Please send GNU C library bug reports via <https://sourceware.org/bugzilla/>
using `glibc' in the "product" field.
+\f
+Version 2.36
+
+Major new features:
+
+* Support for DT_RELR relative relocation format has been added to
+ glibc. This is a new ELF dynamic tag that improves the size of
+ relative relocations in shared object files and position independent
+ executables (PIE). DT_RELR generation requires linker support for
+ -z pack-relative-relocs option, which is supported for some targets
+ in recent binutils versions. Lazy binding doesn't apply to DT_RELR.
+
+Deprecated and removed features, and other changes affecting compatibility:
+
+* Support for prelink will be removed in the next release; this includes
+ removal of the LD_TRACE_PRELINKING, and LD_USE_LOAD_BIAS, environment
+ variables and their functionality in the dynamic loader.
+
+Changes to build and runtime requirements:
+
+ [Add changes to build and runtime requirements here]
+
+Security related changes:
+
+ [Add security related changes here]
+
+The following bugs are resolved with this release:
+
+ [The release manager will add the list generated by
+ scripts/list-fixed-bugs.py just before the release.]
+
\f
Version 2.35
* On Linux, the epoll_pwait2 function has been added. It is similar to
epoll_wait with the difference the timeout has nanoseconds resolution.
-* The functions posix_spawnattr_tcsetpgrp_np and posix_spawnattr_tcgetpgrp_np
- have been added, enabling posix_spawn and posix_spawnp to set the
- controlling terminal in the new process in a race free manner. These
- functions are GNU extensions.
+* The function posix_spawn_file_actions_addtcsetpgrp_np has been added,
+ enabling posix_spawn and posix_spawnp to set the controlling terminal in
+ the new process in a race free manner. This function is a GNU extension.
+
+* Source fortification (_FORTIFY_SOURCE) level 3 is now available for
+ applications compiling with glibc and gcc 12 and later. Level 3 leverages
+ the __builtin_dynamic_object_size function to deliver additional
+ fortification balanced against additional runtime cost (checking non-constant
+ bounds).
+
+* The audit libraries will avoid unnecessary slowdown if it is not required
+ PLT tracking (by not implementing the la_pltenter or la_pltexit callbacks).
Deprecated and removed features, and other changes affecting compatibility:
removal of the LD_TRACE_PRELINKING, and LD_USE_LOAD_BIAS, environment
variables and their functionality in the dynamic loader.
+* The LD_TRACE_PRELINKING environment variable has been removed. Similar
+ functionality to obtain the program mapping address can be achieved by
+ using LD_TRACE_LOADED_OBJECTS to value of 2.
+
+* The LD_USE_LOAD_BIAS has been removed. The variable was mainly used to
+ support prelink PIE binaries.
+
Changes to build and runtime requirements:
- [Add changes to build and runtime requirements here]
+* The audit module interface version LAV_CURRENT is increased to enable
+ proper bind-now support. The loader now advertises via the la_symbind
+ flags that PLT trace is not possible. New audit modules require the
+ new dynamic loader supporing the latest LAV_CURRENT version. Old audit
+ modules are still loaded for all targets except aarch64.
+
+* The audit interface on aarch64 is extended to support both the indirect
+ result location register (x8) and NEON Q register. Old audit modules are
+ rejected by the loader. Audit modules must be rebuilt to use the newer
+ structure sizes and the latest module interface version for LAV_CURRENT.
Security related changes:
The following bugs are resolved with this release:
- [The release manager will add the list generated by
- scripts/list-fixed-bugs.py just before the release.]
+ [12889] nptl: Race condition in pthread_kill
+ [14232] nptl: tst-cancel7 and tst-cancelx7 race condition
+ [14913] libc: [mips] Clean up MIPS 64-bit register-dump.h output
+ [15310] dynamic-link: _dl_sort_fini is O(n^3) causing slow exit when
+ many dsos
+ [15333] libc: Use 64-bit stat functions in installed programs
+ [15533] dynamic-link: LD_AUDIT introduces an avoidable performance
+ degradation
+ [15971] dynamic-link: No interface for debugger access to libraries
+ loaded with dlmopen
+ [17318] locale: [RFE] Provide a C.UTF-8 locale by default
+ [17645] dynamic-link: RFE: Improve performance of dynamic loader for
+ deeply nested DSO dependencies.
+ [19193] nptl: pthread_kill, pthread_cancel return ESRCH for a thread
+ ID whose lifetime has not ended
+ [22542] network: buffer overflow in sunrpc clnt_create
+ (CVE-2022-23219)
+ [22716] malloc: [PATCH] mtrace.pl: use TRACE_PRELINKING instead of
+ TRACE_LOADED_OBJECTS
+ [25947] malloc: memory leak in muntrace
+ [26045] math: fmaxf(inf, nan) does not always work
+ [26108] math: exp10() has problems with <tgmath.h>
+ [26779] build: benign use after realloc at localealias.c:329
+ [27609] dynamic-link: [2.32/2.33/2.34 Regression] In elf/dl-open.c
+ (_dl_open) we might use __LM_ID_CALLER to index GL(dl_ns)[]
+ [27945] build: build-many-glibcs.py doesn't configure GCC with
+ --enable-initfini-array
+ [27991] build: x86: sysdeps/x86/configure.ac breaks when
+ libc_cv_include_x86_isa_level is loaded from cache
+ [28036] nptl: Incorrect types for pthread_mutexattr_set/getrobust_np
+ in __REDIRECT_NTH macro
+ [28061] dynamic-link: A failing dlmopen called by an auditor crashed
+ [28062] dynamic-link: Suppress audit calls when a (new) namespace is
+ empty
+ [28126] libc: nftw aborts for paths longer than PATH_MAX
+ [28129] dynamic-link: Unnecessary check DT_DEBUG in ld.so
+ [28153] libc: [test] gmon/tst-gmon-gprof* may have a f3 line when
+ built with ld.lld
+ [28182] libc: _TIME_BITS=64 in C++ has issues with fcntl, ioctl, prctl
+ [28185] math: Inaccurate j0f function (again)
+ [28199] locale: iconvconfig prefix flag behaves differently in glibc
+ 2.34
+ [28203] dynamic-link: aarch64: elf_machine_{load_address,dynamic}
+ should drop _GLOBAL_OFFSET_TABLE_[0] in favor of __ehdr_start for
+ robustness
+ [28213] librt: NULL pointer dereference in mq_notify (CVE-2021-38604)
+ [28223] libc: mips: clone does not align stack
+ [28253] dynamic-link: Missing colon in LD_SHOW_AUXV output after
+ AT_MINSIGSTKSZ
+ [28256] malloc: Conditional jump or move depends on uninitialised
+ value(s) in __GI___tunables_init
+ [28260] build: io/tst-closefrom, misc/tst-close_range, posix/tst-
+ spawn5 fail if stray fds are open
+ [28310] libc: Do not use affinity mask for sysconf
+ (_SC_NPROCESSORS_CONF)
+ [28338] time: undefined behavior in __tzfile_compute with oddball TZif
+ file
+ [28340] dynamic-link: ld.so crashes while loading a DSO with a read-
+ only dynamic section
+ [28349] libc: Segfault for ping -R on qemux86 caused by recvmsg()
+ [28350] libc: ping receives SIGABRT on lib32-qemux86-64 caused by
+ recvmsg()
+ [28353] network: Race condition on __opensock
+ [28357] dynamic-link: deadlock between pthread_create and ctors
+ [28358] math: f64xdivf128 and f64xmulf128 spurious underflows
+ [28361] nptl: Fix for bug 12889 causes setxid deadlock
+ [28368] build: -Waddress instances in stdio-common/vfprintf-internal.c
+ [28390] localedata: Update locale data to Unicode 14.0.0
+ [28397] math: tgmath.h should not define fmaxmag, fminmag macros for
+ C2X
+ [28400] libc: [2.35 Regression] string/test-strncasecmp: cannot set
+ locale "en_US.UTF-8"
+ [28407] nptl: pthread_kill assumes that kill (getpid ()) is equivalent
+ to tgkill (getpid (), gettid())
+ [28455] dynamic-link: -Wl,--enable-new-dtags doesn't work
+ [28457] dynamic-link: Missing reldepmod4.so dependency for
+ globalmod1.so
+ [28469] time: linux: struct timex is not correctly set for 32-bit
+ systems with TIMESIZE=64
+ [28470] regex: Buffer read overrun in regular expression searching
+ [28475] string: Incorrect access attribute on memfrob
+ [28524] libc: Conversion from ISO-2022-JP-3 with iconv may emit
+ spurious NUL character on state reset
+ [28532] libc: powerpc64[le]: CFI for assembly templated syscalls is
+ incorrect
+ [28550] dynamic-link: FAIL: tst-dso-
+ ordering9_112-ecbda(GLIBC_TUNABLES=glibc.rtld.dynamic_sort=1)
+ execution test
+ [28554] build: Undefined generate-md5
+ [28572] libc: Misaligned accesses in test-memcpy and test-mempcpy on
+ hppa
+ [28607] nptl: Masked signals are delivered on thread exit
+ [28624] libc: openjdk 8/9 assume uni processor and gets stuck due to
+ lack of cpu counting /proc fallback with glibc 2.34
+ [28646] string: [2.35 Regression] mock -r fedora-36-x86_64
+ /tmp/java-1.8.0-openjdk-1.8.0.312.b07-2.fc36.src.rpm& fails to build
+ [28648] dynamic-link: Running ld.so on statically linked binaries
+ crashes
+ [28656] dynamic-link: LD_PREFER_MAP_32BIT_EXEC no longer works due to
+ binutils changes
+ [28676] dynamic-link: p_align on PT_LOAD segment in DSO isn't honored
+ [28678] nptl: nptl/tst-create1 hangs sporadically
+ [28688] dynamic-link: PT_LOAD p_align check is too strict
+ [28700] nss: "dns [!UNAVAIL=return] files" default for hosts database
+ is not useful
+ [28707] time: assert in tzfile.c __tzfile_read striking with truncated
+ timezones generated by tzcode-2021d and later
+ [28713] math: GCC 12 miscompiles libm
+ [28732] dynamic-link: FAIL: elf/tst-dl_find_object
+ [28738] build: LIBC_LINKER_FEATURE doesn't work on linker -z option
+ [28745] dynamic-link: _dl_find_object miscompilation on powerpc64le
+ [28746] libc: _FORTIFY_SOURCE does not work for stpcpy
+ [28749] libc: Inconsistency detected by ld.so: rtld.c: 1632: dl_main:
+ Assertion `GL(dl_rtld_map).l_libname' failed!
+ [28755] string: overflow bug in wcsncmp_avx2 and wcsncmp_evex
+ [28757] nptl: GDB printer tests failed with new GDB
+ [28765] math: x86_64 libmvec atan2 accuracy
+ [28766] manual: Document libmvec accuracy
+ [28768] network: Buffer overflow in svcunix_create with long pathnames
+ (CVE-2022-23218)
+ [28769] libc: Off-by-one buffer overflow/underflow in getcwd()
+ (CVE-2021-3999)
+ [28770] libc: Unexpected return value from realpath() for too long
+ results (CVE-2021-3998)
+ [28771] libc: %ebx optimization macros are incompatible with .altmacro
+ in Systemtap probes
+ [28780] build: --disable-default-pie doesn't work on static programs
+ [28782] libc: x86-64 ISA level for glibc itself is always
+ x86-64-baseline
+ [28792] glob: possible wrong behaviour with patterns with double [
+ with no closing ]
+ [28837] libc: FAIL: socket/tst-socket-timestamp-compat
+ [28847] locale: Empty mon_decimal_point in LC_MONETARY results in non-
+ empty mon_decimal_point_wc
\f
Version 2.34
execute programs that do not have any dynamic dependency (that is,
they are statically linked). This feature is Linux-specific.
-* The audit libraries will avoid unnecessary slowdown if it is not required
- PLT tracking (by not implementing the la_pltenter or la_pltexit callbacks).
-
Deprecated and removed features, and other changes affecting compatibility:
* The function pthread_mutex_consistent_np has been deprecated; programs