ProHoster > Π‘Π»ΠΎΠ³ > wararka internetka > Siidaynta Maktabada Nidaamka Glibc 2.34

Siidaynta Maktabada Nidaamka Glibc 2.34

Ka dib lix bilood oo horumarin ah, GNU C Library (glibc) 2.34 nidaamka maktabadda ayaa la sii daayay, taas oo si buuxda u waafaqsan shuruudaha ISO C11 iyo POSIX.1-2017 heerarka. Siideynta cusub waxaa ku jira hagaajinta 66 horumariye.

Qaar ka mid ah hagaajinta lagu hirgeliyay Glibc 2.34 waxaa ka mid ah:

  • Maktabadaha libpthread-ka, libdl, libutil iyo libanl waxa lagu dhex daray qaab dhismeedka libdhka, isticmaalka hawlahooda arjiyada uma baahna isku xidhka iyada oo la isticmaalayo calannada -lpthread, -ldl, -lutil iyo -lanl. Waxaa la diyaariyay isku dhafka libresolv ee libyada. Isdhexgalka ayaa u ogolaan doona habsocod cusub oo glibc ah oo aan kala go 'lahayn waxayna fududayn doontaa hirgelinta runtime. Maktabadaha stub ayaa la bixiyaa si ay u bixiyaan ku habboonaanta gadaal ee codsiyada lagu dhisay noocyadii hore ee glibc. Sababo la xiriira ballaarinta tirada qaabdhismeedka iyo shaqooyinka lagu bixiyo glibc, dhibaatooyin ayaa laga yaabaa inay ka soo baxaan codsiyada kaas oo ay jiraan isgoysyada magacyada oo leh maktabado aan horay loo isticmaalin libpthread, libdl, libutil, libresolv iyo libanl.
  • Waxay ku siisaa awoodda lagu isticmaalo 64-bit time_t nooca qaabaynta kuwaas oo dhaqan ahaan loo isticmaali jiray nooca 32-bit time_t. Qaabaynta noocaan ah, tusaale ahaan nidaamyada x86, sida caadiga ah wali waa 32-bit time_t, laakiin habdhaqankan hadda waa la bedeli karaa iyada oo la adeegsanayo makro "_TIME_BITS". Tilmaamahan waxa kaliya oo laga heli karaa nidaamyada leh ugu yaraan nooca kernel Linux 5.1.
  • Lagu daray shaqada _Fork, beddelka shaqada fargeetada oo buuxisa shuruudaha "async-signal-safe", i.e. Oggolaanshaha wicitaanka badbaadada leh ee ka imanaya ishaarada. Inta lagu jiro fulinta _Fork, jawiga ugu yar ayaa la abuuraa kaas oo ku filan in loogu yeero hawlwadeenada calaamadaha sida kor u qaadista iyo fulinta iyada oo aan ku lug lahayn sifooyin bedeli kara qufulka ama xaaladda gudaha. Wicista _Fork waxaa lagu qeexi doonaa nooca mustaqbalka ee heerka POSIX, laakiin hadda waxa lagu daraa kordhinta GNU.
  • Qalabka Linux, shaqada execveat waa la fuliyay, kaas oo kuu ogolaanaya inaad ku socodsiiso faylka la fulin karo ee sharraxa faylka furan. Shaqada cusub ayaa sidoo kale loo adeegsadaa hirgelinta wicitaanka fexecve, kaas oo aan u baahnayn FS/proc ku rakiban bilowga.
  • Lagu daray shaqada timespec_getres, ee lagu qeexay qabyo qoraalka ISO C2X standard, kaas oo kordhiya shaqada timespec_get oo leh awood la mid ah shaqada POSIX clock_getres.
  • Waxaa lagu daray close_range() function, kaas oo u ogolaanaya habsocodka in la xiro dhammaan noocyada kala duwan ee sharraxayaasha faylka furan hal mar. Shaqada waxaa laga heli karaa nidaamyada leh kernel Linux ugu yaraan nooca 5.9.
  • Hawlaha lagu daray ee ka agdhow iyo posix_spawn_file_actions_addclosefrom_np, taasoo kuu oggolaanaysa inaad xidhid dhammaan sharraxayaasha faylka hal mar, tiradaas oo ka badan ama la mid ah qiimaha la cayimay.
  • Qaababka "_DYNAMIC_STACK_SIZE_SOURCE" iyo "_GNU_SOURCE", PHREAD_STACK_MIN, MINSIGSTKSZ, iyo SIGSTKSZ ma ahan kuwa joogto ah, taas oo u ogolaanaysa taageerada jaangooyooyinka diiwaanka ee firfircoonida leh sida kuwa lagu bixiyo ARM SVE kordhinta.
  • Xidhiidhiyuhu waxa uu hirgeliyaa ikhtiyaarka "-list-diagnostics" si uu u muujiyo macluumaadka la xidhiidha IFUNC (shaqo aan toos ahayn) qeexidda hawlgallada iyo xulashada hage-hoosaadyada glibc-hwcaps.
  • Macro __STDC_WANT_IEC_60559_EXT__ waa la hirgaliyay, looguna talagalay in lagu hubiyo joogitaanka shaqooyinka lagu qeexay lifaaqa F ee qeexida ISO C2X.
  • Nidaamyada powerpc64*, ikhtiyaarka "--disable-scv" ayaa la hirgeliyay, kaas oo kuu ogolaanaya inaad dhisto glibc adoon taageerin tilmaamaha scv.
  • Kaliya qaybta ugu yar ee cutubyada gconv-ga xudunta u ah ayaa ku hadhay faylka gconv-modules, inta soo hadhayna waxa loo raray gal dheeraad ah gconv-modules-extra.conf, oo ku yaal tusaha gconv-modules.d.
  • Meesha Linux, glibc.pthread.stack_cache_size parameter waa la hirgeliyay, kaas oo loo isticmaali karo in lagu habeeyo cabbirka kaydinta kaydka ptread-ka.
  • Shaqada inet_neta ee faylka madaxa waa la joojiyay , iyo sidoo kale noocyo kala duwan oo dhif ah loo isticmaalo hawlaha ka (dn_count_labels, fp_nquery, fp_query, fp_resstat, hostalias, loc_aton, loc_ntoa, p_cdname, p_cdnname, p_class, p_fqname, p_fqnname, p_option, p_query, p_rcode, p_time, reservalis, dib u adeegayaasha _magaca weydiinta, iswaydiinta_match, res_randomid, sym_ntop , sym_ntos, sym_ston) iyo (ns_datetosecs, ns_format_ttl, ns_makecanon, ns_parse_ttl, ns_samedomain, ns_samename, ns_sprintrr, ns_sprintrrf, ns_subdomain). Halkii laga heli lahaa hawlahan, waxaa lagu talinayaa in la isticmaalo maktabado gaar ah si aad ula shaqeyso DNS.
  • Hawlaha pthread_mutex_consistent_np, thread_mutexattr_getrobust_np, pthread_mutexattr_setrobust_np iyo pthread_yield waa la dhimay iyo pthread_mutex_consistent, thread_mutexattr_getrobust, hread_mutexattr_getrobust, hread_mutexattr_setrobust.
  • La joojiyay adeegsiga isku-xireyaasha astaanta ah si loogu xidho walxaha la wadaago ee la rakibay nooca Glibc. Walxaha noocaan ah ayaa hadda loo rakibay sidii hore (tusaale libc.so.6 hadda waa fayl halkii ay ka ahaan lahaayeen isku xirka libc-2.34.so).
  • Sida caadiga ah, astaamaha cilladaha malloc waa naafo, sida MALLOC_CHECK_ (glibc.malloc.check), mtrace() iyo mcheck(), kuwaas oo loo raray maktabad gaar ah libc_malloc_debug.so, oo ay ku jiraan shaqooyinka duugoobay ee malloc_get_state iyo malloc_set_state sidoo kale la raray.
  • Linux, hawlaha sida shm_open iyo sem_open hadda waxay u baahan yihiin qalabka / dev/shm si uu u shaqeeyo.
  • Nuglaanta ayaa go'an:
    • CVE-2021-27645: Nidaamka nscd (nameserver caching daemon) waa burburay sababtoo ah laba jeer wacitaanka shaqada bilaashka ah marka la farsameynayo codsiyada shabakadaha gaarka ah.
    • CVE-2021-33574: Gelitaanka aagga xusuusta ee hore loo xoreeyay (isticmaalka-kadib-free) ee mq_notify function marka la isticmaalayo SIGEV_THREAD nooca wargelinta leh sifo dun ah kaas oo beddelka maaskaro xidhiidhka CPU loo dejiyay. Dhibaatadu waxay keeni kartaa shil, laakiin fursadaha kale ee weerarka lama saari karo.
    • CVE-2021-35942: Cabbirka cabbirka xad dhaafka ah ee shaqada wordexp wuxuu sababi karaa arjiga inuu burburo.

Source: opennet.ru

Add a comment