GNU C Library NEWS -- history of user-visible changes.
Copyright (C) 1992-2024 Free Software Foundation, Inc.
See the end for copying conditions.

Please send GNU C library bug reports via <https://sourceware.org/bugzilla/>
using `glibc' in the "product" field.

Version 2.40

Major new features:

* The <stdbit.h> header type-generic macros have been changed when using
  GCC 14.1 or later to use __builtin_stdc_bit_ceil etc. built-in functions
  in order to support unsigned __int128 and/or unsigned _BitInt(N) operands
  with arbitrary precisions when supported by the target.

* The GNU C Library now supports a feature test macro _ISOC23_SOURCE to
  enable features from the ISO C23 standard.  Only some features from
  this standard are supported by the GNU C Library.  The older name
  _ISOC2X_SOURCE is still supported.  Features from C23 are also enabled
  by _GNU_SOURCE, or by compiling with the GCC options -std=c23,
  -std=gnu23, -std=c2x or -std=gnu2x.

* The following ISO C23 function families (introduced in TS
  18661-4:2015) are now supported in <math.h>.  Each family includes
  functions for float, double, long double, _FloatN and _FloatNx, and a
  type-generic macro in <tgmath.h>.

  - Exponential functions: exp2m1, exp10m1.

  - Logarithmic functions: log2p1, log10p1, logp1.

* A new tunable, glibc.rtld.enable_secure, can be used to run a program
  as if it were a setuid process. This is currently a testing tool to allow
  more extensive verification tests for AT_SECURE programs and not meant to
  be a security feature.

* On Linux, the epoll header was updated to include epoll ioctl definitions
  and the related structure added in Linux kernel 6.9.

* The fortify functionality has been significantly enhanced for building
  programs with clang against the GNU C Library.

* Many functions have been added to the vector library for aarch64:
    acosh, asinh, atanh, cbrt, cosh, erf, erfc, hypot, pow, sinh, tanh

* On x86, memset can now use non-temporal stores to improve the performance
  of large writes. This behaviour is controlled by a new tunable
  x86_memset_non_temporal_threshold.

Deprecated and removed features, and other changes affecting compatibility:

* Architectures which use a 32-bit seconds-since-epoch field in struct
  lastlog, struct utmp, struct utmpx (such as i386, powerpc64le, rv32,
  rv64, x86-64) switched from a signed to an unsigned type for that
  field.  This allows these fields to store timestamps beyond the year
  2038, until the year 2106.  Please note that applications are still
  expected to migrate off the interfaces declared in <utmp.h> and
  <utmpx.h> (except for login_tty) due to locking and session management
  problems.

* __rseq_size now denotes the size of the active rseq area (20 bytes
  initially), not the size of struct rseq (32 bytes initially).

Security related changes:

The following CVEs were fixed in this release, details of which can be
found in the advisories directory of the release tarball:

  GLIBC-SA-2024-0004:
    ISO-2022-CN-EXT: fix out-of-bound writes when writing escape
    sequence (CVE-2024-2961)

  GLIBC-SA-2024-0005:
    nscd: Stack-based buffer overflow in netgroup cache (CVE-2024-33599)

  GLIBC-SA-2024-0006:
    nscd: Null pointer crash after notfound response (CVE-2024-33600)

  GLIBC-SA-2024-0007:
    nscd: netgroup cache may terminate daemon on memory allocation
    failure (CVE-2024-33601)

  GLIBC-SA-2024-0008:
    nscd: netgroup cache assumes NSS callback uses in-buffer strings
    (CVE-2024-33602)

The following bugs are resolved with this release:

  [19622] network: Support aliasing with struct sockaddr
  [21271] localedata: cv_RU: update translations
  [23774] localedata: lv_LV collates Y/y incorrectly
  [23865] string: wcsstr is quadratic-time
  [25119] localedata: Change Czech weekday names to lowercase
  [27777] stdio: fclose does a linear search, takes ages when many FILE*
    are opened
  [29770] libc: prctl does not match manual page ABI on powerpc64le-
    linux-gnu
  [29845] localedata: Update hr_HR locale currency to €
  [30701] time: getutxent misbehaves on 32-bit x86 when _TIME_BITS=64
  [31316] build: Fails test misc/tst-dirname "Didn't expect signal from
    child: got `Illegal instruction'" on non SSE CPUs
  [31317] dynamic-link: [RISCV] static PIE crashes during self
    relocation
  [31325] libc: mips: clone3 is wrong for o32
  [31335] math: Compile glibc with -march=x86-64-v3 should disable FMA4
    multi-arch version
  [31339] libc: arm32 loader crash after cleanup in 2.36
  [31340] manual: A bad sentence in section 22.3.5 (resource.texi)
  [31357] dynamic-link: $(objpfx)tst-rtld-list-diagnostics.out rule
    doesn't work with test wrapper
  [31370] localedata: wcwidth() does not treat
    DEFAULT_IGNORABLE_CODE_POINTs as zero-width
  [31371] dynamic-link: x86-64: APX and Tile registers aren't preserved
    in ld.so trampoline
  [31372] dynamic-link: _dl_tlsdesc_dynamic doesn't preserve all caller-
    saved registers
  [31383] libc: _FORTIFY_SOURCE=3 and __fortified_attr_access vs size of
    0 and zero size types
  [31385] build: sort-makefile-lines.py doesn't check variable with _
    nor with "^# variable"
  [31402] libc: clone (NULL, NULL, ...) clobbers %r7 register on
    s390{,x}
  [31405] libc: Improve dl_iterate_phdr using _dl_find_object
  [31411] localedata: Add Latgalian locale
  [31412] build: GCC 6 failed to build i386 glibc on Fedora 39
  [31429] build: Glibc failed to build with -march=x86-64-v3
  [31468] libc: sigisemptyset returns true when the set contains signals
    larger than 34
  [31476] network: Automatic activation of single-request options break
    resolv.conf reloading
  [31479] libc: Missing #include <sys/rseq.h> in sched_getcpu.c may
    result in a loss of rseq acceleration
  [31501] dynamic-link: _dl_tlsdesc_dynamic_xsavec may clobber %rbx
  [31518] manual: documentation: FLT_MAX_10_EXP questionable text, evtl.
    wrong,
  [31530] localedata: Locale file for Moksha - mdf_RU
  [31553] malloc: elf/tst-decorate-maps fails on ppc64el
  [31596] libc: On the llvm-arm32 platform, dlopen("not_exist.so", -1)
    triggers segmentation fault
  [31600] math: math: x86 ceill traps when FE_INEXACT is enabled
  [31601] math: math: x86 floor traps when FE_INEXACT is enabled
  [31603] math: math: x86 trunc traps when FE_INEXACT is enabled
  [31612] libc: arc4random fails to fallback to /dev/urandom if
    getrandom is not present
  [31629] build: powerpc64: Configuring with "--with-cpu=power10" and
    'CFLAGS=-O2 -mcpu=power9' fails to build glibc
  [31640] dynamic-link: POWER10 ld.so crashes in
    elf_machine_load_address with GCC 14
  [31661] libc: NPROCESSORS_CONF and NPROCESSORS_ONLN not available in
    getconf
  [31676] dynamic-link: Configuring with CC="gcc -march=x86-64-v3"
    --with-rtld-early-cflags=-march=x86-64 results in linker failure
  [31677] nscd: nscd: netgroup cache: invalid memcpy under low
    memory/storage conditions
  [31678] nscd: nscd: Null pointer dereferences after failed netgroup
    cache insertion
  [31679] nscd: nscd: netgroup cache may terminate daemon on memory
    allocation failure
  [31680] nscd: nscd: netgroup cache assumes NSS callback uses in-buffer
    strings
  [31682] math: [PowerPC] Floating point exception error for math test
    test-ceil-except-2 test-floor-except-2 test-trunc-except-2
  [31686] dynamic-link: Stack-based buffer overflow in
    parse_tunables_string
  [31695] libc: pidfd_spawn/pidfd_spawnp leak an fd if clone3 succeeds
    but execve fails
  [31719] dynamic-link: --enable-hardcoded-path-in-tests doesn't work
    with -Wl,--enable-new-dtags
  [31730] libc: backtrace_symbols_fd prints different strings than
    backtrace_symbols returns
  [31753] build: FAIL: link-static-libc with GCC 6/7/8
  [31755] libc: procutils_read_file doesn't start with a leading
    underscore
  [31756] libc: write_profiling is only in libc.a
  [31757] build: Should XXXf128_do_not_use functions be excluded?
  [31759] math: Extra nearbyint symbols in libm.a
  [31760] math: Missing math functions
  [31764] build: _res_opcodes should be a compat symbol only
  [31765] dynamic-link: _dl_mcount_wrapper is exported without prototype
  [31766] stdio: _IO_stderr_ _IO_stdin_ _IO_stdout should be compat
    symbols
  [31768] string: Extra stpncpy symbol in libc.a
  [31770] libc: clone3 is in libc.a
  [31774] libc: Missing __isnanf128 in libc.a
  [31775] math: Missing exp10 exp10f32x exp10f64 fmod fmodf fmodf32
    fmodf32x fmodf64 in libm.a
  [31777] string: Extra memchr strlen symbols in libc.a
  [31781] math: Missing math functions in libm.a
  [31782] build: Test build failure with recent GCC trunk (x86/tst-cpu-
    features-supports.c:69:3: error: parameter to builtin not valid:
    avx5124fmaps)
  [31785] string: loongarch: Extra strnlen symbols in libc.a
  [31786] string: powerpc: Extra strchrnul and strncasecmp_l symbols in
    libc.a
  [31787] math: powerpc: Extra llrintf, llrintf, llrintf32, and
    llrintf32 symbols in libc.a
  [31788] libc: microblaze: Extra cacheflush symbol in libc.a
  [31789] libc: powerpc: Extra versionsort symbol in libc.a
  [31790] libc: s390: Extra getutent32, getutent32_r, getutid32,
    getutid32_r, getutline32, getutline32_r, getutmp32, getutmpx32,
    getutxent32, getutxid32, getutxline32, pututline32, pututxline32,
    updwtmp32, updwtmpx32 in libc.a
  [31797] build: g++ -static requirement should be able to opt-out
  [31798] libc: pidfd_getpid.c is miscompiled by GCC 6.4
  [31802] time: difftime is pure not const
  [31808] time: The supported time_t range is not documented.
  [31840] stdio: Memory leak in _IO_new_fdopen (fdopen) on seek failure
  [31867] build: "CPU ISA level is lower than required" on SSE2-free
    CPUs
  [31876] time: "Date and time" documentation fixes for POSIX.1-2024 etc
  [31883] build: ISA level support configure check relies on bashism /
    is otherwise broken for arithmetic
  [31892] build: Always install mtrace.
  [31917] libc: clang mq_open fortify wrapper does not handle 4 argument
    correctly
  [31927] libc: clang open fortify wrapper does not handle argument
    correctly
  [31931] time: tzset may fault on very short TZ string
  [31934] string: wcsncmp crash on s390x on vlbb instruction
  [31963] stdio: Crash in _IO_link_in within __gcov_exit
  [31965] dynamic-link: rseq extension mechanism does not work as
    intended
  [31980] build: elf/tst-tunables-enable_secure-env fails on ppc

Version 2.39

Major new features:

* A new tunable, glibc.cpu.plt_rewrite, can be used to enable PLT
  rewrite on x86-64.  When enabled with non-lazy binding, the dynamic
  linker will rewrite indirect branches in PLT with direct branches.

* Sync with Linux kernel 6.6 shadow stack interface.  The --enable-cet
  configure option is only supported on x86-64.

* struct statvfs now has an f_type member, equal to the f_type statfs member;
  on the Hurd this was always available under a reserved name,
  and under Linux a spare has been allocated: it was always zero
  in previous versions of glibc, and zero is not a valid result.

* On Linux, the functions posix_spawnattr_getcgroup_np and
  posix_spawnattr_setcgroup_np have been added, along with the
  POSIX_SPAWN_SETCGROUP flag.  They allow posix_spawn and posix_spawnp
  to set the cgroupv2 in the new process in a race-free manner.  These
  functions are GNU extensions and require a kernel with clone3 support.

* On Linux, the pidfd_spawn and pidfd_spawp functions have been added.
  They have a similar prototype and semantic as posix_spawn, but instead of
  returning a process ID, they return a file descriptor that can be used
  along other pidfd functions (like pidfd_send_signal, poll, or waitid).
  The pidfd functionality avoids the issue of PID reuse with the traditional
  posix_spawn interface.

* On Linux, the pidfd_getpid function has been added.  It allows retrieving
  the process ID associated with the process file descriptor created by
  pid_spawn, fork_np, or pidfd_open.

* scanf-family functions now support the wN format length modifiers for
  arguments pointing to types intN_t, int_leastN_t, uintN_t or
  uint_leastN_t (for example, %w32d to read int32_t or int_least32_t in
  decimal, or %w32x to read uint32_t or uint_least32_t in hexadecimal)
  and the wfN format length modifiers for arguments pointing to types
  int_fastN_t or uint_fastN_t, as specified in draft ISO C2X.

* A new tunable, glibc.mem.decorate_maps, can be used to add additional
  information on underlying memory allocated by the glibc (for instance,
  on thread stack created by pthread_create or memory allocated by
  malloc).

* The <stdbit.h> header has been added from ISO C2X, with
  stdc_leading_zeros, stdc_leading_ones, stdc_trailing_zeros,
  stdc_trailing_ones, stdc_first_leading_zero, stdc_first_leading_one,
  stdc_first_trailing_zero, stdc_first_trailing_one, stdc_count_zeros,
  stdc_count_ones, stdc_has_single_bit, stdc_bit_width, stdc_bit_floor
  and stdc_bit_ceil function families, each having functions for
  unsigned char, unsigned short, unsigned int, unsigned long int and
  unsigned long long int, and a type-generic macro.

* On AArch64 new symbols were added to libmvec and now math.h has
  annotations to allow GCC 9 or newer to auto-vectorize calls to the
  following scalar math functions when -ffast-math is specified:
  acos, acosf, asin, asinf, atan, atanf, atan2, atan2f, cos, cosf,
  exp, expf, exp10, exp10f, exp2, exp2f, expm1, expm1f, log, logf,
  log10, log10f, log1p, log1pf, log2, log2f, sin, sinf, tan, tanf.

Deprecated and removed features, and other changes affecting compatibility:

* The ldconfig program now skips file names containing ';' or ending in
  ".dpkg.tmp" or ".dpkg.new", to avoid examining temporary files created
  by the RPM and dpkg package managers.

* libcrypt has been removed from the GNU C Library.  The configure
  options "--enable-crypt" and "--enable-nss-crypt" are no longer
  available.  <crypt.h>, libcrypt.a, and libcrypt.so.1 will not be
  installed.  For now <unistd.h> continues to declare the crypt
  function by default, to avoid introducing vulnerabilities into
  existing applications due to a missing prototype.  This declaration
  is deprecated and may be removed in a future glibc release.

  The replacement for libcrypt is libxcrypt, maintained separately from
  GNU libc, but available under compatible licensing terms, and providing
  binary backward compatibility with the former libcrypt.  It is currently
  distributed from <https://github.com/besser82/libxcrypt/>.

  As a consequence of this removal, GNU libc no longer makes any use of
  the NSS cryptography library (Network Security Services; not to be
  confused with Name Service Switch).  Distributors of binary packages
  of GNU libc are advised to check whether their build processes can be
  simplified.

* The dynamic linker calls the malloc and free functions in more cases
  during TLS access if a shared object with dynamic TLS is loaded and
  unloaded.  This can result in an infinite recursion if a malloc
  replacement library or its dependencies use dynamic TLS instead of
  initial-exec TLS.

* The ia64*-*-linux-gnu configurations are no longer supported.

Changes to build and runtime requirements:

* Building on LoongArch requires at a minimum binutils 2.41 for vector
  instructions.

Security related changes:

The following CVEs were fixed in this release, details of which can be
found in the advisories directory of the release tarball:

  GLIBC-SA-2023-0002:
    getaddrinfo: Stack read overflow in no-aaaa mode (CVE-2023-4527)

  GLIBC-SA-2023-0003:
    getaddrinfo: Potential use-after-free (CVE-2023-4806)

  GLIBC-SA-2023-0004:
    tunables: local privilege escalation through buffer overflow
    (CVE-2023-4911)

  GLIBC-SA-2024-0001:
    syslog: Heap buffer overflow in __vsyslog_internal (CVE-2023-6246)

  GLIBC-SA-2024-0002:
    syslog: Heap buffer overflow in __vsyslog_internal (CVE-2023-6779)

  GLIBC-SA-2024-0003:
    syslog: Integer overflow in __vsyslog_internal (CVE-2023-6780)

  GLIBC-SA-2024-0004:
    ISO-2022-CN-EXT: fix out-of-bound writes when writing escape
    sequence (CVE-2024-2961)

  GLIBC-SA-2024-0005:
    nscd: Stack-based buffer overflow in netgroup cache (CVE-2024-33599)

  GLIBC-SA-2024-0006:
    nscd: Null pointer crashes after notfound response
    (CVE-2024-33600)

  GLIBC-SA-2024-0007:
    nscd: netgroup cache may terminate daemon on memory allocation
    failure (CVE-2024-33601)

  GLIBC-SA-2024-0008:
    nscd: netgroup cache assumes NSS callback uses in-buffer strings
    (CVE-2024-33602)

The following bugs are resolved with this release:

  [14522] localedata: fy_DE: LC_IDENTIFICATION data looks weird
  [19305] libc: qsort() should return early if (nmemb <= 1)
  [19479] localedata: gbm_IN: new Garhwali Locale
  [19924] dynamic-link: TLS performance degradation after dlopen
  [19956] localedata: ssy_ER: rename from aa_ER@saaho
  [21719] libc: stdlib/msort : optimizing merge sort
  [22526] localedata: th_TH  LC_COLLATE does not use copy "iso14651_t1"
  [23012] localedata: el_GR: Greece now uses the 24h format for time
  [23172] localedata: miq_NI: Provide actually abbreviated month names
  [24006] localedata: Cyclic dependencies via copy in locales
  [24013] localedata: am_pm definitions for es_ES
  [24386] localedata: crh_RU: new locale
  [24877] localedata: [Redundant Data] Remove redundant data between
    en_NZ and en_AU
  [25868] localedata: Incorrect trailing spaces in weekday names for
    nn_NO
  [26752] localedata: Please add the new locale zgh_MA
  [27069] dynamic-link: Need a way to tell if a tunable is set by user
  [27163] localedata: Error on test glk_IR with localedef
  [27312] localedata: su_ID: new Sundanese locale
  [27547] manual: "Summary of malloc-Related Functions" shows wrong
    argument order for  `aligned_alloc` and `memalign`
  [27574] libc: glibc should probably not define __WORDSIZE=64 for
    __sparcv9
  [27601] localedata: License information update in
    localedata/locales/ast_ES
  [28558] localedata: it_IT LC_MONETARY outdated p_cs_precedes and
    n_cs_precedes
  [28787] localedata: Add information for Occitan
  [29039] dynamic-link: Corrupt DTV after reuse of a TLS module ID
    following dlclose with unused TLS
  [29486] localedata: New Zealand locales (en_NZ & mi_NZ) first day of
    week should be Monday
  [29504] localedata: Incorrect/misleading Time Format For ms_MY (AM/PM)
  [29506] localedata: UTF-8 HANGUL SYLLABLE bugs
  [30349] libc: Support returning a pidfd from posix_spawn()
  [30412] localedata: d_t_fmt in id_ID uses %r placeholder but am_pm and
    t_fmt_ampm are undefined
  [30605] localedata: New locale for Komi language
  [30649] localedata: [PATCH] Add transliteration of common emojis to
    smileys
  [30694] locale: The iconv program no longer tells the user which given
    encoding name was wrong
  [30709] nscd: nscd fails to build with cleanup handler if built with
    -fexceptions
  [30737] libc: fdopendir() is not robust - returns bogus DIR* instead
    of flagging an error
  [30740] build: [m68k] undefined reference to
    `_wordcopy_fwd_dest_aligned'
  [30745] libc: Slight bug in cache info codes for x86
  [30750] network: Unaligned accesses in resolver
  [30773] math: [m68k] busybox awk is broken (lshift.S related)
  [30789] libc: [2.38 Regression] sem_open will fail on multithreaded
    scenarios when semaphore file doesn't exist (O_CREAT)
  [30800] nscd: Improper assert in prune_cache triggers if clock jumps
    backwards
  [30804] libc: F_GETLK, F_SETLK, and F_SETLKW value change for
    powerpc64 with -D_FILE_OFFSET_BITS=64
  [30842] network: Stack read overflow in getaddrinfo in no-aaaa mode
    (CVE-2023-4527)
  [30843] network: potential use-after-free in getcanonname
    (CVE-2023-4806)
  [30854] localedata: Update locale data to Unicode 15.1.0
  [30884] network: Memory leak in getaddrinfo after fix for bug 30843
    (CVE-2023-5156)
  [30932] libc: Fortify Source has false-positives when too many files
    are open
  [30945] malloc: Core affinity setting incurs lock contentions between
    threads
  [30960] math: signed integer overflow in
    glibc/sysdeps/s390/fpu/feenablxcpt.c
  [30964] locale: Number grouping check mishandles multibyte thousands
    separator
  [30981] dynamic-link: dlclose does not properly implement force-first
    handling
  [30988] math: fesetexcept raises floating-point exception traps on
    ppc, ppc64, ppc64le
  [30989] math: fesetexcept raises floating-point exception traps on
    i386
  [30990] libc: fesetexceptflag raises floating-point exception traps on
    i386, x86_64
  [30998] math: fesetexceptflag clears too many floating-point exception
    flags on alpha
  [31019] manual: The documentation of feenableexcept is incomplete
  [31022] math: feupdateenv (FE_DFL_ENV) crashes on riscv
  [31035] libc: Library search path terminates on relative non-directory
    name
  [31042] libc: [s390x] .init and .fini padding
  [31068] libc: sysdeps: sparc: invalid data access in memset due to
    regression
  [31078] manual: Code example in "Noncanonical Mode Example" has unused
    'char *name;'
  [31086] localedata: Errors in Tibetan, Dzongkha data
  [31113] string: Wrong unwind information for rawmemchr on aarch64
  [31151] libc: [RISC-V] missing support for profile/audit PLT setup
  [31163] nss: getaddrinfo returns EAI_NONAME in oom situation
  [31183] stdio: Wide stream buffer size reduced MB_LEN_MAX bytes after
    bug 17522 fix
  [31184] dynamic-link: FAIL: elf/tst-tlsgap
  [31185] dynamic-link: Incorrect thread point access in
    _dl_tlsdesc_undefweak and _dl_tlsdesc_dynamic
  [31187] dynamic-link: Some CET tests fail with GCC 14
  [31204] localedata: Fix decimal point and thousands separator for
    uz_UZ
  [31205] localedata: Inconsistent (mon_)grouping formats
  [31218] dynamic-link: PLT rewrite overflows large displacement on x32
  [31221] localedata: Add localedata for ISO code "tok" (Toki Pona)
  [31230] dynamic-link: PLT rewrite failed without SELinux
  [31239] localedata: anp_IN locale: abbreviated month names are the
    same as the full month names
  [31244] nptl: pthread_cancel hangs on sparc32
  [31257] localedata: Sync with  CLDR: “Turkey” -> “Türkiye”
  [31266] string: sparc: string/tst-memmove-overflow fails on 32-bit
    sparcv9
  [31276] libc: Wrong condition for heap allocation in qsort_r

Version 2.38

Major new features:

* When C2X features are enabled and the base argument is 0 or 2, the
  following functions support binary integers prefixed by 0b or 0B as
  input: strtol, strtoll, strtoul, strtoull, strtol_l, strtoll_l,
  strtoul_l, strtoull_l, strtoimax, strtoumax, strtoq, strtouq, wcstol,
  wcstoll, wcstoul, wcstoull, wcstol_l, wcstoll_l, wcstoul_l,
  wcstoull_l, wcstoimax, wcstoumax, wcstoq, wcstouq.  Similarly, the
  following functions support binary integers prefixed by 0b or 0B as
  input to the %i format: fscanf, scanf, sscanf, vscanf, vsscanf,
  vfscanf, fwscanf, wscanf, swscanf, vfwscanf, vwscanf, vswscanf; those
  functions also support the %b format for binary integers, with or
  without such a prefix and independent of standards mode.

* PRIb*, PRIB* and SCNb* macros from C2X have been added to
  <inttypes.h>.

* printf-family functions now support the wN format length modifiers for
  arguments of type intN_t, int_leastN_t, uintN_t or uint_leastN_t (for
  example, %w32d to print int32_t or int_least32_t in decimal, or %w32x
  to print uint32_t or uint_least32_t in hexadecimal) and the wfN format
  length modifiers for arguments of type int_fastN_t or uint_fastN_t, as
  specified in draft ISO C2X.

* A new tunable, glibc.pthread.stack_hugetlb, can be used to disable
  Transparent Huge Pages (THP) in stack allocation at pthread_create.

* Support for x86_64 running on Hurd has been added.  This port requires
  as least binutils 2.40 and GCC 13:

    - x86_64-gnu

* Vector math library libmvec support has been added to AArch64.  It
  requires GCC version >= 10.1.0.  It can be disabled via
  "--disable-mathvec", however that is not a supported configuration as
  it changes the ABI. The symbol names follow the AArch64 vector ABI,
  they are declared in math.h and have to be called manually at this point.

* The strlcpy and strlcat functions have been added.  They are derived
  from OpenBSD, and are expected to be added to a future POSIX version.

* A new configure option, "--enable-fortify-source", can be used to build the
  GNU C Library with _FORTIFY_SOURCE. The level of fortification can either be
  provided, or is set to the highest value supported by the compiler. If not
  explicitly enabled, then fortify source is forcibly disabled so to keep
  original behavior unchanged.

Deprecated and removed features, and other changes affecting compatibility:

* libcrypt is no longer built by default; one may use the "--enable-crypt"
  option to build libcrypt.  libcrypt is likely to be removed from the
  GNU C Library in a future release, so it is recommended that
  applications port away from it to an alternative such as libxcrypt.

* In the Linux kernel for the hppa/parisc architecture some of the
  MADV_XXX constants were changed to have the same values as the other
  architectures.  New programs compiled with this glibc version and which
  use the madvise call will require at least Linux kernel version 6.2,
  alternatively stable kernels from versions 6.1.6, 5.15.87, 5.10.163,
  5.4.228, 4.19.270 or 4.14.303.

* The "--disable-experimental-malloc" option is no longer available.  The
  per-thread cache can still be disabled per-application using tunables
  (glibc.malloc.tcache_count set to zero).

* The configure option "--enable-tunables" has been removed.  The tunable
  feature is now always enabled.

Changes to build and runtime requirements:

* Building libmvec on AArch64 requires at a minimum GCC 10.1.0 for SVE
  ACLE.

Security related changes:

  CVE-2023-25139: When the printf family of functions is called with a
  format specifier that uses an <apostrophe> (enable grouping) and a
  minimum width specifier, the resulting output could be larger than
  reasonably expected by a caller that computed a tight bound on the
  buffer size.  The resulting larger than expected output could result
  in a buffer overflow in the printf family of functions.

The following bugs are resolved with this release:

  [178] string: Please add strlcpy and strlcat (attached)
  [14697] nptl: Behavior of exit is nonconformant with respect to
    threads and stdio
  [15142] stdio: Missing locking in _IO_cleanup
  [18096] glob: null deref in wordexp/parse_dollars/parse_arith
  [18906] stdio: fopen: ccs value may affect open mode
  [24466] stdio: Feature request: provide special printf formats for
    intXX_t
  [25457] nss: hosts lookup fails for ipv4mapped ipv6 addresses
  [28519] libc: system and popen should pass "--" between /bin/sh and
    argument
  [29016] stdio: popen() sets errno to ENOMEM when shell does not exist
  [29591] string: wcsnlen length can overflow in page cross case.
  [30053] time: strftime %s returns -1 after 2038 on 32 bits systems
  [30068] stdio: incorrect printf output for integers with thousands
    separator and width field (CVE-2023-25139)
  [30111] time: support_descriptors_list fails after 2038 on 32 bits
    systems
  [30125] dynamic-link: [regression, bisected] glibc-2.37 creates new
    symlink for libraries without soname
  [30130] math: [s390] The _FPU_SETCW macro yields compile error with
    Clang
  [30156] time: Potential ntp_gettime abi break
  [30235] libc: Missing fallback in getlogin if loginuid is unset
  [30258] dynamic-link: sprof cannot read and display shared object
    profiling data correctly
  [30263] libc: Add test coverage for abs(), labs(), and llabs().
  [30305] math: Incorrect asm constraint in feraiseexcept on x86-64
  [30402] libc: FAIL: elf/tst-glibcelf
  [30425] dynamic-link: Symbol lookup during dlclose may fail
    unnecessarily
  [30435] dynamic-link: Root dir wrongly marked as nonexist in open_path
  [30477] libc: [RISCV]: time64 does not work on riscv32
  [30515] dynamic-link: _dl_find_object incorrectly returns 1 during
    early startup
  [30527] network: resolv_conf lock not unlocked on allocation failure
  [30550] math: powerpc64le: GCC-specific code for isinf() is being used
    on clang
  [30555] string: strerror can incorrectly return NULL
  [30579] malloc: trim_threshold in realloc lead to high memory usage
  [30662] nscd: Group and password cache use errno in place of errval

Version 2.37

Major new features:

* The getent tool now supports the --no-addrconfig option. The output of
  getent with --no-addrconfig may contain addresses of families not
  configured on the current host i.e. as-if you had not passed
  AI_ADDRCONFIG to getaddrinfo calls.

Deprecated and removed features, and other changes affecting compatibility:

* The dynamic linker no longer loads shared objects from the "tls"
  subdirectories on the library search path or the subdirectory that
  corresponds to the AT_PLATFORM system name, or employs the legacy AT_HWCAP
  search mechanism, which was deprecated in version 2.33.

Security related changes:

  CVE-2022-39046: When the syslog function is passed a crafted input
  string larger than 1024 bytes, it reads uninitialized memory from the
  heap and prints it to the target log file, potentially revealing a
  portion of the contents of the heap.

The following bugs are resolved with this release:

  [12154] network: Cannot resolve hosts which have wildcard aliases
  [12165] libc: readdir: Do not skip entries with zero d_ino values
  [19444] build: build failures with -O1 due to -Wmaybe-uninitialized
  [24774] nptl: pthread_rwlock_timedwrlock stalls on ARM
  [24816] nss: nss/tst-nss-files-hosts-long fails when no interface has
    AF_INET6 address (ie docker)
  [27087] stdio: PowerPC: Redefinition error with Clang from IEEE
    redirection headers
  [28846] network: CMSG_NXTHDR may trigger -Wstrict-overflow warning
  [28937] dynamic-link: New DSO dependency sorter does not put new map
    first if in a cycle
  [29249] libc: csu/libc-tls.c:202: undefined reference to
    `_startup_fatal_not_constant'
  [29305] network: Inefficient buffer space usage in nss_dns for
    gethostbyname and other functions
  [29375] libc: don't hide MAP_ANONYMOUS behind _GNU_SOURCE
  [29402] nscd: nscd: No such file or directory
  [29415] nscd: getaddrinfo with AI_ADDRCONFIG returns addresses with
    wrong family
  [29427] dynamic-link: Inconsistency detected by ld.so: dl-printf.c:
    200: _dl_debug_vdprintf: Assertion `! "invalid format specifier"'
    failed!
  [29463] math: math/test-float128-y1 fails on x86_64
  [29485] build: Make hangs when the test misc/tst-pidfile returns
    FAIL_UNSUPPORTED
  [29490] dynamic-link: [bisected] new __brk_call causes dynamic loader
    segfault on alpha
  [29499] build: Check failed on misc/tst-glibcsyscalls while building
    for RISCV64 on a unmatched hardware
  [29501] build: Check failed on stdlib/tst-strfrom while building for
    RISCV64 on a unmatched hardware
  [29502] libc: alpha sys/acct.h out of date
  [29514] build: Need to use -fPIE not -fpie
  [29528] dynamic-link: __libc_early_init not called after dlmopen that
    reuses namespace
  [29536] libc: syslog fail to create large messages (CVE-2022-39046)
  [29537] libc: [2.34 regression]: Alignment issue on m68k when using
    futexes on qemu-user
  [29539] libc: LD_TRACE_LOADED_OBJECTS changed how vDSO library are
    printed
  [29544] libc: Regression in syslog(3) calls breaks RFC due to extra
    whitespace
  [29564] build: Incorrect way to change MAKEFLAGS in Makerules
  [29576] build: librtld.os: in function `_dl_start_profile':
    (.text+0x9444): undefined reference to `strcpy'
  [29578] libc: Definition of SUN_LEN() is wrong
  [29583] build: iconv failures on 32bit platform due to missing large
    file support
  [29600] dynamic-link: dlmopen hangs after loading certain libraries
  [29604] localedata: Update locale data to Unicode 15.0.0
  [29605] nscd: Regression in NSCD backend of getaddrinfo
  [29607] nscd: nscd repeatably crashes calling __strlen_avx2 when hosts
    cache is enabled
  [29611] string: Optimized AVX2 string functions unconditionally use
    BMI2 instructions
  [29624] malloc: errno is not cleared when entering main
  [29638] libc: stdlib: arc4random fallback is never used
  [29657] libc: Incorrect struct stat for 64-bit time on linux/generic
    platforms
  [29698] build: Configuring for AArch32 on ARMv8+ disables
    optimizations
  [29727] locale: __strtol_internal out-of-bounds read when parsing
    thousands grouping
  [29730] libc: broken y2038 support in fstatat on MIPS N64
  [29746] libc: ppoll() does not switch to __ppoll64 when
    -D_TIME_BITS=64 and -D_FORTIFY_SOURCE=2 is given on 32bit
  [29771] libc: Restore IPC_64 support in sysvipc *ctl functions
  [29780] build: possible parallel make issue in glibc-2.36 (siglist-
    aux.S: No such file or directory)
  [29864] libc: __libc_start_main() should obtain program headers
    address (_dl_phdr) from the auxv, not the ELF header.
  [29951] time: daylight variable not set correctly if last DST change
    coincides with offset change
  [30039] stdio: __vsprintf_internal does not handle unspecified buffer
    length in fortify mode

Version 2.36

Major new features:

* Support for DT_RELR relative relocation format has been added to
  glibc.  This is a new ELF dynamic tag that improves the size of
  relative relocations in shared object files and position independent
  executables (PIE).  DT_RELR generation requires linker support for
  -z pack-relative-relocs option, which is supported for some targets
  in recent binutils versions.  Lazy binding doesn't apply to DT_RELR.

* On Linux, the pidfd_open, pidfd_getfd, and pidfd_send_signal functions
  have been added.  The pidfd functionality provides access to a process
  while avoiding the issue of PID reuse on traditional Unix systems.

* On Linux, the process_madvise function has been added. It has the
  same functionality as madvise but alters the target process identified
  by the pidfd.

* On Linux, the process_mrelease function has been added.  It allows a
  caller to release the memory of a dying process.  The release of the
  memory is carried out in the context of the caller, using the caller's
  CPU affinity, and priority with CPU usage accounted to the caller.

* The “no-aaaa” DNS stub resolver option has been added.  System
  administrators can use it to suppress AAAA queries made by the stub
  resolver, including AAAA lookups triggered by NSS-based interfaces
  such as getaddrinfo.  Only DNS lookups are affected: IPv6 data in
  /etc/hosts is still used, getaddrinfo with AI_PASSIVE will still
  produce IPv6 addresses, and configured IPv6 name servers are still
  used.  To produce correct Name Error (NXDOMAIN) results, AAAA queries
  are translated to A queries.  The new resolver option is intended
  primarily for diagnostic purposes, to rule out that AAAA DNS queries
  have adverse impact.  It is incompatible with EDNS0 usage and DNSSEC
  validation by applications.

* On Linux, the fsopen, fsmount, move_mount, fsconfig, fspick, open_tree,
  and mount_setattr have been added.  They are part of the new Linux kernel
  mount APIs that allow applications to more flexibly configure and operate
  on filesystem mounts.  The new mount APIs are specifically designed to work
  with namespaces.

* localedef now accepts locale definition files encoded in UTF-8.
  Previously, input bytes not within the ASCII range resulted in
  unpredictable output.

* Support for the mbrtoc8 and c8rtomb multibyte/UTF-8 character conversion
  functions has been added per the ISO C2X N2653 and C++20 P0482R6 proposals.
  Support for the char8_t typedef has been added per the ISO C2X N2653
  proposal.  The functions are declared in uchar.h in C2X mode or when the
  _GNU_SOURCE macro or C++20 __cpp_char8_t feature test macro is defined.
  The char8_t typedef is declared in uchar.h in C2X mode or when the
  _GNU_SOURCE macro is defined and the C++20 __cpp_char8_t feature test macro
  is not defined (if __cpp_char8_t is defined, then char8_t is a builtin type).

* The functions arc4random, arc4random_buf, and arc4random_uniform have been
  added.  The functions wrap getrandom and/or /dev/urandom to return high-
  quality randomness from the kernel.

* Support for LoongArch running on Linux has been added.  This port requires
  as least binutils 2.38, GCC 12, and Linux 5.19.  Currently only hard-float
  ABI is supported:

    - loongarch64-linux-gnu

  The LoongArch ABI is 64-bit little-endian.

Deprecated and removed features, and other changes affecting compatibility:

* Support for prelink will be removed in the next release; this includes
  removal of the LD_TRACE_PRELINKING, and LD_USE_LOAD_BIAS, environment
  variables and their functionality in the dynamic loader.

* The Linux kernel version check has been removed along with the
  LD_ASSUME_KERNEL environment variable.  The minimum kernel used to built
  glibc is still provided through NT_GNU_ABI_TAG ELF note and also printed
  when libc.so is issued directly.

* On Linux, The LD_LIBRARY_VERSION environment variable has been removed.

The following bugs are resolved with this release:

  [14932] dynamic-link: dlsym(handle, "foo") and dlsym(RTLD_NEXT, "foo")
    return different result with versioned "foo"
  [16355] libc: syslog.h's SYSLOG_NAMES namespace violation and utter
    mess
  [23293] dynamic-link: aarch64: getauxval is broken when run as ld.so
    ./exe and ld.so adjusts argv on the stack
  [24595] nptl: [2.28 Regression]: Deadlock in atfork handler which
    calls dlclose
  [25744] locale: mbrtowc with Big5-HKSCS returns 2 instead of 1 when
    consuming the second byte of certain double byte characters
  [25812] stdio: Libio vtable protection is sometimes only partially
    enforced
  [27054] libc: pthread_atfork handlers that call pthread_atfork
    deadlock
  [27924] dynamic-link: ld.so: Support DT_RELR relative relocation
    format
  [28128] build: declare_symbol_alias doesn't work for assembly codes
  [28566] network: getnameinfo with NI_NOFQDN is not thread safe
  [28752] nss: Segfault in getpwuid when stat fails
  [28815] libc: realpath should not copy to resolved buffer on error
  [28828] stdio: fputwc crashes
  [28838] libc: FAIL: elf/tst-p_align3
  [28845] locale: ld-monetary.c should be updated to match ISO C and
    other standards.
  [28850] libc: linux: __get_nprocs_sched reads uninitialized memory
    from the stack
  [28852] libc: getaddrinfo leaks memory with AI_ALL
  [28853] libc: tst-spawn6 changes current foreground process group
    (breaks test isolation)
  [28857] libc: FAIL: elf/tst-audit24a
  [28860] build: --enable-kernel=5.1.0 build fails because of missing
    __convert_scm_timestamps
  [28865] libc: linux: _SC_NPROCESSORS_CONF and _SC_NPROCESSORS_ONLN are
    inaccurate without /sys and /proc
  [28868] dynamic-link: Dynamic loader DFS algorithm segfaults on
    missing libraries
  [28880] libc: Program crashes if date beyond 2038
  [28883] libc: sysdeps/unix/sysv/linux/select.c: __select64
    !__ASSUME_TIME64_SYSCALLS && !__ASSUME_PSELECT fails on Microblaze
  [28896] string: strncmp-avx2-rtm and wcsncmp-avx2-rtm fallback on non-
    rtm variants when avoiding overflow
  [28922] build: The .d dependency files aren't always generated
  [28931] libc: hosts lookup broken for SUCCESS=CONTINUE and
    SUCCESS=MERGE
  [28936] build: nm: No such file
  [28950] localedata: Add locale for ISO code "tok" (Toki Pona)
  [28953] nss: NSS lookup result can be incorrect if function lookup
    clobbers errno
  [28970] math: benchtest: libmvec benchmark doesn't build with make
    bench.
  [28991] libc: sysconf(_SC_NPROCESSORS_CONF) should read
    /sys/devices/system/cpu/possible
  [28993] libc: closefrom() iterates until max int if no access to
    /proc/self/fd/
  [28996] libc: realpath fails to copy partial result to resolved buffer
    on ENOENT and EACCES
  [29027] math: [ia64] fabs fails with sNAN input
  [29029] nptl: poll() spuriously returns EINTR during thread
    cancellation and with cancellation disabled
  [29030] string: GLIBC 2.35 regression - Fortify crash on certain valid
    uses of mbsrtowcs (*** buffer overflow detected ***: terminated)
  [29062] dynamic-link: Memory leak in _dl_find_object_update if object
    is promoted to global scope
  [29069] libc: fstatat64_time64_statx wrapper broken on MIPS N32 with
    -D_FILE_OFFSET_BITS=64 and -D_TIME_BITS=64
  [29071] dynamic-link: m68k: Removal of ELF_DURING_STARTUP optimization
    broke ld.so
  [29097] time: fchmodat does not handle 64 bit time_t for
    AT_SYMLINK_NOFOLLOW
  [29109] libc: posix_spawn() always returns 1 (EPERM) on clone()
    failure
  [29141] libc: _FORTIFY_SOURCE=3 fail for gcc 12/glibc 2.35
  [29162] string: [PATCH] string.h syntactic error:
    include/bits/string_fortified.h:110: error: expected ',' or ';'
    before '__fortified_attr_access'
  [29165] libc: [Regression] broken argv adjustment
  [29187] dynamic-link: [regression] broken argv adjustment for nios2
  [29193] math: sincos produces a different output than sin/cos
  [29197] string: __strncpy_power9() uses uninitialised register vs18
    value for filling after \0
  [29203] libc: daemon is not y2038 aware
  [29204] libc: getusershell is not 2038 aware
  [29207] libc: posix_fallocate fallback implementation is not y2038
    aware
  [29208] libc: fpathconf(_PC_ASYNC_IO) is not y2038 aware
  [29209] libc: isfdtype is not y2038 aware
  [29210] network: ruserpass is not y2038 aware
  [29211] libc: __open_catalog is not y2038 aware
  [29213] libc: gconv_parseconfdir is not y2038 aware
  [29214] nptl: pthread_setcanceltype fails to set type
  [29225] network: Mistyped define statement in socket/sys/socket.h in
    line 184
  [29274] nptl: __read_chk is not a cancellation point
  [29279] libc: undefined reference to `mbstowcs_chk' after
    464d189b9622932a75302290625de84931656ec0
  [29304] libc: mq_timedreceive does not handle 64 bit syscall return
    correct for !__ASSUME_TIME64_SYSCALLS
  [29403] libc: st_atim, st_mtim, st_ctim stat struct members are
    missing on microblaze with largefile

Version 2.35

Major new features:

* Unicode 14.0.0 Support: Character encoding, character type info, and
  transliteration tables are all updated to Unicode 14.0.0, using
  generator scripts contributed by Mike FABIAN (Red Hat).

* Bump r_version in the debugger interface to 2 and add a new field,
  r_next, support multiple namespaces.

* Support for the C.UTF-8 locale has been added to glibc.  The locale
  supports full code-point sorting for all valid Unicode code points.  A
  limitation in the framework for fnmatch, regexec, and regcomp requires
  a compromise to save space and only ASCII-based range expressions are
  supported for now (see bug 28255).  The full size of the locale is
  only ~400KiB, with 346KiB coming from LC_CTYPE information for
  Unicode.  This locale harmonizes downstream C.UTF-8 already shipping
  in various downstream distributions.  The locale is not built into
  glibc, and must be installed.

* <math.h> functions that round their results to a narrower type, and
  corresponding <tgmath.h> macros, are added from TS 18661-1:2014, TS
  18661-3:2015 and draft ISO C2X:

  - fsqrt, fsqrtl, dsqrtl and corresponding fMsqrtfN, fMsqrtfNx,
    fMxsqrtfN and fMxsqrtfNx functions.

  - ffma, ffmal, dfmal and corresponding fMfmafN, fMfmafNx, fMxfmafN and
    fMxfmafNx functions.

* <math.h> functions for floating-point maximum and minimum,
  corresponding to new operations in IEEE 754-2019, and corresponding
  <tgmath.h> macros, are added from draft ISO C2X: fmaximum,
  fmaximum_num, fmaximum_mag, fmaximum_mag_num, fminimum, fminimum_num,
  fminimum_mag, fminimum_mag_num and corresponding functions for float,
  long double, _FloatN and _FloatNx.

* <math.h> macros for single-precision float constants are added as a
  GNU extension: M_Ef, M_LOG2Ef, M_LOG10Ef, M_LN2f, M_LN10f, M_PIf,
  M_PI_2f, M_PI_4f, M_1_PIf, M_2_PIf, M_2_SQRTPIf, M_SQRT2f and
  M_SQRT1_2f.

* The __STDC_IEC_60559_BFP__ and __STDC_IEC_60559_COMPLEX__ macros are
  predefined as specified in TS 18661-1:2014.

* The exp10 functions in <math.h> now have a corresponding type-generic
  macro in <tgmath.h>.

* The ISO C2X macro _PRINTF_NAN_LEN_MAX has been added to <stdio.h>.

* printf-family functions now support the %b format for output of
  integers in binary, as specified in draft ISO C2X, and the %B variant
  of that format recommended by draft ISO C2X.

* A new DSO sorting algorithm has been added in the dynamic linker that uses
  topological sorting by depth-first search (DFS), solving performance issues
  of the existing sorting algorithm when encountering particular circular
  object dependency cases.

* A new tunable, glibc.rtld.dynamic_sort, can be used to select between
  the two DSO sorting algorithms.  The default setting of '2' uses the
  new DFS-based algorithm.  The setting '1' switches to the old
  algorithm used in glibc 2.33 and earlier.

* ABI support for a new function '__memcmpeq'. '__memcmpeq' is meant
  to be used by compilers for optimizing usage of 'memcmp' when its
  return value is only used for its boolean status.

* Support for automatically registering threads with the Linux rseq
  system call has been added.  This system call is implemented starting
  from Linux 4.18.  The Restartable Sequences ABI accelerates user-space
  operations on per-cpu data.  It allows user-space to perform updates
  on per-cpu data without requiring heavy-weight atomic operations.
  Automatically registering threads allows all libraries, including
  libc, to make immediate use of the rseq support by using the
  documented ABI, via the __rseq_flags, __rseq_offset, and __rseq_size
  variables.  The GNU C Library manual has details on integration of
  Restartable Sequences.

* A symbolic link to the dynamic linker is now installed under
  /usr/bin/ld.so (or more precisely, '${bindir}/ld.so').

* All programs and the testsuite in glibc are now built as position independent
  executables (PIE) by default on toolchains and architectures that support it.
  Further, if the toolchain and architecture supports it, even static programs
  are built as PIE and the resultant glibc can be used to build static PIE
  executables.  A new option --disable-default-pie has been added to disable
  this behavior and get a non-PIE build.  This option replaces
  --enable-static-pie, which no longer has any effect on the build
  configuration.

* On Linux, a new tunable, glibc.malloc.hugetlb, can be used to
  either make malloc issue madvise plus MADV_HUGEPAGE on mmap and sbrk
  or to use huge pages directly with mmap calls with the MAP_HUGETLB
  flags).  The former can improve performance when Transparent Huge Pages
  is set to 'madvise' mode while the latter uses the system reserved
  huge pages.

* The printf family of functions now handles the flagged %#m conversion
  specifier, printing errno as an error constant (similar to strerrorname_np).

* The function _dl_find_object has been added.  In-process unwinders
  can use it to efficiently locate unwinding information for a code
