- Update to glibc 2.24
* The minimum Linux kernel version that this version of the GNU C Library
can be used with is 3.2
* The pap_AN locale has been deleted
* The readdir_r and readdir64_r functions have been deprecated
* The type `union wait' has been removed
* A new NSS action is added to facilitate large distributed system
administration
* The deprecated __malloc_initialize_hook variable has been removed from
the API
* The long unused localedef --old-style option has been removed
* nextupl, nextup, nextupf, nextdownl, nextdown and nextdownf are added
to libm
* An unnecessary stack copy in _nss_dns_getnetbyname_r was removed
(CVE-2016-3075)
* Previously, getaddrinfo copied large amounts of address data to the
stack, even after the fix for CVE-2013-4458 has been applied,
potentially resulting in a stack overflow. getaddrinfo now uses a
heap allocation instead (CVE-2016-3706)
* The glob function suffered from a stack-based buffer overflow when it
was called with the GLOB_ALTDIRFUNC flag and encountered a long file
name (CVE-2016-1234)
* The Sun RPC UDP client could exhaust all available stack space when
flooded with crafted ICMP and UDP messages (CVE-2016-4429)
* The IPv6 name server management code in libresolv could result in a
memory leak for each thread which is created, performs a failing
naming lookup, and exits (CVE-2016-5417)
- setcontext-unwind-info.patch: Add EABI unwind info for setcontext on arm
- Removed patches:
* 0001-Updated-translations-for-2.23.patch
OBS-URL: https://build.opensuse.org/request/show/417841
OBS-URL: https://build.opensuse.org/package/show/Base:System/glibc?expand=0&rev=444
- Update to glibc 2.17.90 85891acadf1b:
* CVE-2013-2207 Incorrectly granting access to another user's pseudo-terminal
has been fixed by disabling the use of pt_chown (Bugzilla #15755).
Distributions can re-enable building and using pt_chown via the new configure
option `--enable-pt_chown'. Enabling the use of pt_chown carries with it
considerable security risks and should only be used if the distribution
understands and accepts the risks.
* CVE-2013-0242 Buffer overrun in regexp matcher has been fixed (Bugzilla
#15078).
* CVE-2013-1914 Stack overflow in getaddrinfo with many results has been
fixed (Bugzilla #15330).
* Add support for calling C++11 thread_local object destructors on thread
and program exit. This needs compiler support for offloading C++11
destructor calls to glibc.
* Improved worst case performance of libm functions with double inputs and
output.
* Support for priority inherited mutexes in pthread condition variables on
non-x86 architectures.
* Optimized string functions for AArch64. Implemented by Marcus Shawcroft.
* Optimized string functions for ARM. Implemented by Will Newton and
Richard Henderson.
* Added a benchmark framework to track performance of functions in glibc.
* New <math.h> macro named issignaling to check for a signaling NaN (sNaN).
It is based on draft TS 18661 and currently enabled as a GNU extension.
* On Linux, the clock function now uses the clock_gettime system call
for improved precision, rather than old times system call.
* Added new API functions pthread_getattr_default_np and
pthread_setattr_default_np to get and set the default pthread
attributes of a process.
* Added support for TSX lock elision for pthread mutexes on i386 and x86-64.
OBS-URL: https://build.opensuse.org/request/show/186119
OBS-URL: https://build.opensuse.org/package/show/Base:System/glibc?expand=0&rev=304
