From the [announcement][1]:

> NEWS for version 2.29
> ====================
>
> * The getcpu wrapper function has been added, which returns the
>   currently used CPU and NUMA node.  This function is Linux-specific.
>
> * A new convenience target has been added for distribution maintainers
>   to build and install all locales as directories with files.  The new
>   target is run by issuing the following command in your build tree:
>   'make localedata/install-locale-files', with an optional DESTDIR
>   to set the install root if you wish to install into a non-default
>   configured location.
>
> * Optimized generic exp, exp2, log, log2, pow, sinf, cosf, sincosf and
>   tanf.
>
> * The reallocarray function is now declared under _DEFAULT_SOURCE, not
>   just for _GNU_SOURCE, to match BSD environments.
>
> * For powercp64le ABI, Transactional Lock Elision is now enabled iff
>   kernel indicates that it will abort the transaction prior to entering
>   the kernel (PPC_FEATURE2_HTM_NOSC on hwcap2).  On older kernels the
>   transaction is suspended, and this caused some undefined side-effects
>   issues by aborting transactions manually.  Glibc avoided it by abort
>   transactions manually on each syscall, but it lead to performance
>   issues on newer kernels where the HTM state is saved and restore
>   lazily (the state being saved even when the process actually does not
>   use HTM).
>
> * The functions posix_spawn_file_actions_addchdir_np and
>   posix_spawn_file_actions_addfchdir_np have been added, enabling
>   posix_spawn and posix_spawnp to run the new process in a different
>   directory.  These functions are GNU extensions.  The function
>   posix_spawn_file_actions_addchdir_np is similar to the Solaris
>   function of the same name.
>
> * The popen and system do not run atfork handlers anymore (BZ#17490).
>   Although it is a possible POSIX violation, the POSIX rationale in
>   pthread_atfork documentation regarding atfork handlers is to handle
>   inconsistent mutex state after a fork call in a multi-threaded
>   process.
>   In both popen and system there is no direct access to user-defined
>   mutexes.
>
> * Support for the C-SKY ABIV2 running on Linux has been added.  This
>   port requires at least binutils-2.32, gcc-9.0, and linux-4.20.  Two
>   ABIs are supported:
>     - C-SKY ABIV2 soft-float little-endian
>     - C-SKY ABIV2 hard-float little-endian
>
> * strftime's default formatting of a locale's alternative year (%Ey)
>   has been changed to zero-pad the year to a minimum of two digits,
>   like "%y".  This improves the display of Japanese era years during
>   the first nine years of a new era, and is expected to be harmless
>   for all other locales (only Japanese locales regularly have
>   alternative year numbers less than 10).  Zero-padding can be
>   overridden with the '_' or '-' flags (which are GNU extensions).
>
> * As a GNU extension, the '_' and '-' flags can now be applied to
>   "%EY" to control how the year number is formatted; they have the
>   same effect that they would on "%Ey".

[…]

> Security related changes:
>
>   CVE-2018-19591: A file descriptor leak in if_nametoindex can lead to a
>   denial of service due to resource exhaustion when processing
>   getaddrinfo calls with crafted host names.  Reported by Guido Vranken.
>
>   CVE-2019-6488: On x32, the size_t parameter may be passed in the lower
>   32 bits of a 64-bit register with with non-zero upper 32 bit.  When it
>   happened, accessing the 32-bit size_t value as the full 64-bit
>   register in the assembly string/memory functions would cause a buffer
>   overflow.
>   Reported by H.J. Lu.
>
>   CVE-2016-10739: The getaddrinfo function could successfully parse IPv4
>   addresses with arbitrary trailing characters, potentially leading to
>   data or command injection issues in applications.

[1]: https://sourceware.org/ml/libc-announce/2019/msg00000.html

That is the oldest Linux kernel version, currently in MarIuX.

    --enable-stack-protector=[yes|no|all|strong]
                            Use -fstack-protector[-all|-strong] to detect glibc
                            buffer overflows

Addresses #502 (comment)