Please send GNU C library bug reports via <http://sourceware.org/bugzilla/>
using `glibc' in the "product" field.
\f
+Version 2.20.1
+
+* The following bugs are resolved with this release:
+
+ 17266, 17370, 17371, 17460.
+\f
Version 2.20
* The following bugs are resolved with this release:
- 6804, 13347, 14770, 15347, 15514, 15804, 15894, 16002, 16198, 16284,
- 16348, 16349, 16357, 16362, 16447, 16532, 16545, 16574, 16599, 16600,
- 16609, 16610, 16611, 16613, 16619, 16623, 16629, 16632, 16634, 16639,
- 16642, 16648, 16649, 16670, 16674, 16677, 16680, 16683, 16689, 16695,
- 16701, 16706, 16707, 16712, 16713, 16714, 16731, 16739, 16740, 16743,
- 16754, 16758, 16759, 16760, 16770, 16786, 16789, 16799, 16800, 16815,
- 16824, 16831, 16838, 16854.
+ 6804, 9894, 12994, 13347, 13651, 14308, 14770, 15119, 15132, 15347, 15514,
+ 15698, 15804, 15894, 15946, 16002, 16064, 16095, 16194, 16198, 16275,
+ 16284, 16287, 16315, 16348, 16349, 16354, 16357, 16362, 16447, 16516,
+ 16532, 16539, 16545, 16561, 16562, 16564, 16574, 16599, 16600, 16609,
+ 16610, 16611, 16613, 16619, 16623, 16629, 16632, 16634, 16639, 16642,
+ 16648, 16649, 16670, 16674, 16677, 16680, 16681, 16683, 16689, 16695,
+ 16701, 16706, 16707, 16712, 16713, 16714, 16724, 16731, 16739, 16740,
+ 16743, 16754, 16758, 16759, 16760, 16770, 16786, 16789, 16791, 16796,
+ 16799, 16800, 16815, 16823, 16824, 16831, 16838, 16839, 16849, 16854,
+ 16876, 16877, 16878, 16882, 16885, 16888, 16890, 16892, 16912, 16915,
+ 16916, 16917, 16918, 16922, 16927, 16928, 16932, 16943, 16958, 16965,
+ 16966, 16967, 16977, 16978, 16984, 16990, 16996, 17009, 17022, 17031,
+ 17042, 17048, 17050, 17058, 17061, 17062, 17069, 17075, 17078, 17079,
+ 17084, 17086, 17088, 17092, 17097, 17125, 17135, 17137, 17150, 17153,
+ 17187, 17213, 17259, 17261, 17262, 17263, 17319, 17325, 17354.
+
+* Reverted change of ABI data structures for s390 and s390x:
+ On s390 and s390x the size of struct ucontext and jmp_buf was increased in
+ 2.19. This change is reverted in 2.20. The introduced 2.19 symbol versions
+ of getcontext, setjmp, _setjmp, __sigsetjmp, longjmp, _longjmp, siglongjmp
+ are preserved pointing straight to the same implementation as the old ones.
+ Given that, new callers will simply provide a too-big buffer to these
+ functions. Any applications/libraries out there that embed jmp_buf or
+ ucontext_t in an ABI-relevant data structure that have already been rebuilt
+ against 2.19 headers will have to rebuilt again. This is necessary in any
+ case to revert the breakage in their ABI caused by the glibc change.
+
+* Support for file description locks is added to systems running the
+ Linux kernel. The standard file locking interfaces are extended to
+ operate on file descriptions, not file descriptors, via the use of
+ F_OFD_GETLK, F_OFD_SETLK, and F_OFD_SETLKW. File description locks
+ are associated with an open file instead of a process.
+
+* Optimized strchr implementation for AArch64. Contributed by ARM Ltd.
+
+* The minimum Linux kernel version that this version of the GNU C Library
+ can be used with is 2.6.32.
* Running the testsuite no longer terminates as soon as a test fails.
Instead, a file tests.sum (xtests.sum from "make xcheck") is generated,
interfaces those macros enabled remain available when compiling with
_GNU_SOURCE defined, with _DEFAULT_SOURCE defined, or without any feature
test macros defined.
+
+* Optimized strcmp implementation for ARMv7. Contributed by ARM Ltd.
+
+* Added support for TX lock elision of pthread mutexes on s390 and s390x.
+ This may improve lock scaling of existing programs on TX capable systems.
+ The lock elision code is only built with --enable-lock-elision=yes and
+ then requires a GCC version supporting the TX builtins. With lock elision
+ default mutexes are elided via __builtin_tbegin, if the cpu supports
+ transactions. By default lock elision is not enabled and the elision code
+ is not built.
+
+* CVE-2014-4043 The posix_spawn_file_actions_addopen implementation did not
+ copy the path argument. This allowed programs to cause posix_spawn to
+ deference a dangling pointer, or use an unexpected pathname argument if
+ the string was modified after the posix_spawn_file_actions_addopen
+ invocation.
+
+* All supported architectures now use the main glibc sysdeps directory
+ instead of some being in a separate "ports" directory (which was
+ distributed separately before glibc 2.17).
+
+* The NPTL implementation of POSIX pthreads is no longer an "add-on".
+ On configurations that support it (all Linux configurations), it's now
+ used regardless of the --enable-add-ons switch to configure. It is no
+ longer possible to build such configurations without pthreads support.
+
+* Locale names, including those obtained from environment variables (LANG
+ and the LC_* variables), are more tightly checked for proper syntax.
+ setlocale will now fail (with EINVAL) for locale names that are overly
+ long, contain slashes without starting with a slash, or contain ".." path
+ components. (CVE-2014-0475) Previously, some valid locale names were
+ silently replaced with the "C" locale when running in AT_SECURE mode
+ (e.g., in a SUID program). This is no longer necessary because of the
+ additional checks.
+
+* On x86-64, the dynamic linker's lazy-binding support is now compatible
+ with application code using Intel MPX instructions. (With all previous
+ versions, the MPX register state could be clobbered when making calls
+ into or out of a shared library.) Note that while the new dynamic
+ linker is compatible with all known x86 hardware whether or not it
+ supports Intel MPX, some x86 instruction-set emulators might fail to
+ handle the new instruction encodings. This is known to affect Valgrind
+ versions up through 3.9 (but will be fixed in the forthcoming 3.10
+ release), and might affect other tools that do instruction emulation.
+
+* Support for loadable gconv transliteration modules has been removed.
+ The support for transliteration modules has been non-functional for
+ over a decade, and the removal is prompted by security defects. The
+ normal gconv conversion modules are still supported. Transliteration
+ with //TRANSLIT is still possible, and the //IGNORE specifier
+ continues to be supported. (CVE-2014-5119)
+
+* Decoding a crafted input sequence in the character sets IBM933, IBM935,
+ IBM937, IBM939, IBM1364 could result in an out-of-bounds array read,
+ resulting a denial-of-service security vulnerability in applications which
+ use functions related to iconv. (CVE-2014-6040)
\f
Version 2.19