X-Git-Url: https://sourceware.org/git/?a=blobdiff_plain;f=NEWS;h=ccc4d135b9edcee6bc5c90f4774d15b07ccb3917;hb=2959eda9272a03386;hp=1f839bce2a70e71b7519f5103a89071526aee8cf;hpb=1c7a4a51a30dd001c81630156458ee55fc2e883c;p=glibc.git diff --git a/NEWS b/NEWS index 1f839bce2a..ccc4d135b9 100644 --- a/NEWS +++ b/NEWS @@ -9,7 +9,31 @@ Version 2.22 * The following bugs are resolved with this release: - 17932. + 4719, 6792, 13064, 14094, 14841, 14906, 15319, 15467, 15790, 15969, 16351, + 16512, 16560, 16783, 16850, 17090, 17195, 17269, 17523, 17542, 17569, + 17588, 17596, 17620, 17621, 17628, 17631, 17711, 17776, 17779, 17792, + 17836, 17912, 17916, 17930, 17932, 17944, 17949, 17964, 17965, 17967, + 17969, 17978, 17987, 17991, 17996, 17998, 17999, 18019, 18020, 18029, + 18030, 18032, 18036, 18038, 18039, 18042, 18043, 18046, 18047, 18068, + 18080, 18093, 18100, 18104, 18110, 18111, 18128, 18138, 18185, 18197, + 18206, 18210, 18211, 18247, 18287. + +* A buffer overflow in gethostbyname_r and related functions performing DNS + requests has been fixed. If the NSS functions were called with a + misaligned buffer, the buffer length change due to pointer alignment was + not taken into account. This could result in application crashes or, + potentially arbitrary code execution, using crafted, but syntactically + valid DNS responses. (CVE-2015-1781) + +* A powerpc and powerpc64 optimization for TLS, similar to TLS descriptors + for LD and GD on x86 and x86-64, has been implemented. You will need + binutils-2.24 or later to enable this optimization. + +* Character encoding and ctype tables were updated to Unicode 7.0.0, using + new generator scripts contributed by Pravin Satpute and Mike FABIAN (Red + Hat). These updates cause user visible changes, such as the fix for bug + 17998. + Version 2.21 @@ -27,10 +51,11 @@ Version 2.21 17801, 17803, 17806, 17834, 17844, 17848, 17868, 17869, 17870, 17885, 17892. -* CVE-2015-1472 Under certain conditions wscanf can allocate too little - memory for the to-be-scanned arguments and overflow the allocated - buffer. The implementation now correctly computes the required buffer - size when using malloc. +* CVE-2015-1472 CVE-2015-1473 Under certain conditions wscanf can allocate + too little memory for the to-be-scanned arguments and overflow the + allocated buffer. The implementation now correctly computes the required + buffer size when using malloc, and switches to malloc from alloca as + intended. * A new semaphore algorithm has been implemented in generic C code for all machines. Previous custom assembly implementations of semaphore were @@ -59,7 +84,7 @@ Version 2.21 * CVE-2104-7817 The wordexp function could ignore the WRDE_NOCMD flag under certain input conditions resulting in the execution of a shell for - command substitution when the applicaiton did not request it. The + command substitution when the application did not request it. The implementation now checks WRDE_NOCMD immediately before executing the shell and returns the error WRDE_CMDSUB as expected. @@ -111,21 +136,21 @@ Version 2.20 * The following bugs are resolved with this release: - 6804, 9894, 12994, 13347, 13651, 14308, 14770, 15119, 15132, 15347, 15514, - 15698, 15804, 15894, 15946, 16002, 16064, 16095, 16194, 16198, 16275, - 16284, 16287, 16315, 16348, 16349, 16354, 16357, 16362, 16447, 16516, - 16532, 16539, 16545, 16561, 16562, 16564, 16574, 16599, 16600, 16609, - 16610, 16611, 16613, 16619, 16623, 16629, 16632, 16634, 16639, 16642, - 16648, 16649, 16670, 16674, 16677, 16680, 16681, 16683, 16689, 16695, - 16701, 16706, 16707, 16712, 16713, 16714, 16724, 16731, 16739, 16740, - 16743, 16754, 16758, 16759, 16760, 16770, 16786, 16789, 16791, 16796, - 16799, 16800, 16815, 16823, 16824, 16831, 16838, 16839, 16849, 16854, - 16876, 16877, 16878, 16882, 16885, 16888, 16890, 16892, 16912, 16915, - 16916, 16917, 16918, 16922, 16927, 16928, 16932, 16943, 16958, 16965, - 16966, 16967, 16977, 16978, 16984, 16990, 16996, 17009, 17022, 17031, - 17042, 17048, 17050, 17058, 17061, 17062, 17069, 17075, 17078, 17079, - 17084, 17086, 17088, 17092, 17097, 17125, 17135, 17137, 17150, 17153, - 17187, 17213, 17259, 17261, 17262, 17263, 17319, 17325, 17354. + 6804, 9894, 11505, 12994, 13347, 13651, 14308, 14770, 15119, 15132, 15347, + 15514, 15698, 15804, 15894, 15946, 16002, 16064, 16095, 16194, 16198, + 16275, 16284, 16287, 16315, 16348, 16349, 16354, 16357, 16362, 16447, + 16516, 16532, 16539, 16545, 16561, 16562, 16564, 16574, 16599, 16600, + 16609, 16610, 16611, 16613, 16619, 16623, 16629, 16632, 16634, 16639, + 16642, 16648, 16649, 16670, 16674, 16677, 16680, 16681, 16683, 16689, + 16695, 16701, 16706, 16707, 16712, 16713, 16714, 16724, 16731, 16739, + 16740, 16743, 16754, 16758, 16759, 16760, 16770, 16786, 16789, 16791, + 16796, 16799, 16800, 16815, 16823, 16824, 16831, 16838, 16839, 16849, + 16854, 16876, 16877, 16878, 16882, 16885, 16888, 16890, 16892, 16912, + 16915, 16916, 16917, 16918, 16922, 16927, 16928, 16932, 16943, 16958, + 16965, 16966, 16967, 16977, 16978, 16984, 16990, 16996, 17009, 17022, + 17031, 17042, 17048, 17050, 17058, 17061, 17062, 17069, 17075, 17078, + 17079, 17084, 17086, 17088, 17092, 17097, 17125, 17135, 17137, 17150, + 17153, 17187, 17213, 17259, 17261, 17262, 17263, 17319, 17325, 17354. * Reverted change of ABI data structures for s390 and s390x: On s390 and s390x the size of struct ucontext and jmp_buf was increased in