ProHoster > Blog > internet news > Glibc 2.34 System Library Release

Glibc 2.34 System Library Release

After six months of development, the release of the GNU C Library (glibc) 2.34 is published, which fully complies with the requirements of the ISO C11 and POSIX.1-2017 standards. The new release includes fixes from 66 developers.

Among the improvements implemented in Glibc 2.34 are:

  • The main libc package integrates the libpthread, libdl, libutil and libanl libraries, the use of whose functionality in applications no longer requires linking using the -lpthread, -ldl, -lutil and -lanl flags. Preparations have been made to integrate libresolv into libc. The integration will allow for a more consistent glibc upgrade process and simplify the runtime implementation. Stub libraries are provided for backward compatibility with applications built against older versions of glibc. Due to the expansion of the number of structures and functions provided in glibc, it is possible that problems will arise in applications in which there is an intersection of names with previously unused libraries libpthread, libdl, libutil, libresolv and libanl.
  • Provided the ability to use the 64-bit time_t type in configurations that traditionally used the 32-bit time_t type. In such configurations, for example, on x86 systems, the default is still 32-bit time_t, but this behavior can now be changed using the "_TIME_BITS" macro. This feature is only available on systems with at least Linux kernel version 5.1.
  • Added the _Fork function, a replacement for the fork function that complies with the "async-signal-safe" requirements, i.e. allowing safe call from signal handlers. During the execution of _Fork, a minimal environment is created that is sufficient to call functions in signal handlers such as raise and execve without invoking features that might change locks or internal state. The _Fork call will be defined in a future version of the POSIX standard, but is included in the GNU extensions for now.
  • For the Linux platform, the execveat function is implemented, which allows you to run an executable file from an open file descriptor. The new function is also used in the implementation of the fexecve call, which does not require the /proc pseudo-FS to be mounted at startup.
  • Added the timespec_getres function, defined in the draft ISO C2X standard, which extends the timespec_get function with capabilities similar to the POSIX clock_getres function.
  • The close_range() function has been added to allow a process to close an entire range of open file descriptors at once. The function is available on systems with a Linux kernel, at least version 5.9.
  • The functions closefrom and posix_spawn_file_actions_addclosefrom_np have been added to close all file descriptors at once, the number of which is greater than or equal to the specified value.
  • In the "_DYNAMIC_STACK_SIZE_SOURCE" and "_GNU_SOURCE" modes, the PTHREAD_STACK_MIN, MINSIGSTKSZ, and SIGSTKSZ values ​​are now non-constant to support dynamic size register sets such as those provided in the ARM SVE extension.
  • The linker implements a "--list-diagnostics" option to display information related to IFUNC (indirect function) detection and glibc-hwcaps subdirectory selection operations.
  • The macro __STDC_WANT_IEC_60559_EXT__ has been implemented to check for the availability of functions defined in Annex F of the ISO C2X specification.
  • For powerpc64* systems, the "--disable-scv" option is implemented, allowing glibc to be built without support for the scv instruction.
  • The gconv-modules file retained only a minimal set of core gconv modules, with the rest moved to an additional gconv-modules-extra.conf file located in the gconv-modules.d directory.
  • For the Linux platform, the glibc.pthread.stack_cache_size parameter is implemented, which can be used to adjust the size of the pthread stack cache.
  • Deprecated inet_neta function from header file , as well as various rarely used functions from (dn_count_labels, fp_nquery, fp_query, fp_resstat, hostalias, loc_aton, loc_ntoa, p_cdname, p_cdnname, p_class, p_fqname, p_fqnname, p_option, p_query, p_rcode, p_time, p_type, putlong, putshort, res_hostalias, res_isourserver, re s_nameinquery, res_queriesmatch, res_randomid, sym_ntop , sym_ntos, sym_ston) and (ns_datetosecs, ns_format_ttl, ns_makecanon, ns_parse_ttl, ns_samedomain, ns_samename, ns_sprintrr, ns_sprintrrf, ns_subdomain). Instead of these functions, it is recommended to use separate libraries for working with DNS.
  • The pthread_mutex_consistent_np, thread_mutexattr_getrobust_np, pthread_mutexattr_setrobust_np, and pthread_yield functions have been deprecated and pthread_mutex_consistent, thread_mutexattr_getrobust, hread_mutexattr_setrobust, and sched_yield should be used instead.
  • Removed the use of symbolic links to link installed shared objects to the version of Glibc. Such objects are now installed as is (for example, libc.so.6 is now a file, not a link to libc-2.34.so).
  • By default, debugging features in malloc are disabled, such as MALLOC_CHECK_ (glibc.malloc.check), mtrace() and mcheck(), which are moved to a separate library libc_malloc_debug.so, which also moved the deprecated malloc_get_state and malloc_set_state functions.
  • On Linux, functions like shm_open and sem_open now require the /dev/shm device to work.
  • Vulnerabilities fixed:
    • CVE-2021-27645: Crash of nscd (nameserver caching daemon) process due to calling free twice while processing specially crafted netgroup requests.
    • CVE-2021-33574: Accessing an already freed memory area (use-after-free) in the mq_notify function when using the SIGEV_THREAD notification type with a thread attribute that has an alternative CPU affinity mask set. The problem can lead to a crash, but other attack options are not ruled out.
    • CVE-2021-35942: Parameter size overflow in wordexp function may cause application to crash.

Source: opennet.ru

Add a comment