forked from lattera/glibc
-
Notifications
You must be signed in to change notification settings - Fork 0
/
NEWS
5201 lines (4267 loc) · 234 KB
/
NEWS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
GNU C Library NEWS -- history of user-visible changes.
Copyright (C) 1992-2018 Free Software Foundation, Inc.
See the end for copying conditions.
Please send GNU C library bug reports via <https://sourceware.org/bugzilla/>
using `glibc' in the "product" field.
Version 2.29
Major new features:
* A new convenience target has been added for distribution maintainers
to build and install all locales as directories with files. The new
target is run by issuing the following command in your build tree:
'make localedata/install-locale-files', with an optional DESTDIR
to set the install root if you wish to install into a non-default
configured location.
* Optimized generic sinf, cosf, sincosf and tanf.
Deprecated and removed features, and other changes affecting compatibility:
* The glibc.tune tunable namespace has been renamed to glibc.cpu and the
tunable glibc.tune.cpu has been renamed to glibc.cpu.name.
Changes to build and runtime requirements:
[Add changes to build and runtime requirements here]
Security related changes:
[Add security related changes here]
The following bugs are resolved with this release:
[The release manager will add the list generated by
scripts/list-fixed-bugs.py just before the release.]
Version 2.28
Major new features:
* The localization data for ISO 14651 is updated to match the 2016
Edition 4 release of the standard, this matches data provided by
Unicode 9.0.0. This update introduces significant improvements to the
collation of Unicode characters. This release deviates slightly from
the standard in that the collation element ordering for lowercase and
uppercase LATIN script characters is adjusted to ensure that regular
expressions with ranges like [a-z] and [A-Z] don't interleave e.g. A
is not matched by [a-z]. With the update many locales have been
updated to take advantage of the new collation information. The new
collation information has increased the size of the compiled locale
archive or binary locales.
* The GNU C Library can now be compiled with support for Intel CET, AKA
Intel Control-flow Enforcement Technology. When the library is built
with --enable-cet, the resulting glibc is protected with indirect
branch tracking (IBT) and shadow stack (SHSTK). CET-enabled glibc is
compatible with all existing executables and shared libraries. This
feature is currently supported on i386, x86_64 and x32 with GCC 8 and
binutils 2.29 or later. Note that CET-enabled glibc requires CPUs
capable of multi-byte NOPs, like x86-64 processors as well as Intel
Pentium Pro or newer. NOTE: --enable-cet has been tested for i686,
x86_64 and x32 on non-CET processors. --enable-cet has been tested
for x86_64 and x32 on CET SDVs, but Intel CET support hasn't been
validated for i686.
* The GNU C Library now has correct support for ABSOLUTE symbols
(SHN_ABS-relative symbols). Previously such ABSOLUTE symbols were
relocated incorrectly or in some cases discarded. The GNU linker can
make use of the newer semantics, but it must communicate it to the
dynamic loader by setting the ELF file's identification (EI_ABIVERSION
field) to indicate such support is required.
* Unicode 11.0.0 Support: Character encoding, character type info, and
transliteration tables are all updated to Unicode 11.0.0, using
generator scripts contributed by Mike FABIAN (Red Hat).
* <math.h> functions that round their results to a narrower type are added
from TS 18661-1:2014 and TS 18661-3:2015:
- fadd, faddl, daddl and corresponding fMaddfN, fMaddfNx, fMxaddfN and
fMxaddfNx functions.
- fsub, fsubl, dsubl and corresponding fMsubfN, fMsubfNx, fMxsubfN and
fMxsubfNx functions.
- fmul, fmull, dmull and corresponding fMmulfN, fMmulfNx, fMxmulfN and
fMxmulfNx functions.
- fdiv, fdivl, ddivl and corresponding fMdivfN, fMdivfNx, fMxdivfN and
fMxdivfNx functions.
* Two grammatical forms of month names are now supported for the following
languages: Armenian, Asturian, Catalan, Czech, Kashubian, Occitan, Ossetian,
Scottish Gaelic, Upper Sorbian, and Walloon. The following languages now
support two grammatical forms in abbreviated month names: Catalan, Greek,
and Kashubian.
* Newly added locales: Lower Sorbian (dsb_DE) and Yakut (sah_RU) also
include the support for two grammatical forms of month names.
* Building and running on GNU/Hurd systems now works without out-of-tree
patches.
* The renameat2 function has been added, a variant of the renameat function
which has a flags argument. If the flags are zero, the renameat2 function
acts like renameat. If the flag is not zero and there is no kernel
support for renameat2, the function will fail with an errno value of
EINVAL. This is different from the existing gnulib function renameatu,
which performs a plain rename operation in case of a RENAME_NOREPLACE
flags and a non-existing destination (and therefore has a race condition
that can clobber the destination inadvertently).
* The statx function has been added, a variant of the fstatat64
function with an additional flags argument. If there is no direct
kernel support for statx, glibc provides basic stat support based on
the fstatat64 function.
* IDN domain names in getaddrinfo and getnameinfo now use the system libidn2
library if installed. libidn2 version 2.0.5 or later is recommended. If
libidn2 is not available, internationalized domain names are not encoded
or decoded even if the AI_IDN or NI_IDN flags are passed to getaddrinfo or
getnameinfo. (getaddrinfo calls with non-ASCII names and AI_IDN will fail
with an encoding error.) Flags which used to change the IDN encoding and
decoding behavior (AI_IDN_ALLOW_UNASSIGNED, AI_IDN_USE_STD3_ASCII_RULES,
NI_IDN_ALLOW_UNASSIGNED, NI_IDN_USE_STD3_ASCII_RULES) have been
deprecated. They no longer have any effect.
* Parsing of dynamic string tokens in DT_RPATH, DT_RUNPATH, DT_NEEDED,
DT_AUXILIARY, and DT_FILTER has been expanded to support the full
range of ELF gABI expressions including such constructs as
'$ORIGIN$ORIGIN' (if valid). For SUID/GUID applications the rules
have been further restricted, and where in the past a dynamic string
token sequence may have been interpreted as a literal string it will
now cause a load failure. These load failures were always considered
unspecified behaviour from the perspective of the dynamic loader, and
for safety are now load errors e.g. /foo/${ORIGIN}.so in DT_NEEDED
results in a load failure now.
* Support for ISO C threads (ISO/IEC 9899:2011) has been added. The
implementation includes all the standard functions provided by
<threads.h>:
- thrd_current, thrd_equal, thrd_sleep, thrd_yield, thrd_create,
thrd_detach, thrd_exit, and thrd_join for thread management.
- mtx_init, mtx_lock, mtx_timedlock, mtx_trylock, mtx_unlock, and
mtx_destroy for mutual exclusion.
- call_once for function call synchronization.
- cnd_broadcast, cnd_destroy, cnd_init, cnd_signal, cnd_timedwait, and
cnd_wait for conditional variables.
- tss_create, tss_delete, tss_get, and tss_set for thread-local storage.
Application developers must link against libpthread to use ISO C threads.
Deprecated and removed features, and other changes affecting compatibility:
* The nonstandard header files <libio.h> and <_G_config.h> are no longer
installed. Software that was using either header should be updated to
use standard <stdio.h> interfaces instead.
* The stdio functions 'getc' and 'putc' are no longer defined as macros.
This was never required by the C standard, and the macros just expanded
to call alternative names for the same functions. If you hoped getc and
putc would provide performance improvements over fgetc and fputc, instead
investigate using (f)getc_unlocked and (f)putc_unlocked, and, if
necessary, flockfile and funlockfile.
* All stdio functions now treat end-of-file as a sticky condition. If you
read from a file until EOF, and then the file is enlarged by another
process, you must call clearerr or another function with the same effect
(e.g. fseek, rewind) before you can read the additional data. This
corrects a longstanding C99 conformance bug. It is most likely to affect
programs that use stdio to read interactive input from a terminal.
(Bug #1190.)
* The macros 'major', 'minor', and 'makedev' are now only available from
the header <sys/sysmacros.h>; not from <sys/types.h> or various other
headers that happen to include <sys/types.h>. These macros are rarely
used, not part of POSIX nor XSI, and their names frequently collide with
user code; see https://sourceware.org/bugzilla/show_bug.cgi?id=19239 for
further explanation.
<sys/sysmacros.h> is a GNU extension. Portable programs that require
these macros should first include <sys/types.h>, and then include
<sys/sysmacros.h> if __GNU_LIBRARY__ is defined.
* The tilegx*-*-linux-gnu configurations are no longer supported.
* The obsolete function ustat is no longer available to newly linked
binaries; the headers <ustat.h> and <sys/ustat.h> have been removed. This
function has been deprecated in favor of fstatfs and statfs.
* The obsolete function nfsservctl is no longer available to newly linked
binaries. This function was specific to systems using the Linux kernel
and could not usefully be used with the GNU C Library on systems with
version 3.1 or later of the Linux kernel.
* The obsolete function name llseek is no longer available to newly linked
binaries. This function was specific to systems using the Linux kernel
and was not declared in a header. Programs should use the lseek64 name
for this function instead.
* The AI_IDN_ALLOW_UNASSIGNED and NI_IDN_ALLOW_UNASSIGNED flags for the
getaddrinfo and getnameinfo functions have been deprecated. The behavior
previously selected by them is now always enabled.
* The AI_IDN_USE_STD3_ASCII_RULES and NI_IDN_USE_STD3_ASCII_RULES flags for
the getaddrinfo and getnameinfo functions have been deprecated. The STD3
restriction (rejecting '_' in host names, among other things) has been
removed, for increased compatibility with non-IDN name resolution.
* The fcntl function now have a Long File Support variant named fcntl64. It
is added to fix some Linux Open File Description (OFD) locks usage on non
LFS mode. As for others *64 functions, fcntl64 semantics are analogous with
fcntl and LFS support is handled transparently. Also for Linux, the OFD
locks act as a cancellation entrypoint.
* The obsolete functions encrypt, encrypt_r, setkey, setkey_r, cbc_crypt,
ecb_crypt, and des_setparity are no longer available to newly linked
binaries, and the headers <rpc/des_crypt.h> and <rpc/rpc_des.h> are no
longer installed. These functions encrypted and decrypted data with the
DES block cipher, which is no longer considered secure. Software that
still uses these functions should switch to a modern cryptography library,
such as libgcrypt.
* Reflecting the removal of the encrypt and setkey functions above, the
macro _XOPEN_CRYPT is no longer defined. As a consequence, the crypt
function is no longer declared unless _DEFAULT_SOURCE or _GNU_SOURCE is
enabled.
* The obsolete function fcrypt is no longer available to newly linked
binaries. It was just another name for the standard function crypt,
and it has not appeared in any header file in many years.
* We have tentative plans to hand off maintenance of the passphrase-hashing
library, libcrypt, to a separate development project that will, we hope,
keep up better with new passphrase-hashing algorithms. We will continue
to declare 'crypt' in <unistd.h>, and programs that use 'crypt' or
'crypt_r' should not need to change at all; however, distributions will
need to install <crypt.h> and libcrypt from a separate project.
In this release, if the configure option --disable-crypt is used, glibc
will not install <crypt.h> or libcrypt, making room for the separate
project's versions of these files. The plan is to make this the default
behavior in a future release.
Changes to build and runtime requirements:
GNU make 4.0 or later is now required to build glibc.
Security related changes:
CVE-2016-6261, CVE-2016-6263, CVE-2017-14062: Various vulnerabilities have
been fixed by removing the glibc-internal IDNA implementation and using
the system-provided libidn2 library instead. Originally reported by Hanno
Böck and Christian Weisgerber.
CVE-2017-18269: An SSE2-based memmove implementation for the i386
architecture could corrupt memory. Reported by Max Horn.
CVE-2018-11236: Very long pathname arguments to realpath function could
result in an integer overflow and buffer overflow. Reported by Alexey
Izbyshev.
CVE-2018-11237: The mempcpy implementation for the Intel Xeon Phi
architecture could write beyond the target buffer, resulting in a buffer
overflow. Reported by Andreas Schwab.
The following bugs are resolved with this release:
[1190] stdio: fgetc()/fread() behaviour is not POSIX compliant
[6889] manual: 'PWD' mentioned but not specified
[13575] libc: SSIZE_MAX defined as LONG_MAX is inconsistent with ssize_t,
when __WORDSIZE != 64
[13762] regex: re_search etc. should return -2 on memory exhaustion
[13888] build: /tmp usage during testing
[13932] math: dbl-64 pow unexpectedly slow for some inputs
[14092] nptl: Support C11 threads
[14095] localedata: Review / update collation data from Unicode / ISO
14651
[14508] libc: -Wformat warnings
[14553] libc: Namespace pollution loff_t in sys/types.h
[14890] libc: Make NT_PRFPREG canonical.
[15105] libc: Extra PLT references with -Os
[15512] libc: __bswap_constant_16 not compiled when -Werror -Wsign-
conversion is given
[16335] manual: Feature test macro documentation incomplete and out of
date
[16552] libc: Unify umount implementations in terms of umount2
[17082] libc: htons et al.: statement-expressions prevent use on global
scope with -O1 and higher
[17343] libc: Signed integer overflow in /stdlib/random_r.c
[17438] localedata: pt_BR: wrong d_fmt delimiter
[17662] libc: please implement binding for the new renameat2 syscall
[17721] libc: __restrict defined as /* Ignore */ even in c11
[17979] libc: inconsistency between uchar.h and stdint.h
[18018] dynamic-link: Additional $ORIGIN handling issues (CVE-2011-0536)
[18023] libc: extend_alloca is broken (questionable pointer comparison,
horrible machine code)
[18124] libc: hppa: setcontext erroneously returns -1 as exit code for
last constant.
[18471] libc: llseek should be a compat symbol
[18473] soft-fp: [powerpc-nofpu] __sqrtsf2, __sqrtdf2 should be compat
symbols
[18991] nss: nss_files skips large entry in database
[19239] libc: Including stdlib.h ends up with macros major and minor being
defined
[19463] libc: linknamespace failures when compiled with -Os
[19485] localedata: csb_PL: Update month translations + add yesstr/nostr
[19527] locale: Normalized charset name not recognized by setlocale
[19667] string: Missing Sanity Check for malloc calls in file 'testcopy.c'
[19668] libc: Missing Sanity Check for malloc() in file 'tst-setcontext-
fpscr.c'
[19728] network: out of bounds stack read in libidn function
idna_to_ascii_4i (CVE-2016-6261)
[19729] network: out of bounds heap read on invalid utf-8 inputs in
stringprep_utf8_nfkc_normalize (CVE-2016-6263)
[19818] dynamic-link: Absolute (SHN_ABS) symbols incorrectly relocated by
the base address
[20079] libc: Add SHT_X86_64_UNWIND to elf.h
[20251] libc: 32bit programs pass garbage in struct flock for OFD locks
[20419] dynamic-link: files with large allocated notes crash in
open_verify
[20530] libc: bswap_16 should use __builtin_bswap16() when available
[20890] dynamic-link: ldconfig: fsync the files before atomic rename
[20980] manual: CFLAGS environment variable replaces vital options
[21163] regex: Assertion failure in pop_fail_stack when executing a
malformed regexp (CVE-2015-8985)
[21234] manual: use of CFLAGS makes glibc detect no optimization
[21269] dynamic-link: i386 sigaction sa_restorer handling is wrong
[21313] build: Compile Error GCC 5.4.0 MIPS with -0S
[21314] build: Compile Error GCC 5.2.0 MIPS with -0s
[21508] locale: intl/tst-gettext failure with latest msgfmt
[21547] localedata: Tibetan script collation broken (Dzongkha and Tibetan)
[21812] network: getifaddrs() returns entries with ifa_name == NULL
[21895] libc: ppc64 setjmp/longjmp not fully interoperable with static
dlopen
[21942] dynamic-link: _dl_dst_substitute incorrectly handles $ORIGIN: with
AT_SECURE=1
[22241] localedata: New locale: Yakut (Sakha) locale for Russia (sah_RU)
[22247] network: Integer overflow in the decode_digit function in
puny_decode.c in libidn (CVE-2017-14062)
[22342] nscd: NSCD not properly caching netgroup
[22391] nptl: Signal function clear NPTL internal symbols inconsistently
[22550] localedata: es_ES locale (and other es_* locales): collation
should treat ñ as a primary different character, sync the collation
for Spanish with CLDR
[22638] dynamic-link: sparc: static binaries are broken if glibc is built
by gcc configured with --enable-default-pie
[22639] time: year 2039 bug for localtime etc. on 64-bit platforms
[22644] string: memmove-sse2-unaligned on 32bit x86 produces garbage when
crossing 2GB threshold (CVE-2017-18269)
[22646] localedata: redundant data (LC_TIME) for es_CL, es_CU, es_EC and
es_BO
[22735] time: Misleading typo in time.h source comment regarding
CLOCKS_PER_SECOND
[22753] libc: preadv2/pwritev2 fallback code should handle offset=-1
[22761] libc: No trailing `%n' conversion specifier in FMT passed from
`__assert_perror_fail ()' to `__assert_fail_base ()'
[22766] libc: all glibc internal dlopen should use RTLD_NOW for robust
dlopen failures
[22786] libc: Stack buffer overflow in realpath() if input size is close
to SSIZE_MAX (CVE-2018-11236)
[22787] dynamic-link: _dl_check_caller returns false when libc is linked
through an absolute DT_NEEDED path
[22792] build: tcb-offsets.h dependency dropped
[22797] libc: pkey_get() uses non-reserved name of argument
[22807] libc: PTRACE_* constants missing for powerpc
[22818] glob: posix/tst-glob_lstat_compat failure on alpha
[22827] dynamic-link: RISC-V ELF64 parser mis-reads flag in ldconfig
[22830] malloc: malloc_stats doesn't restore cancellation state on stderr
[22848] localedata: ca_ES: update date definitions from CLDR
[22862] build: _DEFAULT_SOURCE is defined even when _ISOC11_SOURCE is
[22884] math: RISCV fmax/fmin handle signalling NANs incorrectly
[22896] localedata: Update locale data for an_ES
[22902] math: float128 test failures with GCC 8
[22918] libc: multiple common of `__nss_shadow_database'
[22919] libc: sparc32: backtrace yields infinite backtrace with
makecontext
[22926] libc: FTBFS on powerpcspe
[22932] localedata: lt_LT: Update of abbreviated month names from CLDR
required
[22937] localedata: Greek (el_GR, el_CY) locales actually need ab_alt_mon
[22947] libc: FAIL: misc/tst-preadvwritev2
[22963] localedata: cs_CZ: Add alternative month names
[22987] math: [powerpc/sparc] fdim inlines errno, exceptions handling
[22996] localedata: change LC_PAPER to en_US in es_BO locale
[22998] dynamic-link: execstack tests are disabled when SELinux is
disabled
[23005] network: Crash in __res_context_send after memory allocation
failure
[23007] math: strtod cannot handle -nan
[23024] nss: getlogin_r is performing NSS lookups when loginid isn't set
[23036] regex: regex equivalence class regression
[23037] libc: initialize msg_flags to zero for sendmmsg() calls
[23069] libc: sigaction broken on riscv64-linux-gnu
[23094] localedata: hr_HR: wrong thousands_sep and mon_thousands_sep
[23102] dynamic-link: Incorrect parsing of multiple consecutive $variable
patterns in runpath entries (e.g. $ORIGIN$ORIGIN)
[23137] nptl: s390: pthread_join sometimes block indefinitely (on 31bit
and libc build with -Os)
[23140] localedata: More languages need two forms of month names
[23145] libc: _init/_fini aren't marked as hidden
[23152] localedata: gd_GB: Fix typo in "May" (abbreviated)
[23171] math: C++ iseqsig for long double converts arguments to double
[23178] nscd: sudo will fail when it is run in concurrent with commands
that changes /etc/passwd
[23196] string: __mempcpy_avx512_no_vzeroupper mishandles large copies
(CVE-2018-11237)
[23206] dynamic-link: static-pie + dlopen breaks debugger interaction
[23208] localedata: New locale - Lower Sorbian (dsb)
[23233] regex: Memory leak in build_charclass_op function in file
posix/regcomp.c
[23236] stdio: Harden function pointers in _IO_str_fields
[23250] nptl: Offset of __private_ss differs from GCC
[23253] math: tgamma test suite failures on i686 with -march=x86-64
-mtune=generic -mfpmath=sse
[23259] dynamic-link: Unsubstituted ${ORIGIN} remains in DT_NEEDED for
AT_SECURE
[23264] libc: posix_spawnp wrongly executes ENOEXEC in non compat mode
[23266] nis: stringop-truncation warning with new gcc8.1 in nisplus-
parser.c
[23272] math: fma(INFINITY,INFIITY,0.0) should be INFINITY
[23277] math: nan function should not have const attribute
[23279] math: scanf and strtod wrong for some hex floating-point
[23280] math: wscanf rounds wrong; wcstod is ok for negative numbers and
directed rounding
[23290] localedata: IBM273 is not equivalent to ISO-8859-1
[23303] build: undefined reference to symbol
'__parse_hwcap_and_convert_at_platform@@GLIBC_2.23'
[23307] dynamic-link: Absolute symbols whose value is zero ignored in
lookup
[23313] stdio: libio vtables validation and standard file object
interposition
[23329] libc: The __libc_freeres infrastructure is not properly run across
DSO boundaries.
[23349] libc: Various glibc headers no longer compatible with
<linux/time.h>
[23351] malloc: Remove unused code related to heap dumps and malloc
checking
[23363] stdio: stdio-common/tst-printf.c has non-free license
[23396] regex: Regex equivalence regression in single-byte locales
[23422] localedata: oc_FR: More updates of locale data
[23442] build: New warning with GCC 8
[23448] libc: Out of bounds access in IBM-1390 converter
[23456] libc: Wrong index_cpu_LZCNT
[23458] build: tst-get-cpu-features-static isn't added to tests
[23459] libc: COMMON_CPUID_INDEX_80000001 isn't populated for Intel
processors
[23467] dynamic-link: x86/CET: A property note parser bug
Version 2.27
Major new features:
* The GNU C Library can now be compiled with support for building static
PIE executables (See --enable-static-pie in INSTALL). These static PIE
executables are like static executables but can be loaded at any address
and provide additional security hardening benefits at the cost of some
memory and performance. When the library is built with --enable-static-pie
the resulting libc.a is usable with GCC 8 and above to create static PIE
executables using the GCC option '-static-pie'. This feature is currently
supported on i386, x86_64 and x32 with binutils 2.29 or later, and on
aarch64 with binutils 2.30 or later.
* Optimized x86-64 asin, atan2, exp, expf, log, pow, atan, sin, cosf,
sinf, sincosf and tan with FMA, contributed by Arjan van de Ven and
H.J. Lu from Intel.
* Optimized x86-64 trunc and truncf for processors with SSE4.1.
* Optimized generic expf, exp2f, logf, log2f, powf, sinf, cosf and sincosf.
* In order to support faster and safer process termination the malloc API
family of functions will no longer print a failure address and stack
backtrace after detecting heap corruption. The goal is to minimize the
amount of work done after corruption is detected and to avoid potential
security issues in continued process execution. Reducing shutdown time
leads to lower overall process restart latency, so there is benefit both
from a security and performance perspective.
* The abort function terminates the process immediately, without flushing
stdio streams. Previous glibc versions used to flush streams, resulting
in deadlocks and further data corruption. This change also affects
process aborts as the result of assertion failures.
* On platforms where long double has the IEEE binary128 format (aarch64,
alpha, mips64, riscv, s390 and sparc), the math library now implements
_Float128 interfaces for that type, as defined by ISO/IEC TS 18661-3:2015.
These are the same interfaces added in version 2.26 for some platforms where
this format is supported but is not the format of long double.
* On platforms with support for _Float64x (aarch64, alpha, i386, ia64,
mips64, powerpc64le, riscv, s390, sparc and x86_64), the math library now
implements interfaces for that type, as defined by ISO/IEC TS
18661-3:2015. These are corresponding interfaces to those supported for
_Float128.
* The math library now implements interfaces for the _Float32, _Float64 and
_Float32x types, as defined by ISO/IEC TS 18661-3:2015. These are
corresponding interfaces to those supported for _Float128.
* glibc now implements the memfd_create and mlock2 functions on Linux.
* Support for memory protection keys was added. The <sys/mman.h> header now
declares the functions pkey_alloc, pkey_free, pkey_mprotect, pkey_set,
pkey_get.
* The copy_file_range function was added.
* Optimized memcpy, mempcpy, memmove, and memset for sparc M7.
* The ldconfig utility now processes `include' directives using the C/POSIX
collation ordering. Previous glibc versions used locale-specific
ordering, the change might break systems that relied on that.
* Support for two grammatical forms of month names has been added.
In a call to strftime, the "%B" and "%b" format specifiers will now
produce the grammatical form required when the month is used as part
of a complete date. New "%OB" and "%Ob" specifiers produce the form
required when the month is named by itself. For instance, in Greek
and in many Slavic and Baltic languages, "%B" will produce the month
in genitive case, and "%OB" will produce the month in nominative case.
In a call to strptime, "%B", "%b", "%h", "%OB", "%Ob", and "%Oh"
are all valid and will all accept any known form of month
name---standalone or complete, abbreviated or full. In a call to
nl_langinfo, the query constants MON_1..12 and ABMON_1..12 return
the strings used by "%B" and "%b", respectively. New query
constants ALTMON_1..12 and _NL_ABALTMON_1..12 return the strings
used by "%OB" and "%Ob", respectively.
In a locale definition file, use "alt_mon" and "ab_alt_mon" to
define the strings for %OB and %Ob, respectively; these have the
same syntax as "mon" and "abmon". These arrays are optional; if they
are not provided then they have the same content as "mon" and "abmon",
respectively.
These features are provided for locales which define "alt_mon" and/or
"ab_alt_mon" in their locale source data. This release includes such
alternative month name data for the following languages: Belarusian,
Croatian, Greek, Lithuanian, Polish, Russian, and Ukrainian.
This feature is currently a GNU extension, but it is expected to
be added to the next revision of POSIX, and it is also already
available on some BSD-derived operating systems.
This feature will cause existing statically compiled applications
to fail to load locales and fall back to the builtin C/POSIX locales.
See notes below for other changes affecting compatibility.
* Support for the RISC-V ISA running on Linux has been added. This port
requires at least binutils-2.30, gcc-7.3.0, and linux-4.15; and is supported
for the following ISA and ABI pairs:
- rv64imac lp64
- rv64imafdc lp64
- rv64imafdc lp64d
Deprecated and removed features, and other changes affecting compatibility:
* Statically compiled applications attempting to load locales compiled for the
GNU C Library version 2.27 will fail and fall back to the builtin C/POSIX
locale. The reason for this is that the addition of the new "%OB" and "%Ob",
support for two grammatical forms of the month names, also extends the locale
data binary format. Static applications needing locale support must be
recompiled to match the runtime and data they are deployed with. In some
distributions there is an upgrade window where dynamically linked applications
may use a new library but the old locale data and also fall back to the
builtin C/POSIX locales; restarting the application process is sufficient to
fix this.
* Support for statically linked applications which call dlopen is deprecated
and will be removed in a future version of glibc. Applications which call
dlopen need to be linked dynamically instead.
* Support for old programs which use internal stdio data structures and
functions is deprecated. This includes programs which use the C++ streams
provided by libstdc++ in GCC 2.95. Programs which use the internal
symbols _IO_adjust_wcolumn, _IO_default_doallocate, _IO_default_finish,
_IO_default_pbackfail, _IO_default_uflow, _IO_default_xsgetn,
_IO_default_xsputn, _IO_doallocbuf, _IO_do_write, _IO_file_attach,
_IO_file_close, _IO_file_close_it, _IO_file_doallocate, _IO_file_fopen,
_IO_file_init, _IO_file_jumps, _IO_fileno, _IO_file_open,
_IO_file_overflow, _IO_file_read, _IO_file_seek, _IO_file_seekoff,
_IO_file_setbuf, _IO_file_stat, _IO_file_sync, _IO_file_underflow,
_IO_file_write, _IO_file_xsputn, _IO_flockfile, _IO_flush_all,
_IO_flush_all_linebuffered, _IO_free_backup_area, _IO_free_wbackup_area,
_IO_init, _IO_init_marker, _IO_init_wmarker, _IO_iter_begin, _IO_iter_end,
_IO_iter_file, _IO_iter_next, _IO_least_wmarker, _IO_link_in,
_IO_list_all, _IO_list_lock, _IO_list_resetlock, _IO_list_unlock,
_IO_marker_delta, _IO_marker_difference, _IO_remove_marker, _IO_seekmark,
_IO_seekwmark, _IO_str_init_readonly, _IO_str_init_static,
_IO_str_overflow, _IO_str_pbackfail, _IO_str_seekoff, _IO_str_underflow,
_IO_switch_to_main_wget_area, _IO_switch_to_wget_mode,
_IO_unsave_wmarkers, _IO_wdefault_doallocate, _IO_wdefault_finish,
_IO_wdefault_pbackfail, _IO_wdefault_setbuf, _IO_wdefault_uflow,
_IO_wdefault_xsgetn, _IO_wdefault_xsputn, _IO_wdoallocbuf, _IO_wdo_write,
_IO_wfile_jumps, _IO_wfile_overflow, _IO_wfile_sync, _IO_wfile_underflow,
_IO_wfile_xsputn, _IO_wmarker_delta, or _IO_wsetb may stop working with a
future version of glibc. Unlike other symbol removals, these old
applications will not be supported using compatibility symbols.
* On GNU/Linux, the obsolete Linux constant PTRACE_SEIZE_DEVEL is no longer
defined by <sys/ptrace.h>.
* libm no longer supports SVID error handling (calling a user-provided
matherr function on error) or the _LIB_VERSION variable to control error
handling. (SVID error handling and the _LIB_VERSION variable still work
for binaries linked against older versions of the GNU C Library.) The
libieee.a library is no longer provided. math.h no longer defines struct
exception, or the macros X_TLOSS, DOMAIN, SING, OVERFLOW, UNDERFLOW,
TLOSS, PLOSS and HUGE.
* The libm functions pow10, pow10f and pow10l are no longer supported for
new programs. Programs should use the standard names exp10, exp10f and
exp10l for these functions instead.
* The mcontext_t type is no longer the same as struct sigcontext. On
platforms where it was previously the same, this changes the C++ name
mangling for interfaces involving this type.
* The add-ons mechanism for building additional packages at the same time as
glibc has been removed. The --enable-add-ons configure option is now
ignored.
* The --without-fp configure option is now ignored. Whether hardware
floating-point instructions are used is now configured based on whether
the compiler used at configure time (without any options implied by a
--with-cpu= configure option) uses such instructions.
* The res_hnok, res_dnok, res_mailok and res_ownok functions now check that
the specified string can be parsed as a domain name.
* In the malloc_info output, the <heap> element may contain another <aspace>
element, "subheaps", which contains the number of sub-heaps.
* The libresolv function p_secstodate is no longer supported for new
programs.
* The tilepro-*-linux-gnu configuration is no longer supported.
* The nonstandard header files <libio.h> and <_G_config.h> are deprecated
and will be removed in a future release. Software that is still using
either header should be updated to use standard <stdio.h> interfaces
instead.
libio.h was originally the header for a set of supported GNU extensions,
but they have not been maintained as such in many years, they are now
standing in the way of improvements to stdio, and we don't think there are
any remaining external users. _G_config.h was never intended for public
use, but predates the bits convention.
Changes to build and runtime requirements:
* bison version 2.7 or later is required to generate code in the 'intl'
subdirectory.
Security related changes:
CVE-2009-5064: The ldd script would sometimes run the program under
examination directly, without preventing code execution through the
dynamic linker. (The glibc project disputes that this is a security
vulnerability; only trusted binaries must be examined using the ldd
script.)
CVE-2017-15670: The glob function, when invoked with GLOB_TILDE,
suffered from a one-byte overflow during ~ operator processing (either
on the stack or the heap, depending on the length of the user name).
Reported by Tim Rühsen.
CVE-2017-15671: The glob function, when invoked with GLOB_TILDE,
would sometimes fail to free memory allocated during ~ operator
processing, leading to a memory leak and, potentially, to a denial
of service.
CVE-2017-15804: The glob function, when invoked with GLOB_TILDE and
without GLOB_NOESCAPE, could write past the end of a buffer while
unescaping user names. Reported by Tim Rühsen.
CVE-2017-17426: The malloc function, when called with an object size near
the value SIZE_MAX, would return a pointer to a buffer which is too small,
instead of NULL. This was a regression introduced with the new malloc
thread cache in glibc 2.26. Reported by Iain Buclaw.
CVE-2017-1000408: Incorrect array size computation in _dl_init_paths leads
to the allocation of too much memory. (This is not a security bug per se,
it is mentioned here only because of the CVE assignment.) Reported by
Qualys.
CVE-2017-1000409: Buffer overflow in _dl_init_paths due to miscomputation
of the number of search path components. (This is not a security
vulnerability per se because no trust boundary is crossed if the fix for
CVE-2017-1000366 has been applied, but it is mentioned here only because
of the CVE assignment.) Reported by Qualys.
CVE-2017-16997: Incorrect handling of RPATH or RUNPATH containing $ORIGIN
for AT_SECURE or SUID binaries could be used to load libraries from the
current directory.
CVE-2018-1000001: Buffer underflow in realpath function when getcwd function
succeeds without returning an absolute path due to unexpected behaviour
of the Linux kernel getcwd syscall. Reported by halfdog.
CVE-2018-6485: The posix_memalign and memalign functions, when called with
an object size near the value of SIZE_MAX, would return a pointer to a
buffer which is too small, instead of NULL. Reported by Jakub Wilk.
CVE-2018-6551: The malloc function, when called with an object size near
the value of SIZE_MAX, would return a pointer to a buffer which is too
small, instead of NULL.
The following bugs are resolved with this release:
[866] glob: glob should match dangling symlinks
[1062] glob: sysdeps/generic/glob.c merge from gnulib (part 3 of 3)
[2522] localedata: ca_ES@valencia: new Valencian (meridional Catalan)
locale
[5997] math: Very slow execution of sinf function
[10580] localedata: hr_HR: updated locale
[10871] locale: 'mon' array should contain both nominative and genitive
cases
[12349] localedata: eu_ES: incorrect thousands separator
[13605] localedata: shn_MM: new Shan locale
[13805] localedata: ru_RU: currency should use ',' as radix point
[13953] localedata: km_KH: locale update
[13994] localedata: mjw_IN: new locale
[14121] build: make writes .mo files in po directory
[14333] libc: Fix the race between atexit() and exit()
[14681] dynamic-link: _dl_get_origin leaks memory via executable link map.
[14925] localedata: bn_*: LC_IDENTIFICATION.language key should be
"Bangla"
[15260] localedata: LC_MESSAGES.{yes,no}{str,expr}: various errors
[15261] localedata: LC_MESSAGES.yesexpr/noexpr: inconsistent use of full-
width Latin characters
[15332] localedata: es_CU: locale update
[15436] stdio: Don't close or flush stdio streams on abort
[15537] localedata: lv_LV: invalid collation for Latvian diacritical
letters
[16148] localedata: ca_ES: incorrect thousands separator
[16750] dynamic-link: ldd should not try to execute the binaries
(CVE-2009-5064)
[16777] localedata: pl_PL: incorrect thousands separator in locale
[16905] localedata: hanzi: new collation
[17563] localedata: cmn_TW: add hanzi collation
[17750] localedata: wrong collation order of diacritics in most locales
[17804] libc: scandirat fails with ENOMEM because it checks for errno even
if malloc succeeded
[17956] build: Build fails on missing definitions from header file
nss/nss.h when Mozilla NSS is used for cryptography
[18203] libc: realpath() does not handle unreachable paths correctly
[18572] dynamic-link: [arm] Lazy TLSDESC relocation has data race
[18812] localedata: kab_DZ: new Kabyle Algeria locale
[18822] libc: Internal functions are called via PLT
[18858] string: _HAVE_STRING_ARCH_xxx aren't defined for i386 nor x86_64
[19170] libc: __gmon_start__ defined in hppa in crtn.S
[19574] libc: glibc should support building static PIE binaries
[19852] localedata: charmaps/UTF-8: incorrect wcwidth for U+3099 and
U+309A
[19971] glob: glob: Do not skip entries with zero d_ino values
[19982] localedata: fr.po: spelling mistake for error code EXDEV
[20008] localedata: km_KH: convert to translit_neutral
[20009] localedata: tr_TR: convert LC_CTYPE to i18n
[20142] math: [x86_64] Add SSE4.1 trunc, truncf
[20204] dynamic-link: _dl_open_hook and _dlfcn_hook hardening
[20482] localedata: de_CH: abbreviated weekdays should be two letters
[20498] localedata: miq_NI: new Mískitu / Miskito (miq) language locale
for Nicaragua
[20532] nss: getaddrinfo uses errno and h_errno without guaranteeing
they're set, wrong errors returned by gaih_inet when lookup functions
are not found.
[20756] localedata: [PATCH] Use Unicode wise thousands separator
[20826] network: posix/tst-getaddrinfo5 fails on hosts without network
access
[20952] localedata: yuw_PG: new locale
[21084] localedata: charmaps/IBM858: new codepage
[21161] manual: [PATCH] fix typo in manual/arith.texi on strtoul prototype
[21242] libc: assert gives pedantic warning in old gcc versions
[21265] dynamic-link: _dl_runtime_resolve isn't compatible with Intel C++
__regcall calling convention
[21309] math: signed integer overflow in sysdeps/ieee754/dbl-64/e_pow.c
[21326] libc: C99 functions are not declared for C++11 and later if
_GNU_SOURCE is not predefined by g++
[21457] libc: sys/ucontext.h namespace
[21530] libc: tmpfile() should be implemented using O_TMPFILE
[21660] math: GCC fails to compile a formula with tgmath.h
[21672] nptl: sys-libs/glibc on ia64 crashes on thread exit: signal
SIGSEGV, Segmentation fault: pthread_create.c:432: __madvise
(pd->stackblock, freesize - PTHREAD_STACK_MIN, MADV_DONTNEED);
[21684] math: tgmath.h handling of complex integers
[21685] math: tgmath.h handling of bit-fields
[21686] math: tgmath.h handling of __int128
[21706] localedata: yesstr and nostr are missing for Breton [LC_MESSAGES]
locale
[21745] libc: [powerpc64le] Extra PLT reference with --enable-stack-
protector=all
[21750] localedata: column width of characters incompatible with classical
wcwidth
[21754] malloc: malloc: Perform as little work as possible after heap
consistency check failures
[21780] libc: hppa: p{read,write}v2 does not set ENOSUP on invalid flag
[21790] libc: Missing __memset_zero_constant_len_parameter in libc.so
[21791] string: Unused XXX_chk_XXX functions in libc.a
[21815] dynamic-link: FAIL: elf/tst-prelink-cmp with GCC is defaulted to
PIE
[21836] localedata: Removed redundant data (LC_MONETARY) in various Indian
locales
[21845] localedata: Added new Locale bho_NP
[21853] localedata: Fix abday Which looks same as day in zh_SG
[21854] localedata: Added New Locale en_SC
[21864] libc: xmalloc.o is compiled with -DMODULE_NAME=libc
[21871] dynamic-link: _dl_runtime_resolve_avx_opt is slower than
_dl_runtime_resolve_avx_slow
[21885] network: getaddrinfo: gethosts does not release resolver context
on memory allocation failure
[21899] libc: XPG4.2 sigaction namespace
[21908] dynamic-link: dynamic linker broke on ia64 (mmap2 consolidation is
the suspect)
[21913] libc: static binaries SIGSEGV in __brk when host's gcc is pie-by-
default (i386)
[21915] nss: nss_files can return with NSS_STATUS_SUCCESS and a clobbered
errno value, causing getaddrinfo to fail
[21920] localedata: Fix p_cs_precedes/n_cs_precedes for mt_MT
[21922] network: getaddrinfo with AF_INET/AF_INET6 returns EAI_NONAME
instead of EAI_NODATA
[21928] libc: sys/ptrace.h: remove obsolete temporary development Linux
constant PTRACE_SEIZE_DEVEL
[21930] math: C-only gcc builtins used in <math.h> isinf
[21932] network: Unpaired __resolv_context_get in generic get*_r
implementation
[21941] math: powerpc: Wrong register constraint for xssqrtqp in sqrtf128
[21944] libc: sigval namespace
[21951] localedata: Update hanzi collation by stroke
[21955] math: Wrong alignment of L(SP_RANGE)/L(SP_INF_0) in
sysdeps/x86_64/fpu/e_expf.S
[21956] libc: Stack allocation in MIPS syscall impl (ubounded stack
allocation in syscall loops)
[21959] localedata: Fix Country name for xh_ZA
[21960] localedata: Fix abmon for bem_ZM
[21966] math: AVX2 mathvec functions use FMA without checking
[21967] math: When 512-bit AVX2 wrapper functions in mathvec are used?
[21971] localedata: Added New Locale for mfe_MU
[21972] libc: assert macro requires operator== (int) for its argument type
[21973] math: [sparc] libm missing sqrtl compat symbol
[21974] libc: Remove __bb_init_func and __bb_exit_func
[21982] string: stratcliff.c: error: assuming signed overflow does not
occur with -O3
[21986] stdio: __guess_grouping is called incorrectly
[21987] math: [sparc32] wrong bits/long-double.h installed
[22019] localedata: Wrong placement of monetary symbol in el_GR (negative
amounts)
[22022] localedata: Missing country_name for mni_IN
[22023] localedata: Removed redundant data (LC_TIME and LC_MESSAGES) for
niu_NZ
[22025] locale: iconv: Inconsistency between pointer mangling and NULL
checks
[22026] locale: iconv_open: heap overflow on gconv_init failure
[22028] math: bits/math-finite.h _MSUF_ expansion namespace
[22035] math: [m68k] bits/math-inline.h macro namespace
[22038] localedata: Fix abbreviated weeks and months for Somali
[22044] localedata: Remove redundant data for Limburgish Language
[22050] malloc: Linking with -lmcheck does not hook
__malloc_initialize_hook correctly
[22051] libc: zero terminator in the middle of glibc's .eh_frame
[22052] malloc: malloc failed to compile with GCC 7 and -O3
[22070] localedata: charmaps/UTF-8: wcwidth for
Prepended_Concatenation_Mark codepoints set to 0 (should be 1)
[22074] localedata: charmaps/UTF-8: wcwidth for U+1160-U+11FF (Hangul
Jungseong and Jongseong) should be 0
[22078] nss: nss_files performance issue in multi mode
[22082] math: bits/math-finite.h exp10 condition
[22086] libc: pcprofiledump incorrect cross-endian condition
[22093] dynamic-link: ld.so no longer searches in .../x86_64
[22095] network: Name server address allocation memory leak in resolv.conf
parsing after OOM
[22096] network: __resolv_conf_attach can incorrectly free passed conf
object
[22100] localedata: om_KE: LC_TIME: copy redundant data from om_ET
[22101] dynamic-link: Dynamic loader must ignore "debug" shared objects
e.g. ET_GNU_DEBUG_*
[22111] malloc: malloc: per thread cache is not returned when thread exits
[22112] localedata: Fix LC_TELEPHONE/LC_NAME for az_AZ
[22134] libc: [linux] implement fexecve with execveat
[22142] libc: [powerpc] printf oupts a wrong value of DBL_MAX on ppc64 and
ppc64le
[22145] libc: ttyname() gives up too early in the face of namespaces
[22146] math: C++ build issue with float128 on x86_64
[22153] nptl: nptl: save error code before process termination
[22156] libc: [hppa,ia64,microblaze] Executable stack default
[22159] malloc: malloc: MALLOC_CHECK_ broken with --enable-tunables=no
[22161] nscd: nscd cache prune for netgroups hangs after timeout bump
[22165] libc: [hppa] Text relocations in libc.so
[22180] libc: destructor registered via __cxa_atexit is called twice
[22183] glob: commit 5554304f0ddd ("posix: Allow glob to match dangling
symlinks") cause "make" segfaults
[22189] math: [powerpc] math_private.h definitions of math_opt_barrier and
math_force_eval
[22207] libc: FAIL: stdlib/test-atexit-race
[22225] math: nearbyint arithmetic moved before feholdexcept
[22229] math: [sparc32] missing copysignl, fabsl, fmal compat symbols
[22235] math: iscanonical in C++ and float128
[22243] math: log2(0) and log10(0) are wrong in downward rounding without
the svid compat wrapper
[22244] math: ynf and yn are wrong without the svid compat wrapper
[22273] libc: Improper assert in Linux posix_spawn implementation
[22284] libc: -pg -pie doesn't work
[22292] locale: localedef exits with error 4 when it should be error 1
[22294] locale: Allow "" for int_currency_symbol definition in locales.
[22295] locale: Don't warn on non-symbolic characters in locale sources in
--verbose.
[22296] math: glibc 2.26: signbit build issue with Gcc 5.5.0 on x86_64
[22298] nptl: x32: lockups on recursive pthread_mutex_lock after upgrade
to 2.26
[22299] dynamic-link: Problem with $PLATFORM on x86_64 platform
[22320] glob: Buffer overflow in glob with GLOB_TILDE (CVE-2017-15670)
[22321] libc: sysconf(_SC_IOV_MAX) returns -1 on Linux
[22322] libc: [mips64] wrong bits/long-double.h installed
[22325] glob: Memory leak in glob with GLOB_TILDE (CVE-2017-15671)
[22332] glob: Buffer overflow in glob with GLOB_TILDE in unescaping
(CVE-2017-15804)
[22336] localedata: cs_CZ LC_COLLATE does not use i18n
[22343] malloc: Integer overflow in posix_memalign
[22347] libc: getrandom() returns the number of bytes that were copied to
the buffer even though the comments say "Return 0 on success and -1 on
failure."
[22353] string: sysdeps/i386/i586/strcpy.S isn't maintainable
[22362] libc: Installed crt1.o, crti,.o and crtn.o files are used with
-m32
[22370] dynamic-link: Incorrect note padding check
[22375] libc: malloc returns pointer from tcache_get when should return
NULL (CVE-2017-17426)
[22377] math: iseqsig, float128 and C++
[22382] localedata: Error in tpi_PG locale
[22387] localedata: Replace unicode sequences <Uxxxx> for characters
inside the ASCII printable range
[22402] math: [powerpc64le] __MATH_TG does not support _Float128 for
-mlong-double-64
[22403] localedata: Slash needs escaping in some locales
[22408] malloc: malloc_info access heaps without arena lock, ignores heaps
[22409] network: res_hnok does not accept some host names used on the
Internet
[22412] network: res_dnok, res_hnok should perform syntax checks
[22413] network: ns_name_pton ignores syntactically invalid trailing
backslash
[22415] stdio: setvbuf can lead to invalid free/segfault
[22432] build: Non-deterministic build
[22439] malloc: malloc_info should compute summary statistics for all sub-
heaps in an arena
[22442] network: if_nametoindex could report index for the wrong
networking interface
[22446] build: aliasing violation calling readlink in handle_request
[22447] build: unsafe call to strlen with a non-string in getlogin_r.c
[22457] libc: Generic preadv/pwritev incorrectly calls __posix_memalign
[22459] libc: FAIL: elf/check-localplt with __stack_chk_fail related to
__nscd_hash/__nss_hash
[22463] network: p_secstodate overflow handling
[22469] localedata: pl_PL LC_COLLATE does not use i18n
[22478] libc: sigwait can fail with EINTR
[22505] libc: ldconfig processes include directive in locale-specific
order
[22515] localedata: hsb_DE LC_COLLATE does not use copy "iso14651_t1"
[22517] localedata: et_EE LC_COLLATE does not use copy "iso14651_t1"
[22519] localedata: is_IS LC_COLLATE does not use copy "iso14651_t1"
[22524] localedata: lt_LT LC_COLLATE does not use copy "iso14651_t1"
[22527] localedata: tr_TR LC_COLLATE does not use copy "iso14651_t1"
[22534] localedata: Collation rules for Serbian and Bosnian should be the
same as for Croatian
[22561] math: [DR#471] cacosh (0 + iNaN) should return NaN +/- i pi/2
[22568] math: [DR#471] ctanh (0 + iNaN), ctanh (0 + i Inf)
[22577] libc: missing newline after "cannot allocate TLS data structures
for initial thread"
[22588] manual: manual/conf.texi: missing underscore in front of
SC_SSIZE_MAX
[22593] math: nextafter and nexttoward are declared with const attribute
[22596] manual: manual: finite(nan) wrongly described as returning nonzero
[22603] string: ia64 memchr overflows internal pointer check
[22605] libc: SH clone does not set the exit code correctly
[22606] dynamic-link: Incorrect array size computation in _dl_init_paths
(CVE-2017-1000408)
[22607] dynamic-link: Buffer Overflow in _dl_init_paths (CVE-2017-1000409)
[22611] malloc: malloc/tst-realloc wrongly assumes that errno must not be
modified in case of success
[22614] build: gcc: error: unrecognized command line option ‘-no-pie’
[22615] manual: manual: ambiguous wording about errno value in case of
success
[22624] libc: MIPS setjmp() saves incorrect 'o0' register in --enable-
stack-protector=all
[22625] dynamic-link: RPATH $ORIGIN replaced by PWD for AT_SECURE/SUID
binaries or if /proc is not mounted (CVE-2017-16997)
[22627] dynamic-link: $ORIGIN in $LD_LIBRARY_PATH is substituted twice
[22630] build: $(no-pie-ldflag) is no longer effective
[22631] math: [m68k] Bad const attributes in bits/mathinline.h
[22635] nptl: pthread_self returns NULL before libpthread is loaded