glibc-2.35

[pierre]

New minor version with major updates and security fixes (4 CVE's). We are concerned by the C.UTF-8 locale (might slightly change our instructions). Also we have to check that gdb in BLFS can accept the new r_version and the new r_next field. We may also have to consider a new FORTIFY_SOURCE level, that will be available with gcc-12. From NEWS file:

Version 2.35

Major new features:

* Unicode 14.0.0 Support: Character encoding, character type info, and
  transliteration tables are all updated to Unicode 14.0.0, using
  generator scripts contributed by Mike FABIAN (Red Hat).

* Bump r_version in the debugger interface to 2 and add a new field,
  r_next, support multiple namespaces.

* Support for the C.UTF-8 locale has been added to glibc.  The locale
  supports full code-point sorting for all valid Unicode code points.  A
  limitation in the framework for fnmatch, regexec, and regcomp requires
  a compromise to save space and only ASCII-based range expressions are
  supported for now (see bug 28255).  The full size of the locale is
  only ~400KiB, with 346KiB coming from LC_CTYPE information for
  Unicode.  This locale harmonizes downstream C.UTF-8 already shipping
  in various downstream distributions.  The locale is not built into
  glibc, and must be installed.

* <math.h> functions that round their results to a narrower type, and
  corresponding <tgmath.h> macros, are added from TS 18661-1:2014, TS
  18661-3:2015 and draft ISO C2X:

  - fsqrt, fsqrtl, dsqrtl and corresponding fMsqrtfN, fMsqrtfNx,
    fMxsqrtfN and fMxsqrtfNx functions.

  - ffma, ffmal, dfmal and corresponding fMfmafN, fMfmafNx, fMxfmafN and
    fMxfmafNx functions.

* <math.h> functions for floating-point maximum and minimum,
  corresponding to new operations in IEEE 754-2019, and corresponding
  <tgmath.h> macros, are added from draft ISO C2X: fmaximum,
  fmaximum_num, fmaximum_mag, fmaximum_mag_num, fminimum, fminimum_num,
  fminimum_mag, fminimum_mag_num and corresponding functions for float,
  long double, _FloatN and _FloatNx.

* <math.h> macros for single-precision float constants are added as a
  GNU extension: M_Ef, M_LOG2Ef, M_LOG10Ef, M_LN2f, M_LN10f, M_PIf,
  M_PI_2f, M_PI_4f, M_1_PIf, M_2_PIf, M_2_SQRTPIf, M_SQRT2f and
  M_SQRT1_2f.

* The __STDC_IEC_60559_BFP__ and __STDC_IEC_60559_COMPLEX__ macros are
  predefined as specified in TS 18661-1:2014.

* The exp10 functions in <math.h> now have a corresponding type-generic
  macro in <tgmath.h>.

* The ISO C2X macro _PRINTF_NAN_LEN_MAX has been added to <stdio.h>.

* printf-family functions now support the %b format for output of
  integers in binary, as specified in draft ISO C2X, and the %B variant
  of that format recommended by draft ISO C2X.

* A new DSO sorting algorithm has been added in the dynamic linker that uses
  topological sorting by depth-first search (DFS), solving performance issues
  of the existing sorting algorithm when encountering particular circular
  object dependency cases.

* A new tunable, glibc.rtld.dynamic_sort, can be used to select between
  the two DSO sorting algorithms.  The default setting of '2' uses the
  new DFS-based algorithm.  The setting '1' switches to the old
  algorithm used in glibc 2.33 and earlier.

* ABI support for a new function '__memcmpeq'. '__memcmpeq' is meant
  to be used by compilers for optimizing usage of 'memcmp' when its
  return value is only used for its boolean status.

* Support for automatically registering threads with the Linux rseq
  system call has been added.  This system call is implemented starting
  from Linux 4.18.  The Restartable Sequences ABI accelerates user-space
  operations on per-cpu data.  It allows user-space to perform updates
  on per-cpu data without requiring heavy-weight atomic operations.
  Automatically registering threads allows all libraries, including
  libc, to make immediate use of the rseq support by using the
  documented ABI, via the __rseq_flags, __rseq_offset, and __rseq_size
  variables.  The GNU C Library manual has details on integration of
  Restartable Sequences.

* A symbolic link to the dynamic linker is now installed under
  /usr/bin/ld.so (or more precisely, '${bindir}/ld.so').

* All programs and the testsuite in glibc are now built as position independent
  executables (PIE) by default on toolchains and architectures that support it.
  Further, if the toolchain and architecture supports it, even static programs
  are built as PIE and the resultant glibc can be used to build static PIE
  executables.  A new option --disable-default-pie has been added to disable
  this behavior and get a non-PIE build.  This option replaces
  --enable-static-pie, which no longer has any effect on the build
  configuration.

* On Linux, a new tunable, glibc.malloc.hugetlb, can be used to
  either make malloc issue madvise plus MADV_HUGEPAGE on mmap and sbrk
  or to use huge pages directly with mmap calls with the MAP_HUGETLB
  flags).  The former can improve performance when Transparent Huge Pages
  is set to 'madvise' mode while the latter uses the system reserved
  huge pages.

* The printf family of functions now handles the flagged %#m conversion
  specifier, printing errno as an error constant (similar to strerrorname_np).

* The function _dl_find_object has been added.  In-process unwinders
  can use it to efficiently locate unwinding information for a code
  address.

* Support for OpenRISC running on Linux has been added.  This port requires
  as least binutils 2.35, GCC 11, and Linux 5.4.  Currently only soft-float
  ABI is supported:

    - or1k-linux-gnu

  The OpenRISC ABI is 32-bit big-endian and uses 64-bit time (y2038 safe) and
  64-bit file offsets (LFS default).

* A new configure option, --with-rtld-early-cflags, can be used to
  specify additional compiler flags for building the early startup code
  of the dynamic linker.  On targets which have CPU compatibility
  checks, this can help to ensure that proper diagnostics are printed if
  the dynamic loader runs on an incompatible CPU.

* On Linux, the epoll_pwait2 function has been added.  It is similar to
  epoll_wait with the difference the timeout has nanoseconds resolution.

* The function posix_spawn_file_actions_addtcsetpgrp_np has been added,
  enabling posix_spawn and posix_spawnp to set the controlling terminal in
  the new process in a race free manner.  This function is a GNU extension.

* Source fortification (_FORTIFY_SOURCE) level 3 is now available for
  applications compiling with glibc and gcc 12 and later. Level 3 leverages
  the __builtin_dynamic_object_size function to deliver additional
  fortification balanced against additional runtime cost (checking non-constant
  bounds).

Deprecated and removed features, and other changes affecting compatibility:

* On x86-64, the LD_PREFER_MAP_32BIT_EXEC environment variable support
  has been removed since the first PT_LOAD segment is no longer executable
  due to defaulting to -z separate-code.

* The r_version update in the debugger interface makes the glibc binary
  incompatible with GDB binaries built without the following commits:

  c0154a4a21a gdb: Don't assume r_ldsomap when r_version > 1 on Linux
  4eb629d50d4 gdbserver: Check r_version < 1 for Linux debugger interface

  when audit modules or dlmopen are used.

* Intel MPX support (lazy PLT, ld.so profile, and LD_AUDIT) has been removed.

* The --enable-static-pie option is no longer available.  The glibc build
  configuration script now automatically detects static-pie support in the
  toolchain and architecture and enables it if available.

* The catchsegv script and associated libSegFault.so shared object have
  been removed.  There are widely-deployed out-of-process alternatives for
  catching coredumps and backtraces.

* Support for prelink will be removed in the next release; this includes
  removal of the LD_TRACE_PRELINKING, and LD_USE_LOAD_BIAS, environment
  variables and their functionality in the dynamic loader.

Changes to build and runtime requirements:

* The audit module interface version LAV_CURRENT is increased to enable
  proper bind-now support.  The loader now advertises via the la_symbind
  flags that PLT trace is not possible.  New audit modules require the
  new dynamic loader supporing the latest LAV_CURRENT version. Old audit
  modules are still loaded for all targets except aarch64.

* The audit interface on aarch64 is extended to support both the indirect
  result location register (x8) and NEON Q register.  Old audit modules are
  rejected by the loader.  Audit modules must be rebuilt to use the newer
  structure sizes and the latest module interface version for LAV_CURRENT.

Security related changes:

  CVE-2022-23219: Passing an overlong file name to the clnt_create
  legacy function could result in a stack-based buffer overflow when
  using the "unix" protocol.  Reported by Martin Sebor.

  CVE-2022-23218: Passing an overlong file name to the svcunix_create
  legacy function could result in a stack-based buffer overflow.

  CVE-2021-3998: Passing a path longer than PATH_MAX to the realpath
  function could result in a memory leak and potential access of
  uninitialized memory.  Reported by Qualys.

  CVE-2021-3999: Passing a buffer of size exactly 1 byte to the getcwd
  function may result in an off-by-one buffer underflow and overflow
  when the current working directory is longer than PATH_MAX and also
  corresponds to the / directory through an unprivileged mount
  namespace.  Reported by Qualys.

The following bugs are resolved with this release:

  [12889] nptl: Race condition in pthread_kill
  [14232] nptl: tst-cancel7 and tst-cancelx7 race condition
  [14913] libc: [mips] Clean up MIPS 64-bit register-dump.h output
  [15310] dynamic-link: _dl_sort_fini is O(n^3) causing slow exit when
    many dsos
  [15333] libc: Use 64-bit stat functions in installed programs
  [15533] dynamic-link: LD_AUDIT introduces an avoidable performance
    degradation
  [15971] dynamic-link: No interface for debugger access to libraries
    loaded with dlmopen
  [17318] locale: [RFE] Provide a C.UTF-8 locale by default
  [17645] dynamic-link: RFE: Improve performance of dynamic loader for
    deeply nested DSO dependencies.
  [19193] nptl: pthread_kill, pthread_cancel return ESRCH for a thread
    ID whose lifetime has not ended
  [22542] network: buffer overflow in sunrpc clnt_create
    (CVE-2022-23219)
  [22716] malloc: [PATCH] mtrace.pl: use TRACE_PRELINKING instead of
    TRACE_LOADED_OBJECTS
  [25947] malloc: memory leak in muntrace
  [26045] math: fmaxf(inf, nan) does not always work
  [26108] math: exp10() has problems with <tgmath.h>
  [26779] build: benign use after realloc at localealias.c:329
  [27609] dynamic-link: [2.32/2.33/2.34 Regression] In elf/dl-open.c
    (_dl_open) we might use __LM_ID_CALLER to index GL(dl_ns)[]
  [27945] build: build-many-glibcs.py doesn't configure GCC with
    --enable-initfini-array
  [27991] build: x86: sysdeps/x86/configure.ac breaks when
    libc_cv_include_x86_isa_level is loaded from cache
  [28036] nptl: Incorrect types for pthread_mutexattr_set/getrobust_np
    in __REDIRECT_NTH macro
  [28061] dynamic-link: A failing dlmopen called by an auditor crashed
  [28062] dynamic-link: Suppress audit calls when a (new) namespace is
    empty
  [28126] libc: nftw aborts for paths longer than PATH_MAX
  [28129] dynamic-link: Unnecessary check DT_DEBUG in ld.so
  [28153] libc: [test] gmon/tst-gmon-gprof* may have a f3 line when
    built with ld.lld
  [28182] libc: _TIME_BITS=64 in C++ has issues with fcntl, ioctl, prctl
  [28185] math: Inaccurate j0f function (again)
  [28199] locale: iconvconfig prefix flag behaves differently in glibc
    2.34
  [28203] dynamic-link: aarch64: elf_machine_{load_address,dynamic}
    should drop _GLOBAL_OFFSET_TABLE_[0] in favor of __ehdr_start for
    robustness
  [28213] librt: NULL pointer dereference in mq_notify (CVE-2021-38604)
  [28223] libc: mips: clone does not align stack
  [28253] dynamic-link: Missing colon in LD_SHOW_AUXV output after
    AT_MINSIGSTKSZ
  [28256] malloc: Conditional jump or move depends on uninitialised
    value(s) in __GI___tunables_init
  [28260] build: io/tst-closefrom, misc/tst-close_range, posix/tst-
    spawn5 fail if stray fds are open
  [28310] libc: Do not use affinity mask for sysconf
    (_SC_NPROCESSORS_CONF)
  [28338] time: undefined behavior in __tzfile_compute with oddball TZif
    file
  [28340] dynamic-link: ld.so crashes while loading a DSO with a read-
    only dynamic section
  [28349] libc: Segfault for ping -R on qemux86 caused by recvmsg()
  [28350] libc: ping receives SIGABRT on lib32-qemux86-64 caused by
    recvmsg()
  [28353] network: Race condition on __opensock
  [28357] dynamic-link: deadlock between pthread_create and ctors
  [28358] math: f64xdivf128 and f64xmulf128 spurious underflows
  [28361] nptl: Fix for bug 12889 causes setxid deadlock
  [28368] build: -Waddress instances in stdio-common/vfprintf-internal.c
  [28390] localedata: Update locale data to Unicode 14.0.0
  [28397] math: tgmath.h should not define fmaxmag, fminmag macros for
    C2X
  [28400] libc: [2.35 Regression] string/test-strncasecmp: cannot set
    locale "en_US.UTF-8"
  [28407] nptl: pthread_kill assumes that kill (getpid ()) is equivalent
    to tgkill (getpid (), gettid())
  [28455] dynamic-link: -Wl,--enable-new-dtags doesn't work
  [28457] dynamic-link: Missing reldepmod4.so dependency for
    globalmod1.so
  [28469] time: linux: struct timex is not correctly set for 32-bit
    systems with TIMESIZE=64
  [28470] regex: Buffer read overrun in regular expression searching
  [28475] string: Incorrect access attribute on memfrob
  [28524] libc: Conversion from ISO-2022-JP-3 with iconv may emit
    spurious NUL character on state reset
  [28532] libc: powerpc64[le]: CFI for assembly templated syscalls is
    incorrect
  [28550] dynamic-link: FAIL: tst-dso-
    ordering9_112-ecbda(GLIBC_TUNABLES=glibc.rtld.dynamic_sort=1)
    execution test
  [28554] build: Undefined generate-md5
  [28572] libc: Misaligned accesses in test-memcpy and test-mempcpy on
    hppa
  [28607] nptl: Masked signals are delivered on thread exit
  [28624] libc: openjdk 8/9 assume uni processor and gets stuck due to
    lack of cpu counting /proc fallback with glibc 2.34
  [28646] string: [2.35 Regression] mock -r fedora-36-x86_64
    /tmp/java-1.8.0-openjdk-1.8.0.312.b07-2.fc36.src.rpm& fails to build
  [28648] dynamic-link: Running ld.so on statically linked binaries
    crashes
  [28656] dynamic-link: LD_PREFER_MAP_32BIT_EXEC no longer works due to
    binutils changes
  [28676] dynamic-link: p_align on PT_LOAD segment in DSO isn't honored
  [28678] nptl: nptl/tst-create1 hangs sporadically
  [28688] dynamic-link: PT_LOAD p_align check is too strict
  [28700] nss: "dns [!UNAVAIL=return] files" default for hosts database
    is not useful
  [28707] time: assert in tzfile.c __tzfile_read striking with truncated
    timezones generated by tzcode-2021d and later
  [28713] math: GCC 12 miscompiles libm
  [28732] dynamic-link: FAIL: elf/tst-dl_find_object
  [28738] build: LIBC_LINKER_FEATURE doesn't work on linker -z option
  [28745] dynamic-link: _dl_find_object miscompilation on powerpc64le
  [28746] libc: _FORTIFY_SOURCE does not work for stpcpy
  [28749] libc: Inconsistency detected by ld.so: rtld.c: 1632: dl_main:
    Assertion `GL(dl_rtld_map).l_libname' failed!
  [28755] string: overflow bug in wcsncmp_avx2 and wcsncmp_evex
  [28757] nptl: GDB printer tests failed with new GDB
  [28765] math: x86_64 libmvec atan2 accuracy
  [28766] manual: Document libmvec accuracy
  [28768] network: Buffer overflow in svcunix_create with long pathnames
    (CVE-2022-23218)
  [28769] libc: Off-by-one buffer overflow/underflow in getcwd()
    (CVE-2021-3999)
  [28770] libc: Unexpected return value from realpath() for too long
    results (CVE-2021-3998)
  [28771] libc: %ebx optimization macros are incompatible with .altmacro
    in Systemtap probes
  [28780] build: --disable-default-pie doesn't work on static programs
  [28782] libc: x86-64 ISA level for glibc itself is always
    x86-64-baseline
  [28792] glob: possible wrong behaviour with patterns with double [
    with no closing ]
  [28837] libc: FAIL: socket/tst-socket-timestamp-compat
  [28847] locale: Empty mon_decimal_point in LC_MONETARY results in non-
    empty mon_decimal_point_wc

[pierre]

The two gdb commits referenced in the NEWS are not yet in gdb-11.2 (the most recent released version).

[Douglas R. Reno]

Promote to High due to CVE fixes

[Bruce Dubbs]

Fixed at commit a5d31dd654840c3e5990fd1b3f29831b2cc01cf6

Package updates and a patch.
    Add coreutils-9.0 chmod patch.
    Update to glibc-2.35.
    Update to linux-5.16.5.
    Update to findutils-4.9.0.
    Update to expat-2.4.4.
    Update to iana-etc-20220128.