diff options
-rw-r--r-- | NEWS | 120 |
1 files changed, 118 insertions, 2 deletions
diff --git a/NEWS b/NEWS index 4f84a60ff0..71f5d20324 100644 --- a/NEWS +++ b/NEWS @@ -120,8 +120,124 @@ Security related changes: The following bugs are resolved with this release: - [The release manager will add the list generated by - scripts/list-fixed-bugs.py just before the release.] + [10635] libc: realpath portability patches + [16124] dynamic-link: ld.so should allow to change argv[0] + [17924] malloc: 'free' should not set errno + [18683] libc: Linux faccessat implementation can incorrectly ignore + AT_EACCESS + [22899] libc: Use 64-bit readdir() in generic POSIX getcwd() + [23249] libc: Epyc and other current AMD CPUs do not select the + "haswell" platform subdirectory + [24080] dynamic-link: Definition of "haswell" platform is inconsistent + with GCC + [24202] libc: m68k setjmp() saves incorrect 'a5' register in --enable- + stack-protector=all + [24941] libc: Make grantpt usable after multi-threaded fork in more + cases + [24970] libc: realpath mishandles EOVERFLOW; stat not needed anyway + [24973] locale: iconv encounters segmentation fault when converting + 0x00 0xfe in EUC-KR to UTF-8 (CVE-2019-25013) + [25399] string: undefined reference to `__warn_memset_zero_len' when + changing gnuc version + [25859] libc: glibc parser for /sys/devices/system/cpu/online is + incorrect + [25938] dynamic-link: ld.so.cache should store meaning of hwcap mask + bits + [25971] libc: s390 bits/hwcap.h out of sync with kernel + [26053] libc: unlockpt fails with ENOTTY for non-ptmx descriptors + [26100] libc: Race in syslog(3) with regards to tag printing. + [26124] libc: Export <cpu-features.h> + [26130] nscd: Inconsistent nscd cache during pruning + [26203] libc: GLRO(dl_x86_cpu_features) may not be intialized + [26224] locale: iconv hangs when converting some invalid inputs from + several IBM character sets (CVE-2020-27618) + [26341] libc: realpath cyclically call __alloca(path_max) to consume + too much stack space + [26343] manual: invalid documented return type for strerrorname_np(), + strerrordesc_np(), sigdescr_np(), sigabbrev_np() + [26376] libc: Namespace violation in stdio.h and sys/stat.h if build + with optimization. + [26383] locale: bind_textdomain_codeset doesn't accept //TRANSLIT + anymore + [26394] time: [2.33 Regression] FAIL: nptl/tst-join14 + [26534] math: libm.so 2.32 SIGILL in pow() due to FMA4 instruction on + non-FMA4 system + [26552] dynamic-link: CPU_FEATURE_USABLE_P should be more conservative + [26553] libc: mtx_init allows type set to "mtx_recursive" only + [26555] string: strerrorname_np does not return the documented value + [26592] libc: pointer arithmetic overflows in realpath + [26600] network: Transaction ID collisions cause slow DNS lookups in + getaddrinfo + [26606] libc: [2.33 Regression] pselect is broken on x32 + [26615] libc: powerpc: libc segfaults when LD_PRELOADed with libgcc + [26620] glob: fnmatch with collating symbols results in segmentation + fault + [26625] libc: [2.33 Regression] CET is disabled + [26636] libc: 32-bit shmctl(IPC_INFO) crashes when shminfo struct is + at the end of a memory mapping + [26637] libc: semctl SEM_STAT_ANY fails to pass the buffer specified + by the caller to the kernel + [26639] libc: msgctl IPC_INFO and MSG_INFO return garbage + [26647] build: [-Werror=array-parameter=] due to different + declarations for __sigsetjmp + [26648] libc: mkstemp is likely to fail on systems with non-stricly- + monotonic clocks + [26649] stdio: printf should handle non-normal x86 long double numbers + gracefully (CVE-2020-29573) + [26686] build: -Warray-parameter instances building with GCC 11 + [26687] build: -Warray-bounds instances building with GCC 11 + [26690] stdio: Aliasing violation in __vfscanf_internal + [26691] nptl: Use a minimum guard size of 64 KiB on aarch64 + [26726] build: GCC warning calling new_composite_name with an array of + one element + [26736] libc: FAIL: misc/tst-sysvshm-linux + [26737] libc: Random FAIL: rt/tst-shm + [26791] libc: Missing O_CLOEXEC in sysconf.c + [26798] dynamic-link: aarch64: variant PCS symbols may be incorrectly + lazy bound + [26801] nptl: pthread_mutex_clocklock with CLOCK_MONOTONIC can fail on + PI mutexes + [26818] string: aarch64: string tests may run ifunc variants that are + not safe + [26821] libc: Memory leak test failures on Fedora 33 + [26824] libc: FAIL: elf/tst-cpu-features-supports with recent trunk: + FSGSBASE/LM/RDRAND check failure + [26833] time: adjtime() with delta == NULL segfaults on armv7 32bit + platform + [26853] libc: aarch64: Missing unwind information in statically linked + startup code + [26923] locale: Assertion failure in iconv when converting invalid + UCS4 (CVE-2020-29562) + [26926] dynamic-link: aarch64: library dependencies are not bti + protected + [26932] libc: sh: Multiple floating point functions defined as stubs + only since 2.31 + [26964] nptl: pthread_mutex_timedlock returning EAGAIN after futex is + locked + [26988] dynamic-link: aarch64: BTI mprotect address is not page + aligned + [27002] build: libc_freeres_fn build failure with GCC 11 + [27004] dynamic-link: ld.so is miscompiled by GCC 11 + [27008] dynamic-link: ld.so.cache should have endianness markup + [27042] libc: [alpha] anonymous union in struct stat confuses + detection logic + [27053] libc: Conformance regression in system(3) (and probably also + pclose(3)) + [27072] dynamic-link: static pie ifunc resolvers run before hwcap is + setup + [27077] network: Do not reload /etc/nsswitch.conf from chroot + [27083] libc: Unsafe unbounded alloca in addmntent + [27104] dynamic-link: The COMMON_CPUID_INDEX_MAX handshake does not + work + [27130] string: "rep movsb" performance issue + [27150] libc: alpha: wait4() is unavailable in static linking + [27177] dynamic-link: + GLIBC_TUNABLES=glibc.cpu.x86_ibt=on:glibc.cpu.x86_shstk=on doesn't + work + [27222] dynamic-link: Incorrect sysdeps/x86/tst-cpu-features-cpuinfo.c + [27237] malloc: deadlock in malloc/tst-malloc-stats-cancellation + [27256] locale: Assertion failure in ISO-2022-JP-3 gconv module + related to combining characters (CVE-2021-3326) Version 2.32 |