The GNU C Library

=================

The GNU C Library version 2.33 is now available.

The GNU C Library is used as *the* C library in the GNU system and
in GNU/Linux systems, as well as many other systems that use Linux
as the kernel.

The GNU C Library is primarily designed to be a portable
and high performance C library.  It follows all relevant
standards including ISO C11 and POSIX.1-2017.  It is also
internationalized and has one of the most complete
internationalization interfaces known.

The GNU C Library webpage is at http://www.gnu.org/software/libc/

Packages for the 2.32 release may be downloaded from:
        http://ftpmirror.gnu.org/libc/
        http://ftp.gnu.org/gnu/libc/

The mirror list is at http://www.gnu.org/order/ftp.html

NEWS for version 2.33
=====================

Major new features:

* The dynamic linker accepts the --list-tunables argument which prints
  all the supported tunables.  This option is disable if glibc is
  configured with tunables disabled (--enable-tunables=no).

* The dynamic linker accepts the --argv0 argument and provides opportunity
  to change argv[0] string.

* The dynamic linker loads optimized implementations of shared objects
  from subdirectories under the glibc-hwcaps directory on the library
  search path if the system's capabilities meet the requirements for
  that subdirectory.  Initially supported subdirectories include
  "power9" and "power10" for the powerpc64le-linux-gnu architecture,
  "z13", "z14", "z15" for s390x-linux-gnu, and "x86-64-v2", "x86-64-v3",
  "x86-64-v4" for x86_64-linux-gnu.  In the x86_64-linux-gnu case, the
  subdirectory names correspond to the vendor-independent x86-64
  microarchitecture levels defined in the x86-64 psABI supplement.

* The new --help option of the dynamic linker provides usage and
  information and library search path diagnostics.

* The mallinfo2 function is added to report statistics as per mallinfo,
  but with larger field widths to accurately report values that are
  larger than fit in an integer.

* Add <sys/platform/x86.h> to provide query macros for x86 CPU features.

* Support for the RISC-V ISA running on Linux has been expanded to run on
  32-bit hardware.  This is supported for the following ISA and ABI pairs:

    - rv32imac ilp32
    - rv32imafdc ilp32
    - rv32imafdc ilp32d

  The 32-bit RISC-V port requires at least Linux 5.4, GCC 7.1 and binutils
  2.28.

* A new fortification level _FORTIFY_SOURCE=3 is available.  At this level,
  glibc may use additional checks that may have an additional performance
  overhead.  At present these checks are available only on LLVM 9 and later.
  The latest GCC available at this time (10.2) does not support this level of
  fortification.

Deprecated and removed features, and other changes affecting compatibility:

* The mallinfo function is marked deprecated.  Callers should call
  mallinfo2 instead.

* When dlopen is used in statically linked programs, alternative library
  implementations from HWCAP subdirectories are no longer loaded.
  Instead, the default implementation is used.

* The deprecated <sys/vtimes.h> header and the function vtimes have been
  removed.  To support old binaries, the vtimes function continues to exist
  as a compatibility symbol.  Applications should use the getrlimit or
  prlimit.

* Following a change in the tzdata 2018a release upstream, the zdump
  program is now installed in the /usr/bin subdirectory.  Previously,
  the /usr/sbin subdirectory was used.

* On s390(x), the type float_t is now derived from the macro
  __FLT_EVAL_METHOD__ that is defined by the compiler, instead of being
  hardcoded to double.  This does not affect the ABI of any libraries
  that are part of the GNU C Library, but may affect the ABI of other
  libraries that use this type in their interfaces.  The new definition
  improves consistency with compiler behavior in many scenarios.

* A future version of glibc will stop loading shared objects from the
  "tls" subdirectories on the library search path, the subdirectory that
  corresponds to the AT_PLATFORM system name, and also stop employing
  the legacy AT_HWCAP search mechanism.  Applications should switch to
  the new glibc-hwcaps mechanism instead; if they do not do that, only
  the baseline version (directly from the search path directory) will be
  loaded.

Changes to build and runtime requirements:

* On Linux, the system administrator needs to configure /dev/pts with
  the intended access modes for pseudo-terminals.  glibc no longer
  attemps to adjust permissions of terminal devices.  The previous glibc
  defaults ("tty" group, user read/write and group write) already
  corresponded to what most systems used, so that grantpt did not
  perform any adjustments.

* On Linux, the posix_openpt and getpt functions no longer attempt to
  use legacy (BSD) pseudo-terminals and assume that if /dev/ptmx exists
  (and pseudo-terminals are supported), a devpts file system is mounted
  on /dev/pts.  Current systems already meet these requirements.

* s390x requires GCC 7.1 or newer.  See gcc Bug 98269.

Security related changes:

  CVE-2021-3326: An assertion failure during conversion from the
  ISO-20220-JP-3 character set using the iconv function has been fixed.
  This assertion was triggered by certain valid inputs in which the
  converted output contains a combined sequence of two wide characters
  crossing a buffer boundary.  Reported by Tavis Ormandy.

  CVE-2020-27618: An infinite loop has been fixed in the iconv program when
  invoked with input containing redundant shift sequences in the IBM1364,
  IBM1371, IBM1388, IBM1390, or IBM1399 character sets.

  CVE-2020-29562: An assertion failure has been fixed in the iconv function
  when invoked with UCS4 input containing an invalid character.

  CVE-2019-25013: A buffer overflow has been fixed in the iconv function when
  invoked with EUC-KR input containing invalid multibyte input sequences.

The following bugs are resolved with this release:

  [10635] libc: realpath portability patches
  [16124] dynamic-link: ld.so should allow to change argv[0]
  [17924] malloc: 'free' should not set errno
  [18683] libc: Linux faccessat implementation can incorrectly ignore
    AT_EACCESS
  [22899] libc: Use 64-bit readdir() in generic POSIX getcwd()
  [23249] libc: Epyc and other current AMD CPUs do not select the
    "haswell" platform subdirectory
  [24080] dynamic-link: Definition of "haswell" platform is inconsistent
    with GCC
  [24202] libc: m68k setjmp() saves incorrect 'a5' register in --enable-
    stack-protector=all
  [24941] libc: Make grantpt usable after multi-threaded fork in more
    cases
  [24970] libc: realpath mishandles EOVERFLOW; stat not needed anyway
  [24973] locale: iconv encounters segmentation fault when converting
    0x00 0xfe in EUC-KR to UTF-8 (CVE-2019-25013)
  [25399] string: undefined reference to `__warn_memset_zero_len' when
    changing gnuc version
  [25859] libc: glibc parser for /sys/devices/system/cpu/online is
    incorrect
  [25938] dynamic-link: ld.so.cache should store meaning of hwcap mask
    bits
  [25971] libc: s390 bits/hwcap.h out of sync with kernel
  [26053] libc: unlockpt fails with ENOTTY for non-ptmx descriptors
  [26100] libc: Race in syslog(3) with regards to tag printing.
  [26124] libc: Export <cpu-features.h>
  [26130] nscd: Inconsistent nscd cache during pruning
  [26203] libc: GLRO(dl_x86_cpu_features) may not be intialized
  [26224] locale: iconv hangs when converting some invalid inputs from
    several IBM character sets (CVE-2020-27618)
  [26341] libc: realpath cyclically call __alloca(path_max) to consume
    too much stack space
  [26343] manual: invalid documented return type for strerrorname_np(),
    strerrordesc_np(), sigdescr_np(), sigabbrev_np()
  [26376] libc: Namespace violation in stdio.h and sys/stat.h if build
    with optimization.
  [26383] locale: bind_textdomain_codeset doesn't accept //TRANSLIT
    anymore
  [26394] time: [2.33 Regression] FAIL: nptl/tst-join14
  [26534] math: libm.so 2.32 SIGILL in pow() due to FMA4 instruction on
    non-FMA4 system
  [26552] dynamic-link: CPU_FEATURE_USABLE_P should be more conservative
  [26553] libc: mtx_init allows type set to "mtx_recursive" only
  [26555] string: strerrorname_np does not return the documented value
  [26592] libc: pointer arithmetic overflows in realpath
  [26600] network: Transaction ID collisions cause slow DNS lookups in
    getaddrinfo
  [26606] libc: [2.33 Regression] pselect is broken on x32
  [26615] libc: powerpc: libc segfaults when LD_PRELOADed with libgcc
  [26620] glob: fnmatch with collating symbols results in segmentation
    fault
  [26625] libc: [2.33 Regression] CET is disabled
  [26636] libc: 32-bit shmctl(IPC_INFO) crashes when shminfo struct is
    at the end of a memory mapping
  [26637] libc: semctl SEM_STAT_ANY fails to pass the buffer specified
    by the caller to the kernel
  [26639] libc: msgctl IPC_INFO and MSG_INFO return garbage
  [26647] build: [-Werror=array-parameter=] due to different
    declarations for __sigsetjmp
  [26648] libc: mkstemp is likely to fail on systems with non-stricly-
    monotonic clocks
  [26649] stdio: printf should handle non-normal x86 long double numbers
    gracefully (CVE-2020-29573)
  [26686] build: -Warray-parameter instances building with GCC 11
  [26687] build: -Warray-bounds instances building with GCC 11
  [26690] stdio: Aliasing violation in __vfscanf_internal
  [26691] nptl: Use a minimum guard size of 64 KiB on aarch64
  [26726] build: GCC warning calling new_composite_name with an array of
    one element
  [26736] libc: FAIL: misc/tst-sysvshm-linux
  [26737] libc: Random FAIL: rt/tst-shm
  [26791] libc: Missing O_CLOEXEC in sysconf.c
  [26798] dynamic-link: aarch64: variant PCS symbols may be incorrectly
    lazy bound
  [26801] nptl: pthread_mutex_clocklock with CLOCK_MONOTONIC can fail on
    PI mutexes
  [26818] string: aarch64: string tests may run ifunc variants that are
    not safe
  [26821] libc: Memory leak test failures on Fedora 33
  [26824] libc: FAIL: elf/tst-cpu-features-supports with recent trunk:
    FSGSBASE/LM/RDRAND check failure
  [26833] time: adjtime() with delta == NULL segfaults on armv7 32bit
    platform
  [26853] libc: aarch64: Missing unwind information in statically linked
    startup code
  [26923] locale: Assertion failure in iconv when converting invalid
    UCS4 (CVE-2020-29562)
  [26926] dynamic-link: aarch64: library dependencies are not bti
    protected
  [26932] libc: sh: Multiple floating point functions defined as stubs
    only since 2.31
  [26964] nptl: pthread_mutex_timedlock returning EAGAIN after futex is
    locked
  [26988] dynamic-link: aarch64: BTI mprotect address is not page
    aligned
  [27002] build: libc_freeres_fn build failure with GCC 11
  [27004] dynamic-link: ld.so is miscompiled by GCC 11
  [27008] dynamic-link: ld.so.cache should have endianness markup
  [27042] libc: [alpha] anonymous union in struct stat confuses
    detection logic
  [27053] libc: Conformance regression in system(3) (and probably also
    pclose(3))
  [27072] dynamic-link: static pie ifunc resolvers run before hwcap is
    setup
  [27077] network: Do not reload /etc/nsswitch.conf from chroot
  [27083] libc: Unsafe unbounded alloca in addmntent
  [27104] dynamic-link: The COMMON_CPUID_INDEX_MAX handshake does not
    work
  [27130] string: "rep movsb" performance issue
  [27150] libc: alpha: wait4() is unavailable in static linking
  [27177] dynamic-link:
    GLIBC_TUNABLES=glibc.cpu.x86_ibt=on:glibc.cpu.x86_shstk=on doesn't
    work
  [27222] dynamic-link: Incorrect sysdeps/x86/tst-cpu-features-cpuinfo.c
  [27237] malloc: deadlock in malloc/tst-malloc-stats-cancellation
  [27256] locale: Assertion failure in ISO-2022-JP-3 gconv module
    related to combining characters (CVE-2021-3326)

Release Notes
=============

https://sourceware.org/glibc/wiki/Release/2.33

Contributors
============

This release was made possible by the contributions of many people.
The maintainers are grateful to everyone who has contributed
changes or bug reports.  These include:

Adhemerval Zanella
Alexandra Hájková
Alistair Francis
Andreas Schwab
Anssi Hannula
Arjun Shankar
Benno Schulenberg
Carlos O'Donell
Chen Li
Cooper Qu
Corinna Vinschen
DJ Delorie
Dmitry V. Levin
Fangrui Song
Florian Weimer
Guillaume Gardet
H.J. Lu
Jakub Jelinek
Jangwoong Kim
Jeremie Koenig
Jim Wilson
John David Anglin
John McCabe
Jonathan Wakely
Jonny Grant
Joseph Myers
Lode Willems
Lucas A. M. Magalhaes
Lukasz Majewski
Maciej W. Rozycki
Mao Han
Marc Aurèle La France
Marius Hillenbrand
Mark Wielaard
Martin Liska
Martin Sebor
Matheus Castanho
Matt Turner
Maximilian Krüger
Michael Colavita
Ondřej Hošek
Patrick McGehearty
Patsy Griffin
Paul E. Murphy
Paul Eggert
Paul Zimmermann
Prasanth R
Raoni Fassina Firmino
Raphael M Zinsly
Raphael Moreira Zinsly
Richard Braun
Richard Earnshaw
Rolf Eike Beer
Sajan Karumanchi
Samuel Thibault
Sergei Trofimovich
Shuo Wang
Siddhesh Poyarekar
Stafford Horne
Stefan Liebler
Szabolcs Nagy
Thorsten Kukuk
Tulio Magno Quites Machado Filho
Vincent Chen
Vincent Mihalkovic
Vineet Gupta
W. Hashimoto
Wilco Dijkstra
Xiaoming Ni
Zong Li
liqingqing
Érico Rolim
-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEUMEGt8/rO2QSpplaqrHsFKeUiO8FAmAYN2YACgkQqrHsFKeU
iO9M2w//XRWm7PkWQa5kbcx11cNxjRbQU7fhSkpA67Vjfsr83Tzh2v8J/deITNtL
IaL73ApWr5xenpgCru79CbQmuJTrDgi/zs6PX1xdM5VHKzg4rp4JB8iJ8mJn+cmY
TBl7FPmfcmXnUkxSVO+N3MjnebqDiVFKHBhMEv2BA0orPCBTJG5nbLLxb2YRBtpb
b+45JRBdqw+XZfphN8hemBMwzgqEgkvEij82Dp/lm8H6ZnG7q9zEFn7ev+IhdKi4
d5w8rSVQpX3ddzLwgWY+cYEGa0N93F38njLh64nEfELiySzc0O5ssjzmvKJj8rx1
F2nPED6u4bLW7sLKT0HEwFN7ZODBKkO4QEoOwfBurb26m2/5tKKO4Mjhyd5iqZQb
hGrTAE2yl6nhcmjP8d+oyuk9Nf8IicX2ttSgHF1eTksV6zb2kQMFxux0VVfcpkNB
Y9Kg97ssPqFhiE/Qms/eNFQy3BPAE8b1E/4Wj6iW0/7CjLBehlhBM8HvY4wbJIjr
uFHEqOOBOIs19mc/q/uFqi4xqI77fsccpZMYlrKsJ4gAqhJSrINV6A/hQLjaDmph
oS/I6ZKvQ4IF2tQki/VOtKni7XsWhpJeIWvnDpeB8T3PfTwDqCwhu92SyBantx2P
MugwXGODvPL0AWcKU+obgZYdX0sSsqpzx5cv2eflFzjs6G//Ek4=
=B2XP
-----END PGP SIGNATURE-----