Bug 16009 (CVE-2015-8982)

Summary: Possible buffer overflow in strxfrm (CVE-2015-8982)
Product: glibc Reporter: Ondrej Bilka <neleai>
Component: libcAssignee: Siddhesh Poyarekar <siddhesh>
Status: RESOLVED FIXED    
Severity: normal CC: drepper.fsp, fweimer, mancha1, siddhesh
Priority: P2 Flags: fweimer: security+
Version: unspecified   
Target Milestone: ---   
Host: Target:
Build: Last reconfirmed:

Description Ondrej Bilka 2013-10-07 13:41:53 UTC
Like in
https://sourceware.org/bugzilla/show_bug.cgi?id=14547
a strxfrm_l contains identical code with identical bug.

  if (! __libc_use_alloca ((srclen + 1) * (sizeof (int32_t) + 1)))
    {
      idxarr = (int32_t *) malloc ((srclen + 1) * (sizeof (int32_t) + 1));
Comment 1 Joseph Myers 2013-10-07 16:13:55 UTC
That bug was meant to cover strxfrm as well as strcoll but appears to have been closed without fixing the strxfrm case....
Comment 2 Siddhesh Poyarekar 2013-10-07 16:20:02 UTC
(In reply to Joseph Myers from comment #1)
> That bug was meant to cover strxfrm as well as strcoll but appears to have
> been closed without fixing the strxfrm case....

Ah ok, that didn't occur to me.  I'll take this.
Comment 3 Sourceware Commits 2015-01-13 06:27:25 UTC
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  0f9e585480edcdf1e30dc3d79e24b84aeee516fa (commit)
      from  c60ec0e016f9e2444c7bc2703fc6b671a26f0f5e (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=0f9e585480edcdf1e30dc3d79e24b84aeee516fa

commit 0f9e585480edcdf1e30dc3d79e24b84aeee516fa
Author: Leonhard Holz <leonhard.holz@web.de>
Date:   Tue Jan 13 11:33:56 2015 +0530

    Fix memory handling in strxfrm_l [BZ #16009]
    
    [Modified from the original email by Siddhesh Poyarekar]
    
    This patch solves bug #16009 by implementing an additional path in
    strxfrm that does not depend on caching the weight and rule indices.
    
    In detail the following changed:
    
    * The old main loop was factored out of strxfrm_l into the function
    do_xfrm_cached to be able to alternativly use the non-caching version
    do_xfrm.
    
    * strxfrm_l allocates a a fixed size array on the stack. If this is not
    sufficiant to store the weight and rule indices, the non-caching path is
    taken. As the cache size is not dependent on the input there can be no
    problems with integer overflows or stack allocations greater than
    __MAX_ALLOCA_CUTOFF. Note that malloc-ing is not possible because the
    definition of strxfrm does not allow an oom errorhandling.
    
    * The uncached path determines the weight and rule index for every char
    and for every pass again.
    
    * Passing all the locale data array by array resulted in very long
    parameter lists, so I introduced a structure that holds them.
    
    * Checking for zero src string has been moved a bit upwards, it is
    before the locale data initialization now.
    
    * To verify that the non-caching path works correct I added a test run
    to localedata/sort-test.sh & localedata/xfrm-test.c where all strings
    are patched up with spaces so that they are too large for the caching path.

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog               |   16 ++
 NEWS                    |   16 +-
 localedata/sort-test.sh |    7 +
 localedata/xfrm-test.c  |   52 +++++-
 string/strxfrm_l.c      |  488 ++++++++++++++++++++++++++++++++++++++---------
 5 files changed, 471 insertions(+), 108 deletions(-)
Comment 4 Siddhesh Poyarekar 2015-01-13 06:28:20 UTC
Fixed in master.
Comment 5 Sourceware Commits 2015-02-06 15:36:39 UTC
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The annotated tag, glibc-2.21 has been created
        at  dee233133daf497cdb3a507a7da9d88414820a1f (tag)
   tagging  4e42b5b8f89f0e288e68be7ad70f9525aebc2cff (commit)
  replaces  glibc-2.20
 tagged by  Carlos O'Donell
        on  Fri Feb 6 01:42:58 2015 -0500

- Log -----------------------------------------------------------------
The GNU C Library
=================

The GNU C Library version 2.21 is now available.

The GNU C Library is used as *the* C library in the GNU system and
in GNU/Linux systems, as well as many other systems that use Linux
as the kernel.

The GNU C Library is primarily designed to be a portable
and high performance C library.  It follows all relevant
standards including ISO C11 and POSIX.1-2008.  It is also
internationalized and has one of the most complete
internationalization interfaces known.

The GNU C Library webpage is at http://www.gnu.org/software/libc/

Packages for the 2.21 release may be downloaded from:
        http://ftpmirror.gnu.org/libc/
        http://ftp.gnu.org/gnu/libc/

The mirror list is at http://www.gnu.org/order/ftp.html

NEWS for version 2.21
=====================

* The following bugs are resolved with this release:

  6652, 10672, 12674, 12847, 12926, 13862, 14132, 14138, 14171, 14498,
  15215, 15378, 15884, 16009, 16418, 16191, 16469, 16576, 16617, 16618,
  16619, 16657, 16740, 16857, 17192, 17266, 17273, 17344, 17363, 17370,
  17371, 17411, 17460, 17475, 17485, 17501, 17506, 17508, 17522, 17555,
  17570, 17571, 17572, 17573, 17574, 17582, 17583, 17584, 17585, 17589,
  17594, 17601, 17608, 17616, 17625, 17630, 17633, 17634, 17635, 17647,
  17653, 17657, 17658, 17664, 17665, 17668, 17682, 17702, 17717, 17719,
  17722, 17723, 17724, 17725, 17732, 17733, 17744, 17745, 17746, 17747,
  17748, 17775, 17777, 17780, 17781, 17782, 17791, 17793, 17796, 17797,
  17801, 17803, 17806, 17834, 17844, 17848, 17868, 17869, 17870, 17885,
  17892.

* CVE-2015-1472 Under certain conditions wscanf can allocate too little
  memory for the to-be-scanned arguments and overflow the allocated
  buffer.  The implementation now correctly computes the required buffer
  size when using malloc.

* A new semaphore algorithm has been implemented in generic C code for all
  machines. Previous custom assembly implementations of semaphore were
  difficult to reason about or ensure that they were safe. The new version
  of semaphore supports machines with 64-bit or 32-bit atomic operations.
  The new semaphore algorithm is used by sem_init, sem_open, sem_post,
  sem_wait, sem_timedwait, sem_trywait, and sem_getvalue.

* Port to Altera Nios II has been contributed by Mentor Graphics.

* Optimized strcpy, stpcpy, strncpy, stpncpy, strcmp, and strncmp
  implementations for powerpc64/powerpc64le.
  Implemented by Adhemerval Zanella (IBM).

* Added support for TSX lock elision of pthread mutexes on powerpc32, powerpc64
  and powerpc64le.  This may improve lock scaling of existing programs on
  HTM capable systems.  The lock elision code is only enabled with
  --enable-lock-elision=yes.  Also, the TSX lock elision implementation for
  powerpc will issue a transaction abort on every syscall to avoid side
  effects being visible outside transactions.

* Optimized strcpy, stpcpy, strchrnul and strrchr implementations for
  AArch64.  Contributed by ARM Ltd.

* i386 memcpy functions optimized with SSE2 unaligned load/store.

* CVE-2104-7817 The wordexp function could ignore the WRDE_NOCMD flag
  under certain input conditions resulting in the execution of a shell for
  command substitution when the applicaiton did not request it. The
  implementation now checks WRDE_NOCMD immediately before executing the
  shell and returns the error WRDE_CMDSUB as expected.

* CVE-2012-3406 printf-style functions could run into a stack overflow when
  processing format strings with a large number of format specifiers.

* CVE-2014-9402 The nss_dns implementation of getnetbyname could run into an
  infinite loop if the DNS response contained a PTR record of an unexpected
  format.

* The minimum GCC version that can be used to build this version of the GNU
  C Library is GCC 4.6.  Older GCC versions, and non-GNU compilers, can
  still be used to compile programs using the GNU C Library.

* The GNU C Library is now built with -Werror by default.  This can be
  disabled by configuring with --disable-werror.

* New locales: tu_IN, bh_IN, raj_IN, ce_RU.

* The obsolete sigvec function has been removed.  This was the original
  4.2BSD interface that inspired the POSIX.1 sigaction interface, which
  programs have been using instead for about 25 years.  Of course, ABI
  compatibility for old binaries using sigvec remains intact.

* Merged gettext 0.19.3 into the intl subdirectory.  This fixes building
  with newer versions of bison.

* Support for MIPS o32 FPXX, FP64A and FP64 ABI Extensions.
  The original MIPS o32 hard-float ABI requires an FPU where double-precision
  registers overlay two consecutive single-precision registers.  MIPS32R2
  introduced a new FPU mode (FR=1) where double-precision registers extend the
  corresponding single-precision registers which is incompatible with the
  o32 hard-float ABI.  The MIPS SIMD ASE and the MIPSR6 architecture both
  require the use of FR=1 making a transition necessary.  New o32 ABI
  extensions enable users to migrate over time from the original o32 ABI
  through to the updated o32 FP64 ABI.  To achieve this the dynamic linker now
  tracks the ABI of any loaded object and verifies that new objects are
  compatible.  Mode transitions will also be requested as required and
  unsupportable objects will be rejected.  The ABI checks include both soft and
  hard float ABIs for o32, n32 and n64.

  GCC 5 with GNU binutils 2.25 onwards:
  It is strongly recommended that all o32 system libraries are built using the
  new o32 FPXX ABI (-mfpxx) to facilitate the transition as this is compatible
  with the original and all new o32 ABI extensions.  Configure a MIPS GCC
  compiler using --with-fp-32=xx to set this by default.

Contributors
============

This release was made possible by the contributions of many people.
The maintainers are grateful to everyone who has contributed
changes or bug reports.  These include:

Adhemerval Zanella
Alan Hayward
Alexandre Oliva
Allan McRae
Anders Kaseorg
Andreas Krebbel
Andreas Schwab
Andrew Pinski
Andrew Senkevich
Anton Blanchard
Arjun Shankar
Aurelien Jarno
Bram
Brooks Moses
Carlos O'Donell
Chris Metcalf
Chung-Lin Tang
David Holsgrove
David S. Miller
Eric Biggers
Florian Weimer
Gratian Crisan
H.J. Lu
J. Brown
James Lemke
Jeff Law
Jose E. Marchesi
Joseph Myers
Kaz Kojima
Kostya Serebryany
Leonhard Holz
Ma Shimiao
Maciej W. Rozycki
Marcus Shawcroft
Marek Polacek
Martin Sebor
Matthew Fortune
Mike Frysinger
Ondřej Bílka
Paul Eggert
Paul Pluzhnikov
Petar Jovanovic
Pravin Satpute
Rajalakshmi Srinivasaraghavan
Rasmus Villemoes
Renlin Li
Richard Earnshaw
Richard Henderson
Roland McGrath
Ryan Cumming
Samuel Thibault
Siddhesh Poyarekar
Stefan Liebler
Steve Ellcey
Tatiana Udalova
Tim Lammens
Tom de Vries
Torvald Riegel
Vladimir A. Nazarenko
Wilco Dijkstra
Will Newton
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAABAgAGBQJU1GKVAAoJECXvCkNsKkr/4IYIAMfU5+NN2z44R2SeRlH+bSZG
rGCF7rUzUOY+ePVNdgOH2cUKfxuLyMU6aao/IVQ863VHW1Ct/x2goVU22oqnVmvP
FeElVxZyzx7iCqipqyaobj0Fm/b563/4yQ+BEOjH39Sj5Ii5kY6PcQQslMJWIH5R
/nHmO048ZAlx/vGWTczAR50HOW1z8H1gilWm8SBkq2BJ8UndhSXCVpThCdMGfeBF
NUxUl2aSt3eghA0SWD3WgRzRR0vU9RHuNQ5k5ggjjRPtipa8DP04t0Bk7/QiLhj1
M2upSS7r4ceZZuFGX8oYVn3f0lTajpOOeuX7SBnKIgQ8cDXtSHST6yPMAbsJRB4=
=odoa
-----END PGP SIGNATURE-----

Adhemerval Zanella (35):
      PowerPC: multiarch bzero cleanup for PPC64
      PowerPC: memset optimization for POWER8/PPC64
      powerpc: remove linux lowlevellock.h
      powerpc: Fix encoding of POWER8 instruction
      powerpc: Simplify encoding of POWER8 instruction
      libio: Refactor tst-fmemopen to use test-skeleton.c
      powerpc: Fix missing barriers in atomic_exchange_and_add_{acq,rel}
      powerpc: Add powerpc64 strspn optimization
      powerpc: Add powerpc64 strcspn optimization
      powerpc: Add powerpc64 strpbrk optimization
      libio: Fix buffer overrun in tst-ftell-active-handler
      libio: Fix variable aligment in tst-ftell-active-handler
      powerpc: Fix lgammal_r overflow warnings
      Fix __sendmmsg prototype guards
      stdio-common: Include <libc-internal.h> in some tests
      Function declaration cleanup
      mips: Fix __libc_pread prototype
      powerpc: Fix compiler warning on some syscalls
      powerpc: Add the lock elision using HTM
      powerpc: Add adaptive elision to rwlocks
      powerpc: abort transaction in syscalls
      powerpc: Fix Copyright dates and CL entry
      Add x86 32 bit vDSO time function support
      powerpc: Optimized st{r,p}cpy for POWER8/PPC64
      powerpc: Optimized strcat for POWER8/PPC64
      powerpc: Optimized strncat for POWER7/PPC64
      powerpc: Optimized st{r,p}ncpy for POWER8/PPC64
      powerpc: Optimized strcmp for POWER8/PPC64
      powerpc: Optimized strncmp for POWER8/PPC64
      powerpc: Fix POWER7/PPC64 performance regression on LE
      BZ #16418: Fix powerpc get_clockfreq raciness
      powerpc: Fix ifuncmain6pie failure with GCC 4.9
      powerpc: Fix powerpc64 build failure with binutils 2.22
      powerpc: Fix fsqrt build in libm [BZ#16576]
      powerpc: Fix fesetexceptflag [BZ#17885]

Alan Hayward (1):
      [AArch64] Add ipc.h.

Alexandre Oliva (6):
      Require check-safety.sh to pass; wish for check that all fns are documented
      manual: cuserid is mtasurace if not passed a string
      ctermid: return string literal, document MT-Safety pitfall
      BZ#14498: fix infinite loop in nss_db_getservbyname
      BZ#16469: don't drop trailing dot in res_nquerydomain(..., name, NULL, ...)
      BZ#16469: resolv: skip leading dot in domain to search

Allan McRae (5):
      Open development for 2.21
      Update Russian translation
      Update French translation
      stdio-common/Makefile: readd bug26 testcase
      Label CVE-2014-9402 in NEWS

Anders Kaseorg (2):
      manual: Remove incorrect claim that qsort() can be stabilized
      manual: Correct guarantee about pointers compared by qsort()

Andreas Krebbel (2):
      stdlib/longlong.h: Add __udiv_w_sdiv prototype.
      iconv: Suppress array out of bounds warning.

Andreas Schwab (20):
      Handle zero prefix length in getifaddrs (BZ #17371)
      Fix misdetected Slow_SSE4_2 cpu feature bit (bug 17501)
      Don't error out writing a multibyte character to an unbuffered stream (bug 17522)
      Remove unused include
      m68k: don't expect PLT reference to __tls_get_addr
      Don't touch user-controlled stdio locks in forked child (bug 12847)
      Update NEWS
      Remove duplication from gconv-modules
      Properly handle forced elision in pthread_mutex_trylock (bug 16657)
      Remove obsolete comment
      Constify string parameters
      Fix printf format error
      Fix changelog typo
      m68k: remove @PLTPC from _dl_init call
      Remove 17581 from NEWS
      m68k: force inlining bswap functions
      m68k: fix missing definition of __feraiseexcept
      m68k/coldfire: avoid warning about volatile register variables
      ia64: avoid set-but-not-used warning
      Include <signal.h> in sysdeps/nptl/allocrtsig.c

Andrew Pinski (1):
      AArch64: Reformat inline-asm in elf_machine_load_address

Andrew Senkevich (4):
      Update minimal required bunutils version to 2.22
      i386: memcpy functions with SSE2 unaligned load/store
      i386: Fix build by GCC 5.0
      Remove duplicated -frounding-math

Anton Blanchard (1):
      powerpc: Fix __arch_compare_and_exchange_bool_64_rel

Arjun Shankar (6):
      New test for ftime
      Write errors to stdout and not stderr in nptl/tst-setuid3.c
      Modify several tests to use test-skeleton.c
      Modify stdio-common/tst-fseek.c to use test-skeleton.c
      Modify stdlib/tst-bsearch.c to use test-skeleton.c
      Modify libio/tst-fopenloc.c to use test-skeleton.c

Aurelien Jarno (2):
      resolv: improve comments about nserv and nservall
      resolv: fix rotate option

Bram (1):
      Fix segmentation fault when LD_LIBRARY_PATH contains only non-existings paths

Brooks Moses (1):
      sysdeps/x86_64/start.S doesn't have a .size elf directive for _start.

Carlos O'Donell (22):
      HPPA: Transition to new non-addon NPTL.
      HPPA: Add c++-types.data.
      Correctly size profiling reloc table (bug 17411)
      hppa: Make __SIGRTMIN 32 (ABI break).
      elf/dl-load.c: Use __strdup.
      manual/llio.texi: Add Linux-specific comments for write().
      Run check-localpltk/textrel/execstack over ld.so.
      manual/llio.texi: Comment on write atomicity.
      CVE-2014-7817: wordexp fails to honour WRDE_NOCMD.
      Expand comments in elf/ldconfig.c (search_dir)
      Use ALIGN_UP in nptl/nptl-init.c
      Fix indenting in bits/ioctl-types.h.
      Update libc.pot:
      Regenerate INSTALL.
      Fix semaphore destruction (bug 12674).
      Fix recursive dlopen.
      tst-getpw: Rewrite.
      Update copyright year to 2015 for new files.
      hppa: Remove warnings and fix conformance errors.
      glibc 2.21 pre-release update.
      hppa: Sync with pthread.h.
      Update version.h and include/features.h for 2.21 release

Chris Metcalf (32):
      tile: remove linux lowlevellock.h
      tilegx: optimize string copy_byte() internal function
      tilegx: provide optimized strnlen, strstr, and strcasestr
      tile: add support for _SC_LEVEL*CACHE* sysconf() queries
      tile: optimize memcmp
      tile: make the prolog of clone() more conformant
      tile: add clock_gettime support via vDSO
      tile: fix copyright header blocks in just-committed files
      tile: add inhibit_loop_to_libcall to string functions
      math: increase timeout for math/atest-*.c
      iconvdata/tst-loading: bump up timeout to 10s
      tilegx: fix strstr to build and link better
      tile: provide localplt.data with __tls_get_addr optional
      tile: remove localplt.data and use generic one again.
      tile: separate ffsll from ffs
      Update NEWS and ChangeLog with two tile bug fixes.
      tilegx: remove implicit boolean conversion in strstr.
      Fix namespace conformance issue with Bessel functions.
      NEWS: mention bug fix for 17747.
      tilegx: enable wordsize-64 support for ieee745 dbl-64.
      tilegx32: avoid a a -Werror warning from unwinding
      tilegx: fix sysdep.h to avoid a redefinition warning
      linux/clock_settime: remove unnecessary vDSO definitions
      tile: add no-op fe*() routines for libc internal use
      posix/Makefile: use $(objpfx) for files in before-compile.
      tile: prefer inlines to macros in math_private.h.
      Fix a couple of -Wundef warnings.
      Fix some warnings in the absence of FP round/exception support
      lround: provide cast for wordsize-64 version if needed
      tile: check error properly for vDSO calls
      posix/regcomp: initialize union structure tag to avoid warning
      tilegx32: set __HAVE_64B_ATOMICS to 0

Chung-Lin Tang (4):
      Add Nios II definitions to elf/elf.h.
      Remove divide from _ELF_DYNAMIC_DO_RELOC in elf/dynamic-link.h.
      Commit nios2 port to master.
      Function name typo error in non-PIC case, fixed in this patch.

David Holsgrove (3):
      MicroBlaze: Fix integer-pointer conversion warning
      MicroBlaze: Fix volatile-register-var warning in READ_THREAD_POINTER
      MicroBlaze: Avoid pointer to integer conversion warning

David S. Miller (6):
      Fix sparc build.
      Fix array bounds warnings in elf_get_dyanmic_info() on sparc with gcc-4.6
      Fix soft-fp build warning on sparc about strict aliasing.
      Fix scanf15.c testsuite build on sparc.
      Fix sparc semaphore implementation after recent changes.
      Fix two bugs in sparc atomics.

Eric Biggers (1):
      setenv fix memory leak when setting large, duplicate string (BZ #17658)

Florian Weimer (6):
      Turn on -Werror=implicit-function-declaration
      malloc: additional unlink hardening for non-small bins [BZ #17344]
      Complete the removal of __gconv_translit_find
      Update NEWS for bug 17608
      Avoid infinite loop in nss_dns getnetbyname [BZ #17630]
      iconvdata/run-iconv-test.sh: Actually test iconv modules

Gratian Crisan (1):
      arm: Re-enable PI futex support for ARM kernels >= 3.14.3

H.J. Lu (27):
      Require autoconf 2.69
      Resize DTV if the current DTV isn't big enough
      Mention fix for PR 13862
      Replace 1L with (mp_limb_t) 1
      Compile s_llround.c with -Wno-error for x32 build
      Replace -Wno-error with -fno-builtin-lround
      Remove @PLT from "call _dl_init@PLT" in _dl_start_user
      Add hidden __tls_get_addr/___tls_get_addr alias
      Replace %ld with %jd and cast to intmax_t
      Replace %ld with %jd and cast to intmax_t
      Replace %ld with %jd and cast to intmax_t
      Replace %ld with %jd and cast to intmax_t
      Replace %ld/%lu with %jd/%ju and cast to intmax_t/uintmax_t
      Replace %ld with %jd and cast to intmax_t
      Replace %ld with %jd and cast to intmax_t
      Replace %ld with %jd and cast to intmax_t
      Replace %ld with %jd and cast to intmax_t
      Mention fix for BZ #17732
      Mention i386 memcpy with SSE2 unaligned load/store
      Don't check PI_STATIC_AND_HIDDEN in i386 dl-machine.h
      Define CLOCKS_PER_SEC type to the type clock_t
      Mention bug fix for BZ #17806
      Use uint64_t and (uint64_t) 1 for 64-bit int
      Also use uint64_t in __new_sem_wait_fast
      Treat model numbers 0x4a/0x4d as Silvermont
      Also treat model numbers 0x5a/0x5d as Silvermont
      Use AVX unaligned memcpy only if AVX2 is available

J. Brown (1):
      Recognize recent x86 CPUs in string.h

James Lemke (2):
      Fix for test "malloc_usable_size: expected 7 but got 11"
      Fix for test "malloc_usable_size: expected 7 but got 11"

Jeff Law (1):
      CVE-2012-3406: Stack overflow in vfprintf [BZ #16617]

Jose E. Marchesi (1):
      Fix sparc struct fpu definition.

Joseph Myers (141):
      Add new Linux 3.16 constants to netinet/udp.h.
      Move architecture-specific shlib-versions entries to sysdeps files.
      Move OS-specific shlib-versions entries to sysdeps files.
      Use %ifdef in sysdeps/unix/sysv/linux/powerpc/powerpc64/shlib-versions.
      Remove configuration name patterns from shlib-versions.
      Remove bitrotten --enable-oldest-abi (bug 6652).
      soft-fp: Correct _FP_TO_INT formatting.
      soft-fp: Fix comment formatting.
      Move some setrlimit definitions to syscalls.list (bug 14138).
      Clean up gnu/lib-names.h generation (bug 14171).
      Remove shlib-versions entries redundant with DEFAULT entries.
      Run tst-ld-sse-use.sh with bash.
      Move some *at definitions to syscalls.list (bug 14138).
      Move execve to syscalls.list (bug 14138).
      Move some chown / lchown / fchown definitions to syscalls.list (bug 14138).
      Support and use mixed compat/non-compat aliases in syscalls.list.
      Don't use INTUSE with __adjtimex (bug 14132).
      soft-fp: Remove FP_CLEAR_EXCEPTIONS.
      soft-fp: Make extensions of subnormals from XFmode to TFmode signal underflow if traps enabled.
      soft-fp: Refactor exception handling for comparisons.
      soft-fp: Fix _FP_TO_INT latent bug in overflow handling.
      soft-fp: Add FP_DENORM_ZERO.
      Remove stray *_internal aliases (bug 14132).
      Don't use INTDEF/INTUSE with __cxa_atexit (bug 14132).
      soft-fp: Support more precise "invalid" exceptions.
      soft-fp: Support rsigned == 2 in _FP_TO_INT.
      soft-fp: Use parentheses around macro arguments.
      Don't use INTVARDEF/INTUSE with __libc_enable_secure (bug 14132).
      Remove CANCEL-FCT-WAIVE and CANCEL-FILE-WAIVE.
      conformtest: clean up POSIX expections for sys/utsname.h, sys/wait.h.
      Move readv and writev definitions to syscalls.list (bug 14138).
      Don't use INTDEF with __ldexpf (bug 14132).
      Don't use INTDEF for powerpc32 compat symbols (bug 14132).
      Move some chown / lchown / fchown definitions to syscalls.list (bug 14138).
      Move get*id and getgroups definitions to syscalls.list (bug 14138).
      Move setfsgid/setfsuid definitions to syscalls.list (bug 14138).
      Don't use INTDEF/INTUSE in unwind-dw2-fde.c (bug 14132).
      Remove __libc_creat function name.
      Remove __libc_readv and __libc_writev function names.
      Move powerpc64 pread/pwrite definitions to syscalls.list (bug 14138).
      Add bug 15215 to NEWS; move bug 17344 to correct version's list in NEWS.
      Remove __libc_pselect alias.
      Update autoconf version requirement in install.texi.
      Make aclocal.m4 comment mention updating install.texi for autoconf version.
      Remove __libc_nanosleep function name.
      soft-fp: Add _FP_TO_INT_ROUND.
      Don't use INTDEF/INTUSE with _dl_argv (bug 14132).
      Don't use INTDEF/INTUSE with _dl_init (bug 14132).
      Don't use INTDEF/INTUSE with _dl_mcount (bug 14132).
      Remove INTDEF / INTUSE / INTVARDEF (bug 14132).
      Remove __libc_waitpid function name.
      Fix tzfile.c namespace (bug 17583).
      Fix __getcwd rewinddir namespace (bug 17584).
      Fix malloc_info namespace (bug 17570).
      Fix qsort_r namespace (bug 17571).
      Fix x86_64 rawmemchr namespace (bug 17572).
      Fix stpcpy / mempcpy namespace (bug 17573).
      Fix __printf_fp wmemset namespace (bug 17574).
      Fix __get_nprocs fgets_unlocked namespace (bug 17582).
      Fix locale memmem namespace (bug 17585).
      Fix localealias.c fgets_unlocked namespace (bug 17589).
      Add tests for namespace for static linking.
      Fix strtoll / strtoull namespace for 32-bit (bug 17594).
      Use prototype definition for __strtol.
      Fix build of C mempcpy and stpcpy.
      Require GCC 4.6 or later to build glibc.
      Only declare __sigpause in installed signal.h when necessary.
      Remove ARM __GNUC_PREREQ(4,4) conditionals.
      Remove x86_64 __GNUC_PREREQ (4, 6) conditional.
      Fix libm mpone, mptwo namespace (bug 17616).
      Fix perror fileno namespace (bug 17633).
      Fix warning in posix/bug-regex31.c.
      Fix warning in stdio-common/tst-printf-round.c.
      Fix warning in setjmp/jmpbug.c.
      Fix test-strchr.c warnings for wide string testing.
      Remove TEST_IFUNC, tests-ifunc and *-ifunc.c tests.
      Fix warnings in fwscanf / rewind tests.
      FIx ldbl-128ibm frexpl for 32-bit systems (bug 16619, bug 16740).
      Fix sysdeps/unix/sysv/linux/arm/libc-do-syscall.S warning.
      Fix nptl/tst-cancel-self-cancelstate.c warning.
      Fix sysdeps/mips/__longjmp.c warning.
      Avoid warnings for unused results in nscd/connections.c.
      Fix nss/tst-nss-test1.c format warning.
      Fix stdio-common/tst-fmemopen.c format warnings.
      Fix dlfcn/failtestmod.c warning.
      Fix libio/bug-ungetwc1.c warning.
      Avoid deprecated sigblock in misc/tst-pselect.c.
      Make linknamespace tests check only relevant libraries.
      Fix elf/tst-unique4lib.cc warning.
      Fix fgets_unlocked namespace issues (bug 17664).
      Remove excess declarations from unistd.h for XPG3/XPG4 (bug 17665).
      Fix warning in posix/tst-getopt_long1.c.
      Fix -Waddress warnings in nptl/tst-mutex1.c.
      Fix warning in nptl/tst-stack4.c.
      Fix getifaddrs, freeifaddrs namespace (bug 17668).
      Remove some linknamespace test XFAILs.
      Fix linknamespace getdate_err handling.
      Fix linknamespace h_errno handling.
      Fix pthreads getrlimit, gettimeofday namespace (bug 17682).
      Add macros for diagnostic control, use for scanf %a tests.
      Disable -Wdiv-by-zero for some tests in stdio-common/tst-unlockedio.c.
      Disable -Wdeprecated-declarations for register_printf_function calls in tst-printfsz.c.
      Use -Werror by default, add --disable-werror.
      Fix tst-ftell-active-handler.c warning.
      Fix strftime wcschr namespace (bug 17634).
      Fix MIPS sigaction build.
      Fix MIPS waitid build.
      Clean up localedata tests printf formats, don't use -Wno-format.
      Add more headers to include/ for conform tests.
      Move semaphore.h to sysdeps/pthread/.
      Remove some semaphore.h linknamespace XFAILs.
      Fix resolver if_* namespace (bug 17717).
      Fix x86_64 memrchr namespace (bug 17719).
      Fix resolver inet_* namespace (bug 17722).
      Fix profil_counter namespace (bug 17725).
      Fix resolver bind, getsockname namespace (bug 17733).
      Split __kernel_standard* functions (fixes bug 17724).
      Make __ASSUME_UTIMES hppa-specific.
      Fix libm feraiseexcept namespace (bug 17723).
      Clean up powerpc fegetround / __fegetround inlines.
      Fix libm fegetenv namespace (bug 17748).
      Update copyright dates with scripts/update-copyrights.
      Update copyright dates not handled by scripts/update-copyrights.
      Use single year in copyright notice in banner in ntpl/version.c.
      Fix MIPS bits/fcntl.h namespace (bug 17780).
      Fix MIPS sa_flags type (bug 17781).
      Fix MIPS TIOCSER_TEMT namespace (bug 17782).
      Fix libm fegetround namespace (bug 17748).
      Fix wordsize-64 posix_fadvise64, posix_fallocate64 namespace (bug 17777).
      Fix isblank / isascii / toascii namespace (bug 17635).
      Fix ARM posix_fadvise64 namespace (bug 17793).
      Fix MIPS n64 posix_fadvise namespace (bug 17796).
      Fix libm feholdexcept namespace (bug 17748).
      Fix libm fesetenv namespace (bug 17748).
      Fix libm fesetround namespace (bug 17748).
      Fix libm feupdateenv namespace (bug 17748).
      Fix ldbl-96 scalblnl for subnormal arguments (bug 17834).
      Fix ldbl-96 scalblnl underflowing results (bug 17803).
      Fix powerpc-nofpu fesetenv namespace (bug 17748).
      soft-fp: Use __label__ for all labels within macros.
      Disable 64-bit atomics for MIPS n32.

Kaz Kojima (1):
      * Fix SH specific compiler warnings which are for integer-pointer

Kostya Serebryany (3):
      remove nested function hack_digit
      remove nested functions from elf/dl-deps.c
      remove nested functions from elf/dl-load.c

Leonhard Holz (4):
      strcoll: improve performance by removing the cache (#15884)
      Fix tst-strcoll-overflow returning before timeout (BZ #17506)
      Speed up strcoll by inlining
      Fix memory handling in strxfrm_l [BZ #16009]

Ma Shimiao (1):
      manual: fix addmntent's MT-Safety race annotation

Maciej W. Rozycki (1):
      MIPS: Avoid a dangling `vfork@GLIBC_2.0' reference

Marcus Shawcroft (1):
      Fix ChangeLog formatting of previous commit.

Marek Polacek (1):
      Fix tst_wcscpy.c test.

Martin Sebor (1):
      Clarify math/README.libm-test. Add "How to read the test output."

Matthew Fortune (5):
      Add a hook to enable load-time inspection of program headers
      Add support for MIPS O32 FPXX and .MIPS.abiflags
      Fix MIPS variable PAGE_SIZE bug (16191)
      NEWS for MIPS ABIs
      MicroBlaze: Fix BZ17791 - Remove fixed page size macros and others

Mike Frysinger (1):
      arm: drop EABI check

Ondřej Bílka (8):
      Sync recvmmsg prototype with kernel usage.
      Fix typo in changelog.
      Return allocated array instead of unallocated.
      Simplify strncat.
      Clean up check_pf allocation pattern. addresses
      Add changelog
      Suppress warning in string/tester.c for gcc 4.9
      Revert "Suppress warning in string/tester.c for gcc 4.9"

Paul Eggert (1):
      fnmatch: work around GCC compiler warning bug with uninit var

Paul Pluzhnikov (1):
      CVE-2015-1472: wscanf allocates too little memory

Petar Jovanovic (1):
      mips: Do not use jal to reach __libc_start_main

Pravin Satpute (2):
      New locale ce_RU (BZ #17192)
      New locale raj_IN (#16857)

Rajalakshmi Srinivasaraghavan (3):
      powerpc: strtok{_r} optimization for powerpc64
      powerpc: POWER7 strcpy optimization for unaligned strings
      powerpc: Optimize POWER7 strcmp trailing checks

Rasmus Villemoes (1):
      Fix prototype of eventfd.

Renlin Li (1):
      [AArch64] End frame record chain correctly.

Richard Earnshaw (5):
      [AArch64] Add optimized strchrnul.
      [AArch64] Fix strchrnul clobbering v15
      * string/stpcpy.c (__stpcpy): Rewrite using strlen and memcpy.
      AArch64 optimized implementation of strrchr.
      AArch64: Optimized implementations of strcpy and stpcpy.

Richard Henderson (2):
      alpha: Fix soft-fp breakage
      Add -Wno-trampolines as needed

Roland McGrath (62):
      Move findidx nested functions to top-level.
      Don't use a nested function in rpmatch.
      Minor cleanup in ld-ctype.c
      Minor cleanup in locale.c
      Remove unnecessarily nested function in do_lookup_unique.
      BZ#17460: Fix buffer overrun in nscd --help.
      Remove sysdeps/arm/soft-fp directory.
      Fix NPTL build error when missing __NR_set_robust_list.
      NPTL: Conditionalize more uses of SIGCANCEL and SIGSETXID.
      NPTL: Conditionalize direct futex syscall uses.
      NPTL: Clean up THREAD_SYSINFO macros.
      Remove obsolete TLS_DEFINE_INIT_TP fallback.
      Make internal lock-init macros return void.
      NPTL: Add some missing #include's
      NPTL: Clean up gratuitous Linuxism in libpthread.so entry point.
      Tiny refactoring in fts to eliminate a warning.
      Avoid local PLT reference in __nptl_main.
      ARM: Use movw/movt more when available
      Rework some nscd code not to use variable-length struct types.
      Prototypify htonl and htons definitions.
      Rework compiler version check in configure.
      Clean up wchar_t conversion code in iconv program.
      Clean up internal ctype.h header.
      BZ#17496: Fix gnu/lib-names.h dependency.
      NPTL: Move __libc_multiple_threads_ptr defn to nptl-init.c
      Remove sigvec.
      NPTL: Refactor createthread.c
      NPTL: Move Linux-specific createthread.c to sysdeps.
      NPTL: Add stub createthread.c
      Test that pthread_create diagnoses invalid scheduling parameters.
      NPTL: Don't (re)validate sched_priority in pthread_create.
      NPTL: Refactor scheduler setup in pthread_create.
      NPTL: Conditionalize asynchronous cancellation support on [SIGCANCEL].
      NPTL: Use __libc_fatal in unwind.c.
      NPTL: Fix pthread_create regression from default-sched.h refactoring.
      De-warning a few stubs.
      Fix -Wformat-security warnings in posix/regexbug1.c
      Eliminate -Wno-format from printf/scanf tests.
      Suppress -Wformat-security in tst-error1.c.
      Refactor shm_{open,unlink} code to separate Linux-specific directory choice from POSIX-generic code.
      Fix NPTL build for !__ASSUME_SET_ROBUST_LIST case.
      NPTL: Add stubs for Linux-only extension functions.
      NPTL: Refactor named semaphore code to use shm-directory.h
      Use pragmas rather than makefiles for necessary options for unwind code.
      Revert "Use pragmas rather than makefiles for necessary options for unwind code."
      Use PTR_MANGLE on libgcc unwinder function pointers.
      Remove explicit inline on malloc perturb functions.
      Fix stub __if_freenameindex build error.
      NPTL: Remove gratuitous Linuxisms from gai_misc.h.
      NPTL: Move fork state variables to initializer files.
      ARM: Consolidate with generic unwinder wrapper code
      NPTL: Refactor cpu_set_t validation to be sysdeps-controlled
      Add stub sys/procfs.h file
      NPTL: Fixed missed conditionalization of setxid hooey.
      NPTL: Fix generic pthread_sigmask.
      Fix copyright year on new stub sys/procfs.h file.
      Clean up allocrtsig code.
      Some #include cleanup in aio/timer code.
      Fix shm-directory.h #include.
      Remove some references to bcopy/bcmp/bzero.
      Add missing libc_hidden_def to stub getrlimit64.
      Add missing libc_hidden_weak to stub if_nameindex, if_freenameindex.

Ryan Cumming (1):
      Define CLOCK_TAI on Linux (bug 17608)

Samuel Thibault (1):
      hurd: Fix dlopening libraries from static programs

Siddhesh Poyarekar (53):
      Return failure in getnetgrent only when all netgroups have been searched (#17363)
      Enhance tst-xmmymm.sh to detect zmm register usage in ld.so (BZ #16194)
      Fix typo in macro names in sysconf.c
      Add correct variable names for _POSIX_IPV6 and _POSIX_RAW_SOCKETS
      Remove _POSIX_REGEX_VERSION
      Revert to defining __extern_inline only for gcc-4.3+ (BZ #17266)
      Add NEWS entry for previous commit
      Fix memory leak in error path of do_ftell_wide (BZ #17370)
      Make __extern_always_inline usable on clang++ again
      Assume that all _[PS]C_* and _CS_* macros are always defined
      Include .interp section only for libc.so
      Remove CFLAGS for interp.c
      Fix infinite loop in check_pf (BZ #12926)
      Fix up incorrect formatting in last commit
      Fix stack alignment when loader is invoked directly
      Use GOT instead of GOT12 all over
      Add new macro IN_MODULE to identify module in which source is built
      Fix -Wundef warning in SHLIB_COMPAT
      Auto-generate libc-modules.h
      Use MODULE_NAME in stap-probe instead of IN_LIB
      Remove IN_LIB
      Define IN_MODULE for translation units that define NOT_IN_libc
      Remove IS_IN_libc
      Remove IS_IN_ldconfig
      Remove IS_IN_nscd
      Remove IS_IN_libdl
      Remove IS_IN_librt
      Remove IS_IN_libpthread
      Remove IS_IN_libm
      Remove IS_IN_rtld
      Remove last place for definition of IS_IN_* macros
      Remove NOT_IN_libc
      Use IS_IN internally only
      Don't use __warn_memset_zero_len for gcc-5.0 or newer
      Update NEWS for previous two commits
      ftell: seek to end only when there are unflushed bytes (BZ #17647)
      tst-ftell-active-handler: Open file with O_TRUNC for w modes
      Reset cached offset when reading to end of stream (BZ #17653)
      Fix up function definition style
      Fix date in ChangeLog
      Fix another typo in the ChangeLog
      Fix 'array subscript is above array bounds' warning in res_send.c
      Fix the 'array subscript is above array bounds' warning correctly
      Remove Wundef warnings for specification macros
      Add _POSIX namespace SYSCONF macros to posix-conf-vars.list
      Use posix-conf-vars.list to generate spec array
      Make type for spec variable size as size_t
      Use one-dimension arrays in gen-posix-conf-vars.awk
      Remove uses of sprintf in gen-posix-conf-vars.awk
      Fix typo in ChangeLog
      [s390] Define a __tls_get_addr macro to avoid declaring it again
      Initialize nscd stats data [BZ #17892]
      Fix up ChangeLog formatting

Stefan Liebler (13):
      S/390: Get rid of warning: the comparision will always evaluate as false.
      S/390: Get rid of warning unused variable in dl-machine.h.
      S/390: Add SystemTap probes to longjmp and setjmp.
      S/390: dl-machine.h: Use numbered labels in inline assembly.
      Add missing include of libc-internal.h.
      S/390: Get rid of assembler warning value truncated.
      Get rid of warning inlining failed in call to maybe_swap_uint32
      Get rid of warning comparision will always evaluate as true
      resolv: Suppress maybe uninitialized warning
      Get rid of format warning in tst-widetext.c.
      Get rid of format warning in bug-vfprintf-nargs.c.
      S390: Get rid of linknamespace failures for string functions.
      S390: Get rid of linknamespace failures for utmp functions.

Steve Ellcey (19):
      Modify ABI tests in MIPS preconfigure.
      Put mips preconfigure code inside mips* case statement.
      * sysdeps/mips/strcmp.S: New.
      Remove extra whitespace from end of line.
      2014-12-10  Steve Ellcey  <sellcey@imgtec.com>
      2014-12-11  Steve Ellcey  <sellcey@imgtec.com>
      * sysdeps/mips/dl-trampoline.c: Modify switch expression to have
      2014-12-17  Steve Ellcey  <sellcey@imgtec.com>
      2014-12-19  Steve Ellcey  <sellcey@imgtec.com>
      2014-12-19  Steve Ellcey  <sellcey@imgtec.com>
      Remove trailing white space.
      Add missing ChangeLog entries from Friday (Dec 19, 2014).
      Remove trailing whitespace.
      2014-12-22  Steve Ellcey  <sellcey@imgtec.com>
      Fix preprocessor indentation in sysdeps/mips/memcpy.S.
      2015-01-05  Steve Ellcey  <sellcey@imgtec.com>
      2015-01-05  Steve Ellcey  <sellcey@imgtec.com>
      2015-01-05  Steve Ellcey  <sellcey@imgtec.com>
      Merge branch 'master' of ssh://sourceware.org/git/glibc

Tatiana Udalova (1):
      New Bhilodi and Tulu locales (BZ #17475)

Tim Lammens (1):
      Fix memory leak in libio/wfileops.c do_ftell_wide [BZ #17370]

Tom de Vries (1):
      Fix crossreference to nonexistent node BSD Handler

Torvald Riegel (24):
      pthread_once: Clean up constants.
      pthread_once: Add fast path and remove x86 variants.
      Fix SPARC atomic_write_barrier.
      powerpc: Change atomic_write_barrier to have release semantics.
      Add arch-specific configuration for C11 atomics support.
      Add atomic operations similar to those provided by C11.
      Add tests for C11-like atomic operations.
      Use C11 atomics in pthread_once.
      microblaze: 64b atomic operations are not supported.
      Fix synchronization of TPP min/max priorities.
      Remove custom pthread_once implementation on sh.
      Remove custom pthread_once implementation on s390.
      Fix nptl/tst-mutex5.c: Do not skip tests if elision is enabled.
      Fix nptl/tst-sem4: always start with a fresh semaphore.
      Add comments for the generic lowlevellock implementation.
      Fix warning in elf/tst-unique4lib.cc.
      Fix warning in misc/tst-mntent2.c.
      Ignore warning in string/tester.c.
      sh: Remove custom lowlevellock, barrier, condvar, and rwlock implementations.
      Use generic lowlevellock-futex.h in x86_64 lowlevellock.h.
      i386: Move futex functions from lowlevellock.h to lowlevellock-futex.h.
      MicroBlaze: Remove custom pthread_once implementation on microblaze.
      MicroBlaze: Remove custom lowlevellock.h.
      Fix wake-up in sysdeps/nptl/fork.c.

Vladimir A. Nazarenko (1):
      Fix incorrect mount table entry parsing in __getmntent_r

Wilco Dijkstra (18):
      Remove spaces.
      Remove an unused include.
      Cleanup fesetexceptflag to use the same logic as the ARM version. No functional changes.
      Cleanup feclearexcept to use the same logic as the ARM version. No functional changes.
      Cleanup fedisableexcept to use the same logic as the ARM version. No functional changes.
      Cleanup feenableexcept to use the same logic as the ARM version. No functional changes.
      Call get_rounding_mode rather than duplicating functionality.
      Call libc_feholdexcept_aarch64 from math_private.h rather than duplicating functionality.
      Call libc_fetestexcept_aarch64 from math_private.h rather than duplicating functionality.
      This patch improves strcat performance by using strlen and strcpy. Strlen has a fast C
      This patch improves strncat performance by using strlen. Strlen has a fast C implementation, so
      Improve strcpy performance.
      Improve performance of strncpy.
      Fix typo.
      Call libc_fesetround_aarch64.
      Call libc_fetestexcept_aarch64.
      Optimize to reduce FPCR/FPSR accesses.
      Optimize to avoid an unnecessary FPCR read.

Will Newton (10):
      ARM: Don't define _SYS_AUXV_H in sysdep.h
      Allow cross-building of tests
      stdlib/tst-strtod-round.c: Fix build on ARM
      benchtests: Add malloc microbenchmark
      AArch64: Update relocations for ILP32
      AArch64: Use ELF macros rather than Elf64 throughout
      intl: Merge with gettext version 0.19.3
      Bump required version of texinfo to 4.7
      Require bison 2.7 or newer for regenerating intl/plural.y
      ARM: Remove configure check for binutils 2.21 for ARMv7

-----------------------------------------------------------------------
Comment 6 Sourceware Commits 2015-02-17 07:25:22 UTC
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, release/2.20/master has been updated
       via  4d54424420c6300efbf57a7b9aa8635a8b8c1942 (commit)
       via  1bf9d48aec087062e2a14b77cb5ee1fa81be334c (commit)
       via  f9e0f439b72e0b2fb035be1bc60aaceeed7f6ed0 (commit)
       via  b0694b9e98ee64cb25490de0921ce307f3872749 (commit)
      from  f80af76648ed97a76745fad6caa3315a79cb1c7c (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4d54424420c6300efbf57a7b9aa8635a8b8c1942

commit 4d54424420c6300efbf57a7b9aa8635a8b8c1942
Author: Paul Pluzhnikov <ppluzhnikov@google.com>
Date:   Fri Feb 6 00:30:42 2015 -0500

    CVE-2015-1472: wscanf allocates too little memory
    
    BZ #16618
    
    Under certain conditions wscanf can allocate too little memory for the
    to-be-scanned arguments and overflow the allocated buffer.  The
    implementation now correctly computes the required buffer size when
    using malloc.
    
    A regression test was added to tst-sscanf.
    
    (cherry picked from commit 5bd80bfe9ca0d955bfbbc002781bc7b01b6bcb06)
    
    Conflicts:
    	ChangeLog
    	NEWS

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=1bf9d48aec087062e2a14b77cb5ee1fa81be334c

commit 1bf9d48aec087062e2a14b77cb5ee1fa81be334c
Author: H.J. Lu <hjl.tools@gmail.com>
Date:   Fri Jan 30 06:50:20 2015 -0800

    Use AVX unaligned memcpy only if AVX2 is available
    
    memcpy with unaligned 256-bit AVX register loads/stores are slow on older
    processorsl like Sandy Bridge.  This patch adds bit_AVX_Fast_Unaligned_Load
    and sets it only when AVX2 is available.
    
    	[BZ #17801]
    	* sysdeps/x86_64/multiarch/init-arch.c (__init_cpu_features):
    	Set the bit_AVX_Fast_Unaligned_Load bit for AVX2.
    	* sysdeps/x86_64/multiarch/init-arch.h (bit_AVX_Fast_Unaligned_Load):
    	New.
    	(index_AVX_Fast_Unaligned_Load): Likewise.
    	(HAS_AVX_FAST_UNALIGNED_LOAD): Likewise.
    	* sysdeps/x86_64/multiarch/memcpy.S (__new_memcpy): Check the
    	bit_AVX_Fast_Unaligned_Load bit instead of the bit_AVX_Usable bit.
    	* sysdeps/x86_64/multiarch/memcpy_chk.S (__memcpy_chk): Likewise.
    	* sysdeps/x86_64/multiarch/mempcpy.S (__mempcpy): Likewise.
    	* sysdeps/x86_64/multiarch/mempcpy_chk.S (__mempcpy_chk): Likewise.
    	* sysdeps/x86_64/multiarch/memmove.c (__libc_memmove): Replace
    	HAS_AVX with HAS_AVX_FAST_UNALIGNED_LOAD.
    	* sysdeps/x86_64/multiarch/memmove_chk.c (__memmove_chk): Likewise.
    
    (cherry picked from commit 5f3d0b78e011d2a72f9e88b0e9ef5bc081d18f97)
    
    Conflicts:
    	ChangeLog
    	NEWS

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f9e0f439b72e0b2fb035be1bc60aaceeed7f6ed0

commit f9e0f439b72e0b2fb035be1bc60aaceeed7f6ed0
Author: Leonhard Holz <leonhard.holz@web.de>
Date:   Tue Jan 13 11:33:56 2015 +0530

    Fix memory handling in strxfrm_l [BZ #16009]
    
    [Modified from the original email by Siddhesh Poyarekar]
    
    This patch solves bug #16009 by implementing an additional path in
    strxfrm that does not depend on caching the weight and rule indices.
    
    In detail the following changed:
    
    * The old main loop was factored out of strxfrm_l into the function
    do_xfrm_cached to be able to alternativly use the non-caching version
    do_xfrm.
    
    * strxfrm_l allocates a a fixed size array on the stack. If this is not
    sufficiant to store the weight and rule indices, the non-caching path is
    taken. As the cache size is not dependent on the input there can be no
    problems with integer overflows or stack allocations greater than
    __MAX_ALLOCA_CUTOFF. Note that malloc-ing is not possible because the
    definition of strxfrm does not allow an oom errorhandling.
    
    * The uncached path determines the weight and rule index for every char
    and for every pass again.
    
    * Passing all the locale data array by array resulted in very long
    parameter lists, so I introduced a structure that holds them.
    
    * Checking for zero src string has been moved a bit upwards, it is
    before the locale data initialization now.
    
    * To verify that the non-caching path works correct I added a test run
    to localedata/sort-test.sh & localedata/xfrm-test.c where all strings
    are patched up with spaces so that they are too large for the caching path.
    
    (cherry picked from commit 0f9e585480edcdf1e30dc3d79e24b84aeee516fa)
    
    Conflicts:
    	ChangeLog
    	NEWS

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b0694b9e98ee64cb25490de0921ce307f3872749

commit b0694b9e98ee64cb25490de0921ce307f3872749
Author: Roland McGrath <roland@hack.frob.com>
Date:   Thu Sep 11 16:02:17 2014 -0700

    Move findidx nested functions to top-level.
    
    Needed in order to backport strxfrm_l security fix cleanly.
    
    (cherry picked from commit 8c0ab919f63dc03a420751172602a52d2bea59a8)
    
    Conflicts:
    	ChangeLog

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog                              |   77 +++++
 NEWS                                   |    8 +-
 locale/weight.h                        |   13 +-
 locale/weightwc.h                      |   13 +-
 localedata/sort-test.sh                |    7 +
 localedata/xfrm-test.c                 |   52 +++-
 posix/fnmatch.c                        |    8 +
 posix/fnmatch_loop.c                   |   17 +-
 posix/regcomp.c                        |   10 +-
 posix/regex_internal.h                 |    7 +-
 posix/regexec.c                        |    8 +-
 stdio-common/tst-sscanf.c              |   33 +++
 stdio-common/vfscanf.c                 |   12 +-
 string/strcoll_l.c                     |    9 +-
 string/strxfrm_l.c                     |  491 +++++++++++++++++++++++++-------
 sysdeps/x86_64/multiarch/init-arch.c   |    9 +-
 sysdeps/x86_64/multiarch/init-arch.h   |    4 +
 sysdeps/x86_64/multiarch/memcpy.S      |    2 +-
 sysdeps/x86_64/multiarch/memcpy_chk.S  |    2 +-
 sysdeps/x86_64/multiarch/memmove.c     |    2 +-
 sysdeps/x86_64/multiarch/memmove_chk.c |    2 +-
 sysdeps/x86_64/multiarch/mempcpy.S     |    2 +-
 sysdeps/x86_64/multiarch/mempcpy_chk.S |    2 +-
 23 files changed, 642 insertions(+), 148 deletions(-)
Comment 7 Sourceware Commits 2015-12-31 16:49:50 UTC
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, release/2.18/master has been updated
       via  b057b4813c9f05c3cedff0c74b58c9c9d583f09f (commit)
      from  325241608584653c1275a2ea28ce349a04fc4d28 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b057b4813c9f05c3cedff0c74b58c9c9d583f09f

commit b057b4813c9f05c3cedff0c74b58c9c9d583f09f
Author: Leonhard Holz <leonhard.holz@web.de>
Date:   Tue Jan 13 11:33:56 2015 +0530

    Fix memory handling in strxfrm_l [BZ #16009]
    
    [Modified from the original email by Siddhesh Poyarekar]
    
    This patch solves bug #16009 by implementing an additional path in
    strxfrm that does not depend on caching the weight and rule indices.
    
    In detail the following changed:
    
    * The old main loop was factored out of strxfrm_l into the function
    do_xfrm_cached to be able to alternativly use the non-caching version
    do_xfrm.
    
    * strxfrm_l allocates a a fixed size array on the stack. If this is not
    sufficiant to store the weight and rule indices, the non-caching path is
    taken. As the cache size is not dependent on the input there can be no
    problems with integer overflows or stack allocations greater than
    __MAX_ALLOCA_CUTOFF. Note that malloc-ing is not possible because the
    definition of strxfrm does not allow an oom errorhandling.
    
    * The uncached path determines the weight and rule index for every char
    and for every pass again.
    
    * Passing all the locale data array by array resulted in very long
    parameter lists, so I introduced a structure that holds them.
    
    * Checking for zero src string has been moved a bit upwards, it is
    before the locale data initialization now.
    
    * To verify that the non-caching path works correct I added a test run
    to localedata/sort-test.sh & localedata/xfrm-test.c where all strings
    are patched up with spaces so that they are too large for the caching path.
    
    (cherry picked from commit 0f9e585480edcdf1e30dc3d79e24b84aeee516fa)
    
    Conflicts:
    	NEWS
    	string/strxfrm_l.c

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog               |   16 ++
 NEWS                    |    4 +-
 localedata/sort-test.sh |    6 +
 localedata/xfrm-test.c  |   52 +++++-
 string/strxfrm_l.c      |  499 ++++++++++++++++++++++++++++++++++++++---------
 5 files changed, 473 insertions(+), 104 deletions(-)
Comment 8 Sourceware Commits 2016-07-11 17:07:34 UTC
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, release/2.19/master has been updated
       via  66986dec455c2011085a04b72a5bd55d9f9c7d1c (commit)
       via  dea992adae5ff1194d7e49b698424eba741df62a (commit)
       via  1a43fd3240c587b403240cf316d241f91ce50d8f (commit)
      from  ce92632d1297d032e5781cfa077e300f5c167471 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=66986dec455c2011085a04b72a5bd55d9f9c7d1c

commit 66986dec455c2011085a04b72a5bd55d9f9c7d1c
Author: Florian Weimer <fweimer@redhat.com>
Date:   Tue Oct 6 13:12:36 2015 +0200

    Harden tls_dtor_list with pointer mangling [BZ #19018]
    
    (cherry picked from commit f586e1328681b400078c995a0bb6ad301ef73549)
    
    Conflicts:
    	NEWS
    	stdlib/cxa_thread_atexit_impl.c

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=dea992adae5ff1194d7e49b698424eba741df62a

commit dea992adae5ff1194d7e49b698424eba741df62a
Author: Florian Weimer <fweimer@redhat.com>
Date:   Thu Oct 15 09:23:07 2015 +0200

    Always enable pointer guard [BZ #18928]
    
    Honoring the LD_POINTER_GUARD environment variable in AT_SECURE mode
    has security implications.  This commit enables pointer guard
    unconditionally, and the environment variable is now ignored.
    
            [BZ #18928]
            * sysdeps/generic/ldsodefs.h (struct rtld_global_ro): Remove
            _dl_pointer_guard member.
            * elf/rtld.c (_rtld_global_ro): Remove _dl_pointer_guard
            initializer.
            (security_init): Always set up pointer guard.
            (process_envvars): Do not process LD_POINTER_GUARD.
    
    (cherry picked from commit a014cecd82b71b70a6a843e250e06b541ad524f7)
    
    Conflicts:
    	NEWS

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=1a43fd3240c587b403240cf316d241f91ce50d8f

commit 1a43fd3240c587b403240cf316d241f91ce50d8f
Author: Leonhard Holz <leonhard.holz@web.de>
Date:   Tue Jan 13 11:33:56 2015 +0530

    Fix memory handling in strxfrm_l [BZ #16009]
    
    [Modified from the original email by Siddhesh Poyarekar]
    
    This patch solves bug #16009 by implementing an additional path in
    strxfrm that does not depend on caching the weight and rule indices.
    
    In detail the following changed:
    
    * The old main loop was factored out of strxfrm_l into the function
    do_xfrm_cached to be able to alternativly use the non-caching version
    do_xfrm.
    
    * strxfrm_l allocates a a fixed size array on the stack. If this is not
    sufficiant to store the weight and rule indices, the non-caching path is
    taken. As the cache size is not dependent on the input there can be no
    problems with integer overflows or stack allocations greater than
    __MAX_ALLOCA_CUTOFF. Note that malloc-ing is not possible because the
    definition of strxfrm does not allow an oom errorhandling.
    
    * The uncached path determines the weight and rule index for every char
    and for every pass again.
    
    * Passing all the locale data array by array resulted in very long
    parameter lists, so I introduced a structure that holds them.
    
    * Checking for zero src string has been moved a bit upwards, it is
    before the locale data initialization now.
    
    * To verify that the non-caching path works correct I added a test run
    to localedata/sort-test.sh & localedata/xfrm-test.c where all strings
    are patched up with spaces so that they are too large for the caching path.
    
    (cherry picked from commit 0f9e585480edcdf1e30dc3d79e24b84aeee516fa)
    
    Conflicts:
    	NEWS
    	string/strxfrm_l.c

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog                       |   33 +++
 NEWS                            |   10 +-
 elf/rtld.c                      |   15 +-
 localedata/sort-test.sh         |    6 +
 localedata/xfrm-test.c          |   52 ++++-
 stdlib/cxa_thread_atexit_impl.c |   12 +-
 string/strxfrm_l.c              |  499 +++++++++++++++++++++++++++++++--------
 sysdeps/generic/ldsodefs.h      |    3 -
 8 files changed, 507 insertions(+), 123 deletions(-)