After six months of development system library release (glibc) , which fully complies with the requirements of ISO C11 and POSIX.1-2017. The new release includes fixes from 67 developers.
Implemented in Glibc 2.32 you can note:
- Added support for Synopsys ARC HS (ARCv2 ISA) processors. The port requires at least binutils 2.32, gcc 8.3, and Linux kernel 5.1 to work. Three ABI variants arc-linux-gnu, arc-linux-gnuhf, and arceb-linux-gnu (big-endian) are supported;
- Implemented loading of audit modules specified in sections DT_AUDIT and
DT_DEPAUDIT of the executable. - For the powerpc64le architecture, support for the IEEE128 long double type is implemented, which is enabled when building with the "-mabi=ieeelongdouble" option.
- Some APIs are annotated with the 'access' GCC attribute, which allows GCC 10 compilers to generate better warnings when detecting possible buffer overflows and other out-of-bounds cases.
- For Linux systems, the functions pthread_attr_setsigmask_np and
pthread_attr_getsigmask_np to allow an application to specify a signal mask for threads created with pthread_create. - Encoding data, character type information, and transliteration tables have been updated to support the Unicode 13.0.0 specification;
- Added new header file , which defines the __libc_single_threaded variable, which can be used in applications for single-threaded optimizations.
- Added functions sigabbrev_np and sigdescr_np that return the abbreviated name and description of the signal (for example, "HUP" and Hangup" for SIGHUP).
- Added functions strerrorname_np and strerrordesc_np that return the name and description of the error (for example, "EINVAL" and "Invalid argument" for EINVAL).
- Added "--enable-standard-branch-protection" (or -mbranch-protection=standard in GCC) flag for ARM64 platform, enabling the ARMv8.5-BTI (Branch Target Indicator) mechanism to protect the execution of instruction sets that should not be executed branch transitions. Blocking transitions to arbitrary sections of code is implemented to prevent the creation of gadgets in exploits that use return-oriented programming (ROP) techniques (ROP - Return-Oriented Programming, the attacker does not try to place his code in memory, but operates on existing pieces of machine instructions, ending with a control return instruction, from which a chain of calls is built to obtain the desired functionality).
- Major cleanup of deprecated features, including removal of "--enable-obsolete-rpc" and "--enable-obsolete-nsl" options, header file . Deprecated functions sstk, siginterrupt, sigpause, sighold, sigrelse, sigignore and sigset, arrays sys_siglist, _sys_siglist and sys_sigabbrev, symbols sys_errlist, _sys_errlist, sys_nerr and _sys_nerr, NSS module hesiod.
- ldconfig has been changed by default to use the new ld.so.cache format, which has been supported by glibc for nearly 20 years.
- Vulnerabilities fixed:
- CVE-2016-10228 - Looping in the iconv utility, which manifests itself when launched with the "-c" option, in case of processing incorrect multibyte data.
- CVE-2020-10029 - Stack corruption when calling trigonometric functions with pseudo-zero argument.
- CVE-2020-1752 - Accessing a memory area after it has been freed (use-after-free) in the glob function when expanding a reference to the home directory ("~user") in paths.
- CVE-2020-6096 - Incorrect handling on the ARMv7 platform of negative values ββof the parameter in memcpy() and memmove() that determines the size of the copied area. organize code execution when processing data in a certain way in the memcpy() and memmove() functions. It is significant that the problem uncorrected almost two months from the date of public disclosure and five months from the notification of the Glibc developers.
Source: opennet.ru