glibc-2.38

[Xi Ruoyao]

New minor version.

[Xi Ruoyao]

Major new features:

• When C2X features are enabled and the base argument is 0 or 2, the following functions support binary integers prefixed by 0b or 0B as input: strtol, strtoll, strtoul, strtoull, strtol_l, strtoll_l, strtoul_l, strtoull_l, strtoimax, strtoumax, strtoq, strtouq, wcstol, wcstoll, wcstoul, wcstoull, wcstol_l, wcstoll_l, wcstoul_l, wcstoull_l, wcstoimax, wcstoumax, wcstoq, wcstouq. Similarly, the following functions support binary integers prefixed by 0b or 0B as input to the %i format: fscanf, scanf, sscanf, vscanf, vsscanf, vfscanf, fwscanf, wscanf, swscanf, vfwscanf, vwscanf, vswscanf; those functions also support the %b format for binary integers, with or without such a prefix and independent of standards mode.

• PRIb*, PRIB* and SCNb* macros from C2X have been added to <inttypes.h>.

• printf-family functions now support the wN format length modifiers for arguments of type intN_t, int_leastN_t, uintN_t or uint_leastN_t (for example, %w32d to print int32_t or int_least32_t in decimal, or %w32x to print uint32_t or uint_least32_t in hexadecimal) and the wfN format length modifiers for arguments of type int_fastN_t or uint_fastN_t, as specified in draft ISO C2X.

• A new tunable, glibc.pthread.stack_hugetlb, can be used to disable Transparent Huge Pages (THP) in stack allocation at pthread_create.

• Support for x86_64 running on Hurd has been added. This port requires as least binutils 2.40 and GCC 13:
  • x86_64-gnu

• Vector math library libmvec support has been added to AArch64. It requires GCC version >= 10.1.0. It can be disabled via "--disable-mathvec", however that is not a supported configuration as it changes the ABI. The symbol names follow the AArch64 vector ABI, they are declared in math.h and have to be called manually at this point.

• The strlcpy and strlcat functions have been added. They are derived from OpenBSD, and are expected to be added to a future POSIX version.

• A new configure option, "--enable-fortify-source", can be used to build the GNU C Library with _FORTIFY_SOURCE. The level of fortification can either be provided, or is set to the highest value supported by the compiler. If not explicitly enabled, then fortify source is forcibly disabled so to keep original behavior unchanged.

Deprecated and removed features, and other changes affecting compatibility:

• libcrypt is no longer built by default; one may use the "--enable-crypt" option to build libcrypt. libcrypt is likely to be removed from the GNU C Library in a future release, so it is recommended that applications port away from it to an alternative such as libxcrypt.

• In the Linux kernel for the hppa/parisc architecture some of the MADV_XXX constants were changed to have the same values as the other architectures. New programs compiled with this glibc version and which use the madvise call will require at least Linux kernel version 6.2, alternatively stable kernels from versions 6.1.6, 5.15.87, 5.10.163, 5.4.228, 4.19.270 or 4.14.303.

• The "--disable-experimental-malloc" option is no longer available. The per-thread cache can still be disabled per-application using tunables (glibc.malloc.tcache_count set to zero).

• The configure option "--enable-tunables" has been removed. The tunable feature is now always enabled.

Changes to build and runtime requirements:

• Building libmvec on AArch64 requires at a minimum GCC 10.1.0 for SVE ACLE.

Security related changes:

CVE-2023-25139: When the printf family of functions is called with a format specifier that uses an <apostrophe> (enable grouping) and a minimum width specifier, the resulting output could be larger than reasonably expected by a caller that computed a tight bound on the buffer size. The resulting larger than expected output could result in a buffer overflow in the printf family of functions.

The following bugs are resolved with this release:

• [178] string: Please add strlcpy and strlcat (attached)
• [14697] nptl: Behavior of exit is nonconformant with respect to threads and stdio
• [15142] stdio: Missing locking in _IO_cleanup
• [18096] glob: null deref in wordexp/parse_dollars/parse_arith
• [18906] stdio: fopen: ccs value may affect open mode
• [24466] stdio: Feature request: provide special printf formats for intXX_t
• [25457] nss: hosts lookup fails for ipv4mapped ipv6 addresses
• [28519] libc: system and popen should pass "--" between /bin/sh and argument
• [29016] stdio: popen() sets errno to ENOMEM when shell does not exist
• [29591] string: wcsnlen length can overflow in page cross case.
• [30053] time: strftime %s returns -1 after 2038 on 32 bits systems
• [30068] stdio: incorrect printf output for integers with thousands separator and width field (CVE-2023-25139)
• [30111] time: support_descriptors_list fails after 2038 on 32 bits systems
• [30125] dynamic-link: [regression, bisected] glibc-2.37 creates new symlink for libraries without soname
• [30130] math: [s390] The _FPU_SETCW macro yields compile error with Clang
• [30156] time: Potential ntp_gettime abi break
• [30235] libc: Missing fallback in getlogin if loginuid is unset
• [30258] dynamic-link: sprof cannot read and display shared object profiling data correctly
• [30263] libc: Add test coverage for abs(), labs(), and llabs().
• [30305] math: Incorrect asm constraint in feraiseexcept on x86-64
• [30402] libc: FAIL: elf/tst-glibcelf
• [30425] dynamic-link: Symbol lookup during dlclose may fail unnecessarily
• [30435] dynamic-link: Root dir wrongly marked as nonexist in open_path
• [30477] libc: [RISCV]: time64 does not work on riscv32
• [30515] dynamic-link: _dl_find_object incorrectly returns 1 during early startup
• [30527] network: resolv_conf lock not unlocked on allocation failure
• [30550] math: powerpc64le: GCC-specific code for isinf() is being used on clang
• [30555] string: strerror can incorrectly return NULL
• [30579] malloc: trim_threshold in realloc lead to high memory usage
• [30662] nscd: Group and password cache use errno in place of errval

[Xi Ruoyao]

Note that we've resolved CVE-2023-25139 in LFS 11.3, so there is no need to elevate it.

[Marty Jack]

The wiki in section 2.2 discusses that CONFIG_COMPAT_32BIT_TIME should be set unless --enable-kernel=5.1 and there are no old executables.

The book should consider increasing --enable-kernel from its current recommendation of 4.14.

https://sourceware.org/glibc/wiki/Release/2.38

[Xi Ruoyao]

Replying to Marty Jack:

The wiki in section 2.2 discusses that CONFIG_COMPAT_32BIT_TIME should be set unless --enable-kernel=5.1 and there are no old executables.

The book should consider increasing --enable-kernel from its current recommendation of 4.14.

https://sourceware.org/glibc/wiki/Release/2.38

CONFIG_COMPAT_32BIT_TIME is set by make defconfig, and our policy is assuming the user won't mess up options enabled by make defconfig unless they know exactly what they are doing. The policy was established exactly during a lfs-dev discussion about CONFIG_COMPAT_32BIT_TIME.

[Xi Ruoyao]

Replying to Xi Ruoyao:

Replying to Marty Jack:

The wiki in section 2.2 discusses that CONFIG_COMPAT_32BIT_TIME should be set unless --enable-kernel=5.1 and there are no old executables.

The book should consider increasing --enable-kernel from its current recommendation of 4.14.

https://sourceware.org/glibc/wiki/Release/2.38

CONFIG_COMPAT_32BIT_TIME is set by make defconfig, and our policy is assuming the user won't mess up options enabled by make defconfig unless they know exactly what they are doing. The policy was established exactly during a lfs-dev discussion about CONFIG_COMPAT_32BIT_TIME.

And this news entry clearly states that setting --enable-kernel=5.1 will not resolve the issue because the applications may directly call the 32-bit time_t syscalls, not necessarily via Glibc.

[Bruce Dubbs]

Fixed at commit be5b2e03fc6e7382f8c012d9fdb8e29a9bbbf17c

[Bruce Dubbs]

Milestone renamed