Monday, July 22, 2024

The GNU C Library version 2.40 is now available

The GNU C Library
=================

The GNU C Library version 2.40 is now available.

The GNU C Library is used as *the* C library in the GNU system and
in GNU/Linux systems, as well as many other systems that use Linux
as the kernel.

The GNU C Library is primarily designed to be a portable
and high performance C library.  It follows all relevant
standards including ISO C11 and POSIX.1-2017.  It is also
internationalized and has one of the most complete
internationalization interfaces known.

The GNU C Library webpage is at http://www.gnu.org/software/libc/

Packages for the 2.40 release may be downloaded from:
        http://ftpmirror.gnu.org/libc/
        http://ftp.gnu.org/gnu/libc/

The mirror list is at http://www.gnu.org/order/ftp.html

Distributions are encouraged to track the release/* branches
corresponding to the releases they are using.  The release
branches will be updated with conservative bug fixes and new
features while retaining backwards compatibility.

NEWS for version 2.40
=====================

Major new features:

* The <stdbit.h> header type-generic macros have been changed when using
  GCC 14.1 or later to use __builtin_stdc_bit_ceil etc. built-in functions
  in order to support unsigned __int128 and/or unsigned _BitInt(N) operands
  with arbitrary precisions when supported by the target.

* The GNU C Library now supports a feature test macro _ISOC23_SOURCE to
  enable features from the ISO C23 standard.  Only some features from
  this standard are supported by the GNU C Library.  The older name
  _ISOC2X_SOURCE is still supported.  Features from C23 are also enabled
  by _GNU_SOURCE, or by compiling with the GCC options -std=c23,
  -std=gnu23, -std=c2x or -std=gnu2x.

* The following ISO C23 function families (introduced in TS
  18661-4:2015) are now supported in <math.h>.  Each family includes
  functions for float, double, long double, _FloatN and _FloatNx, and a
  type-generic macro in <tgmath.h>.

  - Exponential functions: exp2m1, exp10m1.

  - Logarithmic functions: log2p1, log10p1, logp1.

* A new tunable, glibc.rtld.enable_secure, can be used to run a program
  as if it were a setuid process. This is currently a testing tool to allow
  more extensive verification tests for AT_SECURE programs and not meant to
  be a security feature.

* On Linux, the epoll header was updated to include epoll ioctl definitions
  and the related structure added in Linux kernel 6.9.

* The fortify functionality has been significantly enhanced for building
  programs with clang against the GNU C Library.

* Many functions have been added to the vector library for aarch64:
    acosh, asinh, atanh, cbrt, cosh, erf, erfc, hypot, pow, sinh, tanh

* On x86, memset can now use non-temporal stores to improve the performance
  of large writes. This behaviour is controlled by a new tunable
  x86_memset_non_temporal_threshold.

Deprecated and removed features, and other changes affecting compatibility:

* Architectures which use a 32-bit seconds-since-epoch field in struct
  lastlog, struct utmp, struct utmpx (such as i386, powerpc64le, rv32,
  rv64, x86-64) switched from a signed to an unsigned type for that
  field.  This allows these fields to store timestamps beyond the year
  2038, until the year 2106.  Please note that applications are still
  expected to migrate off the interfaces declared in <utmp.h> and
  <utmpx.h> (except for login_tty) due to locking and session management
  problems.

* __rseq_size now denotes the size of the active rseq area (20 bytes
  initially), not the size of struct rseq (32 bytes initially).

Security related changes:

The following CVEs were fixed in this release, details of which can be
found in the advisories directory of the release tarball:

  GLIBC-SA-2024-0004:
    ISO-2022-CN-EXT: fix out-of-bound writes when writing escape
    sequence (CVE-2024-2961)

  GLIBC-SA-2024-0005:
    nscd: Stack-based buffer overflow in netgroup cache (CVE-2024-33599)

  GLIBC-SA-2024-0006:
    nscd: Null pointer crash after notfound response (CVE-2024-33600)

  GLIBC-SA-2024-0007:
    nscd: netgroup cache may terminate daemon on memory allocation
    failure (CVE-2024-33601)

  GLIBC-SA-2024-0008:
    nscd: netgroup cache assumes NSS callback uses in-buffer strings
    (CVE-2024-33602)

The following bugs were resolved with this release:

  [19622] network: Support aliasing with struct sockaddr
  [21271] localedata: cv_RU: update translations
  [23774] localedata: lv_LV collates Y/y incorrectly
  [23865] string: wcsstr is quadratic-time
  [25119] localedata: Change Czech weekday names to lowercase
  [27777] stdio: fclose does a linear search, takes ages when many FILE*
    are opened
  [29770] libc: prctl does not match manual page ABI on powerpc64le-
    linux-gnu
  [29845] localedata: Update hr_HR locale currency to €
  [30701] time: getutxent misbehaves on 32-bit x86 when _TIME_BITS=64
  [31316] build: Fails test misc/tst-dirname "Didn't expect signal from
    child: got `Illegal instruction'" on non SSE CPUs
  [31317] dynamic-link: [RISCV] static PIE crashes during self
    relocation
  [31325] libc: mips: clone3 is wrong for o32
  [31335] math: Compile glibc with -march=x86-64-v3 should disable FMA4
    multi-arch version
  [31339] libc: arm32 loader crash after cleanup in 2.36
  [31340] manual: A bad sentence in section 22.3.5 (resource.texi)
  [31357] dynamic-link: $(objpfx)tst-rtld-list-diagnostics.out rule
    doesn't work with test wrapper
  [31370] localedata: wcwidth() does not treat
    DEFAULT_IGNORABLE_CODE_POINTs as zero-width
  [31371] dynamic-link: x86-64: APX and Tile registers aren't preserved
    in ld.so trampoline
  [31372] dynamic-link: _dl_tlsdesc_dynamic doesn't preserve all caller-
    saved registers
  [31383] libc: _FORTIFY_SOURCE=3 and __fortified_attr_access vs size of
    0 and zero size types
  [31385] build: sort-makefile-lines.py doesn't check variable with _
    nor with "^# variable"
  [31402] libc: clone (NULL, NULL, ...) clobbers %r7 register on
    s390{,x}
  [31405] libc: Improve dl_iterate_phdr using _dl_find_object
  [31411] localedata: Add Latgalian locale
  [31412] build: GCC 6 failed to build i386 glibc on Fedora 39
  [31429] build: Glibc failed to build with -march=x86-64-v3
  [31468] libc: sigisemptyset returns true when the set contains signals
    larger than 34
  [31476] network: Automatic activation of single-request options break
    resolv.conf reloading
  [31479] libc: Missing #include <sys/rseq.h> in sched_getcpu.c may
    result in a loss of rseq acceleration
  [31501] dynamic-link: _dl_tlsdesc_dynamic_xsavec may clobber %rbx
  [31518] manual: documentation: FLT_MAX_10_EXP questionable text, evtl.
    wrong,
  [31530] localedata: Locale file for Moksha - mdf_RU
  [31553] malloc: elf/tst-decorate-maps fails on ppc64el
  [31596] libc: On the llvm-arm32 platform, dlopen("not_exist.so", -1)
    triggers segmentation fault
  [31600] math: math: x86 ceill traps when FE_INEXACT is enabled
  [31601] math: math: x86 floor traps when FE_INEXACT is enabled
  [31603] math: math: x86 trunc traps when FE_INEXACT is enabled
  [31612] libc: arc4random fails to fallback to /dev/urandom if
    getrandom is not present
  [31629] build: powerpc64: Configuring with "--with-cpu=power10" and
    'CFLAGS=-O2 -mcpu=power9' fails to build glibc
  [31640] dynamic-link: POWER10 ld.so crashes in
    elf_machine_load_address with GCC 14
  [31661] libc: NPROCESSORS_CONF and NPROCESSORS_ONLN not available in
    getconf
  [31676] dynamic-link: Configuring with CC="gcc -march=x86-64-v3"
    --with-rtld-early-cflags=-march=x86-64 results in linker failure
  [31677] nscd: nscd: netgroup cache: invalid memcpy under low
    memory/storage conditions
  [31678] nscd: nscd: Null pointer dereferences after failed netgroup
    cache insertion
  [31679] nscd: nscd: netgroup cache may terminate daemon on memory
    allocation failure
  [31680] nscd: nscd: netgroup cache assumes NSS callback uses in-buffer
    strings
  [31682] math: [PowerPC] Floating point exception error for math test
    test-ceil-except-2 test-floor-except-2 test-trunc-except-2
  [31686] dynamic-link: Stack-based buffer overflow in
    parse_tunables_string
  [31695] libc: pidfd_spawn/pidfd_spawnp leak an fd if clone3 succeeds
    but execve fails
  [31719] dynamic-link: --enable-hardcoded-path-in-tests doesn't work
    with -Wl,--enable-new-dtags
  [31730] libc: backtrace_symbols_fd prints different strings than
    backtrace_symbols returns
  [31753] build: FAIL: link-static-libc with GCC 6/7/8
  [31755] libc: procutils_read_file doesn't start with a leading
    underscore
  [31756] libc: write_profiling is only in libc.a
  [31757] build: Should XXXf128_do_not_use functions be excluded?
  [31759] math: Extra nearbyint symbols in libm.a
  [31760] math: Missing math functions
  [31764] build: _res_opcodes should be a compat symbol only
  [31765] dynamic-link: _dl_mcount_wrapper is exported without prototype
  [31766] stdio: _IO_stderr_ _IO_stdin_ _IO_stdout should be compat
    symbols
  [31768] string: Extra stpncpy symbol in libc.a
  [31770] libc: clone3 is in libc.a
  [31774] libc: Missing __isnanf128 in libc.a
  [31775] math: Missing exp10 exp10f32x exp10f64 fmod fmodf fmodf32
    fmodf32x fmodf64 in libm.a
  [31777] string: Extra memchr strlen symbols in libc.a
  [31781] math: Missing math functions in libm.a
  [31782] build: Test build failure with recent GCC trunk (x86/tst-cpu-
    features-supports.c:69:3: error: parameter to builtin not valid:
    avx5124fmaps)
  [31785] string: loongarch: Extra strnlen symbols in libc.a
  [31786] string: powerpc: Extra strchrnul and strncasecmp_l symbols in
    libc.a
  [31787] math: powerpc: Extra llrintf, llrintf, llrintf32, and
    llrintf32 symbols in libc.a
  [31788] libc: microblaze: Extra cacheflush symbol in libc.a
  [31789] libc: powerpc: Extra versionsort symbol in libc.a
  [31790] libc: s390: Extra getutent32, getutent32_r, getutid32,
    getutid32_r, getutline32, getutline32_r, getutmp32, getutmpx32,
    getutxent32, getutxid32, getutxline32, pututline32, pututxline32,
    updwtmp32, updwtmpx32 in libc.a
  [31797] build: g++ -static requirement should be able to opt-out
  [31798] libc: pidfd_getpid.c is miscompiled by GCC 6.4
  [31802] time: difftime is pure not const
  [31808] time: The supported time_t range is not documented.
  [31840] stdio: Memory leak in _IO_new_fdopen (fdopen) on seek failure
  [31867] build: "CPU ISA level is lower than required" on SSE2-free
    CPUs
  [31876] time: "Date and time" documentation fixes for POSIX.1-2024 etc
  [31883] build: ISA level support configure check relies on bashism /
    is otherwise broken for arithmetic
  [31892] build: Always install mtrace.
  [31917] libc: clang mq_open fortify wrapper does not handle 4 argument
    correctly
  [31927] libc: clang open fortify wrapper does not handle argument
    correctly
  [31931] time: tzset may fault on very short TZ string
  [31934] string: wcsncmp crash on s390x on vlbb instruction
  [31963] stdio: Crash in _IO_link_in within __gcov_exit
  [31965] dynamic-link: rseq extension mechanism does not work as
    intended
  [31980] build: elf/tst-tunables-enable_secure-env fails on ppc

Release Notes
=============

https://sourceware.org/glibc/wiki/Release/2.40

Contributors
============

This release was made possible by the contributions of many people.
The maintainers are grateful to everyone who has contributed
changes or bug reports.  These include:

Adam Sampson
Adhemerval Zanella
Alejandro Colomar
Alexandre Ferrieux
Amrita H S
Andreas K. Hüttel
Andreas Schwab
Andrew Pinski
Askar Safin
Aurelien Jarno
Avinal Kumar
Carlos Llamas
Carlos O'Donell
Charles Fol
Christoph Müllner
DJ Delorie
Daniel Cederman
Darius Rad
David Paleino
Dragan Stanojević (Nevidljivi)
Evan Green
Fangrui Song
Flavio Cruz
Florian Weimer
Gabi Falk
H.J. Lu
Jakub Jelinek
Jan Kurik
Joe Damato
Joe Ramsay
Joe Simmons-Talbott
Joe Talbott
John David Anglin
Joseph Myers
Jules Bertholet
Julian Zhu
Junxian Zhu
Konstantin Kharlamov
Luca Boccassi
Maciej W. Rozycki
Manjunath Matti
Mark Wielaard
MayShao-oc
Meng Qinggang
Michael Jeanson
Michel Lind
Mike FABIAN
Mohamed Akram
Noah Goldstein
Palmer Dabbelt
Paul Eggert
Philip Kaludercic
Samuel Dobron
Samuel Thibault
Sayan Paul
Sergey Bugaev
Sergey Kolosov
Siddhesh Poyarekar
Simon Chopin
Stafford Horne
Stefan Liebler
Sunil K Pandey
Szabolcs Nagy
Wilco Dijkstra
Xi Ruoyao
Xin Wang
Yinyu Cai
YunQiang Su

We would like to call out the following and thank them for their
tireless patch review:

Adhemerval Zanella
Alejandro Colomar
Andreas K. Hüttel
Arjun Shankar
Aurelien Jarno
Bruno Haible
Carlos O'Donell
DJ Delorie
Dmitry V. Levin
Evan Green
Fangrui Song
Florian Weimer
H.J. Lu
Jonathan Wakely
Joseph Myers
Mathieu Desnoyers
Maxim Kuvyrkov
Michael Jeanson
Noah Goldstein
Palmer Dabbelt
Paul Eggert
Paul E. Murphy
Peter Bergner
Philippe Mathieu-Daudé
Sam James
Siddhesh Poyarekar
Simon Chopin
Stefan Liebler
Sunil K Pandey
Szabolcs Nagy
Xi Ruoyao
Zack Weinberg

--
Andreas K. Hüttel
dilfridge@gentoo.org
Gentoo Linux developer
(council, toolchain, base-system, perl, releng)
https://wiki.gentoo.org/wiki/User:Dilfridge
https://www.akhuettel.de/

Tuesday, July 2, 2024

Update on German bureaucracy, or Mitteilungsverordnung hooray!

I've recently posted about the requirement of a German tax id for all reimbursements even of foreign seminar guests, or more precisely, about my frustration thereof. In the meantime I've been talking to colleagues, our faculty administration, read up some legalese texts, and last but not least contacted friends induced in the relevant higher Bavarian mysteries for their opinion and knowledge. The result is interesting, and here's a summary of it.

First of all, while the federal Mitteilungsverordnung ("notification regulation") has not changed recently, it will change as of 1 January 2025 (most relevant, its §8). And indeed it then requires electronic transmission of the notifications and that every payment notification is accompanied by the German tax id of the recipient. Since payments during 2024 are reported beginning of 2025, that change affects us already now. What has not changed is the "Bagatellgrenze", i.e., the fact that payments below 1500,- € per person and year do not require any payment notification and thus also no tax id.

Second, as proposed by the State of Bavaria, the Bundesrat (our second chamber of parliament that represents the states) has requested to raise the "Bagatellgrenze" to 3000,- € per person and year, since even the higher mysteries are of the opinion that the current situation is not really productive (the number was initially fixed as 3000,- DM in 1993 and then converted to 1500,- € ... now how much inflation did we have in the meantime?). The federal government is assessing the situation.

Third, I got the comment that University of Regensburg seems to hand in quite some unnecessary (because of the "Bagatellgrenze") payment notifications. Which is somewhat unsurprising since our central administration (not the Physics department) insists on sending a record of every payment, not just the ones above 1500,- € per person and year. Lovely. #Provinzuniversität #UniversitätRegensburg

At the moment our foreign guests get the application form for the German tax id during their visit together with the remaining reimbursement forms, and need to hand in a passport copy with it. The generated tax id is directly sent to us; once it has arrived the normal reimbursement process is started. Things could be worse. Still, first, the process delays the reimbursement (potentially by weeks, depending on the load of our local tax office), second, requiring all international guests to leave a passport copy and file for a German tax id just to get their plane tickets paid is borderline...

Monday, July 1, 2024