* The following bugs are resolved with this release:
6804, 9894, 12994, 13347, 13651, 14308, 14770, 15119, 15132, 15347, 15514,
- 15804, 15894, 15946, 16002, 16064, 16198, 16284, 16348, 16349, 16357,
- 16362, 16447, 16516, 16532, 16545, 16564, 16574, 16599, 16600, 16609,
- 16610, 16611, 16613, 16619, 16623, 16629, 16632, 16634, 16639, 16642,
- 16648, 16649, 16670, 16674, 16677, 16680, 16683, 16689, 16695, 16701,
- 16706, 16707, 16712, 16713, 16714, 16724, 16731, 16739, 16740, 16743,
- 16754, 16758, 16759, 16760, 16770, 16786, 16789, 16791, 16796, 16799,
- 16800, 16815, 16823, 16824, 16831, 16838, 16849, 16854, 16876, 16877,
- 16878, 16885, 16888, 16890, 16912, 16915, 16916, 16917, 16922, 16927,
- 16928, 16932, 16943, 16958, 16966, 16967, 16965, 16977, 16978, 16984,
- 16990, 17009.
+ 15698, 15804, 15894, 15946, 16002, 16064, 16095, 16198, 16284, 16287,
+ 16315, 16348, 16349, 16354, 16357, 16362, 16447, 16516, 16532, 16539,
+ 16545, 16561, 16562, 16564, 16574, 16599, 16600, 16609, 16610, 16611,
+ 16613, 16619, 16623, 16629, 16632, 16634, 16639, 16642, 16648, 16649,
+ 16670, 16674, 16677, 16680, 16681, 16683, 16689, 16695, 16701, 16706,
+ 16707, 16712, 16713, 16714, 16724, 16731, 16739, 16740, 16743, 16754,
+ 16758, 16759, 16760, 16770, 16786, 16789, 16791, 16796, 16799, 16800,
+ 16815, 16823, 16824, 16831, 16838, 16849, 16854, 16876, 16877, 16878,
+ 16882, 16885, 16888, 16890, 16912, 16915, 16916, 16917, 16918, 16922,
+ 16927, 16928, 16932, 16943, 16958, 16965, 16966, 16967, 16977, 16978,
+ 16984, 16990, 16996, 17009, 17022, 17031, 17042, 17048, 17050, 17058,
+ 17061, 17062, 17069, 17075, 17079, 17084, 17086, 17092, 17097, 17125,
+ 17137.
+
+* Optimized strchr implementation for AArch64. Contributed by ARM Ltd.
* The minimum Linux kernel version that this version of the GNU C Library
can be used with is 2.6.32.
default mutexes are elided via __builtin_tbegin, if the cpu supports
transactions. By default lock elision is not enabled and the elision code
is not built.
+
+* CVE-2014-4043 The posix_spawn_file_actions_addopen implementation did not
+ copy the path argument. This allowed programs to cause posix_spawn to
+ deference a dangling pointer, or use an unexpected pathname argument if
+ the string was modified after the posix_spawn_file_actions_addopen
+ invocation.
+
+* All supported architectures now use the main glibc sysdeps directory
+ instead of some being in a separate "ports" directory (which was
+ distributed separately before glibc 2.17).
+
+* The NPTL implementation of POSIX pthreads is no longer an "add-on".
+ On configurations that support it (all Linux configurations), it's now
+ used regardless of the --enable-add-ons switch to configure. It is no
+ longer possible to build such configurations without pthreads support.
+
+* Locale names, including those obtained from environment variables (LANG
+ and the LC_* variables), are more tightly checked for proper syntax.
+ setlocale will now fail (with EINVAL) for locale names that are overly
+ long, contain slashes without starting with a slash, or contain ".." path
+ components. (CVE-2014-0475) Previously, some valid locale names were
+ silently replaced with the "C" locale when running in AT_SECURE mode
+ (e.g., in a SUID program). This is no longer necessary because of the
+ additional checks.
\f
Version 2.19