The GNU C Library version 2.39 is now available

The GNU C Library
=================

The GNU C Library version 2.39 is now available.

The GNU C Library is used as *the* C library in the GNU system and
in GNU/Linux systems, as well as many other systems that use Linux
as the kernel.

The GNU C Library is primarily designed to be a portable
and high performance C library.  It follows all relevant
standards including ISO C11 and POSIX.1-2017.  It is also
internationalized and has one of the most complete
internationalization interfaces known.

The GNU C Library webpage is at http://www.gnu.org/software/libc/

Packages for the 2.39 release may be downloaded from:
        http://ftpmirror.gnu.org/libc/
        http://ftp.gnu.org/gnu/libc/

The mirror list is at http://www.gnu.org/order/ftp.html

Distributions are encouraged to track the release/* branches
corresponding to the releases they are using.  The release
branches will be updated with conservative bug fixes and new
features while retaining backwards compatibility.

NEWS for version 2.39
=====================

Major new features:

* A new tunable, glibc.cpu.plt_rewrite, can be used to enable PLT
  rewrite on x86-64.  When enabled with non-lazy binding, the dynamic
  linker will rewrite indirect branches in PLT with direct branches.

* Sync with Linux kernel 6.6 shadow stack interface.  The --enable-cet
  configure option is only supported on x86-64.

* struct statvfs now has an f_type member, equal to the f_type statfs member;
  on the Hurd this was always available under a reserved name,
  and under Linux a spare has been allocated: it was always zero
  in previous versions of glibc, and zero is not a valid result.

* On Linux, the functions posix_spawnattr_getcgroup_np and
  posix_spawnattr_setcgroup_np have been added, along with the
  POSIX_SPAWN_SETCGROUP flag.  They allow posix_spawn and posix_spawnp
  to set the cgroupv2 in the new process in a race-free manner.  These
  functions are GNU extensions and require a kernel with clone3 support.

* On Linux, the pidfd_spawn and pidfd_spawp functions have been added.
  They have a similar prototype and semantic as posix_spawn, but instead of
  returning a process ID, they return a file descriptor that can be used
  along other pidfd functions (like pidfd_send_signal, poll, or waitid).
  The pidfd functionality avoids the issue of PID reuse with the traditional
  posix_spawn interface.

* On Linux, the pidfd_getpid function has been added.  It allows retrieving
  the process ID associated with the process file descriptor created by
  pid_spawn, fork_np, or pidfd_open.

* scanf-family functions now support the wN format length modifiers for
  arguments pointing to types intN_t, int_leastN_t, uintN_t or
  uint_leastN_t (for example, %w32d to read int32_t or int_least32_t in
  decimal, or %w32x to read uint32_t or uint_least32_t in hexadecimal)
  and the wfN format length modifiers for arguments pointing to types
  int_fastN_t or uint_fastN_t, as specified in draft ISO C2X.

* A new tunable, glibc.mem.decorate_maps, can be used to add additional
  information on underlying memory allocated by the glibc (for instance,
  on thread stack created by pthread_create or memory allocated by
  malloc).

* The <stdbit.h> header has been added from ISO C2X, with
  stdc_leading_zeros, stdc_leading_ones, stdc_trailing_zeros,
  stdc_trailing_ones, stdc_first_leading_zero, stdc_first_leading_one,
  stdc_first_trailing_zero, stdc_first_trailing_one, stdc_count_zeros,
  stdc_count_ones, stdc_has_single_bit, stdc_bit_width, stdc_bit_floor
  and stdc_bit_ceil function families, each having functions for
  unsigned char, unsigned short, unsigned int, unsigned long int and
  unsigned long long int, and a type-generic macro.

* On AArch64 new symbols were added to libmvec and now math.h has
  annotations to allow GCC 9 or newer to auto-vectorize calls to the
  following scalar math functions when -ffast-math is specified:
  acos, acosf, asin, asinf, atan, atanf, atan2, atan2f, cos, cosf,
  exp, expf, exp10, exp10f, exp2, exp2f, expm1, expm1f, log, logf,
  log10, log10f, log1p, log1pf, log2, log2f, sin, sinf, tan, tanf.

Deprecated and removed features, and other changes affecting compatibility:

* The ldconfig program now skips file names containing ';' or ending in
  ".dpkg.tmp" or ".dpkg.new", to avoid examining temporary files created
  by the RPM and dpkg package managers.

* libcrypt has been removed from the GNU C Library.  The configure
  options "--enable-crypt" and "--enable-nss-crypt" are no longer
  available.  <crypt.h>, libcrypt.a, and libcrypt.so.1 will not be
  installed.  For now <unistd.h> continues to declare the crypt
  function by default, to avoid introducing vulnerabilities into
  existing applications due to a missing prototype.  This declaration
  is deprecated and may be removed in a future glibc release.

  The replacement for libcrypt is libxcrypt, maintained separately from
  GNU libc, but available under compatible licensing terms, and providing
  binary backward compatibility with the former libcrypt.  It is currently
  distributed from <https://github.com/besser82/libxcrypt/>.

  As a consequence of this removal, GNU libc no longer makes any use of
  the NSS cryptography library (Network Security Services; not to be
  confused with Name Service Switch).  Distributors of binary packages
  of GNU libc are advised to check whether their build processes can be
  simplified.

* The dynamic linker calls the malloc and free functions in more cases
  during TLS access if a shared object with dynamic TLS is loaded and
  unloaded.  This can result in an infinite recursion if a malloc
  replacement library or its dependencies use dynamic TLS instead of
  initial-exec TLS.

* The ia64*-*-linux-gnu configurations are no longer supported.

Changes to build and runtime requirements:

* Building on LoongArch requires at a minimum binutils 2.41 for vector
  instructions.

Security related changes:

The following CVEs were fixed in this release, details of which can be
found in the advisories directory of the release tarball:

  GLIBC-SA-2023-0002:
    getaddrinfo: Stack read overflow in no-aaaa mode (CVE-2023-4527)

  GLIBC-SA-2023-0003:
    getaddrinfo: Potential use-after-free (CVE-2023-4806)

  GLIBC-SA-2023-0004:
    tunables: local privilege escalation through buffer overflow
    (CVE-2023-4911)

  GLIBC-SA-2024-0001:
    syslog: Heap buffer overflow in __vsyslog_internal (CVE-2023-6246)

  GLIBC-SA-2024-0002:
    syslog: Heap buffer overflow in __vsyslog_internal (CVE-2023-6779)

  GLIBC-SA-2024-0003:
    syslog: Integer overflow in __vsyslog_internal (CVE-2023-6780)

The following bugs are resolved with this release:

  [14522] localedata: fy_DE: LC_IDENTIFICATION data looks weird
  [19305] libc: qsort() should return early if (nmemb <= 1)
  [19479] localedata: gbm_IN: new Garhwali Locale
  [19924] dynamic-link: TLS performance degradation after dlopen
  [19956] localedata: ssy_ER: rename from aa_ER@saaho
  [21719] libc: stdlib/msort : optimizing merge sort
  [22526] localedata: th_TH  LC_COLLATE does not use copy "iso14651_t1"
  [23012] localedata: el_GR: Greece now uses the 24h format for time
  [23172] localedata: miq_NI: Provide actually abbreviated month names
  [24006] localedata: Cyclic dependencies via copy in locales
  [24013] localedata: am_pm definitions for es_ES
  [24386] localedata: crh_RU: new locale
  [24877] localedata: [Redundant Data] Remove redundant data between
    en_NZ and en_AU
  [25868] localedata: Incorrect trailing spaces in weekday names for
    nn_NO
  [26752] localedata: Please add the new locale zgh_MA
  [27069] dynamic-link: Need a way to tell if a tunable is set by user
  [27163] localedata: Error on test glk_IR with localedef
  [27312] localedata: su_ID: new Sundanese locale
  [27547] manual: "Summary of malloc-Related Functions" shows wrong
    argument order for  `aligned_alloc` and `memalign`
  [27574] libc: glibc should probably not define __WORDSIZE=64 for
    __sparcv9
  [27601] localedata: License information update in
    localedata/locales/ast_ES
  [28558] localedata: it_IT LC_MONETARY outdated p_cs_precedes and
    n_cs_precedes
  [28787] localedata: Add information for Occitan
  [29039] dynamic-link: Corrupt DTV after reuse of a TLS module ID
    following dlclose with unused TLS
  [29486] localedata: New Zealand locales (en_NZ & mi_NZ) first day of
    week should be Monday
  [29504] localedata: Incorrect/misleading Time Format For ms_MY (AM/PM)
  [29506] localedata: UTF-8 HANGUL SYLLABLE bugs
  [30349] libc: Support returning a pidfd from posix_spawn()
  [30412] localedata: d_t_fmt in id_ID uses %r placeholder but am_pm and
    t_fmt_ampm are undefined
  [30605] localedata: New locale for Komi language
  [30649] localedata: [PATCH] Add transliteration of common emojis to
    smileys
  [30694] locale: The iconv program no longer tells the user which given
    encoding name was wrong
  [30709] nscd: nscd fails to build with cleanup handler if built with
    -fexceptions
  [30737] libc: fdopendir() is not robust - returns bogus DIR* instead
    of flagging an error
  [30740] build: [m68k] undefined reference to
    `_wordcopy_fwd_dest_aligned'
  [30745] libc: Slight bug in cache info codes for x86
  [30750] network: Unaligned accesses in resolver
  [30773] math: [m68k] busybox awk is broken (lshift.S related)
  [30789] libc: [2.38 Regression] sem_open will fail on multithreaded
    scenarios when semaphore file doesn't exist (O_CREAT)
  [30800] nscd: Improper assert in prune_cache triggers if clock jumps
    backwards
  [30804] libc: F_GETLK, F_SETLK, and F_SETLKW value change for
    powerpc64 with -D_FILE_OFFSET_BITS=64
  [30842] network: Stack read overflow in getaddrinfo in no-aaaa mode
    (CVE-2023-4527)
  [30843] network: potential use-after-free in getcanonname
    (CVE-2023-4806)
  [30854] localedata: Update locale data to Unicode 15.1.0
  [30884] network: Memory leak in getaddrinfo after fix for bug 30843
    (CVE-2023-5156)
  [30932] libc: Fortify Source has false-positives when too many files
    are open
  [30945] malloc: Core affinity setting incurs lock contentions between
    threads
  [30960] math: signed integer overflow in
    glibc/sysdeps/s390/fpu/feenablxcpt.c
  [30964] locale: Number grouping check mishandles multibyte thousands
    separator
  [30981] dynamic-link: dlclose does not properly implement force-first
    handling
  [30988] math: fesetexcept raises floating-point exception traps on
    ppc, ppc64, ppc64le
  [30989] math: fesetexcept raises floating-point exception traps on
    i386
  [30990] libc: fesetexceptflag raises floating-point exception traps on
    i386, x86_64
  [30998] math: fesetexceptflag clears too many floating-point exception
    flags on alpha
  [31019] manual: The documentation of feenableexcept is incomplete
  [31022] math: feupdateenv (FE_DFL_ENV) crashes on riscv
  [31035] libc: Library search path terminates on relative non-directory
    name
  [31042] libc: [s390x] .init and .fini padding
  [31068] libc: sysdeps: sparc: invalid data access in memset due to
    regression
  [31078] manual: Code example in "Noncanonical Mode Example" has unused
    'char *name;'
  [31086] localedata: Errors in Tibetan, Dzongkha data
  [31113] string: Wrong unwind information for rawmemchr on aarch64
  [31151] libc: [RISC-V] missing support for profile/audit PLT setup
  [31163] nss: getaddrinfo returns EAI_NONAME in oom situation
  [31183] stdio: Wide stream buffer size reduced MB_LEN_MAX bytes after
    bug 17522 fix
  [31184] dynamic-link: FAIL: elf/tst-tlsgap
  [31185] dynamic-link: Incorrect thread point access in
    _dl_tlsdesc_undefweak and _dl_tlsdesc_dynamic
  [31187] dynamic-link: Some CET tests fail with GCC 14
  [31204] localedata: Fix decimal point and thousands separator for
    uz_UZ
  [31205] localedata: Inconsistent (mon_)grouping formats
  [31218] dynamic-link: PLT rewrite overflows large displacement on x32
  [31221] localedata: Add localedata for ISO code "tok" (Toki Pona)
  [31230] dynamic-link: PLT rewrite failed without SELinux
  [31239] localedata: anp_IN locale: abbreviated month names are the
    same as the full month names
  [31244] nptl: pthread_cancel hangs on sparc32
  [31257] localedata: Sync with  CLDR: “Turkey” -> “Türkiye”
  [31266] string: sparc: string/tst-memmove-overflow fails on 32-bit
    sparcv9
  [31276] libc: Wrong condition for heap allocation in qsort_r

Release Notes
=============

https://sourceware.org/glibc/wiki/Release/2.39

Contributors
============

This release was made possible by the contributions of many people.
The maintainers are grateful to everyone who has contributed
changes or bug reports.  These include:

Adam Jackson
Adhemerval Zanella Netto
Amrita H S
Andreas K. Hüttel
Andreas Larsson
Andreas Schwab
Arjun Shankar
Aurelien Jarno
Bruno Haible
Bruno Victal
Carlos O'Donell
Christoph Müllner
Colin Leroy-Mira
DJ Delorie
Daniel Cederman
Dennis Brendel
Flavio Cruz
Florian Weimer
Frederic Cambus
Gaël PORTAY
Guy-Fleury Iteriteka
H.J. Lu
Hector Martin
Jan Palus
Janet Blackquill
Joe Ramsay
Joe Simmons-Talbott
John David Anglin
Joseph Myers
Kir Kolyshkin
Kuan-Wei Chiu
Ludwig Rydberg
MAHESH BODAPATI
Mahesh Bodapati
Manjunath Matti
Mark Wielaard
Matthew Sterrett
Maxim Kuvyrkov
Mike FABIAN
Noah Goldstein
Paul Eggert
Qingqing Li
Romain Geissler
RushingAlien
Sajan Karumanchi
Sam James
Samuel Thibault
Sergei Trofimovich
Sergey Bugaev
Sergio Durigan Junior
Siddhesh Poyarekar
Simon Chopin
Stefan Liebler
Sunil K Pandey
Szabolcs Nagy
Tobias Klauser
Valery Ushakov
Volker Weißmann
Wilco Dijkstra
Xi Ruoyao
Yang Yujie
Yanzhang Wang
Ying Huang
caiyinyu
dengjianbo
lijianglin
наб

We would like to call out the following and thank them for their
tireless patch review:

Adhemerval Zanella
Alejandro Colomar
Andreas K. Hüttel
Andreas Schwab
Arjun Shankar
Carlos O'Donell
DJ Delorie
Florian Weimer
H.J. Lu
Joe Simmons-Talbott
Mike Fabian
Noah Goldstein
Paul E. Murphy
Peter Bergner
Premachandra Mallappa
Rajalakshmi Srinivasaraghavan
Samuel Thibault
Siddhesh Poyarekar
Stefan Liebler
Sunil K Pandey
Szabolcs Nagy

--
Andreas K. Hüttel
dilfridge@gentoo.org
Gentoo Linux developer
(council, toolchain, base-system, perl, releng)
https://wiki.gentoo.org/wiki/User:Dilfridge
https://www.akhuettel.de/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQKTBAABCgB9FiEE/Rnm0xsZLuTcY+rT3CsWIV7VQSoFAmW5mNNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZE
MTlFNkQzMUIxOTJFRTREQzYzRUFEM0RDMkIxNjIxNUVENTQxMkEACgkQ3CsWIV7V
QSo4Qw//QpiwbsMoQhB/6HeI3+7UUdiYDQWL8a3OVTZB2tNBrUQ7zrZMHpXJ4tR7
zTjRCAP0E5EA4pMElbqFEZxwI9DpRe5YEBaZsNvg09zHAPTJxNtKDK4mHSK4VQJ2
5KnedBcFvAyWJnUQ4DAB5HEHe2pPW2dqQaU2XtqnixYEfnH4+jlTS6pTInaAEN+H
UcHtrRZ3m0kYU47hCU8qDFj9Sal5+I6MnFmIaAl/emYjiRVxwvH2cA8mTnlVK7T5
EL49vXU/CbKh3R24xDoYBbtjjXGQ9NT3OW8KXy/9njIM/nr25G/fwMsZHPUlxj86
2+I6JC0RILHCIHCrEX1uoDS+YELCh7AF/cMatU/n42mGK7jBAVgrOcPwtxWME/xH
mOK7FnELTEzmIJ7EBJSW3FMLxvfeA1SO0GTIfXdEsnsdXSRQyaoDhJyubitT34kD
B4k2rmyNRtB1Zgo+cuUSsMM0YuRJJwMBn4kAN3svkNxzsP5oIROm0/FysM8tuhK6
JrDioD24pnnG9w/eFCJUaLa5sSQ4iNw62zEW1wdw6pzRYkAU1g2Q0UPgnjVWQaoM
BV/6GeAivWsGLy7T+ILvDTARzgS+enWRWixd8S7rqMJAVVfGZHCyVACfC41a7unR
b+ti8/uXsmVT7H0rqapscYYF5oVgyQAtYxPwA9g/tp1YRKgfKHk=
=e2a/
-----END PGP SIGNATURE-----