tag name | glibc-2.24 (beb0f59498c3e0337df298f9d7a3f8f77eb39842) |
tag date | 2016-08-01 22:46:26 -0400 |
tagged by | Carlos O'Donell <carlos@redhat.com> |
tagged object | commit fdfc9260b6... |
download | glibc-2.24.tar glibc-2.24.tar.gz glibc-2.24.tar.bz2 glibc-2.24.zip |
---|
The GNU C Library
=================
The GNU C Library version 2.24 is now available.
The GNU C Library is used as *the* C library in the GNU system and
in GNU/Linux systems, as well as many other systems that use Linux
as the kernel.
The GNU C Library is primarily designed to be a portable
and high performance C library. It follows all relevant
standards including ISO C11 and POSIX.1-2008. It is also
internationalized and has one of the most complete
internationalization interfaces known.
The GNU C Library webpage is at http://www.gnu.org/software/libc/
Packages for the 2.24 release may be downloaded from:
http://ftpmirror.gnu.org/libc/
http://ftp.gnu.org/gnu/libc/
The mirror list is at http://www.gnu.org/order/ftp.html
NEWS for version 2.24
=====================
* The minimum Linux kernel version that this version of the GNU C Library
can be used with is 3.2, except on i[4567]86 and x86_64, where Linux
kernel version 2.6.32 or later suffices (on architectures that already
required kernel versions more recent than 3.2, those requirements remain
unchanged). Linux 3.2 or later kernel headers are required on all
architectures.
* The pap_AN locale has been deleted. This has been deprecated for a long
time. It has been replaced by pap_AW & pap_CW, both of which have long
been included in previous releases.
* The readdir_r and readdir64_r functions have been deprecated. It is
recommended to use readdir and readdir64 instead.
* The type “union wait” has been removed. It was deprecated in the early
1990s and never part of POSIX. Application code should use the int type
instead of “union wait”.
* A new NSS action is added to facilitate large distributed system
administration. The action, MERGE, allows remote user stores like LDAP
to be merged into local user stores like /etc/groups in order to provide
easy to use, updated, and managed sets of merged credentials. The new
action can be used by configuring it in /etc/nsswitch.conf:
group: files [SUCCESS=merge] nis
Implemented by Stephen Gallagher (Red Hat).
* The deprecated __malloc_initialize_hook variable has been removed from the
API.
* The long unused localedef --old-style option has been removed. It hasn't
done anything in over 16 years. Scripts using this option can safely
drop it.
* nextupl, nextup, nextupf, nextdownl, nextdown and nextdownf are added to
libm. They are defined by TS 18661 and IEEE754-2008. The nextup functions
return the next representable value in the direction of positive infinity
and the nextdown functions return the next representable value in the
direction of negative infinity. These are currently enabled as GNU
extensions.
Security related changes:
* An unnecessary stack copy in _nss_dns_getnetbyname_r was removed. It
could result in a stack overflow when getnetbyname was called with an
overly long name. (CVE-2016-3075)
* Previously, getaddrinfo copied large amounts of address data to the stack,
even after the fix for CVE-2013-4458 has been applied, potentially
resulting in a stack overflow. getaddrinfo now uses a heap allocation
instead. Reported by Michael Petlan. (CVE-2016-3706)
* The glob function suffered from a stack-based buffer overflow when it was
called with the GLOB_ALTDIRFUNC flag and encountered a long file name.
Reported by Alexander Cherepanov. (CVE-2016-1234)
* The Sun RPC UDP client could exhaust all available stack space when
flooded with crafted ICMP and UDP messages. Reported by Aldy Hernandez'
alloca plugin for GCC. (CVE-2016-4429)
* The IPv6 name server management code in libresolv could result in a memory
leak for each thread which is created, performs a failing naming lookup,
and exits. Over time, this could result in a denial of service due to
memory exhaustion. Reported by Matthias Schiffer. (CVE-2016-5417)
The following bugs are resolved with this release:
[1170] localedata: ne_NP: update Nepali locale definition file
[3629] manual: stpcpy description in string.texi refers to MS-DOG instead
of MS-DOS.
[6527] malloc: [powerpc] Malloc alignment insufficient for PowerPC
[6796] math: fdim() does not set errno on overflow
[10354] libc: posix_spawn should use vfork() in more cases than presently
[11213] localedata: localedata: add copyright disclaimer to locale files
[12143] localedata: chr_US: new Cherokee locale
[12450] localedata: sgs_LT: new locale
[12676] localedata: ln_CD: new locale
[13237] localedata: LC_ADDRESS.country_name: update all locales w/latest
CLDR data
[13304] math: fma, fmaf, fmal produce wrong results
[14259] build: --localedir arg to configure is ignored
[14499] nptl: Does posix_spawn invoke atfork handlers / use vfork?
[14750] libc: Race condition in posix_spawn vfork usage vs signal handlers
[14934] localedata: es_CL: wrong first weekday chilean locale
[15262] localedata: LC_MESSAGES.yesexpr/noexpr: inconsistent use of
romanisation
[15263] localedata: LC_MESSAGES.yesexpr/noexpr: inconsistent use of 1/0
and +/-
[15264] localedata: LC_MESSAGES.yesstr/nostr: lacking in many locales
[15368] nptl: raise() is not async-signal-safe
[15479] math: ceil, floor, round and trunc raise inexact exception
[15578] localedata: kk_KZ: various updates
[16003] localedata: pap_AN: punt old locale
[16137] localedata: iw_IL: punt old locale
[16190] localedata: eo: new esperanto locale
[16374] localedata: lv_LV: change currency symbol in LC_MONETARY to euro
[16742] malloc: race condition: pthread_atfork() called before first
malloc() results in unexpected locking behaviour/deadlocks
[16975] localedata: LC_MESSAGES.yesexpr/noexpr: revisit capitalization in
all locales
[16983] localedata: postal_fmt does not allow %l and %n modifiers
[17565] localedata: pt_PT: wrong (work-)week start
[17899] math: [powerpc] floorl returns negative zero with FE_DOWNWARD
[17950] build: Build fails with -msse
[18205] localedata: be_BY*: wrong first_weekday and first_workday
[18433] libc: posix_spawn does not return correctly upon failure to
execute
[18453] localedata: charmaps/IBM875: incorrect codes
[18712] string: bits/string2.h incompatible with -O2 -Werror=packed
-Wsystem-headers
[18896] localedata: he_IL: improvements for currency
[18911] localedata: ro_RO: Correcting week day name for "Tuesday" in
Romanian locale data
[18960] locale: s390: _nl_locale_subfreeres uses larl opcode on misaligned
symbol
[19056] libc: Deprecate readdir_r
[19133] localedata: pt_*: days & months should be lowercase in Portuguese
language
[19198] localedata: nl_NL: small improvements for Dutch locales
[19257] network: Per-thread memory leak in __res_vinit with IPv6
nameservers (CVE-2016-5417)
[19269] build: tst-audit4 and tst-audit10 failures with gcc-6 on non avx
machine
[19400] locale: Language missing in "iso-639.def", trivial fix in
description
[19431] malloc: Deadlock between fflush, getdelim, and fork
[19505] libc: Incorrect file descriptor validity checks in
posix_spawn_file_actions_add{open,close,dup2}
[19509] dynamic-link: dlsym, dlvsym do not report errors through dlerror
when using RTLD_NEXT
[19512] locale: Stale `#ifndef HAVE_BUILTIN_EXPECT' in
`intl/{gettextP,loadinfo}.h'
[19534] libc: execle, execlp may use malloc
[19568] localedata: *_CH: Swiss locales have inconsistent start of week
[19573] network: res_nclose and __res_maybe_init disagree about name
server initialization, breaking Hesiod
[19575] localedata: Status of GB18030 tables
[19581] localedata: sr_* date_fmt string contains additional newline
[19583] string: SSSE3_Fast_Copy_Backward flag needs to be enabled for AMD
Excavator core
[19592] math: [ldbl-128ibm] ceill incorrect in non-default rounding modes
[19593] math: [ldbl-128ibm] truncl incorrect in non-default rounding modes
[19594] math: [ldbl-128ibm] roundl incorrect in non-default rounding modes
[19595] math: [ldbl-128ibm] fmodl incorrect for results in subnormal
double range
[19602] math: [ldbl-128ibm] fmodl handling of equal arguments with low
part zero incorrect
[19603] math: [ldbl-128ibm] remainderl, remquol incorrect sign handling in
equality tests
[19610] dynamic-link: ldconfig -X removes stale symbolic links
[19613] libc: s390x (64 bit) macro expansion WCOREDUMP and others
[19633] locale: strfmon_l applies global locale to number formatting
[19642] network: Memory leak in getnameinfo
[19648] libc: test-skeleton.c: Do not set RLIMIT_DATA
[19653] libc: Potential for NULL pointer dereference (CWE-476) in
glibc-2.22
[19654] math: [x86_64] Need testcase for BZ #19590 fix
[19671] localedata: Missing Sanity Check for malloc() in 'tst-fmon.c' &
'tst-numeric.c'
[19674] math: [ldbl-128ibm] powl incorrect overflow handling
[19677] math: [ldbl-128ibm] remainderl equality test incorrect for zero
low part
[19678] math: [ldbl-128ibm] nextafterl, nexttowardl incorrect sign of zero
result
[19679] dynamic-link: gcc-4.9.3 C++ exception handling broken due to
unaligned stack
[19726] locale: Converting UCS4LE to INTERNAL with iconv() does not update
pointers and lengths in error-case.
[19727] locale: Converting from/to UTF-xx with iconv() does not always
report errors on UTF-16 surrogates values.
[19755] nscd: nscd assertion failure in gc
[19758] dynamic-link: Typo in EXTRA_LD_ENVVARS for x86-64
[19759] libc: mempcpy shouldn't be inlined
[19762] dynamic-link: HAS_CPU_FEATURE/HAS_ARCH_FEATURE are easy to misuse
[19765] libc: s390 needs an optimized mempcpy
[19779] glob: glob: buffer overflow with GLOB_ALTDIRFUNC due to incorrect
NAME_MAX limit assumption (CVE-2016-1234)
[19783] build: benchtests don't support --enable-hardcoded-path-in-tests
[19787] network: Missing and incorrect truncation checks in getnameinfo
[19790] math: [ldbl-128ibm] nearbyintl incorrect in non-default rounding
modes
[19791] network: Assertion failure in res_query.c with un-connectable name
server addresses
[19792] libc: MIPS: backtrace yields infinite backtrace with makecontext
[19822] math: libm.so install clobbers old version
[19825] network: resolv: send_vc can return uninitialized data in second
response to getaddrinfo
[19830] network: nss_dns: should check RDATA length against buffer length
[19831] network: nss_dns: getaddrinfo returns uninitialized data when
confronted with A/AAAA records of invalid size
[19837] nss: nss_db: No retries for some long lines with a larger buffer
[19848] math: powl(10,n) for n=-4,-5,-6,-7 is off by more than 1 ULP
[19853] stdio: Printing IBM long double in decimal with high precision is
sometimes incorrect
[19860] build: x86_64: compile errors for tst-audit10 and tst-auditmod10b
[19861] nptl: libpthread IFUNC resolver for fork can lead to crash
[19862] network: resolv, nss_dns: Remove remaining logging of unexpected
record types
[19865] network: Assertion failure or memory leak in
_nss_dns_getcanonname_r
[19868] network: nss_dns: netent code does not skip over non-PTR records
[19879] network: nss_dns: Stack overflow in getnetbyname implementation
(CVE-2016-3075)
[19881] string: Improve x86-64 memset
[19907] string: Incorrect memcpy tests
[19916] dynamic-link: S390: fprs/vrs are not saved/restored while
resolving symbols
[19925] libc: termios.h XCASE namespace
[19928] string: memmove-vec-unaligned-erms.S is slow with large data size
[19929] libc: limits.h NL_NMAX namespace
[19931] stdio: Memory leak in vfprintf
[19957] libc: clone(CLONE_VM) access invalid parent memory
[19963] localedata: en_IL: New locale
[19989] stdio: stdio.h cuserid namespace
[19994] network: getaddrinfo does not restore RES_USE_INET6 flag in
gethosts
[19996] locale: langinfo.h nl_langinfo_l namespace
[20005] stdio: fflush on a file opened with fmemopen resets position to 0
[20010] network: getaddrinfo: Stack overflow in hostent translation
(CVE-2016-3706)
[20012] stdio: libio: fmemopen append mode failure
[20014] stdio: stdio.h namespace for pre-threads POSIX
[20017] network: resolv: Use gmtime_r instead of gmtime in p_secstodate
[20023] libc: fcntl.h timespec namespace
[20024] math: [x86_64] vectorized sincos trashes the stack
[20031] network: nss_hesiod: Heap overflow in get_txt_records
[20041] time: sys/time.h timespec namespace
[20043] libc: unistd.h missing cuserid for UNIX98 and before
[20044] libc: unistd.h missing pthread_atfork for UNIX98
[20051] libc: ttyslot in wrong header under wrong conditions
[20054] libc: gethostname not declared for XPG4
[20055] libc: termios.h missing tcgetsid for XPG4
[20072] dynamic-link: x86 init_cpu_features is called twice in static
executable
[20073] libc: sys/stat.h fchmod namespace
[20074] libc: stdlib.h rand_r namespace
[20076] libc: sys/stat.h missing S_IFSOCK, S_ISSOCK for XPG4
[20094] libc: stdlib.h should not declare grantpt, ptsname, unlockpt for
XPG3
[20111] libc: struct sockaddr_storage cannot be aggregate-copied
[20112] network: sunrpc: stack (frame) overflow in Sun RPC clntudp_call
(CVE-2016-4429)
[20115] string: Extra alignment in memset-vec-unaligned-erms.S
[20119] libc: Wrong mask for processors level type from CPUID
[20139] dynamic-link: Upper part of zmm is zeroed if Glibc is built with
AS not supporting AVX512
[20151] math: [ldbl-128/ldbl-128ibm] j0l, j1l, y0l, y1l return sNaN for
sNaN argument
[20153] math: [ldbl-128ibm] sqrtl (sNaN) returns sNaN
[20156] math: [ldbl-128ibm] ceill, rintl etc. return sNaN for sNaN
argument
[20157] math: [powerpc] fabsl (sNaN) wrongly raises "invalid"
[20160] math: [powerpc] ceil, rint etc. return sNaN for sNaN input
[20178] libc: posix_spawn{p} should not call exit
[20191] stdio: libio: vtables hardening
[20195] string: FMA4 detection requires CPUID execution with register
eax=0x80000001
[20198] libc: quick_exit incorrectly destroys C++11 thread objects.
[20205] math: [i386/x86_64] nextafterl incorrect incrementing negative
subnormals
[20212] math: acos (sNaN) returns sNaN
[20213] math: asin (sNaN) returns sNaN
[20214] network: Linux header sync with linux/in6.h and ipv6.h again.
[20218] math: [i386] asinhl (sNaN) returns sNaN
[20219] math: [i386] atanhl (sNaN) returns sNaN
[20222] stdio: fopencookie: Mangle function pointers
[20224] math: [i386] cbrtl (sNaN) returns sNaN
[20225] math: ldexp, scalbn, scalbln return sNaN for sNaN input
[20226] math: [i386/x86_64] expl, exp10l, expm1l return sNaN for sNaN
input
[20227] math: [i386/x86_64] logl (sNaN) returns sNaN
[20228] math: [i386/x86_64] log10l (sNaN) returns sNaN
[20229] math: [i386/x86_64] log1pl (sNaN) returns sNaN
[20232] math: [ldbl-128] expm1l (sNaN) returns sNaN
[20233] math: [ldbl-128ibm] expm1l (sNaN) returns sNaN
[20234] math: [ldbl-128ibm] log1pl (sNaN) returns sNaN
[20235] math: [i386/x86_64] log2l (sNaN) returns sNaN
[20237] nss: nss_db: get*ent segfaults without preceding set*ent
[20240] math: modf (sNaN) returns sNaN
[20248] libc: debug/tst-longjump_chk2 calls printf from a signal handler
[20250] math: frexp (sNaN) returns sNaN
[20252] math: atan2 (sNaN, qNaN) fails to raise "invalid"
[20255] math: [i386] fdim, fdimf return with excess range and precision /
double rounding
[20256] math: [i386/x86_64] fdiml returns sNaN for sNaN input
[20260] string: ../sysdeps/x86/bits/string.h:1092:3: error: array
subscript is below array bounds [-Werror=array-bounds]
[20262] nis: _nss_nis_initgroups_dyn always returns NSS_STATUS_NOTFOUND
[20263] nptl: robust mutex deadlocks if other thread requests timedlock
(Only arm/linux)
[20277] libc: $dp is not initialized correctly in sysdeps/hppa/start.S
[20284] malloc: malloc: Corrupt arena avoidance causes unnecessary mmap
fallbacks
[20296] math: [i386/x86_64] scalbl returns sNaN for sNaN input, missing
"invalid" exceptions
[20314] nptl: make[4]: *** [/usr/include/stdlib.h] Error 1
[20316] localedata: id_ID: Februari instead of Pebruari
[20327] string: POWER8 strcasecmp returns incorrect result
[20347] math: Failure: Test: j0_downward (0xap+0)
[20348] libc: FAIL: misc/tst-preadvwritev64
[20349] libc: 64-bit value is passed differently in p{readv,writev}{64}
[20350] libc: There is no test for p{read,write}64
[20357] math: Incorrect cos result for 1.5174239687223976
[20384] build: Don't run libmvec-sincos-avx* tests on non avx machines
Contributors
============
This release was made possible by the contributions of many people.
The maintainers are grateful to everyone who has contributed
changes or bug reports. These include:
Adhemerval Zanella
Andreas Schwab
Andrew Senkevich
Anton Blanchard
Arnas Udovičius
Aurelien Jarno
Carlos Eduardo Seo
Carlos O'Donell
Chris Metcalf
Chung-Lin Tang
Claude Paroz
Dimitris Pappas
Dmitry V. Levin
Dylan Alex Simon
Eduardo Trápani
Florian Weimer
Gabriel F. T. Gomes
Gunnar Hjalmarsson
Gustavo Romero
Guy Rutenberg
H.J. Lu
Hongjiu Zhang
Jiyoung Yun
John David Anglin
Joseph Myers
Khem Raj
Maciej W. Rozycki
Mark Wielaard
Marko Myllynen
Martin Galvan
Matthew Fortune
Matthias Wallnoefer
Mike FABIAN
Mike Frysinger
Neskie Manuel
Nick Alcock
Paras pradhan
Paul E. Murphy
Paul Pluzhnikov
Rajalakshmi Srinivasaraghavan
Rical Jasan
Richard Henderson
Robin van der Vliet
Roland McGrath
Samuel Thibault
Siddhesh Poyarekar
Simion Onea
Stefan Liebler
Stephen Gallagher
Szabolcs Nagy
Timur Birsh
Torvald Riegel
Tulio Magno Quites Machado Filho
Wilco Dijkstra
Will Newton
Yvan Roux
Zack Weinberg
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJXoAmUAAoJEBZ5K06iU0D4Nx8P/3EGutqtVg6OubIKw9izzWMO
6pNj7Iy569Bk+ER2ElR5xvTeumpVS05A8r94oXX0rzCNsFIAVct7Ocr62r/OQz8A
+p6W+USpORha6m+SzY1bkI1109RR6Q4jpbENkhk/JKcBXJ7AHWHeW72QKMP0+JJu
QBavQ8b3ZLJQ4X+Be10bjseTaqAn4XNYj6fmajQC2x7F0sL32+xFjSktw8hn9AFs
A32yS3c2v/GfqKIyNj4Yz/akZzffACZ+8twVkJGDK5eoMGGQ/Obr3yttzKSNsN+O
n73HyyP4O8dG/U+v5k0IR4drT6mnUFRHUvkN10VahCHiTSG5AFQut30lwvVKzhF6
VYylPzbhOcVnSuJqdT4xJ6sumvQl5W4IAb/GKSso62MrcKFYPFdnx0wgMX6Arlgm
wkuSkSQCOfj/be2/R88alRJYNTW39vsPqKPop5ov/uXbfHqIoFcQitS0vDFJqGIC
zOhJSlV0cS/StKkw0xNgQ6Ay/dnHMm2Hzg5lqRzaQblkDVrNfN7TqyeZBEhwh3N5
KifvkdKSO6L6N7dM3nLsT+qJWoSp8dNsQ+qCHL6A/hL0SA4nxJ3hmC5hanCL+7D8
MrO5m+Z5yjpdSWFDmJv2LZsIzYX2UGZmUO19c7zvZoIrXuJE4bQXEmM4rylrNXGS
Lcke/0PPdvDeSW7iWjjP
=j7Oo
-----END PGP SIGNATURE-----