aboutsummaryrefslogtreecommitdiff
path: root/NEWS
AgeCommit message (Collapse)Author
2013-09-23New locale for nan_TWWei-Lun Chao
2013-09-23Check for integer overflow in cache size computation in strcollSiddhesh Poyarekar
strcoll is implemented using a cache for indices and weights of collation sequences in the strings so that subsequent passes do not have to search through collation data again. For very large string inputs, the cache size computation could overflow. In such a case, use the fallback function that does not cache indices and weights of collation sequences. Fixes CVE-2012-4412.
2013-09-23Fall back to non-cached sequence traversal and comparison on malloc failSiddhesh Poyarekar
strcoll currently falls back to alloca if malloc fails, resulting in a possible stack overflow. This patch implements sequence traversal and comparison without caching indices and rules. Fixes CVE-2012-4424.
2013-09-23BZ #15754: CVE-2013-4788Carlos O'Donell
The pointer guard used for pointer mangling was not initialized for static applications resulting in the security feature being disabled. The pointer guard is now correctly initialized to a random value for static applications. Existing static applications need to be recompiled to take advantage of the fix. The test tst-ptrguard1-static and tst-ptrguard1 add regression coverage to ensure the pointer guards are sufficiently random and initialized to a default value.
2013-09-21New locale for ak_GH.Chris Leonard
2013-09-21correct bug list in NEWSChris Leonard
2013-09-21[BZ #15859] Fix memory leak in _dl_map_object_depsVinitha Vijayan
2013-09-20Mention malloc probes in the NEWS file.Alexandre Oliva
for ChangeLog * NEWS: Mention malloc probes.
2013-09-20Copy-edit NEWS and fixup ChangeLog entries.Carlos O'Donell
2013-09-20Update Changelog and NEWSChris Leonard
2013-09-19Add BZ #15640 to resolved bug list in NEWS.Maxim Kuvyrkov
2013-09-17Fix powerpc fpu_control.h namespace and parenthesis issues (bug 15966).Joseph Myers
2013-09-13Add CVE-2013-4332 to NEWS.Will Newton
2013-09-11Mention closing 15855, 15856 and 15857 in NEWS.Will Newton
2013-09-10Clarify documentation cross-referenceAllan McRae
The end of the "Parsing of Floats" subsection currently reads: The GNU C Library also provides '_l' versions of these functions, which take an additional argument, the locale to use in conversion. *Note Parsing of Integers::. Split the final note as it is unrelated to the above comment and reference it with "See also" instead.
2013-09-10Update pt_chown sections of the manualAllan McRae
The pt-chown binary is discussed in the "Running make install" section without clarification of the needed configure option. Clarify this and simplfy the discription which is already covered in the "Configuring and compiling" section.
2013-09-09Fix typo in strcoll exampleAllan McRae
2013-09-09Fix memory leak in stdlib/isomac.cAllan McRae
2013-09-09Fix memory leaks in libio on allocation failureAllan McRae
2013-09-09Fix nesting of ifdefs in netgroupcache.cAllan McRae
Fixes unclosed '{' if HAVE_SENDFILE is defined (BZ #15895).
2013-09-09Update to latest versions of GPL-2.0 and LGPL-2.1Allan McRae
Pull copies of these files directly from the GNU website: http://www.gnu.org/licenses/gpl-2.0.txt http://www.gnu.org/licenses/lgpl-2.1.txt Fixes the address of the Free Software Foundation (BZ #15844). Also includes some minor formatting changes and corrects references to the GNU "Library" General Public License.
2013-09-07Mention --disable-versioning removal in NEWS.Joseph Myers
2013-09-04Update iso-1427.def and related occurrences.Chris Leonard
2013-09-04Add country_car field to LC_ADDRESScjl
2013-09-03Fix lgammaf spurious underflow (bug 15427).Joseph Myers
2013-09-03Update ht_HT localeChris Leonard
2013-09-03 Chris Leonard <cjl@sugarlabs.org> [BZ#15886] * locales/ht_HT: 1.1 revision of ht_HT locale.
2013-09-03Add quz_PE localeChris Leonard
2013-09-03 Chris Leonard <cjl@sugarlabs.org> [BZ#15887] * locales/quz_PE: New locale for quz_PE. * SUPPORTED: Add quz_PE.
2013-09-03Mark success return value as volatile to work around reschedulingSiddhesh Poyarekar
Resolves #15921 The test case nptl/tst-cleanup2 fails on s390x and power6 due to instruction sheduling in gcc. This was reported in gcc: http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58034 but it was concluded that gcc is allowed to assume that the first argument to sprintf is a character array - NULL not being a valid character array.
2013-09-02Fix spurious jnf underflows (bug 14155).Joseph Myers
2013-08-30ARM: Fix clone code when built for Thumb.Will Newton
The mov lr, pc instruction will lose the Thumb bit from the return address so use blx lr instead. ports/ChangeLog.arm: 2013-08-30 Will Newton <will.newton@linaro.org> [BZ #15909] * sysdeps/unix/sysv/linux/arm/clone.S (__clone): Use blx instead of mov lr, pc.
2013-08-29[BZ #15522] strtod ("nan(N)") returning a sNaN in some casesThomas Schwinge
2013-08-29ARM: Pass dl_hwcap to IFUNC resolver.Carlos O'Donell
For REL relocs pass dl_hwcap to the IFUNC resolver as is required by the IFUNC API (bug 15905).
2013-08-27[BZ #15897] dlfcn: do not mark dlopen/dlclose as leaf functionsMike Frysinger
Since the dlopen funcs might invoke a constructor that calls a func that is in the same compilation unit as the caller, we cannot mark them as leaf funcs. Similarly, dlclose might invoke a destructor that calls a func that is in the same compilation unit as the caller. URL: https://sourceware.org/bugzilla/show_bug.cgi?id=15897 Reportedy-by: Fabrice Bauzac <libnoon@gmail.com> Signed-off-by: Mike Frysinger <vapier@gentoo.org>
2013-08-27Fix missing declaration of LC_CTYPE nonascii-case elementAndreas Schwab
2013-08-26Initialize res_hconf in nscdSiddhesh Poyarekar
Fixes BZ #15890.
2013-08-23Fix cexp (NaN + i0) (bug 15532).Joseph Myers
2013-08-21Add bug 15867 to NEWS.Joseph Myers
2013-08-21Fix fdim handling of infinities (bug 15797).Joseph Myers
2013-08-20Fix cproj handling of (finite, NaN) arguments (bug 15531).Joseph Myers
2013-08-16CVE-2013-4237, BZ #14699: Buffer overflow in readdir_rFlorian Weimer
* sysdeps/posix/dirstream.h (struct __dirstream): Add errcode member. * sysdeps/posix/opendir.c (__alloc_dir): Initialize errcode member. * sysdeps/posix/rewinddir.c (rewinddir): Reset errcode member. * sysdeps/posix/readdir_r.c (__READDIR_R): Enforce NAME_MAX limit. Return delayed error code. Remove GETDENTS_64BIT_ALIGNED conditional. * sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c: Do not define GETDENTS_64BIT_ALIGNED. * sysdeps/unix/sysv/linux/i386/readdir64_r.c: Likewise. * manual/filesys.texi (Reading/Closing Directory): Document ENAMETOOLONG return value of readdir_r. Recommend readdir more strongly. * manual/conf.texi (Limits for Files): Add portability note to NAME_MAX, PATH_MAX. (Pathconf): Add portability note for _PC_NAME_MAX, _PC_PATH_MAX.
2013-08-13Fix cbrtl for ldbl-96Andreas Schwab
2013-08-12Open development for 2.19.glibc-2.18.90David S. Miller
* version.h (RELEASE): Set to "development". (VERSION): Set to "2.18.90". * NEWS: Add 2.19 section.
2013-07-25Added NEWS entries for AT_HWCAP2 and POWER8 enablement.Ryan S. Arnold
2013-07-22tile BZ #15759: Fix bug in _dl_unmapChris Metcalf
We returned without calling __munmap if not in the simulator. Now we call a separate sim_dlclose() function to make the control flow work correctly.
2013-07-21CVE-2013-2207, BZ #15755: Disable pt_chown.Carlos O'Donell
The helper binary pt_chown tricked into granting access to another user's pseudo-terminal. Pre-conditions for the attack: * Attacker with local user account * Kernel with FUSE support * "user_allow_other" in /etc/fuse.conf * Victim with allocated slave in /dev/pts Using the setuid installed pt_chown and a weak check on whether a file descriptor is a tty, an attacker could fake a pty check using FUSE and trick pt_chown to grant ownership of a pty descriptor that the current user does not own. It cannot access /dev/pts/ptmx however. In most modern distributions pt_chown is not needed because devpts is enabled by default. The fix for this CVE is to disable building and using pt_chown by default. We still provide a configure option to enable hte use of pt_chown but distributions do so at their own risk.
2013-07-16BZ #15711: Avoid circular dependency for syscall.hCarlos O'Donell
The generated header is compiled with `-ffreestanding' to avoid any circular dependencies against the installed implementation headers. Such a dependency would require the implementation header to be installed before the generated header could be built (See bug 15711). In current practice the generated header dependencies do not include any of the implementation headers removed by the use of `-ffreestanding'. --- 2013-07-15 Carlos O'Donell <carlos@redhat.com> [BZ #15711] * sysdeps/unix/sysv/linux/Makefile ($(objpfx)bits/syscall%h): Avoid system header dependency with -ffreestanding. ($(objpfx)bits/syscall%d): Likewise.
2013-07-02Add lock elision to NEWS fileAndi Kleen
2013-06-28Add more NEWS items for 2.18.Joseph Myers
2013-06-28Test for mprotect failure in dl-load.c (bug 12492).Pierre Ynard
2013-06-28[BZ #15022] Correct global-scope dlopen issues in static executables.Maciej W. Rozycki
This change creates a link map in static executables to serve as the global search list for dlopen. It fixes a problem with the inability to access the global symbol object and a crash on an attempt to map a DSO into the global scope. Some code that has become dead after the addition of this link map is removed too and test cases are provided.