#4207: glibc-2.27
----------------------+-------------------------
 Reporter:  bdubbs@…  |       Owner:  lfs-book@…
     Type:  task      |      Status:  new
 Priority:  normal    |   Milestone:  8.2
Component:  Book      |     Version:  SVN
 Severity:  normal    |  Resolution:
 Keywords:            |
----------------------+-------------------------

Comment (by bdubbs@…):

 Version 2.27

 Major new features:

 {{{
 * The GNU C Library can now be compiled with support for building static
   PIE executables (See --enable-static-pie in INSTALL).  These static PIE
   executables are like static executables but can be loaded at any address
   and provide additional security hardening benefits at the cost of some
   memory and performance.  When the library is built with --enable-static-
 pie
   the resulting libc.a is usable with GCC 8 and above to create static PIE
   executables using the GCC option '-static-pie'.  This feature is
 currently
   supported on i386, x86_64 and x32 with binutils 2.29 or later, and on
   aarch64 with binutils 2.30 or later.

 * Optimized x86-64 asin, atan2, exp, expf, log, pow, atan, sin, cosf,
   sinf, sincosf and tan with FMA, contributed by Arjan van de Ven and
   H.J. Lu from Intel.

 * Optimized x86-64 trunc and truncf for processors with SSE4.1.

 * Optimized generic expf, exp2f, logf, log2f, powf, sinf, cosf and
 sincosf.

 * In order to support faster and safer process termination the malloc API
   family of functions will no longer print a failure address and stack
   backtrace after detecting heap corruption.  The goal is to minimize the
   amount of work done after corruption is detected and to avoid potential
   security issues in continued process execution.  Reducing shutdown time
   leads to lower overall process restart latency, so there is benefit both
   from a security and performance perspective.

 * The abort function terminates the process immediately, without flushing
   stdio streams.  Previous glibc versions used to flush streams, resulting
   in deadlocks and further data corruption.  This change also affects
   process aborts as the result of assertion failures.

 * On platforms where long double has the IEEE binary128 format (aarch64,
   alpha, mips64, riscv, s390 and sparc), the math library now implements
   _Float128 interfaces for that type, as defined by ISO/IEC TS
 18661-3:2015.
   These are the same interfaces added in version 2.26 for some platforms
 where
   this format is supported but is not the format of long double.

 * On platforms with support for _Float64x (aarch64, alpha, i386, ia64,
   mips64, powerpc64le, riscv, s390, sparc and x86_64), the math library
 now
   implements interfaces for that type, as defined by ISO/IEC TS
   18661-3:2015.  These are corresponding interfaces to those supported for
   _Float128.

 * The math library now implements interfaces for the _Float32, _Float64
 and
   _Float32x types, as defined by ISO/IEC TS 18661-3:2015.  These are
   corresponding interfaces to those supported for _Float128.

 * glibc now implements the memfd_create and mlock2 functions on Linux.

 * Support for memory protection keys was added.  The <sys/mman.h> header
 now
   declares the functions pkey_alloc, pkey_free, pkey_mprotect, pkey_set,
   pkey_get.

 * The copy_file_range function was added.

 * Optimized memcpy, mempcpy, memmove, and memset for sparc M7.

 * The ldconfig utility now processes `include' directives using the
 C/POSIX
   collation ordering.  Previous glibc versions used locale-specific
   ordering, the change might break systems that relied on that.

 * Support for two grammatical forms of month names has been added.
   In a call to strftime, the "%B" and "%b" format specifiers will now
   produce the grammatical form required when the month is used as part
   of a complete date.  New "%OB" and "%Ob" specifiers produce the form
   required when the month is named by itself.  For instance, in Greek
   and in many Slavic and Baltic languages, "%B" will produce the month
   in genitive case, and "%OB" will produce the month in nominative case.

   In a call to strptime, "%B", "%b", "%h", "%OB", "%Ob", and "%Oh"
   are all valid and will all accept any known form of month
   name---standalone or complete, abbreviated or full.  In a call to
   nl_langinfo, the query constants MON_1..12 and ABMON_1..12 return
   the strings used by "%B" and "%b", respectively.  New query
   constants ALTMON_1..12 and _NL_ABALTMON_1..12 return the strings
   used by "%OB" and "%Ob", respectively.

   In a locale definition file, use "alt_mon" and "ab_alt_mon" to
   define the strings for %OB and %Ob, respectively; these have the
   same syntax as "mon" and "abmon".  These arrays are optional; if they
   are not provided then they have the same content as "mon" and "abmon",
   respectively.
   These features are provided for locales which define "alt_mon" and/or
   "ab_alt_mon" in their locale source data.  This release includes such
   alternative month name data for the following languages: Belarusian,
   Croatian, Greek, Lithuanian, Polish, Russian, and Ukrainian.

   This feature is currently a GNU extension, but it is expected to
   be added to the next revision of POSIX, and it is also already
   available on some BSD-derived operating systems.

   This feature will cause existing statically compiled applications
   to fail to load locales and fall back to the builtin C/POSIX locales.
   See notes below for other changes affecting compatibility.

 * Support for the RISC-V ISA running on Linux has been added.  This port
   requires at least binutils-2.30, gcc-7.3.0, and linux-4.15; and is
 supported
   for the following ISA and ABI pairs:

     - rv64imac lp64
     - rv64imafdc lp64
     - rv64imafdc lp64d

 Deprecated and removed features, and other changes affecting
 compatibility:

 * Statically compiled applications attempting to load locales compiled for
 the
   GNU C Library version 2.27 will fail and fall back to the builtin
 C/POSIX
   locale.  The reason for this is that the addition of the new "%OB" and
 "%Ob",
   support for two grammatical forms of the month names, also extends the
 locale
   data binary format.  Static applications needing locale support must be
   recompiled to match the runtime and data they are deployed with. In some
   distributions there is an upgrade window where dynamically linked
 applications
   may use a new library but the old locale data and also fall back to the
   builtin C/POSIX locales; restarting the application process is
 sufficient to
   fix this.

 * Support for statically linked applications which call dlopen is
 deprecated
   and will be removed in a future version of glibc.  Applications which
 call
   dlopen need to be linked dynamically instead.

 * Support for old programs which use internal stdio data structures and
   functions is deprecated.  This includes programs which use the C++
 streams
   provided by libstdc++ in GCC 2.95.  Programs which use the internal
   symbols _IO_adjust_wcolumn, _IO_default_doallocate, _IO_default_finish,
   _IO_default_pbackfail, _IO_default_uflow, _IO_default_xsgetn,
   _IO_default_xsputn, _IO_doallocbuf, _IO_do_write, _IO_file_attach,
   _IO_file_close, _IO_file_close_it, _IO_file_doallocate, _IO_file_fopen,
   _IO_file_init, _IO_file_jumps, _IO_fileno, _IO_file_open,
   _IO_file_overflow, _IO_file_read, _IO_file_seek, _IO_file_seekoff,
   _IO_file_setbuf, _IO_file_stat, _IO_file_sync, _IO_file_underflow,
   _IO_file_write, _IO_file_xsputn, _IO_flockfile, _IO_flush_all,
   _IO_flush_all_linebuffered, _IO_free_backup_area, _IO_free_wbackup_area,
   _IO_init, _IO_init_marker, _IO_init_wmarker, _IO_iter_begin,
 _IO_iter_end,
   _IO_iter_file, _IO_iter_next, _IO_least_wmarker, _IO_link_in,
   _IO_list_all, _IO_list_lock, _IO_list_resetlock, _IO_list_unlock,
   _IO_marker_delta, _IO_marker_difference, _IO_remove_marker,
 _IO_seekmark,
   _IO_seekwmark, _IO_str_init_readonly, _IO_str_init_static,
   _IO_str_overflow, _IO_str_pbackfail, _IO_str_seekoff, _IO_str_underflow,
   _IO_switch_to_main_wget_area, _IO_switch_to_wget_mode,
   _IO_unsave_wmarkers, _IO_wdefault_doallocate, _IO_wdefault_finish,
   _IO_wdefault_pbackfail, _IO_wdefault_setbuf, _IO_wdefault_uflow,
   _IO_wdefault_xsgetn, _IO_wdefault_xsputn, _IO_wdoallocbuf,
 _IO_wdo_write,
   _IO_wfile_jumps, _IO_wfile_overflow, _IO_wfile_sync,
 _IO_wfile_underflow,
   _IO_wfile_xsputn, _IO_wmarker_delta, or _IO_wsetb may stop working with
 a
   future version of glibc.  Unlike other symbol removals, these old
   applications will not be supported using compatibility symbols.

 * On GNU/Linux, the obsolete Linux constant PTRACE_SEIZE_DEVEL is no
 longer
   defined by <sys/ptrace.h>.

 * libm no longer supports SVID error handling (calling a user-provided
   matherr function on error) or the _LIB_VERSION variable to control error
   handling.  (SVID error handling and the _LIB_VERSION variable still work
   for binaries linked against older versions of the GNU C Library.)  The
   libieee.a library is no longer provided.  math.h no longer defines
 struct
   exception, or the macros X_TLOSS, DOMAIN, SING, OVERFLOW, UNDERFLOW,
   TLOSS, PLOSS and HUGE.

 * The libm functions pow10, pow10f and pow10l are no longer supported for
   new programs.  Programs should use the standard names exp10, exp10f and
   exp10l for these functions instead.

 * The mcontext_t type is no longer the same as struct sigcontext.  On
   platforms where it was previously the same, this changes the C++ name
   mangling for interfaces involving this type.

 * The add-ons mechanism for building additional packages at the same time
 as
   glibc has been removed.  The --enable-add-ons configure option is now
   ignored.

 * The --without-fp configure option is now ignored.  Whether hardware
   floating-point instructions are used is now configured based on whether
   the compiler used at configure time (without any options implied by a
   --with-cpu= configure option) uses such instructions.

 * The res_hnok, res_dnok, res_mailok and res_ownok functions now check
 that
   the specified string can be parsed as a domain name.

 * In the malloc_info output, the <heap> element may contain another
 <aspace>
   element, "subheaps", which contains the number of sub-heaps.

 * The libresolv function p_secstodate is no longer supported for new
   programs.

 * The tilepro-*-linux-gnu configuration is no longer supported.

 * The nonstandard header files <libio.h> and <_G_config.h> are deprecated
   and will be removed in a future release.  Software that is still using
   either header should be updated to use standard <stdio.h> interfaces
   instead.

   libio.h was originally the header for a set of supported GNU extensions,
   but they have not been maintained as such in many years, they are now
   standing in the way of improvements to stdio, and we don't think there
 are
   any remaining external users.  _G_config.h was never intended for public
   use, but predates the bits convention.

 Changes to build and runtime requirements:

 * bison version 2.7 or later is required to generate code in the 'intl'
   subdirectory.

 Security related changes:

   CVE-2009-5064: The ldd script would sometimes run the program under
   examination directly, without preventing code execution through the
   dynamic linker.  (The glibc project disputes that this is a security
   vulnerability; only trusted binaries must be examined using the ldd
   script.)

   CVE-2017-15670: The glob function, when invoked with GLOB_TILDE,
   suffered from a one-byte overflow during ~ operator processing (either
   on the stack or the heap, depending on the length of the user name).
   Reported by Tim Rühsen.

   CVE-2017-15671: The glob function, when invoked with GLOB_TILDE,
   would sometimes fail to free memory allocated during ~ operator
   processing, leading to a memory leak and, potentially, to a denial
   of service.

   CVE-2017-15804: The glob function, when invoked with GLOB_TILDE and
   without GLOB_NOESCAPE, could write past the end of a buffer while
   unescaping user names.  Reported by Tim Rühsen.

   CVE-2017-17426: The malloc function, when called with an object size
 near
   the value SIZE_MAX, would return a pointer to a buffer which is too
 small,
   instead of NULL.  This was a regression introduced with the new malloc
   thread cache in glibc 2.26.  Reported by Iain Buclaw.

   CVE-2017-1000408: Incorrect array size computation in _dl_init_paths
 leads
   to the allocation of too much memory.  (This is not a security bug per
 se,
   it is mentioned here only because of the CVE assignment.)  Reported by
   Qualys.

   CVE-2017-1000409: Buffer overflow in _dl_init_paths due to
 miscomputation
   of the number of search path components.  (This is not a security
   vulnerability per se because no trust boundary is crossed if the fix for
   CVE-2017-1000366 has been applied, but it is mentioned here only because
   of the CVE assignment.)  Reported by Qualys.

   CVE-2017-16997: Incorrect handling of RPATH or RUNPATH containing
 $ORIGIN
   for AT_SECURE or SUID binaries could be used to load libraries from the
   current directory.

   CVE-2018-1000001: Buffer underflow in realpath function when getcwd
 function
   succeeds without returning an absolute path due to unexpected behaviour
   of the Linux kernel getcwd syscall.  Reported by halfdog.

   CVE-2018-6485: The posix_memalign and memalign functions, when called
 with
   an object size near the value of SIZE_MAX, would return a pointer to a
   buffer which is too small, instead of NULL.  Reported by Jakub Wilk.

 The following bugs are resolved with this release:

   [866] glob: glob should match dangling symlinks
   [1062] glob: sysdeps/generic/glob.c merge from gnulib (part 3 of 3)
   [2522] localedata: ca_ES@valencia: new Valencian (meridional Catalan)
     locale
   [5997] math: Very slow execution of sinf function
   [10580] localedata: hr_HR: updated locale
   [10871] locale: 'mon' array should contain both nominative and genitive
     cases
   [12349] localedata: eu_ES: incorrect thousands separator
   [13605] localedata: shn_MM: new Shan locale
   [13805] localedata: ru_RU: currency should use ',' as radix point
   [13953] localedata: km_KH: locale update
   [13994] localedata: mjw_IN: new locale
   [14121] build: make writes .mo files in po directory
   [14333] libc: Fix the race between atexit() and exit()
   [14681] dynamic-link: _dl_get_origin leaks memory via executable link
 map.
   [14925] localedata: bn_*: LC_IDENTIFICATION.language key should be
     "Bangla"
   [15260] localedata: LC_MESSAGES.{yes,no}{str,expr}: various errors
   [15261] localedata: LC_MESSAGES.yesexpr/noexpr: inconsistent use of
 full-
     width Latin characters
   [15332] localedata: es_CU: locale update
   [15436] stdio: Don't close or flush stdio streams on abort
   [15537] localedata: lv_LV: invalid collation for Latvian diacritical
     letters
   [16148] localedata: ca_ES: incorrect thousands separator
   [16750] dynamic-link: ldd should not try to execute the binaries
     (CVE-2009-5064)
   [16777] localedata: pl_PL: incorrect thousands separator in locale
   [16905] localedata: hanzi: new collation
   [17563] localedata: cmn_TW: add hanzi collation
   [17750] localedata: wrong collation order of diacritics in most locales
   [17804] libc: scandirat fails with ENOMEM because it checks for errno
 even
     if malloc succeeded
   [17956] build: Build fails on missing definitions from header file
     nss/nss.h when Mozilla NSS is used for cryptography
   [18203] libc: realpath() does not handle unreachable paths correctly
   [18572] dynamic-link: [arm] Lazy TLSDESC relocation has data race
   [18812] localedata: kab_DZ: new Kabyle Algeria locale
   [18822] libc: Internal functions are called via PLT
   [18858] string: _HAVE_STRING_ARCH_xxx aren't defined for i386 nor x86_64
   [19170] libc: __gmon_start__ defined in hppa in crtn.S
   [19574] libc: glibc should support building static PIE binaries
   [19852] localedata: charmaps/UTF-8: incorrect wcwidth for U+3099 and
     U+309A
   [19971] glob: glob: Do not skip entries with zero d_ino values
   [19982] localedata: fr.po: spelling mistake for error code EXDEV
   [20008] localedata: km_KH: convert to translit_neutral
   [20009] localedata: tr_TR: convert LC_CTYPE to i18n
   [20142] math: [x86_64] Add SSE4.1 trunc, truncf
   [20204] dynamic-link: _dl_open_hook and _dlfcn_hook hardening
   [20482] localedata: de_CH: abbreviated weekdays should be two letters
   [20498] localedata: miq_NI: new Mískitu / Miskito (miq) language locale
     for Nicaragua
   [20532] nss: getaddrinfo uses errno and h_errno without guaranteeing
     they're set, wrong errors returned by gaih_inet when lookup functions
     are not found.
   [20756] localedata: [PATCH] Use Unicode wise thousands separator
   [20826] network: posix/tst-getaddrinfo5 fails on hosts without network
     access
   [20952] localedata: yuw_PG: new locale
   [21084] localedata: charmaps/IBM858: new codepage
   [21161] manual: [PATCH] fix typo in manual/arith.texi on strtoul
 prototype
   [21242] libc: assert gives pedantic warning in old gcc versions
   [21265] dynamic-link: _dl_runtime_resolve isn't compatible with Intel
 C++
     __regcall calling convention
   [21309] math: signed integer overflow in sysdeps/ieee754/dbl-64/e_pow.c
   [21326] libc: C99 functions are not declared for C++11 and later if
     _GNU_SOURCE is not predefined by g++
   [21457] libc: sys/ucontext.h namespace
   [21530] libc: tmpfile() should be implemented using O_TMPFILE
   [21660] math: GCC fails to compile a formula with tgmath.h
   [21672] nptl: sys-libs/glibc on ia64 crashes on thread exit: signal
     SIGSEGV, Segmentation fault: pthread_create.c:432: __madvise
     (pd->stackblock, freesize - PTHREAD_STACK_MIN, MADV_DONTNEED);
   [21684] math: tgmath.h handling of complex integers
   [21685] math: tgmath.h handling of bit-fields
   [21686] math: tgmath.h handling of __int128
   [21706] localedata: yesstr and nostr  are missing for Breton
 [LC_MESSAGES]
     locale
   [21745] libc: [powerpc64le] Extra PLT reference with --enable-stack-
     protector=all
   [21750] localedata: column width of characters incompatible with
 classical
     wcwidth
   [21754] malloc: malloc: Perform as little work as possible after heap
     consistency check failures
   [21780] libc: hppa: p{read,write}v2 does not set ENOSUP on invalid flag
   [21790] libc: Missing __memset_zero_constant_len_parameter in libc.so
   [21791] string: Unused XXX_chk_XXX functions in libc.a
   [21815] dynamic-link: FAIL: elf/tst-prelink-cmp with GCC is defaulted to
     PIE
   [21836] localedata: Removed redundant data (LC_MONETARY) in various
 Indian
     locales
   [21845] localedata: Added new Locale bho_NP
   [21853] localedata: Fix abday Which looks same as day in zh_SG
   [21854] localedata: Added New Locale en_SC
   [21864] libc: xmalloc.o is compiled with -DMODULE_NAME=libc
   [21871] dynamic-link: _dl_runtime_resolve_avx_opt is slower than
     _dl_runtime_resolve_avx_slow
   [21885] network: getaddrinfo: gethosts does not release resolver context
     on memory allocation failure
   [21899] libc: XPG4.2 sigaction namespace
   [21908] dynamic-link: dynamic linker broke on ia64 (mmap2 consolidation
 is
     the suspect)
   [21913] libc: static binaries SIGSEGV in __brk when host's gcc is pie-
 by-
     default (i386)
   [21915] nss: nss_files can return with NSS_STATUS_SUCCESS and a
 clobbered
     errno value, causing getaddrinfo to fail
   [21920] localedata: Fix p_cs_precedes/n_cs_precedes for mt_MT
   [21922] network: getaddrinfo with AF_INET/AF_INET6 returns EAI_NONAME
     instead of EAI_NODATA
   [21928] libc: sys/ptrace.h: remove obsolete temporary development Linux
     constant PTRACE_SEIZE_DEVEL
   [21930] math: C-only gcc builtins used in <math.h> isinf
   [21932] network: Unpaired __resolv_context_get in generic get*_r
     implementation
   [21941] math: powerpc: Wrong register constraint for xssqrtqp in
 sqrtf128
   [21944] libc: sigval namespace
   [21951] localedata: Update hanzi collation by stroke
   [21955] math: Wrong alignment of  L(SP_RANGE)/L(SP_INF_0) in
     sysdeps/x86_64/fpu/e_expf.S
   [21956] libc: Stack allocation in MIPS syscall impl (ubounded stack
     allocation in syscall loops)
   [21959] localedata: Fix Country name for xh_ZA
   [21960] localedata: Fix abmon for bem_ZM
   [21966] math: AVX2 mathvec functions use FMA without checking
   [21967] math: When 512-bit AVX2 wrapper functions in mathvec are used?
   [21971] localedata: Added New Locale for mfe_MU
   [21972] libc: assert macro requires operator== (int) for its argument
 type
   [21973] math: [sparc] libm missing sqrtl compat symbol
   [21974] libc: Remove __bb_init_func and __bb_exit_func
   [21982] string: stratcliff.c: error: assuming signed overflow does not
     occur with -O3
   [21986] stdio: __guess_grouping is called incorrectly
   [21987] math: [sparc32] wrong bits/long-double.h installed
   [22019] localedata: Wrong placement of monetary symbol in el_GR
 (negative
     amounts)
   [22022] localedata: Missing country_name for mni_IN
   [22023] localedata: Removed redundant data (LC_TIME and LC_MESSAGES) for
     niu_NZ
   [22025] locale: iconv: Inconsistency between pointer mangling and NULL
     checks
   [22026] locale: iconv_open: heap overflow on gconv_init failure
   [22028] math: bits/math-finite.h _MSUF_ expansion namespace
   [22035] math: [m68k] bits/math-inline.h macro namespace
   [22038] localedata: Fix abbreviated weeks and months for Somali
   [22044] localedata: Remove redundant data for Limburgish Language
   [22050] malloc: Linking with -lmcheck does not hook
     __malloc_initialize_hook correctly
   [22051] libc: zero terminator in the middle of glibc's .eh_frame
   [22052] malloc: malloc failed to compile with GCC 7 and -O3
   [22070] localedata: charmaps/UTF-8: wcwidth for
     Prepended_Concatenation_Mark codepoints set to 0 (should be 1)
   [22074] localedata: charmaps/UTF-8: wcwidth for U+1160-U+11FF (Hangul
     Jungseong and Jongseong) should be 0
   [22078] nss: nss_files performance issue in multi mode
   [22082] math: bits/math-finite.h exp10 condition
   [22086] libc: pcprofiledump incorrect cross-endian condition
   [22093] dynamic-link: ld.so no longer searches in .../x86_64
   [22095] network: Name server address allocation memory leak in
 resolv.conf
     parsing after OOM
   [22096] network: __resolv_conf_attach can incorrectly free passed conf
     object
   [22100] localedata: om_KE: LC_TIME: copy redundant data from om_ET
   [22101] dynamic-link: Dynamic loader must ignore "debug" shared objects
     e.g. ET_GNU_DEBUG_*
   [22111] malloc: malloc: per thread cache is not returned when thread
 exits
   [22112] localedata: Fix LC_TELEPHONE/LC_NAME for az_AZ
   [22134] libc: [linux] implement fexecve with execveat
   [22142] libc: [powerpc] printf oupts a wrong value of DBL_MAX on ppc64
 and
     ppc64le
   [22145] libc: ttyname() gives up too early in the face of namespaces
   [22146] math: C++ build issue with float128 on x86_64
   [22153] nptl: nptl: save error code before process termination
   [22156] libc: [hppa,ia64,microblaze] Executable stack default
   [22159] malloc: malloc: MALLOC_CHECK_ broken with --enable-tunables=no
   [22161] nscd: nscd cache prune for netgroups hangs after timeout bump
   [22165] libc: [hppa] Text relocations in libc.so
   [22180] libc: destructor registered via __cxa_atexit is called twice
   [22183] glob: commit 5554304f0ddd ("posix: Allow glob to match dangling
     symlinks") cause "make" segfaults
   [22189] math: [powerpc] math_private.h definitions of math_opt_barrier
 and
     math_force_eval
   [22207] libc: FAIL: stdlib/test-atexit-race
   [22225] math: nearbyint arithmetic moved before feholdexcept
   [22229] math: [sparc32] missing copysignl, fabsl, fmal compat symbols
   [22235] math: iscanonical in C++ and float128
   [22243] math: log2(0) and log10(0) are wrong in downward rounding
 without
     the svid compat wrapper
   [22244] math: ynf and yn are wrong without the svid compat wrapper
   [22273] libc: Improper assert in Linux posix_spawn implementation
   [22284] libc: -pg -pie doesn't work
   [22292] locale: localedef exits with error 4 when it should be error 1
   [22294] locale: Allow "" for int_currency_symbol definition in locales.
   [22295] locale: Don't warn on non-symbolic characters in locale sources
 in
     --verbose.
   [22296] math: glibc 2.26: signbit build issue with Gcc 5.5.0 on x86_64
   [22298] nptl: x32: lockups on recursive pthread_mutex_lock after upgrade
     to 2.26
   [22299] dynamic-link: Problem with $PLATFORM on x86_64 platform
   [22320] glob: Buffer overflow in glob with GLOB_TILDE (CVE-2017-15670)
   [22321] libc: sysconf(_SC_IOV_MAX) returns -1 on Linux
   [22322] libc: [mips64] wrong bits/long-double.h installed
   [22325] glob: Memory leak in glob with GLOB_TILDE (CVE-2017-15671)
   [22332] glob: Buffer overflow in glob with GLOB_TILDE in unescaping
     (CVE-2017-15804)
   [22336] localedata: cs_CZ LC_COLLATE does not use i18n
   [22343] malloc: Integer overflow in posix_memalign
   [22347] libc: getrandom() returns the number of bytes that were copied
 to
     the buffer even though the comments say "Return 0 on success and -1 on
     failure."
   [22353] string: sysdeps/i386/i586/strcpy.S isn't maintainable
   [22362] libc: Installed crt1.o, crti,.o and crtn.o files are used with
     -m32
   [22370] dynamic-link: Incorrect note padding check
   [22375] libc: malloc returns pointer from tcache_get when should return
     NULL (CVE-2017-17426)
   [22377] math: iseqsig, float128 and C++
   [22382] localedata: Error in tpi_PG locale
   [22387] localedata: Replace unicode sequences <Uxxxx> for characters
     inside the ASCII printable range
   [22402] math: [powerpc64le] __MATH_TG does not support _Float128 for
     -mlong-double-64
   [22403] localedata: Slash needs escaping in some locales
   [22408] malloc: malloc_info access heaps without arena lock, ignores
 heaps
   [22409] network: res_hnok does not accept some host names used on the
     Internet
   [22412] network: res_dnok, res_hnok should perform syntax checks
   [22413] network: ns_name_pton ignores syntactically invalid trailing
     backslash
   [22415] stdio: setvbuf can lead to invalid free/segfault
   [22432] build: Non-deterministic build
   [22439] malloc: malloc_info should compute summary statistics for all
 sub-
     heaps in an arena
   [22442] network: if_nametoindex could report index for the wrong
     networking interface
   [22446] build: aliasing violation calling readlink in handle_request
   [22447] build: unsafe call to strlen with a non-string in getlogin_r.c
   [22457] libc: Generic preadv/pwritev incorrectly calls __posix_memalign
   [22459] libc: FAIL: elf/check-localplt with __stack_chk_fail related to
     __nscd_hash/__nss_hash
   [22463] network: p_secstodate overflow handling
   [22469] localedata: pl_PL LC_COLLATE does not use i18n
   [22478] libc: sigwait can fail with EINTR
   [22505] libc: ldconfig processes include directive in locale-specific
     order
   [22515] localedata: hsb_DE LC_COLLATE does not use copy "iso14651_t1"
   [22517] localedata: et_EE LC_COLLATE does not use copy "iso14651_t1"
   [22519] localedata: is_IS LC_COLLATE does not use copy "iso14651_t1"
   [22524] localedata: lt_LT  LC_COLLATE does not use copy "iso14651_t1"
   [22527] localedata: tr_TR  LC_COLLATE does not use copy "iso14651_t1"
   [22534] localedata: Collation rules for Serbian and Bosnian should be
 the
     same as for Croatian
   [22561] math: [DR#471] cacosh (0 + iNaN) should return NaN +/- i pi/2
   [22568] math: [DR#471] ctanh (0 + iNaN), ctanh (0 + i Inf)
   [22577] libc: missing newline after "cannot allocate TLS data structures
     for initial thread"
   [22588] manual: manual/conf.texi: missing underscore in front of
     SC_SSIZE_MAX
   [22593] math: nextafter and nexttoward are declared with const attribute
   [22596] manual: manual: finite(nan) wrongly described as returning
 nonzero
   [22603] string: ia64 memchr overflows internal pointer check
   [22605] libc: SH clone does not set the exit code correctly
   [22606] dynamic-link: Incorrect array size computation in _dl_init_paths
     (CVE-2017-1000408)
   [22607] dynamic-link: Buffer Overflow in _dl_init_paths
 (CVE-2017-1000409)
   [22611] malloc: malloc/tst-realloc wrongly assumes that errno must not
 be
     modified in case of success
   [22614] build: gcc: error: unrecognized command line option ‘-no-pie’
   [22615] manual: manual: ambiguous wording about errno value in case of
     success
   [22624] libc: MIPS setjmp() saves incorrect 'o0' register in --enable-
     stack-protector=all
   [22625] dynamic-link: RPATH $ORIGIN replaced by PWD for AT_SECURE/SUID
     binaries or if /proc is not mounted (CVE-2017-16997)
   [22627] dynamic-link: $ORIGIN in $LD_LIBRARY_PATH is substituted twice
   [22630] build: $(no-pie-ldflag) is no longer effective
   [22631] math: [m68k] Bad const attributes in bits/mathinline.h
   [22635] nptl: pthread_self returns NULL before libpthread is loaded
   [22636] nptl: PTHREAD_STACK_MIN is too small on x86-64
   [22637] nptl: guard size is subtracted from thread stack size instead of
     adding it on top
   [22648] libc: getrlimit/setrlimit with RLIM_INFINITY broken on alpha
   [22657] localedata: hu_HU: Avoid double space in date
   [22660] math: fmax, fmin sNaN handling on alpha
   [22664] libc: New warning of GCC8
   [22665] math: alpha: ceil and floor raise inexact exceptions
   [22666] math: alpha: trunc raise inexact exceptions
   [22667] libc: makecontext lacks stack alignment on i386
   [22678] libc: prlimit fails for RLIM_INFINITY values on 32-bit machines
   [22679] libc: getcwd(3) can succeed without returning an absolute path
     (CVE-2018-1000001)
   [22685] libc: PowerPC: Static AT_SECURE binaries segfault with lock-
     elision and tunables
   [22687] math: [powerpc-nofpu] complex long double functions spurious
     "invalid" exception
   [22688] math: [powerpc-nofpu] remainderl wrong sign of zero result
   [22690] math: [ldbl-128ibm] lrintl, lroundl missing "invalid" exceptions
   [22691] math: [powerpc-nofpu] fmaxmagl, fminmagl spurious "invalid"
     exception
   [22693] math: [ldbl-128ibm] log1pl (-qNaN) spurious "invalid" exception
   [22697] math: [powerpc] llround spurious "inexact" exceptions on 32-bit
     power4
   [22701] nis: Incomplete removal of libnsl
   [22702] math: [powerpc-nofpu] nearbyintl traps with trapping "inexact"
   [22707] libc: Missing defines in elf.h for DF_1_STUB and DF_1_PIE.
   [22715] dynamic-link: FAIL: elf/tst-audit10
   [22719] libc: Backtrace tests fail on hppa
   [22742] libc: [aarch64] mcontext_t __reserved field got renamed
   [22743] nptl: __pthread_register_cancel corrupts stack after f81ddabffd
   [22765] crypt: (struct crypt_data *data)->initialized is not set to zero
     before the first call to crypt_r () in crypt/badsalttest.c
 }}}

--
Ticket URL: <http://wiki.linuxfromscratch.org/lfs/ticket/4207#comment:1>
LFS Trac <http://wiki.linuxfromscratch.org/lfs/>
Linux From Scratch: Your Distro, Your Rules.
-- 
http://lists.linuxfromscratch.org/listinfo/lfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Reply via email to