[glibc] Update NEWS.

[glibc] Update NEWS.

[Carlos O'Donell]

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=2e2c08aa4d1bc073511b023805592c52f556ca7b

commit 2e2c08aa4d1bc073511b023805592c52f556ca7b
Author: Carlos O'Donell <carlos@redhat.com>
Date:   Sat Jul 31 23:39:07 2021 -0400

    Update NEWS.
    
    Suggestions by Florian Weimer, Andreas Schwab, and Alexander Monakov.
    
    See:
    https://sourceware.org/pipermail/libc-alpha/2021-July/129356.html
    https://sourceware.org/pipermail/libc-alpha/2021-July/129357.html
    https://sourceware.org/pipermail/libc-alpha/2021-July/129361.html

Diff:
---
 NEWS | 176 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 172 insertions(+), 4 deletions(-)

diff --git a/NEWS b/NEWS
index ee391c9271..3c610744c9 100644
--- a/NEWS
+++ b/NEWS
@@ -9,14 +9,32 @@ Version 2.34
 
 Major new features:
 
+* In order to support smoother in-place-upgrades and to simplify
+  the implementation of the runtime all functionality formerly
+  implemented in the libraries libpthread, libdl, libutil, libanl has
+  been integrated into libc.  New applications do not need to link with
+  -lpthread, -ldl, -lutil, -lanl anymore.  For backwards compatibility,
+  empty static archives libpthread.a, libdl.a, libutil.a, libanl.a are
+  provided, so that the linker options keep working.  Applications which
+  have been linked against glibc 2.33 or earlier continue to load the
+  corresponding shared objects (which are now empty).  The integration
+  of those libraries into libc means that additional symbols become
+  available by default.  This can cause applications that contain weak
+  references to take unexpected code paths that would only have been
+  used in previous glibc versions when e.g. preloading libpthread.so.0,
+  potentially exposing application bugs.
+
 * When _DYNAMIC_STACK_SIZE_SOURCE or _GNU_SOURCE are defined,
   PTHREAD_STACK_MIN is no longer constant and is redefined to
-  sysconf(_SC_THREAD_STACK_MIN).
+  sysconf(_SC_THREAD_STACK_MIN).  This supports dynamic sized register
+  sets for modern architectural features like Arm SVE.
 
 * Add _SC_MINSIGSTKSZ and _SC_SIGSTKSZ.  When _DYNAMIC_STACK_SIZE_SOURCE
   or _GNU_SOURCE are defined, MINSIGSTKSZ and SIGSTKSZ are no longer
   constant on Linux.  MINSIGSTKSZ is redefined to sysconf(_SC_MINSIGSTKSZ)
-  and SIGSTKSZ is redefined to sysconf (_SC_SIGSTKSZ).
+  and SIGSTKSZ is redefined to sysconf (_SC_SIGSTKSZ).  This supports
+  dynamic sized register sets for modern architectural features like
+  Arm SVE.
 
 * The dynamic linker implements the --list-diagnostics option, printing
   a dump of information related to IFUNC resolver operation and
@@ -108,6 +126,15 @@ Deprecated and removed features, and other changes affecting compatibility:
   ns_format_ttl, ns_makecanon, ns_parse_ttl, ns_samedomain, ns_samename,
   ns_sprintrr, ns_sprintrrf, ns_subdomain have been deprecated.
 
+* Various symbols previously defined in libresolv have been moved to libc
+  in order to prepare for libresolv moving entirely into libc (see earlier
+  entry for merging libraries into libc).  The symbols __dn_comp,
+  __dn_expand, __dn_skipname, __res_dnok, __res_hnok, __res_mailok,
+  __res_mkquery, __res_nmkquery, __res_nquery, __res_nquerydomain,
+  __res_nsearch, __res_nsend, __res_ownok, __res_query, __res_querydomain,
+  __res_search, __res_send formerly in libresolv have been renamed and no
+  longer have a __ prefix.  They are now available in libc.
+
 * The pthread cancellation handler is now installed with SA_RESTART and
   pthread_cancel will always send the internal SIGCANCEL on a cancellation
   request.  It should not be visible to applications since the cancellation
@@ -172,10 +199,151 @@ Security related changes:
   issue when using a notification type of SIGEV_THREAD and a thread
   attribute with a non-default affinity mask.
 
+  CVE-2021-35942: The wordexp function may overflow the positional
+  parameter number when processing the expansion resulting in a crash.
+  Reported by Philippe Antoine.
+
 The following bugs are resolved with this release:
 
-  [The release manager will add the list generated by
-  scripts/list-fixed-bugs.py just before the release.]
+  [4737] libc: fork is not async-signal-safe
+  [5781] math: Slow dbl-64 sin/cos/sincos for special values
+  [10353] libc: Methods for deleting all file descriptors greater than
+    given integer (closefrom)
+  [14185] glob: fnmatch() fails when '*' wildcard is applied on the file
+    name containing multi-byte character(s)
+  [14469] math: Inaccurate j0f function
+  [14470] math: Inaccurate j1f function
+  [14471] math: Inaccurate y0f function
+  [14472] math: Inaccurate y1f function
+  [14744] nptl: kill -32 $pid or kill -33 $pid on a process cancels a
+    random thread
+  [15271] dynamic-link: dlmopen()ed shared library with LM_ID_NEWLM
+    crashes if it fails dlsym() twice
+  [15648] nptl: multiple definition of `__lll_lock_wait_private'
+  [16063] nptl: Provide a pthread_once variant in libc directly
+  [17144] libc: syslog is not thread-safe if NO_SIGPIPE is not defined
+  [17145] libc: syslog with LOG_CONS leaks console file descriptor
+  [17183] manual: description of ENTRY struct in <search.h> in glibc
+    manual is incorrect
+  [18435] nptl: pthread_once hangs when init routine throws an exception
+  [18524] nptl: Missing calloc error checking in
+    __cxa_thread_atexit_impl
+  [19329] dynamic-link: dl-tls.c assert failure at concurrent
+    pthread_create and dlopen
+  [19366] nptl: returning from a thread should disable cancellation
+  [19511] nptl: 8MB memory leak in pthread_create in case of failure
+    when non-root user changes priority
+  [20802] dynamic-link: getauxval NULL pointer dereference after static
+    dlopen
+  [20813] nptl: pthread_exit is inconsistent between libc and libpthread
+  [22057] malloc: malloc_usable_size is broken with mcheck
+  [22668] locale: LC_COLLATE: the last character of ellipsis is not
+    ordered correctly
+  [23323] libc: [RFE] CSU startup hardening.
+  [23328] malloc: Remove malloc hooks and ensure related APIs return no
+    data.
+  [23462] dynamic-link: Static binary with dynamic string tokens ($LIB,
+    $PLATFORM, $ORIGIN) crashes
+  [23489] libc: "gcc -lmcheck" aborts on free when using posix_memalign
+  [23554] nptl: pthread_getattr_np reports wrong stack size with
+    MULTI_PAGE_ALIASING
+  [24106] libc: Bash interpreter in ldd script is taken from host
+  [24773] dynamic-link: dlerror in an secondary namespace does not use
+    the right free implementation
+  [25036] localedata: Update collation order for Swedish
+  [25383] libc: where_is_shmfs/__shm_directory/SHM_GET_NAME may cause
+    shm_open to pick wrong directory
+  [25680] dynamic-link: ifuncmain9picstatic and ifuncmain9picstatic
+    crash in IFUNC resolver due to stack canary (--enable-stack-
+    protector=all)
+  [26874] build: -Warray-bounds in _IO_wdefault_doallocate
+  [26983] math: [x86_64] x86_64 tgamma has too large ULP error
+  [27111] dynamic-link: pthread_create and tls access use link_map
+    objects that may be concurrently freed by dlclose
+  [27132] malloc: memusagestat is linked to system librt, leading to
+    undefined symbols on major version upgrade
+  [27136] dynamic-link: dtv setup at thread creation may leave an entry
+    uninitialized
+  [27249] libc: libSegFault.so does not output signal number properly
+  [27304] nptl: pthread_cond_destroy does not pass private flag to futex
+    system calls
+  [27318] dynamic-link: glibc fails to load binaries when built with
+    -march=sandybridge:  CPU ISA level is lower than required
+  [27343] nss: initgroups() SIGSEGVs when called on a system without
+    nsswich.conf (in a chroot)
+  [27346] dynamic-link: x86: PTWRITE feature check is missing
+  [27389] network: NSS chroot hardening causes regressions in chroot
+    deployments
+  [27403] dynamic-link: aarch64: tlsdesc htab is not freed on dlclose
+  [27444] libc: sysconf reports unsupported option (-1) for
+    _SC_LEVEL1_ICACHE_LINESIZE on X86 since v2.33
+  [27462] nscd: double-free in nscd (CVE-2021-27645)
+  [27468] malloc: aarch64: realloc crash with heap tagging: FAIL:
+    malloc/tst-malloc-thread-fail
+  [27498] dynamic-link: __dl_iterate_phdr lacks unwinding information
+  [27511] libc: S390 memmove assumes Vector Facility when MIE Facility 3
+    is present
+  [27522] glob: glob, glob64 incorrectly marked as __THROW
+  [27555] dynamic-link: Static tests fail with --enable-stack-
+    protector=all
+  [27559] libc: fstat(AT_FDCWD) succeeds (it shouldn't) and returns
+    information for the current directory
+  [27577] dynamic-link: elf/ld.so --help doesn't work
+  [27605] libc: tunables can't control xsave/xsavec selection in
+    dl_runtime_resolve_*
+  [27623] libc: powerpc: Missing registers in sc[v] clobbers list
+  [27645] libc: [linux] sysconf(_SC_NPROCESSOR...) breaks down on
+    containers
+  [27646] dynamic-link: Linker error for non-existing NSS symbols (e.g.
+    _nss_files_getcanonname_r) from within a dlmopen namespace.
+  [27648] libc: FAIL: misc/tst-select
+  [27650] stdio: vfscanf returns too early if a match is longer than
+    INT_MAX
+  [27651] libc: Performance regression after updating to 2.33
+  [27655] string: Wrong size calculation in string/test-strnlen.c
+  [27706] libc: select fails to update timeout on error
+  [27709] libc: arm: FAIL: debug/tst-longjmp_chk2
+  [27721] dynamic-link: x86: ld_audit ignores bind now for TLSDESC and
+    tries resolving them lazily
+  [27744] nptl: Support different libpthread/ld.so load orders in
+    libthread_db
+  [27749] libc: Data race __run_exit_handlers
+  [27761] libc: getconf: Segmentation fault when passing '-vq' as
+    argument
+  [27832] nss: makedb.c:797:7: error: 'writev' specified size 4294967295
+    exceeds maximum object size 2147483647
+  [27870] malloc: MALLOC_CHECK_ causes realloc(valid_ptr, TOO_LARGE) to
+    not set ENOMEM
+  [27872] build: Obsolete configure option --enable-stackguard-
+    randomization
+  [27873] build: tst-cpu-features-cpuinfo fail when building on AMD cpu
+  [27882] localedata: Use U+00AF MACRON in more EBCDIC charsets
+  [27892] libc: powerpc: scv ABI error handling fails to check
+    IS_ERR_VALUE
+  [27896] nptl: mq_notify does not handle separately allocated thread
+    attributes (CVE-2021-33574)
+  [27901] libc: TEST_STACK_ALIGN doesn't work
+  [27902] libc: The x86-64 clone wrapper fails to align child stack
+  [27914] nptl: Install SIGSETXID handler with SA_ONSTACK
+  [27939] libc: aarch64: clone does not align the stack
+  [27968] libc: s390x: clone does not align the stack
+  [28011] libc: Wild read in wordexp (parse_param) (CVE-2021-35942)
+  [28024] string: s390(31bit): Wrong result of memchr (MEMCHR_Z900_G5)
+    with n >= 0x80000000
+  [28028] malloc: malloc: tcache shutdown sequence does not work if the
+    thread never allocated anything
+  [28033] libc: Need to check RTM_ALWAYS_ABORT for RTM
+  [28064] string: x86_64:wcslen implementation list has wcsnlen
+  [28067] libc: FAIL: posix/tst-spawn5
+  [28068] malloc: FAIL: malloc/tst-mallocalign1-mcheck
+  [28071] time: clock_gettime, gettimeofday, time lost vDSO acceleration
+    on older kernels
+  [28075] nis: Out-of-bounds static buffer read in nis_local_domain
+  [28089] build: tst-tls20 fails when linker defaults to --as-needed
+  [28090] build: elf/tst-cpu-features-cpuinfo-static fails on certain
+    AMD64 cpus
+  [28091] network: ns_name_skip may return 0 for domain names without
+    terminator
 
 \f
 Version 2.33

[glibc] Update NEWS.

[Carlos O'Donell]

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=32ffd427413ab08566bbc051441fa7cfc082309b

commit 32ffd427413ab08566bbc051441fa7cfc082309b
Author: Carlos O'Donell <carlos@redhat.com>
Date:   Wed Feb 2 23:46:19 2022 -0500

    Update NEWS.
    
    Moved LD_AUDIT notes into requirements section since the LAV_CURRENT
    bump is a requirements change that impacts loading old audit modules
    or new audit modules on older loaders.

Diff:
---
 NEWS | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/NEWS b/NEWS
index 119879e3dd..c489944c53 100644
--- a/NEWS
+++ b/NEWS
@@ -167,17 +167,18 @@ Deprecated and removed features, and other changes affecting compatibility:
   removal of the LD_TRACE_PRELINKING, and LD_USE_LOAD_BIAS, environment
   variables and their functionality in the dynamic loader.
 
+Changes to build and runtime requirements:
+
 * The audit module interface version LAV_CURRENT is increased to enable
   proper bind-now support.  The loader now advertises via the la_symbind
-  flags that PLT trace is not possible.
+  flags that PLT trace is not possible.  New audit modules require the
+  new dynamic loader supporing the latest LAV_CURRENT version. Old audit
+  modules are still loaded for all targets except aarch64.
 
 * The audit interface on aarch64 is extended to support both the indirect
   result location register (x8) and NEON Q register.  Old audit modules are
-  rejected by the loader.
-
-Changes to build and runtime requirements:
-
-  [Add changes to build and runtime requirements here]
+  rejected by the loader.  Audit modules must be rebuilt to use the newer
+  structure sizes and the latest module interface version for LAV_CURRENT.
 
 Security related changes: