[Tcwg-commits] [glibc] annotated tag glibc-2.38 created (now 4ca186e931)

This is an automated email from the git hooks/post-receive script.

unknown user pushed a change to annotated tag glibc-2.38 in repository glibc.

at 4ca186e931 (tag) tagging 36f2487f13e3540be9ee0fb51876b1da72176d3f (commit) replaces glibc-2.37.9000 tagged by Andreas K. Hüttel on Mon Jul 31 19:56:28 2023 +0200

- Log ----------------------------------------------------------------- The GNU C Library version 2.38 is now available

The GNU C Library =================

The GNU C Library version 2.38 is now available.

The GNU C Library is used as *the* C library in the GNU system and in GNU/Linux systems, as well as many other systems that use Linux as the kernel.

The GNU C Library is primarily designed to be a portable and high performance C library. It follows all relevant standards including ISO C11 and POSIX.1-2017. It is also internationalized and has one of the most complete internationalization interfaces known.

The GNU C Library webpage is at http://www.gnu.org/software/libc/

Packages for the 2.38 release may be downloaded from: http://ftpmirror.gnu.org/libc/ http://ftp.gnu.org/gnu/libc/

The mirror list is at http://www.gnu.org/order/ftp.html

Distributions are encouraged to track the release/* branches corresponding to the releases they are using. The release branches will be updated with conservative bug fixes and new features while retaining backwards compatibility.

NEWS for version 2.38 =====================

Major new features:

* When C2X features are enabled and the base argument is 0 or 2, the following functions support binary integers prefixed by 0b or 0B as input: strtol, strtoll, strtoul, strtoull, strtol_l, strtoll_l, strtoul_l, strtoull_l, strtoimax, strtoumax, strtoq, strtouq, wcstol, wcstoll, wcstoul, wcstoull, wcstol_l, wcstoll_l, wcstoul_l, wcstoull_l, wcstoimax, wcstoumax, wcstoq, wcstouq. Similarly, the following functions support binary integers prefixed by 0b or 0B as input to the %i format: fscanf, scanf, sscanf, vscanf, vsscanf, vfscanf, fwscanf, wscanf, swscanf, vfwscanf, vwscanf, vswscanf; those functions also support the %b format for binary integers, with or without such a prefix and independent of standards mode.

* PRIb*, PRIB* and SCNb* macros from C2X have been added to <inttypes.h>.

* printf-family functions now support the wN format length modifiers for arguments of type intN_t, int_leastN_t, uintN_t or uint_leastN_t (for example, %w32d to print int32_t or int_least32_t in decimal, or %w32x to print uint32_t or uint_least32_t in hexadecimal) and the wfN format length modifiers for arguments of type int_fastN_t or uint_fastN_t, as specified in draft ISO C2X.

* A new tunable, glibc.pthread.stack_hugetlb, can be used to disable Transparent Huge Pages (THP) in stack allocation at pthread_create.

* Support for x86_64 running on Hurd has been added. This port requires as least binutils 2.40 and GCC 13:

- x86_64-gnu

* Vector math library libmvec support has been added to AArch64. It requires GCC version >= 10.1.0. It can be disabled via "--disable-mathvec", however that is not a supported configuration as it changes the ABI. The symbol names follow the AArch64 vector ABI, they are declared in math.h and have to be called manually at this point.

* The strlcpy and strlcat functions have been added. They are derived from OpenBSD, and are expected to be added to a future POSIX version.

* A new configure option, "--enable-fortify-source", can be used to build the GNU C Library with _FORTIFY_SOURCE. The level of fortification can either be provided, or is set to the highest value supported by the compiler. If not explicitly enabled, then fortify source is forcibly disabled so to keep original behavior unchanged.

Deprecated and removed features, and other changes affecting compatibility:

* libcrypt is no longer built by default; one may use the "--enable-crypt" option to build libcrypt. libcrypt is likely to be removed from the GNU C Library in a future release, so it is recommended that applications port away from it to an alternative such as libxcrypt.

* In the Linux kernel for the hppa/parisc architecture some of the MADV_XXX constants were changed to have the same values as the other architectures. New programs compiled with this glibc version and which use the madvise call will require at least Linux kernel version 6.2, alternatively stable kernels from versions 6.1.6, 5.15.87, 5.10.163, 5.4.228, 4.19.270 or 4.14.303.

* The "--disable-experimental-malloc" option is no longer available. The per-thread cache can still be disabled per-application using tunables (glibc.malloc.tcache_count set to zero).

* The configure option "--enable-tunables" has been removed. The tunable feature is now always enabled.

Changes to build and runtime requirements:

* Building libmvec on AArch64 requires at a minimum GCC 10.1.0 for SVE ACLE.

Security related changes:

CVE-2023-25139: When the printf family of functions is called with a format specifier that uses an <apostrophe> (enable grouping) and a minimum width specifier, the resulting output could be larger than reasonably expected by a caller that computed a tight bound on the buffer size. The resulting larger than expected output could result in a buffer overflow in the printf family of functions.

The following bugs are resolved with this release:

[178] string: Please add strlcpy and strlcat (attached) [14697] nptl: Behavior of exit is nonconformant with respect to threads and stdio [15142] stdio: Missing locking in _IO_cleanup [18096] glob: null deref in wordexp/parse_dollars/parse_arith [18906] stdio: fopen: ccs value may affect open mode [24466] stdio: Feature request: provide special printf formats for intXX_t [25457] nss: hosts lookup fails for ipv4mapped ipv6 addresses [28519] libc: system and popen should pass "--" between /bin/sh and argument [29016] stdio: popen() sets errno to ENOMEM when shell does not exist [29591] string: wcsnlen length can overflow in page cross case. [30053] time: strftime %s returns -1 after 2038 on 32 bits systems [30068] stdio: incorrect printf output for integers with thousands separator and width field (CVE-2023-25139) [30111] time: support_descriptors_list fails after 2038 on 32 bits systems [30125] dynamic-link: [regression, bisected] glibc-2.37 creates new symlink for libraries without soname [30130] math: [s390] The _FPU_SETCW macro yields compile error with Clang [30156] time: Potential ntp_gettime abi break [30235] libc: Missing fallback in getlogin if loginuid is unset [30258] dynamic-link: sprof cannot read and display shared object profiling data correctly [30263] libc: Add test coverage for abs(), labs(), and llabs(). [30305] math: Incorrect asm constraint in feraiseexcept on x86-64 [30402] libc: FAIL: elf/tst-glibcelf [30425] dynamic-link: Symbol lookup during dlclose may fail unnecessarily [30435] dynamic-link: Root dir wrongly marked as nonexist in open_path [30477] libc: [RISCV]: time64 does not work on riscv32 [30515] dynamic-link: _dl_find_object incorrectly returns 1 during early startup [30527] network: resolv_conf lock not unlocked on allocation failure [30550] math: powerpc64le: GCC-specific code for isinf() is being used on clang [30555] string: strerror can incorrectly return NULL [30579] malloc: trim_threshold in realloc lead to high memory usage [30662] nscd: Group and password cache use errno in place of errval

Release Notes =============

https://sourceware.org/glibc/wiki/Release/2.38

Contributors ============

This release was made possible by the contributions of many people. The maintainers are grateful to everyone who has contributed changes or bug reports. These include:

Adam Yi Adhemerval Zanella Netto Alejandro Colomar Andreas Arnez Andreas K. Hüttel Andreas Schwab Arjun Shankar Arsen Arsenović Aurelien Jarno Ayush Mittal Bert Wesarg Carlos O'Donell Cupertino Miranda DJ Delorie Dridi Boukelmoune Flavio Cruz Florian Weimer Frédéric Bérat Gavin Smith Guy-Fleury Iteriteka H.J. Lu Hsiangkai Wang Indu Bhagat Jan-Benedict Glaw Joan Bruguera Joe Ramsay Joe Simmons-Talbott John David Anglin Joseph Myers Julian Squires Jun Tang Kacper Piwiński Kito Cheng Mahesh Bodapati Martin Coufal Maxim Kuvyrkov Nisha Menon Noah Goldstein Paul Eggert Paul Pluzhnikov Paul Zimmermann Pavel Kozlov Qihao Chencao Qixing ksyx Xue Richard Henderson Robert Morell Romain Geissler Ronan Pigott Roy Eldar Sachin Monga Sam James Samuel Thibault Sergey Bugaev Siddhesh Poyarekar Simon Kissane Stefan Liebler Szabolcs Nagy Tulio Magno Quites Machado Filho Vitaly Buka Wilco Dijkstra Xi Ruoyao Ying Huang abushwang caiyinyu quxm Леонид Юрьев (Leonid Yuriev) наб

We would like to call out the following and thank them for their tireless patch review:

Adhemerval Zanella Andreas K. Hüttel Arjun Shankar Aurelien Jarno Carlos Eduardo Seo Carlos O'Donell DJ Delorie Florian Weimer Joe Simmons-Talbott Noah Goldstein Palmer Dabbelt Paul E. Murphy Rajalakshmi Srinivasaraghavan Richard Henderson Siddhesh Poyarekar Szabolcs Nagy Wilco Dijkstra

-- Andreas K. Hüttel dilfridge@gentoo.org Gentoo Linux developer (council, toolchain, base-system, perl, releng) https://wiki.gentoo.org/wiki/User:Dilfridge https://www.akhuettel.de/

-----------------------------------------------------------------------

No new revisions were added by this update.