From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 32473 invoked by alias); 7 Feb 2014 22:03:35 -0000 Mailing-List: contact libc-announce-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-announce-owner@sourceware.org Received: (qmail 29485 invoked by uid 89); 7 Feb 2014 21:58:28 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=0.0 required=5.0 tests=AWL,BAYES_99,RP_MATCHES_RCVD,SPF_PASS autolearn=no version=3.3.2 X-Spam-User: qpsmtpd, 2 recipients X-HELO: gerolde.archlinux.org Message-ID: <52F556FC.3070108@archlinux.org> Date: Fri, 07 Feb 2014 22:03:00 -0000 From: Allan McRae User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: libc-alpha , libc-announce@sourceware.org, info-gnu@gnu.org Subject: The GNU C Library version 2.19 is now available Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-SW-Source: 2014/txt/msg00000.txt.bz2 The GNU C Library ================= The GNU C Library version 2.19 is now available. The GNU C Library is used as *the* C library in the GNU systems and most systems with the Linux kernel. The GNU C Library is primarily designed to be a portable and high performance C library. It follows all relevant standards including ISO C11 and POSIX.1-2008. It is also internationalized and has one of the most complete internationalization interfaces known. The GNU C Library webpage is at http://www.gnu.org/software/libc/ Packages for the 2.19 release may be downloaded from: http://ftpmirror.gnu.org/libc/ http://ftp.gnu.org/gnu/libc/ The mirror list is at http://www.gnu.org/order/ftp.html NEWS for version 2.19 ===================== * The following bugs are resolved with this release: 156, 387, 431, 762, 832, 926, 2801, 4772, 6786, 6787, 6807, 6810, 6981, 7003, 9721, 9954, 10253, 10278, 11087, 11157, 11214, 12100, 12486, 12751, 12986, 13028, 13982, 13985, 14029, 14032, 14120, 14143, 14155, 14286, 14547, 14699, 14752, 14782, 14876, 14910, 15004, 15048, 15073, 15089, 15128, 15218, 15268, 15277, 15308, 15362, 15374, 15400, 15425, 15427, 15483, 15522, 15531, 15532, 15593, 15601, 15608, 15609, 15610, 15632, 15640, 15670, 15672, 15680, 15681, 15723, 15734, 15735, 15736, 15748, 15749, 15754, 15760, 15763, 15764, 15797, 15799, 15825, 15843, 15844, 15846, 15847, 15849, 15850, 15855, 15856, 15857, 15859, 15867, 15886, 15887, 15890, 15892, 15893, 15895, 15897, 15901, 15905, 15909, 15915, 15917, 15919, 15921, 15923, 15939, 15941, 15948, 15963, 15966, 15968, 15985, 15988, 15997, 16032, 16034, 16036, 16037, 16038, 16041, 16046, 16055, 16071, 16072, 16074, 16077, 16078, 16103, 16112, 16143, 16144, 16146, 16150, 16151, 16153, 16167, 16169, 16172, 16195, 16214, 16245, 16271, 16274, 16283, 16289, 16293, 16314, 16316, 16330, 16337, 16338, 16356, 16365, 16366, 16369, 16372, 16375, 16379, 16384, 16385, 16386, 16387, 16390, 16394, 16398, 16400, 16407, 16408, 16414, 16430, 16431, 16453, 16474, 16506, 16510, 16529 * Slovenian translations for glibc messages have been contributed by the Translation Project's Slovenian team of translators. * The public headers no longer use __unused nor __block. This change is to support compiling programs that are derived from BSD sources and use __unused internally, and to support compiling with Clang's -fblock extension which uses __block. * CVE-2012-4412 The strcoll implementation caches indices and rules for large collation sequences to optimize multiple passes. This cache computation may overflow for large collation sequences and may cause a stack or buffer overflow. This is now fixed to use a slower algorithm which does not use a cache if there is an integer overflow. * CVE-2012-4424 The strcoll implementation uses malloc to cache indices and rules for large collation sequences to optimize multiple passes and falls back to alloca if malloc fails, resulting in a possible stack overflow. The implementation now falls back to an uncached collation sequence lookup if malloc fails. * CVE-2013-4788 The pointer guard used for pointer mangling was not initialized for static applications resulting in the security feature being disabled. The pointer guard is now correctly initialized to a random value for static applications. Existing static applications need to be recompiled to take advantage of the fix (bug 15754). * CVE-2013-4237 The readdir_r function could write more than NAME_MAX bytes to the d_name member of struct dirent, or omit the terminating NUL character. (Bugzilla #14699). * CVE-2013-4332 The pvalloc, valloc, memalign, posix_memalign and aligned_alloc functions could allocate too few bytes or corrupt the heap when passed very large allocation size values (Bugzilla #15855, #15856, #15857). * CVE-2013-4458 Stack overflow in getaddrinfo with large number of results for AF_INET6 has been fixed (Bugzilla #16072). * New locales: ak_GH, anp_IN, ar_SS, cmn_TW, hak_TW, lzh_TW, nan_TW, pap_AW, pap_CW, quz_PE, the_NP. * Substantially revised locales: gd_GB, ht_HT * The LC_ADDRESS field was updated to support country_car for almost all supported locales. * ISO 1427 definitions were updated. * ISO 3166 definitions were updated. * The localedef utility now supports --big-endian and --little-endian command-line options to generate locales for a different system from that for which the C library was built. * Binary locale files now only depend on the endianness of the system for which they are generated and not on other properties of that system. As a consequence, binary files generated with new localedef may be incompatible with old versions of the GNU C Library, and binary files generated with old localedef may be incompatible with this version of the GNU C Library, in the following circumstances: + Locale files may be incompatible on m68k systems. + Locale archive files (but not separate files for individual locales) may be incompatible on systems where plain "char" is signed. * The configure option --disable-versioning has been removed. Builds with --disable-versioning had not worked for several years. * ISO 639 definitions were updated for Chiga (cgg) and Chinese (gan, hak, czh, cjy, lzh, cmn, mnp, cdo, czo, cpx, wuu, hsn, yue). * SystemTap probes for malloc have been introduced. * SystemTap probes for slow multiple precision fallback paths of transcendental functions have been introduced. * Support for powerpc64le has been added. * The soft-float powerpc port now supports e500 processors. * Support for STT_GNU_IFUNC symbols added for ppc32/power4+ and ppc64. * A new feature test macro _DEFAULT_SOURCE is available to enable the same set of header declarations that are enabled by default, even when other feature test macros or compiler options such as -std=c99 would otherwise disable some of those declarations. * The _BSD_SOURCE feature test macro no longer enables BSD interfaces that conflict with POSIX. The libbsd-compat library (which was a dummy library that did nothing) has also been removed. * Preliminary documentation about Multi-Thread, Async-Signal and Async-Cancel Safety has been added. Contributors ============ This release was made possible by the contributions of many people. The maintainers are grateful to everyone who has contributed changes or bug reports. These include: Adam Buchbinder Adam Conrad Adhemerval Zanella Alan Modra Alexandre Oliva Allan McRae Andreas Arnez Andreas Jaeger Andreas Krebbel Andreas Schwab Andrew Hunter Andrew Pinski Anton Blanchard Arun Kumar Pyasi Aurelien Jarno Brooks Moses Bruno Haible Carlos O'Donell Chris Leonard Chris Metcalf Chung-Lin Tang David Holsgrove David S. Miller Eric Biggers Eric Blake Eric Wong Fabrice Bauzac Fernando J. V. da Silva Florian Weimer Guy Martin H.J. Lu Jan Kratochvil Jia Liu Joseph Myers Kaz Kojima Liubov Dmitrieva Maciej W. Rozycki Marc-Antoine Perennou Marcus Shawcroft Marko Myllynen Markus Trippelsdorf Maxim Kuvyrkov Meador Inge Michael Bauer Michael Stahl Mike Frysinger Olivier Langlois Ondřej Bílka Patrick 'P. J.' McDermott Paul Eggert Paul Pluzhnikov Pavel Simerda Petr Machata Rajalakshmi Srinivasaraghavan Reuben Thomas Richard Henderson Richard Sandiford Roland McGrath Ryan S. Arnold Sami Kerola Samuel Thibault Siddhesh Poyarekar Stefan Liebler Steve Ellcey Thomas Schwinge Toke Høiland-Jørgensen Tom Tromey Torvald Riegel Ulrich Weigand Uros Bizjak Venkataramanan Kumar Ville Skytta Vinitha Vijayan Wei-Lun Chao Will Newton Yogesh Chaudhari Yuri Chornoivan Yuriy Kaminskiy