1.71.  glibc

A strcmp() call in the setlocale() function could cause a segmentation fault (SIGSEGV) to occur in multi-threaded applications. This was caused by an improper free() call, which freed _nl_global_locale.__names[category] around the same time strcmp() tried to access it. As such, it was possible for strcmp() to access _nl_global_locale.__names[category] after it was freed (i.e. no longer available), resulting in a segmentation fault. To fix this, this update adds a return() call to make _nl_global_locale.__names[category] available when strcmp() accesses it. (BZ#455580)

The getifaddrs() function listed invalid IPv6 interface names for Infiniband devices. This was because Infiniband names are 20 bytes long, while glibc only prepares an 8-byte string array (i.e. sll_addr) for interface names. When getifaddrs() copied the 20-byte string into sll_addr, the result was a corrupted, invalid interface name. To prevent this, this update expands the field size from 8 bytes to 24 bytes, allowing getifaddrs() to copy 20-byte Infiniband names to the sll_addr string array. (BZ#463252)

A previous update to glibc resulted in a performance regression with mutex() calls. This was caused by the addition of mutual exclusion (mutex) types tested by pthread_mutex_lock() and pthread_mutex_unlock(). To alleviate the problem, this update optimizes the pthread_mutex_lock() and pthread_mutex_unlock() for the most common mutex types, which improves the performance of mutex() calls in most common user scenarios. (BZ#467316)

dl_runtime_profile on the IBM System Z incorrectly used the instruction lr to remove stack frames, which could result in corrupted stacks in rare cases. With this update, dl_runtime_profile uses the correct instruction (lgr) to remove stack frames instead. (BZ#470300)

An improper break statement in the getgrouplist() function caused searches to abort prematurely. This resulted in a bug that prevented getgrouplist() from retrieving group definitions from LDAP. As such, applications that used getgrouplist() to authenticate group details could not honor supplementary group credentials defined in LDAP. This update removes the improper break statement in getgrouplist(), enabling proper retrieval of group definitions from LDAP. (BZ#470768)

The /var/run/utmp file keeps track of all log-ins and log-outs to the system. All attempts to open it with read-write permission are denied and audited. The setutent_file() function call always attempted to open the /var/run/utmp with read-write permissions, resulting in the audit system logging a large volume of denial records. With this update, setutent_file() now only attempts to open /var/run/utmp with read-only permissions, thereby reducing the volume of audited records. (BZ#475332)

The elf/dl-load.c source file did not properly free allocated memory before dlclose() function calls. This made it possible for some dlopen() and dlclose() calls to result in a memory leak. This update corrects the elf/dl-load.c source file by instructing it to free all allocated memory, thereby preventing a memory leak whenever dlopen() or dlclose() are used. (BZ#476725) .

The getent command no longer incorrectly uses a comma to delimit aliases when displaying network map entries. As such, running getent networks now only displays network map entries using spaces or tabs as delimiters. (BZ#484082)

This update now includes the RUSAGE_THREAD definition in the glibc headers. This allows the getrusage() function call to retrieve information about the resource usage of a thread. (BZ#484214).

The inet6_opt_init() function incorrectly counted the first octet when computing the length of extension headers (i.e. extlen). This was contrary to the definition of extension header lengths as per RFC 2460. With this update, inet6_opt_init() now subtracts 1 octet unit when computing for extlen. (BZ#488748)

As per RFC3493, getnameinfo() should return EAI_NONAME when both nodename and servname variables are set to NULL while the NI_NAMEREQD flag is set. However, getnameinfo() returned 0 in this situation. This update adds an if statement to getnameinfo() to correct its behavior as per RHC3493. (BZ#489419).

The nscd paranoia mode instructs nscd to restart periodically. However, whenever nscd attempted to restart itself in this mode, it incorrectly used the system call execv("/proc/self/exe", argv). As a result, nscd would restart with an process name of exe instead of nscd. To correct this, the nscd paranoia mode now instructs nscd to restart using readlink("/proc/self/exe", target, 255), which allows nscd to preserve its process name upon restart. Note that nscd will still use execv("/proc/self/exe", argv) if the attempt to use readlink() fails. (BZ#490010)

The sysconf() function call used an obsolete const attribute. This caused the gcc compiler to incorrectly return errno when it attempted to compile code while using some optimization options. With this update, sysconf() no longer uses the obsolete const, ensuring that optimization works as expected at compile time. (BZ#490821)

The inet6_rth_reverse() function produced an incorrect return order of addresses in the routing header. This was caused by an incorrect identifier (ip6r0_segleft instead of ip6r0_len) in the inet/inet6_rth.c source code. This update corrects the identifier, ensuring that inet6_rth_reverse() returns the correct output. (BZ#494849)

The inet6_rth_add() function incorrectly returned 0 even when the routing header did not have enough space to store an address. This was caused by a lack of error checking routines to verify routing header size. This update applies an additional if statement to verify the routing header size. (BZ#494850).

Previous versions of glibc coded malloc() in a way that was not thread-safe. This could have led to unexpected program crashes in some cases. This release revises the malloc() code to ensure better thread safety, as well as to adhere to C standards. (BZ#502901)

This update removes an extra comma at the end of the dlfcn.h header file's enumerator list. This typographical error caused dlfcn.h to fail g++ pedantic tests in previous releases. (BZ#504704)

A bug in the nptl/pthread_mutex_lock.c code prevented pthread_mutex calls from honoring some types of private futex attributes. This update applies a patch that corrects this behavior, ensuring that pthread_mutex calls honor all types of private futex attributes for PI mutexes.(BZ#495955).

Applications that performed a large number of directory reads ran much slower on 64-bit Red Hat Enterprise Linux 5 compared to 64-bit Red Hat Enterprise Linux 4. This was partly because while Red Hat Enterprise Linux 5 uses the system call getdents() to retrieve directory entries for both 32-bit and 64-bit platforms, Red Hat Enterprise Linux 4 used getdents64() for 64-bit platforms. Because of this, the opendir() function did not allocate more memory for directory reads on 64-bit platforms, resulting in much slower reads on Red Hat Enterprise Linux 5. To resolve this, opendir() now has an increased default buffer size; if memory allocation fails (as it would on 32-bit applications), it retries the memory allocation with a smaller buffer size. This improves the performance of directory reads on 64-bit platforms, while ensuring that opendir() still works on 32-bit platforms. (BZ#484440)

An incorrect parameter in the MALLOC_COPY() function of the libc/malloc/malloc.c source file could supply an incorrect size_t value for realloc(). With this update, MALLOC_COPY() is now fixed, ensuring that it always supplies the correct size_t information for realloc(). (BZ#478499)

With this update, users can now run fork() safely in one thread while a pthread stack cache updates in another thread. Doing so no longer causes the process created by fork() to crash. (BZ#477705)

This update also applies several upstream fixes to nscd. These fixes prevent nscd from crashing due to segmentation faults in some cases. (BZ#464918 and 483636)

This update also includes the ability to enable (and configure) per-thread memory pools. This capability enables higher scalability accross many sockets and cores, and is included in this release as a technology preview. The environmental variable MALLOC_PER_THREAD=1 enables per-thread memory pools, while MALLOC_ARENA_MAX and MALLOC_ARENA_TEST control the amount of additional memory used for the memory pools (if any). MALLOC_ARENA_MAX sets a maximum number of memory pools used, regardless of the number of cores; MALLOC_ARENA_TEST specifies that the number of cores should be tested once it reaches a set value. Note that once per-thread memory pooling becomes fully supported, it will also become the default behavior; this will render the MALLOC_PER_THREAD option obsolete then. (BZ#494758)

previous versions of glibc coded the malloc() function in a way that was not thread-safe, which could have led to unexpected program crashes in some cases. With these updated packages, the malloc() code has been revised to ensure better thread safety, as well as to adhere to C standards. (BZ#502901)