diff options
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 182 |
1 files changed, 180 insertions, 2 deletions
@@ -242,8 +242,186 @@ Security related changes: The following bugs are resolved with this release: - [The release manager will add the list generated by - scripts/list-fixed-bugs.py just before the release.] + [1190] stdio: fgetc()/fread() behaviour is not POSIX compliant + [6889] manual: 'PWD' mentioned but not specified + [13575] libc: SSIZE_MAX defined as LONG_MAX is inconsistent with ssize_t, + when __WORDSIZE != 64 + [13762] regex: re_search etc. should return -2 on memory exhaustion + [13888] build: /tmp usage during testing + [13932] math: dbl-64 pow unexpectedly slow for some inputs + [14092] nptl: Support C11 threads + [14095] localedata: Review / update collation data from Unicode / ISO + 14651 + [14508] libc: -Wformat warnings + [14553] libc: Namespace pollution loff_t in sys/types.h + [14890] libc: Make NT_PRFPREG canonical. + [15105] libc: Extra PLT references with -Os + [15512] libc: __bswap_constant_16 not compiled when -Werror -Wsign- + conversion is given + [16335] manual: Feature test macro documentation incomplete and out of + date + [16552] libc: Unify umount implementations in terms of umount2 + [17082] libc: htons et al.: statement-expressions prevent use on global + scope with -O1 and higher + [17343] libc: Signed integer overflow in /stdlib/random_r.c + [17438] localedata: pt_BR: wrong d_fmt delimiter + [17662] libc: please implement binding for the new renameat2 syscall + [17721] libc: __restrict defined as /* Ignore */ even in c11 + [17979] libc: inconsistency between uchar.h and stdint.h + [18018] dynamic-link: Additional $ORIGIN handling issues (CVE-2011-0536) + [18023] libc: extend_alloca is broken (questionable pointer comparison, + horrible machine code) + [18124] libc: hppa: setcontext erroneously returns -1 as exit code for + last constant. + [18471] libc: llseek should be a compat symbol + [18473] soft-fp: [powerpc-nofpu] __sqrtsf2, __sqrtdf2 should be compat + symbols + [18991] nss: nss_files skips large entry in database + [19239] libc: Including stdlib.h ends up with macros major and minor being + defined + [19463] libc: linknamespace failures when compiled with -Os + [19485] localedata: csb_PL: Update month translations + add yesstr/nostr + [19527] locale: Normalized charset name not recognized by setlocale + [19667] string: Missing Sanity Check for malloc calls in file 'testcopy.c' + [19668] libc: Missing Sanity Check for malloc() in file 'tst-setcontext- + fpscr.c' + [19728] network: out of bounds stack read in libidn function + idna_to_ascii_4i (CVE-2016-6261) + [19729] network: out of bounds heap read on invalid utf-8 inputs in + stringprep_utf8_nfkc_normalize (CVE-2016-6263) + [19818] dynamic-link: Absolute (SHN_ABS) symbols incorrectly relocated by + the base address + [20079] libc: Add SHT_X86_64_UNWIND to elf.h + [20251] libc: 32bit programs pass garbage in struct flock for OFD locks + [20419] dynamic-link: files with large allocated notes crash in + open_verify + [20530] libc: bswap_16 should use __builtin_bswap16() when available + [20890] dynamic-link: ldconfig: fsync the files before atomic rename + [20980] manual: CFLAGS environment variable replaces vital options + [21163] regex: Assertion failure in pop_fail_stack when executing a + malformed regexp (CVE-2015-8985) + [21234] manual: use of CFLAGS makes glibc detect no optimization + [21269] dynamic-link: i386 sigaction sa_restorer handling is wrong + [21313] build: Compile Error GCC 5.4.0 MIPS with -0S + [21314] build: Compile Error GCC 5.2.0 MIPS with -0s + [21508] locale: intl/tst-gettext failure with latest msgfmt + [21547] localedata: Tibetan script collation broken (Dzongkha and Tibetan) + [21812] network: getifaddrs() returns entries with ifa_name == NULL + [21895] libc: ppc64 setjmp/longjmp not fully interoperable with static + dlopen + [21942] dynamic-link: _dl_dst_substitute incorrectly handles $ORIGIN: with + AT_SECURE=1 + [22241] localedata: New locale: Yakut (Sakha) locale for Russia (sah_RU) + [22247] network: Integer overflow in the decode_digit function in + puny_decode.c in libidn (CVE-2017-14062) + [22342] nscd: NSCD not properly caching netgroup + [22391] nptl: Signal function clear NPTL internal symbols inconsistently + [22550] localedata: es_ES locale (and other es_* locales): collation + should treat ñ as a primary different character, sync the collation + for Spanish with CLDR + [22638] dynamic-link: sparc: static binaries are broken if glibc is built + by gcc configured with --enable-default-pie + [22639] time: year 2039 bug for localtime etc. on 64-bit platforms + [22644] string: memmove-sse2-unaligned on 32bit x86 produces garbage when + crossing 2GB threshold (CVE-2017-18269) + [22646] localedata: redundant data (LC_TIME) for es_CL, es_CU, es_EC and + es_BO + [22735] time: Misleading typo in time.h source comment regarding + CLOCKS_PER_SECOND + [22753] libc: preadv2/pwritev2 fallback code should handle offset=-1 + [22761] libc: No trailing `%n' conversion specifier in FMT passed from + `__assert_perror_fail ()' to `__assert_fail_base ()' + [22766] libc: all glibc internal dlopen should use RTLD_NOW for robust + dlopen failures + [22786] libc: Stack buffer overflow in realpath() if input size is close + to SSIZE_MAX (CVE-2018-11236) + [22787] dynamic-link: _dl_check_caller returns false when libc is linked + through an absolute DT_NEEDED path + [22792] build: tcb-offsets.h dependency dropped + [22797] libc: pkey_get() uses non-reserved name of argument + [22807] libc: PTRACE_* constants missing for powerpc + [22818] glob: posix/tst-glob_lstat_compat failure on alpha + [22827] dynamic-link: RISC-V ELF64 parser mis-reads flag in ldconfig + [22830] malloc: malloc_stats doesn't restore cancellation state on stderr + [22848] localedata: ca_ES: update date definitions from CLDR + [22862] build: _DEFAULT_SOURCE is defined even when _ISOC11_SOURCE is + [22884] math: RISCV fmax/fmin handle signalling NANs incorrectly + [22896] localedata: Update locale data for an_ES + [22902] math: float128 test failures with GCC 8 + [22918] libc: multiple common of `__nss_shadow_database' + [22919] libc: sparc32: backtrace yields infinite backtrace with + makecontext + [22926] libc: FTBFS on powerpcspe + [22932] localedata: lt_LT: Update of abbreviated month names from CLDR + required + [22937] localedata: Greek (el_GR, el_CY) locales actually need ab_alt_mon + [22947] libc: FAIL: misc/tst-preadvwritev2 + [22963] localedata: cs_CZ: Add alternative month names + [22987] math: [powerpc/sparc] fdim inlines errno, exceptions handling + [22996] localedata: change LC_PAPER to en_US in es_BO locale + [22998] dynamic-link: execstack tests are disabled when SELinux is + disabled + [23005] network: Crash in __res_context_send after memory allocation + failure + [23007] math: strtod cannot handle -nan + [23024] nss: getlogin_r is performing NSS lookups when loginid isn't set + [23036] regex: regex equivalence class regression + [23037] libc: initialize msg_flags to zero for sendmmsg() calls + [23069] libc: sigaction broken on riscv64-linux-gnu + [23094] localedata: hr_HR: wrong thousands_sep and mon_thousands_sep + [23102] dynamic-link: Incorrect parsing of multiple consecutive $variable + patterns in runpath entries (e.g. $ORIGIN$ORIGIN) + [23137] nptl: s390: pthread_join sometimes block indefinitely (on 31bit + and libc build with -Os) + [23140] localedata: More languages need two forms of month names + [23145] libc: _init/_fini aren't marked as hidden + [23152] localedata: gd_GB: Fix typo in "May" (abbreviated) + [23171] math: C++ iseqsig for long double converts arguments to double + [23178] nscd: sudo will fail when it is run in concurrent with commands + that changes /etc/passwd + [23196] string: __mempcpy_avx512_no_vzeroupper mishandles large copies + (CVE-2018-11237) + [23206] dynamic-link: static-pie + dlopen breaks debugger interaction + [23208] localedata: New locale - Lower Sorbian (dsb) + [23233] regex: Memory leak in build_charclass_op function in file + posix/regcomp.c + [23236] stdio: Harden function pointers in _IO_str_fields + [23250] nptl: Offset of __private_ss differs from GCC + [23253] math: tgamma test suite failures on i686 with -march=x86-64 + -mtune=generic -mfpmath=sse + [23259] dynamic-link: Unsubstituted ${ORIGIN} remains in DT_NEEDED for + AT_SECURE + [23264] libc: posix_spawnp wrongly executes ENOEXEC in non compat mode + [23266] nis: stringop-truncation warning with new gcc8.1 in nisplus- + parser.c + [23272] math: fma(INFINITY,INFIITY,0.0) should be INFINITY + [23277] math: nan function should not have const attribute + [23279] math: scanf and strtod wrong for some hex floating-point + [23280] math: wscanf rounds wrong; wcstod is ok for negative numbers and + directed rounding + [23290] localedata: IBM273 is not equivalent to ISO-8859-1 + [23303] build: undefined reference to symbol + '__parse_hwcap_and_convert_at_platform@@GLIBC_2.23' + [23307] dynamic-link: Absolute symbols whose value is zero ignored in + lookup + [23313] stdio: libio vtables validation and standard file object + interposition + [23329] libc: The __libc_freeres infrastructure is not properly run across + DSO boundaries. + [23349] libc: Various glibc headers no longer compatible with + <linux/time.h> + [23351] malloc: Remove unused code related to heap dumps and malloc + checking + [23363] stdio: stdio-common/tst-printf.c has non-free license + [23396] regex: Regex equivalence regression in single-byte locales + [23422] localedata: oc_FR: More updates of locale data + [23442] build: New warning with GCC 8 + [23448] libc: Out of bounds access in IBM-1390 converter + [23456] libc: Wrong index_cpu_LZCNT + [23458] build: tst-get-cpu-features-static isn't added to tests + [23459] libc: COMMON_CPUID_INDEX_80000001 isn't populated for Intel + processors + [23467] dynamic-link: x86/CET: A property note parser bug Version 2.27 |