The GNU C Library version 2.38 is now available
Umit Sami
umit.sami@memcus.com
Sun Aug 6 03:25:26 GMT 2023
Congratulations and Godspeed !
Umit
*------------------------*
*Umit D. Sami*
Founder and CEO - Memcus Inc.
*Cell:* (857) 472-0480
*Email:* umit.sami@memcus.com
On Fri, Aug 4, 2023 at 11:47 AM Andreas K. Huettel via Libc-announce <
libc-announce@sourceware.org> wrote:
> The GNU C Library
> =================
>
> The GNU C Library version 2.38 is now available.
>
> The GNU C Library is used as *the* C library in the GNU system and
> in GNU/Linux systems, as well as many other systems that use Linux
> as the kernel.
>
> The GNU C Library is primarily designed to be a portable
> and high performance C library. It follows all relevant
> standards including ISO C11 and POSIX.1-2017. It is also
> internationalized and has one of the most complete
> internationalization interfaces known.
>
> The GNU C Library webpage is at http://www.gnu.org/software/libc/
>
> Packages for the 2.38 release may be downloaded from:
> http://ftpmirror.gnu.org/libc/
> http://ftp.gnu.org/gnu/libc/
>
> The mirror list is at http://www.gnu.org/order/ftp.html
>
> Distributions are encouraged to track the release/* branches
> corresponding to the releases they are using. The release
> branches will be updated with conservative bug fixes and new
> features while retaining backwards compatibility.
>
> NEWS for version 2.38
> =====================
>
> Major new features:
>
> * When C2X features are enabled and the base argument is 0 or 2, the
> following functions support binary integers prefixed by 0b or 0B as
> input: strtol, strtoll, strtoul, strtoull, strtol_l, strtoll_l,
> strtoul_l, strtoull_l, strtoimax, strtoumax, strtoq, strtouq, wcstol,
> wcstoll, wcstoul, wcstoull, wcstol_l, wcstoll_l, wcstoul_l,
> wcstoull_l, wcstoimax, wcstoumax, wcstoq, wcstouq. Similarly, the
> following functions support binary integers prefixed by 0b or 0B as
> input to the %i format: fscanf, scanf, sscanf, vscanf, vsscanf,
> vfscanf, fwscanf, wscanf, swscanf, vfwscanf, vwscanf, vswscanf; those
> functions also support the %b format for binary integers, with or
> without such a prefix and independent of standards mode.
>
> * PRIb*, PRIB* and SCNb* macros from C2X have been added to
> <inttypes.h>.
>
> * printf-family functions now support the wN format length modifiers for
> arguments of type intN_t, int_leastN_t, uintN_t or uint_leastN_t (for
> example, %w32d to print int32_t or int_least32_t in decimal, or %w32x
> to print uint32_t or uint_least32_t in hexadecimal) and the wfN format
> length modifiers for arguments of type int_fastN_t or uint_fastN_t, as
> specified in draft ISO C2X.
>
> * A new tunable, glibc.pthread.stack_hugetlb, can be used to disable
> Transparent Huge Pages (THP) in stack allocation at pthread_create.
>
> * Support for x86_64 running on Hurd has been added. This port requires
> as least binutils 2.40 and GCC 13:
>
> - x86_64-gnu
>
> * Vector math library libmvec support has been added to AArch64. It
> requires GCC version >= 10.1.0. It can be disabled via
> "--disable-mathvec", however that is not a supported configuration as
> it changes the ABI. The symbol names follow the AArch64 vector ABI,
> they are declared in math.h and have to be called manually at this point.
>
> * The strlcpy and strlcat functions have been added. They are derived
> from OpenBSD, and are expected to be added to a future POSIX version.
>
> * A new configure option, "--enable-fortify-source", can be used to build
> the
> GNU C Library with _FORTIFY_SOURCE. The level of fortification can
> either be
> provided, or is set to the highest value supported by the compiler. If
> not
> explicitly enabled, then fortify source is forcibly disabled so to keep
> original behavior unchanged.
>
> Deprecated and removed features, and other changes affecting compatibility:
>
> * libcrypt is no longer built by default; one may use the "--enable-crypt"
> option to build libcrypt. libcrypt is likely to be removed from the
> GNU C Library in a future release, so it is recommended that
> applications port away from it to an alternative such as libxcrypt.
>
> * In the Linux kernel for the hppa/parisc architecture some of the
> MADV_XXX constants were changed to have the same values as the other
> architectures. New programs compiled with this glibc version and which
> use the madvise call will require at least Linux kernel version 6.2,
> alternatively stable kernels from versions 6.1.6, 5.15.87, 5.10.163,
> 5.4.228, 4.19.270 or 4.14.303.
>
> * The "--disable-experimental-malloc" option is no longer available. The
> per-thread cache can still be disabled per-application using tunables
> (glibc.malloc.tcache_count set to zero).
>
> * The configure option "--enable-tunables" has been removed. The tunable
> feature is now always enabled.
>
> Changes to build and runtime requirements:
>
> * Building libmvec on AArch64 requires at a minimum GCC 10.1.0 for SVE
> ACLE.
>
> Security related changes:
>
> CVE-2023-25139: When the printf family of functions is called with a
> format specifier that uses an <apostrophe> (enable grouping) and a
> minimum width specifier, the resulting output could be larger than
> reasonably expected by a caller that computed a tight bound on the
> buffer size. The resulting larger than expected output could result
> in a buffer overflow in the printf family of functions.
>
> The following bugs are resolved with this release:
>
> [178] string: Please add strlcpy and strlcat (attached)
> [14697] nptl: Behavior of exit is nonconformant with respect to
> threads and stdio
> [15142] stdio: Missing locking in _IO_cleanup
> [18096] glob: null deref in wordexp/parse_dollars/parse_arith
> [18906] stdio: fopen: ccs value may affect open mode
> [24466] stdio: Feature request: provide special printf formats for
> intXX_t
> [25457] nss: hosts lookup fails for ipv4mapped ipv6 addresses
> [28519] libc: system and popen should pass "--" between /bin/sh and
> argument
> [29016] stdio: popen() sets errno to ENOMEM when shell does not exist
> [29591] string: wcsnlen length can overflow in page cross case.
> [30053] time: strftime %s returns -1 after 2038 on 32 bits systems
> [30068] stdio: incorrect printf output for integers with thousands
> separator and width field (CVE-2023-25139)
> [30111] time: support_descriptors_list fails after 2038 on 32 bits
> systems
> [30125] dynamic-link: [regression, bisected] glibc-2.37 creates new
> symlink for libraries without soname
> [30130] math: [s390] The _FPU_SETCW macro yields compile error with
> Clang
> [30156] time: Potential ntp_gettime abi break
> [30235] libc: Missing fallback in getlogin if loginuid is unset
> [30258] dynamic-link: sprof cannot read and display shared object
> profiling data correctly
> [30263] libc: Add test coverage for abs(), labs(), and llabs().
> [30305] math: Incorrect asm constraint in feraiseexcept on x86-64
> [30402] libc: FAIL: elf/tst-glibcelf
> [30425] dynamic-link: Symbol lookup during dlclose may fail
> unnecessarily
> [30435] dynamic-link: Root dir wrongly marked as nonexist in open_path
> [30477] libc: [RISCV]: time64 does not work on riscv32
> [30515] dynamic-link: _dl_find_object incorrectly returns 1 during
> early startup
> [30527] network: resolv_conf lock not unlocked on allocation failure
> [30550] math: powerpc64le: GCC-specific code for isinf() is being used
> on clang
> [30555] string: strerror can incorrectly return NULL
> [30579] malloc: trim_threshold in realloc lead to high memory usage
> [30662] nscd: Group and password cache use errno in place of errval
>
>
> Release Notes
> =============
>
> https://sourceware.org/glibc/wiki/Release/2.38
>
> Contributors
> ============
>
> This release was made possible by the contributions of many people.
> The maintainers are grateful to everyone who has contributed
> changes or bug reports. These include:
>
> Adam Yi
> Adhemerval Zanella Netto
> Alejandro Colomar
> Andreas Arnez
> Andreas K. Hüttel
> Andreas Schwab
> Arjun Shankar
> Arsen Arsenović
> Aurelien Jarno
> Ayush Mittal
> Bert Wesarg
> Carlos O'Donell
> Cupertino Miranda
> DJ Delorie
> Dridi Boukelmoune
> Flavio Cruz
> Florian Weimer
> Frédéric Bérat
> Gavin Smith
> Guy-Fleury Iteriteka
> H.J. Lu
> Hsiangkai Wang
> Indu Bhagat
> Jan-Benedict Glaw
> Joan Bruguera
> Joe Ramsay
> Joe Simmons-Talbott
> John David Anglin
> Joseph Myers
> Julian Squires
> Jun Tang
> Kacper Piwiński
> Kito Cheng
> Mahesh Bodapati
> Martin Coufal
> Maxim Kuvyrkov
> Nisha Menon
> Noah Goldstein
> Paul Eggert
> Paul Pluzhnikov
> Paul Zimmermann
> Pavel Kozlov
> Qihao Chencao
> Qixing ksyx Xue
> Richard Henderson
> Robert Morell
> Romain Geissler
> Ronan Pigott
> Roy Eldar
> Sachin Monga
> Sam James
> Samuel Thibault
> Sergey Bugaev
> Siddhesh Poyarekar
> Simon Kissane
> Stefan Liebler
> Szabolcs Nagy
> Tulio Magno Quites Machado Filho
> Vitaly Buka
> Wilco Dijkstra
> Xi Ruoyao
> Ying Huang
> abushwang
> caiyinyu
> quxm
> Леонид Юрьев (Leonid Yuriev)
> наб
>
> We would like to call out the following and thank them for their
> tireless patch review:
>
> Adhemerval Zanella
> Andreas K. Hüttel
> Arjun Shankar
> Aurelien Jarno
> Carlos Eduardo Seo
> Carlos O'Donell
> DJ Delorie
> Florian Weimer
> Joe Simmons-Talbott
> Noah Goldstein
> Palmer Dabbelt
> Paul E. Murphy
> Rajalakshmi Srinivasaraghavan
> Richard Henderson
> Siddhesh Poyarekar
> Szabolcs Nagy
> Wilco Dijkstra
>
> --
> Andreas K. Hüttel
> dilfridge@gentoo.org
> Gentoo Linux developer
> (council, toolchain, base-system, perl, releng)
> https://wiki.gentoo.org/wiki/User:Dilfridge
> https://www.akhuettel.de/
>
More information about the Libc-alpha
mailing list