The GNU C Library version 2.38 is now available

The GNU C Library
=================

The GNU C Library version 2.38 is now available.

The GNU C Library is used as *the* C library in the GNU system and
in GNU/Linux systems, as well as many other systems that use Linux
as the kernel.

The GNU C Library is primarily designed to be a portable
and high performance C library.  It follows all relevant
standards including ISO C11 and POSIX.1-2017.  It is also
internationalized and has one of the most complete
internationalization interfaces known.

The GNU C Library webpage is at http://www.gnu.org/software/libc/

Packages for the 2.38 release may be downloaded from:
        http://ftpmirror.gnu.org/libc/
        http://ftp.gnu.org/gnu/libc/

The mirror list is at http://www.gnu.org/order/ftp.html

Distributions are encouraged to track the release/* branches
corresponding to the releases they are using.  The release
branches will be updated with conservative bug fixes and new
features while retaining backwards compatibility.

NEWS for version 2.38
=====================

Major new features:

* When C2X features are enabled and the base argument is 0 or 2, the
  following functions support binary integers prefixed by 0b or 0B as
  input: strtol, strtoll, strtoul, strtoull, strtol_l, strtoll_l,
  strtoul_l, strtoull_l, strtoimax, strtoumax, strtoq, strtouq, wcstol,
  wcstoll, wcstoul, wcstoull, wcstol_l, wcstoll_l, wcstoul_l,
  wcstoull_l, wcstoimax, wcstoumax, wcstoq, wcstouq.  Similarly, the
  following functions support binary integers prefixed by 0b or 0B as
  input to the %i format: fscanf, scanf, sscanf, vscanf, vsscanf,
  vfscanf, fwscanf, wscanf, swscanf, vfwscanf, vwscanf, vswscanf; those
  functions also support the %b format for binary integers, with or
  without such a prefix and independent of standards mode.

* PRIb*, PRIB* and SCNb* macros from C2X have been added to
  <inttypes.h>.

* printf-family functions now support the wN format length modifiers for
  arguments of type intN_t, int_leastN_t, uintN_t or uint_leastN_t (for
  example, %w32d to print int32_t or int_least32_t in decimal, or %w32x
  to print uint32_t or uint_least32_t in hexadecimal) and the wfN format
  length modifiers for arguments of type int_fastN_t or uint_fastN_t, as
  specified in draft ISO C2X.

* A new tunable, glibc.pthread.stack_hugetlb, can be used to disable
  Transparent Huge Pages (THP) in stack allocation at pthread_create.

* Support for x86_64 running on Hurd has been added.  This port requires
  as least binutils 2.40 and GCC 13:

    - x86_64-gnu

* Vector math library libmvec support has been added to AArch64.  It
  requires GCC version >= 10.1.0.  It can be disabled via
  "--disable-mathvec", however that is not a supported configuration as
  it changes the ABI. The symbol names follow the AArch64 vector ABI,
  they are declared in math.h and have to be called manually at this point.

* The strlcpy and strlcat functions have been added.  They are derived
  from OpenBSD, and are expected to be added to a future POSIX version.

* A new configure option, "--enable-fortify-source", can be used to build the
  GNU C Library with _FORTIFY_SOURCE. The level of fortification can either be
  provided, or is set to the highest value supported by the compiler. If not
  explicitly enabled, then fortify source is forcibly disabled so to keep
  original behavior unchanged.

Deprecated and removed features, and other changes affecting compatibility:

* libcrypt is no longer built by default; one may use the "--enable-crypt"
  option to build libcrypt.  libcrypt is likely to be removed from the
  GNU C Library in a future release, so it is recommended that
  applications port away from it to an alternative such as libxcrypt.

* In the Linux kernel for the hppa/parisc architecture some of the
  MADV_XXX constants were changed to have the same values as the other
  architectures.  New programs compiled with this glibc version and which
  use the madvise call will require at least Linux kernel version 6.2,
  alternatively stable kernels from versions 6.1.6, 5.15.87, 5.10.163,
  5.4.228, 4.19.270 or 4.14.303.

* The "--disable-experimental-malloc" option is no longer available.  The
  per-thread cache can still be disabled per-application using tunables
  (glibc.malloc.tcache_count set to zero).

* The configure option "--enable-tunables" has been removed.  The tunable
  feature is now always enabled.

Changes to build and runtime requirements:

* Building libmvec on AArch64 requires at a minimum GCC 10.1.0 for SVE
  ACLE.

Security related changes:

  CVE-2023-25139: When the printf family of functions is called with a
  format specifier that uses an <apostrophe> (enable grouping) and a
  minimum width specifier, the resulting output could be larger than
  reasonably expected by a caller that computed a tight bound on the
  buffer size.  The resulting larger than expected output could result
  in a buffer overflow in the printf family of functions.

The following bugs are resolved with this release:

  [178] string: Please add strlcpy and strlcat (attached)
  [14697] nptl: Behavior of exit is nonconformant with respect to
    threads and stdio
  [15142] stdio: Missing locking in _IO_cleanup
  [18096] glob: null deref in wordexp/parse_dollars/parse_arith
  [18906] stdio: fopen: ccs value may affect open mode
  [24466] stdio: Feature request: provide special printf formats for
    intXX_t
  [25457] nss: hosts lookup fails for ipv4mapped ipv6 addresses
  [28519] libc: system and popen should pass "--" between /bin/sh and
    argument
  [29016] stdio: popen() sets errno to ENOMEM when shell does not exist
  [29591] string: wcsnlen length can overflow in page cross case.
  [30053] time: strftime %s returns -1 after 2038 on 32 bits systems
  [30068] stdio: incorrect printf output for integers with thousands
    separator and width field (CVE-2023-25139)
  [30111] time: support_descriptors_list fails after 2038 on 32 bits
    systems
  [30125] dynamic-link: [regression, bisected] glibc-2.37 creates new
    symlink for libraries without soname
  [30130] math: [s390] The _FPU_SETCW macro yields compile error with
    Clang
  [30156] time: Potential ntp_gettime abi break
  [30235] libc: Missing fallback in getlogin if loginuid is unset
  [30258] dynamic-link: sprof cannot read and display shared object
    profiling data correctly
  [30263] libc: Add test coverage for abs(), labs(), and llabs().
  [30305] math: Incorrect asm constraint in feraiseexcept on x86-64
  [30402] libc: FAIL: elf/tst-glibcelf
  [30425] dynamic-link: Symbol lookup during dlclose may fail
    unnecessarily
  [30435] dynamic-link: Root dir wrongly marked as nonexist in open_path
  [30477] libc: [RISCV]: time64 does not work on riscv32
  [30515] dynamic-link: _dl_find_object incorrectly returns 1 during
    early startup
  [30527] network: resolv_conf lock not unlocked on allocation failure
  [30550] math: powerpc64le: GCC-specific code for isinf() is being used
    on clang
  [30555] string: strerror can incorrectly return NULL
  [30579] malloc: trim_threshold in realloc lead to high memory usage
  [30662] nscd: Group and password cache use errno in place of errval

Release Notes
=============

https://sourceware.org/glibc/wiki/Release/2.38

Contributors
============

This release was made possible by the contributions of many people.
The maintainers are grateful to everyone who has contributed
changes or bug reports.  These include:

Adam Yi
Adhemerval Zanella Netto
Alejandro Colomar
Andreas Arnez
Andreas K. Hüttel
Andreas Schwab
Arjun Shankar
Arsen Arsenović
Aurelien Jarno
Ayush Mittal
Bert Wesarg
Carlos O'Donell
Cupertino Miranda
DJ Delorie
Dridi Boukelmoune
Flavio Cruz
Florian Weimer
Frédéric Bérat
Gavin Smith
Guy-Fleury Iteriteka
H.J. Lu
Hsiangkai Wang
Indu Bhagat
Jan-Benedict Glaw
Joan Bruguera
Joe Ramsay
Joe Simmons-Talbott
John David Anglin
Joseph Myers
Julian Squires
Jun Tang
Kacper Piwiński
Kito Cheng
Mahesh Bodapati
Martin Coufal
Maxim Kuvyrkov
Nisha Menon
Noah Goldstein
Paul Eggert
Paul Pluzhnikov
Paul Zimmermann
Pavel Kozlov
Qihao Chencao
Qixing ksyx Xue
Richard Henderson
Robert Morell
Romain Geissler
Ronan Pigott
Roy Eldar
Sachin Monga
Sam James
Samuel Thibault
Sergey Bugaev
Siddhesh Poyarekar
Simon Kissane
Stefan Liebler
Szabolcs Nagy
Tulio Magno Quites Machado Filho
Vitaly Buka
Wilco Dijkstra
Xi Ruoyao
Ying Huang
abushwang
caiyinyu
quxm
Леонид Юрьев (Leonid Yuriev)
наб

We would like to call out the following and thank them for their
tireless patch review:

Adhemerval Zanella
Andreas K. Hüttel
Arjun Shankar
Aurelien Jarno
Carlos Eduardo Seo
Carlos O'Donell
DJ Delorie
Florian Weimer
Joe Simmons-Talbott
Noah Goldstein
Palmer Dabbelt
Paul E. Murphy
Rajalakshmi Srinivasaraghavan
Richard Henderson
Siddhesh Poyarekar
Szabolcs Nagy
Wilco Dijkstra

--
Andreas K. Hüttel
dilfridge@gentoo.org
Gentoo Linux developer
(council, toolchain, base-system, perl, releng)
https://wiki.gentoo.org/wiki/User:Dilfridge
https://www.akhuettel.de/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQKTBAABCgB9FiEE/Rnm0xsZLuTcY+rT3CsWIV7VQSoFAmTH9idfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZE
MTlFNkQzMUIxOTJFRTREQzYzRUFEM0RDMkIxNjIxNUVENTQxMkEACgkQ3CsWIV7V
QSrsmQ//VzR202HDuKzDIrIJZD2WD8kDRyp9Thzb3x87g9gik+qnvngWJOHN2Zla
bn2+fQnxAy4yMUAQmRSJ0LgXaYWuIbEDyFOO5rKEl3LmEvfAiQ5cHdfT3JRyOFgx
g/CosAKFGI7BHxZv9FlhWTxQUgww++vIaFwfxm1LIY0cktBKKBcUiatbVWSxfYx8
pyMLH2d+enpK2HiG6zj1eI2RWEx5BxcKlKl2lHiTEqsPPjlSEplVxoEkb1/mSLZ3
0tIPZHQAi/grovBVcEfnncrR6+8IBKc6IbN4rZxQPvQrDahrU7YWeyZSrwu2LabM
tqhNGmjQEnzX7/x61UkUVO0dNo6VN74rYd1TANSpyGDOKWh7/7QlUQv3dmQf0YCa
xsD9HKNjMvghiaD8p+knw05Dsl4V9WQnkfrNBQ4r/I0k+Cz4YBzaGj0gGj9vraBB
HC2VcIiuLjkbI70Eojc4v+QpUYhotLKmiz6c8zr38WNkIXgL1JAgVMfFjdfCiUsi
HLPXEUvXBm89owaPjED2z9oghp8rtKv9saw8oPlQ5Gx0TKZJ/8F7pUrhzLXGQVxK
QY6arCD7bam9Uzax3Cj5UnTqxX8zCK6YzAIRJCRToEH9RGYMNLd29W3UKg3pDIVU
ucyzGFjBQfVQdRlNa5TQYIniAJ1FH11jZm1WIgI2c9mAp96N+RM=
=6B7K
-----END PGP SIGNATURE-----