Description of problem: When converting IBM930 code with iconv(), if IBM930 code which includes invalid multibyte character "0xffff" is specified, then iconv() segfaults. Version-Release number of selected component (if applicable): glibc-2.5-81.el5_8.2 How reproducible: Always Steps to Reproduce: Run the following command: echo '0x0e 0x43 0x8c 0xff 0xff 0x43 0xbd 0x43 0xbd' | xxd -r | iconv -f IBM930 -t UTF-8 Actual results: Segfault Expected results: サiconv: illegal input sequence at position 3
Please ignore the "Version-Release number of selected component (if applicable):" section. That got copied over accidentally. The bug is reproducible with latest upstream.
Fixed in master.
Fixed in commit 6e230d11837f3ae7b375ea69d7905f0d18eb79e5, which went into glibc 2.16.
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, master has been updated via 41488498b6d9440ee66ab033808cce8323bba7ac (commit) from a78b712d405b55405b425e9b1453745615483003 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=41488498b6d9440ee66ab033808cce8323bba7ac commit 41488498b6d9440ee66ab033808cce8323bba7ac Author: Florian Weimer <fweimer@redhat.com> Date: Wed Sep 3 19:45:43 2014 +0200 CVE-2014-6040: Crashes on invalid input in IBM gconv modules [BZ #17325] These changes are based on the fix for BZ #14134 in commit 6e230d11837f3ae7b375ea69d7905f0d18eb79e5. ----------------------------------------------------------------------- Summary of changes: ChangeLog | 17 +++++++++++++++++ NEWS | 7 ++++++- iconvdata/Makefile | 1 + iconvdata/ibm1364.c | 3 ++- iconvdata/ibm932.c | 5 +++-- iconvdata/ibm933.c | 2 +- iconvdata/ibm935.c | 2 +- iconvdata/ibm937.c | 2 +- iconvdata/ibm939.c | 2 +- iconvdata/ibm943.c | 5 +++-- iconvdata/run-iconv-test.sh | 18 ++++++++++++++++++ 11 files changed, 54 insertions(+), 10 deletions(-)
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, release/2.19/master has been updated via daea1a9b2ab9ad1690a2770006f5964e188be11f (commit) via b8d0acdb33866d0f67ee8a019bdbdaa6a00d0c99 (commit) via 92b410973f872297e0c1bfda06abead4b0a265d1 (commit) via 424f645c513d56a5b8323971197e3afa1ed8f003 (commit) via 75f66fe467b280d9fb192d3f32e06e4b20d12dcc (commit) via ac39af9f195138a01b836fb4a30bd971de4aa163 (commit) via 2da15d05c54738ed2c53aaf555c7cf51a9057844 (commit) via 6ccc1c41f52f93548b5eb64d106219e287052472 (commit) via 4e27332819b6151ccb5031d0efd718d802168573 (commit) via 9583c3542133be925467c87df7f74882783d867d (commit) via 2ce47f454b6f1df5d2374fcac1b72e65e5f55a67 (commit) via 1f542fe398a1d02cce53d78f7a33e72078e7d4e9 (commit) via d3b2d64576fcc1281841a48740f5f481d1b46a90 (commit) via 40da893a143224b0a41a004eb5e971fc5d94381b (commit) via 3a4f226eaf6aff5529711f7fa3885a1cec815c32 (commit) via efbeb31ba5277132b683011714f8e77bc2156aa2 (commit) via 968b59ad2aecdbe67ac5016c395a7e38fd682bb7 (commit) via 29fd33140d964e0e08207ceecbf479b85658fcb8 (commit) via 8ec14bdc9c600cc273b242ebca6566fe15de107d (commit) via e698ea2c03ddfdfa87459c1a0e53e2a4289de0fa (commit) from 344e61df0200af758e794b9843ffb37bd89e5259 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=daea1a9b2ab9ad1690a2770006f5964e188be11f commit daea1a9b2ab9ad1690a2770006f5964e188be11f Author: Florian Weimer <fweimer@redhat.com> Date: Wed Sep 3 19:45:43 2014 +0200 CVE-2014-6040: Crashes on invalid input in IBM gconv modules [BZ #17325] These changes are based on the fix for BZ #14134 in commit 6e230d11837f3ae7b375ea69d7905f0d18eb79e5. (cherry picked from commit 41488498b6d9440ee66ab033808cce8323bba7ac) Conflicts: NEWS iconvdata/Makefile https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b8d0acdb33866d0f67ee8a019bdbdaa6a00d0c99 commit b8d0acdb33866d0f67ee8a019bdbdaa6a00d0c99 Author: Florian Weimer <fweimer@redhat.com> Date: Tue Aug 26 19:38:59 2014 +0200 __gconv_translit_find: Disable function [BZ #17187] This functionality has never worked correctly, and the implementation contained a security vulnerability (CVE-2014-5119). (cherry picked from commit a1a6a401ab0a3c9f15fb7eaebbdcee24192254e8) (cherry picked from commit f9df71e895d3552d557e783fdb9d133328195645) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=92b410973f872297e0c1bfda06abead4b0a265d1 commit 92b410973f872297e0c1bfda06abead4b0a265d1 Author: Stefan Liebler <stli@linux.vnet.ibm.com> Date: Fri Aug 1 09:48:17 2014 +0200 NEWS: Explain the s390 jmp_buf / ucontext_t ABI change reversal. (cherry picked from commit 95ee7fb13ba99ba265b49531c57e1cb8db629bc6) Typo fix as in commit 45ef66289acbab17278a73512f9b2a9d8a7ca79d and NEW enty adjusted to reflect revert occuring in 2.19.1 and 2.20. Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=424f645c513d56a5b8323971197e3afa1ed8f003 commit 424f645c513d56a5b8323971197e3afa1ed8f003 Author: Stefan Liebler <stli@linux.vnet.ibm.com> Date: Thu Aug 28 16:53:13 2014 +1000 S/390: Revert the jmp_buf/ucontext_t ABI change Backport of commit 2f438e20ab591641760e97458d5d1569942eced5 https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=75f66fe467b280d9fb192d3f32e06e4b20d12dcc commit 75f66fe467b280d9fb192d3f32e06e4b20d12dcc Author: Florian Weimer <fweimer@redhat.com> Date: Wed May 28 14:05:03 2014 +0200 manual: Update the locale documentation (cherry picked from commit 585367266923156ac6fb789939a923641ba5aaf4) Conflicts: manual/locale.texi https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ac39af9f195138a01b836fb4a30bd971de4aa163 commit ac39af9f195138a01b836fb4a30bd971de4aa163 Author: Florian Weimer <fweimer@redhat.com> Date: Mon May 12 15:24:12 2014 +0200 _nl_find_locale: Improve handling of crafted locale names [BZ #17137] Prevent directory traversal in locale-related environment variables (CVE-2014-0475). (cherry picked from commit 4e8f95a0df7c2300b830ec12c0ae1e161bc8a8a3) Addiational backporting fixes: Added tst-setlocale3-ENV to localedata/Makefile Conflicts: NEWS localedata/Makefile https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=2da15d05c54738ed2c53aaf555c7cf51a9057844 commit 2da15d05c54738ed2c53aaf555c7cf51a9057844 Author: Florian Weimer <fweimer@redhat.com> Date: Wed May 28 14:41:52 2014 +0200 setlocale: Use the heap for the copy of the locale argument This avoids alloca calls with potentially large arguments. (cherry picked from commit d183645616b0533b3acee28f1a95570bffbdf50f) https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6ccc1c41f52f93548b5eb64d106219e287052472 commit 6ccc1c41f52f93548b5eb64d106219e287052472 Author: Siddhesh Poyarekar <siddhesh@redhat.com> Date: Mon May 26 11:40:08 2014 +0530 Use NSS_STATUS_TRYAGAIN to indicate insufficient buffer (BZ #16878) The netgroups nss modules in the glibc tree use NSS_STATUS_UNAVAIL (with errno as ERANGE) when the supplied buffer does not have sufficient space for the result. This is wrong, because the canonical way to indicate insufficient buffer is to set the errno to ERANGE and the status to NSS_STATUS_TRYAGAIN, as is used by all other modules. This fixes nscd behaviour when the nss_ldap module returns NSS_STATUS_TRYAGAIN to indicate that a netgroup entry is too long to fit into the supplied buffer. (cherry picked from commit c3ec475c5dd16499aa040908e11d382c3ded9692) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4e27332819b6151ccb5031d0efd718d802168573 commit 4e27332819b6151ccb5031d0efd718d802168573 Author: Siddhesh Poyarekar <siddhesh@redhat.com> Date: Wed Mar 12 17:27:22 2014 +0530 Provide correct buffer length to netgroup queries in nscd (BZ #16695) The buffer to query netgroup entries is allocated sufficient space for the netgroup entries and the key to be appended at the end, but it sends in an incorrect available length to the NSS netgroup query functions, resulting in overflow of the buffer in some special cases. The fix here is to factor in the key length when sending the available buffer and buffer length to the query functions. (cherry picked from commit c44496df2f090a56d3bf75df930592dac6bba46f) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9583c3542133be925467c87df7f74882783d867d commit 9583c3542133be925467c87df7f74882783d867d Author: Maciej W. Rozycki <macro@codesourcery.com> Date: Fri Jun 20 21:52:53 2014 +0100 [BZ #16046] dl_iterate_phdr static executable test (cherry picked from commit 257ce7127e2f64a6a959b146786cd43de0e42b5f) https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=2ce47f454b6f1df5d2374fcac1b72e65e5f55a67 commit 2ce47f454b6f1df5d2374fcac1b72e65e5f55a67 Author: Andreas Schwab <schwab@linux-m68k.org> Date: Fri Jun 20 12:41:27 2014 +0200 Fix another memory leak in regexp compiler (BZ #17069) (cherry picked from commit aa6ec754f3b4b1df81d186480c534b6486a1e6ee) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=1f542fe398a1d02cce53d78f7a33e72078e7d4e9 commit 1f542fe398a1d02cce53d78f7a33e72078e7d4e9 Author: Andreas Schwab <schwab@linux-m68k.org> Date: Thu Jun 19 15:38:03 2014 +0200 Fix memory leak in regexp compiler (BZ #17069) (cherry picked from commit 4d43ef1e7434d7d419afbcd754931cb0c794763c) Conflicts: posix/Makefile https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d3b2d64576fcc1281841a48740f5f481d1b46a90 commit d3b2d64576fcc1281841a48740f5f481d1b46a90 Author: Andreas Schwab <schwab@suse.de> Date: Mon May 26 18:01:31 2014 +0200 Fix invalid file descriptor reuse while sending DNS query (BZ #15946) (cherry picked from commit f9d2d03254a58d92635a311a42253eeed5a40a47) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=40da893a143224b0a41a004eb5e971fc5d94381b commit 40da893a143224b0a41a004eb5e971fc5d94381b Author: Andreas Schwab <schwab@suse.de> Date: Tue Feb 18 10:57:25 2014 +0100 Properly fix memory leak in _nss_dns_gethostbyname4_r with big DNS answer Instead of trying to guess whether the second buffer needs to be freed set a flag at the place it is allocated (cherry picked from commit ab09bf616ad527b249aca5f2a4956fd526f0712f) https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3a4f226eaf6aff5529711f7fa3885a1cec815c32 commit 3a4f226eaf6aff5529711f7fa3885a1cec815c32 Author: Ondřej Bílka <neleai@seznam.cz> Date: Sun Feb 16 12:59:23 2014 +0100 Deduplicate resolv/nss_dns/dns-host.c In resolv/nss_dns/dns-host.c one of code path duplicated code after that. We merge these paths. (cherry picked from commit ab7ac0f2cf8731fe4c3f3aea6088a7c0127b5725) https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=efbeb31ba5277132b683011714f8e77bc2156aa2 commit efbeb31ba5277132b683011714f8e77bc2156aa2 Author: Andreas Schwab <schwab@suse.de> Date: Thu Feb 13 11:01:57 2014 +0100 Fix memory leak in _nss_dns_gethostbyname4_r with big DNS answer (cherry picked from commit d668061994a7486a3ba9c7d5e7882d85a2883707) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=968b59ad2aecdbe67ac5016c395a7e38fd682bb7 commit 968b59ad2aecdbe67ac5016c395a7e38fd682bb7 Author: Andreas Schwab <schwab@suse.de> Date: Thu May 8 16:53:01 2014 +0200 Fix unbound stack use in NIS NSS module (cherry picked from commit 315eb1d86aea489cd6325fd1c2521dcfb4fc0e1c) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=29fd33140d964e0e08207ceecbf479b85658fcb8 commit 29fd33140d964e0e08207ceecbf479b85658fcb8 Author: Allan McRae <allan@archlinux.org> Date: Sat Jun 21 17:23:55 2014 +1000 Mention CVE-2014-4043 in NEWS (cherry picked from commit d03efb2f979defd473955a455d66b949961d26b2) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8ec14bdc9c600cc273b242ebca6566fe15de107d commit 8ec14bdc9c600cc273b242ebca6566fe15de107d Author: Stefan Liebler <stli@linux.vnet.ibm.com> Date: Thu Jun 12 14:15:25 2014 +0200 posix_spawn_faction_addopen: Add missing string.h include directive This is needed to avoid a PLT call on s390. (cherry picked from commit 35a5e3e338ae17f3d42c60a708763c5d498fb840) https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e698ea2c03ddfdfa87459c1a0e53e2a4289de0fa commit e698ea2c03ddfdfa87459c1a0e53e2a4289de0fa Author: Florian Weimer <fweimer@redhat.com> Date: Wed Jun 11 23:12:52 2014 +0200 posix_spawn_file_actions_addopen needs to copy the path argument (BZ 17048) POSIX requires that we make a copy, so we allocate a new string and free it in posix_spawn_file_actions_destroy. Reported by David Reid, Alex Gaynor, and Glyph Lefkowitz. This bug may have security implications. (cherry picked from commit 89e435f3559c53084498e9baad22172b64429362) Conflicts: NEWS ----------------------------------------------------------------------- Summary of changes: ChangeLog | 247 ++++++++++++++++++++ NEWS | 40 +++- elf/Makefile | 2 +- elf/tst-dl-iter-static.c | 47 ++++ iconv/gconv_trans.c | 177 +-------------- iconvdata/Makefile | 1 + iconvdata/ibm1364.c | 3 +- iconvdata/ibm932.c | 5 +- iconvdata/ibm933.c | 2 +- iconvdata/ibm935.c | 2 +- iconvdata/ibm937.c | 2 +- iconvdata/ibm939.c | 2 +- iconvdata/ibm943.c | 5 +- iconvdata/run-iconv-test.sh | 18 ++ include/resolv.h | 6 +- locale/findlocale.c | 74 +++++- locale/setlocale.c | 14 +- localedata/ChangeLog | 6 + localedata/Makefile | 5 +- localedata/tst-setlocale3.c | 203 ++++++++++++++++ manual/locale.texi | 146 +++++++++--- nis/nss_nis/nis-hosts.c | 14 ++ nis/nss_nis/nis-initgroups.c | 7 + nis/nss_nis/nis-network.c | 7 + nis/nss_nis/nis-service.c | 14 ++ nptl/sysdeps/unix/sysv/linux/s390/pt-longjmp.c | 71 ++---- nscd/netgroupcache.c | 16 +- nss/nss_files/files-netgrp.c | 2 +- posix/Makefile | 10 +- posix/bug-regex36.c | 29 +++ posix/regcomp.c | 19 ++- posix/spawn_faction_addopen.c | 14 +- posix/spawn_faction_destroy.c | 22 ++- posix/spawn_int.h | 2 +- posix/tst-spawn.c | 10 +- resolv/gethnamaddr.c | 6 +- resolv/nss_dns/dns-canon.c | 2 +- resolv/nss_dns/dns-host.c | 32 ++-- resolv/nss_dns/dns-network.c | 4 +- resolv/res_query.c | 45 ++-- resolv/res_send.c | 22 ++- sysdeps/s390/Makefile | 9 - sysdeps/s390/Versions | 6 +- sysdeps/s390/__longjmp.c | 31 --- sysdeps/s390/bits/setjmp.h | 4 - sysdeps/s390/longjmp.c | 68 ++---- sysdeps/s390/rtld-__longjmp.c | 19 -- sysdeps/s390/rtld-global-offsets.sym | 7 - sysdeps/s390/rtld-setjmp.S | 20 -- sysdeps/s390/s390-32/__longjmp-common.c | 68 ------ sysdeps/s390/s390-32/__longjmp.c | 68 ++++++ sysdeps/s390/s390-32/setjmp-common.S | 84 ------- sysdeps/s390/s390-32/setjmp.S | 111 +++++++++ sysdeps/s390/s390-64/__longjmp-common.c | 74 ------ sysdeps/s390/s390-64/__longjmp.c | 74 ++++++ sysdeps/s390/s390-64/setjmp-common.S | 79 ------- sysdeps/s390/s390-64/setjmp.S | 106 +++++++++ sysdeps/s390/setjmp.S | 64 ----- sysdeps/s390/sigjmp.c | 34 --- sysdeps/s390/v1-longjmp.c | 57 ----- sysdeps/s390/v1-setjmp.h | 111 --------- sysdeps/s390/v1-sigjmp.c | 44 ---- sysdeps/unix/sysv/linux/s390/Makefile | 6 - sysdeps/unix/sysv/linux/s390/getcontext.S | 38 --- sysdeps/unix/sysv/linux/s390/longjmp_chk.c | 36 ++-- sysdeps/unix/sysv/linux/s390/rtld-getcontext.S | 19 -- .../unix/sysv/linux/s390/s390-32/____longjmp_chk.c | 24 +-- .../sysv/linux/s390/s390-32/getcontext-common.S | 112 --------- sysdeps/unix/sysv/linux/s390/s390-32/getcontext.S | 86 +++++++ .../unix/sysv/linux/s390/s390-32/nptl/libc.abilist | 1 - sysdeps/unix/sysv/linux/s390/s390-32/setcontext.S | 10 +- sysdeps/unix/sysv/linux/s390/s390-32/swapcontext.S | 24 +-- .../unix/sysv/linux/s390/s390-32/ucontext_i.sym | 26 -- .../unix/sysv/linux/s390/s390-64/____longjmp_chk.c | 25 +-- .../sysv/linux/s390/s390-64/getcontext-common.S | 79 ------- sysdeps/unix/sysv/linux/s390/s390-64/getcontext.S | 86 +++++++ .../unix/sysv/linux/s390/s390-64/nptl/libc.abilist | 1 - sysdeps/unix/sysv/linux/s390/s390-64/swapcontext.S | 14 +- sysdeps/unix/sysv/linux/s390/sys/ucontext.h | 13 - .../sysv/linux/s390/{s390-64 => }/ucontext_i.sym | 0 sysdeps/unix/sysv/linux/s390/v1-longjmp_chk.c | 35 --- 81 files changed, 1598 insertions(+), 1530 deletions(-) create mode 100644 elf/tst-dl-iter-static.c create mode 100644 localedata/tst-setlocale3.c create mode 100644 posix/bug-regex36.c delete mode 100644 sysdeps/s390/Makefile delete mode 100644 sysdeps/s390/__longjmp.c delete mode 100644 sysdeps/s390/rtld-__longjmp.c delete mode 100644 sysdeps/s390/rtld-global-offsets.sym delete mode 100644 sysdeps/s390/rtld-setjmp.S delete mode 100644 sysdeps/s390/s390-32/__longjmp-common.c create mode 100644 sysdeps/s390/s390-32/__longjmp.c delete mode 100644 sysdeps/s390/s390-32/setjmp-common.S create mode 100644 sysdeps/s390/s390-32/setjmp.S delete mode 100644 sysdeps/s390/s390-64/__longjmp-common.c create mode 100644 sysdeps/s390/s390-64/__longjmp.c delete mode 100644 sysdeps/s390/s390-64/setjmp-common.S create mode 100644 sysdeps/s390/s390-64/setjmp.S delete mode 100644 sysdeps/s390/setjmp.S delete mode 100644 sysdeps/s390/sigjmp.c delete mode 100644 sysdeps/s390/v1-longjmp.c delete mode 100644 sysdeps/s390/v1-setjmp.h delete mode 100644 sysdeps/s390/v1-sigjmp.c delete mode 100644 sysdeps/unix/sysv/linux/s390/getcontext.S delete mode 100644 sysdeps/unix/sysv/linux/s390/rtld-getcontext.S delete mode 100644 sysdeps/unix/sysv/linux/s390/s390-32/getcontext-common.S create mode 100644 sysdeps/unix/sysv/linux/s390/s390-32/getcontext.S delete mode 100644 sysdeps/unix/sysv/linux/s390/s390-32/ucontext_i.sym delete mode 100644 sysdeps/unix/sysv/linux/s390/s390-64/getcontext-common.S create mode 100644 sysdeps/unix/sysv/linux/s390/s390-64/getcontext.S rename sysdeps/unix/sysv/linux/s390/{s390-64 => }/ucontext_i.sym (100%) delete mode 100644 sysdeps/unix/sysv/linux/s390/v1-longjmp_chk.c
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, ibm/2.16/master has been created at dfc25d72984eb5a3354e104612d0ca0129af3f98 (commit) - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=dfc25d72984eb5a3354e104612d0ca0129af3f98 commit dfc25d72984eb5a3354e104612d0ca0129af3f98 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Wed Sep 25 13:43:04 2013 -0500 PowerPC: Fix POINTER_CHK_GUARD thread register for PPC64 https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=1442655ba419867ce1a045a97cdd7904ac1ad516 commit 1442655ba419867ce1a045a97cdd7904ac1ad516 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Mon Jan 20 12:29:51 2014 -0600 PowerPC: Fix gettimeofday ifunc selection The IFUNC selector for gettimeofday runs before _libc_vdso_platform_setup where __vdso_gettimeofday is set. The selector then sets __gettimeofday (the internal version used within GLIBC) to use the system call version instead of the vDSO one. This patch changes the check if vDSO is available to get its value directly instead of rely on __vdso_gettimeofday. This patch changes it by getting the vDSO value directly. It fixes BZ#16431. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=1bdb6daceb10307543599df3b118afd2109d2ec8 commit 1bdb6daceb10307543599df3b118afd2109d2ec8 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Thu Jan 16 06:53:18 2014 -0600 PowerPC: Fix ftime gettimeofday internal call returning bogus data This patches fixes BZ#16430 by setting a different symbol for internal GLIBC calls that points to ifunc resolvers. For PPC32, if the symbol is defined as hidden (which is the case for gettimeofday and time) the compiler will create local branches (symbol@local) and linker will not create PLT calls (required for IFUNC). This will leads to internal symbol calling the IFUNC resolver instead of the resolved symbol. For PPC64 this behavior does not occur because a call to a function in another translation unit might use a different toc pointer thus requiring a PLT call. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e3008132765936162552b15a77fe348c01074310 commit e3008132765936162552b15a77fe348c01074310 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Thu Nov 7 05:34:22 2013 -0600 PowerPC: Fix vDSO missing ODP entries This patch fixes the vDSO symbol used directed in IFUNC resolver where they do not have an associated ODP entry leading to undefined behavior in some cases. It adds an artificial OPD static entry to such cases and set its TOC to non 0 to avoid triggering lazy resolutions. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6ff69e1eb81719ee907642f615cef889d5bf8b2c commit 6ff69e1eb81719ee907642f615cef889d5bf8b2c Author: Carlos O'Donell <carlos@redhat.com> Date: Wed Nov 19 11:44:12 2014 -0500 CVE-2014-7817: wordexp fails to honour WRDE_NOCMD. The function wordexp() fails to properly handle the WRDE_NOCMD flag when processing arithmetic inputs in the form of "$((... ``))" where "..." can be anything valid. The backticks in the arithmetic epxression are evaluated by in a shell even if WRDE_NOCMD forbade command substitution. This allows an attacker to attempt to pass dangerous commands via constructs of the above form, and bypass the WRDE_NOCMD flag. This patch fixes this by checking for WRDE_NOCMD in exec_comm(), the only place that can execute a shell. All other checks for WRDE_NOCMD are superfluous and removed. We expand the testsuite and add 3 new regression tests of roughly the same form but with a couple of nested levels. On top of the 3 new tests we add fork validation to the WRDE_NOCMD testing. If any forks are detected during the execution of a wordexp() call with WRDE_NOCMD, the test is marked as failed. This is slightly heuristic since vfork might be used in the future, but it provides a higher level of assurance that no shells were executed as part of command substitution with WRDE_NOCMD in effect. In addition it doesn't require libpthread or libdl, instead we use the public implementation namespace function __register_atfork (already part of the public ABI for libpthread). Tested on x86_64 with no regressions. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3ded3d365f0237e92e8af90c878b233f265d7b4a commit 3ded3d365f0237e92e8af90c878b233f265d7b4a Author: Allan McRae <allan@archlinux.org> Date: Thu Dec 18 11:01:43 2014 +1000 Label CVE-2014-9402 in NEWS https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c7093fd0fedd8a0b4ed5b01347e3798219ba22ec commit c7093fd0fedd8a0b4ed5b01347e3798219ba22ec Author: Florian Weimer <fweimer@redhat.com> Date: Mon Dec 15 17:41:13 2014 +0100 Avoid infinite loop in nss_dns getnetbyname [BZ #17630] https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c9b43ec3890d5c750a5127a543a55cd94aa73c94 commit c9b43ec3890d5c750a5127a543a55cd94aa73c94 Author: Jeff Law <law@redhat.com> Date: Mon Dec 15 10:09:32 2014 +0100 CVE-2012-3406: Stack overflow in vfprintf [BZ #16617] A larger number of format specifiers coudld cause a stack overflow, potentially allowing to bypass _FORTIFY_SOURCE format string protection. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3b6ac4b1093333f364698ca3bb812c80b11c2f77 commit 3b6ac4b1093333f364698ca3bb812c80b11c2f77 Author: Allan McRae <allan@archlinux.org> Date: Sat Jun 21 17:23:55 2014 +1000 Mention CVE-2014-4043 in NEWS https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f7865ec21e8ad32929509796497fa3b44c3ef826 commit f7865ec21e8ad32929509796497fa3b44c3ef826 Author: Florian Weimer <fweimer@redhat.com> Date: Thu Jan 15 15:16:54 2015 -0500 posix_spawn_file_actions_addopen needs to copy the path argument (BZ 17048) POSIX requires that we make a copy, so we allocate a new string and free it in posix_spawn_file_actions_destroy. Reported by David Reid, Alex Gaynor, and Glyph Lefkowitz. This bug may have security implications. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c7a91d241b095855e06e0bd00287968df2f6d87e commit c7a91d241b095855e06e0bd00287968df2f6d87e Author: Florian Weimer <fweimer@redhat.com> Date: Mon May 12 15:24:12 2014 +0200 _nl_find_locale: Improve handling of crafted locale names [BZ #17137] Prevent directory traversal in locale-related environment variables (CVE-2014-0475). https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=588b214bc7fa3e54d6b679ed4b755e6d1310e61d commit 588b214bc7fa3e54d6b679ed4b755e6d1310e61d Author: Florian Weimer <fweimer@redhat.com> Date: Tue Aug 26 19:38:59 2014 +0200 __gconv_translit_find: Disable function [BZ #17187] This functionality has never worked correctly, and the implementation contained a security vulnerability (CVE-2014-5119). https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bd51e93f9305e37aa17e08dbdb86a2e146c09eff commit bd51e93f9305e37aa17e08dbdb86a2e146c09eff Author: Florian Weimer <fweimer@redhat.com> Date: Wed Sep 3 19:45:43 2014 +0200 CVE-2014-6040: Crashes on invalid input in IBM gconv modules [BZ #17325] These changes are based on the fix for BZ #14134 in commit 6e230d11837f3ae7b375ea69d7905f0d18eb79e5. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=97ef0b2223e10fe3053494defd8a008d7dd9d6d8 commit 97ef0b2223e10fe3053494defd8a008d7dd9d6d8 Author: Will Newton <will.newton@linaro.org> Date: Fri Sep 13 09:26:02 2013 +0100 Add CVE-2013-4332 to NEWS. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ccb8f6bab96cfcc7aedf5cd0d1946f26b028d733 commit ccb8f6bab96cfcc7aedf5cd0d1946f26b028d733 Author: Will Newton <will.newton@linaro.org> Date: Fri Aug 16 12:54:29 2013 +0100 malloc: Check for integer overflow in memalign. A large bytes parameter to memalign could cause an integer overflow and corrupt allocator internals. Check the overflow does not occur before continuing with the allocation. ChangeLog: 2013-09-11 Will Newton <will.newton@linaro.org> [BZ #15857] * malloc/malloc.c (__libc_memalign): Check the value of bytes does not overflow. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f1292792799a507711ce24b497e40f8fea8f9c9c commit f1292792799a507711ce24b497e40f8fea8f9c9c Author: Will Newton <will.newton@linaro.org> Date: Fri Aug 16 11:59:37 2013 +0100 malloc: Check for integer overflow in valloc. A large bytes parameter to valloc could cause an integer overflow and corrupt allocator internals. Check the overflow does not occur before continuing with the allocation. ChangeLog: 2013-09-11 Will Newton <will.newton@linaro.org> [BZ #15856] * malloc/malloc.c (__libc_valloc): Check the value of bytes does not overflow. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b1e934aed5170eb8948e0f3c6618c9431d6810ad commit b1e934aed5170eb8948e0f3c6618c9431d6810ad Author: Will Newton <will.newton@linaro.org> Date: Mon Aug 12 15:08:02 2013 +0100 malloc: Check for integer overflow in pvalloc. A large bytes parameter to pvalloc could cause an integer overflow and corrupt allocator internals. Check the overflow does not occur before continuing with the allocation. ChangeLog: 2013-09-11 Will Newton <will.newton@linaro.org> [BZ #15855] * malloc/malloc.c (__libc_pvalloc): Check the value of bytes does not overflow. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bcd619797e785f90cc9fd67208267c26c8e4b40d commit bcd619797e785f90cc9fd67208267c26c8e4b40d Author: Florian Weimer <fweimer@redhat.com> Date: Fri Aug 16 09:38:52 2013 +0200 CVE-2013-4237, BZ #14699: Buffer overflow in readdir_r * sysdeps/posix/dirstream.h (struct __dirstream): Add errcode member. * sysdeps/posix/opendir.c (__alloc_dir): Initialize errcode member. * sysdeps/posix/rewinddir.c (rewinddir): Reset errcode member. * sysdeps/posix/readdir_r.c (__READDIR_R): Enforce NAME_MAX limit. Return delayed error code. Remove GETDENTS_64BIT_ALIGNED conditional. * sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c: Do not define GETDENTS_64BIT_ALIGNED. * sysdeps/unix/sysv/linux/i386/readdir64_r.c: Likewise. * manual/filesys.texi (Reading/Closing Directory): Document ENAMETOOLONG return value of readdir_r. Recommend readdir more strongly. * manual/conf.texi (Limits for Files): Add portability note to NAME_MAX, PATH_MAX. (Pathconf): Add portability note for _PC_NAME_MAX, _PC_PATH_MAX. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6fd8e941423354e6c7a951d37a60d2f1424d568e commit 6fd8e941423354e6c7a951d37a60d2f1424d568e Author: Carlos O'Donell <carlos@redhat.com> Date: Mon Sep 23 00:52:09 2013 -0400 BZ #15754: CVE-2013-4788 The pointer guard used for pointer mangling was not initialized for static applications resulting in the security feature being disabled. The pointer guard is now correctly initialized to a random value for static applications. Existing static applications need to be recompiled to take advantage of the fix. The test tst-ptrguard1-static and tst-ptrguard1 add regression coverage to ensure the pointer guards are sufficiently random and initialized to a default value. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a243b1a0797180e142d525d1325a173c758c3714 commit a243b1a0797180e142d525d1325a173c758c3714 Author: Siddhesh Poyarekar <siddhesh@redhat.com> Date: Mon Sep 23 11:24:30 2013 +0530 Check for integer overflow in cache size computation in strcoll strcoll is implemented using a cache for indices and weights of collation sequences in the strings so that subsequent passes do not have to search through collation data again. For very large string inputs, the cache size computation could overflow. In such a case, use the fallback function that does not cache indices and weights of collation sequences. Fixes CVE-2012-4412. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c1132021659d22753104762a074d6339ae6cbd01 commit c1132021659d22753104762a074d6339ae6cbd01 Author: Siddhesh Poyarekar <siddhesh@redhat.com> Date: Mon Sep 23 11:20:02 2013 +0530 Fall back to non-cached sequence traversal and comparison on malloc fail strcoll currently falls back to alloca if malloc fails, resulting in a possible stack overflow. This patch implements sequence traversal and comparison without caching indices and rules. Fixes CVE-2012-4424. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=2dc811b78adc97b5f5d951716df30053a24da1a1 commit 2dc811b78adc97b5f5d951716df30053a24da1a1 Author: Siddhesh Poyarekar <siddhesh@redhat.com> Date: Tue Aug 20 08:40:05 2013 +0530 Simplify strcoll implementation Break up strcoll into simpler functions so that the logic is easier to follow and maintain. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9b951f59aa3c2f2d58d398aab146951216f9ff8d commit 9b951f59aa3c2f2d58d398aab146951216f9ff8d Author: Siddhesh Poyarekar <siddhesh@redhat.com> Date: Fri Oct 25 10:22:12 2013 +0530 Fix stack overflow due to large AF_INET6 requests Resolves #16072 (CVE-2013-4458). This patch fixes another stack overflow in getaddrinfo when it is called with AF_INET6. The AF_UNSPEC case was fixed as CVE-2013-1914, but the AF_INET6 case went undetected back then. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=302c61e2d3536a6ff99d518499771afd6a951b0c commit 302c61e2d3536a6ff99d518499771afd6a951b0c Author: Andreas Schwab <schwab@suse.de> Date: Tue Jan 29 14:45:15 2013 +0100 Fix buffer overrun in regexp matcher https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b7e0492e183efc24e5658c860ca5711e00524dd7 commit b7e0492e183efc24e5658c860ca5711e00524dd7 Author: Carlos O'Donell <carlos@redhat.com> Date: Fri Jul 19 02:42:03 2013 -0400 CVE-2013-2207, BZ #15755: Disable pt_chown. The helper binary pt_chown tricked into granting access to another user's pseudo-terminal. Pre-conditions for the attack: * Attacker with local user account * Kernel with FUSE support * "user_allow_other" in /etc/fuse.conf * Victim with allocated slave in /dev/pts Using the setuid installed pt_chown and a weak check on whether a file descriptor is a tty, an attacker could fake a pty check using FUSE and trick pt_chown to grant ownership of a pty descriptor that the current user does not own. It cannot access /dev/pts/ptmx however. In most modern distributions pt_chown is not needed because devpts is enabled by default. The fix for this CVE is to disable building and using pt_chown by default. We still provide a configure option to enable hte use of pt_chown but distributions do so at their own risk. Cherry-pick of e4608715e6e1dd2adc91982fd151d5ba4f761d69. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=02a002fe9c0b65532643a88b01253e95ba8ba8c6 commit 02a002fe9c0b65532643a88b01253e95ba8ba8c6 Author: Jeff Law <law@redhat.com> Date: Wed Nov 28 14:12:28 2012 -0700 [BZ #14889] * sunrpc/rpc/svc.h (__svc_accept_failed): New prototype. * sunrpc/svc.c: Include time.h. (__svc_accept_failed): New function. * sunrpc/svc_tcp.c (rendezvous_request): If the accept fails for any reason other than EINTR, call __svc_accept_failed. * sunrpc/svc_udp.c (svcudp_recv): Similarly. * sunrpc/svc_unix.c (rendezvous_request): Similarly. Cherry-pick of 14bc93a967e62abf8cf2704725b6f76619399f83 https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3b498440aac70e994f32f45a31102964313af690 commit 3b498440aac70e994f32f45a31102964313af690 Author: Andreas Schwab <schwab@suse.de> Date: Wed Nov 28 10:24:06 2012 +0100 Properly handle indirect functions in ABI check on powerpc64 https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8282b7f2aa6380e8a91515f748d4693d8151fc4f commit 8282b7f2aa6380e8a91515f748d4693d8151fc4f Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Fri Apr 26 13:00:56 2013 -0500 PowerPC: modf optimization fix This patch fix the 3c0265394d9ffedff2b0de508602dc52e077ce5c commits by correctly setting minimum architecture for modf PPC optimization to power5+ instead of power5 (since only on power5+ round/ceil will be inline to inline assembly). https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=17e599d2613c2a2e4cb6d5c3f9d5f626879aa63f commit 17e599d2613c2a2e4cb6d5c3f9d5f626879aa63f Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Mon Mar 25 16:10:06 2013 -0500 PowerPC: modf optimization This patch implements modf/modff optimization for POWER by focus on FP operations instead of relying in integer ones. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=60dc6d12c5c61b05013cb15f63349dd3d343f26d commit 60dc6d12c5c61b05013cb15f63349dd3d343f26d Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Wed Mar 13 10:46:08 2013 -0300 PowerPC: Change sched_getcpu to use vDSO getcpu instead of syscall. Backport of d5e0b9bd6e296f3ec5263fa296d39f3fed9b8fa2. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=cc328ae264f5b97d2811a95d84112bb1c6c7cae3 commit cc328ae264f5b97d2811a95d84112bb1c6c7cae3 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Mon Mar 4 22:02:41 2013 -0300 PowerPC: gettimeofday optimization by using IFUNC https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=36016f626e72f5d1cb6107deeab29768d82ff7e3 commit 36016f626e72f5d1cb6107deeab29768d82ff7e3 Merge: 4e1f97c 043c748 Author: Ryan S. Arnold <rsa@linux.vnet.ibm.com> Date: Fri Mar 1 16:20:18 2013 -0600 Merge remote branch 'remotes/origin/release/2.16/master' into local_ibm_2.16 https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4e1f97ccdcc257eba262667f7a3179a7d530330d commit 4e1f97ccdcc257eba262667f7a3179a7d530330d Author: Mike Frysinger <vapier@gentoo.org> Date: Wed Nov 28 23:04:32 2012 -0500 byteswap.h: fix gcc ver test for __builtin_bswap{32,64} The __builtin_bswap* functions were introduced in gcc-4.3, not gcc-4.2. Fix the __GNUC_PREREQ tests to reflect this. Otherwise trying to compile code with gcc-4.2 falls down: In file included from /usr/include/endian.h:60, from /usr/include/ctype.h:40, /usr/include/bits/byteswap.h: In function 'unsigned int __bswap_32(unsigned int)': /usr/include/bits/byteswap.h:46: error: '__builtin_bswap32' was not declared in this scope /usr/include/bits/byteswap.h: In function 'long long unsigned int __bswap_64(long long unsigned int)': /usr/include/bits/byteswap.h:110: error: '__builtin_bswap64' was not declared in this scope Signed-off-by: Mike Frysinger <vapier@gentoo.org> (cherry picked from commit c9d6789ebe028a260d3e5be0c26b7d02fdfe99fe) https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=025b233a88a30f5f0474ff2c6051313eb33e5689 commit 025b233a88a30f5f0474ff2c6051313eb33e5689 Author: Joseph Myers <joseph@codesourcery.com> Date: Tue Nov 20 00:04:45 2012 +0000 Fix __bswap_64 return type in generic bits/byteswap.h. (cherry picked from commit ecd4caf9783c99fb068a100c35899a0c3a3c6d98) https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=2c739e2cffb65d80787cfa861f9f6c62de327ad6 commit 2c739e2cffb65d80787cfa861f9f6c62de327ad6 Author: H.J. Lu <hjl.tools@gmail.com> Date: Fri Oct 12 09:21:47 2012 -0700 Use __uint64_t in x86 __bswap_64 (cherry picked from commit d394eb742a3565d7fe7a4b02710a60b5f219ee64) https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a24f8ac8e65b451efc81839dd653d0a0e95a23ab commit a24f8ac8e65b451efc81839dd653d0a0e95a23ab Author: Andreas Schwab <schwab@linux-m68k.org> Date: Tue May 1 17:10:10 2012 +0200 Fix missing _mcount@GLIBC_2.0 on powerpc32 (cherry picked from commit 261f485936b283f4327fc1f2fc8fd1705d805c12) https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=94464655b576985fdd5f66f7f6126ee1f92a41cc commit 94464655b576985fdd5f66f7f6126ee1f92a41cc Author: Peter Bergner <bergner@vnet.ibm.com> Date: Fri Jul 6 13:24:49 2012 -0500 Add AT_PLATFORM env variable to ld.so to override auxv AT_PLATFORM. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d846920271a0f4dc54c0dbbd56998228e75e776c commit d846920271a0f4dc54c0dbbd56998228e75e776c Author: Ryan S. Arnold <rsa@linux.vnet.ibm.com> Date: Fri Jul 6 13:03:09 2012 -0500 Remove assert() if DT_RUNPATH and DT_RPATH flags are found in ld.so. -----------------------------------------------------------------------
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, ibm/2.19/master has been created at 88a8a351f3a6a95205a1499fd68b79fc3d0b9d19 (commit) - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=88a8a351f3a6a95205a1499fd68b79fc3d0b9d19 commit 88a8a351f3a6a95205a1499fd68b79fc3d0b9d19 Author: Carlos O'Donell <carlos@redhat.com> Date: Wed Nov 19 11:44:12 2014 -0500 CVE-2014-7817: wordexp fails to honour WRDE_NOCMD. The function wordexp() fails to properly handle the WRDE_NOCMD flag when processing arithmetic inputs in the form of "$((... ``))" where "..." can be anything valid. The backticks in the arithmetic epxression are evaluated by in a shell even if WRDE_NOCMD forbade command substitution. This allows an attacker to attempt to pass dangerous commands via constructs of the above form, and bypass the WRDE_NOCMD flag. This patch fixes this by checking for WRDE_NOCMD in exec_comm(), the only place that can execute a shell. All other checks for WRDE_NOCMD are superfluous and removed. We expand the testsuite and add 3 new regression tests of roughly the same form but with a couple of nested levels. On top of the 3 new tests we add fork validation to the WRDE_NOCMD testing. If any forks are detected during the execution of a wordexp() call with WRDE_NOCMD, the test is marked as failed. This is slightly heuristic since vfork might be used in the future, but it provides a higher level of assurance that no shells were executed as part of command substitution with WRDE_NOCMD in effect. In addition it doesn't require libpthread or libdl, instead we use the public implementation namespace function __register_atfork (already part of the public ABI for libpthread). Tested on x86_64 with no regressions. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=32404a33a03747951daafde164e3b14464c28fe9 commit 32404a33a03747951daafde164e3b14464c28fe9 Author: Allan McRae <allan@archlinux.org> Date: Thu Dec 18 11:01:43 2014 +1000 Label CVE-2014-9402 in NEWS https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d2a6f3a27b791d91beec2ea91f293ec898080904 commit d2a6f3a27b791d91beec2ea91f293ec898080904 Author: Florian Weimer <fweimer@redhat.com> Date: Mon Dec 15 17:41:13 2014 +0100 Avoid infinite loop in nss_dns getnetbyname [BZ #17630] https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=39700792d4224af99ab52ea26e98a0a2a2ed6ac6 commit 39700792d4224af99ab52ea26e98a0a2a2ed6ac6 Author: Jeff Law <law@redhat.com> Date: Mon Dec 15 10:09:32 2014 +0100 CVE-2012-3406: Stack overflow in vfprintf [BZ #16617] A larger number of format specifiers coudld cause a stack overflow, potentially allowing to bypass _FORTIFY_SOURCE format string protection. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5cefe3fc8f35b50eb84cbb740268539a40651173 commit 5cefe3fc8f35b50eb84cbb740268539a40651173 Author: Allan McRae <allan@archlinux.org> Date: Sat Jun 21 17:23:55 2014 +1000 Mention CVE-2014-4043 in NEWS https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=eece504424b59a1d8de7b4da9c64e24acaa6fbe0 commit eece504424b59a1d8de7b4da9c64e24acaa6fbe0 Author: Florian Weimer <fweimer@redhat.com> Date: Wed Jun 11 23:12:52 2014 +0200 posix_spawn_file_actions_addopen needs to copy the path argument (BZ 17048) POSIX requires that we make a copy, so we allocate a new string and free it in posix_spawn_file_actions_destroy. Reported by David Reid, Alex Gaynor, and Glyph Lefkowitz. This bug may have security implications. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=dcf0cce30d91100005e9aeb002096236325648fb commit dcf0cce30d91100005e9aeb002096236325648fb Author: Florian Weimer <fweimer@redhat.com> Date: Mon May 12 15:24:12 2014 +0200 _nl_find_locale: Improve handling of crafted locale names [BZ #17137] Prevent directory traversal in locale-related environment variables (CVE-2014-0475). https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a5da5d74ff2e0a6ee267f283be8dbccc92cec59a commit a5da5d74ff2e0a6ee267f283be8dbccc92cec59a Author: Florian Weimer <fweimer@redhat.com> Date: Tue Aug 26 19:38:59 2014 +0200 __gconv_translit_find: Disable function [BZ #17187] This functionality has never worked correctly, and the implementation contained a security vulnerability (CVE-2014-5119). https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e6cbfc1fa2c64cad3c599f419dd154cec5af23cc commit e6cbfc1fa2c64cad3c599f419dd154cec5af23cc Author: Florian Weimer <fweimer@redhat.com> Date: Wed Sep 3 19:45:43 2014 +0200 CVE-2014-6040: Crashes on invalid input in IBM gconv modules [BZ #17325] These changes are based on the fix for BZ #14134 in commit 6e230d11837f3ae7b375ea69d7905f0d18eb79e5. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=fa7cc069f4eb29c00ec3a833d73ec4a473b11c8a commit fa7cc069f4eb29c00ec3a833d73ec4a473b11c8a Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Tue Jul 29 13:56:44 2014 -0500 PowerPC: Fix gprof entry point for LE This patch fixes the ELFv2 gprof entry point since the ABI does not define function descriptors. It fixes BZ#17213. This is a backport of a53fbd8e6cd2f69bdfa3431d616a5f332aea6664. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3c640c4acb9bc2c2cc7fa77d5ce1254953761dc1 commit 3c640c4acb9bc2c2cc7fa77d5ce1254953761dc1 Author: Alan Modra <amodra@gmail.com> Date: Mon Jul 14 21:14:50 2014 +0930 Correct DT_PPC64_NUM [BZ #17153] * elf/elf.h (DT_PPC64_NUM): Correct value. * NEWS: Add to fixed bug list. This is a backport of f6c44d475104e931bab2b4ffa499961088de673c. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=957afa3407c426969eaaa348981b9648d5191ae2 commit 957afa3407c426969eaaa348981b9648d5191ae2 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Tue Jul 8 08:54:09 2014 -0500 PowerPC: Cleanup powerpc memmove Now that MEMCPY_OK_FOR_FWD_MEMMOVE should be define on memcopy.h there is no need to specialized powerpc memmove implementation. This patch moves the define set to powerpc memcopy and cleanup its definition on powerpc code. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8d9513a103bdd202ffa4884bdedc2c3c0dbab210 commit 8d9513a103bdd202ffa4884bdedc2c3c0dbab210 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Tue Jul 8 08:49:54 2014 -0500 PowerPC: Fix compiler warnings This patch fixes some compiler due trailing data in #undef directives and due missing prototypes. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b00ec143897f076ecbcedc7369b4b74e0c7f6d14 commit b00ec143897f076ecbcedc7369b4b74e0c7f6d14 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Tue Jul 8 08:35:44 2014 -0500 PowerPC: Add ifunc tests for memmove This patch add the missing ifunc tests definition for memmove ppc32 optimization patch (commit 07aedd7). This is a backport of 91f4b564bd7bedcd93e7047cad570ce292d6330b. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=565e3d6c8230affd7089bf5ebfcebbf72f32a27c commit 565e3d6c8230affd7089bf5ebfcebbf72f32a27c Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Wed Jun 25 11:54:31 2014 -0500 PowerPC: Align power7 memcpy using VSX to quadword This patch changes power7 memcpy to use VSX instructions only when memory is aligned to quardword. It is to avoid unaligned kernel traps on non-cacheable memory (for instance, memory-mapped I/O). https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6fae3527af330c32399e3a4cdfac3958fc440eb8 commit 6fae3527af330c32399e3a4cdfac3958fc440eb8 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Tue Jun 24 08:47:52 2014 -0500 PowerPC: optimized memmove for POWER7/PPC32 This patch adds a optimized memmove for power7 by using the optimized power7 memcpy for forward copying. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5d55f9b05ecb85b7a543f641829479cfb081f380 commit 5d55f9b05ecb85b7a543f641829479cfb081f380 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Fri Jun 20 12:55:16 2014 -0500 PowerPC: optimized memmove for POWER7/PPC64 This patch adds an optimized memmove optimization for POWER7/powerpc64. Basically the idea is to use the memcpy for POWER7 on non-overlapped memory regions and a optimized backward memcpy for memory regions that overlap (similar to the idea of string/memmove.c). The backward memcpy algorithm used is similar the one use for memcpy for POWER7, with adjustments done for alignment. The difference is memory is always aligned to 16 bytes before using VSX/altivec instructions. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=dde00e9914370ddd90c9bbc4f3f0e455efae4b47 commit dde00e9914370ddd90c9bbc4f3f0e455efae4b47 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Tue Jun 24 06:42:31 2014 -0500 PowerPC: memmove default implementation cleanup This patch removes the powerpc specific logic in memmove and instead include default implementation with MEMCPY_OK_FOR_FWD_MEMMOVE defined. This lead in a increase performance, since the constraints to use memcpy in powerpc code are too restrictive and memcpy can be used for any forward memmove. This is a backport of d6f68bbef4427850c2901728a1d13efc0e687297. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9841a0850ed3be4310ec6b49c3349e39a6f0f481 commit 9841a0850ed3be4310ec6b49c3349e39a6f0f481 Author: Vidya Ranganathan <vidya@linux.vnet.ibm.com> Date: Wed Jun 11 22:21:20 2014 -0500 PowerPC: strcat optimization for PPC64/POWER7 This patch adds an ifunc power7 strcat symbol that uses the logic on sysdeps/powerpc/strcat.c but call power7 strlen/strcpy symbols instead of default ones. This is a backport of bc8ea38590070604006399e42469087e943fc8ec. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ded8852b37f673b8e66163b44f70504dc5af0985 commit ded8852b37f673b8e66163b44f70504dc5af0985 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Mon Jun 23 09:38:47 2014 -0500 PowerPC: sync hwcap.h capabilities Linux commit dd58a092c4202f2bd490adab7285b3ff77f8e467 added the PPC_FEATURE2_VEC_CRYPTO auvx capability to indicate whether to hardware supports vector crypto hardware instructions. This patch adds its definition to powerpc hwcap bits. This is a backport of db22400947e1c82153e5270d23fed53fc1e3a659. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=7e986751f5c05f3363c01c717972f87a681da0d0 commit 7e986751f5c05f3363c01c717972f87a681da0d0 Author: Rajalakshmi Srinivasaraghavan <raji@linux.vnet.ibm.com> Date: Tue Jun 17 08:46:25 2014 -0500 PowerPC: Fix nearbyintl failure for few inputs This patch fixes few failures in nearbyintl() where the fraction part is close to 0.5.i The new tests added report few extra failures in nearbyint_downward and nearbyint_towardzero which is a known issue. Fixes #17031. This is a backport of 754c5a08aacb44895d1ab97c553ce424eb43f761. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=2289a56644fc05786e2d5637c76d47afea7d38b9 commit 2289a56644fc05786e2d5637c76d47afea7d38b9 Author: Vidya Ranganathan <vidya@linux.vnet.ibm.com> Date: Fri Jun 6 07:56:07 2014 -0500 PowerPC: Optimized strcmp for PPC64/POWER7 Optimization is achieved on 8 byte aligned strings with double word comparison using cmpb instruction. On unaligned strings loop unrolling is applied for Power7 gain. It is a backport of e23d3d2690bf63207b1a47e83a94693daebbbfe5. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=010c023685495f4cd907b7bf7d15375edcbe1ead commit 010c023685495f4cd907b7bf7d15375edcbe1ead Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Fri Jun 6 09:37:07 2014 -0500 PowerPC: Fix optimized strncat strlen call This patch fixes the optimized ppc64/power7 strncat strlen call for static build without ifunc enabled. The strlen symbol to call in such situation is just strlen, instead of __GI_strlen (since the __GI_ alias is just created for shared objects). It is a backport of ed36bfa18faf9be457575568e64b8409e46caa22. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6f0aba1acab171bd853905b66c551336aa0adcf9 commit 6f0aba1acab171bd853905b66c551336aa0adcf9 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Tue Apr 8 17:25:14 2014 -0500 PowerPC: Fix --disable-multi-arch builds This patch fixes some powerpc32 and powerpc64 builds with --disable-multi-arch option along with different --with-cpu=powerN. It cleanups the Implies directories by removing the multiarch folder for non multiarch config and also fixing two assembly implementations: powerpc64/power7/strncat.S that is calling the wrong strlen; and power8/fpu/s_isnan.S that misses the hidden_def and weak_alias directives. It is a backport of de21c33c068c8e39afb5711613a7c083c11ce6a1. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e40df8c4677611afc48601472675593dfd087e4b commit e40df8c4677611afc48601472675593dfd087e4b Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Thu May 22 14:48:38 2014 -0500 PowerPC: Remove 64 bits instructions in PPC32 code This patch replaces the insrdi by insrwi in powerpc32 assembly. It is a backport of d298c41635ce7f2dc7c3eccc842fe3aa754c0c8e. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a448439dfffc0878121e0941be9717e05786b1fe commit a448439dfffc0878121e0941be9717e05786b1fe Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Thu May 22 07:53:44 2014 -0500 PowerPC: Fix memchr ifunc hidden symbol for PPC32 This patch fixes a similar issue to 736c304a1ab4cee36a2f3343f1698bc0abae4608, where for PPC32 if the symbol is defined as hidden (memchr) then compiler will create a local branc (symbol@local) and the linker will not create a required PLT call to make the ifunc work. It changes the default hidden symbol (__GI_memchr) to default memchr symbol for powerpc32 (__memchr_ppc32). Backport of 3d2badacf185fac740a2992240a817fb2ca325af. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c725f80591aa98c5c0270feb80e857c5943c861a commit c725f80591aa98c5c0270feb80e857c5943c861a Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Mon May 19 17:56:55 2014 -0500 PowerPC: Fix multiarch hypotf PPC64 path This patch moves the hypotf multiarch implementation to correct path. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=1db8c8c873e6112ee4ecddf1eff54f4abaab91a7 commit 1db8c8c873e6112ee4ecddf1eff54f4abaab91a7 Author: Vidya Ranganathan <vidya@linux.vnet.ibm.com> Date: Mon May 5 19:10:45 2014 -0500 PowerPC: strncpy/stpncpy optimization for PPC64/POWER7 The optimization is achieved by following techniques: > data alignment [gain from aligned memory access on read/write] > POWER7 gains performance with loop unrolling/unwinding [gain by reduction of branch penalty]. > zero padding done by calling optimized memset https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=08111251bbd7275024d9c945f442f61b06d98910 commit 08111251bbd7275024d9c945f442f61b06d98910 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Fri May 2 12:00:36 2014 -0500 PowerPC: ifunc improvement for internal calls This patch changes de default symbol redirection for internal call of memcpy, memset, memchr, and strlen to the IFUNC resolved ones. The performance improvement is noticeable in algorithms that uses these symbols extensible, like the regex functions. This is a backport of 19c4bec0f43599eecc2f32de96ae179cd7d64053. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a8050d789589b73e7908b806d5c929facf76cc6b commit a8050d789589b73e7908b806d5c929facf76cc6b Author: Alan Modra <amodra@gmail.com> Date: Wed Apr 16 19:33:32 2014 +0930 Correct IBM long double frexpl. Besides fixing the bugzilla, this also fixes corner-cases where the high and low double differ greatly in magnitude, and handles a denormal input without resorting to a fp rescale. [BZ #16740] [BZ #16619] * sysdeps/ieee754/ldbl-128ibm/s_frexpl.c (__frexpl): Rewrite. * math/libm-test.inc (frexp_test_data): Add tests. Backport of aa5f0ff11ad2cc85277c64cf65c723a9664e1149 and 9860b0450275ad2b69cb9360fd01d5c122a65fc5. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=154d4d95f48061d5ab890c85b6015221c1accc6e commit 154d4d95f48061d5ab890c85b6015221c1accc6e Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Sun Apr 6 14:50:11 2014 -0500 PowerPC: Fix nearbyint/nearbyintf result for FE_DOWNWARD This patch fixes the powerpc32 optimized nearbyint/nearbyintf bogus results for FE_DOWNWARD rounding mode. This is due wrong instructions sequence used in the rounding calculation (two subtractions instead of adition and a subtraction). Fixes BZ#16815. Backport of 8bd70862e11023e7f827f240a5a214f847ae982d. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e266b71770050a4d0cb276f4afea1c5b05215184 commit e266b71770050a4d0cb276f4afea1c5b05215184 Author: Alan Modra <amodra@gmail.com> Date: Wed Apr 2 13:46:19 2014 +1030 Correct IBM long double nextafterl. Fix for values near a power of two, and some tidies. [BZ #16739] * sysdeps/ieee754/ldbl-128ibm/s_nextafterl.c (__nextafterl): Correct output when value is near a power of two. Use int64_t for lx and remove casts. Use decimal rather than hex exponent constants. Don't use long double multiplication when double will suffice. * math/libm-test.inc (nextafter_test_data): Add tests. * NEWS: Add 16739 and 16786 to bug list. Backport of b0abbc21034f0e5edc49023d8fda0616173faf17. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b23fc92895aff0ce3d3134a91adaa253bffd187a commit b23fc92895aff0ce3d3134a91adaa253bffd187a Author: Alan Modra <amodra@gmail.com> Date: Wed Apr 2 13:42:27 2014 +1030 Correct prefetch hint in power7 memrchr. Typo fix. * sysdeps/powerpc/powerpc64/power7/memrchr.S: Correct stream hint. Backport of af6b17973cbc07ac06cfb40eeab5cc2391fb489a. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=acd56f757b4e5ab8737b9564bd7a4ad1009acd8d commit acd56f757b4e5ab8737b9564bd7a4ad1009acd8d Author: Alan Modra <amodra@gmail.com> Date: Wed Apr 2 13:40:21 2014 +1030 Fix reference to toc symbol. https://sourceware.org/ml/binutils/2014-03/msg00033.html removes the "magic" treatment of symbols defined in a .toc section. * sysdeps/powerpc/powerpc64/start.S: Add @toc to toc symbol reference. Backport of 483818d768ed99a5edf4114298a75ebedaee8d5c. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=fd5100c480beef3d36c4bf74b6a23529695d036c commit fd5100c480beef3d36c4bf74b6a23529695d036c Author: Alan Modra <amodra@gmail.com> Date: Tue Apr 1 14:07:42 2014 +1030 Fix s_copysign stack temp for PowerPC64 ELFv2 [BZ #16786] * sysdeps/powerpc/powerpc64/fpu/s_copysign.S: Don't trash stack. Backport of c859b32e9d76afe8a3f20bb9528961a573c06937. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a51aafa398ed7dd2a0a846c1b2ed8a37909609eb commit a51aafa398ed7dd2a0a846c1b2ed8a37909609eb Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Mon Mar 31 08:07:55 2014 -0500 PowerPC: Fix little endian enconding for mfvsrd This patch fixes the MFVSRD_R3_V1 macro that encodes 'mfvsrd r3,vs1' (to support old binutils) for little endian. Backport of 757d9dd5c3efa56fac75965abc014faaae7b7895. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=62caa3eed2a154a61a01df3a5f3dde3ff400f4d4 commit 62caa3eed2a154a61a01df3a5f3dde3ff400f4d4 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Thu Mar 20 15:28:07 2014 -0500 PowerPC: optimized strpbrk for POWER7 This patch add an optimized strpbrk for POWER7 by using a different algorithm than default implementation: it constructs a table based on the 'accept' argument and use this table to check for any occurance on the input string. The idea is similar as x86_64 uses. For PowerPC some tunings were added, such as unroll loops and memory clear using VSX instructions. Backport of 6f23d0939e9651d8ac3c77a835fb6464b35a1dc4 https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c0afc58657f482f4c31ccade06e7b059e761186c commit c0afc58657f482f4c31ccade06e7b059e761186c Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Thu Mar 20 11:24:52 2014 -0500 PowerPC: optimized strcspn for PPC64/POWER7 This patch add a optimized strcspn for POWER7 by using a different algorithm than default implementation: it constructs a table based on the 'accept' argument and use this table to check for any occurance on the input string. The idea is similar as x86_64 uses. For PowerPC some tunings were added, such as unroll loops and align stack memory to table to 16 bytes (so VSX clean can ran without alignment issues). Backport of 6eaf95cbfa0031ea267682dc2c9c17ed3e3dc167 https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ac6d8452be2d582e4a2b14525c839c71b9351991 commit ac6d8452be2d582e4a2b14525c839c71b9351991 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Fri Mar 14 12:49:45 2014 -0500 PowerPC: remove wrong roundl implementation for PowerPC64 The roundl assembly implementation (sysdeps/powerpc/powerpc64/fpu/s_roundl.S) returns wrong results for some inputs where first double is a exact integer and the precision is determined by second long double. Checking on implementation comments and history, I am very confident the assembly implementation was based on a version before commit 5c68d401698a58cf7da150d9cce769fa6679ba5f that fixes BZ#2423 (Errors in long double (ldbl-128ibm) rounding functions in glibc-2.4). By just removing the implementation and make the build select sysdeps/ieee754/ldbl-128ibm/s_roundl.c instead fixes the failing math. This fixes 16707. Backport of c7de50250367167d8c9f35594b264f6a0af8dd0c https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c5ac422010eb6b384c3b4e45ab0049172f0ad688 commit c5ac422010eb6b384c3b4e45ab0049172f0ad688 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Fri Mar 14 12:27:52 2014 -0500 PowerPC: remove wrong nearbyintl implementation for PPC64 The nearbyintl assembly implementation (sysdeps/powerpc/powerpc64/fpu/s_nearbyintl.S) returns wrong results for some inputs where first double is a exact integer and the precision is determined by second long double. Checking on implementation comments and history, I am very confident the assembly implementation was based on a version before commit 5c68d401698a58cf7da150d9cce769fa6679ba5f that fixes BZ#2423 (Errors in long double (ldbl-128ibm) rounding functions in glibc-2.4). By just removing the implementation and make the build select sysdeps/ieee754/ldbl-128ibm/s_nearbyintl.c instead fixes the failing math. Fixes BZ#16706. Backport of 98fb27a373f37554232e0060eef1a5bb00a07eb0 https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=7986a2d12b7ea0653f0366200c703a3905edffd9 commit 7986a2d12b7ea0653f0366200c703a3905edffd9 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Fri Mar 14 07:35:43 2014 -0500 PowerPC: remove wrong ceill implementation for PowerPC64 The ceill assembly implementation (sysdeps/powerpc/powerpc64/fpu/s_ceill.S) returns wrong results for some inputs where first double is a exact integer and the precision is determined by second long double. Checking on implementation comments and history, I am very confident the assembly implementation was based on a version before commit 5c68d401698a58cf7da150d9cce769fa6679ba5f that fixes BZ#2423 (Errors in long double (ldbl-128ibm) rounding functions in glibc-2.4). By just removing the implementation and make the build select sysdeps/ieee754/ldbl-128ibm/s_ceill.c instead fixes the failing math. Fixes BZ#16701. Backport of 374f7f61214967bb4e2257695aeeeecc2a77f369 https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a56198dbb21767bde0003d3062d5ec7a8e1279f1 commit a56198dbb21767bde0003d3062d5ec7a8e1279f1 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Fri Mar 14 12:15:40 2014 -0500 Add truncl tests related to BZ#16414 Backport of 4655c291d1808c35b7c54236ae62be7a3aaa0a2d https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a52b3f7e4c4de8705370adda4b390293780dc768 commit a52b3f7e4c4de8705370adda4b390293780dc768 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Wed Mar 12 08:55:50 2014 -0500 PowerPC: Fix bzero definition for static libc for PPC32 This patch fixes an issue for powerpc32-fpu static build which fails with an 'bzero' undefined reference. This patch adds bzero ifunc selector for static builds and fixes the '__bzero_ppc' reference to default memset symbol (since static memset build does not provide ifunc selector). Fixes BZ#16689. Backport of dd3946c615184e1957a0cb09352cac72be5d6d5b. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=09e09c2872ab52c8a42b907105343520019ca1d1 commit 09e09c2872ab52c8a42b907105343520019ca1d1 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Tue Mar 11 16:17:50 2014 -0500 PowerPC: Fix strspn for static build This patch makes the strspn ifunc selector build for static builds. This is a backport of 27c7220a483bda576533aa9a0a9b42175644b1a1 https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f510d35c58d16c32ce988d053c9a525b8e38fe47 commit f510d35c58d16c32ce988d053c9a525b8e38fe47 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Mon Mar 10 15:26:20 2014 -0500 PowerPC: Fix bzero definition for static libc for PPC64 This patch fixes an issue for powerpc64[le] static build where __bzero is definied in multiple places (memset-ppc64.o and bzero.o). It is now defined only in bzero.o and memset-ppc64.o only defined __bzero_ppc for both dynamic and static library. Fixes BZ#16683. Backport of 4facea473059914983b7da8dd654c06b8e3dcc41 https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=afd75351c2f3cae4a2daf88c50faad889e3a0f2b commit afd75351c2f3cae4a2daf88c50faad889e3a0f2b Author: Vidya Ranganathan <vidya@linux.vnet.ibm.com> Date: Mon Mar 10 12:20:36 2014 -0400 PowerPC: strspn optimization for PPC64/POWER7 The optimization is achieved by following techniques: > hashing of needle. > hashing avoids scanning of duplicate entries in needle across the string. > initializing the hash table with Vector instructions (VSX) by quadword access. > unrolling when scanning for character in string across hash table. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e5829d82c88117c9f4752cedfefc8516cb9ffdf7 commit e5829d82c88117c9f4752cedfefc8516cb9ffdf7 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Fri Mar 7 06:09:47 2014 -0600 PowerPC: strncat optimization for PPC64 The optimization is achieved by following techniques: 1. Doubleword aligned memory access and compares using cmpb instruction. 2. Loop unrolling for byte load/store. 3. CPU pre-fetch to avoid cache miss. Backport of ba9cc0714e58a9e8fa73cf6b0e205cbf1e6b71f2 https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e032058ea756e396c4ed1395a44d8b321e370b2f commit e032058ea756e396c4ed1395a44d8b321e370b2f Author: Rajalakshmi Srinivasaraghavan <raji@linux.vnet.ibm.com> Date: Mon Mar 3 08:06:41 2014 -0600 PowerPC: strrchr optimization for POWER7/PPC64 This patch optimizes strrchr() for ppc64. It uses aligned memory access along with cmpb instruction and CPU prefetch to avoid cache misses for speed improvement. Backport of c7debbdfacbef150aaf9113eb05ccaf2b9e7af6c https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=54dd35c59cda5f59c2f3ae783468da4b94f30dff commit 54dd35c59cda5f59c2f3ae783468da4b94f30dff Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Mon Feb 17 10:44:08 2014 -0600 PowerPC: llround/llroundf POWER8 optimization This patch add a optimized llround/llroundf implementation for POWER8 using the new Move From VSR Doubleword instruction to gains some cycles from FP to GRP register move. Backport fe13a20c37578f08ce393ccaeb45caeb48815ca5 https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b34f8e9fcd1274e69a9a59a28c270e2cada39c95 commit b34f8e9fcd1274e69a9a59a28c270e2cada39c95 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Tue Feb 18 09:29:29 2014 -0500 PowerPC: llrint/llrintf POWER8 optimization This patch add a optimized llrint/llrintf implementation for POWER8 using the new Move From VSR Doubleword instruction to gains some cycles from FP to GRP register move. Backport of 1ad8950a3ea4056ed343d681b5146f4b4aa27e10 https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c3241bcd73c47d2bcd2a5ffe84a21d4853c8c938 commit c3241bcd73c47d2bcd2a5ffe84a21d4853c8c938 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Thu Feb 27 09:46:46 2014 -0600 PowerPC: Optimized finite/finitef for POWER8 This patch add a optimized finite/finitef implementation for POWER8 using the new Move From VSR Doubleword instruction to gains some cycles from FP to GRP register move. Backport of cac626d60a863e48ab75417064984769e58c5719. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=1cd3b05dda2dab30cb7658193cb1af8f594f52f3 commit 1cd3b05dda2dab30cb7658193cb1af8f594f52f3 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Thu Feb 27 09:45:41 2014 -0600 PowerPC: Optimized isinf/isinff for POWER8 This patch add a optimized isinf/isinff implementation for POWER8 using the new Move From VSR Doubleword instruction to gains some cycles from FP to GRP register move. Backport of 4393fc119c34e97519b9b7a4fc94066b283be452 https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=65c8daedb68b74eae860f91dca226215cd80e348 commit 65c8daedb68b74eae860f91dca226215cd80e348 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Thu Feb 27 09:43:51 2014 -0600 PowerPC: Optimized isnan/isnanf for POWER8 This patch add a optimized isnan/isnanf implementation for POWER8 using the new Move From VSR Doubleword instruction to gains some cycles from FP to GRP register move. Backport of 487972aea52004f604c2878c8c9d3e77670f2c32 https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=55e71ccf31c29a7839344f03e0a7437ea0f5f211 commit 55e71ccf31c29a7839344f03e0a7437ea0f5f211 Author: Tulio Magno Quites Machado Filho <tuliom@linux.vnet.ibm.com> Date: Fri Nov 15 07:44:20 2013 -0600 Partially revert commit 2663b74f8103a2a8a46b4896439b7a452480fc7c This change is necessary in order to avoid the issue documented at http://sourceware.org/ml/libc-alpha/2013-05/msg00350.html. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=fbed4f13980bf4ebd7df59b0e52bd2a16875f0db commit fbed4f13980bf4ebd7df59b0e52bd2a16875f0db Author: Ryan S. Arnold <rsa@linux.vnet.ibm.com> Date: Fri Nov 15 07:42:33 2013 -0600 Remove assert() if DT_RUNPATH and DT_RPATH flags are found in ld.so. -----------------------------------------------------------------------
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, ibm/2.16/master has been created at ec36394743c15fedca294219f2254b180c4e327c (commit) - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ec36394743c15fedca294219f2254b180c4e327c commit ec36394743c15fedca294219f2254b180c4e327c Author: Andreas Schwab <schwab@suse.de> Date: Mon Jan 21 17:41:28 2013 +0100 Fix parsing of numeric hosts in gethostbyname_r Conflicts: ChangeLog NEWS https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=20ac5d44837b82c064dfabd3646ec1f4f6826263 commit 20ac5d44837b82c064dfabd3646ec1f4f6826263 Author: Siddhesh Poyarekar <siddhesh@redhat.com> Date: Mon Nov 19 13:01:43 2012 +0530 Return EAI_SYSTEM if we're out of file descriptors Resolves BZ #14719. Conflicts: ChangeLog NEWS https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=dfc25d72984eb5a3354e104612d0ca0129af3f98 commit dfc25d72984eb5a3354e104612d0ca0129af3f98 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Wed Sep 25 13:43:04 2013 -0500 PowerPC: Fix POINTER_CHK_GUARD thread register for PPC64 https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=1442655ba419867ce1a045a97cdd7904ac1ad516 commit 1442655ba419867ce1a045a97cdd7904ac1ad516 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Mon Jan 20 12:29:51 2014 -0600 PowerPC: Fix gettimeofday ifunc selection The IFUNC selector for gettimeofday runs before _libc_vdso_platform_setup where __vdso_gettimeofday is set. The selector then sets __gettimeofday (the internal version used within GLIBC) to use the system call version instead of the vDSO one. This patch changes the check if vDSO is available to get its value directly instead of rely on __vdso_gettimeofday. This patch changes it by getting the vDSO value directly. It fixes BZ#16431. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=1bdb6daceb10307543599df3b118afd2109d2ec8 commit 1bdb6daceb10307543599df3b118afd2109d2ec8 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Thu Jan 16 06:53:18 2014 -0600 PowerPC: Fix ftime gettimeofday internal call returning bogus data This patches fixes BZ#16430 by setting a different symbol for internal GLIBC calls that points to ifunc resolvers. For PPC32, if the symbol is defined as hidden (which is the case for gettimeofday and time) the compiler will create local branches (symbol@local) and linker will not create PLT calls (required for IFUNC). This will leads to internal symbol calling the IFUNC resolver instead of the resolved symbol. For PPC64 this behavior does not occur because a call to a function in another translation unit might use a different toc pointer thus requiring a PLT call. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e3008132765936162552b15a77fe348c01074310 commit e3008132765936162552b15a77fe348c01074310 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Thu Nov 7 05:34:22 2013 -0600 PowerPC: Fix vDSO missing ODP entries This patch fixes the vDSO symbol used directed in IFUNC resolver where they do not have an associated ODP entry leading to undefined behavior in some cases. It adds an artificial OPD static entry to such cases and set its TOC to non 0 to avoid triggering lazy resolutions. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6ff69e1eb81719ee907642f615cef889d5bf8b2c commit 6ff69e1eb81719ee907642f615cef889d5bf8b2c Author: Carlos O'Donell <carlos@redhat.com> Date: Wed Nov 19 11:44:12 2014 -0500 CVE-2014-7817: wordexp fails to honour WRDE_NOCMD. The function wordexp() fails to properly handle the WRDE_NOCMD flag when processing arithmetic inputs in the form of "$((... ``))" where "..." can be anything valid. The backticks in the arithmetic epxression are evaluated by in a shell even if WRDE_NOCMD forbade command substitution. This allows an attacker to attempt to pass dangerous commands via constructs of the above form, and bypass the WRDE_NOCMD flag. This patch fixes this by checking for WRDE_NOCMD in exec_comm(), the only place that can execute a shell. All other checks for WRDE_NOCMD are superfluous and removed. We expand the testsuite and add 3 new regression tests of roughly the same form but with a couple of nested levels. On top of the 3 new tests we add fork validation to the WRDE_NOCMD testing. If any forks are detected during the execution of a wordexp() call with WRDE_NOCMD, the test is marked as failed. This is slightly heuristic since vfork might be used in the future, but it provides a higher level of assurance that no shells were executed as part of command substitution with WRDE_NOCMD in effect. In addition it doesn't require libpthread or libdl, instead we use the public implementation namespace function __register_atfork (already part of the public ABI for libpthread). Tested on x86_64 with no regressions. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3ded3d365f0237e92e8af90c878b233f265d7b4a commit 3ded3d365f0237e92e8af90c878b233f265d7b4a Author: Allan McRae <allan@archlinux.org> Date: Thu Dec 18 11:01:43 2014 +1000 Label CVE-2014-9402 in NEWS https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c7093fd0fedd8a0b4ed5b01347e3798219ba22ec commit c7093fd0fedd8a0b4ed5b01347e3798219ba22ec Author: Florian Weimer <fweimer@redhat.com> Date: Mon Dec 15 17:41:13 2014 +0100 Avoid infinite loop in nss_dns getnetbyname [BZ #17630] https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c9b43ec3890d5c750a5127a543a55cd94aa73c94 commit c9b43ec3890d5c750a5127a543a55cd94aa73c94 Author: Jeff Law <law@redhat.com> Date: Mon Dec 15 10:09:32 2014 +0100 CVE-2012-3406: Stack overflow in vfprintf [BZ #16617] A larger number of format specifiers coudld cause a stack overflow, potentially allowing to bypass _FORTIFY_SOURCE format string protection. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3b6ac4b1093333f364698ca3bb812c80b11c2f77 commit 3b6ac4b1093333f364698ca3bb812c80b11c2f77 Author: Allan McRae <allan@archlinux.org> Date: Sat Jun 21 17:23:55 2014 +1000 Mention CVE-2014-4043 in NEWS https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f7865ec21e8ad32929509796497fa3b44c3ef826 commit f7865ec21e8ad32929509796497fa3b44c3ef826 Author: Florian Weimer <fweimer@redhat.com> Date: Thu Jan 15 15:16:54 2015 -0500 posix_spawn_file_actions_addopen needs to copy the path argument (BZ 17048) POSIX requires that we make a copy, so we allocate a new string and free it in posix_spawn_file_actions_destroy. Reported by David Reid, Alex Gaynor, and Glyph Lefkowitz. This bug may have security implications. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c7a91d241b095855e06e0bd00287968df2f6d87e commit c7a91d241b095855e06e0bd00287968df2f6d87e Author: Florian Weimer <fweimer@redhat.com> Date: Mon May 12 15:24:12 2014 +0200 _nl_find_locale: Improve handling of crafted locale names [BZ #17137] Prevent directory traversal in locale-related environment variables (CVE-2014-0475). https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=588b214bc7fa3e54d6b679ed4b755e6d1310e61d commit 588b214bc7fa3e54d6b679ed4b755e6d1310e61d Author: Florian Weimer <fweimer@redhat.com> Date: Tue Aug 26 19:38:59 2014 +0200 __gconv_translit_find: Disable function [BZ #17187] This functionality has never worked correctly, and the implementation contained a security vulnerability (CVE-2014-5119). https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bd51e93f9305e37aa17e08dbdb86a2e146c09eff commit bd51e93f9305e37aa17e08dbdb86a2e146c09eff Author: Florian Weimer <fweimer@redhat.com> Date: Wed Sep 3 19:45:43 2014 +0200 CVE-2014-6040: Crashes on invalid input in IBM gconv modules [BZ #17325] These changes are based on the fix for BZ #14134 in commit 6e230d11837f3ae7b375ea69d7905f0d18eb79e5. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=97ef0b2223e10fe3053494defd8a008d7dd9d6d8 commit 97ef0b2223e10fe3053494defd8a008d7dd9d6d8 Author: Will Newton <will.newton@linaro.org> Date: Fri Sep 13 09:26:02 2013 +0100 Add CVE-2013-4332 to NEWS. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ccb8f6bab96cfcc7aedf5cd0d1946f26b028d733 commit ccb8f6bab96cfcc7aedf5cd0d1946f26b028d733 Author: Will Newton <will.newton@linaro.org> Date: Fri Aug 16 12:54:29 2013 +0100 malloc: Check for integer overflow in memalign. A large bytes parameter to memalign could cause an integer overflow and corrupt allocator internals. Check the overflow does not occur before continuing with the allocation. ChangeLog: 2013-09-11 Will Newton <will.newton@linaro.org> [BZ #15857] * malloc/malloc.c (__libc_memalign): Check the value of bytes does not overflow. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f1292792799a507711ce24b497e40f8fea8f9c9c commit f1292792799a507711ce24b497e40f8fea8f9c9c Author: Will Newton <will.newton@linaro.org> Date: Fri Aug 16 11:59:37 2013 +0100 malloc: Check for integer overflow in valloc. A large bytes parameter to valloc could cause an integer overflow and corrupt allocator internals. Check the overflow does not occur before continuing with the allocation. ChangeLog: 2013-09-11 Will Newton <will.newton@linaro.org> [BZ #15856] * malloc/malloc.c (__libc_valloc): Check the value of bytes does not overflow. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b1e934aed5170eb8948e0f3c6618c9431d6810ad commit b1e934aed5170eb8948e0f3c6618c9431d6810ad Author: Will Newton <will.newton@linaro.org> Date: Mon Aug 12 15:08:02 2013 +0100 malloc: Check for integer overflow in pvalloc. A large bytes parameter to pvalloc could cause an integer overflow and corrupt allocator internals. Check the overflow does not occur before continuing with the allocation. ChangeLog: 2013-09-11 Will Newton <will.newton@linaro.org> [BZ #15855] * malloc/malloc.c (__libc_pvalloc): Check the value of bytes does not overflow. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bcd619797e785f90cc9fd67208267c26c8e4b40d commit bcd619797e785f90cc9fd67208267c26c8e4b40d Author: Florian Weimer <fweimer@redhat.com> Date: Fri Aug 16 09:38:52 2013 +0200 CVE-2013-4237, BZ #14699: Buffer overflow in readdir_r * sysdeps/posix/dirstream.h (struct __dirstream): Add errcode member. * sysdeps/posix/opendir.c (__alloc_dir): Initialize errcode member. * sysdeps/posix/rewinddir.c (rewinddir): Reset errcode member. * sysdeps/posix/readdir_r.c (__READDIR_R): Enforce NAME_MAX limit. Return delayed error code. Remove GETDENTS_64BIT_ALIGNED conditional. * sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c: Do not define GETDENTS_64BIT_ALIGNED. * sysdeps/unix/sysv/linux/i386/readdir64_r.c: Likewise. * manual/filesys.texi (Reading/Closing Directory): Document ENAMETOOLONG return value of readdir_r. Recommend readdir more strongly. * manual/conf.texi (Limits for Files): Add portability note to NAME_MAX, PATH_MAX. (Pathconf): Add portability note for _PC_NAME_MAX, _PC_PATH_MAX. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6fd8e941423354e6c7a951d37a60d2f1424d568e commit 6fd8e941423354e6c7a951d37a60d2f1424d568e Author: Carlos O'Donell <carlos@redhat.com> Date: Mon Sep 23 00:52:09 2013 -0400 BZ #15754: CVE-2013-4788 The pointer guard used for pointer mangling was not initialized for static applications resulting in the security feature being disabled. The pointer guard is now correctly initialized to a random value for static applications. Existing static applications need to be recompiled to take advantage of the fix. The test tst-ptrguard1-static and tst-ptrguard1 add regression coverage to ensure the pointer guards are sufficiently random and initialized to a default value. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a243b1a0797180e142d525d1325a173c758c3714 commit a243b1a0797180e142d525d1325a173c758c3714 Author: Siddhesh Poyarekar <siddhesh@redhat.com> Date: Mon Sep 23 11:24:30 2013 +0530 Check for integer overflow in cache size computation in strcoll strcoll is implemented using a cache for indices and weights of collation sequences in the strings so that subsequent passes do not have to search through collation data again. For very large string inputs, the cache size computation could overflow. In such a case, use the fallback function that does not cache indices and weights of collation sequences. Fixes CVE-2012-4412. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c1132021659d22753104762a074d6339ae6cbd01 commit c1132021659d22753104762a074d6339ae6cbd01 Author: Siddhesh Poyarekar <siddhesh@redhat.com> Date: Mon Sep 23 11:20:02 2013 +0530 Fall back to non-cached sequence traversal and comparison on malloc fail strcoll currently falls back to alloca if malloc fails, resulting in a possible stack overflow. This patch implements sequence traversal and comparison without caching indices and rules. Fixes CVE-2012-4424. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=2dc811b78adc97b5f5d951716df30053a24da1a1 commit 2dc811b78adc97b5f5d951716df30053a24da1a1 Author: Siddhesh Poyarekar <siddhesh@redhat.com> Date: Tue Aug 20 08:40:05 2013 +0530 Simplify strcoll implementation Break up strcoll into simpler functions so that the logic is easier to follow and maintain. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9b951f59aa3c2f2d58d398aab146951216f9ff8d commit 9b951f59aa3c2f2d58d398aab146951216f9ff8d Author: Siddhesh Poyarekar <siddhesh@redhat.com> Date: Fri Oct 25 10:22:12 2013 +0530 Fix stack overflow due to large AF_INET6 requests Resolves #16072 (CVE-2013-4458). This patch fixes another stack overflow in getaddrinfo when it is called with AF_INET6. The AF_UNSPEC case was fixed as CVE-2013-1914, but the AF_INET6 case went undetected back then. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=302c61e2d3536a6ff99d518499771afd6a951b0c commit 302c61e2d3536a6ff99d518499771afd6a951b0c Author: Andreas Schwab <schwab@suse.de> Date: Tue Jan 29 14:45:15 2013 +0100 Fix buffer overrun in regexp matcher https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b7e0492e183efc24e5658c860ca5711e00524dd7 commit b7e0492e183efc24e5658c860ca5711e00524dd7 Author: Carlos O'Donell <carlos@redhat.com> Date: Fri Jul 19 02:42:03 2013 -0400 CVE-2013-2207, BZ #15755: Disable pt_chown. The helper binary pt_chown tricked into granting access to another user's pseudo-terminal. Pre-conditions for the attack: * Attacker with local user account * Kernel with FUSE support * "user_allow_other" in /etc/fuse.conf * Victim with allocated slave in /dev/pts Using the setuid installed pt_chown and a weak check on whether a file descriptor is a tty, an attacker could fake a pty check using FUSE and trick pt_chown to grant ownership of a pty descriptor that the current user does not own. It cannot access /dev/pts/ptmx however. In most modern distributions pt_chown is not needed because devpts is enabled by default. The fix for this CVE is to disable building and using pt_chown by default. We still provide a configure option to enable hte use of pt_chown but distributions do so at their own risk. Cherry-pick of e4608715e6e1dd2adc91982fd151d5ba4f761d69. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=02a002fe9c0b65532643a88b01253e95ba8ba8c6 commit 02a002fe9c0b65532643a88b01253e95ba8ba8c6 Author: Jeff Law <law@redhat.com> Date: Wed Nov 28 14:12:28 2012 -0700 [BZ #14889] * sunrpc/rpc/svc.h (__svc_accept_failed): New prototype. * sunrpc/svc.c: Include time.h. (__svc_accept_failed): New function. * sunrpc/svc_tcp.c (rendezvous_request): If the accept fails for any reason other than EINTR, call __svc_accept_failed. * sunrpc/svc_udp.c (svcudp_recv): Similarly. * sunrpc/svc_unix.c (rendezvous_request): Similarly. Cherry-pick of 14bc93a967e62abf8cf2704725b6f76619399f83 https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3b498440aac70e994f32f45a31102964313af690 commit 3b498440aac70e994f32f45a31102964313af690 Author: Andreas Schwab <schwab@suse.de> Date: Wed Nov 28 10:24:06 2012 +0100 Properly handle indirect functions in ABI check on powerpc64 https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8282b7f2aa6380e8a91515f748d4693d8151fc4f commit 8282b7f2aa6380e8a91515f748d4693d8151fc4f Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Fri Apr 26 13:00:56 2013 -0500 PowerPC: modf optimization fix This patch fix the 3c0265394d9ffedff2b0de508602dc52e077ce5c commits by correctly setting minimum architecture for modf PPC optimization to power5+ instead of power5 (since only on power5+ round/ceil will be inline to inline assembly). https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=17e599d2613c2a2e4cb6d5c3f9d5f626879aa63f commit 17e599d2613c2a2e4cb6d5c3f9d5f626879aa63f Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Mon Mar 25 16:10:06 2013 -0500 PowerPC: modf optimization This patch implements modf/modff optimization for POWER by focus on FP operations instead of relying in integer ones. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=60dc6d12c5c61b05013cb15f63349dd3d343f26d commit 60dc6d12c5c61b05013cb15f63349dd3d343f26d Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Wed Mar 13 10:46:08 2013 -0300 PowerPC: Change sched_getcpu to use vDSO getcpu instead of syscall. Backport of d5e0b9bd6e296f3ec5263fa296d39f3fed9b8fa2. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=cc328ae264f5b97d2811a95d84112bb1c6c7cae3 commit cc328ae264f5b97d2811a95d84112bb1c6c7cae3 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Mon Mar 4 22:02:41 2013 -0300 PowerPC: gettimeofday optimization by using IFUNC https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=36016f626e72f5d1cb6107deeab29768d82ff7e3 commit 36016f626e72f5d1cb6107deeab29768d82ff7e3 Merge: 4e1f97c 043c748 Author: Ryan S. Arnold <rsa@linux.vnet.ibm.com> Date: Fri Mar 1 16:20:18 2013 -0600 Merge remote branch 'remotes/origin/release/2.16/master' into local_ibm_2.16 https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4e1f97ccdcc257eba262667f7a3179a7d530330d commit 4e1f97ccdcc257eba262667f7a3179a7d530330d Author: Mike Frysinger <vapier@gentoo.org> Date: Wed Nov 28 23:04:32 2012 -0500 byteswap.h: fix gcc ver test for __builtin_bswap{32,64} The __builtin_bswap* functions were introduced in gcc-4.3, not gcc-4.2. Fix the __GNUC_PREREQ tests to reflect this. Otherwise trying to compile code with gcc-4.2 falls down: In file included from /usr/include/endian.h:60, from /usr/include/ctype.h:40, /usr/include/bits/byteswap.h: In function 'unsigned int __bswap_32(unsigned int)': /usr/include/bits/byteswap.h:46: error: '__builtin_bswap32' was not declared in this scope /usr/include/bits/byteswap.h: In function 'long long unsigned int __bswap_64(long long unsigned int)': /usr/include/bits/byteswap.h:110: error: '__builtin_bswap64' was not declared in this scope Signed-off-by: Mike Frysinger <vapier@gentoo.org> (cherry picked from commit c9d6789ebe028a260d3e5be0c26b7d02fdfe99fe) https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=025b233a88a30f5f0474ff2c6051313eb33e5689 commit 025b233a88a30f5f0474ff2c6051313eb33e5689 Author: Joseph Myers <joseph@codesourcery.com> Date: Tue Nov 20 00:04:45 2012 +0000 Fix __bswap_64 return type in generic bits/byteswap.h. (cherry picked from commit ecd4caf9783c99fb068a100c35899a0c3a3c6d98) https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=2c739e2cffb65d80787cfa861f9f6c62de327ad6 commit 2c739e2cffb65d80787cfa861f9f6c62de327ad6 Author: H.J. Lu <hjl.tools@gmail.com> Date: Fri Oct 12 09:21:47 2012 -0700 Use __uint64_t in x86 __bswap_64 (cherry picked from commit d394eb742a3565d7fe7a4b02710a60b5f219ee64) https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a24f8ac8e65b451efc81839dd653d0a0e95a23ab commit a24f8ac8e65b451efc81839dd653d0a0e95a23ab Author: Andreas Schwab <schwab@linux-m68k.org> Date: Tue May 1 17:10:10 2012 +0200 Fix missing _mcount@GLIBC_2.0 on powerpc32 (cherry picked from commit 261f485936b283f4327fc1f2fc8fd1705d805c12) https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=94464655b576985fdd5f66f7f6126ee1f92a41cc commit 94464655b576985fdd5f66f7f6126ee1f92a41cc Author: Peter Bergner <bergner@vnet.ibm.com> Date: Fri Jul 6 13:24:49 2012 -0500 Add AT_PLATFORM env variable to ld.so to override auxv AT_PLATFORM. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d846920271a0f4dc54c0dbbd56998228e75e776c commit d846920271a0f4dc54c0dbbd56998228e75e776c Author: Ryan S. Arnold <rsa@linux.vnet.ibm.com> Date: Fri Jul 6 13:03:09 2012 -0500 Remove assert() if DT_RUNPATH and DT_RPATH flags are found in ld.so. -----------------------------------------------------------------------
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, ibm/2.19/master has been created at b5faf032c4c6a2260a9a93d8d4df611caa8b54cc (commit) - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b5faf032c4c6a2260a9a93d8d4df611caa8b54cc commit b5faf032c4c6a2260a9a93d8d4df611caa8b54cc Author: Paul Pluzhnikov <ppluzhnikov@google.com> Date: Fri Feb 6 00:30:42 2015 -0500 CVE-2015-1472: wscanf allocates too little memory BZ #16618 Under certain conditions wscanf can allocate too little memory for the to-be-scanned arguments and overflow the allocated buffer. The implementation now correctly computes the required buffer size when using malloc. A regression test was added to tst-sscanf. Conflicts: ChangeLog NEWS https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=88a8a351f3a6a95205a1499fd68b79fc3d0b9d19 commit 88a8a351f3a6a95205a1499fd68b79fc3d0b9d19 Author: Carlos O'Donell <carlos@redhat.com> Date: Wed Nov 19 11:44:12 2014 -0500 CVE-2014-7817: wordexp fails to honour WRDE_NOCMD. The function wordexp() fails to properly handle the WRDE_NOCMD flag when processing arithmetic inputs in the form of "$((... ``))" where "..." can be anything valid. The backticks in the arithmetic epxression are evaluated by in a shell even if WRDE_NOCMD forbade command substitution. This allows an attacker to attempt to pass dangerous commands via constructs of the above form, and bypass the WRDE_NOCMD flag. This patch fixes this by checking for WRDE_NOCMD in exec_comm(), the only place that can execute a shell. All other checks for WRDE_NOCMD are superfluous and removed. We expand the testsuite and add 3 new regression tests of roughly the same form but with a couple of nested levels. On top of the 3 new tests we add fork validation to the WRDE_NOCMD testing. If any forks are detected during the execution of a wordexp() call with WRDE_NOCMD, the test is marked as failed. This is slightly heuristic since vfork might be used in the future, but it provides a higher level of assurance that no shells were executed as part of command substitution with WRDE_NOCMD in effect. In addition it doesn't require libpthread or libdl, instead we use the public implementation namespace function __register_atfork (already part of the public ABI for libpthread). Tested on x86_64 with no regressions. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=32404a33a03747951daafde164e3b14464c28fe9 commit 32404a33a03747951daafde164e3b14464c28fe9 Author: Allan McRae <allan@archlinux.org> Date: Thu Dec 18 11:01:43 2014 +1000 Label CVE-2014-9402 in NEWS https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d2a6f3a27b791d91beec2ea91f293ec898080904 commit d2a6f3a27b791d91beec2ea91f293ec898080904 Author: Florian Weimer <fweimer@redhat.com> Date: Mon Dec 15 17:41:13 2014 +0100 Avoid infinite loop in nss_dns getnetbyname [BZ #17630] https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=39700792d4224af99ab52ea26e98a0a2a2ed6ac6 commit 39700792d4224af99ab52ea26e98a0a2a2ed6ac6 Author: Jeff Law <law@redhat.com> Date: Mon Dec 15 10:09:32 2014 +0100 CVE-2012-3406: Stack overflow in vfprintf [BZ #16617] A larger number of format specifiers coudld cause a stack overflow, potentially allowing to bypass _FORTIFY_SOURCE format string protection. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5cefe3fc8f35b50eb84cbb740268539a40651173 commit 5cefe3fc8f35b50eb84cbb740268539a40651173 Author: Allan McRae <allan@archlinux.org> Date: Sat Jun 21 17:23:55 2014 +1000 Mention CVE-2014-4043 in NEWS https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=eece504424b59a1d8de7b4da9c64e24acaa6fbe0 commit eece504424b59a1d8de7b4da9c64e24acaa6fbe0 Author: Florian Weimer <fweimer@redhat.com> Date: Wed Jun 11 23:12:52 2014 +0200 posix_spawn_file_actions_addopen needs to copy the path argument (BZ 17048) POSIX requires that we make a copy, so we allocate a new string and free it in posix_spawn_file_actions_destroy. Reported by David Reid, Alex Gaynor, and Glyph Lefkowitz. This bug may have security implications. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=dcf0cce30d91100005e9aeb002096236325648fb commit dcf0cce30d91100005e9aeb002096236325648fb Author: Florian Weimer <fweimer@redhat.com> Date: Mon May 12 15:24:12 2014 +0200 _nl_find_locale: Improve handling of crafted locale names [BZ #17137] Prevent directory traversal in locale-related environment variables (CVE-2014-0475). https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a5da5d74ff2e0a6ee267f283be8dbccc92cec59a commit a5da5d74ff2e0a6ee267f283be8dbccc92cec59a Author: Florian Weimer <fweimer@redhat.com> Date: Tue Aug 26 19:38:59 2014 +0200 __gconv_translit_find: Disable function [BZ #17187] This functionality has never worked correctly, and the implementation contained a security vulnerability (CVE-2014-5119). https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e6cbfc1fa2c64cad3c599f419dd154cec5af23cc commit e6cbfc1fa2c64cad3c599f419dd154cec5af23cc Author: Florian Weimer <fweimer@redhat.com> Date: Wed Sep 3 19:45:43 2014 +0200 CVE-2014-6040: Crashes on invalid input in IBM gconv modules [BZ #17325] These changes are based on the fix for BZ #14134 in commit 6e230d11837f3ae7b375ea69d7905f0d18eb79e5. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=fa7cc069f4eb29c00ec3a833d73ec4a473b11c8a commit fa7cc069f4eb29c00ec3a833d73ec4a473b11c8a Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Tue Jul 29 13:56:44 2014 -0500 PowerPC: Fix gprof entry point for LE This patch fixes the ELFv2 gprof entry point since the ABI does not define function descriptors. It fixes BZ#17213. This is a backport of a53fbd8e6cd2f69bdfa3431d616a5f332aea6664. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3c640c4acb9bc2c2cc7fa77d5ce1254953761dc1 commit 3c640c4acb9bc2c2cc7fa77d5ce1254953761dc1 Author: Alan Modra <amodra@gmail.com> Date: Mon Jul 14 21:14:50 2014 +0930 Correct DT_PPC64_NUM [BZ #17153] * elf/elf.h (DT_PPC64_NUM): Correct value. * NEWS: Add to fixed bug list. This is a backport of f6c44d475104e931bab2b4ffa499961088de673c. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=957afa3407c426969eaaa348981b9648d5191ae2 commit 957afa3407c426969eaaa348981b9648d5191ae2 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Tue Jul 8 08:54:09 2014 -0500 PowerPC: Cleanup powerpc memmove Now that MEMCPY_OK_FOR_FWD_MEMMOVE should be define on memcopy.h there is no need to specialized powerpc memmove implementation. This patch moves the define set to powerpc memcopy and cleanup its definition on powerpc code. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8d9513a103bdd202ffa4884bdedc2c3c0dbab210 commit 8d9513a103bdd202ffa4884bdedc2c3c0dbab210 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Tue Jul 8 08:49:54 2014 -0500 PowerPC: Fix compiler warnings This patch fixes some compiler due trailing data in #undef directives and due missing prototypes. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b00ec143897f076ecbcedc7369b4b74e0c7f6d14 commit b00ec143897f076ecbcedc7369b4b74e0c7f6d14 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Tue Jul 8 08:35:44 2014 -0500 PowerPC: Add ifunc tests for memmove This patch add the missing ifunc tests definition for memmove ppc32 optimization patch (commit 07aedd7). This is a backport of 91f4b564bd7bedcd93e7047cad570ce292d6330b. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=565e3d6c8230affd7089bf5ebfcebbf72f32a27c commit 565e3d6c8230affd7089bf5ebfcebbf72f32a27c Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Wed Jun 25 11:54:31 2014 -0500 PowerPC: Align power7 memcpy using VSX to quadword This patch changes power7 memcpy to use VSX instructions only when memory is aligned to quardword. It is to avoid unaligned kernel traps on non-cacheable memory (for instance, memory-mapped I/O). https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6fae3527af330c32399e3a4cdfac3958fc440eb8 commit 6fae3527af330c32399e3a4cdfac3958fc440eb8 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Tue Jun 24 08:47:52 2014 -0500 PowerPC: optimized memmove for POWER7/PPC32 This patch adds a optimized memmove for power7 by using the optimized power7 memcpy for forward copying. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5d55f9b05ecb85b7a543f641829479cfb081f380 commit 5d55f9b05ecb85b7a543f641829479cfb081f380 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Fri Jun 20 12:55:16 2014 -0500 PowerPC: optimized memmove for POWER7/PPC64 This patch adds an optimized memmove optimization for POWER7/powerpc64. Basically the idea is to use the memcpy for POWER7 on non-overlapped memory regions and a optimized backward memcpy for memory regions that overlap (similar to the idea of string/memmove.c). The backward memcpy algorithm used is similar the one use for memcpy for POWER7, with adjustments done for alignment. The difference is memory is always aligned to 16 bytes before using VSX/altivec instructions. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=dde00e9914370ddd90c9bbc4f3f0e455efae4b47 commit dde00e9914370ddd90c9bbc4f3f0e455efae4b47 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Tue Jun 24 06:42:31 2014 -0500 PowerPC: memmove default implementation cleanup This patch removes the powerpc specific logic in memmove and instead include default implementation with MEMCPY_OK_FOR_FWD_MEMMOVE defined. This lead in a increase performance, since the constraints to use memcpy in powerpc code are too restrictive and memcpy can be used for any forward memmove. This is a backport of d6f68bbef4427850c2901728a1d13efc0e687297. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9841a0850ed3be4310ec6b49c3349e39a6f0f481 commit 9841a0850ed3be4310ec6b49c3349e39a6f0f481 Author: Vidya Ranganathan <vidya@linux.vnet.ibm.com> Date: Wed Jun 11 22:21:20 2014 -0500 PowerPC: strcat optimization for PPC64/POWER7 This patch adds an ifunc power7 strcat symbol that uses the logic on sysdeps/powerpc/strcat.c but call power7 strlen/strcpy symbols instead of default ones. This is a backport of bc8ea38590070604006399e42469087e943fc8ec. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ded8852b37f673b8e66163b44f70504dc5af0985 commit ded8852b37f673b8e66163b44f70504dc5af0985 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Mon Jun 23 09:38:47 2014 -0500 PowerPC: sync hwcap.h capabilities Linux commit dd58a092c4202f2bd490adab7285b3ff77f8e467 added the PPC_FEATURE2_VEC_CRYPTO auvx capability to indicate whether to hardware supports vector crypto hardware instructions. This patch adds its definition to powerpc hwcap bits. This is a backport of db22400947e1c82153e5270d23fed53fc1e3a659. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=7e986751f5c05f3363c01c717972f87a681da0d0 commit 7e986751f5c05f3363c01c717972f87a681da0d0 Author: Rajalakshmi Srinivasaraghavan <raji@linux.vnet.ibm.com> Date: Tue Jun 17 08:46:25 2014 -0500 PowerPC: Fix nearbyintl failure for few inputs This patch fixes few failures in nearbyintl() where the fraction part is close to 0.5.i The new tests added report few extra failures in nearbyint_downward and nearbyint_towardzero which is a known issue. Fixes #17031. This is a backport of 754c5a08aacb44895d1ab97c553ce424eb43f761. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=2289a56644fc05786e2d5637c76d47afea7d38b9 commit 2289a56644fc05786e2d5637c76d47afea7d38b9 Author: Vidya Ranganathan <vidya@linux.vnet.ibm.com> Date: Fri Jun 6 07:56:07 2014 -0500 PowerPC: Optimized strcmp for PPC64/POWER7 Optimization is achieved on 8 byte aligned strings with double word comparison using cmpb instruction. On unaligned strings loop unrolling is applied for Power7 gain. It is a backport of e23d3d2690bf63207b1a47e83a94693daebbbfe5. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=010c023685495f4cd907b7bf7d15375edcbe1ead commit 010c023685495f4cd907b7bf7d15375edcbe1ead Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Fri Jun 6 09:37:07 2014 -0500 PowerPC: Fix optimized strncat strlen call This patch fixes the optimized ppc64/power7 strncat strlen call for static build without ifunc enabled. The strlen symbol to call in such situation is just strlen, instead of __GI_strlen (since the __GI_ alias is just created for shared objects). It is a backport of ed36bfa18faf9be457575568e64b8409e46caa22. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6f0aba1acab171bd853905b66c551336aa0adcf9 commit 6f0aba1acab171bd853905b66c551336aa0adcf9 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Tue Apr 8 17:25:14 2014 -0500 PowerPC: Fix --disable-multi-arch builds This patch fixes some powerpc32 and powerpc64 builds with --disable-multi-arch option along with different --with-cpu=powerN. It cleanups the Implies directories by removing the multiarch folder for non multiarch config and also fixing two assembly implementations: powerpc64/power7/strncat.S that is calling the wrong strlen; and power8/fpu/s_isnan.S that misses the hidden_def and weak_alias directives. It is a backport of de21c33c068c8e39afb5711613a7c083c11ce6a1. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e40df8c4677611afc48601472675593dfd087e4b commit e40df8c4677611afc48601472675593dfd087e4b Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Thu May 22 14:48:38 2014 -0500 PowerPC: Remove 64 bits instructions in PPC32 code This patch replaces the insrdi by insrwi in powerpc32 assembly. It is a backport of d298c41635ce7f2dc7c3eccc842fe3aa754c0c8e. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a448439dfffc0878121e0941be9717e05786b1fe commit a448439dfffc0878121e0941be9717e05786b1fe Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Thu May 22 07:53:44 2014 -0500 PowerPC: Fix memchr ifunc hidden symbol for PPC32 This patch fixes a similar issue to 736c304a1ab4cee36a2f3343f1698bc0abae4608, where for PPC32 if the symbol is defined as hidden (memchr) then compiler will create a local branc (symbol@local) and the linker will not create a required PLT call to make the ifunc work. It changes the default hidden symbol (__GI_memchr) to default memchr symbol for powerpc32 (__memchr_ppc32). Backport of 3d2badacf185fac740a2992240a817fb2ca325af. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c725f80591aa98c5c0270feb80e857c5943c861a commit c725f80591aa98c5c0270feb80e857c5943c861a Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Mon May 19 17:56:55 2014 -0500 PowerPC: Fix multiarch hypotf PPC64 path This patch moves the hypotf multiarch implementation to correct path. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=1db8c8c873e6112ee4ecddf1eff54f4abaab91a7 commit 1db8c8c873e6112ee4ecddf1eff54f4abaab91a7 Author: Vidya Ranganathan <vidya@linux.vnet.ibm.com> Date: Mon May 5 19:10:45 2014 -0500 PowerPC: strncpy/stpncpy optimization for PPC64/POWER7 The optimization is achieved by following techniques: > data alignment [gain from aligned memory access on read/write] > POWER7 gains performance with loop unrolling/unwinding [gain by reduction of branch penalty]. > zero padding done by calling optimized memset https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=08111251bbd7275024d9c945f442f61b06d98910 commit 08111251bbd7275024d9c945f442f61b06d98910 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Fri May 2 12:00:36 2014 -0500 PowerPC: ifunc improvement for internal calls This patch changes de default symbol redirection for internal call of memcpy, memset, memchr, and strlen to the IFUNC resolved ones. The performance improvement is noticeable in algorithms that uses these symbols extensible, like the regex functions. This is a backport of 19c4bec0f43599eecc2f32de96ae179cd7d64053. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a8050d789589b73e7908b806d5c929facf76cc6b commit a8050d789589b73e7908b806d5c929facf76cc6b Author: Alan Modra <amodra@gmail.com> Date: Wed Apr 16 19:33:32 2014 +0930 Correct IBM long double frexpl. Besides fixing the bugzilla, this also fixes corner-cases where the high and low double differ greatly in magnitude, and handles a denormal input without resorting to a fp rescale. [BZ #16740] [BZ #16619] * sysdeps/ieee754/ldbl-128ibm/s_frexpl.c (__frexpl): Rewrite. * math/libm-test.inc (frexp_test_data): Add tests. Backport of aa5f0ff11ad2cc85277c64cf65c723a9664e1149 and 9860b0450275ad2b69cb9360fd01d5c122a65fc5. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=154d4d95f48061d5ab890c85b6015221c1accc6e commit 154d4d95f48061d5ab890c85b6015221c1accc6e Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Sun Apr 6 14:50:11 2014 -0500 PowerPC: Fix nearbyint/nearbyintf result for FE_DOWNWARD This patch fixes the powerpc32 optimized nearbyint/nearbyintf bogus results for FE_DOWNWARD rounding mode. This is due wrong instructions sequence used in the rounding calculation (two subtractions instead of adition and a subtraction). Fixes BZ#16815. Backport of 8bd70862e11023e7f827f240a5a214f847ae982d. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e266b71770050a4d0cb276f4afea1c5b05215184 commit e266b71770050a4d0cb276f4afea1c5b05215184 Author: Alan Modra <amodra@gmail.com> Date: Wed Apr 2 13:46:19 2014 +1030 Correct IBM long double nextafterl. Fix for values near a power of two, and some tidies. [BZ #16739] * sysdeps/ieee754/ldbl-128ibm/s_nextafterl.c (__nextafterl): Correct output when value is near a power of two. Use int64_t for lx and remove casts. Use decimal rather than hex exponent constants. Don't use long double multiplication when double will suffice. * math/libm-test.inc (nextafter_test_data): Add tests. * NEWS: Add 16739 and 16786 to bug list. Backport of b0abbc21034f0e5edc49023d8fda0616173faf17. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b23fc92895aff0ce3d3134a91adaa253bffd187a commit b23fc92895aff0ce3d3134a91adaa253bffd187a Author: Alan Modra <amodra@gmail.com> Date: Wed Apr 2 13:42:27 2014 +1030 Correct prefetch hint in power7 memrchr. Typo fix. * sysdeps/powerpc/powerpc64/power7/memrchr.S: Correct stream hint. Backport of af6b17973cbc07ac06cfb40eeab5cc2391fb489a. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=acd56f757b4e5ab8737b9564bd7a4ad1009acd8d commit acd56f757b4e5ab8737b9564bd7a4ad1009acd8d Author: Alan Modra <amodra@gmail.com> Date: Wed Apr 2 13:40:21 2014 +1030 Fix reference to toc symbol. https://sourceware.org/ml/binutils/2014-03/msg00033.html removes the "magic" treatment of symbols defined in a .toc section. * sysdeps/powerpc/powerpc64/start.S: Add @toc to toc symbol reference. Backport of 483818d768ed99a5edf4114298a75ebedaee8d5c. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=fd5100c480beef3d36c4bf74b6a23529695d036c commit fd5100c480beef3d36c4bf74b6a23529695d036c Author: Alan Modra <amodra@gmail.com> Date: Tue Apr 1 14:07:42 2014 +1030 Fix s_copysign stack temp for PowerPC64 ELFv2 [BZ #16786] * sysdeps/powerpc/powerpc64/fpu/s_copysign.S: Don't trash stack. Backport of c859b32e9d76afe8a3f20bb9528961a573c06937. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a51aafa398ed7dd2a0a846c1b2ed8a37909609eb commit a51aafa398ed7dd2a0a846c1b2ed8a37909609eb Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Mon Mar 31 08:07:55 2014 -0500 PowerPC: Fix little endian enconding for mfvsrd This patch fixes the MFVSRD_R3_V1 macro that encodes 'mfvsrd r3,vs1' (to support old binutils) for little endian. Backport of 757d9dd5c3efa56fac75965abc014faaae7b7895. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=62caa3eed2a154a61a01df3a5f3dde3ff400f4d4 commit 62caa3eed2a154a61a01df3a5f3dde3ff400f4d4 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Thu Mar 20 15:28:07 2014 -0500 PowerPC: optimized strpbrk for POWER7 This patch add an optimized strpbrk for POWER7 by using a different algorithm than default implementation: it constructs a table based on the 'accept' argument and use this table to check for any occurance on the input string. The idea is similar as x86_64 uses. For PowerPC some tunings were added, such as unroll loops and memory clear using VSX instructions. Backport of 6f23d0939e9651d8ac3c77a835fb6464b35a1dc4 https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c0afc58657f482f4c31ccade06e7b059e761186c commit c0afc58657f482f4c31ccade06e7b059e761186c Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Thu Mar 20 11:24:52 2014 -0500 PowerPC: optimized strcspn for PPC64/POWER7 This patch add a optimized strcspn for POWER7 by using a different algorithm than default implementation: it constructs a table based on the 'accept' argument and use this table to check for any occurance on the input string. The idea is similar as x86_64 uses. For PowerPC some tunings were added, such as unroll loops and align stack memory to table to 16 bytes (so VSX clean can ran without alignment issues). Backport of 6eaf95cbfa0031ea267682dc2c9c17ed3e3dc167 https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ac6d8452be2d582e4a2b14525c839c71b9351991 commit ac6d8452be2d582e4a2b14525c839c71b9351991 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Fri Mar 14 12:49:45 2014 -0500 PowerPC: remove wrong roundl implementation for PowerPC64 The roundl assembly implementation (sysdeps/powerpc/powerpc64/fpu/s_roundl.S) returns wrong results for some inputs where first double is a exact integer and the precision is determined by second long double. Checking on implementation comments and history, I am very confident the assembly implementation was based on a version before commit 5c68d401698a58cf7da150d9cce769fa6679ba5f that fixes BZ#2423 (Errors in long double (ldbl-128ibm) rounding functions in glibc-2.4). By just removing the implementation and make the build select sysdeps/ieee754/ldbl-128ibm/s_roundl.c instead fixes the failing math. This fixes 16707. Backport of c7de50250367167d8c9f35594b264f6a0af8dd0c https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c5ac422010eb6b384c3b4e45ab0049172f0ad688 commit c5ac422010eb6b384c3b4e45ab0049172f0ad688 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Fri Mar 14 12:27:52 2014 -0500 PowerPC: remove wrong nearbyintl implementation for PPC64 The nearbyintl assembly implementation (sysdeps/powerpc/powerpc64/fpu/s_nearbyintl.S) returns wrong results for some inputs where first double is a exact integer and the precision is determined by second long double. Checking on implementation comments and history, I am very confident the assembly implementation was based on a version before commit 5c68d401698a58cf7da150d9cce769fa6679ba5f that fixes BZ#2423 (Errors in long double (ldbl-128ibm) rounding functions in glibc-2.4). By just removing the implementation and make the build select sysdeps/ieee754/ldbl-128ibm/s_nearbyintl.c instead fixes the failing math. Fixes BZ#16706. Backport of 98fb27a373f37554232e0060eef1a5bb00a07eb0 https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=7986a2d12b7ea0653f0366200c703a3905edffd9 commit 7986a2d12b7ea0653f0366200c703a3905edffd9 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Fri Mar 14 07:35:43 2014 -0500 PowerPC: remove wrong ceill implementation for PowerPC64 The ceill assembly implementation (sysdeps/powerpc/powerpc64/fpu/s_ceill.S) returns wrong results for some inputs where first double is a exact integer and the precision is determined by second long double. Checking on implementation comments and history, I am very confident the assembly implementation was based on a version before commit 5c68d401698a58cf7da150d9cce769fa6679ba5f that fixes BZ#2423 (Errors in long double (ldbl-128ibm) rounding functions in glibc-2.4). By just removing the implementation and make the build select sysdeps/ieee754/ldbl-128ibm/s_ceill.c instead fixes the failing math. Fixes BZ#16701. Backport of 374f7f61214967bb4e2257695aeeeecc2a77f369 https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a56198dbb21767bde0003d3062d5ec7a8e1279f1 commit a56198dbb21767bde0003d3062d5ec7a8e1279f1 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Fri Mar 14 12:15:40 2014 -0500 Add truncl tests related to BZ#16414 Backport of 4655c291d1808c35b7c54236ae62be7a3aaa0a2d https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a52b3f7e4c4de8705370adda4b390293780dc768 commit a52b3f7e4c4de8705370adda4b390293780dc768 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Wed Mar 12 08:55:50 2014 -0500 PowerPC: Fix bzero definition for static libc for PPC32 This patch fixes an issue for powerpc32-fpu static build which fails with an 'bzero' undefined reference. This patch adds bzero ifunc selector for static builds and fixes the '__bzero_ppc' reference to default memset symbol (since static memset build does not provide ifunc selector). Fixes BZ#16689. Backport of dd3946c615184e1957a0cb09352cac72be5d6d5b. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=09e09c2872ab52c8a42b907105343520019ca1d1 commit 09e09c2872ab52c8a42b907105343520019ca1d1 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Tue Mar 11 16:17:50 2014 -0500 PowerPC: Fix strspn for static build This patch makes the strspn ifunc selector build for static builds. This is a backport of 27c7220a483bda576533aa9a0a9b42175644b1a1 https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f510d35c58d16c32ce988d053c9a525b8e38fe47 commit f510d35c58d16c32ce988d053c9a525b8e38fe47 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Mon Mar 10 15:26:20 2014 -0500 PowerPC: Fix bzero definition for static libc for PPC64 This patch fixes an issue for powerpc64[le] static build where __bzero is definied in multiple places (memset-ppc64.o and bzero.o). It is now defined only in bzero.o and memset-ppc64.o only defined __bzero_ppc for both dynamic and static library. Fixes BZ#16683. Backport of 4facea473059914983b7da8dd654c06b8e3dcc41 https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=afd75351c2f3cae4a2daf88c50faad889e3a0f2b commit afd75351c2f3cae4a2daf88c50faad889e3a0f2b Author: Vidya Ranganathan <vidya@linux.vnet.ibm.com> Date: Mon Mar 10 12:20:36 2014 -0400 PowerPC: strspn optimization for PPC64/POWER7 The optimization is achieved by following techniques: > hashing of needle. > hashing avoids scanning of duplicate entries in needle across the string. > initializing the hash table with Vector instructions (VSX) by quadword access. > unrolling when scanning for character in string across hash table. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e5829d82c88117c9f4752cedfefc8516cb9ffdf7 commit e5829d82c88117c9f4752cedfefc8516cb9ffdf7 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Fri Mar 7 06:09:47 2014 -0600 PowerPC: strncat optimization for PPC64 The optimization is achieved by following techniques: 1. Doubleword aligned memory access and compares using cmpb instruction. 2. Loop unrolling for byte load/store. 3. CPU pre-fetch to avoid cache miss. Backport of ba9cc0714e58a9e8fa73cf6b0e205cbf1e6b71f2 https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e032058ea756e396c4ed1395a44d8b321e370b2f commit e032058ea756e396c4ed1395a44d8b321e370b2f Author: Rajalakshmi Srinivasaraghavan <raji@linux.vnet.ibm.com> Date: Mon Mar 3 08:06:41 2014 -0600 PowerPC: strrchr optimization for POWER7/PPC64 This patch optimizes strrchr() for ppc64. It uses aligned memory access along with cmpb instruction and CPU prefetch to avoid cache misses for speed improvement. Backport of c7debbdfacbef150aaf9113eb05ccaf2b9e7af6c https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=54dd35c59cda5f59c2f3ae783468da4b94f30dff commit 54dd35c59cda5f59c2f3ae783468da4b94f30dff Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Mon Feb 17 10:44:08 2014 -0600 PowerPC: llround/llroundf POWER8 optimization This patch add a optimized llround/llroundf implementation for POWER8 using the new Move From VSR Doubleword instruction to gains some cycles from FP to GRP register move. Backport fe13a20c37578f08ce393ccaeb45caeb48815ca5 https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b34f8e9fcd1274e69a9a59a28c270e2cada39c95 commit b34f8e9fcd1274e69a9a59a28c270e2cada39c95 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Tue Feb 18 09:29:29 2014 -0500 PowerPC: llrint/llrintf POWER8 optimization This patch add a optimized llrint/llrintf implementation for POWER8 using the new Move From VSR Doubleword instruction to gains some cycles from FP to GRP register move. Backport of 1ad8950a3ea4056ed343d681b5146f4b4aa27e10 https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c3241bcd73c47d2bcd2a5ffe84a21d4853c8c938 commit c3241bcd73c47d2bcd2a5ffe84a21d4853c8c938 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Thu Feb 27 09:46:46 2014 -0600 PowerPC: Optimized finite/finitef for POWER8 This patch add a optimized finite/finitef implementation for POWER8 using the new Move From VSR Doubleword instruction to gains some cycles from FP to GRP register move. Backport of cac626d60a863e48ab75417064984769e58c5719. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=1cd3b05dda2dab30cb7658193cb1af8f594f52f3 commit 1cd3b05dda2dab30cb7658193cb1af8f594f52f3 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Thu Feb 27 09:45:41 2014 -0600 PowerPC: Optimized isinf/isinff for POWER8 This patch add a optimized isinf/isinff implementation for POWER8 using the new Move From VSR Doubleword instruction to gains some cycles from FP to GRP register move. Backport of 4393fc119c34e97519b9b7a4fc94066b283be452 https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=65c8daedb68b74eae860f91dca226215cd80e348 commit 65c8daedb68b74eae860f91dca226215cd80e348 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Thu Feb 27 09:43:51 2014 -0600 PowerPC: Optimized isnan/isnanf for POWER8 This patch add a optimized isnan/isnanf implementation for POWER8 using the new Move From VSR Doubleword instruction to gains some cycles from FP to GRP register move. Backport of 487972aea52004f604c2878c8c9d3e77670f2c32 https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=55e71ccf31c29a7839344f03e0a7437ea0f5f211 commit 55e71ccf31c29a7839344f03e0a7437ea0f5f211 Author: Tulio Magno Quites Machado Filho <tuliom@linux.vnet.ibm.com> Date: Fri Nov 15 07:44:20 2013 -0600 Partially revert commit 2663b74f8103a2a8a46b4896439b7a452480fc7c This change is necessary in order to avoid the issue documented at http://sourceware.org/ml/libc-alpha/2013-05/msg00350.html. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=fbed4f13980bf4ebd7df59b0e52bd2a16875f0db commit fbed4f13980bf4ebd7df59b0e52bd2a16875f0db Author: Ryan S. Arnold <rsa@linux.vnet.ibm.com> Date: Fri Nov 15 07:42:33 2013 -0600 Remove assert() if DT_RUNPATH and DT_RPATH flags are found in ld.so. -----------------------------------------------------------------------
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, ibm/2.16/master has been created at 627eabb20f2b70faa3698e2c0124094c6d51af8e (commit) - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=627eabb20f2b70faa3698e2c0124094c6d51af8e commit 627eabb20f2b70faa3698e2c0124094c6d51af8e Author: Paul Pluzhnikov <ppluzhnikov@google.com> Date: Fri Feb 6 00:30:42 2015 -0500 CVE-2015-1472: wscanf allocates too little memory BZ #16618 Under certain conditions wscanf can allocate too little memory for the to-be-scanned arguments and overflow the allocated buffer. The implementation now correctly computes the required buffer size when using malloc. A regression test was added to tst-sscanf. Conflicts: ChangeLog NEWS stdio-common/tst-sscanf.c https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ec36394743c15fedca294219f2254b180c4e327c commit ec36394743c15fedca294219f2254b180c4e327c Author: Andreas Schwab <schwab@suse.de> Date: Mon Jan 21 17:41:28 2013 +0100 Fix parsing of numeric hosts in gethostbyname_r Conflicts: ChangeLog NEWS https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=20ac5d44837b82c064dfabd3646ec1f4f6826263 commit 20ac5d44837b82c064dfabd3646ec1f4f6826263 Author: Siddhesh Poyarekar <siddhesh@redhat.com> Date: Mon Nov 19 13:01:43 2012 +0530 Return EAI_SYSTEM if we're out of file descriptors Resolves BZ #14719. Conflicts: ChangeLog NEWS https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=dfc25d72984eb5a3354e104612d0ca0129af3f98 commit dfc25d72984eb5a3354e104612d0ca0129af3f98 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Wed Sep 25 13:43:04 2013 -0500 PowerPC: Fix POINTER_CHK_GUARD thread register for PPC64 https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=1442655ba419867ce1a045a97cdd7904ac1ad516 commit 1442655ba419867ce1a045a97cdd7904ac1ad516 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Mon Jan 20 12:29:51 2014 -0600 PowerPC: Fix gettimeofday ifunc selection The IFUNC selector for gettimeofday runs before _libc_vdso_platform_setup where __vdso_gettimeofday is set. The selector then sets __gettimeofday (the internal version used within GLIBC) to use the system call version instead of the vDSO one. This patch changes the check if vDSO is available to get its value directly instead of rely on __vdso_gettimeofday. This patch changes it by getting the vDSO value directly. It fixes BZ#16431. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=1bdb6daceb10307543599df3b118afd2109d2ec8 commit 1bdb6daceb10307543599df3b118afd2109d2ec8 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Thu Jan 16 06:53:18 2014 -0600 PowerPC: Fix ftime gettimeofday internal call returning bogus data This patches fixes BZ#16430 by setting a different symbol for internal GLIBC calls that points to ifunc resolvers. For PPC32, if the symbol is defined as hidden (which is the case for gettimeofday and time) the compiler will create local branches (symbol@local) and linker will not create PLT calls (required for IFUNC). This will leads to internal symbol calling the IFUNC resolver instead of the resolved symbol. For PPC64 this behavior does not occur because a call to a function in another translation unit might use a different toc pointer thus requiring a PLT call. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e3008132765936162552b15a77fe348c01074310 commit e3008132765936162552b15a77fe348c01074310 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Thu Nov 7 05:34:22 2013 -0600 PowerPC: Fix vDSO missing ODP entries This patch fixes the vDSO symbol used directed in IFUNC resolver where they do not have an associated ODP entry leading to undefined behavior in some cases. It adds an artificial OPD static entry to such cases and set its TOC to non 0 to avoid triggering lazy resolutions. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6ff69e1eb81719ee907642f615cef889d5bf8b2c commit 6ff69e1eb81719ee907642f615cef889d5bf8b2c Author: Carlos O'Donell <carlos@redhat.com> Date: Wed Nov 19 11:44:12 2014 -0500 CVE-2014-7817: wordexp fails to honour WRDE_NOCMD. The function wordexp() fails to properly handle the WRDE_NOCMD flag when processing arithmetic inputs in the form of "$((... ``))" where "..." can be anything valid. The backticks in the arithmetic epxression are evaluated by in a shell even if WRDE_NOCMD forbade command substitution. This allows an attacker to attempt to pass dangerous commands via constructs of the above form, and bypass the WRDE_NOCMD flag. This patch fixes this by checking for WRDE_NOCMD in exec_comm(), the only place that can execute a shell. All other checks for WRDE_NOCMD are superfluous and removed. We expand the testsuite and add 3 new regression tests of roughly the same form but with a couple of nested levels. On top of the 3 new tests we add fork validation to the WRDE_NOCMD testing. If any forks are detected during the execution of a wordexp() call with WRDE_NOCMD, the test is marked as failed. This is slightly heuristic since vfork might be used in the future, but it provides a higher level of assurance that no shells were executed as part of command substitution with WRDE_NOCMD in effect. In addition it doesn't require libpthread or libdl, instead we use the public implementation namespace function __register_atfork (already part of the public ABI for libpthread). Tested on x86_64 with no regressions. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3ded3d365f0237e92e8af90c878b233f265d7b4a commit 3ded3d365f0237e92e8af90c878b233f265d7b4a Author: Allan McRae <allan@archlinux.org> Date: Thu Dec 18 11:01:43 2014 +1000 Label CVE-2014-9402 in NEWS https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c7093fd0fedd8a0b4ed5b01347e3798219ba22ec commit c7093fd0fedd8a0b4ed5b01347e3798219ba22ec Author: Florian Weimer <fweimer@redhat.com> Date: Mon Dec 15 17:41:13 2014 +0100 Avoid infinite loop in nss_dns getnetbyname [BZ #17630] https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c9b43ec3890d5c750a5127a543a55cd94aa73c94 commit c9b43ec3890d5c750a5127a543a55cd94aa73c94 Author: Jeff Law <law@redhat.com> Date: Mon Dec 15 10:09:32 2014 +0100 CVE-2012-3406: Stack overflow in vfprintf [BZ #16617] A larger number of format specifiers coudld cause a stack overflow, potentially allowing to bypass _FORTIFY_SOURCE format string protection. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3b6ac4b1093333f364698ca3bb812c80b11c2f77 commit 3b6ac4b1093333f364698ca3bb812c80b11c2f77 Author: Allan McRae <allan@archlinux.org> Date: Sat Jun 21 17:23:55 2014 +1000 Mention CVE-2014-4043 in NEWS https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f7865ec21e8ad32929509796497fa3b44c3ef826 commit f7865ec21e8ad32929509796497fa3b44c3ef826 Author: Florian Weimer <fweimer@redhat.com> Date: Thu Jan 15 15:16:54 2015 -0500 posix_spawn_file_actions_addopen needs to copy the path argument (BZ 17048) POSIX requires that we make a copy, so we allocate a new string and free it in posix_spawn_file_actions_destroy. Reported by David Reid, Alex Gaynor, and Glyph Lefkowitz. This bug may have security implications. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c7a91d241b095855e06e0bd00287968df2f6d87e commit c7a91d241b095855e06e0bd00287968df2f6d87e Author: Florian Weimer <fweimer@redhat.com> Date: Mon May 12 15:24:12 2014 +0200 _nl_find_locale: Improve handling of crafted locale names [BZ #17137] Prevent directory traversal in locale-related environment variables (CVE-2014-0475). https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=588b214bc7fa3e54d6b679ed4b755e6d1310e61d commit 588b214bc7fa3e54d6b679ed4b755e6d1310e61d Author: Florian Weimer <fweimer@redhat.com> Date: Tue Aug 26 19:38:59 2014 +0200 __gconv_translit_find: Disable function [BZ #17187] This functionality has never worked correctly, and the implementation contained a security vulnerability (CVE-2014-5119). https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bd51e93f9305e37aa17e08dbdb86a2e146c09eff commit bd51e93f9305e37aa17e08dbdb86a2e146c09eff Author: Florian Weimer <fweimer@redhat.com> Date: Wed Sep 3 19:45:43 2014 +0200 CVE-2014-6040: Crashes on invalid input in IBM gconv modules [BZ #17325] These changes are based on the fix for BZ #14134 in commit 6e230d11837f3ae7b375ea69d7905f0d18eb79e5. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=97ef0b2223e10fe3053494defd8a008d7dd9d6d8 commit 97ef0b2223e10fe3053494defd8a008d7dd9d6d8 Author: Will Newton <will.newton@linaro.org> Date: Fri Sep 13 09:26:02 2013 +0100 Add CVE-2013-4332 to NEWS. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ccb8f6bab96cfcc7aedf5cd0d1946f26b028d733 commit ccb8f6bab96cfcc7aedf5cd0d1946f26b028d733 Author: Will Newton <will.newton@linaro.org> Date: Fri Aug 16 12:54:29 2013 +0100 malloc: Check for integer overflow in memalign. A large bytes parameter to memalign could cause an integer overflow and corrupt allocator internals. Check the overflow does not occur before continuing with the allocation. ChangeLog: 2013-09-11 Will Newton <will.newton@linaro.org> [BZ #15857] * malloc/malloc.c (__libc_memalign): Check the value of bytes does not overflow. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f1292792799a507711ce24b497e40f8fea8f9c9c commit f1292792799a507711ce24b497e40f8fea8f9c9c Author: Will Newton <will.newton@linaro.org> Date: Fri Aug 16 11:59:37 2013 +0100 malloc: Check for integer overflow in valloc. A large bytes parameter to valloc could cause an integer overflow and corrupt allocator internals. Check the overflow does not occur before continuing with the allocation. ChangeLog: 2013-09-11 Will Newton <will.newton@linaro.org> [BZ #15856] * malloc/malloc.c (__libc_valloc): Check the value of bytes does not overflow. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b1e934aed5170eb8948e0f3c6618c9431d6810ad commit b1e934aed5170eb8948e0f3c6618c9431d6810ad Author: Will Newton <will.newton@linaro.org> Date: Mon Aug 12 15:08:02 2013 +0100 malloc: Check for integer overflow in pvalloc. A large bytes parameter to pvalloc could cause an integer overflow and corrupt allocator internals. Check the overflow does not occur before continuing with the allocation. ChangeLog: 2013-09-11 Will Newton <will.newton@linaro.org> [BZ #15855] * malloc/malloc.c (__libc_pvalloc): Check the value of bytes does not overflow. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bcd619797e785f90cc9fd67208267c26c8e4b40d commit bcd619797e785f90cc9fd67208267c26c8e4b40d Author: Florian Weimer <fweimer@redhat.com> Date: Fri Aug 16 09:38:52 2013 +0200 CVE-2013-4237, BZ #14699: Buffer overflow in readdir_r * sysdeps/posix/dirstream.h (struct __dirstream): Add errcode member. * sysdeps/posix/opendir.c (__alloc_dir): Initialize errcode member. * sysdeps/posix/rewinddir.c (rewinddir): Reset errcode member. * sysdeps/posix/readdir_r.c (__READDIR_R): Enforce NAME_MAX limit. Return delayed error code. Remove GETDENTS_64BIT_ALIGNED conditional. * sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c: Do not define GETDENTS_64BIT_ALIGNED. * sysdeps/unix/sysv/linux/i386/readdir64_r.c: Likewise. * manual/filesys.texi (Reading/Closing Directory): Document ENAMETOOLONG return value of readdir_r. Recommend readdir more strongly. * manual/conf.texi (Limits for Files): Add portability note to NAME_MAX, PATH_MAX. (Pathconf): Add portability note for _PC_NAME_MAX, _PC_PATH_MAX. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6fd8e941423354e6c7a951d37a60d2f1424d568e commit 6fd8e941423354e6c7a951d37a60d2f1424d568e Author: Carlos O'Donell <carlos@redhat.com> Date: Mon Sep 23 00:52:09 2013 -0400 BZ #15754: CVE-2013-4788 The pointer guard used for pointer mangling was not initialized for static applications resulting in the security feature being disabled. The pointer guard is now correctly initialized to a random value for static applications. Existing static applications need to be recompiled to take advantage of the fix. The test tst-ptrguard1-static and tst-ptrguard1 add regression coverage to ensure the pointer guards are sufficiently random and initialized to a default value. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a243b1a0797180e142d525d1325a173c758c3714 commit a243b1a0797180e142d525d1325a173c758c3714 Author: Siddhesh Poyarekar <siddhesh@redhat.com> Date: Mon Sep 23 11:24:30 2013 +0530 Check for integer overflow in cache size computation in strcoll strcoll is implemented using a cache for indices and weights of collation sequences in the strings so that subsequent passes do not have to search through collation data again. For very large string inputs, the cache size computation could overflow. In such a case, use the fallback function that does not cache indices and weights of collation sequences. Fixes CVE-2012-4412. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c1132021659d22753104762a074d6339ae6cbd01 commit c1132021659d22753104762a074d6339ae6cbd01 Author: Siddhesh Poyarekar <siddhesh@redhat.com> Date: Mon Sep 23 11:20:02 2013 +0530 Fall back to non-cached sequence traversal and comparison on malloc fail strcoll currently falls back to alloca if malloc fails, resulting in a possible stack overflow. This patch implements sequence traversal and comparison without caching indices and rules. Fixes CVE-2012-4424. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=2dc811b78adc97b5f5d951716df30053a24da1a1 commit 2dc811b78adc97b5f5d951716df30053a24da1a1 Author: Siddhesh Poyarekar <siddhesh@redhat.com> Date: Tue Aug 20 08:40:05 2013 +0530 Simplify strcoll implementation Break up strcoll into simpler functions so that the logic is easier to follow and maintain. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9b951f59aa3c2f2d58d398aab146951216f9ff8d commit 9b951f59aa3c2f2d58d398aab146951216f9ff8d Author: Siddhesh Poyarekar <siddhesh@redhat.com> Date: Fri Oct 25 10:22:12 2013 +0530 Fix stack overflow due to large AF_INET6 requests Resolves #16072 (CVE-2013-4458). This patch fixes another stack overflow in getaddrinfo when it is called with AF_INET6. The AF_UNSPEC case was fixed as CVE-2013-1914, but the AF_INET6 case went undetected back then. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=302c61e2d3536a6ff99d518499771afd6a951b0c commit 302c61e2d3536a6ff99d518499771afd6a951b0c Author: Andreas Schwab <schwab@suse.de> Date: Tue Jan 29 14:45:15 2013 +0100 Fix buffer overrun in regexp matcher https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b7e0492e183efc24e5658c860ca5711e00524dd7 commit b7e0492e183efc24e5658c860ca5711e00524dd7 Author: Carlos O'Donell <carlos@redhat.com> Date: Fri Jul 19 02:42:03 2013 -0400 CVE-2013-2207, BZ #15755: Disable pt_chown. The helper binary pt_chown tricked into granting access to another user's pseudo-terminal. Pre-conditions for the attack: * Attacker with local user account * Kernel with FUSE support * "user_allow_other" in /etc/fuse.conf * Victim with allocated slave in /dev/pts Using the setuid installed pt_chown and a weak check on whether a file descriptor is a tty, an attacker could fake a pty check using FUSE and trick pt_chown to grant ownership of a pty descriptor that the current user does not own. It cannot access /dev/pts/ptmx however. In most modern distributions pt_chown is not needed because devpts is enabled by default. The fix for this CVE is to disable building and using pt_chown by default. We still provide a configure option to enable hte use of pt_chown but distributions do so at their own risk. Cherry-pick of e4608715e6e1dd2adc91982fd151d5ba4f761d69. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=02a002fe9c0b65532643a88b01253e95ba8ba8c6 commit 02a002fe9c0b65532643a88b01253e95ba8ba8c6 Author: Jeff Law <law@redhat.com> Date: Wed Nov 28 14:12:28 2012 -0700 [BZ #14889] * sunrpc/rpc/svc.h (__svc_accept_failed): New prototype. * sunrpc/svc.c: Include time.h. (__svc_accept_failed): New function. * sunrpc/svc_tcp.c (rendezvous_request): If the accept fails for any reason other than EINTR, call __svc_accept_failed. * sunrpc/svc_udp.c (svcudp_recv): Similarly. * sunrpc/svc_unix.c (rendezvous_request): Similarly. Cherry-pick of 14bc93a967e62abf8cf2704725b6f76619399f83 https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3b498440aac70e994f32f45a31102964313af690 commit 3b498440aac70e994f32f45a31102964313af690 Author: Andreas Schwab <schwab@suse.de> Date: Wed Nov 28 10:24:06 2012 +0100 Properly handle indirect functions in ABI check on powerpc64 https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8282b7f2aa6380e8a91515f748d4693d8151fc4f commit 8282b7f2aa6380e8a91515f748d4693d8151fc4f Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Fri Apr 26 13:00:56 2013 -0500 PowerPC: modf optimization fix This patch fix the 3c0265394d9ffedff2b0de508602dc52e077ce5c commits by correctly setting minimum architecture for modf PPC optimization to power5+ instead of power5 (since only on power5+ round/ceil will be inline to inline assembly). https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=17e599d2613c2a2e4cb6d5c3f9d5f626879aa63f commit 17e599d2613c2a2e4cb6d5c3f9d5f626879aa63f Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Mon Mar 25 16:10:06 2013 -0500 PowerPC: modf optimization This patch implements modf/modff optimization for POWER by focus on FP operations instead of relying in integer ones. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=60dc6d12c5c61b05013cb15f63349dd3d343f26d commit 60dc6d12c5c61b05013cb15f63349dd3d343f26d Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Wed Mar 13 10:46:08 2013 -0300 PowerPC: Change sched_getcpu to use vDSO getcpu instead of syscall. Backport of d5e0b9bd6e296f3ec5263fa296d39f3fed9b8fa2. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=cc328ae264f5b97d2811a95d84112bb1c6c7cae3 commit cc328ae264f5b97d2811a95d84112bb1c6c7cae3 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Mon Mar 4 22:02:41 2013 -0300 PowerPC: gettimeofday optimization by using IFUNC https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=36016f626e72f5d1cb6107deeab29768d82ff7e3 commit 36016f626e72f5d1cb6107deeab29768d82ff7e3 Merge: 4e1f97c 043c748 Author: Ryan S. Arnold <rsa@linux.vnet.ibm.com> Date: Fri Mar 1 16:20:18 2013 -0600 Merge remote branch 'remotes/origin/release/2.16/master' into local_ibm_2.16 https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4e1f97ccdcc257eba262667f7a3179a7d530330d commit 4e1f97ccdcc257eba262667f7a3179a7d530330d Author: Mike Frysinger <vapier@gentoo.org> Date: Wed Nov 28 23:04:32 2012 -0500 byteswap.h: fix gcc ver test for __builtin_bswap{32,64} The __builtin_bswap* functions were introduced in gcc-4.3, not gcc-4.2. Fix the __GNUC_PREREQ tests to reflect this. Otherwise trying to compile code with gcc-4.2 falls down: In file included from /usr/include/endian.h:60, from /usr/include/ctype.h:40, /usr/include/bits/byteswap.h: In function 'unsigned int __bswap_32(unsigned int)': /usr/include/bits/byteswap.h:46: error: '__builtin_bswap32' was not declared in this scope /usr/include/bits/byteswap.h: In function 'long long unsigned int __bswap_64(long long unsigned int)': /usr/include/bits/byteswap.h:110: error: '__builtin_bswap64' was not declared in this scope Signed-off-by: Mike Frysinger <vapier@gentoo.org> (cherry picked from commit c9d6789ebe028a260d3e5be0c26b7d02fdfe99fe) https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=025b233a88a30f5f0474ff2c6051313eb33e5689 commit 025b233a88a30f5f0474ff2c6051313eb33e5689 Author: Joseph Myers <joseph@codesourcery.com> Date: Tue Nov 20 00:04:45 2012 +0000 Fix __bswap_64 return type in generic bits/byteswap.h. (cherry picked from commit ecd4caf9783c99fb068a100c35899a0c3a3c6d98) https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=2c739e2cffb65d80787cfa861f9f6c62de327ad6 commit 2c739e2cffb65d80787cfa861f9f6c62de327ad6 Author: H.J. Lu <hjl.tools@gmail.com> Date: Fri Oct 12 09:21:47 2012 -0700 Use __uint64_t in x86 __bswap_64 (cherry picked from commit d394eb742a3565d7fe7a4b02710a60b5f219ee64) https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a24f8ac8e65b451efc81839dd653d0a0e95a23ab commit a24f8ac8e65b451efc81839dd653d0a0e95a23ab Author: Andreas Schwab <schwab@linux-m68k.org> Date: Tue May 1 17:10:10 2012 +0200 Fix missing _mcount@GLIBC_2.0 on powerpc32 (cherry picked from commit 261f485936b283f4327fc1f2fc8fd1705d805c12) https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=94464655b576985fdd5f66f7f6126ee1f92a41cc commit 94464655b576985fdd5f66f7f6126ee1f92a41cc Author: Peter Bergner <bergner@vnet.ibm.com> Date: Fri Jul 6 13:24:49 2012 -0500 Add AT_PLATFORM env variable to ld.so to override auxv AT_PLATFORM. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d846920271a0f4dc54c0dbbd56998228e75e776c commit d846920271a0f4dc54c0dbbd56998228e75e776c Author: Ryan S. Arnold <rsa@linux.vnet.ibm.com> Date: Fri Jul 6 13:03:09 2012 -0500 Remove assert() if DT_RUNPATH and DT_RPATH flags are found in ld.so. -----------------------------------------------------------------------