Go to file
Siddhesh Poyarekar 60c57b8467 Move CVE information into advisories directory
One of the requirements to becoming a CVE Numbering Authority (CNA) is
to publish advisories.  Do this by maintaining a file for each CVE fixed
in the advisories directory in the source tree.  Links to the advisories
can then be shared as:

https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-YYYY-NNNN

The file format at the moment is rudimentary and derives from the git
commit format, i.e. a subject line and a potentially multi-paragraph
description and then tags to describe some meta information.  This is a
loose format at the moment and could change as we evolve this.

Also add a script process-fixed-cves.sh that processes these advisories
and generates a list to add to NEWS at release time.

Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2023-12-07 12:31:23 -05:00
advisories Move CVE information into advisories directory 2023-12-07 12:31:23 -05:00
argp argp-parse: Get rid of alloca 2023-08-28 16:49:27 +00:00
assert assert: Decorate error message buffer 2023-11-07 10:27:44 -03:00
benchtests benchtests: fix warn unused result 2023-06-22 00:21:19 -04:00
bits linux: Add posix_spawnattr_{get, set}cgroup_np (BZ 26371) 2023-09-05 13:08:48 -03:00
catgets gencat: Get rid of alloca. 2023-08-28 16:42:53 +00:00
ChangeLog.old Create ChangeLog.old/ChangeLog.27 2023-07-30 21:45:27 +02:00
conform crypt: Remove libcrypt support 2023-10-30 13:03:59 -03:00
csu Fix all the remaining misspellings -- BZ 25337 2023-06-02 01:39:48 +00:00
ctype Update copyright dates with scripts/update-copyrights 2023-01-06 21:14:39 +00:00
debug debug: Add regression tests for BZ 30932 2023-10-04 08:07:43 -03:00
dirent tests: replace read by xread 2023-06-19 09:14:56 -04:00
dlfcn Fix all the remaining misspellings -- BZ 25337 2023-06-02 01:39:48 +00:00
elf elf: Fix wrong break removal from 8ee878592c 2023-12-07 11:17:35 -03:00
gmon Fix all the remaining misspellings -- BZ 25337 2023-06-02 01:39:48 +00:00
gnulib Update copyright dates with scripts/update-copyrights 2023-01-06 21:14:39 +00:00
hesiod Fix all the remaining misspellings -- BZ 25337 2023-06-02 01:39:48 +00:00
htl __call_tls_dtors: Use call_function_static_weak 2023-09-04 20:03:37 +02:00
hurd Revert "Update code to handle the new ABI for sending inlined port rights." 2023-12-03 02:06:29 +01:00
iconv Fix off-by-one OOB write in iconv/tst-iconv-mt 2023-10-04 08:33:20 +01:00
iconvdata add GB18030-2022 charmap and test the entire GB18030 charmap [BZ #30243] 2023-08-29 19:02:30 +02:00
include malloc: Use __get_nprocs on arena_get2 (BZ 30945) 2023-11-22 09:39:29 -03:00
inet Move getnameinfo from 'inet' to 'nss' 2023-10-24 12:31:00 +02:00
intl intl: Add test case for bug 16621 2023-11-20 16:03:11 +01:00
io Remove __access_noerrno 2023-11-23 19:01:32 +00:00
libio libio: Add nonnull attribute for most FILE * arguments in stdio.h 2023-09-26 20:11:38 -04:00
locale crypt: Remove libcrypt support 2023-10-30 13:03:59 -03:00
localedata localedata: Convert day names in nn_NO locale to UTF-8 2023-12-07 08:28:25 +01:00
login unistd: Avoid PLT entries with _FORTIFY_SOURCE 2023-07-05 16:59:48 +02:00
mach Revert "Update code to handle the new ABI for sending inlined port rights." 2023-12-03 02:06:29 +01:00
malloc malloc: Improve MAP_HUGETLB with glibc.malloc.hugetlb=2 2023-11-29 09:30:04 -03:00
manual elf: Ignore GLIBC_TUNABLES for setuid/setgid binaries 2023-11-21 16:15:42 -03:00
math aarch64: Add vector implementations of expm1 routines 2023-11-20 17:53:14 +00:00
mathvec Update copyright dates with scripts/update-copyrights 2023-01-06 21:14:39 +00:00
misc malloc: Use __get_nprocs on arena_get2 (BZ 30945) 2023-11-22 09:39:29 -03:00
nis nis: Fix stringop-truncation warning with -O3 in nis_local_host. 2023-03-02 14:22:54 +01:00
nptl nptl: Link tst-execstack-threads-mod.so with -z execstack 2023-11-20 09:22:25 +01:00
nptl_db Fix all the remaining misspellings -- BZ 25337 2023-06-02 01:39:48 +00:00
nscd Move 'netgroup' routines from 'inet' into 'nss' 2023-10-24 12:30:59 +02:00
nss Move getnameinfo from 'inet' to 'nss' 2023-10-24 12:31:00 +02:00
po translations: update cs, nl, vi 2023-07-27 00:21:13 +02:00
posix posix: Revert the removal of the crypt prototype from <unistd.h> 2023-11-22 08:38:33 +01:00
resolv resolv: free only initialized items from gai pool 2023-11-20 15:03:29 +01:00
resource Update copyright dates with scripts/update-copyrights 2023-01-06 21:14:39 +00:00
rt Exclude routines from fortification 2023-07-05 16:59:48 +02:00
scripts Move CVE information into advisories directory 2023-12-07 12:31:23 -05:00
setjmp chk: Add and fix hidden builtin definitions for *_chk 2023-08-03 22:46:48 +02:00
signal Update copyright dates with scripts/update-copyrights 2023-01-06 21:14:39 +00:00
socket Exclude routines from fortification 2023-07-05 16:59:48 +02:00
soft-fp Update copyright dates with scripts/update-copyrights 2023-01-06 21:14:39 +00:00
stdio-common elf: Fix _dl_debug_vdprintf to work before self-relocation 2023-11-21 16:15:42 -03:00
stdlib stdlib: Fix array bounds protection in insertion sort phase of qsort 2023-12-04 06:35:56 +01:00
string string: Add internal memswap implementation 2023-10-31 14:17:33 -03:00
sunrpc Move 'rpc' routines from 'inet' into 'nss' 2023-10-24 12:31:00 +02:00
support support: Add support_set_vma_name 2023-11-07 10:27:20 -03:00
sysdeps powerpc: Optimized strcmp for power10 2023-12-07 11:10:40 -06:00
sysvipc Fix all the remaining misspellings -- BZ 25337 2023-06-02 01:39:48 +00:00
termios Update copyright dates with scripts/update-copyrights 2023-01-06 21:14:39 +00:00
time Add checks for wday, yday and new date formats 2023-06-30 11:25:39 +02:00
timezone Call "CST" a time zone abbreviation, not a name 2023-06-22 13:49:09 -07:00
wcsmbs Add strlcat/wcslcat testcase. 2023-10-17 18:19:01 -04:00
wctype Update copyright dates with scripts/update-copyrights 2023-01-06 21:14:39 +00:00
.clang-format Update copyright dates with scripts/update-copyrights 2023-01-06 21:14:39 +00:00
.gitattributes Assume __NR_openat is always defined 2016-03-23 23:35:08 +01:00
.gitignore Add *.pyc to .gitignore 2015-05-18 15:26:26 +05:30
abi-tags Remove the bulk of the NaCl port. 2017-05-20 08:09:10 -04:00
aclocal.m4 configure: Use autoconf 2.71 2023-07-17 10:08:10 -04:00
config.h.in LoongArch: Add minuimum binutils required version 2023-08-14 09:47:09 +08:00
config.make.in crypt: Remove libcrypt support 2023-10-30 13:03:59 -03:00
configure crypt: Remove libcrypt support 2023-10-30 13:03:59 -03:00
configure.ac crypt: Remove libcrypt support 2023-10-30 13:03:59 -03:00
CONTRIBUTED-BY crypt: Remove libcrypt support 2023-10-30 13:03:59 -03:00
COPYING
COPYING.LIB
extra-lib.mk Rename cppflags-iterator.mk to libof-iterator.mk, remove extra-modules.mk. 2017-05-09 07:06:29 -04:00
gen-locales.mk Improve gen-locales.mk and gen-locale.sh to make test files with @ options work 2018-02-27 17:01:57 +01:00
INSTALL crypt: Remove libcrypt support 2023-10-30 13:03:59 -03:00
libc-abis riscv: support GNU indirect function 2021-01-10 21:25:13 -05:00
libof-iterator.mk Rename cppflags-iterator.mk to libof-iterator.mk, remove extra-modules.mk. 2017-05-09 07:06:29 -04:00
LICENSES arc4random: simplify design for better safety 2022-07-27 08:58:27 -03:00
MAINTAINERS Add MAINTAINERS 2017-05-11 13:38:30 -04:00
Makeconfig crypt: Remove libcrypt support 2023-10-30 13:03:59 -03:00
Makefile Format test results closer to what DejaGnu does 2023-11-03 12:58:17 +00:00
Makefile.help Update copyright dates with scripts/update-copyrights 2023-01-06 21:14:39 +00:00
Makefile.in New make target to only build benchmark binaries 2016-04-20 10:23:28 +05:30
Makerules Fix tests-clean Makefile target (bug 30545) 2023-06-26 10:37:25 -03:00
NEWS Move CVE information into advisories directory 2023-12-07 12:31:23 -05:00
o-iterator.mk
README hurd: Enable x86_64 build script 2023-05-02 21:40:36 +02:00
Rules scripts: Fix fortify checks if compiler does not support _FORTIFY_SOURCE=3 2023-07-20 17:58:26 -03:00
SECURITY.md Adapt the security policy for the security page 2023-12-05 09:15:10 -05:00
SHARED-FILES crypt: Remove libcrypt support 2023-10-30 13:03:59 -03:00
shlib-versions crypt: Remove libcrypt support 2023-10-30 13:03:59 -03:00
test-skeleton.c Update copyright dates with scripts/update-copyrights 2023-01-06 21:14:39 +00:00
version.h Open master branch for glibc 2.39 development 2023-07-31 20:07:55 +02:00

This directory contains the sources of the GNU C Library.
See the file "version.h" for what release version you have.

The GNU C Library is the standard system C library for all GNU systems,
and is an important part of what makes up a GNU system.  It provides the
system API for all programs written in C and C-compatible languages such
as C++ and Objective C; the runtime facilities of other programming
languages use the C library to access the underlying operating system.

In GNU/Linux systems, the C library works with the Linux kernel to
implement the operating system behavior seen by user applications.
In GNU/Hurd systems, it works with a microkernel and Hurd servers.

The GNU C Library implements much of the POSIX.1 functionality in the
GNU/Hurd system, using configurations i[4567]86-*-gnu and x86_64-gnu.

When working with Linux kernels, this version of the GNU C Library
requires Linux kernel version 3.2 or later.

Also note that the shared version of the libgcc_s library must be
installed for the pthread library to work correctly.

The GNU C Library supports these configurations for using Linux kernels:

	aarch64*-*-linux-gnu
	alpha*-*-linux-gnu
	arc*-*-linux-gnu
	arm-*-linux-gnueabi
	csky-*-linux-gnuabiv2
	hppa-*-linux-gnu
	i[4567]86-*-linux-gnu
	x86_64-*-linux-gnu	Can build either x86_64 or x32
	ia64-*-linux-gnu
	loongarch64-*-linux-gnu Hardware floating point, LE only.
	m68k-*-linux-gnu
	microblaze*-*-linux-gnu
	mips-*-linux-gnu
	mips64-*-linux-gnu
	or1k-*-linux-gnu
	powerpc-*-linux-gnu	Hardware or software floating point, BE only.
	powerpc64*-*-linux-gnu	Big-endian and little-endian.
	s390-*-linux-gnu
	s390x-*-linux-gnu
	riscv32-*-linux-gnu
	riscv64-*-linux-gnu
	sh[34]-*-linux-gnu
	sparc*-*-linux-gnu
	sparc64*-*-linux-gnu

If you are interested in doing a port, please contact the glibc
maintainers; see https://www.gnu.org/software/libc/ for more
information.

See the file INSTALL to find out how to configure, build, and install
the GNU C Library.  You might also consider reading the WWW pages for
the C library at https://www.gnu.org/software/libc/.

The GNU C Library is (almost) completely documented by the Texinfo manual
found in the `manual/' subdirectory.  The manual is still being updated
and contains some known errors and omissions; we regret that we do not
have the resources to work on the manual as much as we would like.  For
corrections to the manual, please file a bug in the `manual' component,
following the bug-reporting instructions below.  Please be sure to check
the manual in the current development sources to see if your problem has
already been corrected.

Please see https://www.gnu.org/software/libc/bugs.html for bug reporting
information.  We are now using the Bugzilla system to track all bug reports.
This web page gives detailed information on how to report bugs properly.

The GNU C Library is free software.  See the file COPYING.LIB for copying
conditions, and LICENSES for notices about a few contributions that require
these additional notices to be distributed.  License copyright years may be
listed using range notation, e.g., 1996-2015, indicating that every year in
the range, inclusive, is a copyrightable year that would otherwise be listed
individually.