Glibc 2.30 System Library Release

After six months of development published system library release GNU C Library (glibc) 2.30, which fully complies with the requirements of ISO C11 and POSIX.1-2008. The new release includes fixes from 48 developers.

Implemented in Glibc 2.30 improvements you can note:

• The dynamic linker supports the "--preload" option for preloading shared objects (similar to the LD_PRELOAD environment variable);
• Added twalk_r function, similar to the already existing twalk function, but allowing you to pass an additional argument to the given callback function;
• For Linux, new getdents64, gettid and tgkill functions have been added;
• The memory management functions malloc, calloc, realloc, reallocarray, valloc, pvalloc, memalign, and posix_memalign terminate with an error code when the total object size exceeds the PTRDIFF_MAX value. This change avoids undefined behavior when the result of a pointer manipulation results in an overflow of the ptrdiff_t type;
• Added POSIX proposed functions pthread_cond_clockwait, pthread_mutex_clocklock,
  pthread_rwlock_clockrdlock, pthread_rwlock_clockwrlock, and sem_clockwait, similar to the "timed" equivalents, but additionally taking a clockid_t parameter to select a timer;

• Encoding data, character type information, and transliteration tables have been updated to support the Unicode 12.1.0 specification;
• The clock_gettime, clock_getres, clock_settime, clock_getcpuclockid, and clock_nanosleep functions are no longer provided in the librt library for new applications, and the libc definitions are automatically used instead;
• /etc/resolv.conf has deprecated the "inet6" option. Removed obsolete RES_USE_INET6, RES_INSECURE1 and RES_INSECURE2 flags from resolv.h;
• When specifying the "--enable-bind-now" option, installed programs are now bound using the BIND_NOW flag;
• The Linux-specific sys/sysctl.h header file and sysctl function have been deprecated, and applications should use the /proc pseudo-FS instead;
• Glibc now requires GCC 6.2 or newer to build (any compiler can be used to build applications);
• Vulnerability fixed CVE-2019-7309 in the implementation of the memcmp function for obsolete x32 subarchitecture (not to be confused with x86 IA-32), as a result of which the function could incorrectly return the value 0 for non-matching strings;
• Vulnerability fixed CVE-2019-9169, which can cause data to be read from an out-of-bounds buffer when processing certain regular expressions.

Source: opennet.ru