Author: Siddhesh Poyarekar
Author Date: 2023-10-12 16:50:49 UTC

Move CVE information into advisories directory

One of the requirements to becoming a CVE Numbering Authority (CNA) is
to publish advisories. Do this by maintaining a file for each CVE fixed
in the advisories directory in the source tree. Links to the advisories
can then be shared as:

https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-YYYY-NNNN

The file format at the moment is rudimentary and derives from the git
commit format, i.e. a subject line and a potentially multi-paragraph
description and then tags to describe some meta information. This is a
loose format at the moment and could change as we evolve this.

Also add a script process-fixed-cves.sh that processes these advisories
and generates a list to add to NEWS at release time.

Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>

Author: Adhemerval Zanella
Author Date: 2023-12-07 14:17:35 UTC

elf: Fix wrong break removal from 8ee878592c

Reported-by: Alexander Monakov <amonakov@ispras.ru>
(cherry picked from commit 546a1ba664626603660b595662249d524e429013)

Author: Adhemerval Zanella
Author Date: 2023-12-07 14:17:35 UTC

elf: Fix wrong break removal from 8ee878592c

Reported-by: Alexander Monakov <amonakov@ispras.ru>
(cherry picked from commit 546a1ba664626603660b595662249d524e429013)

Author: Adhemerval Zanella
Author Date: 2023-10-27 11:14:14 UTC

x86: Expand the comment on when REP STOSB is used on memset

Author: Florian Weimer
Author Date: 2023-10-19 07:32:49 UTC

Revert "elf: Move l_init_called_next to old place of l_text_end in link map"

This reverts commit 59ee83b0c27a67a34dc53b312424c9435423bfc9.

Reason for revert: Preserve internal ABI.

Author: Florian Weimer
Author Date: 2023-10-19 07:29:42 UTC

Revert "elf: Move l_init_called_next to old place of l_text_end in link map"

This reverts commit f441cb9a70fa3f55e9bbd615924879d692d21a6c.

Reason for revert: Preserve internal ABI.

Author: Siddhesh Poyarekar
Author Date: 2023-09-19 22:39:32 UTC

tunables: Terminate if end of input is reached (CVE-2023-4911)

The string parsing routine may end up writing beyond bounds of tunestr
if the input tunable string is malformed, of the form name=name=val.
This gets processed twice, first as name=name=val and next as name=val,
resulting in tunestr being name=name=val:name=val, thus overflowing
tunestr.

Terminate the parsing loop at the first instance itself so that tunestr
does not overflow.

This also fixes up tst-env-setuid-tunables to actually handle failures
correct and add new tests to validate the fix for this CVE.

Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
(cherry picked from commit 1056e5b4c3f2d90ed2b4a55f96add28da2f4c8fa)

Author: Adhemerval Zanella
Author Date: 2023-08-30 12:00:04 UTC

posix: Remove the __strcpy_chk from glob tests

Not all compiler supports the builtin.

Author: Pranav Kant
Author Date: 2023-09-28 00:09:32 UTC

x86: Respect --disable-float128 flag to disable FLOAT128 functionality

Author: Zack Weinberg
Author Date: 2023-09-21 18:58:05 UTC

Remove all of the remaining libcrypt code.

Completing the removal of libcrypt, delete all of its actual code.
This patch contains only file removals:

git rm -r crypt
git rm include/crypt.h
git rm $(find sysdeps -name libcrypt.abilist)
git rm $(find sysdeps -name fips-private.h)
git rm $(find sysdeps -name 'md5-*' -o -name 'sha256-*' -o -name 'sha512-*')

For this patch (not the earlier ones, I'd still be waiting) I ran the
complete testsuite and found no *new* failures. 26 tests are failing
on my machine due to probable environment issues, but they were all
failing on trunk before I started making changes, and none of them
appear to have anything to do with this patchset.

Author: Noah Goldstein
Author Date: 2023-08-11 23:48:01 UTC

x86: Fix incorrect scope of setting `shared_per_thread` [BZ# 30745]

The:

```
    if (shared_per_thread > 0 && threads > 0)
      shared_per_thread /= threads;
```

Code was accidentally moved to inside the else scope. This doesn't
match how it was previously (before af992e7abd).

This patch fixes that by putting the division after the `else` block.

(cherry picked from commit 084fb31bc2c5f95ae0b9e6df4d3cf0ff43471ede)

Author: Noah Goldstein
Author Date: 2023-08-11 23:48:01 UTC

x86: Fix incorrect scope of setting `shared_per_thread` [BZ# 30745]

The:

```
    if (shared_per_thread > 0 && threads > 0)
      shared_per_thread /= threads;
```

Code was accidentally moved to inside the else scope. This doesn't
match how it was previously (before af992e7abd).

This patch fixes that by putting the division after the `else` block.

(cherry picked from commit 084fb31bc2c5f95ae0b9e6df4d3cf0ff43471ede)

Author: Noah Goldstein
Author Date: 2023-08-11 23:48:01 UTC

x86: Fix incorrect scope of setting `shared_per_thread` [BZ# 30745]

The:

```
    if (shared_per_thread > 0 && threads > 0)
      shared_per_thread /= threads;
```

Code was accidentally moved to inside the else scope. This doesn't
match how it was previously (before af992e7abd).

This patch fixes that by putting the division after the `else` block.

(cherry picked from commit 084fb31bc2c5f95ae0b9e6df4d3cf0ff43471ede)

Author: Noah Goldstein
Author Date: 2023-08-11 23:48:01 UTC

x86: Fix incorrect scope of setting `shared_per_thread` [BZ# 30745]

The:

```
    if (shared_per_thread > 0 && threads > 0)
      shared_per_thread /= threads;
```

Code was accidentally moved to inside the else scope. This doesn't
match how it was previously (before af992e7abd).

This patch fixes that by putting the division after the `else` block.

(cherry picked from commit 084fb31bc2c5f95ae0b9e6df4d3cf0ff43471ede)

Author: Noah Goldstein
Author Date: 2023-08-11 23:42:52 UTC

x86: Fix incorrect scope of setting `shared_per_thread` [BZ# 30745]

The:

```
    if (shared_per_thread > 0 && threads > 0)
      shared_per_thread /= threads;
```

Code was accidentally moved to inside the else scope. This doesn't
match how it was previously (before af992e7abd).

This patch fixes that by putting the division after the `else` block.

(cherry picked from commit 084fb31bc2c5f95ae0b9e6df4d3cf0ff43471ede)

Author: Noah Goldstein
Author Date: 2023-08-11 00:28:24 UTC

x86: Fix incorrect scope of setting `shared_per_thread` [BZ# 30745]

The:

```
    if (shared_per_thread > 0 && threads > 0)
      shared_per_thread /= threads;
```

Code was accidentally moved to inside the else scope. This doesn't
match how it was previously (before af992e7abd).

This patch fixes that by putting the division after the `else` block.

(cherry picked from commit 084fb31bc2c5f95ae0b9e6df4d3cf0ff43471ede)

Author: Adhemerval Zanella
Author Date: 2023-09-06 16:47:35 UTC

stdio: Remove __printf_fp_buffer_2 alloca usage

And replace with a scratch_buffer.

Author: Florian Weimer
Author Date: 2023-07-06 17:24:33 UTC

Test case for bug 30619

Author: Adhemerval Zanella
Author Date: 2023-06-19 17:11:58 UTC

linux: Do not spawn a new thread for SIGEV_THREAD (BZ 30558)

Author: Joe Simmons-Talbott
Author Date: 2023-04-21 13:24:25 UTC

wcsmbs: Add wcsdup() tests. (BZ #30266)

Enable wide character testcases for wcsdup().

Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>

Author: Adhemerval Zanella
Author Date: 2023-04-03 18:50:35 UTC

loongarch: Fix Race conditions in pthread cancellation [BZ#12683]

By adding the required syscall_cancel.S.

Checked against a build and make check run-built-tests=no for
loongarch64-linux-gnu-lp64d.

Author: Szabolcs Nagy
Author Date: 2023-04-04 15:39:34 UTC

cheri: malloc: exact capability check in free/realloc

Capability narrowing uses a lookup table from an address to the
internally used wide capability. Keep the narrow capability in the
table instead of just the address and check it. This allows free
and realloc to check their input and only accept capabilities
exactly matching what was returned by malloc.

When a user adds restrictions on top of malloc returned capabilities
(e.g. narrower bounds), realloc could bypass those restrictions when
it simply looked up the internal wide capability for the address.

Author: Adhemerval Zanella
Author Date: 2020-10-20 19:00:43 UTC

linux: Use getdents64 on readdir64 compat implementation

It uses a similar strategy from the non-LFS readdir that also
uses getdents64 internally and uses a translation buffer to return
the compat readdir64 entry.

It allows to remove __old_getdents64.

Checked on i686-linux-gnu.

Author: Florian Weimer
Author Date: 2022-08-18 06:49:55 UTC

libio: Convert __vswprintf_internal to buffers (bug 27857)

Always null-terminate the buffer and set E2BIG if the buffer is too
small. This fixes bug 27857.

Author: Szabolcs Nagy
Author Date: 2022-11-22 13:36:29 UTC

morello README: typo and wording fixes

Author: Carlos Eduardo Seo
Author Date: 2022-08-08 19:09:37 UTC

cheri: stdio-common: Add test for %#p printf modifier

Testcase for printing capabilities.

Author: Stefan Liebler
Author Date: 2021-06-28 11:01:07 UTC

s390x: Update math: redirect roundeven function

After recent commit
447954a206837b5f153869cfeeeab44631c3fac9
"math: redirect roundeven function", building on
s390x fails with:
Error: symbol `__roundevenl' is already defined

Similar to aarch64/riscv fix, this patch redirects target
specific functions for s390x:
commit 3213ed770cbc5821920d16caa93c85e92dd7b9f6
"Update math: redirect roundeven function"

(cherry picked from commit 259a17cc98058d2576511201f85d28cb5d9de2a2)

Author: Carlos Eduardo Seo
Author Date: 2020-11-13 19:33:07 UTC

TODO(drop): aarch64: morello: CPU feature detection for Morello

Initial detection of Arm Morello architecture from the HWCAP2 bit and CPU
identification from MIDR_EL0.

TODO: not needed?
- lp64 does not have to detect
- purecap can assume morello

Author: Florian Weimer
Author Date: 2022-05-17 09:38:29 UTC

locale: localdef input files are now encoded in UTF-8

Author: Szabolcs Nagy
Author Date: 2021-12-30 17:08:36 UTC

aarch64: Move ld.so _start to separate file and drop _dl_skip_args

A separate asm file is easier to maintain than a macro that expands to
inline asm.

The RTLD_START macro is only needed now because _dl_start is local in
rtld.c, but _start has to call it, if _dl_start was made hidden then it
could be empty.

_dl_skip_args is no longer needed.

---
v4:
- adjust commit message about _dl_skip_args.
v3:
- mention _dl_skip_args
v2:
- fix typo in commit message.

Author: Szabolcs Nagy
Author Date: 2021-12-30 17:08:36 UTC

aarch64: Move ld.so _start to separate file and drop _dl_skip_args

A separate asm file is easier to maintain than a macro that expands to
inline asm.

The RTLD_START macro is only needed now because _dl_start is local in
rtld.c, but _start has to call it, if _dl_start was made hidden then it
could be empty.

_dl_skip_args is no longer needed.

---
v4:
- adjust commit message about _dl_skip_args.
v3:
- mention _dl_skip_args
v2:
- fix typo in commit message.

Author: Szabolcs Nagy
Author Date: 2021-12-30 17:08:36 UTC

aarch64: Move ld.so _start to separate file and drop _dl_skip_args

A separate asm file is easier to maintain than a macro that expands to
inline asm.

The RTLD_START macro is only needed now because _dl_start is local in
rtld.c, but _start has to call it, if _dl_start was made hidden then it
could be empty.

_dl_skip_args is no longer needed.

---
v4:
- adjust commit message about _dl_skip_args.
v3:
- mention _dl_skip_args
v2:
- fix typo in commit message.

Author: Raoni Fassina Firmino
Author Date: 2022-04-01 20:05:01 UTC

Merge branch release/2.32/master into ibm/2.32/master

Author: Szabolcs Nagy
Author Date: 2022-02-02 14:03:58 UTC

Fix elf/tst-audit25a with default bind now toolchains

This test relies on lazy binding for the executable so request that
explicitly in case the toolchain defaults to bind now.

(cherry picked from commit 80a08d0faa9b224019f895800c4d97de4e23e1aa)

Author: Fangrui Song
Author Date: 2022-03-09 01:17:05 UTC

elf: Support DT_RELR relative relocation format [BZ #27924]

PIE and shared objects usually have many relative relocations. In
2017/2018, SHT_RELR/DT_RELR was proposed on
https://groups.google.com/g/generic-abi/c/bX460iggiKg/m/GxjM0L-PBAAJ
("Proposal for a new section type SHT_RELR") and is a pre-standard. RELR
usually takes 3% or smaller space than R_*_RELATIVE relocations. The
virtual memory size of a mostly statically linked PIE is typically 5~10%
smaller.

This patch adds ELF_DYNAMIC_DO_RELR to ELF_DYNAMIC_RELOCATE.
ELF_DYNAMIC_DO_RELR is ordered before ELF_DYNAMIC_DO_REL[A] so that ifunc
resolvers that require relocated got entries have them relocated. This is
needed for ppc64 according to Alan Modra.

Author: Raoni Fassina Firmino
Author Date: 2022-02-25 13:57:31 UTC

Merge branch release/2.30/master into ibm/2.30/master

Author: Siddhesh Poyarekar
Author Date: 2022-01-19 04:13:26 UTC

getcwd: Set errno to ERANGE for size == 1 (CVE-2021-3999)

No valid path returned by getcwd would fit into 1 byte, so reject the
size early and return NULL with errno set to ERANGE. This change is
prompted by CVE-2021-3999, which describes a single byte buffer
underflow and overflow when all of the following conditions are met:

- The buffer size (i.e. the second argument of getcwd) is 1 byte
- The current working directory is too long
- '/' is also mounted on the current working directory

Sequence of events:

- In sysdeps/unix/sysv/linux/getcwd.c, the syscall returns ENAMETOOLONG
  because the linux kernel checks for name length before it checks
  buffer size

- The code falls back to the generic getcwd in sysdeps/posix

- In the generic func, the buf[0] is set to '\0' on line 250

- this while loop on line 262 is bypassed:

    while (!(thisdev == rootdev && thisino == rootino))

  since the rootfs (/) is bind mounted onto the directory and the flow
  goes on to line 449, where it puts a '/' in the byte before the
  buffer.

- Finally on line 458, it moves 2 bytes (the underflowed byte and the
  '\0') to the buf[0] and buf[1], resulting in a 1 byte buffer overflow.

- buf is returned on line 469 and errno is not set.

This resolves BZ #28769.

Signed-off-by: Qualys Security Advisory <qsa@qualys.com>
Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>

Author: Fangrui Song
Author Date: 2021-10-11 05:32:12 UTC

elf: Remove Intel MPX support (lazy PLT, ld.so profile, and LD_AUDIT)

Intel MPX failed to gain wide adoption and has been deprecated for a
while. GCC 9.1 removed Intel MPX support. Linux kernel removed MPX in
2019.

This patch removes the support code from the dynamic loader.

Author: Carlos-0
Author Date: 2021-07-29 05:27:56 UTC

Add generic C.UTF-8 locale (Bug 17318)

We add a new C.UTF-8 locale. This locale is not builtin to glibc, but
is provided as a distinct locale. The locale provides full support
for UTF-8 and this includes full code point sorting via strcmp-based
collation.

The collation uses a new keyword 'strcmp_collation' which drops all
collation rules and generates an empty zero rules collation to enable
strcmp usage in collation. This ensures that we get full code point
sorting for C.UTF-8 with a minimal 92 bytes of overhead (LC_COLLATE
structure information).

The new locale is added to SUPPORTED. Minimal test data for specific
code points (minus those not supported by collate-test) is provided
in C.UTF-8.in, and this verifies code point sorting is working
reasonably across the range. The locale was tested manually with the
full set of code points without failure.

The locale is harmonized with locales already shipping in Gentoo,
Debian, Ubuntu, Fedora, CentOS Stream, and RHEL. A new tst-iconv9 test
is added which verifies the C.UTF-8 locale is generally usable.

Testing for fnmatch, regexec, and recomp is provided by extending
bug-regex1, bugregex19, bug-regex4, bug-regex6, transbug, tst-fnmatch,
tst-regcomp-truncated, and tst-regex to use C.UTF-8.

Tested on x86_64 or i686 without regression.

Author: Andreas Schwab
Author Date: 2021-06-25 13:02:47 UTC

wordexp: handle overflow in positional parameter number (bug 28011)

Use strtoul instead of atoi so that overflow can be detected.

(cherry picked from commit 5adda61f62b77384718b4c0d8336ade8f2b4b35c)

Author: Szabolcs Nagy
Author Date: 2021-02-16 12:55:13 UTC

RFC elf: Fix slow tls access after dlopen [BZ #19924]

In short: __tls_get_addr checks the global generation counter,
_dl_update_slotinfo updates up to the generation of the accessed
module. If the global generation is newer than geneneration of the
module then __tls_get_addr keeps hitting the slow path that updates
the dtv.

Possible approaches i can see:

1. update to global generation instead of module,
2. check the module generation in the fast path.

This patch is 1.: it needs additional sync (load acquire) so the
slotinfo list is up to date with the observed global generation.

Approach 2. would require walking the slotinfo list at all times.
I don't know how to make that fast with many modules.

Note: in the x86_64 version of dl-tls.c the generation is only loaded
once, since relaxed mo is not faster than acquire mo load.

I have not benchmarked this yet.

Author: Szabolcs Nagy
Author Date: 2021-03-15 11:44:32 UTC

malloc: Ensure mtag code path in checked_request2size is cold

This is a workaround (hack) for a gcc optimization issue (PR 99551).
Without this the generated code may evaluate the expression in the
cold path which causes performance regression for small allocations
in the memory tagging disabled (common) case.

Author: Szabolcs Nagy
Author Date: 2021-02-09 17:59:11 UTC

aarch64: Optimize __libc_mtag_tag_zero_region

This is a target hook for memory tagging, the original was a naive
implementation. Uses the same algorithm as __libc_mtag_tag_region,
but with instructions that also zero the memory. This was not
benchmarked on real cpu, but expected to be faster than the naive
implementation.

Author: Andreas Schwab
Author Date: 2021-02-21 21:22:29 UTC

aarch64: Update ILP32 abilists for glibc 2.33

Author: Tulio Magno Quites Machado Filho
Author Date: 2020-10-02 13:18:48 UTC

powerpc64: Stop assuming new processors have VSX

VSX has been available on IBM POWER since POWER7. All IBM processors
compliant with POWER ISAs 2.07, 3.0 and 3.1 also support VSX.
This patch aims to remove a barrier for new processors as they start to
support Linux on powerpc64 while not having support for all the altivec
and vsx instructions.

Author: Szabolcs Nagy
Author Date: 2021-02-11 13:24:47 UTC

elf: Remove lazy tlsdesc relocation related code

Remove generic tlsdesc code related to lazy tlsdesc processing since
lazy tlsdesc relocation is no longer supported. This includes removing
GL(dl_load_lock) from _dl_make_tlsdesc_dynamic which is only called at
load time when that lock is already held.

Added a documentation comment too.

Author: Tulio Magno Quites Machado Filho
Author Date: 2021-02-13 21:49:56 UTC

Merge branch release/2.28/master into ibm/2.28/master

Author: Szabolcs Nagy
Author Date: 2021-01-06 11:31:04 UTC

Make libc symbols hidden in static PIE

Hidden visibility can avoid indirections and RELATIVE relocs in
static PIE libc.

The check should use IS_IN_LIB instead of IS_IN(libc) since all
symbols are defined locally in static PIE and the optimization is
useful in all libraries not just libc. However the test system
links objects from libcrypt.a into dynamic linked test binaries
where hidden visibility does not work. I think mixing static and
shared libc components in the same binary should not be supported
usage, but to be safe only use hidden in libc.a.

On some targets (i386) this optimization cannot be applied because
hidden visibility PIE ifunc functions don't work, so it is gated by
NO_HIDDEN_EXTERN_FUNC_IN_PIE.

From -static-pie linked 'int main(){}' this shaves off 71 relative
relocs on aarch64 and reduces code size by about 2k.

Author: Fangrui Song
Author Date: 2021-01-12 07:56:32 UTC

Unconditionally define __stack_chk_guard [BZ #26817]

__stack_chk_guard is currently unavailable on architectures which define
THREAD_SET_STACK_GUARD, so {gcc,clang} -fstack-protector
-mstack-protector-guard=global will fail to link due to the undefined
symbol.

Define __stack_chk_guard to make -mstack-protector-guard=global compiled
user programs work. `#define THREAD_SET_STACK_GUARD` code is moved
outside of `#ifndef __ASSEMBLER__` so that cpp can preprocess
elf/Versions.

Author: Richard Earnshaw
Author Date: 2020-12-18 19:00:49 UTC

aarch64: Add aarch64-specific files for memory tagging support

This final patch provides the architecture-specific implementation of
the memory-tagging support hooks for aarch64.

Author: Szabolcs Nagy
Author Date: 2020-12-01 10:13:18 UTC

aarch64: Use mmap to add PROT_BTI instead of mprotect [BZ #26831]

Re-mmap executable segments if possible instead of using mprotect
to add PROT_BTI. This allows using BTI protection with security
policies that prevent mprotect with PROT_EXEC.

If the fd of the ELF module is not available because it was kernel
mapped then mprotect is used and failures are ignored. To protect
the main executable even when mprotect is filtered the linux kernel
 will have to be changed to add PROT_BTI to it.

The delayed failure reporting is mainly needed because currently
_dl_process_gnu_properties does not propagate failures such that
the required cleanups happen. Using the link_map_machine struct for
error propagation is not ideal, but this seemed to be the least
intrusive solution.

Fixes bug 26831.

Author: Szabolcs Nagy
Author Date: 2020-10-28 18:10:23 UTC

aarch64: Use mmap to add PROT_BTI instead of mprotect [BZ #26831]

Re-mmap executable segments if possible instead of using mprotect
to add PROT_BTI. This allows using BTI protection with security
policies that prevent mprotect with PROT_EXEC.

If the fd of the ELF module is not available because it was kernel
mapped then mprotect is used and failures are ignored. To protect
the main executable even when mprotect is filtered the linux kernel
will have to be changed to add PROT_BTI to it.

Computing the mapping bounds follows _dl_map_object_from_fd more
closely now.

The delayed failure reporting is mainly needed because currently
_dl_process_gnu_properties does not propagate failures such that
the required cleanups happen. Using the link_map_machine struct for
error propagation is not ideal, but this seemed to be the least
intrusive solution.

Fixes bug 26831.

Author: Richard Earnshaw
Author Date: 2020-11-20 17:20:10 UTC

aarch64: Add aarch64-specific files for memory tagging support

This final patch provides the architecture-specific implementation of
the memory-tagging support hooks for aarch64.

Author: Szabolcs Nagy
Author Date: 2020-10-22 16:55:01 UTC

aarch64: Fix DT_AARCH64_VARIANT_PCS handling [BZ #26798]

The variant PCS support was ineffective because in the common case
linkmap->l_mach.plt == 0 but then the symbol table flags were ignored
and normal lazy binding was used instead of resolving the relocs early.
(This was a misunderstanding about how GOT[1] is setup by the linker.)

In practice this mainly affects SVE calls when the vector length is
more than 128 bits, then the top bits of the argument registers get
clobbered during lazy binding.

Fixes bug 26798.

(cherry picked from commit 558251bd8785760ad40fcbfeaaee5d27fa5b0fe4)

Author: Alexandra Hájková
Author Date: 2020-04-27 14:52:38 UTC

 Linux: Add execveat system call wrapper

Author: Szabolcs Nagy
Author Date: 2020-06-11 17:19:40 UTC

aarch64: add NEWS entry about branch protection support

This is a new security feature that relies on architecture
extensions and needs glibc to be built with a gcc configured
with branch protection.

Author: Szabolcs Nagy
Author Date: 2020-06-11 17:19:40 UTC

aarch64: add NEWS entry about branch protection support

This is a new security feature that relies on architecture
extensions and needs glibc to be built with a gcc configured
with branch protection.

Author: Szabolcs Nagy
Author Date: 2020-06-11 17:19:40 UTC

aarch64: add NEWS entry about branch protection support

This is a new security feature that relies on architecture
extensions and needs glibc to be built with a gcc configured
with branch protection.

Author: Szabolcs Nagy
Author Date: 2020-06-11 17:19:40 UTC

aarch64: add NEWS entry about branch protection support

This is a new security feature that relies on architecture
extensions and needs glibc to be built with a gcc configured
with branch protection.

Author: Alistair Francis
Author Date: 2020-04-08 21:43:47 UTC

Revert "Add IPPROTO_ETHERNET and IPPROTO_MPTCP from Linux 5.6 to netinet/in.h."

This reverts commit f9ac84f92f151e07586c55e14ed628d493a5929d.

Author: Tulio Magno Quites Machado Filho
Author Date: 2020-03-20 21:24:51 UTC

Merge branch release/2.26/master into ibm/2.26/master

Author: Bert Tenjy
Author Date: 2020-02-13 17:55:31 UTC

PPC64: Attach SIMD attribute to cosf, sin, sinf function declarations.

These changes were mistakenly left out of the patches that added SIMD
versions of these functions to libmvec.

Reviewed-by: Tulio Magno Quites Machado Filho <tuliom@linux.ibm.com>

Author: Florian Weimer
Author Date: 2020-02-12 12:40:26 UTC

Linux: Work around kernel bugs in chmod on /proc/self/fd paths

It appears that the ability to change symbolic link modes through such
paths is unintended. On several file systems, the operation fails with
EOPNOTSUPP, even though the symbolic link permissions are updated.
The expected behavior is a failure to update the permissions, without
file system changes.

Author: Florian Weimer
Author Date: 2020-02-12 14:36:03 UTC

nss_nisplus: Use NSS_DECLARE_MODULE_FUNCTIONS

Author: Florian Weimer
Author Date: 2020-02-09 16:07:07 UTC

microblaze: vfork syscall number is always available

Due to the built-in tables, __NR_vfork is always defined, so the
fork-based fallback code is never used.

(It appears that the vfork system call was wired up when the port was
contributed to the kernel.)

Author: Alistair Francis
Author Date: 2020-01-17 05:49:34 UTC

WIP

Signed-off-by: Alistair Francis <alistair.francis@wdc.com>

Author: Zack Weinberg
Author Date: 2019-06-11 17:05:02 UTC

Rename sys/ucontext.h to bits/ucontext.h.

sys/ucontext.h is effectively a bits header. Its contents are
extremely system-specific, and it’s strongly associated with a
specific public header (ucontext.h) that provides a superset of its
definitions, but there are other public headers that also require some
of its definitions. This patch therefore moves it into the bits/
namespace and adjusts all the headers that refer to it. In case there
are external users, a stub is added that includes ucontext.h.

Most of the fallout changes are trivial, but aarch64, ia64 and riscv
need a little more work. aarch64 sys/ucontext.h (now bits/ucontext.h)
was including sys/procfs.h for the definition of elf_greg_t etc;
the simplest fix is to have it include bits/procfs.h instead (and then
that needs to include sys/user.h for user_regs_struct). This is not
ideal but fixing it properly would require disentangling all of the
debugger interface headers which is more than I’m up for at the moment.

ia64 bits/ptrace.h and bits/procfs.h were both including
bits/sigcontext.h, which is only licensed to be included from
signal.h. (I’m not sure how this ever worked, or why it broke with
this patch and not some previous one.) This is fixed by creating
another single-type header, bits/types/__ia64_fpreg.h, which provides
the only thing they need from bits/sigcontext.h.

s/u/s/l/riscv/makecontext.c was defining makecontext with a function
head that didn’t agree with its official prototype (in ucontext.h);
formerly that file did not include ucontext.h, only sys/ucontext.h,
so we were getting away with it, but it’s still wrong. Making the
function head match the prototype actually simplifies the code.

 * sysdeps/generic/sys/ucontext.h: Move to top level bits/ucontext.h.
 Adjust multiple inclusion guard.
 * sysdeps/arm/sys/ucontext.h: Move to sysdeps/arm/bits/ucontext.h.
 Adjust multiple inclusion guard.
 * sysdeps/i386/sys/ucontext.h: Similarly.
 * sysdeps/m68k/sys/ucontext.h: Similarly.
 * sysdeps/mips/sys/ucontext.h: Similarly.
 * sysdeps/unix/sysv/linux/aarch64/sys/ucontext.h: Similarly.
 * sysdeps/unix/sysv/linux/alpha/sys/ucontext.h: Similarly.
 * sysdeps/unix/sysv/linux/arm/sys/ucontext.h: Similarly.
 * sysdeps/unix/sysv/linux/csky/sys/ucontext.h: Similarly.
 * sysdeps/unix/sysv/linux/hppa/sys/ucontext.h: Similarly.
 * sysdeps/unix/sysv/linux/ia64/sys/ucontext.h: Similarly.
 * sysdeps/unix/sysv/linux/m68k/sys/ucontext.h: Similarly.
 * sysdeps/unix/sysv/linux/microblaze/sys/ucontext.h: Similarly.
 * sysdeps/unix/sysv/linux/mips/sys/ucontext.h: Similarly.
 * sysdeps/unix/sysv/linux/nios2/sys/ucontext.h: Similarly.
 * sysdeps/unix/sysv/linux/powerpc/sys/ucontext.h: Similarly.
 * sysdeps/unix/sysv/linux/riscv/sys/ucontext.h: Similarly.
 * sysdeps/unix/sysv/linux/s390/sys/ucontext.h: Similarly.
 * sysdeps/unix/sysv/linux/sh/sys/ucontext.h: Similarly.
 * sysdeps/unix/sysv/linux/sparc/sys/ucontext.h: Similarly.
 * sysdeps/unix/sysv/linux/x86/sys/ucontext.h: Similarly.
 * stdlib/Makefile: Install bits/ucontext.h.

 * stdlib/sys/ucontext.h: New backward compatibility stub header,
 includes ucontext.h.
 * include/sys/ucontext.h: New wrapper.

 * sysdeps/unix/sysv/linux/aarch64/bits/procfs.h: Allow inclusion
 by bits/ucontext.h as well as sys/procfs.h. Include sys/user.h.
 * sysdeps/unix/sysv/linux/aarch64/bits/ucontext.h: Include
 bits/procfs.h instead of sys/procfs.h.

 * sysdeps/unix/sysv/linux/ia64/bits/types/__ia64_fpreg.h:
 New file, contents factored out of ia64/bits/sigcontext.h and
 ia64/bits/ucontext.h.
 * sysdeps/unix/sysv/linux/ia64/Makefile:
 Install bits/types/__ia64_fpreg.h. Merge subdir=misc blocks.
 * sysdeps/unix/sysv/linux/ia64/bits/sigcontext.h
 * sysdeps/unix/sysv/linux/ia64/bits/ucontext.h:
 Include bits/types/__ia64_fpreg.h for struct ia64_fpreg.

 * sysdeps/unix/sysv/linux/ia64/bits/procfs.h:
 Include bits/types/__ia64_fpreg.h for struct ia64_fpreg.
 Don’t include bits/sigcontext.h or bits/ucontext.h.
 * sysdeps/unix/sysv/linux/ia64/sys/ptrace.h:
 Don’t include bits/sigcontext.h.

 * sysdeps/unix/sysv/linux/riscv/makecontext.c: Include
 ucontext.h, not sys/ucontext.h. Correct function head to match
 prototype in ucontext.h. Use va_arg to retrieve all arguments
 past argc.

 * sysdeps/unix/sysv/linux/s390/tst-ptrace-singleblock.c:
 Sort list of includes.

 * signal/signal.h, stdlib/ucontext.h
 * sysdeps/unix/sysv/linux/alpha/bits/procfs-prregset.h
 * sysdeps/unix/sysv/linux/ia64/sys/ptrace.h
 * sysdeps/unix/sysv/linux/riscv/bits/procfs.h
 * sysdeps/unix/sysv/linux/s390/bits/procfs.h:
 Include bits/ucontext.h, not sys/ucontext.h.

 * sysdeps/unix/sysv/linux/aarch64/sigcontextinfo.h
 * sysdeps/unix/sysv/linux/arm/sigcontextinfo.h
 * sysdeps/unix/sysv/linux/nios2/sigcontextinfo.h
 * sysdeps/unix/sysv/linux/riscv/sigcontextinfo.h:
 Include signal.h, not sys/ucontext.h.

 * sysdeps/unix/sysv/linux/arm/register-dump.h
 * sysdeps/unix/sysv/linux/csky/register-dump.h:
 Include ucontext.h, not sys/ucontext.h.

 * sysdeps/unix/sysv/linux/aarch64/ucontext_i.sym
 * sysdeps/unix/sysv/linux/alpha/ucontext-offsets.sym
 * sysdeps/unix/sysv/linux/arm/ucontext_i.sym
 * sysdeps/unix/sysv/linux/csky/abiv2/ucontext_i.sym
 * sysdeps/unix/sysv/linux/hppa/ucontext_i.sym
 * sysdeps/unix/sysv/linux/i386/ucontext_i.sym
 * sysdeps/unix/sysv/linux/ia64/sigcontext-offsets.sym
 * sysdeps/unix/sysv/linux/m68k/m680x0/ucontext_i.sym
 * sysdeps/unix/sysv/linux/powerpc/powerpc32/ucontext_i.sym
 * sysdeps/unix/sysv/linux/powerpc/powerpc64/ucontext_i.sym
 * sysdeps/unix/sysv/linux/mips/ucontext_i.sym
 * sysdeps/unix/sysv/linux/nios2/ucontext_i.sym
 * sysdeps/unix/sysv/linux/riscv/ucontext_i.sym
 * sysdeps/unix/sysv/linux/s390/ucontext_i.sym
 * sysdeps/unix/sysv/linux/sh/sh3/ucontext_i.sym
 * sysdeps/unix/sysv/linux/sh/sh4/ucontext_i.sym
 * sysdeps/unix/sysv/linux/sparc/sparc32/ucontext_i.sym
 * sysdeps/unix/sysv/linux/x86_64/ucontext_i.sym:
 Include stddef.h and signal.h; don’t include any other headers.

 * scripts/check-obsolete-constructs.py (HEADER_ALLOWED_INCLUDES)
 (SYSDEP_ALLOWED_INCLUDES): Update.

Author: Zack Weinberg
Author Date: 2019-08-19 17:51:25 UTC

Warn when gettimeofday is called with non-null tzp argument.

Since there are no known uses of gettimeofday's vestigial "get time
zone" feature that are not bugs, add a fortify-style wrapper inline to
sys/time.h that issues a warning whenever gettimeofday is called with
a second argument that is not a compile-time null pointer
constant.

At present this is only possible with GCC; clang does not implement
attribute((warning)). The wrapper is only activated when __OPTIMIZE__
is defined because it throws false positives when optimization is off,
even though it's an always-inline function.

An oversight in the implementation of __builtin_constant_p causes it
to fail to detect compile-time *pointer* constants unless they are
cast to an integer of a different size. (Loss of data in this cast is
harmless; the overall expression is still constant if and only if the
original pointer was.) This is GCC bug 95514. Thanks to
Kamil Cukrowski <kamilcukrowski@gmail.com> for the workaround.
As a precaution, I added a static assertion to debug/warning-nop.c to
make sure that the cast _is_ casting to an integer of a different
size; this is too unlikely a scenario to be worth checking in the
public header, but if someone ever adds a port where short is the
same size as intptr_t, we'll still catch it.

Author: Gabriel F. T. Gomes
Author Date: 2019-07-11 14:48:28 UTC

RFC: powerpc64le: Enable support for IEEE long double

Not for glibc-2.31 - Do not commit!

No changes since v3.

Changes since v2:

  - Added definition of LDBL_IBM128_COMPAT_VERSION and
    LDBL_IBM128_VERSION (moved from a previous commit).

Changes since v1:

  - Use __LONG_DOUBLE_USES_FLOAT128 directly.

-- 8< --
On platforms where long double may have two different formats, i.e.: the
same format as double (64-bits) or something else (128-bits), building
with -mlong-double-128 is the default and function calls in the user
program match the name of the function in Glibc. When building with
-mlong-double-64, Glibc installed headers redirect such calls to the
appropriate function.

This patch adds similar redirections to be used by user code builds in
IEEE long double mode (-mabi=ieeelongdouble). It also skips some uses
of libc_hidden_proto in internal headers, because they also produce
redirections, causing a redirection conflict.

PS: Missing NEWS entry.

Author: Vineet Gupta
Author Date: 2019-11-07 23:24:05 UTC

build-many-glibcs.py: Enable ARC hard float builds

Signed-off-by: Vineet Gupta <vgupta@synopsys.com>

Author: Florian Weimer
Author Date: 2019-12-03 08:26:03 UTC

WIP dlopen NODELETE test

Author: Florian Weimer
Author Date: 2019-11-29 15:37:58 UTC

elf: Do not run IFUNC resolvers for LD_DEBUG=unused [BZ #24214]

This commit adds missing skip_ifunc checks to aarch64, arm, i386,
sparc, and x86_64. A new test case ensures that IRELATIVE IFUNC
resolvers do not run in various diagnostic modes of the dynamic
loader.

Tested on x86_64-linux-gnu, i686-linux-gnu, aarch64-linux-gnu,
s390-linux-gnu, s390x-linux-gnu, powerpc64le-linux-gnu. Built with
build-many-glibcs.py.

Author: Florian Weimer
Author Date: 2019-11-22 21:10:42 UTC

libio: Disable vtable validation for pre-2.1 interposed handles [BZ #25203]

Commit c402355dfa7807b8e0adb27c009135a7e2b9f1b0 ("libio: Disable
vtable validation in case of interposition [BZ #23313]") only covered
the interposable glibc 2.1 handles, in libio/stdfiles.c. The
parallel code in libio/oldstdfiles.c needs similar detection logic.

Fixes (again) commit db3476aff19b75c4fdefbe65fcd5f0a90588ba51
("libio: Implement vtable verification [BZ #20191]").

Change-Id: Ief6f9f17e91d1f7263421c56a7dc018f4f595c21
(cherry picked from commit cb61630ed712d033f54295f776967532d3f4b46a)

Author: Florian Weimer
Author Date: 2019-11-22 21:10:42 UTC

libio: Disable vtable validation for pre-2.1 interposed handles [BZ #25203]

Commit c402355dfa7807b8e0adb27c009135a7e2b9f1b0 ("libio: Disable
vtable validation in case of interposition [BZ #23313]") only covered
the interposable glibc 2.1 handles, in libio/stdfiles.c. The
parallel code in libio/oldstdfiles.c needs similar detection logic.

Fixes (again) commit db3476aff19b75c4fdefbe65fcd5f0a90588ba51
("libio: Implement vtable verification [BZ #20191]").

Change-Id: Ief6f9f17e91d1f7263421c56a7dc018f4f595c21
(cherry picked from commit cb61630ed712d033f54295f776967532d3f4b46a)

Author: Florian Weimer
Author Date: 2019-10-11 14:11:21 UTC

Implement __libc_early_init

This function is defined in libc.so, and the dynamic loader calls
right after relocation has been finished, before any ELF constructors
or the preinit function is invoked. It is also used in the static
build for initializing parts of the static libc.

To locate __libc_early_init, a direct symbol lookup function is used,
_dl_lookup_direct. It does not search the entire symbol scope and
consults merely a single link map. This function could also be used
to implement lookups in the vDSO (as an optimization).

A per-namespace variable (libc_map) is added for locating libc.so,
to avoid repeated traversals of the search scope. It is similar to
GL(dl_initfirst). An alternative would have been to thread a context
argument from _dl_open down to _dl_map_object_from_fd (where libc.so
is identified). This could have avoided the global variable, but
the change would be larger as a result. It would not have been
possible to use this to replace GL(dl_initfirst) because that global
variable is used to pass the function pointer past the stack switch
from dl_main to the main program. Replacing that requires adding
a new argument to _dl_init, which in turn needs changes to the
architecture-specific libc.so startup code written in assembler.

__libc_early_init should not be used to replace _dl_var_init (as
it exists today on some architectures). Instead, _dl_lookup_direct
should be used to look up a new variable symbol in libc.so, and
that should then be initialized from the dynamic loader, immediately
after the object has been loaded in _dl_map_object_from_fd (before
relocation is run). This way, more IFUNC resolvers which depend on
these variables will work.

Author: Florian Weimer
Author Date: 2019-11-28 11:57:25 UTC

Add --disable-major-minor-libraries configure option

This option can be used to increase compatibility with package managers.
The name was choosen to avoid confusion with all the different versions
(glibc release, soname versions, symbol versions).

This patch makes all uses of -$(version).so conditional on the new
$(major-minor-libraries) flag. The alternative install targets write
the implementation DSOs directly to the locations determined by their
sonames, skipping the creation of an intermediate symbolic link.

install-symbolic-link in Makerules is updated not to require the
$(symbolic-link-list) file because it may not exist in
--disable-major-minor-libraries mode.

I verified that by default, the install tree is the same as before
on x86_64-linux-gnu except for the changes in the manual.

Author: Florian Weimer
Author Date: 2019-11-26 13:48:56 UTC

x86: Assume --enable-cet if GCC defaults to CET [BZ #25225]

This links in CET support if GCC defaults to CET. Otherwise, __CET__
is defined, yet CET functionality is not compiled and linked into the
dynamic loader, resulting in a linker failure due to undefined
references to _dl_cet_check and _dl_open_check.

Author: Marcin Kościelnicki
Author Date: 2019-11-20 23:20:15 UTC

rtld: Check __libc_enable_secure before honoring LD_PREFER_MAP_32BIT_EXEC (CVE-2019-19126) [BZ #25204]

The problem was introduced in glibc 2.23, in commit
b9eb92ab05204df772eb4929eccd018637c9f3e9
("Add Prefer_MAP_32BIT_EXEC to map executable pages with MAP_32BIT").

(cherry picked from commit d5dfad4326fc683c813df1e37bbf5cf920591c8e)

Author: Florian Weimer
Author Date: 2019-11-11 15:09:32 UTC

WIP mul64 dlsym optimization

Change-Id: I4caf4f14deb7a106c17e3ca89bdff5cd89f9541b

Author: Florian Weimer
Author Date: 2019-11-03 10:39:56 UTC

Redefine _IO_iconv_t to store a single gconv step pointer [BZ #25097]

libio can only deal with gconv conversions which consist of a single
step. Not using __gconv_info simplifies the data structures somewhat.

This eliminates a new GCC 10 warning about subscribing an inner
zero-length array.

Tested on x86_64-linux-gnu with mainline GCC. Built with
build-many-glibcs.py, also with mainline GCC. Due to GCC PR 92039,
there are failures left on 32-bit architectures with float128 support.

Change-Id: I8b4c489b619a53154712ff32e1b6f13bb92d4203

Author: Florian Weimer
Author Date: 2019-11-02 20:40:26 UTC

Properly initialize audit cookie for the dynamic loader [BZ #25157]

The l_audit array is indexed by audit module, not audit function.

Author: Florian Weimer
Author Date: 2019-10-28 18:49:46 UTC

Remove all loaded objects if dlopen fails [BZ #20839]

Author: Florian Weimer
Author Date: 2019-10-29 11:23:48 UTC

Introduce DL_LOOKUP_FOR_RELOCATE flag for _dl_lookup_symbol_x

This will allow changes in dependency processing during non-lazy
binding, for more precise processing of NODELETE objects: During
initial relocation in dlopen, the fate of NODELETE objects is still
unclear, so objects which are depended upon by NODELETE objects
cannot immediately be marked as NODELETE.

Author: Stan Shebs
Author Date: 2019-08-14 17:20:07 UTC

Forestall a filesystem bug while building shlib.lds by using a temp file

Author: Szabolcs Nagy
Author Date: 2019-08-01 13:47:11 UTC

aarch64: Update ILP32 abilists for glibc 2.30

This will need to be merged with the initial ilp32 abilist commit.

2019-08-01 Szabolcs Nagy <szabolcs.nagy@arm.com>

 * sysdeps/unix/sysv/linux/aarch64/ilp32/libc.abilist: Update.
 * sysdeps/unix/sysv/linux/aarch64/ilp32/libpthread.abilist: Update.

Author: Zack Weinberg
Author Date: 2019-07-27 23:26:23 UTC

Remove access to legacy time zone support in gettimeofday etc.

gettimeofday and ftime are not quite fully implementable on systems
that only provide a primitive equivalent to clock_gettime, because
they can also report information about a system-wide time zone. This
mechanism has been deprecated for many years because it can only be
configured on a system-wide basis, and because it only supports the
simplest kinds of daylight-savings rules, but we’ve supported it on a
best-effort basis until now. This patch removes our support for it:

 * The type 'struct timezone' is still declared as a complete type in
   <sys/time.h>, but code that uses its fields (tz_minuteswest and
   tz_dsttime) will not compile.

 * Similarly, code that uses the 'timezone' and 'dstflag' fields of
   struct timeb will not compile anymore. (This is a willful
   violation of the older iterations of XPG that included
   sys/timeb.h; the relevant conformance tests are XFAILed.)

 * Old binaries that pass a non-NULL 'tzp' pointer to gettimeofday
   will always receive a 'struct timezone' whose tz_minuteswest and
   tz_dsttime fields are zero (as if the system were operating on UTC).

 * Similarly, old binaries that call ftime will always receive a
   'struct timeb' whose timezone and dstflag fields are zero.

 * If the 'tzp' argument to settimeofday is not NULL, the call will fail
   and set errno to ENOSYS. (This was already the case on the Hurd.)

 * glibc will always pass a second argument of NULL when invoking a
   kernel-provided gettimeofday.

 * On Alpha, the compat symbols gettimeofday@GLIBC_2.0 and
   settimeofday@GLIBC_2.0 (which used 32-bit time_t) now convert
   their arguments and call system primitives that use 64-bit time_t,
   instead of invoking legacy “osf” system calls.

ChangeLog:

 * time/sys/time.h (struct timezone): Remove tz_minuteswest
 and tz_dsttime fields; replace with padding to preserve the size.
 * time/sys/timeb.h (struct timeb): Remove timezone and dstflag
 fields; replace with padding to preserve the size.
 * conform/Makefile: XFAIL tests because struct timeb is no longer
 fully conformant with Unix98.

 * sysdeps/posix/gettimeofday.c
 * sysdeps/unix/sysv/linux/gettimeofday.c
 * sysdeps/unix/sysv/linux/aarch64/gettimeofday.c
 * sysdeps/unix/sysv/linux/powerpc/gettimeofday.c
 * sysdeps/unix/sysv/linux/x86/gettimeofday.c
 (gettimeofday): When ‘tz’ argument is not NULL, just clear it.
 Always pass a null pointer as the second argument to a
 gettimeofday (v)syscall.

 * sysdeps/unix/bsd/ftime.c: Unconditionally clear the memory that
 was formerly the ‘timezone’ and ‘dstflag’ fields of struct timeb.

 * sysdeps/unix/syscalls.list: Remove entry for settimeofday.
 * sysdeps/unix/settimeofday.c: New file.
 (settimeofday): Fail with ENOSYS if ‘tz’ argument is not NULL.

 * sysdeps/unix/sysv/linux/alpha/syscalls.list: Remove entries for
        osf_gettimeofday, osf_settimeofday, and settimeofday.
 * sysdeps/unix/sysv/linux/alpha/osf_gettimeofday.c:
 New file. Call the 64-bit gettimeofday, then convert to a
 32-bit struct timeval. On overflow, saturate the struct timeval
 and fail with EOVERFLOW.
 * sysdeps/unix/sysv/linux/alpha/osf_settimeofday.c: New file.
        Convert to a 64-bit struct timeval and call 64-bit settimeofday.
        Fail with ENOSYS if ‘tz’ argument is not NULL.

 * sunrpc/auth_des.c, sunrpc/auth_unix.c
 * sysdeps/posix/time.c, sysdeps/unix/stime.c:
 Remove unnecessary casts of NULL.

 * sysdeps/unix/sysv/linux/powerpc/time.c (time_syscall):
 Use (void *)0 instead of NULL when passing a null pointer
 as an untyped argument.

 * manual/time.texi: Remove documentation of fields of
 struct timezone. Revise text to further emphasize that
 the second argument to gettimeofday/settimeofday should
 always be a null pointer.

Author: Florian Weimer
Author Date: 2019-07-25 10:48:41 UTC

Linux: Move getdents64 to <dirent.h>

This matches the location of the declaration in musl.

Author: Florian Weimer
Author Date: 2019-07-22 12:02:40 UTC

nptl: Use uintptr_t for address diagnostic in nptl/tst-pthread-getattr

Recent GCC versions warn about the attempt to return the address of a
local variable:

tst-pthread-getattr.c: In function ‘allocate_and_test’:
tst-pthread-getattr.c:54:10: error: function returns address of local variable [-Werror=return-local-addr]
   54 | return mem;
      | ^~~
In file included from ../include/alloca.h:3,
                 from tst-pthread-getattr.c:26:
../stdlib/alloca.h:35:23: note: declared here
   35 | # define alloca(size) __builtin_alloca (size)
      | ^~~~~~~~~~~~~~~~~~~~~~~
tst-pthread-getattr.c:51:9: note: in expansion of macro ‘alloca’
   51 | mem = alloca ((size_t) (mem - target));
      | ^~~~~~

The address itself is used in a check in the caller, so using
uintptr_t instead is reasonable.

Author: Florian Weimer
Author Date: 2019-07-22 09:01:17 UTC

Linux: Include <linux/sockios.h> in <bits/socket.h> under __USE_MISC

Historically, <asm/socket.h> (which is included from <bits/socket.h>)
provided ioctl operations for sockets. User code accessed them
through <sys/socket.h>. The kernel UAPI headers have removed these
definitions in favor of <linux/sockios.h>. This commit makes them
available via <sys/socket.h> again.

Author: Szabolcs Nagy
Author Date: 2019-06-28 14:23:27 UTC

aarch64: add vector sin, cos, log and pow abi symbols

Add simple assembly implementations that fall back to scalar code,
similar to the vector exp code.

2019-07-15 Szabolcs Nagy <szabolcs.nagy@arm.com>

 * sysdeps/aarch64/fpu/Makefile: Add functions.
 * sysdeps/aarch64/fpu/Versions: Add symbols.
 * sysdeps/aarch64/fpu/libmvec_double_vlen2_cos.S: New file.
 * sysdeps/aarch64/fpu/libmvec_double_vlen2_log.S: New file.
 * sysdeps/aarch64/fpu/libmvec_double_vlen2_pow.S: New file.
 * sysdeps/aarch64/fpu/libmvec_double_vlen2_sin.S: New file.
 * sysdeps/aarch64/fpu/libmvec_float_vlen4_cosf.S: New file.
 * sysdeps/aarch64/fpu/libmvec_float_vlen4_logf.S: New file.
 * sysdeps/aarch64/fpu/libmvec_float_vlen4_powf.S: New file.
 * sysdeps/aarch64/fpu/libmvec_float_vlen4_sinf.S: New file.
 * sysdeps/aarch64/fpu/test-double-vlen2-wrappers.c: Add wrappers.
 * sysdeps/aarch64/fpu/test-float-vlen4-wrappers.c: Add wrappers.
 * sysdeps/aarch64/libm-test-ulps: Update.
 * sysdeps/unix/sysv/linux/aarch64/libmvec.abilist: Update.

Author: Florian Weimer
Author Date: 2019-05-17 09:10:51 UTC

nss_dns: Remove RES_USE_INET6 handling

Since commit 3f8b44be0a658266adff5ece1e4bc3ce097a5dbe ("resolv:
Remove support for RES_USE_INET6 and the inet6 option"),
res_use_inet6 () always evaluates to false.

Author: Florian Weimer
Author Date: 2019-05-16 10:08:37 UTC

WIP Support exotic character sets in __fxprintf [BZ #24562]

This does not quite work because vfprintf has a similar
incorrect assumption.

Author: Florian Weimer
Author Date: 2019-05-03 15:46:36 UTC

malloc/tst-mallocfork2: Use process-shared barriers

This synchronization method has a lower overhead and makes
it more likely that the signal arrives during one of the critical
functions.

Also test for fork deadlocks explicitly.

Author: Florian Weimer
Author Date: 2019-05-02 10:37:21 UTC

iconv: Use __twalk_r in __gconv_release_shlib

Author: Stan Shebs
Author Date: 2018-03-13 18:37:02 UTC

As with gettimeofday, avoid vdso for clang-compiled time()

Author: Florian Weimer
Author Date: 2018-06-06 14:02:02 UTC

ld.so: Introduce delayed relocation processing

This makes it possible to use IFUNC resolvers which depend
on relocations themselves, as long as these reloctions do
not depend on IFUNCs.

So far, delayed relocation processing is only implemented for
x86-64.

Author: Florian Weimer
Author Date: 2019-02-04 14:47:59 UTC

Restore GLIBC_PRIVATE ABI after CVE-2016-10739 fix [BZ #20018]

This commit avoids adding the __inet_aton_exact@GLIBC_PRIVATE
symbol. In master, the separately-compiled getaddrinfo
implementation in nscd needs it, however such an internal ABI change
is not desirable on a release branch if it can be avoided easily.

Author: Siddhesh Poyarekar
Author Date: 2019-01-12 11:09:16 UTC

Another major update

Author: Albert ARIBAUD (3ADEV)
Author Date: 2018-10-24 12:43:06 UTC

Ensure mktime sets errno on error [BZ #23789]

Posix mandates that mktime set errno to EOVERFLOW
on error, but the glibc mktime wasn't doing it so
far.

Fix this and add a test to prevent regressions.
The fix also fixes the same issue in timegm.

Tested with 'make check' on x86-linux-gnu and
i686-linux-gnu.

        * time/Makefile: Add bug-mktime4.
 * time/bug-mktime4.c: New file.
 * time/mktime.c
 (__mktime_internal): Set errno to EOVERFLOW on error.
 (mktime): Move call to __tzset inside conditional.

Author: Albert ARIBAUD (3ADEV)
Author Date: 2018-10-24 12:43:06 UTC

Ensure mktime sets errno on error (bug 23789)

Posix mandates that mktime set errno to EOVERFLOW
on error, that it, upon retuning -1, but the glibc
mktime does not so far on 32-bit architectures.

Fix this and add a test to prevent regressions.

The test was run through 'make check' on i686-linux-gnu,
then the fix was added and 'make check' run again.

 * time/mktime.c
 (mktime): Set errno to EOVERFLOW on error.
 * time/bug-mktime4.c: New file.
        * time/Makefile: Add bug-mktime4.