The GNU C Library

=================

The GNU C Library version 2.27 is now available.

The GNU C Library is used as *the* C library in the GNU system and
in GNU/Linux systems, as well as many other systems that use Linux
as the kernel.

The GNU C Library is primarily designed to be a portable
and high performance C library.  It follows all relevant
standards including ISO C11 and POSIX.1-2008.  It is also
internationalized and has one of the most complete
internationalization interfaces known.

The GNU C Library webpage is at https://www.gnu.org/software/libc/

Packages for the 2.27 release may be downloaded from:
        https://ftpmirror.gnu.org/libc/
        https://ftp.gnu.org/gnu/libc/

The mirror list is at https://www.gnu.org/order/ftp.html

NEWS for version 2.27
=====================

Major new features:

* The GNU C Library can now be compiled with support for building static
  PIE executables (See --enable-static-pie in INSTALL).  These static PIE
  executables are like static executables but can be loaded at any address
  and provide additional security hardening benefits at the cost of some
  memory and performance.  When the library is built with --enable-static-pie
  the resulting libc.a is usable with GCC 8 and above to create static PIE
  executables using the GCC option '-static-pie'.  This feature is currently
  supported on i386, x86_64 and x32 with binutils 2.29 or later, and on
  aarch64 with binutils 2.30 or later.

* Optimized x86-64 asin, atan2, exp, expf, log, pow, atan, sin, cosf,
  sinf, sincosf and tan with FMA, contributed by Arjan van de Ven and
  H.J. Lu from Intel.

* Optimized x86-64 trunc and truncf for processors with SSE4.1.

* Optimized generic expf, exp2f, logf, log2f, powf, sinf, cosf and sincosf.

* In order to support faster and safer process termination the malloc API
  family of functions will no longer print a failure address and stack
  backtrace after detecting heap corruption.  The goal is to minimize the
  amount of work done after corruption is detected and to avoid potential
  security issues in continued process execution.  Reducing shutdown time
  leads to lower overall process restart latency, so there is benefit both
  from a security and performance perspective.

* The abort function terminates the process immediately, without flushing
  stdio streams.  Previous glibc versions used to flush streams, resulting
  in deadlocks and further data corruption.  This change also affects
  process aborts as the result of assertion failures.

* On platforms where long double has the IEEE binary128 format (aarch64,
  alpha, mips64, riscv, s390 and sparc), the math library now implements
  _Float128 interfaces for that type, as defined by ISO/IEC TS 18661-3:2015.
  These are the same interfaces added in version 2.26 for some platforms where
  this format is supported but is not the format of long double.

* On platforms with support for _Float64x (aarch64, alpha, i386, ia64,
  mips64, powerpc64le, riscv, s390, sparc and x86_64), the math library now
  implements interfaces for that type, as defined by ISO/IEC TS
  18661-3:2015.  These are corresponding interfaces to those supported for
  _Float128.

* The math library now implements interfaces for the _Float32, _Float64 and
  _Float32x types, as defined by ISO/IEC TS 18661-3:2015.  These are
  corresponding interfaces to those supported for _Float128.

* glibc now implements the memfd_create and mlock2 functions on Linux.

* Support for memory protection keys was added.  The <sys/mman.h> header now
  declares the functions pkey_alloc, pkey_free, pkey_mprotect, pkey_set,
  pkey_get.

* The copy_file_range function was added.

* Optimized memcpy, mempcpy, memmove, and memset for sparc M7.

* The ldconfig utility now processes `include' directives using the C/POSIX
  collation ordering.  Previous glibc versions used locale-specific
  ordering, the change might break systems that relied on that.

* Support for two grammatical forms of month names has been added.
  In a call to strftime, the "%B" and "%b" format specifiers will now
  produce the grammatical form required when the month is used as part
  of a complete date.  New "%OB" and "%Ob" specifiers produce the form
  required when the month is named by itself.  For instance, in Greek
  and in many Slavic and Baltic languages, "%B" will produce the month
  in genitive case, and "%OB" will produce the month in nominative case.

  In a call to strptime, "%B", "%b", "%h", "%OB", "%Ob", and "%Oh"
  are all valid and will all accept any known form of month
  name---standalone or complete, abbreviated or full.  In a call to
  nl_langinfo, the query constants MON_1..12 and ABMON_1..12 return
  the strings used by "%B" and "%b", respectively.  New query
  constants ALTMON_1..12 and _NL_ABALTMON_1..12 return the strings
  used by "%OB" and "%Ob", respectively.

  In a locale definition file, use "alt_mon" and "ab_alt_mon" to
  define the strings for %OB and %Ob, respectively; these have the
  same syntax as "mon" and "abmon".  These arrays are optional; if they
  are not provided then they have the same content as "mon" and "abmon",
  respectively.

  These features are provided for locales which define "alt_mon" and/or
  "ab_alt_mon" in their locale source data.  This release includes such
  alternative month name data for the following languages: Belarusian,
  Croatian, Greek, Lithuanian, Polish, Russian, and Ukrainian.

  This feature is currently a GNU extension, but it is expected to
  be added to the next revision of POSIX, and it is also already
  available on some BSD-derived operating systems.

  This feature will cause existing statically compiled applications
  to fail to load locales and fall back to the builtin C/POSIX locales.
  See notes below for other changes affecting compatibility.

* Support for the RISC-V ISA running on Linux has been added.  This port
  requires at least binutils-2.30, gcc-7.3.0, and linux-4.15; and is supported
  for the following ISA and ABI pairs:

    - rv64imac lp64
    - rv64imafdc lp64
    - rv64imafdc lp64d

Deprecated and removed features, and other changes affecting compatibility:

* Statically compiled applications attempting to load locales compiled for the
  GNU C Library version 2.27 will fail and fall back to the builtin C/POSIX
  locale.  The reason for this is that the addition of the new "%OB" and "%Ob",
  support for two grammatical forms of the month names, also extends the locale
  data binary format.  Static applications needing locale support must be
  recompiled to match the runtime and data they are deployed with. In some
  distributions there is an upgrade window where dynamically linked applications
  may use a new library but the old locale data and also fall back to the
  builtin C/POSIX locales; restarting the application process is sufficient to
  fix this.

* Support for statically linked applications which call dlopen is deprecated
  and will be removed in a future version of glibc.  Applications which call
  dlopen need to be linked dynamically instead.

* Support for old programs which use internal stdio data structures and
  functions is deprecated.  This includes programs which use the C++ streams
  provided by libstdc++ in GCC 2.95.  Programs which use the internal
  symbols _IO_adjust_wcolumn, _IO_default_doallocate, _IO_default_finish,
  _IO_default_pbackfail, _IO_default_uflow, _IO_default_xsgetn,
  _IO_default_xsputn, _IO_doallocbuf, _IO_do_write, _IO_file_attach,
  _IO_file_close, _IO_file_close_it, _IO_file_doallocate, _IO_file_fopen,
  _IO_file_init, _IO_file_jumps, _IO_fileno, _IO_file_open,
  _IO_file_overflow, _IO_file_read, _IO_file_seek, _IO_file_seekoff,
  _IO_file_setbuf, _IO_file_stat, _IO_file_sync, _IO_file_underflow,
  _IO_file_write, _IO_file_xsputn, _IO_flockfile, _IO_flush_all,
  _IO_flush_all_linebuffered, _IO_free_backup_area, _IO_free_wbackup_area,
  _IO_init, _IO_init_marker, _IO_init_wmarker, _IO_iter_begin, _IO_iter_end,
  _IO_iter_file, _IO_iter_next, _IO_least_wmarker, _IO_link_in,
  _IO_list_all, _IO_list_lock, _IO_list_resetlock, _IO_list_unlock,
  _IO_marker_delta, _IO_marker_difference, _IO_remove_marker, _IO_seekmark,
  _IO_seekwmark, _IO_str_init_readonly, _IO_str_init_static,
  _IO_str_overflow, _IO_str_pbackfail, _IO_str_seekoff, _IO_str_underflow,
  _IO_switch_to_main_wget_area, _IO_switch_to_wget_mode,
  _IO_unsave_wmarkers, _IO_wdefault_doallocate, _IO_wdefault_finish,
  _IO_wdefault_pbackfail, _IO_wdefault_setbuf, _IO_wdefault_uflow,
  _IO_wdefault_xsgetn, _IO_wdefault_xsputn, _IO_wdoallocbuf, _IO_wdo_write,
  _IO_wfile_jumps, _IO_wfile_overflow, _IO_wfile_sync, _IO_wfile_underflow,
  _IO_wfile_xsputn, _IO_wmarker_delta, or _IO_wsetb may stop working with a
  future version of glibc.  Unlike other symbol removals, these old
  applications will not be supported using compatibility symbols.

* On GNU/Linux, the obsolete Linux constant PTRACE_SEIZE_DEVEL is no longer
  defined by <sys/ptrace.h>.

* libm no longer supports SVID error handling (calling a user-provided
  matherr function on error) or the _LIB_VERSION variable to control error
  handling.  (SVID error handling and the _LIB_VERSION variable still work
  for binaries linked against older versions of the GNU C Library.)  The
  libieee.a library is no longer provided.  math.h no longer defines struct
  exception, or the macros X_TLOSS, DOMAIN, SING, OVERFLOW, UNDERFLOW,
  TLOSS, PLOSS and HUGE.

* The libm functions pow10, pow10f and pow10l are no longer supported for
  new programs.  Programs should use the standard names exp10, exp10f and
  exp10l for these functions instead.

* The mcontext_t type is no longer the same as struct sigcontext.  On
  platforms where it was previously the same, this changes the C++ name
  mangling for interfaces involving this type.

* The add-ons mechanism for building additional packages at the same time as
  glibc has been removed.  The --enable-add-ons configure option is now
  ignored.

* The --without-fp configure option is now ignored.  Whether hardware
  floating-point instructions are used is now configured based on whether
  the compiler used at configure time (without any options implied by a
  --with-cpu= configure option) uses such instructions.

* The res_hnok, res_dnok, res_mailok and res_ownok functions now check that
  the specified string can be parsed as a domain name.

* In the malloc_info output, the <heap> element may contain another <aspace>
  element, "subheaps", which contains the number of sub-heaps.

* The libresolv function p_secstodate is no longer supported for new
  programs.

* The tilepro-*-linux-gnu configuration is no longer supported.

* The nonstandard header files <libio.h> and <_G_config.h> are deprecated
  and will be removed in a future release.  Software that is still using
  either header should be updated to use standard <stdio.h> interfaces
  instead.

  libio.h was originally the header for a set of supported GNU extensions,
  but they have not been maintained as such in many years, they are now
  standing in the way of improvements to stdio, and we don't think there are
  any remaining external users.  _G_config.h was never intended for public
  use, but predates the bits convention.

Changes to build and runtime requirements:

* bison version 2.7 or later is required to generate code in the 'intl'
  subdirectory.

Security related changes:

  CVE-2009-5064: The ldd script would sometimes run the program under
  examination directly, without preventing code execution through the
  dynamic linker.  (The glibc project disputes that this is a security
  vulnerability; only trusted binaries must be examined using the ldd
  script.)

  CVE-2017-15670: The glob function, when invoked with GLOB_TILDE,
  suffered from a one-byte overflow during ~ operator processing (either
  on the stack or the heap, depending on the length of the user name).
  Reported by Tim Rühsen.

  CVE-2017-15671: The glob function, when invoked with GLOB_TILDE,
  would sometimes fail to free memory allocated during ~ operator
  processing, leading to a memory leak and, potentially, to a denial
  of service.

  CVE-2017-15804: The glob function, when invoked with GLOB_TILDE and
  without GLOB_NOESCAPE, could write past the end of a buffer while
  unescaping user names.  Reported by Tim Rühsen.

  CVE-2017-17426: The malloc function, when called with an object size near
  the value SIZE_MAX, would return a pointer to a buffer which is too small,
  instead of NULL.  This was a regression introduced with the new malloc
  thread cache in glibc 2.26.  Reported by Iain Buclaw.

  CVE-2017-1000408: Incorrect array size computation in _dl_init_paths leads
  to the allocation of too much memory.  (This is not a security bug per se,
  it is mentioned here only because of the CVE assignment.)  Reported by
  Qualys.

  CVE-2017-1000409: Buffer overflow in _dl_init_paths due to miscomputation
  of the number of search path components.  (This is not a security
  vulnerability per se because no trust boundary is crossed if the fix for
  CVE-2017-1000366 has been applied, but it is mentioned here only because
  of the CVE assignment.)  Reported by Qualys.

  CVE-2017-16997: Incorrect handling of RPATH or RUNPATH containing $ORIGIN
  for AT_SECURE or SUID binaries could be used to load libraries from the
  current directory.

  CVE-2018-1000001: Buffer underflow in realpath function when getcwd function
  succeeds without returning an absolute path due to unexpected behaviour
  of the Linux kernel getcwd syscall.  Reported by halfdog.

  CVE-2018-6485: The posix_memalign and memalign functions, when called with
  an object size near the value of SIZE_MAX, would return a pointer to a
  buffer which is too small, instead of NULL.  Reported by Jakub Wilk.

Release Notes
=============

https://sourceware.org/glibc/wiki/Release/2.27

Contributors
============

This release was made possible by the contributions of many people.
The maintainers are grateful to everyone who has contributed
changes or bug reports.  These include:

Adhemerval Zanella
Akhilesh Kumar
Alan Hayward
Alan Modra
Alexandre Oliva
Alexey Makhalov
Andreas Schwab
Arjun Shankar
Arnold Robbins
Aurelien Jarno
Bernd Edlinger
Carlos O'Donell
Chris Metcalf
Christian Brauner
Claude Paroz
DJ Delorie
David S. Miller
Dmitry V. Levin
Dragan Stanojević - Nevidljivi
Egmont Koblinger
Eric Blake
Florian Weimer
Gabriel F. T. Gomes
Guido Trentalancia
Gustavo Romero
H.J. Lu
Il'ya Malakhov
Istvan Kurucsai
James Clarke
John David Anglin
Jonathan Wakely
Jose E. Marchesi
Joseph Myers
Julen Ruiz Aizpuru
Juro Bystricky
Luke Shumaker
Markus Trippelsdorf
Martin Sebor
Michael Collison
Mike FABIAN
Palmer Dabbelt
Patrick McGehearty
Patsy Franklin
Paul Clarke
Paul Eggert
Paul Pluzhnikov
Peter Zelezny
Rafal Luzynski
Rajalakshmi Srinivasaraghavan
Rical Jasan
Richard Henderson
Rogerio Alves
Romain Naour
Samuel Thibault
Sergei Trofimovich
Siddhesh Poyarekar
Stanislav Brabec
Stefan Liebler
Steve Ellcey
Szabolcs Nagy
Thierry Vignaud
Thomas Schwinge
Thorsten Glaser
Tobias Klauser
Tulio Magno Quites Machado Filho
Victor Rodriguez
Wang Boshi
Wei-Lun Chao
Wilco Dijkstra
Will Hawkins
Yury Norov
Zack Weinberg
-----BEGIN PGP SIGNATURE-----

iQIcBAABCAAGBQJacz2OAAoJEKgEH6g54W42kOsP/0eYcVLM6q62kOHuF5AGbzzP
t7CB1W1hmHBHSpwxiMBPUVnTTodWCfv5BcjsQ1Favl3lkU+NW/Ge7KGLw8z4aHTI
f61u3LiPrNPpLahG2pSLA/AJaKH2aNHTXbX3OmPXhWfkmbflvpYQ8uaSN3lras2C
vaFFgMm8ZHzPkv60L+XtGTmcVQXjaDed7ATINNeg3xbfY5MyItp/aQUhkkYZZz9W
x6V4B5FsmEnnfAUdWPowiOqhNsI90Z2VSuyPcoLpeQmNZx8n/Uo4Zm9GoUvlhG1s
q9TaQyFUQXBeff9DPCt1OWv03DHR0n/S+DZAqI4paKNedi0XdiBjw5Qaiztju3aj
jUj755R6KZm0naBTj9SJaBl5zCQuVVX8MkpF9v2X80AE89SUixAb6JOtj477JwnZ
r82kjI8AaDpiWtI9keZ/iKL+lNXGre9SqgjBSr1itStN2aOE6ZuhTOmQtqlsi1QQ
SY5cRiI+HB7dmJDAAFyspVOJcXeTYZBkhz4wzR816zH8h9JgqLUOkjbe89946HAw
EnEPxZaxxVgzupumflM+T4pm46wR6Dby0g1z8Q7V3ljThPN27T4aezBlcBVW7YpI
bKReLMVpSmegn+zGOCRmSAU2iOIYEC1hRlDkVrK7HYE69abwfynxhOi2ynYyZ3+i
Y/2JRN5/DJ/nbaQwuc/3
=Q9cU
-----END PGP SIGNATURE-----