GNU C Library NEWS -- history of user-visible changes.
Copyright (C) 1992-2016 Free Software Foundation, Inc.
See the end for copying conditions.

Please send GNU C library bug reports via <http://sourceware.org/bugzilla/>
using `glibc' in the "product" field.

Version 2.23

* Unicode 8.0.0 Support: Character encoding, character type info, and
  transliteration tables are all updated to Unicode 8.0.0, using new
  and/or improved generator scripts contributed by Mike FABIAN (Red Hat).
  These updates cause user visible changes, such as the fixes for bugs
  89, 16061, and 18568.

* sched_setaffinity, pthread_setaffinity_np no longer attempt to guess the
  kernel-internal CPU set size.  This means that requests that change the
  CPU affinity which failed before (for example, an all-ones CPU mask) will
  now succeed.  Applications that need to determine the effective CPU
  affinities need to call sched_getaffinity or pthread_getaffinity_np after
  setting it because the kernel can adjust it (and the previous size check
  would not detect this in the majority of cases).

* The fts.h header can now be used with -D_FILE_OFFSET_BITS=64.  With LFS
  the following new symbols are used: fts64_children, fts64_close,
  fts64_open, fts64_read and fts64_set.

* getaddrinfo now detects certain invalid responses on an internal netlink
  socket.  If such responses are received, an affected process will
  terminate with an error message of "Unexpected error <number> on netlink
  descriptor <number>" or "Unexpected netlink response of size <number> on
  descriptor <number>".  The most likely cause for these errors is a
  multi-threaded application which erroneously closes and reuses the netlink
  file descriptor while it is used by getaddrinfo.

* A defect in the malloc implementation, present since glibc 2.15 (2012) or
  glibc 2.10 via --enable-experimental-malloc (2009), could result in the
  unnecessary serialization of memory allocation requests across threads.
  The defect is now corrected.  Users should see a substantial increase in
  the concurent throughput of allocation requests for applications which
  trigger this bug.  Affected applications typically create create and
  destroy threads frequently.  (Bug 19048 was reported and analyzed by
  Ericsson.)

* There is now a --disable-timezone-tools configure option for disabling the
  building and installing of the timezone related utilities (zic, zdump, and
  tzselect).  This is useful for people who build the timezone data and code
  independent of the GNU C Library.

* The obsolete header <regexp.h> has been removed.  Programs that require
  this header must be updated to use <regex.h> instead.

* The obsolete functions bdflush, create_module, get_kernel_syms,
  query_module and uselib are no longer available to newly linked binaries;
  the header <sys/kdaemon.h> has been removed.  These functions and header
  were specific to systems using the Linux kernel and could not usefully be
  used with the GNU C Library on systems with version 2.6 or later of the
  Linux kernel.

* Optimized string, wcsmbs and memory functions for IBM z13.
  Implemented by Stefan Liebler.

* Newly linked programs that define a variable called signgam will no longer
  have it set by the lgamma, lgammaf and lgammal functions.  Programs that
  require signgam to be set by those functions must ensure that they use the
  variable provided by the GNU C Library and declared in <math.h>, without
  defining their own copy.

* The minimum GCC version that can be used to build this version of the GNU
  C Library is GCC 4.7.  Older GCC versions, and non-GNU compilers, can
  still be used to compile programs using the GNU C Library.

Security related changes:

* An out-of-bounds value in a broken-out struct tm argument to strftime no
  longer causes a crash.  Reported by Adam Nielsen.  (CVE-2015-8776)

* The LD_POINTER_GUARD environment variable can no longer be used to disable
  the pointer guard feature.  It is always enabled.  Previously,
  LD_POINTER_GUARD could be used to disable security hardening in binaries
  running in privileged AT_SECURE mode.  Reported by Hector Marco-Gisbert.
  (CVE-2015-8777)

* An integer overflow in hcreate and hcreate_r could lead to an
  out-of-bounds memory access.  Reported by Szabolcs Nagy.  (CVE-2015-8778)

* The catopen function no longer has unbounded stack usage.  Reported by
  Max.  (CVE-2015-8779)

* The nan, nanf and nanl functions no longer have unbounded stack usage
  depending on the length of the string passed as an argument to the
  functions.  Reported by Joseph Myers.  (CVE-2014-9761)

* A stack-based buffer overflow was found in libresolv when invoked from
  libnss_dns, allowing specially crafted DNS responses to seize control
  of execution flow in the DNS client.  The buffer overflow occurs in
  the functions send_dg (send datagram) and send_vc (send TCP) for the
  NSS module libnss_dns.so.2 when calling getaddrinfo with AF_UNSPEC
  family.  The use of AF_UNSPEC triggers the low-level resolver code to
  send out two parallel queries for A and AAAA.  A mismanagement of the
  buffers used for those queries could result in the response of a query
  writing beyond the alloca allocated buffer created by
  _nss_dns_gethostbyname4_r.  Buffer management is simplified to remove
  the overflow.  Thanks to the Google Security Team and Red Hat for
  reporting the security impact of this issue, and Robert Holiday of
  Ciena for reporting the related bug 18665. (CVE-2015-7547)

The following bugs are resolved with this release:

  [89] localedata: Locales nb_NO and nn_NO should transliterate æøå
  [887] math: Math library function "logb" and "nextafter" inconsistent
  [2542] math: Incorrect return from float gamma (-0X1.FA471547C2FE5P+1)
  [2543] math: Incorrect return from float gamma (-0X1.9260DCP+1)
  [2558] math: Incorrect return from double gamma (-0X1.FA471547C2FE5P+1)
  [2898] libc: [improve]  warning: the use  of `mktemp' is dangerous, better
    use `mkstemp'
  [4404] localedata: German translation of "Alarm clock" is misleading
  [6799] math: nextafter() and nexttoward() doen't set errno on
    overflow/underflow errors
  [6803] math: scalb(), scalbln(), scalbn() do not set errno on
    overflow/underflow
  [10432] nis: _nss_nis_setnetgrent assertion failure
  [11460] libc: fts has no LFS support
  [12926] network: getaddrinfo()/make_request() may spin forever
  [13065] nptl: Race condition in pthread barriers
  [13690] nptl: pthread_mutex_unlock potentially cause invalid access
  [14341] dynamic-link: Dynamic linker crash when DT_JMPREL and DT_REL{,A}
    are not contiguous
  [14551] math: [ldbl-128ibm] strtold overflow handling for IBM long double
  [14912] libc: Rename non-installed bits/*.h headers
  [15002] libc: Avoid undefined behavior in posix_fallocate overflow check
  [15367] math: Let gcc use __builtin_isinf
  [15384] math: One constant fewer in ieee754/dbl-64/wordsize-64/s_finite.c
  [15421] math: lgamma wrongly sets signgam for ISO C
  [15470] math: [arm] On ARM llrintl() and llroundl() do not raise
    FE_INVALID with argument out of range
  [15491] math: [i386/x86_64] x86 nearbyint implementations wrongly clear
    all exceptions
  [15786] dynamic-link: ifunc resolver functions can smash function
    arguments
  [15918] math: Unnecessary check for equality in hypotf()
  [16061] localedata: Review / update transliteration data
  [16068] math: [i386/x86_64] x86 and x86_64 fesetenv exclude state they
    should include
  [16141] time: strptime %z offset restriction
  [16171] math: drem should be alias of remainder
  [16296] math: fegetround is pure?
  [16347] math: [ldbl-128ibm] ldbl-128/e_lgammal_r.c may not be suitable.
  [16364] libc: sleep may leave SIGCHLD blocked on sync cancellation on
    GNU/Linux
  [16399] math: [mips] lrint / llrint / lround / llround missing exceptions
  [16415] math: Clean up ldbl-128 / ldbl-128ibm expm1l for large positive
    arguments
  [16422] math: [powerpc] math-float, math-double failing llrint tests with
    "Exception "Inexact" set" on ppc32
  [16495] localedata: nl_NL: date_fmt: shuffle year/month around
  [16517] math: Missing underflow exception from tanf/tan/tanl
  [16519] math: Missing underflow exception from sinhf
  [16520] math: Missing underflow exception from tanhf
  [16521] math: Missing underflow exception from exp2
  [16620] math: [ldbl-128ibm] exp10l spurious overflows / bad directed
    rounding results
  [16734] stdio: fopen calls mmap to allocate its buffer
  [16961] math: nan function incorrect handling of bad sequences
  [16962] math: nan function unbounded stack allocation (CVE-2014-9761)
  [16973] localedata: Fix lang_lib/lang_term as per ISO 639-2
  [16985] locale: localedef: confusing error message when opening output
    fails
  [17118] math: ctanh(INFINITY + 2 * I) returns incorrect value
  [17197] locale: Redundant shift character in iconv conversion output at
    block boundary
  [17243] libc: trunk/posix/execl.c:53: va_args problem ?
  [17244] libc: trunk/sysdeps/unix/sysv/linux/semctl.c:116: va_args muxup ?
  [17250] dynamic-link: static linking breaks nss loading
    (getaddrinfo/getpwnam/etc...)
  [17404] libc: atomic_exchange_rel lacking a barrier on MIPS16, GCC before
    4.7?
  [17441] math: isnan() should use __builtin_isnan() in GCC
  [17514] nptl: Assert failure unlocking ERRORCHECK mutex after timedlock
    (related to lock elision)
  [17787] manual: Exponent on page 324 of the PDF ends prematurely
  [17886] time: strptime should be able to parse "Z" as a timezone with %z
  [17887] time: strptime should be able to parse "+01:00" style timezones
  [17905] libc: catopen() Multiple unbounded stack allocations
    (CVE-2015-8779)
  [18084] libc: backtrace (..., 0) dumps core on x86
  [18086] libc: nice() sets errno to 0 on success
  [18240] libc: hcreate, hcreate_r should fail with ENOMEM if element count
    is too large (CVE-2015-8778)
  [18251] dynamic-link: SONAME missing when audit modules provides path
  [18265] libc: add attributes for wchar string and memory functions
  [18370] math: csqrt missing underflows
  [18421] libc: [hppa] read-only segment has dynamic relocations
  [18472] libc: Obsolete syscall wrappers should be compat symbols
  [18480] libc: hppa glibc miscompilation in sched_setaffinity()
  [18491] localedata: Update tr_TR LC_CTYPE as part of Unicode updates
  [18525] localedata: Remove locale timezone information
  [18560] libc: [powerpc] spurious bits/ipc.h definitions
  [18568] localedata: Update locale data to Unicode 8.0
  [18589] locale: sort-test.sh fails at random
  [18595] math: ctan, ctanh missing underflows
  [18604] libc: assert macro-expands its argument
  [18610] math: S390: fetestexcept() reports any exception if DXC-code
    contains a vector instruction exception.
  [18611] math: j1, jn missing errno setting on underflow
  [18618] localedata: sync Chechen locale definitions with other *_RU
    locales
  [18647] math: powf(-0x1.000002p0, 0x1p30) returns 0 instead of +inf
  [18661] libc: Some x86-64 assembly codes don't align stack to 16 bytes
  [18665] network: In send_dg, the recvfrom function is NOT always using the
    buffer size of a newly created buffer (CVE-2015-7547)
  [18674] libc: [i386] trunk/sysdeps/i386/tst-auditmod3b.c:84: possible
    missing break ?
  [18675] libc: fpathconf(_PC_NAME_MAX) fails against large filesystems for
    32bit processes
  [18681] libc: regexp.h is obsolete and buggy, and should be desupported
  [18699] math: tilegx cproj() for various complex infinities does not yield
    infinity
  [18724] libc: Harden put*ent functions against data injection
  [18743] nptl: PowerPC: findutils testcase fails with --enable-lock-elision
  [18755] build: build errors with -DNDEBUG
  [18757] stdio: fmemopen fails to set errno on failure
  [18778] dynamic-link: ld.so crashes if failed dlopen causes libpthread to
    be forced unloaded
  [18781] libc: openat64 lacks O_LARGEFILE
  [18787] libc: [hppa] sysdeps/unix/sysv/linux/hppa/bits/atomic.h:71:6:
    error: can’t find a register in class ‘R1_REGS’ while reloading ‘asm’
  [18789] math: [ldbl-128ibm] sinhl inaccurate near 0
  [18790] math: [ldbl-128ibm] tanhl inaccurate
  [18795] libc: stpncpy fortification misses buffer lengths that are
    statically too large
  [18796] build: build fails for --disable-mathvec
  [18803] math: hypot missing underflows
  [18820] stdio: fmemopen may leak memory on failure
  [18823] math: csqrt spurious underflows
  [18824] math: fma spurious underflows
  [18825] math: pow missing underflows
  [18857] math: [ldbl-128ibm] nearbyintl wrongly uses signaling comparisons
  [18868] nptl: pthread_barrier_init typo has in-theory-undefined behavior
  [18870] build: sem_open.c fails to compile with missing symbol
    FUTEX_SHARED
  [18872] stdio: Fix memory leak in printf_positional
  [18873] libc: posix_fallocate overflow check ineffective
  [18875] math: Excess precision leads incorrect libm
  [18877] libc: arm: mmap offset regression
  [18887] libc: memory corruption when using getmntent on blank lines
  [18918] localedata: hu_HU: change time to HH:MM:SS format
  [18921] libc: Regression: extraneous stat() and fstat() performed by
    opendir()
  [18928] dynamic-link: LD_POINTER_GUARD is not ignored for privileged
    binaries (CVE-2015-8777)
  [18951] math: tgamma missing underflows
  [18952] math: [ldbl-128/ldbl-128ibm] lgammal spurious "invalid", incorrect
    signgam
  [18953] localedata: lt_LT: change currency symbol to the euro
  [18956] math: powf inaccuracy
  [18961] math: [i386] exp missing underflows
  [18966] math: [i386] exp10 missing underflows
  [18967] math: math.h XSI POSIX namespace (gamma, isnan, scalb)
  [18969] build: multiple string test failures due to missing locale
    dependencies
  [18970] libc: Reference of pthread_setcancelstate in libc.a
  [18977] math: float / long double Bessel functions not in XSI POSIX
  [18980] math: i386 libm functions return with excess range and precision
  [18981] math: i386 scalb*, ldexp return with excess range and precision
  [18982] stdio: va_list and vprintf
  [18985] time: Passing out of range data to strftime() causes a segfault
    (CVE-2015-8776)
  [19003] math: [x86_64] fma4 version of pow inappropriate contraction
  [19007] libc: FAIL: elf/check-localplt with -z now and binutils 2.26
  [19012] locale: iconv_open leaks memory on error path
  [19016] math: clog, clog10 inaccuracy
  [19018] nptl: Mangle function pointers in tls_dtor_list
  [19032] math: [i386] acosh (-qNaN) spurious "invalid" exception
  [19046] math: ldbl-128 / ldbl-128ibm lgamma bad overflow handling
  [19048] malloc: malloc: arena free list can become cyclic, increasing
    contention
  [19049] math: [powerpc] erfc incorrect zero sign
  [19050] math: [powerpc] log* incorrect zero sign
  [19058] math: [x86_64] Link fail with -fopenmp and -flto
  [19059] math: nexttoward overflow incorrect in non-default rounding modes
  [19071] math: ldbl-96 lroundl incorrect just below powers of 2
  [19074] network: Data race in _res_hconf_reorder_addrs
  [19076] math: [ldbl-128ibm] log1pl (-1) wrong sign of infinity
  [19077] math: [ldbl-128ibm] logl (1) incorrect sign of zero result
  [19078] math: [ldbl-128ibm] expl overflow incorrect in non-default
    rounding modes
  [19079] math: dbl-64/wordsize-64 lround based on llround incorrect for
    ILP32
  [19085] math: ldbl-128 lrintl, lroundl missing exceptions for 32-bit long
  [19086] manual: posix_fallocate64 documented argument order is wrong.
  [19088] math: lround, llround missing exceptions close to overflow
    threshold
  [19094] math: lrint, llrint missing exceptions close to overflow threshold
  [19095] math: dbl-64 lrint incorrect for 64-bit long
  [19122] dynamic-link: Unnecessary PLT relocations in librtld.os
  [19124] dynamic-link: ld.so failed to build with older assmebler
  [19125] math: [powerpc32] llroundf, llround incorrect exceptions
  [19129] dynamic-link: [arm] Concurrent lazy TLSDESC resolution can crash
  [19134] math: [powerpc32] lround, lroundf spurious exceptions
  [19137] libc: i386/epoll_pwait.S doesn't support cancellation
  [19143] nptl: Remove CPU set size checking from sched_setaffinity,
    pthread_setaffinity_np
  [19156] math: [ldbl-128] j0l spurious underflows
  [19164] nptl: tst-getcpu fails with many possible CPUs
  [19168] math: math/test-ildoubl and math/test-ldouble failure
  [19174] nptl: PowerPC: TLE enabled pthread mutex performs poorly.
  [19178] dynamic-link: ELF_RTYPE_CLASS_EXTERN_PROTECTED_DATA confuses
    prelink
  [19181] math: [i386/x86_64] fesetenv (FE_DFL_ENV), fesetenv
    (FE_NOMASK_ENV) do not clear SSE exceptions
  [19182] malloc: malloc deadlock between ptmalloc_lock_all and
    _int_new_arena/reused_arena
  [19189] math: [ldbl-128] log1pl (-qNaN) spurious "invalid" exception
  [19201] math: dbl-64 remainder incorrect sign of zero result
  [19205] math: bits/math-finite.h conditions do not match math.h and
    bits/mathcalls.h
  [19209] math: bits/math-finite.h wrongly maps ldexp to scalbn
  [19211] math: lgamma functions do not set signgam for -ffinite-math-only
    for C99-based standards
  [19212] libc: features.h not -Wundef clean
  [19213] math: [i386/x86_64] log* (1) incorrect zero sign for -ffinite-
    math-only
  [19214] libc: Family and model identification for AMD CPU's are incorrect.
  [19219] libc: GLIBC build fails for ia64 with missing __nearbyintl
  [19228] math: [powerpc] nearbyint wrongly clears "inexact", leaves traps
    disabled
  [19235] math: [powerpc64] lround, lroundf, llround, llroundf spurious
    "inexact" exceptions
  [19238] math: [powerpc] round, roundf spurious "inexact" for integer
    arguments
  [19242] libc: strtol incorrect in Turkish locales
  [19243] malloc: reused_arena can pick an arena on the free list, leading
    to an assertion failure and reference count corruption
  [19253] time: tzset() ineffective when temporary TZ did not include DST
    rules
  [19266] math: strtod ("NAN(I)") incorrect in Turkish locales
  [19270] math: [hppa] Shared libm missing __isnanl
  [19285] libc: [hppa] sysdeps/unix/sysv/linux/hppa/bits/mman.h: missing
    MAP_HUGETLB and MAP_STACK defines
  [19313] nptl: Wrong __cpu_mask for x32
  [19347] libc: grantpt: try to force a specific gid even without pt_chown
  [19349] math: [ldbl-128ibm] tanhl inaccurate for small arguments
  [19350] math: [ldbl-128ibm] sinhl spurious overflows
  [19351] math: [ldbl-128ibm] logl inaccurate near 1
  [19363] time: x32: times() return value wrongly truncates/sign extends
    from 32bit
  [19367] dynamic-link: Improve branch prediction on Silvermont
  [19369] network: Default domain name not reset by res_ninit when "search"
    / "domain" entry is removed from resolv.conf
  [19375] math: powerpc: incorrect results for POWER7 logb with negative
    subnormals
  [19385] localedata: bg_BG: time separator should be colon, not comma
  [19408] libc: linux personality syscall wrapper may erroneously return an
    error on 32-bit architectures
  [19415] libc: dladdr returns wrong names on hppa
  [19432] libc: iconv rejects redundant escape sequences in IBM900, IBM903,
    IBM905, IBM907, and IBM909
  [19439] math: Unix98 isinf and isnan functions conflict with C++11
  [19443] build: build failures with -DDEBUG
  [19451] build: Make check fails on test-double-vlen2
  [19462] libc: Glibc failed to build with -Os
  [19465] math: Wrong code with -Os
  [19466] time: time/tst-mktime2.c is compiled into an infinite loop with
    -Os
  [19467] string: Fast_Unaligned_Load needs to be enabled for Excavator core
    CPU's.
  [19475] libc: Glibc 2.22 doesn't build on sparc [PATCH]
  [19486] math: S390: Math tests fail with "Exception Inexact set".
  [19529] libc: [ARM]: FAIL: stdlib/tst-makecontext
  [19550] libc: [mips] mmap negative offset handling inconsistent with other
    architectures
  [19590] math: Fail to build shared objects that use libmvec.so functions.

Version 2.22

* The following bugs are resolved with this release:

  438, 2981, 4719, 6544, 6792, 11216, 12836, 13028, 13064, 13151, 13152,
  14094, 14113, 14292, 14841, 14906, 14958, 15319, 15467, 15790, 15969,
  16159, 16339, 16350, 16351, 16352, 16353, 16361, 16512, 16526, 16538,
  16559, 16560, 16704, 16783, 16850, 17053, 17090, 17195, 17269, 17293,
  17322, 17403, 17475, 17523, 17542, 17569, 17581, 17588, 17596, 17620,
  17621, 17628, 17631, 17692, 17711, 17715, 17776, 17779, 17792, 17833,
  17836, 17841, 17912, 17916, 17930, 17932, 17944, 17949, 17964, 17965,
  17967, 17969, 17977, 17978, 17987, 17991, 17996, 17998, 17999, 18007,
  18019, 18020, 18029, 18030, 18032, 18034, 18036, 18038, 18039, 18042,
  18043, 18046, 18047, 18049, 18068, 18078, 18080, 18093, 18100, 18104,
  18110, 18111, 18116, 18125, 18128, 18134, 18138, 18185, 18196, 18197,
  18206, 18210, 18211, 18217, 18219, 18220, 18221, 18234, 18244, 18245,
  18247, 18287, 18319, 18324, 18333, 18346, 18371, 18383, 18397, 18400,
  18409, 18410, 18412, 18418, 18422, 18434, 18444, 18457, 18468, 18469,
  18470, 18479, 18483, 18495, 18496, 18497, 18498, 18502, 18507, 18508,
  18512, 18513, 18519, 18520, 18522, 18527, 18528, 18529, 18530, 18532,
  18533, 18534, 18536, 18539, 18540, 18542, 18544, 18545, 18546, 18547,
  18549, 18553, 18557, 18558, 18569, 18583, 18585, 18586, 18592, 18593,
  18594, 18602, 18612, 18613, 18619, 18633, 18635, 18641, 18643, 18648,
  18657, 18676, 18694, 18696, 18887.

* Cache information can be queried via sysconf() function on s390 e.g. with
  _SC_LEVEL1_ICACHE_SIZE as argument.

* A buffer overflow in gethostbyname_r and related functions performing DNS
  requests has been fixed.  If the NSS functions were called with a
  misaligned buffer, the buffer length change due to pointer alignment was
  not taken into account.  This could result in application crashes or,
  potentially arbitrary code execution, using crafted, but syntactically
  valid DNS responses.  (CVE-2015-1781)

* The time zone file parser has been made more robust against crafted time
  zone files, avoiding heap buffer overflows related to the processing of
  the tzh_ttisstdcnt and tzh_ttisgmtcnt fields, and a stack overflow due to
  large time zone data files.  Overly long time zone specifiers in the TZ
  variable no longer result in stack overflows and crashes.

* A powerpc and powerpc64 optimization for TLS, similar to TLS descriptors
  for LD and GD on x86 and x86-64, has been implemented.  You will need
  binutils-2.24 or later to enable this optimization.

* Character encoding and ctype tables were updated to Unicode 7.0.0, using
  new generator scripts contributed by Pravin Satpute and Mike FABIAN (Red
  Hat).  These updates cause user visible changes, such as the fix for bug
  17998.

* CVE-2014-8121 The NSS backends shared internal state between the getXXent
  and getXXbyYY NSS calls for the same database, causing a denial-of-service
  condition in some applications.

* Added vector math library named libmvec with the following vectorized x86_64
  implementations: cos, cosf, sin, sinf, sincos, sincosf, log, logf, exp, expf,
  pow, powf.
  The library can be disabled with --disable-mathvec. Use of the functions is
  enabled with -fopenmp -ffast-math starting from -O1 for GCC version >= 4.9.0.
  Shared library libmvec.so is linked in as needed when using -lm (no need to
  specify -lmvec explicitly for not static builds).
  Visit <https://sourceware.org/glibc/wiki/libmvec> for detailed information.

* A new fmemopen implementation has been added with the goal of POSIX
  compliance. The new implementation fixes the following long-standing
  issues: BZ#6544, BZ#11216, BZ#12836, BZ#13151, BZ#13152, and BZ#14292. The
  old implementation is still present for use be by existing binaries.

* The 32-bit sparc sigaction ABI was inadvertently broken in the 2.20 and 2.21
  releases.  It has been fixed to match 2.19 and older, but binaries built
  against 2.20 and 2.21 might need to be recompiled.  See BZ#18694.

* Port to Native Client running on ARMv7-A (--host=arm-nacl).
  Contributed by Roland McGrath (Google).

* The header <regexp.h> is deprecated, and will be removed in a future
  release.  Use of this header will trigger a deprecation warning.
  Application developers should update their code to use <regex.h> instead.

  This header was formerly part of SUS, but was deprecated in 1994 and
  removed from the standard in 2001.  Also, the glibc implementation
  leaks memory.  See BZ#18681 for more details.

Version 2.21

* The following bugs are resolved with this release:

  6652, 10672, 12674, 12847, 12926, 13862, 14132, 14138, 14171, 14498,
  15215, 15378, 15884, 16009, 16418, 16191, 16469, 16576, 16617, 16618,
  16619, 16657, 16740, 16857, 17192, 17266, 17273, 17344, 17363, 17370,
  17371, 17411, 17460, 17475, 17485, 17501, 17506, 17508, 17522, 17555,
  17570, 17571, 17572, 17573, 17574, 17582, 17583, 17584, 17585, 17589,
  17594, 17601, 17608, 17616, 17625, 17630, 17633, 17634, 17635, 17647,
  17653, 17657, 17658, 17664, 17665, 17668, 17682, 17702, 17717, 17719,
  17722, 17723, 17724, 17725, 17732, 17733, 17744, 17745, 17746, 17747,
  17748, 17775, 17777, 17780, 17781, 17782, 17791, 17793, 17796, 17797,
  17801, 17803, 17806, 17834, 17844, 17848, 17868, 17869, 17870, 17885,
  17892.

* CVE-2015-1472 CVE-2015-1473 Under certain conditions wscanf can allocate
  too little memory for the to-be-scanned arguments and overflow the
  allocated buffer.  The implementation now correctly computes the required
  buffer size when using malloc, and switches to malloc from alloca as
  intended.

* A new semaphore algorithm has been implemented in generic C code for all
  machines. Previous custom assembly implementations of semaphore were
  difficult to reason about or ensure that they were safe. The new version
  of semaphore supports machines with 64-bit or 32-bit atomic operations.
  The new semaphore algorithm is used by sem_init, sem_open, sem_post,
  sem_wait, sem_timedwait, sem_trywait, and sem_getvalue.

* Port to Altera Nios II has been contributed by Mentor Graphics.

* Optimized strcpy, stpcpy, strncpy, stpncpy, strcmp, and strncmp
  implementations for powerpc64/powerpc64le.
  Implemented by Adhemerval Zanella (IBM).

* Added support for TSX lock elision of pthread mutexes on powerpc32, powerpc64
  and powerpc64le.  This may improve lock scaling of existing programs on
  HTM capable systems.  The lock elision code is only enabled with
  --enable-lock-elision=yes.  Also, the TSX lock elision implementation for
  powerpc will issue a transaction abort on every syscall to avoid side
  effects being visible outside transactions.

* Optimized strcpy, stpcpy, strchrnul and strrchr implementations for
  AArch64.  Contributed by ARM Ltd.

* i386 memcpy functions optimized with SSE2 unaligned load/store.

* CVE-2104-7817 The wordexp function could ignore the WRDE_NOCMD flag
  under certain input conditions resulting in the execution of a shell for
  command substitution when the application did not request it. The
  implementation now checks WRDE_NOCMD immediately before executing the
  shell and returns the error WRDE_CMDSUB as expected.

* CVE-2012-3406 printf-style functions could run into a stack overflow when
  processing format strings with a large number of format specifiers.

* CVE-2014-9402 The nss_dns implementation of getnetbyname could run into an
  infinite loop if the DNS response contained a PTR record of an unexpected
  format.

* The minimum GCC version that can be used to build this version of the GNU
  C Library is GCC 4.6.  Older GCC versions, and non-GNU compilers, can
  still be used to compile programs using the GNU C Library.

* The GNU C Library is now built with -Werror by default.  This can be
  disabled by configuring with --disable-werror.

* New locales: tu_IN, bh_IN, raj_IN, ce_RU.

* The obsolete sigvec function has been removed.  This was the original
  4.2BSD interface that inspired the POSIX.1 sigaction interface, which
  programs have been using instead for about 25 years.  Of course, ABI
  compatibility for old binaries using sigvec remains intact.

* Merged gettext 0.19.3 into the intl subdirectory.  This fixes building
  with newer versions of bison.

* Support for MIPS o32 FPXX, FP64A and FP64 ABI Extensions.
  The original MIPS o32 hard-float ABI requires an FPU where double-precision
  registers overlay two consecutive single-precision registers.  MIPS32R2
  introduced a new FPU mode (FR=1) where double-precision registers extend the
  corresponding single-precision registers which is incompatible with the
  o32 hard-float ABI.  The MIPS SIMD ASE and the MIPSR6 architecture both
  require the use of FR=1 making a transition necessary.  New o32 ABI
  extensions enable users to migrate over time from the original o32 ABI
  through to the updated o32 FP64 ABI.  To achieve this the dynamic linker now
  tracks the ABI of any loaded object and verifies that new objects are
  compatible.  Mode transitions will also be requested as required and
  unsupportable objects will be rejected.  The ABI checks include both soft and
  hard float ABIs for o32, n32 and n64.

  GCC 5 with GNU binutils 2.25 onwards:
  It is strongly recommended that all o32 system libraries are built using the
  new o32 FPXX ABI (-mfpxx) to facilitate the transition as this is compatible
  with the original and all new o32 ABI extensions.  Configure a MIPS GCC
  compiler using --with-fp-32=xx to set this by default.

Version 2.20

* The following bugs are resolved with this release:

  6804, 9894, 11505, 12994, 13347, 13651, 14308, 14770, 15119, 15132, 15347,
  15514, 15698, 15804, 15894, 15946, 16002, 16064, 16095, 16194, 16198,
  16275, 16284, 16287, 16315, 16348, 16349, 16354, 16357, 16362, 16447,
  16516, 16532, 16539, 16545, 16561, 16562, 16564, 16574, 16599, 16600,
  16609, 16610, 16611, 16613, 16619, 16623, 16629, 16632, 16634, 16639,
  16642, 16648, 16649, 16670, 16674, 16677, 16680, 16681, 16683, 16689,
  16695, 16701, 16706, 16707, 16712, 16713, 16714, 16724, 16731, 16739,
  16740, 16743, 16754, 16758, 16759, 16760, 16770, 16786, 16789, 16791,
  16796, 16799, 16800, 16815, 16823, 16824, 16831, 16838, 16839, 16849,
  16854, 16876, 16877, 16878, 16882, 16885, 16888, 16890, 16892, 16912,
  16915, 16916, 16917, 16918, 16922, 16927, 16928, 16932, 16943, 16958,
  16965, 16966, 16967, 16977, 16978, 16984, 16990, 16996, 17009, 17022,
  17031, 17042, 17048, 17050, 17058, 17061, 17062, 17069, 17075, 17078,
  17079, 17084, 17086, 17088, 17092, 17097, 17125, 17135, 17137, 17150,
  17153, 17187, 17213, 17259, 17261, 17262, 17263, 17319, 17325, 17354.

* Reverted change of ABI data structures for s390 and s390x:
  On s390 and s390x the size of struct ucontext and jmp_buf was increased in
  2.19. This change is reverted in 2.20. The introduced 2.19 symbol versions
  of getcontext, setjmp, _setjmp, __sigsetjmp, longjmp, _longjmp, siglongjmp
  are preserved pointing straight to the same implementation as the old ones.
  Given that, new callers will simply provide a too-big buffer to these
  functions. Any applications/libraries out there that embed jmp_buf or
  ucontext_t in an ABI-relevant data structure that have already been rebuilt
  against 2.19 headers will have to rebuilt again. This is necessary in any
  case to revert the breakage in their ABI caused by the glibc change.

* Support for file description locks is added to systems running the
  Linux kernel. The standard file locking interfaces are extended to
  operate on file descriptions, not file descriptors, via the use of
  F_OFD_GETLK, F_OFD_SETLK, and F_OFD_SETLKW. File description locks
  are associated with an open file instead of a process.

* Optimized strchr implementation for AArch64.  Contributed by ARM Ltd.

* The minimum Linux kernel version that this version of the GNU C Library
  can be used with is 2.6.32.

* Running the testsuite no longer terminates as soon as a test fails.
  Instead, a file tests.sum (xtests.sum from "make xcheck") is generated,
  with PASS or FAIL lines for individual tests.  A summary of the results is
  printed, including a list of failing lists, and "make check" exits with
  error status if there were any unexpected failures.  "make check
  stop-on-test-failure=y" may be used to keep the old behavior.

* The am33 port, which had not worked for several years, has been removed
  from ports.

* The _BSD_SOURCE and _SVID_SOURCE feature test macros are no longer
  supported; they now act the same as _DEFAULT_SOURCE (but generate a
  warning).  Except for cases where _BSD_SOURCE enabled BSD interfaces that
  conflicted with POSIX (support for which was removed in 2.19), the
  interfaces those macros enabled remain available when compiling with
  _GNU_SOURCE defined, with _DEFAULT_SOURCE defined, or without any feature
  test macros defined.

* Optimized strcmp implementation for ARMv7.  Contributed by ARM Ltd.

* Added support for TX lock elision of pthread mutexes on s390 and s390x.
  This may improve lock scaling of existing programs on TX capable systems.
  The lock elision code is only built with --enable-lock-elision=yes and
  then requires a GCC version supporting the TX builtins.  With lock elision
  default mutexes are elided via __builtin_tbegin, if the cpu supports
  transactions. By default lock elision is not enabled and the elision code
  is not built.

* CVE-2014-4043 The posix_spawn_file_actions_addopen implementation did not
  copy the path argument.  This allowed programs to cause posix_spawn to
  deference a dangling pointer, or use an unexpected pathname argument if
  the string was modified after the posix_spawn_file_actions_addopen
  invocation.

* All supported architectures now use the main glibc sysdeps directory
  instead of some being in a separate "ports" directory (which was
  distributed separately before glibc 2.17).

* The NPTL implementation of POSIX pthreads is no longer an "add-on".
  On configurations that support it (all Linux configurations), it's now
  used regardless of the --enable-add-ons switch to configure.  It is no
  longer possible to build such configurations without pthreads support.

* Locale names, including those obtained from environment variables (LANG
  and the LC_* variables), are more tightly checked for proper syntax.
  setlocale will now fail (with EINVAL) for locale names that are overly
  long, contain slashes without starting with a slash, or contain ".." path
  components. (CVE-2014-0475)  Previously, some valid locale names were
  silently replaced with the "C" locale when running in AT_SECURE mode
  (e.g., in a SUID program).  This is no longer necessary because of the
  additional checks.

* On x86-64, the dynamic linker's lazy-binding support is now compatible
  with application code using Intel MPX instructions.  (With all previous
  versions, the MPX register state could be clobbered when making calls
  into or out of a shared library.)  Note that while the new dynamic
  linker is compatible with all known x86 hardware whether or not it
  supports Intel MPX, some x86 instruction-set emulators might fail to
  handle the new instruction encodings.  This is known to affect Valgrind
  versions up through 3.9 (but will be fixed in the forthcoming 3.10
  release), and might affect other tools that do instruction emulation.

* Support for loadable gconv transliteration modules has been removed.
  The support for transliteration modules has been non-functional for
  over a decade, and the removal is prompted by security defects.  The
  normal gconv conversion modules are still supported.  Transliteration
  with //TRANSLIT is still possible, and the //IGNORE specifier
  continues to be  supported. (CVE-2014-5119)

* Decoding a crafted input sequence in the character sets IBM933, IBM935,
  IBM937, IBM939, IBM1364 could result in an out-of-bounds array read,
  resulting a denial-of-service security vulnerability in applications which
  use functions related to iconv. (CVE-2014-6040)

Version 2.19

* The following bugs are resolved with this release:

  156, 387, 431, 762, 832, 926, 2801, 4772, 6786, 6787, 6807, 6810, 6981,
  7003, 9721, 9954, 10253, 10278, 11087, 11157, 11214, 12100, 12486, 12751,
  12986, 13028, 13982, 13985, 14029, 14032, 14120, 14143, 14155, 14286,
  14547, 14699, 14752, 14782, 14876, 14910, 15004, 15048, 15073, 15089,
  15128, 15218, 15268, 15277, 15308, 15362, 15374, 15400, 15425, 15427,
  15483, 15522, 15531, 15532, 15593, 15601, 15608, 15609, 15610, 15632,
  15640, 15670, 15672, 15680, 15681, 15723, 15734, 15735, 15736, 15748,
  15749, 15754, 15760, 15763, 15764, 15797, 15799, 15825, 15843, 15844,
  15846, 15847, 15849, 15850, 15855, 15856, 15857, 15859, 15867, 15886,
  15887, 15890, 15892, 15893, 15895, 15897, 15901, 15905, 15909, 15915,
  15917, 15919, 15921, 15923, 15939, 15941, 15948, 15963, 15966, 15968,
  15985, 15988, 15997, 16032, 16034, 16036, 16037, 16038, 16041, 16046,
  16055, 16071, 16072, 16074, 16077, 16078, 16103, 16112, 16143, 16144,
  16146, 16150, 16151, 16153, 16167, 16169, 16172, 16195, 16214, 16245,
  16271, 16274, 16283, 16289, 16293, 16314, 16316, 16330, 16337, 16338,
  16356, 16365, 16366, 16369, 16372, 16375, 16379, 16381, 16384, 16385,
  16386, 16387, 16390, 16394, 16398, 16400, 16407, 16408, 16414, 16430,
  16431, 16453, 16474, 16506, 16510, 16529

* Slovenian translations for glibc messages have been contributed by the
  Translation Project's Slovenian team of translators.

* The public headers no longer use __unused nor __block.  This change is to
  support compiling programs that are derived from BSD sources and use
  __unused internally, and to support compiling with Clang's -fblock
  extension which uses __block.

* CVE-2012-4412 The strcoll implementation caches indices and rules for
  large collation sequences to optimize multiple passes.  This cache
  computation may overflow for large collation sequences and may cause a
  stack or buffer overflow.  This is now fixed to use a slower algorithm
  which does not use a cache if there is an integer overflow.

* CVE-2012-4424 The strcoll implementation uses malloc to cache indices and
  rules for large collation sequences to optimize multiple passes and falls
  back to alloca if malloc fails, resulting in a possible stack overflow.
  The implementation now falls back to an uncached collation sequence lookup
  if malloc fails.

* CVE-2013-4788 The pointer guard used for pointer mangling was not
  initialized for static applications resulting in the security feature
  being disabled. The pointer guard is now correctly initialized to a
  random value for static applications. Existing static applications need
  to be recompiled to take advantage of the fix (bug 15754).

* CVE-2013-4237 The readdir_r function could write more than NAME_MAX bytes
  to the d_name member of struct dirent, or omit the terminating NUL
  character.  (Bugzilla #14699).

* CVE-2013-4332 The pvalloc, valloc, memalign, posix_memalign and
  aligned_alloc functions could allocate too few bytes or corrupt the
  heap when passed very large allocation size values (Bugzilla #15855,
  #15856, #15857).

* CVE-2013-4458 Stack overflow in getaddrinfo with large number of results
  for AF_INET6 has been fixed (Bugzilla #16072).

* New locales: ak_GH, anp_IN, ar_SS, cmn_TW, hak_TW, lzh_TW, nan_TW, pap_AW,
  pap_CW, quz_PE, the_NP.

* Substantially revised locales: gd_GB, ht_HT

* The LC_ADDRESS field was updated to support country_car for almost all
  supported locales.

* ISO 1427 definitions were updated.

* ISO 3166 definitions were updated.

* The localedef utility now supports --big-endian and --little-endian
  command-line options to generate locales for a different system from that
  for which the C library was built.

* Binary locale files now only depend on the endianness of the system for
  which they are generated and not on other properties of that system.  As a
  consequence, binary files generated with new localedef may be incompatible
  with old versions of the GNU C Library, and binary files generated with
  old localedef may be incompatible with this version of the GNU C Library,
  in the following circumstances:

  + Locale files may be incompatible on m68k systems.

  + Locale archive files (but not separate files for individual locales) may
    be incompatible on systems where plain "char" is signed.

* The configure option --disable-versioning has been removed.  Builds with
  --disable-versioning had not worked for several years.

* ISO 639 definitions were updated for Chiga (cgg) and Chinese (gan, hak, czh,
  cjy, lzh, cmn, mnp, cdo, czo, cpx, wuu, hsn, yue).

* SystemTap probes for malloc have been introduced.

* SystemTap probes for slow multiple precision fallback paths of
  transcendental functions have been introduced.

* Support for powerpc64le has been added.

* The soft-float powerpc port now supports e500 processors.

* Support for STT_GNU_IFUNC symbols added for ppc32/power4+ and ppc64.

* A new feature test macro _DEFAULT_SOURCE is available to enable the same
  set of header declarations that are enabled by default, even when other
  feature test macros or compiler options such as -std=c99 would otherwise
  disable some of those declarations.

* The _BSD_SOURCE feature test macro no longer enables BSD interfaces that
  conflict with POSIX.  The libbsd-compat library (which was a dummy library
  that did nothing) has also been removed.

* Preliminary documentation about Multi-Thread, Async-Signal and
  Async-Cancel Safety has been added.

* Change of ABI data structures for s390 and s390x:
  On s390 and s390x the size of struct ucontext and jmp_buf was increased to
  allow for future hardware extensions. All library functions that accept or
  return these structures were versioned in order to provide backwards
  compatibility with existing code. However, not all cases can be handled
  with interface versioning. If an application embeds either structure into
  another structure and that structure is passed to another compilation unit
  which expects the newer larger-sized object then any access to the new
  fields will result in undefined behaviour. Similarly any access to fields
  that were moved by the enlarging of the structures will cause undefined
  behaviour. To fix the undefined behaviour all objects that are part of the
  final in-memory image must agree on the size of structures, and this may
  require recompilation.

Version 2.18

* The following bugs are resolved with this release:

  2546, 2560, 5159, 6809, 7006, 10060, 10062, 10283, 10357, 10686, 11120,
  11561, 12310, 12387, 12492, 12515, 12723, 13550, 13889, 13951, 13988,
  14142, 14176, 14200, 14256, 14280, 14293, 14317, 14327, 14478, 14496,
  14582, 14686, 14812, 14888, 14894, 14907, 14908, 14909, 14920, 14941,
  14952, 14964, 14981, 14982, 14985, 14991, 14994, 14996, 15000, 15003,
  15006, 15007, 15014, 15020, 15022, 15023, 15036, 15054, 15055, 15062,
  15078, 15084, 15085, 15086, 15100, 15160, 15214, 15221, 15232, 15234,
  15283, 15285, 15287, 15304, 15305, 15307, 15309, 15327, 15330, 15335,
  15336, 15337, 15339, 15342, 15346, 15359, 15361, 15366, 15380, 15381,
  15394, 15395, 15405, 15406, 15409, 15416, 15418, 15419, 15423, 15424,
  15426, 15429, 15431, 15432, 15441, 15442, 15448, 15465, 15480, 15485,
  15488, 15490, 15492, 15493, 15497, 15506, 15529, 15536, 15553, 15577,
  15583, 15618, 15627, 15631, 15654, 15655, 15666, 15667, 15674, 15711,
  15755, 15759.

* CVE-2013-2207 Incorrectly granting access to another user's pseudo-terminal
  has been fixed by disabling the use of pt_chown (Bugzilla #15755).
  Distributions can re-enable building and using pt_chown via the new configure
  option `--enable-pt_chown'.  Enabling the use of pt_chown carries with it
  considerable security risks and should only be used if the distribution
  understands and accepts the risks.

* CVE-2013-0242 Buffer overrun in regexp matcher has been fixed (Bugzilla
  #15078).

* CVE-2013-1914 Stack overflow in getaddrinfo with many results has been
  fixed (Bugzilla #15330).

* Add support for calling C++11 thread_local object destructors on thread
  and program exit.  This needs compiler support for offloading C++11
  destructor calls to glibc.

* Improved worst case performance of libm functions with double inputs and
  output.

* Support for priority inherited mutexes in pthread condition variables on
  non-x86 architectures.

* Port to Xilinx MicroBlaze contributed by David Holsgrove.

* Optimized string functions for AArch64.  Implemented by Marcus Shawcroft.

* Optimized string functions for ARM.  Implemented by Will Newton and
  Richard Henderson.

* Optimized libm functions for SPARC.  Implemented by David S. Miller.

* Support for building more of ARM glibc as Thumb-2 code.  Implemented by
  Richard Henderson.

* Support for building most of MIPS glibc as MIPS16 code.  Implemented by
  Chung-Lin Tang, Maciej W. Rozycki and Maxim Kuvyrkov.

* Added a benchmark framework to track performance of functions in glibc.

* New <math.h> macro named issignaling to check for a signaling NaN (sNaN).
  It is based on draft TS 18661 and currently enabled as a GNU extension.

* On Linux, the clock function now uses the clock_gettime system call
  for improved precision, rather than old times system call.

* Added support for version-3 tz format files.  This is needed when using
  the tz database release 2013e or later, and affects a few unusual cases --
  currently only TZ='America/Godthab' for time stamps after 2037.

* Added new API functions pthread_getattr_default_np and
  pthread_setattr_default_np to get and set the default pthread
  attributes of a process.

* Added support for TSX lock elision for pthread mutexes on i386 and x86-64.
  This may improve lock scaling of existing programs on TSX capable systems.
  When the --enable-lock-elision=yes parameter is specified at configure
  time lock elision will be enabled by default for all PTHREAD_MUTEX_DEFAULT
  mutexes.

* Support added for AT_HWCAP2 (to coincide with Linux kernel 3.10
  availability).  Implemented by Ryan S. Arnold.

* Support added for POWER8 platform.  Implemented by Ryan S. Arnold.

Version 2.17

* The following bugs are resolved with this release:

  1349, 3439, 3479, 3665, 5044, 5246, 5298, 5400, 6530, 6677, 6778, 6808,
  9685, 9914, 10014, 10038, 10114, 10191, 10631, 10873, 11438, 11607, 11638,
  11741, 12140, 13013, 13412, 13542, 13601, 13603, 13604, 13629, 13679,
  13696, 13698, 13717, 13741, 13759, 13761, 13763, 13881, 13939, 13950,
  13952, 13966, 14042, 14047, 14090, 14150, 14151, 14152, 14154, 14157,
  14166, 14173, 14195, 14197, 14237, 14246, 14251, 14252, 14283, 14298,
  14303, 14307, 14328, 14331, 14336, 14337, 14347, 14349, 14368, 14376,
  14417, 14447, 14459, 14476, 14477, 14501, 14505, 14510, 14516, 14518,
  14519, 14530, 14532, 14538, 14543, 14544, 14545, 14557, 14562, 14568,
  14576, 14579, 14583, 14587, 14595, 14602, 14610, 14621, 14638, 14645,
  14648, 14652, 14660, 14661, 14669, 14672, 14683, 14694, 14716, 14719,
  14743, 14767, 14783, 14784, 14785, 14793, 14796, 14797, 14801, 14803,
  14805, 14807, 14811, 14815, 14821, 14822, 14824, 14828, 14831, 14833,
  14835, 14838, 14856, 14863, 14865, 14866, 14868, 14869, 14871, 14872,
  14879, 14889, 14893, 14898, 14914.

* Optimization of memcpy for MIPS.

* CVE-2011-4609 svc_run() produces high cpu usage when accept fails with
  EMFILE has been fixed (Bugzilla #14889).

* The add-on ports collection is now distributed in the "ports" subdirectory
  of the main GNU C Library distribution, rather than separately.

* Port to ARM AArch64 contributed by Linaro.

* Support for STT_GNU_IFUNC symbols added for s390 and s390x.
  Optimized versions of memcpy, memset, and memcmp added for System z10 and
  zEnterprise z196.
  Implemented by Andreas Krebbel.

* The new function secure_getenv allows secure access to the environment,
  returning NULL if running in a SUID/SGID process.  This function replaces
  the internal function __secure_getenv.

* SystemTap static probes have been added into the dynamic linker.
  Implemented by Gary Benson.

* Optimizations of string functions strstr, strcasestr and memmem.
  Implemented by Maxim Kuvyrkov.

* The minimum Linux kernel version that this version of the GNU C Library
  can be used with is 2.6.16.

* Optimizations of string functions memchr, wcschr, wcscpy, and wcsrchr for
  powerpc POWER7.  Implemented by Will Schmidt.

* New configure option --disable-nscd builds the C library such that it
  never attempts to contact the Name Service Caching Daemon (nscd).
  New configure option --disable-build-nscd avoids building nscd itself;
  this is the default if --disable-nscd is used.

* Improved support for cross-compilation, including cross-testing and
  bootstrap builds without a previously built glibc.

* Several testsuite tests are now able to test multiple IFUNC variants of an
  interface, rather than just testing the one that would be chooen by
  default.

* New configure options --with-bugurl and --with-pkgversion, for
  distributors to use to embed their bug-reporting and package version
  information in --help and --version output.

* The ttyname and ttyname_r functions on Linux now fall back to searching for
  the tty file descriptor in /dev/pts or /dev if /proc is not available.  This
  allows creation of chroots without the procfs mounted on /proc.

* The `crypt' function now fails if passed salt bytes that violate the
  specification for those values.  On Linux, the `crypt' function will
  consult /proc/sys/crypto/fips_enabled to determine if "FIPS mode" is
  enabled, and fail on encrypted strings using the MD5 or DES algorithm
  when the mode is enabled.

* The `clock_*' suite of functions (declared in <time.h>) is now available
  directly in the main C library.  Previously it was necessary to link with
  -lrt to use these functions.  This change has the effect that a
  single-threaded program that uses a function such as `clock_gettime' (and
  is not linked with -lrt) will no longer implicitly load the pthreads
  library at runtime and so will not suffer the overheads associated with
  multi-thread support in other code such as the C++ runtime library.

* New locales: ayc_PE, doi_IN, ia_FR, mni_IN, nhn_MX, niu_NU, niu_NZ,
  sat_IN, and szl_PL.

Version 2.16

* The following bugs are resolved with this release:

  174, 208, 350, 369, 411, 706, 766, 2074, 2541, 2547, 2548, 2550, 2551,
  2552, 2553, 2554, 2562, 2563, 2565, 2566, 2570, 2576, 2636, 2678, 3335,
  3440, 3748, 3768, 3866, 3868, 3906, 3976, 3992, 4026, 4108, 4596, 4822,
  5077, 5461, 5805, 5993, 6471, 6486, 6578, 6649, 6730, 6770, 6794, 6884,
  6890, 6894, 6895, 6907, 6911, 6959, 7064, 9739, 9902, 10110, 10135, 10140,
  10153, 10210, 10254, 10346, 10375, 10545, 10716, 10846, 10882, 11174,
  11261, 11322, 11365, 11451, 11494, 11521, 11677, 11837, 11959, 12047,
  12097, 12193, 12194, 12297, 12298, 12301, 12340, 12354, 12416, 12495,
  13058, 13223, 13361, 13525, 13526, 13527, 13528, 13529, 13530, 13531,
  13532, 13533, 13547, 13551, 13552, 13553, 13555, 13556, 13559, 13563,
  13566, 13576, 13579, 13583, 13592, 13594, 13613, 13618, 13637, 13656,
  13658, 13673, 13691, 13695, 13704, 13705, 13706, 13718, 13726, 13738,
  13739, 13743, 13750, 13758, 13760, 13761, 13775, 13786, 13787, 13792,
  13806, 13824, 13840, 13841, 13844, 13846, 13848, 13851, 13852, 13854,
  13871, 13872, 13873, 13879, 13882, 13883, 13884, 13885, 13886, 13892,
  13895, 13908, 13910, 13911, 13912, 13913, 13914, 13915, 13916, 13917,
  13918, 13919, 13920, 13921, 13922, 13923, 13924, 13926, 13927, 13928,
  13938, 13941, 13942, 13954, 13955, 13956, 13963, 13967, 13968, 13970,
  13973, 13979, 13983, 13986, 13996, 14012, 14027, 14033, 14034, 14036,
  14040, 14043, 14044, 14048, 14049, 14050, 14053, 14055, 14059, 14064,
  14075, 14080, 14083, 14103, 14104, 14109, 14112, 14117, 14122, 14123,
  14134, 14153, 14183, 14188, 14199, 14210, 14218, 14229, 14241, 14273,
