Bayan watanni shida na ci gaba saki tsarin ɗakin karatu (glibc) , wanda ya cika cika ka'idodin ISO C11 da POSIX.1-2017. Sabuwar sakin ya haɗa da gyarawa daga masu haɓakawa 67.
Daga waɗanda aka aiwatar a cikin Glibc 2.32 zaku iya lura:
- Ƙara goyon baya ga Synopsys ARC HS (ARCv2 ISA). Tashar jiragen ruwa na buƙatar aƙalla binutils 2.32, gcc 8.3 da Linux kernel 5.1 don aiki. Ana tallafawa bambance-bambancen ABI guda uku: arc-linux-gnu, arc-linux-gnuhf da arceb-linux-gnu (babban-endian);
- Load ɗin na'urorin tantancewa da aka ƙayyade a cikin sassan DT_AUDIT da
DT_DEPAUDIT na fayil ɗin da za a iya aiwatarwa. - Don tsarin gine-gine na powerpc64le, ana aiwatar da tallafi ga nau'in nau'in nau'in nau'in nau'in nau'in IEEE128 mai tsayi, wanda aka kunna lokacin ginawa tare da zaɓin "-mabi=ieeelongdouble".
- Wasu APIs an bayyana su tare da sifa ta GCC 'shigarwa', wanda ke ba da damar samar da mafi kyawun gargaɗi lokacin da aka haɗa su a cikin GCC 10 don gano yuwuwar ambaliya da sauran yanayin waje.
- Don tsarin Linux, ayyukan pthread_attr_setsigmask_np da
pthread_attr_getsigmask_np, wanda ke ba aikace-aikacen ikon tantance abin rufe fuska don zaren da aka ƙirƙira ta amfani da pthread_create. - An sabunta bayanan ɓoye, bayanin nau'in hali, da teburan tarjama don tallafawa ƙayyadaddun Unicode 13.0.0;
- An ƙara sabon fayil ɗin taken , wanda ke bayyana ma'anar __libc_single_threaded m, wanda za'a iya amfani dashi a aikace-aikace don ingantawa mai zaren guda ɗaya.
- Ƙara ayyuka sigabbrev_np da sigdescr_np waɗanda ke mayar da gajeriyar suna da bayanin siginar (misali, "HUP" da "Hangup" na SIGHUP).
- Ƙara ayyuka strerrorname_np da strerrordesc_np waɗanda ke mayar da suna da bayanin kuskuren (misali, "EINVAL" da "Gida mara inganci" na EINVAL).
- Don dandalin ARM64, an ƙara tuta "--enable-misali-reshe-kariya" (ko -mbranch-protection=misali a cikin GCC), wanda ke ba da damar tsarin ARMv8.5-BTI (Mai nuna Target na Branch) don kare aiwatar da tsarin umarni waɗanda bai kamata a aiwatar da su ba. Ana aiwatar da toshe sauye-sauye zuwa sassan code na sabani don hana ƙirƙirar na'urori a cikin fa'idodin da ke amfani da dabarun shirye-shiryen dawowa (ROP - Shirye-shiryen Komawa; maharin baya ƙoƙarin sanya lambarsa a ƙwaƙwalwar ajiya, amma yana aiki akan ɓangarorin da suka riga sun kasance. na umarnin inji wanda ya ƙare tare da umarnin sarrafawa na dawowa, wanda aka gina sarkar kira don samun aikin da ake so).
- An gudanar da babban tsaftace abubuwan da suka gabata, gami da cire zaɓuɓɓukan "--enable-obsolete-rpc" da "--enable-obsolete-nsl", fayil na kai. . Ayyukan sstk, siginterrupt, sigpause, sighold, sigrelse, sigignore da sigset, da arrays sys_siglist, _sys_siglist da sys_sigabbrev, alamomin sys_errlist, _sys_errlist, sys_nerr da sys_nerr ss, da sys.
- ldconfig an motsa shi ta hanyar tsohuwa don amfani da sabon tsarin ld.so.cache, wanda aka tallafawa a cikin glibc kusan shekaru 20.
- An gyara lahani:
- CVE-2016-10228 - Madauki a cikin ikonv mai amfani yana faruwa lokacin da aka gudanar tare da zaɓin "-c" lokacin sarrafa bayanan multi-byte mara daidai.
- CVE-2020-10029 Tari cin hanci da rashawa lokacin kiran ayyukan trigonometric tare da hujja mara tushe.
- CVE-2020-1752 - Samun damar ƙwaƙwalwar ajiya mara amfani bayan kyauta a cikin aikin glob lokacin faɗaɗa tunani zuwa littafin gida ("~ mai amfani") a cikin hanyoyi.
- CVE-2020-6096 - Gudanar da kuskure akan dandamalin ARMv7 na ƙimar madaidaicin ma'auni a cikin memcpy () da memmove (), wanda ke ƙayyade girman yankin da aka kwafi. tsara aiwatar da code lokacin sarrafa bayanan da aka tsara ta wata hanya a cikin ayyukan memcpy() da memmove(). Yana da mahimmanci cewa matsalar ita ce kusan watanni biyu ba a gyara ba tun lokacin da aka bayyana bayanin a bainar jama'a da watanni biyar tun lokacin da aka sanar da masu haɓaka Glibc.
source: budenet.ru