() in file 'tst-setcontext-
+ fpscr.c'
+ [19728] network: out of bounds stack read in libidn function
+ idna_to_ascii_4i (CVE-2016-6261)
+ [19729] network: out of bounds heap read on invalid utf-8 inputs in
+ stringprep_utf8_nfkc_normalize (CVE-2016-6263)
+ [19818] dynamic-link: Absolute (SHN_ABS) symbols incorrectly relocated by
+ the base address
+ [20079] libc: Add SHT_X86_64_UNWIND to elf.h
+ [20251] libc: 32bit programs pass garbage in struct flock for OFD locks
+ [20419] dynamic-link: files with large allocated notes crash in
+ open_verify
+ [20530] libc: bswap_16 should use __builtin_bswap16() when available
+ [20890] dynamic-link: ldconfig: fsync the files before atomic rename
+ [20980] manual: CFLAGS environment variable replaces vital options
+ [21163] regex: Assertion failure in pop_fail_stack when executing a
+ malformed regexp (CVE-2015-8985)
+ [21234] manual: use of CFLAGS makes glibc detect no optimization
+ [21269] dynamic-link: i386 sigaction sa_restorer handling is wrong
+ [21313] build: Compile Error GCC 5.4.0 MIPS with -0S
+ [21314] build: Compile Error GCC 5.2.0 MIPS with -0s
+ [21508] locale: intl/tst-gettext failure with latest msgfmt
+ [21547] localedata: Tibetan script collation broken (Dzongkha and Tibetan)
+ [21812] network: getifaddrs() returns entries with ifa_name == NULL
+ [21895] libc: ppc64 setjmp/longjmp not fully interoperable with static
+ dlopen
+ [21942] dynamic-link: _dl_dst_substitute incorrectly handles $ORIGIN: with
+ AT_SECURE=1
+ [22241] localedata: New locale: Yakut (Sakha) locale for Russia (sah_RU)
+ [22247] network: Integer overflow in the decode_digit function in
+ puny_decode.c in libidn (CVE-2017-14062)
+ [22342] nscd: NSCD not properly caching netgroup
+ [22391] nptl: Signal function clear NPTL internal symbols inconsistently
+ [22550] localedata: es_ES locale (and other es_* locales): collation
+ should treat ñ as a primary different character, sync the collation
+ for Spanish with CLDR
+ [22638] dynamic-link: sparc: static binaries are broken if glibc is built
+ by gcc configured with --enable-default-pie
+ [22639] time: year 2039 bug for localtime etc. on 64-bit platforms
+ [22644] string: memmove-sse2-unaligned on 32bit x86 produces garbage when
+ crossing 2GB threshold (CVE-2017-18269)
+ [22646] localedata: redundant data (LC_TIME) for es_CL, es_CU, es_EC and
+ es_BO
+ [22735] time: Misleading typo in time.h source comment regarding
+ CLOCKS_PER_SECOND
+ [22753] libc: preadv2/pwritev2 fallback code should handle offset=-1
+ [22761] libc: No trailing `%n' conversion specifier in FMT passed from
+ `__assert_perror_fail ()' to `__assert_fail_base ()'
+ [22766] libc: all glibc internal dlopen should use RTLD_NOW for robust
+ dlopen failures
+ [22786] libc: Stack buffer overflow in realpath() if input size is close
+ to SSIZE_MAX (CVE-2018-11236)
+ [22787] dynamic-link: _dl_check_caller returns false when libc is linked
+ through an absolute DT_NEEDED path
+ [22792] build: tcb-offsets.h dependency dropped
+ [22797] libc: pkey_get() uses non-reserved name of argument
+ [22807] libc: PTRACE_* constants missing for powerpc
+ [22818] glob: posix/tst-glob_lstat_compat failure on alpha
+ [22827] dynamic-link: RISC-V ELF64 parser mis-reads flag in ldconfig
+ [22830] malloc: malloc_stats doesn't restore cancellation state on stderr
+ [22848] localedata: ca_ES: update date definitions from CLDR
+ [22862] build: _DEFAULT_SOURCE is defined even when _ISOC11_SOURCE is
+ [22884] math: RISCV fmax/fmin handle signalling NANs incorrectly
+ [22896] localedata: Update locale data for an_ES
+ [22902] math: float128 test failures with GCC 8
+ [22918] libc: multiple common of `__nss_shadow_database'
+ [22919] libc: sparc32: backtrace yields infinite backtrace with
+ makecontext
+ [22926] libc: FTBFS on powerpcspe
+ [22932] localedata: lt_LT: Update of abbreviated month names from CLDR
+ required
+ [22937] localedata: Greek (el_GR, el_CY) locales actually need ab_alt_mon
+ [22947] libc: FAIL: misc/tst-preadvwritev2
+ [22963] localedata: cs_CZ: Add alternative month names
+ [22987] math: [powerpc/sparc] fdim inlines errno, exceptions handling
+ [22996] localedata: change LC_PAPER to en_US in es_BO locale
+ [22998] dynamic-link: execstack tests are disabled when SELinux is
+ disabled
+ [23005] network: Crash in __res_context_send after memory allocation
+ failure
+ [23007] math: strtod cannot handle -nan
+ [23024] nss: getlogin_r is performing NSS lookups when loginid isn't set
+ [23036] regex: regex equivalence class regression
+ [23037] libc: initialize msg_flags to zero for sendmmsg() calls
+ [23069] libc: sigaction broken on riscv64-linux-gnu
+ [23094] localedata: hr_HR: wrong thousands_sep and mon_thousands_sep
+ [23102] dynamic-link: Incorrect parsing of multiple consecutive $variable
+ patterns in runpath entries (e.g. $ORIGIN$ORIGIN)
+ [23137] nptl: s390: pthread_join sometimes block indefinitely (on 31bit
+ and libc build with -Os)
+ [23140] localedata: More languages need two forms of month names
+ [23145] libc: _init/_fini aren't marked as hidden
+ [23152] localedata: gd_GB: Fix typo in "May" (abbreviated)
+ [23171] math: C++ iseqsig for long double converts arguments to double
+ [23178] nscd: sudo will fail when it is run in concurrent with commands
+ that changes /etc/passwd
+ [23196] string: __mempcpy_avx512_no_vzeroupper mishandles large copies
+ (CVE-2018-11237)
+ [23206] dynamic-link: static-pie + dlopen breaks debugger interaction
+ [23208] localedata: New locale - Lower Sorbian (dsb)
+ [23233] regex: Memory leak in build_charclass_op function in file
+ posix/regcomp.c
+ [23236] stdio: Harden function pointers in _IO_str_fields
+ [23250] nptl: Offset of __private_ss differs from GCC
+ [23253] math: tgamma test suite failures on i686 with -march=x86-64
+ -mtune=generic -mfpmath=sse
+ [23259] dynamic-link: Unsubstituted ${ORIGIN} remains in DT_NEEDED for
+ AT_SECURE
+ [23264] libc: posix_spawnp wrongly executes ENOEXEC in non compat mode
+ [23266] nis: stringop-truncation warning with new gcc8.1 in nisplus-
+ parser.c
+ [23272] math: fma(INFINITY,INFIITY,0.0) should be INFINITY
+ [23277] math: nan function should not have const attribute
+ [23279] math: scanf and strtod wrong for some hex floating-point
+ [23280] math: wscanf rounds wrong; wcstod is ok for negative numbers and
+ directed rounding
+ [23290] localedata: IBM273 is not equivalent to ISO-8859-1
+ [23303] build: undefined reference to symbol
+ '__parse_hwcap_and_convert_at_platform@@GLIBC_2.23'
+ [23307] dynamic-link: Absolute symbols whose value is zero ignored in
+ lookup
+ [23313] stdio: libio vtables validation and standard file object
+ interposition
+ [23329] libc: The __libc_freeres infrastructure is not properly run across
+ DSO boundaries.
+ [23349] libc: Various glibc headers no longer compatible with
+ <linux/time.h>
+ [23351] malloc: Remove unused code related to heap dumps and malloc
+ checking
+ [23363] stdio: stdio-common/tst-printf.c has non-free license
+ [23396] regex: Regex equivalence regression in single-byte locales
+ [23422] localedata: oc_FR: More updates of locale data
+ [23442] build: New warning with GCC 8
+ [23448] libc: Out of bounds access in IBM-1390 converter
+ [23456] libc: Wrong index_cpu_LZCNT
+ [23458] build: tst-get-cpu-features-static isn't added to tests
+ [23459] libc: COMMON_CPUID_INDEX_80000001 isn't populated for Intel
+ processors
+ [23467] dynamic-link: x86/CET: A property note parser bug
- - Error and Gamma Functions: erff128, erfcf128, lgammaf128, tgammaf128.
+\f
+Version 2.27
+
+Major new features:
+
+* The GNU C Library can now be compiled with support for building static
+ PIE executables (See --enable-static-pie in INSTALL). These static PIE
+ executables are like static executables but can be loaded at any address
+ and provide additional security hardening benefits at the cost of some
+ memory and performance. When the library is built with --enable-static-pie
+ the resulting libc.a is usable with GCC 8 and above to create static PIE
+ executables using the GCC option '-static-pie'. This feature is currently
+ supported on i386, x86_64 and x32 with binutils 2.29 or later, and on
+ aarch64 with binutils 2.30 or later.
+
+* Optimized x86-64 asin, atan2, exp, expf, log, pow, atan, sin, cosf,
+ sinf, sincosf and tan with FMA, contributed by Arjan van de Ven and
+ H.J. Lu from Intel.
+
+* Optimized x86-64 trunc and truncf for processors with SSE4.1.
+
+* Optimized generic expf, exp2f, logf, log2f, powf, sinf, cosf and sincosf.
+
+* In order to support faster and safer process termination the malloc API
+ family of functions will no longer print a failure address and stack
+ backtrace after detecting heap corruption. The goal is to minimize the
+ amount of work done after corruption is detected and to avoid potential
+ security issues in continued process execution. Reducing shutdown time
+ leads to lower overall process restart latency, so there is benefit both
+ from a security and performance perspective.
+
+* The abort function terminates the process immediately, without flushing
+ stdio streams. Previous glibc versions used to flush streams, resulting
+ in deadlocks and further data corruption. This change also affects
+ process aborts as the result of assertion failures.
+
+* On platforms where long double has the IEEE binary128 format (aarch64,
+ alpha, mips64, riscv, s390 and sparc), the math library now implements
+ _Float128 interfaces for that type, as defined by ISO/IEC TS 18661-3:2015.
+ These are the same interfaces added in version 2.26 for some platforms where
+ this format is supported but is not the format of long double.
+
+* On platforms with support for _Float64x (aarch64, alpha, i386, ia64,
+ mips64, powerpc64le, riscv, s390, sparc and x86_64), the math library now
+ implements interfaces for that type, as defined by ISO/IEC TS
+ 18661-3:2015. These are corresponding interfaces to those supported for
+ _Float128.
+
+* The math library now implements interfaces for the _Float32, _Float64 and
+ _Float32x types, as defined by ISO/IEC TS 18661-3:2015. These are
+ corresponding interfaces to those supported for _Float128.
+
+* glibc now implements the memfd_create and mlock2 functions on Linux.
+
+* Support for memory protection keys was added. The <sys/mman.h> header now
+ declares the functions pkey_alloc, pkey_free, pkey_mprotect, pkey_set,
+ pkey_get.
+
+* The copy_file_range function was added.
+
+* Optimized memcpy, mempcpy, memmove, and memset for sparc M7.
+
+* The ldconfig utility now processes `include' directives using the C/POSIX
+ collation ordering. Previous glibc versions used locale-specific
+ ordering, the change might break systems that relied on that.
+
+* Support for two grammatical forms of month names has been added.
+ In a call to strftime, the "%B" and "%b" format specifiers will now
+ produce the grammatical form required when the month is used as part
+ of a complete date. New "%OB" and "%Ob" specifiers produce the form
+ required when the month is named by itself. For instance, in Greek
+ and in many Slavic and Baltic languages, "%B" will produce the month
+ in genitive case, and "%OB" will produce the month in nominative case.
+
+ In a call to strptime, "%B", "%b", "%h", "%OB", "%Ob", and "%Oh"
+ are all valid and will all accept any known form of month
+ name---standalone or complete, abbreviated or full. In a call to
+ nl_langinfo, the query constants MON_1..12 and ABMON_1..12 return
+ the strings used by "%B" and "%b", respectively. New query
+ constants ALTMON_1..12 and _NL_ABALTMON_1..12 return the strings
+ used by "%OB" and "%Ob", respectively.
+
+ In a locale definition file, use "alt_mon" and "ab_alt_mon" to
+ define the strings for %OB and %Ob, respectively; these have the
+ same syntax as "mon" and "abmon". These arrays are optional; if they
+ are not provided then they have the same content as "mon" and "abmon",
+ respectively.
+
+ These features are provided for locales which define "alt_mon" and/or
+ "ab_alt_mon" in their locale source data. This release includes such
+ alternative month name data for the following languages: Belarusian,
+ Croatian, Greek, Lithuanian, Polish, Russian, and Ukrainian.
+
+ This feature is currently a GNU extension, but it is expected to
+ be added to the next revision of POSIX, and it is also already
+ available on some BSD-derived operating systems.
+
+ This feature will cause existing statically compiled applications
+ to fail to load locales and fall back to the builtin C/POSIX locales.
+ See notes below for other changes affecting compatibility.
+
+* Support for the RISC-V ISA running on Linux has been added. This port
+ requires at least binutils-2.30, gcc-7.3.0, and linux-4.15; and is supported
+ for the following ISA and ABI pairs:
+
+ - rv64imac lp64
+ - rv64imafdc lp64
+ - rv64imafdc lp64d
+
+Deprecated and removed features, and other changes affecting compatibility:
+
+* Statically compiled applications attempting to load locales compiled for the
+ GNU C Library version 2.27 will fail and fall back to the builtin C/POSIX
+ locale. The reason for this is that the addition of the new "%OB" and "%Ob",
+ support for two grammatical forms of the month names, also extends the locale
+ data binary format. Static applications needing locale support must be
+ recompiled to match the runtime and data they are deployed with. In some
+ distributions there is an upgrade window where dynamically linked applications
+ may use a new library but the old locale data and also fall back to the
+ builtin C/POSIX locales; restarting the application process is sufficient to
+ fix this.
+
+* Support for statically linked applications which call dlopen is deprecated
+ and will be removed in a future version of glibc. Applications which call
+ dlopen need to be linked dynamically instead.
+
+* Support for old programs which use internal stdio data structures and
+ functions is deprecated. This includes programs which use the C++ streams
+ provided by libstdc++ in GCC 2.95. Programs which use the internal
+ symbols _IO_adjust_wcolumn, _IO_default_doallocate, _IO_default_finish,
+ _IO_default_pbackfail, _IO_default_uflow, _IO_default_xsgetn,
+ _IO_default_xsputn, _IO_doallocbuf, _IO_do_write, _IO_file_attach,
+ _IO_file_close, _IO_file_close_it, _IO_file_doallocate, _IO_file_fopen,
+ _IO_file_init, _IO_file_jumps, _IO_fileno, _IO_file_open,
+ _IO_file_overflow, _IO_file_read, _IO_file_seek, _IO_file_seekoff,
+ _IO_file_setbuf, _IO_file_stat, _IO_file_sync, _IO_file_underflow,
+ _IO_file_write, _IO_file_xsputn, _IO_flockfile, _IO_flush_all,
+ _IO_flush_all_linebuffered, _IO_free_backup_area, _IO_free_wbackup_area,
+ _IO_init, _IO_init_marker, _IO_init_wmarker, _IO_iter_begin, _IO_iter_end,
+ _IO_iter_file, _IO_iter_next, _IO_least_wmarker, _IO_link_in,
+ _IO_list_all, _IO_list_lock, _IO_list_resetlock, _IO_list_unlock,
+ _IO_marker_delta, _IO_marker_difference, _IO_remove_marker, _IO_seekmark,
+ _IO_seekwmark, _IO_str_init_readonly, _IO_str_init_static,
+ _IO_str_overflow, _IO_str_pbackfail, _IO_str_seekoff, _IO_str_underflow,
+ _IO_switch_to_main_wget_area, _IO_switch_to_wget_mode,
+ _IO_unsave_wmarkers, _IO_wdefault_doallocate, _IO_wdefault_finish,
+ _IO_wdefault_pbackfail, _IO_wdefault_setbuf, _IO_wdefault_uflow,
+ _IO_wdefault_xsgetn, _IO_wdefault_xsputn, _IO_wdoallocbuf, _IO_wdo_write,
+ _IO_wfile_jumps, _IO_wfile_overflow, _IO_wfile_sync, _IO_wfile_underflow,
+ _IO_wfile_xsputn, _IO_wmarker_delta, or _IO_wsetb may stop working with a
+ future version of glibc. Unlike other symbol removals, these old
+ applications will not be supported using compatibility symbols.
+
+* On GNU/Linux, the obsolete Linux constant PTRACE_SEIZE_DEVEL is no longer
+ defined by <sys/ptrace.h>.
+
+* libm no longer supports SVID error handling (calling a user-provided
+ matherr function on error) or the _LIB_VERSION variable to control error
+ handling. (SVID error handling and the _LIB_VERSION variable still work
+ for binaries linked against older versions of the GNU C Library.) The
+ libieee.a library is no longer provided. math.h no longer defines struct
+ exception, or the macros X_TLOSS, DOMAIN, SING, OVERFLOW, UNDERFLOW,
+ TLOSS, PLOSS and HUGE.
+
+* The libm functions pow10, pow10f and pow10l are no longer supported for
+ new programs. Programs should use the standard names exp10, exp10f and
+ exp10l for these functions instead.
+
+* The mcontext_t type is no longer the same as struct sigcontext. On
+ platforms where it was previously the same, this changes the C++ name
+ mangling for interfaces involving this type.
+
+* The add-ons mechanism for building additional packages at the same time as
+ glibc has been removed. The --enable-add-ons configure option is now
+ ignored.
+
+* The --without-fp configure option is now ignored. Whether hardware
+ floating-point instructions are used is now configured based on whether
+ the compiler used at configure time (without any options implied by a
+ --with-cpu= configure option) uses such instructions.
+
+* The res_hnok, res_dnok, res_mailok and res_ownok functions now check that
+ the specified string can be parsed as a domain name.
+
+* In the malloc_info output, the <heap> element may contain another <aspace>
+ element, "subheaps", which contains the number of sub-heaps.
+
+* The libresolv function p_secstodate is no longer supported for new
+ programs.
+
+* The tilepro-*-linux-gnu configuration is no longer supported.
+
+* The nonstandard header files <libio.h> and <_G_config.h> are deprecated
+ and will be removed in a future release. Software that is still using
+ either header should be updated to use standard <stdio.h> interfaces
+ instead.
+
+ libio.h was originally the header for a set of supported GNU extensions,
+ but they have not been maintained as such in many years, they are now
+ standing in the way of improvements to stdio, and we don't think there are
+ any remaining external users. _G_config.h was never intended for public
+ use, but predates the bits convention.
+
+Changes to build and runtime requirements:
+
+* bison version 2.7 or later is required to generate code in the 'intl'
+ subdirectory.
- - Nearest Integer Functions: ceilf128, floorf128, nearbyintf128,
- rintf128, lrintf128, llrintf128, roundf128, lroundf128, llroundf128,
- roundevenf128, truncf128, fromfpf128, ufromfpf128, fromfpxf128,
- ufromfpxf128.
+Security related changes:
- - Remainder Functions: fmodf128, remainderf128, remquof128.
+ CVE-2009-5064: The ldd script would sometimes run the program under
+ examination directly, without preventing code execution through the
+ dynamic linker. (The glibc project disputes that this is a security
+ vulnerability; only trusted binaries must be examined using the ldd
+ script.)
+
+ CVE-2017-15670: The glob function, when invoked with GLOB_TILDE,
+ suffered from a one-byte overflow during ~ operator processing (either
+ on the stack or the heap, depending on the length of the user name).
+ Reported by Tim Rühsen.
+
+ CVE-2017-15671: The glob function, when invoked with GLOB_TILDE,
+ would sometimes fail to free memory allocated during ~ operator
+ processing, leading to a memory leak and, potentially, to a denial
+ of service.
+
+ CVE-2017-15804: The glob function, when invoked with GLOB_TILDE and
+ without GLOB_NOESCAPE, could write past the end of a buffer while
+ unescaping user names. Reported by Tim Rühsen.
+
+ CVE-2017-17426: The malloc function, when called with an object size near
+ the value SIZE_MAX, would return a pointer to a buffer which is too small,
+ instead of NULL. This was a regression introduced with the new malloc
+ thread cache in glibc 2.26. Reported by Iain Buclaw.
+
+ CVE-2017-1000408: Incorrect array size computation in _dl_init_paths leads
+ to the allocation of too much memory. (This is not a security bug per se,
+ it is mentioned here only because of the CVE assignment.) Reported by
+ Qualys.
+
+ CVE-2017-1000409: Buffer overflow in _dl_init_paths due to miscomputation
+ of the number of search path components. (This is not a security
+ vulnerability per se because no trust boundary is crossed if the fix for
+ CVE-2017-1000366 has been applied, but it is mentioned here only because
+ of the CVE assignment.) Reported by Qualys.
+
+ CVE-2017-16997: Incorrect handling of RPATH or RUNPATH containing $ORIGIN
+ for AT_SECURE or SUID binaries could be used to load libraries from the
+ current directory.
+
+ CVE-2018-1000001: Buffer underflow in realpath function when getcwd function
+ succeeds without returning an absolute path due to unexpected behaviour
+ of the Linux kernel getcwd syscall. Reported by halfdog.
+
+ CVE-2018-6485: The posix_memalign and memalign functions, when called with
+ an object size near the value of SIZE_MAX, would return a pointer to a
+ buffer which is too small, instead of NULL. Reported by Jakub Wilk.
+
+ CVE-2018-6551: The malloc function, when called with an object size near
+ the value of SIZE_MAX, would return a pointer to a buffer which is too
+ small, instead of NULL.
- - Manipulation Functions: copysignf128, nanf128, nextafterf128,
- nextupf128, nextdownf128, canonicalizef128.
+The following bugs are resolved with this release:
- - Minimum, Maximum, and Positive Difference Functions: fdimf128,
- fmaxf128, fminf128, fmaxmagf128, fminmagf128.
+ [866] glob: glob should match dangling symlinks
+ [1062] glob: sysdeps/generic/glob.c merge from gnulib (part 3 of 3)
+ [2522] localedata: ca_ES@valencia: new Valencian (meridional Catalan)
+ locale
+ [5997] math: Very slow execution of sinf function
+ [10580] localedata: hr_HR: updated locale
+ [10871] locale: 'mon' array should contain both nominative and genitive
+ cases
+ [12349] localedata: eu_ES: incorrect thousands separator
+ [13605] localedata: shn_MM: new Shan locale
+ [13805] localedata: ru_RU: currency should use ',' as radix point
+ [13953] localedata: km_KH: locale update
+ [13994] localedata: mjw_IN: new locale
+ [14121] build: make writes .mo files in po directory
+ [14333] libc: Fix the race between atexit() and exit()
+ [14681] dynamic-link: _dl_get_origin leaks memory via executable link map.
+ [14925] localedata: bn_*: LC_IDENTIFICATION.language key should be
+ "Bangla"
+ [15260] localedata: LC_MESSAGES.{yes,no}{str,expr}: various errors
+ [15261] localedata: LC_MESSAGES.yesexpr/noexpr: inconsistent use of full-
+ width Latin characters
+ [15332] localedata: es_CU: locale update
+ [15436] stdio: Don't close or flush stdio streams on abort
+ [15537] localedata: lv_LV: invalid collation for Latvian diacritical
+ letters
+ [16148] localedata: ca_ES: incorrect thousands separator
+ [16750] dynamic-link: ldd should not try to execute the binaries
+ (CVE-2009-5064)
+ [16777] localedata: pl_PL: incorrect thousands separator in locale
+ [16905] localedata: hanzi: new collation
+ [17563] localedata: cmn_TW: add hanzi collation
+ [17750] localedata: wrong collation order of diacritics in most locales
+ [17804] libc: scandirat fails with ENOMEM because it checks for errno even
+ if malloc succeeded
+ [17956] build: Build fails on missing definitions from header file
+ nss/nss.h when Mozilla NSS is used for cryptography
+ [18203] libc: realpath() does not handle unreachable paths correctly
+ [18572] dynamic-link: [arm] Lazy TLSDESC relocation has data race
+ [18812] localedata: kab_DZ: new Kabyle Algeria locale
+ [18822] libc: Internal functions are called via PLT
+ [18858] string: _HAVE_STRING_ARCH_xxx aren't defined for i386 nor x86_64
+ [19170] libc: __gmon_start__ defined in hppa in crtn.S
+ [19574] libc: glibc should support building static PIE binaries
+ [19852] localedata: charmaps/UTF-8: incorrect wcwidth for U+3099 and
+ U+309A
+ [19971] glob: glob: Do not skip entries with zero d_ino values
+ [19982] localedata: fr.po: spelling mistake for error code EXDEV
+ [20008] localedata: km_KH: convert to translit_neutral
+ [20009] localedata: tr_TR: convert LC_CTYPE to i18n
+ [20142] math: [x86_64] Add SSE4.1 trunc, truncf
+ [20204] dynamic-link: _dl_open_hook and _dlfcn_hook hardening
+ [20482] localedata: de_CH: abbreviated weekdays should be two letters
+ [20498] localedata: miq_NI: new Mískitu / Miskito (miq) language locale
+ for Nicaragua
+ [20532] nss: getaddrinfo uses errno and h_errno without guaranteeing
+ they're set, wrong errors returned by gaih_inet when lookup functions
+ are not found.
+ [20756] localedata: [PATCH] Use Unicode wise thousands separator
+ [20826] network: posix/tst-getaddrinfo5 fails on hosts without network
+ access
+ [20952] localedata: yuw_PG: new locale
+ [21084] localedata: charmaps/IBM858: new codepage
+ [21161] manual: [PATCH] fix typo in manual/arith.texi on strtoul prototype
+ [21242] libc: assert gives pedantic warning in old gcc versions
+ [21265] dynamic-link: _dl_runtime_resolve isn't compatible with Intel C++
+ __regcall calling convention
+ [21309] math: signed integer overflow in sysdeps/ieee754/dbl-64/e_pow.c
+ [21326] libc: C99 functions are not declared for C++11 and later if
+ _GNU_SOURCE is not predefined by g++
+ [21457] libc: sys/ucontext.h namespace
+ [21530] libc: tmpfile() should be implemented using O_TMPFILE
+ [21660] math: GCC fails to compile a formula with tgmath.h
+ [21672] nptl: sys-libs/glibc on ia64 crashes on thread exit: signal
+ SIGSEGV, Segmentation fault: pthread_create.c:432: __madvise
+ (pd->stackblock, freesize - PTHREAD_STACK_MIN, MADV_DONTNEED);
+ [21684] math: tgmath.h handling of complex integers
+ [21685] math: tgmath.h handling of bit-fields
+ [21686] math: tgmath.h handling of __int128
+ [21706] localedata: yesstr and nostr are missing for Breton [LC_MESSAGES]
+ locale
+ [21745] libc: [powerpc64le] Extra PLT reference with --enable-stack-
+ protector=all
+ [21750] localedata: column width of characters incompatible with classical
+ wcwidth
+ [21754] malloc: malloc: Perform as little work as possible after heap
+ consistency check failures
+ [21780] libc: hppa: p{read,write}v2 does not set ENOSUP on invalid flag
+ [21790] libc: Missing __memset_zero_constant_len_parameter in libc.so
+ [21791] string: Unused XXX_chk_XXX functions in libc.a
+ [21815] dynamic-link: FAIL: elf/tst-prelink-cmp with GCC is defaulted to
+ PIE
+ [21836] localedata: Removed redundant data (LC_MONETARY) in various Indian
+ locales
+ [21845] localedata: Added new Locale bho_NP
+ [21853] localedata: Fix abday Which looks same as day in zh_SG
+ [21854] localedata: Added New Locale en_SC
+ [21864] libc: xmalloc.o is compiled with -DMODULE_NAME=libc
+ [21871] dynamic-link: _dl_runtime_resolve_avx_opt is slower than
+ _dl_runtime_resolve_avx_slow
+ [21885] network: getaddrinfo: gethosts does not release resolver context
+ on memory allocation failure
+ [21899] libc: XPG4.2 sigaction namespace
+ [21908] dynamic-link: dynamic linker broke on ia64 (mmap2 consolidation is
+ the suspect)
+ [21913] libc: static binaries SIGSEGV in __brk when host's gcc is pie-by-
+ default (i386)
+ [21915] nss: nss_files can return with NSS_STATUS_SUCCESS and a clobbered
+ errno value, causing getaddrinfo to fail
+ [21920] localedata: Fix p_cs_precedes/n_cs_precedes for mt_MT
+ [21922] network: getaddrinfo with AF_INET/AF_INET6 returns EAI_NONAME
+ instead of EAI_NODATA
+ [21928] libc: sys/ptrace.h: remove obsolete temporary development Linux
+ constant PTRACE_SEIZE_DEVEL
+ [21930] math: C-only gcc builtins used in <math.h> isinf
+ [21932] network: Unpaired __resolv_context_get in generic get*_r
+ implementation
+ [21941] math: powerpc: Wrong register constraint for xssqrtqp in sqrtf128
+ [21944] libc: sigval namespace
+ [21951] localedata: Update hanzi collation by stroke
+ [21955] math: Wrong alignment of L(SP_RANGE)/L(SP_INF_0) in
+ sysdeps/x86_64/fpu/e_expf.S
+ [21956] libc: Stack allocation in MIPS syscall impl (ubounded stack
+ allocation in syscall loops)
+ [21959] localedata: Fix Country name for xh_ZA
+ [21960] localedata: Fix abmon for bem_ZM
+ [21966] math: AVX2 mathvec functions use FMA without checking
+ [21967] math: When 512-bit AVX2 wrapper functions in mathvec are used?
+ [21971] localedata: Added New Locale for mfe_MU
+ [21972] libc: assert macro requires operator== (int) for its argument type
+ [21973] math: [sparc] libm missing sqrtl compat symbol
+ [21974] libc: Remove __bb_init_func and __bb_exit_func
+ [21982] string: stratcliff.c: error: assuming signed overflow does not
+ occur with -O3
+ [21986] stdio: __guess_grouping is called incorrectly
+ [21987] math: [sparc32] wrong bits/long-double.h installed
+ [22019] localedata: Wrong placement of monetary symbol in el_GR (negative
+ amounts)
+ [22022] localedata: Missing country_name for mni_IN
+ [22023] localedata: Removed redundant data (LC_TIME and LC_MESSAGES) for
+ niu_NZ
+ [22025] locale: iconv: Inconsistency between pointer mangling and NULL
+ checks
+ [22026] locale: iconv_open: heap overflow on gconv_init failure
+ [22028] math: bits/math-finite.h _MSUF_ expansion namespace
+ [22035] math: [m68k] bits/math-inline.h macro namespace
+ [22038] localedata: Fix abbreviated weeks and months for Somali
+ [22044] localedata: Remove redundant data for Limburgish Language
+ [22050] malloc: Linking with -lmcheck does not hook
+ __malloc_initialize_hook correctly
+ [22051] libc: zero terminator in the middle of glibc's .eh_frame
+ [22052] malloc: malloc failed to compile with GCC 7 and -O3
+ [22070] localedata: charmaps/UTF-8: wcwidth for
+ Prepended_Concatenation_Mark codepoints set to 0 (should be 1)
+ [22074] localedata: charmaps/UTF-8: wcwidth for U+1160-U+11FF (Hangul
+ Jungseong and Jongseong) should be 0
+ [22078] nss: nss_files performance issue in multi mode
+ [22082] math: bits/math-finite.h exp10 condition
+ [22086] libc: pcprofiledump incorrect cross-endian condition
+ [22093] dynamic-link: ld.so no longer searches in .../x86_64
+ [22095] network: Name server address allocation memory leak in resolv.conf
+ parsing after OOM
+ [22096] network: __resolv_conf_attach can incorrectly free passed conf
+ object
+ [22100] localedata: om_KE: LC_TIME: copy redundant data from om_ET
+ [22101] dynamic-link: Dynamic loader must ignore "debug" shared objects
+ e.g. ET_GNU_DEBUG_*
+ [22111] malloc: malloc: per thread cache is not returned when thread exits
+ [22112] localedata: Fix LC_TELEPHONE/LC_NAME for az_AZ
+ [22134] libc: [linux] implement fexecve with execveat
+ [22142] libc: [powerpc] printf oupts a wrong value of DBL_MAX on ppc64 and
+ ppc64le
+ [22145] libc: ttyname() gives up too early in the face of namespaces
+ [22146] math: C++ build issue with float128 on x86_64
+ [22153] nptl: nptl: save error code before process termination
+ [22156] libc: [hppa,ia64,microblaze] Executable stack default
+ [22159] malloc: malloc: MALLOC_CHECK_ broken with --enable-tunables=no
+ [22161] nscd: nscd cache prune for netgroups hangs after timeout bump
+ [22165] libc: [hppa] Text relocations in libc.so
+ [22180] libc: destructor registered via __cxa_atexit is called twice
+ [22183] glob: commit 5554304f0ddd ("posix: Allow glob to match dangling
+ symlinks") cause "make" segfaults
+ [22189] math: [powerpc] math_private.h definitions of math_opt_barrier and
+ math_force_eval
+ [22207] libc: FAIL: stdlib/test-atexit-race
+ [22225] math: nearbyint arithmetic moved before feholdexcept
+ [22229] math: [sparc32] missing copysignl, fabsl, fmal compat symbols
+ [22235] math: iscanonical in C++ and float128
+ [22243] math: log2(0) and log10(0) are wrong in downward rounding without
+ the svid compat wrapper
+ [22244] math: ynf and yn are wrong without the svid compat wrapper
+ [22273] libc: Improper assert in Linux posix_spawn implementation
+ [22284] libc: -pg -pie doesn't work
+ [22292] locale: localedef exits with error 4 when it should be error 1
+ [22294] locale: Allow "" for int_currency_symbol definition in locales.
+ [22295] locale: Don't warn on non-symbolic characters in locale sources in
+ --verbose.
+ [22296] math: glibc 2.26: signbit build issue with Gcc 5.5.0 on x86_64
+ [22298] nptl: x32: lockups on recursive pthread_mutex_lock after upgrade
+ to 2.26
+ [22299] dynamic-link: Problem with $PLATFORM on x86_64 platform
+ [22320] glob: Buffer overflow in glob with GLOB_TILDE (CVE-2017-15670)
+ [22321] libc: sysconf(_SC_IOV_MAX) returns -1 on Linux
+ [22322] libc: [mips64] wrong bits/long-double.h installed
+ [22325] glob: Memory leak in glob with GLOB_TILDE (CVE-2017-15671)
+ [22332] glob: Buffer overflow in glob with GLOB_TILDE in unescaping
+ (CVE-2017-15804)
+ [22336] localedata: cs_CZ LC_COLLATE does not use i18n
+ [22343] malloc: Integer overflow in posix_memalign
+ [22347] libc: getrandom() returns the number of bytes that were copied to
+ the buffer even though the comments say "Return 0 on success and -1 on
+ failure."
+ [22353] string: sysdeps/i386/i586/strcpy.S isn't maintainable
+ [22362] libc: Installed crt1.o, crti,.o and crtn.o files are used with
+ -m32
+ [22370] dynamic-link: Incorrect note padding check
+ [22375] libc: malloc returns pointer from tcache_get when should return
+ NULL (CVE-2017-17426)
+ [22377] math: iseqsig, float128 and C++
+ [22382] localedata: Error in tpi_PG locale
+ [22387] localedata: Replace unicode sequences <Uxxxx> for characters
+ inside the ASCII printable range
+ [22402] math: [powerpc64le] __MATH_TG does not support _Float128 for
+ -mlong-double-64
+ [22403] localedata: Slash needs escaping in some locales
+ [22408] malloc: malloc_info access heaps without arena lock, ignores heaps
+ [22409] network: res_hnok does not accept some host names used on the
+ Internet
+ [22412] network: res_dnok, res_hnok should perform syntax checks
+ [22413] network: ns_name_pton ignores syntactically invalid trailing
+ backslash
+ [22415] stdio: setvbuf can lead to invalid free/segfault
+ [22432] build: Non-deterministic build
+ [22439] malloc: malloc_info should compute summary statistics for all sub-
+ heaps in an arena
+ [22442] network: if_nametoindex could report index for the wrong
+ networking interface
+ [22446] build: aliasing violation calling readlink in handle_request
+ [22447] build: unsafe call to strlen with a non-string in getlogin_r.c
+ [22457] libc: Generic preadv/pwritev incorrectly calls __posix_memalign
+ [22459] libc: FAIL: elf/check-localplt with __stack_chk_fail related to
+ __nscd_hash/__nss_hash
+ [22463] network: p_secstodate overflow handling
+ [22469] localedata: pl_PL LC_COLLATE does not use i18n
+ [22478] libc: sigwait can fail with EINTR
+ [22505] libc: ldconfig processes include directive in locale-specific
+ order
+ [22515] localedata: hsb_DE LC_COLLATE does not use copy "iso14651_t1"
+ [22517] localedata: et_EE LC_COLLATE does not use copy "iso14651_t1"
+ [22519] localedata: is_IS LC_COLLATE does not use copy "iso14651_t1"
+ [22524] localedata: lt_LT LC_COLLATE does not use copy "iso14651_t1"
+ [22527] localedata: tr_TR LC_COLLATE does not use copy "iso14651_t1"
+ [22534] localedata: Collation rules for Serbian and Bosnian should be the
+ same as for Croatian
+ [22561] math: [DR#471] cacosh (0 + iNaN) should return NaN +/- i pi/2
+ [22568] math: [DR#471] ctanh (0 + iNaN), ctanh (0 + i Inf)
+ [22577] libc: missing newline after "cannot allocate TLS data structures
+ for initial thread"
+ [22588] manual: manual/conf.texi: missing underscore in front of
+ SC_SSIZE_MAX
+ [22593] math: nextafter and nexttoward are declared with const attribute
+ [22596] manual: manual: finite(nan) wrongly described as returning nonzero
+ [22603] string: ia64 memchr overflows internal pointer check
+ [22605] libc: SH clone does not set the exit code correctly
+ [22606] dynamic-link: Incorrect array size computation in _dl_init_paths
+ (CVE-2017-1000408)
+ [22607] dynamic-link: Buffer Overflow in _dl_init_paths (CVE-2017-1000409)
+ [22611] malloc: malloc/tst-realloc wrongly assumes that errno must not be
+ modified in case of success
+ [22614] build: gcc: error: unrecognized command line option ‘-no-pie’
+ [22615] manual: manual: ambiguous wording about errno value in case of
+ success
+ [22624] libc: MIPS setjmp() saves incorrect 'o0' register in --enable-
+ stack-protector=all
+ [22625] dynamic-link: RPATH $ORIGIN replaced by PWD for AT_SECURE/SUID
+ binaries or if /proc is not mounted (CVE-2017-16997)
+ [22627] dynamic-link: $ORIGIN in $LD_LIBRARY_PATH is substituted twice
+ [22630] build: $(no-pie-ldflag) is no longer effective
+ [22631] math: [m68k] Bad const attributes in bits/mathinline.h
+ [22635] nptl: pthread_self returns NULL before libpthread is loaded
+ [22636] nptl: PTHREAD_STACK_MIN is too small on x86-64
+ [22637] nptl: guard size is subtracted from thread stack size instead of
+ adding it on top
+ [22648] libc: getrlimit/setrlimit with RLIM_INFINITY broken on alpha
+ [22657] localedata: hu_HU: Avoid double space in date
+ [22660] math: fmax, fmin sNaN handling on alpha
+ [22664] libc: New warning of GCC8
+ [22665] math: alpha: ceil and floor raise inexact exceptions
+ [22666] math: alpha: trunc raise inexact exceptions
+ [22667] libc: makecontext lacks stack alignment on i386
+ [22678] libc: prlimit fails for RLIM_INFINITY values on 32-bit machines
+ [22679] libc: getcwd(3) can succeed without returning an absolute path
+ (CVE-2018-1000001)
+ [22685] libc: PowerPC: Static AT_SECURE binaries segfault with lock-
+ elision and tunables
+ [22687] math: [powerpc-nofpu] complex long double functions spurious
+ "invalid" exception
+ [22688] math: [powerpc-nofpu] remainderl wrong sign of zero result
+ [22690] math: [ldbl-128ibm] lrintl, lroundl missing "invalid" exceptions
+ [22691] math: [powerpc-nofpu] fmaxmagl, fminmagl spurious "invalid"
+ exception
+ [22693] math: [ldbl-128ibm] log1pl (-qNaN) spurious "invalid" exception
+ [22697] math: [powerpc] llround spurious "inexact" exceptions on 32-bit
+ power4
+ [22701] nis: Incomplete removal of libnsl
+ [22702] math: [powerpc-nofpu] nearbyintl traps with trapping "inexact"
+ [22707] libc: Missing defines in elf.h for DF_1_STUB and DF_1_PIE.
+ [22715] dynamic-link: FAIL: elf/tst-audit10
+ [22719] libc: Backtrace tests fail on hppa
+ [22742] libc: [aarch64] mcontext_t __reserved field got renamed
+ [22743] nptl: __pthread_register_cancel corrupts stack after f81ddabffd
+ [22765] crypt: (struct crypt_data *data)->initialized is not set to zero
+ before the first call to crypt_r () in crypt/badsalttest.c
- - Floating Multiply-Add Function: fmaf128.
+\f
+Version 2.26
- - Total Order Functions: totalorderf128, totalordermagf128.
+Major new features:
- - Payload Functions: getpayloadf128, setpayloadf128, setpayloadsigf128.
+* A per-thread cache has been added to malloc. Access to the cache requires
+ no locks and therefore significantly accelerates the fast path to allocate
+ and free small amounts of memory. Refilling an empty cache requires locking
+ the underlying arena. Performance measurements show significant gains in a
+ wide variety of user workloads. Workloads were captured using a special
+ instrumented malloc and analyzed with a malloc simulator. Contributed by
+ DJ Delorie with the help of Florian Weimer, and Carlos O'Donell.
- New <complex.h> functions from ISO/IEC TS 18661-3:
+* Unicode 10.0.0 Support: Character encoding, character type info, and
+ transliteration tables are all updated to Unicode 10.0.0, using
+ generator scripts contributed by Mike FABIAN (Red Hat).
+ These updates cause user visible changes, especially the changes in
+ wcwidth for many emoji characters cause problems when emoji sequences
+ are rendered with pango, see for example:
+ https://bugzilla.gnome.org/show_bug.cgi?id=780669#c5
- - Trigonometric Functions: cacosf128, casinf128, catanf128, ccosf128,
- csinf128, ctanf128.
+* Collation of Hungarian has been overhauled and is now consistent with "The
+ Rules of Hungarian Orthography, 12th edition" (Bug 18934). Contributed by
+ Egmont Koblinger.
- - Hyperbolic Functions: cacoshf128, casinhf128, catanhf128, ccoshf128,
- csinhf128, ctanhf128.
+* Improvements to the DNS stub resolver, contributed by Florian Weimer:
- - Exponential and Logarithmic Functions: cexpf128, clogf128.
+ - The GNU C Library will now detect when /etc/resolv.conf has been
+ modified and reload the changed configuration. The new resolver option
+ “no-reload” (RES_NORELOAD) disables this behavior.
- - Power and Absolute Functions: cabsf128, cpowf128, csqrtf128.
+ - The GNU C Library now supports an arbitrary number of search domains
+ (configured using the “search” directive in /etc/resolv.conf);
+ previously, there was a hard limit of six domains. For backward
+ compatibility, applications that directly modify the ‘_res’ global
+ object are still limited to six search domains.
- - Manipulation Functions: cargf128, cimagf128, CMPLXF128, conjf128,
- cprojf128, crealf128.
+ - When the “rotate” (RES_ROTATE) resolver option is active, the GNU C
+ Library will now randomly pick a name server from the configuration as a
+ starting point. (Previously, the second name server was always used.)
- The following <wchar.h> functions are added as GNU extensions:
+* The tunables feature is now enabled by default. This allows users to tweak
+ behavior of the GNU C Library using the GLIBC_TUNABLES environment variable.
- - Wide String Conversion Functions: wsctof128, wcstof128_l.
+* New function reallocarray, which resizes an allocated block (like realloc)
+ to the product of two sizes, with a guaranteed clean failure upon integer
+ overflow in the multiplication. Originally from OpenBSD, contributed by
+ Dennis Wölfing and Rüdiger Sonderfeld.
- The following <stdlib.h> function is added as a GNU extension:
+* New wrappers for the Linux-specific system calls preadv2 and pwritev2.
+ These are extended versions of preadv and pwritev, respectively, taking an
+ additional flags argument. The set of supported flags depends on the
+ running kernel; full support currently requires kernel 4.7 or later.
- - String Conversion Function: strtof128_l.
+* posix_spawnattr_setflags now supports the flag POSIX_SPAWN_SETSID, to
+ create a new session ID for the spawned process. This feature is
+ scheduled to be added to the next major revision of POSIX; for the time
+ being, it is available under _GNU_SOURCE.
- The following <math.h> features are added as GNU extensions:
+* errno.h is now safe to use from C-preprocessed assembly language on all
+ supported operating systems. In this context, it will only define the
+ Exxxx constants, as preprocessor macros expanding to integer literals.
- - Predefined Mathematical Constants: M_Ef128, M_LOG2Ef128,
- M_LOG10Ef128, M_LN2f128, M_LN10f128, M_PIf128, M_PI_2f128,
- M_PI_4f128, M_1_PIf128, M_2_PIf128, M_2_SQRTPIf128, M_SQRT2f128,
- M_SQRT1_2f128.
+* On ia64, powerpc64le, x86-32, and x86-64, the math library now implements
+ 128-bit floating point as defined by ISO/IEC/IEEE 60559:2011 (IEEE
+ 754-2008) and ISO/IEC TS 18661-3:2015. Contributed by Paul E. Murphy,
+ Gabriel F. T. Gomes, Tulio Magno Quites Machado Filho, and Joseph Myers.
+
+ To compile programs that use this feature, the compiler must support
+ 128-bit floating point with the type name _Float128 (as defined by TS
+ 18661-3) or __float128 (the nonstandard name used by GCC for C++, and for
+ C prior to version 7). _GNU_SOURCE or __STDC_WANT_IEC_60559_TYPES_EXT__
+ must be defined to make the new interfaces visible.
+
+ The new functions and macros correspond to those present for other
+ floating-point types (except for a few obsolescent interfaces not
+ supported for the new type), with F128 or f128 suffixes; for example,
+ strtof128, HUGE_VAL_F128 and cosf128. Following TS 18661-3, there are no
+ printf or scanf formats for the new type; the strfromf128 and strtof128
+ interfaces should be used instead.
+
+Deprecated and removed features, and other changes affecting compatibility:
+
+* The synchronization that pthread_spin_unlock performs has been changed to
+ now be equivalent to a C11 atomic store with release memory order to the
+ spin lock's memory location. Previously, several (but not all)
+ architectures used stronger synchronization (e.g., containing what is
+ often called a full barrier). This change can improve performance, but
+ may affect odd fringe uses of spin locks that depend on the previous
+ behavior (e.g., using spin locks as atomic variables to try to implement
+ Dekker's mutual exclusion algorithm).
- - Trigonometric Function: sincosf128.
+* The port to Native Client running on ARMv7-A (--host=arm-nacl) has been
+ removed.
- - Exponential and Logarithmic Function: exp10f128.
+* Sun RPC is deprecated. The rpcgen program, librpcsvc, and Sun RPC headers
+ will only be built and installed when the GNU C Library is configured with
+ --enable-obsolete-rpc. This allows alternative RPC implementations, such
+ as TIRPC or rpcsvc-proto, to be used.
- - Error and Gamma Function: lgammaf128_r.
+* The NIS(+) name service modules, libnss_nis, libnss_nisplus, and
+ libnss_compat, are deprecated, and will not be built or installed by
+ default.
- - Bessel Functions: j0f128, j1f128, jnf128, y0f128, y1f128, ynf128.
+ The NIS(+) support library, libnsl, is also deprecated. By default, a
+ compatibility shared library will be built and installed, but not headers
+ or development libraries. Only a few NIS-related programs require this
+ library. (In particular, the GNU C Library has never required programs
+ that use 'gethostbyname' to be linked with libnsl.)
- The following <complex.h> function is added as a GNU extension:
+ Replacement implementations based on TIRPC, which additionally support
+ IPv6, are available from <https://github.com/thkukuk/>. The configure
+ option --enable-obsolete-nsl will cause libnsl's headers, and the NIS(+)
+ name service modules, to be built and installed.
- - Exponential and Logarithmic Function: clog10f128.
+* The DNS stub resolver no longer performs EDNS fallback. If EDNS or DNSSEC
+ support is enabled, the configured recursive resolver must support EDNS.
+ (Responding to EDNS-enabled queries with responses which are not
+ EDNS-enabled is fine, but FORMERR responses are not.)
-* When the “rotate” (RES_ROTATE) DNS stub resolver option is active, glibc
- will now randomly pick a name server from the configuration as a starting
- point. (Previously, the second name server was always used.)
+* res_mkquery and res_nmkquery no longer support the IQUERY opcode. DNS
+ servers have not supported this opcode for a long time.
* The _res_opcodes variable has been removed from libresolv. It had been
exported by accident.
-* The glibc DNS stub resolver now supports an arbitary number of search
- domains (configured using the “search” directive in /etc/resolv.conf).
- Most applications will automatically benefit from this change, but for
- backwards compatibility reasons, applications which directly modify _res
- objects (which contain the resolver state, including the search list
- array, which is limited to six entries) will only use the first six search
- domains, as before.
+* <string.h> no longer includes inline versions of any string functions,
+ as this kind of optimization is better done by the compiler. The macros
+ __USE_STRING_INLINES and __NO_STRING_INLINES no longer have any effect.
+
+* The nonstandard header <xlocale.h> has been removed. Most programs should
+ use <locale.h> instead. If you have a specific need for the definition of
+ locale_t with no other declarations, please contact
+ libc-alpha@sourceware.org and explain.
+
+* The obsolete header <sys/ultrasound.h> has been removed.
+
+* The obsolete signal constant SIGUNUSED is no longer defined by <signal.h>.
+
+* The obsolete function cfree has been removed. Applications should use
+ free instead.
+
+* The stack_t type no longer has the name struct sigaltstack. This changes
+ the C++ name mangling for interfaces involving this type.
+
+* The ucontext_t type no longer has the name struct ucontext. This changes
+ the C++ name mangling for interfaces involving this type.
+
+* On M68k GNU/Linux and MIPS GNU/Linux, the fpregset_t type no longer has
+ the name struct fpregset. On Nios II GNU/Linux, the mcontext_t type no
+ longer has the name struct mcontext. On SPARC GNU/Linux, the struct
+ mc_fq, struct rwindow, struct fpq and struct fq types are no longer
+ defined in sys/ucontext.h, the mc_fpu_t type no longer has the name struct
+ mc_fpu, the gwindows_t type no longer has the name struct gwindows and the
+ fpregset_t type no longer has the name struct fpu. This changes the C++
+ name mangling for interfaces involving those types.
+
+* On S/390 GNU/Linux, the constants defined by <sys/ptrace.h> have been
+ synced with the kernel:
+
+ - PTRACE_GETREGS, PTRACE_SETREGS, PTRACE_GETFPREGS and PTRACE_SETFPREGS
+ are not supported on this architecture and have been removed.
+
+ - PTRACE_SINGLEBLOCK, PTRACE_SECCOMP_GET_FILTER, PTRACE_PEEKUSR_AREA,
+ PTRACE_POKEUSR_AREA, PTRACE_GET_LAST_BREAK, PTRACE_ENABLE_TE,
+ PTRACE_DISABLE_TE and PTRACE_TE_ABORT_RAND have been added.
+
+ Programs that assume the GET/SETREGS ptrace requests are universally
+ available will now fail to build, instead of malfunctioning at runtime.
+
+Changes to build and runtime requirements:
+
+* Linux kernel 3.2 or later is required at runtime, on all architectures
+ supported by that kernel. (This is a change from version 2.25 only for
+ x86-32 and x86-64.)
+
+* GNU Binutils 2.25 or later is now required to build the GNU C Library.
+
+* On most architectures, GCC 4.9 or later is required to build the GNU C
+ Library. On powerpc64le, GCC 6.2 or later is required.
+
+ Older GCC versions and non-GNU compilers are still supported when
+ compiling programs that use the GNU C Library. (We do not know exactly
+ how old, and some GNU extensions to C may be _de facto_ required. If you
+ are interested in helping us make this statement less vague, please
+ contact libc-alpha@sourceware.org.)
Security related changes:
* The DNS stub resolver limits the advertised UDP buffer size to 1200 bytes,
- to avoid fragmentation-based spoofing attacks.
+ to avoid fragmentation-based spoofing attacks (CVE-2017-12132).
+
+* LD_LIBRARY_PATH is now ignored in binaries running in privileged AT_SECURE
+ mode to guard against local privilege escalation attacks (CVE-2017-1000366).
+
+* Avoid printing a backtrace from the __stack_chk_fail function since it is
+ called on a corrupt stack and a backtrace is unreliable on a corrupt stack
+ (CVE-2010-3192).
+
+* A use-after-free vulnerability in clntudp_call in the Sun RPC system has been
+ fixed (CVE-2017-12133).
The following bugs are resolved with this release:
- [The release manager will add the list generated by
- scripts/list-fixed-bugs.py just before the release.]
+ [984] network: Respond to changed resolv.conf in gethostbyname
+ [5010] network: sunrpc service cleanup causes unwanted port mapper traffic
+ [12068] localedata: sc_IT: misspelled yesexpr/day/abday/mon/abmon/date_fmt
+ fields
+ [12189] libc: __stack_chk_fail should not attempt a backtrace
+ (CVE-2010-3192)
+ [14096] time: Race condition on timezone/tst-timezone.out
+ [14172] localedata: az_IR: new locale
+ [14995] build: glibc fails to build if gold is the default linker, even if
+ ld.bfd is available
+ [15998] build: [powerpc] Set arch_minimum_kernel for powerpc LE
+ [16637] network: inet_pton function is accepting IPv6 with bad format
+ [16640] string: string/strtok.c: undefined behaviour inconsistent between
+ x86 and other generic code
+ [16875] localedata: ko_KR: fix lang_name
+ [17225] localedata: ar_SY: localized month names for May and June are
+ incorrect
+ [17297] localedata: da_DK: wrong date_fmt string
+ [18907] stdio: Incorrect order of __wur __THROW in <printf.h>
+ [18934] localedata: hu_HU: collate: fix multiple bugs and add tests
+ [18988] nptl: pthread wastes memory with mlockall(MCL_FUTURE)
+ [19066] localedata: ar_SA abbreviated day and month names are in English
+ [19569] network: resolv: Support an arbitrary number of search domains
+ [19570] network: Implement random DNS server selection in the stub
+ resolver
+ [19838] locale: localedef fails on PA-RISC
+ [19919] localedata: iso14651_t1_common: Correct the Malayalam sorting
+ order of 0D36 and 0D37
+ [19922] localedata: iso14651_t1_common: Define collation for Malayalam
+ chillu characters
+ [20098] libc: FAIL: debug/backtrace-tst on hppa
+ [20257] network: sunrpc: clntudp_call does not enforce timeout when
+ receiving data
+ [20275] localedata: locale day/abday/mon/abmon should not have trailing
+ whitespace
+ [20313] localedata: Update locale data to Unicode 9.0
+ [20424] manual: Document how to provide a malloc replacement
+ [20496] localedata: agr_PE: new language locale Awajún / Aguaruna (agr)
+ for Peru
+ [20686] locale: Add el_GR@euro to SUPPORTED.
+ [20831] dynamic-link: _dl_map_segments does not test for __mprotect
+ failures consistently
+ [21015] dynamic-link: Document and fix --enable-bind-now
+ [21016] nptl: pthread_cond support is broken on hppa
+ [21029] libc: glibc-2.23 (and later) fails to compile with -fno-omit-
+ frame-pointer on i386
+ [21049] libc: segfault in longjmp_chk() due to clobbered processor
+ register
+ [21075] libc: unused assigment to %g4 in sparc/sparc{64,32}/clone.S
+ [21088] libc: Build fails with --enable-static-nss
+ [21094] math: cosf(1.57079697) has 3 ulp error on targets where the
+ generic c code is used
+ [21109] libc: Tunables broken on big-endian
+ [21112] math: powf has large ulp errors with base close to 1 and exponent
+ around 4000
+ [21115] network: sunrpc: Use-after-free in error path in clntudp_call
+ (CVE-2017-12133)
+ [21120] malloc: glibc malloc is incompatible with GCC 7
+ [21130] math: Incorrect return from y0l (-inf) and y1l (-inf) when linking
+ with -lieee
+ [21134] math: Exception (divide by zero) not set for y0/y1 (0.0) and y0/y1
+ (-0.0) when linking with -lieee
+ [21171] math: log10, log2 and lgamma return incorrect results
+ [21179] libc: handle R_SPARC_DISP64 and R_SPARC_REGISTER relocs
+ [21182] libc: __memchr_sse2: regression in glibc-2.25 on i686
+ [21207] localedata: ce_RU: update weekdays from CLDR
+ [21209] dynamic-link: LD_HWCAP_MASK read in setuid binaries
+ [21217] localedata: Update months from CLDR-31
+ [21232] libc: miss posix_fadvise64 on MIPS64 when static linking
+ [21243] libc: support_delete_temp_file should issue warning for failed
+ remove()
+ [21244] libc: support resolv_test_start() socket fd close should be
+ checked for errors.
+ [21253] libc: localedef randomly segfaults when using -fstack-check due to
+ new posix_spawn implementation
+ [21258] dynamic-link: Branch predication in _dl_runtime_resolve_avx512_opt
+ leads to lower CPU frequency
+ [21259] libc: [alpha] termios.h missing IXANY for POSIX
+ [21261] libc: [sparc64] bits/setjmp.h namespace
+ [21267] network: [mips] bits/socket.h IOC* namespace
+ [21268] libc: [alpha] termios.h NL2, NL3 namespace
+ [21270] libc: mmap64 silently truncates large offset values
+ [21275] libc: posix_spawn always crashes on ia64 now
+ [21277] libc: [alpha] termios.h missing IUCLC for UNIX98 and older
+ [21280] math: [powerpc] logbl for POWER7 return incorrect results
+ [21289] libc: Incorrect declaration for 32-bit platforms with
+ _FILE_OFFSET_BITS=64 causes build error
+ [21295] network: GETAI(AF_UNSPEC) drops IPv6 addresses if nss module does
+ not support gethostbyname4_r
+ [21298] nptl: rwlock can deadlock on frequent reader/writer phase
+ switching
+ [21338] malloc: mallopt M_ARENA_MAX doesn't set the maximum number of
+ arenas
+ [21340] libc: Support POSIX_SPAWN_SETSID
+ [21357] libc: unwind-dw2-fde deadlock when using AddressSanitizer
+ [21359] network: ns_name_pack needs additional byte in destination buffer
+ [21361] network: resolv: Reduce advertised EDNS0 buffer size to guard
+ against fragmentation attacks (CVE-2017-12132)
+ [21369] network: resolv: Remove EDNS fallback
+ [21371] libc: Missing timespec definition when compiled with _XOPEN_SOURCE
+ and _POSIX_C_SOURCE
+ [21386] nptl: Assertion in fork for distinct parent PID is incorrect
+ [21391] dynamic-link: x86: Set dl_platform and dl_hwcap from CPU features
+ [21393] stdio: Missing dup3 error check in freopen, freopen64
+ [21396] libc: Use AVX2 memcpy/memset on Skylake server
+ [21399] localedata: Bad description for U00EC in
+ localedata/charmaps/CP1254
+ [21411] malloc: realloc documentation error
+ [21426] network: sys/socket.h uio.h namespace
+ [21428] libc: [aarch64] tst-backtrace5 testsuite failure
+ [21445] libc: signal.h bsd_signal namespace
+ [21455] network: Network headers stdint.h namespace
+ [21474] network: resolv: res_init does not use RES_DFLRETRY (2) but 4 for
+ retry value
+ [21475] network: resolv: Overlong search path is truncated mid-label
+ [21511] libc: sigstack namespace
+ [21512] libc: clone() ends up calling exit_group() through _exit() wrapper
+ [21514] libc: sysdeps/unix/sysv/linux/sys/syscall.h:31:27: fatal error:
+ bits/syscall.h: No such file or directory
+ [21517] libc: struct sigaltstack namespace
+ [21528] dynamic-link: Duplicated minimal strtoul implementations in ld.so
+ [21533] localedata: Update locale data to Unicode 10.0
+ [21537] libc:
+ ../sysdeps/unix/sysv/linux/s390/s390-32/__makecontext_ret.S:44: Error:
+ junk at end of line, first unrecognized character is `@'
+ [21538] libc: SIG_HOLD missing for XPG4
+ [21539] libc: S390: Mismatch between kernel and glibc ptrace.h with
+ request 12: PTRACE_SINGLEBLOCK vs PTRACE_GETREGS.
+ [21542] libc: Use conservative default for sysconf (_SC_NPROCESSORS_ONLN)
+ [21543] libc: sigevent namespace
+ [21548] libc: [mips] get/set/make/swap context for MIPS O32 assume wrong
+ size for general purpose registers in mcontext_t structure
+ [21550] libc: sigwait namespace
+ [21552] libc: XPG4 bsd_signal namespace
+ [21554] libc: sigpause namespace
+ [21560] libc: sys/wait.h signal.h namespace
+ [21561] libc: waitid namespace
+ [21573] nptl: GCC 7: /usr/bin/install: cannot remove
+ '/usr/include/stdlib.h': Permission denied
+ [21575] libc: sys/wait.h missing struct rusage definition
+ [21584] libc: sigaltstack etc namespace
+ [21597] libc: siginterrupt namespace
+ [21607] math: hppa: FAIL: math/test-tgmath
+ [21609] dynamic-link: Incomplete workaround for GCC __tls_get_addr ABI
+ issue on x86-64
+ [21622] libc: [tile] missing SA_* for POSIX.1:2008
+ [21624] dynamic-link: ld.so: Unsafe alloca allows local attackers to alias
+ stack and heap (CVE-2017-1000366)
+ [21625] libc: wait3 namespace
+ [21654] nss: Incorrect pointer alignment in NSS group merge result
+ construction
+ [21657] network: Parse interface zone id for node-local multicast
+ [21662] string: memcmp-avx2-movbe.S lacks saturating subtraction for
+ between_2_3
+ [21666] libc: .symver is used on common symbol
+ [21668] network: resolv: res_init cross-thread broadcast introduces race
+ conditions
+ [21687] math: tgmath.h totalorder, totalordermag return type
+ [21694] locale: Current Glibc Locale Does Not Support Tok-Pisin and Fiji
+ Hindi Locale
+ [21696] libc: Incorrect assumption of of __cpu_mask in
+ posix/sched_cpucount.c
+ [21697] libc: sysdeps/posix/spawni.c: 2 * suspicious condition ?
+ [21706] localedata: yesstr and nostr are missing for Breton [LC_MESSAGES]
+ locale
+ [21707] math: ppc64le: Invalid IFUNC resolver from libgcc calls getauxval,
+ leading to relocation crash
+ [21709] libc: resolv_conf.c:552: update_from_conf: Assertion
+ `resolv_conf_matches (resp, conf)' failed.
+ [21710] localedata: Added Samoan language locale for Samoa
+ [21711] localedata: Pashto yesstr/nostr locale are missing
+ [21715] nptl: sysdeps/nptl/bits/pthreadtypes.h: typedef guard
+ __have_pthread_attr_t can cause redefinition of typedef ‘pthread_attr_t’
+ [21721] localedata: Incorrect Full Weekday names for ks_IN@devanagari
+ [21723] localedata: yesstr/nostr missing for Chinese language locale
+ [21724] localedata: yesstr and nostr are missing for Xhosa [LC_MESSAGES]
+ locale
+ [21727] localedata: yesstr and nostr are missing for Tsonga [LC_MESSAGES]
+ locale
+ [21728] localedata: New Locale for Tongan language
+ [21729] localedata: incorrect LC_NAME fields for hi_IN
+ [21733] localedata: yesstr and nostr are missing for zh_HK
+ [21734] localedata: Missing yesstr and nostr are for kw_GB
+ [21738] libc: misc/tst-preadvwritev2 and misc/tst-preadvwritev64v2 fail
+ [21741] libc: Undefined __memmove_chk_XXX and __memset_chk_XXX in libc.a
+ [21742] libc: _dl_num_cache_relocations is undefined in libc.a
+ [21743] localedata: ks_IN@devanagari: abday strings mismatch the day
+ strings
+ [21744] libc: Tests failing on --enable-tunables --enable-stack-
+ protector=all
+ [21749] localedata: Wrong abbreviated day name (“abday”) for
+ ar_JO/ar_LB/ar_SY
+ [21756] localedata: missing yesstr, nostr for nds_DE and nds_NL
+ [21757] localedata: missing yesstr, nostr for pap_AW and pap_CW
+ [21759] localedata: missing yesstr and nostr for Tigrinya
+ [21760] localedata: Fix LC_MESSAGES and LC_ADDRESS for anp_IN
+ [21766] localedata: Wrong LC_MESSAGES for om_ET Locale
+ [21767] localedata: Missing Bislama locales
+ [21768] localedata: Missing yesstr and nostr for aa_ET
+ [21770] localedata: Missing Field in li_NL
+ [21778] nptl: Robust mutex may deadlock
+ [21779] libc: MicroBlaze segfaults when loading libpthread
+ [21783] localedata: Fix int_select international_call_prefixes
+ [21784] localedata: Inconsistency in country_isbn
+ [21788] localedata: Missing Country Postal Abbreviations
+ [21794] localedata: Added-country_isbn-for-Italy
+ [21795] localedata: Add/Fix country_isbn for France
+ [21796] localedata: Added country_isbn for Republic of Korea
+ [21797] localedata: Fix inconsistency in country_isbn and missing prefixes
+ [21799] localedata: Added int_select international_call_prefixes
+ [21801] localedata: Added int_select international_call_prefixes
+ [21804] nptl: Double semicolon in thread-shared-types.h
+ [21807] localedata: LC_ADDRESS fix for pap_CW
+ [21808] localedata: Fix LC_ADDRESS for pap_AW
+ [21821] localedata: Added country_name in mai_IN
+ [21822] localedata: Fix LC_TIME for mai_IN
+ [21823] localedata: missing yesstr, nostr for sa_IN
+ [21825] localedata: Fix name_mrs for mag_IN
+ [21828] localedata: 2.26 changelog should mention user visible changes
+ with unicode 9.0
+ [21835] localedata: Added Maithili language locale for Nepal
+ [21838] localedata: Removed redundant data for the_NP
+ [21839] localedata: Fix LC_MONETARY for ta_LK
+ [21844] localedata: Fix Latin characters and Months Sequence.
+ [21848] localedata: Fix mai_NP Title Name
\f
Version 2.25
1110, 1111, 1112, 1113, 1125, 1137, 1138, 1249, 1250, 1251, 1252,
1253, 1254, 1350, 1358, 1394, 1438, 1498, 1534
- Visit <http://sources.redhat.com/bugzilla/> for the details of each bug.
+ Visit <https://sourceware.org/bugzilla/> for the details of each bug.
* As of this release, GCC 4 can be used to compile the C Library.
737, 738, 739, 740, 741, 742, 743, 744, 745, 765, 767, 768, 769, 776,
777, 787, 821, 822, 823, 825
- Visit <http://sources.redhat.com/bugzilla/> for the details of each bug.
+ Visit <https://sourceware.org/bugzilla/> for the details of each bug.
\f
Version 2.3.4
----------------------------------------------------------------------
Copyright information:
-Copyright (C) 1992-2017 Free Software Foundation, Inc.
+Copyright (C) 1992-2019 Free Software Foundation, Inc.
Permission is granted to anyone to make or distribute verbatim copies
of this document as received, in any medium, provided that the