ProHoster > Blog > internet nhau > Glibc 2.34 System Library Kuburitswa

Glibc 2.34 System Library Kuburitswa

Mushure memwedzi mitanhatu yekuvandudzwa, GNU C Library (glibc) 2.34 system library yakasunungurwa, iyo inonyatsoenderana nezvinodiwa zve ISO C11 uye POSIX.1-2017 mitemo. Kuburitswa kutsva kunosanganisira zvigadziriso kubva ku66 Developers.

Dzimwe dzekuvandudzwa kwakaitwa muGlibc 2.34 dzinosanganisira:

  • Iyo libpthread, libdl, libutil uye libanl libraries zvakabatanidzwa mune chikuru libc chimiro, kushandiswa kwekushanda kwavo mumashandisirwo hakuchadi kubatanidza uchishandisa -lpthread, -ldl, -lutil uye -lanl mireza. Gadziriro dzakaitwa dzekubatanidzwa kwe libresolv mu libc. Kubatanidzwa kunobvumira imwe isina musono glibc yekuvandudza maitiro uye inorerutsa nguva yekumhanya. Mataibhurari eStub anopihwa kuti aenderere kumashure nemaapplication akavakwa neshanduro dzekare dzeglibc. Nekuda kwekuwedzera kwenhamba yezvivakwa uye mabasa akapihwa mu glibc, matambudziko anogona kumuka mumaapplication umo mune mharadzano yemazita ane kare asina kushandiswa libpthread, libdl, libutil, libresolv uye libanl raibhurari.
  • Inopa kugona kushandisa mhando ye64-bit time_t mumagadzirirwo ayo aigara achishandiswa mhando ye32-bit time_t. Mumagadzirirwo akadai, semuenzaniso pa x86 masisitimu, iyo default ichiri 32-bit time_t, asi maitiro aya anogona kuchinjwa uchishandisa "_TIME_BITS" macro. Ichi chimiro chinongowanikwa pane masisitimu ane kanenge Linux kernel vhezheni 5.1.
  • Yakawedzera _Fork basa, kutsiva kweforogo basa rinosangana nezvinodiwa zve "async-signal-safe", i.e. kubvumira kufona kwakachengeteka kubva kune vanobata masaini. Panguva yekuurayiwa kwe _Fork, nharaunda shoma inogadzirwa inokwana kudaidza mabasa mumasaini mabatiro akadai sekusimudza uye kuita pasina kubatanidza maficha anogona kuchinja makiyi kana mamiriro emukati. Iyo _Fork kufona ichatsanangurwa mune ramangwana vhezheni yePOSIX standard, asi parizvino inosanganisirwa seGNU yekuwedzera.
  • Kupuratifomu yeLinux, iyo execveat basa raitwa, iro rinokutendera kuti umhanye faira rinogoneka kubva kune yakavhurika faira descriptor. Iro basa idzva rinoshandiswawo mukuitwa kweiyo fexecve kufona, iyo isingade yakakwidzwa pseudo-FS /proc pakutanga.
  • Yakawedzera iyo timespec_getres basa, inotsanangurwa mugwaro ISO C2X chiyero, iyo inowedzera iyo timespec_get basa nekugona kwakafanana nePOSIX clock_getres basa.
  • Yakawedzera close_range () basa, iro rinobvumira maitiro ekuvhara ruzhinji rweakavhurika faira descriptors kamwechete. Basa racho rinowanikwa pane masisitimu ane Linux kernel yeinenge vhezheni 5.9.
  • Akawedzera mabasa closefrom uye posix_spawn_file_actions_addclosefrom_np, zvichikutendera kuti uvhare zvese zvinotsanangurwa zvefaira kamwechete, iyo nhamba yakakura kupfuura kana yakaenzana neukoshi hwakatarwa.
  • Mu"_DYNAMIC_STACK_SIZE_SOURCE" uye "_GNU_SOURCE" modhi, PTHREAD_STACK_MIN, MINSIGSTKSZ, neSIGSTKSZ hazvisisiri zvinogara zvakadaro, zvichibvumira tsigiro yemaseti ane simba rerejista seaya anopihwa mukuwedzera kweARM SVE.
  • Iyo linker inoshandisa iyo "-list-diagnostics" sarudzo kuratidza ruzivo rwakanangana ne IFUNC (isina kunanga basa) mashandiro ekutsanangura uye glibc-hwcaps subdirectory sarudzo.
  • Iyo macro __STDC_WANT_IEC_60559_EXT__ yakaitwa, yakagadzirirwa kutarisa kuvepo kwemabasa anotsanangurwa muAnnex F ye ISO C2X yakatarwa.
  • Kune powerpc64* masisitimu, iyo "--disable-scv" sarudzo yaitwa, iyo inokutendera iwe kuvaka glibc usingatsigire mirairo yescv.
  • Chete chikamu chidiki chepakati gconv modules chasara mufaira re gconv-modules, uye mamwe ose anoendeswa kune rimwe faira gconv-modules-extra.conf, riri mu gconv-modules.d dhairekitori.
  • Kupuratifomu yeLinux, glibc.pthread.stack_cache_size parameter inoshandiswa, inogona kushandiswa kugadzirisa saizi yepthread stack cache.
  • Yakarasa basa reinet_neta kubva kufaira remusoro we, pamwe neakasiyana asingawanzo shandiswa kubva ku (dn_count_labels, fp_nquery, fp_query, fp_resstat, hostalias, loc_aton, loc_ntoa, p_cdname, p_cdname, p_cdname, p_cdname, p_fqname, p_fqnname, p_option, p_query, p_rcode, p_time, p_type, putlong, putshort, res_hostalias, res_isourserver, res_nameinquery, res_queriesmatch, res_randomid, sym_ntop, symartocs, symartocs__ ns_format_ttl, ns_makecanon, ns _parse_ttl, ns_samedomain , ns_samename, ns_sprintrr, ns_sprintrrf, ns_subdomain). Panzvimbo pemabasa aya, zvinokurudzirwa kushandisa maraibhurari akasiyana ekushanda neDNS.
  • Iwo mabasa pthread_mutex_consistent_np, thread_mutexattr_getrobust_np, pthread_mutexattr_setrobust_np uye pthread_yield akaregwa uye pthread_mutex_consistent, thread_mutexattr_getrobust, hread_schetrobutt_inofanira kushandiswa uye hread_schetrobutt_yield.
  • Yakamira kushandisa zvinongedzo zvekufananidzira kusunga zvakaiswa zvakagovaniswa zvinhu kune iyo Glibc vhezheni. Zvinhu zvakadaro zvave kuiswa sezvazviri (eg libc.so.6 yava faira kwete link kune libc-2.34.so).
  • Nekumisikidza, maitiro ekugadzirisa mu malloc akadzimwa, senge MALLOC_CHECK_ (glibc.malloc.check), mtrace() uye mcheck(), ayo anoendeswa kune imwe raibhurari yakaparadzana libc_malloc_debug.so, umo basa risingachashandi malloc_get_state uye malloc_set_state vanewo zvakare. tasuduruka.
  • PaLinux, mabasa akaita se shm_open uye sem_open zvino anoda iyo /dev/shm mudziyo kuti ushande.
  • Kusagadzikana kwakagadziriswa:
    • CVE-2021-27645: Iyo nscd (nameserver caching daemon) inopunzika nekuda kwekufona kaviri kune yemahara basa paunenge uchigadzirisa zvakagadzirirwa kugadzirwa netgroup zvikumbiro.
    • CVE-2021-33574: Kuwana kune yakatosunungurwa ndangariro nzvimbo (shandisa-mushure-yemahara) mune mq_notify basa kana uchishandisa iyo SIGEV_THREAD yekuzivisa mhando ine tambo hunhu iyo imwe CPU affinity mask inogadzikwa. Dambudziko rinogona kutungamira mukupunzika, asi dzimwe sarudzo dzekurwisa hadzigone kubviswa.
    • CVE-2021-35942: Iyo parameter saizi kufashukira muwordexp basa inogona kukonzera kuti application iparare.

Source: opennet.ru

Voeg