tag name | glibc-2.32 (0af4a7561d02f3d91d49e13eea1760848d9ce678) |
tag date | 2020-08-04 23:37:05 -0400 |
tagged by | Carlos O'Donell <carlos@redhat.com> |
tagged object | commit 3de512be7e... |
download | glibc-2.32.tar.gz glibc-2.32.tar.xz glibc-2.32.zip |
---|
The GNU C Library
================= The GNU C Library version 2.32 is now available. The GNU C Library is used as *the* C library in the GNU system and in GNU/Linux systems, as well as many other systems that use Linux as the kernel. The GNU C Library is primarily designed to be a portable and high performance C library. It follows all relevant standards including ISO C11 and POSIX.1-2017. It is also internationalized and has one of the most complete internationalization interfaces known. The GNU C Library webpage is at http://www.gnu.org/software/libc/ Packages for the 2.32 release may be downloaded from: http://ftpmirror.gnu.org/libc/ http://ftp.gnu.org/gnu/libc/ The mirror list is at http://www.gnu.org/order/ftp.html NEWS for version 2.32 ===================== Major new features: * Unicode 13.0.0 Support: Character encoding, character type info, and transliteration tables are all updated to Unicode 13.0.0, using generator scripts contributed by Mike FABIAN (Red Hat). * New locale added: ckb_IQ (Kurdish/Sorani spoken in Iraq) * Support for Synopsys ARC HS cores (ARCv2 ISA) running Linux has been added. This port requires at least binutils-2.32, gcc-8.3 and Linux-5.1. Three ABIs are supported: - arc-linux-gnu - arc-linux-gnuhf - arceb-linux-gnu The arc* ABI is little-endian while arceb is big-endian. All ABIs use 64-bit time (y2038 safe) and 64-bit file offsets (LFS default). * The GNU C Library now loads audit modules listed in the DT_AUDIT and DT_DEPAUDIT dynamic section entries of the main executable. * powerpc64le supports IEEE128 long double libm/libc redirects when using the -mabi=ieeelongdouble to compile C code on supported GCC toolchains. It is recommended to use GCC 8 or newer when testing this option. * To help detect buffer overflows and other out-of-bounds accesses several APIs have been annotated with GCC 'access' attribute. This should help GCC 10 issue better warnings. * On Linux, functions the pthread_attr_setsigmask_np and pthread_attr_getsigmask_np have been added. They allow applications to specify the signal mask of a thread created with pthread_create. * The GNU C Library now provides the header file <sys/single_threaded.h> which declares the variable __libc_single_threaded. Applications are encouraged to use this variable for single-thread optimizations, instead of weak references to symbols historically defined in libpthread. * The functions sigabbrev_np and sigdescr_np have been added. The sigabbrev_np returns the abbreviated signal name (e.g. "HUP" for SIGHUP) while sigdescr_np returns a string describing the signal number (e.g "Hangup" for SIGHUP). Different than strsignal, sigdescr_np does not attempt to translate the return description, both functions return NULL for an invalid signal number. They should be used instead of sys_siglist or sys_sigabbrev and they are both thread and async-signal safe. These functions are GNU extensions. * The functions strerrorname_np and strerrordesc_np have been added. The strerroname_np returns error number name (e.g. "EINVAL" for EINVAL) while strerrordesc_np returns string describing error number (e.g "Invalid argument" for EINVAL). Different than strerror, strerrordesc_np does not attempt to translate the return description, both functions return NULL for an invalid error number. They should be used instead of sys_errlist and sys_nerr, both are thread and async-signal safe. These functions are GNU extensions. * AArch64 now supports standard branch protection security hardening in glibc when it is built with a GCC that is configured with --enable-standard-branch-protection (or if -mbranch-protection=standard flag is passed when building both GCC target libraries and glibc, in either case a custom GCC is needed). This includes branch target identification (BTI) and pointer authentication for return addresses (PAC-RET). They require armv8.5-a and armv8.3-a architecture extensions respectively for the protection to be effective, otherwise the used instructions are nops. User code can use PAC-RET without libc support, but BTI requires a libc that is built with BTI support, otherwise runtime objects linked into user code will not be BTI compatible. Deprecated and removed features, and other changes affecting compatibility: * Remove configure option --enable-obsolete-rpc. Sun RPC is removed from glibc. This includes the rpcgen program, librpcsvc, and the Sun RPC header files. Backward compatibility for old programs is kept only for architectures and ABIs that have been added in or before glibc 2.31. New programs need to use TI-RPC <http://git.linux-nfs.org/?p=steved/libtirpc.git;a=summary> and rpcsvc-proto <https://github.com/thkukuk/rpcsvc-proto>. * Remove configure option --enable-obsolete-nsl. libnsl is only built as shared library for backward compatibility and the NSS modules "nis" and "nisplus" are not built at all and libnsl's headers aren't installed. This compatibility is kept only for architectures and ABIs that have been added in or before version 2.28. Replacement implementations based on TI-RPC, which additionally support IPv6, are available from <https://github.com/thkukuk/>. This change does not affect the "compat" NSS module, which does not depended on libnsl since 2.27 and thus can be used without NIS. * The deprecated <sys/sysctl.h> header and the sysctl function have been removed. To support old binaries, the sysctl function continues to exist as a compatibility symbol (on those architectures which had it), but always fails with ENOSYS. This reflects the removal of the system call from all architectures, starting with Linux 5.5. * The sstk function is no longer available to newly linked binaries. Its implementation always returned with a failure, and the function was not declared in any header file. * The legacy signal handling functions siginterrupt, sigpause, sighold, sigrelse, sigignore and sigset, and the sigmask macro have been deprecated. Applications should use the sigsuspend, sigprocmask and sigaction functions instead. * ldconfig now defaults to the new format for ld.so.cache. glibc has already supported this format for almost 20 years. * The deprecated arrays sys_siglist, _sys_siglist, and sys_sigabbrev are no longer available to newly linked binaries, and their declarations have been removed from <string.h>. They are exported solely as compatibility symbols to support old binaries. All programs should use strsignal instead. * The deprecated symbols sys_errlist, _sys_errlist, sys_nerr, and _sys_nerr are no longer available to newly linked binaries, and their declarations have been removed from from <stdio.h>. They are exported solely as compatibility symbols to support old binaries. All programs should use strerror or strerror_r instead. * Both strerror and strerror_l now share the same internal buffer in the calling thread, meaning that the returned string pointer may be invalided or contents might be overwritten on subsequent calls in the same thread or if the thread is terminated. It makes strerror MT-safe. * Using weak references to libpthread functions such as pthread_create or pthread_key_create to detect the singled-threaded nature of a program is an obsolescent feature. Future versions of glibc will define pthread_create within libc.so.6 itself, so such checks will always flag the program as multi-threaded. Applications should check the __libc_single_threaded variable declared in <sys/single_threaded.h> instead. * The "files" NSS module no longer supports the "key" database (used for secure RPC). The contents of the /etc/publickey file will be ignored, regardless of the settings in /etc/nsswitch.conf. (This method of storing RPC keys only supported the obsolete and insecure AUTH_DES flavor of secure RPC.) * The __morecore and __after_morecore_hook malloc hooks and the default implementation __default_morecore have been deprecated. Applications should use malloc interposition to change malloc behavior, and mmap to allocate anonymous memory. A future version of glibc may require that applications which use the malloc hooks must preload a special shared object, to enable the hooks. * The hesiod NSS module has been deprecated and will be removed in a future version of glibc. System administrators are encouraged to switch to other approaches for networked account databases, such as LDAP. Changes to build and runtime requirements: * powerpc64le requires GCC 7.4 or newer. This is required for supporting long double redirects. Security related changes: CVE-2016-10228: An infinite loop has been fixed in the iconv program when invoked with the -c option and when processing invalid multi-byte input sequences. Reported by Jan Engelhardt. CVE-2020-10029: Trigonometric functions on x86 targets suffered from stack corruption when they were passed a pseudo-zero argument. Reported by Guido Vranken / ForAllSecure Mayhem. CVE-2020-1752: A use-after-free vulnerability in the glob function when expanding ~user has been fixed. CVE-2020-6096: A signed comparison vulnerability in the ARMv7 memcpy and memmove functions has been fixed. Discovered by Jason Royes and Samual Dytrych of the Cisco Security Assessment and Penetration Team (See TALOS-2020-1019). The following bugs are resolved with this release: [9809] localedata: ckb_IQ: new Kurdish Sorani locale [10441] manual: Backtraces code example lacks error checking [10815] librt: [timer_create / SIGEV_THREAD] signalmask of timer_sigev_thread dangerous [14231] stdio: stdio-common tests memory requirements [14578] libc: /proc-based emulation for lchmod, fchmodat [16272] dynamic-link: dlopen()ing a DT_FILTER library crashes if filtee has constructor [19519] locale: iconv(1) with -c option hangs on illegal multi-byte sequences (CVE-2016-10228) [19737] admin: Doc page “20.5.2 Infinity and NaN” has incorrect HTML character entities for infinity & pi [20338] libc: Parsing of /etc/gshadow can return bad pointers causing segfaults in applications [20543] libc: Please move from .gnu.linkonce to comdat [22489] network: gcc warns about implicit convertion in ICMP6_FILTER_SETPASS with -Wsign-conversion [22525] localedata: or_IN LC_COLLATE does not use copy "iso14651_t1" [23294] math: Complex _FloatN functions are redirected to the wrong function with -mlong-double-64 [23296] libc: Data race in setting function descriptor during lazy binding [23668] dynamic-link: ldconfig: Default to the new format for ld.so.cache [23819] hurd: hurd: Add C11 thread support [23990] build: test-container error out on failure to exec child. [23991] build: shell-container typo in run_command_array [24638] manual: Error in example of parsing a template string [24654] manual: Wrong declaration of wcschr in libc manual [24943] dynamic-link: Support DT_AUDIT, DT_DEPAUDIT in the dynamic linker [25051] dynamic-link: aarch64, powerpc64 uses surplus static tls for dynamically loaded dsos [25098] nptl: nptl: ctype classification functions are not AS-Safe [25219] libc: improve out-of-bounds checking with GCC 10 attribute access [25262] libc: getcontext/setcontext/swapcontext unnecessarily save and restore EAX, ECX and EDX [25397] dynamic-link: Legacy bitmap doesn't cover jitted code [25414] glob: 'glob' use-after-free bug (CVE-2020-1752) [25420] network: Race condition in resolv_conf.c can result in caching stale configuration forever [25487] math: sinl() stack corruption from crafted input (CVE-2020-10029) [25506] build: configure: broken detection of STT_GNU_IFUNC when GCC defaults to PIE [25523] libc: MIPS/Linux inline syscall template is miscompiled [25620] libc: Signed comparison vulnerability in the ARMv7 memcpy() (CVE-2020-6096) [25623] libc: test-sysvmsg, test-sysvsem, test-sysvshm fail with 2.31 on 32 bit and old kernel [25635] libc: arm: Wrong sysdep order selection for soft-fp [25639] localedata: Some names of days and months wrongly spelt in Occitan [25657] libc: sigprocmask() and sigisemptyset() manipulate different amount of sigset_t bytes [25691] stdio: printf: memory leak when printing long multibyte strings [25715] libc: system() returns wrong errors when posix_spawn fails [25733] malloc: mallopt(M_MXFAST) can set global_max_fast to 0 [25734] locale: mbrtowc with Big5-HKSCS fails to reset conversion state for conversions that produce two Unicode code points [25765] nptl: Incorrect futex syscall in __pthread_disable_asynccancel for linux x86_64 leads to livelock [25788] dynamic-link: [i386] -fno-omit-frame-pointer in CFLAGS causes test failures, invalid instruction in ld.so [25790] glob: Typo in tst-fnmatch.input [25810] libc: x32: Incorrect syscall entries with pointer, off_t and size_t [25819] localedata: Update locale data to Unicode 13.0.0 [25824] libc: Abnormal function of strnlen in aarch64 [25887] dynamic-link: Wasted space in _dl_x86_feature_1[1] [25896] libc: Incorrect prctl [25902] libc: Bad LOADARGS_N [25905] dynamic-link: VSX registers are corrupted during PLT resolution when glibc is built with --disable-multi-arch and --with- cpu=power9 [25933] string: Off by one error in __strncmp_avx2 when length=VEC_SIZE*4 and strings are at page boundaries can cause a segfault [25942] nptl: Deadlock on stack_cache_lock between __nptl_setxid and exiting detached thread [25966] libc: Incorrect access of __x86_shared_non_temporal_threshold for x32 [25976] nss: internal_end*ent in nss_compat may clobber errno, hiding ERANGE [25999] nptl: Use-after-free issue in pthread_getaddr_default_np [26073] math: getpayload() has wrong return value [26076] dynamic-link: dlmopen crashes after failing to load dependencies in audit mode [26120] localedata: column width of of some Korean JUNGSEONG/JONGSEONG characters wrong (should be 0) [26128] libc: Incorrect bit_cpu_CLFLUSHOPT [26133] libc: Incorrect need_arch_feature_F16C [26137] libc: strtod() triggers exception FE_INEXACT on reasonable input [26149] libc: PKU is usable only if OSPKE is set [26173] libc: powerpc64*: Add @notoc to calls to functions that do not preserve r2 [26208] libc: Incorrect bit_cpu_CLFSH [26210] network: Incorrect use of hidden symbols for global sunrpc variables [26211] stdio: printf integer overflow calculating allocation size [26214] stdio: printf_fp double free [26215] stdio: printf_fp memory leak [26232] time: FAIL: support/tst-timespec for 32-bit targets [26258] nss: nss_compat should not read input files with mmap [26332] string: Incorrect cache line size load causes memory corruption in memset Release Notes ============= https://sourceware.org/glibc/wiki/Release/2.32 Contributors ============ This release was made possible by the contributions of many people. The maintainers are grateful to everyone who has contributed changes or bug reports. These include: Adhemerval Zanella Alan Modra Alex Butler Alexander Anisimov Alistair Francis Andrea Corallo Andreas K. Hüttel Andreas Schwab Anton Blanchard Anton Blanchard via Libc-alpha Arjun Shankar Aurelien Jarno Aurélien Aptel Carlos O'Donell Chung-Lin Tang DJ Delorie David Kilroy Evgeny Eremin Eyal Itkin Fangrui Song Florian Weimer Gabriel F. T. Gomes Girish Joshi H.J. Lu John David Anglin John Marshall Jonathan Wakely Joseph Myers Josh Triplett Jwtiyar Nariman Krzysztof Koch Lexi Shao Lucas A. M. Magalhaes Lukasz Majewski Maciej W. Rozycki Martin Sebor Matheus Castanho Mathieu Desnoyers Michael Hudson-Doyle Mike FABIAN Patsy Franklin Paul E. Murphy Paul Eggert Paul Zimmermann Petr Vorel Rafał Lużyński Rajalakshmi Srinivasaraghavan Raphael Moreira Zinsly Rogerio Alves Samuel Thibault Sergey Shen-Ta Hsieh Siddhesh Poyarekar Simon Marchi Stefan Liebler Sudakshina Das Sunil K Pandey Szabolcs Nagy Tulio Magno Quites Machado Filho Vineet Gupta WANG Xuerui Wilco Dijkstra guojinhui kokoye2007 mayshao mayshao-oc -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEcnNUKzmWLfeymZMUFnkrTqJTQPgFAl8qKWoACgkQFnkrTqJT QPiEsRAAmI4q1GBuf7BG7+toYU1BGWhRxYcw4o3SJtjL47N0aBH7LM40DSvIfuaM RsP/WRD8vRX7Ib3ZzRPS4WyBUf9sjJYOCWm1rFsv7MaW5k1ditjvFOKz/JSkGJUm 0VNiAC354rJYFPYxOBhv/CmMgnQH5FOc+YhXbgT349K+HED/s7354weYu8vYD6lY iNJnwGHRpR9Tt6IkU96QW6SsZOvFKs9k0z//KZzPRoIY5KHZebT99HoI8FQiyF8p Y0umNY3lV1H1bBbr+v9BFNui6vK6ynzJ+HFgAoZzNXEiz4jtoKDTULTBB5fbruFQ cr/HZIyl3I4NQ0N6zVfy4LfHFOoHK7g69cvGTSwQyZsHgbipZ9me1ht/STuuppKO hpuTSBElNUv5WkbI8t8+P/SrrgeyShxZD9IFMKOwi4t9ZWtn+aFZWOTZbAqONw2c IkzIEQGQELfbg/q4P3zhxmkdbABhp2BkPu3CPU9c1fI/IZcDtQcQnhUAMZ2GY1G1 YniWKZFYq8fElxNmiPPkGhbVG1KsgqKq8R23oaGwvbjXKitetJyqnL7DXax8QmBV 2cEdCU2maP567we3JnwtkufokpfaSb10ZGf4mRChJcxz97SPTH9DxDoS8dW0oUji bE6eevJN5E1N6auc+5RzwcsMKG6zigaC1xJYTIQHZ+/3JM5NYQg= =4f2z -----END PGP SIGNATURE-----