Please send GNU C library bug reports via <https://sourceware.org/bugzilla/>
using `glibc' in the "product" field.
+\f
+Version 2.30
+
+Major new features:
+
+* Unicode 12.1.0 Support: Character encoding, character type info, and
+ transliteration tables are all updated to Unicode 12.1.0, using
+ generator scripts contributed by Mike FABIAN (Red Hat).
+
+* The dynamic linker accepts the --preload argument to preload shared
+ objects, in addition to the LD_PRELOAD environment variable.
+
+* The twalk_r function has been added. It is similar to the existing
+ twalk function, but it passes an additional caller-supplied argument
+ to the callback function.
+
+* On Linux, the gettid and tgkill functions have been added.
+
+* Minguo (Republic of China) calendar support has been added as an
+ alternative calendar for the following locales: zh_TW, cmn_TW, hak_TW,
+ nan_TW, lzh_TW.
+
+* The entry for the new Japanese era has been added for ja_JP locale.
+
+* Memory allocation functions malloc, calloc, realloc, reallocarray, valloc,
+ pvalloc, memalign, and posix_memalign fail now with total object size
+ larger than PTRDIFF_MAX. This is to avoid potential undefined behavior with
+ pointer subtraction within the allocated object, where results might
+ overflow the ptrdiff_t type.
+
+Deprecated and removed features, and other changes affecting compatibility:
+
+* The functions clock_gettime, clock_getres, clock_settime,
+ clock_getcpuclockid, clock_nanosleep were removed from the librt library
+ for new applications (on architectures which had them). Instead, the
+ definitions in libc will be used automatically, which have been available
+ since glibc 2.17.
+
+* The obsolete and never-implemented XSI STREAMS header files <stropts.h>
+ and <sys/stropts.h> have been removed.
+
+* Support for the "inet6" option in /etc/resolv.conf and the RES_USE_INET6
+ resolver flag (deprecated in glibc 2.25) have been removed.
+
+* The obsolete RES_INSECURE1 and RES_INSECURE2 option flags for the DNS stub
+ resolver have been removed from <resolv.h>.
+
+* With --enable-bind-now, installed programs are now linked with the
+ BIND_NOW flag.
+
+Changes to build and runtime requirements:
+
+* GCC 6.2 or later is required to build the GNU C Library.
+
+ Older GCC versions and non-GNU compilers are still supported when
+ compiling programs that use the GNU C Library.
+
+Security related changes:
+
+ CVE-2019-7309: x86-64 memcmp used signed Jcc instructions to check
+ size. For x86-64, memcmp on an object size larger than SSIZE_MAX
+ has undefined behavior. On x32, the size_t argument may be passed
+ in the lower 32 bits of the 64-bit RDX register with non-zero upper
+ 32 bits. When it happened with the sign bit of RDX register set,
+ memcmp gave the wrong result since it treated the size argument as
+ zero. Reported by H.J. Lu.
+
+ CVE-2019-9169: Attempted case-insensitive regular-expression match
+ via proceed_next_node in posix/regexec.c leads to heap-based buffer
+ over-read. Reported by Hongxu Chen.
+
+The following bugs are resolved with this release:
+
+ [The release manager will add the list generated by
+ scripts/list-fixed-bugs.py just before the release.]
+
\f
Version 2.29
- C-SKY ABIV2 soft-float little-endian
- C-SKY ABIV2 hard-float little-endian
+* strftime's default formatting of a locale's alternative year (%Ey)
+ has been changed to zero-pad the year to a minimum of two digits,
+ like "%y". This improves the display of Japanese era years during
+ the first nine years of a new era, and is expected to be harmless
+ for all other locales (only Japanese locales regularly have
+ alternative year numbers less than 10). Zero-padding can be
+ overridden with the '_' or '-' flags (which are GNU extensions).
+
+* As a GNU extension, the '_' and '-' flags can now be applied to
+ "%EY" to control how the year number is formatted; they have the
+ same effect that they would on "%Ey".
+
Deprecated and removed features, and other changes affecting compatibility:
* The glibc.tune tunable namespace has been renamed to glibc.cpu and the
used by the Linux kernel. This affects the size and layout of those
structures.
+* An archaic GNU extension to scanf, under which '%as', '%aS', and '%a[...]'
+ meant to scan a string and allocate space for it with malloc, is now
+ restricted to programs compiled in C89 or C++98 mode with _GNU_SOURCE
+ defined. This extension conflicts with C99's use of '%a' to scan a
+ hexadecimal floating-point number, which is now available to programs
+ compiled as C99 or C++11 or higher, regardless of _GNU_SOURCE.
+
+ POSIX.1-2008 includes the feature of allocating a buffer for string input
+ with malloc, using the modifier letter 'm' instead. Programs using
+ '%as', '%aS', or '%a[...]' with the old GNU meaning should change to
+ '%ms', '%mS', or '%m[...]' respectively. Programs that wish to use the
+ C99 '%a' no longer need to avoid _GNU_SOURCE.
+
+ GCC's -Wformat warnings can detect most uses of this extension, as long
+ as all functions that call vscanf, vfscanf, or vsscanf are annotated with
+ __attribute__ ((format (scanf, ...))).
+
Changes to build and runtime requirements:
* Python 3.4 or later is required to build the GNU C Library.
denial of service due to resource exhaustion when processing getaddrinfo
calls with crafted host names. Reported by Guido Vranken.
+ CVE-2019-6488: On x32, the size_t parameter may be passed in the lower
+ 32 bits of a 64-bit register with with non-zero upper 32 bit. When it
+ happened, accessing the 32-bit size_t value as the full 64-bit register
+ in the assembly string/memory functions would cause a buffer overflow.
+ Reported by H.J. Lu.
+
+ CVE-2016-10739: The getaddrinfo function could successfully parse IPv4
+ addresses with arbitrary trailing characters, potentially leading to data
+ or command injection issues in applications.
+
The following bugs are resolved with this release:
- [The release manager will add the list generated by
- scripts/list-fixed-bugs.py just before the release.]
+ [10425] localedata: it_IT/it_CH: LC_TIME format is wrong
+ [10496] localedata: 12h time representation in multiple locales faulty
+ [10797] localedata: it_IT locale numeric does not have a separator for
+ thousands
+ [11319] libc: dprintf doesn't handle errors properly
+ [16346] time: mktime: potentially unsafe use of localtime_offset
+ [17248] build: glibc should not sort CFLAGS (support gcc plugins and
+ --param options)
+ [17405] libc: Implement posix_spawn_file_actions_addchdir_np,
+ posix_spawn_file_actions_addfchdir_np
+ [17426] localedata: Indian locales: set the correct date format
+ [17490] stdio: popen should not invoke atfork handlers
+ [17783] libc: TIOCSER_TEMT conditions inconsistent
+ [18040] regex: use-after-free in regexec/get_subexp
+ [18093] libc: Corrupted aux-cache causes ldconfig to segfault
+ [20018] network: getaddrinfo should reject IP addresses with trailing
+ characters (CVE-2016-10739)
+ [20209] localedata: Spelling mistake for Sunday in Greenlandic kl_GL
+ [20271] libc: Missing "\n" in __libc_fatal calls
+ [20480] dynamic-link: Patch: ifunc not executable, crashes sudo qemu
+ [20544] libc: RFE: atexit, __cxa_atexit, on_exit should assert function
+ pointer argument is non-NULL
+ [21037] stdio: open_memstream and freopen
+ [21286] libc: bits/siginfo.h is missing enum definition for TRAP_HWBKPT
+ [21716] time: Crash in glibc's mktime in low-memory situations
+ [22834] stdio: Subprocess forked by popen may crash in Linux when
+ multithreads call popen
+ [22927] network: crash in vn_gai_enqueue_request if requests_tail was NULL
+ and pthread_create fails.
+ [23032] hurd: sysdeps/htl/pt-barrier-init.c:39: bad call to memcmp ?
+ [23125] libc: riscv64: endless loop when throwing an exception from a
+ constructor
+ [23275] nptl: Race in pthread_mutex_lock while promoting to
+ PTHREAD_MUTEX_ELISION_NP.
+ [23400] libc: stdlib/test-bz22786.c creates temporary files in glibc
+ source tree
+ [23479] math: [mips] bits/fenv.h should not define some macros for soft-
+ float
+ [23490] libc: sysdeps/unix/sysv/linux/x86/tst-cet-property-2.c:49: off by
+ one error
+ [23497] libc: readdir64@GLIBC_2.1 cannot parse the kernel directory stream
+ [23509] dynamic-link: CET enabled glibc is incompatible with the older
+ linker
+ [23520] nscd: nscd: Use-after-free in addgetnetgrentX and its callers
+ [23521] nss: get_next_alias nss_files file stream leak
+ [23538] nptl: Hang in pthread_cond_broadcast
+ [23562] libc: Wrong type for si_band in Linux-specific siginfo_t
+ [23578] regex: Invalid memory access if regex pattern contains NUL byte
+ [23579] libc: Errors misreported in preadv2
+ [23597] build: support/test-container.c doesn't work with different
+ filesystems
+ [23603] time: mktime signed integer overflow on large timestamps
+ [23606] libc: Missing ENDBR32 in sysdeps/i386/start.S
+ [23614] libc: powerpc: missing CFI register information in __mpn_*
+ functions
+ [23637] string: Generic strstr/strcasestr fails with huge needles
+ [23640] libc: no way to easily clear FD_CLOEXEC in
+ posix_spawn_file_actions_adddup2()
+ [23649] libc: [microblaze/mips/nios2/riscv] sys/procfs.h pr_uid, pr_gid
+ have wrong type
+ [23656] libc: [mips n32] sys/procfs.h pr_sigpend, pr_sighold, pr_flag have
+ wrong type
+ [23679] libc: gethostid: Missing NULL check for gethostbyname_r result
+ [23689] libc: Bug in documentation for rusage.ru_ixrss in
+ bits/types/struct_rusage.h
+ [23690] dynamic-link: Segfault in _dl_profile_fixup with a high number of
+ threads
+ [23707] dynamic-link: Missing unwind info in sysdeps/powerpc/powerpc32/dl-
+ start.S
+ [23709] string: glibc 2.25 lacks sse2 optimized strstr()
+ [23716] dynamic-link: _dl_runtime_resolve_shstk isn't selected properly
+ [23717] libc: glibc: stdlib/tst-setcontext9 test suite failure on
+ powerpc64le
+ [23724] localedata: Albanian date formats are incorrect
+ [23735] math: libnldbl_nonshared.a references internal libm symbols
+ [23740] localedata: kl_GL: Month names and date formats need update
+ [23744] regex: regex refactorings to remove BE, avoid duplication
+ [23745] time: mktime fix for Gnulib + coreutils
+ [23758] time: Improve the width of alternate representation for year in
+ strftime
+ [23783] libc: [mips] Missing CMSPAR bits/termios.h
+ [23789] time: mktime does not set errno on failure
+ [23791] localedata: Wrong monetary format for ca_ES locale
+ [23793] locale: c32rtomb and mbrtoc32 should not alias wcrtomb and mbrtowc
+ [23794] locale: c16rtomb does not handle surrogate pairs
+ [23821] libc: si_band in siginfo_t has wrong type long int on sparc64
+ [23822] math: ia64 static libm.a is missing exp2f, log2f and powf symbols
+ [23836] time: time/tst-mktime2 test failure on Arm (32-bit)
+ [23848] libc: [sparc] Some socket syscalls wrongly assumed to be present
+ [23861] nptl: rdlock stalls indefinitely on an unlocked pthread rwlock
+ [23862] libc: [sh] missing kernel-features.h undefines
+ [23864] libc: [riscv] missing kernel-features.h undefines
+ [23867] libc: [arm/microblaze] __ASSUME_MLOCK2 incorrect
+ [23907] malloc: Incorrect double-free malloc tcache check disregards
+ tcache size
+ [23913] libc: off-by-one in function maybe_script_execute in
+ sysdeps/posix/spawni.c
+ [23915] libc: [arm] __ASSUME_COPY_FILE_RANGE incorrect
+ [23923] locale: Add --no-hard-links option to localedef
+ [23927] network: Linux if_nametoindex() does not close descriptor
+ (CVE-2018-19591)
+ [23961] math: powf can overflow to inf without setting errno in non-
+ nearest rounding mode
+ [23967] libc: [2.28 Regression]: New sigaction implementation breaks m68k
+ [23972] libc: __old_getdents64 uses wrong d_off value on overflow
+ [23993] libc: glibc 2.29 doesn't build with gcc 4.9
+ [23995] localedata: Remove execution flags from localedata/locales/bi_VU
+ [24011] localedata: Fixed small type in comment for locale bs_BA
+ [24018] libc: gettext() may return NULL
+ [24022] build: riscv build failure with Linux kernel 4.20-rc7
+ [24023] build: [2.29 Regression] FAIL: elf/check-localplt
+ [24024] string: strerror() might set errno to ENOMEM due to -fno-math-
+ error
+ [24027] malloc: glibc: realloc() ncopies 32-bit integer overflow
+ [24034] libc: tst-cancel21-static fails with SIGBUS on pre-ARMv7 when
+ using GCC 8
+ [24046] localedata: en_US locale doesn't define date_fmt
+ [24063] manual: @var{errno} should be @code{errno}
+ [24066] soft-fp: Inconsistent _FP_W_TYPE_SIZE check
+ [24088] libc: VSCR field is not being correctly read in ucontext_t on
+ ppc64le
+ [24096] time: Specifying '_' or '-' flag for "%EY" does not produce the
+ expected result
+ [24097] string: Can't use 64-bit register for size_t in assembly codes for
+ x32 (CVE-2019-6488)
+ [24110] hurd: SS_DISABLE never set in stack_t value returned by
+ sigaltstack
+ [24112] network: Do not send DNS queries for non-host names (where all
+ answers will be rejected)
+ [24130] libc: alpha __remqu corrupts $f3 register
\f
Version 2.28
projects / thirdparty / glibc.git / blobdiff