-
Notifications
You must be signed in to change notification settings - Fork 0
/
NEWS
6451 lines (5346 loc) · 295 KB
/
NEWS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
GNU C Library NEWS -- history of user-visible changes.
Copyright (C) 1992-2021 Free Software Foundation, Inc.
See the end for copying conditions.
Please send GNU C library bug reports via <https://sourceware.org/bugzilla/>
using `glibc' in the "product" field.
Version 2.34
Major new features:
* Add _SC_MINSIGSTKSZ and _SC_SIGSTKSZ. When _SC_SIGSTKSZ_SOURCE or
_GNU_SOURCE are defined, MINSIGSTKSZ and SIGSTKSZ are no longer
constant on Linux. MINSIGSTKSZ is redefined to sysconf(_SC_MINSIGSTKSZ)
and SIGSTKSZ is redefined to sysconf (_SC_SIGSTKSZ).
* The dynamic linker implements the --list-diagnostics option, printing
a dump of information related to IFUNC resolver operation and
glibc-hwcaps subdirectory selection.
* On Linux, the function execveat has been added. It operates similar to
execve and it is is already used to implement fexecve without requiring
/proc to be mounted. However, different than fexecve, if the syscall is not
supported by the kernel an error is returned instead of trying a fallback.
* The ISO C2X function timespec_getres has been added.
Deprecated and removed features, and other changes affecting compatibility:
* The function pthread_mutex_consistent_np has been deprecated; programs
should use the equivalent standard function pthread_mutex_consistent
instead.
* The function pthread_mutexattr_getrobust_np has been deprecated;
programs should use the equivalent standard function
pthread_mutexattr_getrobust instead.
* The function pthread_mutexattr_setrobust_np has been deprecated;
programs should use the equivalent standard function
pthread_mutexattr_setrobust instead.
* The function pthread_yield has been deprecated; programs should use
the equivalent standard function sched_yield instead.
Changes to build and runtime requirements:
* On Linux, the shm_open, sem_open, and related functions now expect the
file shared memory file system to be mounted at /dev/shm. These functions
no longer search among the system's mount points for a suitable
replacement if /dev/shm is not available.
Security related changes:
CVE-2021-27645: The nameserver caching daemon (nscd), when processing
a request for netgroup lookup, may crash due to a double-free,
potentially resulting in degraded service or Denial of Service on the
local system. Reported by Chris Schanzle.
The following bugs are resolved with this release:
[The release manager will add the list generated by
scripts/list-fixed-bugs.py just before the release.]
Version 2.33
Major new features:
* The dynamic linker accepts the --list-tunables argument which prints
all the supported tunables. This option is disable if glibc is
configured with tunables disabled (--enable-tunables=no).
* The dynamic linker accepts the --argv0 argument and provides opportunity
to change argv[0] string.
* The dynamic linker loads optimized implementations of shared objects
from subdirectories under the glibc-hwcaps directory on the library
search path if the system's capabilities meet the requirements for
that subdirectory. Initially supported subdirectories include
"power9" and "power10" for the powerpc64le-linux-gnu architecture,
"z13", "z14", "z15" for s390x-linux-gnu, and "x86-64-v2", "x86-64-v3",
"x86-64-v4" for x86_64-linux-gnu. In the x86_64-linux-gnu case, the
subdirectory names correspond to the vendor-independent x86-64
microarchitecture levels defined in the x86-64 psABI supplement.
* The new --help option of the dynamic linker provides usage and
information and library search path diagnostics.
* The mallinfo2 function is added to report statistics as per mallinfo,
but with larger field widths to accurately report values that are
larger than fit in an integer.
* Add <sys/platform/x86.h> to provide query macros for x86 CPU features.
* Support for the RISC-V ISA running on Linux has been expanded to run on
32-bit hardware. This is supported for the following ISA and ABI pairs:
- rv32imac ilp32
- rv32imafdc ilp32
- rv32imafdc ilp32d
The 32-bit RISC-V port requires at least Linux 5.4, GCC 7.1 and binutils
2.28.
* A new fortification level _FORTIFY_SOURCE=3 is available. At this level,
glibc may use additional checks that may have an additional performance
overhead. At present these checks are available only on LLVM 9 and later.
The latest GCC available at this time (10.2) does not support this level of
fortification.
Deprecated and removed features, and other changes affecting compatibility:
* The mallinfo function is marked deprecated. Callers should call
mallinfo2 instead.
* When dlopen is used in statically linked programs, alternative library
implementations from HWCAP subdirectories are no longer loaded.
Instead, the default implementation is used.
* The deprecated <sys/vtimes.h> header and the function vtimes have been
removed. To support old binaries, the vtimes function continues to exist
as a compatibility symbol. Applications should use the getrlimit or
prlimit.
* Following a change in the tzdata 2018a release upstream, the zdump
program is now installed in the /usr/bin subdirectory. Previously,
the /usr/sbin subdirectory was used.
* On s390(x), the type float_t is now derived from the macro
__FLT_EVAL_METHOD__ that is defined by the compiler, instead of being
hardcoded to double. This does not affect the ABI of any libraries
that are part of the GNU C Library, but may affect the ABI of other
libraries that use this type in their interfaces. The new definition
improves consistency with compiler behavior in many scenarios.
* A future version of glibc will stop loading shared objects from the
"tls" subdirectories on the library search path, the subdirectory that
corresponds to the AT_PLATFORM system name, and also stop employing
the legacy AT_HWCAP search mechanism. Applications should switch to
the new glibc-hwcaps mechanism instead; if they do not do that, only
the baseline version (directly from the search path directory) will be
loaded.
Changes to build and runtime requirements:
* On Linux, the system administrator needs to configure /dev/pts with
the intended access modes for pseudo-terminals. glibc no longer
attemps to adjust permissions of terminal devices. The previous glibc
defaults ("tty" group, user read/write and group write) already
corresponded to what most systems used, so that grantpt did not
perform any adjustments.
* On Linux, the posix_openpt and getpt functions no longer attempt to
use legacy (BSD) pseudo-terminals and assume that if /dev/ptmx exists
(and pseudo-terminals are supported), a devpts file system is mounted
on /dev/pts. Current systems already meet these requirements.
* s390x requires GCC 7.1 or newer. See gcc Bug 98269.
Security related changes:
CVE-2021-3326: An assertion failure during conversion from the
ISO-20220-JP-3 character set using the iconv function has been fixed.
This assertion was triggered by certain valid inputs in which the
converted output contains a combined sequence of two wide characters
crossing a buffer boundary. Reported by Tavis Ormandy.
CVE-2020-27618: An infinite loop has been fixed in the iconv program when
invoked with input containing redundant shift sequences in the IBM1364,
IBM1371, IBM1388, IBM1390, or IBM1399 character sets.
CVE-2020-29562: An assertion failure has been fixed in the iconv function
when invoked with UCS4 input containing an invalid character.
CVE-2019-25013: A buffer overflow has been fixed in the iconv function when
invoked with EUC-KR input containing invalid multibyte input sequences.
The following bugs are resolved with this release:
[10635] libc: realpath portability patches
[16124] dynamic-link: ld.so should allow to change argv[0]
[17924] malloc: 'free' should not set errno
[18683] libc: Linux faccessat implementation can incorrectly ignore
AT_EACCESS
[22899] libc: Use 64-bit readdir() in generic POSIX getcwd()
[23091] hurd: missing waitid support
[23249] libc: Epyc and other current AMD CPUs do not select the
"haswell" platform subdirectory
[24080] dynamic-link: Definition of "haswell" platform is inconsistent
with GCC
[24202] libc: m68k setjmp() saves incorrect 'a5' register in --enable-
stack-protector=all
[24941] libc: Make grantpt usable after multi-threaded fork in more
cases
[24970] libc: realpath mishandles EOVERFLOW; stat not needed anyway
[24973] locale: iconv encounters segmentation fault when converting
0x00 0xfe in EUC-KR to UTF-8 (CVE-2019-25013)
[25399] string: undefined reference to `__warn_memset_zero_len' when
changing gnuc version
[25859] libc: glibc parser for /sys/devices/system/cpu/online is
incorrect
[25938] dynamic-link: ld.so.cache should store meaning of hwcap mask
bits
[25971] libc: s390 bits/hwcap.h out of sync with kernel
[26053] libc: unlockpt fails with ENOTTY for non-ptmx descriptors
[26100] libc: Race in syslog(3) with regards to tag printing.
[26124] libc: Export <cpu-features.h>
[26130] nscd: Inconsistent nscd cache during pruning
[26203] libc: GLRO(dl_x86_cpu_features) may not be intialized
[26224] locale: iconv hangs when converting some invalid inputs from
several IBM character sets (CVE-2020-27618)
[26341] libc: realpath cyclically call __alloca(path_max) to consume
too much stack space
[26343] manual: invalid documented return type for strerrorname_np(),
strerrordesc_np(), sigdescr_np(), sigabbrev_np()
[26376] libc: Namespace violation in stdio.h and sys/stat.h if build
with optimization.
[26383] locale: bind_textdomain_codeset doesn't accept //TRANSLIT
anymore
[26394] time: [2.33 Regression] FAIL: nptl/tst-join14
[26534] math: libm.so 2.32 SIGILL in pow() due to FMA4 instruction on
non-FMA4 system
[26552] dynamic-link: CPU_FEATURE_USABLE_P should be more conservative
[26553] libc: mtx_init allows type set to "mtx_recursive" only
[26555] string: strerrorname_np does not return the documented value
[26592] libc: pointer arithmetic overflows in realpath
[26600] network: Transaction ID collisions cause slow DNS lookups in
getaddrinfo
[26606] libc: [2.33 Regression] pselect is broken on x32
[26615] libc: powerpc: libc segfaults when LD_PRELOADed with libgcc
[26620] glob: fnmatch with collating symbols results in segmentation
fault
[26625] libc: [2.33 Regression] CET is disabled
[26636] libc: 32-bit shmctl(IPC_INFO) crashes when shminfo struct is
at the end of a memory mapping
[26637] libc: semctl SEM_STAT_ANY fails to pass the buffer specified
by the caller to the kernel
[26639] libc: msgctl IPC_INFO and MSG_INFO return garbage
[26647] build: [-Werror=array-parameter=] due to different
declarations for __sigsetjmp
[26648] libc: mkstemp is likely to fail on systems with non-stricly-
monotonic clocks
[26649] stdio: printf should handle non-normal x86 long double numbers
gracefully (CVE-2020-29573)
[26686] build: -Warray-parameter instances building with GCC 11
[26687] build: -Warray-bounds instances building with GCC 11
[26690] stdio: Aliasing violation in __vfscanf_internal
[26691] nptl: Use a minimum guard size of 64 KiB on aarch64
[26726] build: GCC warning calling new_composite_name with an array of
one element
[26736] libc: FAIL: misc/tst-sysvshm-linux
[26737] libc: Random FAIL: rt/tst-shm
[26791] libc: Missing O_CLOEXEC in sysconf.c
[26798] dynamic-link: aarch64: variant PCS symbols may be incorrectly
lazy bound
[26801] nptl: pthread_mutex_clocklock with CLOCK_MONOTONIC can fail on
PI mutexes
[26818] string: aarch64: string tests may run ifunc variants that are
not safe
[26821] libc: Memory leak test failures on Fedora 33
[26824] libc: FAIL: elf/tst-cpu-features-supports with recent trunk:
FSGSBASE/LM/RDRAND check failure
[26833] time: adjtime() with delta == NULL segfaults on armv7 32bit
platform
[26853] libc: aarch64: Missing unwind information in statically linked
startup code
[26923] locale: Assertion failure in iconv when converting invalid
UCS4 (CVE-2020-29562)
[26926] dynamic-link: aarch64: library dependencies are not bti
protected
[26932] libc: sh: Multiple floating point functions defined as stubs
only since 2.31
[26964] nptl: pthread_mutex_timedlock returning EAGAIN after futex is
locked
[26988] dynamic-link: aarch64: BTI mprotect address is not page
aligned
[27002] build: libc_freeres_fn build failure with GCC 11
[27004] dynamic-link: ld.so is miscompiled by GCC 11
[27008] dynamic-link: ld.so.cache should have endianness markup
[27042] libc: [alpha] anonymous union in struct stat confuses
detection logic
[27053] libc: Conformance regression in system(3) (and probably also
pclose(3))
[27072] dynamic-link: static pie ifunc resolvers run before hwcap is
setup
[27077] network: Do not reload /etc/nsswitch.conf from chroot
[27083] libc: Unsafe unbounded alloca in addmntent
[27104] dynamic-link: The COMMON_CPUID_INDEX_MAX handshake does not
work
[27130] string: "rep movsb" performance issue
[27150] libc: alpha: wait4() is unavailable in static linking
[27177] dynamic-link:
GLIBC_TUNABLES=glibc.cpu.x86_ibt=on:glibc.cpu.x86_shstk=on doesn't
work
[27222] dynamic-link: Incorrect sysdeps/x86/tst-cpu-features-cpuinfo.c
[27237] malloc: deadlock in malloc/tst-malloc-stats-cancellation
[27256] locale: Assertion failure in ISO-2022-JP-3 gconv module
related to combining characters (CVE-2021-3326)
Version 2.32
Major new features:
* Unicode 13.0.0 Support: Character encoding, character type info, and
transliteration tables are all updated to Unicode 13.0.0, using
generator scripts contributed by Mike FABIAN (Red Hat).
* New locale added: ckb_IQ (Kurdish/Sorani spoken in Iraq)
* Support for Synopsys ARC HS cores (ARCv2 ISA) running Linux has been
added. This port requires at least binutils-2.32, gcc-8.3 and Linux-5.1.
Three ABIs are supported:
- arc-linux-gnu
- arc-linux-gnuhf
- arceb-linux-gnu
The arc* ABIs are little-endian while arceb is big-endian. All ABIs use
64-bit time (y2038 safe) and 64-bit file offsets (LFS default).
* The GNU C Library now loads audit modules listed in the DT_AUDIT and
DT_DEPAUDIT dynamic section entries of the main executable.
* powerpc64le supports IEEE128 long double libm/libc redirects when
using -mabi=ieeelongdouble to compile C code on supported GCC
toolchains. It is recommended to use GCC 8 or newer when testing
this option.
* To help detect buffer overflows and other out-of-bounds accesses
several APIs have been annotated with GCC 'access' attribute. This
should help GCC 10 issue better warnings.
* On Linux, functions pthread_attr_setsigmask_np and
pthread_attr_getsigmask_np have been added. They allow applications
to specify the signal mask of a thread created with pthread_create.
* The GNU C Library now provides the header file <sys/single_threaded.h>
which declares the variable __libc_single_threaded. Applications are
encouraged to use this variable for single-thread optimizations,
instead of weak references to symbols historically defined in
libpthread.
* The functions sigabbrev_np and sigdescr_np have been added. The
sigabbrev_np function returns the abbreviated signal name (e.g. "HUP" for
SIGHUP) while sigdescr_np returns a string describing the signal number
(e.g "Hangup" for SIGHUP). Different than strsignal, sigdescr_np does not
attempt to translate the return description, both functions return
NULL for an invalid signal number.
They should be used instead of sys_siglist or sys_sigabbrev and they
are both thread and async-signal safe. These functions are GNU extensions.
* The functions strerrorname_np and strerrordesc_np have been added. The
strerroname_np function returns error number name (e.g. "EINVAL" for EINVAL)
while strerrordesc_np returns a string describing the error number
(e.g "Invalid argument" for EINVAL). Different than strerror,
strerrordesc_np does not attempt to translate the return description, both
functions return NULL for an invalid error number.
They should be used instead of sys_errlist and sys_nerr, both are
thread and async-signal safe. These functions are GNU extensions.
* AArch64 now supports standard branch protection security hardening
in glibc when it is built with a GCC that is configured with
--enable-standard-branch-protection (or if -mbranch-protection=standard
flag is passed when building both GCC target libraries and glibc,
in either case a custom GCC is needed). This includes branch target
identification (BTI) and pointer authentication for return addresses
(PAC-RET). They require armv8.5-a and armv8.3-a architecture
extensions respectively for the protection to be effective,
otherwise the used instructions are nops. User code can use PAC-RET
without libc support, but BTI requires a libc that is built with BTI
support, otherwise runtime objects linked into user code will not be
BTI compatible.
Deprecated and removed features, and other changes affecting compatibility:
* Remove configure option --enable-obsolete-rpc. Sun RPC is removed
from glibc. This includes the rpcgen program, librpcsvc, and the Sun
RPC header files. Backward compatibility for old programs is kept
only for architectures and ABIs that have been added in or before
glibc 2.31. New programs need to use TI-RPC
<http://git.linux-nfs.org/?p=steved/libtirpc.git;a=summary> and
rpcsvc-proto <https://github.com/thkukuk/rpcsvc-proto>.
* Remove configure option --enable-obsolete-nsl. libnsl is only built
as shared library for backward compatibility and the NSS modules "nis"
and "nisplus" are not built at all and libnsl's headers aren't
installed. This compatibility is kept only for architectures and ABIs
that have been added in or before version 2.28. Replacement
implementations based on TI-RPC, which additionally support IPv6, are
available from <https://github.com/thkukuk/>. This change does not
affect the "compat" NSS module, which does not depend on libnsl
since 2.27 and thus can be used without NIS.
* The deprecated <sys/sysctl.h> header and the sysctl function have been
removed. To support old binaries, the sysctl function continues to
exist as a compatibility symbol (on those architectures which had it),
but always fails with ENOSYS. This reflects the removal of the system
call from all architectures, starting with Linux 5.5.
* The sstk function is no longer available to newly linked binaries.
Its implementation always returned with a failure, and the function
was not declared in any header file.
* The legacy signal handling functions siginterrupt, sigpause, sighold,
sigrelse, sigignore and sigset, and the sigmask macro have been
deprecated. Applications should use the sigsuspend, sigprocmask and
sigaction functions instead.
* ldconfig now defaults to the new format for ld.so.cache. glibc has
already supported this format for almost 20 years.
* The deprecated arrays sys_siglist, _sys_siglist, and sys_sigabbrev
are no longer available to newly linked binaries, and their declarations
have been removed from <string.h>. They are exported solely as
compatibility symbols to support old binaries. All programs should use
strsignal instead.
* The deprecated symbols sys_errlist, _sys_errlist, sys_nerr, and _sys_nerr
are no longer available to newly linked binaries, and their declarations
have been removed from <stdio.h>. They are exported solely as
compatibility symbols to support old binaries. All programs should use
strerror or strerror_r instead.
* Both strerror and strerror_l now share the same internal buffer in the
calling thread, meaning that the returned string pointer may be invalided
or contents might be overwritten on subsequent calls in the same thread or
if the thread is terminated. It makes strerror MT-safe.
* Using weak references to libpthread functions such as pthread_create
or pthread_key_create to detect the singled-threaded nature of a
program is an obsolescent feature. Future versions of glibc will
define pthread_create within libc.so.6 itself, so such checks will
always flag the program as multi-threaded. Applications should check
the __libc_single_threaded variable declared in
<sys/single_threaded.h> instead.
* The "files" NSS module no longer supports the "key" database (used for
secure RPC). The contents of the /etc/publickey file will be ignored,
regardless of the settings in /etc/nsswitch.conf. (This method of
storing RPC keys only supported the obsolete and insecure AUTH_DES
flavor of secure RPC.)
* The __morecore and __after_morecore_hook malloc hooks and the default
implementation __default_morecore have been deprecated. Applications
should use malloc interposition to change malloc behavior, and mmap to
allocate anonymous memory. A future version of glibc may require that
applications which use the malloc hooks must preload a special shared
object, to enable the hooks.
* The hesiod NSS module has been deprecated and will be removed in a
future version of glibc. System administrators are encouraged to
switch to other approaches for networked account databases, such as
LDAP.
Changes to build and runtime requirements:
* powerpc64le requires GCC 7.4 or newer. This is required for supporting
long double redirects.
Security related changes:
CVE-2016-10228: An infinite loop has been fixed in the iconv program when
invoked with the -c option and when processing invalid multi-byte input
sequences. Reported by Jan Engelhardt.
CVE-2020-10029: Trigonometric functions on x86 targets suffered from stack
corruption when they were passed a pseudo-zero argument. Reported by Guido
Vranken / ForAllSecure Mayhem.
CVE-2020-1752: A use-after-free vulnerability in the glob function when
expanding ~user has been fixed.
CVE-2020-6096: A signed comparison vulnerability in the ARMv7 memcpy and
memmove functions has been fixed. Discovered by Jason Royes and Samual
Dytrych of the Cisco Security Assessment and Penetration Team (See
TALOS-2020-1019).
The following bugs are resolved with this release:
[9809] localedata: ckb_IQ: new Kurdish Sorani locale
[10441] manual: Backtraces code example lacks error checking
[10815] librt: [timer_create / SIGEV_THREAD] signalmask of
timer_sigev_thread dangerous
[14231] stdio: stdio-common tests memory requirements
[14578] libc: /proc-based emulation for lchmod, fchmodat
[16272] dynamic-link: dlopen()ing a DT_FILTER library crashes if
filtee has constructor
[19519] locale: iconv(1) with -c option hangs on illegal multi-byte
sequences (CVE-2016-10228)
[19737] admin: Doc page “20.5.2 Infinity and NaN” has incorrect HTML
character entities for infinity & pi
[20338] libc: Parsing of /etc/gshadow can return bad pointers causing
segfaults in applications
[20543] libc: Please move from .gnu.linkonce to comdat
[22489] network: gcc warns about implicit convertion in
ICMP6_FILTER_SETPASS with -Wsign-conversion
[22525] localedata: or_IN LC_COLLATE does not use copy "iso14651_t1"
[23294] math: Complex _FloatN functions are redirected to the wrong
function with -mlong-double-64
[23296] libc: Data race in setting function descriptor during lazy
binding
[23668] dynamic-link: ldconfig: Default to the new format for
ld.so.cache
[23819] hurd: hurd: Add C11 thread support
[23990] build: test-container error out on failure to exec child.
[23991] build: shell-container typo in run_command_array
[24638] manual: Error in example of parsing a template string
[24654] manual: Wrong declaration of wcschr in libc manual
[24943] dynamic-link: Support DT_AUDIT, DT_DEPAUDIT in the dynamic
linker
[25051] dynamic-link: aarch64, powerpc64 uses surplus static tls for
dynamically loaded dsos
[25098] nptl: nptl: ctype classification functions are not AS-Safe
[25219] libc: improve out-of-bounds checking with GCC 10 attribute
access
[25262] libc: getcontext/setcontext/swapcontext unnecessarily save and
restore EAX, ECX and EDX
[25397] dynamic-link: Legacy bitmap doesn't cover jitted code
[25414] glob: 'glob' use-after-free bug (CVE-2020-1752)
[25420] network: Race condition in resolv_conf.c can result in caching
stale configuration forever
[25487] math: sinl() stack corruption from crafted input
(CVE-2020-10029)
[25506] build: configure: broken detection of STT_GNU_IFUNC when GCC
defaults to PIE
[25523] libc: MIPS/Linux inline syscall template is miscompiled
[25620] libc: Signed comparison vulnerability in the ARMv7 memcpy()
(CVE-2020-6096)
[25623] libc: test-sysvmsg, test-sysvsem, test-sysvshm fail with 2.31
on 32 bit and old kernel
[25635] libc: arm: Wrong sysdep order selection for soft-fp
[25639] localedata: Some names of days and months wrongly spelt in
Occitan
[25657] libc: sigprocmask() and sigisemptyset() manipulate different
amount of sigset_t bytes
[25691] stdio: printf: memory leak when printing long multibyte
strings
[25715] libc: system() returns wrong errors when posix_spawn fails
[25733] malloc: mallopt(M_MXFAST) can set global_max_fast to 0
[25734] locale: mbrtowc with Big5-HKSCS fails to reset conversion
state for conversions that produce two Unicode code points
[25765] nptl: Incorrect futex syscall in __pthread_disable_asynccancel
for linux x86_64 leads to livelock
[25788] dynamic-link: [i386] -fno-omit-frame-pointer in CFLAGS causes
test failures, invalid instruction in ld.so
[25790] glob: Typo in tst-fnmatch.input
[25810] libc: x32: Incorrect syscall entries with pointer, off_t and
size_t
[25819] localedata: Update locale data to Unicode 13.0.0
[25824] libc: Abnormal function of strnlen in aarch64
[25887] dynamic-link: Wasted space in _dl_x86_feature_1[1]
[25896] libc: Incorrect prctl
[25902] libc: Bad LOADARGS_N
[25905] dynamic-link: VSX registers are corrupted during PLT
resolution when glibc is built with --disable-multi-arch and --with-
cpu=power9
[25933] string: Off by one error in __strncmp_avx2 when
length=VEC_SIZE*4 and strings are at page boundaries can cause a
segfault
[25942] nptl: Deadlock on stack_cache_lock between __nptl_setxid and
exiting detached thread
[25966] libc: Incorrect access of __x86_shared_non_temporal_threshold
for x32
[25976] nss: internal_end*ent in nss_compat may clobber errno, hiding
ERANGE
[25999] nptl: Use-after-free issue in pthread_getaddr_default_np
[26073] math: getpayload() has wrong return value
[26076] dynamic-link: dlmopen crashes after failing to load
dependencies in audit mode
[26120] localedata: column width of of some Korean
JUNGSEONG/JONGSEONG characters wrong (should be 0)
[26128] libc: Incorrect bit_cpu_CLFLUSHOPT
[26133] libc: Incorrect need_arch_feature_F16C
[26137] libc: strtod() triggers exception FE_INEXACT on reasonable
input
[26149] libc: PKU is usable only if OSPKE is set
[26173] libc: powerpc64*: Add @notoc to calls to functions that do not
preserve r2
[26208] libc: Incorrect bit_cpu_CLFSH
[26210] network: Incorrect use of hidden symbols for global sunrpc
variables
[26211] stdio: printf integer overflow calculating allocation size
[26214] stdio: printf_fp double free
[26215] stdio: printf_fp memory leak
[26232] time: FAIL: support/tst-timespec for 32-bit targets
[26258] nss: nss_compat should not read input files with mmap
[26332] string: Incorrect cache line size load causes memory
corruption in memset
Version 2.31
Major new features:
* The GNU C Library now supports a feature test macro _ISOC2X_SOURCE to
enable features from the draft ISO C2X standard. Only some features from
this draft standard are supported by the GNU C Library, and as the draft
is under active development, the set of features enabled by this macro is
liable to change. Features from C2X are also enabled by _GNU_SOURCE, or
by compiling with "gcc -std=gnu2x".
* The <math.h> functions that round their results to a narrower type now
have corresponding type-generic macros in <tgmath.h>, as defined in TS
18661-1:2014 and TS 18661-3:2015 as amended by the resolution of
Clarification Request 13 to TS 18661-3.
* The function pthread_clockjoin_np has been added, enabling join with a
terminated thread with a specific clock. It allows waiting against
CLOCK_MONOTONIC and CLOCK_REALTIME. This function is a GNU extension.
* New locale added: mnw_MM (Mon language spoken in Myanmar).
* The DNS stub resolver will optionally send the AD (authenticated data) bit
in queries if the trust-ad option is set via the options directive in
/etc/resolv.conf (or if RES_TRUSTAD is set in _res.options). In this
mode, the AD bit, as provided by the name server, is available to
applications which call res_search and related functions. In the default
mode, the AD bit is not set in queries, and it is automatically cleared in
responses, indicating a lack of DNSSEC validation. (Therefore, the name
servers and the network path to them are treated as untrusted.)
Deprecated and removed features, and other changes affecting compatibility:
* The totalorder and totalordermag functions, and the corresponding
functions for other floating-point types, now take pointer arguments to
avoid signaling NaNs possibly being converted to quiet NaNs in argument
passing. This is in accordance with the resolution of Clarification
Request 25 to TS 18661-1, as applied for C2X. Existing binaries that pass
floating-point arguments directly will continue to work.
* The obsolete function stime is no longer available to newly linked
binaries, and its declaration has been removed from <time.h>.
Programs that set the system time should use clock_settime instead.
* We plan to remove the obsolete function ftime, and the header <sys/timeb.h>,
in a future version of glibc. In this release, the header still exists
but calling ftime will cause a compiler warning. All programs should use
gettimeofday or clock_gettime instead.
* The gettimeofday function no longer reports information about a
system-wide time zone. This 4.2-BSD-era feature has been deprecated for
many years, as it cannot handle the full complexity of the world's
timezones, but hitherto we have supported it on a best-effort basis.
Changes required to support 64-bit time_t on 32-bit architectures have
made this no longer practical.
As of this release, callers of gettimeofday with a non-null 'tzp' argument
should expect to receive a 'struct timezone' whose tz_minuteswest and
tz_dsttime fields are zero. (For efficiency reasons, this does not always
happen on a few Linux-based ports. This will be corrected in a future
release.)
All callers should supply a null pointer for the 'tzp' argument to
gettimeofday. For accurate information about the time zone associated
with the current time, use the localtime function.
gettimeofday itself is obsolescent according to POSIX. We have no plans
to remove access to this function, but portable programs should consider
using clock_gettime instead.
* The settimeofday function can still be used to set a system-wide time
zone when the operating system supports it. This is because the Linux
kernel reused the API, on some architectures, to describe a system-wide
time-zone-like offset between the software clock maintained by the kernel,
and the "RTC" clock that keeps time when the system is shut down.
However, to reduce the odds of this offset being set by accident,
settimeofday can no longer be used to set the time and the offset
simultaneously. If both of its two arguments are non-null, the call
will fail (setting errno to EINVAL).
Callers attempting to set this offset should also be prepared for the call
to fail and set errno to ENOSYS; this already happens on the Hurd and on
some Linux architectures. The Linux kernel maintainers are discussing a
more principled replacement for the reused API. After a replacement
becomes available, we will change settimeofday to fail with ENOSYS on all
platforms when its 'tzp' argument is not a null pointer.
settimeofday itself is obsolescent according to POSIX. Programs that set
the system time should use clock_settime and/or the adjtime family of
functions instead. We may cease to make settimeofday available to newly
linked binaries after there is a replacement for Linux's time-zone-like
offset API.
* SPARC ISA v7 is no longer supported. v8 is still supported, but only if
the optional CAS instruction is implemented (for instance, LEON processors
are still supported, but SuperSPARC processors are not).
As the oldest 64-bit SPARC ISA is v9, this only affects 32-bit
configurations.
* If a lazy binding failure happens during dlopen, during the execution of
an ELF constructor, the process is now terminated. Previously, the
dynamic loader would return NULL from dlopen, with the lazy binding error
captured in a dlerror message. In general, this is unsafe because
resetting the stack in an arbitrary function call is not possible.
* For MIPS hard-float ABIs, the GNU C Library will be configured to need an
executable stack unless explicitly configured at build time to require
minimum kernel version 4.8 or newer. This is because executing
floating-point branches on a non-executable stack on Linux kernels prior to
4.8 can lead to application crashes for some MIPS configurations. While
currently PT_GNU_STACK is not widely used on MIPS, future releases of GCC are
expected to enable non-executable stack by default with PT_GNU_STACK by
default and is thus likely to trigger a crash on older kernels.
The GNU C Library can be built with --enable-kernel=4.8.0 in order to keep a
non-executable stack while dropping support for older kernels.
* System call wrappers for time system calls now use the new time64 system
calls when available. On 32-bit targets, these wrappers attempt to call
the new system calls first and fall back to the older 32-bit time system
calls if they are not present. This may cause issues in environments
that cannot handle unsupported system calls gracefully by returning
-ENOSYS. Seccomp sandboxes are affected by this issue.
Changes to build and runtime requirements:
* It is no longer necessary to have recent Linux kernel headers to build
working (non-stub) system call wrappers on all architectures except 64-bit
RISC-V. 64-bit RISC-V requires a minimum kernel headers version of 5.0.
* The ChangeLog file is no longer present in the toplevel directory of the
source tree. ChangeLog files are located in the ChangeLog.old directory as
ChangeLog.N where the highest N has the latest entries.
Security related changes:
CVE-2020-1751: A defect in the PowerPC backtrace function could cause an
out-of-bounds write when executed in a signal frame context.
CVE-2019-19126: ld.so failed to ignore the LD_PREFER_MAP_32BIT_EXEC
environment variable during program execution after a security
transition, allowing local attackers to restrict the possible mapping
addresses for loaded libraries and thus bypass ASLR for a setuid
program. Reported by Marcin Kościelnicki.
The following bugs are resolved with this release:
[12031] localedata: iconv -t ascii//translit with Greek characters
[15813] libc: Multiple issues in __gen_tempname
[17726] libc: [arm, sparc] profil_counter should be compat symbol
[18231] libc: ipc_perm struct's mode member has wrong type in sys/ipc.h
[19767] libc: vdso is not used with static linking
[19903] hurd: Shared mappings not being inherited by children processes
[20358] network: RES_USE_DNSSEC sets DO; should also have a way to set AD
[20839] dynamic-link: Incomplete rollback of dynamic linker state on
linking failure
[23132] localedata: Missing transliterations in Miscellaneous Mathematical
Symbols-A/B Unicode blocks
[23518] libc: Eliminate __libc_utmp_jump_table
[24026] malloc: malloc_info() returns wrong numbers
[24054] localedata: Many locales are missing date_fmt
[24214] dynamic-link: user defined ifunc resolvers may run in ldd mode
[24304] dynamic-link: Lazy binding failure during ELF
constructors/destructors is not fatal
[24376] libc: RISC-V symbol size confusion with _start
[24682] localedata: zh_CN first weekday should be Monday per GB/T
7408-2005
[24824] libc: test-in-container does not install charmap files compatible
with localedef
[24844] regex: regex bad pointer / leakage if malloc fails
[24867] malloc: Unintended malloc_info formatting changes
[24879] libc: login: utmp alarm timer can arrive after lock acquisition
[24880] libc: login: utmp implementation uses struct flock with fcntl64
[24882] libc: login: pututline uses potentially outdated cache
[24899] libc: Missing nonstring attributes in <utmp.h>, <utmpx.h>
[24902] libc: login: Repeating pututxline on EINTR/EAGAIN causes stale
utmp entries
[24916] dynamic-link: [MIPS] Highest EI_ABIVERSION value not raised to
ABSOLUTE ABI
[24930] dynamic-link: dlopen of PIE executable can result in
_dl_allocate_tls_init assertion failure
[24950] localedata: Top-of-tree glibc does not build with top-of-tree GCC
(stringop-overflow error)
[24959] time: librt IFUNC resolvers for clock_gettime and clock_*
functions other can lead to crashes
[24967] libc: jemalloc static linking causes runtime failure
[24986] libc: alpha: new getegid, geteuid and getppid syscalls used
unconditionally
[25035] libc: sbrk() failure handled poorly in tunables_strdup
[25087] dynamic-link: ldconfig mishandles unusual .dynstr placement
[25097] libc: new -Warray-bounds with GCC 10
[25112] dynamic-link: dlopen must not make new objects accessible when it
still can fail with an error
[25139] localedata: Please add the new mnw_MM locale
[25149] regex: Array bounds violation in proceed_next_node
[25157] dynamic-link: Audit cookie for the dynamic loader is not
initialized correctly
[25189] libc: glibc's __glibc_has_include causes issues with clang
-frewrite-includes
[25194] malloc: malloc.c: do_set_mxfast incorrectly casts the mallopt
value to an unsigned
[25204] dynamic-link: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid
binaries (CVE-2019-19126)
[25225] libc: ld.so fails to link on x86 if GCC defaults to -fcf-
protection
[25226] string: strstr: Invalid result if needle crosses page on s390-z15
ifunc variant.
[25232] string: <string.h> does not enable const correctness for strchr et
al. for Clang++
[25233] localedata: Consider "." as the thousands separator for sl_SI
(Slovenian)
[25241] nptl: __SIZEOF_PTHREAD_MUTEX_T defined twice for x86
[25251] build: Failure to run tests when CFLAGS contains -DNDEBUG.
[25271] libc: undeclared identifier PTHREAD_MUTEX_DEFAULT when compiling
with -std=c11
[25323] localedata: km_KH: d_t_fmt contains "m" instead of "%M"
[25324] localedata: lv_LV: d_t_fmt contains suspicious words in the time
part
[25396] dynamic-link: Failing dlopen can leave behind dangling GL
(dl_initfirst) link map pointer
[25401] malloc: pvalloc must not have __attribute_alloc_size__
[25423] libc: Array overflow in backtrace on powerpc
[25425] network: Missing call to __resolv_context_put in
getaddrinfo.c:gethosts
Version 2.30
Major new features:
* Unicode 12.1.0 Support: Character encoding, character type info, and
transliteration tables are all updated to Unicode 12.1.0, using
generator scripts contributed by Mike FABIAN (Red Hat).
* The dynamic linker accepts the --preload argument to preload shared
objects, in addition to the LD_PRELOAD environment variable.
* The twalk_r function has been added. It is similar to the existing
twalk function, but it passes an additional caller-supplied argument
to the callback function.
* On Linux, the getdents64, gettid, and tgkill functions have been added.
* Minguo (Republic of China) calendar support has been added as an
alternative calendar for the following locales: zh_TW, cmn_TW, hak_TW,
nan_TW, lzh_TW.
* The entry for the new Japanese era has been added for ja_JP locale.
* Memory allocation functions malloc, calloc, realloc, reallocarray, valloc,
pvalloc, memalign, and posix_memalign fail now with total object size
larger than PTRDIFF_MAX. This is to avoid potential undefined behavior with
pointer subtraction within the allocated object, where results might
overflow the ptrdiff_t type.
* The dynamic linker no longer refuses to load objects which reference
versioned symbols whose implementation has moved to a different soname
since the object has been linked. The old error message, symbol
FUNCTION-NAME, version SYMBOL-VERSION not defined in file DSO-NAME with
link time reference, is gone.
* Add new POSIX-proposed pthread_cond_clockwait, pthread_mutex_clocklock,
pthread_rwlock_clockrdlock, pthread_rwlock_clockwrlock and sem_clockwait
functions. These behave similarly to their "timed" equivalents, but also
accept a clockid_t parameter to determine which clock their timeout should
be measured against. All functions allow waiting against CLOCK_MONOTONIC
and CLOCK_REALTIME. The decision of which clock to be used is made at the
time of the wait (unlike with pthread_condattr_setclock, which requires
the clock choice at initialization time).
* On AArch64 the GNU IFUNC resolver call ABI changed: old resolvers still
work, new resolvers can use a second argument which can be extended in
the future, currently it contains the AT_HWCAP2 value.
Deprecated and removed features, and other changes affecting compatibility:
* The copy_file_range function fails with ENOSYS if the kernel does not
support the system call of the same name. Previously, user space
emulation was performed, but its behavior did not match the kernel
behavior, which was deemed too confusing. Applications which use the
copy_file_range function can no longer rely on glibc to provide a fallback
on kernels that do not support the copy_file_range system call, and if
this function returns ENOSYS, they will need to use their own fallback.
Support for copy_file_range for most architectures was added in version
4.5 of the mainline Linux kernel.
* The functions clock_gettime, clock_getres, clock_settime,
clock_getcpuclockid, clock_nanosleep were removed from the librt library
for new applications (on architectures which had them). Instead, the
definitions in libc will be used automatically, which have been available
since glibc 2.17.
* The obsolete and never-implemented XSI STREAMS header files <stropts.h>
and <sys/stropts.h> have been removed.
* Support for the "inet6" option in /etc/resolv.conf and the RES_USE_INET6
resolver flag (deprecated in glibc 2.25) have been removed.
* The obsolete RES_INSECURE1 and RES_INSECURE2 option flags for the DNS stub
resolver have been removed from <resolv.h>.
* With --enable-bind-now, installed programs are now linked with the
BIND_NOW flag.
* Support for the PowerPC SPE ISA extension (powerpc-*-*gnuspe*
configurations) has been removed, following the deprecation of this
subarchitecture in version 8 of GCC, and its removal in version 9.
* On 32-bit Arm, support for the port-based I/O emulation and the <sys/io.h>
header have been removed.
* The Linux-specific <sys/sysctl.h> header and the sysctl function have been
deprecated and will be removed from a future version of glibc.
Application should directly access /proc instead. For obtaining random
bits, the getentropy function can be used.
Changes to build and runtime requirements:
* GCC 6.2 or later is required to build the GNU C Library.
Older GCC versions and non-GNU compilers are still supported when
compiling programs that use the GNU C Library.
Security related changes:
CVE-2019-7309: x86-64 memcmp used signed Jcc instructions to check
size. For x86-64, memcmp on an object size larger than SSIZE_MAX
has undefined behavior. On x32, the size_t argument may be passed
in the lower 32 bits of the 64-bit RDX register with non-zero upper
32 bits. When it happened with the sign bit of RDX register set,
memcmp gave the wrong result since it treated the size argument as
zero. Reported by H.J. Lu.
CVE-2019-9169: Attempted case-insensitive regular-expression match
via proceed_next_node in posix/regexec.c leads to heap-based buffer
over-read. Reported by Hongxu Chen.
The following bugs are resolved with this release:
[2872] locale: Transliteration Cyrillic -> ASCII fails
[6399] libc: gettid() should have a wrapper
[16573] malloc: mtrace hangs when MALLOC_TRACE is defined
[16976] glob: fnmatch unbounded stack VLA for collating symbols
[17396] localedata: globbing for locale by [[.collating-element.]]
[18035] dynamic-link: pldd does no longer work, enters infinite loop
[18465] malloc: memusagestat is built using system C library
[18830] locale: iconv -c -f ascii with >buffer size worth of input before
invalid input drops valid char
[20188] nptl: libpthread IFUNC resolver for vfork can lead to crash
[20568] locale: Segfault with wide characters and setlocale/fgetwc/UTF-8
[21897] localedata: Afar locales: Fix mon, abmon, and abday
[22964] localedata: The Japanese Era name will be changed on May 1, 2019
[23352] malloc: __malloc_check_init still defined in public header
malloc.h.
[23403] nptl: Wrong alignment of TLS variables
[23501] libc: nftw() doesn't return dangling symlink's inode
[23733] malloc: Check the count before calling tcache_get()
[23741] malloc: Missing __attribute_alloc_size__ in many allocation
functions
[23831] localedata: nl_NL missing LC_NUMERIC thousands_sep
[23844] nptl: pthread_rwlock_trywrlock results in hang
[23983] argparse: Missing compat versions of argp_failure and argp_error
for long double = double
[23984] libc: Missing compat versions of err.h and error.h functions for
long double = double
[23996] localedata: Dutch salutations
[24040] libc: riscv64: unterminated call chain in __thread_start
[24047] network: libresolv should use IP_RECVERR/IPV6_RECVERR to avoid
long timeouts
[24051] stdio: puts and putchar output to _IO_stdout instead of stdout
[24059] nss: nss_files: get_next_alias calls fgets_unlocked without
checking for NULL.
[24114] regex: regexec buffer read overrun in "grep -i
'\(\(\)*.\)*\(\)\(\)\1'"
[24122] libc: Segfaults if 0 returned from la_version
[24153] stdio: Some input functions do not react to stdin assignment
[24155] string: x32 memcmp can treat positive length as 0 (if sign bit in
RDX is set) (CVE-2019-7309)
[24161] nptl: __run_fork_handlers self-deadlocks in malloc/tst-mallocfork2
[24164] libc: Systemtap probes need to use "nr" constraint on 32-bit Arm,
not the default "nor"
[24166] dynamic-link: Dl_serinfo.dls_serpath[1] in dlfcn.h causes UBSAN
false positives, change to modern flexible array
[24180] nptl: pthread_mutex_trylock does not use the correct order of
instructions while maintaining the robust mutex list due to missing
compiler barriers.
[24194] librt: Non-compatibility symbols for clock_gettime etc. cause
unnecessary librt dependencies
[24200] localedata: Revert first_weekday removal in en_IE locale
[24211] nptl: Use-after-free in Systemtap probe in pthread_join
[24215] nptl: pthread_timedjoin_np should be a cancellation point
[24216] malloc: Check for large bin list corruption when inserting
unsorted chunk
[24228] stdio: old x86 applications that use legacy libio crash on exit
[24231] dynamic-link: [sparc64] R_SPARC_H34 implementation falls through
to R_SPARC_H44
[24293] localedata: Missing Minguo calendar support for TW locales
[24296] localedata: Orthographic mistakes in 'day' and 'abday' sections in
tt_RU (Tatar) locale
[24307] localedata: Update locale data to Unicode 12.0.0
[24323] dynamic-link: dlopen should not be able open PIE objects
[24335] build: "Obsolete types detected" with Linux 5.0 headers
[24369] localedata: Orthographic mistakes in 'mon' and 'abmon' sections in
tt_RU (Tatar) locale
[24370] localedata: Add lang_name for tt_RU locale