After six months of development, the release of the GNU C Library (glibc) 2.35 is published, which fully complies with the requirements of the ISO C11 and POSIX.1-2017 standards. The new release includes fixes from 66 developers.
Among the improvements implemented in Glibc 2.35 are:
- Added support for the "C.UTF-8" locale, which includes collation rules for all Unicode codes, but to save space is limited to the use of ASCII ranges in the fnmatch, regexec and regcomp functions. The locale is about 400 KB, of which 346 KB is LC_CTYPE data for Unicode, and requires a separate installation (not built into Glibc).
- Encoding data, character type information, and transliteration tables have been updated to support the Unicode 14.0.0 specification.
- IN And functions and macros are implemented that round the result to a narrower type: fsqrt, fsqrtl, dsqrtl, ffma, ffmal, dfmal, fMsqrtfN, fMsqrtfNx, fMxsqrtfN, fMxsqrtfNx, fMfmafN, fMfmafNx, fMxfmafN and fMxfmafNx. The functions are described in the specifications TS 18661-1:2014, TS 18661-3:2015 and added to the draft of the future ISO C2X C standard.
- IN And implemented functions and macros for finding the minimum and maximum of floating point numbers with the types float, long double, _FloatN and _FloatNx, described in the IEEE 754-2019 specification and added to the draft of the future ISO C2X C standard: fmaximum, fmaximum_num, fmaximum_mag, fmaximum_mag_num, fminimum, fminimum_num, fminimum_mag, fminimum_mag_num.
- IN added constants for single precision floating point numbers: M_Ef, M_LOG2Ef, M_LOG10Ef, M_LN2f, M_LN10f, M_PIf, M_PI_2f, M_PI_4f, M_1_PIf, M_2_PIf, M_2_SQRTPIf, M_SQRT2f and M_SQRT1_2f.
- For functions exp10 in header file Added corresponding macros that are not tied to specific types.
- IN added the _PRINTF_NAN_LEN_MAX macro proposed in the draft ISO C2X standard.
- Added "%b" and "%B" format specifiers to the printf family of functions to print integers in binary representation.
- The dynamic linking system implements a new DSO sorting algorithm that uses depth-first search (DFS) to address performance issues when handling looped dependencies. To select the DSO sorting algorithm, the glibc.rtld.dynamic_sort parameter is proposed, which can be set to β1β to roll back to the old algorithm.
- The ABI has added support for a new function '__memcmpeq', used by compilers to optimize the use of 'memcmp' if the value returned by this function is used only to check the completion status of an operation.
- Added support for automatically registering threads using the rseq (restartable sequences) system call provided since Linux kernel 4.18. The rseq system call allows you to organize the continuous execution of a group of instructions that is not interrupted and confirms the result by the last instruction in the group. Essentially, it provides a means for very fast atomic execution of operations that, if interrupted by another thread, are cleaned up and attempted again.
- Added symlink /usr/bin/ld.so.
- The default assembly of all executable files of embedded programs and the test set in PIE (position independent executable) mode is provided. To disable this behavior, the β--disable-default-pieβ option is provided.
- For Linux, a glibc.malloc.hugetlb setting has been added to allow the malloc implementation to be switched to use the madvise system call with the MADV_HUGEPAGE flag for mmap and sbrk, or to directly use large memory pages by specifying the MAP_HUGETLB flag in mmap calls. In the first case, performance gains can be achieved if Transparent Huge Pages are used in madvise mode, and in the second case, the ability to use system-reserved Huge Pages is provided.
- Added _dl_find_object function that can be used to add call stack unwind information.
- Added support for the OpenRISC architecture (or1k-linux-gnu) in soft-float mode. The port requires binutils 2.35, GCC 11, and Linux kernel 5.4.
- Added a build flag "--with-rtld-early-cflags", which can be used to specify additional compilation flags used when building the initial code for dynamic linking.
- For the Linux platform, the epoll_pwait2 function has been added, which differs from epoll_wait by specifying a timeout with nanosecond precision.
- Added posix_spawn_file_actions_addtcsetpgrp_np function to eliminate race conditions when setting a control terminal for a new process.
- For applications compiled with Glibc and GCC 12+, the β_FORTIFY_SOURCE=3β protection mode is implemented, which detects possible buffer overflows when executing string functions defined in the string.h header file. The difference from the β_FORTIFY_SOURCE=2β mode comes down to additional checks, which can potentially lead to decreased performance.
- Support for Intel MPX (Memory Protection Extensions), used to check pointers for memory bounds, has been discontinued (this technology has not become widespread and has already been removed from GCC and LLVM).
- The prelink mechanism and its associated environment variables LD_TRACE_PRELINKING and LD_USE_LOAD_BIAS have been deprecated and will be removed in a future release.
Vulnerabilities fixed:
- CVE-2022-23218, CVE-2022-23219 β Buffer overflow in the svcunix_create and clnt_create functions, caused by copying the contents of the filename parameter onto the stack without checking the size of the copied data. For applications built without stack protection and using the βunixβ protocol, the vulnerability can lead to the execution of attacker code when processing very long file names.
- CVE-2021-3998 is a vulnerability in the realpath() function due to the return, under certain conditions, of an incorrect value containing uncleaned residual data from the stack. For the SUID-root fusermount program, the vulnerability can be used to obtain sensitive information from process memory, for example, to obtain information about pointers.
- CVE-2021-3999 - Single-byte buffer overflow in the getcwd() function. The problem is caused by a bug that has been present since 1995. To cause an overflow, simply call chdir() on the "/" directory in a separate mount point namespace.
Source: opennet.ru