tag name | glibc-2.33 (7aad12533cb54a38d4dcd165991f1afc88ba4a20) |
tag date | 2021-02-01 14:16:00 -0300 |
tagged by | Adhemerval Zanella <adhemerval.zanella@linaro.org> |
tagged object | commit 9826b03b74... |
download | glibc-2.33.tar.gz glibc-2.33.tar.bz2 glibc-2.33.zip |
---|
The GNU C Library
=================
The GNU C Library version 2.33 is now available.
The GNU C Library is used as *the* C library in the GNU system and
in GNU/Linux systems, as well as many other systems that use Linux
as the kernel.
The GNU C Library is primarily designed to be a portable
and high performance C library. It follows all relevant
standards including ISO C11 and POSIX.1-2017. It is also
internationalized and has one of the most complete
internationalization interfaces known.
The GNU C Library webpage is at http://www.gnu.org/software/libc/
Packages for the 2.32 release may be downloaded from:
http://ftpmirror.gnu.org/libc/
http://ftp.gnu.org/gnu/libc/
The mirror list is at http://www.gnu.org/order/ftp.html
NEWS for version 2.33
=====================
Major new features:
* The dynamic linker accepts the --list-tunables argument which prints
all the supported tunables. This option is disable if glibc is
configured with tunables disabled (--enable-tunables=no).
* The dynamic linker accepts the --argv0 argument and provides opportunity
to change argv[0] string.
* The dynamic linker loads optimized implementations of shared objects
from subdirectories under the glibc-hwcaps directory on the library
search path if the system's capabilities meet the requirements for
that subdirectory. Initially supported subdirectories include
"power9" and "power10" for the powerpc64le-linux-gnu architecture,
"z13", "z14", "z15" for s390x-linux-gnu, and "x86-64-v2", "x86-64-v3",
"x86-64-v4" for x86_64-linux-gnu. In the x86_64-linux-gnu case, the
subdirectory names correspond to the vendor-independent x86-64
microarchitecture levels defined in the x86-64 psABI supplement.
* The new --help option of the dynamic linker provides usage and
information and library search path diagnostics.
* The mallinfo2 function is added to report statistics as per mallinfo,
but with larger field widths to accurately report values that are
larger than fit in an integer.
* Add <sys/platform/x86.h> to provide query macros for x86 CPU features.
* Support for the RISC-V ISA running on Linux has been expanded to run on
32-bit hardware. This is supported for the following ISA and ABI pairs:
- rv32imac ilp32
- rv32imafdc ilp32
- rv32imafdc ilp32d
The 32-bit RISC-V port requires at least Linux 5.4, GCC 7.1 and binutils
2.28.
* A new fortification level _FORTIFY_SOURCE=3 is available. At this level,
glibc may use additional checks that may have an additional performance
overhead. At present these checks are available only on LLVM 9 and later.
The latest GCC available at this time (10.2) does not support this level of
fortification.
Deprecated and removed features, and other changes affecting compatibility:
* The mallinfo function is marked deprecated. Callers should call
mallinfo2 instead.
* When dlopen is used in statically linked programs, alternative library
implementations from HWCAP subdirectories are no longer loaded.
Instead, the default implementation is used.
* The deprecated <sys/vtimes.h> header and the function vtimes have been
removed. To support old binaries, the vtimes function continues to exist
as a compatibility symbol. Applications should use the getrlimit or
prlimit.
* Following a change in the tzdata 2018a release upstream, the zdump
program is now installed in the /usr/bin subdirectory. Previously,
the /usr/sbin subdirectory was used.
* On s390(x), the type float_t is now derived from the macro
__FLT_EVAL_METHOD__ that is defined by the compiler, instead of being
hardcoded to double. This does not affect the ABI of any libraries
that are part of the GNU C Library, but may affect the ABI of other
libraries that use this type in their interfaces. The new definition
improves consistency with compiler behavior in many scenarios.
* A future version of glibc will stop loading shared objects from the
"tls" subdirectories on the library search path, the subdirectory that
corresponds to the AT_PLATFORM system name, and also stop employing
the legacy AT_HWCAP search mechanism. Applications should switch to
the new glibc-hwcaps mechanism instead; if they do not do that, only
the baseline version (directly from the search path directory) will be
loaded.
Changes to build and runtime requirements:
* On Linux, the system administrator needs to configure /dev/pts with
the intended access modes for pseudo-terminals. glibc no longer
attemps to adjust permissions of terminal devices. The previous glibc
defaults ("tty" group, user read/write and group write) already
corresponded to what most systems used, so that grantpt did not
perform any adjustments.
* On Linux, the posix_openpt and getpt functions no longer attempt to
use legacy (BSD) pseudo-terminals and assume that if /dev/ptmx exists
(and pseudo-terminals are supported), a devpts file system is mounted
on /dev/pts. Current systems already meet these requirements.
* s390x requires GCC 7.1 or newer. See gcc Bug 98269.
Security related changes:
CVE-2021-3326: An assertion failure during conversion from the
ISO-20220-JP-3 character set using the iconv function has been fixed.
This assertion was triggered by certain valid inputs in which the
converted output contains a combined sequence of two wide characters
crossing a buffer boundary. Reported by Tavis Ormandy.
CVE-2020-27618: An infinite loop has been fixed in the iconv program when
invoked with input containing redundant shift sequences in the IBM1364,
IBM1371, IBM1388, IBM1390, or IBM1399 character sets.
CVE-2020-29562: An assertion failure has been fixed in the iconv function
when invoked with UCS4 input containing an invalid character.
CVE-2019-25013: A buffer overflow has been fixed in the iconv function when
invoked with EUC-KR input containing invalid multibyte input sequences.
The following bugs are resolved with this release:
[10635] libc: realpath portability patches
[16124] dynamic-link: ld.so should allow to change argv[0]
[17924] malloc: 'free' should not set errno
[18683] libc: Linux faccessat implementation can incorrectly ignore
AT_EACCESS
[22899] libc: Use 64-bit readdir() in generic POSIX getcwd()
[23249] libc: Epyc and other current AMD CPUs do not select the
"haswell" platform subdirectory
[24080] dynamic-link: Definition of "haswell" platform is inconsistent
with GCC
[24202] libc: m68k setjmp() saves incorrect 'a5' register in --enable-
stack-protector=all
[24941] libc: Make grantpt usable after multi-threaded fork in more
cases
[24970] libc: realpath mishandles EOVERFLOW; stat not needed anyway
[24973] locale: iconv encounters segmentation fault when converting
0x00 0xfe in EUC-KR to UTF-8 (CVE-2019-25013)
[25399] string: undefined reference to `__warn_memset_zero_len' when
changing gnuc version
[25859] libc: glibc parser for /sys/devices/system/cpu/online is
incorrect
[25938] dynamic-link: ld.so.cache should store meaning of hwcap mask
bits
[25971] libc: s390 bits/hwcap.h out of sync with kernel
[26053] libc: unlockpt fails with ENOTTY for non-ptmx descriptors
[26100] libc: Race in syslog(3) with regards to tag printing.
[26124] libc: Export <cpu-features.h>
[26130] nscd: Inconsistent nscd cache during pruning
[26203] libc: GLRO(dl_x86_cpu_features) may not be intialized
[26224] locale: iconv hangs when converting some invalid inputs from
several IBM character sets (CVE-2020-27618)
[26341] libc: realpath cyclically call __alloca(path_max) to consume
too much stack space
[26343] manual: invalid documented return type for strerrorname_np(),
strerrordesc_np(), sigdescr_np(), sigabbrev_np()
[26376] libc: Namespace violation in stdio.h and sys/stat.h if build
with optimization.
[26383] locale: bind_textdomain_codeset doesn't accept //TRANSLIT
anymore
[26394] time: [2.33 Regression] FAIL: nptl/tst-join14
[26534] math: libm.so 2.32 SIGILL in pow() due to FMA4 instruction on
non-FMA4 system
[26552] dynamic-link: CPU_FEATURE_USABLE_P should be more conservative
[26553] libc: mtx_init allows type set to "mtx_recursive" only
[26555] string: strerrorname_np does not return the documented value
[26592] libc: pointer arithmetic overflows in realpath
[26600] network: Transaction ID collisions cause slow DNS lookups in
getaddrinfo
[26606] libc: [2.33 Regression] pselect is broken on x32
[26615] libc: powerpc: libc segfaults when LD_PRELOADed with libgcc
[26620] glob: fnmatch with collating symbols results in segmentation
fault
[26625] libc: [2.33 Regression] CET is disabled
[26636] libc: 32-bit shmctl(IPC_INFO) crashes when shminfo struct is
at the end of a memory mapping
[26637] libc: semctl SEM_STAT_ANY fails to pass the buffer specified
by the caller to the kernel
[26639] libc: msgctl IPC_INFO and MSG_INFO return garbage
[26647] build: [-Werror=array-parameter=] due to different
declarations for __sigsetjmp
[26648] libc: mkstemp is likely to fail on systems with non-stricly-
monotonic clocks
[26649] stdio: printf should handle non-normal x86 long double numbers
gracefully (CVE-2020-29573)
[26686] build: -Warray-parameter instances building with GCC 11
[26687] build: -Warray-bounds instances building with GCC 11
[26690] stdio: Aliasing violation in __vfscanf_internal
[26691] nptl: Use a minimum guard size of 64 KiB on aarch64
[26726] build: GCC warning calling new_composite_name with an array of
one element
[26736] libc: FAIL: misc/tst-sysvshm-linux
[26737] libc: Random FAIL: rt/tst-shm
[26791] libc: Missing O_CLOEXEC in sysconf.c
[26798] dynamic-link: aarch64: variant PCS symbols may be incorrectly
lazy bound
[26801] nptl: pthread_mutex_clocklock with CLOCK_MONOTONIC can fail on
PI mutexes
[26818] string: aarch64: string tests may run ifunc variants that are
not safe
[26821] libc: Memory leak test failures on Fedora 33
[26824] libc: FAIL: elf/tst-cpu-features-supports with recent trunk:
FSGSBASE/LM/RDRAND check failure
[26833] time: adjtime() with delta == NULL segfaults on armv7 32bit
platform
[26853] libc: aarch64: Missing unwind information in statically linked
startup code
[26923] locale: Assertion failure in iconv when converting invalid
UCS4 (CVE-2020-29562)
[26926] dynamic-link: aarch64: library dependencies are not bti
protected
[26932] libc: sh: Multiple floating point functions defined as stubs
only since 2.31
[26964] nptl: pthread_mutex_timedlock returning EAGAIN after futex is
locked
[26988] dynamic-link: aarch64: BTI mprotect address is not page
aligned
[27002] build: libc_freeres_fn build failure with GCC 11
[27004] dynamic-link: ld.so is miscompiled by GCC 11
[27008] dynamic-link: ld.so.cache should have endianness markup
[27042] libc: [alpha] anonymous union in struct stat confuses
detection logic
[27053] libc: Conformance regression in system(3) (and probably also
pclose(3))
[27072] dynamic-link: static pie ifunc resolvers run before hwcap is
setup
[27077] network: Do not reload /etc/nsswitch.conf from chroot
[27083] libc: Unsafe unbounded alloca in addmntent
[27104] dynamic-link: The COMMON_CPUID_INDEX_MAX handshake does not
work
[27130] string: "rep movsb" performance issue
[27150] libc: alpha: wait4() is unavailable in static linking
[27177] dynamic-link:
GLIBC_TUNABLES=glibc.cpu.x86_ibt=on:glibc.cpu.x86_shstk=on doesn't
work
[27222] dynamic-link: Incorrect sysdeps/x86/tst-cpu-features-cpuinfo.c
[27237] malloc: deadlock in malloc/tst-malloc-stats-cancellation
[27256] locale: Assertion failure in ISO-2022-JP-3 gconv module
related to combining characters (CVE-2021-3326)
Release Notes
=============
https://sourceware.org/glibc/wiki/Release/2.33
Contributors
============
This release was made possible by the contributions of many people.
The maintainers are grateful to everyone who has contributed
changes or bug reports. These include:
Adhemerval Zanella
Alexandra Hájková
Alistair Francis
Andreas Schwab
Anssi Hannula
Arjun Shankar
Benno Schulenberg
Carlos O'Donell
Chen Li
Cooper Qu
Corinna Vinschen
DJ Delorie
Dmitry V. Levin
Fangrui Song
Florian Weimer
Guillaume Gardet
H.J. Lu
Jakub Jelinek
Jangwoong Kim
Jeremie Koenig
Jim Wilson
John David Anglin
John McCabe
Jonathan Wakely
Jonny Grant
Joseph Myers
Lode Willems
Lucas A. M. Magalhaes
Lukasz Majewski
Maciej W. Rozycki
Mao Han
Marc Aurèle La France
Marius Hillenbrand
Mark Wielaard
Martin Liska
Martin Sebor
Matheus Castanho
Matt Turner
Maximilian Krüger
Michael Colavita
Ondřej Hošek
Patrick McGehearty
Patsy Griffin
Paul E. Murphy
Paul Eggert
Paul Zimmermann
Prasanth R
Raoni Fassina Firmino
Raphael M Zinsly
Raphael Moreira Zinsly
Richard Braun
Richard Earnshaw
Rolf Eike Beer
Sajan Karumanchi
Samuel Thibault
Sergei Trofimovich
Shuo Wang
Siddhesh Poyarekar
Stafford Horne
Stefan Liebler
Szabolcs Nagy
Thorsten Kukuk
Tulio Magno Quites Machado Filho
Vincent Chen
Vincent Mihalkovic
Vineet Gupta
W. Hashimoto
Wilco Dijkstra
Xiaoming Ni
Zong Li
liqingqing
Érico Rolim
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEUMEGt8/rO2QSpplaqrHsFKeUiO8FAmAYN2YACgkQqrHsFKeU
iO9M2w//XRWm7PkWQa5kbcx11cNxjRbQU7fhSkpA67Vjfsr83Tzh2v8J/deITNtL
IaL73ApWr5xenpgCru79CbQmuJTrDgi/zs6PX1xdM5VHKzg4rp4JB8iJ8mJn+cmY
TBl7FPmfcmXnUkxSVO+N3MjnebqDiVFKHBhMEv2BA0orPCBTJG5nbLLxb2YRBtpb
b+45JRBdqw+XZfphN8hemBMwzgqEgkvEij82Dp/lm8H6ZnG7q9zEFn7ev+IhdKi4
d5w8rSVQpX3ddzLwgWY+cYEGa0N93F38njLh64nEfELiySzc0O5ssjzmvKJj8rx1
F2nPED6u4bLW7sLKT0HEwFN7ZODBKkO4QEoOwfBurb26m2/5tKKO4Mjhyd5iqZQb
hGrTAE2yl6nhcmjP8d+oyuk9Nf8IicX2ttSgHF1eTksV6zb2kQMFxux0VVfcpkNB
Y9Kg97ssPqFhiE/Qms/eNFQy3BPAE8b1E/4Wj6iW0/7CjLBehlhBM8HvY4wbJIjr
uFHEqOOBOIs19mc/q/uFqi4xqI77fsccpZMYlrKsJ4gAqhJSrINV6A/hQLjaDmph
oS/I6ZKvQ4IF2tQki/VOtKni7XsWhpJeIWvnDpeB8T3PfTwDqCwhu92SyBantx2P
MugwXGODvPL0AWcKU+obgZYdX0sSsqpzx5cv2eflFzjs6G//Ek4=
=B2XP
-----END PGP SIGNATURE-----