Monday, July 22, 2024
The GNU C Library version 2.40 is now available
=================
The GNU C Library version 2.40 is now available.
The GNU C Library is used as *the* C library in the GNU system and
in GNU/Linux systems, as well as many other systems that use Linux
as the kernel.
The GNU C Library is primarily designed to be a portable
and high performance C library. It follows all relevant
standards including ISO C11 and POSIX.1-2017. It is also
internationalized and has one of the most complete
internationalization interfaces known.
The GNU C Library webpage is at http://www.gnu.org/software/libc/
Packages for the 2.40 release may be downloaded from:
http://ftpmirror.gnu.org/libc/
http://ftp.gnu.org/gnu/libc/
The mirror list is at http://www.gnu.org/order/ftp.html
Distributions are encouraged to track the release/* branches
corresponding to the releases they are using. The release
branches will be updated with conservative bug fixes and new
features while retaining backwards compatibility.
NEWS for version 2.40
=====================
Major new features:
* The <stdbit.h> header type-generic macros have been changed when using
GCC 14.1 or later to use __builtin_stdc_bit_ceil etc. built-in functions
in order to support unsigned __int128 and/or unsigned _BitInt(N) operands
with arbitrary precisions when supported by the target.
* The GNU C Library now supports a feature test macro _ISOC23_SOURCE to
enable features from the ISO C23 standard. Only some features from
this standard are supported by the GNU C Library. The older name
_ISOC2X_SOURCE is still supported. Features from C23 are also enabled
by _GNU_SOURCE, or by compiling with the GCC options -std=c23,
-std=gnu23, -std=c2x or -std=gnu2x.
* The following ISO C23 function families (introduced in TS
18661-4:2015) are now supported in <math.h>. Each family includes
functions for float, double, long double, _FloatN and _FloatNx, and a
type-generic macro in <tgmath.h>.
- Exponential functions: exp2m1, exp10m1.
- Logarithmic functions: log2p1, log10p1, logp1.
* A new tunable, glibc.rtld.enable_secure, can be used to run a program
as if it were a setuid process. This is currently a testing tool to allow
more extensive verification tests for AT_SECURE programs and not meant to
be a security feature.
* On Linux, the epoll header was updated to include epoll ioctl definitions
and the related structure added in Linux kernel 6.9.
* The fortify functionality has been significantly enhanced for building
programs with clang against the GNU C Library.
* Many functions have been added to the vector library for aarch64:
acosh, asinh, atanh, cbrt, cosh, erf, erfc, hypot, pow, sinh, tanh
* On x86, memset can now use non-temporal stores to improve the performance
of large writes. This behaviour is controlled by a new tunable
x86_memset_non_temporal_threshold.
Deprecated and removed features, and other changes affecting compatibility:
* Architectures which use a 32-bit seconds-since-epoch field in struct
lastlog, struct utmp, struct utmpx (such as i386, powerpc64le, rv32,
rv64, x86-64) switched from a signed to an unsigned type for that
field. This allows these fields to store timestamps beyond the year
2038, until the year 2106. Please note that applications are still
expected to migrate off the interfaces declared in <utmp.h> and
<utmpx.h> (except for login_tty) due to locking and session management
problems.
* __rseq_size now denotes the size of the active rseq area (20 bytes
initially), not the size of struct rseq (32 bytes initially).
Security related changes:
The following CVEs were fixed in this release, details of which can be
found in the advisories directory of the release tarball:
GLIBC-SA-2024-0004:
ISO-2022-CN-EXT: fix out-of-bound writes when writing escape
sequence (CVE-2024-2961)
GLIBC-SA-2024-0005:
nscd: Stack-based buffer overflow in netgroup cache (CVE-2024-33599)
GLIBC-SA-2024-0006:
nscd: Null pointer crash after notfound response (CVE-2024-33600)
GLIBC-SA-2024-0007:
nscd: netgroup cache may terminate daemon on memory allocation
failure (CVE-2024-33601)
GLIBC-SA-2024-0008:
nscd: netgroup cache assumes NSS callback uses in-buffer strings
(CVE-2024-33602)
The following bugs were resolved with this release:
[19622] network: Support aliasing with struct sockaddr
[21271] localedata: cv_RU: update translations
[23774] localedata: lv_LV collates Y/y incorrectly
[23865] string: wcsstr is quadratic-time
[25119] localedata: Change Czech weekday names to lowercase
[27777] stdio: fclose does a linear search, takes ages when many FILE*
are opened
[29770] libc: prctl does not match manual page ABI on powerpc64le-
linux-gnu
[29845] localedata: Update hr_HR locale currency to €
[30701] time: getutxent misbehaves on 32-bit x86 when _TIME_BITS=64
[31316] build: Fails test misc/tst-dirname "Didn't expect signal from
child: got `Illegal instruction'" on non SSE CPUs
[31317] dynamic-link: [RISCV] static PIE crashes during self
relocation
[31325] libc: mips: clone3 is wrong for o32
[31335] math: Compile glibc with -march=x86-64-v3 should disable FMA4
multi-arch version
[31339] libc: arm32 loader crash after cleanup in 2.36
[31340] manual: A bad sentence in section 22.3.5 (resource.texi)
[31357] dynamic-link: $(objpfx)tst-rtld-list-diagnostics.out rule
doesn't work with test wrapper
[31370] localedata: wcwidth() does not treat
DEFAULT_IGNORABLE_CODE_POINTs as zero-width
[31371] dynamic-link: x86-64: APX and Tile registers aren't preserved
in ld.so trampoline
[31372] dynamic-link: _dl_tlsdesc_dynamic doesn't preserve all caller-
saved registers
[31383] libc: _FORTIFY_SOURCE=3 and __fortified_attr_access vs size of
0 and zero size types
[31385] build: sort-makefile-lines.py doesn't check variable with _
nor with "^# variable"
[31402] libc: clone (NULL, NULL, ...) clobbers %r7 register on
s390{,x}
[31405] libc: Improve dl_iterate_phdr using _dl_find_object
[31411] localedata: Add Latgalian locale
[31412] build: GCC 6 failed to build i386 glibc on Fedora 39
[31429] build: Glibc failed to build with -march=x86-64-v3
[31468] libc: sigisemptyset returns true when the set contains signals
larger than 34
[31476] network: Automatic activation of single-request options break
resolv.conf reloading
[31479] libc: Missing #include <sys/rseq.h> in sched_getcpu.c may
result in a loss of rseq acceleration
[31501] dynamic-link: _dl_tlsdesc_dynamic_xsavec may clobber %rbx
[31518] manual: documentation: FLT_MAX_10_EXP questionable text, evtl.
wrong,
[31530] localedata: Locale file for Moksha - mdf_RU
[31553] malloc: elf/tst-decorate-maps fails on ppc64el
[31596] libc: On the llvm-arm32 platform, dlopen("not_exist.so", -1)
triggers segmentation fault
[31600] math: math: x86 ceill traps when FE_INEXACT is enabled
[31601] math: math: x86 floor traps when FE_INEXACT is enabled
[31603] math: math: x86 trunc traps when FE_INEXACT is enabled
[31612] libc: arc4random fails to fallback to /dev/urandom if
getrandom is not present
[31629] build: powerpc64: Configuring with "--with-cpu=power10" and
'CFLAGS=-O2 -mcpu=power9' fails to build glibc
[31640] dynamic-link: POWER10 ld.so crashes in
elf_machine_load_address with GCC 14
[31661] libc: NPROCESSORS_CONF and NPROCESSORS_ONLN not available in
getconf
[31676] dynamic-link: Configuring with CC="gcc -march=x86-64-v3"
--with-rtld-early-cflags=-march=x86-64 results in linker failure
[31677] nscd: nscd: netgroup cache: invalid memcpy under low
memory/storage conditions
[31678] nscd: nscd: Null pointer dereferences after failed netgroup
cache insertion
[31679] nscd: nscd: netgroup cache may terminate daemon on memory
allocation failure
[31680] nscd: nscd: netgroup cache assumes NSS callback uses in-buffer
strings
[31682] math: [PowerPC] Floating point exception error for math test
test-ceil-except-2 test-floor-except-2 test-trunc-except-2
[31686] dynamic-link: Stack-based buffer overflow in
parse_tunables_string
[31695] libc: pidfd_spawn/pidfd_spawnp leak an fd if clone3 succeeds
but execve fails
[31719] dynamic-link: --enable-hardcoded-path-in-tests doesn't work
with -Wl,--enable-new-dtags
[31730] libc: backtrace_symbols_fd prints different strings than
backtrace_symbols returns
[31753] build: FAIL: link-static-libc with GCC 6/7/8
[31755] libc: procutils_read_file doesn't start with a leading
underscore
[31756] libc: write_profiling is only in libc.a
[31757] build: Should XXXf128_do_not_use functions be excluded?
[31759] math: Extra nearbyint symbols in libm.a
[31760] math: Missing math functions
[31764] build: _res_opcodes should be a compat symbol only
[31765] dynamic-link: _dl_mcount_wrapper is exported without prototype
[31766] stdio: _IO_stderr_ _IO_stdin_ _IO_stdout should be compat
symbols
[31768] string: Extra stpncpy symbol in libc.a
[31770] libc: clone3 is in libc.a
[31774] libc: Missing __isnanf128 in libc.a
[31775] math: Missing exp10 exp10f32x exp10f64 fmod fmodf fmodf32
fmodf32x fmodf64 in libm.a
[31777] string: Extra memchr strlen symbols in libc.a
[31781] math: Missing math functions in libm.a
[31782] build: Test build failure with recent GCC trunk (x86/tst-cpu-
features-supports.c:69:3: error: parameter to builtin not valid:
avx5124fmaps)
[31785] string: loongarch: Extra strnlen symbols in libc.a
[31786] string: powerpc: Extra strchrnul and strncasecmp_l symbols in
libc.a
[31787] math: powerpc: Extra llrintf, llrintf, llrintf32, and
llrintf32 symbols in libc.a
[31788] libc: microblaze: Extra cacheflush symbol in libc.a
[31789] libc: powerpc: Extra versionsort symbol in libc.a
[31790] libc: s390: Extra getutent32, getutent32_r, getutid32,
getutid32_r, getutline32, getutline32_r, getutmp32, getutmpx32,
getutxent32, getutxid32, getutxline32, pututline32, pututxline32,
updwtmp32, updwtmpx32 in libc.a
[31797] build: g++ -static requirement should be able to opt-out
[31798] libc: pidfd_getpid.c is miscompiled by GCC 6.4
[31802] time: difftime is pure not const
[31808] time: The supported time_t range is not documented.
[31840] stdio: Memory leak in _IO_new_fdopen (fdopen) on seek failure
[31867] build: "CPU ISA level is lower than required" on SSE2-free
CPUs
[31876] time: "Date and time" documentation fixes for POSIX.1-2024 etc
[31883] build: ISA level support configure check relies on bashism /
is otherwise broken for arithmetic
[31892] build: Always install mtrace.
[31917] libc: clang mq_open fortify wrapper does not handle 4 argument
correctly
[31927] libc: clang open fortify wrapper does not handle argument
correctly
[31931] time: tzset may fault on very short TZ string
[31934] string: wcsncmp crash on s390x on vlbb instruction
[31963] stdio: Crash in _IO_link_in within __gcov_exit
[31965] dynamic-link: rseq extension mechanism does not work as
intended
[31980] build: elf/tst-tunables-enable_secure-env fails on ppc
Release Notes
=============
https://sourceware.org/glibc/wiki/Release/2.40
Contributors
============
This release was made possible by the contributions of many people.
The maintainers are grateful to everyone who has contributed
changes or bug reports. These include:
Adam Sampson
Adhemerval Zanella
Alejandro Colomar
Alexandre Ferrieux
Amrita H S
Andreas K. Hüttel
Andreas Schwab
Andrew Pinski
Askar Safin
Aurelien Jarno
Avinal Kumar
Carlos Llamas
Carlos O'Donell
Charles Fol
Christoph Müllner
DJ Delorie
Daniel Cederman
Darius Rad
David Paleino
Dragan Stanojević (Nevidljivi)
Evan Green
Fangrui Song
Flavio Cruz
Florian Weimer
Gabi Falk
H.J. Lu
Jakub Jelinek
Jan Kurik
Joe Damato
Joe Ramsay
Joe Simmons-Talbott
Joe Talbott
John David Anglin
Joseph Myers
Jules Bertholet
Julian Zhu
Junxian Zhu
Konstantin Kharlamov
Luca Boccassi
Maciej W. Rozycki
Manjunath Matti
Mark Wielaard
MayShao-oc
Meng Qinggang
Michael Jeanson
Michel Lind
Mike FABIAN
Mohamed Akram
Noah Goldstein
Palmer Dabbelt
Paul Eggert
Philip Kaludercic
Samuel Dobron
Samuel Thibault
Sayan Paul
Sergey Bugaev
Sergey Kolosov
Siddhesh Poyarekar
Simon Chopin
Stafford Horne
Stefan Liebler
Sunil K Pandey
Szabolcs Nagy
Wilco Dijkstra
Xi Ruoyao
Xin Wang
Yinyu Cai
YunQiang Su
We would like to call out the following and thank them for their
tireless patch review:
Adhemerval Zanella
Alejandro Colomar
Andreas K. Hüttel
Arjun Shankar
Aurelien Jarno
Bruno Haible
Carlos O'Donell
DJ Delorie
Dmitry V. Levin
Evan Green
Fangrui Song
Florian Weimer
H.J. Lu
Jonathan Wakely
Joseph Myers
Mathieu Desnoyers
Maxim Kuvyrkov
Michael Jeanson
Noah Goldstein
Palmer Dabbelt
Paul Eggert
Paul E. Murphy
Peter Bergner
Philippe Mathieu-Daudé
Sam James
Siddhesh Poyarekar
Simon Chopin
Stefan Liebler
Sunil K Pandey
Szabolcs Nagy
Xi Ruoyao
Zack Weinberg
--
Andreas K. Hüttel
dilfridge@gentoo.org
Gentoo Linux developer
(council, toolchain, base-system, perl, releng)
https://wiki.gentoo.org/wiki/User:Dilfridge
https://www.akhuettel.de/
Tuesday, July 2, 2024
Update on German bureaucracy, or Mitteilungsverordnung hooray!
I've recently posted about the requirement of a German tax id for all reimbursements even of foreign seminar guests, or more precisely, about my frustration thereof. In the meantime I've been talking to colleagues, our faculty administration, read up some legalese texts, and last but not least contacted friends induced in the relevant higher Bavarian mysteries for their opinion and knowledge. The result is interesting, and here's a summary of it.
First of all, while the federal Mitteilungsverordnung ("notification regulation") has not changed recently, it will change as of 1 January 2025 (most relevant, its §8). And indeed it then requires electronic transmission of the notifications and that every payment notification is accompanied by the German tax id of the recipient. Since payments during 2024 are reported beginning of 2025, that change affects us already now. What has not changed is the "Bagatellgrenze", i.e., the fact that payments below 1500,- € per person and year do not require any payment notification and thus also no tax id.
Second, as proposed by the State of Bavaria, the Bundesrat (our second chamber of parliament that represents the states) has requested to raise the "Bagatellgrenze" to 3000,- € per person and year, since even the higher mysteries are of the opinion that the current situation is not really productive (the number was initially fixed as 3000,- DM in 1993 and then converted to 1500,- € ... now how much inflation did we have in the meantime?). The federal government is assessing the situation.
Third, I got the comment that University of Regensburg seems to hand in quite some unnecessary (because of the "Bagatellgrenze") payment notifications. Which is somewhat unsurprising since our central administration (not the Physics department) insists on sending a record of every payment, not just the ones above 1500,- € per person and year. Lovely. #Provinzuniversität #UniversitätRegensburg
At the moment our foreign guests get the application form for the German tax id during their visit together with the remaining reimbursement forms, and need to hand in a passport copy with it. The generated tax id is directly sent to us; once it has arrived the normal reimbursement process is started. Things could be worse. Still, first, the process delays the reimbursement (potentially by weeks, depending on the load of our local tax office), second, requiring all international guests to leave a passport copy and file for a German tax id just to get their plane tickets paid is borderline...