NEWS: add the list of bugs fixed in 2.27

2 files changed, 316 insertions, 2 deletions

diff --git a/ChangeLog b/ChangeLog
index 713af78d1d..92a25a5640 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2018-02-01  Dmitry V. Levin  <ldv@altlinux.org>
+
+	* NEWS: Add the list of bugs fixed in 2.27.
+
 2018-02-01  Adhemerval Zanella  <adhemerval.zanella@linaro.org>
 
 	* stdlib/test-atexit-race-common.c (do_test): Check stack size
diff --git a/NEWS b/NEWS
index 70798f6ced..a71c1038a8 100644
--- a/NEWS
+++ b/NEWS
@@ -264,8 +264,318 @@ Security related changes:
 
 The following bugs are resolved with this release:
 
-  [The release manager will add the list generated by
-  scripts/list-fixed-bugs.py just before the release.]
+  [866] glob: glob should match dangling symlinks
+  [1062] glob: sysdeps/generic/glob.c merge from gnulib (part 3 of 3)
+  [2522] localedata: ca_ES@valencia: new Valencian (meridional Catalan)
+    locale
+  [5997] math: Very slow execution of sinf function
+  [10580] localedata: hr_HR: updated locale
+  [10871] locale: 'mon' array should contain both nominative and genitive
+    cases
+  [12349] localedata: eu_ES: incorrect thousands separator
+  [13605] localedata: shn_MM: new Shan locale
+  [13805] localedata: ru_RU: currency should use ',' as radix point
+  [13953] localedata: km_KH: locale update
+  [13994] localedata: mjw_IN: new locale
+  [14121] build: make writes .mo files in po directory
+  [14333] libc: Fix the race between atexit() and exit()
+  [14681] dynamic-link: _dl_get_origin leaks memory via executable link map.
+  [14925] localedata: bn_*: LC_IDENTIFICATION.language key should be
+    "Bangla"
+  [15260] localedata: LC_MESSAGES.{yes,no}{str,expr}: various errors
+  [15261] localedata: LC_MESSAGES.yesexpr/noexpr: inconsistent use of full-
+    width Latin characters
+  [15332] localedata: es_CU: locale update
+  [15436] stdio: Don't close or flush stdio streams on abort
+  [15537] localedata: lv_LV: invalid collation for Latvian diacritical
+    letters
+  [16148] localedata: ca_ES: incorrect thousands separator
+  [16750] dynamic-link: ldd should not try to execute the binaries
+    (CVE-2009-5064)
+  [16777] localedata: pl_PL: incorrect thousands separator in locale
+  [16905] localedata: hanzi: new collation
+  [17563] localedata: cmn_TW: add hanzi collation
+  [17750] localedata: wrong collation order of diacritics in most locales
+  [17804] libc: scandirat fails with ENOMEM because it checks for errno even
+    if malloc succeeded
+  [17956] build: Build fails on missing definitions from header file
+    nss/nss.h when Mozilla NSS is used for cryptography
+  [18203] libc: realpath() does not handle unreachable paths correctly
+  [18572] dynamic-link: [arm] Lazy TLSDESC relocation has data race
+  [18812] localedata: kab_DZ: new Kabyle Algeria locale
+  [18822] libc: Internal functions are called via PLT
+  [18858] string: _HAVE_STRING_ARCH_xxx aren't defined for i386 nor x86_64
+  [19170] libc: __gmon_start__ defined in hppa in crtn.S
+  [19574] libc: glibc should support building static PIE binaries
+  [19852] localedata: charmaps/UTF-8: incorrect wcwidth for U+3099 and
+    U+309A
+  [19971] glob: glob: Do not skip entries with zero d_ino values
+  [19982] localedata: fr.po: spelling mistake for error code EXDEV
+  [20008] localedata: km_KH: convert to translit_neutral
+  [20009] localedata: tr_TR: convert LC_CTYPE to i18n
+  [20142] math: [x86_64] Add SSE4.1 trunc, truncf
+  [20204] dynamic-link: _dl_open_hook and _dlfcn_hook hardening
+  [20482] localedata: de_CH: abbreviated weekdays should be two letters
+  [20498] localedata: miq_NI: new Mískitu / Miskito (miq) language locale
+    for Nicaragua
+  [20532] nss: getaddrinfo uses errno and h_errno without guaranteeing
+    they're set, wrong errors returned by gaih_inet when lookup functions
+    are not found.
+  [20756] localedata: [PATCH] Use Unicode wise thousands separator
+  [20826] network: posix/tst-getaddrinfo5 fails on hosts without network
+    access
+  [20952] localedata: yuw_PG: new locale
+  [21084] localedata: charmaps/IBM858: new codepage
+  [21161] manual: [PATCH] fix typo in manual/arith.texi on strtoul prototype
+  [21242] libc: assert gives pedantic warning in old gcc versions
+  [21265] dynamic-link: _dl_runtime_resolve isn't compatible with Intel C++
+    __regcall calling convention
+  [21309] math: signed integer overflow in sysdeps/ieee754/dbl-64/e_pow.c
+  [21326] libc: C99 functions are not declared for C++11 and later if
+    _GNU_SOURCE is not predefined by g++
+  [21457] libc: sys/ucontext.h namespace
+  [21530] libc: tmpfile() should be implemented using O_TMPFILE
+  [21660] math: GCC fails to compile a formula with tgmath.h
+  [21672] nptl: sys-libs/glibc on ia64 crashes on thread exit: signal
+    SIGSEGV, Segmentation fault: pthread_create.c:432: __madvise
+    (pd->stackblock, freesize - PTHREAD_STACK_MIN, MADV_DONTNEED);
+  [21684] math: tgmath.h handling of complex integers
+  [21685] math: tgmath.h handling of bit-fields
+  [21686] math: tgmath.h handling of __int128
+  [21706] localedata: yesstr and nostr  are missing for Breton [LC_MESSAGES]
+    locale
+  [21745] libc: [powerpc64le] Extra PLT reference with --enable-stack-
+    protector=all
+  [21750] localedata: column width of characters incompatible with classical
+    wcwidth
+  [21754] malloc: malloc: Perform as little work as possible after heap
+    consistency check failures
+  [21780] libc: hppa: p{read,write}v2 does not set ENOSUP on invalid flag
+  [21790] libc: Missing __memset_zero_constant_len_parameter in libc.so
+  [21791] string: Unused XXX_chk_XXX functions in libc.a
+  [21815] dynamic-link: FAIL: elf/tst-prelink-cmp with GCC is defaulted to
+    PIE
+  [21836] localedata: Removed redundant data (LC_MONETARY) in various Indian
+    locales
+  [21845] localedata: Added new Locale bho_NP
+  [21853] localedata: Fix abday Which looks same as day in zh_SG
+  [21854] localedata: Added New Locale en_SC
+  [21864] libc: xmalloc.o is compiled with -DMODULE_NAME=libc
+  [21871] dynamic-link: _dl_runtime_resolve_avx_opt is slower than
+    _dl_runtime_resolve_avx_slow
+  [21885] network: getaddrinfo: gethosts does not release resolver context
+    on memory allocation failure
+  [21899] libc: XPG4.2 sigaction namespace
+  [21908] dynamic-link: dynamic linker broke on ia64 (mmap2 consolidation is
+    the suspect)
+  [21913] libc: static binaries SIGSEGV in __brk when host's gcc is pie-by-
+    default (i386)
+  [21915] nss: nss_files can return with NSS_STATUS_SUCCESS and a clobbered
+    errno value, causing getaddrinfo to fail
+  [21920] localedata: Fix p_cs_precedes/n_cs_precedes for mt_MT
+  [21922] network: getaddrinfo with AF_INET/AF_INET6 returns EAI_NONAME
+    instead of EAI_NODATA
+  [21928] libc: sys/ptrace.h: remove obsolete temporary development Linux
+    constant PTRACE_SEIZE_DEVEL
+  [21930] math: C-only gcc builtins used in <math.h> isinf
+  [21932] network: Unpaired __resolv_context_get in generic get*_r
+    implementation
+  [21941] math: powerpc: Wrong register constraint for xssqrtqp in sqrtf128
+  [21944] libc: sigval namespace
+  [21951] localedata: Update hanzi collation by stroke
+  [21955] math: Wrong alignment of  L(SP_RANGE)/L(SP_INF_0) in
+    sysdeps/x86_64/fpu/e_expf.S
+  [21956] libc: Stack allocation in MIPS syscall impl (ubounded stack
+    allocation in syscall loops)
+  [21959] localedata: Fix Country name for xh_ZA
+  [21960] localedata: Fix abmon for bem_ZM
+  [21966] math: AVX2 mathvec functions use FMA without checking
+  [21967] math: When 512-bit AVX2 wrapper functions in mathvec are used?
+  [21971] localedata: Added New Locale for mfe_MU
+  [21972] libc: assert macro requires operator== (int) for its argument type
+  [21973] math: [sparc] libm missing sqrtl compat symbol
+  [21974] libc: Remove __bb_init_func and __bb_exit_func
+  [21982] string: stratcliff.c: error: assuming signed overflow does not
+    occur with -O3
+  [21986] stdio: __guess_grouping is called incorrectly
+  [21987] math: [sparc32] wrong bits/long-double.h installed
+  [22019] localedata: Wrong placement of monetary symbol in el_GR (negative
+    amounts)
+  [22022] localedata: Missing country_name for mni_IN
+  [22023] localedata: Removed redundant data (LC_TIME and LC_MESSAGES) for
+    niu_NZ
+  [22025] locale: iconv: Inconsistency between pointer mangling and NULL
+    checks
+  [22026] locale: iconv_open: heap overflow on gconv_init failure
+  [22028] math: bits/math-finite.h _MSUF_ expansion namespace
+  [22035] math: [m68k] bits/math-inline.h macro namespace
+  [22038] localedata: Fix abbreviated weeks and months for Somali
+  [22044] localedata: Remove redundant data for Limburgish Language
+  [22050] malloc: Linking with -lmcheck does not hook
+    __malloc_initialize_hook correctly
+  [22051] libc: zero terminator in the middle of glibc's .eh_frame
+  [22052] malloc: malloc failed to compile with GCC 7 and -O3
+  [22070] localedata: charmaps/UTF-8: wcwidth for
+    Prepended_Concatenation_Mark codepoints set to 0 (should be 1)
+  [22074] localedata: charmaps/UTF-8: wcwidth for U+1160-U+11FF (Hangul
+    Jungseong and Jongseong) should be 0
+  [22078] nss: nss_files performance issue in multi mode
+  [22082] math: bits/math-finite.h exp10 condition
+  [22086] libc: pcprofiledump incorrect cross-endian condition
+  [22093] dynamic-link: ld.so no longer searches in .../x86_64
+  [22095] network: Name server address allocation memory leak in resolv.conf
+    parsing after OOM
+  [22096] network: __resolv_conf_attach can incorrectly free passed conf
+    object
+  [22100] localedata: om_KE: LC_TIME: copy redundant data from om_ET
+  [22101] dynamic-link: Dynamic loader must ignore "debug" shared objects
+    e.g. ET_GNU_DEBUG_*
+  [22111] malloc: malloc: per thread cache is not returned when thread exits
+  [22112] localedata: Fix LC_TELEPHONE/LC_NAME for az_AZ
+  [22134] libc: [linux] implement fexecve with execveat
+  [22142] libc: [powerpc] printf oupts a wrong value of DBL_MAX on ppc64 and
+    ppc64le
+  [22145] libc: ttyname() gives up too early in the face of namespaces
+  [22146] math: C++ build issue with float128 on x86_64
+  [22153] nptl: nptl: save error code before process termination
+  [22156] libc: [hppa,ia64,microblaze] Executable stack default
+  [22159] malloc: malloc: MALLOC_CHECK_ broken with --enable-tunables=no
+  [22161] nscd: nscd cache prune for netgroups hangs after timeout bump
+  [22165] libc: [hppa] Text relocations in libc.so
+  [22180] libc: destructor registered via __cxa_atexit is called twice
+  [22183] glob: commit 5554304f0ddd ("posix: Allow glob to match dangling
+    symlinks") cause "make" segfaults
+  [22189] math: [powerpc] math_private.h definitions of math_opt_barrier and
+    math_force_eval
+  [22207] libc: FAIL: stdlib/test-atexit-race
+  [22225] math: nearbyint arithmetic moved before feholdexcept
+  [22229] math: [sparc32] missing copysignl, fabsl, fmal compat symbols
+  [22235] math: iscanonical in C++ and float128
+  [22243] math: log2(0) and log10(0) are wrong in downward rounding without
+    the svid compat wrapper
+  [22244] math: ynf and yn are wrong without the svid compat wrapper
+  [22273] libc: Improper assert in Linux posix_spawn implementation
+  [22284] libc: -pg -pie doesn't work
+  [22292] locale: localedef exits with error 4 when it should be error 1
+  [22294] locale: Allow "" for int_currency_symbol definition in locales.
+  [22295] locale: Don't warn on non-symbolic characters in locale sources in
+    --verbose.
+  [22296] math: glibc 2.26: signbit build issue with Gcc 5.5.0 on x86_64
+  [22298] nptl: x32: lockups on recursive pthread_mutex_lock after upgrade
+    to 2.26
+  [22299] dynamic-link: Problem with $PLATFORM on x86_64 platform
+  [22320] glob: Buffer overflow in glob with GLOB_TILDE (CVE-2017-15670)
+  [22321] libc: sysconf(_SC_IOV_MAX) returns -1 on Linux
+  [22322] libc: [mips64] wrong bits/long-double.h installed
+  [22325] glob: Memory leak in glob with GLOB_TILDE (CVE-2017-15671)
+  [22332] glob: Buffer overflow in glob with GLOB_TILDE in unescaping
+    (CVE-2017-15804)
+  [22336] localedata: cs_CZ LC_COLLATE does not use i18n
+  [22343] malloc: Integer overflow in posix_memalign
+  [22347] libc: getrandom() returns the number of bytes that were copied  to
+    the buffer even though the comments say "Return 0 on success and -1 on
+    failure."
+  [22353] string: sysdeps/i386/i586/strcpy.S isn't maintainable
+  [22362] libc: Installed crt1.o, crti,.o and crtn.o files are used with
+    -m32
+  [22370] dynamic-link: Incorrect note padding check
+  [22375] libc: malloc returns pointer from tcache_get when should return
+    NULL (CVE-2017-17426)
+  [22377] math: iseqsig, float128 and C++
+  [22382] localedata: Error in tpi_PG locale
+  [22387] localedata: Replace unicode sequences <Uxxxx> for characters
+    inside the ASCII printable range
+  [22402] math: [powerpc64le] __MATH_TG does not support _Float128 for
+    -mlong-double-64
+  [22403] localedata: Slash needs escaping in some locales
+  [22408] malloc: malloc_info access heaps without arena lock, ignores heaps
+  [22409] network: res_hnok does not accept some host names used on the
+    Internet
+  [22412] network: res_dnok, res_hnok should perform syntax checks
+  [22413] network: ns_name_pton ignores syntactically invalid trailing
+    backslash
+  [22415] stdio: setvbuf can lead to invalid free/segfault
+  [22432] build: Non-deterministic build
+  [22439] malloc: malloc_info should compute summary statistics for all sub-
+    heaps in an arena
+  [22442] network: if_nametoindex could report index for the wrong
+    networking interface
+  [22446] build: aliasing violation calling readlink in handle_request
+  [22447] build: unsafe call to strlen with a non-string in getlogin_r.c
+  [22457] libc: Generic preadv/pwritev incorrectly calls __posix_memalign
+  [22459] libc: FAIL: elf/check-localplt with __stack_chk_fail related to
+    __nscd_hash/__nss_hash
+  [22463] network: p_secstodate overflow handling
+  [22469] localedata: pl_PL LC_COLLATE does not use i18n
+  [22478] libc: sigwait can fail with EINTR
+  [22505] libc: ldconfig processes include directive in locale-specific
+    order
+  [22515] localedata: hsb_DE LC_COLLATE does not use copy "iso14651_t1"
+  [22517] localedata: et_EE LC_COLLATE does not use copy "iso14651_t1"
+  [22519] localedata: is_IS LC_COLLATE does not use copy "iso14651_t1"
+  [22524] localedata: lt_LT  LC_COLLATE does not use copy "iso14651_t1"
+  [22527] localedata: tr_TR  LC_COLLATE does not use copy "iso14651_t1"
+  [22534] localedata: Collation rules for Serbian and Bosnian should be the
+    same as for Croatian
+  [22561] math: [DR#471] cacosh (0 + iNaN) should return NaN +/- i pi/2
+  [22568] math: [DR#471] ctanh (0 + iNaN), ctanh (0 + i Inf)
+  [22577] libc: missing newline after "cannot allocate TLS data structures
+    for initial thread"
+  [22588] manual: manual/conf.texi: missing underscore in front of
+    SC_SSIZE_MAX
+  [22593] math: nextafter and nexttoward are declared with const attribute
+  [22596] manual: manual: finite(nan) wrongly described as returning nonzero
+  [22603] string: ia64 memchr overflows internal pointer check
+  [22605] libc: SH clone does not set the exit code correctly
+  [22606] dynamic-link: Incorrect array size computation in _dl_init_paths
+    (CVE-2017-1000408)
+  [22607] dynamic-link: Buffer Overflow in _dl_init_paths (CVE-2017-1000409)
+  [22611] malloc: malloc/tst-realloc wrongly assumes that errno must not be
+    modified in case of success
+  [22614] build: gcc: error: unrecognized command line option ‘-no-pie’
+  [22615] manual: manual: ambiguous wording about errno value in case of
+    success
+  [22624] libc: MIPS setjmp() saves incorrect 'o0' register in --enable-
+    stack-protector=all
+  [22625] dynamic-link: RPATH $ORIGIN replaced by PWD for AT_SECURE/SUID
+    binaries or if /proc is not mounted (CVE-2017-16997)
+  [22627] dynamic-link: $ORIGIN in $LD_LIBRARY_PATH is substituted twice
+  [22630] build: $(no-pie-ldflag) is no longer effective
+  [22631] math: [m68k] Bad const attributes in bits/mathinline.h
+  [22635] nptl: pthread_self returns NULL before libpthread is loaded
+  [22636] nptl: PTHREAD_STACK_MIN is too small on x86-64
+  [22637] nptl: guard size is subtracted from thread stack size instead of
+    adding it on top
+  [22648] libc: getrlimit/setrlimit with RLIM_INFINITY broken on alpha
+  [22657] localedata: hu_HU: Avoid double space in date
+  [22660] math: fmax, fmin sNaN handling on alpha
+  [22664] libc: New warning of GCC8
+  [22665] math: alpha: ceil and floor raise inexact exceptions
+  [22666] math: alpha: trunc raise inexact exceptions
+  [22667] libc: makecontext lacks stack alignment on i386
+  [22678] libc: prlimit fails for RLIM_INFINITY values on 32-bit machines
+  [22679] libc: getcwd(3) can succeed without returning an absolute path
+    (CVE-2018-1000001)
+  [22685] libc: PowerPC: Static AT_SECURE binaries segfault with lock-
+    elision and tunables
+  [22687] math: [powerpc-nofpu] complex long double functions spurious
+    "invalid" exception
+  [22688] math: [powerpc-nofpu] remainderl wrong sign of zero result
+  [22690] math: [ldbl-128ibm] lrintl, lroundl missing "invalid" exceptions
+  [22691] math: [powerpc-nofpu] fmaxmagl, fminmagl spurious "invalid"
+    exception
+  [22693] math: [ldbl-128ibm] log1pl (-qNaN) spurious "invalid" exception
+  [22697] math: [powerpc] llround spurious "inexact" exceptions on 32-bit
+    power4
+  [22701] nis: Incomplete removal of libnsl
+  [22702] math: [powerpc-nofpu] nearbyintl traps with trapping "inexact"
+  [22707] libc: Missing defines in elf.h for DF_1_STUB and DF_1_PIE.
+  [22715] dynamic-link: FAIL: elf/tst-audit10
+  [22719] libc: Backtrace tests fail on hppa
+  [22742] libc: [aarch64] mcontext_t __reserved field got renamed
+  [22743] nptl: __pthread_register_cancel corrupts stack after f81ddabffd
+  [22765] crypt: (struct crypt_data *data)->initialized is not set to zero
+    before the first call to crypt_r () in crypt/badsalttest.c
 
 
 Version 2.26