Currently, the _chk functions when aborting will attempt to produce a backtrace. This should be disabled for __stack_chk_fail since by definition the stack is corrupted. This at least leads to segfaults in the backtracer.
The information can be useful and that's reason enough.
I'd like to reopen this for another bit - this actually has CVE 2010-3192 assigned and is considered a security bug by some, leaking information in case the attacker can just trigger fortified source protection. I'm personally rather ambivalent on whether this should be fixed, but the argument does make sense. If we would just always print the information if it was useful, we should have a default SIGSEGV and SIGABRT handlers printing backtrace too. :-) C.f. http://seclists.org/fulldisclosure/2010/Apr/399, https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3192
No, it makes no sense. First, it's logged to the console. Second, if you can trigger it you already know where in the program you are. Third, there is no address given for the values printed.
Various people continue to contact me about fixing this problem in glibc. It's a real issue that makes offline analysis of stack smash detection harder to handle due to segfaults while unwinding corrupt stacks. I've attached a quick hack to make this work better.
Created attachment 7175 [details] patch to stop stack unwinds on stack smashing aborts This has been carried by Ubuntu for some time now.
(In reply to Kees Cook from comment #5) > Created attachment 7175 [details] > patch to stop stack unwinds on stack smashing aborts > > This has been carried by Ubuntu for some time now. This patch needs to be discussed on libc-alpha and consensus reached on the change. Once we have consensus you'll be able to get an ACK from developers and checkin whatever was decided upon. Until then this is likely to go unnoticed by the core developers. Like in Linux and other projects, these kinds of changes need to be championed.
I would like an even more extreme fix, removing all possibility of output from __*_chk_fail and having them immediately abort() or similar (but see the caveats that follow). Once the program state is compromised, any further execution could turn a DoS vulnerability into a code-execution one. Even things like the vdso syscall pointer at %gs:whatever should not be trusted at this point, because you already have evidence that the program state is compromised; a stack-based buffer overflow on a non-main thread could easily reach into the TCB. In musl, we have an inline function called a_crash() for things like this; it's defined as __asm__ __volatile__ ("hlt"); on x86 and intended to be defined analogously on other archs, although right now it's just *(volatile char *)0=0; on most.
(In reply to Rich Felker from comment #7) > I would like an even more extreme fix, removing all possibility of output > from __*_chk_fail and having them immediately abort() or similar (but see > the caveats that follow). Once the program state is compromised, any further > execution could turn a DoS vulnerability into a code-execution one. Even > things like the vdso syscall pointer at %gs:whatever should not be trusted > at this point, because you already have evidence that the program state is > compromised; a stack-based buffer overflow on a non-main thread could easily > reach into the TCB. > > In musl, we have an inline function called a_crash() for things like this; > it's defined as __asm__ __volatile__ ("hlt"); on x86 and intended to be > defined analogously on other archs, although right now it's just *(volatile > char *)0=0; on most. We have ABRT_INSTRUCTION in glibc for all targets and we could use it in this case. I don't disagree with your rationale behind why glibc shouldn't print a backtrace, but it still needs a champion to post the patch on libc-alpha and get consensus. It seems like we would likely have 2 or 3 immediate ACKs for this patch. I'm leaving it up to Kees to push it forward.
On Fri, 30 Aug 2013, carlos at redhat dot com wrote: > We have ABRT_INSTRUCTION in glibc for all targets and we could use it in this I see no sign of ABORT_INSTRUCTION for aarch64, alpha, am33 or arm. (ARM has such a permanently undefined instruction - "udf #0" - but it appears gas doesn't know the mnemonic for it, so you'd need to encode it with ".inst" / ".inst.n" / ".inst.w".)
(Binutils bug 15914 filed for the lack of gas support for UDF on ARM.)
(In reply to joseph@codesourcery.com from comment #9) > On Fri, 30 Aug 2013, carlos at redhat dot com wrote: > > > We have ABRT_INSTRUCTION in glibc for all targets and we could use it in this > > I see no sign of ABORT_INSTRUCTION for aarch64, alpha, am33 or arm. It is a QoI issue, it wouldn't be hard to add something for all of these machines. I would like to make it mandatory that all machines implement ABORT_INSTRUCTION, but haven't suggested it yet. It's the only way in which glibc aborts in situations where a function call can't be made or error conditions have forced us into a fallback e.g. check_one_fd, abort, _exit.
It might be possible to fork and execute a second uncorrupted process but simply aborting is safer and lazier. Something like the following might work: #include <signal.h> #include <stdlib.h> #include <string.h> #include <unistd.h> /* * In a real implementation this would be a real crash reporting * program. It would use /proc to examine debugging information such * as the command line. It could also do ptrace debugger stuff. It * could also be set by a command line option. */ #define CRASH_REPORTER "/bin/echo" void stack_overflow(void); int main() { stack_overflow(); } void stack_overflow(void) { /* * As soon as possible give control over to a fresh crash reporter * instance. If any bad things happen abort immmediately and don't * risk compromise due to an attack from an enemy. */ /* * Fork a copy of the program to be debugged from the crash * reporter instance. The copy of the program must be the child * because certain systems are hardened to only allow parents of * the processes to do certain debugging tasks. */ pid_t child = fork(); if (-1 == child) { abort(); } if (0 == child) { raise(SIGSTOP); } /* Don't bother with sprintf to minimize the chance of attacks. */ char child_string[sizeof child + 1]; memcpy(child_string, &child, sizeof child); child_string[sizeof child] = '\0'; /* * execve the crash reporter to use the thinnest possible wrapper * over the system call. */ char * argv[] = { (char *) CRASH_REPORTER, child_string, NULL }; char * envp[] = { NULL }; execve(CRASH_REPORTER, argv, envp); abort(); }
This issue is suspended until someone sorts out a solution, and posts to libc-alpha to gain consensus on which direction to take.
*** Bug 21746 has been marked as a duplicate of this bug. ***
Also see: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81383 __stack_chk_fail should use as little stack as possible.
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, hjl/pr12189 has been created at 6c5a30f985f4893fcb41abc48812581ecf15bfee (commit) - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6c5a30f985f4893fcb41abc48812581ecf15bfee commit 6c5a30f985f4893fcb41abc48812581ecf15bfee Author: H.J. Lu <hjl.tools@gmail.com> Date: Mon Jul 10 12:21:39 2017 -0700 Avoid backtrace from __stack_chk_fail [BZ #12189] __stack_chk_fail is called on corrupted stack. __stack_chk_fail should use as little stack as possible. __libc_message is extended to avoid calling BEFORE_ABORT when do_abort >= 3 and __fortify_fail_abort is added to avoid backtrace from __stack_chk_fail. [BZ #12189] * debug/Makefile (CFLAGS-tst-ssp-1.c): New. (tests): Add tst-ssp-1 if -fstack-protector works. * debug/fortify_fail.c (_fortify_fail_abort): New function. (__fortify_fail): Call _fortify_fail_abort. (__fortify_fail_abort): Add a hidden definition. * debug/stack_chk_fail.c (__stack_chk_fail): Call __fortify_fail_abort, instead of __fortify_fail. * debug/tst-ssp-1.c: New file. * include/stdio.h (__fortify_fail_abort): New hidden prototype. * sysdeps/posix/libc_fatal.c (__libc_message): Call BEFORE_ABORT if do_abort < 3. -----------------------------------------------------------------------
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, hjl/pr12189 has been deleted was 6c5a30f985f4893fcb41abc48812581ecf15bfee - Log ----------------------------------------------------------------- 6c5a30f985f4893fcb41abc48812581ecf15bfee Avoid backtrace from __stack_chk_fail [BZ #12189] -----------------------------------------------------------------------
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, hjl/pr12189 has been created at 58b69898e9adecefe85c1a421d287a800d974f1b (commit) - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=58b69898e9adecefe85c1a421d287a800d974f1b commit 58b69898e9adecefe85c1a421d287a800d974f1b Author: H.J. Lu <hjl.tools@gmail.com> Date: Mon Jul 10 14:14:27 2017 -0700 Replace int with bool in __fortify_fail_abort * debug/fortify_fail.c (__fortify_fail_abort): Replace int with bool. (__fortify_fail): Pass false to __fortify_fail_abort. * debug/stack_chk_fail.c (__stack_chk_fail): Pass true to __fortify_fail_abort. * include/stdio.h: Include <stdbool.h>l (__fortify_fail_abort): Replace int with bool. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=37900e7dee18a446afda1b9e9831cd3d331f2a4f commit 37900e7dee18a446afda1b9e9831cd3d331f2a4f Author: H.J. Lu <hjl.tools@gmail.com> Date: Mon Jul 10 12:21:39 2017 -0700 Avoid backtrace from __stack_chk_fail [BZ #12189] __stack_chk_fail is called on corrupted stack. __stack_chk_fail should use as little stack as possible. __libc_message is extended to avoid calling BEFORE_ABORT when do_abort >= 3 and __fortify_fail_abort is added to avoid backtrace from __stack_chk_fail. [BZ #12189] * debug/Makefile (CFLAGS-tst-ssp-1.c): New. (tests): Add tst-ssp-1 if -fstack-protector works. * debug/fortify_fail.c (_fortify_fail_abort): New function. (__fortify_fail): Call _fortify_fail_abort. (__fortify_fail_abort): Add a hidden definition. * debug/stack_chk_fail.c (__stack_chk_fail): Call __fortify_fail_abort, instead of __fortify_fail. * debug/tst-ssp-1.c: New file. * include/stdio.h (__fortify_fail_abort): New hidden prototype. * sysdeps/posix/libc_fatal.c (__libc_message): Call BEFORE_ABORT if do_abort < 3. -----------------------------------------------------------------------
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, master has been updated via ed421fca42fd9b4cab7c66e77894b8dd7ca57ed0 (commit) from 94070f86c0c849c71ed2e7e2189bb4d1f7411a17 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ed421fca42fd9b4cab7c66e77894b8dd7ca57ed0 commit ed421fca42fd9b4cab7c66e77894b8dd7ca57ed0 Author: H.J. Lu <hjl.tools@gmail.com> Date: Tue Jul 11 07:44:01 2017 -0700 Avoid backtrace from __stack_chk_fail [BZ #12189] __stack_chk_fail is called on corrupted stack. Stack backtrace is very unreliable against corrupted stack. __libc_message is changed to accept enum __libc_message_action and call BEFORE_ABORT only if action includes do_backtrace. __fortify_fail_abort is added to avoid backtrace from __stack_chk_fail. [BZ #12189] * debug/Makefile (CFLAGS-tst-ssp-1.c): New. (tests): Add tst-ssp-1 if -fstack-protector works. * debug/fortify_fail.c: Include <stdbool.h>. (_fortify_fail_abort): New function. (__fortify_fail): Call _fortify_fail_abort. (__fortify_fail_abort): Add a hidden definition. * debug/stack_chk_fail.c: Include <stdbool.h>. (__stack_chk_fail): Call __fortify_fail_abort, instead of __fortify_fail. * debug/tst-ssp-1.c: New file. * include/stdio.h (__libc_message_action): New enum. (__libc_message): Replace int with enum __libc_message_action. (__fortify_fail_abort): New hidden prototype. * malloc/malloc.c (malloc_printerr): Update __libc_message calls. * sysdeps/posix/libc_fatal.c (__libc_message): Replace int with enum __libc_message_action. Call BEFORE_ABORT only if action includes do_backtrace. (__libc_fatal): Update __libc_message call. ----------------------------------------------------------------------- Summary of changes: ChangeLog | 22 ++++++++++++++++ debug/Makefile | 6 ++++ debug/fortify_fail.c | 15 +++++++++- debug/stack_chk_fail.c | 3 +- inet/test-hnto-types.c => debug/tst-ssp-1.c | 36 +++++++++++++++----------- include/stdio.h | 13 +++++++++- malloc/malloc.c | 6 +++- sysdeps/posix/libc_fatal.c | 11 ++++--- 8 files changed, 86 insertions(+), 26 deletions(-) copy inet/test-hnto-types.c => debug/tst-ssp-1.c (68%)
Fixed for 2.26.
I filed bug 21752 for the remaining hardening in this area.
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The annotated tag, glibc-2.26 has been created at ef82e26a1d7247c6b0b85e27880113a7690af64d (tag) tagging 1c9a5c270d8b66f30dcfaf1cb2d6cf39d3e18369 (commit) replaces glibc-2.25 tagged by Siddhesh Poyarekar on Wed Aug 2 19:12:20 2017 +0530 - Log ----------------------------------------------------------------- FROM: Siddhesh Poyarekar <siddhesh@sourceware.org> SUBJECT: The GNU C Library version 2.26 is now available The GNU C Library ================= The GNU C Library version 2.26 is now available. The GNU C Library is used as *the* C library in the GNU system and in GNU/Linux systems, as well as many other systems that use Linux as the kernel. The GNU C Library is primarily designed to be a portable and high performance C library. It follows all relevant standards including ISO C11 and POSIX.1-2008. It is also internationalized and has one of the most complete internationalization interfaces known. The GNU C Library webpage is at http://www.gnu.org/software/libc/ Packages for the 2.26 release may be downloaded from: http://ftpmirror.gnu.org/libc/ http://ftp.gnu.org/gnu/libc/ The mirror list is at http://www.gnu.org/order/ftp.html NEWS for version 2.26 ===================== Major new features: * A per-thread cache has been added to malloc. Access to the cache requires no locks and therefore significantly accelerates the fast path to allocate and free small amounts of memory. Refilling an empty cache requires locking the underlying arena. Performance measurements show significant gains in a wide variety of user workloads. Workloads were captured using a special instrumented malloc and analyzed with a malloc simulator. Contributed by DJ Delorie with the help of Florian Weimer, and Carlos O'Donell. * Unicode 10.0.0 Support: Character encoding, character type info, and transliteration tables are all updated to Unicode 10.0.0, using generator scripts contributed by Mike FABIAN (Red Hat). These updates cause user visible changes, especially the changes in wcwidth for many emoji characters cause problems when emoji sequences are rendered with pango, see for example: https://bugzilla.gnome.org/show_bug.cgi?id=780669#c5 * Collation of Hungarian has been overhauled and is now consistent with "The Rules of Hungarian Orthography, 12th edition" (Bug 18934). Contributed by Egmont Koblinger. * Improvements to the DNS stub resolver, contributed by Florian Weimer: - The GNU C Library will now detect when /etc/resolv.conf has been modified and reload the changed configuration. The new resolver option “no-reload” (RES_NORELOAD) disables this behavior. - The GNU C Library now supports an arbitrary number of search domains (configured using the “search” directive in /etc/resolv.conf); previously, there was a hard limit of six domains. For backward compatibility, applications that directly modify the ‘_res’ global object are still limited to six search domains. - When the “rotate” (RES_ROTATE) resolver option is active, the GNU C Library will now randomly pick a name server from the configuration as a starting point. (Previously, the second name server was always used.) * The tunables feature is now enabled by default. This allows users to tweak behavior of the GNU C Library using the GLIBC_TUNABLES environment variable. * New function reallocarray, which resizes an allocated block (like realloc) to the product of two sizes, with a guaranteed clean failure upon integer overflow in the multiplication. Originally from OpenBSD, contributed by Dennis Wölfing and Rüdiger Sonderfeld. * New wrappers for the Linux-specific system calls preadv2 and pwritev2. These are extended versions of preadv and pwritev, respectively, taking an additional flags argument. The set of supported flags depends on the running kernel; full support currently requires kernel 4.7 or later. * posix_spawnattr_setflags now supports the flag POSIX_SPAWN_SETSID, to create a new session ID for the spawned process. This feature is scheduled to be added to the next major revision of POSIX; for the time being, it is available under _GNU_SOURCE. * errno.h is now safe to use from C-preprocessed assembly language on all supported operating systems. In this context, it will only define the Exxxx constants, as preprocessor macros expanding to integer literals. * On ia64, powerpc64le, x86-32, and x86-64, the math library now implements 128-bit floating point as defined by ISO/IEC/IEEE 60559:2011 (IEEE 754-2008) and ISO/IEC TS 18661-3:2015. Contributed by Paul E. Murphy, Gabriel F. T. Gomes, Tulio Magno Quites Machado Filho, and Joseph Myers. To compile programs that use this feature, the compiler must support 128-bit floating point with the type name _Float128 (as defined by TS 18661-3) or __float128 (the nonstandard name used by GCC for C++, and for C prior to version 7). _GNU_SOURCE or __STDC_WANT_IEC_60559_TYPES_EXT__ must be defined to make the new interfaces visible. The new functions and macros correspond to those present for other floating-point types (except for a few obsolescent interfaces not supported for the new type), with F128 or f128 suffixes; for example, strtof128, HUGE_VAL_F128 and cosf128. Following TS 18661-3, there are no printf or scanf formats for the new type; the strfromf128 and strtof128 interfaces should be used instead. Deprecated and removed features, and other changes affecting compatibility: * The synchronization that pthread_spin_unlock performs has been changed to now be equivalent to a C11 atomic store with release memory order to the spin lock's memory location. Previously, several (but not all) architectures used stronger synchronization (e.g., containing what is often called a full barrier). This change can improve performance, but may affect odd fringe uses of spin locks that depend on the previous behavior (e.g., using spin locks as atomic variables to try to implement Dekker's mutual exclusion algorithm). * The port to Native Client running on ARMv7-A (--host=arm-nacl) has been removed. * Sun RPC is deprecated. The rpcgen program, librpcsvc, and Sun RPC headers will only be built and installed when the GNU C Library is configured with --enable-obsolete-rpc. This allows alternative RPC implementations, such as TIRPC or rpcsvc-proto, to be used. * The NIS(+) name service modules, libnss_nis, libnss_nisplus, and libnss_compat, are deprecated, and will not be built or installed by default. The NIS(+) support library, libnsl, is also deprecated. By default, a compatibility shared library will be built and installed, but not headers or development libraries. Only a few NIS-related programs require this library. (In particular, the GNU C Library has never required programs that use 'gethostbyname' to be linked with libnsl.) Replacement implementations based on TIRPC, which additionally support IPv6, are available from <https://github.com/thkukuk/>. The configure option --enable-obsolete-nsl will cause libnsl's headers, and the NIS(+) name service modules, to be built and installed. * The DNS stub resolver no longer performs EDNS fallback. If EDNS or DNSSEC support is enabled, the configured recursive resolver must support EDNS. (Responding to EDNS-enabled queries with responses which are not EDNS-enabled is fine, but FORMERR responses are not.) * res_mkquery and res_nmkquery no longer support the IQUERY opcode. DNS servers have not supported this opcode for a long time. * The _res_opcodes variable has been removed from libresolv. It had been exported by accident. * <string.h> no longer includes inline versions of any string functions, as this kind of optimization is better done by the compiler. The macros __USE_STRING_INLINES and __NO_STRING_INLINES no longer have any effect. * The nonstandard header <xlocale.h> has been removed. Most programs should use <locale.h> instead. If you have a specific need for the definition of locale_t with no other declarations, please contact libc-alpha@sourceware.org and explain. * The obsolete header <sys/ultrasound.h> has been removed. * The obsolete signal constant SIGUNUSED is no longer defined by <signal.h>. * The obsolete function cfree has been removed. Applications should use free instead. * The stack_t type no longer has the name struct sigaltstack. This changes the C++ name mangling for interfaces involving this type. * The ucontext_t type no longer has the name struct ucontext. This changes the C++ name mangling for interfaces involving this type. * On M68k GNU/Linux and MIPS GNU/Linux, the fpregset_t type no longer has the name struct fpregset. On Nios II GNU/Linux, the mcontext_t type no longer has the name struct mcontext. On SPARC GNU/Linux, the struct mc_fq, struct rwindow, struct fpq and struct fq types are no longer defined in sys/ucontext.h, the mc_fpu_t type no longer has the name struct mc_fpu, the gwindows_t type no longer has the name struct gwindows and the fpregset_t type no longer has the name struct fpu. This changes the C++ name mangling for interfaces involving those types. * On S/390 GNU/Linux, the constants defined by <sys/ptrace.h> have been synced with the kernel: - PTRACE_GETREGS, PTRACE_SETREGS, PTRACE_GETFPREGS and PTRACE_SETFPREGS are not supported on this architecture and have been removed. - PTRACE_SINGLEBLOCK, PTRACE_SECCOMP_GET_FILTER, PTRACE_PEEKUSR_AREA, PTRACE_POKEUSR_AREA, PTRACE_GET_LAST_BREAK, PTRACE_ENABLE_TE, PTRACE_DISABLE_TE and PTRACE_TE_ABORT_RAND have been added. Programs that assume the GET/SETREGS ptrace requests are universally available will now fail to build, instead of malfunctioning at runtime. Changes to build and runtime requirements: * Linux kernel 3.2 or later is required at runtime, on all architectures supported by that kernel. (This is a change from version 2.25 only for x86-32 and x86-64.) * GNU Binutils 2.25 or later is now required to build the GNU C Library. * On most architectures, GCC 4.9 or later is required to build the GNU C Library. On powerpc64le, GCC 6.2 or later is required. Older GCC versions and non-GNU compilers are still supported when compiling programs that use the GNU C Library. (We do not know exactly how old, and some GNU extensions to C may be _de facto_ required. If you are interested in helping us make this statement less vague, please contact libc-alpha@sourceware.org.) Security related changes: * The DNS stub resolver limits the advertised UDP buffer size to 1200 bytes, to avoid fragmentation-based spoofing attacks (CVE-2017-12132). * LD_LIBRARY_PATH is now ignored in binaries running in privileged AT_SECURE mode to guard against local privilege escalation attacks (CVE-2017-1000366). * Avoid printing a backtrace from the __stack_chk_fail function since it is called on a corrupt stack and a backtrace is unreliable on a corrupt stack (CVE-2010-3192). * A use-after-free vulnerability in clntudp_call in the Sun RPC system has been fixed (CVE-2017-12133). Contributors ============ This release was made possible by the contributions of many people. The maintainers are grateful to everyone who has contributed changes or bug reports. These include: Adhemerval Zanella Akhilesh Kumar Alan Modra Alexey Neyman Andreas Schwab Arjun Shankar Benjamin Cama Carlos O'Donell Chris Leonard Christian Borntraeger Christian Brauner Christopher Chittleborough Chung-Lin Tang DJ Delorie Dennis Wölfing Dmitry Bilunov Dmitry V. Levin Egmont Koblinger Eyolf Østrem Florian Weimer Gabriel F. T. Gomes Gordana Cmiljanovic H.J. Lu Ihar Hrachyshka Ivo Raisr Jiong Wang John David Anglin Joseph Myers Justus Winter Kir Kolyshkin Marko Myllynen Massimeddu Cireddu Matthew Krupcale Mike FABIAN Mike Frysinger Mousa Moradi Nathan Rossi Paul Clarke Paul E. Murphy Paul Eggert Peng Wu Phil Blundell Prakhar Bahuguna Rabin Vincent Rafal Luzynski Rajalakshmi Srinivasaraghavan Rical Jasan Rogerio A. Cardoso Samuel Thibault Santhosh Thottingal Siddhesh Poyarekar Slava Barinov Stefan Liebler Steve Ellcey Sunyeop Lee Szabolcs Nagy Thorsten Kukuk Tulio Magno Quites Machado Filho Uros Bizjak Vladimir Mezentsev Wainer dos Santos Moschetta Wilco Dijkstra Wladimir J. van der Laan Yury Norov Zack Weinberg -----BEGIN PGP SIGNATURE----- iQEcBAABAgAGBQJZgddcAAoJEHnEPfvxzyGH+WAH/3R1K41WWcqSDxX/fgbDzK53 Rgf2QlO0tgJdprRKodeMEDfEfLxhbyAO/aREiTcy7Jeg9zHpcdJgX5H0hax4MYGW e9ibTSXlxOPhVBrj3cBF+Y2HcqIen0iLFFI9afpstTPitQKgOLLOfjZVs8RKsAUQ m8FMfWNXZJmexqFnY9b0gukZEUvou5Fq61jXZH6P99MQfovR6/xBbuCUTkWK+Xjy JmQ8sz69aoTyPlNJNWlg7lFuLTqRzywYDo4Xf6jL+9tVoaTSaKhil3Ld23gekXFE TzRXo4xeihMjAxhS43BqaSttbcEV0ha0GVGiVqVZWiM+89wQRzj1UAlxa8Wyhlk= =Myq/ -----END PGP SIGNATURE----- Adhemerval Zanella (81): Consolidate arm and mips posix_fadvise implementations Remove i686, x86_64, and powerpc strtok implementations nptl: Remove COLORING_INCREMENT aarch64: fix errno address calculation in SYSCALL_ERROR_HANDLER Rework -fno-omit-frame-pointer support on i386 hppa: set __IPC_64 as zero for SysV IPC calls Consolidate Linux accept implementation Consolidate Linux connect implementation Consolidate Linux recvfrom implementation Consolidate Linux recv implementation Consolidate Linux sendto implementation Consolidate Linux send implementation build-many-glibcs: Remove no_isolate from SH config Fix missing posix_fadvise64 mips64 static build (BZ #21232) Fix test-errno issues Consolidate set* Linux implementation Fix i686 memchr overflow calculation (BZ#21182) Fix more test-errno issues Remove __ASSUME_REQUEUE_PI Remove CALL_THREAD_FCT macro Build divdi3 only for architecture that required it sparc: Fix .udiv plt on libc Consolidate pthreadtype.h placementConsolidate pthreadtype.h placement posix: Add cleanup on the trap list for globtest.sh Consolidate Linux mmap implementation (BZ#21270) Fix missing timespec definition for sys/stat.h (BZ #21371) [BZ 21340] add support for POSIX_SPAWN_SETSID posix: Remove ununsed posix_spawn internal assignment posix: Using libsupport for p{write,read}v tests nptl: Using libsupport for tst-cancel4* posix: Fix internal p{read,write} plt usage Consolidate Linux poll implementation Consolidate Linux select implementation Consolidate Linux epoll_wait syscall manual: Add preadv and pwritev documentation Move shared pthread definitions to common headers Remove wrong definitions from pthread header refactor Consolidate Linux close syscall generation Consolidate Linux open implementation Consolidate Linux creat implementation Consolidate Linux read syscall Consolidate Linux write syscall Consolidate Linux readv implementation Consolidate Linux writev implementation powerpc: Fix signal handling in backtrace posix: Fix and simplify default p{read,write}v implementation posix: Consolidate Linux pause syscall posix: Consolidate Linux waitpid syscall posix: Consolidate Linux nanosleep syscall linux: Consolidate Linux tee implementation posix: Consolidate Linux sigsuspend implementation posix: Consolidate Linux msync syscall posix: Consolidate Linux fdatasync syscall posix: Consolidate Linux fsync syscall linux: Consolidate Linux vmsplice syscall linux: Consolidate Linux splice syscall linux: Consolidate Linux open_by_handle_at syscall posix: Consolidate Linux mq_timedreceive syscall posix: Consolidate Linux mq_timedsend syscall Fix makefile rules for vmsplice, splice, and open_by_handle_at libio: Avoid dup already opened file descriptor [BZ#21393] posix: Implement preadv2 and pwritev2 posix: Add missing build flags for p{write,read}v2 nptl: Invert the mmap/mprotect logic on allocated stacks (BZ#18988) support: Add optstring support linux: Consolidate sync_file_range implementation Fix gen-tunables.awk to work with older awk Consolidate Linux openat implementation posix: Add invalid flags test for p{write,read}v2 Clean pthread functions namespaces for C11 threads Call exit directly in clone (BZ #21512) posix: Adapt tst-spawn{2,3} to use libsupport. posix: Improve default posix_spawn implementation Consolidate Linux fcntl implementation posix: Fix default posix_spawn return value posix: Add p{read,write}v2 RWF_NOWAIT flag (BZ#21738) hppa: Fix clone exit syscall argument passing (BZ#21512) alpha: Fix clone exit syscall argument passing (BZ#21512) Update sparc ulps tunables: Use direct syscall for access (BZ#21744) Update Alpha libm-test-ulps Akhilesh Kumar (42): For Breton yesstr/nostr locale are missing Added Tok-Pisin locale. Pashto yesstr/nostr locale are missing Incorrect Full Weekday names for ks_IN@devanagari yesstr/nostr missing for Xhosa language locale Fix LC_NAME for hi_IN Added missing yesstr and nostr for Tsonga language locale [LC_MESSAGES] Added yesstr/nostr for kw_GB Fix abday strings for ks_IN@devanagari to match the day strings Added yesstr and nostr to zh_HK locale Fix abday for ar_SA Fixed abday for ar_JO/ar_LB/ar_SY Added Samoan language locale for Samoa Added Fiji Hindi language locale for Fiji Added yesstr/nostr for nds_DE and nds_NL Added yesstr and nostr for Tigrinya Fix LC_MESSAGES and LC_ADDRESS for anp_IN Added yesstr/nostr and fix yesexpr for pap_AW and pap_CW Added Tongan language locale for Tonga Added yesstr and nostr for aa_ET New locale for bi_VU Fix country_name in li_NL Fix or add int_select international_call_prefixes Fix consistency in country_isbn in various locales and add comment to country_num in nr_ZA Fix country_post "Country Postal Abbreviations" Fix int_select international_call_prefixes Added int_select international_call_prefixes Add country_name and country_post, and country_isbn for pap_AW and pap_CW Add/Fix country_isbn for France Added country_isbn for Italy Added country_isbn for Republic of Korea Added country_name in mai_IN Fix LC_TIME for mai_IN Added yesstr/nostr for sa_IN Fix name_mrs for mag_IN Fix inconsistency in country_isbn and missing prefixes Remove redundant data for LC_MONETARY for Indian locales Removed redundant data for the_NP locale Added New Locale mai_NP Fix Latin characters and month sequence in mai_IN Fix wrong monetary system used in ta_LK locale Fix country name in title of mai_NP locale Alan Modra (6): PowerPC64, fix calls to _mcount PowerPC64 FRAME_PARM_SAVE PowerPC64 sysdep.h tidy PowerPC64 strncpy, stpncpy and strstr fixes PowerPC64 ENTRY_TOCLESS PowerPC64 ELFv2 PPC64_OPT_LOCALENTRY Alexey Neyman (3): sh: Fix building with gcc5/6 Fix combreloc test with BSD grep Fix build with --enable-static-nss [BZ #21088] Andreas Schwab (7): Refer to <signal.h> instead of <pthread.h> in <bits/sigthread.h> Remove _dl_platform_string Use test-driver in ntpl/tst-fork1.c m68k: handle default PIE Use test-driver in nptl/tst-fork3.c build-many-glibcs.py: also build profiled objects Remove extra semicolons in struct pthread_mutex (bug 21804) Arjun Shankar (2): Use test-driver in sysdeps/unix/sysv/linux/tst-clone2.c Remove check for NULL buffer passed to `ptsname_r' Benjamin Cama (1): inet: __inet6_scopeid_pton should accept node-local addresses [BZ #21657] Carlos O'Donell (6): Bug 20116: Clarify behaviour of PD->lock. Bug 20686: Add el_GR@euro support. vfprintf.c: Refactor magic number 32 into EXTSIZ. Fixup localedata/ChangeLog. rwlock: Fix explicit hand-over (bug 21298) mutex: Fix robust mutex lock acquire (Bug 21778) Chris Leonard (1): New locale for agr_PE. Christian Borntraeger (1): s390: optimize syscall function Christian Brauner (1): linux ttyname and ttyname_r: do not return wrong results Christopher Chittleborough (1): Bug 21399: Fix CP1254 comment for U+00EC Chung-Lin Tang (1): Update Nios II ULPs file. DJ Delorie (9): Further harden glibc malloc metadata against 1-byte overflows. Tweak realloc/MREMAP comment to be more accurate. Add MAINTAINERS Add per-thread cache to malloc * manual/tunables.texi: Add missing @end deftp. Fix BZ #21654 - grp-merge.c alignment Extend NSS test suite Fix cast-after-dereference Correct nss/tst-nss-test5 configuration Dennis Wölfing (1): Add reallocarray function Dmitry Bilunov (1): getaddrinfo: Merge IPv6 addresses and IPv4 addresses [BZ #21295] Dmitry V. Levin (2): Check for __mprotect failure in _dl_map_segments [BZ #20831] S390: fix sys/ptrace.h to make it includible again after asm/ptrace.h Egmont Koblinger (1): localedata: hu_HU: fix multiple sorting bugs (bug 18934) Eyolf Østrem (1): localedata: da_DK: set date_fmt [BZ #17297] Florian Weimer (116): sunrpc: Avoid use-after-free read access in clntudp_call [BZ #21115] sunrpc: Do not unregister services if not registered [BZ #5010] sunrpc: Improvements for UDP client timeout handling [BZ #20257] Add scripts/backport-support.sh Document and fix --enable-bind-now [BZ #21015] Remove header file inclusion guard from elf/get-dynamic-info.h tzset: Remove __attribute_noinline__ from compute_offset tzset: Remove unused NOID macro timezone: Remove TZNAME_MAX limit from sysconf [BZ #15576] tzset: Clean up preprocessor macros min, max, sign Fix auto-merge issue in ChangeLog support_format_dns_packet: Fix CNAME and multiple RR handling support: Add error checking to close system calls [BZ #21244] support: Explain ignored failures of temporary file removal [BZ #21243] resolv: Add test coverage for ns_name_unpack, ns_name_ntop nss_dns: Remove superfluous dn_expand call from network handling nss_dns: Replace local declarations with declarations from a header file resolv: Add tst-resolv-canonname resolv: Remove IQUERY support manual: readdir, readdir64 are thread-safe resolv: Remove internal and unused definitions from <resolv.h> resolv: Support an exactly sized buffer in ns_name_pack [BZ #21359] resolv: Reduce EDNS payload size to 1200 bytes [BZ #21361] resolv: Remove EDNS fallback [BZ #21369] Assume that O_NOFOLLOW is always defined malloc: Turn cfree into a compatibility symbol Assume that pipe2 is always available Assume that dup3 is available Assume that O_CLOEXEC is always defined and works Assume that accept4 is always available and works Create more sockets with SOCK_CLOEXEC [BZ #15722] resolv: Replace __builtin_expect with __glibc_unlikely/__glibc_likely rcmd/rexec: Fix typo in comment nss_dns: Correct parentheses for the __glibc_unlikely argument manual: Document replacing malloc [BZ #20424] Remove <sys/ultrasound.h> support: Delete temporary files in LIFO order support: Prevent multiple deletion of temporary files resolv: Use RES_DFLRETRY consistently [BZ #21474] getaddrinfo: Unconditionally use malloc for address list support_format_addrinfo: Fix flags and canonname formatting inet_pton: Reformat in GNU style fork: Remove bogus parent PID assertions [BZ #21386] Add internal facility for dynamic array handling getaddrinfo: Always allocate canonical name on the heap resolv: Tests for various versions of res_init getaddrinfo: Fix localplt failure involving strdup getaddrinfo: Eliminate another strdup call support: Expose TEST_VERIFY_EXIT behavior to GCC optimizers malloc: Remove tst-dynarray, tst-dynarray-fail from test-srcs dynarray: Implement begin/end functions in the spirit of C++ configure: Suppress expected compiler error message i686: Add missing IS_IN (libc) guards to vectorized strcspn dynarray: Use libc_hidden_proto only for !_ISOMAC resolv: Make __res_vinit hidden resolv: Move res_randomid to its own file resolv: Move _res deallocation functions to their own file resolv: Remove DEBUG preprocessor conditionals from res_setoptions resolv: Introduce is_sort_mask and call it from res_vinit resolv: Reformat res_vinit and related functions to GNU style resolv: Report allocation errors in __res_vinit resolv: Use getline for configuration file reading in res_vinit_1 CVE-2017-1000366: Ignore LD_LIBRARY_PATH for AT_SECURE=1 programs [BZ #21624] ld.so: Reject overly long LD_PRELOAD path elements ld.so: Reject overly long LD_AUDIT path elements DCIGETTEXT: Do not make copy of localename inet: Add IPv6 getaddrinfo coverage to tst-inet6_scopeid_pton.c __inet_pton_length: Implement new internal helper function getaddrinfo: Avoid stack copy of IPv6 address DCIGETTEXT: Use getcwd, asprintf to construct absolute pathname Implement allocation buffers for internal use _nl_load_domain: Use calloc instead of alloca x86-64: memcmp-avx2-movbe.S needs saturating subtraction [BZ #21662] resolv: Clean up declarations of the __res_initstamp variable resolv/res_libc.c: Reformat to GNU style x86-64: Fix comment typo in memcmp-avx2-movbe.S inet_pton: Reject IPv6 addresses with many leading zeros [BZ #16637] resolv/tst-resolv-basic: Add test cases for bug 21295 resolv: Call _res_hconf_init from __res_vinit resolv: Avoid timeouts in test-resolv-res-init, test-resolv-res_init-thread vfprintf: Add test case for user-defined types and format specifiers vfprintf: Add test case for multi-byte/wide strings and precision vfprintf: Reduce WORK_BUFFER_SIZE for wchar_t builds _i18n_number_rewrite: Use struct scratch_buffer vfprintf: Use struct scratch_buffer for positional arguments allocation vfprintf: Reuse work_buffer in group_number vfprintf: Fix tst-vfprintf-mbs-prec and tst-vfprintf-user-type resolv: Make RES_ROTATE start with a random name server [BZ #19570] support: Report actual exit status in support_capture_subprocess_check resolv: Remove DEBUG macro from resolv/res_mkquery.c resolv: Reformat resolv/res_mkquery.c to GNU style resolv: Move the res_mkquery function to the resolv/mk_query.c file resolv: Remove DEBUG from resolv/res_send.c resolv: Remove unused resolv/res_debug.h header file resolv: Move fp_nquery, fp_query, p_query, _res_opcodes resolv: Turn _res_opcodes into a compatibility symbol resolv: Move res_isourserver, res_send from res_data.c to res_send.c resolv: Move res_query, res_search res_querydomain, hostalias resolv: Reformat resolv/res_data.c to GNU style resolv: Remove DEBUG from resolv/res_query.c resolv: Remove source argument fron res_options resolv: Improve debugging output from tst-resolv-res_init resolv: Add preinit tests to resolv/tst-resolv-res_init-skeleton.c resolv: Introduce struct resolv_context [BZ #21668] resolv: Introduce struct resolv_conf with extended resolver state resolv: Lift domain search list limits [BZ #19569] [BZ #21475] resolv: Mirror the entire resolver configuration in struct resolv_conf resolv: Automatically reload a changed /etc/resolv.conf file [BZ #984] resolv: Introduce free list for resolv_conf index slosts resolv: Fix improper assert in __resolv_conf_attach resolv: Fix resolv_conf _res matching sysconf: Use conservative default for _SC_NPROCESSORS_ONLN [BZ #21542] support: Check isolation of loopback addresses in tst-support-namespace support: Add support_chroot_create and support_chroot_free support: Add resolver testing mode which does not patch _res resolv: Deal with non-deterministic address order in tst-resolv-basic Gabriel F. T. Gomes (35): Move w_lgamma_r to libm-compat-calls-auto Move w_lgamma to libm-compat-calls-auto Move w_exp to libm-compat-call-auto Merge libm-compat-calls-auto and libm-compat-calls ldbl-128: Fix y0 and y1 for -Inf input [BZ #21130] Fix y0 and y1 exception handling for zero input [BZ #21134] Add new templates for IEEE wrappers Use internal __feraiseexcept in __iseqsig Split helper classification macros from mathcalls.h Macroize inclusion of math-finite.h Change return type in the declaration of __ieee754_rem_pio2l Fix condition for inclusion of math-finite.h for long double Remove unneeded declarations from math_private.h Macroize function declarations in math_private.h float128: Include math-finite.h for _Float128 float128: Enable use of IEEE wrapper templates Convert e_exp2l.c into a template float128: Extend __MATH_TG for float128 support Include sys/param.h in stdlib/gmp-impl.h instead of redefining MAX/MIN float128: Add conversion from float128 to mpn Remove duplicated code from __printf_fp_l, __printf_fphex, and __printf_size Refactor PRINT_FPHEX_LONG_DOUBLE into a reusable macro float128: Add strfromf128 float128: Add strfromf128, strtof128, and wcstof128 to the manual Allow macros prefixed with FLT128 in include/float.h Provide an additional macro expansion for F128 in stdlib/tst-strtod.h Describe remainder as primary and drem as alternative in the manual Include libc-header-start.h in include/float.h Prepare the manual to display math errors for float128 functions Add libio-mtsafe flags to the build of strfromf128 Document _FloatN and _FloatNx versions of math functions powerpc64le: Check for compiler features for float128 powerpc64le: Require at least POWER8 for powerpc64le float128: Add signbit alternative for old compilers powerpc64le: Iterate over all object suffixes when appending -mfloat128 Gordana Cmiljanovic (1): mips: Fix store/load gp registers to/from ucontext_t H.J. Lu (68): x86-64: Verify that _dl_runtime_resolve preserves vector registers Use index_cpu_RTM and reg_RTM to clear the bit_cpu_RTM bit Use CPU_FEATURES_CPU_P to check if AVX is available x86-64: Improve branch predication in _dl_runtime_resolve_avx512_opt [BZ #21258] Define TEST_FUNCTION_ARGV in elf/tst-dlopen-aout.c Check if SSE is available with HAS_CPU_FEATURE Add sysdeps/x86/dl-procinfo.c x86: Set Prefer_No_VZEROUPPER if AVX512ER is available x86: Use AVX2 memcpy/memset on Skylake server [BZ #21396] x86: Set dl_platform and dl_hwcap from CPU features [BZ #21391] Correct comments in x86_64/multiarch/memcmp.S x86: Optimize SSE2 memchr overflow calculation x86_64: Remove L(return_null) from rawmemchr.S x86: Use __get_cpu_features to get cpu_features x86: Don't include cacheinfo.c in ld.so Support dl-tunables.list in subdirectories Make __tunables_init hidden and avoid PLT Add memchr tests for n == 0 x86_64: Remove redundant REX bytes from memchr.S x86: Update __x86_shared_non_temporal_threshold benchtests: Add more tests for memrchr x86-64: Update LO_HI_LONG for p{readv,writev}{64}v2 x86_64: Remove redundant REX bytes from memrchr.S x86-64: Update strlen.S to support wcslen/wcsnlen x86: Add macros to implement ifunce selection in C x86-64: Optimize wmemset with SSE2/AVX2/AVX512 x86-64: Optimize memcmp/wmemcmp with AVX2 and MOVBE x86: Don't use dl_x86_cpu_features in cacheinfo.c x86-64: Move wcsnlen.S to multiarch/wcsnlen-sse4_1.S x86-64: Fold ifunc-sse4_1.h into wcsnlen.c x86-64: Rename wmemset.h to ifunc-wmemset.h Add more tests for memchr ld.so: Consolidate 2 strtouls into _dl_strtoul [BZ #21528] x86-64: Optimize memchr/rawmemchr/wmemchr with SSE2/AVX2 x86-64: Optimize strlen/strnlen/wcslen/wcsnlen with AVX2 x86-64: Optimize strchr/strchrnul/wcschr with AVX2 x86-64: Optimize memrchr with AVX2 x86-64: Optimize strrchr/wcsrchr with AVX2 x86-64: Correct comments in ifunc-impl-list.c x86-64: Implement strcpy family IFUNC selectors in C Make copy of <bits/std_abs.h> from GCC 7 [BZ #21573] x86-64: Implement memmove family IFUNC selectors in C x86-64: Implement memset family IFUNC selectors in C x86-64: Implement memcmp family IFUNC selectors in C x86-64: Implement strcat family IFUNC selectors in C x86-64: Implement wcscpy IFUNC selector in C x86-64: Implement strcspn/strpbrk/strspn IFUNC selectors in C Remove _dl_out_of_memory from elf/Versions tunables: Add IFUNC selection and cache sizes Move x86 specific tunables to x86/dl-tunables.list x86: Rename glibc.tune.ifunc to glibc.tune.hwcaps x86-64: Implement strcmp family IFUNC selectors in C x86-64: Optimize L(between_2_3) in memcmp-avx2-movbe.S Avoid .symver on common symbols [BZ #21666] x86-64: Optimize memcmp-avx2-movbe.S for short difference Support building glibc with gold 1.14 or above [BZ #14995] i386: Increase MALLOC_ALIGNMENT to 16 [BZ #21120] Use __builtin_popcount in __sched_cpucount [BZ #21696] x86-64: Align the stack in __tls_get_addr [BZ #21609] x86-64: Update comments in ifunc-impl-list.c x86-64: Update comments in IFUNC selectors x86-64: Test memmove_chk and memset_chk only in libc.so [BZ #21741] Don't include _dl_resolve_conflicts in libc.a [BZ #21742] Avoid backtrace from __stack_chk_fail [BZ #12189] Compile tst-ssp-1.c with -fstack-protector-all Don't add stack_chk_fail_local.o to libc.a [BZ #21740] i386: Test memmove_chk and memset_chk only in libc.so [BZ #21741] Avoid accessing corrupted stack from __stack_chk_fail [BZ #21752] Ihar Hrachyshka (1): Improve country_name in be_BY@latin Ivo Raisr (1): sparc: Remove unused assignment in __clone Jiong Wang (1): [ARM] Fix ld.so crash when built using Binutils 2.29 John David Anglin (17): hppa: Fix setting of __libc_stack_end Fix BZ #21049. Use generic pthread support on hppa. Update hppa ulps. Fix type in sysdeps/hppa/dl-machine.h. Fix failing sNaN tests on hppa. Fix guard alignment in allocate_stack when stack grows up. Fix [BZ locale/19838]. Fix [BZ 20098]. Remove extra braces from sysdeps/hppa/__longjmp.c. Remove _exit entry from sysdeps/unix/sysv/linux/hppa/localplt.data. Fix syscall cancellation on hppa. Fix __setcontext return value on hppa. Fix stack offset for r19 load in __getcontext. Add CFI annotation. Return to caller if dl_fixup fails to resolve callee on hppa. [BZ 19170] Joseph Myers (133): Remove before-compile setting in math/Makefile. Do not hardcode list of libm functions in libm-err-tab.pl. Remove libm-test.inc comment listing functions tested and not tested. Move non-function-specific parts of libm-test.inc to separate file. Rework gen-libm-test.pl input/output handling. Eliminate libm-test.stmp. Split auto-libm-test-out by function. Split libm-test.inc by function. Move libm-test TEST_MSG definitions to libm-test-driver.c. Refactor some code in libm-test-driver.c. Fix powf inaccuracy (bug 21112). Clean up libm vector tests exception test disabling. Build most libm-test support code once per type. Move -U__LIBC_INTERNAL_MATH_INLINES to test-math-inline.h. Move more csin, csinh tests to auto-libm-test-in. Move INIT_ARCH_EXT call from libm-test-support to libm-test-driver. Move most libmvec test contents from .c to .h files. Revert header inclusion changes that break math/ testing on x86_64. Move tests of cacos, cacosh to auto-libm-test-*. Move tests of casin, casinh to auto-libm-test-*. Move tests of catan, catanh to auto-libm-test-*. Update arm, mips, powerpc-nofpu libm-test-ulps. Remove some unused libm-test exception macros. Add IP_RECVFRAGSIZE from Linux 4.10. Use Linux 4.10 in build-many-glibcs.py. Add TFD_TIMER_CANCEL_ON_SET to sys/timerfd.h. Run libm tests separately for each function. Regenerate MIPS catan, catanh long double ulps. Add more IPV6_* macros to sysdeps/unix/sysv/linux/bits/in.h. Fix test-math-vector-sincos.h aliasing. Improve float range reduction accuracy near pi/2 (bug 21094). Remove C++ namespace handling from glibc headers. conformtest: Make more tests into compilation tests. conformtest: Support system-specific XFAILs. conformtest: Skip execution tests when cross-compiling. conformtest: Add alpha XFAIL for struct netent n_net type (bug 21260). Add missing piece to last ChangeLog entry. conformtest: Add mips XFAIL for struct stat st_dev type (bug 17786). Make alpha termios.h define IXANY unconditionally (bug 21259). conformtest: Handle conditional XFAILs with allow-header. Fix sparc64 bits/setjmp.h namespace (bug 21261). conformtest: XFAIL tv_nsec tests for x32 (bug 16437). Fix alpha termios.h NL2, NL3 namespace (bug 21268). conformtest: Add mips XFAIL for struct stat st_rdev type (bug 21278). conformtest: Add x32 XFAILs for mq_attr element types (bug 21279). Regenerate INSTALL. Define more termios.h macros unconditionally for alpha (bug 21277). Fix bits/socket.h IOC* namespace issues (bug 21267). conformtest: Enable tests when cross compiling. Do not use wildcard symbol names for public versions in Versions files. conformtest: Allow *_t in sys/socket.h. Fix sys/socket.h namespace issues from sys/uio.h inclusion (bug 21426). Default build-many-glibcs.py to GCC 7 branch. conformtest: Fix XPG standard naming. conformtest: Allow time.h inclusion from semaphore.h for XOPEN2K. Default Linux kernel version in build-many-glibcs.py to 4.11. Add PF_SMC, AF_SMC from Linux 4.11 to bits/socket.h. Add TCP_FASTOPEN_CONNECT from Linux 4.11 to netinet/tcp.h. Add HWCAP_ASIMDRDM from Linux 4.11 to AArch64 bits/hwcap.h. Use __glibc_reserved convention in mcontext, sigcontext (bug 21457). Fix signal.h bsd_signal namespace (bug 21445). Fix network headers stdint.h namespace (bug 21455). Require Linux kernel 3.2 or later on x86 / x86_64. Remove __ASSUME_GETCPU_SYSCALL. Remove __ASSUME_PROC_PID_TASK_COMM. Assume prlimit64 is available. Simplify recvmmsg code. Simplify sendmmsg code. Simplify accept4, recvmmsg, sendmmsg code. Remove MIPS32 accept4, recvmmsg, sendmmsg implementations. Fix rawmemchr build with GCC 8. Condition some sys/ucontext.h contents on __USE_MISC (bug 21457). Remove __ASSUME_STATFS_F_FLAGS. Remove useless SPARC signbit aliases. Create and use first-versions.h with macros for function symbol versions. Also create and use ldbl-compat-choose.h. Split up bits/sigstack.h. Fix sys/ucontext.h namespace from signal.h etc. inclusion (bug 21457). Fix sigstack namespace (bug 21511). Fix more namespace issues in sys/ucontext.h (bug 21457). conformtest: Correct signal.h expectations for XPG4 / XPG42. Fix sigevent namespace (bug 21543). Fix struct sigaltstack namespace (bug 21517). Define SIG_HOLD for XPG4 (bug 21538). Fix tst-timezone race (bug 14096). Fix include paths in include/bits/types/*.h. conformtest: Correct sys/wait.h expectations for XPG4. Condition signal.h inclusion in sys/wait.h (bug 21560). Fix sigpause namespace (bug 21554). Update nios2, sparc32 localplt.data files for recent GCC change. Fix waitid namespace (bug 21561). Fix sigwait namespace (bug 21550). Fix XPG4 bsd_signal namespace (bug 21552). Update timezone code from tzcode 2017b. Define struct rusage in sys/wait.h when required (bug 21575). Fix signal stack namespace (bug 21584). Fix siginterrupt namespace (bug 21597). Fix another x86 sys/ucontext.h namespace issue (bug 21457). Require GCC 4.9 or later for building glibc. Fix wait3 namespace (bug 21625). Remove pre-GCC-4.9 MIPS code. conformtest: XFAIL uc_sigmask test for ia64 (bug 21634). conformtest: XFAIL uc_mcontext test for powerpc32 (bug 21635). Fix tile SA_* conditions for POSIX.1:2008 (bug 21622). Fix float128 uses of xlocale.h. Make errno-setting libm templates include errno.h. Correct min_of_type handling of _Float128. Make float128_private.h work with generic ieee754.h. Fix float128_private.h redefinition of SET_RESTORE_ROUNDL. Support _Float128 in math-tests.h. Support _Float128 in ldbl-96 bits/iscanonical.h. Avoid localplt issues from x86 fereaiseexcept inline. Make libm-test-support code clear exceptions after each test. Update x86 ulps for GCC 7. Add float128 support for x86_64, x86. Rename struct ucontext tag (bug 21457). Add float128 support for ia64. Fix strftime build with GCC 8. Fix elf/loadtest.c build with GCC 8. Miscellaneous sys/ucontext.h namespace fixes (bug 21457). Require binutils 2.25 or later to build glibc. Add more thorough generated tgmath.h test. Remove NO_LONG_DOUBLE conditionals in libm tests (bug 21607). Simplify tgmath.h for integer return types. Fix tgmath.h totalorder, totalordermag return type (bug 21687). Use clog10 not __clog10 in tgmath.h log10 macro. Support _Float128 in tgmath.h. Fix gen-tgmath-tests.py output for GCC 7 <float.h>. SPARC sys/ucontext.h namespace fixes (bug 21457). Update versions in build-many-glibcs.py. Consistently say "GNU C Library" in NEWS, not "glibc". Edit and shorten float128 NEWS item. Increase some test timeouts. Justus Winter (1): hurd: Provide truncate64 and ftruncate64. Kir Kolyshkin (1): Add Linux PTRACE_EVENT_STOP Marko Myllynen (1): Fix send consolidation typo Massimeddu Cireddu (1): Fix misspelled yesexpr/day/abday/mon/abmon/date_fmt fields in sc_IT Matthew Krupcale (1): nptl: Fix typo on __have_pthread_attr_t (BZ#21715) Mike FABIAN (24): Bug 20313: Update to Unicode 9.0.0 Bug 21533: Update to Unicode 10.0.0 Add ChangeLog entries for the last 6 commits Add iI and eE to yesexpr and noexpr respectively for ts_ZA locales/om_ET (LC_MESSAGES): add yesstr and nostr. Fix wrong bug number in localedata/ChangeLog Fix country name in li_BE and encoding problem in abday in li_BE and li_NL Write "Latin" in title case in "title" in hif_FJ locale Fix yesexpr in new agr_PE locale Use U+02BB MODIFIER LETTER TURNED COMMA instead of U+0027 APOSTROPHE in yesstr and nostr for to_TO locale Add country_name to iu_CA locale Add int_select to many locales Add country_name to several locales Mention in NEWS that the Unicode 10.0.0 update causes user visible changes Add [BZ #21828] to ChangeLog Remove redundant data for LC_MONETARY in sd_IN@devanagari Use POSIX Portable Character Set in the new mai_NP locale source file instead of <Uxxxx> Fix inappropriate escape sequences in LC_IDENTIFICATION in several locales Fix inappropriate characters in LC_IDENTIFICATION in several locales Remove erroneous tabs from some strings in locale files Remove erroneous spaces from some strings in locale files Revert "Remove redundant data for LC_MONETARY for Indian locales" Fix country_name in nds_NL Minor improvements to new az_IR locale Mike Frysinger (5): x86_64: fix static build of __mempcpy_chk for compilers defaulting to PIC/PIE posix_spawn: fix stack setup on ia64 [BZ #21275] posix_spawn: use a larger min stack for -fstack-check [BZ #21253] ChangeLog: fix BZ style to be consistent and match majority of existing code localedata: CLDRv29: update LC_ADDRESS.lang_name translations Mousa Moradi (1): Add new az_IR locale Nathan Rossi (2): Update Microblaze libm-test-ulps microblaze: Resolve non-relocatable branch in pt-vfork.S (BZ#21779) Paul Clarke (6): Support auxilliary vector components for cache geometries. powerpc: Add a POWER8-optimized version of cosf() powerpc: add sysconf support for cache geometries Add powf bench tests powerpc: fix sysconf support for cache geometries Optimized version of powf() Paul E. Murphy (11): powerpc64le: Create divergent sysdep directory for powerpc64le. ldbl-128: Use mathx_hidden_def inplace of hidden_def float128: Add _Float128 make bits to libm. Add support for testing __STDC_WANT_IEC_60559_TYPES_EXT__ float128: Add public _Float128 declarations to libm. float128: Add private _Float128 declarations for libm. float128: Add wrappers to override ldbl-128 as float128. float128: Extend the power of ten tables float128: Add strtof128, wcstof128, and related functions. float128: Add test-{float128,ifloat128,float128-finite} powerpc64le: Enable float128 Paul Eggert (1): getopt: merge from gnulib: use angle-bracket includes consistently Peng Wu (1): Add yesstr and nostr to zh_CN locale Phil Blundell (1): Correct misplaced comments in struct ip_mreq_source Prakhar Bahuguna (1): [ARM] Optimise memchr for NEON-enabled processors Rabin Vincent (1): [BZ 21357] unwind-dw2-fde: Call free() outside of unwind mutex Rafal Luzynski (14): localedata: Remove trailing spaces [BZ #20275] localedata: ce_RU: update weekdays from CLDR [BZ #21207] localedata: fur_IT: Fix spelling of Wednesday (Miercus) localedata: Month names updated from CLDR-31 [BZ #21217] localedata: More months updated from CLDR-31 [BZ #21217] localedata: Months updated from CLDR - Arabic scripts [BZ #21217] localedata: Months updated from CLDR - Bengali scripts [BZ #21217] localedata: Months updated from CLDR - Devanagari scripts [BZ #21217] localedata: Months updated from CLDR - other Indic scripts [BZ #21217] localedata: Months updated from CLDR - other scripts [BZ #21217] More fixes after the recent import from CLDR-31 Arabic scripts: More fixes after the recent import. localedata/locales/lg_UG: Fix some comments. Indian scripts: More fixes after the recent import. Rajalakshmi Srinivasaraghavan (12): powerpc: Improve strcmp performance for shorter strings powerpc: Use latest optimizations for internal function calls powerpc: Set minimum kernel version for powerpc64le powerpc: Optimized strncat for POWER8 powerpc64: strrchr optimization for power8 powerpc: Fix strncat ifunc selection powerpc: Improve memcmp performance for POWER8 powerpc: Add optimized version of [l]lrintf powerpc: Optimize memchr for power8 powerpc: Add optimized version of [l]lroundf powerpc: refactor strrchr IFUNC powerpc: Clean up strlen and strnlen for power8 Rical Jasan (14): Fix a typo in the manual. manual: Fix up invalid header and standards syntax. manual: Convert @tables of annotated @items to @vtables. manual: Convert errno @comments to new @errno macro. manual: Provide consistent errno documentation. manual: Create empty placeholder macros for @standards. manual: Replace summary.awk with summary.pl. manual: Complete @standards in argp.texi. manual: Complete @standards in arith.texi. manual: Complete @standards in string.texi. manual: Complete @standards in lang.texi. manual: Fix a minor grammatical error. manual: Complete @standards in creature.texi. manual: Refactor documentation of CHAR_BIT. Rogerio A. Cardoso (1): powerpc: Fix sinf() IFUNC fallback. Samuel Thibault (1): hurd: Make send/recv more posixish Santhosh Thottingal (1): Correct collation rules for Malayalam. Siddhesh Poyarekar (40): Open master for development Fix typo in manual Fix getting tunable values on big-endian (BZ #21109) Ignore and remove LD_HWCAP_MASK for AT_SECURE programs (bug #21209) Actually add bench-memcpy-random tunables: Make tunable_list relro tunables: Specify a default value for tunables tunables: Add support for tunables of uint64_t type Reduce value of LD_HWCAP_MASK for tst-env-setuid test case Remove useless comment from sysdeps/sparc/sparc32/dl-machine.h arm: Fix typo in array count Delay initialization of CPU features struct in static binaries tunables: Clean up hooks to get and set tunables tunables: Add LD_HWCAP_MASK to tunables Add include guards to dl-procinfo.h tunables: Use glibc.tune.hwcap_mask tunable instead of _dl_hwcap_mask aarch64: Allow overriding HWCAP_CPUID feature check using HWCAP_MASK Make LD_HWCAP_MASK usable for static binaries aarch64: Add hwcap string routines aarch64: Fix undefined behavior in _dl_procinfo Enable tunables by default Fix typo when undefining weak_alias benchtests: Print string array elements, int and uint in json benchtests: Make memcpy benchmarks print results in json benchtests: New script to parse memcpy results Add ChangeLog entries for the last 3 commits aarch64: Call all string function implementations in tests tunables, aarch64: New tunable to override cpu Fix typo in glibc.tune.cpu name Regenerate libc.pot zic: Use PRIdMAX to print line numbers sv: Update translation Update translations Update translations Update NEWS Update translations Add list of bugs fixed in 2.26 Fix up ChangeLog formatting Update contributors and latest gcc and binutils versions Update for 2.26 release Slava Barinov (1): fts: Fix symbol redirect for fts_set [BZ #21289] Stefan Liebler (23): Add __glibc_unlikely hint in lll_trylock, lll_cond_trylock. Get rid of duplicate const declaration specifier warning in tst-resolv-qtypes.c. S390: Optimize atomic macros. S390: Regenerate ULPs Update auto-libm-test-out for catan / catanh. Fix failing test malloc/tst-interpose-nothread with GCC 7. S390: Clobber also r14 in TLS_LD, TLS_GD macros on 31bit. S390: Use new s390_libc_ifunc_expr macro in s390 8bit-generic.c. S390: Move utf8-utf16-z9.c to multiarch folder and use s390_libc_ifunc_expr macro. S390: Move utf16-utf32-z9.c to multiarch folder and use s390_libc_ifunc_expr macro. S390: Move utf8-utf32-z9.c to multiarch folder and use s390_libc_ifunc_expr macro. S390: Regenerate ULPs Optimize generic spinlock code and use C11 like atomic macros. S390: Use generic spinlock code. S390: Fix build with gcc configured with --enable-default-pie. [BZ #21537] S390: Sync ptrace.h with kernel. [BZ #21539] S390: Save and restore r12 in TLS_IE macro. S390: Add new hwcap values for new cpu architecture - arch12. S390: Use cu41 instruction for converting from utf32 to utf8. S390: Use cu42 instruction for converting from utf32 to utf16. S390: Use cu24 instruction for converting from utf16 to utf32. S390: Use cu21 instruction for converting from utf16 to utf8. S390: Fix tst-ptrace-singleblock if kernel does not support PTRACE_SINGLEBLOCK. Steve Ellcey (7): Add ifunc support for aarch64. Add ChangeLog entry for aarch64 ifunc support patch. Change TEST_NAME to memcpy to fix IFUNC testing of multiple versions. aarch64: Thunderx specific memcpy and memmove Fix cexpl when compiled with latest GCC Fix nss/nss_test1.c compile with latest GCC. Fix localedata test builds with latest GCC Sunyeop Lee (1): Update old tunables framework document/script. Szabolcs Nagy (8): [AArch64] Update libm-test-ulps [AArch64] Use hidden __GI__dl_argv in rtld startup code [AArch64] Add more cfi annotations to tlsdesc entry points Single threaded stdio optimization Disable single thread optimization for open_memstream Add HWCAP_ macros from Linux 4.12 to AArch64 bits/hwcap.h. [AArch64] Fix out of bound array access regression [AArch64] Update dl-procinfo for new HWCAP flags in Linux 4.12 Thorsten Kukuk (5): If sunrpc code is disabled, rpcsvc header files, rpcgen and The rpcgen tests should not run if we don't build rpcgen. Add missing ChangeLog entries. Deprecate libnsl by default (only shared library will be Merge branch 'master' of ssh://sourceware.org/git/glibc Tulio Magno Quites Machado Filho (12): Fix lgamma*, log10* and log2* results [BZ #21171] powerpc: Update powerpc-fpu libm-test-ulps Use independent type literals in libm-test-support.c XFAIL catan and catanh tests on ibm128 Change the order of function attributes in printf.h powerpc: Fix logbl on power7 [BZ# 21280] powerpc: Update powerpc-fpu libm-test-ulps Move tst-mutex*8* to tests-internal Add a way to bypass the PLT when calling getauxval powerpc: Update AT_HWCAP[2] bits Prevent an implicit int promotion in malloc/tst-alloc_buffer.c powerpc: Fix float128 IFUNC relocations [BZ #21707] Uros Bizjak (1): Add earlyclobber to sqrtt/sqrtf insns. Vladimir Mezentsev (1): sparc: handle R_SPARC_DISP64 and R_SPARC_REGISTER relocs Wainer dos Santos Moschetta (16): powerpc: Convert tests to the new support test-driver powerpc: Add tests for __ppc_set_ppr_* functions. Update string tests to use the support test driver. Update wcsmbs tests to use the support test driver powerpc64: Add POWER8 strnlen Add page tests to string/test-strnlen. Update elf tests to use the support test driver. powerpc: refactor stpcpy, stpncpy, strcpy, and strncpy IFUNC. powerpc: refactor strcasecmp, strcmp, and strncmp IFUNC. powerpc: refactor strnlen and strlen IFUNC. powerpc: refactor strchr, strchrnul, and strrchr IFUNC. powerpc: refactor strcasestr and strstr IFUNC. powerpc: refactor memset IFUNC. powerpc: refactor memchr, memrchr, and rawmemchr IFUNC. powerpc: refactor memcpy and mempcpy IFUNC. powerpc: refactor memcmp and memmove IFUNC. Wilco Dijkstra (11): As a minor cleanup remove the (r)index defines from include/string.h as GLIBC uses strchr (s, '\0') as an idiom to find the end of a string. The internal header include/string.h does not work in C++: it causes link errors Remove the str(n)cmp inlines from string/bits/string2.h. The strncmp Remove the str(n)dup inlines from string/bits/string2.h. Although inlining Add a new randomized memcpy test for copies up to 256 bytes. The distribution Replace all internal uses of __bzero with memset. This removes the need 2017-06-12 Wilco Dijkstra <wdijkstr@arm.com> Fix build issue on x86. Improve math benchmark infrastructure Add powf trace Wladimir J. van der Laan (1): Call the right helper function when setting mallopt M_ARENA_MAX (BZ #21338) Yury Norov (1): Test for correct setting of errno. Zack Weinberg (55): Move bits/types.h into posix/bits. Clean up redundancies between string.h and strings.h. ChangeLog entry for previous changeset Add missing header files throughout the testsuite. build-many-glibcs: don't crash if email is not configured One more obvious missing #include in the testsuite. Clean up conditionals for declaration of gets. Split DIAG_* macros to new header libc-diag.h. Allow direct use of math_ldbl.h in testsuite. Miscellaneous low-risk changes preparing for _ISOMAC testsuite. Narrowing the visibility of libc-internal.h even further. Another round of inclusion fixes for _ISOMAC testsuite. getopt: remove USE_NONOPTION_FLAGS getopt: merge from gnulib: don't use `...' quotes getopt: merge straightforward changes from gnulib getopt: fix fencepost error in ambiguous-W-option handling getopt: clean up error reporting getopt: merge from gnulib: function prototype adjustments getopt: tidy up _getopt_initialize a bit getopt: refactor long-option handling getopt: merge from gnulib: alloca avoidance getopt: merge _GL_UNUSED annotations from gnulib getopt: eliminate __need_getopt by splitting up getopt.h. getopt: annotate files with relationship to gnulib. A third round of inclusion fixes for _ISOMAC testsuite. Rename cppflags-iterator.mk to libof-iterator.mk, remove extra-modules.mk. sunrpc/tst-xdrmem2.c: Include stdint.h. Remove _IO_MTSAFE_IO from public headers. Suppress internal declarations for most of the testsuite. Remove the bulk of the NaCl port. Remove sfi_* annotations from ARM assembly files. Remove __need_list_t and __need_res_state. Remove __need macros from signal.h. Add one more header to be installed, missed from previous patch. Fix a bug in 'Remove __need macros from signal.h' (a992f506) Avoid tickling a linker bug from microblaze pt-vfork.S. Add shim header for bits/syscall.h. Include shlib-compat.h in many sunrpc/nis source files. Add forgotten changelog entry for 82f43dd2d1 Regenerate sysdeps/gnu/errlist.c. Remove __need macros from stdio.h and wchar.h. Polish the treatment of dl-tunable-list.h in Makeconfig. Remove bare use of __attribute__ in include/errno.h. Correct an outdated comment in stdlib/errno.h. Remove __need_schedparam and __cpu_set_t_defined. Correct indentation in posix/bits/cpu-set.h. Remove __need_IOV_MAX and __need_FOPEN_MAX. Remove __need macros from errno.h (__need_Emath, __need_error_t). Remove bits/string.h. Mention in NEWS that __(NO|USE)_STRING_INLINES don't do anything anymore. Fix fallout from bits/string.h removal. Rename xlocale.h to bits/types/__locale_t.h. Use locale_t, not __locale_t, throughout glibc Factor out shared definitions from bits/signum.h. Reorganize and revise NEWS for 2.26. -----------------------------------------------------------------------
The master branch has been updated by Florian Weimer <fw@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a289ea09ea843ced6e5277c2f2e63c357bc7f9a3 commit a289ea09ea843ced6e5277c2f2e63c357bc7f9a3 Author: Florian Weimer <fweimer@redhat.com> Date: Mon Aug 19 15:41:29 2019 +0200 Do not print backtraces on fatal glibc errors If the process is in a bad state, we used to print backtraces in many cases. This is problematic because doing so could involve a lot of work, like loading libgcc_s using the dynamic linker, and this could itself be targeted by exploit writers. For example, if the crashing process was forked from a long-lived process, the addresses in the error message could be used to bypass ASLR. Commit ed421fca42fd9b4cab7c66e77894b8dd7ca57ed0 ("Avoid backtrace from __stack_chk_fail [BZ #12189]"), backtraces where no longer printed because backtrace_and_maps was always called with do_abort == 1. Rather than fixing this logic error, this change removes the backtrace functionality from the sources. With the prevalence of external crash handlers, it does not appear to be particularly useful. The crash handler may also destroy useful information for debugging. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Is there a related issue on the gcc side to have gcc generate __builtin_trap or similar rather than the call to __stack_chk_fail[_local]? It would be nice to get that fixed too so that the call through the GOT/PLT isn't another vector for gaining control after corrupting program state, and it would eliminate the need for hacks to provide the "_local" version at ld time on targets that needed it.
(In reply to Rich Felker from comment #24) > Is there a related issue on the gcc side to have gcc generate __builtin_trap > or similar rather than the call to __stack_chk_fail[_local]? It would be > nice to get that fixed too so that the call through the GOT/PLT isn't > another vector for gaining control after corrupting program state, and it > would eliminate the need for hacks to provide the "_local" version at ld > time on targets that needed it. There is this bug: __stack_chk_fail should not use lazy binding on ELF https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82104 It's not exactly what you requested, but it reduces the amount of code that runs in the error case.