summaryrefslogtreecommitdiff
tag nameglibc-2.33 (7aad12533cb54a38d4dcd165991f1afc88ba4a20)
tag date2021-02-01 14:16:00 -0300
tagged byAdhemerval Zanella <adhemerval.zanella@linaro.org>
tagged objectcommit 9826b03b74...
downloadglibc-2.33.tar.gz
glibc-2.33.tar.bz2
glibc-2.33.zip
The GNU C Library
================= The GNU C Library version 2.33 is now available. The GNU C Library is used as *the* C library in the GNU system and in GNU/Linux systems, as well as many other systems that use Linux as the kernel. The GNU C Library is primarily designed to be a portable and high performance C library. It follows all relevant standards including ISO C11 and POSIX.1-2017. It is also internationalized and has one of the most complete internationalization interfaces known. The GNU C Library webpage is at http://www.gnu.org/software/libc/ Packages for the 2.32 release may be downloaded from: http://ftpmirror.gnu.org/libc/ http://ftp.gnu.org/gnu/libc/ The mirror list is at http://www.gnu.org/order/ftp.html NEWS for version 2.33 ===================== Major new features: * The dynamic linker accepts the --list-tunables argument which prints all the supported tunables. This option is disable if glibc is configured with tunables disabled (--enable-tunables=no). * The dynamic linker accepts the --argv0 argument and provides opportunity to change argv[0] string. * The dynamic linker loads optimized implementations of shared objects from subdirectories under the glibc-hwcaps directory on the library search path if the system's capabilities meet the requirements for that subdirectory. Initially supported subdirectories include "power9" and "power10" for the powerpc64le-linux-gnu architecture, "z13", "z14", "z15" for s390x-linux-gnu, and "x86-64-v2", "x86-64-v3", "x86-64-v4" for x86_64-linux-gnu. In the x86_64-linux-gnu case, the subdirectory names correspond to the vendor-independent x86-64 microarchitecture levels defined in the x86-64 psABI supplement. * The new --help option of the dynamic linker provides usage and information and library search path diagnostics. * The mallinfo2 function is added to report statistics as per mallinfo, but with larger field widths to accurately report values that are larger than fit in an integer. * Add <sys/platform/x86.h> to provide query macros for x86 CPU features. * Support for the RISC-V ISA running on Linux has been expanded to run on 32-bit hardware. This is supported for the following ISA and ABI pairs: - rv32imac ilp32 - rv32imafdc ilp32 - rv32imafdc ilp32d The 32-bit RISC-V port requires at least Linux 5.4, GCC 7.1 and binutils 2.28. * A new fortification level _FORTIFY_SOURCE=3 is available. At this level, glibc may use additional checks that may have an additional performance overhead. At present these checks are available only on LLVM 9 and later. The latest GCC available at this time (10.2) does not support this level of fortification. Deprecated and removed features, and other changes affecting compatibility: * The mallinfo function is marked deprecated. Callers should call mallinfo2 instead. * When dlopen is used in statically linked programs, alternative library implementations from HWCAP subdirectories are no longer loaded. Instead, the default implementation is used. * The deprecated <sys/vtimes.h> header and the function vtimes have been removed. To support old binaries, the vtimes function continues to exist as a compatibility symbol. Applications should use the getrlimit or prlimit. * Following a change in the tzdata 2018a release upstream, the zdump program is now installed in the /usr/bin subdirectory. Previously, the /usr/sbin subdirectory was used. * On s390(x), the type float_t is now derived from the macro __FLT_EVAL_METHOD__ that is defined by the compiler, instead of being hardcoded to double. This does not affect the ABI of any libraries that are part of the GNU C Library, but may affect the ABI of other libraries that use this type in their interfaces. The new definition improves consistency with compiler behavior in many scenarios. * A future version of glibc will stop loading shared objects from the "tls" subdirectories on the library search path, the subdirectory that corresponds to the AT_PLATFORM system name, and also stop employing the legacy AT_HWCAP search mechanism. Applications should switch to the new glibc-hwcaps mechanism instead; if they do not do that, only the baseline version (directly from the search path directory) will be loaded. Changes to build and runtime requirements: * On Linux, the system administrator needs to configure /dev/pts with the intended access modes for pseudo-terminals. glibc no longer attemps to adjust permissions of terminal devices. The previous glibc defaults ("tty" group, user read/write and group write) already corresponded to what most systems used, so that grantpt did not perform any adjustments. * On Linux, the posix_openpt and getpt functions no longer attempt to use legacy (BSD) pseudo-terminals and assume that if /dev/ptmx exists (and pseudo-terminals are supported), a devpts file system is mounted on /dev/pts. Current systems already meet these requirements. * s390x requires GCC 7.1 or newer. See gcc Bug 98269. Security related changes: CVE-2021-3326: An assertion failure during conversion from the ISO-20220-JP-3 character set using the iconv function has been fixed. This assertion was triggered by certain valid inputs in which the converted output contains a combined sequence of two wide characters crossing a buffer boundary. Reported by Tavis Ormandy. CVE-2020-27618: An infinite loop has been fixed in the iconv program when invoked with input containing redundant shift sequences in the IBM1364, IBM1371, IBM1388, IBM1390, or IBM1399 character sets. CVE-2020-29562: An assertion failure has been fixed in the iconv function when invoked with UCS4 input containing an invalid character. CVE-2019-25013: A buffer overflow has been fixed in the iconv function when invoked with EUC-KR input containing invalid multibyte input sequences. The following bugs are resolved with this release: [10635] libc: realpath portability patches [16124] dynamic-link: ld.so should allow to change argv[0] [17924] malloc: 'free' should not set errno [18683] libc: Linux faccessat implementation can incorrectly ignore AT_EACCESS [22899] libc: Use 64-bit readdir() in generic POSIX getcwd() [23249] libc: Epyc and other current AMD CPUs do not select the "haswell" platform subdirectory [24080] dynamic-link: Definition of "haswell" platform is inconsistent with GCC [24202] libc: m68k setjmp() saves incorrect 'a5' register in --enable- stack-protector=all [24941] libc: Make grantpt usable after multi-threaded fork in more cases [24970] libc: realpath mishandles EOVERFLOW; stat not needed anyway [24973] locale: iconv encounters segmentation fault when converting 0x00 0xfe in EUC-KR to UTF-8 (CVE-2019-25013) [25399] string: undefined reference to `__warn_memset_zero_len' when changing gnuc version [25859] libc: glibc parser for /sys/devices/system/cpu/online is incorrect [25938] dynamic-link: ld.so.cache should store meaning of hwcap mask bits [25971] libc: s390 bits/hwcap.h out of sync with kernel [26053] libc: unlockpt fails with ENOTTY for non-ptmx descriptors [26100] libc: Race in syslog(3) with regards to tag printing. [26124] libc: Export <cpu-features.h> [26130] nscd: Inconsistent nscd cache during pruning [26203] libc: GLRO(dl_x86_cpu_features) may not be intialized [26224] locale: iconv hangs when converting some invalid inputs from several IBM character sets (CVE-2020-27618) [26341] libc: realpath cyclically call __alloca(path_max) to consume too much stack space [26343] manual: invalid documented return type for strerrorname_np(), strerrordesc_np(), sigdescr_np(), sigabbrev_np() [26376] libc: Namespace violation in stdio.h and sys/stat.h if build with optimization. [26383] locale: bind_textdomain_codeset doesn't accept //TRANSLIT anymore [26394] time: [2.33 Regression] FAIL: nptl/tst-join14 [26534] math: libm.so 2.32 SIGILL in pow() due to FMA4 instruction on non-FMA4 system [26552] dynamic-link: CPU_FEATURE_USABLE_P should be more conservative [26553] libc: mtx_init allows type set to "mtx_recursive" only [26555] string: strerrorname_np does not return the documented value [26592] libc: pointer arithmetic overflows in realpath [26600] network: Transaction ID collisions cause slow DNS lookups in getaddrinfo [26606] libc: [2.33 Regression] pselect is broken on x32 [26615] libc: powerpc: libc segfaults when LD_PRELOADed with libgcc [26620] glob: fnmatch with collating symbols results in segmentation fault [26625] libc: [2.33 Regression] CET is disabled [26636] libc: 32-bit shmctl(IPC_INFO) crashes when shminfo struct is at the end of a memory mapping [26637] libc: semctl SEM_STAT_ANY fails to pass the buffer specified by the caller to the kernel [26639] libc: msgctl IPC_INFO and MSG_INFO return garbage [26647] build: [-Werror=array-parameter=] due to different declarations for __sigsetjmp [26648] libc: mkstemp is likely to fail on systems with non-stricly- monotonic clocks [26649] stdio: printf should handle non-normal x86 long double numbers gracefully (CVE-2020-29573) [26686] build: -Warray-parameter instances building with GCC 11 [26687] build: -Warray-bounds instances building with GCC 11 [26690] stdio: Aliasing violation in __vfscanf_internal [26691] nptl: Use a minimum guard size of 64 KiB on aarch64 [26726] build: GCC warning calling new_composite_name with an array of one element [26736] libc: FAIL: misc/tst-sysvshm-linux [26737] libc: Random FAIL: rt/tst-shm [26791] libc: Missing O_CLOEXEC in sysconf.c [26798] dynamic-link: aarch64: variant PCS symbols may be incorrectly lazy bound [26801] nptl: pthread_mutex_clocklock with CLOCK_MONOTONIC can fail on PI mutexes [26818] string: aarch64: string tests may run ifunc variants that are not safe [26821] libc: Memory leak test failures on Fedora 33 [26824] libc: FAIL: elf/tst-cpu-features-supports with recent trunk: FSGSBASE/LM/RDRAND check failure [26833] time: adjtime() with delta == NULL segfaults on armv7 32bit platform [26853] libc: aarch64: Missing unwind information in statically linked startup code [26923] locale: Assertion failure in iconv when converting invalid UCS4 (CVE-2020-29562) [26926] dynamic-link: aarch64: library dependencies are not bti protected [26932] libc: sh: Multiple floating point functions defined as stubs only since 2.31 [26964] nptl: pthread_mutex_timedlock returning EAGAIN after futex is locked [26988] dynamic-link: aarch64: BTI mprotect address is not page aligned [27002] build: libc_freeres_fn build failure with GCC 11 [27004] dynamic-link: ld.so is miscompiled by GCC 11 [27008] dynamic-link: ld.so.cache should have endianness markup [27042] libc: [alpha] anonymous union in struct stat confuses detection logic [27053] libc: Conformance regression in system(3) (and probably also pclose(3)) [27072] dynamic-link: static pie ifunc resolvers run before hwcap is setup [27077] network: Do not reload /etc/nsswitch.conf from chroot [27083] libc: Unsafe unbounded alloca in addmntent [27104] dynamic-link: The COMMON_CPUID_INDEX_MAX handshake does not work [27130] string: "rep movsb" performance issue [27150] libc: alpha: wait4() is unavailable in static linking [27177] dynamic-link: GLIBC_TUNABLES=glibc.cpu.x86_ibt=on:glibc.cpu.x86_shstk=on doesn't work [27222] dynamic-link: Incorrect sysdeps/x86/tst-cpu-features-cpuinfo.c [27237] malloc: deadlock in malloc/tst-malloc-stats-cancellation [27256] locale: Assertion failure in ISO-2022-JP-3 gconv module related to combining characters (CVE-2021-3326) Release Notes ============= https://sourceware.org/glibc/wiki/Release/2.33 Contributors ============ This release was made possible by the contributions of many people. The maintainers are grateful to everyone who has contributed changes or bug reports. These include: Adhemerval Zanella Alexandra Hájková Alistair Francis Andreas Schwab Anssi Hannula Arjun Shankar Benno Schulenberg Carlos O'Donell Chen Li Cooper Qu Corinna Vinschen DJ Delorie Dmitry V. Levin Fangrui Song Florian Weimer Guillaume Gardet H.J. Lu Jakub Jelinek Jangwoong Kim Jeremie Koenig Jim Wilson John David Anglin John McCabe Jonathan Wakely Jonny Grant Joseph Myers Lode Willems Lucas A. M. Magalhaes Lukasz Majewski Maciej W. Rozycki Mao Han Marc Aurèle La France Marius Hillenbrand Mark Wielaard Martin Liska Martin Sebor Matheus Castanho Matt Turner Maximilian Krüger Michael Colavita Ondřej Hošek Patrick McGehearty Patsy Griffin Paul E. Murphy Paul Eggert Paul Zimmermann Prasanth R Raoni Fassina Firmino Raphael M Zinsly Raphael Moreira Zinsly Richard Braun Richard Earnshaw Rolf Eike Beer Sajan Karumanchi Samuel Thibault Sergei Trofimovich Shuo Wang Siddhesh Poyarekar Stafford Horne Stefan Liebler Szabolcs Nagy Thorsten Kukuk Tulio Magno Quites Machado Filho Vincent Chen Vincent Mihalkovic Vineet Gupta W. Hashimoto Wilco Dijkstra Xiaoming Ni Zong Li liqingqing Érico Rolim -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEUMEGt8/rO2QSpplaqrHsFKeUiO8FAmAYN2YACgkQqrHsFKeU iO9M2w//XRWm7PkWQa5kbcx11cNxjRbQU7fhSkpA67Vjfsr83Tzh2v8J/deITNtL IaL73ApWr5xenpgCru79CbQmuJTrDgi/zs6PX1xdM5VHKzg4rp4JB8iJ8mJn+cmY TBl7FPmfcmXnUkxSVO+N3MjnebqDiVFKHBhMEv2BA0orPCBTJG5nbLLxb2YRBtpb b+45JRBdqw+XZfphN8hemBMwzgqEgkvEij82Dp/lm8H6ZnG7q9zEFn7ev+IhdKi4 d5w8rSVQpX3ddzLwgWY+cYEGa0N93F38njLh64nEfELiySzc0O5ssjzmvKJj8rx1 F2nPED6u4bLW7sLKT0HEwFN7ZODBKkO4QEoOwfBurb26m2/5tKKO4Mjhyd5iqZQb hGrTAE2yl6nhcmjP8d+oyuk9Nf8IicX2ttSgHF1eTksV6zb2kQMFxux0VVfcpkNB Y9Kg97ssPqFhiE/Qms/eNFQy3BPAE8b1E/4Wj6iW0/7CjLBehlhBM8HvY4wbJIjr uFHEqOOBOIs19mc/q/uFqi4xqI77fsccpZMYlrKsJ4gAqhJSrINV6A/hQLjaDmph oS/I6ZKvQ4IF2tQki/VOtKni7XsWhpJeIWvnDpeB8T3PfTwDqCwhu92SyBantx2P MugwXGODvPL0AWcKU+obgZYdX0sSsqpzx5cv2eflFzjs6G//Ek4= =B2XP -----END PGP SIGNATURE-----