| Summary: | Support building glibc with -fstack-protector or -fstack-protector-all | ||
|---|---|---|---|
| Product: | glibc | Reporter: | Nix <nix> |
| Component: | build | Assignee: | Florian Weimer <fweimer> |
| Status: | RESOLVED FIXED | ||
| Severity: | enhancement | CC: | aj, atoth, carlos, fweimer, glibc-bugs, nick.alcock, toolchain, xake, zorry |
| Priority: | P2 | Flags: | fweimer:
security-
|
| Version: | unspecified | ||
| Target Milestone: | 2.25 | ||
| Host: | Target: | ||
| Build: | Last reconfirmed: | ||
| Attachments: |
stack protector support for glibc
stack protector support against eglibc 2.13. |
||
|
Description
Nix
2008-12-04 00:38:31 UTC
Never going to happen. test environment: 2.6.27.7 kernel+headers, glibc 2.8, GCC 4.3.3 20081121
(prerelease), binutils 2.19.
config flags (my standard set for this machine):
/usr/packages/glibc/2.9/configure --prefix=/usr --enable-shared \
--enable-profile --disable-bounded --enable-bind-now \
--enable-add-ons=nptl,libidn --enable-kernel=2.6.25 \
--enable-check-abi=warn --enable-omitfp \
--enable-stackguard-randomization TIMEOUTFACTOR=5
Below, PASS means 'baseline test failures only'. (I also compared
configure output to verify that -fstack-protector addition did not
change the results of any configure tests, and verified that the
appropriate -fstack-protector actually appeared in gcc commandlines at
the appropriate times.)
baseline: PASS, by definition
patch applied, no flags specified: PASS
-fstack-protector in CFLAGS: PASS
-fstack-protector-all in CFLAGS: one failure due to #7066, buffer overrun
--without-stack-protector: PASS
--with-stack-protector: PASS
--with-stack-protector=all: one failure due to #7066, buffer overrun
Test failures for baseline (unpatched):
math/test-ildoubl.out:
testing long double (inline functions)
Failure: Test: expm1 (1) == M_El - 1.0
Result:
is: 1.71828182845904523532e+00 0xd.bf0a8b14576953500000p-3
should be: 1.71828182845904523543e+00 0xd.bf0a8b14576953600000p-3
difference: 1.08420217248550443401e-19 0x8.00000000000000000000p-66
ulp : 1.0000
max.ulp : 0.0000
Maximal error of `expm1'
is : 1 ulp
accepted: 0 ulp
Test suite completed:
3618 test cases plus 3005 tests for exception flags executed.
2 errors occurred.
elf/check-localplt.out:
--- ../scripts/data/localplt-i386-linux-gnu.data 2006-01-11
21:06:19.000000000 +0000
+++ - 2008-11-30 20:52:09.962033876 +0000
@@ -1,4 +1,5 @@
libc.so: _Unwind_Find_FDE
+libc.so: __bzero
libc.so: calloc
libc.so: free
libc.so: malloc
(This looks like something missing from localplt-i386-linux-gnu.data to
me, not a bug.)
(Holes in test coverage: not tested with a GCC too old to support
-fstack-protector. Static testing not performed: see #7064.)
Created attachment 3087 [details]
stack protector support for glibc
This is posted at the request of Carlos O'Donell. TBH I don't care if it
doesn't go upstream, although given that it's already found a buffer overrun in
glibc I'd find that surprising. I'm more interested in distros picking it up.
(And 'never going to happen' is a peculiar statement. It has 'happened'. The
patch *exists*.)
Nix A failure in elf/check-localplt.out as indicated by a new symbol in scripts/data/localplt-i386-linux-gnu.data means that libc proper is invoking the new symbol via the plt when in-fact it should be making a direct invocation to a libc internal symbol. There are very few conditions under which this is allowed (notably those cases where we allow libc functionality to be overridden). I've looked through the code and it appears that the sunrpc code is the only relevant code which uses __bzero. I don't think there's an internal hidden version of the symbol. So these calls to __bzero probably shouldn't be there. Instead, they should use memset. Or perhaps that patch which you're using uses __bzero? In order to verify, one can look at the symbol table: objdump -DR libc.so > libc.dis Search libc.dis for: __bzero@plt You should see a plt call stub, e.g. 00016198 <__bzero@plt>: 16198: ff a3 0c 00 00 00 jmp *0xc(%ebx) 1619e: 68 00 00 00 00 push $0x0 161a3: e9 e0 ff ff ff jmp 16188 <h_errno+0x16168> Now search for: "call 16198" call 16198 <__bzero@plt> This should bring you to the disassembly of the function which invoked __bzero via the PLT. You can then go into the C source file and replace this with a memset. Do this for all calls to the address for __bzero. Here's a more thorough write-up of the same thing I just posted: http://sources.redhat.com/glibc/wiki/Testing/Check-localplt Invocation of __bzero() by the sunrpc code is acceptable since that code is in a different library than libc.so so access via the PLT is expected. Nice description, Ryan :) A lot of the sunrpc code *does* land in libc (all the client code). Notably, bindresvport(), clnt_create(), clnt_broadcast(), universal() (called from registerrpc() via a callback from svc_register()), svctcp_create(), svcudp_bufcreate(), and key_gendes(), _des_crypt() (obviously used for DES-encrypted SunRPC), all explicitly call __bzero() and land in libc. Almost certainly these would use memset() were the SunRPC code not ancient Sun-derived gunge with a 1986 copyright date... Keep it going, guys. To Ulrich Drepper: How do you mean: "Never going to happen."?! I always keen on people ignoring security measures. Regards, Dw. I've been using a compromise. Glibc's programs can be compiled with -fstack-protector-all, or whatever other options you may want (-D_FORTIFY_SOURCE=2, -fPIE, etc), but not the libraries. I use the configparms file and set build-programs=no to build the libraries without -fstack-protector, then remove build-programs=no and add 'CFLAGS += -fstack-protector-all' to configparms. No patches needed, test suites pass (remove -fstack-protector during the test suite), no crashes. Created attachment 6248 [details]
stack protector support against eglibc 2.13.
This is the most recent version of this patch, against eglibc 2.13 (because that happens to be the version I'm using now, as I track Debian's glibc). It has needed no significant revisions for years, though the recent csu changes in upstream glibc may necessitate some small revisions.
(The ChangeLog is out of date: I haven't regenerated it since 2008.)
Your change contains two different changes: * Supporting stack-protector * A different implementation of chk_fail function For addition to glibc, I would only look at the stack-protector support. I suggest you continue discussing this on the libc-alpha list. *** Bug 260998 has been marked as a duplicate of this bug. *** Seen from the domain http://volichat.com Page where seen: http://volichat.com/adult-chat-rooms Marked for reference. Resolved as fixed @bugzilla. (In reply to Andreas Jaeger from comment #10) > Your change contains two different changes: > * Supporting stack-protector > * A different implementation of chk_fail function > > For addition to glibc, I would only look at the stack-protector support. I > suggest you continue discussing this on the libc-alpha list. It's terribly late (I frankly forgot this bug existed) but I'm about to reanimate this one. (I suspect it protects me from CVE-2015-7545 and it seems unfair to keep it to myself like this.) However, splitting the different changes apart is rather difficult: the stack-protector changes actually depend on the different stack_chk_fail, because the existing __stack_chk_fail() -> __fortify_fail() -> __libc_message() path ends up calling down to libio and the like, and if you're to use those for __stack_chk_fail() all those routines cannot themselves be compiled with stack-protection. The gentoo-derived routine I replaced it with uses none of that, and is standalone. Anyway -- that's just one of several possible problems with this patch! I'll reanimate the patch against trunk and then bring it up on the list (and my apologies for putting it off for so long). (In reply to Nick Alcock from comment #12) > It's terribly late (I frankly forgot this bug existed) but I'm about to > reanimate this one. (I suspect it protects me from CVE-2015-7545 and it > seems unfair to keep it to myself like this.) Damn typos. CVE-2015-7547 of course. CVEs should have a check digit, I make this sort of typo way too often. (In reply to Nick Alcock from comment #12) > (In reply to Andreas Jaeger from comment #10) > > Your change contains two different changes: > > * Supporting stack-protector > > * A different implementation of chk_fail function > > > > For addition to glibc, I would only look at the stack-protector support. I > > suggest you continue discussing this on the libc-alpha list. > > Anyway -- that's just one of several possible problems with this patch! I'll > reanimate the patch against trunk and then bring it up on the list (and my > apologies for putting it off for so long). Happy to hear about it. Please share your stuff! Thx: Dw. Initial patch series (against trunk as of a couple of days ago) posted for review, complete with rough bits, "I don't understand this" bits, bits I posted specifically so they could be rejected and no changelog. But it works, and has no test failures. :) (In reply to Nick Alcock from comment #15) > Initial patch series (against trunk as of a couple of days ago) posted for > review, complete with rough bits, "I don't understand this" bits, bits I > posted specifically so they could be rejected and no changelog. But it > works, and has no test failures. :) The stack_chk_fail.c have been updated on >= glibc-2.20 on Gentoo https://gitweb.gentoo.org/repo/gentoo.git/tree/sys-libs/glibc/files/2.20 On Gcc 6.0 it is a default configure option to turn on stack-protector-strong. Keep up the work Yeah, that looks nice! though with its replacing all the chk functions it's even more clearly a separate thing (though still a prerequisite for my patch). Aside: just posted v5. No new failures remain on {x86,sparc}*-pc-linux-gnu or armv7l-unknown-linux-gnueabihf, and the entire package saving only ifunc resolvers, ld.so, a tiny bit of BSD signal handling, and early static library startup (unfortunately including brk() and sbrk()) is protected.
Oh, and we no longer need to replace __stack_chk_fail etc as of a few patches ago (figured out the true root cause and fixed it properly). This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, fw/stack-protector has been created
at 82f2eb623ce1d9bd0a4d2c45d9d47688e71ed383 (commit)
- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=82f2eb623ce1d9bd0a4d2c45d9d47688e71ed383
commit 82f2eb623ce1d9bd0a4d2c45d9d47688e71ed383
Author: Nick Alcock <nick.alcock@oracle.com>
Date: Tue Jun 7 12:06:16 2016 +0100
Enable -fstack-protector=* when requested by configure.
This finally turns on all the machinery added in previous commits.
v3: Wrap long lines.
v5: Shuffle to the end.
* Makeconfig (+stack-protector): New variable.
(+cflags): Use it.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=11533a025509becc37503eab765e8e769e882283
commit 11533a025509becc37503eab765e8e769e882283
Author: Nick Alcock <nick.alcock@oracle.com>
Date: Tue Jun 7 12:06:15 2016 +0100
Do not stack-protect sigreturn stubs.
These are called from the kernel with the stack at a carefully-
chosen location so that the stack frame can be restored: they must not
move the stack pointer lest garbage be restored into the registers.
We explicitly inhibit protection for SPARC and for signal/sigreturn.c:
other arches either define their sigreturn stubs in .S files, or (i386,
x86_64, mips) use macros expanding to top-level asm blocks and explicit
labels in the text section to mock up a "function" without telling the
compiler that one is there at all.
v2: New.
v3: Use $(no-stack-protector).
v4: Use inhibit_stack_protector.
v7: Add sigreturn.c.
* signal/Makefile (CFLAGS-sigreturn.c): Use
$(no-stack-protector).
* sysdeps/unix/sysv/linux/sparc/sparc64/sigaction.c:
(__rt_sigreturn_stub): Use inhibit_stack_protector.
* sysdeps/unix/sysv/linux/sparc/sparc32/sigaction.c
(__rt_sigreturn_stub): Likewise.
(__sigreturn_stub): Likewise.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=14b3c413f1b1dd1bfc0bae45fc042a4de56b85af
commit 14b3c413f1b1dd1bfc0bae45fc042a4de56b85af
Author: Nick Alcock <nick.alcock@oracle.com>
Date: Tue Jun 7 12:06:14 2016 +0100
Drop explicit stack-protection of pieces of the system.
This is probably a bad idea: maybe we want to stack-protect some parts
of the system even when ! --enable-stack-protector. I can easily adjust
the patch to do that (though it'll mean introducing a new variable
analogous to $(stack-protector) but not controlled by the configure
flag.)
But if we wanted to value consistency over security, and use the same
stack-protection configure flag to control everything, this is how we'd
do it!
("Always include at least one patch with something obviously wrong with
it.")
* login/Makefile (pt_chown-cflags): Remove.
* nscd/Makefile (CFLAGS-nscd): Likewise.
* resolv/Makefile (CFLAGS-libresolv): Likewise.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=72bb1d426913236e2059e0001afcd75782ef8ff6
commit 72bb1d426913236e2059e0001afcd75782ef8ff6
Author: Nick Alcock <nick.alcock@oracle.com>
Date: Tue Jun 7 12:06:13 2016 +0100
Link various tests with -fno-stack-protector.
These tests do not link with libc, so cannot see __stack_chk_fail().
v3: Use $(no-stack-protector).
* elf/Makefile (CFLAGS-filtmod1.c): Use $(no-stack-protector) for
non-libc-linking testcase.
(CFLAGS-filtmod2.c): Likewise.
* stdlib/Makefile (CFLAGS-tst-putenvmod.c): Likewise.
* sysdeps/x86_64/Makefile (CFLAGS-tst-quad1pie.c): Likewise.
(CFLAGS-tst-quad2pie.c): Likewise.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f738b8f9e2c63772979e26e491ecf055bff28c50
commit f738b8f9e2c63772979e26e491ecf055bff28c50
Author: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Date: Tue Jun 7 12:06:12 2016 +0100
De-PLTize __stack_chk_fail internal calls within libc.so.
We use the same assembler-macro trick we use to de-PLTize
compiler-generated libcalls to memcpy and memset to redirect
__stack_chk_fail to __stack_chk_fail_local.
v5: New.
v6: Only do it within the shared library: with __stack_chk_fail_local
in libc_pic.a now we don't need to worry about calls from inside
other routines in libc_nonshared.a any more.
* sysdeps/generic/symbol-hacks.h (__stack_chk_fail): Add internal
alias.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4f2b01de3ab88daefdc239a3c25640153b88283d
commit 4f2b01de3ab88daefdc239a3c25640153b88283d
Author: Nick Alcock <nick.alcock@oracle.com>
Date: Tue Jun 7 12:06:11 2016 +0100
Add stack_chk_fail_local to libc.so.
This is required by the next commit, which routes all
__stack_chk_fail() calls in libc.so via this function to avoid
the PLT. It has be duplicated in libc.so and libc_nonshared.a
because its entire reason for existence is to be hidden and avoid
the PLT, so the copy in libc.so is not visible from elsewhere.
Also stop all the variants of __stack_chk_fail from being stack-
protected: this makes no sense and risks recursion.
v5: Better explanation. Add no-stack-protection of
__stack_chk_fail_local etc.
v6: Rework as suggested by Andreas: make a shared-only version of
stack_chk_fail_local.c rather than linking libc_nonshared into
libc.
* debug/libc-stack_chk_fail_local.c: New file.
* debug/Makefile (routines): Add it.
(shared-only-routines): Likewise.
(CFLAGS-stack_chk_fail.c): Use $(no-stack-protector).
(CFLAGS-stack_chk_fail_local.c): Likewise.
(CFLAGS-libc-stack_chk_fail_local.c): Likewise.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=085d48cdc5494e642cc7016649a75ab200a03781
commit 085d48cdc5494e642cc7016649a75ab200a03781
Author: Nick Alcock <nick.alcock@oracle.com>
Date: Tue Jun 7 12:06:10 2016 +0100
Work even with compilers hacked to enable -fstack-protector by default.
With all the machinery we just added, we can easily arrange to work even
when the compiler passes in -fstack-protector automatically: all the
necessary bits of glibc are always compiled with -fno-stack-protector
now.
So tear out the check in configure, and add appropriate calls to
-fno-stack-protector in tests that need them (largely those that use
-nostdlib), since we don't yet have a __stack_chk_fail() that those
tests can rely upon. (GCC often provides one, but we cannot rely on
this, especially not when bootstrapping.)
v2: No longer pass in -lssp to anything.
v5: Remove accidentally duplicated $(no_ssp)s.
v6: Small revisions following Mike Frysinger's review.
* configure.ac: Add check for unsupported stack-protection level.
(libc_cv_predef_stack_protector): Remove.
(no_ssp): New variable.
(libc_cv_ld_gnu_indirect_function): Use it.
(libc_cv_asm_set_directive): Likewise.
(libc_cv_protected_data): Likewise.
(libc_cv_z_combreloc): Likewise.
(libc_cv_hashstyle): Likewise.
(libc_cv_has_glob_dat): Likewise.
(libc_cv_output_format): Likewise.
(libc_cv_ehdr_start): Likewise.
* aclocal.m4 (LIBC_TRY_LINK_STATIC): Likewise.
(LIBC_LINKER_FEATURE): Likewise.
(LIBC_COMPILER_BUILTIN_INLINED): Likewise.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=10bb23d6cd48055ba4974119bc1cf87f4d8063e5
commit 10bb23d6cd48055ba4974119bc1cf87f4d8063e5
Author: Nick Alcock <nick.alcock@oracle.com>
Date: Tue Jun 7 12:06:09 2016 +0100
Prevent the rtld mapfile computation from dragging in __stack_chk_fail*.
The previous commit prevented rtld itself from being built with
-fstack-protector, but this is not quite enough. We identify which
objects belong in rtld via a test link and analysis of the resulting
mapfile. That link is necessarily done against objects that are
stack-protected, so drags in __stack_chk_fail_local, __stack_chk_fail,
and all the libc and libio code they use.
To stop this happening, use --defsym in the test librtld.map-production
link to force the linker to predefine these two symbols (to 0, but it
could be to anything). (In a real link, this would of course be
catastrophic, but these object files are never used for anything else.)
v2: New.
v6: Dummy out stack_chk_fail_local too.
* elf/Makefile (dummy-stack-chk-fail): New.
($(objpfx)librtld.map): Use it.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=0718bc3e5680502076efaba7fe3000d8d896c52f
commit 0718bc3e5680502076efaba7fe3000d8d896c52f
Author: Nick Alcock <nick.alcock@oracle.com>
Date: Tue Jun 7 12:06:08 2016 +0100
Compile the entire dynamic linker with -fno-stack-protector.
Also compile corresponding routines in the static libc.a with the same
flag.
v3: Use $(no-stack-protector).
Introduce $(elide-stack-protector) and use it to reduce redundancy.
Bring all the elisions together textually.
* elf/Makefile (elide-stack-protector): New.
(CFLAGS-.os): Use it, eliding $(all-rtld-routines).
(CFLAGS-.oX): Likewise, eliding $(elide-routines.os).
(rtld-CFLAGS): Likewise.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=dcb6b662b71117834db8732bd46649557f554a58
commit dcb6b662b71117834db8732bd46649557f554a58
Author: Nick Alcock <nick.alcock@oracle.com>
Date: Tue Jun 7 12:06:06 2016 +0100
Mark all machinery needed in early static-link init as -fno-stack-protector.
The startup code in csu/, brk() and sbrk(), and the
__pthread_initialize_tcb_internal() function we just introduced are
needed very early in initialization of a statically-linked program,
before the stack guard is initialized. Mark all of these as
-fno-stack-protector.
We also finally introduce @libc_cv_ssp@ and @no_stack_protector@, both
substituted by the configury changes made earlier, to detect the case
when -fno-stack-protector is supported by the compiler, and
unconditionally pass it in when this is the case, whether or not
--enable-stack-protector is passed to configure. (This means that
it'll even work when the compiler's been hacked to pass
-fstack-protector by default, unless the hackage is so broken that
it does so in a way that is impossible to override.)
(At one point we marked __libc_fatal() as non-stack-protected too,
but this was pointless: all it did was call other routines which *are*
stack-protected. The earliest __libc_fatal() call is in the
DL_SYSDEP_OSCHECK hook on some platforms, when statically linking:
this is fine, since it is after TLS and stack-canary initialization.
I have tested invocation of programs statically and dynamically
linked against this glibc on older kernels on x86 and ARM, and they
still "work", i.e. fail with the appropriate message.)
v2: No longer mark memcpy() as -fno-stack-protector.
v3: Use $(no-stack-protector).
v4: Use inhibit_stack_protector rather than de-protecting all of nptl-init.c.
v5: Don't stack-protect brk() and sbrk() in the shared library.
v7: Add comment in misc/Makefile. Commit message tweak.
* config.make.in (have-ssp): New.
(no-stack-protector): New.
* csu/Makefile (CFLAGS-.o): Use it.
(CFLAGS-.og): Likewise.
(CFLAGS-.op): Likewise.
(CFLAGS-.os): Likewise.
* misc/Makefile (CFLAGS-sbrk.o): Likewise.
(CFLAGS-sbrk.op): Likewise.
(CFLAGS-sbrk.og): Likewise.
(CFLAGS-brk.o): Likewise.
(CFLAGS-brk.op): Likewise.
(CFLAGS-brk.og): Likewise.
* nptl/nptl-init.c [!SHARED] (__pthread_initialize_tcb_internal):
Likewise.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d23b1cd0cf47428831e451eb7fda5434982b0675
commit d23b1cd0cf47428831e451eb7fda5434982b0675
Author: Florian Weimer <fweimer@redhat.com>
Date: Mon Jul 4 12:25:57 2016 +0200
Define inhibit_stack_protector
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=1a410af4d0c0b57ca0eff9546cf18539ebfce8af
commit 1a410af4d0c0b57ca0eff9546cf18539ebfce8af
Author: Nick Alcock <nick.alcock@oracle.com>
Date: Tue Jun 7 12:06:04 2016 +0100
Initialize the stack guard earlier when linking statically.
The address of the stack canary is stored in a per-thread variable,
which means that we must ensure that the TLS area is intialized before
calling any -fstack-protector'ed functions. For dynamically linked
applications, we ensure this (in a later patch) by disabling
-fstack-protector for the whole dynamic linker, but for static
applications the AT_ENTRY address is called directly by the kernel, so
we must deal with the problem differently.
So split out the part of pthread initialization that sets up the TCB
(and, more generally, the TLS area) into a separate function (twice --
there is one implementation in libpthread.a, and another outside it for
programs that do not link with libpthread), then call it at
initialization time. Call that, and move the stack guard initialization
above the DL_SYSDEP_OSCHECK hook, which if set will probably call
functions which are stack-protected (it does on Linux and NaCL too).
We also move apply_irel() up, so that we can still safely call functions
that require ifuncs while in __pthread_initialize_tcb_internal()
(though if stack-protection is enabled we still have to avoid calling
functions that are not stack-protected at this stage).
v2: describe why we don't move apply_irel() up, and the consequences.
v6: We can safely move apply_irel() up now.
* nptl/nptl-init.c (__pthread_initialize_tcb_internal): New
function, split out from...
(__pthread_initialize_minimal_internal): ... here.
* csu/libc-start.c (LIBC_START_MAIN): Call it. Move stack canary
and apply_irel() initialization up.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c090aec57a599df633c4ee175dab96c3642f7c84
commit c090aec57a599df633c4ee175dab96c3642f7c84
Author: Nick Alcock <nick.alcock@oracle.com>
Date: Tue Jun 7 12:06:03 2016 +0100
Configury support for --enable-stack-protector.
This adds =all and =strong, with obvious semantics, and with a rather
arbitrarily-chosen default off, which we might well want to change to
something stronger once this patch has been tested by people other than
me.
We don't validate the value of the option yet: that's in a later patch.
Nor do we use it for anything at this stage.
We differentiate between 'the compiler understands -fstack-protector'
and 'the user wanted -fstack-protector' so that we can pass
-fno-stack-protector in appropriate places even if the user didn't want
to turn on -fstack-protector for other parts. (This helps us overcome
another existing limitation, that glibc doesn't work with GCCs hacked
to pass in -fstack-protector by default.)
We might want to add another configuration option to turn on
-fstack-protector for nscd and other network-facing operations by
default, but for now I've stuck with one option to control everything.
v2: documentation in install.texi; better description of the option.
INSTALL regenerated.
v3: Substitute in no_stack_protector.
v6: Small quoting/spacing revisions following Mike Frysinger's review.
Add STACK_PROTECTOR_LEVEL.
v7: Quoting changes. Report --enable-stack-protector argument values
on error.
[BZ #7065]
* configure.ac (libc_cv_ssp): Move up.
(libc_cv_ssp_strong): Likewise.
(libc_cv_ssp_all): New.
(stack_protector): Augment, adding -fstack-protector-all.
(no_stack_protector): New.
(STACK_PROTECTOR_LEVEL): New.
(AC_ARG_ENABLE(stack-protector)): New configure flag.
* manual/install.texi (--enable-stack-protector): Document it.
* config.h.in (STACK_PROTECTOR_LEVEL): New macro.
* INSTALL: Regenerate.
-----------------------------------------------------------------------
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, master has been updated
via fcd942370ff863f67f971e255d30fb9c1f127607 (commit)
from 2908885c822eb43ffa2cdd67e0464e6d35afaf53 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=fcd942370ff863f67f971e255d30fb9c1f127607
commit fcd942370ff863f67f971e255d30fb9c1f127607
Author: Nick Alcock <nick.alcock@oracle.com>
Date: Wed Dec 21 12:04:12 2016 +0100
x86_64: tst-quad1pie, tst-quad2pie: compile with -fPIE [BZ #7065]
With stack protection enabled, these files have external symbol
references for the first time, so the fact that they are not compiled
with -fPIE and are then linked into a -pie binary starts to hurt.
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 6 ++++++
sysdeps/x86_64/Makefile | 3 +++
2 files changed, 9 insertions(+), 0 deletions(-)
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, fw/stack-protector has been created
at a547a051a93361a9ec4edf283bcebea66481fca8 (commit)
- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a547a051a93361a9ec4edf283bcebea66481fca8
commit a547a051a93361a9ec4edf283bcebea66481fca8
Author: Nick Alcock <nick.alcock@oracle.com>
Date: Wed Dec 21 16:01:30 2016 +0100
Enable -fstack-protector=* when requested by configure [BZ #7065]
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=299613826cccad6047f3bb4b9b2db97b9c899273
commit 299613826cccad6047f3bb4b9b2db97b9c899273
Author: Nick Alcock <nick.alcock@oracle.com>
Date: Wed Dec 21 16:01:09 2016 +0100
Do not stack-protect sigreturn stubs [BZ #7065]
These are called from the kernel with the stack at a carefully-
chosen location so that the stack frame can be restored: they must not
move the stack pointer lest garbage be restored into the registers.
We explicitly inhibit protection for SPARC and for signal/sigreturn.c:
other arches either define their sigreturn stubs in .S files, or (i386,
x86_64, mips) use macros expanding to top-level asm blocks and explicit
labels in the text section to mock up a "function" without telling the
compiler that one is there at all.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=59780db53ac8f56a492ce2949159939865cefad6
commit 59780db53ac8f56a492ce2949159939865cefad6
Author: Nick Alcock <nick.alcock@oracle.com>
Date: Wed Dec 21 16:01:00 2016 +0100
Drop explicit stack-protection of pieces of the system [BZ #7065]
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8ac7f200cb4478e55b746c1b7739a2eb0dd58541
commit 8ac7f200cb4478e55b746c1b7739a2eb0dd58541
Author: Nick Alcock <nick.alcock@oracle.com>
Date: Wed Dec 21 16:00:47 2016 +0100
Link a non-libc-using test with -fno-stack-protector [BZ #7065]
This test cannot reference __stack_chk_fail because it is not linked
with libc at all.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a8c94a367800c222a068dfa56a696437bbf4b32d
commit a8c94a367800c222a068dfa56a696437bbf4b32d
Author: Nick Alcock <nick.alcock@oracle.com>
Date: Wed Dec 21 15:58:22 2016 +0100
PLT avoidance for __stack_chk_fail [BZ #7065]
Add a hidden __stack_chk_fail_local alias to libc.so,
and make sure that on targets which use __stack_chk_fail,
this does not introduce a local PLT reference into libc.so.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=52c67c89daad240cfa76b39a4827ee6d4dada510
commit 52c67c89daad240cfa76b39a4827ee6d4dada510
Author: Nick Alcock <nick.alcock@oracle.com>
Date: Wed Dec 21 16:00:22 2016 +0100
Work even with compilers whcih enable -fstack-protector by default [BZ #7065]
With all the machinery we just added, we can easily arrange to work even
when the compiler passes in -fstack-protector automatically: all the
necessary bits of glibc are always compiled with -fno-stack-protector
now.
So tear out the check in configure, and add appropriate calls to
-fno-stack-protector in tests that need them (largely those that use
-nostdlib), since we don't yet have a __stack_chk_fail that those
tests can rely upon. (GCC often provides one, but we cannot rely on
this, especially not when bootstrapping.)
When stack protection is disabled, explicitly pass -fno-stack-protector
to everything, to stop a compiler hacked to enable it from inserting
calls to __stack_chk_fail via the PLT in every object file.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ceaed0d1f8713b9de5bdeda919525c8fcd61d89a
commit ceaed0d1f8713b9de5bdeda919525c8fcd61d89a
Author: Nick Alcock <nick.alcock@oracle.com>
Date: Wed Dec 21 16:00:13 2016 +0100
Ignore __stack_chk_fail* in the rtld mapfile computation [BZ #7065]
The previous commit prevented rtld itself from being built with
-fstack-protector, but this is not quite enough. We identify which
objects belong in rtld via a test link and analysis of the resulting
mapfile. That link is necessarily done against objects that are
stack-protected, so drags in __stack_chk_fail_local, __stack_chk_fail,
and all the libc and libio code they use.
To stop this happening, use --defsym in the test librtld.map-production
link to force the linker to predefine these two symbols (to 0, but it
could be to anything). (In a real link, this would of course be
catastrophic, but these object files are never used for anything else.)
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5abe578c24fce56130b9a44362907a83d076a06d
commit 5abe578c24fce56130b9a44362907a83d076a06d
Author: Nick Alcock <nick.alcock@oracle.com>
Date: Wed Dec 21 16:00:03 2016 +0100
Compile the dynamic linker without stack protection [BZ #7065]
Also compile corresponding routines in the static libc.a with the same
flag.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5ab1993e7799af49caacc86f1e3a4d335b2f3420
commit 5ab1993e7799af49caacc86f1e3a4d335b2f3420
Author: Nick Alcock <nick.alcock@oracle.com>
Date: Wed Dec 21 15:59:47 2016 +0100
Disable stack protector in early static initialization [BZ #7065]
The startup code in csu/, and the brk and sbrk functions are
needed very early in initialization of a statically-linked program,
before the stack guard is initialized; TLS initialization also uses
memcpy, which cannot overrun its own stack. Mark all of these as
-fno-stack-protector.
We also finally introduce @libc_cv_ssp@ and @no_stack_protector@, both
substituted by the configury changes made earlier, to detect the case
when -fno-stack-protector is supported by the compiler, and
unconditionally pass it in when this is the case, whether or not
--enable-stack-protector is passed to configure. (This means that
it'll even work when the compiler's been hacked to pass
-fstack-protector by default, unless the hackage is so broken that
it does so in a way that is impossible to override.)
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=25becbb762c7a9aff36a389f2d63dcb5f7fecb7a
commit 25becbb762c7a9aff36a389f2d63dcb5f7fecb7a
Author: Nick Alcock <nick.alcock@oracle.com>
Date: Wed Dec 21 15:59:32 2016 +0100
Do not stack-protect ifunc resolvers [BZ #7065]
When dynamically linking, ifunc resolvers are called before TLS is
initialized, so they cannot be safely stack-protected.
We avoid disabling stack-protection on large numbers of files by
using __attribute__ ((__optimize__ ("-fno-stack-protector")))
to turn it off just for the resolvers themselves. (We provide
the attribute even when statically linking, because we will later
use it elsewhere too.)
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8f26f41f502828d18ebe18adaf7e0e161b6005f9
commit 8f26f41f502828d18ebe18adaf7e0e161b6005f9
Author: Nick Alcock <nick.alcock@oracle.com>
Date: Wed Dec 21 16:58:42 2016 +0100
Initialize the stack guard earlier when linking statically [BZ #7065]
The address of the stack canary is stored in a per-thread variable,
which means that we must ensure that the TLS area is intialized before
calling any -fstack-protector'ed functions. For dynamically linked
applications, we ensure this (in a later patch) by disabling
-fstack-protector for the whole dynamic linker, but for static
applications, the AT_ENTRY address is called directly by the kernel, so
we must deal with the problem differently.
In static appliations, __libc_setup_tls performs the TCB setup and TLS
initialization, so this commit arranges for it to be called early and
unconditionally. The call (and the stack guard initialization) is
before the DL_SYSDEP_OSCHECK hook, which if set will probably call
functions which are stack-protected (it does on Linux and NaCL too). We
also move apply_irel up, so that we can still safely call functions that
require ifuncs while in __libc_setup_tls (though if stack-protection is
enabled we still have to avoid calling functions that are not
stack-protected at this stage).
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4d3eb50f579a017e8b68f1d28d7de2e026c1b20f
commit 4d3eb50f579a017e8b68f1d28d7de2e026c1b20f
Author: Nick Alcock <nick.alcock@oracle.com>
Date: Wed Dec 21 15:59:03 2016 +0100
Configure support for --enable-stack-protector [BZ #7065]
This adds =all and =strong, with obvious semantics, defaulting to off.
We don't validate the value of the option yet: that's in a later patch.
Nor do we use it for anything at this stage.
We differentiate between 'the compiler understands -fstack-protector'
and 'the user wanted -fstack-protector' so that we can pass
-fno-stack-protector in appropriate places even if the user didn't want
to turn on -fstack-protector for other parts. (This helps us overcome
another existing limitation, that glibc doesn't work with GCCs hacked
to pass in -fstack-protector by default.)
We also arrange to set the STACK_PROTECTOR_LEVEL #define to a value
appropriate for the stack-protection level in use for each file in
particular.
-----------------------------------------------------------------------
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, master has been updated
via cecbc7967f0bcac718b6f8f8942b58403c0e917c (commit)
via 2e6c45c59bcd40f1ae8466cbd32f4d263ff45619 (commit)
via 1ad4ba28e9335c288687d1757bce3221c522f576 (commit)
via 7cbb738d218fad3bc91deebfd8ce5f3918592b84 (commit)
via 524a8ef2ad76af8ac049293d993a1856b0d888fb (commit)
via 66a704c43cfec810fea67a6959f2d1c94f4d594f (commit)
via bc174f20b83d19167ecac14ce0762eddbe47cc64 (commit)
via 995635f95b707488c23bba07be8016c9682d4045 (commit)
via 10c85e76c09716e744b4a41006718400b1eb2e84 (commit)
via de6591238b478bc86b8cf5af01a484114e399213 (commit)
via 003a27e8195470f470f4d9384ca70d4e9fc8bd1b (commit)
via 03baef1c9cfb396d76cae20a00aee657871e79c4 (commit)
from 81e0662e5f2c342ffa413826b7b100d56677b613 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=cecbc7967f0bcac718b6f8f8942b58403c0e917c
commit cecbc7967f0bcac718b6f8f8942b58403c0e917c
Author: Nick Alcock <nick.alcock@oracle.com>
Date: Mon Dec 26 10:09:10 2016 +0100
Enable -fstack-protector=* when requested by configure [BZ #7065]
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=2e6c45c59bcd40f1ae8466cbd32f4d263ff45619
commit 2e6c45c59bcd40f1ae8466cbd32f4d263ff45619
Author: Nick Alcock <nick.alcock@oracle.com>
Date: Mon Dec 26 10:09:06 2016 +0100
Do not stack-protect sigreturn stubs [BZ #7065]
These are called from the kernel with the stack at a carefully-
chosen location so that the stack frame can be restored: they must not
move the stack pointer lest garbage be restored into the registers.
We explicitly inhibit protection for SPARC and for signal/sigreturn.c:
other arches either define their sigreturn stubs in .S files, or (i386,
x86_64, mips) use macros expanding to top-level asm blocks and explicit
labels in the text section to mock up a "function" without telling the
compiler that one is there at all.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=1ad4ba28e9335c288687d1757bce3221c522f576
commit 1ad4ba28e9335c288687d1757bce3221c522f576
Author: Nick Alcock <nick.alcock@oracle.com>
Date: Mon Dec 26 10:09:03 2016 +0100
Drop explicit stack-protection of pieces of the system [BZ #7065]
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=7cbb738d218fad3bc91deebfd8ce5f3918592b84
commit 7cbb738d218fad3bc91deebfd8ce5f3918592b84
Author: Nick Alcock <nick.alcock@oracle.com>
Date: Mon Dec 26 10:09:00 2016 +0100
Link a non-libc-using test with -fno-stack-protector [BZ #7065]
This test cannot reference __stack_chk_fail because it is not linked
with libc at all.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=524a8ef2ad76af8ac049293d993a1856b0d888fb
commit 524a8ef2ad76af8ac049293d993a1856b0d888fb
Author: Nick Alcock <nick.alcock@oracle.com>
Date: Mon Dec 26 10:08:57 2016 +0100
PLT avoidance for __stack_chk_fail [BZ #7065]
Add a hidden __stack_chk_fail_local alias to libc.so,
and make sure that on targets which use __stack_chk_fail,
this does not introduce a local PLT reference into libc.so.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=66a704c43cfec810fea67a6959f2d1c94f4d594f
commit 66a704c43cfec810fea67a6959f2d1c94f4d594f
Author: Nick Alcock <nick.alcock@oracle.com>
Date: Mon Dec 26 10:08:54 2016 +0100
Work even with compilers which enable -fstack-protector by default [BZ #7065]
With all the machinery we just added, we can easily arrange to work even
when the compiler passes in -fstack-protector automatically: all the
necessary bits of glibc are always compiled with -fno-stack-protector
now.
So tear out the check in configure, and add appropriate calls to
-fno-stack-protector in tests that need them (largely those that use
-nostdlib), since we don't yet have a __stack_chk_fail that those
tests can rely upon. (GCC often provides one, but we cannot rely on
this, especially not when bootstrapping.)
When stack protection is disabled, explicitly pass -fno-stack-protector
to everything, to stop a compiler hacked to enable it from inserting
calls to __stack_chk_fail via the PLT in every object file.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bc174f20b83d19167ecac14ce0762eddbe47cc64
commit bc174f20b83d19167ecac14ce0762eddbe47cc64
Author: Nick Alcock <nick.alcock@oracle.com>
Date: Mon Dec 26 10:08:51 2016 +0100
Ignore __stack_chk_fail* in the rtld mapfile computation [BZ #7065]
The previous commit prevented rtld itself from being built with
-fstack-protector, but this is not quite enough. We identify which
objects belong in rtld via a test link and analysis of the resulting
mapfile. That link is necessarily done against objects that are
stack-protected, so drags in __stack_chk_fail_local, __stack_chk_fail,
and all the libc and libio code they use.
To stop this happening, use --defsym in the test librtld.map-production
link to force the linker to predefine these two symbols (to 0, but it
could be to anything). (In a real link, this would of course be
catastrophic, but these object files are never used for anything else.)
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=995635f95b707488c23bba07be8016c9682d4045
commit 995635f95b707488c23bba07be8016c9682d4045
Author: Nick Alcock <nick.alcock@oracle.com>
Date: Mon Dec 26 10:08:48 2016 +0100
Compile the dynamic linker without stack protection [BZ #7065]
Also compile corresponding routines in the static libc.a with the same
flag.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=10c85e76c09716e744b4a41006718400b1eb2e84
commit 10c85e76c09716e744b4a41006718400b1eb2e84
Author: Nick Alcock <nick.alcock@oracle.com>
Date: Mon Dec 26 10:08:45 2016 +0100
Disable stack protector in early static initialization [BZ #7065]
The startup code in csu/, and the brk and sbrk functions are
needed very early in initialization of a statically-linked program,
before the stack guard is initialized; TLS initialization also uses
memcpy, which cannot overrun its own stack. Mark all of these as
-fno-stack-protector.
We also finally introduce @libc_cv_ssp@ and @no_stack_protector@, both
substituted by the configury changes made earlier, to detect the case
when -fno-stack-protector is supported by the compiler, and
unconditionally pass it in when this is the case, whether or not
--enable-stack-protector is passed to configure. (This means that
it'll even work when the compiler's been hacked to pass
-fstack-protector by default, unless the hackage is so broken that
it does so in a way that is impossible to override.)
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=de6591238b478bc86b8cf5af01a484114e399213
commit de6591238b478bc86b8cf5af01a484114e399213
Author: Nick Alcock <nick.alcock@oracle.com>
Date: Mon Dec 26 10:08:41 2016 +0100
Do not stack-protect ifunc resolvers [BZ #7065]
When dynamically linking, ifunc resolvers are called before TLS is
initialized, so they cannot be safely stack-protected.
We avoid disabling stack-protection on large numbers of files by
using __attribute__ ((__optimize__ ("-fno-stack-protector")))
to turn it off just for the resolvers themselves. (We provide
the attribute even when statically linking, because we will later
use it elsewhere too.)
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=003a27e8195470f470f4d9384ca70d4e9fc8bd1b
commit 003a27e8195470f470f4d9384ca70d4e9fc8bd1b
Author: Nick Alcock <nick.alcock@oracle.com>
Date: Mon Dec 26 10:08:34 2016 +0100
Initialize the stack guard earlier when linking statically [BZ #7065]
The address of the stack canary is stored in a per-thread variable,
which means that we must ensure that the TLS area is intialized before
calling any -fstack-protector'ed functions. For dynamically linked
applications, we ensure this (in a later patch) by disabling
-fstack-protector for the whole dynamic linker, but for static
applications, the AT_ENTRY address is called directly by the kernel, so
we must deal with the problem differently.
In static appliations, __libc_setup_tls performs the TCB setup and TLS
initialization, so this commit arranges for it to be called early and
unconditionally. The call (and the stack guard initialization) is
before the DL_SYSDEP_OSCHECK hook, which if set will probably call
functions which are stack-protected (it does on Linux and NaCL too). We
also move apply_irel up, so that we can still safely call functions that
require ifuncs while in __libc_setup_tls (though if stack-protection is
enabled we still have to avoid calling functions that are not
stack-protected at this stage).
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=03baef1c9cfb396d76cae20a00aee657871e79c4
commit 03baef1c9cfb396d76cae20a00aee657871e79c4
Author: Nick Alcock <nick.alcock@oracle.com>
Date: Mon Dec 26 10:08:18 2016 +0100
Configure support for --enable-stack-protector [BZ #7065]
This adds =all and =strong, with obvious semantics, defaulting to off.
We don't validate the value of the option yet: that's in a later patch.
Nor do we use it for anything at this stage.
We differentiate between 'the compiler understands -fstack-protector'
and 'the user wanted -fstack-protector' so that we can pass
-fno-stack-protector in appropriate places even if the user didn't want
to turn on -fstack-protector for other parts. (This helps us overcome
another existing limitation, that glibc doesn't work with GCCs hacked
to pass in -fstack-protector by default.)
We also arrange to set the STACK_PROTECTOR_LEVEL #define to a value
appropriate for the stack-protection level in use for each file in
particular.
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 149 +++++++++++++
INSTALL | 11 +
Makeconfig | 8 +-
NEWS | 4 +
aclocal.m4 | 6 +-
config.h.in | 10 +
config.make.in | 2 +
configure | 243 +++++++++++----------
configure.ac | 146 +++++++------
csu/Makefile | 4 +
csu/libc-start.c | 29 ++--
csu/libc-tls.c | 17 +-
debug/Makefile | 6 +
debug/stack_chk_fail.c | 2 +
elf/Makefile | 30 +++-
elf/ifuncdep2.c | 3 +
elf/ifuncmain6pie.c | 1 +
elf/ifuncmain7.c | 1 +
elf/ifuncmod1.c | 3 +
elf/ifuncmod5.c | 3 +
elf/rtld-Rules | 2 +
include/libc-symbols.h | 12 +-
login/Makefile | 1 -
manual/install.texi | 11 +
misc/Makefile | 7 +
nptl/nptl-init.c | 16 --
nscd/Makefile | 1 -
resolv/Makefile | 1 -
signal/Makefile | 2 +
string/Makefile | 4 +
sysdeps/generic/ifunc-sel.h | 2 +
sysdeps/generic/ldsodefs.h | 11 +
sysdeps/generic/symbol-hacks.h | 12 +
sysdeps/i386/Makefile | 2 +-
sysdeps/nacl/nacl_interface_query.c | 1 +
sysdeps/powerpc/ifunc-sel.h | 2 +
sysdeps/unix/make-syscalls.sh | 1 +
sysdeps/unix/sysv/linux/sparc/sparc32/sigaction.c | 8 +-
sysdeps/unix/sysv/linux/sparc/sparc64/sigaction.c | 4 +-
sysdeps/unix/sysv/linux/x86_64/x32/getcpu.c | 1 +
sysdeps/x86_64/ifuncmod8.c | 1 +
41 files changed, 539 insertions(+), 241 deletions(-)
Fixed in 2.25. This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, fw/stack-protector has been deleted
was a547a051a93361a9ec4edf283bcebea66481fca8
- Log -----------------------------------------------------------------
a547a051a93361a9ec4edf283bcebea66481fca8 Enable -fstack-protector=* when requested by configure [BZ #7065]
-----------------------------------------------------------------------
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The annotated tag, glibc-2.25 has been created
at be176490b818b65b5162c332eb6b581690b16e5c (tag)
tagging db0242e3023436757bbc7c488a779e6e3343db04 (commit)
replaces glibc-2.24
tagged by Siddhesh Poyarekar
on Sun Feb 5 21:19:00 2017 +0530
- Log -----------------------------------------------------------------
The GNU C Library
=================
The GNU C Library version 2.25 is now available.
The GNU C Library is used as *the* C library in the GNU system and
in GNU/Linux systems, as well as many other systems that use Linux
as the kernel.
The GNU C Library is primarily designed to be a portable
and high performance C library. It follows all relevant
standards including ISO C11 and POSIX.1-2008. It is also
internationalized and has one of the most complete
internationalization interfaces known.
The GNU C Library webpage is at http://www.gnu.org/software/libc/
Packages for the 2.25 release may be downloaded from:
http://ftpmirror.gnu.org/libc/
http://ftp.gnu.org/gnu/libc/
The mirror list is at http://www.gnu.org/order/ftp.html
NEWS for version 2.25
=====================
* The feature test macro __STDC_WANT_LIB_EXT2__, from ISO/IEC TR
24731-2:2010, is supported to enable declarations of functions from that
TR. Note that not all functions from that TR are supported by the GNU C
Library.
* The feature test macro __STDC_WANT_IEC_60559_BFP_EXT__, from ISO/IEC TS
18661-1:2014, is supported to enable declarations of functions and macros
from that TS. Note that not all features from that TS are supported by
the GNU C Library.
* The feature test macro __STDC_WANT_IEC_60559_FUNCS_EXT__, from ISO/IEC TS
18661-4:2015, is supported to enable declarations of functions and macros
from that TS. Note that most features from that TS are not supported by
the GNU C Library.
* The nonstandard feature selection macros _REENTRANT and _THREAD_SAFE are
now treated as compatibility synonyms for _POSIX_C_SOURCE=199506L.
Since the GNU C Library defaults to a much newer revision of POSIX, this
will only affect programs that specifically request an old conformance
mode. For instance, a program compiled with -std=c89 -D_REENTRANT will
see a change in the visible declarations, but a program compiled with
just -D_REENTRANT, or -std=c99 -D_POSIX_C_SOURCE=200809L -D_REENTRANT,
will not.
Some C libraries once required _REENTRANT and/or _THREAD_SAFE to be
defined by all multithreaded code, but glibc has not required this for
many years.
* The inclusion of <sys/sysmacros.h> by <sys/types.h> is deprecated. This
means that in a future release, the macros “major”, “minor”, and “makedev”
will only be available from <sys/sysmacros.h>.
These macros are not part of POSIX nor XSI, and their names frequently
collide with user code; see for instance glibc bug 19239 and Red Hat bug
130601. <stdlib.h> includes <sys/types.h> under _GNU_SOURCE, and C++ code
presently cannot avoid being compiled under _GNU_SOURCE, exacerbating the
problem.
* New <fenv.h> features from TS 18661-1:2014 are added to libm: the
fesetexcept, fetestexceptflag, fegetmode and fesetmode functions, the
femode_t type and the FE_DFL_MODE and FE_SNANS_ALWAYS_SIGNAL macros.
* Integer width macros from TS 18661-1:2014 are added to <limits.h>:
CHAR_WIDTH, SCHAR_WIDTH, UCHAR_WIDTH, SHRT_WIDTH, USHRT_WIDTH, INT_WIDTH,
UINT_WIDTH, LONG_WIDTH, ULONG_WIDTH, LLONG_WIDTH, ULLONG_WIDTH; and to
<stdint.h>: INT8_WIDTH, UINT8_WIDTH, INT16_WIDTH, UINT16_WIDTH,
INT32_WIDTH, UINT32_WIDTH, INT64_WIDTH, UINT64_WIDTH, INT_LEAST8_WIDTH,
UINT_LEAST8_WIDTH, INT_LEAST16_WIDTH, UINT_LEAST16_WIDTH,
INT_LEAST32_WIDTH, UINT_LEAST32_WIDTH, INT_LEAST64_WIDTH,
UINT_LEAST64_WIDTH, INT_FAST8_WIDTH, UINT_FAST8_WIDTH, INT_FAST16_WIDTH,
UINT_FAST16_WIDTH, INT_FAST32_WIDTH, UINT_FAST32_WIDTH, INT_FAST64_WIDTH,
UINT_FAST64_WIDTH, INTPTR_WIDTH, UINTPTR_WIDTH, INTMAX_WIDTH,
UINTMAX_WIDTH, PTRDIFF_WIDTH, SIG_ATOMIC_WIDTH, SIZE_WIDTH, WCHAR_WIDTH,
WINT_WIDTH.
* New <math.h> features are added from TS 18661-1:2014:
- Signaling NaN macros: SNANF, SNAN, SNANL.
- Nearest integer functions: roundeven, roundevenf, roundevenl, fromfp,
fromfpf, fromfpl, ufromfp, ufromfpf, ufromfpl, fromfpx, fromfpxf,
fromfpxl, ufromfpx, ufromfpxf, ufromfpxl.
- llogb functions: the llogb, llogbf and llogbl functions, and the
FP_LLOGB0 and FP_LLOGBNAN macros.
- Max-min magnitude functions: fmaxmag, fmaxmagf, fmaxmagl, fminmag,
fminmagf, fminmagl.
- Comparison macros: iseqsig.
- Classification macros: iscanonical, issubnormal, iszero.
- Total order functions: totalorder, totalorderf, totalorderl,
totalordermag, totalordermagf, totalordermagl.
- Canonicalize functions: canonicalize, canonicalizef, canonicalizel.
- NaN functions: getpayload, getpayloadf, getpayloadl, setpayload,
setpayloadf, setpayloadl, setpayloadsig, setpayloadsigf, setpayloadsigl.
* The functions strfromd, strfromf, and strfroml, from ISO/IEC TS 18661-1:2014,
are added to libc. They convert a floating-point number into string.
* Most of glibc can now be built with the stack smashing protector enabled.
It is recommended to build glibc with --enable-stack-protector=strong.
Implemented by Nick Alcock (Oracle).
* The function explicit_bzero, from OpenBSD, has been added to libc. It is
intended to be used instead of memset() to erase sensitive data after use;
the compiler will not optimize out calls to explicit_bzero even if they
are "unnecessary" (in the sense that no _correct_ program can observe the
effects of the memory clear).
* On ColdFire, MicroBlaze, Nios II and SH3, the float_t type is now defined
to float instead of double. This does not affect the ABI of any libraries
that are part of the GNU C Library, but may affect the ABI of other
libraries that use this type in their interfaces.
* On x86_64, when compiling with -mfpmath=387 or -mfpmath=sse+387, the
float_t and double_t types are now defined to long double instead of float
and double. These options are not the default, and this does not affect
the ABI of any libraries that are part of the GNU C Library, but it may
affect the ABI of other libraries that use this type in their interfaces,
if they are compiled or used with those options.
* The getentropy and getrandom functions, and the <sys/random.h> header file
have been added.
* The buffer size for byte-oriented stdio streams is now limited to 8192
bytes by default. Previously, on Linux, the default buffer size on most
file systems was 4096 bytes (and thus remains unchanged), except on
network file systems, where the buffer size was unpredictable and could be
as large as several megabytes.
* The <sys/quota.h> header now includes the <linux/quota.h> header. Support
for the Linux quota interface which predates kernel version 2.4.22 has
been removed.
* The malloc_get_state and malloc_set_state functions have been removed.
Already-existing binaries that dynamically link to these functions will
get a hidden implementation in which malloc_get_state is a stub. As far
as we know, these functions are used only by GNU Emacs and this change
will not adversely affect already-built Emacs executables. Any undumped
Emacs executables, which normally exist only during an Emacs build, should
be rebuilt by re-running “./configure; make” in the Emacs build tree.
* The “ip6-dotint” and “no-ip6-dotint” resolver options, and the
corresponding RES_NOIP6DOTINT flag from <resolv.h> have been removed.
“no-ip6-dotint” had already been the default, and support for the
“ip6-dotint” option was removed from the Internet in 2006.
* The "ip6-bytestring" resolver option and the corresponding RES_USEBSTRING
flag from <resolv.h> have been removed. The option relied on a
backwards-incompatible DNS extension which was never deployed on the
Internet.
* The flags RES_AAONLY, RES_PRIMARY, RES_NOCHECKNAME, RES_KEEPTSIG,
RES_BLAST defined in the <resolv.h> header file have been deprecated.
They were already unimplemented.
* The "inet6" option in /etc/resolv.conf and the RES_USE_INET6 flag for
_res.flags are deprecated. The flag was standardized in RFC 2133, but
removed again from the IETF name lookup interface specification in RFC
2553. Applications should use getaddrinfo instead.
* DNSSEC-related declarations and definitions have been removed from the
<arpa/nameser.h> header file, and libresolv will no longer attempt to
decode the data part of DNSSEC record types. Previous versions of glibc
only implemented minimal support for the previous version of DNSSEC, which
is incompatible with the currently deployed version.
* The resource record type classification macros ns_t_qt_p, ns_t_mrr_p,
ns_t_rr_p, ns_t_udp_p, ns_t_xfr_p have been removed from the
<arpa/nameser.h> header file because the distinction between RR types and
meta-RR types is not officially standardized, subject to revision, and
thus not suitable for encoding in a macro.
* The types res_sendhookact, res_send_qhook, re_send_rhook, and the qhook
and rhook members of the res_state type in <resolv.h> have been removed.
The glibc stub resolver did not support these hooks, but the header file
did not reflect that.
* For multi-arch support it is recommended to use a GCC which has
been built with support for GNU indirect functions. This ensures
that correct debugging information is generated for functions
selected by IFUNC resolvers. This support can either be enabled by
configuring GCC with '--enable-gnu-indirect-function', or by
enabling it by default by setting 'default_gnu_indirect_function'
variable for a particular architecture in the GCC source file
'gcc/config.gcc'.
* GDB pretty printers have been added for mutex and condition variable
structures in POSIX Threads. When installed and loaded in gdb these pretty
printers show various pthread variables in human-readable form when read
using the 'print' or 'display' commands in gdb.
* Tunables feature added to allow tweaking of the runtime for an application
program. This feature can be enabled with the '--enable-tunables' configure
flag. The GNU C Library manual has details on usage and README.tunables has
instructions on adding new tunables to the library.
* A new version of condition variables functions have been implemented in
the NPTL implementation of POSIX Threads to provide stronger ordering
guarantees.
* A new version of pthread_rwlock functions have been implemented to use a more
scalable algorithm primarily through not using a critical section anymore to
make state changes.
Security related changes:
* On ARM EABI (32-bit), generating a backtrace for execution contexts which
have been created with makecontext could fail to terminate due to a
missing .cantunwind annotation. This has been observed to lead to a hang
(denial of service) in some Go applications compiled with gccgo. Reported
by Andreas Schwab. (CVE-2016-6323)
* The DNS stub resolver functions would crash due to a NULL pointer
dereference when processing a query with a valid DNS question type which
was used internally in the implementation. The stub resolver now uses a
question type which is outside the range of valid question type values.
(CVE-2015-5180)
Contributors
============
This release was made possible by the contributions of many people.
The maintainers are grateful to everyone who has contributed
changes or bug reports. These include:
Adhemerval Zanella
Alan Modra
Alexandre Oliva
Andreas Schwab
Andrew Senkevich
Aurelien Jarno
Brent W. Baccala
Carlos O'Donell
Chris Metcalf
Chung-Lin Tang
DJ Delorie
David S. Miller
Denis Kaganovich
Dmitry V. Levin
Ernestas Kulik
Florian Weimer
Gabriel F T Gomes
Gabriel F. T. Gomes
H.J. Lu
Jakub Jelinek
James Clarke
James Greenhalgh
Jim Meyering
John David Anglin
Joseph Myers
Maciej W. Rozycki
Mark Wielaard
Martin Galvan
Martin Pitt
Mike Frysinger
Märt Põder
Nick Alcock
Paul E. Murphy
Paul Murphy
Rajalakshmi Srinivasaraghavan
Rasmus Villemoes
Rical Jasan
Richard Henderson
Roland McGrath
Samuel Thibault
Siddhesh Poyarekar
Stefan Liebler
Steve Ellcey
Svante Signell
Szabolcs Nagy
Tom Tromey
Torvald Riegel
Tulio Magno Quites Machado Filho
Wilco Dijkstra
Yury Norov
Zack Weinberg
-----BEGIN PGP SIGNATURE-----
iQEcBAABAgAGBQJYl0mTAAoJEHnEPfvxzyGHXTgH/jsS205Wdz9EniZrJ6+NXCm1
F/eeOMotGNv82BYaLRnw9XrF7p6+ND8E+7rSvFZT5O309OrdLjg4QG6M63COMRCh
6KKtQUM/00I1u4AYkOOgrUkor3m58GgeQUziOxXNvQNoU8zLguPk4kzVsvxq6lJR
/IROH2Mfl1AggOGq9Y1R/0uQCpj4jJSLETxJupg4calGPZQW3isogucSmogdccAB
Bqso7L40Xo4LJnEoD7JurlMrP5x043TttmTyvnFTtxRZTAHVjyQpFMKHaSkMgtIG
+fe26Ua3oMqbE9A9G3qiMIrPEqu+0tWKbvci0FeaE30vfI6YtVcd8I0RlBW9gok=
=3NM3
-----END PGP SIGNATURE-----
Adhemerval Zanella (69):
Fix test-skeleton C99 designed initialization
nptl: Consolidate sem_open implementations
nptl: Set sem_open as a non cancellation point (BZ #15765)
nptl: Remove sparc sem_wait
nptl: Fix sem_wait and sem_timedwait cancellation (BZ#18243)
rt: Set shm_open as a non cancellation point (BZ #18243)
nptl: Consolidate sem_init implementations
posix: Correctly enable/disable cancellation on Linux posix_spawn
posix: Correctly block/unblock all signals on Linux posix_spawn
Add INTERNAL_SYSCALL_CALL
posix: Fix open file action for posix_spawn on Linux
Remove C++ style comments from string3.h
libio: Multiple fixes for open_{w}memstram (BZ#18241 and BZ#20181)
Fix tst-memstream3 build failure
Consolidate fallocate{64} implementations
Consolidate posix_fallocate{64} implementations
Consolidate posix_fadvise implementations
Fix iseqsig for ports that do not support FE_INVALID
Consolidate Linux sync_file_range implementations
Fix posix_fadvise64 build on mips64n64
Fix Linux fallocate tests for EOPNOTSUPP
Fix Linux sh4 pread/pwrite argument passing
Fix sparc build due missing __WORDSIZE_TIME64_COMPAT32 definition
Consolidate lseek/lseek64/llseek implementations
Consolidate Linux ftruncate implementations
Consolidate Linux truncate implementations
Consolidate Linux access implementation
Fix sh4 build with __ASSUME_ST_INO_64_BIT redefinition
New internal function __access_noerrno
Consolidate Linux setrlimit and getrlimit implementation
Fix hurd __access_noerrno implementation.
Fix writes past the allocated array bounds in execvpe (BZ#20847)
Remove cached PID/TID in clone
powerpc: Remove stpcpy internal clash with IFUNC
powerpc: Remove stpcpy internal clash with IFUNC
Fix writes past the allocated array bounds in execvpe (BZ#20847)
Consolidate rename Linux implementation
Consolidate renameat Linux implementation
Fix powerpc64/power7 memchr for large input sizes
Fix typos and missing closing bracket in test-memchr.c
Adjust benchtests to new support library.
benchtests: Add fmax/fmin benchmarks
benchtests: Add fmaxf/fminf benchmarks
Fix x86_64 memchr for large input sizes
powerpc: Remove f{max,min}{f} assembly implementations
Add __ASSUME_DIRECT_SYSVIPC_SYSCALL for Linux
Refactor Linux ipc_priv header
Consolidate Linux msgctl implementation
Consolidate Linux msgrcv implementation
Use msgsnd syscall for Linux implementation
Use msgget syscall for Linux implementation
Add SYSV message queue test
Consolidate Linux semctl implementation
Use semget syscall for Linux implementation
Use semop syscall for Linux implementation
Consolidate Linux semtimedop implementation
Add SYSV semaphore test
Use shmat syscall for Linux implementation
Consolidate Linux shmctl implementation
Use shmdt syscall for linux implementation
Use shmget syscall for linux implementation
Add SYSV shared memory test
Fix i686 memchr for large input sizes
Fix test-sysvsem on some platforms
Fix x86 strncat optimized implementation for large sizes
Remove duplicate strcat implementations
Use fortify macros for b{zero,copy} along decl from strings.h
Move fortified explicit_bzero back to string3
Add missing bugzilla reference in previous ChangeLog entry
Alan Modra (1):
powerpc32: make PLT call in _mcount compatible with -msecure-plt (bug 20554)
Alexandre Oliva (2):
[PR19826] fix non-LE TLS in static programs
Bug 20915: Do not initialize DTV of other threads.
Andreas Schwab (11):
arm: mark __startcontext as .cantunwind (bug 20435)
Properly initialize glob structure with GLOB_BRACE|GLOB_DOOFFS (bug 20707)
Fix multiple definitions of mk[o]stemp[s]64
Get rid of __elision_available
Fix testsuite timeout handling
powerpc: remove _dl_platform_string and _dl_powerpc_platforms
Fix assertion failure on test timeout
Fix ChangeLog typo
Revert "Fix ChangeLog typo"
m68k: fix 64bit atomic ops
Fix missing test dependency
Andrew Senkevich (4):
x86_64: Call finite scalar versions in vectorized log, pow, exp (bz #20033).
Install libm.a as linker script (bug 20539).
Better design of libm.a installation rule.
Disable TSX on some Haswell processors.
Aurelien Jarno (14):
alpha: fix ceil on sNaN input
alpha: fix floor on sNaN input
alpha: fix rint on sNaN input
alpha: fix trunc for big input values
powerpc: fix ifunc-sel.h with GCC 6
powerpc: fix ifunc-sel.h fix asm constraints and clobber list
sparc64: add a VIS3 version of ceil, floor and trunc
sparc: build with -mvis on sparc32/sparcv9 and sparc64
sparc: remove fdim sparc specific implementations
sparc32/sparcv9: add a VIS3 version of fdim
Set NODELETE flag after checking for NULL pointer
conform tests: call perl with '-I.'
gconv.h: fix build with GCC 7
x86_64: fix static build of __memcpy_chk for compilers defaulting to PIC/PIE
Brent W. Baccala (1):
hurd: Fix spurious port deallocation
Carlos O'Donell (17):
Open development for 2.25.
Update PO files.
Bug 20292 - Simplify and test _dl_addr_inside_object
Bug 20689: Fix FMA and AVX2 detection on Intel
Fix atomic_fetch_xor_release.
Add missing include for stdlib.h.
Fix building tst-linkall-static.
Add include/crypt.h.
Bug 20729: Fix building with -Os.
Bug 20729: Include libc-internal.h where required.
Bug 20729: Fix build failures on ppc64 and other arches.
Remove out of date PROJECTS file.
Bug 20918 - Building with --enable-nss-crypt fails tst-linkall-static
Bug 11941: ld.so: Improper assert map->l_init_called in dlclose
Add deferred cancellation regression test for getpwuid_r.
Fix failing pretty printer tests when CPPFLAGS has optimizations.
Bug 20116: Fix use after free in pthread_create()
Chris Metcalf (6):
Make sure tilepro uses kernel atomics fo atomic_store
Make tile's set_dataplane API compatibility-only
tile: create new math-tests.h header
build-many-glibcs: Revert -fno-isolate-erroneous-paths options for tilepro
tile: pass __IPC_64 as zero for SysV IPC calls
tile: Check for pointer add overflow in memchr
Chung-Lin Tang (1):
Add ipc_priv.h header for Nios II to set __IPC_64 to zero.
DJ Delorie (1):
* elf/dl-tunables.c (tunable_set_val_if_valid_range): Split into ...
David S. Miller (4):
Fix wide-char testsuite SIGBUS on platforms such as Sparc.
Fix sNaN handling in nearbyint on 32-bit sparc.
Fix a sparc header conformtest failure.
sparc: Remove optimized math routines which cause testsuite failures.
Denis Kaganovich (1):
configure: accept __stack_chk_fail_local for ssp support too [BZ #20662]
Dmitry V. Levin (1):
Fix typos in the spelling of "implementation"
Ernestas Kulik (1):
localedata: lt_LT: use hyphens in d_fmt [BZ #20497]
Florian Weimer (100):
malloc: Preserve arena free list/thread count invariant [BZ #20370]
malloc: Run tests without calling mallopt [BZ #19469]
Add support for referencing specific symbol versions
elf: dl-minimal malloc needs to respect fundamental alignment
elf: Avoid using memalign for TLS allocations [BZ #17730]
elf: Do not use memalign for TCB/TLS blocks allocation [BZ #17730]
x86: Use sysdep.o from libc.a in static libraries
Add missing reference to bug 20452
nptl/tst-tls3-malloc: Force freeing of thread stacks
Add NEWS entry for CVE-2016-6323
Add CVE-2016-6323 missing from NEWS entry
Do not override objects in libc.a in other static libraries [BZ #20452]
nptl/tst-once5: Reduce time to expected failure
argp: Do not override GCC keywords with macros [BZ #16907]
string: More tests for strcmp, strcasecmp, strncmp, strncasecmp
nptl: Avoid expected SIGALRM in most tests [BZ #20432]
Correct incorrect bug number in changelog
malloc: Simplify static malloc interposition [BZ #20432]
Base <sys/quota.h> on Linux kernel headers [BZ #20525]
vfprintf: Avoid creating a VLA which complicates stack management
vfscanf: Avoid multiple reads of multi-byte character width
malloc: Automated part of conversion to __libc_lock
resolv: Remove _LIBC_REENTRANT
Remove the ptw-% patterns
inet: Add __inet6_scopeid_pton function [BZ #20611]
sysd-rules: Cut down the number of rtld-% pattern rules
Remove remnants of .og patterns
sln: Preprocessor cleanups
Generate .op pattern rules for profiling builds only
Avoid running $(CXX) during build to obtain header file paths
Add test case for O_TMPFILE handling in open, openat
manual: Clarify the documentation of strverscmp [BZ #20524]
Remove obsolete DNSSEC support [BZ #20591]
resolv: Remove the BIND_4_COMPAT macro
<arpa/nameser.h>, <arpa/nameser_compat.h>: Remove versions
<arpa/nameser.h>: Remove RR type classification macros [BZ #20592]
malloc: Manual part of conversion to __libc_lock
resolv: Remove unsupported hook functions from the API [BZ #20016]
test-skeleton.c: Remove unintended #include <stdarg.h>.
tst-open-tmpfile: Add checks for open64, openat64, linkat
manual: Clarify NSS error reporting
resolv: Deprecate unimplemented flags
resolv: Remove RES_NOIP6DOTINT and its implementation
resolv: Remove RES_USEBSTRING and its implementation [BZ #20629]
resolv: Compile without -Wno-write-strings
math: Define iszero as a function template for C++ [BZ #20715]
math.h: Wrap C++ bits in extern "C++"
iconv: Avoid writable data and relocations in IBM charsets
iconv: Avoid writable data and relocations in ISO646
malloc: Remove malloc_get_state, malloc_set_state [BZ #19473]
malloc: Use accessors for chunk metadata access
sysmalloc: Initialize previous size field of mmaped chunks
Add test for linking against most static libraries
i386: Support CFLAGS which imply -fno-omit-frame-pointer [BZ #20729]
crypt: Use internal names for the SHA-2 block functions
malloc: Update comments about chunk layout
nptl: Document the reason why __kind in pthread_mutex_t is part of the ABI
s390x: Add hidden definition for __sigsetjmp
elf: Assume TLS is initialized in _dl_map_object_from_fd
powerpc: Remove unintended __longjmp symbol from ABI
powerpc: Add hidden definition for __sigsetjmp
gconv: Adjust GBK to support the Euro sign
libio: Limit buffer size to 8192 bytes [BZ #4099]
Implement _dl_catch_error, _dl_signal_error in libc.so [BZ #16628]
ld.so: Remove __libc_memalign
aarch64: Use explicit offsets in _dl_tlsdesc_dynamic
elf/tst-tls-manydynamic: New test
support: Introduce new subdirectory for test infrastructure
inet: Make IN6_IS_ADDR_UNSPECIFIED etc. usable with POSIX [BZ #16421]
debug: Additional compiler barriers for backtrace tests [BZ #20956]
Add getentropy, getrandom, <sys/random.h> [BZ #17252]
Expose linking against libsupport as make dependency
nptl/tst-cancel7: Add missing case label
Add missing bug number to ChangeLog
Do not require memset elimination in explicit_bzero test
Remove unused function _dl_tls_setup
scripts/test_printers_common.py: Log GDB error message
rpcinfo: Remove traces of unbuilt helper program
sunrpc: Always obtain AF_INET addresses from NSS [BZ #20964]
resolv: Remove processing of unimplemented "spoof" host.conf options
Declare getentropy in <unistd.h> [BZ #17252]
support: Add support for delayed test failure reporting
Add file missing from ChangeLog in previous commit
Fix various typos in the ChangeLog
resolv: Turn historic name lookup functions into compat symbols
getentropy: Declare it in <unistd.h> for __USE_MISC [BZ #17252]
support: Helper functions for entering namespaces
support: Use support_record_failure consistently
support: Implement --verbose option for test programs
resolv: Add beginnings of a libresolv test suite
resolv: Deprecate the "inet6" option and RES_USE_INET6 [BZ #19582]
resolv: Deprecate RES_BLAST
tunables: Use correct unused attribute
CVE-2015-5180: resolv: Fix crash with internal QTYPE [BZ #18784]
Update DNS RR type definitions [BZ #20593]
malloc: Run tunables tests only if tunables are enabled
support: Use %td for pointer difference in xwrite
support: struct netent portability fix for support_format_netent
string/tst-strcoll-overflow: Do not accept timeout as test result
nptl: Add tst-robust-fork
Gabriel F T Gomes (1):
Fix warning caused by unused-result in bug-atexit3-lib.cc
Gabriel F. T. Gomes (10):
Add strfromd, strfromf, and strfroml functions
Use read_int in vfscanf
Use write_message instead of write
Write messages to stdout and use write_message instead of write
Make w_log1p type-generic
Fix arg used as litteral suffix in tst-strfrom.h
Make w_scalbln type-generic
Replace use of snprintf with strfrom in libm tests
Fix typo in manual for iseqsig
Move wrappers to libm-compat-calls-auto
H.J. Lu (8):
X86: Change bit_YMM_state to (1 << 2)
X86-64: Correct CFA in _dl_runtime_resolve
X86-64: Add _dl_runtime_resolve_avx[512]_{opt|slow} [BZ #20508]
X86: Don't assert on older Intel CPUs [BZ #20647]
Check IFUNC definition in unrelocated shared library [BZ #20019]
X86_64: Don't use PLT nor GOT in static archives [BZ #20750]
Add VZEROUPPER to memset-vec-unaligned-erms.S [BZ #21081]
Allow IFUNC relocation against unrelocated shared library
Jakub Jelinek (1):
* soft-fp/op-common.h (_FP_MUL, _FP_FMA, _FP_DIV): Add
James Clarke (1):
Bug 21053: sh: Reduce namespace pollution from sys/ucontext.h
James Greenhalgh (1):
[soft-fp] Add support for various half-precision conversion routines.
Jim Meyering (1):
assert.h: allow gcc to detect assert(a = 1) errors
John David Anglin (1):
hppa: Optimize atomic_compare_and_exchange_val_acq
Joseph Myers (181):
Support __STDC_WANT_LIB_EXT2__ feature test macro.
Define PF_QIPCRTR, AF_QIPCRTR from Linux 4.7 in bits/socket.h.
Define UDP_ENCAP_* from Linux 4.7 in netinet/udp.h.
Support __STDC_WANT_IEC_60559_BFP_EXT__ feature test macro.
Fix typo in last arith.texi change.
Support __STDC_WANT_IEC_60559_FUNCS_EXT__ feature test macro.
Also handle __STDC_WANT_IEC_60559_BFP_EXT__ in <tgmath.h>.
Do not call __nan in scalb functions.
Fix math.h comment about bits/mathdef.h.
Add tests for fegetexceptflag, fesetexceptflag.
Fix powerpc fesetexceptflag clearing FE_INVALID (bug 20455).
Fix test-fexcept when "inexact" implicitly raised.
Add comment from sysdeps/powerpc/fpu/fraiseexcpt.c to fsetexcptflg.c.
Add fesetexcept.
Add fesetexcept: aarch64.
Add fesetexcept: alpha.
Add fesetexcept: arm.
Add fesetexcept: hppa.
Add fesetexcept: ia64.
Add fesetexcept: m68k.
Add fesetexcept: mips.
Add fesetexcept: powerpc.
Add fesetexcept: s390.
Add fesetexcept: sh.
Add fesetexcept: sparc.
Fix soft-fp extended.h unpacking (GCC bug 77265).
Add fetestexceptflag.
Add femode_t functions.
Add femode_t functions: aarch64.
Add femode_t functions: alpha.
Add femode_t functions: arm.
Add femode_t functions: hppa.
Add femode_t functions: ia64.
Add femode_t functions: m68k.
Add femode_t functions: mips.
Add femode_t functions: powerpc.
Add femode_t functions: s390.
Add femode_t functions: sh.
Add femode_t functions: sparc.
Add e500 version of fetestexceptflag.
Add <limits.h> integer width macros.
Add <stdint.h> integer width macros.
Add issubnormal.
Add iszero.
Fix iszero for excess precision.
Add iscanonical.
Fix ldbl-128ibm iscanonical for -mlong-double-64.
Use __builtin_fma more in dbl-64 code.
Add TCP_REPAIR_WINDOW from Linux 4.8.
Fix LONG_WIDTH, ULONG_WIDTH include ordering issue.
Add iseqsig.
Make iseqsig handle excess precision.
Avoid M_NAN + M_NAN in complex functions.
Add totalorder, totalorderf, totalorderl.
Add more totalorder tests.
Clean up some complex functions raising FE_INVALID.
Add totalordermag, totalordermagf, totalordermagl.
Define HIGH_ORDER_BIT_IS_SET_FOR_SNAN to 0 or 1.
Add getpayload, getpayloadf, getpayloadl.
Stop powerpc copysignl raising "invalid" for sNaN argument (bug 20718).
Use VSQRT instruction for ARM sqrt (bug 20660).
Use -fno-builtin for sqrt benchmark.
Fix cmpli usage in power6 memset.
Add getpayloadl to libnldbl.
Add canonicalize, canonicalizef, canonicalizel.
Make strtod raise "inexact" exceptions (bug 19380).
Add SNAN, SNANF, SNANL macros.
Correct clog10 documentation (bug 19673).
Fix linknamespace parallel test failures.
Handle tilegx* machine names.
Add localplt.data for MIPS.
XFAIL check-execstack for MIPS.
Make MIPS <sys/user.h> self-contained.
Do not hardcode platform names in manual/libm-err-tab.pl (bug 14139).
Fix alpha sqrt fegetenv namespace (bug 20768).
Handle tests-unsupported if run-built-tests = no.
Do not generate UNRESOLVED results for run-built-tests = no.
Make check-installed-headers.sh ignore sys/sysctl.h for x32.
Update nios2 localplt.data.
Update alpha localplt.data.
Add localplt.data for hppa.
Add localplt.data for sh.
Fix rpcgen buffer overrun (bug 20790).
Refactor some libm type-generic macros.
Make SH <sys/user.h> self-contained.
Ignore -Wmaybe-uninitialized in stdlib/bug-getcontext.c.
Add script to build many glibc configurations.
Make tilegx32 install libraries in lib32 directories.
Fix build-many-glibcs.py style issues.
Make SH ucontext always match current kernels.
Fix SH4 register-dump.h for soft-float.
Fix crypt snprintf namespace (bug 20829).
Enable linknamespace testing for libdl and libcrypt.
Make Alpha <sys/user.h> self-contained.
Actually use newly built host libraries in build-many-glibcs.py.
Quote shell commands in logs from build-many-glibcs.py.
Add setpayload, setpayloadf, setpayloadl.
Make build-many-glibcs.py use -fno-isolate-erroneous-paths options for tilepro.
Fix default float_t definition (bug 20855).
Fix x86_64 -mfpmath=387 float_t, double_t (bug 20787).
Fix SH4 FP_ILOGB0 (bug 20859).
More NEWS entries / fixes for float_t / double_t changes.
Refactor float_t, double_t information into bits/flt-eval-method.h.
Make build-many-glibcs.py track component versions requested and used.
Add setpayloadsig, setpayloadsigf, setpayloadsigl.
Make build-many-glibcs.py re-exec itself if changed by checkout.
Make build-many-glibcs.py store more information about builds.
Do not include asm/cachectl.h in nios2 sys/cachectl.h.
Fix sysdeps/ia64/fpu/libm-symbols.h for inclusion in testcases.
Work around IA64 tst-setcontext2.c compile failure.
Make ilogb wrappers type-generic.
Refactor FP_FAST_* into bits/fp-fast.h.
Add build-many-glibcs.py bot-cycle action.
Make build-many-glibcs.py support running as a bot.
Refactor FP_ILOGB* out of bits/mathdef.h.
Add missing hidden_def (__sigsetjmp).
Make ldbl-128 getpayload, setpayload functions use _Float128.
Add llogb, llogbf, llogbl.
Fix pow (qNaN, 0) result with -lieee (bug 20919), remove dead parts of wrappers.
Fix sysdeps/ieee754 pow handling of sNaN arguments (bug 20916).
Fix x86_64/x86 powl handling of sNaN arguments (bug 20916).
Fix hypot sNaN handling (bug 20940).
Fix typo in last ChangeLog message.
Add build-many-glibcs.py option to strip installed shared libraries.
Fix tests-printers handling for cross compiling.
Use Linux 4.9 (headers) in build-many-glibcs.py.
Add [BZ #19398] marker to ChangeLog entry.
Include <linux/falloc.h> in bits/fcntl-linux.h.
Refactor long double information into bits/long-double.h.
Fix generic fmax, fmin sNaN handling (bug 20947).
Fix powerpc fmax, fmin sNaN handling (bug 20947).
Fix x86, x86_64 fmax, fmin sNaN handling, add tests (bug 20947).
Make build-many-glibcs.py flush stdout before execv.
Define FE_SNANS_ALWAYS_SIGNAL.
Document sNaN argument error handling.
Add fmaxmag, fminmag functions.
Add preprocessor indentation for llogb macro in tgmath.h.
Add roundeven, roundevenf, roundevenl.
Update miscellaneous files from upstream sources.
Fix nss_nisplus build with mainline GCC (bug 20978).
Update NEWS feature test macro description of TS 18661-1 support.
Fix tst-support_record_failure-2 for run-built-tests = no.
Define __intmax_t, __uintmax_t in bits/types.h.
Add fromfp functions.
Update copyright dates with scripts/update-copyrights.
Update copyright dates not handled by scripts/update-copyrights.
Update config.guess and config.sub to current versions.
Make build-many-glibcs.py use binutils 2.28 branch by default.
Correct MIPS math-tests.h condition for sNaN payload preservation.
Fix math/test-nearbyint-except for no-exceptions configurations.
Add build-many-glibcs.py powerpc-linux-gnu-power4 build.
Fix MIPS n32 lseek, lseek64 (bug 21019).
Fix elf/tst-ldconfig-X for cross testing.
Fix math/test-fenvinline for no-exceptions configurations.
Update i386 libm-test-ulps.
Fix MicroBlaze __backtrace get_frame_size namespace (bug 21022).
Make MIPS soft-fp preserve NaN payloads for NAN2008.
Fix MicroBlaze bits/setjmp.h for C++.
Update libm-test XFAILs for ibm128 format.
Fix malloc/ tests for GCC 7 -Walloc-size-larger-than=.
Fix string/tester.c for GCC 7 -Wstringop-overflow=.
Fix MIPS n64 readahead (bug 21026).
Increase some test timeouts.
Make fallback fesetexceptflag always succeed (bug 21028).
Update MicroBlaze localplt.data.
Fix math/test-fenv for no-exceptions / no-rounding-modes configurations.
Improve libm-test XFAILing for ibm128-libgcc.
XFAIL libm-test.inc tests as needed for ibm128.
Fix elf/sotruss-lib format-truncation error.
Fix ld-address format-truncation error.
Fix testsuite build for GCC 7 -Wformat-truncation.
Make endian-conversion macros always return correct types (bug 16458).
Make fallback fegetexceptflag work with generic fetestexceptflag.
Fix MIPS o32 posix_fadvise.
Make soft-float powerpc swapcontext restore the signal mask (bug 21045).
Update install.texi latest GCC version known to work.
Avoid parallel GCC install in build-many-glibcs.py.
Fix ARM fpu_control.h for assemblers requiring VFP insn names (bug 21047).
Restore clock_* librt exports for MicroBlaze (bug 21061).
Update README.libm-test.
Remove very old libm-test-ulps entries.
Maciej W. Rozycki (2):
MIPS: Add `.insn' to ensure a text label is defined as code not data
MIPS: Use R_MICROMIPS_JALR rather than R_MIPS_JALR in microMIPS code
Mark Wielaard (1):
Reduce memory size of tsearch red-black tree.
Martin Galvan (3):
Add pretty printers for the NPTL lock types
Add -B to python invocation to avoid generating pyc files
Fix up tabs/spaces mismatches
Martin Pitt (1):
locales: en_CA: update d_fmt [BZ #9842]
Mike Frysinger (5):
localedata: change M$ to Microsoft
ChangeLog: change Winblowz to Windows
ChangeLog: fix date
localedata: GBK: add mapping for 0x80->Euro sign [BZ #20864]
localedata: bs_BA: fix yesexpr/noexpr [BZ #20974]
Märt Põder (1):
locales: et_EE: locale has wrong {p,n}_cs_precedes value [BZ #20459]
Nick Alcock (14):
Move all tests out of the csu subdirectory
x86_64: tst-quad1pie, tst-quad2pie: compile with -fPIE [BZ #7065]
Configure support for --enable-stack-protector [BZ #7065]
Initialize the stack guard earlier when linking statically [BZ #7065]
Do not stack-protect ifunc resolvers [BZ #7065]
Disable stack protector in early static initialization [BZ #7065]
Compile the dynamic linker without stack protection [BZ #7065]
Ignore __stack_chk_fail* in the rtld mapfile computation [BZ #7065]
Work even with compilers which enable -fstack-protector by default [BZ #7065]
PLT avoidance for __stack_chk_fail [BZ #7065]
Link a non-libc-using test with -fno-stack-protector [BZ #7065]
Drop explicit stack-protection of pieces of the system [BZ #7065]
Do not stack-protect sigreturn stubs [BZ #7065]
Enable -fstack-protector=* when requested by configure [BZ #7065]
Paul E. Murphy (28):
Remove tacit double usage in ldbl-128
Refactor part of math Makefile
Unify drift between _Complex function type variants
Improve gen-libm-test.pl LIT() application
Support for type-generic libm function implementations libm
ldbl-128: Remove unused sqrtl declaration in e_asinl.c
Add tst-wcstod-round
Prepare to convert _Complex cosine functions
Convert _Complex cosine functions to generated code
Merge common usage of mul_split function
Prepare to convert _Complex sine functions
Convert _Complex sine functions to generated code
Prepare to convert _Complex tangent functions
Convert _Complex tangent functions to generated code
sparcv9: Restore fdiml@GLIBC_2.1
Prepare to convert remaining _Complex functions
Convert remaining complex function to generated files
ldbl-128: Rename 'long double' to '_Float128'
ldbl-128: Cleanup e_gammal_r.c after _Float128 rename
Make common fdim implementation generic.
Make common nextdown implementation generic.
Make common fmax implementation generic.
Make common fmin implementation generic.
Remove unneeded stubs for k_rem_pio2l.
ldbl-128: Use L(x) macro for long double constants
Make ldexpF generic.
Remove __nan{f,,l} macros
Build s_nan* objects from a generic template
Paul Murphy (1):
powerpc: Cleanup fenv_private.h
Rajalakshmi Srinivasaraghavan (5):
Refactor strtod tests
Add tests for strfrom functions
powerpc: strcmp optimization for power9
powerpc: strncmp optimization for power9
powerpc64: strchr/strchrnul optimization for power8
Rasmus Villemoes (1):
linux: spawni.c: simplify error reporting to parent
Rical Jasan (28):
Manual typos: Input/Output on Streams
Manual typos: Low-Level Input/Output
Manual typos: File System Interface
Manual typos: Sockets
Manual typos: Low-Level Terminal Interface
Manual typos: Syslog
Manual typos: Mathematics
Manual typos: Arithmetic Functions
Manual typos: Date and Time
Manual typos: Resource Usage and Limitation
Manual typos: Non-Local Exits
Manual typos: Signal Handling
Manual typos: The Basic Program/System Interface
Manual typos: Processes
Manual typos: Job Control
Manual typos: Users and Groups
Manual typos: System Management
Manual typos: System Configuration Parameters
Manual typos: DES Encryption and Password Handling
Manual typos: Debugging support
Manual typos: POSIX Threads
Manual typos: Internal probes
Manual typos: C Language Facilities in the Library
Manual typos: Installing
Manual typos: Library Maintenance
Manual typos: Contributors to
manual: Remove non-existent mount options S_IMMUTABLE and S_APPEND [BZ #11235]
manual: Convert @tables of variables to @vtables.
Richard Henderson (1):
alpha: Use saturating arithmetic in memchr
Roland McGrath (3):
NaCl: Fix compile error in clock function.
Fix generic wait3 after union wait_status removal.
NaCl: Fix compile error for __dup after libc_hidden_proto addition.
Samuel Thibault (12):
Fix recvmsg returning SIGLOST on PF_LOCAL sockets
mach: Add more allowed external headers
hurd: fix pathconf visibility
hurd: fix fcntl visibility
Fix exc2signal.c template
mach: Fix old-style function definition.
Fix old-style function definition
hurdmalloc: Run fork handler as late as possible [BZ #19431]
hurd: Fix stack pointer corruption in syscall
hurd: Fix unused variable warning
hurd: fix using hurd/signal.h in C++ programs
hurd: fix using hurd.h in C++ programs
Siddhesh Poyarekar (47):
Consolidate reduce_and_compute code
Add fall through comments
Use fabs(x) instead of branching on signedness of input to sin and cos
Consolidate input partitioning into do_cos and do_sin
Use do_sin for sin(x) where 0.25 < |x| < 0.855469
Inline all support functions for sin and cos
Remove __libc_csu_irel declaration
Add tests-static to tests in malloc/Makefile
consolidate sign checks for slow2
Use copysign instead of ternary conditions for positive constants
Use copysign instead of ternary for some sin/cos input ranges
Make the quadrant shift K a bool in do_sincos_* functions
Check n instead of k1 to decide on sign of sin/cos result
Manual typos: System Databases and Name Service Switch
Make quadrant shift a boolean in reduce_and_compute in s_sin.c
Adjust calls to do_sincos_1 and do_sincos_2 in s_sincos.c
Update comments for some functions in s_sin.c
Add note on MALLOC_MMAP_* environment variables
Document the M_ARENA_* mallopt parameters
Remove references to sbrk to grow/shrink arenas
Remove redundant definitions of M_ARENA_* macros
Static inline functions for mallopt helpers
Regenerate ULPs for aarch64
Add ChangeLog for previous commit
Link benchset tests against libsupport
Add configure check for python program
Fix pretty printer tests for run-built-tests == no
Add framework for tunables
Initialize tunable list with the GLIBC_TUNABLES environment variable
Enhance --enable-tunables to select tunables frontend at build time
User manual documentation for tunables
Add NEWS item for tunables
tunables: Avoid getenv calls and disable glibc.malloc.check by default
Regenerate libc.pot
Update translations from the Translation Project
Merge translations from the Translation Project
Fix typo in NEWS
Merge translations from the Translation Project
Fix environment traversal when an envvar value is empty
Add target to incorporate translations from translations.org
tunables: Fix environment variable processing for setuid binaries (bz #21073)
Drop GLIBC_TUNABLES for setxid programs when tunables is disabled (bz #21073)
tunables: Fail tests correctly when setgid does not work
Add missing NEWS items
Add list of bugs fixed in 2.25
Add more contributors to contrib.texi
Update for 2.25 release
Stefan Liebler (22):
Get rid of array-bounds warning in __kernel_rem_pio2[f] with gcc 6.1 -O3.
S390: Do not set FE_INEXACT with feraiseexcept (FE_OWERFLOW|FE_UNDERFLOW).
S390: Support PLT and GOT references in check-localplt.
S390: Regenerate ULPs
Add configure check to test if gcc supports attribute ifunc.
Use gcc attribute ifunc in libc_ifunc macro instead of inline assembly due to false debuginfo.
s390: Refactor ifunc resolvers due to false debuginfo.
i386, x86: Use libc_ifunc macro for time, gettimeofday.
ppc: Use libc_ifunc macro for time, gettimeofday.
Use libc_ifunc macro for clock_* symbols in librt.
Use libc_ifunc macro for system in libpthread.
Use libc_ifunc macro for vfork in libpthread.
Use libc_ifunc macro for siglongjmp, longjmp in libpthread.
S390: Fix fp comparison not raising FE_INVALID.
Fix new testcase elf/tst-latepthread on s390x.
S390: Regenerate ULPs.
S390: Use C11-like atomics instead of plain memory accesses in lock elision code.
S390: Use own tbegin macro instead of __builtin_tbegin.
S390: Use new __libc_tbegin_retry macro in elision-lock.c.
S390: Optimize lock-elision by decrementing adapt_count at unlock.
S390: Fix FAIL in test string/tst-xbzero-opt [BZ #21006]
S390: Adjust lock elision code after review.
Steve Ellcey (14):
Fix -Wformat-length warning in tst-setgetname.c
Fix warning from latest GCC in tst-printf.c
Fix -Wformat-length warning in time/tst-strptime2.c
Define wordsize.h macros everywhere
Speed up math/test-tgmath2.c
Document do_test in test-skeleton.c
Define __ASSUME_ST_INO_64_BIT on all platforms.
Add definitions to sysdeps/tile/tilepro/bits/wordsize.h.
Always define XSTAT_IS_XSTAT64
Allow [f]statfs64 to alias [f]statfs
Fix for [f]statfs64/[f]statfs aliasing patch
Partial ILP32 support for aarch64.
Use XSTAT_IS_XSTAT64 in generic xstat functions
Add comments to check-c++-types.sh.
Svante Signell (1):
hurd: Fix adjtime call with OLDDELTA == NULL
Szabolcs Nagy (1):
Make build-many-glibcs.py work on python3.2
Tom Tromey (1):
Update and install proc_service.h [BZ #20311]
Torvald Riegel (12):
Add atomic_exchange_relaxed.
Add atomic operations required by the new condition variable.
Fix incorrect double-checked locking related to _res_hconf.initialized.
Use C11-like atomics instead of plain memory accesses in x86 lock elision.
Robust mutexes: Fix lost wake-up.
New condvar implementation that provides stronger ordering guarantees.
Fix pthread_cond_t on sparc for new condvar.
New pthread rwlock that is more scalable.
robust mutexes: Fix broken x86 assembly by removing it
Clear list of acquired robust mutexes in the child process after forking.
Add compiler barriers around modifications of the robust mutex list.
Fix mutex pretty printer test and pretty printer output.
Tulio Magno Quites Machado Filho (9):
powerpc: Fix POWER9 implies
powerpc: Installed-header hygiene
powerpc: Regenerate ULPs
powerpc: Fix TOC stub on powerpc64 clone()
Document a behavior of an elided pthread_rwlock_unlock
powerpc: Fix powerpc32/power7 memchr for large input sizes
powerpc: Fix write-after-destroy in lock elision [BZ #20822]
powerpc: Regenerate ULPs
powerpc: Fix adapt_count update in __lll_unlock_elision
Wilco Dijkstra (4):
An optimized memchr was missing for AArch64. This version is similar to
Improve generic rawmemchr for targets that don't have an
Improve strtok and strtok_r performance. Instead of calling strpbrk which
This patch cleans up the strsep implementation and improves performance.
Yury Norov (1):
* sysdeps/unix/sysv/linux/fxstat.c: Remove useless cast.
Zack Weinberg (20):
Add utility macros for clang detection, and deprecation with messages.
Minimize sysdeps code involved in defining major/minor/makedev.
Deprecate inclusion of <sys/sysmacros.h> by <sys/types.h>
Add tests for fortification of bcopy and bzero.
Installed-header hygiene (BZ#20366): Simple self-contained fixes.
Installed-header hygiene (BZ#20366): obsolete BSD u_* types.
Installed-header hygiene (BZ#20366): conditionally defined structures.
Installed-header hygiene (BZ#20366): time.h types.
Installed-header hygiene (BZ#20366): stack_t.
Installed header hygiene (BZ#20366): Test of installed headers.
Minor correction to the "installed header hygiene" patches.
Minor corrections to scripts/check-installed-headers.sh.
[BZ #19239] Issue deprecation warnings on macro expansion.
Fix typo in string/bits/string2.h.
Fix build-and-build-again bug in sunrpc tests.
Forgot to add the ChangeLog to the previous commit, doh.
Correct comments in string.h re strcoll_l, strxfrm_l.
Minor problems exposed by compiling C++ tests under _ISOMAC.
Make _REENTRANT and _THREAD_SAFE aliases for _POSIX_C_SOURCE=199506L.
New string function explicit_bzero (from OpenBSD).
steve ellcey-CA Eng-Software (1):
Fix warnings from latest GCC.
-----------------------------------------------------------------------
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, hjl/pr21741 has been created
at 12efc0bbccc04aa18b92de3cdbe7d49547e53d08 (commit)
- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=12efc0bbccc04aa18b92de3cdbe7d49547e53d08
commit 12efc0bbccc04aa18b92de3cdbe7d49547e53d08
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Sun Jul 9 11:52:33 2017 -0700
Don't include _dl_resolve_conflicts in libc.a [BZ #21742]
Since _dl_resolve_conflicts is only used in elf/rtld.c, don't include
it in libc.a.
[BZ #21742]
* elf/dl-conflict.c (_dl_resolve_conflicts): Define only if
SHARED is defined.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f4610a7230f8883dc199e566de2eac171394a7ac
commit f4610a7230f8883dc199e566de2eac171394a7ac
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Sun Jul 9 11:11:15 2017 -0700
x86-64: Test memmove_chk and memset_chk only in libc.so [BZ #21741]
Since there are no multiarch versions of memmove_chk and memset_chk,
test multiarch versions of memmove_chk and memset_chk only in libc.so.
[BZ #21741]
* sysdeps/x86_64/multiarch/ifunc-impl-list.c
(__libc_ifunc_impl_list): Test memmove_chk and memset_chk only
in libc.so.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a1865c1287b8f583d3cedc54f1937050782f04da
commit a1865c1287b8f583d3cedc54f1937050782f04da
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Sun Jul 9 08:39:17 2017 -0700
Remove debug/stack_chk_fail_local.c [BZ #21740]
Since
commit 524a8ef2ad76af8ac049293d993a1856b0d888fb
Author: Nick Alcock <nick.alcock@oracle.com>
Date: Mon Dec 26 10:08:57 2016 +0100
PLT avoidance for __stack_chk_fail [BZ #7065]
Add a hidden __stack_chk_fail_local alias to libc.so,
and make sure that on targets which use __stack_chk_fail,
this does not introduce a local PLT reference into libc.so.
added
strong_alias (__stack_chk_fail, __stack_chk_fail_local)
to debug/stack_chk_fail.c, debug/stack_chk_fail_local.c should be
removed.
* [BZ #21740]
* debug/Makefile (static-only-routines): Remove
stack_chk_fail_local.
* debug/stack_chk_fail_local.c: Removed.
-----------------------------------------------------------------------
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, hjl/pr21741 has been created
at 9f9d3a4ca3428f053393d38fec146b7511a02272 (commit)
- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9f9d3a4ca3428f053393d38fec146b7511a02272
commit 9f9d3a4ca3428f053393d38fec146b7511a02272
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Sun Jul 9 11:52:33 2017 -0700
Don't include _dl_resolve_conflicts in libc.a [BZ #21742]
Since _dl_resolve_conflicts is only used in elf/rtld.c, don't include
it in libc.a.
[BZ #21742]
* elf/dl-conflict.c (_dl_resolve_conflicts): Define only if
SHARED is defined.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=7fec70268f9b52c80c2a0994839c779c53cc2800
commit 7fec70268f9b52c80c2a0994839c779c53cc2800
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Sun Jul 9 11:11:15 2017 -0700
x86-64: Test memmove_chk and memset_chk only in libc.so [BZ #21741]
Since there are no multiarch versions of memmove_chk and memset_chk,
test multiarch versions of memmove_chk and memset_chk only in libc.so.
[BZ #21741]
* sysdeps/x86_64/multiarch/ifunc-impl-list.c
(__libc_ifunc_impl_list): Test memmove_chk and memset_chk only
in libc.so.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4df365be4710ab6678df5435146ed4b118472d71
commit 4df365be4710ab6678df5435146ed4b118472d71
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Sun Jul 9 08:39:17 2017 -0700
Remove debug/stack_chk_fail_local.c [BZ #21740]
Since
commit 524a8ef2ad76af8ac049293d993a1856b0d888fb
Author: Nick Alcock <nick.alcock@oracle.com>
Date: Mon Dec 26 10:08:57 2016 +0100
PLT avoidance for __stack_chk_fail [BZ #7065]
Add a hidden __stack_chk_fail_local alias to libc.so,
and make sure that on targets which use __stack_chk_fail,
this does not introduce a local PLT reference into libc.so.
added
strong_alias (__stack_chk_fail, __stack_chk_fail_local)
to debug/stack_chk_fail.c, debug/stack_chk_fail_local.c should be
removed.
* [BZ #21740]
* debug/Makefile (static-only-routines): Remove
stack_chk_fail_local.
* debug/stack_chk_fail_local.c: Removed.
-----------------------------------------------------------------------
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, hjl/pr21742 has been created
at f0dbaf3228dba8a775f4dfa8eb405c20a655ec7f (commit)
- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f0dbaf3228dba8a775f4dfa8eb405c20a655ec7f
commit f0dbaf3228dba8a775f4dfa8eb405c20a655ec7f
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Sun Jul 9 11:52:33 2017 -0700
Don't include _dl_resolve_conflicts in libc.a [BZ #21742]
Since _dl_resolve_conflicts is only used in elf/rtld.c, don't include
it in libc.a.
[BZ #21742]
* elf/Makefile (dl-routines): Move dl-conflict to ...
(rtld-routines): Here.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=0d39682d454560648089aa6513bef50503b98ac4
commit 0d39682d454560648089aa6513bef50503b98ac4
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Sun Jul 9 08:39:17 2017 -0700
Remove debug/stack_chk_fail_local.c [BZ #21740]
Since
commit 524a8ef2ad76af8ac049293d993a1856b0d888fb
Author: Nick Alcock <nick.alcock@oracle.com>
Date: Mon Dec 26 10:08:57 2016 +0100
PLT avoidance for __stack_chk_fail [BZ #7065]
Add a hidden __stack_chk_fail_local alias to libc.so,
and make sure that on targets which use __stack_chk_fail,
this does not introduce a local PLT reference into libc.so.
added
strong_alias (__stack_chk_fail, __stack_chk_fail_local)
to debug/stack_chk_fail.c, debug/stack_chk_fail_local.c should be
removed.
* [BZ #21740]
* debug/Makefile (static-only-routines): Remove
stack_chk_fail_local.
* debug/stack_chk_fail_local.c: Removed.
-----------------------------------------------------------------------
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, hjl/pr21742 has been created
at 712e70de9743a61618001b4c6372a0e3d4fc1d90 (commit)
- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=712e70de9743a61618001b4c6372a0e3d4fc1d90
commit 712e70de9743a61618001b4c6372a0e3d4fc1d90
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Sun Jul 9 08:39:17 2017 -0700
Remove debug/stack_chk_fail_local.c [BZ #21740]
Since
commit 524a8ef2ad76af8ac049293d993a1856b0d888fb
Author: Nick Alcock <nick.alcock@oracle.com>
Date: Mon Dec 26 10:08:57 2016 +0100
PLT avoidance for __stack_chk_fail [BZ #7065]
Add a hidden __stack_chk_fail_local alias to libc.so,
and make sure that on targets which use __stack_chk_fail,
this does not introduce a local PLT reference into libc.so.
added
strong_alias (__stack_chk_fail, __stack_chk_fail_local)
to debug/stack_chk_fail.c, debug/stack_chk_fail_local.c should be
removed. Since dummy __stack_chk_fail and __stack_chk_fail_local
symbols are used in ld.so, tst-_dl_addr_inside_object should be
linked with $(dummy-stack-chk-fail). Tested on x86-64 with
--enable-stack-protector=all and got
FAIL: elf/tst-env-setuid
FAIL: elf/tst-env-setuid-tunables
FAIL: stdlib/tst-secure-getenv
which are the same as without this patch.
* [BZ #21740]
* debug/Makefile (static-only-routines): Remove
stack_chk_fail_local.
* debug/stack_chk_fail_local.c: Removed.
* elf/Makefile (LDFLAGS-tst-_dl_addr_inside_object): New.
-----------------------------------------------------------------------
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, hjl/pr21740 has been created
at 21e5ab4dab7412c8516aed07d07da7cdf40ac2fb (commit)
- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=21e5ab4dab7412c8516aed07d07da7cdf40ac2fb
commit 21e5ab4dab7412c8516aed07d07da7cdf40ac2fb
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Mon Jul 10 09:24:47 2017 -0700
More bug fixes
[BZ #7065]
[BZ #21740]
[BZ #21745]
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=712e70de9743a61618001b4c6372a0e3d4fc1d90
commit 712e70de9743a61618001b4c6372a0e3d4fc1d90
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Sun Jul 9 08:39:17 2017 -0700
Remove debug/stack_chk_fail_local.c [BZ #21740]
Since
commit 524a8ef2ad76af8ac049293d993a1856b0d888fb
Author: Nick Alcock <nick.alcock@oracle.com>
Date: Mon Dec 26 10:08:57 2016 +0100
PLT avoidance for __stack_chk_fail [BZ #7065]
Add a hidden __stack_chk_fail_local alias to libc.so,
and make sure that on targets which use __stack_chk_fail,
this does not introduce a local PLT reference into libc.so.
added
strong_alias (__stack_chk_fail, __stack_chk_fail_local)
to debug/stack_chk_fail.c, debug/stack_chk_fail_local.c should be
removed. Since dummy __stack_chk_fail and __stack_chk_fail_local
symbols are used in ld.so, tst-_dl_addr_inside_object should be
linked with $(dummy-stack-chk-fail). Tested on x86-64 with
--enable-stack-protector=all and got
FAIL: elf/tst-env-setuid
FAIL: elf/tst-env-setuid-tunables
FAIL: stdlib/tst-secure-getenv
which are the same as without this patch.
* [BZ #21740]
* debug/Makefile (static-only-routines): Remove
stack_chk_fail_local.
* debug/stack_chk_fail_local.c: Removed.
* elf/Makefile (LDFLAGS-tst-_dl_addr_inside_object): New.
-----------------------------------------------------------------------
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, hjl/pr21740 has been created
at 217275043ad73f922d07f42e5fc1a4be70183209 (commit)
- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=217275043ad73f922d07f42e5fc1a4be70183209
commit 217275043ad73f922d07f42e5fc1a4be70183209
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Sun Jul 9 08:39:17 2017 -0700
Add __stack_chk_fail_local alias only to libc.so [BZ #21740]
commit 524a8ef2ad76af8ac049293d993a1856b0d888fb
Author: Nick Alcock <nick.alcock@oracle.com>
Date: Mon Dec 26 10:08:57 2016 +0100
PLT avoidance for __stack_chk_fail [BZ #7065]
Add a hidden __stack_chk_fail_local alias to libc.so,
and make sure that on targets which use __stack_chk_fail,
this does not introduce a local PLT reference into libc.so.
unconditionally added
strong_alias (__stack_chk_fail, __stack_chk_fail_local)
Since libc.a and libc_nonshared.a has debug/stack_chk_fail_local.c,
__stack_chk_fail_local alias should be limited to libc.so.
Tested on x86-64 with --enable-stack-protector=all and got
FAIL: elf/tst-env-setuid
FAIL: elf/tst-env-setuid-tunables
FAIL: stdlib/tst-secure-getenv
which are the same as without this patch.
[BZ #21740]
* debug/stack_chk_fail.c (__stack_chk_fail_local): Add the
alias only if SHARED is defined.
-----------------------------------------------------------------------
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, hjl/pr21740 has been created
at b13306f7e0f76b1d327bdc2421a7b9cbfdecd470 (commit)
- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b13306f7e0f76b1d327bdc2421a7b9cbfdecd470
commit b13306f7e0f76b1d327bdc2421a7b9cbfdecd470
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Sun Jul 9 08:39:17 2017 -0700
Add __stack_chk_fail_local alias only to libc.so [BZ #21740]
commit 524a8ef2ad76af8ac049293d993a1856b0d888fb
Author: Nick Alcock <nick.alcock@oracle.com>
Date: Mon Dec 26 10:08:57 2016 +0100
PLT avoidance for __stack_chk_fail [BZ #7065]
Add a hidden __stack_chk_fail_local alias to libc.so,
and make sure that on targets which use __stack_chk_fail,
this does not introduce a local PLT reference into libc.so.
unconditionally added
strong_alias (__stack_chk_fail, __stack_chk_fail_local)
Since libc.a and libc_nonshared.a has debug/stack_chk_fail_local.c,
__stack_chk_fail_local alias should be limited to libc.so.
Tested on x86-64 with --enable-stack-protector=all and got
FAIL: elf/tst-env-setuid
FAIL: elf/tst-env-setuid-tunables
FAIL: stdlib/tst-secure-getenv
which are the same as without this patch.
[BZ #21740]
* debug/stack_chk_fail.c (__stack_chk_fail_local): Add the
alias only if SHARED is defined.
-----------------------------------------------------------------------
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, hjl/pr21740 has been created
at 47d95763a35fbc83ac871b10fc59f9eca1ef0a40 (commit)
- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=47d95763a35fbc83ac871b10fc59f9eca1ef0a40
commit 47d95763a35fbc83ac871b10fc59f9eca1ef0a40
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Sun Jul 9 08:39:17 2017 -0700
Don't add stack_chk_fail_local.o to libc.a [BZ #21740]
commit 524a8ef2ad76af8ac049293d993a1856b0d888fb
Author: Nick Alcock <nick.alcock@oracle.com>
Date: Mon Dec 26 10:08:57 2016 +0100
PLT avoidance for __stack_chk_fail [BZ #7065]
Add a hidden __stack_chk_fail_local alias to libc.so,
and make sure that on targets which use __stack_chk_fail,
this does not introduce a local PLT reference into libc.so.
which unconditionally added
strong_alias (__stack_chk_fail, __stack_chk_fail_local)
defines __stack_chk_fail_local as an alias of __stack_chk_fail in libc.a.
There is no need to add stack_chk_fail_local.o to libc.a. We only need
to add stack_chk_fail_local.oS to libc_nonshared.a.
Tested on x86-64:
[hjl@gnu-skl-1 build-x86_64-linux]$ nm libc.a | grep __stack_chk_fail
0000000000000000 T __stack_chk_fail
0000000000000000 T __stack_chk_fail_local
[hjl@gnu-skl-1 build-x86_64-linux]$ nm libc_nonshared.a | grep __stack_chk_fail_local
0000000000000000 T __stack_chk_fail_local
[hjl@gnu-skl-1 build-x86_64-linux]$
[BZ #21740]
* debug/Makefile (elide-routines.o): New.
-----------------------------------------------------------------------
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, master has been updated
via 2b4fca86d786b4a5ed4f88c571eeec7d9ff5e684 (commit)
from 82e06600505cc26810d263a964d9eca6f3cdfe91 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=2b4fca86d786b4a5ed4f88c571eeec7d9ff5e684
commit 2b4fca86d786b4a5ed4f88c571eeec7d9ff5e684
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Wed Jul 19 08:21:27 2017 -0700
Don't add stack_chk_fail_local.o to libc.a [BZ #21740]
commit 524a8ef2ad76af8ac049293d993a1856b0d888fb
Author: Nick Alcock <nick.alcock@oracle.com>
Date: Mon Dec 26 10:08:57 2016 +0100
PLT avoidance for __stack_chk_fail [BZ #7065]
Add a hidden __stack_chk_fail_local alias to libc.so,
and make sure that on targets which use __stack_chk_fail,
this does not introduce a local PLT reference into libc.so.
which unconditionally added
strong_alias (__stack_chk_fail, __stack_chk_fail_local)
defines __stack_chk_fail_local as an alias of __stack_chk_fail in libc.a.
There is no need to add stack_chk_fail_local.o to libc.a. We only need
to add stack_chk_fail_local.oS to libc_nonshared.a.
Tested on x86-64:
[hjl@gnu-skl-1 build-x86_64-linux]$ nm libc.a | grep __stack_chk_fail
0000000000000000 T __stack_chk_fail
0000000000000000 T __stack_chk_fail_local
[hjl@gnu-skl-1 build-x86_64-linux]$ nm libc_nonshared.a | grep __stack_chk_fail_local
0000000000000000 T __stack_chk_fail_local
[hjl@gnu-skl-1 build-x86_64-linux]$
[BZ #21740]
* debug/Makefile (elide-routines.o): New.
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 5 +++++
debug/Makefile | 4 ++++
2 files changed, 9 insertions(+), 0 deletions(-)
|