diff options
author | Samuel Thibault <samuel.thibault@ens-lyon.org> | 2018-12-27 15:36:51 +0000 |
---|---|---|
committer | Samuel Thibault <samuel.thibault@ens-lyon.org> | 2018-12-27 15:36:51 +0000 |
commit | 05fa8834c6644f12405ea713c48693bf2d1864f1 (patch) | |
tree | c6b6391884370c75972a2e432d42ebbb076a0cdf /NEWS | |
parent | 525c181a5a9a95e24d2111b7792608151a40eb84 (diff) | |
parent | 963c37d5c0eb62b38f8764b23931c0dcdd497a13 (diff) |
Merge commit 'refs/top-bases/t/bigmem' into t/bigmemt/bigmem
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 2094 |
1 files changed, 2090 insertions, 4 deletions
@@ -1,10 +1,2096 @@ GNU C Library NEWS -- history of user-visible changes. -Copyright (C) 1992-2016 Free Software Foundation, Inc. +Copyright (C) 1992-2018 Free Software Foundation, Inc. See the end for copying conditions. -Please send GNU C library bug reports via <http://sourceware.org/bugzilla/> +Please send GNU C library bug reports via <https://sourceware.org/bugzilla/> using `glibc' in the "product" field. +Version 2.28 + +Major new features: + +* The localization data for ISO 14651 is updated to match the 2016 + Edition 4 release of the standard, this matches data provided by + Unicode 9.0.0. This update introduces significant improvements to the + collation of Unicode characters. This release deviates slightly from + the standard in that the collation element ordering for lowercase and + uppercase LATIN script characters is adjusted to ensure that regular + expressions with ranges like [a-z] and [A-Z] don't interleave e.g. A + is not matched by [a-z]. With the update many locales have been + updated to take advantage of the new collation information. The new + collation information has increased the size of the compiled locale + archive or binary locales. + +* The GNU C Library can now be compiled with support for Intel CET, AKA + Intel Control-flow Enforcement Technology. When the library is built + with --enable-cet, the resulting glibc is protected with indirect + branch tracking (IBT) and shadow stack (SHSTK). CET-enabled glibc is + compatible with all existing executables and shared libraries. This + feature is currently supported on i386, x86_64 and x32 with GCC 8 and + binutils 2.29 or later. Note that CET-enabled glibc requires CPUs + capable of multi-byte NOPs, like x86-64 processors as well as Intel + Pentium Pro or newer. NOTE: --enable-cet has been tested for i686, + x86_64 and x32 on non-CET processors. --enable-cet has been tested + for x86_64 and x32 on CET SDVs, but Intel CET support hasn't been + validated for i686. + +* The GNU C Library now has correct support for ABSOLUTE symbols + (SHN_ABS-relative symbols). Previously such ABSOLUTE symbols were + relocated incorrectly or in some cases discarded. The GNU linker can + make use of the newer semantics, but it must communicate it to the + dynamic loader by setting the ELF file's identification (EI_ABIVERSION + field) to indicate such support is required. + +* Unicode 11.0.0 Support: Character encoding, character type info, and + transliteration tables are all updated to Unicode 11.0.0, using + generator scripts contributed by Mike FABIAN (Red Hat). + +* <math.h> functions that round their results to a narrower type are added + from TS 18661-1:2014 and TS 18661-3:2015: + + - fadd, faddl, daddl and corresponding fMaddfN, fMaddfNx, fMxaddfN and + fMxaddfNx functions. + + - fsub, fsubl, dsubl and corresponding fMsubfN, fMsubfNx, fMxsubfN and + fMxsubfNx functions. + + - fmul, fmull, dmull and corresponding fMmulfN, fMmulfNx, fMxmulfN and + fMxmulfNx functions. + + - fdiv, fdivl, ddivl and corresponding fMdivfN, fMdivfNx, fMxdivfN and + fMxdivfNx functions. + +* Two grammatical forms of month names are now supported for the following + languages: Armenian, Asturian, Catalan, Czech, Kashubian, Occitan, Ossetian, + Scottish Gaelic, Upper Sorbian, and Walloon. The following languages now + support two grammatical forms in abbreviated month names: Catalan, Greek, + and Kashubian. + +* Newly added locales: Lower Sorbian (dsb_DE) and Yakut (sah_RU) also + include the support for two grammatical forms of month names. + +* Building and running on GNU/Hurd systems now works without out-of-tree + patches. + +* The renameat2 function has been added, a variant of the renameat function + which has a flags argument. If the flags are zero, the renameat2 function + acts like renameat. If the flag is not zero and there is no kernel + support for renameat2, the function will fail with an errno value of + EINVAL. This is different from the existing gnulib function renameatu, + which performs a plain rename operation in case of a RENAME_NOREPLACE + flags and a non-existing destination (and therefore has a race condition + that can clobber the destination inadvertently). + +* The statx function has been added, a variant of the fstatat64 + function with an additional flags argument. If there is no direct + kernel support for statx, glibc provides basic stat support based on + the fstatat64 function. + +* IDN domain names in getaddrinfo and getnameinfo now use the system libidn2 + library if installed. libidn2 version 2.0.5 or later is recommended. If + libidn2 is not available, internationalized domain names are not encoded + or decoded even if the AI_IDN or NI_IDN flags are passed to getaddrinfo or + getnameinfo. (getaddrinfo calls with non-ASCII names and AI_IDN will fail + with an encoding error.) Flags which used to change the IDN encoding and + decoding behavior (AI_IDN_ALLOW_UNASSIGNED, AI_IDN_USE_STD3_ASCII_RULES, + NI_IDN_ALLOW_UNASSIGNED, NI_IDN_USE_STD3_ASCII_RULES) have been + deprecated. They no longer have any effect. + +* Parsing of dynamic string tokens in DT_RPATH, DT_RUNPATH, DT_NEEDED, + DT_AUXILIARY, and DT_FILTER has been expanded to support the full + range of ELF gABI expressions including such constructs as + '$ORIGIN$ORIGIN' (if valid). For SUID/GUID applications the rules + have been further restricted, and where in the past a dynamic string + token sequence may have been interpreted as a literal string it will + now cause a load failure. These load failures were always considered + unspecified behaviour from the perspective of the dynamic loader, and + for safety are now load errors e.g. /foo/${ORIGIN}.so in DT_NEEDED + results in a load failure now. + +* Support for ISO C threads (ISO/IEC 9899:2011) has been added. The + implementation includes all the standard functions provided by + <threads.h>: + + - thrd_current, thrd_equal, thrd_sleep, thrd_yield, thrd_create, + thrd_detach, thrd_exit, and thrd_join for thread management. + + - mtx_init, mtx_lock, mtx_timedlock, mtx_trylock, mtx_unlock, and + mtx_destroy for mutual exclusion. + + - call_once for function call synchronization. + + - cnd_broadcast, cnd_destroy, cnd_init, cnd_signal, cnd_timedwait, and + cnd_wait for conditional variables. + + - tss_create, tss_delete, tss_get, and tss_set for thread-local storage. + + Application developers must link against libpthread to use ISO C threads. + +Deprecated and removed features, and other changes affecting compatibility: + +* The nonstandard header files <libio.h> and <_G_config.h> are no longer + installed. Software that was using either header should be updated to + use standard <stdio.h> interfaces instead. + +* The stdio functions 'getc' and 'putc' are no longer defined as macros. + This was never required by the C standard, and the macros just expanded + to call alternative names for the same functions. If you hoped getc and + putc would provide performance improvements over fgetc and fputc, instead + investigate using (f)getc_unlocked and (f)putc_unlocked, and, if + necessary, flockfile and funlockfile. + +* All stdio functions now treat end-of-file as a sticky condition. If you + read from a file until EOF, and then the file is enlarged by another + process, you must call clearerr or another function with the same effect + (e.g. fseek, rewind) before you can read the additional data. This + corrects a longstanding C99 conformance bug. It is most likely to affect + programs that use stdio to read interactive input from a terminal. + (Bug #1190.) + +* The macros 'major', 'minor', and 'makedev' are now only available from + the header <sys/sysmacros.h>; not from <sys/types.h> or various other + headers that happen to include <sys/types.h>. These macros are rarely + used, not part of POSIX nor XSI, and their names frequently collide with + user code; see https://sourceware.org/bugzilla/show_bug.cgi?id=19239 for + further explanation. + + <sys/sysmacros.h> is a GNU extension. Portable programs that require + these macros should first include <sys/types.h>, and then include + <sys/sysmacros.h> if __GNU_LIBRARY__ is defined. + +* The tilegx*-*-linux-gnu configurations are no longer supported. + +* The obsolete function ustat is no longer available to newly linked + binaries; the headers <ustat.h> and <sys/ustat.h> have been removed. This + function has been deprecated in favor of fstatfs and statfs. + +* The obsolete function nfsservctl is no longer available to newly linked + binaries. This function was specific to systems using the Linux kernel + and could not usefully be used with the GNU C Library on systems with + version 3.1 or later of the Linux kernel. + +* The obsolete function name llseek is no longer available to newly linked + binaries. This function was specific to systems using the Linux kernel + and was not declared in a header. Programs should use the lseek64 name + for this function instead. + +* The AI_IDN_ALLOW_UNASSIGNED and NI_IDN_ALLOW_UNASSIGNED flags for the + getaddrinfo and getnameinfo functions have been deprecated. The behavior + previously selected by them is now always enabled. + +* The AI_IDN_USE_STD3_ASCII_RULES and NI_IDN_USE_STD3_ASCII_RULES flags for + the getaddrinfo and getnameinfo functions have been deprecated. The STD3 + restriction (rejecting '_' in host names, among other things) has been + removed, for increased compatibility with non-IDN name resolution. + +* The fcntl function now have a Long File Support variant named fcntl64. It + is added to fix some Linux Open File Description (OFD) locks usage on non + LFS mode. As for others *64 functions, fcntl64 semantics are analogous with + fcntl and LFS support is handled transparently. Also for Linux, the OFD + locks act as a cancellation entrypoint. + +* The obsolete functions encrypt, encrypt_r, setkey, setkey_r, cbc_crypt, + ecb_crypt, and des_setparity are no longer available to newly linked + binaries, and the headers <rpc/des_crypt.h> and <rpc/rpc_des.h> are no + longer installed. These functions encrypted and decrypted data with the + DES block cipher, which is no longer considered secure. Software that + still uses these functions should switch to a modern cryptography library, + such as libgcrypt. + +* Reflecting the removal of the encrypt and setkey functions above, the + macro _XOPEN_CRYPT is no longer defined. As a consequence, the crypt + function is no longer declared unless _DEFAULT_SOURCE or _GNU_SOURCE is + enabled. + +* The obsolete function fcrypt is no longer available to newly linked + binaries. It was just another name for the standard function crypt, + and it has not appeared in any header file in many years. + +* We have tentative plans to hand off maintenance of the passphrase-hashing + library, libcrypt, to a separate development project that will, we hope, + keep up better with new passphrase-hashing algorithms. We will continue + to declare 'crypt' in <unistd.h>, and programs that use 'crypt' or + 'crypt_r' should not need to change at all; however, distributions will + need to install <crypt.h> and libcrypt from a separate project. + + In this release, if the configure option --disable-crypt is used, glibc + will not install <crypt.h> or libcrypt, making room for the separate + project's versions of these files. The plan is to make this the default + behavior in a future release. + +Changes to build and runtime requirements: + + GNU make 4.0 or later is now required to build glibc. + +Security related changes: + + CVE-2016-6261, CVE-2016-6263, CVE-2017-14062: Various vulnerabilities have + been fixed by removing the glibc-internal IDNA implementation and using + the system-provided libidn2 library instead. Originally reported by Hanno + Böck and Christian Weisgerber. + + CVE-2017-18269: An SSE2-based memmove implementation for the i386 + architecture could corrupt memory. Reported by Max Horn. + + CVE-2018-11236: Very long pathname arguments to realpath function could + result in an integer overflow and buffer overflow. Reported by Alexey + Izbyshev. + + CVE-2018-11237: The mempcpy implementation for the Intel Xeon Phi + architecture could write beyond the target buffer, resulting in a buffer + overflow. Reported by Andreas Schwab. + +The following bugs are resolved with this release: + + [1190] stdio: fgetc()/fread() behaviour is not POSIX compliant + [6889] manual: 'PWD' mentioned but not specified + [13575] libc: SSIZE_MAX defined as LONG_MAX is inconsistent with ssize_t, + when __WORDSIZE != 64 + [13762] regex: re_search etc. should return -2 on memory exhaustion + [13888] build: /tmp usage during testing + [13932] math: dbl-64 pow unexpectedly slow for some inputs + [14092] nptl: Support C11 threads + [14095] localedata: Review / update collation data from Unicode / ISO + 14651 + [14508] libc: -Wformat warnings + [14553] libc: Namespace pollution loff_t in sys/types.h + [14890] libc: Make NT_PRFPREG canonical. + [15105] libc: Extra PLT references with -Os + [15512] libc: __bswap_constant_16 not compiled when -Werror -Wsign- + conversion is given + [16335] manual: Feature test macro documentation incomplete and out of + date + [16552] libc: Unify umount implementations in terms of umount2 + [17082] libc: htons et al.: statement-expressions prevent use on global + scope with -O1 and higher + [17343] libc: Signed integer overflow in /stdlib/random_r.c + [17438] localedata: pt_BR: wrong d_fmt delimiter + [17662] libc: please implement binding for the new renameat2 syscall + [17721] libc: __restrict defined as /* Ignore */ even in c11 + [17979] libc: inconsistency between uchar.h and stdint.h + [18018] dynamic-link: Additional $ORIGIN handling issues (CVE-2011-0536) + [18023] libc: extend_alloca is broken (questionable pointer comparison, + horrible machine code) + [18124] libc: hppa: setcontext erroneously returns -1 as exit code for + last constant. + [18471] libc: llseek should be a compat symbol + [18473] soft-fp: [powerpc-nofpu] __sqrtsf2, __sqrtdf2 should be compat + symbols + [18991] nss: nss_files skips large entry in database + [19239] libc: Including stdlib.h ends up with macros major and minor being + defined + [19463] libc: linknamespace failures when compiled with -Os + [19485] localedata: csb_PL: Update month translations + add yesstr/nostr + [19527] locale: Normalized charset name not recognized by setlocale + [19667] string: Missing Sanity Check for malloc calls in file 'testcopy.c' + [19668] libc: Missing Sanity Check for malloc() in file 'tst-setcontext- + fpscr.c' + [19728] network: out of bounds stack read in libidn function + idna_to_ascii_4i (CVE-2016-6261) + [19729] network: out of bounds heap read on invalid utf-8 inputs in + stringprep_utf8_nfkc_normalize (CVE-2016-6263) + [19818] dynamic-link: Absolute (SHN_ABS) symbols incorrectly relocated by + the base address + [20079] libc: Add SHT_X86_64_UNWIND to elf.h + [20251] libc: 32bit programs pass garbage in struct flock for OFD locks + [20419] dynamic-link: files with large allocated notes crash in + open_verify + [20530] libc: bswap_16 should use __builtin_bswap16() when available + [20890] dynamic-link: ldconfig: fsync the files before atomic rename + [20980] manual: CFLAGS environment variable replaces vital options + [21163] regex: Assertion failure in pop_fail_stack when executing a + malformed regexp (CVE-2015-8985) + [21234] manual: use of CFLAGS makes glibc detect no optimization + [21269] dynamic-link: i386 sigaction sa_restorer handling is wrong + [21313] build: Compile Error GCC 5.4.0 MIPS with -0S + [21314] build: Compile Error GCC 5.2.0 MIPS with -0s + [21508] locale: intl/tst-gettext failure with latest msgfmt + [21547] localedata: Tibetan script collation broken (Dzongkha and Tibetan) + [21812] network: getifaddrs() returns entries with ifa_name == NULL + [21895] libc: ppc64 setjmp/longjmp not fully interoperable with static + dlopen + [21942] dynamic-link: _dl_dst_substitute incorrectly handles $ORIGIN: with + AT_SECURE=1 + [22241] localedata: New locale: Yakut (Sakha) locale for Russia (sah_RU) + [22247] network: Integer overflow in the decode_digit function in + puny_decode.c in libidn (CVE-2017-14062) + [22342] nscd: NSCD not properly caching netgroup + [22391] nptl: Signal function clear NPTL internal symbols inconsistently + [22550] localedata: es_ES locale (and other es_* locales): collation + should treat ñ as a primary different character, sync the collation + for Spanish with CLDR + [22638] dynamic-link: sparc: static binaries are broken if glibc is built + by gcc configured with --enable-default-pie + [22639] time: year 2039 bug for localtime etc. on 64-bit platforms + [22644] string: memmove-sse2-unaligned on 32bit x86 produces garbage when + crossing 2GB threshold (CVE-2017-18269) + [22646] localedata: redundant data (LC_TIME) for es_CL, es_CU, es_EC and + es_BO + [22735] time: Misleading typo in time.h source comment regarding + CLOCKS_PER_SECOND + [22753] libc: preadv2/pwritev2 fallback code should handle offset=-1 + [22761] libc: No trailing `%n' conversion specifier in FMT passed from + `__assert_perror_fail ()' to `__assert_fail_base ()' + [22766] libc: all glibc internal dlopen should use RTLD_NOW for robust + dlopen failures + [22786] libc: Stack buffer overflow in realpath() if input size is close + to SSIZE_MAX (CVE-2018-11236) + [22787] dynamic-link: _dl_check_caller returns false when libc is linked + through an absolute DT_NEEDED path + [22792] build: tcb-offsets.h dependency dropped + [22797] libc: pkey_get() uses non-reserved name of argument + [22807] libc: PTRACE_* constants missing for powerpc + [22818] glob: posix/tst-glob_lstat_compat failure on alpha + [22827] dynamic-link: RISC-V ELF64 parser mis-reads flag in ldconfig + [22830] malloc: malloc_stats doesn't restore cancellation state on stderr + [22848] localedata: ca_ES: update date definitions from CLDR + [22862] build: _DEFAULT_SOURCE is defined even when _ISOC11_SOURCE is + [22884] math: RISCV fmax/fmin handle signalling NANs incorrectly + [22896] localedata: Update locale data for an_ES + [22902] math: float128 test failures with GCC 8 + [22918] libc: multiple common of `__nss_shadow_database' + [22919] libc: sparc32: backtrace yields infinite backtrace with + makecontext + [22926] libc: FTBFS on powerpcspe + [22932] localedata: lt_LT: Update of abbreviated month names from CLDR + required + [22937] localedata: Greek (el_GR, el_CY) locales actually need ab_alt_mon + [22947] libc: FAIL: misc/tst-preadvwritev2 + [22963] localedata: cs_CZ: Add alternative month names + [22987] math: [powerpc/sparc] fdim inlines errno, exceptions handling + [22996] localedata: change LC_PAPER to en_US in es_BO locale + [22998] dynamic-link: execstack tests are disabled when SELinux is + disabled + [23005] network: Crash in __res_context_send after memory allocation + failure + [23007] math: strtod cannot handle -nan + [23024] nss: getlogin_r is performing NSS lookups when loginid isn't set + [23036] regex: regex equivalence class regression + [23037] libc: initialize msg_flags to zero for sendmmsg() calls + [23069] libc: sigaction broken on riscv64-linux-gnu + [23094] localedata: hr_HR: wrong thousands_sep and mon_thousands_sep + [23102] dynamic-link: Incorrect parsing of multiple consecutive $variable + patterns in runpath entries (e.g. $ORIGIN$ORIGIN) + [23137] nptl: s390: pthread_join sometimes block indefinitely (on 31bit + and libc build with -Os) + [23140] localedata: More languages need two forms of month names + [23145] libc: _init/_fini aren't marked as hidden + [23152] localedata: gd_GB: Fix typo in "May" (abbreviated) + [23171] math: C++ iseqsig for long double converts arguments to double + [23178] nscd: sudo will fail when it is run in concurrent with commands + that changes /etc/passwd + [23196] string: __mempcpy_avx512_no_vzeroupper mishandles large copies + (CVE-2018-11237) + [23206] dynamic-link: static-pie + dlopen breaks debugger interaction + [23208] localedata: New locale - Lower Sorbian (dsb) + [23233] regex: Memory leak in build_charclass_op function in file + posix/regcomp.c + [23236] stdio: Harden function pointers in _IO_str_fields + [23250] nptl: Offset of __private_ss differs from GCC + [23253] math: tgamma test suite failures on i686 with -march=x86-64 + -mtune=generic -mfpmath=sse + [23259] dynamic-link: Unsubstituted ${ORIGIN} remains in DT_NEEDED for + AT_SECURE + [23264] libc: posix_spawnp wrongly executes ENOEXEC in non compat mode + [23266] nis: stringop-truncation warning with new gcc8.1 in nisplus- + parser.c + [23272] math: fma(INFINITY,INFIITY,0.0) should be INFINITY + [23277] math: nan function should not have const attribute + [23279] math: scanf and strtod wrong for some hex floating-point + [23280] math: wscanf rounds wrong; wcstod is ok for negative numbers and + directed rounding + [23290] localedata: IBM273 is not equivalent to ISO-8859-1 + [23303] build: undefined reference to symbol + '__parse_hwcap_and_convert_at_platform@@GLIBC_2.23' + [23307] dynamic-link: Absolute symbols whose value is zero ignored in + lookup + [23313] stdio: libio vtables validation and standard file object + interposition + [23329] libc: The __libc_freeres infrastructure is not properly run across + DSO boundaries. + [23349] libc: Various glibc headers no longer compatible with + <linux/time.h> + [23351] malloc: Remove unused code related to heap dumps and malloc + checking + [23363] stdio: stdio-common/tst-printf.c has non-free license + [23396] regex: Regex equivalence regression in single-byte locales + [23422] localedata: oc_FR: More updates of locale data + [23442] build: New warning with GCC 8 + [23448] libc: Out of bounds access in IBM-1390 converter + [23456] libc: Wrong index_cpu_LZCNT + [23458] build: tst-get-cpu-features-static isn't added to tests + [23459] libc: COMMON_CPUID_INDEX_80000001 isn't populated for Intel + processors + [23467] dynamic-link: x86/CET: A property note parser bug + + +Version 2.27 + +Major new features: + +* The GNU C Library can now be compiled with support for building static + PIE executables (See --enable-static-pie in INSTALL). These static PIE + executables are like static executables but can be loaded at any address + and provide additional security hardening benefits at the cost of some + memory and performance. When the library is built with --enable-static-pie + the resulting libc.a is usable with GCC 8 and above to create static PIE + executables using the GCC option '-static-pie'. This feature is currently + supported on i386, x86_64 and x32 with binutils 2.29 or later, and on + aarch64 with binutils 2.30 or later. + +* Optimized x86-64 asin, atan2, exp, expf, log, pow, atan, sin, cosf, + sinf, sincosf and tan with FMA, contributed by Arjan van de Ven and + H.J. Lu from Intel. + +* Optimized x86-64 trunc and truncf for processors with SSE4.1. + +* Optimized generic expf, exp2f, logf, log2f, powf, sinf, cosf and sincosf. + +* In order to support faster and safer process termination the malloc API + family of functions will no longer print a failure address and stack + backtrace after detecting heap corruption. The goal is to minimize the + amount of work done after corruption is detected and to avoid potential + security issues in continued process execution. Reducing shutdown time + leads to lower overall process restart latency, so there is benefit both + from a security and performance perspective. + +* The abort function terminates the process immediately, without flushing + stdio streams. Previous glibc versions used to flush streams, resulting + in deadlocks and further data corruption. This change also affects + process aborts as the result of assertion failures. + +* On platforms where long double has the IEEE binary128 format (aarch64, + alpha, mips64, riscv, s390 and sparc), the math library now implements + _Float128 interfaces for that type, as defined by ISO/IEC TS 18661-3:2015. + These are the same interfaces added in version 2.26 for some platforms where + this format is supported but is not the format of long double. + +* On platforms with support for _Float64x (aarch64, alpha, i386, ia64, + mips64, powerpc64le, riscv, s390, sparc and x86_64), the math library now + implements interfaces for that type, as defined by ISO/IEC TS + 18661-3:2015. These are corresponding interfaces to those supported for + _Float128. + +* The math library now implements interfaces for the _Float32, _Float64 and + _Float32x types, as defined by ISO/IEC TS 18661-3:2015. These are + corresponding interfaces to those supported for _Float128. + +* glibc now implements the memfd_create and mlock2 functions on Linux. + +* Support for memory protection keys was added. The <sys/mman.h> header now + declares the functions pkey_alloc, pkey_free, pkey_mprotect, pkey_set, + pkey_get. + +* The copy_file_range function was added. + +* Optimized memcpy, mempcpy, memmove, and memset for sparc M7. + +* The ldconfig utility now processes `include' directives using the C/POSIX + collation ordering. Previous glibc versions used locale-specific + ordering, the change might break systems that relied on that. + +* Support for two grammatical forms of month names has been added. + In a call to strftime, the "%B" and "%b" format specifiers will now + produce the grammatical form required when the month is used as part + of a complete date. New "%OB" and "%Ob" specifiers produce the form + required when the month is named by itself. For instance, in Greek + and in many Slavic and Baltic languages, "%B" will produce the month + in genitive case, and "%OB" will produce the month in nominative case. + + In a call to strptime, "%B", "%b", "%h", "%OB", "%Ob", and "%Oh" + are all valid and will all accept any known form of month + name---standalone or complete, abbreviated or full. In a call to + nl_langinfo, the query constants MON_1..12 and ABMON_1..12 return + the strings used by "%B" and "%b", respectively. New query + constants ALTMON_1..12 and _NL_ABALTMON_1..12 return the strings + used by "%OB" and "%Ob", respectively. + + In a locale definition file, use "alt_mon" and "ab_alt_mon" to + define the strings for %OB and %Ob, respectively; these have the + same syntax as "mon" and "abmon". These arrays are optional; if they + are not provided then they have the same content as "mon" and "abmon", + respectively. + + These features are provided for locales which define "alt_mon" and/or + "ab_alt_mon" in their locale source data. This release includes such + alternative month name data for the following languages: Belarusian, + Croatian, Greek, Lithuanian, Polish, Russian, and Ukrainian. + + This feature is currently a GNU extension, but it is expected to + be added to the next revision of POSIX, and it is also already + available on some BSD-derived operating systems. + + This feature will cause existing statically compiled applications + to fail to load locales and fall back to the builtin C/POSIX locales. + See notes below for other changes affecting compatibility. + +* Support for the RISC-V ISA running on Linux has been added. This port + requires at least binutils-2.30, gcc-7.3.0, and linux-4.15; and is supported + for the following ISA and ABI pairs: + + - rv64imac lp64 + - rv64imafdc lp64 + - rv64imafdc lp64d + +Deprecated and removed features, and other changes affecting compatibility: + +* Statically compiled applications attempting to load locales compiled for the + GNU C Library version 2.27 will fail and fall back to the builtin C/POSIX + locale. The reason for this is that the addition of the new "%OB" and "%Ob", + support for two grammatical forms of the month names, also extends the locale + data binary format. Static applications needing locale support must be + recompiled to match the runtime and data they are deployed with. In some + distributions there is an upgrade window where dynamically linked applications + may use a new library but the old locale data and also fall back to the + builtin C/POSIX locales; restarting the application process is sufficient to + fix this. + +* Support for statically linked applications which call dlopen is deprecated + and will be removed in a future version of glibc. Applications which call + dlopen need to be linked dynamically instead. + +* Support for old programs which use internal stdio data structures and + functions is deprecated. This includes programs which use the C++ streams + provided by libstdc++ in GCC 2.95. Programs which use the internal + symbols _IO_adjust_wcolumn, _IO_default_doallocate, _IO_default_finish, + _IO_default_pbackfail, _IO_default_uflow, _IO_default_xsgetn, + _IO_default_xsputn, _IO_doallocbuf, _IO_do_write, _IO_file_attach, + _IO_file_close, _IO_file_close_it, _IO_file_doallocate, _IO_file_fopen, + _IO_file_init, _IO_file_jumps, _IO_fileno, _IO_file_open, + _IO_file_overflow, _IO_file_read, _IO_file_seek, _IO_file_seekoff, + _IO_file_setbuf, _IO_file_stat, _IO_file_sync, _IO_file_underflow, + _IO_file_write, _IO_file_xsputn, _IO_flockfile, _IO_flush_all, + _IO_flush_all_linebuffered, _IO_free_backup_area, _IO_free_wbackup_area, + _IO_init, _IO_init_marker, _IO_init_wmarker, _IO_iter_begin, _IO_iter_end, + _IO_iter_file, _IO_iter_next, _IO_least_wmarker, _IO_link_in, + _IO_list_all, _IO_list_lock, _IO_list_resetlock, _IO_list_unlock, + _IO_marker_delta, _IO_marker_difference, _IO_remove_marker, _IO_seekmark, + _IO_seekwmark, _IO_str_init_readonly, _IO_str_init_static, + _IO_str_overflow, _IO_str_pbackfail, _IO_str_seekoff, _IO_str_underflow, + _IO_switch_to_main_wget_area, _IO_switch_to_wget_mode, + _IO_unsave_wmarkers, _IO_wdefault_doallocate, _IO_wdefault_finish, + _IO_wdefault_pbackfail, _IO_wdefault_setbuf, _IO_wdefault_uflow, + _IO_wdefault_xsgetn, _IO_wdefault_xsputn, _IO_wdoallocbuf, _IO_wdo_write, + _IO_wfile_jumps, _IO_wfile_overflow, _IO_wfile_sync, _IO_wfile_underflow, + _IO_wfile_xsputn, _IO_wmarker_delta, or _IO_wsetb may stop working with a + future version of glibc. Unlike other symbol removals, these old + applications will not be supported using compatibility symbols. + +* On GNU/Linux, the obsolete Linux constant PTRACE_SEIZE_DEVEL is no longer + defined by <sys/ptrace.h>. + +* libm no longer supports SVID error handling (calling a user-provided + matherr function on error) or the _LIB_VERSION variable to control error + handling. (SVID error handling and the _LIB_VERSION variable still work + for binaries linked against older versions of the GNU C Library.) The + libieee.a library is no longer provided. math.h no longer defines struct + exception, or the macros X_TLOSS, DOMAIN, SING, OVERFLOW, UNDERFLOW, + TLOSS, PLOSS and HUGE. + +* The libm functions pow10, pow10f and pow10l are no longer supported for + new programs. Programs should use the standard names exp10, exp10f and + exp10l for these functions instead. + +* The mcontext_t type is no longer the same as struct sigcontext. On + platforms where it was previously the same, this changes the C++ name + mangling for interfaces involving this type. + +* The add-ons mechanism for building additional packages at the same time as + glibc has been removed. The --enable-add-ons configure option is now + ignored. + +* The --without-fp configure option is now ignored. Whether hardware + floating-point instructions are used is now configured based on whether + the compiler used at configure time (without any options implied by a + --with-cpu= configure option) uses such instructions. + +* The res_hnok, res_dnok, res_mailok and res_ownok functions now check that + the specified string can be parsed as a domain name. + +* In the malloc_info output, the <heap> element may contain another <aspace> + element, "subheaps", which contains the number of sub-heaps. + +* The libresolv function p_secstodate is no longer supported for new + programs. + +* The tilepro-*-linux-gnu configuration is no longer supported. + +* The nonstandard header files <libio.h> and <_G_config.h> are deprecated + and will be removed in a future release. Software that is still using + either header should be updated to use standard <stdio.h> interfaces + instead. + + libio.h was originally the header for a set of supported GNU extensions, + but they have not been maintained as such in many years, they are now + standing in the way of improvements to stdio, and we don't think there are + any remaining external users. _G_config.h was never intended for public + use, but predates the bits convention. + +Changes to build and runtime requirements: + +* bison version 2.7 or later is required to generate code in the 'intl' + subdirectory. + +Security related changes: + + CVE-2009-5064: The ldd script would sometimes run the program under + examination directly, without preventing code execution through the + dynamic linker. (The glibc project disputes that this is a security + vulnerability; only trusted binaries must be examined using the ldd + script.) + + CVE-2017-15670: The glob function, when invoked with GLOB_TILDE, + suffered from a one-byte overflow during ~ operator processing (either + on the stack or the heap, depending on the length of the user name). + Reported by Tim Rühsen. + + CVE-2017-15671: The glob function, when invoked with GLOB_TILDE, + would sometimes fail to free memory allocated during ~ operator + processing, leading to a memory leak and, potentially, to a denial + of service. + + CVE-2017-15804: The glob function, when invoked with GLOB_TILDE and + without GLOB_NOESCAPE, could write past the end of a buffer while + unescaping user names. Reported by Tim Rühsen. + + CVE-2017-17426: The malloc function, when called with an object size near + the value SIZE_MAX, would return a pointer to a buffer which is too small, + instead of NULL. This was a regression introduced with the new malloc + thread cache in glibc 2.26. Reported by Iain Buclaw. + + CVE-2017-1000408: Incorrect array size computation in _dl_init_paths leads + to the allocation of too much memory. (This is not a security bug per se, + it is mentioned here only because of the CVE assignment.) Reported by + Qualys. + + CVE-2017-1000409: Buffer overflow in _dl_init_paths due to miscomputation + of the number of search path components. (This is not a security + vulnerability per se because no trust boundary is crossed if the fix for + CVE-2017-1000366 has been applied, but it is mentioned here only because + of the CVE assignment.) Reported by Qualys. + + CVE-2017-16997: Incorrect handling of RPATH or RUNPATH containing $ORIGIN + for AT_SECURE or SUID binaries could be used to load libraries from the + current directory. + + CVE-2018-1000001: Buffer underflow in realpath function when getcwd function + succeeds without returning an absolute path due to unexpected behaviour + of the Linux kernel getcwd syscall. Reported by halfdog. + + CVE-2018-6485: The posix_memalign and memalign functions, when called with + an object size near the value of SIZE_MAX, would return a pointer to a + buffer which is too small, instead of NULL. Reported by Jakub Wilk. + + CVE-2018-6551: The malloc function, when called with an object size near + the value of SIZE_MAX, would return a pointer to a buffer which is too + small, instead of NULL. + +The following bugs are resolved with this release: + + [866] glob: glob should match dangling symlinks + [1062] glob: sysdeps/generic/glob.c merge from gnulib (part 3 of 3) + [2522] localedata: ca_ES@valencia: new Valencian (meridional Catalan) + locale + [5997] math: Very slow execution of sinf function + [10580] localedata: hr_HR: updated locale + [10871] locale: 'mon' array should contain both nominative and genitive + cases + [12349] localedata: eu_ES: incorrect thousands separator + [13605] localedata: shn_MM: new Shan locale + [13805] localedata: ru_RU: currency should use ',' as radix point + [13953] localedata: km_KH: locale update + [13994] localedata: mjw_IN: new locale + [14121] build: make writes .mo files in po directory + [14333] libc: Fix the race between atexit() and exit() + [14681] dynamic-link: _dl_get_origin leaks memory via executable link map. + [14925] localedata: bn_*: LC_IDENTIFICATION.language key should be + "Bangla" + [15260] localedata: LC_MESSAGES.{yes,no}{str,expr}: various errors + [15261] localedata: LC_MESSAGES.yesexpr/noexpr: inconsistent use of full- + width Latin characters + [15332] localedata: es_CU: locale update + [15436] stdio: Don't close or flush stdio streams on abort + [15537] localedata: lv_LV: invalid collation for Latvian diacritical + letters + [16148] localedata: ca_ES: incorrect thousands separator + [16750] dynamic-link: ldd should not try to execute the binaries + (CVE-2009-5064) + [16777] localedata: pl_PL: incorrect thousands separator in locale + [16905] localedata: hanzi: new collation + [17563] localedata: cmn_TW: add hanzi collation + [17750] localedata: wrong collation order of diacritics in most locales + [17804] libc: scandirat fails with ENOMEM because it checks for errno even + if malloc succeeded + [17956] build: Build fails on missing definitions from header file + nss/nss.h when Mozilla NSS is used for cryptography + [18203] libc: realpath() does not handle unreachable paths correctly + [18572] dynamic-link: [arm] Lazy TLSDESC relocation has data race + [18812] localedata: kab_DZ: new Kabyle Algeria locale + [18822] libc: Internal functions are called via PLT + [18858] string: _HAVE_STRING_ARCH_xxx aren't defined for i386 nor x86_64 + [19170] libc: __gmon_start__ defined in hppa in crtn.S + [19574] libc: glibc should support building static PIE binaries + [19852] localedata: charmaps/UTF-8: incorrect wcwidth for U+3099 and + U+309A + [19971] glob: glob: Do not skip entries with zero d_ino values + [19982] localedata: fr.po: spelling mistake for error code EXDEV + [20008] localedata: km_KH: convert to translit_neutral + [20009] localedata: tr_TR: convert LC_CTYPE to i18n + [20142] math: [x86_64] Add SSE4.1 trunc, truncf + [20204] dynamic-link: _dl_open_hook and _dlfcn_hook hardening + [20482] localedata: de_CH: abbreviated weekdays should be two letters + [20498] localedata: miq_NI: new Mískitu / Miskito (miq) language locale + for Nicaragua + [20532] nss: getaddrinfo uses errno and h_errno without guaranteeing + they're set, wrong errors returned by gaih_inet when lookup functions + are not found. + [20756] localedata: [PATCH] Use Unicode wise thousands separator + [20826] network: posix/tst-getaddrinfo5 fails on hosts without network + access + [20952] localedata: yuw_PG: new locale + [21084] localedata: charmaps/IBM858: new codepage + [21161] manual: [PATCH] fix typo in manual/arith.texi on strtoul prototype + [21242] libc: assert gives pedantic warning in old gcc versions + [21265] dynamic-link: _dl_runtime_resolve isn't compatible with Intel C++ + __regcall calling convention + [21309] math: signed integer overflow in sysdeps/ieee754/dbl-64/e_pow.c + [21326] libc: C99 functions are not declared for C++11 and later if + _GNU_SOURCE is not predefined by g++ + [21457] libc: sys/ucontext.h namespace + [21530] libc: tmpfile() should be implemented using O_TMPFILE + [21660] math: GCC fails to compile a formula with tgmath.h + [21672] nptl: sys-libs/glibc on ia64 crashes on thread exit: signal + SIGSEGV, Segmentation fault: pthread_create.c:432: __madvise + (pd->stackblock, freesize - PTHREAD_STACK_MIN, MADV_DONTNEED); + [21684] math: tgmath.h handling of complex integers + [21685] math: tgmath.h handling of bit-fields + [21686] math: tgmath.h handling of __int128 + [21706] localedata: yesstr and nostr are missing for Breton [LC_MESSAGES] + locale + [21745] libc: [powerpc64le] Extra PLT reference with --enable-stack- + protector=all + [21750] localedata: column width of characters incompatible with classical + wcwidth + [21754] malloc: malloc: Perform as little work as possible after heap + consistency check failures + [21780] libc: hppa: p{read,write}v2 does not set ENOSUP on invalid flag + [21790] libc: Missing __memset_zero_constant_len_parameter in libc.so + [21791] string: Unused XXX_chk_XXX functions in libc.a + [21815] dynamic-link: FAIL: elf/tst-prelink-cmp with GCC is defaulted to + PIE + [21836] localedata: Removed redundant data (LC_MONETARY) in various Indian + locales + [21845] localedata: Added new Locale bho_NP + [21853] localedata: Fix abday Which looks same as day in zh_SG + [21854] localedata: Added New Locale en_SC + [21864] libc: xmalloc.o is compiled with -DMODULE_NAME=libc + [21871] dynamic-link: _dl_runtime_resolve_avx_opt is slower than + _dl_runtime_resolve_avx_slow + [21885] network: getaddrinfo: gethosts does not release resolver context + on memory allocation failure + [21899] libc: XPG4.2 sigaction namespace + [21908] dynamic-link: dynamic linker broke on ia64 (mmap2 consolidation is + the suspect) + [21913] libc: static binaries SIGSEGV in __brk when host's gcc is pie-by- + default (i386) + [21915] nss: nss_files can return with NSS_STATUS_SUCCESS and a clobbered + errno value, causing getaddrinfo to fail + [21920] localedata: Fix p_cs_precedes/n_cs_precedes for mt_MT + [21922] network: getaddrinfo with AF_INET/AF_INET6 returns EAI_NONAME + instead of EAI_NODATA + [21928] libc: sys/ptrace.h: remove obsolete temporary development Linux + constant PTRACE_SEIZE_DEVEL + [21930] math: C-only gcc builtins used in <math.h> isinf + [21932] network: Unpaired __resolv_context_get in generic get*_r + implementation + [21941] math: powerpc: Wrong register constraint for xssqrtqp in sqrtf128 + [21944] libc: sigval namespace + [21951] localedata: Update hanzi collation by stroke + [21955] math: Wrong alignment of L(SP_RANGE)/L(SP_INF_0) in + sysdeps/x86_64/fpu/e_expf.S + [21956] libc: Stack allocation in MIPS syscall impl (ubounded stack + allocation in syscall loops) + [21959] localedata: Fix Country name for xh_ZA + [21960] localedata: Fix abmon for bem_ZM + [21966] math: AVX2 mathvec functions use FMA without checking + [21967] math: When 512-bit AVX2 wrapper functions in mathvec are used? + [21971] localedata: Added New Locale for mfe_MU + [21972] libc: assert macro requires operator== (int) for its argument type + [21973] math: [sparc] libm missing sqrtl compat symbol + [21974] libc: Remove __bb_init_func and __bb_exit_func + [21982] string: stratcliff.c: error: assuming signed overflow does not + occur with -O3 + [21986] stdio: __guess_grouping is called incorrectly + [21987] math: [sparc32] wrong bits/long-double.h installed + [22019] localedata: Wrong placement of monetary symbol in el_GR (negative + amounts) + [22022] localedata: Missing country_name for mni_IN + [22023] localedata: Removed redundant data (LC_TIME and LC_MESSAGES) for + niu_NZ + [22025] locale: iconv: Inconsistency between pointer mangling and NULL + checks + [22026] locale: iconv_open: heap overflow on gconv_init failure + [22028] math: bits/math-finite.h _MSUF_ expansion namespace + [22035] math: [m68k] bits/math-inline.h macro namespace + [22038] localedata: Fix abbreviated weeks and months for Somali + [22044] localedata: Remove redundant data for Limburgish Language + [22050] malloc: Linking with -lmcheck does not hook + __malloc_initialize_hook correctly + [22051] libc: zero terminator in the middle of glibc's .eh_frame + [22052] malloc: malloc failed to compile with GCC 7 and -O3 + [22070] localedata: charmaps/UTF-8: wcwidth for + Prepended_Concatenation_Mark codepoints set to 0 (should be 1) + [22074] localedata: charmaps/UTF-8: wcwidth for U+1160-U+11FF (Hangul + Jungseong and Jongseong) should be 0 + [22078] nss: nss_files performance issue in multi mode + [22082] math: bits/math-finite.h exp10 condition + [22086] libc: pcprofiledump incorrect cross-endian condition + [22093] dynamic-link: ld.so no longer searches in .../x86_64 + [22095] network: Name server address allocation memory leak in resolv.conf + parsing after OOM + [22096] network: __resolv_conf_attach can incorrectly free passed conf + object + [22100] localedata: om_KE: LC_TIME: copy redundant data from om_ET + [22101] dynamic-link: Dynamic loader must ignore "debug" shared objects + e.g. ET_GNU_DEBUG_* + [22111] malloc: malloc: per thread cache is not returned when thread exits + [22112] localedata: Fix LC_TELEPHONE/LC_NAME for az_AZ + [22134] libc: [linux] implement fexecve with execveat + [22142] libc: [powerpc] printf oupts a wrong value of DBL_MAX on ppc64 and + ppc64le + [22145] libc: ttyname() gives up too early in the face of namespaces + [22146] math: C++ build issue with float128 on x86_64 + [22153] nptl: nptl: save error code before process termination + [22156] libc: [hppa,ia64,microblaze] Executable stack default + [22159] malloc: malloc: MALLOC_CHECK_ broken with --enable-tunables=no + [22161] nscd: nscd cache prune for netgroups hangs after timeout bump + [22165] libc: [hppa] Text relocations in libc.so + [22180] libc: destructor registered via __cxa_atexit is called twice + [22183] glob: commit 5554304f0ddd ("posix: Allow glob to match dangling + symlinks") cause "make" segfaults + [22189] math: [powerpc] math_private.h definitions of math_opt_barrier and + math_force_eval + [22207] libc: FAIL: stdlib/test-atexit-race + [22225] math: nearbyint arithmetic moved before feholdexcept + [22229] math: [sparc32] missing copysignl, fabsl, fmal compat symbols + [22235] math: iscanonical in C++ and float128 + [22243] math: log2(0) and log10(0) are wrong in downward rounding without + the svid compat wrapper + [22244] math: ynf and yn are wrong without the svid compat wrapper + [22273] libc: Improper assert in Linux posix_spawn implementation + [22284] libc: -pg -pie doesn't work + [22292] locale: localedef exits with error 4 when it should be error 1 + [22294] locale: Allow "" for int_currency_symbol definition in locales. + [22295] locale: Don't warn on non-symbolic characters in locale sources in + --verbose. + [22296] math: glibc 2.26: signbit build issue with Gcc 5.5.0 on x86_64 + [22298] nptl: x32: lockups on recursive pthread_mutex_lock after upgrade + to 2.26 + [22299] dynamic-link: Problem with $PLATFORM on x86_64 platform + [22320] glob: Buffer overflow in glob with GLOB_TILDE (CVE-2017-15670) + [22321] libc: sysconf(_SC_IOV_MAX) returns -1 on Linux + [22322] libc: [mips64] wrong bits/long-double.h installed + [22325] glob: Memory leak in glob with GLOB_TILDE (CVE-2017-15671) + [22332] glob: Buffer overflow in glob with GLOB_TILDE in unescaping + (CVE-2017-15804) + [22336] localedata: cs_CZ LC_COLLATE does not use i18n + [22343] malloc: Integer overflow in posix_memalign + [22347] libc: getrandom() returns the number of bytes that were copied to + the buffer even though the comments say "Return 0 on success and -1 on + failure." + [22353] string: sysdeps/i386/i586/strcpy.S isn't maintainable + [22362] libc: Installed crt1.o, crti,.o and crtn.o files are used with + -m32 + [22370] dynamic-link: Incorrect note padding check + [22375] libc: malloc returns pointer from tcache_get when should return + NULL (CVE-2017-17426) + [22377] math: iseqsig, float128 and C++ + [22382] localedata: Error in tpi_PG locale + [22387] localedata: Replace unicode sequences <Uxxxx> for characters + inside the ASCII printable range + [22402] math: [powerpc64le] __MATH_TG does not support _Float128 for + -mlong-double-64 + [22403] localedata: Slash needs escaping in some locales + [22408] malloc: malloc_info access heaps without arena lock, ignores heaps + [22409] network: res_hnok does not accept some host names used on the + Internet + [22412] network: res_dnok, res_hnok should perform syntax checks + [22413] network: ns_name_pton ignores syntactically invalid trailing + backslash + [22415] stdio: setvbuf can lead to invalid free/segfault + [22432] build: Non-deterministic build + [22439] malloc: malloc_info should compute summary statistics for all sub- + heaps in an arena + [22442] network: if_nametoindex could report index for the wrong + networking interface + [22446] build: aliasing violation calling readlink in handle_request + [22447] build: unsafe call to strlen with a non-string in getlogin_r.c + [22457] libc: Generic preadv/pwritev incorrectly calls __posix_memalign + [22459] libc: FAIL: elf/check-localplt with __stack_chk_fail related to + __nscd_hash/__nss_hash + [22463] network: p_secstodate overflow handling + [22469] localedata: pl_PL LC_COLLATE does not use i18n + [22478] libc: sigwait can fail with EINTR + [22505] libc: ldconfig processes include directive in locale-specific + order + [22515] localedata: hsb_DE LC_COLLATE does not use copy "iso14651_t1" + [22517] localedata: et_EE LC_COLLATE does not use copy "iso14651_t1" + [22519] localedata: is_IS LC_COLLATE does not use copy "iso14651_t1" + [22524] localedata: lt_LT LC_COLLATE does not use copy "iso14651_t1" + [22527] localedata: tr_TR LC_COLLATE does not use copy "iso14651_t1" + [22534] localedata: Collation rules for Serbian and Bosnian should be the + same as for Croatian + [22561] math: [DR#471] cacosh (0 + iNaN) should return NaN +/- i pi/2 + [22568] math: [DR#471] ctanh (0 + iNaN), ctanh (0 + i Inf) + [22577] libc: missing newline after "cannot allocate TLS data structures + for initial thread" + [22588] manual: manual/conf.texi: missing underscore in front of + SC_SSIZE_MAX + [22593] math: nextafter and nexttoward are declared with const attribute + [22596] manual: manual: finite(nan) wrongly described as returning nonzero + [22603] string: ia64 memchr overflows internal pointer check + [22605] libc: SH clone does not set the exit code correctly + [22606] dynamic-link: Incorrect array size computation in _dl_init_paths + (CVE-2017-1000408) + [22607] dynamic-link: Buffer Overflow in _dl_init_paths (CVE-2017-1000409) + [22611] malloc: malloc/tst-realloc wrongly assumes that errno must not be + modified in case of success + [22614] build: gcc: error: unrecognized command line option ‘-no-pie’ + [22615] manual: manual: ambiguous wording about errno value in case of + success + [22624] libc: MIPS setjmp() saves incorrect 'o0' register in --enable- + stack-protector=all + [22625] dynamic-link: RPATH $ORIGIN replaced by PWD for AT_SECURE/SUID + binaries or if /proc is not mounted (CVE-2017-16997) + [22627] dynamic-link: $ORIGIN in $LD_LIBRARY_PATH is substituted twice + [22630] build: $(no-pie-ldflag) is no longer effective + [22631] math: [m68k] Bad const attributes in bits/mathinline.h + [22635] nptl: pthread_self returns NULL before libpthread is loaded + [22636] nptl: PTHREAD_STACK_MIN is too small on x86-64 + [22637] nptl: guard size is subtracted from thread stack size instead of + adding it on top + [22648] libc: getrlimit/setrlimit with RLIM_INFINITY broken on alpha + [22657] localedata: hu_HU: Avoid double space in date + [22660] math: fmax, fmin sNaN handling on alpha + [22664] libc: New warning of GCC8 + [22665] math: alpha: ceil and floor raise inexact exceptions + [22666] math: alpha: trunc raise inexact exceptions + [22667] libc: makecontext lacks stack alignment on i386 + [22678] libc: prlimit fails for RLIM_INFINITY values on 32-bit machines + [22679] libc: getcwd(3) can succeed without returning an absolute path + (CVE-2018-1000001) + [22685] libc: PowerPC: Static AT_SECURE binaries segfault with lock- + elision and tunables + [22687] math: [powerpc-nofpu] complex long double functions spurious + "invalid" exception + [22688] math: [powerpc-nofpu] remainderl wrong sign of zero result + [22690] math: [ldbl-128ibm] lrintl, lroundl missing "invalid" exceptions + [22691] math: [powerpc-nofpu] fmaxmagl, fminmagl spurious "invalid" + exception + [22693] math: [ldbl-128ibm] log1pl (-qNaN) spurious "invalid" exception + [22697] math: [powerpc] llround spurious "inexact" exceptions on 32-bit + power4 + [22701] nis: Incomplete removal of libnsl + [22702] math: [powerpc-nofpu] nearbyintl traps with trapping "inexact" + [22707] libc: Missing defines in elf.h for DF_1_STUB and DF_1_PIE. + [22715] dynamic-link: FAIL: elf/tst-audit10 + [22719] libc: Backtrace tests fail on hppa + [22742] libc: [aarch64] mcontext_t __reserved field got renamed + [22743] nptl: __pthread_register_cancel corrupts stack after f81ddabffd + [22765] crypt: (struct crypt_data *data)->initialized is not set to zero + before the first call to crypt_r () in crypt/badsalttest.c + + +Version 2.26 + +Major new features: + +* A per-thread cache has been added to malloc. Access to the cache requires + no locks and therefore significantly accelerates the fast path to allocate + and free small amounts of memory. Refilling an empty cache requires locking + the underlying arena. Performance measurements show significant gains in a + wide variety of user workloads. Workloads were captured using a special + instrumented malloc and analyzed with a malloc simulator. Contributed by + DJ Delorie with the help of Florian Weimer, and Carlos O'Donell. + +* Unicode 10.0.0 Support: Character encoding, character type info, and + transliteration tables are all updated to Unicode 10.0.0, using + generator scripts contributed by Mike FABIAN (Red Hat). + These updates cause user visible changes, especially the changes in + wcwidth for many emoji characters cause problems when emoji sequences + are rendered with pango, see for example: + https://bugzilla.gnome.org/show_bug.cgi?id=780669#c5 + +* Collation of Hungarian has been overhauled and is now consistent with "The + Rules of Hungarian Orthography, 12th edition" (Bug 18934). Contributed by + Egmont Koblinger. + +* Improvements to the DNS stub resolver, contributed by Florian Weimer: + + - The GNU C Library will now detect when /etc/resolv.conf has been + modified and reload the changed configuration. The new resolver option + “no-reload” (RES_NORELOAD) disables this behavior. + + - The GNU C Library now supports an arbitrary number of search domains + (configured using the “search” directive in /etc/resolv.conf); + previously, there was a hard limit of six domains. For backward + compatibility, applications that directly modify the ‘_res’ global + object are still limited to six search domains. + + - When the “rotate” (RES_ROTATE) resolver option is active, the GNU C + Library will now randomly pick a name server from the configuration as a + starting point. (Previously, the second name server was always used.) + +* The tunables feature is now enabled by default. This allows users to tweak + behavior of the GNU C Library using the GLIBC_TUNABLES environment variable. + +* New function reallocarray, which resizes an allocated block (like realloc) + to the product of two sizes, with a guaranteed clean failure upon integer + overflow in the multiplication. Originally from OpenBSD, contributed by + Dennis Wölfing and Rüdiger Sonderfeld. + +* New wrappers for the Linux-specific system calls preadv2 and pwritev2. + These are extended versions of preadv and pwritev, respectively, taking an + additional flags argument. The set of supported flags depends on the + running kernel; full support currently requires kernel 4.7 or later. + +* posix_spawnattr_setflags now supports the flag POSIX_SPAWN_SETSID, to + create a new session ID for the spawned process. This feature is + scheduled to be added to the next major revision of POSIX; for the time + being, it is available under _GNU_SOURCE. + +* errno.h is now safe to use from C-preprocessed assembly language on all + supported operating systems. In this context, it will only define the + Exxxx constants, as preprocessor macros expanding to integer literals. + +* On ia64, powerpc64le, x86-32, and x86-64, the math library now implements + 128-bit floating point as defined by ISO/IEC/IEEE 60559:2011 (IEEE + 754-2008) and ISO/IEC TS 18661-3:2015. Contributed by Paul E. Murphy, + Gabriel F. T. Gomes, Tulio Magno Quites Machado Filho, and Joseph Myers. + + To compile programs that use this feature, the compiler must support + 128-bit floating point with the type name _Float128 (as defined by TS + 18661-3) or __float128 (the nonstandard name used by GCC for C++, and for + C prior to version 7). _GNU_SOURCE or __STDC_WANT_IEC_60559_TYPES_EXT__ + must be defined to make the new interfaces visible. + + The new functions and macros correspond to those present for other + floating-point types (except for a few obsolescent interfaces not + supported for the new type), with F128 or f128 suffixes; for example, + strtof128, HUGE_VAL_F128 and cosf128. Following TS 18661-3, there are no + printf or scanf formats for the new type; the strfromf128 and strtof128 + interfaces should be used instead. + +Deprecated and removed features, and other changes affecting compatibility: + +* The synchronization that pthread_spin_unlock performs has been changed to + now be equivalent to a C11 atomic store with release memory order to the + spin lock's memory location. Previously, several (but not all) + architectures used stronger synchronization (e.g., containing what is + often called a full barrier). This change can improve performance, but + may affect odd fringe uses of spin locks that depend on the previous + behavior (e.g., using spin locks as atomic variables to try to implement + Dekker's mutual exclusion algorithm). + +* The port to Native Client running on ARMv7-A (--host=arm-nacl) has been + removed. + +* Sun RPC is deprecated. The rpcgen program, librpcsvc, and Sun RPC headers + will only be built and installed when the GNU C Library is configured with + --enable-obsolete-rpc. This allows alternative RPC implementations, such + as TIRPC or rpcsvc-proto, to be used. + +* The NIS(+) name service modules, libnss_nis, libnss_nisplus, and + libnss_compat, are deprecated, and will not be built or installed by + default. + + The NIS(+) support library, libnsl, is also deprecated. By default, a + compatibility shared library will be built and installed, but not headers + or development libraries. Only a few NIS-related programs require this + library. (In particular, the GNU C Library has never required programs + that use 'gethostbyname' to be linked with libnsl.) + + Replacement implementations based on TIRPC, which additionally support + IPv6, are available from <https://github.com/thkukuk/>. The configure + option --enable-obsolete-nsl will cause libnsl's headers, and the NIS(+) + name service modules, to be built and installed. + +* The DNS stub resolver no longer performs EDNS fallback. If EDNS or DNSSEC + support is enabled, the configured recursive resolver must support EDNS. + (Responding to EDNS-enabled queries with responses which are not + EDNS-enabled is fine, but FORMERR responses are not.) + +* res_mkquery and res_nmkquery no longer support the IQUERY opcode. DNS + servers have not supported this opcode for a long time. + +* The _res_opcodes variable has been removed from libresolv. It had been + exported by accident. + +* <string.h> no longer includes inline versions of any string functions, + as this kind of optimization is better done by the compiler. The macros + __USE_STRING_INLINES and __NO_STRING_INLINES no longer have any effect. + +* The nonstandard header <xlocale.h> has been removed. Most programs should + use <locale.h> instead. If you have a specific need for the definition of + locale_t with no other declarations, please contact + libc-alpha@sourceware.org and explain. + +* The obsolete header <sys/ultrasound.h> has been removed. + +* The obsolete signal constant SIGUNUSED is no longer defined by <signal.h>. + +* The obsolete function cfree has been removed. Applications should use + free instead. + +* The stack_t type no longer has the name struct sigaltstack. This changes + the C++ name mangling for interfaces involving this type. + +* The ucontext_t type no longer has the name struct ucontext. This changes + the C++ name mangling for interfaces involving this type. + +* On M68k GNU/Linux and MIPS GNU/Linux, the fpregset_t type no longer has + the name struct fpregset. On Nios II GNU/Linux, the mcontext_t type no + longer has the name struct mcontext. On SPARC GNU/Linux, the struct + mc_fq, struct rwindow, struct fpq and struct fq types are no longer + defined in sys/ucontext.h, the mc_fpu_t type no longer has the name struct + mc_fpu, the gwindows_t type no longer has the name struct gwindows and the + fpregset_t type no longer has the name struct fpu. This changes the C++ + name mangling for interfaces involving those types. + +* On S/390 GNU/Linux, the constants defined by <sys/ptrace.h> have been + synced with the kernel: + + - PTRACE_GETREGS, PTRACE_SETREGS, PTRACE_GETFPREGS and PTRACE_SETFPREGS + are not supported on this architecture and have been removed. + + - PTRACE_SINGLEBLOCK, PTRACE_SECCOMP_GET_FILTER, PTRACE_PEEKUSR_AREA, + PTRACE_POKEUSR_AREA, PTRACE_GET_LAST_BREAK, PTRACE_ENABLE_TE, + PTRACE_DISABLE_TE and PTRACE_TE_ABORT_RAND have been added. + + Programs that assume the GET/SETREGS ptrace requests are universally + available will now fail to build, instead of malfunctioning at runtime. + +Changes to build and runtime requirements: + +* Linux kernel 3.2 or later is required at runtime, on all architectures + supported by that kernel. (This is a change from version 2.25 only for + x86-32 and x86-64.) + +* GNU Binutils 2.25 or later is now required to build the GNU C Library. + +* On most architectures, GCC 4.9 or later is required to build the GNU C + Library. On powerpc64le, GCC 6.2 or later is required. + + Older GCC versions and non-GNU compilers are still supported when + compiling programs that use the GNU C Library. (We do not know exactly + how old, and some GNU extensions to C may be _de facto_ required. If you + are interested in helping us make this statement less vague, please + contact libc-alpha@sourceware.org.) + +Security related changes: + +* The DNS stub resolver limits the advertised UDP buffer size to 1200 bytes, + to avoid fragmentation-based spoofing attacks (CVE-2017-12132). + +* LD_LIBRARY_PATH is now ignored in binaries running in privileged AT_SECURE + mode to guard against local privilege escalation attacks (CVE-2017-1000366). + +* Avoid printing a backtrace from the __stack_chk_fail function since it is + called on a corrupt stack and a backtrace is unreliable on a corrupt stack + (CVE-2010-3192). + +* A use-after-free vulnerability in clntudp_call in the Sun RPC system has been + fixed (CVE-2017-12133). + +The following bugs are resolved with this release: + + [984] network: Respond to changed resolv.conf in gethostbyname + [5010] network: sunrpc service cleanup causes unwanted port mapper traffic + [12068] localedata: sc_IT: misspelled yesexpr/day/abday/mon/abmon/date_fmt + fields + [12189] libc: __stack_chk_fail should not attempt a backtrace + (CVE-2010-3192) + [14096] time: Race condition on timezone/tst-timezone.out + [14172] localedata: az_IR: new locale + [14995] build: glibc fails to build if gold is the default linker, even if + ld.bfd is available + [15998] build: [powerpc] Set arch_minimum_kernel for powerpc LE + [16637] network: inet_pton function is accepting IPv6 with bad format + [16640] string: string/strtok.c: undefined behaviour inconsistent between + x86 and other generic code + [16875] localedata: ko_KR: fix lang_name + [17225] localedata: ar_SY: localized month names for May and June are + incorrect + [17297] localedata: da_DK: wrong date_fmt string + [18907] stdio: Incorrect order of __wur __THROW in <printf.h> + [18934] localedata: hu_HU: collate: fix multiple bugs and add tests + [18988] nptl: pthread wastes memory with mlockall(MCL_FUTURE) + [19066] localedata: ar_SA abbreviated day and month names are in English + [19569] network: resolv: Support an arbitrary number of search domains + [19570] network: Implement random DNS server selection in the stub + resolver + [19838] locale: localedef fails on PA-RISC + [19919] localedata: iso14651_t1_common: Correct the Malayalam sorting + order of 0D36 and 0D37 + [19922] localedata: iso14651_t1_common: Define collation for Malayalam + chillu characters + [20098] libc: FAIL: debug/backtrace-tst on hppa + [20257] network: sunrpc: clntudp_call does not enforce timeout when + receiving data + [20275] localedata: locale day/abday/mon/abmon should not have trailing + whitespace + [20313] localedata: Update locale data to Unicode 9.0 + [20424] manual: Document how to provide a malloc replacement + [20496] localedata: agr_PE: new language locale Awajún / Aguaruna (agr) + for Peru + [20686] locale: Add el_GR@euro to SUPPORTED. + [20831] dynamic-link: _dl_map_segments does not test for __mprotect + failures consistently + [21015] dynamic-link: Document and fix --enable-bind-now + [21016] nptl: pthread_cond support is broken on hppa + [21029] libc: glibc-2.23 (and later) fails to compile with -fno-omit- + frame-pointer on i386 + [21049] libc: segfault in longjmp_chk() due to clobbered processor + register + [21075] libc: unused assigment to %g4 in sparc/sparc{64,32}/clone.S + [21088] libc: Build fails with --enable-static-nss + [21094] math: cosf(1.57079697) has 3 ulp error on targets where the + generic c code is used + [21109] libc: Tunables broken on big-endian + [21112] math: powf has large ulp errors with base close to 1 and exponent + around 4000 + [21115] network: sunrpc: Use-after-free in error path in clntudp_call + (CVE-2017-12133) + [21120] malloc: glibc malloc is incompatible with GCC 7 + [21130] math: Incorrect return from y0l (-inf) and y1l (-inf) when linking + with -lieee + [21134] math: Exception (divide by zero) not set for y0/y1 (0.0) and y0/y1 + (-0.0) when linking with -lieee + [21171] math: log10, log2 and lgamma return incorrect results + [21179] libc: handle R_SPARC_DISP64 and R_SPARC_REGISTER relocs + [21182] libc: __memchr_sse2: regression in glibc-2.25 on i686 + [21207] localedata: ce_RU: update weekdays from CLDR + [21209] dynamic-link: LD_HWCAP_MASK read in setuid binaries + [21217] localedata: Update months from CLDR-31 + [21232] libc: miss posix_fadvise64 on MIPS64 when static linking + [21243] libc: support_delete_temp_file should issue warning for failed + remove() + [21244] libc: support resolv_test_start() socket fd close should be + checked for errors. + [21253] libc: localedef randomly segfaults when using -fstack-check due to + new posix_spawn implementation + [21258] dynamic-link: Branch predication in _dl_runtime_resolve_avx512_opt + leads to lower CPU frequency + [21259] libc: [alpha] termios.h missing IXANY for POSIX + [21261] libc: [sparc64] bits/setjmp.h namespace + [21267] network: [mips] bits/socket.h IOC* namespace + [21268] libc: [alpha] termios.h NL2, NL3 namespace + [21270] libc: mmap64 silently truncates large offset values + [21275] libc: posix_spawn always crashes on ia64 now + [21277] libc: [alpha] termios.h missing IUCLC for UNIX98 and older + [21280] math: [powerpc] logbl for POWER7 return incorrect results + [21289] libc: Incorrect declaration for 32-bit platforms with + _FILE_OFFSET_BITS=64 causes build error + [21295] network: GETAI(AF_UNSPEC) drops IPv6 addresses if nss module does + not support gethostbyname4_r + [21298] nptl: rwlock can deadlock on frequent reader/writer phase + switching + [21338] malloc: mallopt M_ARENA_MAX doesn't set the maximum number of + arenas + [21340] libc: Support POSIX_SPAWN_SETSID + [21357] libc: unwind-dw2-fde deadlock when using AddressSanitizer + [21359] network: ns_name_pack needs additional byte in destination buffer + [21361] network: resolv: Reduce advertised EDNS0 buffer size to guard + against fragmentation attacks (CVE-2017-12132) + [21369] network: resolv: Remove EDNS fallback + [21371] libc: Missing timespec definition when compiled with _XOPEN_SOURCE + and _POSIX_C_SOURCE + [21386] nptl: Assertion in fork for distinct parent PID is incorrect + [21391] dynamic-link: x86: Set dl_platform and dl_hwcap from CPU features + [21393] stdio: Missing dup3 error check in freopen, freopen64 + [21396] libc: Use AVX2 memcpy/memset on Skylake server + [21399] localedata: Bad description for U00EC in + localedata/charmaps/CP1254 + [21411] malloc: realloc documentation error + [21426] network: sys/socket.h uio.h namespace + [21428] libc: [aarch64] tst-backtrace5 testsuite failure + [21445] libc: signal.h bsd_signal namespace + [21455] network: Network headers stdint.h namespace + [21474] network: resolv: res_init does not use RES_DFLRETRY (2) but 4 for + retry value + [21475] network: resolv: Overlong search path is truncated mid-label + [21511] libc: sigstack namespace + [21512] libc: clone() ends up calling exit_group() through _exit() wrapper + [21514] libc: sysdeps/unix/sysv/linux/sys/syscall.h:31:27: fatal error: + bits/syscall.h: No such file or directory + [21517] libc: struct sigaltstack namespace + [21528] dynamic-link: Duplicated minimal strtoul implementations in ld.so + [21533] localedata: Update locale data to Unicode 10.0 + [21537] libc: + ../sysdeps/unix/sysv/linux/s390/s390-32/__makecontext_ret.S:44: Error: + junk at end of line, first unrecognized character is `@' + [21538] libc: SIG_HOLD missing for XPG4 + [21539] libc: S390: Mismatch between kernel and glibc ptrace.h with + request 12: PTRACE_SINGLEBLOCK vs PTRACE_GETREGS. + [21542] libc: Use conservative default for sysconf (_SC_NPROCESSORS_ONLN) + [21543] libc: sigevent namespace + [21548] libc: [mips] get/set/make/swap context for MIPS O32 assume wrong + size for general purpose registers in mcontext_t structure + [21550] libc: sigwait namespace + [21552] libc: XPG4 bsd_signal namespace + [21554] libc: sigpause namespace + [21560] libc: sys/wait.h signal.h namespace + [21561] libc: waitid namespace + [21573] nptl: GCC 7: /usr/bin/install: cannot remove + '/usr/include/stdlib.h': Permission denied + [21575] libc: sys/wait.h missing struct rusage definition + [21584] libc: sigaltstack etc namespace + [21597] libc: siginterrupt namespace + [21607] math: hppa: FAIL: math/test-tgmath + [21609] dynamic-link: Incomplete workaround for GCC __tls_get_addr ABI + issue on x86-64 + [21622] libc: [tile] missing SA_* for POSIX.1:2008 + [21624] dynamic-link: ld.so: Unsafe alloca allows local attackers to alias + stack and heap (CVE-2017-1000366) + [21625] libc: wait3 namespace + [21654] nss: Incorrect pointer alignment in NSS group merge result + construction + [21657] network: Parse interface zone id for node-local multicast + [21662] string: memcmp-avx2-movbe.S lacks saturating subtraction for + between_2_3 + [21666] libc: .symver is used on common symbol + [21668] network: resolv: res_init cross-thread broadcast introduces race + conditions + [21687] math: tgmath.h totalorder, totalordermag return type + [21694] locale: Current Glibc Locale Does Not Support Tok-Pisin and Fiji + Hindi Locale + [21696] libc: Incorrect assumption of of __cpu_mask in + posix/sched_cpucount.c + [21697] libc: sysdeps/posix/spawni.c: 2 * suspicious condition ? + [21706] localedata: yesstr and nostr are missing for Breton [LC_MESSAGES] + locale + [21707] math: ppc64le: Invalid IFUNC resolver from libgcc calls getauxval, + leading to relocation crash + [21709] libc: resolv_conf.c:552: update_from_conf: Assertion + `resolv_conf_matches (resp, conf)' failed. + [21710] localedata: Added Samoan language locale for Samoa + [21711] localedata: Pashto yesstr/nostr locale are missing + [21715] nptl: sysdeps/nptl/bits/pthreadtypes.h: typedef guard + __have_pthread_attr_t can cause redefinition of typedef ‘pthread_attr_t’ + [21721] localedata: Incorrect Full Weekday names for ks_IN@devanagari + [21723] localedata: yesstr/nostr missing for Chinese language locale + [21724] localedata: yesstr and nostr are missing for Xhosa [LC_MESSAGES] + locale + [21727] localedata: yesstr and nostr are missing for Tsonga [LC_MESSAGES] + locale + [21728] localedata: New Locale for Tongan language + [21729] localedata: incorrect LC_NAME fields for hi_IN + [21733] localedata: yesstr and nostr are missing for zh_HK + [21734] localedata: Missing yesstr and nostr are for kw_GB + [21738] libc: misc/tst-preadvwritev2 and misc/tst-preadvwritev64v2 fail + [21741] libc: Undefined __memmove_chk_XXX and __memset_chk_XXX in libc.a + [21742] libc: _dl_num_cache_relocations is undefined in libc.a + [21743] localedata: ks_IN@devanagari: abday strings mismatch the day + strings + [21744] libc: Tests failing on --enable-tunables --enable-stack- + protector=all + [21749] localedata: Wrong abbreviated day name (“abday”) for + ar_JO/ar_LB/ar_SY + [21756] localedata: missing yesstr, nostr for nds_DE and nds_NL + [21757] localedata: missing yesstr, nostr for pap_AW and pap_CW + [21759] localedata: missing yesstr and nostr for Tigrinya + [21760] localedata: Fix LC_MESSAGES and LC_ADDRESS for anp_IN + [21766] localedata: Wrong LC_MESSAGES for om_ET Locale + [21767] localedata: Missing Bislama locales + [21768] localedata: Missing yesstr and nostr for aa_ET + [21770] localedata: Missing Field in li_NL + [21778] nptl: Robust mutex may deadlock + [21779] libc: MicroBlaze segfaults when loading libpthread + [21783] localedata: Fix int_select international_call_prefixes + [21784] localedata: Inconsistency in country_isbn + [21788] localedata: Missing Country Postal Abbreviations + [21794] localedata: Added-country_isbn-for-Italy + [21795] localedata: Add/Fix country_isbn for France + [21796] localedata: Added country_isbn for Republic of Korea + [21797] localedata: Fix inconsistency in country_isbn and missing prefixes + [21799] localedata: Added int_select international_call_prefixes + [21801] localedata: Added int_select international_call_prefixes + [21804] nptl: Double semicolon in thread-shared-types.h + [21807] localedata: LC_ADDRESS fix for pap_CW + [21808] localedata: Fix LC_ADDRESS for pap_AW + [21821] localedata: Added country_name in mai_IN + [21822] localedata: Fix LC_TIME for mai_IN + [21823] localedata: missing yesstr, nostr for sa_IN + [21825] localedata: Fix name_mrs for mag_IN + [21828] localedata: 2.26 changelog should mention user visible changes + with unicode 9.0 + [21835] localedata: Added Maithili language locale for Nepal + [21838] localedata: Removed redundant data for the_NP + [21839] localedata: Fix LC_MONETARY for ta_LK + [21844] localedata: Fix Latin characters and Months Sequence. + [21848] localedata: Fix mai_NP Title Name + + +Version 2.25 + +* The feature test macro __STDC_WANT_LIB_EXT2__, from ISO/IEC TR + 24731-2:2010, is supported to enable declarations of functions from that + TR. Note that not all functions from that TR are supported by the GNU C + Library. + +* The feature test macro __STDC_WANT_IEC_60559_BFP_EXT__, from ISO/IEC TS + 18661-1:2014, is supported to enable declarations of functions and macros + from that TS. Note that not all features from that TS are supported by + the GNU C Library. + +* The feature test macro __STDC_WANT_IEC_60559_FUNCS_EXT__, from ISO/IEC TS + 18661-4:2015, is supported to enable declarations of functions and macros + from that TS. Note that most features from that TS are not supported by + the GNU C Library. + +* The nonstandard feature selection macros _REENTRANT and _THREAD_SAFE are + now treated as compatibility synonyms for _POSIX_C_SOURCE=199506L. + Since the GNU C Library defaults to a much newer revision of POSIX, this + will only affect programs that specifically request an old conformance + mode. For instance, a program compiled with -std=c89 -D_REENTRANT will + see a change in the visible declarations, but a program compiled with + just -D_REENTRANT, or -std=c99 -D_POSIX_C_SOURCE=200809L -D_REENTRANT, + will not. + + Some C libraries once required _REENTRANT and/or _THREAD_SAFE to be + defined by all multithreaded code, but glibc has not required this for + many years. + +* The inclusion of <sys/sysmacros.h> by <sys/types.h> is deprecated. This + means that in a future release, the macros “major”, “minor”, and “makedev” + will only be available from <sys/sysmacros.h>. + + These macros are not part of POSIX nor XSI, and their names frequently + collide with user code; see for instance glibc bug 19239 and Red Hat bug + 130601. <stdlib.h> includes <sys/types.h> under _GNU_SOURCE, and C++ code + presently cannot avoid being compiled under _GNU_SOURCE, exacerbating the + problem. + +* New <fenv.h> features from TS 18661-1:2014 are added to libm: the + fesetexcept, fetestexceptflag, fegetmode and fesetmode functions, the + femode_t type and the FE_DFL_MODE and FE_SNANS_ALWAYS_SIGNAL macros. + +* Integer width macros from TS 18661-1:2014 are added to <limits.h>: + CHAR_WIDTH, SCHAR_WIDTH, UCHAR_WIDTH, SHRT_WIDTH, USHRT_WIDTH, INT_WIDTH, + UINT_WIDTH, LONG_WIDTH, ULONG_WIDTH, LLONG_WIDTH, ULLONG_WIDTH; and to + <stdint.h>: INT8_WIDTH, UINT8_WIDTH, INT16_WIDTH, UINT16_WIDTH, + INT32_WIDTH, UINT32_WIDTH, INT64_WIDTH, UINT64_WIDTH, INT_LEAST8_WIDTH, + UINT_LEAST8_WIDTH, INT_LEAST16_WIDTH, UINT_LEAST16_WIDTH, + INT_LEAST32_WIDTH, UINT_LEAST32_WIDTH, INT_LEAST64_WIDTH, + UINT_LEAST64_WIDTH, INT_FAST8_WIDTH, UINT_FAST8_WIDTH, INT_FAST16_WIDTH, + UINT_FAST16_WIDTH, INT_FAST32_WIDTH, UINT_FAST32_WIDTH, INT_FAST64_WIDTH, + UINT_FAST64_WIDTH, INTPTR_WIDTH, UINTPTR_WIDTH, INTMAX_WIDTH, + UINTMAX_WIDTH, PTRDIFF_WIDTH, SIG_ATOMIC_WIDTH, SIZE_WIDTH, WCHAR_WIDTH, + WINT_WIDTH. + +* New <math.h> features are added from TS 18661-1:2014: + + - Signaling NaN macros: SNANF, SNAN, SNANL. + + - Nearest integer functions: roundeven, roundevenf, roundevenl, fromfp, + fromfpf, fromfpl, ufromfp, ufromfpf, ufromfpl, fromfpx, fromfpxf, + fromfpxl, ufromfpx, ufromfpxf, ufromfpxl. + + - llogb functions: the llogb, llogbf and llogbl functions, and the + FP_LLOGB0 and FP_LLOGBNAN macros. + + - Max-min magnitude functions: fmaxmag, fmaxmagf, fmaxmagl, fminmag, + fminmagf, fminmagl. + + - Comparison macros: iseqsig. + + - Classification macros: iscanonical, issubnormal, iszero. + + - Total order functions: totalorder, totalorderf, totalorderl, + totalordermag, totalordermagf, totalordermagl. + + - Canonicalize functions: canonicalize, canonicalizef, canonicalizel. + + - NaN functions: getpayload, getpayloadf, getpayloadl, setpayload, + setpayloadf, setpayloadl, setpayloadsig, setpayloadsigf, setpayloadsigl. + +* The functions strfromd, strfromf, and strfroml, from ISO/IEC TS 18661-1:2014, + are added to libc. They convert a floating-point number into string. + +* Most of glibc can now be built with the stack smashing protector enabled. + It is recommended to build glibc with --enable-stack-protector=strong. + Implemented by Nick Alcock (Oracle). + +* The function explicit_bzero, from OpenBSD, has been added to libc. It is + intended to be used instead of memset() to erase sensitive data after use; + the compiler will not optimize out calls to explicit_bzero even if they + are "unnecessary" (in the sense that no _correct_ program can observe the + effects of the memory clear). + +* On ColdFire, MicroBlaze, Nios II and SH3, the float_t type is now defined + to float instead of double. This does not affect the ABI of any libraries + that are part of the GNU C Library, but may affect the ABI of other + libraries that use this type in their interfaces. + +* On x86_64, when compiling with -mfpmath=387 or -mfpmath=sse+387, the + float_t and double_t types are now defined to long double instead of float + and double. These options are not the default, and this does not affect + the ABI of any libraries that are part of the GNU C Library, but it may + affect the ABI of other libraries that use this type in their interfaces, + if they are compiled or used with those options. + +* The getentropy and getrandom functions, and the <sys/random.h> header file + have been added. + +* The buffer size for byte-oriented stdio streams is now limited to 8192 + bytes by default. Previously, on Linux, the default buffer size on most + file systems was 4096 bytes (and thus remains unchanged), except on + network file systems, where the buffer size was unpredictable and could be + as large as several megabytes. + +* The <sys/quota.h> header now includes the <linux/quota.h> header. Support + for the Linux quota interface which predates kernel version 2.4.22 has + been removed. + +* The malloc_get_state and malloc_set_state functions have been removed. + Already-existing binaries that dynamically link to these functions will + get a hidden implementation in which malloc_get_state is a stub. As far + as we know, these functions are used only by GNU Emacs and this change + will not adversely affect already-built Emacs executables. Any undumped + Emacs executables, which normally exist only during an Emacs build, should + be rebuilt by re-running “./configure; make” in the Emacs build tree. + +* The “ip6-dotint” and “no-ip6-dotint” resolver options, and the + corresponding RES_NOIP6DOTINT flag from <resolv.h> have been removed. + “no-ip6-dotint” had already been the default, and support for the + “ip6-dotint” option was removed from the Internet in 2006. + +* The "ip6-bytestring" resolver option and the corresponding RES_USEBSTRING + flag from <resolv.h> have been removed. The option relied on a + backwards-incompatible DNS extension which was never deployed on the + Internet. + +* The flags RES_AAONLY, RES_PRIMARY, RES_NOCHECKNAME, RES_KEEPTSIG, + RES_BLAST defined in the <resolv.h> header file have been deprecated. + They were already unimplemented. + +* The "inet6" option in /etc/resolv.conf and the RES_USE_INET6 flag for + _res.flags are deprecated. The flag was standardized in RFC 2133, but + removed again from the IETF name lookup interface specification in RFC + 2553. Applications should use getaddrinfo instead. + +* DNSSEC-related declarations and definitions have been removed from the + <arpa/nameser.h> header file, and libresolv will no longer attempt to + decode the data part of DNSSEC record types. Previous versions of glibc + only implemented minimal support for the previous version of DNSSEC, which + is incompatible with the currently deployed version. + +* The resource record type classification macros ns_t_qt_p, ns_t_mrr_p, + ns_t_rr_p, ns_t_udp_p, ns_t_xfr_p have been removed from the + <arpa/nameser.h> header file because the distinction between RR types and + meta-RR types is not officially standardized, subject to revision, and + thus not suitable for encoding in a macro. + +* The types res_sendhookact, res_send_qhook, re_send_rhook, and the qhook + and rhook members of the res_state type in <resolv.h> have been removed. + The glibc stub resolver did not support these hooks, but the header file + did not reflect that. + +* For multi-arch support it is recommended to use a GCC which has + been built with support for GNU indirect functions. This ensures + that correct debugging information is generated for functions + selected by IFUNC resolvers. This support can either be enabled by + configuring GCC with '--enable-gnu-indirect-function', or by + enabling it by default by setting 'default_gnu_indirect_function' + variable for a particular architecture in the GCC source file + 'gcc/config.gcc'. + +* GDB pretty printers have been added for mutex and condition variable + structures in POSIX Threads. When installed and loaded in gdb these pretty + printers show various pthread variables in human-readable form when read + using the 'print' or 'display' commands in gdb. + +* Tunables feature added to allow tweaking of the runtime for an application + program. This feature can be enabled with the '--enable-tunables' configure + flag. The GNU C Library manual has details on usage and README.tunables has + instructions on adding new tunables to the library. + +* A new version of condition variables functions have been implemented in + the NPTL implementation of POSIX Threads to provide stronger ordering + guarantees. + +* A new version of pthread_rwlock functions have been implemented to use a more + scalable algorithm primarily through not using a critical section anymore to + make state changes. + +Security related changes: + +* On ARM EABI (32-bit), generating a backtrace for execution contexts which + have been created with makecontext could fail to terminate due to a + missing .cantunwind annotation. This has been observed to lead to a hang + (denial of service) in some Go applications compiled with gccgo. Reported + by Andreas Schwab. (CVE-2016-6323) + +* The DNS stub resolver functions would crash due to a NULL pointer + dereference when processing a query with a valid DNS question type which + was used internally in the implementation. The stub resolver now uses a + question type which is outside the range of valid question type values. + (CVE-2015-5180) + +The following bugs are resolved with this release: + + [4099] stdio: Overly agressive caching by stream i/o functions. + [7065] build: Support building glibc with -fstack-protector or -fstack- + protector-all + [9842] localedata: en_CA: incorrect date format + [13165] nptl: pthread_cond_wait() can consume a signal that was sent + before it started waiting + [14139] manual: Do not hardcode platform names in manual/libm-err-tab.pl + [15765] nptl: sem_open is wrongly a cancellation point + [16421] network: IN6_IS_ADDR_UNSPECIFIED can use undefined s6_addr32 + [16458] libc: endian.h and netinet/in.h byte order macros return values of + wrong type + [16628] dynamic-link: Segfault after a binary without pthread dlopen()s a + library linked with pthread + [16630] nptl: Use SYSENTER for pthread_cond_broadcast/signal() (i.e. fix + "FIXME: Ingo" issue) + [16907] libc: <argp.h> compiled with --std=cXX disables __attribute__ + [17252] libc: getrandom and getentropy syscall + [17730] malloc: thread-local storage is sometimes improperly free()'d + after being __libc_memalign()'d + [18241] stdio: failed fseek on memstream does not set errno and can fail + when it shouldnt + [18243] nptl: sem_wait, sem_timedwait are cancellation points shm_open is + not + [18463] nptl: pthread_cond_broadcast issue when surrounded by + PTHREAD_PRIO_INHERIT mutex on ARM + [18784] network: res_query and related function crash for special record + type queries (CVE-2015-5180) + [19380] math: strtod does not raise "inexact" + [19387] string: Integer overflow in memchr + [19390] string: Integer overflow in strncat + [19398] build: linknamespace tests fail with massively parallel build + [19402] nptl: Deadlock with robust shared mutex and asynchronous + termination + [19469] malloc: M_PERTURB in test-skeleton.c invalidates malloc tests + [19473] malloc: Turn malloc_get_state etc. in compatibility symbols + [19514] libc: [PATCH] Fix spelling errors in spelling + "implement"/"implementation" in several places + [19582] network: Deprecate RES_USE_INET6 + [19673] manual: clog10 docs appear to be erroneous + [19810] dynamic-link: dlopen with both RTLD_NOLOAD and RTLD_NODELETE + causes a segmentation fault + [19826] libc: invalid pointer returned from __tls_get_addr with static + linking + [20016] network: resolv: Remove hooks support from the API + [20019] dynamic-link: NULL pointer dereference in libc.so.6 IFUNC due to + uninitialized GOT + [20033] math: [x86_64] vectorized math function don't call the __finite + versions + [20116] nptl: use after free in pthread_create + [20181] stdio: open_memstream(): writes not at end of stream corrupt data + [20292] dynamic-link: Comparison in elf/dl-open.c _dl_addr_inside_object + is always true. + [20311] nptl: please install proc_service.h + [20366] libc: Compilation errors in installed headers in strict-compliance + modes + [20370] malloc: malloc: Arena free list management is still racy + (incorrect fix in bug 19243) + [20386] libc: assert (X = 0) does not result in GCC warning + [20432] malloc: malloc: Minimize interface required for interposition + [20435] libc: Missing unwind info in __startcontext causes infinite loop + in _Unwind_Backtrace (CVE-2016-6323) + [20444] hurd: recvmsg: PF_LOCAL sockets and msg_name lead to SIGLOST + [20452] nptl: Addition of sysdep.o to libpthread.a breaks relinking + libpthread.a + [20455] math: [powerpc] fesetexceptflag fails to clear FE_INVALID + [20459] localedata: et_EE: locale has wrong {p,n}_cs_precedes value + [20477] network: resolv: incorrect double-checked locking related to + _res_hconf + [20478] libc: libc_ifunc macro and similar usages leads to false debug- + information. + [20495] math: x86_64 performance degradation due to AVX/SSE transition + penalty + [20497] localedata: lt_LT: LC_TIME d_fmt used is obsolete + [20508] dynamic-link: _dl_runtime_resolve_avx/_dl_runtime_profile_avx512 + cause transition penalty + [20517] math: sparcv9 missing fdiml compat symbol + [20524] manual: strverscmp is inconsistent + [20525] libc: <sys/quota.h> should be based on kernel headers + [20539] math: GCC 7 -static -lm fails to link at -O3 + [20554] libc: ld: bss-plt forced due to /usr/lib/libc_nonshared.a(ppc- + mcount.oS) + [20558] string: POSIX bcopy/bzero decls do not implement Object Size + Checking + [20591] network: Remove obsolete DNSSEC support + [20592] network: DNS resource record type classification macros in + <arpa/nameser.h> are incorrect + [20593] network: Update DNS RR type definitions + [20611] network: getaddrinfo accepts invalid numeric scope IDs + [20615] build: glibc build fails when using --with-cpu=power9 --enable- + multi-arch + [20629] network: libresolv: Remove support for bitstring labels + (RES_USEBSTRING) + [20647] libc: GLIBC quitting every program - glibc on Pentium-S leads to + assertion: "maxidx >= 2" + [20660] math: [arm] Use VSQRT + [20662] libc: checking whether x86_64-pc-linux-gnu-gcc implicitly enables + -fstack-protector no (32bit gcc 6.2.0 pie and ssp enable) + [20689] libc: Test for FMA should also check for AVX. + [20707] glob: gl_pathv entries not set to NULL with GLOB_DOOFFS + [20715] math: iszero macro breaks existing code + [20718] math: [powerpc] copysignl raises "invalid" for sNaN + [20728] libc: powerpc: Missing TOC stub in clone + [20729] build: glibc-2.24 fails to build for i486 with -Os + [20750] build: Build fails with default PIE enabled gcc-6.x + [20768] math: [alpha] sqrt fegetenv namespace + [20785] libc: binutils 2.28 fails to assemble power6/memset.S file in + glibc + [20787] math: float_t is defined as float incorrectly on x86_64 even if + __FLT_EVAL_METHOD__ is 2 + [20790] network: rpcgen buffer overrun in get_prog_declaration + [20822] nptl: race condition in __lll_unlock_elision on powerpc + [20829] libc: crypt snprintf namespace + [20847] libc: tst-vfork3 failure + [20855] math: Default bits/mathdef.h has inappropriate float_t + [20859] math: [sh4] FP_ILOGB0 invalid + [20864] localedata: iconv: cp936 missing single-byte euro sign (0x80, + U+20AC), not same as GBK + [20915] dynamic-link: global-dynamic TLS broken on aarch64 + [20916] math: pow handling of sNaN arguments + [20918] build: Building with --enable-nss-crypt fails tst-linkall-static. + [20919] math: Bad pow (qNaN, 0) result with -lieee + [20940] math: hypot sNaN handling + [20947] math: fmax, fmin sNaN handling + [20956] libc: debug/tst-backtrace3-6 don't work with -O3 anymore + [20964] network: sunrpc: Stack-based buffer overflow in getrpcport with + RES_USE_INET6 + [20971] string: powerpc64/power7 memchr overflows internal pointer check + [20973] nptl: robust mutexes: Lost wake-ups + [20974] locale: bs_BA: yesexpr/noexpr regexes accept any character + [20978] nis: strlen on null pointer in nss_nisplus + [20985] nptl: robust mutexes: lowlevelrobustlock assembly on x86 blocks on + wrong condition + [21014] string: i686 memchr overflows internal pointer check + [21019] libc: [mips] n32 lseek incorrect on overflow + [21022] libc: [microblaze] __backtrace get_frame_size namespace + [21026] libc: [MIPS] readahead syscall is broken on n64 + [21028] math: Fallback fesetexceptflag should always succeed + [21045] libc: [powerpc-nofpu] swapcontext does not restore signal mask + [21047] math: arm: fpu_control.h: _FPU_GETCW/_FPU_SETCW is rejected by + clang + [21053] libc: [SH] Namespace pollution from sys/ucontext.h + [21061] librt: [microblaze] librt lost clock_* exports + [21073] libc: tunables: insecure environment variables passed to + subprocesses with AT_SECURE + [21081] string: Missing vzeroupper in memset-vec-unaligned-erms.S + +Version 2.24 + +* The minimum Linux kernel version that this version of the GNU C Library + can be used with is 3.2, except on i[4567]86 and x86_64, where Linux + kernel version 2.6.32 or later suffices (on architectures that already + required kernel versions more recent than 3.2, those requirements remain + unchanged). Linux 3.2 or later kernel headers are required on all + architectures. + +* The pap_AN locale has been deleted. This has been deprecated for a long + time. It has been replaced by pap_AW & pap_CW, both of which have long + been included in previous releases. + +* The readdir_r and readdir64_r functions have been deprecated. It is + recommended to use readdir and readdir64 instead. + +* The type “union wait” has been removed. It was deprecated in the early + 1990s and never part of POSIX. Application code should use the int type + instead of “union wait”. + +* A new NSS action is added to facilitate large distributed system + administration. The action, MERGE, allows remote user stores like LDAP + to be merged into local user stores like /etc/groups in order to provide + easy to use, updated, and managed sets of merged credentials. The new + action can be used by configuring it in /etc/nsswitch.conf: + group: files [SUCCESS=merge] nis + Implemented by Stephen Gallagher (Red Hat). + +* The deprecated __malloc_initialize_hook variable has been removed from the + API. + +* The long unused localedef --old-style option has been removed. It hasn't + done anything in over 16 years. Scripts using this option can safely + drop it. + +* nextupl, nextup, nextupf, nextdownl, nextdown and nextdownf are added to + libm. They are defined by TS 18661 and IEEE754-2008. The nextup functions + return the next representable value in the direction of positive infinity + and the nextdown functions return the next representable value in the + direction of negative infinity. These are currently enabled as GNU + extensions. + +Security related changes: + +* An unnecessary stack copy in _nss_dns_getnetbyname_r was removed. It + could result in a stack overflow when getnetbyname was called with an + overly long name. (CVE-2016-3075) + +* Previously, getaddrinfo copied large amounts of address data to the stack, + even after the fix for CVE-2013-4458 has been applied, potentially + resulting in a stack overflow. getaddrinfo now uses a heap allocation + instead. Reported by Michael Petlan. (CVE-2016-3706) + +* The glob function suffered from a stack-based buffer overflow when it was + called with the GLOB_ALTDIRFUNC flag and encountered a long file name. + Reported by Alexander Cherepanov. (CVE-2016-1234) + +* The Sun RPC UDP client could exhaust all available stack space when + flooded with crafted ICMP and UDP messages. Reported by Aldy Hernandez' + alloca plugin for GCC. (CVE-2016-4429) + +* The IPv6 name server management code in libresolv could result in a memory + leak for each thread which is created, performs a failing naming lookup, + and exits. Over time, this could result in a denial of service due to + memory exhaustion. Reported by Matthias Schiffer. (CVE-2016-5417) + +The following bugs are resolved with this release: + + [1170] localedata: ne_NP: update Nepali locale definition file + [3629] manual: stpcpy description in string.texi refers to MS-DOG instead + of MS-DOS. + [6527] malloc: [powerpc] Malloc alignment insufficient for PowerPC + [6796] math: fdim() does not set errno on overflow + [10354] libc: posix_spawn should use vfork() in more cases than presently + [11213] localedata: localedata: add copyright disclaimer to locale files + [12143] localedata: chr_US: new Cherokee locale + [12450] localedata: sgs_LT: new locale + [12676] localedata: ln_CD: new locale + [13237] localedata: LC_ADDRESS.country_name: update all locales w/latest + CLDR data + [13304] math: fma, fmaf, fmal produce wrong results + [14259] build: --localedir arg to configure is ignored + [14499] nptl: Does posix_spawn invoke atfork handlers / use vfork? + [14750] libc: Race condition in posix_spawn vfork usage vs signal handlers + [14934] localedata: es_CL: wrong first weekday chilean locale + [15262] localedata: LC_MESSAGES.yesexpr/noexpr: inconsistent use of + romanisation + [15263] localedata: LC_MESSAGES.yesexpr/noexpr: inconsistent use of 1/0 + and +/- + [15264] localedata: LC_MESSAGES.yesstr/nostr: lacking in many locales + [15368] nptl: raise() is not async-signal-safe + [15479] math: ceil, floor, round and trunc raise inexact exception + [15578] localedata: kk_KZ: various updates + [16003] localedata: pap_AN: punt old locale + [16137] localedata: iw_IL: punt old locale + [16190] localedata: eo: new esperanto locale + [16374] localedata: lv_LV: change currency symbol in LC_MONETARY to euro + [16742] malloc: race condition: pthread_atfork() called before first + malloc() results in unexpected locking behaviour/deadlocks + [16975] localedata: LC_MESSAGES.yesexpr/noexpr: revisit capitalization in + all locales + [16983] localedata: postal_fmt does not allow %l and %n modifiers + [17565] localedata: pt_PT: wrong (work-)week start + [17899] math: [powerpc] floorl returns negative zero with FE_DOWNWARD + [17950] build: Build fails with -msse + [18205] localedata: be_BY*: wrong first_weekday and first_workday + [18433] libc: posix_spawn does not return correctly upon failure to + execute + [18453] localedata: charmaps/IBM875: incorrect codes + [18712] string: bits/string2.h incompatible with -O2 -Werror=packed + -Wsystem-headers + [18896] localedata: he_IL: improvements for currency + [18911] localedata: ro_RO: Correcting week day name for "Tuesday" in + Romanian locale data + [18960] locale: s390: _nl_locale_subfreeres uses larl opcode on misaligned + symbol + [19056] libc: Deprecate readdir_r + [19133] localedata: pt_*: days & months should be lowercase in Portuguese + language + [19198] localedata: nl_NL: small improvements for Dutch locales + [19257] network: Per-thread memory leak in __res_vinit with IPv6 + nameservers (CVE-2016-5417) + [19269] build: tst-audit4 and tst-audit10 failures with gcc-6 on non avx + machine + [19400] locale: Language missing in "iso-639.def", trivial fix in + description + [19431] malloc: Deadlock between fflush, getdelim, and fork + [19505] libc: Incorrect file descriptor validity checks in + posix_spawn_file_actions_add{open,close,dup2} + [19509] dynamic-link: dlsym, dlvsym do not report errors through dlerror + when using RTLD_NEXT + [19512] locale: Stale `#ifndef HAVE_BUILTIN_EXPECT' in + `intl/{gettextP,loadinfo}.h' + [19534] libc: execle, execlp may use malloc + [19568] localedata: *_CH: Swiss locales have inconsistent start of week + [19573] network: res_nclose and __res_maybe_init disagree about name + server initialization, breaking Hesiod + [19575] localedata: Status of GB18030 tables + [19581] localedata: sr_* date_fmt string contains additional newline + [19583] string: SSSE3_Fast_Copy_Backward flag needs to be enabled for AMD + Excavator core + [19592] math: [ldbl-128ibm] ceill incorrect in non-default rounding modes + [19593] math: [ldbl-128ibm] truncl incorrect in non-default rounding modes + [19594] math: [ldbl-128ibm] roundl incorrect in non-default rounding modes + [19595] math: [ldbl-128ibm] fmodl incorrect for results in subnormal + double range + [19602] math: [ldbl-128ibm] fmodl handling of equal arguments with low + part zero incorrect + [19603] math: [ldbl-128ibm] remainderl, remquol incorrect sign handling in + equality tests + [19610] dynamic-link: ldconfig -X removes stale symbolic links + [19613] libc: s390x (64 bit) macro expansion WCOREDUMP and others + [19633] locale: strfmon_l applies global locale to number formatting + [19642] network: Memory leak in getnameinfo + [19648] libc: test-skeleton.c: Do not set RLIMIT_DATA + [19653] libc: Potential for NULL pointer dereference (CWE-476) in + glibc-2.22 + [19654] math: [x86_64] Need testcase for BZ #19590 fix + [19671] localedata: Missing Sanity Check for malloc() in 'tst-fmon.c' & + 'tst-numeric.c' + [19674] math: [ldbl-128ibm] powl incorrect overflow handling + [19677] math: [ldbl-128ibm] remainderl equality test incorrect for zero + low part + [19678] math: [ldbl-128ibm] nextafterl, nexttowardl incorrect sign of zero + result + [19679] dynamic-link: gcc-4.9.3 C++ exception handling broken due to + unaligned stack + [19726] locale: Converting UCS4LE to INTERNAL with iconv() does not update + pointers and lengths in error-case. + [19727] locale: Converting from/to UTF-xx with iconv() does not always + report errors on UTF-16 surrogates values. + [19755] nscd: nscd assertion failure in gc + [19758] dynamic-link: Typo in EXTRA_LD_ENVVARS for x86-64 + [19759] libc: mempcpy shouldn't be inlined + [19762] dynamic-link: HAS_CPU_FEATURE/HAS_ARCH_FEATURE are easy to misuse + [19765] libc: s390 needs an optimized mempcpy + [19779] glob: glob: buffer overflow with GLOB_ALTDIRFUNC due to incorrect + NAME_MAX limit assumption (CVE-2016-1234) + [19783] build: benchtests don't support --enable-hardcoded-path-in-tests + [19787] network: Missing and incorrect truncation checks in getnameinfo + [19790] math: [ldbl-128ibm] nearbyintl incorrect in non-default rounding + modes + [19791] network: Assertion failure in res_query.c with un-connectable name + server addresses + [19792] libc: MIPS: backtrace yields infinite backtrace with makecontext + [19822] math: libm.so install clobbers old version + [19825] network: resolv: send_vc can return uninitialized data in second + response to getaddrinfo + [19830] network: nss_dns: should check RDATA length against buffer length + [19831] network: nss_dns: getaddrinfo returns uninitialized data when + confronted with A/AAAA records of invalid size + [19837] nss: nss_db: No retries for some long lines with a larger buffer + [19848] math: powl(10,n) for n=-4,-5,-6,-7 is off by more than 1 ULP + [19853] stdio: Printing IBM long double in decimal with high precision is + sometimes incorrect + [19860] build: x86_64: compile errors for tst-audit10 and tst-auditmod10b + [19861] nptl: libpthread IFUNC resolver for fork can lead to crash + [19862] network: resolv, nss_dns: Remove remaining logging of unexpected + record types + [19865] network: Assertion failure or memory leak in + _nss_dns_getcanonname_r + [19868] network: nss_dns: netent code does not skip over non-PTR records + [19879] network: nss_dns: Stack overflow in getnetbyname implementation + (CVE-2016-3075) + [19881] string: Improve x86-64 memset + [19907] string: Incorrect memcpy tests + [19916] dynamic-link: S390: fprs/vrs are not saved/restored while + resolving symbols + [19925] libc: termios.h XCASE namespace + [19928] string: memmove-vec-unaligned-erms.S is slow with large data size + [19929] libc: limits.h NL_NMAX namespace + [19931] stdio: Memory leak in vfprintf + [19957] libc: clone(CLONE_VM) access invalid parent memory + [19963] localedata: en_IL: New locale + [19989] stdio: stdio.h cuserid namespace + [19994] network: getaddrinfo does not restore RES_USE_INET6 flag in + gethosts + [19996] locale: langinfo.h nl_langinfo_l namespace + [20005] stdio: fflush on a file opened with fmemopen resets position to 0 + [20010] network: getaddrinfo: Stack overflow in hostent translation + (CVE-2016-3706) + [20012] stdio: libio: fmemopen append mode failure + [20014] stdio: stdio.h namespace for pre-threads POSIX + [20017] network: resolv: Use gmtime_r instead of gmtime in p_secstodate + [20023] libc: fcntl.h timespec namespace + [20024] math: [x86_64] vectorized sincos trashes the stack + [20031] network: nss_hesiod: Heap overflow in get_txt_records + [20041] time: sys/time.h timespec namespace + [20043] libc: unistd.h missing cuserid for UNIX98 and before + [20044] libc: unistd.h missing pthread_atfork for UNIX98 + [20051] libc: ttyslot in wrong header under wrong conditions + [20054] libc: gethostname not declared for XPG4 + [20055] libc: termios.h missing tcgetsid for XPG4 + [20072] dynamic-link: x86 init_cpu_features is called twice in static + executable + [20073] libc: sys/stat.h fchmod namespace + [20074] libc: stdlib.h rand_r namespace + [20076] libc: sys/stat.h missing S_IFSOCK, S_ISSOCK for XPG4 + [20094] libc: stdlib.h should not declare grantpt, ptsname, unlockpt for + XPG3 + [20111] libc: struct sockaddr_storage cannot be aggregate-copied + [20112] network: sunrpc: stack (frame) overflow in Sun RPC clntudp_call + (CVE-2016-4429) + [20115] string: Extra alignment in memset-vec-unaligned-erms.S + [20119] libc: Wrong mask for processors level type from CPUID + [20139] dynamic-link: Upper part of zmm is zeroed if Glibc is built with + AS not supporting AVX512 + [20151] math: [ldbl-128/ldbl-128ibm] j0l, j1l, y0l, y1l return sNaN for + sNaN argument + [20153] math: [ldbl-128ibm] sqrtl (sNaN) returns sNaN + [20156] math: [ldbl-128ibm] ceill, rintl etc. return sNaN for sNaN + argument + [20157] math: [powerpc] fabsl (sNaN) wrongly raises "invalid" + [20160] math: [powerpc] ceil, rint etc. return sNaN for sNaN input + [20178] libc: posix_spawn{p} should not call exit + [20191] stdio: libio: vtables hardening + [20195] string: FMA4 detection requires CPUID execution with register + eax=0x80000001 + [20198] libc: quick_exit incorrectly destroys C++11 thread objects. + [20205] math: [i386/x86_64] nextafterl incorrect incrementing negative + subnormals + [20212] math: acos (sNaN) returns sNaN + [20213] math: asin (sNaN) returns sNaN + [20214] network: Linux header sync with linux/in6.h and ipv6.h again. + [20218] math: [i386] asinhl (sNaN) returns sNaN + [20219] math: [i386] atanhl (sNaN) returns sNaN + [20222] stdio: fopencookie: Mangle function pointers + [20224] math: [i386] cbrtl (sNaN) returns sNaN + [20225] math: ldexp, scalbn, scalbln return sNaN for sNaN input + [20226] math: [i386/x86_64] expl, exp10l, expm1l return sNaN for sNaN + input + [20227] math: [i386/x86_64] logl (sNaN) returns sNaN + [20228] math: [i386/x86_64] log10l (sNaN) returns sNaN + [20229] math: [i386/x86_64] log1pl (sNaN) returns sNaN + [20232] math: [ldbl-128] expm1l (sNaN) returns sNaN + [20233] math: [ldbl-128ibm] expm1l (sNaN) returns sNaN + [20234] math: [ldbl-128ibm] log1pl (sNaN) returns sNaN + [20235] math: [i386/x86_64] log2l (sNaN) returns sNaN + [20237] nss: nss_db: get*ent segfaults without preceding set*ent + [20240] math: modf (sNaN) returns sNaN + [20248] libc: debug/tst-longjump_chk2 calls printf from a signal handler + [20250] math: frexp (sNaN) returns sNaN + [20252] math: atan2 (sNaN, qNaN) fails to raise "invalid" + [20255] math: [i386] fdim, fdimf return with excess range and precision / + double rounding + [20256] math: [i386/x86_64] fdiml returns sNaN for sNaN input + [20260] string: ../sysdeps/x86/bits/string.h:1092:3: error: array + subscript is below array bounds [-Werror=array-bounds] + [20262] nis: _nss_nis_initgroups_dyn always returns NSS_STATUS_NOTFOUND + [20263] nptl: robust mutex deadlocks if other thread requests timedlock + (Only arm/linux) + [20277] libc: $dp is not initialized correctly in sysdeps/hppa/start.S + [20284] malloc: malloc: Corrupt arena avoidance causes unnecessary mmap + fallbacks + [20296] math: [i386/x86_64] scalbl returns sNaN for sNaN input, missing + "invalid" exceptions + [20314] nptl: make[4]: *** [/usr/include/stdlib.h] Error 1 + [20316] localedata: id_ID: Februari instead of Pebruari + [20327] string: POWER8 strcasecmp returns incorrect result + [20347] math: Failure: Test: j0_downward (0xap+0) + [20348] libc: FAIL: misc/tst-preadvwritev64 + [20349] libc: 64-bit value is passed differently in p{readv,writev}{64} + [20350] libc: There is no test for p{read,write}64 + [20357] math: Incorrect cos result for 1.5174239687223976 + [20384] build: Don't run libmvec-sincos-avx* tests on non avx machines + Version 2.23 * Unicode 8.0.0 Support: Character encoding, character type info, and @@ -38,7 +2124,7 @@ Version 2.23 unnecessary serialization of memory allocation requests across threads. The defect is now corrected. Users should see a substantial increase in the concurent throughput of allocation requests for applications which - trigger this bug. Affected applications typically create create and + trigger this bug. Affected applications typically create and destroy threads frequently. (Bug 19048 was reported and analyzed by Ericsson.) @@ -3065,7 +5151,7 @@ Version 1.04 ---------------------------------------------------------------------- Copyright information: -Copyright (C) 1992-2016 Free Software Foundation, Inc. +Copyright (C) 1992-2018 Free Software Foundation, Inc. Permission is granted to anyone to make or distribute verbatim copies of this document as received, in any medium, provided that the |