The GNU C Library version 2.19 is now available

Allan McRae allan@archlinux.org
Fri Feb 7 22:03:00 GMT 2014


The GNU C Library
=================

The GNU C Library version 2.19 is now available.

The GNU C Library is used as *the* C library in the GNU systems
and most systems with the Linux kernel.

The GNU C Library is primarily designed to be a portable
and high performance C library.  It follows all relevant
standards including ISO C11 and POSIX.1-2008.  It is also
internationalized and has one of the most complete
internationalization interfaces known.

The GNU C Library webpage is at http://www.gnu.org/software/libc/

Packages for the 2.19 release may be downloaded from:
        http://ftpmirror.gnu.org/libc/
        http://ftp.gnu.org/gnu/libc/

The mirror list is at http://www.gnu.org/order/ftp.html

NEWS for version 2.19
=====================

* The following bugs are resolved with this release:

  156, 387, 431, 762, 832, 926, 2801, 4772, 6786, 6787, 6807, 6810, 6981,
  7003, 9721, 9954, 10253, 10278, 11087, 11157, 11214, 12100, 12486, 12751,
  12986, 13028, 13982, 13985, 14029, 14032, 14120, 14143, 14155, 14286,
  14547, 14699, 14752, 14782, 14876, 14910, 15004, 15048, 15073, 15089,
  15128, 15218, 15268, 15277, 15308, 15362, 15374, 15400, 15425, 15427,
  15483, 15522, 15531, 15532, 15593, 15601, 15608, 15609, 15610, 15632,
  15640, 15670, 15672, 15680, 15681, 15723, 15734, 15735, 15736, 15748,
  15749, 15754, 15760, 15763, 15764, 15797, 15799, 15825, 15843, 15844,
  15846, 15847, 15849, 15850, 15855, 15856, 15857, 15859, 15867, 15886,
  15887, 15890, 15892, 15893, 15895, 15897, 15901, 15905, 15909, 15915,
  15917, 15919, 15921, 15923, 15939, 15941, 15948, 15963, 15966, 15968,
  15985, 15988, 15997, 16032, 16034, 16036, 16037, 16038, 16041, 16046,
  16055, 16071, 16072, 16074, 16077, 16078, 16103, 16112, 16143, 16144,
  16146, 16150, 16151, 16153, 16167, 16169, 16172, 16195, 16214, 16245,
  16271, 16274, 16283, 16289, 16293, 16314, 16316, 16330, 16337, 16338,
  16356, 16365, 16366, 16369, 16372, 16375, 16379, 16384, 16385, 16386,
  16387, 16390, 16394, 16398, 16400, 16407, 16408, 16414, 16430, 16431,
  16453, 16474, 16506, 16510, 16529

* Slovenian translations for glibc messages have been contributed by the
  Translation Project's Slovenian team of translators.

* The public headers no longer use __unused nor __block.  This change is to
  support compiling programs that are derived from BSD sources and use
  __unused internally, and to support compiling with Clang's -fblock
  extension which uses __block.

* CVE-2012-4412 The strcoll implementation caches indices and rules for
  large collation sequences to optimize multiple passes.  This cache
  computation may overflow for large collation sequences and may cause a
  stack or buffer overflow.  This is now fixed to use a slower algorithm
  which does not use a cache if there is an integer overflow.

* CVE-2012-4424 The strcoll implementation uses malloc to cache indices and
  rules for large collation sequences to optimize multiple passes and falls
  back to alloca if malloc fails, resulting in a possible stack overflow.
  The implementation now falls back to an uncached collation sequence lookup
  if malloc fails.

* CVE-2013-4788 The pointer guard used for pointer mangling was not
  initialized for static applications resulting in the security feature
  being disabled. The pointer guard is now correctly initialized to a
  random value for static applications. Existing static applications need
  to be recompiled to take advantage of the fix (bug 15754).

* CVE-2013-4237 The readdir_r function could write more than NAME_MAX bytes
  to the d_name member of struct dirent, or omit the terminating NUL
  character.  (Bugzilla #14699).

* CVE-2013-4332 The pvalloc, valloc, memalign, posix_memalign and
  aligned_alloc functions could allocate too few bytes or corrupt the
  heap when passed very large allocation size values (Bugzilla #15855,
  #15856, #15857).

* CVE-2013-4458 Stack overflow in getaddrinfo with large number of results
  for AF_INET6 has been fixed (Bugzilla #16072).

* New locales: ak_GH, anp_IN, ar_SS, cmn_TW, hak_TW, lzh_TW, nan_TW, pap_AW,
  pap_CW, quz_PE, the_NP.

* Substantially revised locales: gd_GB, ht_HT

* The LC_ADDRESS field was updated to support country_car for almost all
  supported locales.

* ISO 1427 definitions were updated.

* ISO 3166 definitions were updated.

* The localedef utility now supports --big-endian and --little-endian
  command-line options to generate locales for a different system from that
  for which the C library was built.

* Binary locale files now only depend on the endianness of the system for
  which they are generated and not on other properties of that system.  As a
  consequence, binary files generated with new localedef may be incompatible
  with old versions of the GNU C Library, and binary files generated with
  old localedef may be incompatible with this version of the GNU C Library,
  in the following circumstances:

  + Locale files may be incompatible on m68k systems.

  + Locale archive files (but not separate files for individual locales) may
    be incompatible on systems where plain "char" is signed.

* The configure option --disable-versioning has been removed.  Builds with
  --disable-versioning had not worked for several years.

* ISO 639 definitions were updated for Chiga (cgg) and Chinese (gan,
hak, czh,
  cjy, lzh, cmn, mnp, cdo, czo, cpx, wuu, hsn, yue).

* SystemTap probes for malloc have been introduced.

* SystemTap probes for slow multiple precision fallback paths of
  transcendental functions have been introduced.

* Support for powerpc64le has been added.

* The soft-float powerpc port now supports e500 processors.

* Support for STT_GNU_IFUNC symbols added for ppc32/power4+ and ppc64.

* A new feature test macro _DEFAULT_SOURCE is available to enable the same
  set of header declarations that are enabled by default, even when other
  feature test macros or compiler options such as -std=c99 would otherwise
  disable some of those declarations.

* The _BSD_SOURCE feature test macro no longer enables BSD interfaces that
  conflict with POSIX.  The libbsd-compat library (which was a dummy library
  that did nothing) has also been removed.

* Preliminary documentation about Multi-Thread, Async-Signal and
  Async-Cancel Safety has been added.

Contributors
============

This release was made possible by the contributions of many people.
The maintainers are grateful to everyone who has contributed
changes or bug reports.  These include:

Adam Buchbinder
Adam Conrad
Adhemerval Zanella
Alan Modra
Alexandre Oliva
Allan McRae
Andreas Arnez
Andreas Jaeger
Andreas Krebbel
Andreas Schwab
Andrew Hunter
Andrew Pinski
Anton Blanchard
Arun Kumar Pyasi
Aurelien Jarno
Brooks Moses
Bruno Haible
Carlos O'Donell
Chris Leonard
Chris Metcalf
Chung-Lin Tang
David Holsgrove
David S. Miller
Eric Biggers
Eric Blake
Eric Wong
Fabrice Bauzac
Fernando J. V. da Silva
Florian Weimer
Guy Martin
H.J. Lu
Jan Kratochvil
Jia Liu
Joseph Myers
Kaz Kojima
Liubov Dmitrieva
Maciej W. Rozycki
Marc-Antoine Perennou
Marcus Shawcroft
Marko Myllynen
Markus Trippelsdorf
Maxim Kuvyrkov
Meador Inge
Michael Bauer
Michael Stahl
Mike Frysinger
Olivier Langlois
Ondřej Bílka
Patrick 'P. J.' McDermott
Paul Eggert
Paul Pluzhnikov
Pavel Simerda
Petr Machata
Rajalakshmi Srinivasaraghavan
Reuben Thomas
Richard Henderson
Richard Sandiford
Roland McGrath
Ryan S. Arnold
Sami Kerola
Samuel Thibault
Siddhesh Poyarekar
Stefan Liebler
Steve Ellcey
Thomas Schwinge
Toke Høiland-Jørgensen
Tom Tromey
Torvald Riegel
Ulrich Weigand
Uros Bizjak
Venkataramanan Kumar
Ville Skytta
Vinitha Vijayan
Wei-Lun Chao
Will Newton
Yogesh Chaudhari
Yuri Chornoivan
Yuriy Kaminskiy



More information about the Libc-announce mailing list