Hi everybody,
The venerable GNU C Library just saw the release of 2.14. Within the release notes there is a list of bug numbers that are addressed by this release. Some of these are highlighted in the release notes, but most aren't.
I did some scripting and here is a lightly edited list of things fixed. I added a link to bug 10149, you can guess the URL for the rest. I bolded things that might actually hit my programs (and who knows, yours):
(potentially) security related:
Bug 10149 - stack guard should lead with zero byte to gain protections
Bug 11892 - putenv()/setenv() unbounded alloca()
Bug 12393 - ld.so: insecure handling of privileged programs' RPATHs with
Bug 12671 - multiple vulnerabilities in netdb.h/aliases.h/glob.h
Rest:
Bug 386 - pthread_create returns ENOMEM but should return EAGAIN
Bug 6420 - Mtrace deadlock
Bug 7101 - getopt message for ambiguous options could be more helpful
Bug 10138 - Outdated config.guess/sub
Bug 10157 - Wrong value for sysconf(_SC_CPUTIME) or
Bug 11099 - INT_FIELD_MAYBE_NULL changed behaviour on x86_64
Bug 11257 - need finer control of group unioning in /etc/nsswitch.conf
Bug 11558 - No way to set some options in /etc/resolv.conf
Bug 11634 - tst-audit6.c doesn't compile without AVX support
Bug 11697 - pt_chown doesn't work when the PTY's gid is already correct
Bug 11724 - ld.so - Initialization and Termination Functions incorrectly
Bug 11781 - Interoperability problems between malloc hook and GCC 4.5.0
Bug 11799 - si_code is not SI_USER on raise()
Bug 11820 - sys/user.h requires additional header in x86_64 to define
Bug 11857 - Missing documentation in regex.h
Bug 11895 - pselect incorrecly handles small negative timeouts on old
Bug 11901 - __libc_message(do_abort = 1) will deadlock if called from malloc
Bug 11952 - glibc may use uninitialized DTV slot, return NULL for
Bug 12052 - posix_spawn() nonconformance (POSIX_SPAWN_SETSCHEDPARAM)
Bug 12083 - aio_init() treatment of aio_num argument looks buggy
Bug 12350 - Resolver doesn't save RES_SNGLKUP/RES_SNGLKUPREOP state in
Bug 12420 - On AMD64 linux, getcontext resets FPU exception mask.
Bug 12432 - backtrace() fails with recursive function on 64-bit
Bug 12445 - printf() stack corruption in case of positional parameters +
Bug 12453 - Broken thread local storage (TLS) initialization
Bug 12454 - Inconsistency detected by ld.so: dl-deps.c: 622:
Bug 12460 - AVX audit test failures with gcc 4.6
Bug 12469 - Race condition in configure.in check for necessary ranlib
Bug 12489 - prelinking ldso causes binaries to segfault upon startup
Bug 12509 - dlopen(path_to_lib, RTLD_LOCAL|RTLD_NOLOAD) leaks memory
Bug 12510 - elf/dl-lookup.c: STB_GNU_UNIQUE/ELF_RTYPE_CLASS_COPY lookup
Bug 12511 - elf/dl-lookup.c: STB_GNU_UNIQUE/ELF_RTYPE_CLASS_COPY lookup
Bug 12518 - memcpy acts randomly (and differently) with overlapping areas
Bug 12527 - Off by one bug with ftell() with fmemopen()
Bug 12583 - fnmatch: integer overflow in computation of the required
Bug 12587 - sysconf(_SC_*CACHE) returns 0 for all caches on some CPUs.
Bug 12597 - SSE4 strncmp failure
Bug 12625 - mntent operations provide no indication of failure due to
Bug 12626 - __backtrace_symbols_fd uses of out-of-scope storage in stack
Bug 12631 - wcp[n]cpy are required by POSIX 2008
Bug 12650 - Memory leak with dlopen() and thread-local storage variables
Bug 12653 - undefined references to ssse3 routines when trying to link
Bug 12655 - fix a comment in sysdeps/unix/sysv/linux/sys/syscall.h
Bug 12684 - Multi-request DNS lookups do not properly fall back to
Bug 12685 - fopen doesn't honor last byte of valid modes
Bug 12713 - coreutils-8.12 "make check" thinks glibc-2.13's "getcwd()" is
Bug 12714 - getaddrinfo(AF_INET6) does not return scope_id info provided
Bug 12717 - declaration of getnameinfo() is not POSIX compliant
Bug 12723 - pathconf for a FIFO returns a different value than fpathconf
Bug 12724 - fclose violates POSIX 2008 on seekable input streams
Bug 12734 - resolver failures without even sending a query.
Bug 12766 - SEGV in error_at_line(3)
Bug 12775 - Typo in sysdeps/x86_64/fpu/e_powl.S
Bug 12782 - POSIX strerror_r quality of implementation
Bug 12792 - perror violates POSIX regarding ferror status
Bug 12795 - bits/resource.h is outdated
Bug 12811 - regexec/re_search consumes huge amounts of memory
Bug 12813 - Linux x86_64: glibc should prefer the vDSO over vsyscalls
Locale:
Bug 9730 - sv_FI time format does not match fi_FI
Bug 9732 - dz_BT Dzongkha collation order
Bug 9809 - Please add Kurdish locale for Kurdish Sorani (CKB)
Bug 11258 - es_CR locale update
Bug 11487 - [Patch] to fix yesexpr and noexpr to use Po (Yes) and Jo (No)
Bug 11532 - Support old DOS Lithuanian character sets in iconv
Bug 11578 - sync glibc Latin American paper sizes with CLDR 1.8.1
Bug 11653 - Incorrect LC_MONETARY symbol of es_NI.utf-8
Bug 11668 - Paper Size is wrong for locale es_NI (A4 -> Letter)
Bug 11837 - GB18030-2005 is not supported!
Bug 11869 - LANGUAGE not taken into account unless LC_MESSAGES is set to
Bug 11945 - Month names in Russian Localization should be in lowercase
Bug 11947 - New locale for Meadow Mari language
Bug 11987 - missing info on first day of week in Slovenian (sl_SI) locale
Bug 12158 - Please add the new lij_IT locale
Bug 12178 - New locale wae_CH, request for inclusion
Bug 12200 - Please add the new yue_HK locale file
Bug 12346 - Estonia (et_EE) joins the eurozone on Jan 1 2011
Bug 12449 - Please add the new lb_LU locale
Bug 12541 - update for indian locale for U+20B9 (New Rupee Symbol)
Bug 12545 - [PATCH] localedef: fix error check for size_t < 0
Bug 12551 - New locales for Swahili (Kenya and Tanzania)
Bug 12582 - Incorrect date and time formats in en_SG locale
Bug 12611 - New locale for Fulah (Senegal)
Bug 12601 - iconv(3) doesn't handle invalid sequence properly
Bug 12660 - Recent changes in tk_TM locale
Bug 12681 - New locale for Bemba (Zambia)
Bug 12711 - changes required for adding new currency symbol in indian
Bug 12738 - Please add the new os_RU locale
Bug 12746 - Encoding mismatch in se_NO file
Bug 12777 - iconv mapping of U+0385 in CP1258 is likely incorrect
Bug 12788 - [PATCH] setlocale sets the locale of LC_ALL incorrect to 'C'
Bug 12814 - ISO-2022-JP-2 conversion of U+20AC gives strange result