From 2e2c08aa4d1bc073511b023805592c52f556ca7b Mon Sep 17 00:00:00 2001 From: Carlos O'Donell Date: Sat, 31 Jul 2021 23:39:07 -0400 Subject: [PATCH] Update NEWS. Suggestions by Florian Weimer, Andreas Schwab, and Alexander Monakov. See: https://sourceware.org/pipermail/libc-alpha/2021-July/129356.html https://sourceware.org/pipermail/libc-alpha/2021-July/129357.html https://sourceware.org/pipermail/libc-alpha/2021-July/129361.html --- NEWS | 176 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 172 insertions(+), 4 deletions(-) diff --git a/NEWS b/NEWS index ee391c92715..3c610744c97 100644 --- a/NEWS +++ b/NEWS @@ -9,14 +9,32 @@ Version 2.34 Major new features: +* In order to support smoother in-place-upgrades and to simplify + the implementation of the runtime all functionality formerly + implemented in the libraries libpthread, libdl, libutil, libanl has + been integrated into libc. New applications do not need to link with + -lpthread, -ldl, -lutil, -lanl anymore. For backwards compatibility, + empty static archives libpthread.a, libdl.a, libutil.a, libanl.a are + provided, so that the linker options keep working. Applications which + have been linked against glibc 2.33 or earlier continue to load the + corresponding shared objects (which are now empty). The integration + of those libraries into libc means that additional symbols become + available by default. This can cause applications that contain weak + references to take unexpected code paths that would only have been + used in previous glibc versions when e.g. preloading libpthread.so.0, + potentially exposing application bugs. + * When _DYNAMIC_STACK_SIZE_SOURCE or _GNU_SOURCE are defined, PTHREAD_STACK_MIN is no longer constant and is redefined to - sysconf(_SC_THREAD_STACK_MIN). + sysconf(_SC_THREAD_STACK_MIN). This supports dynamic sized register + sets for modern architectural features like Arm SVE. * Add _SC_MINSIGSTKSZ and _SC_SIGSTKSZ. When _DYNAMIC_STACK_SIZE_SOURCE or _GNU_SOURCE are defined, MINSIGSTKSZ and SIGSTKSZ are no longer constant on Linux. MINSIGSTKSZ is redefined to sysconf(_SC_MINSIGSTKSZ) - and SIGSTKSZ is redefined to sysconf (_SC_SIGSTKSZ). + and SIGSTKSZ is redefined to sysconf (_SC_SIGSTKSZ). This supports + dynamic sized register sets for modern architectural features like + Arm SVE. * The dynamic linker implements the --list-diagnostics option, printing a dump of information related to IFUNC resolver operation and @@ -108,6 +126,15 @@ Deprecated and removed features, and other changes affecting compatibility: ns_format_ttl, ns_makecanon, ns_parse_ttl, ns_samedomain, ns_samename, ns_sprintrr, ns_sprintrrf, ns_subdomain have been deprecated. +* Various symbols previously defined in libresolv have been moved to libc + in order to prepare for libresolv moving entirely into libc (see earlier + entry for merging libraries into libc). The symbols __dn_comp, + __dn_expand, __dn_skipname, __res_dnok, __res_hnok, __res_mailok, + __res_mkquery, __res_nmkquery, __res_nquery, __res_nquerydomain, + __res_nsearch, __res_nsend, __res_ownok, __res_query, __res_querydomain, + __res_search, __res_send formerly in libresolv have been renamed and no + longer have a __ prefix. They are now available in libc. + * The pthread cancellation handler is now installed with SA_RESTART and pthread_cancel will always send the internal SIGCANCEL on a cancellation request. It should not be visible to applications since the cancellation @@ -172,10 +199,151 @@ Security related changes: issue when using a notification type of SIGEV_THREAD and a thread attribute with a non-default affinity mask. + CVE-2021-35942: The wordexp function may overflow the positional + parameter number when processing the expansion resulting in a crash. + Reported by Philippe Antoine. + The following bugs are resolved with this release: - [The release manager will add the list generated by - scripts/list-fixed-bugs.py just before the release.] + [4737] libc: fork is not async-signal-safe + [5781] math: Slow dbl-64 sin/cos/sincos for special values + [10353] libc: Methods for deleting all file descriptors greater than + given integer (closefrom) + [14185] glob: fnmatch() fails when '*' wildcard is applied on the file + name containing multi-byte character(s) + [14469] math: Inaccurate j0f function + [14470] math: Inaccurate j1f function + [14471] math: Inaccurate y0f function + [14472] math: Inaccurate y1f function + [14744] nptl: kill -32 $pid or kill -33 $pid on a process cancels a + random thread + [15271] dynamic-link: dlmopen()ed shared library with LM_ID_NEWLM + crashes if it fails dlsym() twice + [15648] nptl: multiple definition of `__lll_lock_wait_private' + [16063] nptl: Provide a pthread_once variant in libc directly + [17144] libc: syslog is not thread-safe if NO_SIGPIPE is not defined + [17145] libc: syslog with LOG_CONS leaks console file descriptor + [17183] manual: description of ENTRY struct in in glibc + manual is incorrect + [18435] nptl: pthread_once hangs when init routine throws an exception + [18524] nptl: Missing calloc error checking in + __cxa_thread_atexit_impl + [19329] dynamic-link: dl-tls.c assert failure at concurrent + pthread_create and dlopen + [19366] nptl: returning from a thread should disable cancellation + [19511] nptl: 8MB memory leak in pthread_create in case of failure + when non-root user changes priority + [20802] dynamic-link: getauxval NULL pointer dereference after static + dlopen + [20813] nptl: pthread_exit is inconsistent between libc and libpthread + [22057] malloc: malloc_usable_size is broken with mcheck + [22668] locale: LC_COLLATE: the last character of ellipsis is not + ordered correctly + [23323] libc: [RFE] CSU startup hardening. + [23328] malloc: Remove malloc hooks and ensure related APIs return no + data. + [23462] dynamic-link: Static binary with dynamic string tokens ($LIB, + $PLATFORM, $ORIGIN) crashes + [23489] libc: "gcc -lmcheck" aborts on free when using posix_memalign + [23554] nptl: pthread_getattr_np reports wrong stack size with + MULTI_PAGE_ALIASING + [24106] libc: Bash interpreter in ldd script is taken from host + [24773] dynamic-link: dlerror in an secondary namespace does not use + the right free implementation + [25036] localedata: Update collation order for Swedish + [25383] libc: where_is_shmfs/__shm_directory/SHM_GET_NAME may cause + shm_open to pick wrong directory + [25680] dynamic-link: ifuncmain9picstatic and ifuncmain9picstatic + crash in IFUNC resolver due to stack canary (--enable-stack- + protector=all) + [26874] build: -Warray-bounds in _IO_wdefault_doallocate + [26983] math: [x86_64] x86_64 tgamma has too large ULP error + [27111] dynamic-link: pthread_create and tls access use link_map + objects that may be concurrently freed by dlclose + [27132] malloc: memusagestat is linked to system librt, leading to + undefined symbols on major version upgrade + [27136] dynamic-link: dtv setup at thread creation may leave an entry + uninitialized + [27249] libc: libSegFault.so does not output signal number properly + [27304] nptl: pthread_cond_destroy does not pass private flag to futex + system calls + [27318] dynamic-link: glibc fails to load binaries when built with + -march=sandybridge: CPU ISA level is lower than required + [27343] nss: initgroups() SIGSEGVs when called on a system without + nsswich.conf (in a chroot) + [27346] dynamic-link: x86: PTWRITE feature check is missing + [27389] network: NSS chroot hardening causes regressions in chroot + deployments + [27403] dynamic-link: aarch64: tlsdesc htab is not freed on dlclose + [27444] libc: sysconf reports unsupported option (-1) for + _SC_LEVEL1_ICACHE_LINESIZE on X86 since v2.33 + [27462] nscd: double-free in nscd (CVE-2021-27645) + [27468] malloc: aarch64: realloc crash with heap tagging: FAIL: + malloc/tst-malloc-thread-fail + [27498] dynamic-link: __dl_iterate_phdr lacks unwinding information + [27511] libc: S390 memmove assumes Vector Facility when MIE Facility 3 + is present + [27522] glob: glob, glob64 incorrectly marked as __THROW + [27555] dynamic-link: Static tests fail with --enable-stack- + protector=all + [27559] libc: fstat(AT_FDCWD) succeeds (it shouldn't) and returns + information for the current directory + [27577] dynamic-link: elf/ld.so --help doesn't work + [27605] libc: tunables can't control xsave/xsavec selection in + dl_runtime_resolve_* + [27623] libc: powerpc: Missing registers in sc[v] clobbers list + [27645] libc: [linux] sysconf(_SC_NPROCESSOR...) breaks down on + containers + [27646] dynamic-link: Linker error for non-existing NSS symbols (e.g. + _nss_files_getcanonname_r) from within a dlmopen namespace. + [27648] libc: FAIL: misc/tst-select + [27650] stdio: vfscanf returns too early if a match is longer than + INT_MAX + [27651] libc: Performance regression after updating to 2.33 + [27655] string: Wrong size calculation in string/test-strnlen.c + [27706] libc: select fails to update timeout on error + [27709] libc: arm: FAIL: debug/tst-longjmp_chk2 + [27721] dynamic-link: x86: ld_audit ignores bind now for TLSDESC and + tries resolving them lazily + [27744] nptl: Support different libpthread/ld.so load orders in + libthread_db + [27749] libc: Data race __run_exit_handlers + [27761] libc: getconf: Segmentation fault when passing '-vq' as + argument + [27832] nss: makedb.c:797:7: error: 'writev' specified size 4294967295 + exceeds maximum object size 2147483647 + [27870] malloc: MALLOC_CHECK_ causes realloc(valid_ptr, TOO_LARGE) to + not set ENOMEM + [27872] build: Obsolete configure option --enable-stackguard- + randomization + [27873] build: tst-cpu-features-cpuinfo fail when building on AMD cpu + [27882] localedata: Use U+00AF MACRON in more EBCDIC charsets + [27892] libc: powerpc: scv ABI error handling fails to check + IS_ERR_VALUE + [27896] nptl: mq_notify does not handle separately allocated thread + attributes (CVE-2021-33574) + [27901] libc: TEST_STACK_ALIGN doesn't work + [27902] libc: The x86-64 clone wrapper fails to align child stack + [27914] nptl: Install SIGSETXID handler with SA_ONSTACK + [27939] libc: aarch64: clone does not align the stack + [27968] libc: s390x: clone does not align the stack + [28011] libc: Wild read in wordexp (parse_param) (CVE-2021-35942) + [28024] string: s390(31bit): Wrong result of memchr (MEMCHR_Z900_G5) + with n >= 0x80000000 + [28028] malloc: malloc: tcache shutdown sequence does not work if the + thread never allocated anything + [28033] libc: Need to check RTM_ALWAYS_ABORT for RTM + [28064] string: x86_64:wcslen implementation list has wcsnlen + [28067] libc: FAIL: posix/tst-spawn5 + [28068] malloc: FAIL: malloc/tst-mallocalign1-mcheck + [28071] time: clock_gettime, gettimeofday, time lost vDSO acceleration + on older kernels + [28075] nis: Out-of-bounds static buffer read in nis_local_domain + [28089] build: tst-tls20 fails when linker defaults to --as-needed + [28090] build: elf/tst-cpu-features-cpuinfo-static fails on certain + AMD64 cpus + [28091] network: ns_name_skip may return 0 for domain names without + terminator Version 2.33 -- 2.47.3