Summary: | Support building glibc with -fstack-protector or -fstack-protector-all | ||
---|---|---|---|
Product: | glibc | Reporter: | Nix <nix> |
Component: | build | Assignee: | Florian Weimer <fweimer> |
Status: | RESOLVED FIXED | ||
Severity: | enhancement | CC: | aj, atoth, carlos, fweimer, glibc-bugs, nick.alcock, toolchain, xake, zorry |
Priority: | P2 | Flags: | fweimer:
security-
|
Version: | unspecified | ||
Target Milestone: | 2.25 | ||
Host: | Target: | ||
Build: | Last reconfirmed: | ||
Attachments: |
stack protector support for glibc
stack protector support against eglibc 2.13. |
Description
Nix
2008-12-04 00:38:31 UTC
Never going to happen. test environment: 2.6.27.7 kernel+headers, glibc 2.8, GCC 4.3.3 20081121 (prerelease), binutils 2.19. config flags (my standard set for this machine): /usr/packages/glibc/2.9/configure --prefix=/usr --enable-shared \ --enable-profile --disable-bounded --enable-bind-now \ --enable-add-ons=nptl,libidn --enable-kernel=2.6.25 \ --enable-check-abi=warn --enable-omitfp \ --enable-stackguard-randomization TIMEOUTFACTOR=5 Below, PASS means 'baseline test failures only'. (I also compared configure output to verify that -fstack-protector addition did not change the results of any configure tests, and verified that the appropriate -fstack-protector actually appeared in gcc commandlines at the appropriate times.) baseline: PASS, by definition patch applied, no flags specified: PASS -fstack-protector in CFLAGS: PASS -fstack-protector-all in CFLAGS: one failure due to #7066, buffer overrun --without-stack-protector: PASS --with-stack-protector: PASS --with-stack-protector=all: one failure due to #7066, buffer overrun Test failures for baseline (unpatched): math/test-ildoubl.out: testing long double (inline functions) Failure: Test: expm1 (1) == M_El - 1.0 Result: is: 1.71828182845904523532e+00 0xd.bf0a8b14576953500000p-3 should be: 1.71828182845904523543e+00 0xd.bf0a8b14576953600000p-3 difference: 1.08420217248550443401e-19 0x8.00000000000000000000p-66 ulp : 1.0000 max.ulp : 0.0000 Maximal error of `expm1' is : 1 ulp accepted: 0 ulp Test suite completed: 3618 test cases plus 3005 tests for exception flags executed. 2 errors occurred. elf/check-localplt.out: --- ../scripts/data/localplt-i386-linux-gnu.data 2006-01-11 21:06:19.000000000 +0000 +++ - 2008-11-30 20:52:09.962033876 +0000 @@ -1,4 +1,5 @@ libc.so: _Unwind_Find_FDE +libc.so: __bzero libc.so: calloc libc.so: free libc.so: malloc (This looks like something missing from localplt-i386-linux-gnu.data to me, not a bug.) (Holes in test coverage: not tested with a GCC too old to support -fstack-protector. Static testing not performed: see #7064.) Created attachment 3087 [details]
stack protector support for glibc
This is posted at the request of Carlos O'Donell. TBH I don't care if it
doesn't go upstream, although given that it's already found a buffer overrun in
glibc I'd find that surprising. I'm more interested in distros picking it up.
(And 'never going to happen' is a peculiar statement. It has 'happened'. The
patch *exists*.)
Nix A failure in elf/check-localplt.out as indicated by a new symbol in scripts/data/localplt-i386-linux-gnu.data means that libc proper is invoking the new symbol via the plt when in-fact it should be making a direct invocation to a libc internal symbol. There are very few conditions under which this is allowed (notably those cases where we allow libc functionality to be overridden). I've looked through the code and it appears that the sunrpc code is the only relevant code which uses __bzero. I don't think there's an internal hidden version of the symbol. So these calls to __bzero probably shouldn't be there. Instead, they should use memset. Or perhaps that patch which you're using uses __bzero? In order to verify, one can look at the symbol table: objdump -DR libc.so > libc.dis Search libc.dis for: __bzero@plt You should see a plt call stub, e.g. 00016198 <__bzero@plt>: 16198: ff a3 0c 00 00 00 jmp *0xc(%ebx) 1619e: 68 00 00 00 00 push $0x0 161a3: e9 e0 ff ff ff jmp 16188 <h_errno+0x16168> Now search for: "call 16198" call 16198 <__bzero@plt> This should bring you to the disassembly of the function which invoked __bzero via the PLT. You can then go into the C source file and replace this with a memset. Do this for all calls to the address for __bzero. Here's a more thorough write-up of the same thing I just posted: http://sources.redhat.com/glibc/wiki/Testing/Check-localplt Invocation of __bzero() by the sunrpc code is acceptable since that code is in a different library than libc.so so access via the PLT is expected. Nice description, Ryan :) A lot of the sunrpc code *does* land in libc (all the client code). Notably, bindresvport(), clnt_create(), clnt_broadcast(), universal() (called from registerrpc() via a callback from svc_register()), svctcp_create(), svcudp_bufcreate(), and key_gendes(), _des_crypt() (obviously used for DES-encrypted SunRPC), all explicitly call __bzero() and land in libc. Almost certainly these would use memset() were the SunRPC code not ancient Sun-derived gunge with a 1986 copyright date... Keep it going, guys. To Ulrich Drepper: How do you mean: "Never going to happen."?! I always keen on people ignoring security measures. Regards, Dw. I've been using a compromise. Glibc's programs can be compiled with -fstack-protector-all, or whatever other options you may want (-D_FORTIFY_SOURCE=2, -fPIE, etc), but not the libraries. I use the configparms file and set build-programs=no to build the libraries without -fstack-protector, then remove build-programs=no and add 'CFLAGS += -fstack-protector-all' to configparms. No patches needed, test suites pass (remove -fstack-protector during the test suite), no crashes. Created attachment 6248 [details]
stack protector support against eglibc 2.13.
This is the most recent version of this patch, against eglibc 2.13 (because that happens to be the version I'm using now, as I track Debian's glibc). It has needed no significant revisions for years, though the recent csu changes in upstream glibc may necessitate some small revisions.
(The ChangeLog is out of date: I haven't regenerated it since 2008.)
Your change contains two different changes: * Supporting stack-protector * A different implementation of chk_fail function For addition to glibc, I would only look at the stack-protector support. I suggest you continue discussing this on the libc-alpha list. *** Bug 260998 has been marked as a duplicate of this bug. *** Seen from the domain http://volichat.com Page where seen: http://volichat.com/adult-chat-rooms Marked for reference. Resolved as fixed @bugzilla. (In reply to Andreas Jaeger from comment #10) > Your change contains two different changes: > * Supporting stack-protector > * A different implementation of chk_fail function > > For addition to glibc, I would only look at the stack-protector support. I > suggest you continue discussing this on the libc-alpha list. It's terribly late (I frankly forgot this bug existed) but I'm about to reanimate this one. (I suspect it protects me from CVE-2015-7545 and it seems unfair to keep it to myself like this.) However, splitting the different changes apart is rather difficult: the stack-protector changes actually depend on the different stack_chk_fail, because the existing __stack_chk_fail() -> __fortify_fail() -> __libc_message() path ends up calling down to libio and the like, and if you're to use those for __stack_chk_fail() all those routines cannot themselves be compiled with stack-protection. The gentoo-derived routine I replaced it with uses none of that, and is standalone. Anyway -- that's just one of several possible problems with this patch! I'll reanimate the patch against trunk and then bring it up on the list (and my apologies for putting it off for so long). (In reply to Nick Alcock from comment #12) > It's terribly late (I frankly forgot this bug existed) but I'm about to > reanimate this one. (I suspect it protects me from CVE-2015-7545 and it > seems unfair to keep it to myself like this.) Damn typos. CVE-2015-7547 of course. CVEs should have a check digit, I make this sort of typo way too often. (In reply to Nick Alcock from comment #12) > (In reply to Andreas Jaeger from comment #10) > > Your change contains two different changes: > > * Supporting stack-protector > > * A different implementation of chk_fail function > > > > For addition to glibc, I would only look at the stack-protector support. I > > suggest you continue discussing this on the libc-alpha list. > > Anyway -- that's just one of several possible problems with this patch! I'll > reanimate the patch against trunk and then bring it up on the list (and my > apologies for putting it off for so long). Happy to hear about it. Please share your stuff! Thx: Dw. Initial patch series (against trunk as of a couple of days ago) posted for review, complete with rough bits, "I don't understand this" bits, bits I posted specifically so they could be rejected and no changelog. But it works, and has no test failures. :) (In reply to Nick Alcock from comment #15) > Initial patch series (against trunk as of a couple of days ago) posted for > review, complete with rough bits, "I don't understand this" bits, bits I > posted specifically so they could be rejected and no changelog. But it > works, and has no test failures. :) The stack_chk_fail.c have been updated on >= glibc-2.20 on Gentoo https://gitweb.gentoo.org/repo/gentoo.git/tree/sys-libs/glibc/files/2.20 On Gcc 6.0 it is a default configure option to turn on stack-protector-strong. Keep up the work Yeah, that looks nice! though with its replacing all the chk functions it's even more clearly a separate thing (though still a prerequisite for my patch). Aside: just posted v5. No new failures remain on {x86,sparc}*-pc-linux-gnu or armv7l-unknown-linux-gnueabihf, and the entire package saving only ifunc resolvers, ld.so, a tiny bit of BSD signal handling, and early static library startup (unfortunately including brk() and sbrk()) is protected. Oh, and we no longer need to replace __stack_chk_fail etc as of a few patches ago (figured out the true root cause and fixed it properly). This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, fw/stack-protector has been created at 82f2eb623ce1d9bd0a4d2c45d9d47688e71ed383 (commit) - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=82f2eb623ce1d9bd0a4d2c45d9d47688e71ed383 commit 82f2eb623ce1d9bd0a4d2c45d9d47688e71ed383 Author: Nick Alcock <nick.alcock@oracle.com> Date: Tue Jun 7 12:06:16 2016 +0100 Enable -fstack-protector=* when requested by configure. This finally turns on all the machinery added in previous commits. v3: Wrap long lines. v5: Shuffle to the end. * Makeconfig (+stack-protector): New variable. (+cflags): Use it. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=11533a025509becc37503eab765e8e769e882283 commit 11533a025509becc37503eab765e8e769e882283 Author: Nick Alcock <nick.alcock@oracle.com> Date: Tue Jun 7 12:06:15 2016 +0100 Do not stack-protect sigreturn stubs. These are called from the kernel with the stack at a carefully- chosen location so that the stack frame can be restored: they must not move the stack pointer lest garbage be restored into the registers. We explicitly inhibit protection for SPARC and for signal/sigreturn.c: other arches either define their sigreturn stubs in .S files, or (i386, x86_64, mips) use macros expanding to top-level asm blocks and explicit labels in the text section to mock up a "function" without telling the compiler that one is there at all. v2: New. v3: Use $(no-stack-protector). v4: Use inhibit_stack_protector. v7: Add sigreturn.c. * signal/Makefile (CFLAGS-sigreturn.c): Use $(no-stack-protector). * sysdeps/unix/sysv/linux/sparc/sparc64/sigaction.c: (__rt_sigreturn_stub): Use inhibit_stack_protector. * sysdeps/unix/sysv/linux/sparc/sparc32/sigaction.c (__rt_sigreturn_stub): Likewise. (__sigreturn_stub): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=14b3c413f1b1dd1bfc0bae45fc042a4de56b85af commit 14b3c413f1b1dd1bfc0bae45fc042a4de56b85af Author: Nick Alcock <nick.alcock@oracle.com> Date: Tue Jun 7 12:06:14 2016 +0100 Drop explicit stack-protection of pieces of the system. This is probably a bad idea: maybe we want to stack-protect some parts of the system even when ! --enable-stack-protector. I can easily adjust the patch to do that (though it'll mean introducing a new variable analogous to $(stack-protector) but not controlled by the configure flag.) But if we wanted to value consistency over security, and use the same stack-protection configure flag to control everything, this is how we'd do it! ("Always include at least one patch with something obviously wrong with it.") * login/Makefile (pt_chown-cflags): Remove. * nscd/Makefile (CFLAGS-nscd): Likewise. * resolv/Makefile (CFLAGS-libresolv): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=72bb1d426913236e2059e0001afcd75782ef8ff6 commit 72bb1d426913236e2059e0001afcd75782ef8ff6 Author: Nick Alcock <nick.alcock@oracle.com> Date: Tue Jun 7 12:06:13 2016 +0100 Link various tests with -fno-stack-protector. These tests do not link with libc, so cannot see __stack_chk_fail(). v3: Use $(no-stack-protector). * elf/Makefile (CFLAGS-filtmod1.c): Use $(no-stack-protector) for non-libc-linking testcase. (CFLAGS-filtmod2.c): Likewise. * stdlib/Makefile (CFLAGS-tst-putenvmod.c): Likewise. * sysdeps/x86_64/Makefile (CFLAGS-tst-quad1pie.c): Likewise. (CFLAGS-tst-quad2pie.c): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f738b8f9e2c63772979e26e491ecf055bff28c50 commit f738b8f9e2c63772979e26e491ecf055bff28c50 Author: Adhemerval Zanella <adhemerval.zanella@linaro.org> Date: Tue Jun 7 12:06:12 2016 +0100 De-PLTize __stack_chk_fail internal calls within libc.so. We use the same assembler-macro trick we use to de-PLTize compiler-generated libcalls to memcpy and memset to redirect __stack_chk_fail to __stack_chk_fail_local. v5: New. v6: Only do it within the shared library: with __stack_chk_fail_local in libc_pic.a now we don't need to worry about calls from inside other routines in libc_nonshared.a any more. * sysdeps/generic/symbol-hacks.h (__stack_chk_fail): Add internal alias. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4f2b01de3ab88daefdc239a3c25640153b88283d commit 4f2b01de3ab88daefdc239a3c25640153b88283d Author: Nick Alcock <nick.alcock@oracle.com> Date: Tue Jun 7 12:06:11 2016 +0100 Add stack_chk_fail_local to libc.so. This is required by the next commit, which routes all __stack_chk_fail() calls in libc.so via this function to avoid the PLT. It has be duplicated in libc.so and libc_nonshared.a because its entire reason for existence is to be hidden and avoid the PLT, so the copy in libc.so is not visible from elsewhere. Also stop all the variants of __stack_chk_fail from being stack- protected: this makes no sense and risks recursion. v5: Better explanation. Add no-stack-protection of __stack_chk_fail_local etc. v6: Rework as suggested by Andreas: make a shared-only version of stack_chk_fail_local.c rather than linking libc_nonshared into libc. * debug/libc-stack_chk_fail_local.c: New file. * debug/Makefile (routines): Add it. (shared-only-routines): Likewise. (CFLAGS-stack_chk_fail.c): Use $(no-stack-protector). (CFLAGS-stack_chk_fail_local.c): Likewise. (CFLAGS-libc-stack_chk_fail_local.c): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=085d48cdc5494e642cc7016649a75ab200a03781 commit 085d48cdc5494e642cc7016649a75ab200a03781 Author: Nick Alcock <nick.alcock@oracle.com> Date: Tue Jun 7 12:06:10 2016 +0100 Work even with compilers hacked to enable -fstack-protector by default. With all the machinery we just added, we can easily arrange to work even when the compiler passes in -fstack-protector automatically: all the necessary bits of glibc are always compiled with -fno-stack-protector now. So tear out the check in configure, and add appropriate calls to -fno-stack-protector in tests that need them (largely those that use -nostdlib), since we don't yet have a __stack_chk_fail() that those tests can rely upon. (GCC often provides one, but we cannot rely on this, especially not when bootstrapping.) v2: No longer pass in -lssp to anything. v5: Remove accidentally duplicated $(no_ssp)s. v6: Small revisions following Mike Frysinger's review. * configure.ac: Add check for unsupported stack-protection level. (libc_cv_predef_stack_protector): Remove. (no_ssp): New variable. (libc_cv_ld_gnu_indirect_function): Use it. (libc_cv_asm_set_directive): Likewise. (libc_cv_protected_data): Likewise. (libc_cv_z_combreloc): Likewise. (libc_cv_hashstyle): Likewise. (libc_cv_has_glob_dat): Likewise. (libc_cv_output_format): Likewise. (libc_cv_ehdr_start): Likewise. * aclocal.m4 (LIBC_TRY_LINK_STATIC): Likewise. (LIBC_LINKER_FEATURE): Likewise. (LIBC_COMPILER_BUILTIN_INLINED): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=10bb23d6cd48055ba4974119bc1cf87f4d8063e5 commit 10bb23d6cd48055ba4974119bc1cf87f4d8063e5 Author: Nick Alcock <nick.alcock@oracle.com> Date: Tue Jun 7 12:06:09 2016 +0100 Prevent the rtld mapfile computation from dragging in __stack_chk_fail*. The previous commit prevented rtld itself from being built with -fstack-protector, but this is not quite enough. We identify which objects belong in rtld via a test link and analysis of the resulting mapfile. That link is necessarily done against objects that are stack-protected, so drags in __stack_chk_fail_local, __stack_chk_fail, and all the libc and libio code they use. To stop this happening, use --defsym in the test librtld.map-production link to force the linker to predefine these two symbols (to 0, but it could be to anything). (In a real link, this would of course be catastrophic, but these object files are never used for anything else.) v2: New. v6: Dummy out stack_chk_fail_local too. * elf/Makefile (dummy-stack-chk-fail): New. ($(objpfx)librtld.map): Use it. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=0718bc3e5680502076efaba7fe3000d8d896c52f commit 0718bc3e5680502076efaba7fe3000d8d896c52f Author: Nick Alcock <nick.alcock@oracle.com> Date: Tue Jun 7 12:06:08 2016 +0100 Compile the entire dynamic linker with -fno-stack-protector. Also compile corresponding routines in the static libc.a with the same flag. v3: Use $(no-stack-protector). Introduce $(elide-stack-protector) and use it to reduce redundancy. Bring all the elisions together textually. * elf/Makefile (elide-stack-protector): New. (CFLAGS-.os): Use it, eliding $(all-rtld-routines). (CFLAGS-.oX): Likewise, eliding $(elide-routines.os). (rtld-CFLAGS): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=dcb6b662b71117834db8732bd46649557f554a58 commit dcb6b662b71117834db8732bd46649557f554a58 Author: Nick Alcock <nick.alcock@oracle.com> Date: Tue Jun 7 12:06:06 2016 +0100 Mark all machinery needed in early static-link init as -fno-stack-protector. The startup code in csu/, brk() and sbrk(), and the __pthread_initialize_tcb_internal() function we just introduced are needed very early in initialization of a statically-linked program, before the stack guard is initialized. Mark all of these as -fno-stack-protector. We also finally introduce @libc_cv_ssp@ and @no_stack_protector@, both substituted by the configury changes made earlier, to detect the case when -fno-stack-protector is supported by the compiler, and unconditionally pass it in when this is the case, whether or not --enable-stack-protector is passed to configure. (This means that it'll even work when the compiler's been hacked to pass -fstack-protector by default, unless the hackage is so broken that it does so in a way that is impossible to override.) (At one point we marked __libc_fatal() as non-stack-protected too, but this was pointless: all it did was call other routines which *are* stack-protected. The earliest __libc_fatal() call is in the DL_SYSDEP_OSCHECK hook on some platforms, when statically linking: this is fine, since it is after TLS and stack-canary initialization. I have tested invocation of programs statically and dynamically linked against this glibc on older kernels on x86 and ARM, and they still "work", i.e. fail with the appropriate message.) v2: No longer mark memcpy() as -fno-stack-protector. v3: Use $(no-stack-protector). v4: Use inhibit_stack_protector rather than de-protecting all of nptl-init.c. v5: Don't stack-protect brk() and sbrk() in the shared library. v7: Add comment in misc/Makefile. Commit message tweak. * config.make.in (have-ssp): New. (no-stack-protector): New. * csu/Makefile (CFLAGS-.o): Use it. (CFLAGS-.og): Likewise. (CFLAGS-.op): Likewise. (CFLAGS-.os): Likewise. * misc/Makefile (CFLAGS-sbrk.o): Likewise. (CFLAGS-sbrk.op): Likewise. (CFLAGS-sbrk.og): Likewise. (CFLAGS-brk.o): Likewise. (CFLAGS-brk.op): Likewise. (CFLAGS-brk.og): Likewise. * nptl/nptl-init.c [!SHARED] (__pthread_initialize_tcb_internal): Likewise. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d23b1cd0cf47428831e451eb7fda5434982b0675 commit d23b1cd0cf47428831e451eb7fda5434982b0675 Author: Florian Weimer <fweimer@redhat.com> Date: Mon Jul 4 12:25:57 2016 +0200 Define inhibit_stack_protector https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=1a410af4d0c0b57ca0eff9546cf18539ebfce8af commit 1a410af4d0c0b57ca0eff9546cf18539ebfce8af Author: Nick Alcock <nick.alcock@oracle.com> Date: Tue Jun 7 12:06:04 2016 +0100 Initialize the stack guard earlier when linking statically. The address of the stack canary is stored in a per-thread variable, which means that we must ensure that the TLS area is intialized before calling any -fstack-protector'ed functions. For dynamically linked applications, we ensure this (in a later patch) by disabling -fstack-protector for the whole dynamic linker, but for static applications the AT_ENTRY address is called directly by the kernel, so we must deal with the problem differently. So split out the part of pthread initialization that sets up the TCB (and, more generally, the TLS area) into a separate function (twice -- there is one implementation in libpthread.a, and another outside it for programs that do not link with libpthread), then call it at initialization time. Call that, and move the stack guard initialization above the DL_SYSDEP_OSCHECK hook, which if set will probably call functions which are stack-protected (it does on Linux and NaCL too). We also move apply_irel() up, so that we can still safely call functions that require ifuncs while in __pthread_initialize_tcb_internal() (though if stack-protection is enabled we still have to avoid calling functions that are not stack-protected at this stage). v2: describe why we don't move apply_irel() up, and the consequences. v6: We can safely move apply_irel() up now. * nptl/nptl-init.c (__pthread_initialize_tcb_internal): New function, split out from... (__pthread_initialize_minimal_internal): ... here. * csu/libc-start.c (LIBC_START_MAIN): Call it. Move stack canary and apply_irel() initialization up. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c090aec57a599df633c4ee175dab96c3642f7c84 commit c090aec57a599df633c4ee175dab96c3642f7c84 Author: Nick Alcock <nick.alcock@oracle.com> Date: Tue Jun 7 12:06:03 2016 +0100 Configury support for --enable-stack-protector. This adds =all and =strong, with obvious semantics, and with a rather arbitrarily-chosen default off, which we might well want to change to something stronger once this patch has been tested by people other than me. We don't validate the value of the option yet: that's in a later patch. Nor do we use it for anything at this stage. We differentiate between 'the compiler understands -fstack-protector' and 'the user wanted -fstack-protector' so that we can pass -fno-stack-protector in appropriate places even if the user didn't want to turn on -fstack-protector for other parts. (This helps us overcome another existing limitation, that glibc doesn't work with GCCs hacked to pass in -fstack-protector by default.) We might want to add another configuration option to turn on -fstack-protector for nscd and other network-facing operations by default, but for now I've stuck with one option to control everything. v2: documentation in install.texi; better description of the option. INSTALL regenerated. v3: Substitute in no_stack_protector. v6: Small quoting/spacing revisions following Mike Frysinger's review. Add STACK_PROTECTOR_LEVEL. v7: Quoting changes. Report --enable-stack-protector argument values on error. [BZ #7065] * configure.ac (libc_cv_ssp): Move up. (libc_cv_ssp_strong): Likewise. (libc_cv_ssp_all): New. (stack_protector): Augment, adding -fstack-protector-all. (no_stack_protector): New. (STACK_PROTECTOR_LEVEL): New. (AC_ARG_ENABLE(stack-protector)): New configure flag. * manual/install.texi (--enable-stack-protector): Document it. * config.h.in (STACK_PROTECTOR_LEVEL): New macro. * INSTALL: Regenerate. ----------------------------------------------------------------------- This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, master has been updated via fcd942370ff863f67f971e255d30fb9c1f127607 (commit) from 2908885c822eb43ffa2cdd67e0464e6d35afaf53 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=fcd942370ff863f67f971e255d30fb9c1f127607 commit fcd942370ff863f67f971e255d30fb9c1f127607 Author: Nick Alcock <nick.alcock@oracle.com> Date: Wed Dec 21 12:04:12 2016 +0100 x86_64: tst-quad1pie, tst-quad2pie: compile with -fPIE [BZ #7065] With stack protection enabled, these files have external symbol references for the first time, so the fact that they are not compiled with -fPIE and are then linked into a -pie binary starts to hurt. ----------------------------------------------------------------------- Summary of changes: ChangeLog | 6 ++++++ sysdeps/x86_64/Makefile | 3 +++ 2 files changed, 9 insertions(+), 0 deletions(-) This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, fw/stack-protector has been created at a547a051a93361a9ec4edf283bcebea66481fca8 (commit) - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a547a051a93361a9ec4edf283bcebea66481fca8 commit a547a051a93361a9ec4edf283bcebea66481fca8 Author: Nick Alcock <nick.alcock@oracle.com> Date: Wed Dec 21 16:01:30 2016 +0100 Enable -fstack-protector=* when requested by configure [BZ #7065] https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=299613826cccad6047f3bb4b9b2db97b9c899273 commit 299613826cccad6047f3bb4b9b2db97b9c899273 Author: Nick Alcock <nick.alcock@oracle.com> Date: Wed Dec 21 16:01:09 2016 +0100 Do not stack-protect sigreturn stubs [BZ #7065] These are called from the kernel with the stack at a carefully- chosen location so that the stack frame can be restored: they must not move the stack pointer lest garbage be restored into the registers. We explicitly inhibit protection for SPARC and for signal/sigreturn.c: other arches either define their sigreturn stubs in .S files, or (i386, x86_64, mips) use macros expanding to top-level asm blocks and explicit labels in the text section to mock up a "function" without telling the compiler that one is there at all. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=59780db53ac8f56a492ce2949159939865cefad6 commit 59780db53ac8f56a492ce2949159939865cefad6 Author: Nick Alcock <nick.alcock@oracle.com> Date: Wed Dec 21 16:01:00 2016 +0100 Drop explicit stack-protection of pieces of the system [BZ #7065] https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8ac7f200cb4478e55b746c1b7739a2eb0dd58541 commit 8ac7f200cb4478e55b746c1b7739a2eb0dd58541 Author: Nick Alcock <nick.alcock@oracle.com> Date: Wed Dec 21 16:00:47 2016 +0100 Link a non-libc-using test with -fno-stack-protector [BZ #7065] This test cannot reference __stack_chk_fail because it is not linked with libc at all. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a8c94a367800c222a068dfa56a696437bbf4b32d commit a8c94a367800c222a068dfa56a696437bbf4b32d Author: Nick Alcock <nick.alcock@oracle.com> Date: Wed Dec 21 15:58:22 2016 +0100 PLT avoidance for __stack_chk_fail [BZ #7065] Add a hidden __stack_chk_fail_local alias to libc.so, and make sure that on targets which use __stack_chk_fail, this does not introduce a local PLT reference into libc.so. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=52c67c89daad240cfa76b39a4827ee6d4dada510 commit 52c67c89daad240cfa76b39a4827ee6d4dada510 Author: Nick Alcock <nick.alcock@oracle.com> Date: Wed Dec 21 16:00:22 2016 +0100 Work even with compilers whcih enable -fstack-protector by default [BZ #7065] With all the machinery we just added, we can easily arrange to work even when the compiler passes in -fstack-protector automatically: all the necessary bits of glibc are always compiled with -fno-stack-protector now. So tear out the check in configure, and add appropriate calls to -fno-stack-protector in tests that need them (largely those that use -nostdlib), since we don't yet have a __stack_chk_fail that those tests can rely upon. (GCC often provides one, but we cannot rely on this, especially not when bootstrapping.) When stack protection is disabled, explicitly pass -fno-stack-protector to everything, to stop a compiler hacked to enable it from inserting calls to __stack_chk_fail via the PLT in every object file. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ceaed0d1f8713b9de5bdeda919525c8fcd61d89a commit ceaed0d1f8713b9de5bdeda919525c8fcd61d89a Author: Nick Alcock <nick.alcock@oracle.com> Date: Wed Dec 21 16:00:13 2016 +0100 Ignore __stack_chk_fail* in the rtld mapfile computation [BZ #7065] The previous commit prevented rtld itself from being built with -fstack-protector, but this is not quite enough. We identify which objects belong in rtld via a test link and analysis of the resulting mapfile. That link is necessarily done against objects that are stack-protected, so drags in __stack_chk_fail_local, __stack_chk_fail, and all the libc and libio code they use. To stop this happening, use --defsym in the test librtld.map-production link to force the linker to predefine these two symbols (to 0, but it could be to anything). (In a real link, this would of course be catastrophic, but these object files are never used for anything else.) https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5abe578c24fce56130b9a44362907a83d076a06d commit 5abe578c24fce56130b9a44362907a83d076a06d Author: Nick Alcock <nick.alcock@oracle.com> Date: Wed Dec 21 16:00:03 2016 +0100 Compile the dynamic linker without stack protection [BZ #7065] Also compile corresponding routines in the static libc.a with the same flag. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5ab1993e7799af49caacc86f1e3a4d335b2f3420 commit 5ab1993e7799af49caacc86f1e3a4d335b2f3420 Author: Nick Alcock <nick.alcock@oracle.com> Date: Wed Dec 21 15:59:47 2016 +0100 Disable stack protector in early static initialization [BZ #7065] The startup code in csu/, and the brk and sbrk functions are needed very early in initialization of a statically-linked program, before the stack guard is initialized; TLS initialization also uses memcpy, which cannot overrun its own stack. Mark all of these as -fno-stack-protector. We also finally introduce @libc_cv_ssp@ and @no_stack_protector@, both substituted by the configury changes made earlier, to detect the case when -fno-stack-protector is supported by the compiler, and unconditionally pass it in when this is the case, whether or not --enable-stack-protector is passed to configure. (This means that it'll even work when the compiler's been hacked to pass -fstack-protector by default, unless the hackage is so broken that it does so in a way that is impossible to override.) https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=25becbb762c7a9aff36a389f2d63dcb5f7fecb7a commit 25becbb762c7a9aff36a389f2d63dcb5f7fecb7a Author: Nick Alcock <nick.alcock@oracle.com> Date: Wed Dec 21 15:59:32 2016 +0100 Do not stack-protect ifunc resolvers [BZ #7065] When dynamically linking, ifunc resolvers are called before TLS is initialized, so they cannot be safely stack-protected. We avoid disabling stack-protection on large numbers of files by using __attribute__ ((__optimize__ ("-fno-stack-protector"))) to turn it off just for the resolvers themselves. (We provide the attribute even when statically linking, because we will later use it elsewhere too.) https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8f26f41f502828d18ebe18adaf7e0e161b6005f9 commit 8f26f41f502828d18ebe18adaf7e0e161b6005f9 Author: Nick Alcock <nick.alcock@oracle.com> Date: Wed Dec 21 16:58:42 2016 +0100 Initialize the stack guard earlier when linking statically [BZ #7065] The address of the stack canary is stored in a per-thread variable, which means that we must ensure that the TLS area is intialized before calling any -fstack-protector'ed functions. For dynamically linked applications, we ensure this (in a later patch) by disabling -fstack-protector for the whole dynamic linker, but for static applications, the AT_ENTRY address is called directly by the kernel, so we must deal with the problem differently. In static appliations, __libc_setup_tls performs the TCB setup and TLS initialization, so this commit arranges for it to be called early and unconditionally. The call (and the stack guard initialization) is before the DL_SYSDEP_OSCHECK hook, which if set will probably call functions which are stack-protected (it does on Linux and NaCL too). We also move apply_irel up, so that we can still safely call functions that require ifuncs while in __libc_setup_tls (though if stack-protection is enabled we still have to avoid calling functions that are not stack-protected at this stage). https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4d3eb50f579a017e8b68f1d28d7de2e026c1b20f commit 4d3eb50f579a017e8b68f1d28d7de2e026c1b20f Author: Nick Alcock <nick.alcock@oracle.com> Date: Wed Dec 21 15:59:03 2016 +0100 Configure support for --enable-stack-protector [BZ #7065] This adds =all and =strong, with obvious semantics, defaulting to off. We don't validate the value of the option yet: that's in a later patch. Nor do we use it for anything at this stage. We differentiate between 'the compiler understands -fstack-protector' and 'the user wanted -fstack-protector' so that we can pass -fno-stack-protector in appropriate places even if the user didn't want to turn on -fstack-protector for other parts. (This helps us overcome another existing limitation, that glibc doesn't work with GCCs hacked to pass in -fstack-protector by default.) We also arrange to set the STACK_PROTECTOR_LEVEL #define to a value appropriate for the stack-protection level in use for each file in particular. ----------------------------------------------------------------------- This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, master has been updated via cecbc7967f0bcac718b6f8f8942b58403c0e917c (commit) via 2e6c45c59bcd40f1ae8466cbd32f4d263ff45619 (commit) via 1ad4ba28e9335c288687d1757bce3221c522f576 (commit) via 7cbb738d218fad3bc91deebfd8ce5f3918592b84 (commit) via 524a8ef2ad76af8ac049293d993a1856b0d888fb (commit) via 66a704c43cfec810fea67a6959f2d1c94f4d594f (commit) via bc174f20b83d19167ecac14ce0762eddbe47cc64 (commit) via 995635f95b707488c23bba07be8016c9682d4045 (commit) via 10c85e76c09716e744b4a41006718400b1eb2e84 (commit) via de6591238b478bc86b8cf5af01a484114e399213 (commit) via 003a27e8195470f470f4d9384ca70d4e9fc8bd1b (commit) via 03baef1c9cfb396d76cae20a00aee657871e79c4 (commit) from 81e0662e5f2c342ffa413826b7b100d56677b613 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=cecbc7967f0bcac718b6f8f8942b58403c0e917c commit cecbc7967f0bcac718b6f8f8942b58403c0e917c Author: Nick Alcock <nick.alcock@oracle.com> Date: Mon Dec 26 10:09:10 2016 +0100 Enable -fstack-protector=* when requested by configure [BZ #7065] https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=2e6c45c59bcd40f1ae8466cbd32f4d263ff45619 commit 2e6c45c59bcd40f1ae8466cbd32f4d263ff45619 Author: Nick Alcock <nick.alcock@oracle.com> Date: Mon Dec 26 10:09:06 2016 +0100 Do not stack-protect sigreturn stubs [BZ #7065] These are called from the kernel with the stack at a carefully- chosen location so that the stack frame can be restored: they must not move the stack pointer lest garbage be restored into the registers. We explicitly inhibit protection for SPARC and for signal/sigreturn.c: other arches either define their sigreturn stubs in .S files, or (i386, x86_64, mips) use macros expanding to top-level asm blocks and explicit labels in the text section to mock up a "function" without telling the compiler that one is there at all. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=1ad4ba28e9335c288687d1757bce3221c522f576 commit 1ad4ba28e9335c288687d1757bce3221c522f576 Author: Nick Alcock <nick.alcock@oracle.com> Date: Mon Dec 26 10:09:03 2016 +0100 Drop explicit stack-protection of pieces of the system [BZ #7065] https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=7cbb738d218fad3bc91deebfd8ce5f3918592b84 commit 7cbb738d218fad3bc91deebfd8ce5f3918592b84 Author: Nick Alcock <nick.alcock@oracle.com> Date: Mon Dec 26 10:09:00 2016 +0100 Link a non-libc-using test with -fno-stack-protector [BZ #7065] This test cannot reference __stack_chk_fail because it is not linked with libc at all. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=524a8ef2ad76af8ac049293d993a1856b0d888fb commit 524a8ef2ad76af8ac049293d993a1856b0d888fb Author: Nick Alcock <nick.alcock@oracle.com> Date: Mon Dec 26 10:08:57 2016 +0100 PLT avoidance for __stack_chk_fail [BZ #7065] Add a hidden __stack_chk_fail_local alias to libc.so, and make sure that on targets which use __stack_chk_fail, this does not introduce a local PLT reference into libc.so. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=66a704c43cfec810fea67a6959f2d1c94f4d594f commit 66a704c43cfec810fea67a6959f2d1c94f4d594f Author: Nick Alcock <nick.alcock@oracle.com> Date: Mon Dec 26 10:08:54 2016 +0100 Work even with compilers which enable -fstack-protector by default [BZ #7065] With all the machinery we just added, we can easily arrange to work even when the compiler passes in -fstack-protector automatically: all the necessary bits of glibc are always compiled with -fno-stack-protector now. So tear out the check in configure, and add appropriate calls to -fno-stack-protector in tests that need them (largely those that use -nostdlib), since we don't yet have a __stack_chk_fail that those tests can rely upon. (GCC often provides one, but we cannot rely on this, especially not when bootstrapping.) When stack protection is disabled, explicitly pass -fno-stack-protector to everything, to stop a compiler hacked to enable it from inserting calls to __stack_chk_fail via the PLT in every object file. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bc174f20b83d19167ecac14ce0762eddbe47cc64 commit bc174f20b83d19167ecac14ce0762eddbe47cc64 Author: Nick Alcock <nick.alcock@oracle.com> Date: Mon Dec 26 10:08:51 2016 +0100 Ignore __stack_chk_fail* in the rtld mapfile computation [BZ #7065] The previous commit prevented rtld itself from being built with -fstack-protector, but this is not quite enough. We identify which objects belong in rtld via a test link and analysis of the resulting mapfile. That link is necessarily done against objects that are stack-protected, so drags in __stack_chk_fail_local, __stack_chk_fail, and all the libc and libio code they use. To stop this happening, use --defsym in the test librtld.map-production link to force the linker to predefine these two symbols (to 0, but it could be to anything). (In a real link, this would of course be catastrophic, but these object files are never used for anything else.) https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=995635f95b707488c23bba07be8016c9682d4045 commit 995635f95b707488c23bba07be8016c9682d4045 Author: Nick Alcock <nick.alcock@oracle.com> Date: Mon Dec 26 10:08:48 2016 +0100 Compile the dynamic linker without stack protection [BZ #7065] Also compile corresponding routines in the static libc.a with the same flag. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=10c85e76c09716e744b4a41006718400b1eb2e84 commit 10c85e76c09716e744b4a41006718400b1eb2e84 Author: Nick Alcock <nick.alcock@oracle.com> Date: Mon Dec 26 10:08:45 2016 +0100 Disable stack protector in early static initialization [BZ #7065] The startup code in csu/, and the brk and sbrk functions are needed very early in initialization of a statically-linked program, before the stack guard is initialized; TLS initialization also uses memcpy, which cannot overrun its own stack. Mark all of these as -fno-stack-protector. We also finally introduce @libc_cv_ssp@ and @no_stack_protector@, both substituted by the configury changes made earlier, to detect the case when -fno-stack-protector is supported by the compiler, and unconditionally pass it in when this is the case, whether or not --enable-stack-protector is passed to configure. (This means that it'll even work when the compiler's been hacked to pass -fstack-protector by default, unless the hackage is so broken that it does so in a way that is impossible to override.) https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=de6591238b478bc86b8cf5af01a484114e399213 commit de6591238b478bc86b8cf5af01a484114e399213 Author: Nick Alcock <nick.alcock@oracle.com> Date: Mon Dec 26 10:08:41 2016 +0100 Do not stack-protect ifunc resolvers [BZ #7065] When dynamically linking, ifunc resolvers are called before TLS is initialized, so they cannot be safely stack-protected. We avoid disabling stack-protection on large numbers of files by using __attribute__ ((__optimize__ ("-fno-stack-protector"))) to turn it off just for the resolvers themselves. (We provide the attribute even when statically linking, because we will later use it elsewhere too.) https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=003a27e8195470f470f4d9384ca70d4e9fc8bd1b commit 003a27e8195470f470f4d9384ca70d4e9fc8bd1b Author: Nick Alcock <nick.alcock@oracle.com> Date: Mon Dec 26 10:08:34 2016 +0100 Initialize the stack guard earlier when linking statically [BZ #7065] The address of the stack canary is stored in a per-thread variable, which means that we must ensure that the TLS area is intialized before calling any -fstack-protector'ed functions. For dynamically linked applications, we ensure this (in a later patch) by disabling -fstack-protector for the whole dynamic linker, but for static applications, the AT_ENTRY address is called directly by the kernel, so we must deal with the problem differently. In static appliations, __libc_setup_tls performs the TCB setup and TLS initialization, so this commit arranges for it to be called early and unconditionally. The call (and the stack guard initialization) is before the DL_SYSDEP_OSCHECK hook, which if set will probably call functions which are stack-protected (it does on Linux and NaCL too). We also move apply_irel up, so that we can still safely call functions that require ifuncs while in __libc_setup_tls (though if stack-protection is enabled we still have to avoid calling functions that are not stack-protected at this stage). https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=03baef1c9cfb396d76cae20a00aee657871e79c4 commit 03baef1c9cfb396d76cae20a00aee657871e79c4 Author: Nick Alcock <nick.alcock@oracle.com> Date: Mon Dec 26 10:08:18 2016 +0100 Configure support for --enable-stack-protector [BZ #7065] This adds =all and =strong, with obvious semantics, defaulting to off. We don't validate the value of the option yet: that's in a later patch. Nor do we use it for anything at this stage. We differentiate between 'the compiler understands -fstack-protector' and 'the user wanted -fstack-protector' so that we can pass -fno-stack-protector in appropriate places even if the user didn't want to turn on -fstack-protector for other parts. (This helps us overcome another existing limitation, that glibc doesn't work with GCCs hacked to pass in -fstack-protector by default.) We also arrange to set the STACK_PROTECTOR_LEVEL #define to a value appropriate for the stack-protection level in use for each file in particular. ----------------------------------------------------------------------- Summary of changes: ChangeLog | 149 +++++++++++++ INSTALL | 11 + Makeconfig | 8 +- NEWS | 4 + aclocal.m4 | 6 +- config.h.in | 10 + config.make.in | 2 + configure | 243 +++++++++++---------- configure.ac | 146 +++++++------ csu/Makefile | 4 + csu/libc-start.c | 29 ++-- csu/libc-tls.c | 17 +- debug/Makefile | 6 + debug/stack_chk_fail.c | 2 + elf/Makefile | 30 +++- elf/ifuncdep2.c | 3 + elf/ifuncmain6pie.c | 1 + elf/ifuncmain7.c | 1 + elf/ifuncmod1.c | 3 + elf/ifuncmod5.c | 3 + elf/rtld-Rules | 2 + include/libc-symbols.h | 12 +- login/Makefile | 1 - manual/install.texi | 11 + misc/Makefile | 7 + nptl/nptl-init.c | 16 -- nscd/Makefile | 1 - resolv/Makefile | 1 - signal/Makefile | 2 + string/Makefile | 4 + sysdeps/generic/ifunc-sel.h | 2 + sysdeps/generic/ldsodefs.h | 11 + sysdeps/generic/symbol-hacks.h | 12 + sysdeps/i386/Makefile | 2 +- sysdeps/nacl/nacl_interface_query.c | 1 + sysdeps/powerpc/ifunc-sel.h | 2 + sysdeps/unix/make-syscalls.sh | 1 + sysdeps/unix/sysv/linux/sparc/sparc32/sigaction.c | 8 +- sysdeps/unix/sysv/linux/sparc/sparc64/sigaction.c | 4 +- sysdeps/unix/sysv/linux/x86_64/x32/getcpu.c | 1 + sysdeps/x86_64/ifuncmod8.c | 1 + 41 files changed, 539 insertions(+), 241 deletions(-) Fixed in 2.25. This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, fw/stack-protector has been deleted was a547a051a93361a9ec4edf283bcebea66481fca8 - Log ----------------------------------------------------------------- a547a051a93361a9ec4edf283bcebea66481fca8 Enable -fstack-protector=* when requested by configure [BZ #7065] ----------------------------------------------------------------------- This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The annotated tag, glibc-2.25 has been created at be176490b818b65b5162c332eb6b581690b16e5c (tag) tagging db0242e3023436757bbc7c488a779e6e3343db04 (commit) replaces glibc-2.24 tagged by Siddhesh Poyarekar on Sun Feb 5 21:19:00 2017 +0530 - Log ----------------------------------------------------------------- The GNU C Library ================= The GNU C Library version 2.25 is now available. The GNU C Library is used as *the* C library in the GNU system and in GNU/Linux systems, as well as many other systems that use Linux as the kernel. The GNU C Library is primarily designed to be a portable and high performance C library. It follows all relevant standards including ISO C11 and POSIX.1-2008. It is also internationalized and has one of the most complete internationalization interfaces known. The GNU C Library webpage is at http://www.gnu.org/software/libc/ Packages for the 2.25 release may be downloaded from: http://ftpmirror.gnu.org/libc/ http://ftp.gnu.org/gnu/libc/ The mirror list is at http://www.gnu.org/order/ftp.html NEWS for version 2.25 ===================== * The feature test macro __STDC_WANT_LIB_EXT2__, from ISO/IEC TR 24731-2:2010, is supported to enable declarations of functions from that TR. Note that not all functions from that TR are supported by the GNU C Library. * The feature test macro __STDC_WANT_IEC_60559_BFP_EXT__, from ISO/IEC TS 18661-1:2014, is supported to enable declarations of functions and macros from that TS. Note that not all features from that TS are supported by the GNU C Library. * The feature test macro __STDC_WANT_IEC_60559_FUNCS_EXT__, from ISO/IEC TS 18661-4:2015, is supported to enable declarations of functions and macros from that TS. Note that most features from that TS are not supported by the GNU C Library. * The nonstandard feature selection macros _REENTRANT and _THREAD_SAFE are now treated as compatibility synonyms for _POSIX_C_SOURCE=199506L. Since the GNU C Library defaults to a much newer revision of POSIX, this will only affect programs that specifically request an old conformance mode. For instance, a program compiled with -std=c89 -D_REENTRANT will see a change in the visible declarations, but a program compiled with just -D_REENTRANT, or -std=c99 -D_POSIX_C_SOURCE=200809L -D_REENTRANT, will not. Some C libraries once required _REENTRANT and/or _THREAD_SAFE to be defined by all multithreaded code, but glibc has not required this for many years. * The inclusion of <sys/sysmacros.h> by <sys/types.h> is deprecated. This means that in a future release, the macros “major”, “minor”, and “makedev” will only be available from <sys/sysmacros.h>. These macros are not part of POSIX nor XSI, and their names frequently collide with user code; see for instance glibc bug 19239 and Red Hat bug 130601. <stdlib.h> includes <sys/types.h> under _GNU_SOURCE, and C++ code presently cannot avoid being compiled under _GNU_SOURCE, exacerbating the problem. * New <fenv.h> features from TS 18661-1:2014 are added to libm: the fesetexcept, fetestexceptflag, fegetmode and fesetmode functions, the femode_t type and the FE_DFL_MODE and FE_SNANS_ALWAYS_SIGNAL macros. * Integer width macros from TS 18661-1:2014 are added to <limits.h>: CHAR_WIDTH, SCHAR_WIDTH, UCHAR_WIDTH, SHRT_WIDTH, USHRT_WIDTH, INT_WIDTH, UINT_WIDTH, LONG_WIDTH, ULONG_WIDTH, LLONG_WIDTH, ULLONG_WIDTH; and to <stdint.h>: INT8_WIDTH, UINT8_WIDTH, INT16_WIDTH, UINT16_WIDTH, INT32_WIDTH, UINT32_WIDTH, INT64_WIDTH, UINT64_WIDTH, INT_LEAST8_WIDTH, UINT_LEAST8_WIDTH, INT_LEAST16_WIDTH, UINT_LEAST16_WIDTH, INT_LEAST32_WIDTH, UINT_LEAST32_WIDTH, INT_LEAST64_WIDTH, UINT_LEAST64_WIDTH, INT_FAST8_WIDTH, UINT_FAST8_WIDTH, INT_FAST16_WIDTH, UINT_FAST16_WIDTH, INT_FAST32_WIDTH, UINT_FAST32_WIDTH, INT_FAST64_WIDTH, UINT_FAST64_WIDTH, INTPTR_WIDTH, UINTPTR_WIDTH, INTMAX_WIDTH, UINTMAX_WIDTH, PTRDIFF_WIDTH, SIG_ATOMIC_WIDTH, SIZE_WIDTH, WCHAR_WIDTH, WINT_WIDTH. * New <math.h> features are added from TS 18661-1:2014: - Signaling NaN macros: SNANF, SNAN, SNANL. - Nearest integer functions: roundeven, roundevenf, roundevenl, fromfp, fromfpf, fromfpl, ufromfp, ufromfpf, ufromfpl, fromfpx, fromfpxf, fromfpxl, ufromfpx, ufromfpxf, ufromfpxl. - llogb functions: the llogb, llogbf and llogbl functions, and the FP_LLOGB0 and FP_LLOGBNAN macros. - Max-min magnitude functions: fmaxmag, fmaxmagf, fmaxmagl, fminmag, fminmagf, fminmagl. - Comparison macros: iseqsig. - Classification macros: iscanonical, issubnormal, iszero. - Total order functions: totalorder, totalorderf, totalorderl, totalordermag, totalordermagf, totalordermagl. - Canonicalize functions: canonicalize, canonicalizef, canonicalizel. - NaN functions: getpayload, getpayloadf, getpayloadl, setpayload, setpayloadf, setpayloadl, setpayloadsig, setpayloadsigf, setpayloadsigl. * The functions strfromd, strfromf, and strfroml, from ISO/IEC TS 18661-1:2014, are added to libc. They convert a floating-point number into string. * Most of glibc can now be built with the stack smashing protector enabled. It is recommended to build glibc with --enable-stack-protector=strong. Implemented by Nick Alcock (Oracle). * The function explicit_bzero, from OpenBSD, has been added to libc. It is intended to be used instead of memset() to erase sensitive data after use; the compiler will not optimize out calls to explicit_bzero even if they are "unnecessary" (in the sense that no _correct_ program can observe the effects of the memory clear). * On ColdFire, MicroBlaze, Nios II and SH3, the float_t type is now defined to float instead of double. This does not affect the ABI of any libraries that are part of the GNU C Library, but may affect the ABI of other libraries that use this type in their interfaces. * On x86_64, when compiling with -mfpmath=387 or -mfpmath=sse+387, the float_t and double_t types are now defined to long double instead of float and double. These options are not the default, and this does not affect the ABI of any libraries that are part of the GNU C Library, but it may affect the ABI of other libraries that use this type in their interfaces, if they are compiled or used with those options. * The getentropy and getrandom functions, and the <sys/random.h> header file have been added. * The buffer size for byte-oriented stdio streams is now limited to 8192 bytes by default. Previously, on Linux, the default buffer size on most file systems was 4096 bytes (and thus remains unchanged), except on network file systems, where the buffer size was unpredictable and could be as large as several megabytes. * The <sys/quota.h> header now includes the <linux/quota.h> header. Support for the Linux quota interface which predates kernel version 2.4.22 has been removed. * The malloc_get_state and malloc_set_state functions have been removed. Already-existing binaries that dynamically link to these functions will get a hidden implementation in which malloc_get_state is a stub. As far as we know, these functions are used only by GNU Emacs and this change will not adversely affect already-built Emacs executables. Any undumped Emacs executables, which normally exist only during an Emacs build, should be rebuilt by re-running “./configure; make” in the Emacs build tree. * The “ip6-dotint” and “no-ip6-dotint” resolver options, and the corresponding RES_NOIP6DOTINT flag from <resolv.h> have been removed. “no-ip6-dotint” had already been the default, and support for the “ip6-dotint” option was removed from the Internet in 2006. * The "ip6-bytestring" resolver option and the corresponding RES_USEBSTRING flag from <resolv.h> have been removed. The option relied on a backwards-incompatible DNS extension which was never deployed on the Internet. * The flags RES_AAONLY, RES_PRIMARY, RES_NOCHECKNAME, RES_KEEPTSIG, RES_BLAST defined in the <resolv.h> header file have been deprecated. They were already unimplemented. * The "inet6" option in /etc/resolv.conf and the RES_USE_INET6 flag for _res.flags are deprecated. The flag was standardized in RFC 2133, but removed again from the IETF name lookup interface specification in RFC 2553. Applications should use getaddrinfo instead. * DNSSEC-related declarations and definitions have been removed from the <arpa/nameser.h> header file, and libresolv will no longer attempt to decode the data part of DNSSEC record types. Previous versions of glibc only implemented minimal support for the previous version of DNSSEC, which is incompatible with the currently deployed version. * The resource record type classification macros ns_t_qt_p, ns_t_mrr_p, ns_t_rr_p, ns_t_udp_p, ns_t_xfr_p have been removed from the <arpa/nameser.h> header file because the distinction between RR types and meta-RR types is not officially standardized, subject to revision, and thus not suitable for encoding in a macro. * The types res_sendhookact, res_send_qhook, re_send_rhook, and the qhook and rhook members of the res_state type in <resolv.h> have been removed. The glibc stub resolver did not support these hooks, but the header file did not reflect that. * For multi-arch support it is recommended to use a GCC which has been built with support for GNU indirect functions. This ensures that correct debugging information is generated for functions selected by IFUNC resolvers. This support can either be enabled by configuring GCC with '--enable-gnu-indirect-function', or by enabling it by default by setting 'default_gnu_indirect_function' variable for a particular architecture in the GCC source file 'gcc/config.gcc'. * GDB pretty printers have been added for mutex and condition variable structures in POSIX Threads. When installed and loaded in gdb these pretty printers show various pthread variables in human-readable form when read using the 'print' or 'display' commands in gdb. * Tunables feature added to allow tweaking of the runtime for an application program. This feature can be enabled with the '--enable-tunables' configure flag. The GNU C Library manual has details on usage and README.tunables has instructions on adding new tunables to the library. * A new version of condition variables functions have been implemented in the NPTL implementation of POSIX Threads to provide stronger ordering guarantees. * A new version of pthread_rwlock functions have been implemented to use a more scalable algorithm primarily through not using a critical section anymore to make state changes. Security related changes: * On ARM EABI (32-bit), generating a backtrace for execution contexts which have been created with makecontext could fail to terminate due to a missing .cantunwind annotation. This has been observed to lead to a hang (denial of service) in some Go applications compiled with gccgo. Reported by Andreas Schwab. (CVE-2016-6323) * The DNS stub resolver functions would crash due to a NULL pointer dereference when processing a query with a valid DNS question type which was used internally in the implementation. The stub resolver now uses a question type which is outside the range of valid question type values. (CVE-2015-5180) Contributors ============ This release was made possible by the contributions of many people. The maintainers are grateful to everyone who has contributed changes or bug reports. These include: Adhemerval Zanella Alan Modra Alexandre Oliva Andreas Schwab Andrew Senkevich Aurelien Jarno Brent W. Baccala Carlos O'Donell Chris Metcalf Chung-Lin Tang DJ Delorie David S. Miller Denis Kaganovich Dmitry V. Levin Ernestas Kulik Florian Weimer Gabriel F T Gomes Gabriel F. T. Gomes H.J. Lu Jakub Jelinek James Clarke James Greenhalgh Jim Meyering John David Anglin Joseph Myers Maciej W. Rozycki Mark Wielaard Martin Galvan Martin Pitt Mike Frysinger Märt Põder Nick Alcock Paul E. Murphy Paul Murphy Rajalakshmi Srinivasaraghavan Rasmus Villemoes Rical Jasan Richard Henderson Roland McGrath Samuel Thibault Siddhesh Poyarekar Stefan Liebler Steve Ellcey Svante Signell Szabolcs Nagy Tom Tromey Torvald Riegel Tulio Magno Quites Machado Filho Wilco Dijkstra Yury Norov Zack Weinberg -----BEGIN PGP SIGNATURE----- iQEcBAABAgAGBQJYl0mTAAoJEHnEPfvxzyGHXTgH/jsS205Wdz9EniZrJ6+NXCm1 F/eeOMotGNv82BYaLRnw9XrF7p6+ND8E+7rSvFZT5O309OrdLjg4QG6M63COMRCh 6KKtQUM/00I1u4AYkOOgrUkor3m58GgeQUziOxXNvQNoU8zLguPk4kzVsvxq6lJR /IROH2Mfl1AggOGq9Y1R/0uQCpj4jJSLETxJupg4calGPZQW3isogucSmogdccAB Bqso7L40Xo4LJnEoD7JurlMrP5x043TttmTyvnFTtxRZTAHVjyQpFMKHaSkMgtIG +fe26Ua3oMqbE9A9G3qiMIrPEqu+0tWKbvci0FeaE30vfI6YtVcd8I0RlBW9gok= =3NM3 -----END PGP SIGNATURE----- Adhemerval Zanella (69): Fix test-skeleton C99 designed initialization nptl: Consolidate sem_open implementations nptl: Set sem_open as a non cancellation point (BZ #15765) nptl: Remove sparc sem_wait nptl: Fix sem_wait and sem_timedwait cancellation (BZ#18243) rt: Set shm_open as a non cancellation point (BZ #18243) nptl: Consolidate sem_init implementations posix: Correctly enable/disable cancellation on Linux posix_spawn posix: Correctly block/unblock all signals on Linux posix_spawn Add INTERNAL_SYSCALL_CALL posix: Fix open file action for posix_spawn on Linux Remove C++ style comments from string3.h libio: Multiple fixes for open_{w}memstram (BZ#18241 and BZ#20181) Fix tst-memstream3 build failure Consolidate fallocate{64} implementations Consolidate posix_fallocate{64} implementations Consolidate posix_fadvise implementations Fix iseqsig for ports that do not support FE_INVALID Consolidate Linux sync_file_range implementations Fix posix_fadvise64 build on mips64n64 Fix Linux fallocate tests for EOPNOTSUPP Fix Linux sh4 pread/pwrite argument passing Fix sparc build due missing __WORDSIZE_TIME64_COMPAT32 definition Consolidate lseek/lseek64/llseek implementations Consolidate Linux ftruncate implementations Consolidate Linux truncate implementations Consolidate Linux access implementation Fix sh4 build with __ASSUME_ST_INO_64_BIT redefinition New internal function __access_noerrno Consolidate Linux setrlimit and getrlimit implementation Fix hurd __access_noerrno implementation. Fix writes past the allocated array bounds in execvpe (BZ#20847) Remove cached PID/TID in clone powerpc: Remove stpcpy internal clash with IFUNC powerpc: Remove stpcpy internal clash with IFUNC Fix writes past the allocated array bounds in execvpe (BZ#20847) Consolidate rename Linux implementation Consolidate renameat Linux implementation Fix powerpc64/power7 memchr for large input sizes Fix typos and missing closing bracket in test-memchr.c Adjust benchtests to new support library. benchtests: Add fmax/fmin benchmarks benchtests: Add fmaxf/fminf benchmarks Fix x86_64 memchr for large input sizes powerpc: Remove f{max,min}{f} assembly implementations Add __ASSUME_DIRECT_SYSVIPC_SYSCALL for Linux Refactor Linux ipc_priv header Consolidate Linux msgctl implementation Consolidate Linux msgrcv implementation Use msgsnd syscall for Linux implementation Use msgget syscall for Linux implementation Add SYSV message queue test Consolidate Linux semctl implementation Use semget syscall for Linux implementation Use semop syscall for Linux implementation Consolidate Linux semtimedop implementation Add SYSV semaphore test Use shmat syscall for Linux implementation Consolidate Linux shmctl implementation Use shmdt syscall for linux implementation Use shmget syscall for linux implementation Add SYSV shared memory test Fix i686 memchr for large input sizes Fix test-sysvsem on some platforms Fix x86 strncat optimized implementation for large sizes Remove duplicate strcat implementations Use fortify macros for b{zero,copy} along decl from strings.h Move fortified explicit_bzero back to string3 Add missing bugzilla reference in previous ChangeLog entry Alan Modra (1): powerpc32: make PLT call in _mcount compatible with -msecure-plt (bug 20554) Alexandre Oliva (2): [PR19826] fix non-LE TLS in static programs Bug 20915: Do not initialize DTV of other threads. Andreas Schwab (11): arm: mark __startcontext as .cantunwind (bug 20435) Properly initialize glob structure with GLOB_BRACE|GLOB_DOOFFS (bug 20707) Fix multiple definitions of mk[o]stemp[s]64 Get rid of __elision_available Fix testsuite timeout handling powerpc: remove _dl_platform_string and _dl_powerpc_platforms Fix assertion failure on test timeout Fix ChangeLog typo Revert "Fix ChangeLog typo" m68k: fix 64bit atomic ops Fix missing test dependency Andrew Senkevich (4): x86_64: Call finite scalar versions in vectorized log, pow, exp (bz #20033). Install libm.a as linker script (bug 20539). Better design of libm.a installation rule. Disable TSX on some Haswell processors. Aurelien Jarno (14): alpha: fix ceil on sNaN input alpha: fix floor on sNaN input alpha: fix rint on sNaN input alpha: fix trunc for big input values powerpc: fix ifunc-sel.h with GCC 6 powerpc: fix ifunc-sel.h fix asm constraints and clobber list sparc64: add a VIS3 version of ceil, floor and trunc sparc: build with -mvis on sparc32/sparcv9 and sparc64 sparc: remove fdim sparc specific implementations sparc32/sparcv9: add a VIS3 version of fdim Set NODELETE flag after checking for NULL pointer conform tests: call perl with '-I.' gconv.h: fix build with GCC 7 x86_64: fix static build of __memcpy_chk for compilers defaulting to PIC/PIE Brent W. Baccala (1): hurd: Fix spurious port deallocation Carlos O'Donell (17): Open development for 2.25. Update PO files. Bug 20292 - Simplify and test _dl_addr_inside_object Bug 20689: Fix FMA and AVX2 detection on Intel Fix atomic_fetch_xor_release. Add missing include for stdlib.h. Fix building tst-linkall-static. Add include/crypt.h. Bug 20729: Fix building with -Os. Bug 20729: Include libc-internal.h where required. Bug 20729: Fix build failures on ppc64 and other arches. Remove out of date PROJECTS file. Bug 20918 - Building with --enable-nss-crypt fails tst-linkall-static Bug 11941: ld.so: Improper assert map->l_init_called in dlclose Add deferred cancellation regression test for getpwuid_r. Fix failing pretty printer tests when CPPFLAGS has optimizations. Bug 20116: Fix use after free in pthread_create() Chris Metcalf (6): Make sure tilepro uses kernel atomics fo atomic_store Make tile's set_dataplane API compatibility-only tile: create new math-tests.h header build-many-glibcs: Revert -fno-isolate-erroneous-paths options for tilepro tile: pass __IPC_64 as zero for SysV IPC calls tile: Check for pointer add overflow in memchr Chung-Lin Tang (1): Add ipc_priv.h header for Nios II to set __IPC_64 to zero. DJ Delorie (1): * elf/dl-tunables.c (tunable_set_val_if_valid_range): Split into ... David S. Miller (4): Fix wide-char testsuite SIGBUS on platforms such as Sparc. Fix sNaN handling in nearbyint on 32-bit sparc. Fix a sparc header conformtest failure. sparc: Remove optimized math routines which cause testsuite failures. Denis Kaganovich (1): configure: accept __stack_chk_fail_local for ssp support too [BZ #20662] Dmitry V. Levin (1): Fix typos in the spelling of "implementation" Ernestas Kulik (1): localedata: lt_LT: use hyphens in d_fmt [BZ #20497] Florian Weimer (100): malloc: Preserve arena free list/thread count invariant [BZ #20370] malloc: Run tests without calling mallopt [BZ #19469] Add support for referencing specific symbol versions elf: dl-minimal malloc needs to respect fundamental alignment elf: Avoid using memalign for TLS allocations [BZ #17730] elf: Do not use memalign for TCB/TLS blocks allocation [BZ #17730] x86: Use sysdep.o from libc.a in static libraries Add missing reference to bug 20452 nptl/tst-tls3-malloc: Force freeing of thread stacks Add NEWS entry for CVE-2016-6323 Add CVE-2016-6323 missing from NEWS entry Do not override objects in libc.a in other static libraries [BZ #20452] nptl/tst-once5: Reduce time to expected failure argp: Do not override GCC keywords with macros [BZ #16907] string: More tests for strcmp, strcasecmp, strncmp, strncasecmp nptl: Avoid expected SIGALRM in most tests [BZ #20432] Correct incorrect bug number in changelog malloc: Simplify static malloc interposition [BZ #20432] Base <sys/quota.h> on Linux kernel headers [BZ #20525] vfprintf: Avoid creating a VLA which complicates stack management vfscanf: Avoid multiple reads of multi-byte character width malloc: Automated part of conversion to __libc_lock resolv: Remove _LIBC_REENTRANT Remove the ptw-% patterns inet: Add __inet6_scopeid_pton function [BZ #20611] sysd-rules: Cut down the number of rtld-% pattern rules Remove remnants of .og patterns sln: Preprocessor cleanups Generate .op pattern rules for profiling builds only Avoid running $(CXX) during build to obtain header file paths Add test case for O_TMPFILE handling in open, openat manual: Clarify the documentation of strverscmp [BZ #20524] Remove obsolete DNSSEC support [BZ #20591] resolv: Remove the BIND_4_COMPAT macro <arpa/nameser.h>, <arpa/nameser_compat.h>: Remove versions <arpa/nameser.h>: Remove RR type classification macros [BZ #20592] malloc: Manual part of conversion to __libc_lock resolv: Remove unsupported hook functions from the API [BZ #20016] test-skeleton.c: Remove unintended #include <stdarg.h>. tst-open-tmpfile: Add checks for open64, openat64, linkat manual: Clarify NSS error reporting resolv: Deprecate unimplemented flags resolv: Remove RES_NOIP6DOTINT and its implementation resolv: Remove RES_USEBSTRING and its implementation [BZ #20629] resolv: Compile without -Wno-write-strings math: Define iszero as a function template for C++ [BZ #20715] math.h: Wrap C++ bits in extern "C++" iconv: Avoid writable data and relocations in IBM charsets iconv: Avoid writable data and relocations in ISO646 malloc: Remove malloc_get_state, malloc_set_state [BZ #19473] malloc: Use accessors for chunk metadata access sysmalloc: Initialize previous size field of mmaped chunks Add test for linking against most static libraries i386: Support CFLAGS which imply -fno-omit-frame-pointer [BZ #20729] crypt: Use internal names for the SHA-2 block functions malloc: Update comments about chunk layout nptl: Document the reason why __kind in pthread_mutex_t is part of the ABI s390x: Add hidden definition for __sigsetjmp elf: Assume TLS is initialized in _dl_map_object_from_fd powerpc: Remove unintended __longjmp symbol from ABI powerpc: Add hidden definition for __sigsetjmp gconv: Adjust GBK to support the Euro sign libio: Limit buffer size to 8192 bytes [BZ #4099] Implement _dl_catch_error, _dl_signal_error in libc.so [BZ #16628] ld.so: Remove __libc_memalign aarch64: Use explicit offsets in _dl_tlsdesc_dynamic elf/tst-tls-manydynamic: New test support: Introduce new subdirectory for test infrastructure inet: Make IN6_IS_ADDR_UNSPECIFIED etc. usable with POSIX [BZ #16421] debug: Additional compiler barriers for backtrace tests [BZ #20956] Add getentropy, getrandom, <sys/random.h> [BZ #17252] Expose linking against libsupport as make dependency nptl/tst-cancel7: Add missing case label Add missing bug number to ChangeLog Do not require memset elimination in explicit_bzero test Remove unused function _dl_tls_setup scripts/test_printers_common.py: Log GDB error message rpcinfo: Remove traces of unbuilt helper program sunrpc: Always obtain AF_INET addresses from NSS [BZ #20964] resolv: Remove processing of unimplemented "spoof" host.conf options Declare getentropy in <unistd.h> [BZ #17252] support: Add support for delayed test failure reporting Add file missing from ChangeLog in previous commit Fix various typos in the ChangeLog resolv: Turn historic name lookup functions into compat symbols getentropy: Declare it in <unistd.h> for __USE_MISC [BZ #17252] support: Helper functions for entering namespaces support: Use support_record_failure consistently support: Implement --verbose option for test programs resolv: Add beginnings of a libresolv test suite resolv: Deprecate the "inet6" option and RES_USE_INET6 [BZ #19582] resolv: Deprecate RES_BLAST tunables: Use correct unused attribute CVE-2015-5180: resolv: Fix crash with internal QTYPE [BZ #18784] Update DNS RR type definitions [BZ #20593] malloc: Run tunables tests only if tunables are enabled support: Use %td for pointer difference in xwrite support: struct netent portability fix for support_format_netent string/tst-strcoll-overflow: Do not accept timeout as test result nptl: Add tst-robust-fork Gabriel F T Gomes (1): Fix warning caused by unused-result in bug-atexit3-lib.cc Gabriel F. T. Gomes (10): Add strfromd, strfromf, and strfroml functions Use read_int in vfscanf Use write_message instead of write Write messages to stdout and use write_message instead of write Make w_log1p type-generic Fix arg used as litteral suffix in tst-strfrom.h Make w_scalbln type-generic Replace use of snprintf with strfrom in libm tests Fix typo in manual for iseqsig Move wrappers to libm-compat-calls-auto H.J. Lu (8): X86: Change bit_YMM_state to (1 << 2) X86-64: Correct CFA in _dl_runtime_resolve X86-64: Add _dl_runtime_resolve_avx[512]_{opt|slow} [BZ #20508] X86: Don't assert on older Intel CPUs [BZ #20647] Check IFUNC definition in unrelocated shared library [BZ #20019] X86_64: Don't use PLT nor GOT in static archives [BZ #20750] Add VZEROUPPER to memset-vec-unaligned-erms.S [BZ #21081] Allow IFUNC relocation against unrelocated shared library Jakub Jelinek (1): * soft-fp/op-common.h (_FP_MUL, _FP_FMA, _FP_DIV): Add James Clarke (1): Bug 21053: sh: Reduce namespace pollution from sys/ucontext.h James Greenhalgh (1): [soft-fp] Add support for various half-precision conversion routines. Jim Meyering (1): assert.h: allow gcc to detect assert(a = 1) errors John David Anglin (1): hppa: Optimize atomic_compare_and_exchange_val_acq Joseph Myers (181): Support __STDC_WANT_LIB_EXT2__ feature test macro. Define PF_QIPCRTR, AF_QIPCRTR from Linux 4.7 in bits/socket.h. Define UDP_ENCAP_* from Linux 4.7 in netinet/udp.h. Support __STDC_WANT_IEC_60559_BFP_EXT__ feature test macro. Fix typo in last arith.texi change. Support __STDC_WANT_IEC_60559_FUNCS_EXT__ feature test macro. Also handle __STDC_WANT_IEC_60559_BFP_EXT__ in <tgmath.h>. Do not call __nan in scalb functions. Fix math.h comment about bits/mathdef.h. Add tests for fegetexceptflag, fesetexceptflag. Fix powerpc fesetexceptflag clearing FE_INVALID (bug 20455). Fix test-fexcept when "inexact" implicitly raised. Add comment from sysdeps/powerpc/fpu/fraiseexcpt.c to fsetexcptflg.c. Add fesetexcept. Add fesetexcept: aarch64. Add fesetexcept: alpha. Add fesetexcept: arm. Add fesetexcept: hppa. Add fesetexcept: ia64. Add fesetexcept: m68k. Add fesetexcept: mips. Add fesetexcept: powerpc. Add fesetexcept: s390. Add fesetexcept: sh. Add fesetexcept: sparc. Fix soft-fp extended.h unpacking (GCC bug 77265). Add fetestexceptflag. Add femode_t functions. Add femode_t functions: aarch64. Add femode_t functions: alpha. Add femode_t functions: arm. Add femode_t functions: hppa. Add femode_t functions: ia64. Add femode_t functions: m68k. Add femode_t functions: mips. Add femode_t functions: powerpc. Add femode_t functions: s390. Add femode_t functions: sh. Add femode_t functions: sparc. Add e500 version of fetestexceptflag. Add <limits.h> integer width macros. Add <stdint.h> integer width macros. Add issubnormal. Add iszero. Fix iszero for excess precision. Add iscanonical. Fix ldbl-128ibm iscanonical for -mlong-double-64. Use __builtin_fma more in dbl-64 code. Add TCP_REPAIR_WINDOW from Linux 4.8. Fix LONG_WIDTH, ULONG_WIDTH include ordering issue. Add iseqsig. Make iseqsig handle excess precision. Avoid M_NAN + M_NAN in complex functions. Add totalorder, totalorderf, totalorderl. Add more totalorder tests. Clean up some complex functions raising FE_INVALID. Add totalordermag, totalordermagf, totalordermagl. Define HIGH_ORDER_BIT_IS_SET_FOR_SNAN to 0 or 1. Add getpayload, getpayloadf, getpayloadl. Stop powerpc copysignl raising "invalid" for sNaN argument (bug 20718). Use VSQRT instruction for ARM sqrt (bug 20660). Use -fno-builtin for sqrt benchmark. Fix cmpli usage in power6 memset. Add getpayloadl to libnldbl. Add canonicalize, canonicalizef, canonicalizel. Make strtod raise "inexact" exceptions (bug 19380). Add SNAN, SNANF, SNANL macros. Correct clog10 documentation (bug 19673). Fix linknamespace parallel test failures. Handle tilegx* machine names. Add localplt.data for MIPS. XFAIL check-execstack for MIPS. Make MIPS <sys/user.h> self-contained. Do not hardcode platform names in manual/libm-err-tab.pl (bug 14139). Fix alpha sqrt fegetenv namespace (bug 20768). Handle tests-unsupported if run-built-tests = no. Do not generate UNRESOLVED results for run-built-tests = no. Make check-installed-headers.sh ignore sys/sysctl.h for x32. Update nios2 localplt.data. Update alpha localplt.data. Add localplt.data for hppa. Add localplt.data for sh. Fix rpcgen buffer overrun (bug 20790). Refactor some libm type-generic macros. Make SH <sys/user.h> self-contained. Ignore -Wmaybe-uninitialized in stdlib/bug-getcontext.c. Add script to build many glibc configurations. Make tilegx32 install libraries in lib32 directories. Fix build-many-glibcs.py style issues. Make SH ucontext always match current kernels. Fix SH4 register-dump.h for soft-float. Fix crypt snprintf namespace (bug 20829). Enable linknamespace testing for libdl and libcrypt. Make Alpha <sys/user.h> self-contained. Actually use newly built host libraries in build-many-glibcs.py. Quote shell commands in logs from build-many-glibcs.py. Add setpayload, setpayloadf, setpayloadl. Make build-many-glibcs.py use -fno-isolate-erroneous-paths options for tilepro. Fix default float_t definition (bug 20855). Fix x86_64 -mfpmath=387 float_t, double_t (bug 20787). Fix SH4 FP_ILOGB0 (bug 20859). More NEWS entries / fixes for float_t / double_t changes. Refactor float_t, double_t information into bits/flt-eval-method.h. Make build-many-glibcs.py track component versions requested and used. Add setpayloadsig, setpayloadsigf, setpayloadsigl. Make build-many-glibcs.py re-exec itself if changed by checkout. Make build-many-glibcs.py store more information about builds. Do not include asm/cachectl.h in nios2 sys/cachectl.h. Fix sysdeps/ia64/fpu/libm-symbols.h for inclusion in testcases. Work around IA64 tst-setcontext2.c compile failure. Make ilogb wrappers type-generic. Refactor FP_FAST_* into bits/fp-fast.h. Add build-many-glibcs.py bot-cycle action. Make build-many-glibcs.py support running as a bot. Refactor FP_ILOGB* out of bits/mathdef.h. Add missing hidden_def (__sigsetjmp). Make ldbl-128 getpayload, setpayload functions use _Float128. Add llogb, llogbf, llogbl. Fix pow (qNaN, 0) result with -lieee (bug 20919), remove dead parts of wrappers. Fix sysdeps/ieee754 pow handling of sNaN arguments (bug 20916). Fix x86_64/x86 powl handling of sNaN arguments (bug 20916). Fix hypot sNaN handling (bug 20940). Fix typo in last ChangeLog message. Add build-many-glibcs.py option to strip installed shared libraries. Fix tests-printers handling for cross compiling. Use Linux 4.9 (headers) in build-many-glibcs.py. Add [BZ #19398] marker to ChangeLog entry. Include <linux/falloc.h> in bits/fcntl-linux.h. Refactor long double information into bits/long-double.h. Fix generic fmax, fmin sNaN handling (bug 20947). Fix powerpc fmax, fmin sNaN handling (bug 20947). Fix x86, x86_64 fmax, fmin sNaN handling, add tests (bug 20947). Make build-many-glibcs.py flush stdout before execv. Define FE_SNANS_ALWAYS_SIGNAL. Document sNaN argument error handling. Add fmaxmag, fminmag functions. Add preprocessor indentation for llogb macro in tgmath.h. Add roundeven, roundevenf, roundevenl. Update miscellaneous files from upstream sources. Fix nss_nisplus build with mainline GCC (bug 20978). Update NEWS feature test macro description of TS 18661-1 support. Fix tst-support_record_failure-2 for run-built-tests = no. Define __intmax_t, __uintmax_t in bits/types.h. Add fromfp functions. Update copyright dates with scripts/update-copyrights. Update copyright dates not handled by scripts/update-copyrights. Update config.guess and config.sub to current versions. Make build-many-glibcs.py use binutils 2.28 branch by default. Correct MIPS math-tests.h condition for sNaN payload preservation. Fix math/test-nearbyint-except for no-exceptions configurations. Add build-many-glibcs.py powerpc-linux-gnu-power4 build. Fix MIPS n32 lseek, lseek64 (bug 21019). Fix elf/tst-ldconfig-X for cross testing. Fix math/test-fenvinline for no-exceptions configurations. Update i386 libm-test-ulps. Fix MicroBlaze __backtrace get_frame_size namespace (bug 21022). Make MIPS soft-fp preserve NaN payloads for NAN2008. Fix MicroBlaze bits/setjmp.h for C++. Update libm-test XFAILs for ibm128 format. Fix malloc/ tests for GCC 7 -Walloc-size-larger-than=. Fix string/tester.c for GCC 7 -Wstringop-overflow=. Fix MIPS n64 readahead (bug 21026). Increase some test timeouts. Make fallback fesetexceptflag always succeed (bug 21028). Update MicroBlaze localplt.data. Fix math/test-fenv for no-exceptions / no-rounding-modes configurations. Improve libm-test XFAILing for ibm128-libgcc. XFAIL libm-test.inc tests as needed for ibm128. Fix elf/sotruss-lib format-truncation error. Fix ld-address format-truncation error. Fix testsuite build for GCC 7 -Wformat-truncation. Make endian-conversion macros always return correct types (bug 16458). Make fallback fegetexceptflag work with generic fetestexceptflag. Fix MIPS o32 posix_fadvise. Make soft-float powerpc swapcontext restore the signal mask (bug 21045). Update install.texi latest GCC version known to work. Avoid parallel GCC install in build-many-glibcs.py. Fix ARM fpu_control.h for assemblers requiring VFP insn names (bug 21047). Restore clock_* librt exports for MicroBlaze (bug 21061). Update README.libm-test. Remove very old libm-test-ulps entries. Maciej W. Rozycki (2): MIPS: Add `.insn' to ensure a text label is defined as code not data MIPS: Use R_MICROMIPS_JALR rather than R_MIPS_JALR in microMIPS code Mark Wielaard (1): Reduce memory size of tsearch red-black tree. Martin Galvan (3): Add pretty printers for the NPTL lock types Add -B to python invocation to avoid generating pyc files Fix up tabs/spaces mismatches Martin Pitt (1): locales: en_CA: update d_fmt [BZ #9842] Mike Frysinger (5): localedata: change M$ to Microsoft ChangeLog: change Winblowz to Windows ChangeLog: fix date localedata: GBK: add mapping for 0x80->Euro sign [BZ #20864] localedata: bs_BA: fix yesexpr/noexpr [BZ #20974] Märt Põder (1): locales: et_EE: locale has wrong {p,n}_cs_precedes value [BZ #20459] Nick Alcock (14): Move all tests out of the csu subdirectory x86_64: tst-quad1pie, tst-quad2pie: compile with -fPIE [BZ #7065] Configure support for --enable-stack-protector [BZ #7065] Initialize the stack guard earlier when linking statically [BZ #7065] Do not stack-protect ifunc resolvers [BZ #7065] Disable stack protector in early static initialization [BZ #7065] Compile the dynamic linker without stack protection [BZ #7065] Ignore __stack_chk_fail* in the rtld mapfile computation [BZ #7065] Work even with compilers which enable -fstack-protector by default [BZ #7065] PLT avoidance for __stack_chk_fail [BZ #7065] Link a non-libc-using test with -fno-stack-protector [BZ #7065] Drop explicit stack-protection of pieces of the system [BZ #7065] Do not stack-protect sigreturn stubs [BZ #7065] Enable -fstack-protector=* when requested by configure [BZ #7065] Paul E. Murphy (28): Remove tacit double usage in ldbl-128 Refactor part of math Makefile Unify drift between _Complex function type variants Improve gen-libm-test.pl LIT() application Support for type-generic libm function implementations libm ldbl-128: Remove unused sqrtl declaration in e_asinl.c Add tst-wcstod-round Prepare to convert _Complex cosine functions Convert _Complex cosine functions to generated code Merge common usage of mul_split function Prepare to convert _Complex sine functions Convert _Complex sine functions to generated code Prepare to convert _Complex tangent functions Convert _Complex tangent functions to generated code sparcv9: Restore fdiml@GLIBC_2.1 Prepare to convert remaining _Complex functions Convert remaining complex function to generated files ldbl-128: Rename 'long double' to '_Float128' ldbl-128: Cleanup e_gammal_r.c after _Float128 rename Make common fdim implementation generic. Make common nextdown implementation generic. Make common fmax implementation generic. Make common fmin implementation generic. Remove unneeded stubs for k_rem_pio2l. ldbl-128: Use L(x) macro for long double constants Make ldexpF generic. Remove __nan{f,,l} macros Build s_nan* objects from a generic template Paul Murphy (1): powerpc: Cleanup fenv_private.h Rajalakshmi Srinivasaraghavan (5): Refactor strtod tests Add tests for strfrom functions powerpc: strcmp optimization for power9 powerpc: strncmp optimization for power9 powerpc64: strchr/strchrnul optimization for power8 Rasmus Villemoes (1): linux: spawni.c: simplify error reporting to parent Rical Jasan (28): Manual typos: Input/Output on Streams Manual typos: Low-Level Input/Output Manual typos: File System Interface Manual typos: Sockets Manual typos: Low-Level Terminal Interface Manual typos: Syslog Manual typos: Mathematics Manual typos: Arithmetic Functions Manual typos: Date and Time Manual typos: Resource Usage and Limitation Manual typos: Non-Local Exits Manual typos: Signal Handling Manual typos: The Basic Program/System Interface Manual typos: Processes Manual typos: Job Control Manual typos: Users and Groups Manual typos: System Management Manual typos: System Configuration Parameters Manual typos: DES Encryption and Password Handling Manual typos: Debugging support Manual typos: POSIX Threads Manual typos: Internal probes Manual typos: C Language Facilities in the Library Manual typos: Installing Manual typos: Library Maintenance Manual typos: Contributors to manual: Remove non-existent mount options S_IMMUTABLE and S_APPEND [BZ #11235] manual: Convert @tables of variables to @vtables. Richard Henderson (1): alpha: Use saturating arithmetic in memchr Roland McGrath (3): NaCl: Fix compile error in clock function. Fix generic wait3 after union wait_status removal. NaCl: Fix compile error for __dup after libc_hidden_proto addition. Samuel Thibault (12): Fix recvmsg returning SIGLOST on PF_LOCAL sockets mach: Add more allowed external headers hurd: fix pathconf visibility hurd: fix fcntl visibility Fix exc2signal.c template mach: Fix old-style function definition. Fix old-style function definition hurdmalloc: Run fork handler as late as possible [BZ #19431] hurd: Fix stack pointer corruption in syscall hurd: Fix unused variable warning hurd: fix using hurd/signal.h in C++ programs hurd: fix using hurd.h in C++ programs Siddhesh Poyarekar (47): Consolidate reduce_and_compute code Add fall through comments Use fabs(x) instead of branching on signedness of input to sin and cos Consolidate input partitioning into do_cos and do_sin Use do_sin for sin(x) where 0.25 < |x| < 0.855469 Inline all support functions for sin and cos Remove __libc_csu_irel declaration Add tests-static to tests in malloc/Makefile consolidate sign checks for slow2 Use copysign instead of ternary conditions for positive constants Use copysign instead of ternary for some sin/cos input ranges Make the quadrant shift K a bool in do_sincos_* functions Check n instead of k1 to decide on sign of sin/cos result Manual typos: System Databases and Name Service Switch Make quadrant shift a boolean in reduce_and_compute in s_sin.c Adjust calls to do_sincos_1 and do_sincos_2 in s_sincos.c Update comments for some functions in s_sin.c Add note on MALLOC_MMAP_* environment variables Document the M_ARENA_* mallopt parameters Remove references to sbrk to grow/shrink arenas Remove redundant definitions of M_ARENA_* macros Static inline functions for mallopt helpers Regenerate ULPs for aarch64 Add ChangeLog for previous commit Link benchset tests against libsupport Add configure check for python program Fix pretty printer tests for run-built-tests == no Add framework for tunables Initialize tunable list with the GLIBC_TUNABLES environment variable Enhance --enable-tunables to select tunables frontend at build time User manual documentation for tunables Add NEWS item for tunables tunables: Avoid getenv calls and disable glibc.malloc.check by default Regenerate libc.pot Update translations from the Translation Project Merge translations from the Translation Project Fix typo in NEWS Merge translations from the Translation Project Fix environment traversal when an envvar value is empty Add target to incorporate translations from translations.org tunables: Fix environment variable processing for setuid binaries (bz #21073) Drop GLIBC_TUNABLES for setxid programs when tunables is disabled (bz #21073) tunables: Fail tests correctly when setgid does not work Add missing NEWS items Add list of bugs fixed in 2.25 Add more contributors to contrib.texi Update for 2.25 release Stefan Liebler (22): Get rid of array-bounds warning in __kernel_rem_pio2[f] with gcc 6.1 -O3. S390: Do not set FE_INEXACT with feraiseexcept (FE_OWERFLOW|FE_UNDERFLOW). S390: Support PLT and GOT references in check-localplt. S390: Regenerate ULPs Add configure check to test if gcc supports attribute ifunc. Use gcc attribute ifunc in libc_ifunc macro instead of inline assembly due to false debuginfo. s390: Refactor ifunc resolvers due to false debuginfo. i386, x86: Use libc_ifunc macro for time, gettimeofday. ppc: Use libc_ifunc macro for time, gettimeofday. Use libc_ifunc macro for clock_* symbols in librt. Use libc_ifunc macro for system in libpthread. Use libc_ifunc macro for vfork in libpthread. Use libc_ifunc macro for siglongjmp, longjmp in libpthread. S390: Fix fp comparison not raising FE_INVALID. Fix new testcase elf/tst-latepthread on s390x. S390: Regenerate ULPs. S390: Use C11-like atomics instead of plain memory accesses in lock elision code. S390: Use own tbegin macro instead of __builtin_tbegin. S390: Use new __libc_tbegin_retry macro in elision-lock.c. S390: Optimize lock-elision by decrementing adapt_count at unlock. S390: Fix FAIL in test string/tst-xbzero-opt [BZ #21006] S390: Adjust lock elision code after review. Steve Ellcey (14): Fix -Wformat-length warning in tst-setgetname.c Fix warning from latest GCC in tst-printf.c Fix -Wformat-length warning in time/tst-strptime2.c Define wordsize.h macros everywhere Speed up math/test-tgmath2.c Document do_test in test-skeleton.c Define __ASSUME_ST_INO_64_BIT on all platforms. Add definitions to sysdeps/tile/tilepro/bits/wordsize.h. Always define XSTAT_IS_XSTAT64 Allow [f]statfs64 to alias [f]statfs Fix for [f]statfs64/[f]statfs aliasing patch Partial ILP32 support for aarch64. Use XSTAT_IS_XSTAT64 in generic xstat functions Add comments to check-c++-types.sh. Svante Signell (1): hurd: Fix adjtime call with OLDDELTA == NULL Szabolcs Nagy (1): Make build-many-glibcs.py work on python3.2 Tom Tromey (1): Update and install proc_service.h [BZ #20311] Torvald Riegel (12): Add atomic_exchange_relaxed. Add atomic operations required by the new condition variable. Fix incorrect double-checked locking related to _res_hconf.initialized. Use C11-like atomics instead of plain memory accesses in x86 lock elision. Robust mutexes: Fix lost wake-up. New condvar implementation that provides stronger ordering guarantees. Fix pthread_cond_t on sparc for new condvar. New pthread rwlock that is more scalable. robust mutexes: Fix broken x86 assembly by removing it Clear list of acquired robust mutexes in the child process after forking. Add compiler barriers around modifications of the robust mutex list. Fix mutex pretty printer test and pretty printer output. Tulio Magno Quites Machado Filho (9): powerpc: Fix POWER9 implies powerpc: Installed-header hygiene powerpc: Regenerate ULPs powerpc: Fix TOC stub on powerpc64 clone() Document a behavior of an elided pthread_rwlock_unlock powerpc: Fix powerpc32/power7 memchr for large input sizes powerpc: Fix write-after-destroy in lock elision [BZ #20822] powerpc: Regenerate ULPs powerpc: Fix adapt_count update in __lll_unlock_elision Wilco Dijkstra (4): An optimized memchr was missing for AArch64. This version is similar to Improve generic rawmemchr for targets that don't have an Improve strtok and strtok_r performance. Instead of calling strpbrk which This patch cleans up the strsep implementation and improves performance. Yury Norov (1): * sysdeps/unix/sysv/linux/fxstat.c: Remove useless cast. Zack Weinberg (20): Add utility macros for clang detection, and deprecation with messages. Minimize sysdeps code involved in defining major/minor/makedev. Deprecate inclusion of <sys/sysmacros.h> by <sys/types.h> Add tests for fortification of bcopy and bzero. Installed-header hygiene (BZ#20366): Simple self-contained fixes. Installed-header hygiene (BZ#20366): obsolete BSD u_* types. Installed-header hygiene (BZ#20366): conditionally defined structures. Installed-header hygiene (BZ#20366): time.h types. Installed-header hygiene (BZ#20366): stack_t. Installed header hygiene (BZ#20366): Test of installed headers. Minor correction to the "installed header hygiene" patches. Minor corrections to scripts/check-installed-headers.sh. [BZ #19239] Issue deprecation warnings on macro expansion. Fix typo in string/bits/string2.h. Fix build-and-build-again bug in sunrpc tests. Forgot to add the ChangeLog to the previous commit, doh. Correct comments in string.h re strcoll_l, strxfrm_l. Minor problems exposed by compiling C++ tests under _ISOMAC. Make _REENTRANT and _THREAD_SAFE aliases for _POSIX_C_SOURCE=199506L. New string function explicit_bzero (from OpenBSD). steve ellcey-CA Eng-Software (1): Fix warnings from latest GCC. ----------------------------------------------------------------------- This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, hjl/pr21741 has been created at 12efc0bbccc04aa18b92de3cdbe7d49547e53d08 (commit) - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=12efc0bbccc04aa18b92de3cdbe7d49547e53d08 commit 12efc0bbccc04aa18b92de3cdbe7d49547e53d08 Author: H.J. Lu <hjl.tools@gmail.com> Date: Sun Jul 9 11:52:33 2017 -0700 Don't include _dl_resolve_conflicts in libc.a [BZ #21742] Since _dl_resolve_conflicts is only used in elf/rtld.c, don't include it in libc.a. [BZ #21742] * elf/dl-conflict.c (_dl_resolve_conflicts): Define only if SHARED is defined. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f4610a7230f8883dc199e566de2eac171394a7ac commit f4610a7230f8883dc199e566de2eac171394a7ac Author: H.J. Lu <hjl.tools@gmail.com> Date: Sun Jul 9 11:11:15 2017 -0700 x86-64: Test memmove_chk and memset_chk only in libc.so [BZ #21741] Since there are no multiarch versions of memmove_chk and memset_chk, test multiarch versions of memmove_chk and memset_chk only in libc.so. [BZ #21741] * sysdeps/x86_64/multiarch/ifunc-impl-list.c (__libc_ifunc_impl_list): Test memmove_chk and memset_chk only in libc.so. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a1865c1287b8f583d3cedc54f1937050782f04da commit a1865c1287b8f583d3cedc54f1937050782f04da Author: H.J. Lu <hjl.tools@gmail.com> Date: Sun Jul 9 08:39:17 2017 -0700 Remove debug/stack_chk_fail_local.c [BZ #21740] Since commit 524a8ef2ad76af8ac049293d993a1856b0d888fb Author: Nick Alcock <nick.alcock@oracle.com> Date: Mon Dec 26 10:08:57 2016 +0100 PLT avoidance for __stack_chk_fail [BZ #7065] Add a hidden __stack_chk_fail_local alias to libc.so, and make sure that on targets which use __stack_chk_fail, this does not introduce a local PLT reference into libc.so. added strong_alias (__stack_chk_fail, __stack_chk_fail_local) to debug/stack_chk_fail.c, debug/stack_chk_fail_local.c should be removed. * [BZ #21740] * debug/Makefile (static-only-routines): Remove stack_chk_fail_local. * debug/stack_chk_fail_local.c: Removed. ----------------------------------------------------------------------- This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, hjl/pr21741 has been created at 9f9d3a4ca3428f053393d38fec146b7511a02272 (commit) - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9f9d3a4ca3428f053393d38fec146b7511a02272 commit 9f9d3a4ca3428f053393d38fec146b7511a02272 Author: H.J. Lu <hjl.tools@gmail.com> Date: Sun Jul 9 11:52:33 2017 -0700 Don't include _dl_resolve_conflicts in libc.a [BZ #21742] Since _dl_resolve_conflicts is only used in elf/rtld.c, don't include it in libc.a. [BZ #21742] * elf/dl-conflict.c (_dl_resolve_conflicts): Define only if SHARED is defined. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=7fec70268f9b52c80c2a0994839c779c53cc2800 commit 7fec70268f9b52c80c2a0994839c779c53cc2800 Author: H.J. Lu <hjl.tools@gmail.com> Date: Sun Jul 9 11:11:15 2017 -0700 x86-64: Test memmove_chk and memset_chk only in libc.so [BZ #21741] Since there are no multiarch versions of memmove_chk and memset_chk, test multiarch versions of memmove_chk and memset_chk only in libc.so. [BZ #21741] * sysdeps/x86_64/multiarch/ifunc-impl-list.c (__libc_ifunc_impl_list): Test memmove_chk and memset_chk only in libc.so. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4df365be4710ab6678df5435146ed4b118472d71 commit 4df365be4710ab6678df5435146ed4b118472d71 Author: H.J. Lu <hjl.tools@gmail.com> Date: Sun Jul 9 08:39:17 2017 -0700 Remove debug/stack_chk_fail_local.c [BZ #21740] Since commit 524a8ef2ad76af8ac049293d993a1856b0d888fb Author: Nick Alcock <nick.alcock@oracle.com> Date: Mon Dec 26 10:08:57 2016 +0100 PLT avoidance for __stack_chk_fail [BZ #7065] Add a hidden __stack_chk_fail_local alias to libc.so, and make sure that on targets which use __stack_chk_fail, this does not introduce a local PLT reference into libc.so. added strong_alias (__stack_chk_fail, __stack_chk_fail_local) to debug/stack_chk_fail.c, debug/stack_chk_fail_local.c should be removed. * [BZ #21740] * debug/Makefile (static-only-routines): Remove stack_chk_fail_local. * debug/stack_chk_fail_local.c: Removed. ----------------------------------------------------------------------- This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, hjl/pr21742 has been created at f0dbaf3228dba8a775f4dfa8eb405c20a655ec7f (commit) - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f0dbaf3228dba8a775f4dfa8eb405c20a655ec7f commit f0dbaf3228dba8a775f4dfa8eb405c20a655ec7f Author: H.J. Lu <hjl.tools@gmail.com> Date: Sun Jul 9 11:52:33 2017 -0700 Don't include _dl_resolve_conflicts in libc.a [BZ #21742] Since _dl_resolve_conflicts is only used in elf/rtld.c, don't include it in libc.a. [BZ #21742] * elf/Makefile (dl-routines): Move dl-conflict to ... (rtld-routines): Here. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=0d39682d454560648089aa6513bef50503b98ac4 commit 0d39682d454560648089aa6513bef50503b98ac4 Author: H.J. Lu <hjl.tools@gmail.com> Date: Sun Jul 9 08:39:17 2017 -0700 Remove debug/stack_chk_fail_local.c [BZ #21740] Since commit 524a8ef2ad76af8ac049293d993a1856b0d888fb Author: Nick Alcock <nick.alcock@oracle.com> Date: Mon Dec 26 10:08:57 2016 +0100 PLT avoidance for __stack_chk_fail [BZ #7065] Add a hidden __stack_chk_fail_local alias to libc.so, and make sure that on targets which use __stack_chk_fail, this does not introduce a local PLT reference into libc.so. added strong_alias (__stack_chk_fail, __stack_chk_fail_local) to debug/stack_chk_fail.c, debug/stack_chk_fail_local.c should be removed. * [BZ #21740] * debug/Makefile (static-only-routines): Remove stack_chk_fail_local. * debug/stack_chk_fail_local.c: Removed. ----------------------------------------------------------------------- This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, hjl/pr21742 has been created at 712e70de9743a61618001b4c6372a0e3d4fc1d90 (commit) - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=712e70de9743a61618001b4c6372a0e3d4fc1d90 commit 712e70de9743a61618001b4c6372a0e3d4fc1d90 Author: H.J. Lu <hjl.tools@gmail.com> Date: Sun Jul 9 08:39:17 2017 -0700 Remove debug/stack_chk_fail_local.c [BZ #21740] Since commit 524a8ef2ad76af8ac049293d993a1856b0d888fb Author: Nick Alcock <nick.alcock@oracle.com> Date: Mon Dec 26 10:08:57 2016 +0100 PLT avoidance for __stack_chk_fail [BZ #7065] Add a hidden __stack_chk_fail_local alias to libc.so, and make sure that on targets which use __stack_chk_fail, this does not introduce a local PLT reference into libc.so. added strong_alias (__stack_chk_fail, __stack_chk_fail_local) to debug/stack_chk_fail.c, debug/stack_chk_fail_local.c should be removed. Since dummy __stack_chk_fail and __stack_chk_fail_local symbols are used in ld.so, tst-_dl_addr_inside_object should be linked with $(dummy-stack-chk-fail). Tested on x86-64 with --enable-stack-protector=all and got FAIL: elf/tst-env-setuid FAIL: elf/tst-env-setuid-tunables FAIL: stdlib/tst-secure-getenv which are the same as without this patch. * [BZ #21740] * debug/Makefile (static-only-routines): Remove stack_chk_fail_local. * debug/stack_chk_fail_local.c: Removed. * elf/Makefile (LDFLAGS-tst-_dl_addr_inside_object): New. ----------------------------------------------------------------------- This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, hjl/pr21740 has been created at 21e5ab4dab7412c8516aed07d07da7cdf40ac2fb (commit) - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=21e5ab4dab7412c8516aed07d07da7cdf40ac2fb commit 21e5ab4dab7412c8516aed07d07da7cdf40ac2fb Author: H.J. Lu <hjl.tools@gmail.com> Date: Mon Jul 10 09:24:47 2017 -0700 More bug fixes [BZ #7065] [BZ #21740] [BZ #21745] https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=712e70de9743a61618001b4c6372a0e3d4fc1d90 commit 712e70de9743a61618001b4c6372a0e3d4fc1d90 Author: H.J. Lu <hjl.tools@gmail.com> Date: Sun Jul 9 08:39:17 2017 -0700 Remove debug/stack_chk_fail_local.c [BZ #21740] Since commit 524a8ef2ad76af8ac049293d993a1856b0d888fb Author: Nick Alcock <nick.alcock@oracle.com> Date: Mon Dec 26 10:08:57 2016 +0100 PLT avoidance for __stack_chk_fail [BZ #7065] Add a hidden __stack_chk_fail_local alias to libc.so, and make sure that on targets which use __stack_chk_fail, this does not introduce a local PLT reference into libc.so. added strong_alias (__stack_chk_fail, __stack_chk_fail_local) to debug/stack_chk_fail.c, debug/stack_chk_fail_local.c should be removed. Since dummy __stack_chk_fail and __stack_chk_fail_local symbols are used in ld.so, tst-_dl_addr_inside_object should be linked with $(dummy-stack-chk-fail). Tested on x86-64 with --enable-stack-protector=all and got FAIL: elf/tst-env-setuid FAIL: elf/tst-env-setuid-tunables FAIL: stdlib/tst-secure-getenv which are the same as without this patch. * [BZ #21740] * debug/Makefile (static-only-routines): Remove stack_chk_fail_local. * debug/stack_chk_fail_local.c: Removed. * elf/Makefile (LDFLAGS-tst-_dl_addr_inside_object): New. ----------------------------------------------------------------------- This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, hjl/pr21740 has been created at 217275043ad73f922d07f42e5fc1a4be70183209 (commit) - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=217275043ad73f922d07f42e5fc1a4be70183209 commit 217275043ad73f922d07f42e5fc1a4be70183209 Author: H.J. Lu <hjl.tools@gmail.com> Date: Sun Jul 9 08:39:17 2017 -0700 Add __stack_chk_fail_local alias only to libc.so [BZ #21740] commit 524a8ef2ad76af8ac049293d993a1856b0d888fb Author: Nick Alcock <nick.alcock@oracle.com> Date: Mon Dec 26 10:08:57 2016 +0100 PLT avoidance for __stack_chk_fail [BZ #7065] Add a hidden __stack_chk_fail_local alias to libc.so, and make sure that on targets which use __stack_chk_fail, this does not introduce a local PLT reference into libc.so. unconditionally added strong_alias (__stack_chk_fail, __stack_chk_fail_local) Since libc.a and libc_nonshared.a has debug/stack_chk_fail_local.c, __stack_chk_fail_local alias should be limited to libc.so. Tested on x86-64 with --enable-stack-protector=all and got FAIL: elf/tst-env-setuid FAIL: elf/tst-env-setuid-tunables FAIL: stdlib/tst-secure-getenv which are the same as without this patch. [BZ #21740] * debug/stack_chk_fail.c (__stack_chk_fail_local): Add the alias only if SHARED is defined. ----------------------------------------------------------------------- This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, hjl/pr21740 has been created at b13306f7e0f76b1d327bdc2421a7b9cbfdecd470 (commit) - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b13306f7e0f76b1d327bdc2421a7b9cbfdecd470 commit b13306f7e0f76b1d327bdc2421a7b9cbfdecd470 Author: H.J. Lu <hjl.tools@gmail.com> Date: Sun Jul 9 08:39:17 2017 -0700 Add __stack_chk_fail_local alias only to libc.so [BZ #21740] commit 524a8ef2ad76af8ac049293d993a1856b0d888fb Author: Nick Alcock <nick.alcock@oracle.com> Date: Mon Dec 26 10:08:57 2016 +0100 PLT avoidance for __stack_chk_fail [BZ #7065] Add a hidden __stack_chk_fail_local alias to libc.so, and make sure that on targets which use __stack_chk_fail, this does not introduce a local PLT reference into libc.so. unconditionally added strong_alias (__stack_chk_fail, __stack_chk_fail_local) Since libc.a and libc_nonshared.a has debug/stack_chk_fail_local.c, __stack_chk_fail_local alias should be limited to libc.so. Tested on x86-64 with --enable-stack-protector=all and got FAIL: elf/tst-env-setuid FAIL: elf/tst-env-setuid-tunables FAIL: stdlib/tst-secure-getenv which are the same as without this patch. [BZ #21740] * debug/stack_chk_fail.c (__stack_chk_fail_local): Add the alias only if SHARED is defined. ----------------------------------------------------------------------- This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, hjl/pr21740 has been created at 47d95763a35fbc83ac871b10fc59f9eca1ef0a40 (commit) - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=47d95763a35fbc83ac871b10fc59f9eca1ef0a40 commit 47d95763a35fbc83ac871b10fc59f9eca1ef0a40 Author: H.J. Lu <hjl.tools@gmail.com> Date: Sun Jul 9 08:39:17 2017 -0700 Don't add stack_chk_fail_local.o to libc.a [BZ #21740] commit 524a8ef2ad76af8ac049293d993a1856b0d888fb Author: Nick Alcock <nick.alcock@oracle.com> Date: Mon Dec 26 10:08:57 2016 +0100 PLT avoidance for __stack_chk_fail [BZ #7065] Add a hidden __stack_chk_fail_local alias to libc.so, and make sure that on targets which use __stack_chk_fail, this does not introduce a local PLT reference into libc.so. which unconditionally added strong_alias (__stack_chk_fail, __stack_chk_fail_local) defines __stack_chk_fail_local as an alias of __stack_chk_fail in libc.a. There is no need to add stack_chk_fail_local.o to libc.a. We only need to add stack_chk_fail_local.oS to libc_nonshared.a. Tested on x86-64: [hjl@gnu-skl-1 build-x86_64-linux]$ nm libc.a | grep __stack_chk_fail 0000000000000000 T __stack_chk_fail 0000000000000000 T __stack_chk_fail_local [hjl@gnu-skl-1 build-x86_64-linux]$ nm libc_nonshared.a | grep __stack_chk_fail_local 0000000000000000 T __stack_chk_fail_local [hjl@gnu-skl-1 build-x86_64-linux]$ [BZ #21740] * debug/Makefile (elide-routines.o): New. ----------------------------------------------------------------------- This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, master has been updated via 2b4fca86d786b4a5ed4f88c571eeec7d9ff5e684 (commit) from 82e06600505cc26810d263a964d9eca6f3cdfe91 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=2b4fca86d786b4a5ed4f88c571eeec7d9ff5e684 commit 2b4fca86d786b4a5ed4f88c571eeec7d9ff5e684 Author: H.J. Lu <hjl.tools@gmail.com> Date: Wed Jul 19 08:21:27 2017 -0700 Don't add stack_chk_fail_local.o to libc.a [BZ #21740] commit 524a8ef2ad76af8ac049293d993a1856b0d888fb Author: Nick Alcock <nick.alcock@oracle.com> Date: Mon Dec 26 10:08:57 2016 +0100 PLT avoidance for __stack_chk_fail [BZ #7065] Add a hidden __stack_chk_fail_local alias to libc.so, and make sure that on targets which use __stack_chk_fail, this does not introduce a local PLT reference into libc.so. which unconditionally added strong_alias (__stack_chk_fail, __stack_chk_fail_local) defines __stack_chk_fail_local as an alias of __stack_chk_fail in libc.a. There is no need to add stack_chk_fail_local.o to libc.a. We only need to add stack_chk_fail_local.oS to libc_nonshared.a. Tested on x86-64: [hjl@gnu-skl-1 build-x86_64-linux]$ nm libc.a | grep __stack_chk_fail 0000000000000000 T __stack_chk_fail 0000000000000000 T __stack_chk_fail_local [hjl@gnu-skl-1 build-x86_64-linux]$ nm libc_nonshared.a | grep __stack_chk_fail_local 0000000000000000 T __stack_chk_fail_local [hjl@gnu-skl-1 build-x86_64-linux]$ [BZ #21740] * debug/Makefile (elide-routines.o): New. ----------------------------------------------------------------------- Summary of changes: ChangeLog | 5 +++++ debug/Makefile | 4 ++++ 2 files changed, 9 insertions(+), 0 deletions(-) |