| tag name | glibc-2.39 (9609a435f3f9a07c1cf607ad5821b12f735abd69) |
| tag date | 2024-01-31 01:46:40 +0100 |
| tagged by | Andreas K. Hüttel <dilfridge@gentoo.org> |
| tagged object | commit ef321e23c2... |
| download | glibc-2.39.tar.gz glibc-2.39.tar.xz glibc-2.39.zip |
|---|
The GNU C Library version 2.39 is now available
The GNU C Library
=================
The GNU C Library version 2.39 is now available.
The GNU C Library is used as *the* C library in the GNU system and
in GNU/Linux systems, as well as many other systems that use Linux
as the kernel.
The GNU C Library is primarily designed to be a portable
and high performance C library. It follows all relevant
standards including ISO C11 and POSIX.1-2017. It is also
internationalized and has one of the most complete
internationalization interfaces known.
The GNU C Library webpage is at http://www.gnu.org/software/libc/
Packages for the 2.39 release may be downloaded from:
http://ftpmirror.gnu.org/libc/
http://ftp.gnu.org/gnu/libc/
The mirror list is at http://www.gnu.org/order/ftp.html
Distributions are encouraged to track the release/* branches
corresponding to the releases they are using. The release
branches will be updated with conservative bug fixes and new
features while retaining backwards compatibility.
NEWS for version 2.39
=====================
Major new features:
* A new tunable, glibc.cpu.plt_rewrite, can be used to enable PLT
rewrite on x86-64. When enabled with non-lazy binding, the dynamic
linker will rewrite indirect branches in PLT with direct branches.
* Sync with Linux kernel 6.6 shadow stack interface. The --enable-cet
configure option is only supported on x86-64.
* struct statvfs now has an f_type member, equal to the f_type statfs member;
on the Hurd this was always available under a reserved name,
and under Linux a spare has been allocated: it was always zero
in previous versions of glibc, and zero is not a valid result.
* On Linux, the functions posix_spawnattr_getcgroup_np and
posix_spawnattr_setcgroup_np have been added, along with the
POSIX_SPAWN_SETCGROUP flag. They allow posix_spawn and posix_spawnp
to set the cgroupv2 in the new process in a race-free manner. These
functions are GNU extensions and require a kernel with clone3 support.
* On Linux, the pidfd_spawn and pidfd_spawp functions have been added.
They have a similar prototype and semantic as posix_spawn, but instead of
returning a process ID, they return a file descriptor that can be used
along other pidfd functions (like pidfd_send_signal, poll, or waitid).
The pidfd functionality avoids the issue of PID reuse with the traditional
posix_spawn interface.
* On Linux, the pidfd_getpid function has been added. It allows retrieving
the process ID associated with the process file descriptor created by
pid_spawn, fork_np, or pidfd_open.
* scanf-family functions now support the wN format length modifiers for
arguments pointing to types intN_t, int_leastN_t, uintN_t or
uint_leastN_t (for example, %w32d to read int32_t or int_least32_t in
decimal, or %w32x to read uint32_t or uint_least32_t in hexadecimal)
and the wfN format length modifiers for arguments pointing to types
int_fastN_t or uint_fastN_t, as specified in draft ISO C2X.
* A new tunable, glibc.mem.decorate_maps, can be used to add additional
information on underlying memory allocated by the glibc (for instance,
on thread stack created by pthread_create or memory allocated by
malloc).
* The <stdbit.h> header has been added from ISO C2X, with
stdc_leading_zeros, stdc_leading_ones, stdc_trailing_zeros,
stdc_trailing_ones, stdc_first_leading_zero, stdc_first_leading_one,
stdc_first_trailing_zero, stdc_first_trailing_one, stdc_count_zeros,
stdc_count_ones, stdc_has_single_bit, stdc_bit_width, stdc_bit_floor
and stdc_bit_ceil function families, each having functions for
unsigned char, unsigned short, unsigned int, unsigned long int and
unsigned long long int, and a type-generic macro.
* On AArch64 new symbols were added to libmvec and now math.h has
annotations to allow GCC 9 or newer to auto-vectorize calls to the
following scalar math functions when -ffast-math is specified:
acos, acosf, asin, asinf, atan, atanf, atan2, atan2f, cos, cosf,
exp, expf, exp10, exp10f, exp2, exp2f, expm1, expm1f, log, logf,
log10, log10f, log1p, log1pf, log2, log2f, sin, sinf, tan, tanf.
Deprecated and removed features, and other changes affecting compatibility:
* The ldconfig program now skips file names containing ';' or ending in
".dpkg.tmp" or ".dpkg.new", to avoid examining temporary files created
by the RPM and dpkg package managers.
* libcrypt has been removed from the GNU C Library. The configure
options "--enable-crypt" and "--enable-nss-crypt" are no longer
available. <crypt.h>, libcrypt.a, and libcrypt.so.1 will not be
installed. For now <unistd.h> continues to declare the crypt
function by default, to avoid introducing vulnerabilities into
existing applications due to a missing prototype. This declaration
is deprecated and may be removed in a future glibc release.
The replacement for libcrypt is libxcrypt, maintained separately from
GNU libc, but available under compatible licensing terms, and providing
binary backward compatibility with the former libcrypt. It is currently
distributed from <https://github.com/besser82/libxcrypt/>.
As a consequence of this removal, GNU libc no longer makes any use of
the NSS cryptography library (Network Security Services; not to be
confused with Name Service Switch). Distributors of binary packages
of GNU libc are advised to check whether their build processes can be
simplified.
* The dynamic linker calls the malloc and free functions in more cases
during TLS access if a shared object with dynamic TLS is loaded and
unloaded. This can result in an infinite recursion if a malloc
replacement library or its dependencies use dynamic TLS instead of
initial-exec TLS.
* The ia64*-*-linux-gnu configurations are no longer supported.
Changes to build and runtime requirements:
* Building on LoongArch requires at a minimum binutils 2.41 for vector
instructions.
Security related changes:
The following CVEs were fixed in this release, details of which can be
found in the advisories directory of the release tarball:
GLIBC-SA-2023-0002:
getaddrinfo: Stack read overflow in no-aaaa mode (CVE-2023-4527)
GLIBC-SA-2023-0003:
getaddrinfo: Potential use-after-free (CVE-2023-4806)
GLIBC-SA-2023-0004:
tunables: local privilege escalation through buffer overflow
(CVE-2023-4911)
GLIBC-SA-2024-0001:
syslog: Heap buffer overflow in __vsyslog_internal (CVE-2023-6246)
GLIBC-SA-2024-0002:
syslog: Heap buffer overflow in __vsyslog_internal (CVE-2023-6779)
GLIBC-SA-2024-0003:
syslog: Integer overflow in __vsyslog_internal (CVE-2023-6780)
The following bugs are resolved with this release:
[14522] localedata: fy_DE: LC_IDENTIFICATION data looks weird
[19305] libc: qsort() should return early if (nmemb <= 1)
[19479] localedata: gbm_IN: new Garhwali Locale
[19924] dynamic-link: TLS performance degradation after dlopen
[19956] localedata: ssy_ER: rename from aa_ER@saaho
[21719] libc: stdlib/msort : optimizing merge sort
[22526] localedata: th_TH LC_COLLATE does not use copy "iso14651_t1"
[23012] localedata: el_GR: Greece now uses the 24h format for time
[23172] localedata: miq_NI: Provide actually abbreviated month names
[24006] localedata: Cyclic dependencies via copy in locales
[24013] localedata: am_pm definitions for es_ES
[24386] localedata: crh_RU: new locale
[24877] localedata: [Redundant Data] Remove redundant data between
en_NZ and en_AU
[25868] localedata: Incorrect trailing spaces in weekday names for
nn_NO
[26752] localedata: Please add the new locale zgh_MA
[27069] dynamic-link: Need a way to tell if a tunable is set by user
[27163] localedata: Error on test glk_IR with localedef
[27312] localedata: su_ID: new Sundanese locale
[27547] manual: "Summary of malloc-Related Functions" shows wrong
argument order for `aligned_alloc` and `memalign`
[27574] libc: glibc should probably not define __WORDSIZE=64 for
__sparcv9
[27601] localedata: License information update in
localedata/locales/ast_ES
[28558] localedata: it_IT LC_MONETARY outdated p_cs_precedes and
n_cs_precedes
[28787] localedata: Add information for Occitan
[29039] dynamic-link: Corrupt DTV after reuse of a TLS module ID
following dlclose with unused TLS
[29486] localedata: New Zealand locales (en_NZ & mi_NZ) first day of
week should be Monday
[29504] localedata: Incorrect/misleading Time Format For ms_MY (AM/PM)
[29506] localedata: UTF-8 HANGUL SYLLABLE bugs
[30349] libc: Support returning a pidfd from posix_spawn()
[30412] localedata: d_t_fmt in id_ID uses %r placeholder but am_pm and
t_fmt_ampm are undefined
[30605] localedata: New locale for Komi language
[30649] localedata: [PATCH] Add transliteration of common emojis to
smileys
[30694] locale: The iconv program no longer tells the user which given
encoding name was wrong
[30709] nscd: nscd fails to build with cleanup handler if built with
-fexceptions
[30737] libc: fdopendir() is not robust - returns bogus DIR* instead
of flagging an error
[30740] build: [m68k] undefined reference to
`_wordcopy_fwd_dest_aligned'
[30745] libc: Slight bug in cache info codes for x86
[30750] network: Unaligned accesses in resolver
[30773] math: [m68k] busybox awk is broken (lshift.S related)
[30789] libc: [2.38 Regression] sem_open will fail on multithreaded
scenarios when semaphore file doesn't exist (O_CREAT)
[30800] nscd: Improper assert in prune_cache triggers if clock jumps
backwards
[30804] libc: F_GETLK, F_SETLK, and F_SETLKW value change for
powerpc64 with -D_FILE_OFFSET_BITS=64
[30842] network: Stack read overflow in getaddrinfo in no-aaaa mode
(CVE-2023-4527)
[30843] network: potential use-after-free in getcanonname
(CVE-2023-4806)
[30854] localedata: Update locale data to Unicode 15.1.0
[30884] network: Memory leak in getaddrinfo after fix for bug 30843
(CVE-2023-5156)
[30932] libc: Fortify Source has false-positives when too many files
are open
[30945] malloc: Core affinity setting incurs lock contentions between
threads
[30960] math: signed integer overflow in
glibc/sysdeps/s390/fpu/feenablxcpt.c
[30964] locale: Number grouping check mishandles multibyte thousands
separator
[30981] dynamic-link: dlclose does not properly implement force-first
handling
[30988] math: fesetexcept raises floating-point exception traps on
ppc, ppc64, ppc64le
[30989] math: fesetexcept raises floating-point exception traps on
i386
[30990] libc: fesetexceptflag raises floating-point exception traps on
i386, x86_64
[30998] math: fesetexceptflag clears too many floating-point exception
flags on alpha
[31019] manual: The documentation of feenableexcept is incomplete
[31022] math: feupdateenv (FE_DFL_ENV) crashes on riscv
[31035] libc: Library search path terminates on relative non-directory
name
[31042] libc: [s390x] .init and .fini padding
[31068] libc: sysdeps: sparc: invalid data access in memset due to
regression
[31078] manual: Code example in "Noncanonical Mode Example" has unused
'char *name;'
[31086] localedata: Errors in Tibetan, Dzongkha data
[31113] string: Wrong unwind information for rawmemchr on aarch64
[31151] libc: [RISC-V] missing support for profile/audit PLT setup
[31163] nss: getaddrinfo returns EAI_NONAME in oom situation
[31183] stdio: Wide stream buffer size reduced MB_LEN_MAX bytes after
bug 17522 fix
[31184] dynamic-link: FAIL: elf/tst-tlsgap
[31185] dynamic-link: Incorrect thread point access in
_dl_tlsdesc_undefweak and _dl_tlsdesc_dynamic
[31187] dynamic-link: Some CET tests fail with GCC 14
[31204] localedata: Fix decimal point and thousands separator for
uz_UZ
[31205] localedata: Inconsistent (mon_)grouping formats
[31218] dynamic-link: PLT rewrite overflows large displacement on x32
[31221] localedata: Add localedata for ISO code "tok" (Toki Pona)
[31230] dynamic-link: PLT rewrite failed without SELinux
[31239] localedata: anp_IN locale: abbreviated month names are the
same as the full month names
[31244] nptl: pthread_cancel hangs on sparc32
[31257] localedata: Sync with CLDR: “Turkey” -> “Türkiye”
[31266] string: sparc: string/tst-memmove-overflow fails on 32-bit
sparcv9
[31276] libc: Wrong condition for heap allocation in qsort_r
Release Notes
=============
https://sourceware.org/glibc/wiki/Release/2.39
Contributors
============
This release was made possible by the contributions of many people.
The maintainers are grateful to everyone who has contributed
changes or bug reports. These include:
Adam Jackson
Adhemerval Zanella Netto
Amrita H S
Andreas K. Hüttel
Andreas Larsson
Andreas Schwab
Arjun Shankar
Aurelien Jarno
Bruno Haible
Bruno Victal
Carlos O'Donell
Christoph Müllner
Colin Leroy-Mira
DJ Delorie
Daniel Cederman
Dennis Brendel
Flavio Cruz
Florian Weimer
Frederic Cambus
Gaël PORTAY
Guy-Fleury Iteriteka
H.J. Lu
Hector Martin
Jan Palus
Janet Blackquill
Joe Ramsay
Joe Simmons-Talbott
John David Anglin
Joseph Myers
Kir Kolyshkin
Kuan-Wei Chiu
Ludwig Rydberg
MAHESH BODAPATI
Mahesh Bodapati
Manjunath Matti
Mark Wielaard
Matthew Sterrett
Maxim Kuvyrkov
Mike FABIAN
Noah Goldstein
Paul Eggert
Qingqing Li
Romain Geissler
RushingAlien
Sajan Karumanchi
Sam James
Samuel Thibault
Sergei Trofimovich
Sergey Bugaev
Sergio Durigan Junior
Siddhesh Poyarekar
Simon Chopin
Stefan Liebler
Sunil K Pandey
Szabolcs Nagy
Tobias Klauser
Valery Ushakov
Volker Weißmann
Wilco Dijkstra
Xi Ruoyao
Yang Yujie
Yanzhang Wang
Ying Huang
caiyinyu
dengjianbo
lijianglin
наб
We would like to call out the following and thank them for their
tireless patch review:
Adhemerval Zanella
Alejandro Colomar
Andreas K. Hüttel
Andreas Schwab
Arjun Shankar
Carlos O'Donell
DJ Delorie
Florian Weimer
H.J. Lu
Joe Simmons-Talbott
Mike Fabian
Noah Goldstein
Paul E. Murphy
Peter Bergner
Premachandra Mallappa
Rajalakshmi Srinivasaraghavan
Samuel Thibault
Siddhesh Poyarekar
Stefan Liebler
Sunil K Pandey
Szabolcs Nagy
--
Andreas K. Hüttel
dilfridge@gentoo.org
Gentoo Linux developer
(council, toolchain, base-system, perl, releng)
https://wiki.gentoo.org/wiki/User:Dilfridge
https://www.akhuettel.de/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQKTBAABCgB9FiEE/Rnm0xsZLuTcY+rT3CsWIV7VQSoFAmW5mNNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZE
MTlFNkQzMUIxOTJFRTREQzYzRUFEM0RDMkIxNjIxNUVENTQxMkEACgkQ3CsWIV7V
QSo4Qw//QpiwbsMoQhB/6HeI3+7UUdiYDQWL8a3OVTZB2tNBrUQ7zrZMHpXJ4tR7
zTjRCAP0E5EA4pMElbqFEZxwI9DpRe5YEBaZsNvg09zHAPTJxNtKDK4mHSK4VQJ2
5KnedBcFvAyWJnUQ4DAB5HEHe2pPW2dqQaU2XtqnixYEfnH4+jlTS6pTInaAEN+H
UcHtrRZ3m0kYU47hCU8qDFj9Sal5+I6MnFmIaAl/emYjiRVxwvH2cA8mTnlVK7T5
EL49vXU/CbKh3R24xDoYBbtjjXGQ9NT3OW8KXy/9njIM/nr25G/fwMsZHPUlxj86
2+I6JC0RILHCIHCrEX1uoDS+YELCh7AF/cMatU/n42mGK7jBAVgrOcPwtxWME/xH
mOK7FnELTEzmIJ7EBJSW3FMLxvfeA1SO0GTIfXdEsnsdXSRQyaoDhJyubitT34kD
B4k2rmyNRtB1Zgo+cuUSsMM0YuRJJwMBn4kAN3svkNxzsP5oIROm0/FysM8tuhK6
JrDioD24pnnG9w/eFCJUaLa5sSQ4iNw62zEW1wdw6pzRYkAU1g2Q0UPgnjVWQaoM
BV/6GeAivWsGLy7T+ILvDTARzgS+enWRWixd8S7rqMJAVVfGZHCyVACfC41a7unR
b+ti8/uXsmVT7H0rqapscYYF5oVgyQAtYxPwA9g/tp1YRKgfKHk=
=e2a/
-----END PGP SIGNATURE-----