Tags: RIKEN-SysSoft/PiP-glibc
Tags
undo the commit which sets PID/TID at the time of thread creation
CentOS 7 glibc-rh1401665-5.patch: mutex: Fix robust mutex lock acquir… …e (Bug 21778) commit 5920a4a Author: Carlos O'Donell <carlos@redhat.com> Date: Sat Jul 29 00:02:03 2017 -0400 mutex: Fix robust mutex lock acquire (Bug 21778) 65810f0 fixed a robust mutex bug but introduced BZ 21778: if the CAS used to try to acquire a lock fails, the expected value is not updated, which breaks other cases in the loce acquisition loop. The fix is to simply update the expected value with the value returned by the CAS, which ensures that behavior is as if the first case with the CAS never happened (if the CAS fails). This is a regression introduced in the last release. Tested on x86_64, i686, ppc64, ppc64le, s390x, aarch64, armv7hl.
The GNU C Library ================= The GNU C Library version 2.24 is now available. The GNU C Library is used as *the* C library in the GNU system and in GNU/Linux systems, as well as many other systems that use Linux as the kernel. The GNU C Library is primarily designed to be a portable and high performance C library. It follows all relevant standards including ISO C11 and POSIX.1-2008. It is also internationalized and has one of the most complete internationalization interfaces known. The GNU C Library webpage is at http://www.gnu.org/software/libc/ Packages for the 2.24 release may be downloaded from: http://ftpmirror.gnu.org/libc/ http://ftp.gnu.org/gnu/libc/ The mirror list is at http://www.gnu.org/order/ftp.html NEWS for version 2.24 ===================== * The minimum Linux kernel version that this version of the GNU C Library can be used with is 3.2, except on i[4567]86 and x86_64, where Linux kernel version 2.6.32 or later suffices (on architectures that already required kernel versions more recent than 3.2, those requirements remain unchanged). Linux 3.2 or later kernel headers are required on all architectures. * The pap_AN locale has been deleted. This has been deprecated for a long time. It has been replaced by pap_AW & pap_CW, both of which have long been included in previous releases. * The readdir_r and readdir64_r functions have been deprecated. It is recommended to use readdir and readdir64 instead. * The type “union wait” has been removed. It was deprecated in the early 1990s and never part of POSIX. Application code should use the int type instead of “union wait”. * A new NSS action is added to facilitate large distributed system administration. The action, MERGE, allows remote user stores like LDAP to be merged into local user stores like /etc/groups in order to provide easy to use, updated, and managed sets of merged credentials. The new action can be used by configuring it in /etc/nsswitch.conf: group: files [SUCCESS=merge] nis Implemented by Stephen Gallagher (Red Hat). * The deprecated __malloc_initialize_hook variable has been removed from the API. * The long unused localedef --old-style option has been removed. It hasn't done anything in over 16 years. Scripts using this option can safely drop it. * nextupl, nextup, nextupf, nextdownl, nextdown and nextdownf are added to libm. They are defined by TS 18661 and IEEE754-2008. The nextup functions return the next representable value in the direction of positive infinity and the nextdown functions return the next representable value in the direction of negative infinity. These are currently enabled as GNU extensions. Security related changes: * An unnecessary stack copy in _nss_dns_getnetbyname_r was removed. It could result in a stack overflow when getnetbyname was called with an overly long name. (CVE-2016-3075) * Previously, getaddrinfo copied large amounts of address data to the stack, even after the fix for CVE-2013-4458 has been applied, potentially resulting in a stack overflow. getaddrinfo now uses a heap allocation instead. Reported by Michael Petlan. (CVE-2016-3706) * The glob function suffered from a stack-based buffer overflow when it was called with the GLOB_ALTDIRFUNC flag and encountered a long file name. Reported by Alexander Cherepanov. (CVE-2016-1234) * The Sun RPC UDP client could exhaust all available stack space when flooded with crafted ICMP and UDP messages. Reported by Aldy Hernandez' alloca plugin for GCC. (CVE-2016-4429) * The IPv6 name server management code in libresolv could result in a memory leak for each thread which is created, performs a failing naming lookup, and exits. Over time, this could result in a denial of service due to memory exhaustion. Reported by Matthias Schiffer. (CVE-2016-5417) The following bugs are resolved with this release: [1170] localedata: ne_NP: update Nepali locale definition file [3629] manual: stpcpy description in string.texi refers to MS-DOG instead of MS-DOS. [6527] malloc: [powerpc] Malloc alignment insufficient for PowerPC [6796] math: fdim() does not set errno on overflow [10354] libc: posix_spawn should use vfork() in more cases than presently [11213] localedata: localedata: add copyright disclaimer to locale files [12143] localedata: chr_US: new Cherokee locale [12450] localedata: sgs_LT: new locale [12676] localedata: ln_CD: new locale [13237] localedata: LC_ADDRESS.country_name: update all locales w/latest CLDR data [13304] math: fma, fmaf, fmal produce wrong results [14259] build: --localedir arg to configure is ignored [14499] nptl: Does posix_spawn invoke atfork handlers / use vfork? [14750] libc: Race condition in posix_spawn vfork usage vs signal handlers [14934] localedata: es_CL: wrong first weekday chilean locale [15262] localedata: LC_MESSAGES.yesexpr/noexpr: inconsistent use of romanisation [15263] localedata: LC_MESSAGES.yesexpr/noexpr: inconsistent use of 1/0 and +/- [15264] localedata: LC_MESSAGES.yesstr/nostr: lacking in many locales [15368] nptl: raise() is not async-signal-safe [15479] math: ceil, floor, round and trunc raise inexact exception [15578] localedata: kk_KZ: various updates [16003] localedata: pap_AN: punt old locale [16137] localedata: iw_IL: punt old locale [16190] localedata: eo: new esperanto locale [16374] localedata: lv_LV: change currency symbol in LC_MONETARY to euro [16742] malloc: race condition: pthread_atfork() called before first malloc() results in unexpected locking behaviour/deadlocks [16975] localedata: LC_MESSAGES.yesexpr/noexpr: revisit capitalization in all locales [16983] localedata: postal_fmt does not allow %l and %n modifiers [17565] localedata: pt_PT: wrong (work-)week start [17899] math: [powerpc] floorl returns negative zero with FE_DOWNWARD [17950] build: Build fails with -msse [18205] localedata: be_BY*: wrong first_weekday and first_workday [18433] libc: posix_spawn does not return correctly upon failure to execute [18453] localedata: charmaps/IBM875: incorrect codes [18712] string: bits/string2.h incompatible with -O2 -Werror=packed -Wsystem-headers [18896] localedata: he_IL: improvements for currency [18911] localedata: ro_RO: Correcting week day name for "Tuesday" in Romanian locale data [18960] locale: s390: _nl_locale_subfreeres uses larl opcode on misaligned symbol [19056] libc: Deprecate readdir_r [19133] localedata: pt_*: days & months should be lowercase in Portuguese language [19198] localedata: nl_NL: small improvements for Dutch locales [19257] network: Per-thread memory leak in __res_vinit with IPv6 nameservers (CVE-2016-5417) [19269] build: tst-audit4 and tst-audit10 failures with gcc-6 on non avx machine [19400] locale: Language missing in "iso-639.def", trivial fix in description [19431] malloc: Deadlock between fflush, getdelim, and fork [19505] libc: Incorrect file descriptor validity checks in posix_spawn_file_actions_add{open,close,dup2} [19509] dynamic-link: dlsym, dlvsym do not report errors through dlerror when using RTLD_NEXT [19512] locale: Stale `#ifndef HAVE_BUILTIN_EXPECT' in `intl/{gettextP,loadinfo}.h' [19534] libc: execle, execlp may use malloc [19568] localedata: *_CH: Swiss locales have inconsistent start of week [19573] network: res_nclose and __res_maybe_init disagree about name server initialization, breaking Hesiod [19575] localedata: Status of GB18030 tables [19581] localedata: sr_* date_fmt string contains additional newline [19583] string: SSSE3_Fast_Copy_Backward flag needs to be enabled for AMD Excavator core [19592] math: [ldbl-128ibm] ceill incorrect in non-default rounding modes [19593] math: [ldbl-128ibm] truncl incorrect in non-default rounding modes [19594] math: [ldbl-128ibm] roundl incorrect in non-default rounding modes [19595] math: [ldbl-128ibm] fmodl incorrect for results in subnormal double range [19602] math: [ldbl-128ibm] fmodl handling of equal arguments with low part zero incorrect [19603] math: [ldbl-128ibm] remainderl, remquol incorrect sign handling in equality tests [19610] dynamic-link: ldconfig -X removes stale symbolic links [19613] libc: s390x (64 bit) macro expansion WCOREDUMP and others [19633] locale: strfmon_l applies global locale to number formatting [19642] network: Memory leak in getnameinfo [19648] libc: test-skeleton.c: Do not set RLIMIT_DATA [19653] libc: Potential for NULL pointer dereference (CWE-476) in glibc-2.22 [19654] math: [x86_64] Need testcase for BZ #19590 fix [19671] localedata: Missing Sanity Check for malloc() in 'tst-fmon.c' & 'tst-numeric.c' [19674] math: [ldbl-128ibm] powl incorrect overflow handling [19677] math: [ldbl-128ibm] remainderl equality test incorrect for zero low part [19678] math: [ldbl-128ibm] nextafterl, nexttowardl incorrect sign of zero result [19679] dynamic-link: gcc-4.9.3 C++ exception handling broken due to unaligned stack [19726] locale: Converting UCS4LE to INTERNAL with iconv() does not update pointers and lengths in error-case. [19727] locale: Converting from/to UTF-xx with iconv() does not always report errors on UTF-16 surrogates values. [19755] nscd: nscd assertion failure in gc [19758] dynamic-link: Typo in EXTRA_LD_ENVVARS for x86-64 [19759] libc: mempcpy shouldn't be inlined [19762] dynamic-link: HAS_CPU_FEATURE/HAS_ARCH_FEATURE are easy to misuse [19765] libc: s390 needs an optimized mempcpy [19779] glob: glob: buffer overflow with GLOB_ALTDIRFUNC due to incorrect NAME_MAX limit assumption (CVE-2016-1234) [19783] build: benchtests don't support --enable-hardcoded-path-in-tests [19787] network: Missing and incorrect truncation checks in getnameinfo [19790] math: [ldbl-128ibm] nearbyintl incorrect in non-default rounding modes [19791] network: Assertion failure in res_query.c with un-connectable name server addresses [19792] libc: MIPS: backtrace yields infinite backtrace with makecontext [19822] math: libm.so install clobbers old version [19825] network: resolv: send_vc can return uninitialized data in second response to getaddrinfo [19830] network: nss_dns: should check RDATA length against buffer length [19831] network: nss_dns: getaddrinfo returns uninitialized data when confronted with A/AAAA records of invalid size [19837] nss: nss_db: No retries for some long lines with a larger buffer [19848] math: powl(10,n) for n=-4,-5,-6,-7 is off by more than 1 ULP [19853] stdio: Printing IBM long double in decimal with high precision is sometimes incorrect [19860] build: x86_64: compile errors for tst-audit10 and tst-auditmod10b [19861] nptl: libpthread IFUNC resolver for fork can lead to crash [19862] network: resolv, nss_dns: Remove remaining logging of unexpected record types [19865] network: Assertion failure or memory leak in _nss_dns_getcanonname_r [19868] network: nss_dns: netent code does not skip over non-PTR records [19879] network: nss_dns: Stack overflow in getnetbyname implementation (CVE-2016-3075) [19881] string: Improve x86-64 memset [19907] string: Incorrect memcpy tests [19916] dynamic-link: S390: fprs/vrs are not saved/restored while resolving symbols [19925] libc: termios.h XCASE namespace [19928] string: memmove-vec-unaligned-erms.S is slow with large data size [19929] libc: limits.h NL_NMAX namespace [19931] stdio: Memory leak in vfprintf [19957] libc: clone(CLONE_VM) access invalid parent memory [19963] localedata: en_IL: New locale [19989] stdio: stdio.h cuserid namespace [19994] network: getaddrinfo does not restore RES_USE_INET6 flag in gethosts [19996] locale: langinfo.h nl_langinfo_l namespace [20005] stdio: fflush on a file opened with fmemopen resets position to 0 [20010] network: getaddrinfo: Stack overflow in hostent translation (CVE-2016-3706) [20012] stdio: libio: fmemopen append mode failure [20014] stdio: stdio.h namespace for pre-threads POSIX [20017] network: resolv: Use gmtime_r instead of gmtime in p_secstodate [20023] libc: fcntl.h timespec namespace [20024] math: [x86_64] vectorized sincos trashes the stack [20031] network: nss_hesiod: Heap overflow in get_txt_records [20041] time: sys/time.h timespec namespace [20043] libc: unistd.h missing cuserid for UNIX98 and before [20044] libc: unistd.h missing pthread_atfork for UNIX98 [20051] libc: ttyslot in wrong header under wrong conditions [20054] libc: gethostname not declared for XPG4 [20055] libc: termios.h missing tcgetsid for XPG4 [20072] dynamic-link: x86 init_cpu_features is called twice in static executable [20073] libc: sys/stat.h fchmod namespace [20074] libc: stdlib.h rand_r namespace [20076] libc: sys/stat.h missing S_IFSOCK, S_ISSOCK for XPG4 [20094] libc: stdlib.h should not declare grantpt, ptsname, unlockpt for XPG3 [20111] libc: struct sockaddr_storage cannot be aggregate-copied [20112] network: sunrpc: stack (frame) overflow in Sun RPC clntudp_call (CVE-2016-4429) [20115] string: Extra alignment in memset-vec-unaligned-erms.S [20119] libc: Wrong mask for processors level type from CPUID [20139] dynamic-link: Upper part of zmm is zeroed if Glibc is built with AS not supporting AVX512 [20151] math: [ldbl-128/ldbl-128ibm] j0l, j1l, y0l, y1l return sNaN for sNaN argument [20153] math: [ldbl-128ibm] sqrtl (sNaN) returns sNaN [20156] math: [ldbl-128ibm] ceill, rintl etc. return sNaN for sNaN argument [20157] math: [powerpc] fabsl (sNaN) wrongly raises "invalid" [20160] math: [powerpc] ceil, rint etc. return sNaN for sNaN input [20178] libc: posix_spawn{p} should not call exit [20191] stdio: libio: vtables hardening [20195] string: FMA4 detection requires CPUID execution with register eax=0x80000001 [20198] libc: quick_exit incorrectly destroys C++11 thread objects. [20205] math: [i386/x86_64] nextafterl incorrect incrementing negative subnormals [20212] math: acos (sNaN) returns sNaN [20213] math: asin (sNaN) returns sNaN [20214] network: Linux header sync with linux/in6.h and ipv6.h again. [20218] math: [i386] asinhl (sNaN) returns sNaN [20219] math: [i386] atanhl (sNaN) returns sNaN [20222] stdio: fopencookie: Mangle function pointers [20224] math: [i386] cbrtl (sNaN) returns sNaN [20225] math: ldexp, scalbn, scalbln return sNaN for sNaN input [20226] math: [i386/x86_64] expl, exp10l, expm1l return sNaN for sNaN input [20227] math: [i386/x86_64] logl (sNaN) returns sNaN [20228] math: [i386/x86_64] log10l (sNaN) returns sNaN [20229] math: [i386/x86_64] log1pl (sNaN) returns sNaN [20232] math: [ldbl-128] expm1l (sNaN) returns sNaN [20233] math: [ldbl-128ibm] expm1l (sNaN) returns sNaN [20234] math: [ldbl-128ibm] log1pl (sNaN) returns sNaN [20235] math: [i386/x86_64] log2l (sNaN) returns sNaN [20237] nss: nss_db: get*ent segfaults without preceding set*ent [20240] math: modf (sNaN) returns sNaN [20248] libc: debug/tst-longjump_chk2 calls printf from a signal handler [20250] math: frexp (sNaN) returns sNaN [20252] math: atan2 (sNaN, qNaN) fails to raise "invalid" [20255] math: [i386] fdim, fdimf return with excess range and precision / double rounding [20256] math: [i386/x86_64] fdiml returns sNaN for sNaN input [20260] string: ../sysdeps/x86/bits/string.h:1092:3: error: array subscript is below array bounds [-Werror=array-bounds] [20262] nis: _nss_nis_initgroups_dyn always returns NSS_STATUS_NOTFOUND [20263] nptl: robust mutex deadlocks if other thread requests timedlock (Only arm/linux) [20277] libc: $dp is not initialized correctly in sysdeps/hppa/start.S [20284] malloc: malloc: Corrupt arena avoidance causes unnecessary mmap fallbacks [20296] math: [i386/x86_64] scalbl returns sNaN for sNaN input, missing "invalid" exceptions [20314] nptl: make[4]: *** [/usr/include/stdlib.h] Error 1 [20316] localedata: id_ID: Februari instead of Pebruari [20327] string: POWER8 strcasecmp returns incorrect result [20347] math: Failure: Test: j0_downward (0xap+0) [20348] libc: FAIL: misc/tst-preadvwritev64 [20349] libc: 64-bit value is passed differently in p{readv,writev}{64} [20350] libc: There is no test for p{read,write}64 [20357] math: Incorrect cos result for 1.5174239687223976 [20384] build: Don't run libmvec-sincos-avx* tests on non avx machines Contributors ============ This release was made possible by the contributions of many people. The maintainers are grateful to everyone who has contributed changes or bug reports. These include: Adhemerval Zanella Andreas Schwab Andrew Senkevich Anton Blanchard Arnas Udovičius Aurelien Jarno Carlos Eduardo Seo Carlos O'Donell Chris Metcalf Chung-Lin Tang Claude Paroz Dimitris Pappas Dmitry V. Levin Dylan Alex Simon Eduardo Trápani Florian Weimer Gabriel F. T. Gomes Gunnar Hjalmarsson Gustavo Romero Guy Rutenberg H.J. Lu Hongjiu Zhang Jiyoung Yun John David Anglin Joseph Myers Khem Raj Maciej W. Rozycki Mark Wielaard Marko Myllynen Martin Galvan Matthew Fortune Matthias Wallnoefer Mike FABIAN Mike Frysinger Neskie Manuel Nick Alcock Paras pradhan Paul E. Murphy Paul Pluzhnikov Rajalakshmi Srinivasaraghavan Rical Jasan Richard Henderson Robin van der Vliet Roland McGrath Samuel Thibault Siddhesh Poyarekar Simion Onea Stefan Liebler Stephen Gallagher Szabolcs Nagy Timur Birsh Torvald Riegel Tulio Magno Quites Machado Filho Wilco Dijkstra Will Newton Yvan Roux Zack Weinberg
CentOS 7 glibc-rh1331283-4.patch: Bug 20214: Fix linux/in6.h and neti… …net/in.h sync. commit c9bd40d Author: Carlos O'Donell <carlos@redhat.com> Date: Tue Jun 7 04:46:37 2016 -0400 Bug 20214: Fix linux/in6.h and netinet/in.h sync. In: https://sourceware.org/glibc/wiki/Synchronizing_Headers we explain how we synchronize our headers with Linux kernel headers. In order to synchronize with the Linux linux/in6.h and linux/ipv6.h headers we checked for their guard macros and then defined __USE_KERNEL_IPV6_DEFS and conditionalized code on this macro. In upstream kernel 56c176c9 the _UAPI prefix was stripped and this broke our synchronized headers again. We now need to check for _LINUX_IN6_H and _IPV6_H, and keep checking the old versions of the header guard checks for maximum backwards compatibility with older Linux headers (the history is actually a bit muddled here and it appears upstream linus kernel broke this 10 months *before* our fix was ever applied to glibc, but without glibc testing we didn't notice and distro kernels have their own testing to fix this). This patch fixes synchronization with linux/in6.h and with netinet/in.h.
The GNU C Library ================= The GNU C Library version 2.23 is now available. The GNU C Library is used as *the* C library in the GNU system and in GNU/Linux systems, as well as many other systems that use Linux as the kernel. The GNU C Library is primarily designed to be a portable and high performance C library. It follows all relevant standards including ISO C11 and POSIX.1-2008. It is also internationalized and has one of the most complete internationalization interfaces known. The GNU C Library webpage is at http://www.gnu.org/software/libc/ Packages for the 2.23 release may be downloaded from: http://ftpmirror.gnu.org/libc/ http://ftp.gnu.org/gnu/libc/ The mirror list is at http://www.gnu.org/order/ftp.html NEWS for version 2.23 ===================== * Unicode 8.0.0 Support: Character encoding, character type info, and transliteration tables are all updated to Unicode 8.0.0, using new and/or improved generator scripts contributed by Mike FABIAN (Red Hat). These updates cause user visible changes, such as the fixes for bugs 89, 16061, and 18568. * sched_setaffinity, pthread_setaffinity_np no longer attempt to guess the kernel-internal CPU set size. This means that requests that change the CPU affinity which failed before (for example, an all-ones CPU mask) will now succeed. Applications that need to determine the effective CPU affinities need to call sched_getaffinity or pthread_getaffinity_np after setting it because the kernel can adjust it (and the previous size check would not detect this in the majority of cases). * The fts.h header can now be used with -D_FILE_OFFSET_BITS=64. With LFS the following new symbols are used: fts64_children, fts64_close, fts64_open, fts64_read and fts64_set. * getaddrinfo now detects certain invalid responses on an internal netlink socket. If such responses are received, an affected process will terminate with an error message of "Unexpected error <number> on netlink descriptor <number>" or "Unexpected netlink response of size <number> on descriptor <number>". The most likely cause for these errors is a multi-threaded application which erroneously closes and reuses the netlink file descriptor while it is used by getaddrinfo. * A defect in the malloc implementation, present since glibc 2.15 (2012) or glibc 2.10 via --enable-experimental-malloc (2009), could result in the unnecessary serialization of memory allocation requests across threads. The defect is now corrected. Users should see a substantial increase in the concurent throughput of allocation requests for applications which trigger this bug. Affected applications typically create create and destroy threads frequently. (Bug 19048 was reported and analyzed by Ericsson.) * There is now a --disable-timezone-tools configure option for disabling the building and installing of the timezone related utilities (zic, zdump, and tzselect). This is useful for people who build the timezone data and code independent of the GNU C Library. * The obsolete header <regexp.h> has been removed. Programs that require this header must be updated to use <regex.h> instead. * The obsolete functions bdflush, create_module, get_kernel_syms, query_module and uselib are no longer available to newly linked binaries; the header <sys/kdaemon.h> has been removed. These functions and header were specific to systems using the Linux kernel and could not usefully be used with the GNU C Library on systems with version 2.6 or later of the Linux kernel. * Optimized string, wcsmbs and memory functions for IBM z13. Implemented by Stefan Liebler. * Newly linked programs that define a variable called signgam will no longer have it set by the lgamma, lgammaf and lgammal functions. Programs that require signgam to be set by those functions must ensure that they use the variable provided by the GNU C Library and declared in <math.h>, without defining their own copy. * The minimum GCC version that can be used to build this version of the GNU C Library is GCC 4.7. Older GCC versions, and non-GNU compilers, can still be used to compile programs using the GNU C Library. Security related changes: * An out-of-bounds value in a broken-out struct tm argument to strftime no longer causes a crash. Reported by Adam Nielsen. (CVE-2015-8776) * The LD_POINTER_GUARD environment variable can no longer be used to disable the pointer guard feature. It is always enabled. Previously, LD_POINTER_GUARD could be used to disable security hardening in binaries running in privileged AT_SECURE mode. Reported by Hector Marco-Gisbert. (CVE-2015-8777) * An integer overflow in hcreate and hcreate_r could lead to an out-of-bounds memory access. Reported by Szabolcs Nagy. (CVE-2015-8778) * The catopen function no longer has unbounded stack usage. Reported by Max. (CVE-2015-8779) * The nan, nanf and nanl functions no longer have unbounded stack usage depending on the length of the string passed as an argument to the functions. Reported by Joseph Myers. (CVE-2014-9761) * A stack-based buffer overflow was found in libresolv when invoked from libnss_dns, allowing specially crafted DNS responses to seize control of execution flow in the DNS client. The buffer overflow occurs in the functions send_dg (send datagram) and send_vc (send TCP) for the NSS module libnss_dns.so.2 when calling getaddrinfo with AF_UNSPEC family. The use of AF_UNSPEC triggers the low-level resolver code to send out two parallel queries for A and AAAA. A mismanagement of the buffers used for those queries could result in the response of a query writing beyond the alloca allocated buffer created by _nss_dns_gethostbyname4_r. Buffer management is simplified to remove the overflow. Thanks to the Google Security Team and Red Hat for reporting the security impact of this issue, and Robert Holiday of Ciena for reporting the related bug 18665. (CVE-2015-7547) The following bugs are resolved with this release: [89] localedata: Locales nb_NO and nn_NO should transliterate æøå [887] math: Math library function "logb" and "nextafter" inconsistent [2542] math: Incorrect return from float gamma (-0X1.FA471547C2FE5P+1) [2543] math: Incorrect return from float gamma (-0X1.9260DCP+1) [2558] math: Incorrect return from double gamma (-0X1.FA471547C2FE5P+1) [2898] libc: [improve] warning: the use of `mktemp' is dangerous, better use `mkstemp' [4404] localedata: German translation of "Alarm clock" is misleading [6799] math: nextafter() and nexttoward() doen't set errno on overflow/underflow errors [6803] math: scalb(), scalbln(), scalbn() do not set errno on overflow/underflow [10432] nis: _nss_nis_setnetgrent assertion failure [11460] libc: fts has no LFS support [12926] network: getaddrinfo()/make_request() may spin forever [13065] nptl: Race condition in pthread barriers [13690] nptl: pthread_mutex_unlock potentially cause invalid access [14341] dynamic-link: Dynamic linker crash when DT_JMPREL and DT_REL{,A} are not contiguous [14551] math: [ldbl-128ibm] strtold overflow handling for IBM long double [14912] libc: Rename non-installed bits/*.h headers [15002] libc: Avoid undefined behavior in posix_fallocate overflow check [15367] math: Let gcc use __builtin_isinf [15384] math: One constant fewer in ieee754/dbl-64/wordsize-64/s_finite.c [15421] math: lgamma wrongly sets signgam for ISO C [15470] math: [arm] On ARM llrintl() and llroundl() do not raise FE_INVALID with argument out of range [15491] math: [i386/x86_64] x86 nearbyint implementations wrongly clear all exceptions [15786] dynamic-link: ifunc resolver functions can smash function arguments [15918] math: Unnecessary check for equality in hypotf() [16061] localedata: Review / update transliteration data [16068] math: [i386/x86_64] x86 and x86_64 fesetenv exclude state they should include [16141] time: strptime %z offset restriction [16171] math: drem should be alias of remainder [16296] math: fegetround is pure? [16347] math: [ldbl-128ibm] ldbl-128/e_lgammal_r.c may not be suitable. [16364 10000 ] libc: sleep may leave SIGCHLD blocked on sync cancellation on GNU/Linux [16399] math: [mips] lrint / llrint / lround / llround missing exceptions [16415] math: Clean up ldbl-128 / ldbl-128ibm expm1l for large positive arguments [16422] math: [powerpc] math-float, math-double failing llrint tests with "Exception "Inexact" set" on ppc32 [16495] localedata: nl_NL: date_fmt: shuffle year/month around [16517] math: Missing underflow exception from tanf/tan/tanl [16519] math: Missing underflow exception from sinhf [16520] math: Missing underflow exception from tanhf [16521] math: Missing underflow exception from exp2 [16620] math: [ldbl-128ibm] exp10l spurious overflows / bad directed rounding results [16734] stdio: fopen calls mmap to allocate its buffer [16961] math: nan function incorrect handling of bad sequences [16962] math: nan function unbounded stack allocation (CVE-2014-9761) [16973] localedata: Fix lang_lib/lang_term as per ISO 639-2 [16985] locale: localedef: confusing error message when opening output fails [17118] math: ctanh(INFINITY + 2 * I) returns incorrect value [17197] locale: Redundant shift character in iconv conversion output at block boundary [17243] libc: trunk/posix/execl.c:53: va_args problem ? [17244] libc: trunk/sysdeps/unix/sysv/linux/semctl.c:116: va_args muxup ? [17250] dynamic-link: static linking breaks nss loading (getaddrinfo/getpwnam/etc...) [17404] libc: atomic_exchange_rel lacking a barrier on MIPS16, GCC before 4.7? [17441] math: isnan() should use __builtin_isnan() in GCC [17514] nptl: Assert failure unlocking ERRORCHECK mutex after timedlock (related to lock elision) [17787] manual: Exponent on page 324 of the PDF ends prematurely [17886] time: strptime should be able to parse "Z" as a timezone with %z [17887] time: strptime should be able to parse "+01:00" style timezones [17905] libc: catopen() Multiple unbounded stack allocations (CVE-2015-8779) [18084] libc: backtrace (..., 0) dumps core on x86 [18086] libc: nice() sets errno to 0 on success [18240] libc: hcreate, hcreate_r should fail with ENOMEM if element count is too large (CVE-2015-8778) [18251] dynamic-link: SONAME missing when audit modules provides path [18265] libc: add attributes for wchar string and memory functions [18370] math: csqrt missing underflows [18421] libc: [hppa] read-only segment has dynamic relocations [18472] libc: Obsolete syscall wrappers should be compat symbols [18480] libc: hppa glibc miscompilation in sched_setaffinity() [18491] localedata: Update tr_TR LC_CTYPE as part of Unicode updates [18525] localedata: Remove locale timezone information [18560] libc: [powerpc] spurious bits/ipc.h definitions [18568] localedata: Update locale data to Unicode 8.0 [18589] locale: sort-test.sh fails at random [18595] math: ctan, ctanh missing underflows [18604] libc: assert macro-expands its argument [18610] math: S390: fetestexcept() reports any exception if DXC-code contains a vector instruction exception. [18611] math: j1, jn missing errno setting on underflow [18618] localedata: sync Chechen locale definitions with other *_RU locales [18647] math: powf(-0x1.000002p0, 0x1p30) returns 0 instead of +inf [18661] libc: Some x86-64 assembly codes don't align stack to 16 bytes [18665] network: In send_dg, the recvfrom function is NOT always using the buffer size of a newly created buffer (CVE-2015-7547) [18674] libc: [i386] trunk/sysdeps/i386/tst-auditmod3b.c:84: possible missing break ? [18675] libc: fpathconf(_PC_NAME_MAX) fails against large filesystems for 32bit processes [18681] libc: regexp.h is obsolete and buggy, and should be desupported [18699] math: tilegx cproj() for various complex infinities does not yield infinity [18724] libc: Harden put*ent functions against data injection [18743] nptl: PowerPC: findutils testcase fails with --enable-lock-elision [18755] build: build errors with -DNDEBUG [18757] stdio: fmemopen fails to set errno on failure [18778] dynamic-link: ld.so crashes if failed dlopen causes libpthread to be forced unloaded [18781] libc: openat64 lacks O_LARGEFILE [18787] libc: [hppa] sysdeps/unix/sysv/linux/hppa/bits/atomic.h:71:6: error: can’t find a register in class ‘R1_REGS’ while reloading ‘asm’ [18789] math: [ldbl-128ibm] sinhl inaccurate near 0 [18790] math: [ldbl-128ibm] tanhl inaccurate [18795] libc: stpncpy fortification misses buffer lengths that are statically too large [18796] build: build fails for --disable-mathvec [18803] math: hypot missing underflows [18820] stdio: fmemopen may leak memory on failure [18823] math: csqrt spurious underflows [18824] math: fma spurious underflows [18825] math: pow missing underflows [18857] math: [ldbl-128ibm] nearbyintl wrongly uses signaling comparisons [18868] nptl: pthread_barrier_init typo has in-theory-undefined behavior [18870] build: sem_open.c fails to compile with missing symbol FUTEX_SHARED [18872] stdio: Fix memory leak in printf_positional [18873] libc: posix_fallocate overflow check ineffective [18875] math: Excess precision leads incorrect libm [18877] libc: arm: mmap offset regression [18887] libc: memory corruption when using getmntent on blank lines [18918] localedata: hu_HU: change time to HH:MM:SS format [18921] libc: Regression: extraneous stat() and fstat() performed by opendir() [18928] dynamic-link: LD_POINTER_GUARD is not ignored for privileged binaries (CVE-2015-8777) [18951] math: tgamma missing underflows [18952] math: [ldbl-128/ldbl-128ibm] lgammal spurious "invalid", incorrect signgam [18953] localedata: lt_LT: change currency symbol to the euro [18956] math: powf inaccuracy [18961] math: [i386] exp missing underflows [18966] math: [i386] exp10 missing underflows [18967] math: math.h XSI POSIX namespace (gamma, isnan, scalb) [18969] build: multiple string test failures due to missing locale dependencies [18970] libc: Reference of pthread_setcancelstate in libc.a [18977] math: float / long double Bessel functions not in XSI POSIX [18980] math: i386 libm functions return with excess range and precision [18981] math: i386 scalb*, ldexp return with excess range and precision [18982] stdio: va_list and vprintf [18985] time: Passing out of range data to strftime() causes a segfault (CVE-2015-8776) [19003] math: [x86_64] fma4 version of pow inappropriate contraction [19007] libc: FAIL: elf/check-localplt with -z now and binutils 2.26 [19012] locale: iconv_open leaks memory on error path [19016] math: clog, clog10 inaccuracy [19018] nptl: Mangle function pointers in tls_dtor_list [19032] math: [i386] acosh (-qNaN) spurious "invalid" exception [19046] math: ldbl-128 / ldbl-128ibm lgamma bad overflow handling [19048] malloc: malloc: arena free list can become cyclic, increasing contention [19049] math: [powerpc] erfc incorrect zero sign [19050] math: [powerpc] log* incorrect zero sign [19058] math: [x86_64] Link fail with -fopenmp and -flto [19059] math: nexttoward overflow incorrect in non-default rounding modes [19071] math: ldbl-96 lroundl incorrect just below powers of 2 [19074] network: Data race in _res_hconf_reorder_addrs [19076] math: [ldbl-128ibm] log1pl (-1) wrong sign of infinity [19077] math: [ldbl-128ibm] logl (1) incorrect sign of zero result [19078] math: [ldbl-128ibm] expl overflow incorrect in non-default rounding modes [19079] math: dbl-64/wordsize-64 lround based on llround incorrect for ILP32 [19085] math: ldbl-128 lrintl, lroundl missing exceptions for 32-bit long [19086] manual: posix_fallocate64 documented argument order is wrong. [19088] math: lround, llround missing exceptions close to overflow threshold [19094] math: lrint, llrint missing exceptions close to overflow threshold [19095] math: dbl-64 lrint incorrect for 64-bit long [19122] dynamic-link: Unnecessary PLT relocations in librtld.os [19124] dynamic-link: ld.so failed to build with older assmebler [19125] math: [powerpc32] llroundf, llround incorrect exceptions [19129] dynamic-link: [arm] Concurrent lazy TLSDESC resolution can crash [19134] math: [powerpc32] lround, lroundf spurious exceptions [19137] libc: i386/epoll_pwait.S doesn't support cancellation [19143] nptl: Remove CPU set size checking from sched_setaffinity, pthread_setaffinity_np [19156] math: [ldbl-128] j0l spurious underflows [19164] nptl: tst-getcpu fails with many possible CPUs [19168] math: math/test-ildoubl and math/test-ldouble failure [19174] nptl: PowerPC: TLE enabled pthread mutex performs poorly. [19178] dynamic-link: ELF_RTYPE_CLASS_EXTERN_PROTECTED_DATA confuses prelink [19181] math: [i386/x86_64] fesetenv (FE_DFL_ENV), fesetenv (FE_NOMASK_ENV) do not clear SSE exceptions [19182] malloc: malloc deadlock between ptmalloc_lock_all and _int_new_arena/reused_arena [19189] math: [ldbl-128] log1pl (-qNaN) spurious "invalid" exception [19201] math: dbl-64 remainder incorrect sign of zero result [19205] math: bits/math-finite.h conditions do not match math.h and bits/mathcalls.h [19209] math: bits/math-finite.h wrongly maps ldexp to scalbn [19211] math: lgamma functions do not set signgam for -ffinite-math-only for C99-based standards [19212] libc: features.h not -Wundef clean [19213] math: [i386/x86_64] log* (1) incorrect zero sign for -ffinite- math-only [19214] libc: Family and model identification for AMD CPU's are incorrect. [19219] libc: GLIBC build fails for ia64 with missing __nearbyintl [19228] math: [powerpc] nearbyint wrongly clears "inexact", leaves traps disabled [19235] math: [powerpc64] lround, lroundf, llround, llroundf spurious "inexact" exceptions [19238] math: [powerpc] round, roundf spurious "inexact" for integer arguments [19242] libc: strtol incorrect in Turkish locales [19243] malloc: reused_arena can pick an arena on the free list, leading to an assertion failure and reference count corruption [19253] time: tzset() ineffective when temporary TZ did not include DST rules [19266] math: strtod ("NAN(I)") incorrect in Turkish locales [19270] math: [hppa] Shared libm missing __isnanl [19285] libc: [hppa] sysdeps/unix/sysv/linux/hppa/bits/mman.h: missing MAP_HUGETLB and MAP_STACK defines [19313] nptl: Wrong __cpu_mask for x32 [19347] libc: grantpt: try to force a specific gid even without pt_chown [19349] math: [ldbl-128ibm] tanhl inaccurate for small arguments [19350] math: [ldbl-128ibm] sinhl spurious overflows [19351] math: [ldbl-128ibm] logl inaccurate near 1 [19363] time: x32: times() return value wrongly truncates/sign extends from 32bit [19367] dynamic-link: Improve branch prediction on Silvermont [19369] network: Default domain name not reset by res_ninit when "search" / "domain" entry is removed from resolv.conf [19375] math: powerpc: incorrect results for POWER7 logb with negative subnormals [19385] localedata: bg_BG: time separator should be colon, not comma [19408] libc: linux personality syscall wrapper may erroneously return an error on 32-bit architectures [19415] libc: dladdr returns wrong names on hppa [19432] libc: iconv rejects redundant escape sequences in IBM900, IBM903, IBM905, IBM907, and IBM909 [19439] math: Unix98 isinf and isnan functions conflict with C++11 [19443] build: build failures with -DDEBUG [19451] build: Make check fails on test-double-vlen2 [19462] libc: Glibc failed to build with -Os [19465] math: Wrong code with -Os [19466] time: time/tst-mktime2.c is compiled into an infinite loop with -Os [19467] string: Fast_Unaligned_Load needs to be enabled for Excavator core CPU's. [19475] libc: Glibc 2.22 doesn't build on sparc [PATCH] [19486] math: S390: Math tests fail with "Exception Inexact set". [19529] libc: [ARM]: FAIL: stdlib/tst-makecontext [19550] libc: [mips] mmap negative offset handling inconsistent with other architectures [19590] math: Fail to build shared objects that use libmvec.so functions. Contributors ============ This release was made possible by the contributions of many people. The maintainers are grateful to everyone who has contributed changes or bug reports. These include: Adhemerval Zanella Alan Modra Amit Pawar Andreas Schwab Andrew Bennett Andrew Senkevich Andrew Stubbs Anton Blanchard Arjun Shankar Arslanbek Astemirov Aurelien Jarno Brett Neumeier Carlos Eduardo Seo Carlos O'Donell Chris Metcalf Chung-Lin Tang Damyan Ivanov Daniel Marjamäki David Kastrup David Lamparter David S. Miller Dmitry V. Levin Egmont Koblinger Evert Flavio Cruz Florian Weimer Gabriel F. T. Gomes Geoffrey Thomas Gleb Fotengauer-Malinovskiy Gunnar Hjalmarsson H.J. Lu Helge Deller James Perkins John David Anglin Joseph Myers Justus Winter Khem Raj Ludovic Courtès Maciej W. Rozycki Manolis Ragkousis Marcin Kościelnicki Mark Wielaard Marko Myllynen Martin Sebor Maxim Ostapenko Mike FABIAN Mike Frysinger Namhyung Kim Ondrej Bilka Ondřej Bílka Paul E. Murphy Paul Eggert Paul Murphy Paul Pluzhnikov Petar Jovanovic Phil Blundell Rajalakshmi Srinivasaraghavan Rasmus Villemoes Richard Henderson Rob Wu Roland McGrath Samuel Thibault Siddhesh Poyarekar Stan Shebs Stefan Liebler Steve Ellcey Szabolcs Nagy Thomas Schwinge Torvald Riegel Tulio Magno Quites Machado Filho Vincent Bernat Wilco Dijkstra Zack Weinberg
The GNU C Library ================= The GNU C Library version 2.22 is now available. The GNU C Library is used as *the* C library in the GNU system and in GNU/Linux systems, as well as many other systems that use Linux as the kernel. The GNU C Library is primarily designed to be a portable and high performance C library. It follows all relevant standards including ISO C11 and POSIX.1-2008. It is also internationalized and has one of the most complete internationalization interfaces known. The GNU C Library webpage is at http://www.gnu.org/software/libc/ Packages for the 2.22 release may be downloaded from: http://ftpmirror.gnu.org/libc/ http://ftp.gnu.org/gnu/libc/ The mirror list is at http://www.gnu.org/order/ftp.html NEWS for version 2.22 ===================== * The following bugs are resolved with this release: 438, 4719, 6544, 6792, 11216, 12836, 13028, 13064, 13151, 13152, 14094, 14292, 14841, 14906, 14958, 15319, 15467, 15790, 15969, 16159, 16339, 16350, 16351, 16352, 16353, 16361, 16512, 16526, 16538, 16559, 16560, 16704, 16783, 16850, 17053, 17090, 17195, 17269, 17293, 17322, 17403, 17475, 17523, 17542, 17569, 17581, 17588, 17596, 17620, 17621, 17628, 17631, 17692, 17711, 17715, 17776, 17779, 17792, 17833, 17836, 17841, 17912, 17916, 17930, 17932, 17944, 17949, 17964, 17965, 17967, 17969, 17977, 17978, 17987, 17991, 17996, 17998, 17999, 18007, 18019, 18020, 18029, 18030, 18032, 18034, 18036, 18038, 18039, 18042, 18043, 18046, 18047, 18049, 18068, 18080, 18093, 18100, 18104, 18110, 18111, 18116, 18125, 18128, 18134, 18138, 18185, 18196, 18197, 18206, 18210, 18211, 18217, 18219, 18220, 18221, 18234, 18244, 18245, 18247, 18287, 18319, 18324, 18333, 18346, 18371, 18383, 18397, 18400, 18409, 18410, 18412, 18418, 18422, 18434, 18444, 18457, 18468, 18469, 18470, 18479, 18483, 18495, 18496, 18497, 18498, 18502, 18507, 18508, 18512, 18513, 18519, 18520, 18522, 18527, 18528, 18529, 18530, 18532, 18533, 18534, 18536, 18539, 18540, 18542, 18544, 18545, 18546, 18547, 18549, 18553, 18557, 18558, 18569, 18583, 18585, 18586, 18592, 18593, 18594, 18602, 18612, 18613, 18619, 18633, 18641, 18643, 18648, 18657, 18676, 18694, 18696. * Cache information can be queried via sysconf() function on s390 e.g. with _SC_LEVEL1_ICACHE_SIZE as argument. * A buffer overflow in gethostbyname_r and related functions performing DNS requests has been fixed. If the NSS functions were called with a misaligned buffer, the buffer length change due to pointer alignment was not taken into account. This could result in application crashes or, potentially arbitrary code execution, using crafted, but syntactically valid DNS responses. (CVE-2015-1781) * The time zone file parser has been made more robust against crafted time zone files, avoiding heap buffer overflows related to the processing of the tzh_ttisstdcnt and tzh_ttisgmtcnt fields, and a stack overflow due to large time zone data files. Overly long time zone specifiers in the TZ variable no longer result in stack overflows and crashes. * A powerpc and powerpc64 optimization for TLS, similar to TLS descriptors for LD and GD on x86 and x86-64, has been implemented. You will need binutils-2.24 or later to enable this optimization. * Character encoding and ctype tables were updated to Unicode 7.0.0, using new generator scripts contributed by Pravin Satpute and Mike FABIAN (Red Hat). These updates cause user visible changes, such as the fix for bug 17998. * CVE-2014-8121 The NSS backends shared internal state between the getXXent and getXXbyYY NSS calls for the same database, causing a denial-of-service condition in some applications. * Added vector math library named libmvec with the following vectorized x86_64 implementations: cos, cosf, sin, sinf, sincos, sincosf, log, logf, exp, expf, pow, powf. The library can be disabled with --disable-mathvec. Use of the functions is enabled with -fopenmp -ffast-math starting from -O1 for GCC version >= 4.9.0. Shared library libmvec.so is linked in as needed when using -lm (no need to specify -lmvec explicitly for not static builds). Visit <https://sourceware.org/glibc/wiki/libmvec> for detailed information. * A new fmemopen implementation has been added with the goal of POSIX compliance. The new implementation fixes the following long-standing issues: BZ#6544, BZ#11216, BZ#12836, BZ#13151, BZ#13152, and BZ#14292. The old implementation is still present for use be by existing binaries. * The 32-bit sparc sigaction ABI was inadvertently broken in the 2.20 and 2.21 releases. It has been fixed to match 2.19 and older, but binaries built against 2.20 and 2.21 might need to be recompiled. See BZ#18694. * Port to Native Client running on ARMv7-A (--host=arm-nacl). Contributed by Roland McGrath (Google). Contributors ============ This release was made possible by the contributions of many people. The maintainers are grateful to everyone who has contributed changes or bug reports. These include: Adhemerval Zanella Alan Modra Alexandre Oliva Andreas Schwab Andrew Senkevich Andriy Rysin Arjun Shankar Aurelien Jarno Benno Schulenberg Brad Hubbard Carlos O'Donell Chris Metcalf Christian Schmidt Chung-Lin Tang Cong Wang Cyril Hrubis Daniel Marjamäki David S. Miller Dmitry V. Levin Eric Rannaud Evangelos Foutras Feng Gao Florian Weimer Gleb Fotengauer-Malinovskiy H.J. Lu Igor Zamyatin J William Piggott James Cowgill James Lemke John David Anglin Joseph Myers Kevin Easton Khem Raj Leonhard Holz Mark Wielaard Marko Myllynen Martin Galvan Martin Sebor Matthew Fortune Mel Gorman Mike Frysinger Miroslav Lichvar Nathan Lynch Ondřej Bílka Paul Eggert Paul Pluzhnikov Pavel Kopyl Pravin Satpute Rajalakshmi Srinivasaraghavan Rical Jasan Richard Henderson Roland McGrath Rüdiger Sonderfeld Samuel Thibault Siddhesh Poyarekar Stefan Liebler Steve Ellcey Szabolcs Nagy Torvald Riegel Tulio Magno Quites Machado Filho Vincent Bernat Wilco Dijkstra Yaakov Selkowitz Zack Weinberg
The GNU C Library ================= The GNU C Library version 2.21 is now available. The GNU C Library is used as *the* C library in the GNU system and in GNU/Linux systems, as well as many other systems that use Linux as the kernel. The GNU C Library is primarily designed to be a portable and high performance C library. It follows all relevant standards including ISO C11 and POSIX.1-2008. It is also internationalized and has one of the most complete internationalization interfaces known. The GNU C Library webpage is at http://www.gnu.org/software/libc/ Packages for the 2.21 release may be downloaded from: http://ftpmirror.gnu.org/libc/ http://ftp.gnu.org/gnu/libc/ The mirror list is at http://www.gnu.org/order/ftp.html NEWS for version 2.21 ===================== * The following bugs are resolved with this release: 6652, 10672, 12674, 12847, 12926, 13862, 14132, 14138, 14171, 14498, 15215, 15378, 15884, 16009, 16418, 16191, 16469, 16576, 16617, 16618, 16619, 16657, 16740, 16857, 17192, 17266, 17273, 17344, 17363, 17370, 17371, 17411, 17460, 17475, 17485, 17501, 17506, 17508, 17522, 17555, 17570, 17571, 17572, 17573, 17574, 17582, 17583, 17584, 17585, 17589, 17594, 17601, 17608, 17616, 17625, 17630, 17633, 17634, 17635, 17647, 17653, 17657, 17658, 17664, 17665, 17668, 17682, 17702, 17717, 17719, 17722, 17723, 17724, 17725, 17732, 17733, 17744, 17745, 17746, 17747, 17748, 17775, 17777, 17780, 17781, 17782, 17791, 17793, 17796, 17797, 17801, 17803, 17806, 17834, 17844, 17848, 17868, 17869, 17870, 17885, 17892. * CVE-2015-1472 Under certain conditions wscanf can allocate too little memory for the to-be-scanned arguments and overflow the allocated buffer. The implementation now correctly computes the required buffer size when using malloc. * A new semaphore algorithm has been implemented in generic C code for all machines. Previous custom assembly implementations of semaphore were difficult to reason about or ensure that they were safe. The new version of semaphore supports machines with 64-bit or 32-bit atomic operations. The new semaphore algorithm is used by sem_init, sem_open, sem_post, sem_wait, sem_timedwait, sem_trywait, and sem_getvalue. * Port to Altera Nios II has been contributed by Mentor Graphics. * Optimized strcpy, stpcpy, strncpy, stpncpy, strcmp, and strncmp implementations for powerpc64/powerpc64le. Implemented by Adhemerval Zanella (IBM). * Added support for TSX lock elision of pthread mutexes on powerpc32, powerpc64 and powerpc64le. This may improve lock scaling of existing programs on HTM capable systems. The lock elision code is only enabled with --enable-lock-elision=yes. Also, the TSX lock elision implementation for powerpc will issue a transaction abort on every syscall to avoid side effects being visible outside transactions. * Optimized strcpy, stpcpy, strchrnul and strrchr implementations for AArch64. Contributed by ARM Ltd. * i386 memcpy functions optimized with SSE2 unaligned load/store. * CVE-2104-7817 The wordexp function could ignore the WRDE_NOCMD flag under certain input conditions resulting in the execution of a shell for command substitution when the applicaiton did not request it. The implementation now checks WRDE_NOCMD immediately before executing the shell and returns the error WRDE_CMDSUB as expected. * CVE-2012-3406 printf-style functions could run into a stack overflow when processing format strings with a large number of format specifiers. * CVE-2014-9402 The nss_dns implementation of getnetbyname could run into an infinite loop if the DNS response contained a PTR record of an unexpected format. * The minimum GCC version that can be used to build this version of the GNU C Library is GCC 4.6. Older GCC versions, and non-GNU compilers, can still be used to compile programs using the GNU C Library. * The GNU C Library is now built with -Werror by default. This can be disabled by configuring with --disable-werror. * New locales: tu_IN, bh_IN, raj_IN, ce_RU. * The obsolete sigvec function has been removed. This was the original 4.2BSD interface that inspired the POSIX.1 sigaction interface, which programs have been using instead for about 25 years. Of course, ABI compatibility for old binaries using sigvec remains intact. * Merged gettext 0.19.3 into the intl subdirectory. This fixes building with newer versions of bison. * Support for MIPS o32 FPXX, FP64A and FP64 ABI Extensions. The original MIPS o32 hard-float ABI requires an FPU where double-precision registers overlay two consecutive single-precision registers. MIPS32R2 introduced a new FPU mode (FR=1) where double-precision registers extend the corresponding single-precision registers which is incompatible with the o32 hard-float ABI. The MIPS SIMD ASE and the MIPSR6 architecture both require the use of FR=1 making a transition necessary. New o32 ABI extensions enable users to migrate over time from the original o32 ABI through to the updated o32 FP64 ABI. To achieve this the dynamic linker now tracks the ABI of any loaded object and verifies that new objects are compatible. Mode transitions will also be requested as required and unsupportable objects will be rejected. The ABI checks include both soft and hard float ABIs for o32, n32 and n64. GCC 5 with GNU binutils 2.25 onwards: It is strongly recommended that all o32 system libraries are built using the new o32 FPXX ABI (-mfpxx) to facilitate the transition as this is compatible with the original and all new o32 ABI extensions. Configure a MIPS GCC compiler using --with-fp-32=xx to set this by default. Contributors ============ This release was made possible by the contributions of many people. The maintainers are grateful to everyone who has contributed changes or bug reports. These include: Adhemerval Zanella Alan Hayward Alexandre Oliva Allan McRae Anders Kaseorg Andreas Krebbel Andreas Schwab Andrew Pinski Andrew Senkevich Anton Blanchard Arjun Shankar Aurelien Jarno Bram Brooks Moses Carlos O'Donell Chris Metcalf Chung-Lin Tang David Holsgrove David S. Miller Eric Biggers Florian Weimer Gratian Crisan H.J. Lu J. Brown James Lemke Jeff Law Jose E. Marchesi Joseph Myers Kaz Kojima Kostya Serebryany Leonhard Holz Ma Shimiao Maciej W. Rozycki Marcus Shawcroft Marek Polacek Martin Sebor Matthew Fortune Mike Frysinger Ondřej Bílka Paul Eggert Paul Pluzhnikov Petar Jovanovic Pravin Satpute Rajalakshmi Srinivasaraghavan Rasmus Villemoes Renlin Li Richard Earnshaw Richard Henderson Roland McGrath Ryan Cumming Samuel Thibault Siddhesh Poyarekar Stefan Liebler Steve Ellcey Tatiana Udalova Tim Lammens Tom de Vries Torvald Riegel Vladimir A. Nazarenko Wilco Dijkstra Will Newton
The GNU C Library ================= The GNU C Library version 2.20 is now available. The GNU C Library is used as *the* C library in the GNU systems and is widely used on systems with the Linux kernel. The GNU C Library is primarily designed to be a portable and high performance C library. It follows all relevant standards including ISO C11 and POSIX.1-2008. It is also internationalized and has one of the most complete internationalization interfaces known. The GNU C Library webpage is at http://www.gnu.org/software/libc/ Packages for the 2.20 release may be downloaded from: http://ftpmirror.gnu.org/libc/ http://ftp.gnu.org/gnu/libc/ The mirror list is at http://www.gnu.org/order/ftp.html NEWS for version 2.20 ==================== * The following bugs are resolved with this release: 6804, 9894, 12994, 13347, 13651, 14308, 14770, 15119, 15132, 15347, 15514, 15698, 15804, 15894, 15946, 16002, 16064, 16095, 16194, 16198, 16275, 16284, 16287, 16315, 16348, 16349, 16354, 16357, 16362, 16447, 16516, 16532, 16539, 16545, 16561, 16562, 16564, 16574, 16599, 16600, 16609, 16610, 16611, 16613, 16619, 16623, 16629, 16632, 16634, 16639, 16642, 16648, 16649, 16670, 16674, 16677, 16680, 16681, 16683, 16689, 16695, 16701, 16706, 16707, 16712, 16713, 16714, 16724, 16731, 16739, 16740, 16743, 16754, 16758, 16759, 16760, 16770, 16786, 16789, 16791, 16796, 16799, 16800, 16815, 16823, 16824, 16831, 16838, 16839, 16849, 16854, 16876, 16877, 16878, 16882, 16885, 16888, 16890, 16892, 16912, 16915, 16916, 16917, 16918, 16922, 16927, 16928, 16932, 16943, 16958, 16965, 16966, 16967, 16977, 16978, 16984, 16990, 16996, 17009, 17022, 17031, 17042, 17048, 17050, 17058, 17061, 17062, 17069, 17075, 17078, 17079, 17084, 17086, 17088, 17092, 17097, 17125, 17135, 17137, 17150, 17153, 17187, 17213, 17259, 17261, 17262, 17263, 17319, 17325, 17354. * Reverted change of ABI data structures for s390 and s390x: On s390 and s390x the size of struct ucontext and jmp_buf was increased in 2.19. This change is reverted in 2.20. The introduced 2.19 symbol versions of getcontext, setjmp, _setjmp, __sigsetjmp, longjmp, _longjmp, siglongjmp are preserved pointing straight to the same implementation as the old ones. Given that, new callers will simply provide a too-big buffer to these functions. Any applications/libraries out there that embed jmp_buf or ucontext_t in an ABI-relevant data structure that have already been rebuilt against 2.19 headers will have to rebuilt again. This is necessary in any case to revert the breakage in their ABI caused by the glibc change. * Support for file description locks is added to systems running the Linux kernel. The standard file locking interfaces are extended to operate on file descriptions, not file descriptors, via the use of F_OFD_GETLK, F_OFD_SETLK, and F_OFD_SETLKW. File description locks are associated with an open file instead of a process. * Optimized strchr implementation for AArch64. Contributed by ARM Ltd. * The minimum Linux kernel version that this version of the GNU C Library can be used with is 2.6.32. * Running the testsuite no longer terminates as soon as a test fails. Instead, a file tests.sum (xtests.sum from "make xcheck") is generated, with PASS or FAIL lines for individual tests. A summary of the results is printed, including a list of failing lists, and "make check" exits with error status if there were any unexpected failures. "make check stop-on-test-failure=y" may be used to keep the old behavior. * The am33 port, which had not worked for several years, has been removed from ports. * The _BSD_SOURCE and _SVID_SOURCE feature test macros are no longer supported; they now act the same as _DEFAULT_SOURCE (but generate a warning). Except for cases where _BSD_SOURCE enabled BSD interfaces that conflicted with POSIX (support for which was removed in 2.19), the interfaces those macros enabled remain available when compiling with _GNU_SOURCE defined, with _DEFAULT_SOURCE defined, or without any feature test macros defined. * Optimized strcmp implementation for ARMv7. Contributed by ARM Ltd. * Added support for TX lock elision of pthread mutexes on s390 and s390x. This may improve lock scaling of existing programs on TX capable systems. The lock elision code is only built with --enable-lock-elision=yes and then requires a GCC version supporting the TX builtins. With lock elision default mutexes are elided via __builtin_tbegin, if the cpu supports transactions. By default lock elision is not enabled and the elision code is not built. * CVE-2014-4043 The posix_spawn_file_actions_addopen implementation did not copy the path argument. This allowed programs to cause posix_spawn to deference a dangling pointer, or use an unexpected pathname argument if the string was modified after the posix_spawn_file_actions_addopen invocation. * All supported architectures now use the main glibc sysdeps directory instead of some being in a separate "ports" directory (which was distributed separately before glibc 2.17). * The NPTL implementation of POSIX pthreads is no longer an "add-on". On configurations that support it (all Linux configurations), it's now used regardless of the --enable-add-ons switch to configure. It is no longer possible to build such configurations without pthreads support. * Locale names, including those obtained from environment variables (LANG and the LC_* variables), are more tightly checked for proper syntax. setlocale will now fail (with EINVAL) for locale names that are overly long, contain slashes without starting with a slash, or contain ".." path components. (CVE-2014-0475) Previously, some valid locale names were silently replaced with the "C" locale when running in AT_SECURE mode (e.g., in a SUID program). This is no longer necessary because of the additional checks. * On x86-64, the dynamic linker's lazy-binding support is now compatible with application code using Intel MPX instructions. (With all previous versions, the MPX register state could be clobbered when making calls into or out of a shared library.) Note that while the new dynamic linker is compatible with all known x86 hardware whether or not it supports Intel MPX, some x86 instruction-set emulators might fail to handle the new instruction encodings. This is known to affect Valgrind versions up through 3.9 (but will be fixed in the forthcoming 3.10 release), and might affect other tools that do instruction emulation. * Support for loadable gconv transliteration modules has been removed. The support for transliteration modules has been non-functional for over a decade, and the removal is prompted by security defects. The normal gconv conversion modules are still supported. Transliteration with //TRANSLIT is still possible, and the //IGNORE specifier continues to be supported. (CVE-2014-5119) * Decoding a crafted input sequence in the character sets IBM933, IBM935, IBM937, IBM939, IBM1364 could result in an out-of-bounds array read, resulting a denial-of-service security vulnerability in applications which use functions related to iconv. (CVE-2014-6040) Contributors ============ This release was made possible by the contributions of many people. The maintainers are grateful to everyone who has contributed changes or bug reports. These include: Adam Conrad Adhemerval Zanella Alan Modra Allan McRae Andi Kleen Andreas Krebbel Andreas Schwab Arjun Shankar Aurelien Jarno Bernard Ogden Carlos O'Donell Chris Metcalf David Holsgrove David S. Miller David Svoboda Dominik Vogt Dylan Alex Simon Eric Wong Florian Weimer Guo Yixuan H.J. Lu Ian Bolton Igor Zamyatin Jeff Layton Jim Meyering Joey Ye Jose E. Marchesi Joseph Anthony Pasquale Holsten Joseph Myers Julian Brown Khem Raj Konstantin Serebryany Kyle McMartin Ling Ma Ludovic Courtès Maciej W. Rozycki Marcus Shawcroft Mark Wielaard Marko Myllynen Meador Inge Mike Frysinger Ondřej Bílka Paul Eggert Paul Pluzhnikov Peter TB Brett Rajalakshmi Srinivasaraghavan Rasmus Villemoes Richard Earnshaw Richard Henderson Roland McGrath Sami Kerola Samuel Thibault Sean Anderson Serge Hallyn Siddhesh Poyarekar Sihai Yao Stefan Liebler Steve Ellcey Tomas Dohnalek Torvald Riegel Venkataramanan Kumar Vidya Ranganathan Wilco Wilco Dijkstra Will Newton Yang Yingliang Yufeng Zhang Yury Gribov Yvan Roux
PreviousNext