Update GLIBC from 2.27 to 2.29 #1028
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
From the [announcement][1]: > NEWS for version 2.29 > ==================== > > * The getcpu wrapper function has been added, which returns the > currently used CPU and NUMA node. This function is Linux-specific. > > * A new convenience target has been added for distribution maintainers > to build and install all locales as directories with files. The new > target is run by issuing the following command in your build tree: > 'make localedata/install-locale-files', with an optional DESTDIR > to set the install root if you wish to install into a non-default > configured location. > > * Optimized generic exp, exp2, log, log2, pow, sinf, cosf, sincosf and > tanf. > > * The reallocarray function is now declared under _DEFAULT_SOURCE, not > just for _GNU_SOURCE, to match BSD environments. > > * For powercp64le ABI, Transactional Lock Elision is now enabled iff > kernel indicates that it will abort the transaction prior to entering > the kernel (PPC_FEATURE2_HTM_NOSC on hwcap2). On older kernels the > transaction is suspended, and this caused some undefined side-effects > issues by aborting transactions manually. Glibc avoided it by abort > transactions manually on each syscall, but it lead to performance > issues on newer kernels where the HTM state is saved and restore > lazily (the state being saved even when the process actually does not > use HTM). > > * The functions posix_spawn_file_actions_addchdir_np and > posix_spawn_file_actions_addfchdir_np have been added, enabling > posix_spawn and posix_spawnp to run the new process in a different > directory. These functions are GNU extensions. The function > posix_spawn_file_actions_addchdir_np is similar to the Solaris > function of the same name. > > * The popen and system do not run atfork handlers anymore (BZ#17490). > Although it is a possible POSIX violation, the POSIX rationale in > pthread_atfork documentation regarding atfork handlers is to handle > inconsistent mutex state after a fork call in a multi-threaded > process. > In both popen and system there is no direct access to user-defined > mutexes. > > * Support for the C-SKY ABIV2 running on Linux has been added. This > port requires at least binutils-2.32, gcc-9.0, and linux-4.20. Two > ABIs are supported: > - C-SKY ABIV2 soft-float little-endian > - C-SKY ABIV2 hard-float little-endian > > * strftime's default formatting of a locale's alternative year (%Ey) > has been changed to zero-pad the year to a minimum of two digits, > like "%y". This improves the display of Japanese era years during > the first nine years of a new era, and is expected to be harmless > for all other locales (only Japanese locales regularly have > alternative year numbers less than 10). Zero-padding can be > overridden with the '_' or '-' flags (which are GNU extensions). > > * As a GNU extension, the '_' and '-' flags can now be applied to > "%EY" to control how the year number is formatted; they have the > same effect that they would on "%Ey". […] > Security related changes: > > CVE-2018-19591: A file descriptor leak in if_nametoindex can lead to a > denial of service due to resource exhaustion when processing > getaddrinfo calls with crafted host names. Reported by Guido Vranken. > > CVE-2019-6488: On x32, the size_t parameter may be passed in the lower > 32 bits of a 64-bit register with with non-zero upper 32 bit. When it > happened, accessing the 32-bit size_t value as the full 64-bit > register in the assembly string/memory functions would cause a buffer > overflow. > Reported by H.J. Lu. > > CVE-2016-10739: The getaddrinfo function could successfully parse IPv4 > addresses with arbitrary trailing characters, potentially leading to > data or command injection issues in applications. [1]: https://sourceware.org/ml/libc-announce/2019/msg00000.html
That is the oldest Linux kernel version, currently in MarIuX.
--enable-stack-protector=[yes|no|all|strong]
Use -fstack-protector[-all|-strong] to detect glibc
buffer overflows
|
Several services like the SSH daemon need to be restarted after the update. |
|
I tested the update (on a dose snapshot) and I didn't need to restart systemd or sshd or cron or my testprogram which uses dlopen(). Everything seems to work so far. |
|
Well there is an error "Feb 28 16:01:22 dose.molgen.mpg.de systemd[2532]: (systemd): relocation error: /lib/libnss_files.so.2: symbol __libc_readline_unlocked version GLIBC_PRIVATE not defined in file libc.so.6 with link time reference" in the journal. |
|
we should dump this PR, 2.31 is L&G. Don't ride dead horses. |
|
BTW: What is the reason for the update? |
|
let's concentrate on 2.31. |
Sign in
to join this conversation on GitHub.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Update with
sudo bee update linux-headers glibc glibc-locales.See merge/pull request #502 for details on how to upgrade a system.
systemd also needs to be restarted by issuing
sudo systemctl daemon-reexec.Tested on keineahnung.