summaryrefslogtreecommitdiff
tag nameglibc-2.20 (9bcede1abfb0fa62d54b7cfce5c72d56e2f7b95c)
tag date2014-09-07 18:17:29 +1000
tagged byAllan McRae <allan@archlinux.org>
tagged objectcommit b8079dd0d3...
downloadglibc-2.20.tar.gz
The GNU C Library
================= The GNU C Library version 2.20 is now available. The GNU C Library is used as *the* C library in the GNU systems and is widely used on systems with the Linux kernel. The GNU C Library is primarily designed to be a portable and high performance C library. It follows all relevant standards including ISO C11 and POSIX.1-2008. It is also internationalized and has one of the most complete internationalization interfaces known. The GNU C Library webpage is at http://www.gnu.org/software/libc/ Packages for the 2.20 release may be downloaded from: http://ftpmirror.gnu.org/libc/ http://ftp.gnu.org/gnu/libc/ The mirror list is at http://www.gnu.org/order/ftp.html NEWS for version 2.20 ==================== * The following bugs are resolved with this release: 6804, 9894, 12994, 13347, 13651, 14308, 14770, 15119, 15132, 15347, 15514, 15698, 15804, 15894, 15946, 16002, 16064, 16095, 16194, 16198, 16275, 16284, 16287, 16315, 16348, 16349, 16354, 16357, 16362, 16447, 16516, 16532, 16539, 16545, 16561, 16562, 16564, 16574, 16599, 16600, 16609, 16610, 16611, 16613, 16619, 16623, 16629, 16632, 16634, 16639, 16642, 16648, 16649, 16670, 16674, 16677, 16680, 16681, 16683, 16689, 16695, 16701, 16706, 16707, 16712, 16713, 16714, 16724, 16731, 16739, 16740, 16743, 16754, 16758, 16759, 16760, 16770, 16786, 16789, 16791, 16796, 16799, 16800, 16815, 16823, 16824, 16831, 16838, 16839, 16849, 16854, 16876, 16877, 16878, 16882, 16885, 16888, 16890, 16892, 16912, 16915, 16916, 16917, 16918, 16922, 16927, 16928, 16932, 16943, 16958, 16965, 16966, 16967, 16977, 16978, 16984, 16990, 16996, 17009, 17022, 17031, 17042, 17048, 17050, 17058, 17061, 17062, 17069, 17075, 17078, 17079, 17084, 17086, 17088, 17092, 17097, 17125, 17135, 17137, 17150, 17153, 17187, 17213, 17259, 17261, 17262, 17263, 17319, 17325, 17354. * Reverted change of ABI data structures for s390 and s390x: On s390 and s390x the size of struct ucontext and jmp_buf was increased in 2.19. This change is reverted in 2.20. The introduced 2.19 symbol versions of getcontext, setjmp, _setjmp, __sigsetjmp, longjmp, _longjmp, siglongjmp are preserved pointing straight to the same implementation as the old ones. Given that, new callers will simply provide a too-big buffer to these functions. Any applications/libraries out there that embed jmp_buf or ucontext_t in an ABI-relevant data structure that have already been rebuilt against 2.19 headers will have to rebuilt again. This is necessary in any case to revert the breakage in their ABI caused by the glibc change. * Support for file description locks is added to systems running the Linux kernel. The standard file locking interfaces are extended to operate on file descriptions, not file descriptors, via the use of F_OFD_GETLK, F_OFD_SETLK, and F_OFD_SETLKW. File description locks are associated with an open file instead of a process. * Optimized strchr implementation for AArch64. Contributed by ARM Ltd. * The minimum Linux kernel version that this version of the GNU C Library can be used with is 2.6.32. * Running the testsuite no longer terminates as soon as a test fails. Instead, a file tests.sum (xtests.sum from "make xcheck") is generated, with PASS or FAIL lines for individual tests. A summary of the results is printed, including a list of failing lists, and "make check" exits with error status if there were any unexpected failures. "make check stop-on-test-failure=y" may be used to keep the old behavior. * The am33 port, which had not worked for several years, has been removed from ports. * The _BSD_SOURCE and _SVID_SOURCE feature test macros are no longer supported; they now act the same as _DEFAULT_SOURCE (but generate a warning). Except for cases where _BSD_SOURCE enabled BSD interfaces that conflicted with POSIX (support for which was removed in 2.19), the interfaces those macros enabled remain available when compiling with _GNU_SOURCE defined, with _DEFAULT_SOURCE defined, or without any feature test macros defined. * Optimized strcmp implementation for ARMv7. Contributed by ARM Ltd. * Added support for TX lock elision of pthread mutexes on s390 and s390x. This may improve lock scaling of existing programs on TX capable systems. The lock elision code is only built with --enable-lock-elision=yes and then requires a GCC version supporting the TX builtins. With lock elision default mutexes are elided via __builtin_tbegin, if the cpu supports transactions. By default lock elision is not enabled and the elision code is not built. * CVE-2014-4043 The posix_spawn_file_actions_addopen implementation did not copy the path argument. This allowed programs to cause posix_spawn to deference a dangling pointer, or use an unexpected pathname argument if the string was modified after the posix_spawn_file_actions_addopen invocation. * All supported architectures now use the main glibc sysdeps directory instead of some being in a separate "ports" directory (which was distributed separately before glibc 2.17). * The NPTL implementation of POSIX pthreads is no longer an "add-on". On configurations that support it (all Linux configurations), it's now used regardless of the --enable-add-ons switch to configure. It is no longer possible to build such configurations without pthreads support. * Locale names, including those obtained from environment variables (LANG and the LC_* variables), are more tightly checked for proper syntax. setlocale will now fail (with EINVAL) for locale names that are overly long, contain slashes without starting with a slash, or contain ".." path components. (CVE-2014-0475) Previously, some valid locale names were silently replaced with the "C" locale when running in AT_SECURE mode (e.g., in a SUID program). This is no longer necessary because of the additional checks. * On x86-64, the dynamic linker's lazy-binding support is now compatible with application code using Intel MPX instructions. (With all previous versions, the MPX register state could be clobbered when making calls into or out of a shared library.) Note that while the new dynamic linker is compatible with all known x86 hardware whether or not it supports Intel MPX, some x86 instruction-set emulators might fail to handle the new instruction encodings. This is known to affect Valgrind versions up through 3.9 (but will be fixed in the forthcoming 3.10 release), and might affect other tools that do instruction emulation. * Support for loadable gconv transliteration modules has been removed. The support for transliteration modules has been non-functional for over a decade, and the removal is prompted by security defects. The normal gconv conversion modules are still supported. Transliteration with //TRANSLIT is still possible, and the //IGNORE specifier continues to be supported. (CVE-2014-5119) * Decoding a crafted input sequence in the character sets IBM933, IBM935, IBM937, IBM939, IBM1364 could result in an out-of-bounds array read, resulting a denial-of-service security vulnerability in applications which use functions related to iconv. (CVE-2014-6040) Contributors ============ This release was made possible by the contributions of many people. The maintainers are grateful to everyone who has contributed changes or bug reports. These include: Adam Conrad Adhemerval Zanella Alan Modra Allan McRae Andi Kleen Andreas Krebbel Andreas Schwab Arjun Shankar Aurelien Jarno Bernard Ogden Carlos O'Donell Chris Metcalf David Holsgrove David S. Miller David Svoboda Dominik Vogt Dylan Alex Simon Eric Wong Florian Weimer Guo Yixuan H.J. Lu Ian Bolton Igor Zamyatin Jeff Layton Jim Meyering Joey Ye Jose E. Marchesi Joseph Anthony Pasquale Holsten Joseph Myers Julian Brown Khem Raj Konstantin Serebryany Kyle McMartin Ling Ma Ludovic Courtès Maciej W. Rozycki Marcus Shawcroft Mark Wielaard Marko Myllynen Meador Inge Mike Frysinger Ondřej Bílka Paul Eggert Paul Pluzhnikov Peter TB Brett Rajalakshmi Srinivasaraghavan Rasmus Villemoes Richard Earnshaw Richard Henderson Roland McGrath Sami Kerola Samuel Thibault Sean Anderson Serge Hallyn Siddhesh Poyarekar Sihai Yao Stefan Liebler Steve Ellcey Tomas Dohnalek Torvald Riegel Venkataramanan Kumar Vidya Ranganathan Wilco Wilco Dijkstra Will Newton Yang Yingliang Yufeng Zhang Yury Gribov Yvan Roux -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAABAgAGBQJUDBTZAAoJEPmf/g/q6Zm99pwH/1dlaqMxZ1SB7Nzk1C95URs+ AOihIh+Q5EYgqD3GnYp/evfMaHzZN7TTncZLXmDq6Ui7UiafYddFL91x06q/NzWN veCipwZC/RgCtQmEAkonVeREKauYrA4OGar86cU3HCIrpG2lGs/QXlhjvB/0HEay 3EJR90lARmZTjFX6nx78uiAzlpfPWhOiallr+Q6WTO4LSyIsf5obyaTNGNWAmWIj uotYaWjHr+cLwmiYxgO+6JuSOv7HxutnNer82hCH+k/2ppXyIh5RjqRbvbZFscax VNnfC5Hg/khzZdVXZXowAOkDvLagiQIwSHfTep80p5NeP+aJ2A+CK1ARYY0y8ts= =Yk2q -----END PGP SIGNATURE-----