glibc-2.41

[Xi Ruoyao]

New minor version.

The tarball is available at ​https://ftp.gnu.org/gnu/glibc/glibc-2.41.tar.xz, the official announcement is not done yet.

[Xi Ruoyao]

Now officially announced at ​https://sourceware.org/pipermail/libc-alpha/2025-January/164378.html.

[Xi Ruoyao]

It contains the fix for CVE-2025-0395.

[Bruce Dubbs]

Version 2.41

Major new features:

• Support for testing a glibc build with a set of C and C++ compilers different from the C and C++ compilers used to build glibc has been added: $ ../configure TEST_CC="gcc-6.4.1" TEST_CXX="g++-6.4.1"

This includes support for testing the glibc build with Clang, e.g., $ ../configure TEST_CC="clang" TEST_CXX="clang++"

Some run-time failures with Clang are expected.

• The glibc test suite has been extended again significantly, with now 6232 separate tests compared to 5408 in glibc-2.40.

• In /etc/resolv.conf and the RES_OPTIONS environment variable, option flags can now be prefixed with “-” to clear previously set flags. For example, if /etc/resolv.conf contains “options no-aaaa”, a process running with the RES_OPTIONS=-no-aaaa environment variable performs AAAA DNS queries when the glibc DNS stub resolver is used.

• The DNS stub resolver now supports the strict-error option. If activated, getaddrinfo for the AF_UNSPEC address family (with dual A/AAAA DNS lookups) attemps to obtain an A/AAAA response pair from another DNS server if one of the responses indicates failure. Without the strict-error option, getaddrinfo returns the A record data it has obtained even if the AAAA query failed. The new strict error mode is incompatible with some DNS environments which do not follow the RFCs, which is why this mode is not enabled by default. A future version of the library may turn it on by default, however.

• On Linux, the sched_setattr and sched_getattr functions have been added, for supporting parameterized scheduling policies such as SCHED_DEADLINE.

• The iconv program now supports converting files in place. The program automatically uses a temporary file if required.

• Character encoding, character type info, and transliteration tables have been updated to Unicode 16.0.0.

• The following ISO C23 function families (introduced in TS 18661-4:2015) are now supported in <math.h>. Each family includes functions for float, double, long double, _FloatN and _FloatNx, and a type-generic macro in <tgmath.h>.

• Trigonometric functions: acospi, asinpi, atan2pi, atanpi, cospi, sinpi, tanpi.

• The GNU C Library now supports a feature test macro _ISOC2Y_SOURCE to enable features from the draft ISO C2Y standard. Only some features from this draft standard are supported by the GNU C Library, and as the draft is under active development, the set of features enabled by this macro is liable to change. Features from C2Y are also enabled by _GNU_SOURCE, or by compiling with "gcc -std=gnu2y".

• Optimized and correctly rounded exp10m1f, exp2m1f, expm1f, log10f, log2p1f, log1pf, log10p1f, cbrtf, erff, erfcf, lgammaf, tgammaf, tanf, acosf, acoshf, asinf, asinhf, atanf, atan2f, atanhf, coshf, sinhf, and tanhf functions have been added from the CORE-MATH project <​https://core-math.gitlabpages.inria.fr/>.

• A benchtest framework is now in place to track the performance of many (mostly numerical) functions.

• A new tunable, glibc.rtld.execstack, can be used to control whether an executable stack is allowed from the main program, either implicitly due to a mising GNU_STACK ELF header or explicit explicitly because of the executable bit in GNU_STACK. The default is to allow executable stacks.

• Support for the extensible rseq ABI introduced in the Linux kernel version 6.3 has been added. The size and alignment of the rseq area is now determined by auxiliary vector entries when provided by the running kernel. This results in rseq_size now exposing features past the original ABI which currently include 'node_id' and 'mm_cid' and will also allow exposing new features as they get added to future Linux kernels.

• The GNU C Library now supports the Guarded Control Stack extension that allows to use shadow stacks on AArch64 systems that support this extension. Building the library with standard branch protection enabled while using a toolchain that supports GCS (binutils 2.44 and GCC 15 or later) will enable GCS support in glibc. There is no special configuration flag. GCS-enabled glibc is compatible with all existing executables and shared libraries and will run with and without GCS support in the system. GCS is opt-in and can be controlled at runtime via the glibc.cpu.aarch64_gcs tunable. By default GCS is disabled. Linux kernel supports this since 6.13.

• Significant effort has been put into improving the code generation and speed of mathematical functions in the vector mathematics library on AArch64, with regard to the Scalable Vector Extension (SVE) and Advanced SIMD (Neon) intrinsics.

• Support for memory protection keys on AArch64 systems with enabled Stage 1 permission overlays feature as introduced in Armv8.9 / 9.4 has been added.

• On PowerPC64, support for the return-oriented programming protection instructions added in ISA 3.1 (Power10) has been added, as well as function optimizations for Power10.

• A new architecture type has been introduced internally to better support Hygon x86-64 processors.

Deprecated and removed features, and other changes affecting compatibility:

• abort is now async-signal-safe and its implementation makes longjmp from the SIGABRT handler always abort if set up with setjmp. Use sigsetjmp to keep the old behavior, where the handler does not stop the process execution.

• dlopen and dlmopen no longer make the stack executable if a shared library requires it, either implicitly because of a missing GNU_STACK ELF header (and default ABI permission having the executable bit set) or explicitly because of the executable bit in GNU_STACK, and the stack is not already executable. Instead, loading such objects will fail.

• The nios2*-*-linux-gnu configurations are no longer supported.

• The big-endian ARC port (arceb-linux-gnu) has been removed.

Changes to build and runtime requirements:

• On recent Linux kernels with vDSO getrandom support, getrandom does not act as a "shall occur" cancellation point, in which case it might not issue a syscall or trigger a deferred cancellation event.

• Testing the GNU C Library requires GNU awk to be compiled with support for high precision arithmetic via the MPFR library.

Security related changes:

The following CVEs were fixed in this release, details of which can be found in the advisories directory of the release tarball:

GLIBC-SA-2025-0001:

assert: Buffer overflow when printing assertion failure message (CVE-2025-0395):

assert: Buffer overflow when printing assertion failure message

When the assert() function fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.

This bug can be triggered when an assertion in a program fails. The assertion failure message is allocated to allow developers to see this failure in core dumps and it typically includes, in addition to the invariant assertion string and function name, the name of the program. If the name of the failing program is user controlled, for example on a local system, this could allow an attacker to control the assertion failure to trigger this buffer overflow.

The only viable vector for exploitation of this bug is local, if a setuid program exists that has an existing bug that results in an assertion failure. No such program has been discovered at the time of publishing this advisory, but the presence of custom setuid programs, although strongly discouraged as a security practice, cannot be discounted.