Change History (19)
comment:1 by , 3 weeks ago
follow-up: 10 comment:2 by , 3 weeks ago
m4, coreutils, gettext, maybe etc.:
sed -r '/_GL_EXTERN_C/s/w?memchr|bsearch/(&)/' -i $(find -name \*.in.h)
comment:3 by , 3 weeks ago
libxcrypt:
sed '/strchr/s/const//' -i lib/crypt-{sm3,gost}-yescrypt.c
ref. https://github.com/besser82/libxcrypt/commit/174c24d6e87aeae631bc0a7bb1ba983cf8def4de
comment:4 by , 3 weeks ago
gcc:
sed 's/char [*]q/const &/' -i ../libgomp/affinity-fmt.c
(only needed for ch. 8 because in ch. 5 and 6 libgomp is not built).
Version 0, edited 3 weeks ago by (next)
follow-up: 8 comment:7 by , 3 weeks ago
I haven't seen anything for binutils yet but this should do it:
sed 's/__collector_util_funcs.x/(&)/' -i gprofng/src/collector_module.h
ref. https://inbox.sourceware.org/binutils/mvmqztnzqrh.fsf@suse.de/
comment:8 by , 3 weeks ago
Replying to Joe Locash:
I haven't seen anything for binutils yet but this should do it:
sed 's/__collector_util_funcs.x/(&)/' -i gprofng/src/collector_module.href. https://inbox.sourceware.org/binutils/mvmqztnzqrh.fsf@suse.de/
I missed this one because I'm building with a binutils snapshot.
comment:9 by , 3 weeks ago
Replying to Xi Ruoyao:
And 5 gcc.dg/analyzer/strchr-1.c tests fail.
And also 4 libstdc++ tests, I sent a fix at https://gcc.gnu.org/pipermail/gcc-patches/2026-January/706696.html but it needs a revision.
comment:10 by , 3 weeks ago
Replying to Xi Ruoyao:
m4, coreutils, gettext, maybe etc.:
sed -r '/_GL_EXTERN_C/s/w?memchr|bsearch/(&)/' -i $(find -name \*.in.h)
Same for libunistring (it's in BLFS).
comment:11 by , 3 weeks ago
follow-up: 19 comment:12 by , 3 weeks ago
| Priority: | normal → high |
|---|
This update fixes four CVEs:
- CVE-2025-0395: assert: Buffer overflow when printing assertion failure message
- CVE-2025-5702: power10: strcmp fails to save and restore nonvolatile vector
- CVE-2025-5745: power10: strncmp fails to save and restore nonvolatile vector
- CVE-2025-8058: posix: Fix double-free after allocation failure in regcomp
I don't know the ratings of these, yet.
follow-up: 14 comment:13 by , 3 weeks ago
For firefox I came up with:
sed -e '69d;93,97d' -i third_party/rust/glslopt/glsl-optimizer/include/c11/threads_posix.h
NEWSHA256=`sha256sum third_party/rust/glslopt/glsl-optimizer/include/c11/threads_posix.h | awk '{ print $1 }'`
sed 's/"f8ad2b6[^"]*/"'"$NEWSHA256"'/' -i third_party/rust/glslopt/.cargo-checksum.json
sed -e '106,108d' -i security/sandbox/chromium/sandbox/linux/system_headers/linux_seccomp.h
For thunderbird use comm/third_party
comment:14 by , 3 weeks ago
Replying to Joe Locash:
For firefox I came up with:
[deleted]
I think this is a case where a patch would be better.
comment:16 by , 2 weeks ago
Version 2.43
Major new features:
- The ISO C23 free_sized, free_aligned_sized, memset_explicit, and memalignment functions have been added.
- As specified in ISO C23, the assert macro is defined to take variable arguments to support expressions with a comma inside a compound literal initializer not surrounded by parentheses.
- For ISO C23, the functions bsearch, memchr, strchr, strpbrk, strrchr, strstr, wcschr, wcspbrk, wcsrchr, wcsstr and wmemchr that return pointers into their input arrays now have definitions as macros that return a pointer to a const-qualified type when the input argument is a pointer to a const-qualified type.
- The ISO C23 typedef names long_double_t, _Float32_t, _Float64_t, and (on platforms supporting _Float128) _Float128_t, introduced in TS 18661-3:2015, have been added to <math.h>.
- The ISO C23 optional time bases TIME_MONOTONIC, TIME_ACTIVE, and TIME_THREAD_ACTIVE have been added.
- On Linux, the mseal function has been added. It allows for sealing memory mappings to prevent further changes during process execution, such as changes to protection permissions, unmapping, relocation to another location, or shrinking the size.
- Additional optimized and correctly rounded mathematical functions have been imported from the CORE-MATH project, in particular acosh, asinh, atanh, erf, erfc, lgamma, and tgamma.
- Optimized implementations for fma, fmaf, remainder, remaindef, frexpf, frexp, frexpl (binary128), and frexpl (intel96) have been added.
- The SVID handling for acosf, acoshf, asinhf, atan2f, atanhf, coshf, fmodf, lgammaf/lgammaf_r, log10f, remainderf, sinhf, sqrtf, tgammaf, y0/j0, y1/j1, and yn/jn was moved to compat symbols, allowing improvements in performance.
- Experimental support for building with clang has been added. It requires at least clang version 18, aarch64-linux-gnu or x86_64-linux-gnu targets, and a libgcc compatible runtime (including libgcc_s.so for pthread cancellation and backtrace runtime support).
- On Linux, the openat2 function has been added. It is an extension of openat and provides a superset of its functionality. It is supported only in LFS mode and is a cancellable entrypoint.
- On AArch64, support for 2MB transparent huge pages has been enabled by default in malloc (similar to setting glibc.malloc.hugetlb=1 tunable).
- On AArch64 Linux targets supporting the Scalable Matrix Extension (SME), the clone() system call wrapper will disable the ZA state of the SME.
- On AArch64 targets supporting the Branch Target Identification (BTI) extension, it is possible to enforce that all binaries in the process support BTI using the glibc.cpu.aarch64_bti tunable.
- On AArch64 Linux targets supporting at least one of the branch protection extensions (e.g. Branch Target Identification or Guarded Control Stack), it is possible to use LD_DEBUG=security to make the dynamic linker show warning messages about loaded binaries that do not support the corresponding security feature.
- On AArch64, vector variants of the new C23 exp2m1, exp10m1, log10p1, log2p1, and rsqrt routines have been added.
- On RISC-V, an RVV-optimized implementation of memset has been added.
- On x86, support for the Intel Nova Lake and Wildcat Lake processors has been added.
- The test suite has seen significant improvements in particular around the scanf, strerror, strsignal functions and multithreaded testing.
- Unicode support has been updated to Unicode 17.0.0.
- The manual has been updated and modernized, in particular also regarding many of its code examples.
Deprecated and removed features, and other changes affecting compatibility:
- Support for dumped heaps has been removed. malloc_set_state() now always returns the error code -1.
- The aforementioned change in ISO C23 of the declaration of bsearch, memchr, strchr, strpbrk, strrchr, strstr, wcschr, wcspbrk, wcsrchr, wcsstr, and wmemchr as const-preserving macros can lead to compilation issues in code not set up for it. In particular, gnulib snapshots may need to be updated.
- The uimaxabs function has been renamed to umaxabs, following a change to the name of that function in ISO C2Y. The old function continues to exist as a compatibility symbol for old binaries.
- The fromfp, fromfpx, ufromfp and ufromfpx functions, and the corresponding functions for other floating-point types, now return their result in the same type as their floating-point argument, rather than intmax_t or uintmax_t, in accordance with a change to the definition of these functions in ISO C23. Existing binaries that use the versions returning intmax_t or uintmax_t will continue to work.
- The support for TX lock elision of pthread mutexes has been removed on all architectures (powerpc, s390x, x86_64).
- The next linux 6.19 release will remove support for compat syscalls on s390x. Therefore the s390-linux-gnu (31bit) configuration is deprecated in the glibc 2.43 release and will then be removed with glibc 2.44 release. Note that s390x-linux-gnu (64bit) remains supported.
Changes to build and runtime requirements:
- The LD_PROFILE functionality no longer has a default directory for the profile data it writes. Instead, developers are required to set a directory explicitly using the LD_PROFILE_OUTPUT environment variable. To restore the previous, insecure behavior, processes can be run with LD_PROFILE_OUTPUT=/var/tmp.
Security related changes:
The following CVEs were fixed in this release, details of which can be found in the advisories directory of the release tarball:
GLIBC-SA-2026-0001:
Integer overflow in memalign leads to heap corruption
(CVE-2026-0861)
GLIBC-SA-2026-0002:
getnetbyaddr and getnetbyaddr_r leak stack contents to DNS resovler
(CVE-2026-0915)
GLIBC-SA-2026-0003:
wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized
memory (CVE-2025-15281)
The following bugs were resolved with this release:
[15503] math: [arm] Support ARM VFPv4 VFMA instruction in fma
[20473] manual: Missing word in stack allocation documentation.
[24657] manual: Two mistakes in manual index
[25669] dynamic-link: Provide extra information when a found library
file is not suitable
[28038] stdio: getdelim()/getline() does not add NUL terminator if
first character is EOF.
[28267] nptl: nptl: pthread_exit should set cancellation type and
state
[28327] math: Wrong return type for {,u}fromfp{,x} functions
[28376] libc: [meta] Build glibc with Clang
[29326] math: Usage of double in sqrtf
[30635] glob: stack-overflow /build/glibc-
SzIz7B/glibc-2.31/posix/../posix/glob.c:546:9 in glob64
[31470] libc: inttypes.h provides incorrect macro definitions
[31664] libc: rfe: please provide openat2()
[31943] dynamic-link: _dl_find_object can fail if ld.so contains gaps
between load segments
[32339] build: iconv functions do not follow symlinks
[32378] libc: Implement memset_explicit
[32583] libc: setup_vdso doesn't support two PT_LOAD segments if one
of them has zero-vaddr
[32994] libc: pthread_rwlock_init reinitialisation during calls to
fork()
[33093] manual: Typo in section 16.9.8 Out-of-Band Data of the manual
[33129] dynamic-link: Need a version tag to indicate that glibc has
working GNU2 TLS support
[33182] build: Some tests leave random directories under /tmp
[33190] localedata: localedata: Add en_SE for ISO8601 date and time
[33212] dynamic-link: Add GLIBC_ABI_DT_X86_64_PLT version to indicate
x86_64 psABI compliance for DT_X86_64_PLT* support
[33221] dynamic-link: Add GLIBC_ABI_GNU_TLS version to indicate the
working GNU TLS run-time
[33227] network: namespace violation in inet-fortified.h
[33234] libc: s390: Test tst-locale1 fails on s390 32-bit
[33245] nptl: nptl: error in internal cancellation syscall handling,
corrupting copy_file_range syscall return value
[33254] libc: tst-freopen4-mem and tst-freopen64-4-mem FAIL
[33286] build: Test failure with glibc built with -mno-direct-extern-
access
[33289] localedata: Update locale data to Unicode 17.0.0
[33300] stdio: strip --strip-unneeded "breaks" libc.a (causing
segfault in Rust programs linked libc statically)
[33311] build: Testing failure with clang
[33312] build: Disable -Wimplicit-fallthrough for clang
[33318] build: -c shouldn't be passed to LIBC_TRY_TEST_CC_OPTION
[33325] libc: ISO C2y renamed s/uimaxabs/umaxabs/
[33340] libc: Possible regression in 2.42 termios refactoring re non-
standard baud rate
[33356] nptl: creating thread stack with guardsize 0 can erroneously
conclude MADV_GUARD_INSTALL is available
[33361] nss: Group merge does not handle ERANGE during merge
[33376] build: GCC 16 fails to build glibc when configured with
--disable-default-pie --enable-profile
[33404] dynamic-link: ld.so crashes when compiled with -Os and
configured with --enable-stack-protector=all
[33405] math: Optimize modf/modff for x86_64-v2 aren't compiled with
-fsignaling-nans
[33411] math: powl() raises spurious overflow
[33425] build: setfpucw.c:25:17: error: variable ‘cw’ set but not used
[-Werror=unused-but-set-variable=]
[33519] nss: getXXX API fails for turkish locale if nsswitch.conf
contains "i"
[33542] libc: x86: wmemset ifunc: stray '!' causing SSE2
[33547] libc: microblaze: wrong __syscall_cancel_arch after
89b53077d2a58f00e7debdfe58afabe953dac60d
[33563] math: powf() fails for 0x1p+8192 ^ 1.0
[33586] math: [2.43 Regression] FAIL: math/test-float64x-pow
[33619] math: [2.43 Regression] Many math test failures on x86-64
[33627] libc: execvp reads uninitialized memory
[33632] nptl: Incorrect USE_64B_ATOMICS usage on struct new_sem
[33653] time: __fts64_children_time64 Does Not Support 2038 Problem
[33677] math: [2.43 Regression] Many math test failures
[33715] nptl: nptl: pthread_create might act as a cancellation
entrypoint
[33717] nptl: nptl:
pthread_join/pthread_timedjoin_np/pthread_clockjoin_np might not act
as cancellation entrypoint
[33752] manual: Doc incorrectly says double and long double may not be
distinct
[33814] glob: wordexp with WRDE_REUSE and WRDE_APPEND may return
uninitialized memory
comment:19 by , 11 days ago
Replying to zeckma:
This update fixes four CVEs:
- CVE-2025-0395: assert: Buffer overflow when printing assertion failure message
- CVE-2025-5702: power10: strcmp fails to save and restore nonvolatile vector
- CVE-2025-5745: power10: strncmp fails to save and restore nonvolatile vector
- CVE-2025-8058: posix: Fix double-free after allocation failure in regcomp
I don't know the ratings of these, yet.
These vulnerabilities are actually for 2.42. 2.43's CVEs fixed are:
GLIBC-SA-2026-0001:
Integer overflow in memalign leads to heap corruption (CVE-2026-0861)
GLIBC-SA-2026-0002:
getnetbyaddr and getnetbyaddr_r leak stack contents to DNS resovler (CVE-2026-0915)
GLIBC-SA-2026-0003:
wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory (CVE-2025-15281)
Note:
See TracTickets
for help on using tickets.
Note that I'm expecting a not so small number of packages those we need to adjust, as I've noted in glibc wiki.
I've not started the rebuild yet but I'll do it very soon.