The GNU C Library version 2.38 is now available

>NEWS for version 2.38 > >===================== > > > >Major new features: > >\* When C2X features are enabled and the base argument is 0 or 2, the following functions support binary integers prefixed by 0b or 0B as input: strtol, strtoll, strtoul, strtoull, strtol\_l, strtoll\_l, strtoul\_l, strtoull\_l, strtoimax, strtoumax, strtoq, strtouq, wcstol, wcstoll, wcstoul, wcstoull, wcstol\_l, wcstoll\_l, wcstoul\_l, wcstoull\_l, wcstoimax, wcstoumax, wcstoq, wcstouq. Similarly, the following functions support binary integers prefixed by 0b or 0B as input to the %i format: fscanf, scanf, sscanf, vscanf, vsscanf, vfscanf, fwscanf, wscanf, swscanf, vfwscanf, vwscanf, vswscanf; those functions also support the %b format for binary integers, with or without such a prefix and independent of standards mode. > >\* PRIb\*, PRIB\* and SCNb\* macros from C2X have been added to <inttypes.h>. > >\* printf-family functions now support the wN format length modifiers for arguments of type intN\_t, int\_leastN\_t, uintN\_t or uint\_leastN\_t (for example, %w32d to print int32\_t or int\_least32\_t in decimal, or %w32x to print uint32\_t or uint\_least32\_t in hexadecimal) and the wfN format length modifiers for arguments of type int\_fastN\_t or uint\_fastN\_t, as specified in draft ISO C2X. > >\* A new tunable, glibc.pthread.stack\_hugetlb, can be used to disable Transparent Huge Pages (THP) in stack allocation at pthread\_create. > >\* Support for x86\_64 running on Hurd has been added. This port requires as least binutils 2.40 and GCC 13: - x86\_64-gnu > >\* Vector math library libmvec support has been added to AArch64. It requires GCC version >= 10.1.0. It can be disabled via "--disable-mathvec", however that is not a supported configuration as it changes the ABI. The symbol names follow the AArch64 vector ABI, they are declared in math.h and have to be called manually at this point. > >\* The strlcpy and strlcat functions have been added. They are derived from OpenBSD, and are expected to be added to a future POSIX version. > >\* A new configure option, "--enable-fortify-source", can be used to build the GNU C Library with \_FORTIFY\_SOURCE. The level of fortification can either be provided, or is set to the highest value supported by the compiler. If not explicitly enabled, then fortify source is forcibly disabled so to keep original behavior unchanged. > > > >Deprecated and removed features, and other changes affecting compatibility: > >\* libcrypt is no longer built by default; one may use the "--enable-crypt" option to build libcrypt. libcrypt is likely to be removed from the GNU C Library in a future release, so it is recommended that applications port away from it to an alternative such as libxcrypt. > >\* In the Linux kernel for the hppa/parisc architecture some of the MADV\_XXX constants were changed to have the same values as the other architectures. New programs compiled with this glibc version and which use the madvise call will require at least Linux kernel version 6.2, alternatively stable kernels from versions 6.1.6, 5.15.87, 5.10.163, 5.4.228, 4.19.270 or 4.14.303. > >\* The "--disable-experimental-malloc" option is no longer available. The per-thread cache can still be disabled per-application using tunables (glibc.malloc.tcache\_count set to zero). > >\* The configure option "--enable-tunables" has been removed. The tunable feature is now always enabled. > > > >Changes to build and runtime requirements: > >\* Building libmvec on AArch64 requires at a minimum GCC 10.1.0 for SVE ACLE. > > > >Security related changes: > > CVE-2023-25139: When the printf family of functions is called with a format specifier that uses an <apostrophe> (enable grouping) and a minimum width specifier, the resulting output could be larger than reasonably expected by a caller that computed a tight bound on the buffer size. The resulting larger than expected output could result in a buffer overflow in the printf family of functions. &#x200B; [https://lists.gnu.org/archive/html/info-gnu/2023-07/msg00010.html](https://lists.gnu.org/archive/html/info-gnu/2023-07/msg00010.html)