The GNU C Library version 2.23 is now available

Adhemerval Zanella adhemerval.zanella@linaro.org
Mon Feb 22 15:16:00 GMT 2016


The GNU C Library
=================

The GNU C Library version 2.23 is now available.

The GNU C Library is used as *the* C library in the GNU system and
in GNU/Linux systems, as well as many other systems that use Linux
as the kernel.

The GNU C Library is primarily designed to be a portable
and high performance C library.  It follows all relevant
standards including ISO C11 and POSIX.1-2008.  It is also
internationalized and has one of the most complete
internationalization interfaces known.

The GNU C Library webpage is at http://www.gnu.org/software/libc/

Packages for the 2.23 release may be downloaded from:
        http://ftpmirror.gnu.org/libc/
        http://ftp.gnu.org/gnu/libc/

The mirror list is at http://www.gnu.org/order/ftp.html

NEWS for version 2.23
=====================

* Unicode 8.0.0 Support: Character encoding, character type info, and
  transliteration tables are all updated to Unicode 8.0.0, using new
  and/or improved generator scripts contributed by Mike FABIAN (Red Hat).
  These updates cause user visible changes, such as the fixes for bugs
  89, 16061, and 18568.

* sched_setaffinity, pthread_setaffinity_np no longer attempt to guess the
  kernel-internal CPU set size.  This means that requests that change the
  CPU affinity which failed before (for example, an all-ones CPU mask) will
  now succeed.  Applications that need to determine the effective CPU
  affinities need to call sched_getaffinity or pthread_getaffinity_np after
  setting it because the kernel can adjust it (and the previous size check
  would not detect this in the majority of cases).

* The fts.h header can now be used with -D_FILE_OFFSET_BITS=64.  With LFS
  the following new symbols are used: fts64_children, fts64_close,
  fts64_open, fts64_read and fts64_set.

* getaddrinfo now detects certain invalid responses on an internal netlink
  socket.  If such responses are received, an affected process will
  terminate with an error message of "Unexpected error <number> on netlink
  descriptor <number>" or "Unexpected netlink response of size <number> on
  descriptor <number>".  The most likely cause for these errors is a
  multi-threaded application which erroneously closes and reuses the netlink
  file descriptor while it is used by getaddrinfo.

* A defect in the malloc implementation, present since glibc 2.15 (2012) or
  glibc 2.10 via --enable-experimental-malloc (2009), could result in the
  unnecessary serialization of memory allocation requests across threads.
  The defect is now corrected.  Users should see a substantial increase in
  the concurent throughput of allocation requests for applications which
  trigger this bug.  Affected applications typically create and destroy
  threads frequently.  (Bug 19048 was reported and analyzed by Ericsson.)

* There is now a --disable-timezone-tools configure option for disabling the
  building and installing of the timezone related utilities (zic, zdump, and
  tzselect).  This is useful for people who build the timezone data and code
  independent of the GNU C Library.

* The obsolete header <regexp.h> has been removed.  Programs that require
  this header must be updated to use <regex.h> instead.

* The obsolete functions bdflush, create_module, get_kernel_syms,
  query_module and uselib are no longer available to newly linked binaries;
  the header <sys/kdaemon.h> has been removed.  These functions and header
  were specific to systems using the Linux kernel and could not usefully be
  used with the GNU C Library on systems with version 2.6 or later of the
  Linux kernel.

* Optimized string, wcsmbs and memory functions for IBM z13.
  Implemented by Stefan Liebler.

* Newly linked programs that define a variable called signgam will no longer
  have it set by the lgamma, lgammaf and lgammal functions.  Programs that
  require signgam to be set by those functions must ensure that they use the
  variable provided by the GNU C Library and declared in <math.h>, without
  defining their own copy.

* The minimum GCC version that can be used to build this version of the GNU
  C Library is GCC 4.7.  Older GCC versions, and non-GNU compilers, can
  still be used to compile programs using the GNU C Library.

Security related changes:

* An out-of-bounds value in a broken-out struct tm argument to strftime no
  longer causes a crash.  Reported by Adam Nielsen.  (CVE-2015-8776)

* The LD_POINTER_GUARD environment variable can no longer be used to disable
  the pointer guard feature.  It is always enabled.  Previously,
  LD_POINTER_GUARD could be used to disable security hardening in binaries
  running in privileged AT_SECURE mode.  Reported by Hector Marco-Gisbert.
  (CVE-2015-8777)

* An integer overflow in hcreate and hcreate_r could lead to an
  out-of-bounds memory access.  Reported by Szabolcs Nagy.  (CVE-2015-8778)

* The catopen function no longer has unbounded stack usage.  Reported by
  Max.  (CVE-2015-8779)

* The nan, nanf and nanl functions no longer have unbounded stack usage
  depending on the length of the string passed as an argument to the
  functions.  Reported by Joseph Myers.  (CVE-2014-9761)

* A stack-based buffer overflow was found in libresolv when invoked from
  libnss_dns, allowing specially crafted DNS responses to seize control
  of execution flow in the DNS client.  The buffer overflow occurs in
  the functions send_dg (send datagram) and send_vc (send TCP) for the
  NSS module libnss_dns.so.2 when calling getaddrinfo with AF_UNSPEC
  family.  The use of AF_UNSPEC triggers the low-level resolver code to
  send out two parallel queries for A and AAAA.  A mismanagement of the
  buffers used for those queries could result in the response of a query
  writing beyond the alloca allocated buffer created by
  _nss_dns_gethostbyname4_r.  Buffer management is simplified to remove
  the overflow.  Thanks to the Google Security Team and Red Hat for
  reporting the security impact of this issue, and Robert Holiday of
  Ciena for reporting the related bug 18665. (CVE-2015-7547)

The following bugs are resolved with this release:

  [89] localedata: Locales nb_NO and nn_NO should transliterate æøå
  [887] math: Math library function "logb" and "nextafter" inconsistent
  [2542] math: Incorrect return from float gamma (-0X1.FA471547C2FE5P+1)
  [2543] math: Incorrect return from float gamma (-0X1.9260DCP+1)
  [2558] math: Incorrect return from double gamma (-0X1.FA471547C2FE5P+1)
  [2898] libc: [improve]  warning: the use  of `mktemp' is dangerous, better
    use `mkstemp'
  [4404] localedata: German translation of "Alarm clock" is misleading
  [6799] math: nextafter() and nexttoward() doen't set errno on
    overflow/underflow errors
  [6803] math: scalb(), scalbln(), scalbn() do not set errno on
    overflow/underflow
  [10432] nis: _nss_nis_setnetgrent assertion failure
  [11460] libc: fts has no LFS support
  [12926] network: getaddrinfo()/make_request() may spin forever
  [13065] nptl: Race condition in pthread barriers
  [13690] nptl: pthread_mutex_unlock potentially cause invalid access
  [14341] dynamic-link: Dynamic linker crash when DT_JMPREL and DT_REL{,A}
    are not contiguous
  [14551] math: [ldbl-128ibm] strtold overflow handling for IBM long double
  [14912] libc: Rename non-installed bits/*.h headers
  [15002] libc: Avoid undefined behavior in posix_fallocate overflow check
  [15367] math: Let gcc use __builtin_isinf
  [15384] math: One constant fewer in ieee754/dbl-64/wordsize-64/s_finite.c
  [15421] math: lgamma wrongly sets signgam for ISO C
  [15470] math: [arm] On ARM llrintl() and llroundl() do not raise
    FE_INVALID with argument out of range
  [15491] math: [i386/x86_64] x86 nearbyint implementations wrongly clear
    all exceptions
  [15786] dynamic-link: ifunc resolver functions can smash function
    arguments
  [15918] math: Unnecessary check for equality in hypotf()
  [16061] localedata: Review / update transliteration data
  [16068] math: [i386/x86_64] x86 and x86_64 fesetenv exclude state they
    should include
  [16141] time: strptime %z offset restriction
  [16171] math: drem should be alias of remainder
  [16296] math: fegetround is pure?
  [16347] math: [ldbl-128ibm] ldbl-128/e_lgammal_r.c may not be suitable.
  [16364] libc: sleep may leave SIGCHLD blocked on sync cancellation on
    GNU/Linux
  [16399] math: [mips] lrint / llrint / lround / llround missing exceptions
  [16415] math: Clean up ldbl-128 / ldbl-128ibm expm1l for large positive
    arguments
  [16422] math: [powerpc] math-float, math-double failing llrint tests with
    "Exception "Inexact" set" on ppc32
  [16495] localedata: nl_NL: date_fmt: shuffle year/month around
  [16517] math: Missing underflow exception from tanf/tan/tanl
  [16519] math: Missing underflow exception from sinhf
  [16520] math: Missing underflow exception from tanhf
  [16521] math: Missing underflow exception from exp2
  [16620] math: [ldbl-128ibm] exp10l spurious overflows / bad directed
    rounding results
  [16734] stdio: fopen calls mmap to allocate its buffer
  [16961] math: nan function incorrect handling of bad sequences
  [16962] math: nan function unbounded stack allocation (CVE-2014-9761)
  [16973] localedata: Fix lang_lib/lang_term as per ISO 639-2
  [16985] locale: localedef: confusing error message when opening output
    fails
  [17118] math: ctanh(INFINITY + 2 * I) returns incorrect value
  [17197] locale: Redundant shift character in iconv conversion output at
    block boundary
  [17243] libc: trunk/posix/execl.c:53: va_args problem ?
  [17244] libc: trunk/sysdeps/unix/sysv/linux/semctl.c:116: va_args muxup ?
  [17250] dynamic-link: static linking breaks nss loading
    (getaddrinfo/getpwnam/etc...)
  [17404] libc: atomic_exchange_rel lacking a barrier on MIPS16, GCC before
    4.7?
  [17441] math: isnan() should use __builtin_isnan() in GCC
  [17514] nptl: Assert failure unlocking ERRORCHECK mutex after timedlock
    (related to lock elision)
  [17787] manual: Exponent on page 324 of the PDF ends prematurely
  [17886] time: strptime should be able to parse "Z" as a timezone with %z
  [17887] time: strptime should be able to parse "+01:00" style timezones
  [17905] libc: catopen() Multiple unbounded stack allocations
    (CVE-2015-8779)
  [18084] libc: backtrace (..., 0) dumps core on x86
  [18086] libc: nice() sets errno to 0 on success
  [18240] libc: hcreate, hcreate_r should fail with ENOMEM if element count
    is too large (CVE-2015-8778)
  [18251] dynamic-link: SONAME missing when audit modules provides path
  [18265] libc: add attributes for wchar string and memory functions
  [18370] math: csqrt missing underflows
  [18421] libc: [hppa] read-only segment has dynamic relocations
  [18472] libc: Obsolete syscall wrappers should be compat symbols
  [18480] libc: hppa glibc miscompilation in sched_setaffinity()
  [18491] localedata: Update tr_TR LC_CTYPE as part of Unicode updates
  [18525] localedata: Remove locale timezone information
  [18560] libc: [powerpc] spurious bits/ipc.h definitions
  [18568] localedata: Update locale data to Unicode 8.0
  [18589] locale: sort-test.sh fails at random
  [18595] math: ctan, ctanh missing underflows
  [18604] libc: assert macro-expands its argument
  [18610] math: S390: fetestexcept() reports any exception if DXC-code
    contains a vector instruction exception.
  [18611] math: j1, jn missing errno setting on underflow
  [18618] localedata: sync Chechen locale definitions with other *_RU
    locales
  [18647] math: powf(-0x1.000002p0, 0x1p30) returns 0 instead of +inf
  [18661] libc: Some x86-64 assembly codes don't align stack to 16 bytes
  [18665] network: In send_dg, the recvfrom function is NOT always using the
    buffer size of a newly created buffer (CVE-2015-7547)
  [18674] libc: [i386] trunk/sysdeps/i386/tst-auditmod3b.c:84: possible
    missing break ?
  [18675] libc: fpathconf(_PC_NAME_MAX) fails against large filesystems for
    32bit processes
  [18681] libc: regexp.h is obsolete and buggy, and should be desupported
  [18699] math: tilegx cproj() for various complex infinities does not yield
    infinity
  [18724] libc: Harden put*ent functions against data injection
  [18743] nptl: PowerPC: findutils testcase fails with --enable-lock-elision
  [18755] build: build errors with -DNDEBUG
  [18757] stdio: fmemopen fails to set errno on failure
  [18778] dynamic-link: ld.so crashes if failed dlopen causes libpthread to
    be forced unloaded
  [18781] libc: openat64 lacks O_LARGEFILE
  [18787] libc: [hppa] sysdeps/unix/sysv/linux/hppa/bits/atomic.h:71:6:
    error: can’t find a register in class ‘R1_REGS’ while reloading ‘asm’
  [18789] math: [ldbl-128ibm] sinhl inaccurate near 0
  [18790] math: [ldbl-128ibm] tanhl inaccurate
  [18795] libc: stpncpy fortification misses buffer lengths that are
    statically too large
  [18796] build: build fails for --disable-mathvec
  [18803] math: hypot missing underflows
  [18820] stdio: fmemopen may leak memory on failure
  [18823] math: csqrt spurious underflows
  [18824] math: fma spurious underflows
  [18825] math: pow missing underflows
  [18857] math: [ldbl-128ibm] nearbyintl wrongly uses signaling comparisons
  [18868] nptl: pthread_barrier_init typo has in-theory-undefined behavior
  [18870] build: sem_open.c fails to compile with missing symbol
    FUTEX_SHARED
  [18872] stdio: Fix memory leak in printf_positional
  [18873] libc: posix_fallocate overflow check ineffective
  [18875] math: Excess precision leads incorrect libm
  [18877] libc: arm: mmap offset regression
  [18887] libc: memory corruption when using getmntent on blank lines
  [18918] localedata: hu_HU: change time to HH:MM:SS format
  [18921] libc: Regression: extraneous stat() and fstat() performed by
    opendir()
  [18928] dynamic-link: LD_POINTER_GUARD is not ignored for privileged
    binaries (CVE-2015-8777)
  [18951] math: tgamma missing underflows
  [18952] math: [ldbl-128/ldbl-128ibm] lgammal spurious "invalid", incorrect
    signgam
  [18953] localedata: lt_LT: change currency symbol to the euro
  [18956] math: powf inaccuracy
  [18961] math: [i386] exp missing underflows
  [18966] math: [i386] exp10 missing underflows
  [18967] math: math.h XSI POSIX namespace (gamma, isnan, scalb)
  [18969] build: multiple string test failures due to missing locale
    dependencies
  [18970] libc: Reference of pthread_setcancelstate in libc.a
  [18977] math: float / long double Bessel functions not in XSI POSIX
  [18980] math: i386 libm functions return with excess range and precision
  [18981] math: i386 scalb*, ldexp return with excess range and precision
  [18982] stdio: va_list and vprintf
  [18985] time: Passing out of range data to strftime() causes a segfault
    (CVE-2015-8776)
  [19003] math: [x86_64] fma4 version of pow inappropriate contraction
  [19007] libc: FAIL: elf/check-localplt with -z now and binutils 2.26
  [19012] locale: iconv_open leaks memory on error path
  [19016] math: clog, clog10 inaccuracy
  [19018] nptl: Mangle function pointers in tls_dtor_list
  [19032] math: [i386] acosh (-qNaN) spurious "invalid" exception
  [19046] math: ldbl-128 / ldbl-128ibm lgamma bad overflow handling
  [19048] malloc: malloc: arena free list can become cyclic, increasing
    contention
  [19049] math: [powerpc] erfc incorrect zero sign
  [19050] math: [powerpc] log* incorrect zero sign
  [19058] math: [x86_64] Link fail with -fopenmp and -flto
  [19059] math: nexttoward overflow incorrect in non-default rounding modes
  [19071] math: ldbl-96 lroundl incorrect just below powers of 2
  [19074] network: Data race in _res_hconf_reorder_addrs
  [19076] math: [ldbl-128ibm] log1pl (-1) wrong sign of infinity
  [19077] math: [ldbl-128ibm] logl (1) incorrect sign of zero result
  [19078] math: [ldbl-128ibm] expl overflow incorrect in non-default
    rounding modes
  [19079] math: dbl-64/wordsize-64 lround based on llround incorrect for
    ILP32
  [19085] math: ldbl-128 lrintl, lroundl missing exceptions for 32-bit long
  [19086] manual: posix_fallocate64 documented argument order is wrong.
  [19088] math: lround, llround missing exceptions close to overflow
    threshold
  [19094] math: lrint, llrint missing exceptions close to overflow threshold
  [19095] math: dbl-64 lrint incorrect for 64-bit long
  [19122] dynamic-link: Unnecessary PLT relocations in librtld.os
  [19124] dynamic-link: ld.so failed to build with older assmebler
  [19125] math: [powerpc32] llroundf, llround incorrect exceptions
  [19129] dynamic-link: [arm] Concurrent lazy TLSDESC resolution can crash
  [19134] math: [powerpc32] lround, lroundf spurious exceptions
  [19137] libc: i386/epoll_pwait.S doesn't support cancellation
  [19143] nptl: Remove CPU set size checking from sched_setaffinity,
    pthread_setaffinity_np
  [19156] math: [ldbl-128] j0l spurious underflows
  [19164] nptl: tst-getcpu fails with many possible CPUs
  [19168] math: math/test-ildoubl and math/test-ldouble failure
  [19174] nptl: PowerPC: TLE enabled pthread mutex performs poorly.
  [19178] dynamic-link: ELF_RTYPE_CLASS_EXTERN_PROTECTED_DATA confuses
    prelink
  [19181] math: [i386/x86_64] fesetenv (FE_DFL_ENV), fesetenv
    (FE_NOMASK_ENV) do not clear SSE exceptions
  [19182] malloc: malloc deadlock between ptmalloc_lock_all and
    _int_new_arena/reused_arena
  [19189] math: [ldbl-128] log1pl (-qNaN) spurious "invalid" exception
  [19201] math: dbl-64 remainder incorrect sign of zero result
  [19205] math: bits/math-finite.h conditions do not match math.h and
    bits/mathcalls.h
  [19209] math: bits/math-finite.h wrongly maps ldexp to scalbn
  [19211] math: lgamma functions do not set signgam for -ffinite-math-only
    for C99-based standards
  [19212] libc: features.h not -Wundef clean
  [19213] math: [i386/x86_64] log* (1) incorrect zero sign for -ffinite-
    math-only
  [19214] libc: Family and model identification for AMD CPU's are incorrect.
  [19219] libc: GLIBC build fails for ia64 with missing __nearbyintl
  [19228] math: [powerpc] nearbyint wrongly clears "inexact", leaves traps
    disabled
  [19235] math: [powerpc64] lround, lroundf, llround, llroundf spurious
    "inexact" exceptions
  [19238] math: [powerpc] round, roundf spurious "inexact" for integer
    arguments
  [19242] libc: strtol incorrect in Turkish locales
  [19243] malloc: reused_arena can pick an arena on the free list, leading
    to an assertion failure and reference count corruption
  [19253] time: tzset() ineffective when temporary TZ did not include DST
    rules
  [19266] math: strtod ("NAN(I)") incorrect in Turkish locales
  [19270] math: [hppa] Shared libm missing __isnanl
  [19285] libc: [hppa] sysdeps/unix/sysv/linux/hppa/bits/mman.h: missing
    MAP_HUGETLB and MAP_STACK defines
  [19313] nptl: Wrong __cpu_mask for x32
  [19347] libc: grantpt: try to force a specific gid even without pt_chown
  [19349] math: [ldbl-128ibm] tanhl inaccurate for small arguments
  [19350] math: [ldbl-128ibm] sinhl spurious overflows
  [19351] math: [ldbl-128ibm] logl inaccurate near 1
  [19363] time: x32: times() return value wrongly truncates/sign extends
    from 32bit
  [19367] dynamic-link: Improve branch prediction on Silvermont
  [19369] network: Default domain name not reset by res_ninit when "search"
    / "domain" entry is removed from resolv.conf
  [19375] math: powerpc: incorrect results for POWER7 logb with negative
    subnormals
  [19385] localedata: bg_BG: time separator should be colon, not comma
  [19408] libc: linux personality syscall wrapper may erroneously return an
    error on 32-bit architectures
  [19415] libc: dladdr returns wrong names on hppa
  [19432] libc: iconv rejects redundant escape sequences in IBM900, IBM903,
    IBM905, IBM907, and IBM909
  [19439] math: Unix98 isinf and isnan functions conflict with C++11
  [19443] build: build failures with -DDEBUG
  [19451] build: Make check fails on test-double-vlen2
  [19462] libc: Glibc failed to build with -Os
  [19465] math: Wrong code with -Os
  [19466] time: time/tst-mktime2.c is compiled into an infinite loop with
    -Os
  [19467] string: Fast_Unaligned_Load needs to be enabled for Excavator core
    CPU's.
  [19475] libc: Glibc 2.22 doesn't build on sparc [PATCH]
  [19486] math: S390: Math tests fail with "Exception Inexact set".
  [19529] libc: [ARM]: FAIL: stdlib/tst-makecontext
  [19550] libc: [mips] mmap negative offset handling inconsistent with other
    architectures
  [19590] math: Fail to build shared objects that use libmvec.so functions.

Contributors
============

This release was made possible by the contributions of many people.
The maintainers are grateful to everyone who has contributed
changes or bug reports.  These include:

Adhemerval Zanella
Alan Modra
Amit Pawar
Andreas Schwab
Andrew Bennett
Andrew Senkevich
Andrew Stubbs
Anton Blanchard
Arjun Shankar
Arslanbek Astemirov
Aurelien Jarno
Brett Neumeier
Carlos Eduardo Seo
Carlos O'Donell
Chris Metcalf
Chung-Lin Tang
Damyan Ivanov
Daniel Marjamäki
David Kastrup
David Lamparter
David S. Miller
Dmitry V. Levin
Egmont Koblinger
Evert
Flavio Cruz
Florian Weimer
Gabriel F. T. Gomes
Geoffrey Thomas
Gleb Fotengauer-Malinovskiy
Gunnar Hjalmarsson
H.J. Lu
Helge Deller
James Perkins
John David Anglin
Joseph Myers
Justus Winter
Khem Raj
Ludovic Courtès
Maciej W. Rozycki
Manolis Ragkousis
Marcin Kościelnicki
Mark Wielaard
Marko Myllynen
Martin Sebor
Maxim Ostapenko
Mike FABIAN
Mike Frysinger
Namhyung Kim
Ondrej Bilka
Ondřej Bílka
Paul E. Murphy
Paul Eggert
Paul Murphy
Paul Pluzhnikov
Petar Jovanovic
Phil Blundell
Rajalakshmi Srinivasaraghavan
Rasmus Villemoes
Richard Henderson
Rob Wu
Roland McGrath
Samuel Thibault
Siddhesh Poyarekar
Stan Shebs
Stefan Liebler
Steve Ellcey
Szabolcs Nagy
Thomas Schwinge
Torvald Riegel
Tulio Magno Quites Machado Filho
Vincent Bernat
Wilco Dijkstra
Zack Weinberg



More information about the Libc-announce mailing list