News: 0000828210

Version 2.32 of the [1]GNU C Library (glibc) has been released. It contains support for Unicode 13.0.0, a new Kurdish/Sorani locale ( ckb_IQ ), support for audit modules listed in ELF sections of the executable, support for Synopsys ARC HS cores, new signal abbreviation and descriptive text functions ( sigabbrev_np() and sigdescr_np() ), similar functions for errno values ( strerrorname_np() and strerrordesc_np() ), branch protection security hardening for arm64, and more. There are also lots of bug fixes, deprecations, and removals, as well as four security fixes. More information can be found in the [2]release notes .

From :

Carlos O'Donell <carlos-AT-redhat.com>

To :

libc-alpha <libc-alpha-AT-sourceware.org>, libc-announce-AT-sourceware.org, info-gnu-AT-gnu.org

Subject :

The GNU C Library version 2.32 is now available

Date :

Thu, 6 Aug 2020 00:24:02 -0400

Message-ID :

<c0a3b8f8-675a-4165-27bc-6195dac94b70@redhat.com>

Archive-link :

[3]Article

The GNU C Library

=================

The GNU C Library version 2.32 is now available.

The GNU C Library is used as *the* C library in the GNU system and

in GNU/Linux systems, as well as many other systems that use Linux

as the kernel.

The GNU C Library is primarily designed to be a portable

and high performance C library. It follows all relevant

standards including ISO C11 and POSIX.1-2017. It is also

internationalized and has one of the most complete

internationalization interfaces known.

The GNU C Library webpage is at http://www.gnu.org/software/libc/

Packages for the 2.32 release may be downloaded from:

http://ftpmirror.gnu.org/libc/

http://ftp.gnu.org/gnu/libc/

The mirror list is at http://www.gnu.org/order/ftp.html

NEWS for version 2.32

=====================

Major new features:

* Unicode 13.0.0 Support: Character encoding, character type info, and

transliteration tables are all updated to Unicode 13.0.0, using

generator scripts contributed by Mike FABIAN (Red Hat).

* New locale added: ckb_IQ (Kurdish/Sorani spoken in Iraq)

* Support for Synopsys ARC HS cores (ARCv2 ISA) running Linux has been

added. This port requires at least binutils-2.32, gcc-8.3 and Linux-5.1.

Three ABIs are supported:

- arc-linux-gnu

- arc-linux-gnuhf

- arceb-linux-gnu

The arc* ABI is little-endian while arceb is big-endian. All ABIs use

64-bit time (y2038 safe) and 64-bit file offsets (LFS default).

* The GNU C Library now loads audit modules listed in the DT_AUDIT and

DT_DEPAUDIT dynamic section entries of the main executable.

* powerpc64le supports IEEE128 long double libm/libc redirects when

using the -mabi=ieeelongdouble to compile C code on supported GCC

toolchains. It is recommended to use GCC 8 or newer when testing

this option.

* To help detect buffer overflows and other out-of-bounds accesses

several APIs have been annotated with GCC 'access' attribute. This

should help GCC 10 issue better warnings.

* On Linux, functions the pthread_attr_setsigmask_np and

pthread_attr_getsigmask_np have been added. They allow applications

to specify the signal mask of a thread created with pthread_create.

* The GNU C Library now provides the header file

which declares the variable __libc_single_threaded. Applications are

encouraged to use this variable for single-thread optimizations,

instead of weak references to symbols historically defined in

libpthread.

* The functions sigabbrev_np and sigdescr_np have been added. The

sigabbrev_np returns the abbreviated signal name (e.g. "HUP" for SIGHUP)

while sigdescr_np returns a string describing the signal number (e.g

"Hangup" for SIGHUP). Different than strsignal, sigdescr_np does not

attempt to translate the return description, both functions return

NULL for an invalid signal number.

They should be used instead of sys_siglist or sys_sigabbrev and they

are both thread and async-signal safe. These functions are GNU extensions.

* The functions strerrorname_np and strerrordesc_np have been added. The

strerroname_np returns error number name (e.g. "EINVAL" for EINVAL) while

strerrordesc_np returns string describing error number

(e.g "Invalid argument" for EINVAL). Different than strerror,

strerrordesc_np does not attempt to translate the return description, both

functions return NULL for an invalid error number.

They should be used instead of sys_errlist and sys_nerr, both are

thread and async-signal safe. These functions are GNU extensions.

* AArch64 now supports standard branch protection security hardening

in glibc when it is built with a GCC that is configured with

--enable-standard-branch-protection (or if -mbranch-protection=standard

flag is passed when building both GCC target libraries and glibc,

in either case a custom GCC is needed). This includes branch target

identification (BTI) and pointer authentication for return addresses

(PAC-RET). They require armv8.5-a and armv8.3-a architecture

extensions respectively for the protection to be effective,

otherwise the used instructions are nops. User code can use PAC-RET

without libc support, but BTI requires a libc that is built with BTI

support, otherwise runtime objects linked into user code will not be

BTI compatible.

Deprecated and removed features, and other changes affecting compatibility:

* Remove configure option --enable-obsolete-rpc. Sun RPC is removed

from glibc. This includes the rpcgen program, librpcsvc, and the Sun

RPC header files. Backward compatibility for old programs is kept

only for architectures and ABIs that have been added in or before

glibc 2.31. New programs need to use TI-RPC

and

rpcsvc-proto .

* Remove configure option --enable-obsolete-nsl. libnsl is only built

as shared library for backward compatibility and the NSS modules "nis"

and "nisplus" are not built at all and libnsl's headers aren't

installed. This compatibility is kept only for architectures and ABIs

that have been added in or before version 2.28. Replacement

implementations based on TI-RPC, which additionally support IPv6, are

available from . This change does not

affect the "compat" NSS module, which does not depended on libnsl

since 2.27 and thus can be used without NIS.

* The deprecated header and the sysctl function have been

removed. To support old binaries, the sysctl function continues to

exist as a compatibility symbol (on those architectures which had it),

but always fails with ENOSYS. This reflects the removal of the system

call from all architectures, starting with Linux 5.5.

* The sstk function is no longer available to newly linked binaries.

Its implementation always returned with a failure, and the function

was not declared in any header file.

* The legacy signal handling functions siginterrupt, sigpause, sighold,

sigrelse, sigignore and sigset, and the sigmask macro have been

deprecated. Applications should use the sigsuspend, sigprocmask and

sigaction functions instead.

* ldconfig now defaults to the new format for ld.so.cache. glibc has

already supported this format for almost 20 years.

* The deprecated arrays sys_siglist, _sys_siglist, and sys_sigabbrev

are no longer available to newly linked binaries, and their declarations

have been removed from . They are exported solely as

compatibility symbols to support old binaries. All programs should use

strsignal instead.

* The deprecated symbols sys_errlist, _sys_errlist, sys_nerr, and _sys_nerr

are no longer available to newly linked binaries, and their declarations

have been removed from from . They are exported solely as

compatibility symbols to support old binaries. All programs should use

strerror or strerror_r instead.

* Both strerror and strerror_l now share the same internal buffer in the

calling thread, meaning that the returned string pointer may be invalided

or contents might be overwritten on subsequent calls in the same thread or

if the thread is terminated. It makes strerror MT-safe.

* Using weak references to libpthread functions such as pthread_create

or pthread_key_create to detect the singled-threaded nature of a

program is an obsolescent feature. Future versions of glibc will

define pthread_create within libc.so.6 itself, so such checks will

always flag the program as multi-threaded. Applications should check

the __libc_single_threaded variable declared in

instead.

* The "files" NSS module no longer supports the "key" database (used for

secure RPC). The contents of the /etc/publickey file will be ignored,

regardless of the settings in /etc/nsswitch.conf. (This method of

storing RPC keys only supported the obsolete and insecure AUTH_DES

flavor of secure RPC.)

* The __morecore and __after_morecore_hook malloc hooks and the default

implementation __default_morecore have been deprecated. Applications

should use malloc interposition to change malloc behavior, and mmap to

allocate anonymous memory. A future version of glibc may require that

applications which use the malloc hooks must preload a special shared

object, to enable the hooks.

* The hesiod NSS module has been deprecated and will be removed in a

future version of glibc. System administrators are encouraged to

switch to other approaches for networked account databases, such as

LDAP.

Changes to build and runtime requirements:

* powerpc64le requires GCC 7.4 or newer. This is required for supporting

long double redirects.

Security related changes:

CVE-2016-10228: An infinite loop has been fixed in the iconv program when

invoked with the -c option and when processing invalid multi-byte input

sequences. Reported by Jan Engelhardt.

CVE-2020-10029: Trigonometric functions on x86 targets suffered from stack

corruption when they were passed a pseudo-zero argument. Reported by Guido

Vranken / ForAllSecure Mayhem.

CVE-2020-1752: A use-after-free vulnerability in the glob function when

expanding ~user has been fixed.

CVE-2020-6096: A signed comparison vulnerability in the ARMv7 memcpy and

memmove functions has been fixed. Discovered by Jason Royes and Samual

Dytrych of the Cisco Security Assessment and Penetration Team (See

TALOS-2020-1019).

The following bugs are resolved with this release:

[9809] localedata: ckb_IQ: new Kurdish Sorani locale

[10441] manual: Backtraces code example lacks error checking

[10815] librt: [timer_create / SIGEV_THREAD] signalmask of

timer_sigev_thread dangerous

[14231] stdio: stdio-common tests memory requirements

[14578] libc: /proc-based emulation for lchmod, fchmodat

[16272] dynamic-link: dlopen()ing a DT_FILTER library crashes if

filtee has constructor

[19519] locale: iconv(1) with -c option hangs on illegal multi-byte

sequences (CVE-2016-10228)

[19737] admin: Doc page “20.5.2 Infinity and NaN” has incorrect HTML

character entities for infinity & pi

[20338] libc: Parsing of /etc/gshadow can return bad pointers causing

segfaults in applications

[20543] libc: Please move from .gnu.linkonce to comdat

[22489] network: gcc warns about implicit convertion in

ICMP6_FILTER_SETPASS with -Wsign-conversion

[22525] localedata: or_IN LC_COLLATE does not use copy "iso14651_t1"

[23294] math: Complex _FloatN functions are redirected to the wrong

function with -mlong-double-64

[23296] libc: Data race in setting function descriptor during lazy

binding

[23668] dynamic-link: ldconfig: Default to the new format for

ld.so.cache

[23819] hurd: hurd: Add C11 thread support

[23990] build: test-container error out on failure to exec child.

[23991] build: shell-container typo in run_command_array

[24638] manual: Error in example of parsing a template string

[24654] manual: Wrong declaration of wcschr in libc manual

[24943] dynamic-link: Support DT_AUDIT, DT_DEPAUDIT in the dynamic

linker

[25051] dynamic-link: aarch64, powerpc64 uses surplus static tls for

dynamically loaded dsos

[25098] nptl: nptl: ctype classification functions are not AS-Safe

[25219] libc: improve out-of-bounds checking with GCC 10 attribute

access

[25262] libc: getcontext/setcontext/swapcontext unnecessarily save and

restore EAX, ECX and EDX

[25397] dynamic-link: Legacy bitmap doesn't cover jitted code

[25414] glob: 'glob' use-after-free bug (CVE-2020-1752)

[25420] network: Race condition in resolv_conf.c can result in caching

stale configuration forever

[25487] math: sinl() stack corruption from crafted input

(CVE-2020-10029)

[25506] build: configure: broken detection of STT_GNU_IFUNC when GCC

defaults to PIE

[25523] libc: MIPS/Linux inline syscall template is miscompiled

[25620] libc: Signed comparison vulnerability in the ARMv7 memcpy()

(CVE-2020-6096)

[25623] libc: test-sysvmsg, test-sysvsem, test-sysvshm fail with 2.31

on 32 bit and old kernel

[25635] libc: arm: Wrong sysdep order selection for soft-fp

[25639] localedata: Some names of days and months wrongly spelt in

Occitan

[25657] libc: sigprocmask() and sigisemptyset() manipulate different

amount of sigset_t bytes

[25691] stdio: printf: memory leak when printing long multibyte

strings

[25715] libc: system() returns wrong errors when posix_spawn fails

[25733] malloc: mallopt(M_MXFAST) can set global_max_fast to 0

[25734] locale: mbrtowc with Big5-HKSCS fails to reset conversion

state for conversions that produce two Unicode code points

[25765] nptl: Incorrect futex syscall in __pthread_disable_asynccancel

for linux x86_64 leads to livelock

[25788] dynamic-link: [i386] -fno-omit-frame-pointer in CFLAGS causes

test failures, invalid instruction in ld.so

[25790] glob: Typo in tst-fnmatch.input

[25810] libc: x32: Incorrect syscall entries with pointer, off_t and

size_t

[25819] localedata: Update locale data to Unicode 13.0.0

[25824] libc: Abnormal function of strnlen in aarch64

[25887] dynamic-link: Wasted space in _dl_x86_feature_1[1]

[25896] libc: Incorrect prctl

[25902] libc: Bad LOADARGS_N

[25905] dynamic-link: VSX registers are corrupted during PLT

resolution when glibc is built with --disable-multi-arch and --with-

cpu=power9

[25933] string: Off by one error in __strncmp_avx2 when

length=VEC_SIZE*4 and strings are at page boundaries can cause a

segfault

[25942] nptl: Deadlock on stack_cache_lock between __nptl_setxid and

exiting detached thread

[25966] libc: Incorrect access of __x86_shared_non_temporal_threshold

for x32

[25976] nss: internal_end*ent in nss_compat may clobber errno, hiding

ERANGE

[25999] nptl: Use-after-free issue in pthread_getaddr_default_np

[26073] math: getpayload() has wrong return value

[26076] dynamic-link: dlmopen crashes after failing to load

dependencies in audit mode

[26120] localedata: column width of of some Korean

JUNGSEONG/JONGSEONG characters wrong (should be 0)

[26128] libc: Incorrect bit_cpu_CLFLUSHOPT

[26133] libc: Incorrect need_arch_feature_F16C

[26137] libc: strtod() triggers exception FE_INEXACT on reasonable

input

[26149] libc: PKU is usable only if OSPKE is set

[26173] libc: powerpc64*: Add @notoc to calls to functions that do not

preserve r2

[26208] libc: Incorrect bit_cpu_CLFSH

[26210] network: Incorrect use of hidden symbols for global sunrpc

variables

[26211] stdio: printf integer overflow calculating allocation size

[26214] stdio: printf_fp double free

[26215] stdio: printf_fp memory leak

[26232] time: FAIL: support/tst-timespec for 32-bit targets

[26258] nss: nss_compat should not read input files with mmap

[26332] string: Incorrect cache line size load causes memory

corruption in memset

Release Notes

=============

https://sourceware.org/glibc/wiki/Release/2.32

Contributors

============

This release was made possible by the contributions of many people.

The maintainers are grateful to everyone who has contributed

changes or bug reports. These include:

Adhemerval Zanella

Alan Modra

Alex Butler

Alexander Anisimov

Alistair Francis

Andrea Corallo

Andreas K. Hüttel

Andreas Schwab

Anton Blanchard

Anton Blanchard via Libc-alpha

Arjun Shankar

Aurelien Jarno

Aurélien Aptel

Carlos O'Donell

Chung-Lin Tang

DJ Delorie

David Kilroy

Evgeny Eremin

Eyal Itkin

Fangrui Song

Florian Weimer

Gabriel F. T. Gomes

Girish Joshi

H.J. Lu

John David Anglin

John Marshall

Jonathan Wakely

Joseph Myers

Josh Triplett

Jwtiyar Nariman

Krzysztof Koch

Lexi Shao

Lucas A. M. Magalhaes

Lukasz Majewski

Maciej W. Rozycki

Martin Sebor

Matheus Castanho

Mathieu Desnoyers

Michael Hudson-Doyle

Mike FABIAN

Patsy Franklin

Paul E. Murphy

Paul Eggert

Paul Zimmermann

Petr Vorel

Rafał Lużyński

Rajalakshmi Srinivasaraghavan

Raphael Moreira Zinsly

Rogerio Alves

Samuel Thibault

Sergey

Shen-Ta Hsieh

Siddhesh Poyarekar

Simon Marchi

Stefan Liebler

Sudakshina Das

Sunil K Pandey

Szabolcs Nagy

Tulio Magno Quites Machado Filho

Vineet Gupta

WANG Xuerui

Wilco Dijkstra

guojinhui

kokoye2007

mayshao

mayshao-oc

--

If you have a working or partly working program that you'd like

to offer to the GNU project as a GNU package,

see https://www.gnu.org/help/evaluation.html.



[1] http://www.gnu.org/software/libc/

[2] https://sourceware.org/glibc/wiki/Release/2.32

[3] https://lwn.net/ml/libc-alpha/c0a3b8f8-675a-4165-27bc-6195dac94b70@redhat.com