Bug 15754 (CVE-2013-4788) - CVE-2013-4788: PTR_MANGLE does not initialize to a random value for the pointer guard when compiling static executables
Summary: CVE-2013-4788: PTR_MANGLE does not initialize to a random value for the point...
Status: RESOLVED FIXED
Alias: CVE-2013-4788
Product: glibc
Classification: Unclassified
Component: libc (show other bugs)
Version: unspecified
: P2 normal
Target Milestone: ---
Assignee: Carlos O'Donell
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-07-19 04:05 UTC by Huzaifa Sidhpurwala
Modified: 2015-02-23 15:02 UTC (History)
3 users (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:
fweimer: security+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Huzaifa Sidhpurwala 2013-07-19 04:05:01 UTC
The vulnerability is caused due to the non initialization to a random value (it is always zero) of the "pointer guard" by the glibc only when generating static compiled executables. Dynamic executables are not affected. Pointer guard is used to mangle the content of sensible pointers (longjmp, signal handlers, etc.), if the pointer guard value is zero (non-initialized) then it is not effective. 

References:

[1] http://hmarco.org/bugs/CVE-2013-4788.html
[2] http://www.openwall.com/lists/oss-security/2013/07/15/5
[3] http://hmarco.org/bugs/patches/ptr_mangle-eglibc-2.17.patch

This issue has been assigned CVE-2013-4788
Comment 1 Carlos O'Donell 2013-07-19 07:44:09 UTC
Patch:
http://sourceware.org/ml/libc-alpha/2013-07/msg00367.html
Comment 2 Carlos O'Donell 2013-08-07 20:29:32 UTC
Andreas Schwab's review:
http://sourceware.org/ml/libc-alpha/2013-08/msg00057.html
Comment 3 Carlos O'Donell 2013-09-23 04:55:35 UTC
commit c61b4d41c9647a54a329aa021341c0eb032b793e
Author: Carlos O'Donell <carlos@redhat.com>
Date:   Mon Sep 23 00:52:09 2013 -0400

    BZ #15754: CVE-2013-4788
    
    The pointer guard used for pointer mangling was not initialized for
    static applications resulting in the security feature being disabled.
    The pointer guard is now correctly initialized to a random value for
    static applications. Existing static applications need to be
    recompiled to take advantage of the fix.
    
    The test tst-ptrguard1-static and tst-ptrguard1 add regression
    coverage to ensure the pointer guards are sufficiently random
    and initialized to a default value.
Comment 4 Sourceware Commits 2013-10-25 13:59:56 UTC
       via  0b0e50ce9efe2fec10e147eddba4f0802235a042 (commit)
       via  54377921e7092f709c6a5985688769404637055f (commit)
       via  9a010a5f6328aa7ba353679e9a9e07465917d6a0 (commit)
       via  f03cfdf9bf62f776338171fe2ba6eebbf8948875 (commit)
       via  6957bcb15456b5118c44bb49754b199462336639 (commit)
       via  56532663f2881ce7b7996d75dbb6bbb438187457 (commit)
       via  52b8d67f22068991f404c51b38b30e7e35c1bb99 (commit)
       via  dc7ba1835ba16cb49d6c38d50e153b70beb2a091 (commit)
       via  8f29d3b5ae201ae4af368d2221381c5a856913d5 (commit)
       via  63e9a36056fe53621fa3001fe22b4833a9ea9457 (commit)
       via  a3ed3a127ca30b3b25aab0b441f9f3f0ecc07f7e (commit)
      from  642c8732a111450a97e4ae41c12a920bc7f02ee0 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=0b0e50ce9efe2fec10e147eddba4f0802235a042

commit 0b0e50ce9efe2fec10e147eddba4f0802235a042
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date:   Fri Oct 25 10:22:12 2013 +0530

    Fix stack overflow due to large AF_INET6 requests
    
    Resolves #16072 (CVE-2013-4458).
    
    This patch fixes another stack overflow in getaddrinfo when it is
    called with AF_INET6.  The AF_UNSPEC case was fixed as CVE-2013-1914,
    but the AF_INET6 case went undetected back then.
    
    (cherry picked from commit 7cbcdb3699584db8913ca90f705d6337633ee10f)
    
    Conflicts:
    	NEWS

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=54377921e7092f709c6a5985688769404637055f

commit 54377921e7092f709c6a5985688769404637055f
Author: Allan McRae <allan@archlinux.org>
Date:   Fri Oct 25 14:25:38 2013 +1000

    Fix incorrect getaddrinfo assertion trigger
    
    [BZ #9954]
    
    With the following /etc/hosts:
    127.0.0.1       www.my-domain.es
    127.0.1.1       www.my-domain.es
    192.168.0.1     www.my-domain.es
    
    Using getaddrinfo() on www.my-domain.es, trigger the following assertion:
    ../sysdeps/posix/getaddrinfo.c:1473: rfc3484_sort: Assertion
    `src->results[i].native == -1 || src->results[i].native == a1_native' failed.
    
    This is due to two different bugs:
    - In rfc3484_sort() rule 7, src->results[i].native is assigned even if
    src->results[i].index is -1, meaning that no interface is associated.
    - In getaddrinfo() the source IP address used with the lo interface needs a
    special case, as it can be any IP within 127.X.Y.Z.
    
    (cherry picked from commit 894f3f1049135dcbeaab8f18690973663ef3147c)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9a010a5f6328aa7ba353679e9a9e07465917d6a0

commit 9a010a5f6328aa7ba353679e9a9e07465917d6a0
Author: Carlos O'Donell <carlos@redhat.com>
Date:   Mon Sep 23 01:44:38 2013 -0400

    BZ #15754: Fix test case for ARM.
    
    Statically built binaries use __pointer_chk_guard_local,
    while dynamically built binaries use __pointer_chk_guard.
    Provide the right definition depending on the test case
    we are building.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f03cfdf9bf62f776338171fe2ba6eebbf8948875

commit f03cfdf9bf62f776338171fe2ba6eebbf8948875
Author: Carlos O'Donell <carlos@redhat.com>
Date:   Mon Sep 23 00:52:09 2013 -0400

    BZ #15754: CVE-2013-4788
    
    The pointer guard used for pointer mangling was not initialized for
    static applications resulting in the security feature being disabled.
    The pointer guard is now correctly initialized to a random value for
    static applications. Existing static applications need to be
    recompiled to take advantage of the fix.
    
    The test tst-ptrguard1-static and tst-ptrguard1 add regression
    coverage to ensure the pointer guards are sufficiently random
    and initialized to a default value.
    
    Conflicts:
    	NEWS
    	ports/ChangeLog.ia64
    	ports/ChangeLog.tile

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6957bcb15456b5118c44bb49754b199462336639

commit 6957bcb15456b5118c44bb49754b199462336639
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date:   Mon Sep 23 11:24:30 2013 +0530

    Check for integer overflow in cache size computation in strcoll
    
    strcoll is implemented using a cache for indices and weights of
    collation sequences in the strings so that subsequent passes do not
    have to search through collation data again.  For very large string
    inputs, the cache size computation could overflow.  In such a case,
    use the fallback function that does not cache indices and weights of
    collation sequences.
    
    Fixes CVE-2012-4412.
    
    (cherry picked from commit 303e567a8062200dc06acde7c76fc34679f08d8f)
    
    Conflicts:
    	NEWS

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=56532663f2881ce7b7996d75dbb6bbb438187457

commit 56532663f2881ce7b7996d75dbb6bbb438187457
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date:   Mon Sep 23 11:20:02 2013 +0530

    Fall back to non-cached sequence traversal and comparison on malloc fail
    
    strcoll currently falls back to alloca if malloc fails, resulting in a
    possible stack overflow.  This patch implements sequence traversal and
    comparison without caching indices and rules.
    
    Fixes CVE-2012-4424.
    
    (cherry picked from commit 141f3a77fe4f1b59b0afa9bf6909cd2000448883)
    
    Conflicts:
    	NEWS

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=52b8d67f22068991f404c51b38b30e7e35c1bb99

commit 52b8d67f22068991f404c51b38b30e7e35c1bb99
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date:   Tue Aug 20 08:40:05 2013 +0530

    Simplify strcoll implementation
    
    Break up strcoll into simpler functions so that the logic is easier to
    follow and maintain.
    
    (cherry picked from commit 1326ba1af22068db9488c2328bdaf852b8a93dcf)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=dc7ba1835ba16cb49d6c38d50e153b70beb2a091

commit dc7ba1835ba16cb49d6c38d50e153b70beb2a091
Author: Will Newton <will.newton@linaro.org>
Date:   Fri Aug 16 12:54:29 2013 +0100

    malloc: Check for integer overflow in memalign.
    
    A large bytes parameter to memalign could cause an integer overflow
    and corrupt allocator internals. Check the overflow does not occur
    before continuing with the allocation.
    
    ChangeLog:
    
    2013-09-11  Will Newton  <will.newton@linaro.org>
    
    	[BZ #15857]
    	* malloc/malloc.c (__libc_memalign): Check the value of bytes
    	does not overflow.
    
    (cherry picked from commit b73ed247781d533628b681f57257dc85882645d3)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8f29d3b5ae201ae4af368d2221381c5a856913d5

commit 8f29d3b5ae201ae4af368d2221381c5a856913d5
Author: Will Newton <will.newton@linaro.org>
Date:   Fri Aug 16 11:59:37 2013 +0100

    malloc: Check for integer overflow in valloc.
    
    A large bytes parameter to valloc could cause an integer overflow
    and corrupt allocator internals. Check the overflow does not occur
    before continuing with the allocation.
    
    ChangeLog:
    
    2013-09-11  Will Newton  <will.newton@linaro.org>
    
    	[BZ #15856]
    	* malloc/malloc.c (__libc_valloc): Check the value of bytes
    	does not overflow.
    
    (cherry picked from commit 55e17aadc1ef17a1df9626fb0e9fba290ece3331)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=63e9a36056fe53621fa3001fe22b4833a9ea9457

commit 63e9a36056fe53621fa3001fe22b4833a9ea9457
Author: Will Newton <will.newton@linaro.org>
Date:   Mon Aug 12 15:08:02 2013 +0100

    malloc: Check for integer overflow in pvalloc.
    
    A large bytes parameter to pvalloc could cause an integer overflow
    and corrupt allocator internals. Check the overflow does not occur
    before continuing with the allocation.
    
    ChangeLog:
    
    2013-09-11  Will Newton  <will.newton@linaro.org>
    
    	[BZ #15855]
    	* malloc/malloc.c (__libc_pvalloc): Check the value of bytes
    	does not overflow.
    
    (cherry picked from commit 1159a193696ad48ec86e5895f6dee3e539619c0e)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a3ed3a127ca30b3b25aab0b441f9f3f0ecc07f7e

commit a3ed3a127ca30b3b25aab0b441f9f3f0ecc07f7e
Author: Florian Weimer <fweimer@redhat.com>
Date:   Fri Aug 16 09:38:52 2013 +0200

    CVE-2013-4237, BZ #14699: Buffer overflow in readdir_r
    
    	* sysdeps/posix/dirstream.h (struct __dirstream): Add errcode
    	member.
    	* sysdeps/posix/opendir.c (__alloc_dir): Initialize errcode
    	member.
    	* sysdeps/posix/rewinddir.c (rewinddir): Reset errcode member.
    	* sysdeps/posix/readdir_r.c (__READDIR_R): Enforce NAME_MAX limit.
    	Return delayed error code.  Remove GETDENTS_64BIT_ALIGNED
    	conditional.
    	* sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c: Do not define
    	GETDENTS_64BIT_ALIGNED.
    	* sysdeps/unix/sysv/linux/i386/readdir64_r.c: Likewise.
    	* manual/filesys.texi (Reading/Closing Directory): Document
    	ENAMETOOLONG return value of readdir_r.  Recommend readdir more
    	strongly.
    	* manual/conf.texi (Limits for Files): Add portability note to
    	NAME_MAX, PATH_MAX.
    	(Pathconf): Add portability note for _PC_NAME_MAX, _PC_PATH_MAX.
    
    (cherry picked from commit 91ce40854d0b7f865cf5024ef95a8026b76096f3)
    
    Conflicts:
    	NEWS

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog                                       |  118 +++
 csu/libc-start.c                                |   16 +
 elf/Makefile                                    |   12 +-
 elf/tst-ptrguard1-static.c                      |    1 +
 elf/tst-ptrguard1.c                             |  202 +++++
 malloc/malloc.c                                 |   21 +
 manual/conf.texi                                |    9 +
 manual/filesys.texi                             |   73 ++-
 ports/ChangeLog.ia64                            |    5 +
 ports/ChangeLog.tile                            |    5 +
 ports/sysdeps/ia64/stackguard-macros.h          |    3 +
 ports/sysdeps/tile/stackguard-macros.h          |    6 +
 string/Makefile                                 |    2 +
 string/strcoll_l.c                              |  926 +++++++++++++----------
 string/tst-strcoll-overflow.c                   |   61 ++
 sysdeps/generic/stackguard-macros.h             |    8 +
 sysdeps/i386/stackguard-macros.h                |    8 +
 sysdeps/posix/dirstream.h                       |    2 +
 sysdeps/posix/getaddrinfo.c                     |   33 +-
 sysdeps/posix/opendir.c                         |    1 +
 sysdeps/posix/readdir_r.c                       |   42 +-
 sysdeps/posix/rewinddir.c                       |    1 +
 sysdeps/powerpc/powerpc32/stackguard-macros.h   |   10 +
 sysdeps/powerpc/powerpc64/stackguard-macros.h   |   10 +
 sysdeps/s390/s390-32/stackguard-macros.h        |   11 +
 sysdeps/s390/s390-64/stackguard-macros.h        |   14 +
 sysdeps/sparc/sparc32/stackguard-macros.h       |    3 +
 sysdeps/sparc/sparc64/stackguard-macros.h       |    3 +
 sysdeps/unix/sysv/linux/i386/readdir64_r.c      |    1 -
 sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c |    1 -
 sysdeps/x86_64/stackguard-macros.h              |    5 +
 31 files changed, 1159 insertions(+), 454 deletions(-)
 create mode 100644 elf/tst-ptrguard1-static.c
 create mode 100644 elf/tst-ptrguard1.c
 create mode 100644 string/tst-strcoll-overflow.c
Comment 5 Sourceware Commits 2013-11-01 19:00:50 UTC
       via  dc3a1f98dc4c86cb454474f4912ae325573655cb (commit)
       via  e20644b3a6f96eb053ab4c2c900f7bef7f472916 (commit)
       via  c51d675c459aefef8d84d5a0b114010f916ea278 (commit)
       via  6a6a386a3040726053a5fb8582ff26dc85d84741 (commit)
       via  7e0e64ead52591b968df582b0ddc247ba5c4eab4 (commit)
       via  c779e9df75256f19c7be8d12b2d163e2016a63f4 (commit)
       via  c4733da3f8e4c54e30f048c9e8d2b2fe2f53fd24 (commit)
       via  b8053c6138c8835fb27d30c7e034e240e92bce0f (commit)
       via  37d4728976aea69db23a061830828787a2fd05ed (commit)
       via  1034d41c8fe7b31ba8ba304d1fff93cecb183520 (commit)
       via  3874aa022b6f0f9aca9ad1ef703a77be1bc97b36 (commit)
       via  6f95434fd488e9b72117f9b93ec2e2dbf397a4d3 (commit)
       via  4a3abd22ecbda2d7b718b133fae2d2abfdfab614 (commit)
       via  d1aac9a6ff01c226c42bb934c170dd1c00ba8071 (commit)
       via  860ec8e62a01a9c9e5087aa4cfd3b5e03fc7649b (commit)
       via  3f71830d35d7bf4ac11664f0c48c3c68d250618b (commit)
       via  8e395175c4786ad9679851e3ed3c0c54a6f4e1f0 (commit)
       via  b51679672648410c6627a4bd169e076c5b36f47b (commit)
       via  a4faadaff25e19abf295556a23b7b889b4bf6df4 (commit)
       via  b502a3756d6979439130f1e46c2c27b62f493acd (commit)
       via  b3c7503940022f70ec8272c2c0d0a0e4489ae992 (commit)
       via  e53103749c19199b0ec23e8a5b330dd2e288f5ac (commit)
       via  85ce5db8d835281c8beff6e750c02c799dee3f6f (commit)
       via  c3a4bddd656561cfffba2605e148e65d4ff07e21 (commit)
       via  1778fd0a17a74422a58d8eada3fa08b80f0a0c27 (commit)
       via  8df86a8394d0ea121f2066efe618f2b1cc799be3 (commit)
       via  f8a004f1fa412e3aae77faa30b4dfb654d721510 (commit)
       via  f166b9c6e90d631115c59b4357357bc168d8e51a (commit)
      from  760b348db29b446efc760b4bc3627379cc61b0d8 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=dc3a1f98dc4c86cb454474f4912ae325573655cb

commit dc3a1f98dc4c86cb454474f4912ae325573655cb
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date:   Wed Sep 25 13:43:04 2013 -0500

    PowerPC: Fix POINTER_CHK_GUARD thread register for PPC64

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e20644b3a6f96eb053ab4c2c900f7bef7f472916

commit e20644b3a6f96eb053ab4c2c900f7bef7f472916
Author: Will Newton <will.newton@linaro.org>
Date:   Fri Sep 13 09:26:02 2013 +0100

    Add CVE-2013-4332 to NEWS.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c51d675c459aefef8d84d5a0b114010f916ea278

commit c51d675c459aefef8d84d5a0b114010f916ea278
Author: Will Newton <will.newton@linaro.org>
Date:   Fri Aug 16 12:54:29 2013 +0100

    malloc: Check for integer overflow in memalign.
    
    A large bytes parameter to memalign could cause an integer overflow
    and corrupt allocator internals. Check the overflow does not occur
    before continuing with the allocation.
    
    ChangeLog:
    
    2013-09-11  Will Newton  <will.newton@linaro.org>
    
    	[BZ #15857]
    	* malloc/malloc.c (__libc_memalign): Check the value of bytes
    	does not overflow.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6a6a386a3040726053a5fb8582ff26dc85d84741

commit 6a6a386a3040726053a5fb8582ff26dc85d84741
Author: Will Newton <will.newton@linaro.org>
Date:   Fri Aug 16 11:59:37 2013 +0100

    malloc: Check for integer overflow in valloc.
    
    A large bytes parameter to valloc could cause an integer overflow
    and corrupt allocator internals. Check the overflow does not occur
    before continuing with the allocation.
    
    ChangeLog:
    
    2013-09-11  Will Newton  <will.newton@linaro.org>
    
    	[BZ #15856]
    	* malloc/malloc.c (__libc_valloc): Check the value of bytes
    	does not overflow.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=7e0e64ead52591b968df582b0ddc247ba5c4eab4

commit 7e0e64ead52591b968df582b0ddc247ba5c4eab4
Author: Will Newton <will.newton@linaro.org>
Date:   Mon Aug 12 15:08:02 2013 +0100

    malloc: Check for integer overflow in pvalloc.
    
    A large bytes parameter to pvalloc could cause an integer overflow
    and corrupt allocator internals. Check the overflow does not occur
    before continuing with the allocation.
    
    ChangeLog:
    
    2013-09-11  Will Newton  <will.newton@linaro.org>
    
    	[BZ #15855]
    	* malloc/malloc.c (__libc_pvalloc): Check the value of bytes
    	does not overflow.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c779e9df75256f19c7be8d12b2d163e2016a63f4

commit c779e9df75256f19c7be8d12b2d163e2016a63f4
Author: Carlos O'Donell <carlos@redhat.com>
Date:   Mon Sep 23 00:52:09 2013 -0400

    BZ #15754: CVE-2013-4788
    
    The pointer guard used for pointer mangling was not initialized for
    static applications resulting in the security feature being disabled.
    The pointer guard is now correctly initialized to a random value for
    static applications. Existing static applications need to be
    recompiled to take advantage of the fix.
    
    The test tst-ptrguard1-static and tst-ptrguard1 add regression
    coverage to ensure the pointer guards are sufficiently random
    and initialized to a default value.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c4733da3f8e4c54e30f048c9e8d2b2fe2f53fd24

commit c4733da3f8e4c54e30f048c9e8d2b2fe2f53fd24
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date:   Mon Sep 23 11:24:30 2013 +0530

    Check for integer overflow in cache size computation in strcoll
    
    strcoll is implemented using a cache for indices and weights of
    collation sequences in the strings so that subsequent passes do not
    have to search through collation data again.  For very large string
    inputs, the cache size computation could overflow.  In such a case,
    use the fallback function that does not cache indices and weights of
    collation sequences.
    
    Fixes CVE-2012-4412.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b8053c6138c8835fb27d30c7e034e240e92bce0f

commit b8053c6138c8835fb27d30c7e034e240e92bce0f
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date:   Mon Sep 23 11:20:02 2013 +0530

    Fall back to non-cached sequence traversal and comparison on malloc fail
    
    strcoll currently falls back to alloca if malloc fails, resulting in a
    possible stack overflow.  This patch implements sequence traversal and
    comparison without caching indices and rules.
    
    Fixes CVE-2012-4424.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=37d4728976aea69db23a061830828787a2fd05ed

commit 37d4728976aea69db23a061830828787a2fd05ed
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date:   Tue Aug 20 08:40:05 2013 +0530

    Simplify strcoll implementation
    
    Break up strcoll into simpler functions so that the logic is easier to
    follow and maintain.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=1034d41c8fe7b31ba8ba304d1fff93cecb183520

commit 1034d41c8fe7b31ba8ba304d1fff93cecb183520
Author: Andreas Schwab <schwab@suse.de>
Date:   Thu Oct 31 12:51:03 2013 +0100

    Fix parsing of 0e+0 as float

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3874aa022b6f0f9aca9ad1ef703a77be1bc97b36

commit 3874aa022b6f0f9aca9ad1ef703a77be1bc97b36
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date:   Thu Sep 26 09:29:19 2013 -0500

    PowerPC: strcpy/stpcpy optimization for PPC64/POWER7
    
    This patch intends to unify both strcpy and stpcpy implementationsi
    for PPC64 and PPC64/POWER7. The idead default powerpc64 implementation
    is to provide both doubleword and word aligned memory access.
    
    For PPC64/POWER7 is also provide doubleword and word memory access,
    remove the branch hints, use the cmpb instruction for compare
    doubleword/words, and add an optimization for inputs of same alignment.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6f95434fd488e9b72117f9b93ec2e2dbf397a4d3

commit 6f95434fd488e9b72117f9b93ec2e2dbf397a4d3
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date:   Fri Oct 25 10:22:12 2013 +0530

    Fix stack overflow due to large AF_INET6 requests
    
    Resolves #16072 (CVE-2013-4458).
    
    This patch fixes another stack overflow in getaddrinfo when it is
    called with AF_INET6.  The AF_UNSPEC case was fixed as CVE-2013-1914,
    but the AF_INET6 case went undetected back then.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4a3abd22ecbda2d7b718b133fae2d2abfdfab614

commit 4a3abd22ecbda2d7b718b133fae2d2abfdfab614
Author: Joseph Myers <joseph@codesourcery.com>
Date:   Thu Oct 10 19:11:30 2013 +0000

    Avoid ordered comparisons of NaNs in ldbl-128ibm acosl and asinl.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d1aac9a6ff01c226c42bb934c170dd1c00ba8071

commit d1aac9a6ff01c226c42bb934c170dd1c00ba8071
Author: Anton Blanchard <anton@au1.ibm.com>
Date:   Sat Aug 17 18:34:40 2013 +0930

    PowerPC LE setjmp/longjmp
    
    http://sourceware.org/ml/libc-alpha/2013-08/msg00089.html
    
    Little-endian fixes for setjmp/longjmp.  When writing these I noticed
    the setjmp code corrupts the non volatile VMX registers when using an
    unaligned buffer.  Anton fixed this, and also simplified it quite a
    bit.
    
    The current code uses boilerplate for the case where we want to store
    16 bytes to an unaligned address.  For that we have to do a
    read/modify/write of two aligned 16 byte quantities.  In our case we
    are storing a bunch of back to back data (consective VMX registers),
    and only the start and end of the region need the read/modify/write.
    
    	[BZ #15723]
    	* sysdeps/powerpc/jmpbuf-offsets.h: Comment fix.
    	* sysdeps/powerpc/powerpc32/fpu/__longjmp-common.S: Correct
    	_dl_hwcap access for little-endian.
    	* sysdeps/powerpc/powerpc32/fpu/setjmp-common.S: Likewise.  Don't
    	destroy vmx regs when saving unaligned.
    	* sysdeps/powerpc/powerpc64/__longjmp-common.S: Correct CR load.
    	* sysdeps/powerpc/powerpc64/setjmp-common.S: Likewise CR save.  Don't
    	destroy vmx regs when saving unaligned.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=860ec8e62a01a9c9e5087aa4cfd3b5e03fc7649b

commit 860ec8e62a01a9c9e5087aa4cfd3b5e03fc7649b
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date:   Tue Oct 1 20:35:28 2013 +0530

    Fix PI mutex check in pthread_cond_broadcast and pthread_cond_signal
    
    Fixes BZ #15988.
    
    The check had a typo - it checked for PTHREAD_MUTEX_ROBUST_NP instead
    of PTHREAD_MUTEX_ROBUST_NORMAL_NP.  It has now been replaced by the
    already existing convenience macro USE_REQUEUE_PI.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3f71830d35d7bf4ac11664f0c48c3c68d250618b

commit 3f71830d35d7bf4ac11664f0c48c3c68d250618b
Author: Allan McRae <allan@archlinux.org>
Date:   Mon Sep 9 22:52:58 2013 +1000

    Fix memory leak in stdlib/isomac.c

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8e395175c4786ad9679851e3ed3c0c54a6f4e1f0

commit 8e395175c4786ad9679851e3ed3c0c54a6f4e1f0
Author: Allan McRae <allan@archlinux.org>
Date:   Mon Sep 9 22:50:41 2013 +1000

    Fix memory leaks in libio on allocation failure

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b51679672648410c6627a4bd169e076c5b36f47b

commit b51679672648410c6627a4bd169e076c5b36f47b
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date:   Thu Sep 5 09:32:56 2013 -0500

    PowerPC: fix POWER7 memrchr for some large inputs

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a4faadaff25e19abf295556a23b7b889b4bf6df4

commit a4faadaff25e19abf295556a23b7b889b4bf6df4
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date:   Thu Aug 29 15:28:00 2013 -0300

    Add memrchr testcase

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b502a3756d6979439130f1e46c2c27b62f493acd

commit b502a3756d6979439130f1e46c2c27b62f493acd
Author: Joseph Myers <joseph@codesourcery.com>
Date:   Tue Sep 3 15:32:54 2013 +0000

    Fix lgammaf spurious underflow (bug 15427).

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b3c7503940022f70ec8272c2c0d0a0e4489ae992

commit b3c7503940022f70ec8272c2c0d0a0e4489ae992
Author: Joseph Myers <joseph@codesourcery.com>
Date:   Mon Sep 2 14:51:24 2013 +0000

    Fix spurious jnf underflows (bug 14155).

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e53103749c19199b0ec23e8a5b330dd2e288f5ac

commit e53103749c19199b0ec23e8a5b330dd2e288f5ac
Author: Thomas Schwinge <thomas@codesourcery.com>
Date:   Thu May 23 18:00:10 2013 +0200

    [BZ #15522] strtod ("nan(N)") returning a sNaN in some cases

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=85ce5db8d835281c8beff6e750c02c799dee3f6f

commit 85ce5db8d835281c8beff6e750c02c799dee3f6f
Author: Joseph Myers <joseph@codesourcery.com>
Date:   Fri Aug 23 19:45:38 2013 +0000

    Fix cexp (NaN + i0) (bug 15532).

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c3a4bddd656561cfffba2605e148e65d4ff07e21

commit c3a4bddd656561cfffba2605e148e65d4ff07e21
Author: Joseph Myers <joseph@codesourcery.com>
Date:   Wed Aug 21 19:56:48 2013 +0000

    Fix fdim handling of infinities (bug 15797).

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=1778fd0a17a74422a58d8eada3fa08b80f0a0c27

commit 1778fd0a17a74422a58d8eada3fa08b80f0a0c27
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date:   Tue Aug 20 15:01:59 2013 -0500

    PowerPC: fix backtrace to handle signal trampolines
    
    This patch fixes backtrace for PPC32 and PPC64 to correctly handle
    signal trampolines. The 'debug/tst-backtrace6.c' also check for
    SA_SIGINFO handling, where is triggers another vDSO symbols for PPC32.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8df86a8394d0ea121f2066efe618f2b1cc799be3

commit 8df86a8394d0ea121f2066efe618f2b1cc799be3
Author: Joseph Myers <joseph@codesourcery.com>
Date:   Tue Aug 20 19:41:15 2013 +0000

    Fix cproj handling of (finite, NaN) arguments (bug 15531).
    
    backport of c980f2f4fe0f5d301f706017a1f7e4e942193ec0

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f8a004f1fa412e3aae77faa30b4dfb654d721510

commit f8a004f1fa412e3aae77faa30b4dfb654d721510
Author: Andreas Arnez <arnez@linux.vnet.ibm.com>
Date:   Thu Oct 31 09:57:33 2013 -0500

    * elf/setup-vdso.h (setup_vdso): Fix missing string termination.
    
    backport of f315524e034cfc644157cb4af5ecc99f645dd067

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f166b9c6e90d631115c59b4357357bc168d8e51a

commit f166b9c6e90d631115c59b4357357bc168d8e51a
Author: Florian Weimer <fweimer@redhat.com>
Date:   Thu Oct 31 09:55:52 2013 -0500

    CVE-2013-4237, BZ #14699: Buffer overflow in readdir_r
    
    * sysdeps/posix/dirstream.h (struct __dirstream): Add errcode
    member.
    * sysdeps/posix/opendir.c (__alloc_dir): Initialize errcode
    member.
    * sysdeps/posix/rewinddir.c (rewinddir): Reset errcode member.
    * sysdeps/posix/readdir_r.c (__READDIR_R): Enforce NAME_MAX limit.
    Return delayed error code.  Remove GETDENTS_64BIT_ALIGNED
    conditional.
    * sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c: Do not define
    GETDENTS_64BIT_ALIGNED.
    * sysdeps/unix/sysv/linux/i386/readdir64_r.c: Likewise.
    * manual/filesys.texi (Reading/Closing Directory): Document
    ENAMETOOLONG return value of readdir_r.  Recommend readdir more
    strongly.
    * manual/conf.texi (Limits for Files): Add portability note to
    NAME_MAX, PATH_MAX.
    (Pathconf): Add portability note for _PC_NAME_MAX, _PC_PATH_MAX.
    
    backport of 91ce40854d0b7f865cf5024ef95a8026b76096f3

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog                                       |  204 +++++
 NEWS                                            |   57 ++-
 csu/libc-start.c                                |   16 +
 elf/Makefile                                    |    9 +-
 elf/setup-vdso.h                                |    2 +-
 elf/tst-ptrguard1-static.c                      |    1 +
 elf/tst-ptrguard1.c                             |  202 +++++
 libio/memstream.c                               |    5 +-
 libio/wmemstream.c                              |    6 +-
 malloc/malloc.c                                 |   21 +
 manual/conf.texi                                |    9 +
 manual/filesys.texi                             |   73 ++-
 math/libm-test.inc                              |  175 ++++-
 math/s_cexp.c                                   |   14 +-
 math/s_cexpf.c                                  |   14 +-
 math/s_cexpl.c                                  |   14 +-
 math/s_cproj.c                                  |    4 +-
 math/s_cprojf.c                                 |    4 +-
 math/s_cprojl.c                                 |    4 +-
 math/s_fdim.c                                   |    8 +-
 math/s_fdimf.c                                  |    8 +-
 math/s_fdiml.c                                  |    8 +-
 nptl/ChangeLog                                  |    9 +
 nptl/pthread_cond_broadcast.c                   |    5 +-
 nptl/pthread_cond_signal.c                      |    7 +-
 ports/ChangeLog.ia64                            |    5 +
 ports/ChangeLog.tile                            |    5 +
 ports/sysdeps/ia64/stackguard-macros.h          |    3 +
 ports/sysdeps/tile/stackguard-macros.h          |    6 +
 stdio-common/tst-sscanf.c                       |   34 +
 stdio-common/vfscanf.c                          |    2 +
 stdlib/isomac.c                                 |    1 +
 stdlib/strtod_l.c                               |    9 +-
 stdlib/strtof_l.c                               |    7 +-
 stdlib/tst-strtod6.c                            |   24 +-
 string/Makefile                                 |    4 +-
 string/strcoll_l.c                              |  926 +++++++++++++----------
 string/test-memrchr-ifunc.c                     |   20 +
 string/test-memrchr.c                           |  169 ++++
 string/tst-strcoll-overflow.c                   |   61 ++
 sysdeps/generic/stackguard-macros.h             |    3 +
 sysdeps/i386/fpu/libm-test-ulps                 |   72 ++-
 sysdeps/i386/stackguard-macros.h                |    8 +
 sysdeps/ieee754/flt-32/e_jnf.c                  |    4 +-
 sysdeps/ieee754/flt-32/e_lgammaf_r.c            |    4 +-
 sysdeps/ieee754/ldbl-128/strtold_l.c            |   12 +-
 sysdeps/ieee754/ldbl-128ibm/e_acosl.c           |    8 +-
 sysdeps/ieee754/ldbl-128ibm/e_asinl.c           |    2 +
 sysdeps/ieee754/ldbl-128ibm/ieee754.h           |   19 +
 sysdeps/ieee754/ldbl-128ibm/s_cprojl.c          |    4 +-
 sysdeps/ieee754/ldbl-128ibm/strtold_l.c         |    9 +-
 sysdeps/ieee754/ldbl-64-128/strtold_l.c         |   12 +-
 sysdeps/ieee754/ldbl-96/strtold_l.c             |    9 +-
 sysdeps/posix/dirstream.h                       |    2 +
 sysdeps/posix/getaddrinfo.c                     |   20 +-
 sysdeps/posix/opendir.c                         |    1 +
 sysdeps/posix/readdir_r.c                       |   42 +-
 sysdeps/posix/rewinddir.c                       |    1 +
 sysdeps/powerpc/jmpbuf-offsets.h                |    6 +-
 sysdeps/powerpc/powerpc32/fpu/setjmp-common.S   |   65 +-
 sysdeps/powerpc/powerpc32/power7/memrchr.S      |    4 +-
 sysdeps/powerpc/powerpc32/stackguard-macros.h   |   10 +
 sysdeps/powerpc/powerpc64/__longjmp-common.S    |    4 +-
 sysdeps/powerpc/powerpc64/power7/memrchr.S      |    4 +-
 sysdeps/powerpc/powerpc64/power7/stpcpy.S       |   24 +
 sysdeps/powerpc/powerpc64/power7/strcpy.S       |  274 +++++++
 sysdeps/powerpc/powerpc64/setjmp-common.S       |   72 +-
 sysdeps/powerpc/powerpc64/stackguard-macros.h   |   10 +
 sysdeps/powerpc/powerpc64/stpcpy.S              |   83 +--
 sysdeps/powerpc/powerpc64/strcpy.S              |  153 +++-
 sysdeps/s390/s390-32/stackguard-macros.h        |   11 +
 sysdeps/s390/s390-64/stackguard-macros.h        |   14 +
 sysdeps/sparc/sparc32/stackguard-macros.h       |    3 +
 sysdeps/sparc/sparc64/stackguard-macros.h       |    3 +
 sysdeps/unix/sysv/linux/i386/readdir64_r.c      |    1 -
 sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c |    1 -
 sysdeps/x86_64/fpu/libm-test-ulps               |   75 ++-
 sysdeps/x86_64/stackguard-macros.h              |    5 +
 78 files changed, 2432 insertions(+), 777 deletions(-)
 create mode 100644 elf/tst-ptrguard1-static.c
 create mode 100644 elf/tst-ptrguard1.c
 create mode 100644 string/test-memrchr-ifunc.c
 create mode 100644 string/test-memrchr.c
 create mode 100644 string/tst-strcoll-overflow.c
 create mode 100644 sysdeps/powerpc/powerpc64/power7/stpcpy.S
 create mode 100644 sysdeps/powerpc/powerpc64/power7/strcpy.S
Comment 6 Sourceware Commits 2013-11-21 17:14:05 UTC
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, ibm/2.18/master has been updated
       via  8209beac4644af4c2875f52f82c53c0d4be589ca (commit)
       via  38bf8b39f1b9dc7acf3af57b9545ed425e9d5417 (commit)
       via  dc3a1f98dc4c86cb454474f4912ae325573655cb (commit)
       via  e20644b3a6f96eb053ab4c2c900f7bef7f472916 (commit)
       via  c51d675c459aefef8d84d5a0b114010f916ea278 (commit)
       via  6a6a386a3040726053a5fb8582ff26dc85d84741 (commit)
       via  7e0e64ead52591b968df582b0ddc247ba5c4eab4 (commit)
       via  c779e9df75256f19c7be8d12b2d163e2016a63f4 (commit)
       via  c4733da3f8e4c54e30f048c9e8d2b2fe2f53fd24 (commit)
       via  b8053c6138c8835fb27d30c7e034e240e92bce0f (commit)
       via  37d4728976aea69db23a061830828787a2fd05ed (commit)
       via  1034d41c8fe7b31ba8ba304d1fff93cecb183520 (commit)
       via  3874aa022b6f0f9aca9ad1ef703a77be1bc97b36 (commit)
       via  6f95434fd488e9b72117f9b93ec2e2dbf397a4d3 (commit)
       via  4a3abd22ecbda2d7b718b133fae2d2abfdfab614 (commit)
       via  d1aac9a6ff01c226c42bb934c170dd1c00ba8071 (commit)
       via  860ec8e62a01a9c9e5087aa4cfd3b5e03fc7649b (commit)
       via  3f71830d35d7bf4ac11664f0c48c3c68d250618b (commit)
       via  8e395175c4786ad9679851e3ed3c0c54a6f4e1f0 (commit)
       via  b51679672648410c6627a4bd169e076c5b36f47b (commit)
       via  a4faadaff25e19abf295556a23b7b889b4bf6df4 (commit)
       via  b502a3756d6979439130f1e46c2c27b62f493acd (commit)
       via  b3c7503940022f70ec8272c2c0d0a0e4489ae992 (commit)
       via  e53103749c19199b0ec23e8a5b330dd2e288f5ac (commit)
       via  85ce5db8d835281c8beff6e750c02c799dee3f6f (commit)
       via  c3a4bddd656561cfffba2605e148e65d4ff07e21 (commit)
       via  1778fd0a17a74422a58d8eada3fa08b80f0a0c27 (commit)
       via  8df86a8394d0ea121f2066efe618f2b1cc799be3 (commit)
       via  f8a004f1fa412e3aae77faa30b4dfb654d721510 (commit)
       via  f166b9c6e90d631115c59b4357357bc168d8e51a (commit)
       via  760b348db29b446efc760b4bc3627379cc61b0d8 (commit)
       via  84dd3946e0e0aee66635ba4373943d113fd25ca1 (commit)
       via  733a36d81544dad38726489b43523cc0ac95095d (commit)
       via  2d16bebbeabd3ab312998c969e21d092ff348485 (commit)
       via  975208ca8a02f332572edde22d3e4da6c100bdbc (commit)
      from  40e9bbdd3d2ea22c2455949959ced90e054f6023 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8209beac4644af4c2875f52f82c53c0d4be589ca

commit 8209beac4644af4c2875f52f82c53c0d4be589ca
Merge: 40e9bbd 38bf8b3
Author: Tulio Magno Quites Machado Filho <tuliom@linux.vnet.ibm.com>
Date:   Thu Nov 21 15:02:35 2013 -0200

    Merge the changes to add little endian support on PowerPC
    
    Discard all the previous changes from ibm/2.18/master in order to keep a
    clean branch.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=38bf8b39f1b9dc7acf3af57b9545ed425e9d5417

commit 38bf8b39f1b9dc7acf3af57b9545ed425e9d5417
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date:   Thu Nov 7 05:34:22 2013 -0600

    PowerPC: Fix vDSO missing ODP entries
    
    This patch fixes the vDSO symbol used directed in IFUNC resolver where
    they do not have an associated ODP entry leading to undefined behavior
    in some cases. It adds an artificial OPD static entry to such cases
    and set its TOC to non 0 to avoid triggering lazy resolutions.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=dc3a1f98dc4c86cb454474f4912ae325573655cb

commit dc3a1f98dc4c86cb454474f4912ae325573655cb
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date:   Wed Sep 25 13:43:04 2013 -0500

    PowerPC: Fix POINTER_CHK_GUARD thread register for PPC64

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e20644b3a6f96eb053ab4c2c900f7bef7f472916

commit e20644b3a6f96eb053ab4c2c900f7bef7f472916
Author: Will Newton <will.newton@linaro.org>
Date:   Fri Sep 13 09:26:02 2013 +0100

    Add CVE-2013-4332 to NEWS.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c51d675c459aefef8d84d5a0b114010f916ea278

commit c51d675c459aefef8d84d5a0b114010f916ea278
Author: Will Newton <will.newton@linaro.org>
Date:   Fri Aug 16 12:54:29 2013 +0100

    malloc: Check for integer overflow in memalign.
    
    A large bytes parameter to memalign could cause an integer overflow
    and corrupt allocator internals. Check the overflow does not occur
    before continuing with the allocation.
    
    ChangeLog:
    
    2013-09-11  Will Newton  <will.newton@linaro.org>
    
    	[BZ #15857]
    	* malloc/malloc.c (__libc_memalign): Check the value of bytes
    	does not overflow.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6a6a386a3040726053a5fb8582ff26dc85d84741

commit 6a6a386a3040726053a5fb8582ff26dc85d84741
Author: Will Newton <will.newton@linaro.org>
Date:   Fri Aug 16 11:59:37 2013 +0100

    malloc: Check for integer overflow in valloc.
    
    A large bytes parameter to valloc could cause an integer overflow
    and corrupt allocator internals. Check the overflow does not occur
    before continuing with the allocation.
    
    ChangeLog:
    
    2013-09-11  Will Newton  <will.newton@linaro.org>
    
    	[BZ #15856]
    	* malloc/malloc.c (__libc_valloc): Check the value of bytes
    	does not overflow.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=7e0e64ead52591b968df582b0ddc247ba5c4eab4

commit 7e0e64ead52591b968df582b0ddc247ba5c4eab4
Author: Will Newton <will.newton@linaro.org>
Date:   Mon Aug 12 15:08:02 2013 +0100

    malloc: Check for integer overflow in pvalloc.
    
    A large bytes parameter to pvalloc could cause an integer overflow
    and corrupt allocator internals. Check the overflow does not occur
    before continuing with the allocation.
    
    ChangeLog:
    
    2013-09-11  Will Newton  <will.newton@linaro.org>
    
    	[BZ #15855]
    	* malloc/malloc.c (__libc_pvalloc): Check the value of bytes
    	does not overflow.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c779e9df75256f19c7be8d12b2d163e2016a63f4

commit c779e9df75256f19c7be8d12b2d163e2016a63f4
Author: Carlos O'Donell <carlos@redhat.com>
Date:   Mon Sep 23 00:52:09 2013 -0400

    BZ #15754: CVE-2013-4788
    
    The pointer guard used for pointer mangling was not initialized for
    static applications resulting in the security feature being disabled.
    The pointer guard is now correctly initialized to a random value for
    static applications. Existing static applications need to be
    recompiled to take advantage of the fix.
    
    The test tst-ptrguard1-static and tst-ptrguard1 add regression
    coverage to ensure the pointer guards are sufficiently random
    and initialized to a default value.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c4733da3f8e4c54e30f048c9e8d2b2fe2f53fd24

commit c4733da3f8e4c54e30f048c9e8d2b2fe2f53fd24
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date:   Mon Sep 23 11:24:30 2013 +0530

    Check for integer overflow in cache size computation in strcoll
    
    strcoll is implemented using a cache for indices and weights of
    collation sequences in the strings so that subsequent passes do not
    have to search through collation data again.  For very large string
    inputs, the cache size computation could overflow.  In such a case,
    use the fallback function that does not cache indices and weights of
    collation sequences.
    
    Fixes CVE-2012-4412.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b8053c6138c8835fb27d30c7e034e240e92bce0f

commit b8053c6138c8835fb27d30c7e034e240e92bce0f
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date:   Mon Sep 23 11:20:02 2013 +0530

    Fall back to non-cached sequence traversal and comparison on malloc fail
    
    strcoll currently falls back to alloca if malloc fails, resulting in a
    possible stack overflow.  This patch implements sequence traversal and
    comparison without caching indices and rules.
    
    Fixes CVE-2012-4424.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=37d4728976aea69db23a061830828787a2fd05ed

commit 37d4728976aea69db23a061830828787a2fd05ed
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date:   Tue Aug 20 08:40:05 2013 +0530

    Simplify strcoll implementation
    
    Break up strcoll into simpler functions so that the logic is easier to
    follow and maintain.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=1034d41c8fe7b31ba8ba304d1fff93cecb183520

commit 1034d41c8fe7b31ba8ba304d1fff93cecb183520
Author: Andreas Schwab <schwab@suse.de>
Date:   Thu Oct 31 12:51:03 2013 +0100

    Fix parsing of 0e+0 as float

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3874aa022b6f0f9aca9ad1ef703a77be1bc97b36

commit 3874aa022b6f0f9aca9ad1ef703a77be1bc97b36
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date:   Thu Sep 26 09:29:19 2013 -0500

    PowerPC: strcpy/stpcpy optimization for PPC64/POWER7
    
    This patch intends to unify both strcpy and stpcpy implementationsi
    for PPC64 and PPC64/POWER7. The idead default powerpc64 implementation
    is to provide both doubleword and word aligned memory access.
    
    For PPC64/POWER7 is also provide doubleword and word memory access,
    remove the branch hints, use the cmpb instruction for compare
    doubleword/words, and add an optimization for inputs of same alignment.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6f95434fd488e9b72117f9b93ec2e2dbf397a4d3

commit 6f95434fd488e9b72117f9b93ec2e2dbf397a4d3
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date:   Fri Oct 25 10:22:12 2013 +0530

    Fix stack overflow due to large AF_INET6 requests
    
    Resolves #16072 (CVE-2013-4458).
    
    This patch fixes another stack overflow in getaddrinfo when it is
    called with AF_INET6.  The AF_UNSPEC case was fixed as CVE-2013-1914,
    but the AF_INET6 case went undetected back then.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4a3abd22ecbda2d7b718b133fae2d2abfdfab614

commit 4a3abd22ecbda2d7b718b133fae2d2abfdfab614
Author: Joseph Myers <joseph@codesourcery.com>
Date:   Thu Oct 10 19:11:30 2013 +0000

    Avoid ordered comparisons of NaNs in ldbl-128ibm acosl and asinl.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d1aac9a6ff01c226c42bb934c170dd1c00ba8071

commit d1aac9a6ff01c226c42bb934c170dd1c00ba8071
Author: Anton Blanchard <anton@au1.ibm.com>
Date:   Sat Aug 17 18:34:40 2013 +0930

    PowerPC LE setjmp/longjmp
    
    http://sourceware.org/ml/libc-alpha/2013-08/msg00089.html
    
    Little-endian fixes for setjmp/longjmp.  When writing these I noticed
    the setjmp code corrupts the non volatile VMX registers when using an
    unaligned buffer.  Anton fixed this, and also simplified it quite a
    bit.
    
    The current code uses boilerplate for the case where we want to store
    16 bytes to an unaligned address.  For that we have to do a
    read/modify/write of two aligned 16 byte quantities.  In our case we
    are storing a bunch of back to back data (consective VMX registers),
    and only the start and end of the region need the read/modify/write.
    
    	[BZ #15723]
    	* sysdeps/powerpc/jmpbuf-offsets.h: Comment fix.
    	* sysdeps/powerpc/powerpc32/fpu/__longjmp-common.S: Correct
    	_dl_hwcap access for little-endian.
    	* sysdeps/powerpc/powerpc32/fpu/setjmp-common.S: Likewise.  Don't
    	destroy vmx regs when saving unaligned.
    	* sysdeps/powerpc/powerpc64/__longjmp-common.S: Correct CR load.
    	* sysdeps/powerpc/powerpc64/setjmp-common.S: Likewise CR save.  Don't
    	destroy vmx regs when saving unaligned.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=860ec8e62a01a9c9e5087aa4cfd3b5e03fc7649b

commit 860ec8e62a01a9c9e5087aa4cfd3b5e03fc7649b
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date:   Tue Oct 1 20:35:28 2013 +0530

    Fix PI mutex check in pthread_cond_broadcast and pthread_cond_signal
    
    Fixes BZ #15988.
    
    The check had a typo - it checked for PTHREAD_MUTEX_ROBUST_NP instead
    of PTHREAD_MUTEX_ROBUST_NORMAL_NP.  It has now been replaced by the
    already existing convenience macro USE_REQUEUE_PI.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3f71830d35d7bf4ac11664f0c48c3c68d250618b

commit 3f71830d35d7bf4ac11664f0c48c3c68d250618b
Author: Allan McRae <allan@archlinux.org>
Date:   Mon Sep 9 22:52:58 2013 +1000

    Fix memory leak in stdlib/isomac.c

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8e395175c4786ad9679851e3ed3c0c54a6f4e1f0

commit 8e395175c4786ad9679851e3ed3c0c54a6f4e1f0
Author: Allan McRae <allan@archlinux.org>
Date:   Mon Sep 9 22:50:41 2013 +1000

    Fix memory leaks in libio on allocation failure

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b51679672648410c6627a4bd169e076c5b36f47b

commit b51679672648410c6627a4bd169e076c5b36f47b
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date:   Thu Sep 5 09:32:56 2013 -0500

    PowerPC: fix POWER7 memrchr for some large inputs

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a4faadaff25e19abf295556a23b7b889b4bf6df4

commit a4faadaff25e19abf295556a23b7b889b4bf6df4
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date:   Thu Aug 29 15:28:00 2013 -0300

    Add memrchr testcase

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b502a3756d6979439130f1e46c2c27b62f493acd

commit b502a3756d6979439130f1e46c2c27b62f493acd
Author: Joseph Myers <joseph@codesourcery.com>
Date:   Tue Sep 3 15:32:54 2013 +0000

    Fix lgammaf spurious underflow (bug 15427).

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b3c7503940022f70ec8272c2c0d0a0e4489ae992

commit b3c7503940022f70ec8272c2c0d0a0e4489ae992
Author: Joseph Myers <joseph@codesourcery.com>
Date:   Mon Sep 2 14:51:24 2013 +0000

    Fix spurious jnf underflows (bug 14155).

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e53103749c19199b0ec23e8a5b330dd2e288f5ac

commit e53103749c19199b0ec23e8a5b330dd2e288f5ac
Author: Thomas Schwinge <thomas@codesourcery.com>
Date:   Thu May 23 18:00:10 2013 +0200

    [BZ #15522] strtod ("nan(N)") returning a sNaN in some cases

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=85ce5db8d835281c8beff6e750c02c799dee3f6f

commit 85ce5db8d835281c8beff6e750c02c799dee3f6f
Author: Joseph Myers <joseph@codesourcery.com>
Date:   Fri Aug 23 19:45:38 2013 +0000

    Fix cexp (NaN + i0) (bug 15532).

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c3a4bddd656561cfffba2605e148e65d4ff07e21

commit c3a4bddd656561cfffba2605e148e65d4ff07e21
Author: Joseph Myers <joseph@codesourcery.com>
Date:   Wed Aug 21 19:56:48 2013 +0000

    Fix fdim handling of infinities (bug 15797).

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=1778fd0a17a74422a58d8eada3fa08b80f0a0c27

commit 1778fd0a17a74422a58d8eada3fa08b80f0a0c27
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date:   Tue Aug 20 15:01:59 2013 -0500

    PowerPC: fix backtrace to handle signal trampolines
    
    This patch fixes backtrace for PPC32 and PPC64 to correctly handle
    signal trampolines. The 'debug/tst-backtrace6.c' also check for
    SA_SIGINFO handling, where is triggers another vDSO symbols for PPC32.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8df86a8394d0ea121f2066efe618f2b1cc799be3

commit 8df86a8394d0ea121f2066efe618f2b1cc799be3
Author: Joseph Myers <joseph@codesourcery.com>
Date:   Tue Aug 20 19:41:15 2013 +0000

    Fix cproj handling of (finite, NaN) arguments (bug 15531).
    
    backport of c980f2f4fe0f5d301f706017a1f7e4e942193ec0

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f8a004f1fa412e3aae77faa30b4dfb654d721510

commit f8a004f1fa412e3aae77faa30b4dfb654d721510
Author: Andreas Arnez <arnez@linux.vnet.ibm.com>
Date:   Thu Oct 31 09:57:33 2013 -0500

    * elf/setup-vdso.h (setup_vdso): Fix missing string termination.
    
    backport of f315524e034cfc644157cb4af5ecc99f645dd067

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f166b9c6e90d631115c59b4357357bc168d8e51a

commit f166b9c6e90d631115c59b4357357bc168d8e51a
Author: Florian Weimer <fweimer@redhat.com>
Date:   Thu Oct 31 09:55:52 2013 -0500

    CVE-2013-4237, BZ #14699: Buffer overflow in readdir_r
    
    * sysdeps/posix/dirstream.h (struct __dirstream): Add errcode
    member.
    * sysdeps/posix/opendir.c (__alloc_dir): Initialize errcode
    member.
    * sysdeps/posix/rewinddir.c (rewinddir): Reset errcode member.
    * sysdeps/posix/readdir_r.c (__READDIR_R): Enforce NAME_MAX limit.
    Return delayed error code.  Remove GETDENTS_64BIT_ALIGNED
    conditional.
    * sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c: Do not define
    GETDENTS_64BIT_ALIGNED.
    * sysdeps/unix/sysv/linux/i386/readdir64_r.c: Likewise.
    * manual/filesys.texi (Reading/Closing Directory): Document
    ENAMETOOLONG return value of readdir_r.  Recommend readdir more
    strongly.
    * manual/conf.texi (Limits for Files): Add portability note to
    NAME_MAX, PATH_MAX.
    (Pathconf): Add portability note for _PC_NAME_MAX, _PC_PATH_MAX.
    
    backport of 91ce40854d0b7f865cf5024ef95a8026b76096f3

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=760b348db29b446efc760b4bc3627379cc61b0d8

commit 760b348db29b446efc760b4bc3627379cc61b0d8
Merge: 84dd394 eefa3be
Author: Tulio Magno Quites Machado Filho <tuliom@linux.vnet.ibm.com>
Date:   Tue Aug 20 15:26:27 2013 -0300

    Merge branch 'release/2.18/master' into ibm/2.18/master

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=84dd3946e0e0aee66635ba4373943d113fd25ca1

commit 84dd3946e0e0aee66635ba4373943d113fd25ca1
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date:   Thu Jul 25 10:53:11 2013 -0300

    PowerPC: use libgcc _Unwind functions to get backtrace
    
    This patch changes the way backtraces are obtained on PowerPC by
    relaying on libgcc _Unwind function instead of just backchain parse.
    It fixes debug/tst-backtrace5 for PPC32 and PPC64.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=733a36d81544dad38726489b43523cc0ac95095d

commit 733a36d81544dad38726489b43523cc0ac95095d
Merge: 2d16beb 85891ac
Author: Tulio Magno Quites Machado Filho <tuliom@linux.vnet.ibm.com>
Date:   Tue Aug 6 14:13:45 2013 -0300

    Merge branch 'master' into ibm/2.18/master

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=2d16bebbeabd3ab312998c969e21d092ff348485

commit 2d16bebbeabd3ab312998c969e21d092ff348485
Author: Ryan S. Arnold <rsa@linux.vnet.ibm.com>
Date:   Thu Aug 1 13:11:18 2013 -0300

    Remove assert() if DT_RUNPATH and DT_RPATH flags are found in ld.so.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=975208ca8a02f332572edde22d3e4da6c100bdbc

commit 975208ca8a02f332572edde22d3e4da6c100bdbc
Author: Tulio Magno Quites Machado Filho <tuliom@linux.vnet.ibm.com>
Date:   Thu Aug 1 12:54:00 2013 -0300

    Partially revert commit 2663b74f8103a2a8a46b4896439b7a452480fc7c
    
    This change is necessary in order to avoid the issue documented at
    http://sourceware.org/ml/libc-alpha/2013-05/msg00350.html.

-----------------------------------------------------------------------

Summary of changes:
Comment 7 Sourceware Commits 2014-01-06 16:55:32 UTC
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, remotes/origin/gentoo/2.18 has been created
        at  3cd70f9e650bafef5c73c19229e6f0176604bb9e (commit)

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3cd70f9e650bafef5c73c19229e6f0176604bb9e

commit 3cd70f9e650bafef5c73c19229e6f0176604bb9e
Author: David S. Miller <davem@davemloft.net>
Date:   Tue Nov 12 12:48:01 2013 -0800

    Fix sparc 64-bit GMP ifunc resolution in static builds.
    
    	[BZ #16150]
    	* sysdeps/sparc/sparc64/multiarch/add_n.S: Resolve to the correct generic
    	symbol in the non-vis3 case in static builds.
    	* sysdeps/sparc/sparc64/multiarch/addmul_1.S: Likewise.
    	* sysdeps/sparc/sparc64/multiarch/mul_1.S: Likewise.
    	* sysdeps/sparc/sparc64/multiarch/sub_n.S: Likewise.
    	* sysdeps/sparc/sparc64/multiarch/submul_1.S: Likewise.
    
    (cherry picked from commit 2293d2b10a583486cd22ce578796848f4c3a8b6d)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e02bebc1e960eb20099738b3ecce1ac780925729

commit e02bebc1e960eb20099738b3ecce1ac780925729
Author: David S. Miller <davem@davemloft.net>
Date:   Wed Nov 6 13:01:36 2013 -0800

    Fix build on pre-v9 32-bit Sparc.
    
    We cannot use fnegd in this code, as fnegd was added in v9.
    Only fnegs exists in v8 and earlier.
    
    	[BZ #15985]
    	* sysdeps/sparc/sparc32/fpu/s_fdim.S (__fdim): Do not use fnegd
    	on pre-v9 cpus, use a fnegs+fmovs sequence instead.
    
    (cherry picked from commit 2216e48645dbd297cdc0f4050fdfc0b52e2a4ab8)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9695c981b9033f4a7e23ff7c35a4e66f13d68eb4

commit 9695c981b9033f4a7e23ff7c35a4e66f13d68eb4
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date:   Wed Sep 25 13:43:04 2013 -0500

    PowerPC: Fix POINTER_CHK_GUARD thread register for PPC64
    
    (cherry picked from commit dc3a1f98dc4c86cb454474f4912ae325573655cb)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4da92b3ac5974326963532aa16c4437d801a0efe

commit 4da92b3ac5974326963532aa16c4437d801a0efe
Author: Will Newton <will.newton@linaro.org>
Date:   Fri Aug 16 12:54:29 2013 +0100

    malloc: Check for integer overflow in memalign.
    
    A large bytes parameter to memalign could cause an integer overflow
    and corrupt allocator internals. Check the overflow does not occur
    before continuing with the allocation.
    
    ChangeLog:
    
    2013-09-11  Will Newton  <will.newton@linaro.org>
    
    	[BZ #15857]
    	* malloc/malloc.c (__libc_memalign): Check the value of bytes
    	does not overflow.
    
    (cherry picked from commit c51d675c459aefef8d84d5a0b114010f916ea278)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=42b872e43db7c71cd40357724f1542252eb0c708

commit 42b872e43db7c71cd40357724f1542252eb0c708
Author: Will Newton <will.newton@linaro.org>
Date:   Fri Aug 16 11:59:37 2013 +0100

    malloc: Check for integer overflow in valloc.
    
    A large bytes parameter to valloc could cause an integer overflow
    and corrupt allocator internals. Check the overflow does not occur
    before continuing with the allocation.
    
    ChangeLog:
    
    2013-09-11  Will Newton  <will.newton@linaro.org>
    
    	[BZ #15856]
    	* malloc/malloc.c (__libc_valloc): Check the value of bytes
    	does not overflow.
    
    (cherry picked from commit 6a6a386a3040726053a5fb8582ff26dc85d84741)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=7e52cc7af467b6a8ba6367af4fecd4c3289db454

commit 7e52cc7af467b6a8ba6367af4fecd4c3289db454
Author: Will Newton <will.newton@linaro.org>
Date:   Mon Aug 12 15:08:02 2013 +0100

    malloc: Check for integer overflow in pvalloc.
    
    A large bytes parameter to pvalloc could cause an integer overflow
    and corrupt allocator internals. Check the overflow does not occur
    before continuing with the allocation.
    
    ChangeLog:
    
    2013-09-11  Will Newton  <will.newton@linaro.org>
    
    	[BZ #15855]
    	* malloc/malloc.c (__libc_pvalloc): Check the value of bytes
    	does not overflow.
    
    (cherry picked from commit 7e0e64ead52591b968df582b0ddc247ba5c4eab4)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4e3c791909a092489659d4359b73474febbd484a

commit 4e3c791909a092489659d4359b73474febbd484a
Author: Carlos O'Donell <carlos@redhat.com>
Date:   Mon Sep 23 00:52:09 2013 -0400

    BZ #15754: CVE-2013-4788
    
    The pointer guard used for pointer mangling was not initialized for
    static applications resulting in the security feature being disabled.
    The pointer guard is now correctly initialized to a random value for
    static applications. Existing static applications need to be
    recompiled to take advantage of the fix.
    
    The test tst-ptrguard1-static and tst-ptrguard1 add regression
    coverage to ensure the pointer guards are sufficiently random
    and initialized to a default value.
    
    (cherry picked from commit c779e9df75256f19c7be8d12b2d163e2016a63f4)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=46ee9243f23f56ded21bf8507f86a55980b04ed1

commit 46ee9243f23f56ded21bf8507f86a55980b04ed1
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date:   Fri Oct 25 10:22:12 2013 +0530

    Fix stack overflow due to large AF_INET6 requests
    
    Resolves #16072 (CVE-2013-4458).
    
    This patch fixes another stack overflow in getaddrinfo when it is
    called with AF_INET6.  The AF_UNSPEC case was fixed as CVE-2013-1914,
    but the AF_INET6 case went undetected back then.
    
    (cherry picked from commit 6f95434fd488e9b72117f9b93ec2e2dbf397a4d3)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=cbee0562887196f6c87dc538aaeeb494c79daa15

commit cbee0562887196f6c87dc538aaeeb494c79daa15
Author: Allan McRae <allan@archlinux.org>
Date:   Mon Sep 9 22:52:58 2013 +1000

    Fix memory leak in stdlib/isomac.c
    
    (cherry picked from commit 3f71830d35d7bf4ac11664f0c48c3c68d250618b)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=45560694ca0b6d80ccbba23b51d1c4aa8cd228ab

commit 45560694ca0b6d80ccbba23b51d1c4aa8cd228ab
Author: Allan McRae <allan@archlinux.org>
Date:   Mon Sep 9 22:50:41 2013 +1000

    Fix memory leaks in libio on allocation failure
    
    (cherry picked from commit 8e395175c4786ad9679851e3ed3c0c54a6f4e1f0)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6c42eca168f60bc50ed5e57ce59d1bfdf19120e2

commit 6c42eca168f60bc50ed5e57ce59d1bfdf19120e2
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date:   Thu Sep 5 09:32:56 2013 -0500

    PowerPC: fix POWER7 memrchr for some large inputs
    
    (cherry picked from commit b51679672648410c6627a4bd169e076c5b36f47b)
    
    Conflicts:
    	ChangeLog

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c4efa458d767026ade69a4cb72362856a7495127

commit c4efa458d767026ade69a4cb72362856a7495127
Author: Andreas Arnez <arnez@linux.vnet.ibm.com>
Date:   Thu Oct 31 09:57:33 2013 -0500

    * elf/setup-vdso.h (setup_vdso): Fix missing string termination.
    
    backport of f315524e034cfc644157cb4af5ecc99f645dd067
    
    (cherry picked from commit f8a004f1fa412e3aae77faa30b4dfb654d721510)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f50548ac238605f133138f1c00be80b4e2ae3128

commit f50548ac238605f133138f1c00be80b4e2ae3128
Author: Florian Weimer <fweimer@redhat.com>
Date:   Thu Oct 31 09:55:52 2013 -0500

    CVE-2013-4237, BZ #14699: Buffer overflow in readdir_r
    
    * sysdeps/posix/dirstream.h (struct __dirstream): Add errcode
    member.
    * sysdeps/posix/opendir.c (__alloc_dir): Initialize errcode
    member.
    * sysdeps/posix/rewinddir.c (rewinddir): Reset errcode member.
    * sysdeps/posix/readdir_r.c (__READDIR_R): Enforce NAME_MAX limit.
    Return delayed error code.  Remove GETDENTS_64BIT_ALIGNED
    conditional.
    * sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c: Do not define
    GETDENTS_64BIT_ALIGNED.
    * sysdeps/unix/sysv/linux/i386/readdir64_r.c: Likewise.
    * manual/filesys.texi (Reading/Closing Directory): Document
    ENAMETOOLONG return value of readdir_r.  Recommend readdir more
    strongly.
    * manual/conf.texi (Limits for Files): Add portability note to
    NAME_MAX, PATH_MAX.
    (Pathconf): Add portability note for _PC_NAME_MAX, _PC_PATH_MAX.
    
    backport of 91ce40854d0b7f865cf5024ef95a8026b76096f3
    
    (cherry picked from commit f166b9c6e90d631115c59b4357357bc168d8e51a)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=703be862e20ab99e0c241480658d372d3f71fd4e

commit 703be862e20ab99e0c241480658d372d3f71fd4e
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date:   Thu Oct 3 08:26:21 2013 +0530

    Fix PI mutex check in pthread_cond_broadcast and pthread_cond_signal
    
    Fixes BZ #15996.
    
    The check had a typo - it checked for PTHREAD_MUTEX_ROBUST_NP instead
    of PTHREAD_MUTEX_ROBUST_NORMAL_NP.  It has now been replaced by the
    already existing convenience macro USE_REQUEUE_PI.
    
    (cherry picked from commit 2770d15e7e880821fc586619c59eb45180628e16)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6987b2d519f836926540d6fee1ad8840b29865bf

commit 6987b2d519f836926540d6fee1ad8840b29865bf
Author: Will Newton <will.newton@linaro.org>
Date:   Thu Aug 29 20:10:26 2013 +0100

    ARM: Fix clone code when built for Thumb.
    
    The mov lr, pc instruction will lose the Thumb bit from the return address
    so use blx lr instead.
    
    ports/ChangeLog.arm:
    
    2013-08-30  Will Newton  <will.newton@linaro.org>
    
    	[BZ #15909]
    	* sysdeps/unix/sysv/linux/arm/clone.S (__clone): Use blx
    	instead of mov lr, pc.
    
    (cherry picked from commit 6b06ac56cdfc9293908724e51e827534e97819aa)
    (cherry picked from commit 4f2bcda964d4fff56855e0c66198c9bcb682ea1e)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=50219dba1e5108fd32de15b0533a6a53db0085ed

commit 50219dba1e5108fd32de15b0533a6a53db0085ed
Author: Mike Frysinger <vapier@gentoo.org>
Date:   Sun Jan 5 16:23:42 2014 -0500

    ia64: add __ prefix to pt_all_user_regs/ia64_fpreg [BZ #762]
    
    This addresses a long standing collision between userspace headers and
    kernel headers only on ia64 systems.  All other types have a __ prefix
    in the ptrace headers except these two.  Let's finally namespace these.
    
    Verified that at least strace still builds after this change, as well
    as after deleting all the struct hacks it has specifically for ia64.
    
    URL: https://sourceware.org/bugzilla/show_bug.cgi?id=762
    Signed-off-by: Mike Frysinger <vapier@gentoo.org>

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=367416b057d5da2f719856c8ee9072b58600f48d

commit 367416b057d5da2f719856c8ee9072b58600f48d
Author: Mike Frysinger <vapier@gentoo.org>
Date:   Sun Jan 5 16:07:13 2014 -0500

    ptrace.h: add __ prefix to ptrace_peeksiginfo_args
    
    All the other ptrace structures in this file have a __ prefix except this
    new one.  This in turn causes build problems for most packages that try to
    use ptrace such as strace:
    
    gcc -DHAVE_CONFIG_H -I. -I../..  -I../../linux/x86_64 -I../../linux \
    	-I./linux  -Wall -Wwrite-strings -g -O2 -MT process.o -MD -MP \
    	-MF .deps/process.Tpo -c -o process.o ../../process.c
    In file included from ../../process.c:63:0:
    /usr/include/linux/ptrace.h:58:8: error: redefinition of 'struct ptrace_peeksiginfo_args'
     struct ptrace_peeksiginfo_args {
            ^
    In file included from ../../defs.h:159:0,
                     from ../../process.c:37:
    /usr/include/sys/ptrace.h:191:8: note: originally defined here
     struct ptrace_peeksiginfo_args
            ^
    
    Since this struct was introduced in glibc-2.18, there shouldn't be any
    real regressions with adding the __ prefix.
    
    Signed-off-by: Mike Frysinger <vapier@gentoo.org>

-----------------------------------------------------------------------
Comment 8 Sourceware Commits 2014-01-06 16:56:30 UTC
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, gentoo/2.18 has been updated
       via  3cd70f9e650bafef5c73c19229e6f0176604bb9e (commit)
       via  e02bebc1e960eb20099738b3ecce1ac780925729 (commit)
       via  9695c981b9033f4a7e23ff7c35a4e66f13d68eb4 (commit)
       via  4da92b3ac5974326963532aa16c4437d801a0efe (commit)
       via  42b872e43db7c71cd40357724f1542252eb0c708 (commit)
       via  7e52cc7af467b6a8ba6367af4fecd4c3289db454 (commit)
       via  4e3c791909a092489659d4359b73474febbd484a (commit)
       via  46ee9243f23f56ded21bf8507f86a55980b04ed1 (commit)
       via  cbee0562887196f6c87dc538aaeeb494c79daa15 (commit)
       via  45560694ca0b6d80ccbba23b51d1c4aa8cd228ab (commit)
       via  6c42eca168f60bc50ed5e57ce59d1bfdf19120e2 (commit)
       via  c4efa458d767026ade69a4cb72362856a7495127 (commit)
       via  f50548ac238605f133138f1c00be80b4e2ae3128 (commit)
       via  703be862e20ab99e0c241480658d372d3f71fd4e (commit)
       via  6987b2d519f836926540d6fee1ad8840b29865bf (commit)
       via  50219dba1e5108fd32de15b0533a6a53db0085ed (commit)
       via  367416b057d5da2f719856c8ee9072b58600f48d (commit)
      from  d1b29e58c17436b3e0cf92c12b1e99ec6b4cd9ba (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3cd70f9e650bafef5c73c19229e6f0176604bb9e

commit 3cd70f9e650bafef5c73c19229e6f0176604bb9e
Author: David S. Miller <davem@davemloft.net>
Date:   Tue Nov 12 12:48:01 2013 -0800

    Fix sparc 64-bit GMP ifunc resolution in static builds.
    
    	[BZ #16150]
    	* sysdeps/sparc/sparc64/multiarch/add_n.S: Resolve to the correct generic
    	symbol in the non-vis3 case in static builds.
    	* sysdeps/sparc/sparc64/multiarch/addmul_1.S: Likewise.
    	* sysdeps/sparc/sparc64/multiarch/mul_1.S: Likewise.
    	* sysdeps/sparc/sparc64/multiarch/sub_n.S: Likewise.
    	* sysdeps/sparc/sparc64/multiarch/submul_1.S: Likewise.
    
    (cherry picked from commit 2293d2b10a583486cd22ce578796848f4c3a8b6d)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e02bebc1e960eb20099738b3ecce1ac780925729

commit e02bebc1e960eb20099738b3ecce1ac780925729
Author: David S. Miller <davem@davemloft.net>
Date:   Wed Nov 6 13:01:36 2013 -0800

    Fix build on pre-v9 32-bit Sparc.
    
    We cannot use fnegd in this code, as fnegd was added in v9.
    Only fnegs exists in v8 and earlier.
    
    	[BZ #15985]
    	* sysdeps/sparc/sparc32/fpu/s_fdim.S (__fdim): Do not use fnegd
    	on pre-v9 cpus, use a fnegs+fmovs sequence instead.
    
    (cherry picked from commit 2216e48645dbd297cdc0f4050fdfc0b52e2a4ab8)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9695c981b9033f4a7e23ff7c35a4e66f13d68eb4

commit 9695c981b9033f4a7e23ff7c35a4e66f13d68eb4
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date:   Wed Sep 25 13:43:04 2013 -0500

    PowerPC: Fix POINTER_CHK_GUARD thread register for PPC64
    
    (cherry picked from commit dc3a1f98dc4c86cb454474f4912ae325573655cb)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4da92b3ac5974326963532aa16c4437d801a0efe

commit 4da92b3ac5974326963532aa16c4437d801a0efe
Author: Will Newton <will.newton@linaro.org>
Date:   Fri Aug 16 12:54:29 2013 +0100

    malloc: Check for integer overflow in memalign.
    
    A large bytes parameter to memalign could cause an integer overflow
    and corrupt allocator internals. Check the overflow does not occur
    before continuing with the allocation.
    
    ChangeLog:
    
    2013-09-11  Will Newton  <will.newton@linaro.org>
    
    	[BZ #15857]
    	* malloc/malloc.c (__libc_memalign): Check the value of bytes
    	does not overflow.
    
    (cherry picked from commit c51d675c459aefef8d84d5a0b114010f916ea278)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=42b872e43db7c71cd40357724f1542252eb0c708

commit 42b872e43db7c71cd40357724f1542252eb0c708
Author: Will Newton <will.newton@linaro.org>
Date:   Fri Aug 16 11:59:37 2013 +0100

    malloc: Check for integer overflow in valloc.
    
    A large bytes parameter to valloc could cause an integer overflow
    and corrupt allocator internals. Check the overflow does not occur
    before continuing with the allocation.
    
    ChangeLog:
    
    2013-09-11  Will Newton  <will.newton@linaro.org>
    
    	[BZ #15856]
    	* malloc/malloc.c (__libc_valloc): Check the value of bytes
    	does not overflow.
    
    (cherry picked from commit 6a6a386a3040726053a5fb8582ff26dc85d84741)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=7e52cc7af467b6a8ba6367af4fecd4c3289db454

commit 7e52cc7af467b6a8ba6367af4fecd4c3289db454
Author: Will Newton <will.newton@linaro.org>
Date:   Mon Aug 12 15:08:02 2013 +0100

    malloc: Check for integer overflow in pvalloc.
    
    A large bytes parameter to pvalloc could cause an integer overflow
    and corrupt allocator internals. Check the overflow does not occur
    before continuing with the allocation.
    
    ChangeLog:
    
    2013-09-11  Will Newton  <will.newton@linaro.org>
    
    	[BZ #15855]
    	* malloc/malloc.c (__libc_pvalloc): Check the value of bytes
    	does not overflow.
    
    (cherry picked from commit 7e0e64ead52591b968df582b0ddc247ba5c4eab4)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4e3c791909a092489659d4359b73474febbd484a

commit 4e3c791909a092489659d4359b73474febbd484a
Author: Carlos O'Donell <carlos@redhat.com>
Date:   Mon Sep 23 00:52:09 2013 -0400

    BZ #15754: CVE-2013-4788
    
    The pointer guard used for pointer mangling was not initialized for
    static applications resulting in the security feature being disabled.
    The pointer guard is now correctly initialized to a random value for
    static applications. Existing static applications need to be
    recompiled to take advantage of the fix.
    
    The test tst-ptrguard1-static and tst-ptrguard1 add regression
    coverage to ensure the pointer guards are sufficiently random
    and initialized to a default value.
    
    (cherry picked from commit c779e9df75256f19c7be8d12b2d163e2016a63f4)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=46ee9243f23f56ded21bf8507f86a55980b04ed1

commit 46ee9243f23f56ded21bf8507f86a55980b04ed1
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date:   Fri Oct 25 10:22:12 2013 +0530

    Fix stack overflow due to large AF_INET6 requests
    
    Resolves #16072 (CVE-2013-4458).
    
    This patch fixes another stack overflow in getaddrinfo when it is
    called with AF_INET6.  The AF_UNSPEC case was fixed as CVE-2013-1914,
    but the AF_INET6 case went undetected back then.
    
    (cherry picked from commit 6f95434fd488e9b72117f9b93ec2e2dbf397a4d3)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=cbee0562887196f6c87dc538aaeeb494c79daa15

commit cbee0562887196f6c87dc538aaeeb494c79daa15
Author: Allan McRae <allan@archlinux.org>
Date:   Mon Sep 9 22:52:58 2013 +1000

    Fix memory leak in stdlib/isomac.c
    
    (cherry picked from commit 3f71830d35d7bf4ac11664f0c48c3c68d250618b)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=45560694ca0b6d80ccbba23b51d1c4aa8cd228ab

commit 45560694ca0b6d80ccbba23b51d1c4aa8cd228ab
Author: Allan McRae <allan@archlinux.org>
Date:   Mon Sep 9 22:50:41 2013 +1000

    Fix memory leaks in libio on allocation failure
    
    (cherry picked from commit 8e395175c4786ad9679851e3ed3c0c54a6f4e1f0)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6c42eca168f60bc50ed5e57ce59d1bfdf19120e2

commit 6c42eca168f60bc50ed5e57ce59d1bfdf19120e2
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date:   Thu Sep 5 09:32:56 2013 -0500

    PowerPC: fix POWER7 memrchr for some large inputs
    
    (cherry picked from commit b51679672648410c6627a4bd169e076c5b36f47b)
    
    Conflicts:
    	ChangeLog

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c4efa458d767026ade69a4cb72362856a7495127

commit c4efa458d767026ade69a4cb72362856a7495127
Author: Andreas Arnez <arnez@linux.vnet.ibm.com>
Date:   Thu Oct 31 09:57:33 2013 -0500

    * elf/setup-vdso.h (setup_vdso): Fix missing string termination.
    
    backport of f315524e034cfc644157cb4af5ecc99f645dd067
    
    (cherry picked from commit f8a004f1fa412e3aae77faa30b4dfb654d721510)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f50548ac238605f133138f1c00be80b4e2ae3128

commit f50548ac238605f133138f1c00be80b4e2ae3128
Author: Florian Weimer <fweimer@redhat.com>
Date:   Thu Oct 31 09:55:52 2013 -0500

    CVE-2013-4237, BZ #14699: Buffer overflow in readdir_r
    
    * sysdeps/posix/dirstream.h (struct __dirstream): Add errcode
    member.
    * sysdeps/posix/opendir.c (__alloc_dir): Initialize errcode
    member.
    * sysdeps/posix/rewinddir.c (rewinddir): Reset errcode member.
    * sysdeps/posix/readdir_r.c (__READDIR_R): Enforce NAME_MAX limit.
    Return delayed error code.  Remove GETDENTS_64BIT_ALIGNED
    conditional.
    * sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c: Do not define
    GETDENTS_64BIT_ALIGNED.
    * sysdeps/unix/sysv/linux/i386/readdir64_r.c: Likewise.
    * manual/filesys.texi (Reading/Closing Directory): Document
    ENAMETOOLONG return value of readdir_r.  Recommend readdir more
    strongly.
    * manual/conf.texi (Limits for Files): Add portability note to
    NAME_MAX, PATH_MAX.
    (Pathconf): Add portability note for _PC_NAME_MAX, _PC_PATH_MAX.
    
    backport of 91ce40854d0b7f865cf5024ef95a8026b76096f3
    
    (cherry picked from commit f166b9c6e90d631115c59b4357357bc168d8e51a)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=703be862e20ab99e0c241480658d372d3f71fd4e

commit 703be862e20ab99e0c241480658d372d3f71fd4e
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date:   Thu Oct 3 08:26:21 2013 +0530

    Fix PI mutex check in pthread_cond_broadcast and pthread_cond_signal
    
    Fixes BZ #15996.
    
    The check had a typo - it checked for PTHREAD_MUTEX_ROBUST_NP instead
    of PTHREAD_MUTEX_ROBUST_NORMAL_NP.  It has now been replaced by the
    already existing convenience macro USE_REQUEUE_PI.
    
    (cherry picked from commit 2770d15e7e880821fc586619c59eb45180628e16)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6987b2d519f836926540d6fee1ad8840b29865bf

commit 6987b2d519f836926540d6fee1ad8840b29865bf
Author: Will Newton <will.newton@linaro.org>
Date:   Thu Aug 29 20:10:26 2013 +0100

    ARM: Fix clone code when built for Thumb.
    
    The mov lr, pc instruction will lose the Thumb bit from the return address
    so use blx lr instead.
    
    ports/ChangeLog.arm:
    
    2013-08-30  Will Newton  <will.newton@linaro.org>
    
    	[BZ #15909]
    	* sysdeps/unix/sysv/linux/arm/clone.S (__clone): Use blx
    	instead of mov lr, pc.
    
    (cherry picked from commit 6b06ac56cdfc9293908724e51e827534e97819aa)
    (cherry picked from commit 4f2bcda964d4fff56855e0c66198c9bcb682ea1e)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=50219dba1e5108fd32de15b0533a6a53db0085ed

commit 50219dba1e5108fd32de15b0533a6a53db0085ed
Author: Mike Frysinger <vapier@gentoo.org>
Date:   Sun Jan 5 16:23:42 2014 -0500

    ia64: add __ prefix to pt_all_user_regs/ia64_fpreg [BZ #762]
    
    This addresses a long standing collision between userspace headers and
    kernel headers only on ia64 systems.  All other types have a __ prefix
    in the ptrace headers except these two.  Let's finally namespace these.
    
    Verified that at least strace still builds after this change, as well
    as after deleting all the struct hacks it has specifically for ia64.
    
    URL: https://sourceware.org/bugzilla/show_bug.cgi?id=762
    Signed-off-by: Mike Frysinger <vapier@gentoo.org>

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=367416b057d5da2f719856c8ee9072b58600f48d

commit 367416b057d5da2f719856c8ee9072b58600f48d
Author: Mike Frysinger <vapier@gentoo.org>
Date:   Sun Jan 5 16:07:13 2014 -0500

    ptrace.h: add __ prefix to ptrace_peeksiginfo_args
    
    All the other ptrace structures in this file have a __ prefix except this
    new one.  This in turn causes build problems for most packages that try to
    use ptrace such as strace:
    
    gcc -DHAVE_CONFIG_H -I. -I../..  -I../../linux/x86_64 -I../../linux \
    	-I./linux  -Wall -Wwrite-strings -g -O2 -MT process.o -MD -MP \
    	-MF .deps/process.Tpo -c -o process.o ../../process.c
    In file included from ../../process.c:63:0:
    /usr/include/linux/ptrace.h:58:8: error: redefinition of 'struct ptrace_peeksiginfo_args'
     struct ptrace_peeksiginfo_args {
            ^
    In file included from ../../defs.h:159:0,
                     from ../../process.c:37:
    /usr/include/sys/ptrace.h:191:8: note: originally defined here
     struct ptrace_peeksiginfo_args
            ^
    
    Since this struct was introduced in glibc-2.18, there shouldn't be any
    real regressions with adding the __ prefix.
    
    Signed-off-by: Mike Frysinger <vapier@gentoo.org>

-----------------------------------------------------------------------

Summary of changes:
 NEWS                                               |    6 ++
 csu/libc-start.c                                   |   16 ++++
 elf/Makefile                                       |    9 ++-
 elf/setup-vdso.h                                   |    2 +-
 elf/tst-ptrguard1-static.c                         |    1 +
 elf/{tst-stackguard1.c => tst-ptrguard1.c}         |   54 ++++++++-------
 libio/memstream.c                                  |    5 +-
 libio/wmemstream.c                                 |    6 +-
 malloc/malloc.c                                    |   21 ++++++
 manual/conf.texi                                   |    9 +++
 manual/filesys.texi                                |   73 ++++++++++++++------
 nptl/ChangeLog                                     |    9 +++
 nptl/pthread_cond_broadcast.c                      |    5 +-
 nptl/pthread_cond_signal.c                         |    7 +--
 ports/ChangeLog.arm                                |    6 ++
 ports/sysdeps/ia64/stackguard-macros.h             |    3 +
 ports/sysdeps/tile/stackguard-macros.h             |    6 ++
 ports/sysdeps/unix/sysv/linux/aarch64/sys/ptrace.h |    2 +-
 ports/sysdeps/unix/sysv/linux/arm/clone.S          |    4 +-
 .../sysdeps/unix/sysv/linux/ia64/bits/sigcontext.h |    4 +-
 ports/sysdeps/unix/sysv/linux/ia64/sys/procfs.h    |    2 +-
 ports/sysdeps/unix/sysv/linux/ia64/sys/ptrace.h    |    6 +-
 ports/sysdeps/unix/sysv/linux/tile/sys/ptrace.h    |    2 +-
 stdlib/isomac.c                                    |    1 +
 sysdeps/generic/stackguard-macros.h                |    3 +
 sysdeps/i386/stackguard-macros.h                   |    8 ++
 sysdeps/posix/dirstream.h                          |    2 +
 sysdeps/posix/getaddrinfo.c                        |   20 +++++-
 sysdeps/posix/opendir.c                            |    1 +
 sysdeps/posix/readdir_r.c                          |   42 ++++++++---
 sysdeps/posix/rewinddir.c                          |    1 +
 sysdeps/powerpc/powerpc32/power7/memrchr.S         |    4 +-
 sysdeps/powerpc/powerpc32/stackguard-macros.h      |   10 +++
 sysdeps/powerpc/powerpc64/power7/memrchr.S         |    4 +-
 sysdeps/powerpc/powerpc64/stackguard-macros.h      |   10 +++
 sysdeps/s390/s390-32/stackguard-macros.h           |   11 +++
 sysdeps/s390/s390-64/stackguard-macros.h           |   14 ++++
 sysdeps/sparc/sparc32/fpu/s_fdim.S                 |    3 +-
 sysdeps/sparc/sparc32/stackguard-macros.h          |    3 +
 sysdeps/sparc/sparc64/multiarch/add_n.S            |    2 +-
 sysdeps/sparc/sparc64/multiarch/addmul_1.S         |    2 +-
 sysdeps/sparc/sparc64/multiarch/mul_1.S            |    2 +-
 sysdeps/sparc/sparc64/multiarch/sub_n.S            |    2 +-
 sysdeps/sparc/sparc64/multiarch/submul_1.S         |    2 +-
 sysdeps/sparc/sparc64/stackguard-macros.h          |    3 +
 sysdeps/unix/sysv/linux/i386/readdir64_r.c         |    1 -
 sysdeps/unix/sysv/linux/powerpc/sys/ptrace.h       |    2 +-
 sysdeps/unix/sysv/linux/s390/sys/ptrace.h          |    2 +-
 sysdeps/unix/sysv/linux/sparc/sys/ptrace.h         |    2 +-
 sysdeps/unix/sysv/linux/sys/ptrace.h               |    2 +-
 sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c    |    1 -
 sysdeps/x86_64/stackguard-macros.h                 |    5 ++
 52 files changed, 323 insertions(+), 100 deletions(-)
 create mode 100644 elf/tst-ptrguard1-static.c
 copy elf/{tst-stackguard1.c => tst-ptrguard1.c} (70%)
Comment 9 Sourceware Commits 2014-02-07 10:50:39 UTC
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The annotated tag, glibc-2.19 has been created
        at  62acb0ba856abf4a2a173e4b49c28749af7bd572 (tag)
   tagging  9a869d822025be8e43b78234997b10bf0cf9d859 (commit)
  replaces  glibc-2.18
 tagged by  Allan McRae
        on  Fri Feb 7 19:12:54 2014 +1000

- Log -----------------------------------------------------------------
The GNU C Library
=================

The GNU C Library version 2.19 is now available.

The GNU C Library is used as *the* C library in the GNU systems
and most systems with the Linux kernel.

The GNU C Library is primarily designed to be a portable
and high performance C library.  It follows all relevant
standards including ISO C11 and POSIX.1-2008.  It is also
internationalized and has one of the most complete
internationalization interfaces known.

The GNU C Library webpage is at http://www.gnu.org/software/libc/

Packages for the 2.19 release may be downloaded from:
        http://ftpmirror.gnu.org/libc/
        http://ftp.gnu.org/gnu/libc/

The mirror list is at http://www.gnu.org/order/ftp.html

NEWS for version 2.19
=====================

* The following bugs are resolved with this release:

  156, 387, 431, 762, 832, 926, 2801, 4772, 6786, 6787, 6807, 6810, 6981,
  7003, 9721, 9954, 10253, 10278, 11087, 11157, 11214, 12100, 12486, 12751,
  12986, 13028, 13982, 13985, 14029, 14032, 14120, 14143, 14155, 14286,
  14547, 14699, 14752, 14782, 14876, 14910, 15004, 15048, 15073, 15089,
  15128, 15218, 15268, 15277, 15308, 15362, 15374, 15400, 15425, 15427,
  15483, 15522, 15531, 15532, 15593, 15601, 15608, 15609, 15610, 15632,
  15640, 15670, 15672, 15680, 15681, 15723, 15734, 15735, 15736, 15748,
  15749, 15754, 15760, 15763, 15764, 15797, 15799, 15825, 15843, 15844,
  15846, 15847, 15849, 15850, 15855, 15856, 15857, 15859, 15867, 15886,
  15887, 15890, 15892, 15893, 15895, 15897, 15901, 15905, 15909, 15915,
  15917, 15919, 15921, 15923, 15939, 15941, 15948, 15963, 15966, 15968,
  15985, 15988, 15997, 16032, 16034, 16036, 16037, 16038, 16041, 16046,
  16055, 16071, 16072, 16074, 16077, 16078, 16103, 16112, 16143, 16144,
  16146, 16150, 16151, 16153, 16167, 16169, 16172, 16195, 16214, 16245,
  16271, 16274, 16283, 16289, 16293, 16314, 16316, 16330, 16337, 16338,
  16356, 16365, 16366, 16369, 16372, 16375, 16379, 16384, 16385, 16386,
  16387, 16390, 16394, 16398, 16400, 16407, 16408, 16414, 16430, 16431,
  16453, 16474, 16506, 16510, 16529

* Slovenian translations for glibc messages have been contributed by the
  Translation Project's Slovenian team of translators.

* The public headers no longer use __unused nor __block.  This change is to
  support compiling programs that are derived from BSD sources and use
  __unused internally, and to support compiling with Clang's -fblock
  extension which uses __block.

* CVE-2012-4412 The strcoll implementation caches indices and rules for
  large collation sequences to optimize multiple passes.  This cache
  computation may overflow for large collation sequences and may cause a
  stack or buffer overflow.  This is now fixed to use a slower algorithm
  which does not use a cache if there is an integer overflow.

* CVE-2012-4424 The strcoll implementation uses malloc to cache indices and
  rules for large collation sequences to optimize multiple passes and falls
  back to alloca if malloc fails, resulting in a possible stack overflow.
  The implementation now falls back to an uncached collation sequence lookup
  if malloc fails.

* CVE-2013-4788 The pointer guard used for pointer mangling was not
  initialized for static applications resulting in the security feature
  being disabled. The pointer guard is now correctly initialized to a
  random value for static applications. Existing static applications need
  to be recompiled to take advantage of the fix (bug 15754).

* CVE-2013-4237 The readdir_r function could write more than NAME_MAX bytes
  to the d_name member of struct dirent, or omit the terminating NUL
  character.  (Bugzilla #14699).

* CVE-2013-4332 The pvalloc, valloc, memalign, posix_memalign and
  aligned_alloc functions could allocate too few bytes or corrupt the
  heap when passed very large allocation size values (Bugzilla #15855,
  #15856, #15857).

* CVE-2013-4458 Stack overflow in getaddrinfo with large number of results
  for AF_INET6 has been fixed (Bugzilla #16072).

* New locales: ak_GH, anp_IN, ar_SS, cmn_TW, hak_TW, lzh_TW, nan_TW, pap_AW,
  pap_CW, quz_PE, the_NP.

* Substantially revised locales: gd_GB, ht_HT

* The LC_ADDRESS field was updated to support country_car for almost all
  supported locales.

* ISO 1427 definitions were updated.

* ISO 3166 definitions were updated.

* The localedef utility now supports --big-endian and --little-endian
  command-line options to generate locales for a different system from that
  for which the C library was built.

* Binary locale files now only depend on the endianness of the system for
  which they are generated and not on other properties of that system.  As a
  consequence, binary files generated with new localedef may be incompatible
  with old versions of the GNU C Library, and binary files generated with
  old localedef may be incompatible with this version of the GNU C Library,
  in the following circumstances:

  + Locale files may be incompatible on m68k systems.

  + Locale archive files (but not separate files for individual locales) may
    be incompatible on systems where plain "char" is signed.

* The configure option --disable-versioning has been removed.  Builds with
  --disable-versioning had not worked for several years.

* ISO 639 definitions were updated for Chiga (cgg) and Chinese (gan, hak, czh,
  cjy, lzh, cmn, mnp, cdo, czo, cpx, wuu, hsn, yue).

* SystemTap probes for malloc have been introduced.

* SystemTap probes for slow multiple precision fallback paths of
  transcendental functions have been introduced.

* Support for powerpc64le has been added.

* The soft-float powerpc port now supports e500 processors.

* Support for STT_GNU_IFUNC symbols added for ppc32/power4+ and ppc64.

* A new feature test macro _DEFAULT_SOURCE is available to enable the same
  set of header declarations that are enabled by default, even when other
  feature test macros or compiler options such as -std=c99 would otherwise
  disable some of those declarations.

* The _BSD_SOURCE feature test macro no longer enables BSD interfaces that
  conflict with POSIX.  The libbsd-compat library (which was a dummy library
  that did nothing) has also been removed.

* Preliminary documentation about Multi-Thread, Async-Signal and
  Async-Cancel Safety has been added.

Contributors
============

This release was made possible by the contributions of many people.
The maintainers are grateful to everyone who has contributed
changes or bug reports.  These include:

Adam Buchbinder
Adam Conrad
Adhemerval Zanella
Alan Modra
Alexandre Oliva
Allan McRae
Andreas Arnez
Andreas Jaeger
Andreas Krebbel
Andreas Schwab
Andrew Hunter
Andrew Pinski
Anton Blanchard
Arun Kumar Pyasi
Aurelien Jarno
Brooks Moses
Bruno Haible
Carlos O'Donell
Chris Leonard
Chris Metcalf
Chung-Lin Tang
David Holsgrove
David S. Miller
Eric Biggers
Eric Blake
Eric Wong
Fabrice Bauzac
Fernando J. V. da Silva
Florian Weimer
Guy Martin
H.J. Lu
Jan Kratochvil
Jia Liu
Joseph Myers
Kaz Kojima
Liubov Dmitrieva
Maciej W. Rozycki
Marc-Antoine Perennou
Marcus Shawcroft
Marko Myllynen
Markus Trippelsdorf
Maxim Kuvyrkov
Meador Inge
Michael Bauer
Michael Stahl
Mike Frysinger
Olivier Langlois
Ondřej Bílka
Patrick 'P. J.' McDermott
Paul Eggert
Paul Pluzhnikov
Pavel Simerda
Petr Machata
Rajalakshmi Srinivasaraghavan
Reuben Thomas
Richard Henderson
Richard Sandiford
Roland McGrath
Ryan S. Arnold
Sami Kerola
Samuel Thibault
Siddhesh Poyarekar
Stefan Liebler
Steve Ellcey
Thomas Schwinge
Toke Høiland-Jørgensen
Tom Tromey
Torvald Riegel
Ulrich Weigand
Uros Bizjak
Venkataramanan Kumar
Ville Skytta
Vinitha Vijayan
Wei-Lun Chao
Will Newton
Yogesh Chaudhari
Yuri Chornoivan
Yuriy Kaminskiy
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAABAgAGBQJS9KOqAAoJEPmf/g/q6Zm9L9oIAK0E6xw+8e/b2rs5EkdCcdvz
upglZ/Vl7rDM0krIZrI14Q0ZQKpYr8+k8MjlktvytaG5qMEFLAFFEquzksB8bnRj
52GfMIfiP+UGU3sQoSHFaAHlPXhycF2H7XhpH/zJ7he46eaoaOL13tOxDurdk3Z1
vzStBnIOm9cpMkSg+Cs4RGlXGhlvJvay1a6whhE7zsv/EXg0mCoYQpYQrTNkCdjv
ugtWtta+URBSZHl49batzZz+WZ5yQzRIubXGqC44ofm6r+tIgJ4t2/vo64qnA/1+
63y0Zxk1+xl8fcxvqibw5LeY2GN1hGBvkhVR4bh4mmHsLGIwvCF5ZavKDREl638=
=MNMJ
-----END PGP SIGNATURE-----

Adam Buchbinder (1):
      soft-fp: fix typo in comment.

Adam Conrad (1):
      Fix incorrect ChangeLog formatting

Adhemerval Zanella (113):
      PowerPC: fix backtrace to handle signal trampolines
      Add memrchr testcase
      PowerPC: fix POWER7 memrchr for some large inputs
      benchtests: Add memrchr benchmark
      Update powerpc-fpu ULPs.
      PowerPC: Fix POINTER_CHK_GUARD thread register for PPC64
      PowerPC: strcpy/stpcpy optimization for PPC64/POWER7
      Fix ChangeLog date.
      PowerPC: Fix vDSO missing ODP entries
      benchtests: Add strtod benchmark
      PowerPC: Fix __fe_mask_env export
      PowerPC: Fix __fe_mask_env export
      PowerPC: Set/restore rounding mode only when needed
      PowerPC: Fix __fe_nomask_env missing symbol
      Update powerpc-fpu ULPs.
      Update powerpc-fpu ULPs.
      Fix elf/get-dynamic-info.h for AT
      PowerPC: Add systemtap static probe points in setjmp/longjmp
      Revert wrong commit.
      Update powerpc-fpu ULPs.
      PowerPC: initial support for multilib for PowerPC32
      PowerPC: multiarch memcpy for PowerPC32
      PowerPC: multiarch memcmp for PowerPC32
      PowerPC: multiarch memset/bzero for PowerPC32
      PowerPC: multiarch mempcpy for PowerPC32
      PowerPC: multiarch memchr for PowerPC32
      PowerPC: multiarch memrchr for PowerPC32
      PowerPC: multiarch rawmemchr for PowerPC32
      PowerPC: multiarch strlen for PowerPC32
      PowerPC: multiarch strnlen for PowerPC32
      PowerPC: multiarch strncmp for PowerPC32
      PowerPC: multiarch strcasecmp for PowerPC32
      PowerPC: multiarch strncasecmp for PowerPC32
      PowerPC: multiarch strchrnul for PowerPC32
      PowerPC: multiarch strchr for PowerPC32
      PowerPC: multiarch wcschr for PowerPC32
      PowerPC: multiarch wcsrchr for PowerPC32
      PowerPC: multiarch wcscpy for PowerPC32
      PowerPC: multiarch wordcopy routines for PowerPC32
      PowerPC: change sysdeps fpu folder
      PowerPC: multiarch llrint/llrintf for PowerPC32
      PowerPC: multiarch llround/llroundf for PowerPC32
      PowerPC: multiarch sqrt/sqrtf for PowerPC32
      PowerPC: multiarch isnan/isnanf for PowerPC32
      PowerPC: multiarch isinf/isinff for PowerPC32
      PowerPC: multiarch finite/finitef for PowerPC32
      PowerPC: multiarch ceil/ceilf for PowerPC32
      PowerPC: multiarch floor/floorf for PowerPC32
      PowerPC: multiarch round/roundf for PowerPC32
      PowerPC: multiarch trunc/truncf for PowerPC32
      PowerPC: multiarch copysign/copysignf for PowerPC32
      PowerPC: multiarch lround/lrounf for PowerPC32
      PowerPC: multiarch lrint/lrintf for PowerPC32
      PowerPC: multiarch modf/modff for PowerPC32
      PowerPC: multiarch logb/logbf/logbl for PowerPC32
      PowerPC: multiarch __ieee754_hypot[f] for PowerPC32
      PowerPC: Adjust multiarch Implies for PowerPC32
      PowerPC: Update NEWS with ppc32/power4+ STT_GNU_IFUNC support
      PowerPC: Optimized mpn functions for PowerPC64
      PowerPC: Optimized mpn functions for PowerPC64/POWER7
      Update powerpc-fpu ULPs.
      Add GLIBC_2.3 and GLIBC_2.19 in Versions.def
      PowerPC: Add DSO and TAR fields to TLS
      PowerPC: Adjust multiarch Implies for PowerPC64
      PowerPC: multiarch memcpy for PowerPC64
      PowerPC: multirach memcmp for PowerPC64
      PowerPC: multiarch memset/bzero for PowerPC64
      PowerPC: multiarch mempcpy for PowerPC64
      PowerPC: multiarch memchr for PowerPC64
      PowerPC: multiarch memrchr for PowerPC64
      PowerPC: multiarch rawmemchr for PowerPC64
      PowerPC: multiarch strlen for PowerPC64
      PowerPC: multiarch strnlen for PowerPC64
      PowerPC: multiarch strcasecmp for PowerPC64
      PowerPC: multiarch strncasecmp for PowerPC64
      PowerPC: multiarch strncmp for PowerPC64
      PowerPC: multiarch strchr for PowerPC64
      PowerPC: multiarch strchrnul for PowerPC64
      PowerPC: multiarch wcschr for PowerPC64
      PowerPC: multiarch wcsrchr for PowerPC64
      PowerPC: multiarch wcscpy for PowerPC64.
      PowerPC: multiarch wordcopy for PowerPC64
      PowerPC: multiarch strcpy for PowerPC64
      PowerPC: multiarch stpcpy for PowerPC64
      PowerPC: Cleaning up uneeded sqrt routines
      PowerPC: Adjust multiarch Implies for PowerPC64
      PowerPC: multiarch isnan/isnanf for PowerPC64
      PowerPC: multiarch llround/lround for PowerPC64
      PowerPC: multiarch ceil/ceilf for PowerPC64
      PowerPC: multiarch floor/floorf for PowerPC64
      PowerPC: multiarch round/roundf for PowerPC64
      PowerPC: multiarch trunc/truncf for PowerPC64
      PowerPC: multiarch copysign/copysignf for PowerPC64
      PowerPC: multiarch llrint/lrint for PowerPC64
      PowerPC: multiarch finite/finitef for PowerPC64
      PowerPC: multiarch isinf/isinff for PowerPC64
      PowerPC: multiarch logb/logbl/logbf for PowerPC64
      PowerPC: multiarch modf/modff for PowerPC64
      PowerPC: multiarch hypot/hypotf for PowerPC64
      PowerPC: Update NEWS with ppc64 STT_GNU_IFUNC support
      Update powerpc-fpu ULPs.
      Update powerpc-fpu ULPs.
      Update powerpc-fpu ULPs.
      PowerPC: Fix compiler warnings
      Update powerpc-fpu ULPs.
      PowerPC: remove wrong truncl implementation for PowerPC64
      PowerPC: sotruss-lib implementation
      PowerPC: Fix ftime gettimeofday internal call returning bogus data
      Add BZ#16430 to NEWS.
      PowerPC: Fix gettimeofday ifunc selection
      abilist-pattern configurability
      PowerPC: Change powerpc64le start ABI to 2.17.
      PowerPC: powerpc64le abilist for 2.17

Alan Modra (36):
      IBM long double mechanical changes to support little-endian
      Fix for [BZ #15680] IBM long double inaccuracy
      PowerPC floating point little-endian [1 of 15]
      PowerPC floating point little-endian [2 of 15]
      PowerPC floating point little-endian [3 of 15]
      PowerPC floating point little-endian [4 of 15]
      PowerPC floating point little-endian [5 of 15]
      PowerPC floating point little-endian [6 of 15]
      PowerPC floating point little-endian [9 of 15]
      PowerPC floating point little-endian [10 of 15]
      PowerPC floating point little-endian [11 of 15]
      PowerPC floating point little-endian [12 of 15]
      PowerPC floating point little-endian [13 of 15]
      PowerPC floating point little-endian [15 of 15]
      PowerPC ugly symbol versioning
      PowerPC LE _dl_hwcap access
      PowerPC makecontext
      PowerPC SIGSTKSZ
      PowerPC LE strlen
      PowerPC LE strnlen
      PowerPC LE strcmp and strncmp
      PowerPC LE strcpy
      PowerPC LE strchr
      PowerPC LE memcmp
      PowerPC LE memcpy
      PowerPC LE memset
      PowerPC LE memchr and memrchr
      string/test-memcpy error reporting
      string/tester memrchr test
      PowerPC LE configury
      fix changelog date
      Correct little-endian relocation of UADDR64,32,16.
      Use stdint.h types in union unaligned.
      Mention powerpc64le support in NEWS and README, plus bugs fixed.
      Fix careless merge.
      PowerPC64: Report overflow on @h and @ha relocations

Alexandre Oliva (51):
      PR 15483
      Add first set of memory probes.
      Add probes for all changes to malloc options.
      Add probes for malloc arena changes.
      Add probes for malloc retries.
      Add catch-all alloc retry probe.
      Add malloc probes for sbrk and heap resizing.
      Mention malloc probes in the NEWS file.
      * manual/macros.texi: Introduce macros to document multi
      * manual/argp.texi: Document MTASC-safety properties.
      * manual/arith.texi: Document MTASC-safety properties.
      * manual/conf.texi: Document MTASC-safety properties.
      * manual/crypt.texi: Document MTASC-safety properties.
      * manual/charset.texi: Document MTASC-safety properties.
      * manual/debug.texi: Document MTASC-safety properties.
      * manual/ctype.texi: Document MTASC-safety properties.
      * manual/getopt.texi: Document MTASC-safety properties.
      * manual/job.texi: Document MTASC-safety properties.
      * manual/lang.texi: Document MTASC-safety properties.
      * manual/libdl.texi: New.
      * manual/llio.texi: Document MTASC-safety properties.
      * manual/locale.texi: Document MTASC-safety properties.
      * manual/math.texi: Document MTASC-safety properties.
      [BZ #12751]
      * manual/message.texi: Document MTASC-safety properties.
      * manual/pattern.texi: Document MTASC-safety properties.
      * manual/pipe.texi: Document MTASC-safety properties.
      * manual/platform.texi: Document MTASC-safety properties.
      * manual/process.texi: Document MTASC-safety properties.
      * manual/resource.texi: Document MTASC-safety properties.
      * manual/search.texi: Document MTASC-safety properties.
      * manual/setjmp.texi: Document MTASC-safety properties.
      * manual/signal.texi: Document MTASC-safety properties.
      * manual/socket.texi: Document MTASC-safety properties.
      * manual/startup.texi: Document MTASC-safety properties.
      * manual/sysinfo.texi: Document MTASC-safety properties.
      * manual/syslog.texi: Document MTASC-safety properties.
      * manual/stdio.texi: Document MTASC-safety properties.
      * manual/threads.texi: Document MTASC-safety properties.
      * manual/string.texi: Document MTASC-safety properties.
      * manual/time.texi: Document MTASC-safety properties.
      * manual/string.texi (wcstok): Fix prototype.
      * manual/intro.texi: Document safety identifiers and
      * manual/errno.texi: Document MTASC-safety properties.
      * manual/filesys.texi: Document MTASC-safety properties.
      * manual/terminal.texi: Document MTASC-safety properties.
      * manual/check-safety.sh: New.
      * manual/time.texi (timegm): Add missing blank after @c.
      * manual/threads.texi (pthread_key_create, pthread_key_delete,
      * manual/users.texi: Document MTASC-safety properties.
      * manual/macros.texi: Add comments before MTASC-safety macros.

Allan McRae (43):
      Update to latest versions of GPL-2.0 and LGPL-2.1
      Fix nesting of ifdefs in netgroupcache.c
      Fix memory leaks in libio on allocation failure
      Fix memory leak in stdlib/isomac.c
      Fix typo in strcoll example
      Update pt_chown sections of the manual
      Clarify documentation cross-reference
      Remove references to non-existent content items in install.texi
      Revert "Remove references to non-existent content items in install.texi"
      Fix incorrect getaddrinfo assertion trigger
      Fix ChangeLog formatting issue
      Add missing bug number to NEWS
      Add systemd unit file for nscd
      Add --enable-maintainer-mode configure option
      Update file name in x86_64 ifunc list
      Set AUTOCONF variable when maintainer-mode is not used
      Stop partial menu generation in INSTALL file
      Fix typo in csloww()
      Update copyright notices with scripts/update-copyrights
      Update remaining copyright dates
      scripts/update-copyrights: adjust configure input file suffix
      Fix gettext call formatting
      Regenerate libc.po
      Fix typo in inet/netinet/in.h comment
      Update Ukrainian translations
      Update Russian translations
      Update Polish translations
      Update Dutch translations
      Update Czech translations
      Update Esperanto translations
      Update Vietnamese translations
      Update Swedish translations
      Update German translations
      Update Bulgarian translations
      Update Catalan translations
      Update French translations
      Update Slovenian translations
      Revert "Async-signal safe TLS."
      Revert "Patch 2/4 of the effort to make TLS access async-signal-safe."
      Revert "Patch 3/4 of the effort to make TLS access async-signal-safe."
      Revert "Patch [1/4] async-signal safe TLS."
      Revert "BZ 16133 has been fixed (async signal safe TLS)."
      Update version.h and include/features.h for 2.19 release

Andreas Arnez (1):
      * elf/setup-vdso.h (setup_vdso): Fix missing string termination.

Andreas Jaeger (1):
      Update ULPs for i386

Andreas Krebbel (9):
      * sysdeps/unix/sysv/linux/s390/sys/procfs.h (struct elf_prstatus):
      [BZ #16214] S/390: Fix TLS GOT pointer setup.
      S/390: Make jmp_buf extendible.
      S/390: Make ucontext_t extendible.
      S/390: Get rid of unused variable warning in dl-machine.h
      S/390: Remove __tls_get_addr argument cast.
      S/390: Regenerate ULPs.
      [BZ #16427] Fix ldbl-128 exp overflows.
      S/390: Merge 32 and 64 bit ucontext.h.

Andreas Schwab (28):
      Fix cbrtl for ldbl-96
      Fix dependencies for stdlib/tst-tls-atexit
      Fix handling LC_CTYPE nonascii-case fallback in i686 SSE4.2 and SSSE3 strcasecmp/strncasecmp
      Fix missing declaration of LC_CTYPE nonascii-case element
      Add O_TMPFILE to <fcntl.h>
      Make __ffs hidden
      Properly cache the result from looking up the nss database config
      m68k: use PIC for Scrt1.o
      Fix typo in last change
      Don't use gethostbyaddr to determine canonical name
      Let tst-swscanf find its locale
      Fix parsing of 0e+0 as float
      Refill NEWS
      Fix BZ reference
      Restore ChangeLog
      Fix off-by-one in nscd getservbyport call
      Fix country_num element in LC_ADDRESS for C locale
      Properly handle unavailable elements in LC_MONETARY category
      Complete display of LC_MONETARY
      Fix CFI annotations in pthread_cond_timedwait for i486+
      ChangeLog fix
      m68k: don't assume PI futexes before 3.10
      m68k: add support for PI futexes
      m68k: use math_force_eval in nextafterl
      Remove use of SSE4.2 functions for strstr on i686
      Fix uses of CALL_MCOUNT in ppc64 assembler sources
      Let gen-libm-test.pl find itself when run outside source directory
      m68k: regenerate libm test ULPs

Andrew Hunter (1):
      Async-signal safe TLS.

Andrew Pinski (1):
      [AArch64] Fix BE access to errno.

Anton Blanchard (4):
      PowerPC floating point little-endian [7 of 15]
      PowerPC floating point little-endian [8 of 15]
      PowerPC floating point little-endian [14 of 15]
      PowerPC LE setjmp/longjmp

Arun Kumar Pyasi (1):
      New locale for the_NP.

Aurelien Jarno (4):
      MIPS: Add wrappers to get/setrlimit64 to fix RLIM64_INFINITY constant
      MIPS: Fix RLIM64_INFINITY constant for O32 and N32 ABIs
      locale: don't crash if locale-archive contains all zeros
      Add bug number to ChangeLog and NEWS

Brooks Moses (5):
      Fix erroneous (and circular) implied pattern rule for linkobj/libc.so.
      Add error reporting (via errno) to getauxval().
      Updated NEWS to mention resolution of bug 15846.
      Define __CORRECT_ISO_CPP_STRING_H_PROTO correctly for Clang.
      Obvious comment typo fix ("openened") in elf/dl-load.c.

Bruno Haible (1):
      Fix description of random according to POSIX. Fixes bug 7003

Carlos O'Donell (19):
      ARM: Pass dl_hwcap to IFUNC resolver.
      Coordinate IPv6 definitions for Linux and glibc
      Copy-edit NEWS and fixup ChangeLog entries.
      BZ #15754: CVE-2013-4788
      BZ #15754: Fix test case for ARM.
      Enhance localedef --list-archive option.
      Mention FIPS 140-2 compliance and Sun RPC.
      Fix typo in sys/ptrace.h.
      NEWS: Mention __unused and __block removal.
      NEWS: Only public headers have __unused/__block changed.
      Add test case for pthread_[sg]etname_np.
      Add Solvenian translations for glibc messages.
      Rename header.pot to pot.header.
      Add BZ #15850 to ChangeLog.
      Fix manual build warnings.
      [hppa] Regenerate libm-test-ulps.
      Fix tst-setgetname for Linux kernels < 2.6.33.
      Fix comment in kernel-features.h.
      BZ #16529: Fix pedantic warning with netinet/in.h.

Chris Leonard (57):
      Add quz_PE locale
      Update ht_HT locale
      Update iso-1427.def and related occurrences.
      Update iso-1427.def and related occurrences.
      Deduplicate country_car.
      ChangeLog entry for Deduplicate country_car.
      Fix trailing whitespace
      Add country_car field to LC_ADDRESS.
      Adjust language-code fields of LC_ADDRESS.
      Update iso-639.def
      Update Changelog and NEWS
      correct bug list in NEWS
      New locale for ak_GH.
      Adjust language-code fields of LC_ADDRESS.
      Fix ayc_PE.UTF-8 and lzh_TW.UTF-8 build issues
      Update iso-1366.def and related occurrences
      Split ar_SD into ar_SD and ar_SS
      Copy / modify pap_AN into pap_AW and pap_CW.
      Correct error in iso-3166.def
      Fix typos in 3166.def.
      Adjust language-code fields of LC_ADDRESS.
      Fix ar_SS in SUPPORTED
      remove localdata path from Changelog entries
      Fixes to Changelog for locale splits
      correct LC_TELEPHONE for pap locales
      Adjust language-code fields of LC_ADDRESS.
      Adjust language-code fields of LC_ADDRESS.
      New-locale-for-anp_IN
      Add Meadow Mari (mhr).
      Adjust language-code fields of LC_ADDRESS.
      Add Central Nahuatl (nhn).
      Adjust language-code fields of LC_ADDRESS.
      Adjust language-code fields of LC_ADDRESS.
      Add Quechua, Southern (quz) and Silesian (szl) to iso-639.def.
      Adjust language-code fields of LC_ADDRESS.
      Adjust language-code fields of LC_ADDRESS.
      Correct Walaita (wal) and add Unami Delaware (unm).
      Adjust language-code fields of LC_ADDRESS.
      [BZ #16103]  LC_MEASUREMENT review and standardization
      [BZ #16143] pap_* locales have duplicated LC_NUMERIC section.
      Add Chitwani Tharu (the)
      Correct wae_CH to UTF-8 encoding.
      [BZ #16144] Duplicated abday value for tk_TM.
      Add lang_name to Arabic locales.
      Add lang_name to German, English, Spanish, French locales.
      Add lang_name to various locales.
      Add lang_name to various locales.
      revert error-generated by bs_BA.
      Add lang_name to various locales.
      Add lang_name to various locales.
      revert hebrew lang_name addition
      revert hebrew lang_name addition
      Add lang_name to various locales.
      Add lang_name to various locales.
      Add lang_name to various locales.
      fix localedata/ChangeLog
      Add lang_name to various locales.

Chris Metcalf (3):
      Mention bug 15760 in NEWS (duplicate of 15988, just added to NEWS)
      test-fpucw-ieee: Don't use _FPU_IEEE if not defined
      tile: Regenerate libm-test-ulps

Chung-Lin Tang (1):
      linux-generic: fix alignment of struct stat/statfs for nios2

David Holsgrove (4):
      microblaze: Use <fenv.h> fallback functions
      microblaze BZ #15705: Define MMAP2_PAGE_SHIFT
      microblaze: Update libm-test-ulps
      Revert "microblaze BZ #15705: Define MMAP2_PAGE_SHIFT"

David S. Miller (11):
      Open development for 2.19.
      Update Catalan translations.
      Add Ukrainian translations.
      Update Chinese (traditional) translations.
      Update sparc ULPs.
      Fix readdir regressions on sparc 32-bit.
      Fix build on pre-v9 32-bit Sparc.
      Fix sparc 64-bit GMP ifunc resolution in static builds.
      Rebuild sparc ULPs.
      Adjust sparc ULPs.
      Add missing ChangeLog from yesterday's sparc ULPs update.

Eric Biggers (1):
      Fix fwrite() reading beyond end of buffer in error path

Eric Blake (2):
      glob: silence -Wattribute warnings
      maint: correct changelog

Eric Wong (2):
      Update x86_64 ULPs (AMD Family 10h)
      Update x86_64 ULPs (AMD family 21, model 2)

Fabrice Bauzac (1):
      Document that mmap() returns MAP_FAILED on error, as per the POSIX standard.

Fernando J. V. da Silva (1):
      Fix BZ #15089: malloc_trim always trim for large padding.

Florian Weimer (1):
      CVE-2013-4237, BZ #14699: Buffer overflow in readdir_r

Guy Martin (1):
      Don't use broken DL_AUTO_FUNCTION_ADDRESS()

H.J. Lu (4):
      Set arch_minimum_kernel to 3.4.0 for x32
      Don't check asynchronous cancellation on system
      Include generic symbol-hacks.h for x32
      Disable x87 inline functions for SSE2 math

Jan Kratochvil (2):
      Fix vDSO l_name for GDB's: Can't read pathname for load map: Input/output error.
      Put Bug # to the NEWS file for the previous vDSO l_name fix.

Jia Liu (1):
      sunrpc/rpc/types.h: fix OS X and FreeBSD build problems

Joseph Myers (128):
      Remove trailing blank lines when generating INSTALL.
      Use __getpagesize and __ffs in MMAP2_PAGE_SHIFT == -1 case of mmap64.
      Include <string.h> in sysdeps/unix/sysv/linux/mmap64.c.
      Fix cproj handling of (finite, NaN) arguments (bug 15531).
      Fix fdim handling of infinities (bug 15797).
      Add bug 15867 to NEWS.
      Fix cexp (NaN + i0) (bug 15532).
      Fix spurious jnf underflows (bug 14155).
      Fix lgammaf spurious underflow (bug 15427).
      Remove --disable-versioning.
      conformtest: Fix namespace testing.
      Define MMAP2_PAGE_SHIFT to -1 for m68k.
      Mention --disable-versioning removal in NEWS.
      Fix powerpc fpu_control.h namespace and parenthesis issues (bug 15966).
      Don't force -msoft-float for powerpc --without-fp.
      e500 port: setjmp/longjmp.
      e500 port: fpu_control.h.
      Make locale archive hash function architecture-independent.
      Add localedef --big-endian and --little-endian options.
      conformtest: Clean up expectations for POSIX for pthread.h.
      conformtest: Clean up expectations for POSIX for sched.h.
      Remove locale file dependence on int32_t alignment.
      Hardcode locale archive page size as 4096.
      e500 port: getcontext / setcontext / swapcontext.
      e500 port: fix fpu_control.h constant values.
      e500 port: adjust sysdeps/unix/sysv/linux/configure.in case.
      Move powerpc ports pieces to libc.
      Clean up locale file alignment handling.
      soft-fp: Remove trailing semicolon from _FP_FRAC_DISASSEMBLE_4.
      soft-fp: fix negation NaN handling (bug 16034).
      soft-fp: split FP_INIT_EXCEPTIONS from FP_INIT_ROUNDMODE.
      Avoid ordered comparisons of NaNs in ldbl-128ibm acosl and asinl.
      Extend powerpc-nofpu -fno-builtin-fabsl workaround to more files.
      Add soft-fp files from libgcc.
      Update copyright and license notices in soft-fp files from libgcc.
      soft-fp: fix floating-point to integer unsigned saturation.
      soft-fp: fix _FP_DIV_MEAT_* returning results with wrong exponent (bug 16032).
      soft-fp: add macro FP_NO_EXCEPTIONS.
      soft-fp: add missing FP_INIT_EXCEPTIONS and FP_INIT_ROUNDMODE calls.
      soft-fp: make ordered comparisons raise "invalid" for quiet NaNs (bug 14910).
      soft-fp: make __unord* raise "invalid" for signaling NaNs (bug 16036).
      soft-fp: fix preprocessor indentation.
      soft-fp: fix vertical whitespace and indentation.
      soft-fp: remove unused macros.
      soft-fp: fix horizontal whitespace.
      soft-fp: make extensions quiet signaling NaNs (bug 16041).
      Remove duplicate bug numbers from NEWS.
      Add e500 port.
      Move entries to correct port ChangeLog files.
      Add some more NEWS items.
      Define __STDC_IEC_559* based on __GCC_IEC_559*.
      Fix strtod rounding of half the least subnormal (bug 16151).
      Fix spurious "inexact" exceptions from x86 pow with NaN argument (bug 16167).
      Make libm-test.inc check for "inexact" exceptions for NaN argument.
      Replace libm-test.inc TEST_INLINE conditionals with NO_TEST_INLINE flag.
      Add libm-test support for ignored return value, add more lrint / llrint / lround / llround tests.
      Test signs of NaNs in libm-test.inc where appropriate.
      Define TLS version of libc_hidden_proto.
      Make powerpc-nofpu floating-point state thread-local (bug 15483).
      Fix powerpc-nofpu build.
      Add bug 11214 to NEWS.
      Fix bug ordering in NEWS.
      Fix dbl-64 e_sqrt.c for non-default rounding modes (bug 16271).
      Document some libm error handling intents.
      Add powerpc-nofpu/e500 support functions for atomic compound assignment and FLT_ROUNDS.
      Remove unused ldbl-96 functions (bug 15004).
      Document libm accuracy goals.
      Start generating libm tests automatically with MPFR.
      Test sqrt in all rounding modes.
      Fix x86 sqrt rounding (bug 14032).
      Fix exp10 errno setting on underflow (bug 6787).
      Move TEST_f_f tests for [a-c]* functions from libm-test.inc to auto-libm-test-in.
      Move TEST_f_f tests for [e-j]* functions from libm-test.inc to auto-libm-test-in.
      Fix erfc errno setting on underflow (bug 6786).
      Fix exp2 errno setting on underflow (bug 16283).
      Fix exp missing underflows (bug 15268, bug 15425).
      Update MIPS dl-lookup.c from generic version.
      Fix Bessel function error handling (bug 6807, bug 15901).
      Add missing bug numbers (12486, 15915, 16038) to NEWS.
      Update longlong.h from GCC.
      Move TEST_f_f tests for [l-y]* functions from libm-test.inc to auto-libm-test-in.
      Fix tgamma errno setting on underflow (bug 6810).
      Move tests of lgamma from libm-test.inc to auto-libm-test-in.
      Add missing bug number to NEWS.
      Move tests of atan2, hypot and pow from libm-test.inc to auto-libm-test-in.
      Fix hypot handling of subnormals (bug 16316, bug 16330).
      Fix dbl-64 hypot spurious underflows (bug 16314).
      Remove __FAVOR_BSD.
      Remove libbsd-compat dummy library.
      Remove various unused files from sysdeps/unix/bsd/.
      Remove unused files from sysdeps/unix/bsd/bsd4.4/bits/.
      Fix ldbl-128 logl for subnormals (bug 16338).
      Mark some hypot tests no-test-inline.
      Update powerpc-nofpu localplt.data for fegetround hidden_proto / hidden_def.
      Move tests of jn and yn from libm-test.inc to auto-libm-test-in.
      Add _DEFAULT_SOURCE feature test macro.
      Fix x86/x86_64 expm1 inaccuracy near 0 in directed rounding modes (bug 16293).
      Disable libm-test test name beautification for M_* constants.
      Move tests of sincos from libm-test.inc to auto-libm-test-in.
      Update texinfo.tex, config.guess, config.sub from upstream.
      Don't make soft-fp symbols compat symbols for powerpc-nofpu.
      Move tests of cabs and carg from libm-test.inc to auto-libm-test-in.
      Move various TEST_c_c tests from libm-test.inc to auto-libm-test-inc.
      Move tests of cpow from libm-test.inc to auto-libm-test-in.
      Update timezone code from tzcode 2013i.
      Revert spurious copying of ChangeLog to localedata/ChangeLog.
      Add more libm-test coverage of [a-c]* real functions.
      Fix x86 / x86_64 expl / expl10l wild results in directed rounding modes (bug 16356).
      Flatten sysdeps/unix/bsd/bsd4.4 into sysdeps/unix/bsd.
      Fix ldbl-128 lgammal for small negative arguments (bug 16337).
      Regenerate x86 / x86_64 ulps.
      Regenerate MIPS ulps.
      Regenerate ARM ulps.
      Fix ldbl-128ibm acoshl inaccuracy (bug 16384).
      Fix ldbl-128ibm asinhl inaccuracy (bug 16385).
      Fix ldbl-128ibm logl inaccuracy (bug 16386).
      Mark various libm tests with xfail-rounding:ldbl-128ibm.
      Regenerate powerpc-nofpu ulps.
      Fix soft-float ldbl-128ibm atan2l signs of zero results (bug 16390).
      Fix ldbl-128 / ldbl-128ibm lgammal spurious underflow (bug 16400).
      Fix ldbl-128ibm coshl spurious overflows (bug 16407).
      Mark more libm tests with xfail-rounding:ldbl-128ibm.
      Regenerate powerpc-nofpu ulps (again).
      Use separate libc.abilist for MIPS o32 soft float.
      Fix ldbl-128ibm expm1l on large arguments (bug 16408).
      Fix math/test-fpucw-*.c for sysdeps test-fpucw.c overrides.
      Bug 6981 was fixed by commit 1484e65736f4cab27e5051e0f06be8470e69af82.
      Bug 15968 was fixed by commit 0748546f660d27a2ad29fa6174d456e2f6490758.

Kaz Kojima (11):
      Add SH implementation of stackguard-macros.h.
      Add ChangeLog entry for new sysdeps/sh/stackguard-macros.h.
      Add SH implementation of sotruss-lib.c and c++-types.data.
      Use $$ver instead of $ver.
      Move sysdeps/sh/sh4/fpu/bits/fenv.h to sysdeps/sh/bits/.
      Make soft-float sh use soft-fp fma/fmaf.
      Adjust SH specific fpu_control.h and ucontext.h files.
      Restore ucontext ABI for soft-float sh4.
      Move SH libm-test-ulps to sysdeps/sh and regenerate it.
      Regenerate SH libm-test-ulps with proper compiler options.
      Add -mieee to SH sysdep-CFLAGS for older SH compilers.

Liubov Dmitrieva (2):
      i686: Skip SSE4_2 version for strcmp, strncmp, strncase, strcasecmp
      Fix buffer overrun in strtod_l

Maciej W. Rozycki (7):
      MIPS: Correct the handling of reserved FCSR bits
      Fix static-binary lazy FPU context allocation
      MIPS: IEEE 754-2008 NaN encoding support
      MIPS: bits/atomic.h: Fix comment typo
      manual: Fix a typo in `POSIX Threads' section
      nptl: tst-mutex8.c: Handle ENOTSUP PI mutex failure
      [BZ #16046] Static dlopen correction fallout fixes.

Marc-Antoine Perennou (1):
      Accept make versions 4.0 and greater

Marcus Shawcroft (18):
      [AArch64] Adding sigcontextinfo.h
      [AArch64] Support __mcount profiling.
      Handle NULL return from htab_find_slot()
      Avoid passing NULL to DSO_FILENAME.
      [AArch64] Regenerate libm-test-ulps.
      [AArch64] Back out sqrt() addition to libm-test-ulps.
      [AArch64] libm-test-ulps regenerated from scratch.
      [AArch64] Implement FUTEX_*_REQUEUE_PI
      [AArch64] Save and restore q0-q7 on entry to dynamic linker.
      Compile e_sqrt.c with -ffp-contract=off.
      [AArch64] Define ABORT_INSTRUCTION.
      [AArch64] Regenerate libm-test-ulps.
      [AArch64] Fix CFA adjustment on dynamic linker entry.
      [AArch64] Remove sqrt from libm-test-ulps
      [AArch64] Fix FP_ROUNDMODE.
      [AArch64] Define BE loader name.
      [AArch64] Fix type in abi-lp64_be-options.
      [AArch64] Regenerate libm-test-ulps.

Marko Myllynen (1):
      Fix Charset comment in fi_FI, fi_FI@euro

Markus Trippelsdorf (1):
      Update x86_64 ULps for AMD K10

Maxim Kuvyrkov (4):
      Improve atomic locking for ARM.
      Add BZ #15640 to resolved bug list in NEWS.
      Fix race in free() of fastbin chunk: BZ #15073
      Restore accidentally deleted bug-fix entries in NEWS.

Meador Inge (1):
      Use __glibc_block in public headers.

Michael Bauer (1):
      Version 1.2 of gd_GB locale

Michael Stahl (1):
      Print the reason why preloading failed in do_preload()

Mike Frysinger (27):
      configure: add missing quotes in $build_pt_chown test
      [BZ #15897] dlfcn: do not mark dlopen/dlclose as leaf functions
      tst-fanotify: new simple test
      hppa: add fanotify_mark
      tst-fanotify: skip when we get back EPERM
      tst-fanotify: fix style
      rename configure.in to configure.ac
      ia64: link.h: adjust whitespace
      ia64: implement sotruss support
      ia64: ioperm: clean up long dead code
      ia64: add lll_futex_timed_wait_bitset
      ia64: implement futex requeue pi support
      ignore gdb related files
      ia64: syscall: add some helpful documentation
      ia64: setjmp: use HIDDEN_JUMPTARGET
      ia64: setjmp/longjmp: stop saving/restoring fpsr [BZ #16379]
      ia64: longjmp_chk: support signal stacks [BZ #16372]
      tst-fanotify: check for linux/fanotify.h existence
      NEWS: mention 16379 as fixed
      tst-fanotify: switch to AC_DEFINE
      ia64: fix build failure after async tls updates
      ptrace.h: add __ prefix to ptrace_peeksiginfo_args
      ia64: add __ prefix to pt_all_user_regs/ia64_fpreg [BZ #762]
      ia64: regenerate libm-test-ulps
      ia64: drop large results from libm-test-ulps [BZ #16401]
      ia64: regen libm-test-ulps from scratch
      s390: implement sotruss support

Olivier Langlois (1):
      Fix tst-long-dbl-fphex swprintf length calculation.

Ondřej Bílka (66):
      Fix typos.
      Fix typos.
      Remove aix specific files.
      Fix rawmemchr regression on bulldozer.
      Fix typos.
      Fix then/than typos.
      Fix typo.
      Add unaligned strcmp.
      Remove DO_NOT_USE_THIS conditionals.
      Faster strchr implementation.
      Faster strrchr.
      BZ #431 Fix manual of strncat/wcsncat.
      Use p2align instead ALIGN
      Correctly copy resolver address. Fixes bug #13028.
      Fix error_tail overflow in allocation calculation.
      Clear initfini list after freeing. Fixes bug 15308.
      Format floating routines.
      Fix inet_network("1 bar"). Fixes bug 15277.
      Remove assert in malloc statistic. Fixes bug 12486.
      Replace alloca in __tzfile_read by malloc. Fixes bug 15670
      When glob pattern contains a trailing slash match only directories. Fixes bug 10278.
      Document rpcgen -5. Fixes bug 15825
      Acknowledge that fnmatch can fail. Fixes bug 14029.
      Make strptime %Z consistent between doc and code. Fixes bug 14876
      Changelog for last commit.
      Fix gethostbyname_r example. Fixes bug 2801.
      Remove code from div that is by C99 obsolete. Fixes bug 15799
      Use atomic operations to track memory. Fixes bug 11087
      Restrict shm_open and shm_unlink to SHMDIR. Fixes bugs 14752 and 15763.
      Fix malloc_info statistic. Fixes bug 16112
      Remove unused NONTLS_INIT_TP.
      Fix changelog
      Make getent services compliant with  RFC 6335 section 5.1 Fixes bug 15374
      Do not let scanf("%4p") accept "(nil)". Fixes bug 16055
      Remove unused variable.
      Fix breaking of RPATH when $ORIGIN contains colons. Fixes bug 10253
      Revert b75891075bece24be9fd85618f18af4a2daf7f1c
      Consolidate valloc/pvalloc code.
      Use __glibc_reserved instead __unused.
      Fix typo in _dl_tlsdesc_resolve_hold.
      Remove duplicate ifunc benchtests.
      Add changelog.
      Remove duplicate ifunc tests.
      Also remove benchtests/bench-strsep-ifunc.c
      Make memset in calloc a tail call.
      Return fixed version of  breaking of RPATH when $ORIGIN contains colons
      Document shm_open.
      Properly handle shm_open validation. Fixes bug 16274.
      Refactor several debug routines.
      Allow strptime read outputs from strftime. Fixes bug 4772.
      Add bug numbers 926, 4772 and 16274 to NEWS.
      Replace malloc force_reg by atomic_forced_read.
      Simplify perturb_byte logic.
      Drop PER_THREAD conditionals from malloc.
      Expand MALLOC_COPY and MALLOC_ZERO to memcpy and memset.
      Add strstr with unaligned loads. Fixes bug 12100.
      Update documentation after dropping PER_THREAD  conditional.
      Add missing deftp to fix commit 4d84e6addd62bdc256627af.
      Clarify that scanf does not use character classes.  Fixes bug 12986
      Add Changelog and news entry.
      Fix ChangeLog
      Reformat malloc to gnu style.
      Fix integer overflow in vfwprintf. Fixes bug 14286.
      Add 15850 to NEWS.
      Do not enable asynchronous cancellation in system. Fixes bug 14782.
      Add ChangeLog entry

Patrick 'P. J.' McDermott (2):
      don't use Bash-specific ${parameter/pattern/string} expansion
      ldd: make try_trace more robust and portable

Paul Eggert (5):
      Clarify documentation on how functions use timezone. Fixes bug 926.
      * manual/time.texi (TZ Variable): POSIX.1 hour can be 24.
      * manual/time.texi (TZ Variable): Modernize North America example
      Document TZ transition times >= 25:00:00.
      Support TZ transition times < 00:00:00.

Paul Pluzhnikov (18):
      Adjust AT_EXECFN when using explicit loader invocation.
      Adjust AT_EXECFN when using explicit loader invocation.
      Fix failure in nptl/tst-cleanup when building with
      Revert "Fix failure in nptl/tst-cleanup when building with"
      Fix failure in tst-cleanup2 and tst-cleanupx2 with gcc-4.9
      Fix missing > on email.
      Fix intermittent failure in tst-getpid2.
      Patch [1/4] async-signal safe TLS.
      Patch 3/4 of the effort to make TLS access async-signal-safe.
      Patch 2/4 of the effort to make TLS access async-signal-safe.
      Cleanup compile warnings.
      Fix incorrect power of 2 check in last commit.
      Fix white space as well.
      Merge branch 'master' of ssh://sourceware.org/git/glibc
      Fix ChangeLog entry.
      Fix a race in tst-tls7, which caused crashes on ppc32.
      BZ 16133 has been fixed (async signal safe TLS).
      Mention BZ 9721

Pavel Simerda (2):
      getaddrinfo: remove dead code
      Remove redundant GAIH_OKIFUNSPEC and GAIH_EAI.

Petr Machata (1):
      Add AArch64 relocation definitions.

Rajalakshmi Srinivasaraghavan (2):
      benchtests: Add strsep benchmark
      benchtests: Add strtok benchmark

Reuben Thomas (1):
      Fix typo in setlocale.c. Fixes BZ #15764

Richard Henderson (5):
      alpha: Improve conditions under which PTR_MANGLE is defined
      alpha: Fix signal thunk unwind info
      alpha: Convert <bits/mman.h> to <bits/mman-linux.h>
      alpha: Fix tls-macros.h
      alpha: Update libm-test-ulps

Richard Sandiford (3):
      Make localedef output generation use more logical interfaces.
      Fix some types in localedef.
      Fix localedef collation handling of <U0000> (bug 15948).

Roland McGrath (23):
      Use proper #include for xdecrypt declarations.
      Make stub lxstat64 call xstat64, like stub lxstat calls xstat.
      Flesh out 4.4 bits/socket.h with SOCK_CLOEXEC, SOCK_NONBLOCK.
      Replace generic bits/socket.h with 4.4 file.
      Clean up __libc_sa_len helper.
      True stub __ifreq.
      Mild decrufting in resolv code.
      Don't try to use ioctl unless [FIONREAD].
      Cope without sunrpc.
      Clean up _res declaration to use __thread unconditionally.
      Clean up h_errno declaration to use __thread unconditionally.
      Fix up ChangeLog formatting.
      Make armv6t2 strlen work in ARM mode too.
      Use sfi_* macros in armv6t2 strlen.
      Update to canonical freemanuals.texi file.
      Fix up ChangeLog formatting.
      Adjust generic swapon prototype to match Linux version.
      Add missing #include for malloc/hooks.c code.
      ARM: Fix memcpy computed-jump calculations for ARM_ALWAYS_BX case.
      ChangeLog whitespace fix.
      Clean up setjmp use in dl-error.c.
      ARM: Disable compat mcount code when unneeded.
      Remove excessive redundant ChangeLog header lines.

Ryan S. Arnold (1):
      Update generic swapon definition to match prototype.

Sami Kerola (1):
      nscd: list all tables in usage()

Samuel Thibault (3):
      Hurd: Use __executable_start symbol instead of _start.
      Add fork hooks for pthread_atfork
      Fix build on hurd

Siddhesh Poyarekar (75):
      Simplify strcoll implementation
      Fix indentation in aicache.c
      Initialize res_hconf in nscd
      Use __glibc_unlikely instead of __builtin_expect (..., 0)
      Mark success return value as volatile to work around rescheduling
      Format sincos32.c
      Remove redundant goto lines
      Consolidate sin/cos computation for large inputs
      Consolidate sin/cos table lookup code
      New test cases for sin and cos for multiple precision fallback
      Add benchmark inputs for sincos
      Consolidate common code into macros
      Fall back to non-cached sequence traversal and comparison on malloc fail
      Check for integer overflow in cache size computation in strcoll
      Use the mutex member of the argumen in __libc_lock_*_recursive
      Move ChangeLog entry
      Fix PI mutex check in pthread_cond_broadcast and pthread_cond_signal
      Fix typo in manual
      Add more directives to benchmark input files
      Fix ChangeLog formatting
      Consolidate multiple precision sin/cos functions
      Format e_exp.c
      Format e_pow.c
      Add systemtap markers to math function slow paths
      Don't include tls.h in test cases
      Fix stack overflow due to large AF_INET6 requests
      Consolidate conditionals in mp sin/cos functions
      New inputs for exp
      Benchmark inputs for pow
      Add ChangeLog entry and fix NEWS for #16078
      Fix reads for sizes larger than INT_MAX in AF_INET lookup
      Fix ChangeLog formatting
      Add systemtap probe markers for sin, cos, asin and acos
      Fix ChangeLog formatting
      Rename Oriya locale to Odia (bug 15601)
      Fix build warning in locarchive.c
      Get canonical name in getaddrinfo from hosts file for AF_INET (fixes 16077)
      Add 16214 to NEWS
      Fix ChangeLog formatting
      Use herrnop directly
      [BZ #16195] Fix build warnings from systemtap probes in non-systemtap configurations
      benchtests: skip over blank lines in benchmark input files
      BZ #15941: Fix INSTALL file regeneration failure with makeinfo 5.x
      Fix ChangeLog formatting
      Remove unused variables in __stpncpy_chk
      Accept output arguments to benchmark functions
      benchtests: Append volatile keyword to type instead of prepending
      Use double constants instead of the struct number
      Consolidate definition of constant t22
      benchmark inputs for exp2, log2, log and tan
      Minor code cleanup in s_sin.c
      Remove some redundant computations in s_sin.c
      Remove redundant arguments in reduce_and_compute
      Remove more redundant computations in s_sin.c
      Consolidate code to compute sin and cos from lookup tables
      benchmark inputs for asin and acos
      benchmark inputs for sinh and cosh
      benchmark inputs for asinh and acosh
      benchmark inputs for tanh and atanh
      benchmark inputs for atan
      Benchmark inputs for cos and sin
      Fix infinite loop in nscd when netgroup is empty (bz #16365)
      Fix return code from getent netgroup when the netgroup is not found (bz #16366)
      Correct inputs for sin and cos
      Don't use alloca in addgetnetgrentX (BZ #16453)
      Mention addition of multiple precision fallback libm probes in NEWS
      Adjust pointers to triplets in netgroup query data (BZ #16474)
      Avoid undefined behaviour in netgroupcache
      Fix invalid memory access when parsing netgroup files with blank lines (BZ #16506)
      Add bug entry for previous commit in NEWS
      Fix spaces before tabs
      Update contrib.texi
      Fix infinite loop in ftell when writing wide char data (BZ #16398)
      Update NEWS for #16398
      Update contrib.texi

Stefan Liebler (1):
      S/390: Increase tst-tls7 test case timeout

Steve Ellcey (12):
      2013-09-20  Steve Ellcey  <sellcey@mips.com>
      2013-09-20  Steve Ellcey  <sellcey@mips.com>
      Remove trailing space.
      2013-09-23  Steve Ellcey  <sellcey@mips.com>
      2013-09-19  Steve Ellcey  <sellcey@mips.com>
      2013-09-23  Steve Ellcey  <sellcey@mips.com>
      2013-09-23  Steve Ellcey  <sellcey@mips.com>
      2013-09-26  Steve Ellcey  <sellcey@mips.com>
      2013-09-26  Steve Ellcey  <sellcey@mips.com>
      2013-11-13  Steve Ellcey  <sellcey@mips.com>
      Benchmark test for sqrt function.
      Add ChangeLog entry for sqrt tests.

Thomas Schwinge (5):
      math: Additional type conversion tests
      [BZ #15522] strtod ("nan(N)") returning a sNaN in some cases
      Use ELFOSABI_GNU instead of ELFOSABI_LINUX.
      Support ELFOSABI_GNU on all GNU systems.
      Hurd: Add ESUCCESS error_t value.

Toke Høiland-Jørgensen (2):
      Add entries for U00D8 and U00F8.
      Update NEWS

Tom Tromey (1):
      [AArch64] BZ #16169 Add CFI directives to clone.S

Torvald Riegel (1):
      benchtests: Add include-sources directive.

Ulrich Weigand (8):
      PowerPC64: Fix incorrect CFI in *context routines
      PowerPC64: Add __private_ss field to TCB header
      PowerPC64 ELFv2 ABI 1/6: Code refactoring
      PowerPC64 ELFv2 ABI 2/6: Remove function descriptors
      PowerPC64 ELFv2 ABI 3/6: PLT local entry point optimization
      PowerPC64 ELFv2 ABI 4/6: Stack frame layout changes
      PowerPC64 ELFv2 ABI 5/6: LD_AUDIT interface changes
      PowerPC64 ELFv2 ABI 6/6: Bump ld.so soname version number

Uros Bizjak (1):
      Avoid "left shift count >= width of type" warnings in soft-fp code.

Venkataramanan Kumar (1):
      [AArch64] Pointer mangling support for AArch64.

Ville Skytta (1):
      Fix spelling in manual, as in bug 16376

Vinitha Vijayan (1):
      [BZ #15859] Fix memory leak in _dl_map_object_deps

Wei-Lun Chao (4):
      New locale for nan_TW
      New locale for lzh_TW
      New locale for hak_TW
      New locale for cmn_TW

Will Newton (33):
      sysdeps/arm/armv6t2/strlen.S: strlen implementation for armv6t2.
      ARM: Fix clone code when built for Thumb.
      benchtests/Makefile: Use LDLIBS instead of LDFLAGS.
      benchtests: Switch string benchmarks to use bench-timing.h.
      benchtests/Makefile: Run benchmark for memcpy.
      malloc: Add realloc test.
      malloc: Check for integer overflow in pvalloc.
      malloc: Check for integer overflow in valloc.
      malloc: Check for integer overflow in memalign.
      Mention closing 15855, 15856 and 15857 in NEWS.
      benchtests: Rename argument to TIMING_INIT macro.
      Add CVE-2013-4332 to NEWS.
      ARM: Improve armv7 memcpy performance.
      sysdeps/mach/hurd/i386/tls.h: Remove TLS_INIT_TP_EXPENSIVE.
      ports/sysdeps/arm/nptl/tls.h: Remove TLS_INIT_TP_EXPENSIVE.
      malloc: Add posix_memalign test.
      malloc/tst-valloc.c: Improve test coverage and use test-skeleton.c.
      malloc: Add pvalloc test.
      ARM: Add pointer encryption support.
      malloc: Add memalign test.
      malloc/tst-posix_memalign.c: Tidy up code.
      malloc/tst-pvalloc.c: Tidy up code.
      malloc/tst-valloc.c: Tidy up code.
      ARM: Allow building __longjmp as Thumb.
      ARM: Allow building __sigsetjmp as Thumb.
      malloc/hooks.c: Correct check for overflow in memalign_check.
      malloc: Fix for infinite loop in memalign/posix_memalign.
      manual/memory.texi: Remove register keyword from examples.
      aarch64: Enable ifunc support.
      manual/memory.texi: Bring aligned allocation docs up to date.
      manual/memory.texi: Document aligned_alloc.
      ARM: Don't apply pointer encryption to the frame pointer
      ARM: Fix clone build for ARMv4

Yogesh Chaudhari (1):
      Update gethostbyname2_r documentation. Fixes bug #156.

Yuri Chornoivan (1):
      Fix typos.

Yuriy Kaminskiy (1):
      Fix a thinko/typo in i686's memmove (aka __memmove_ia32).

cjl (6):
      Add FSF statement to ayc_PE locale.
      Add FSF statement to ayc_PE locale.
      Add FSF statement to ayc_PE locale.
      Add country_car field to LC_ADDRESS
      Add country_car field to LC_ADDRESS
      Add country_car field to LC_ADDRESS

-----------------------------------------------------------------------
Comment 10 Jackie Rosen 2014-02-16 19:42:29 UTC Comment hidden (spam)
Comment 11 Sourceware Commits 2015-01-16 16:58:51 UTC
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, ibm/2.16/master has been created
        at  dfc25d72984eb5a3354e104612d0ca0129af3f98 (commit)

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=dfc25d72984eb5a3354e104612d0ca0129af3f98

commit dfc25d72984eb5a3354e104612d0ca0129af3f98
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date:   Wed Sep 25 13:43:04 2013 -0500

    PowerPC: Fix POINTER_CHK_GUARD thread register for PPC64

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=1442655ba419867ce1a045a97cdd7904ac1ad516

commit 1442655ba419867ce1a045a97cdd7904ac1ad516
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date:   Mon Jan 20 12:29:51 2014 -0600

    PowerPC: Fix gettimeofday ifunc selection
    
    The IFUNC selector for gettimeofday runs before _libc_vdso_platform_setup where
    __vdso_gettimeofday is set. The selector then sets __gettimeofday (the internal
    version used within GLIBC) to use the system call version instead of the vDSO one.
    This patch changes the check if vDSO is available to get its value directly
    instead of rely on __vdso_gettimeofday.
    
    This patch changes it by getting the vDSO value directly.
    
    It fixes BZ#16431.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=1bdb6daceb10307543599df3b118afd2109d2ec8

commit 1bdb6daceb10307543599df3b118afd2109d2ec8
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date:   Thu Jan 16 06:53:18 2014 -0600

    PowerPC: Fix ftime gettimeofday internal call returning bogus data
    
    This patches fixes BZ#16430 by setting a different symbol for internal
    GLIBC calls that points to ifunc resolvers. For PPC32, if the symbol
    is defined as hidden (which is the case for gettimeofday and time) the
    compiler will create local branches (symbol@local) and linker will not
    create PLT calls (required for IFUNC). This will leads to internal symbol
    calling the IFUNC resolver instead of the resolved symbol.
    For PPC64 this behavior does not occur because a call to a function in
    another translation unit might use a different toc pointer thus requiring
    a PLT call.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e3008132765936162552b15a77fe348c01074310

commit e3008132765936162552b15a77fe348c01074310
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date:   Thu Nov 7 05:34:22 2013 -0600

    PowerPC: Fix vDSO missing ODP entries
    
    This patch fixes the vDSO symbol used directed in IFUNC resolver where
    they do not have an associated ODP entry leading to undefined behavior
    in some cases. It adds an artificial OPD static entry to such cases
    and set its TOC to non 0 to avoid triggering lazy resolutions.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6ff69e1eb81719ee907642f615cef889d5bf8b2c

commit 6ff69e1eb81719ee907642f615cef889d5bf8b2c
Author: Carlos O'Donell <carlos@redhat.com>
Date:   Wed Nov 19 11:44:12 2014 -0500

    CVE-2014-7817: wordexp fails to honour WRDE_NOCMD.
    
    The function wordexp() fails to properly handle the WRDE_NOCMD
    flag when processing arithmetic inputs in the form of "$((... ``))"
    where "..." can be anything valid. The backticks in the arithmetic
    epxression are evaluated by in a shell even if WRDE_NOCMD forbade
    command substitution. This allows an attacker to attempt to pass
    dangerous commands via constructs of the above form, and bypass
    the WRDE_NOCMD flag. This patch fixes this by checking for WRDE_NOCMD
    in exec_comm(), the only place that can execute a shell. All other
    checks for WRDE_NOCMD are superfluous and removed.
    
    We expand the testsuite and add 3 new regression tests of roughly
    the same form but with a couple of nested levels.
    
    On top of the 3 new tests we add fork validation to the WRDE_NOCMD
    testing. If any forks are detected during the execution of a wordexp()
    call with WRDE_NOCMD, the test is marked as failed. This is slightly
    heuristic since vfork might be used in the future, but it provides a
    higher level of assurance that no shells were executed as part of
    command substitution with WRDE_NOCMD in effect. In addition it doesn't
    require libpthread or libdl, instead we use the public implementation
    namespace function __register_atfork (already part of the public ABI
    for libpthread).
    
    Tested on x86_64 with no regressions.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3ded3d365f0237e92e8af90c878b233f265d7b4a

commit 3ded3d365f0237e92e8af90c878b233f265d7b4a
Author: Allan McRae <allan@archlinux.org>
Date:   Thu Dec 18 11:01:43 2014 +1000

    Label CVE-2014-9402 in NEWS

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c7093fd0fedd8a0b4ed5b01347e3798219ba22ec

commit c7093fd0fedd8a0b4ed5b01347e3798219ba22ec
Author: Florian Weimer <fweimer@redhat.com>
Date:   Mon Dec 15 17:41:13 2014 +0100

    Avoid infinite loop in nss_dns getnetbyname [BZ #17630]

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c9b43ec3890d5c750a5127a543a55cd94aa73c94

commit c9b43ec3890d5c750a5127a543a55cd94aa73c94
Author: Jeff Law <law@redhat.com>
Date:   Mon Dec 15 10:09:32 2014 +0100

    CVE-2012-3406: Stack overflow in vfprintf [BZ #16617]
    
    A larger number of format specifiers coudld cause a stack overflow,
    potentially allowing to bypass _FORTIFY_SOURCE format string
    protection.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3b6ac4b1093333f364698ca3bb812c80b11c2f77

commit 3b6ac4b1093333f364698ca3bb812c80b11c2f77
Author: Allan McRae <allan@archlinux.org>
Date:   Sat Jun 21 17:23:55 2014 +1000

    Mention CVE-2014-4043 in NEWS

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f7865ec21e8ad32929509796497fa3b44c3ef826

commit f7865ec21e8ad32929509796497fa3b44c3ef826
Author: Florian Weimer <fweimer@redhat.com>
Date:   Thu Jan 15 15:16:54 2015 -0500

    posix_spawn_file_actions_addopen needs to copy the path argument (BZ 17048)
    
    POSIX requires that we make a copy, so we allocate a new string
    and free it in posix_spawn_file_actions_destroy.
    
    Reported by David Reid, Alex Gaynor, and Glyph Lefkowitz.  This bug
    may have security implications.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c7a91d241b095855e06e0bd00287968df2f6d87e

commit c7a91d241b095855e06e0bd00287968df2f6d87e
Author: Florian Weimer <fweimer@redhat.com>
Date:   Mon May 12 15:24:12 2014 +0200

    _nl_find_locale: Improve handling of crafted locale names [BZ #17137]
    
    Prevent directory traversal in locale-related environment variables
    (CVE-2014-0475).

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=588b214bc7fa3e54d6b679ed4b755e6d1310e61d

commit 588b214bc7fa3e54d6b679ed4b755e6d1310e61d
Author: Florian Weimer <fweimer@redhat.com>
Date:   Tue Aug 26 19:38:59 2014 +0200

    __gconv_translit_find: Disable function [BZ #17187]
    
    This functionality has never worked correctly, and the implementation
    contained a security vulnerability (CVE-2014-5119).

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bd51e93f9305e37aa17e08dbdb86a2e146c09eff

commit bd51e93f9305e37aa17e08dbdb86a2e146c09eff
Author: Florian Weimer <fweimer@redhat.com>
Date:   Wed Sep 3 19:45:43 2014 +0200

    CVE-2014-6040: Crashes on invalid input in IBM gconv modules [BZ #17325]
    
    These changes are based on the fix for BZ #14134 in commit
    6e230d11837f3ae7b375ea69d7905f0d18eb79e5.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=97ef0b2223e10fe3053494defd8a008d7dd9d6d8

commit 97ef0b2223e10fe3053494defd8a008d7dd9d6d8
Author: Will Newton <will.newton@linaro.org>
Date:   Fri Sep 13 09:26:02 2013 +0100

    Add CVE-2013-4332 to NEWS.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ccb8f6bab96cfcc7aedf5cd0d1946f26b028d733

commit ccb8f6bab96cfcc7aedf5cd0d1946f26b028d733
Author: Will Newton <will.newton@linaro.org>
Date:   Fri Aug 16 12:54:29 2013 +0100

    malloc: Check for integer overflow in memalign.
    
    A large bytes parameter to memalign could cause an integer overflow
    and corrupt allocator internals. Check the overflow does not occur
    before continuing with the allocation.
    
    ChangeLog:
    
    2013-09-11  Will Newton  <will.newton@linaro.org>
    
    	[BZ #15857]
    	* malloc/malloc.c (__libc_memalign): Check the value of bytes
    	does not overflow.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f1292792799a507711ce24b497e40f8fea8f9c9c

commit f1292792799a507711ce24b497e40f8fea8f9c9c
Author: Will Newton <will.newton@linaro.org>
Date:   Fri Aug 16 11:59:37 2013 +0100

    malloc: Check for integer overflow in valloc.
    
    A large bytes parameter to valloc could cause an integer overflow
    and corrupt allocator internals. Check the overflow does not occur
    before continuing with the allocation.
    
    ChangeLog:
    
    2013-09-11  Will Newton  <will.newton@linaro.org>
    
    	[BZ #15856]
    	* malloc/malloc.c (__libc_valloc): Check the value of bytes
    	does not overflow.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b1e934aed5170eb8948e0f3c6618c9431d6810ad

commit b1e934aed5170eb8948e0f3c6618c9431d6810ad
Author: Will Newton <will.newton@linaro.org>
Date:   Mon Aug 12 15:08:02 2013 +0100

    malloc: Check for integer overflow in pvalloc.
    
    A large bytes parameter to pvalloc could cause an integer overflow
    and corrupt allocator internals. Check the overflow does not occur
    before continuing with the allocation.
    
    ChangeLog:
    
    2013-09-11  Will Newton  <will.newton@linaro.org>
    
    	[BZ #15855]
    	* malloc/malloc.c (__libc_pvalloc): Check the value of bytes
    	does not overflow.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bcd619797e785f90cc9fd67208267c26c8e4b40d

commit bcd619797e785f90cc9fd67208267c26c8e4b40d
Author: Florian Weimer <fweimer@redhat.com>
Date:   Fri Aug 16 09:38:52 2013 +0200

    CVE-2013-4237, BZ #14699: Buffer overflow in readdir_r
    
    	* sysdeps/posix/dirstream.h (struct __dirstream): Add errcode
    	member.
    	* sysdeps/posix/opendir.c (__alloc_dir): Initialize errcode
    	member.
    	* sysdeps/posix/rewinddir.c (rewinddir): Reset errcode member.
    	* sysdeps/posix/readdir_r.c (__READDIR_R): Enforce NAME_MAX limit.
    	Return delayed error code.  Remove GETDENTS_64BIT_ALIGNED
    	conditional.
    	* sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c: Do not define
    	GETDENTS_64BIT_ALIGNED.
    	* sysdeps/unix/sysv/linux/i386/readdir64_r.c: Likewise.
    	* manual/filesys.texi (Reading/Closing Directory): Document
    	ENAMETOOLONG return value of readdir_r.  Recommend readdir more
    	strongly.
    	* manual/conf.texi (Limits for Files): Add portability note to
    	NAME_MAX, PATH_MAX.
    	(Pathconf): Add portability note for _PC_NAME_MAX, _PC_PATH_MAX.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6fd8e941423354e6c7a951d37a60d2f1424d568e

commit 6fd8e941423354e6c7a951d37a60d2f1424d568e
Author: Carlos O'Donell <carlos@redhat.com>
Date:   Mon Sep 23 00:52:09 2013 -0400

    BZ #15754: CVE-2013-4788
    
    The pointer guard used for pointer mangling was not initialized for
    static applications resulting in the security feature being disabled.
    The pointer guard is now correctly initialized to a random value for
    static applications. Existing static applications need to be
    recompiled to take advantage of the fix.
    
    The test tst-ptrguard1-static and tst-ptrguard1 add regression
    coverage to ensure the pointer guards are sufficiently random
    and initialized to a default value.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a243b1a0797180e142d525d1325a173c758c3714

commit a243b1a0797180e142d525d1325a173c758c3714
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date:   Mon Sep 23 11:24:30 2013 +0530

    Check for integer overflow in cache size computation in strcoll
    
    strcoll is implemented using a cache for indices and weights of
    collation sequences in the strings so that subsequent passes do not
    have to search through collation data again.  For very large string
    inputs, the cache size computation could overflow.  In such a case,
    use the fallback function that does not cache indices and weights of
    collation sequences.
    
    Fixes CVE-2012-4412.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c1132021659d22753104762a074d6339ae6cbd01

commit c1132021659d22753104762a074d6339ae6cbd01
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date:   Mon Sep 23 11:20:02 2013 +0530

    Fall back to non-cached sequence traversal and comparison on malloc fail
    
    strcoll currently falls back to alloca if malloc fails, resulting in a
    possible stack overflow.  This patch implements sequence traversal and
    comparison without caching indices and rules.
    
    Fixes CVE-2012-4424.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=2dc811b78adc97b5f5d951716df30053a24da1a1

commit 2dc811b78adc97b5f5d951716df30053a24da1a1
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date:   Tue Aug 20 08:40:05 2013 +0530

    Simplify strcoll implementation
    
    Break up strcoll into simpler functions so that the logic is easier to
    follow and maintain.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9b951f59aa3c2f2d58d398aab146951216f9ff8d

commit 9b951f59aa3c2f2d58d398aab146951216f9ff8d
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date:   Fri Oct 25 10:22:12 2013 +0530

    Fix stack overflow due to large AF_INET6 requests
    
    Resolves #16072 (CVE-2013-4458).
    
    This patch fixes another stack overflow in getaddrinfo when it is
    called with AF_INET6.  The AF_UNSPEC case was fixed as CVE-2013-1914,
    but the AF_INET6 case went undetected back then.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=302c61e2d3536a6ff99d518499771afd6a951b0c

commit 302c61e2d3536a6ff99d518499771afd6a951b0c
Author: Andreas Schwab <schwab@suse.de>
Date:   Tue Jan 29 14:45:15 2013 +0100

    Fix buffer overrun in regexp matcher

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b7e0492e183efc24e5658c860ca5711e00524dd7

commit b7e0492e183efc24e5658c860ca5711e00524dd7
Author: Carlos O'Donell <carlos@redhat.com>
Date:   Fri Jul 19 02:42:03 2013 -0400

    CVE-2013-2207, BZ #15755: Disable pt_chown.
    
    The helper binary pt_chown tricked into granting access to another
    user's pseudo-terminal.
    
    Pre-conditions for the attack:
    
     * Attacker with local user account
     * Kernel with FUSE support
     * "user_allow_other" in /etc/fuse.conf
     * Victim with allocated slave in /dev/pts
    
    Using the setuid installed pt_chown and a weak check on whether a file
    descriptor is a tty, an attacker could fake a pty check using FUSE and
    trick pt_chown to grant ownership of a pty descriptor that the current
    user does not own.  It cannot access /dev/pts/ptmx however.
    
    In most modern distributions pt_chown is not needed because devpts
    is enabled by default. The fix for this CVE is to disable building
    and using pt_chown by default. We still provide a configure option
    to enable hte use of pt_chown but distributions do so at their own
    risk.
    
    Cherry-pick of e4608715e6e1dd2adc91982fd151d5ba4f761d69.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=02a002fe9c0b65532643a88b01253e95ba8ba8c6

commit 02a002fe9c0b65532643a88b01253e95ba8ba8c6
Author: Jeff Law <law@redhat.com>
Date:   Wed Nov 28 14:12:28 2012 -0700

           [BZ #14889]
            * sunrpc/rpc/svc.h (__svc_accept_failed): New prototype.
            * sunrpc/svc.c: Include time.h.
            (__svc_accept_failed): New function.
            * sunrpc/svc_tcp.c (rendezvous_request): If the accept fails for
            any reason other than EINTR, call __svc_accept_failed.
            * sunrpc/svc_udp.c (svcudp_recv): Similarly.
            * sunrpc/svc_unix.c (rendezvous_request): Similarly.
    
    Cherry-pick of 14bc93a967e62abf8cf2704725b6f76619399f83

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3b498440aac70e994f32f45a31102964313af690

commit 3b498440aac70e994f32f45a31102964313af690
Author: Andreas Schwab <schwab@suse.de>
Date:   Wed Nov 28 10:24:06 2012 +0100

    Properly handle indirect functions in ABI check on powerpc64

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8282b7f2aa6380e8a91515f748d4693d8151fc4f

commit 8282b7f2aa6380e8a91515f748d4693d8151fc4f
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date:   Fri Apr 26 13:00:56 2013 -0500

    PowerPC: modf optimization fix
    
    This patch fix the 3c0265394d9ffedff2b0de508602dc52e077ce5c commits
    by correctly setting minimum architecture for modf PPC optimization
    to power5+ instead of power5 (since only on power5+ round/ceil will
    be inline to inline assembly).

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=17e599d2613c2a2e4cb6d5c3f9d5f626879aa63f

commit 17e599d2613c2a2e4cb6d5c3f9d5f626879aa63f
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date:   Mon Mar 25 16:10:06 2013 -0500

    PowerPC: modf optimization
    
    This patch implements modf/modff optimization for POWER by focus
    on FP operations instead of relying in integer ones.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=60dc6d12c5c61b05013cb15f63349dd3d343f26d

commit 60dc6d12c5c61b05013cb15f63349dd3d343f26d
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date:   Wed Mar 13 10:46:08 2013 -0300

    PowerPC: Change sched_getcpu to use vDSO getcpu instead of syscall.
    
    Backport of d5e0b9bd6e296f3ec5263fa296d39f3fed9b8fa2.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=cc328ae264f5b97d2811a95d84112bb1c6c7cae3

commit cc328ae264f5b97d2811a95d84112bb1c6c7cae3
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date:   Mon Mar 4 22:02:41 2013 -0300

    PowerPC: gettimeofday optimization by using IFUNC

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=36016f626e72f5d1cb6107deeab29768d82ff7e3

commit 36016f626e72f5d1cb6107deeab29768d82ff7e3
Merge: 4e1f97c 043c748
Author: Ryan S. Arnold <rsa@linux.vnet.ibm.com>
Date:   Fri Mar 1 16:20:18 2013 -0600

    Merge remote branch 'remotes/origin/release/2.16/master' into local_ibm_2.16

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4e1f97ccdcc257eba262667f7a3179a7d530330d

commit 4e1f97ccdcc257eba262667f7a3179a7d530330d
Author: Mike Frysinger <vapier@gentoo.org>
Date:   Wed Nov 28 23:04:32 2012 -0500

    byteswap.h: fix gcc ver test for __builtin_bswap{32,64}
    
    The __builtin_bswap* functions were introduced in gcc-4.3, not gcc-4.2.
    Fix the __GNUC_PREREQ tests to reflect this.
    
    Otherwise trying to compile code with gcc-4.2 falls down:
    In file included from /usr/include/endian.h:60,
                     from /usr/include/ctype.h:40,
    /usr/include/bits/byteswap.h: In function 'unsigned int __bswap_32(unsigned int)':
    /usr/include/bits/byteswap.h:46: error: '__builtin_bswap32' was not declared in this scope
    /usr/include/bits/byteswap.h: In function 'long long unsigned int __bswap_64(long long unsigned int)':
    /usr/include/bits/byteswap.h:110: error: '__builtin_bswap64' was not declared in this scope
    
    Signed-off-by: Mike Frysinger <vapier@gentoo.org>
    (cherry picked from commit c9d6789ebe028a260d3e5be0c26b7d02fdfe99fe)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=025b233a88a30f5f0474ff2c6051313eb33e5689

commit 025b233a88a30f5f0474ff2c6051313eb33e5689
Author: Joseph Myers <joseph@codesourcery.com>
Date:   Tue Nov 20 00:04:45 2012 +0000

    Fix __bswap_64 return type in generic bits/byteswap.h.
    (cherry picked from commit ecd4caf9783c99fb068a100c35899a0c3a3c6d98)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=2c739e2cffb65d80787cfa861f9f6c62de327ad6

commit 2c739e2cffb65d80787cfa861f9f6c62de327ad6
Author: H.J. Lu <hjl.tools@gmail.com>
Date:   Fri Oct 12 09:21:47 2012 -0700

    Use __uint64_t in x86 __bswap_64
    (cherry picked from commit d394eb742a3565d7fe7a4b02710a60b5f219ee64)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a24f8ac8e65b451efc81839dd653d0a0e95a23ab

commit a24f8ac8e65b451efc81839dd653d0a0e95a23ab
Author: Andreas Schwab <schwab@linux-m68k.org>
Date:   Tue May 1 17:10:10 2012 +0200

    Fix missing _mcount@GLIBC_2.0 on powerpc32
    (cherry picked from commit 261f485936b283f4327fc1f2fc8fd1705d805c12)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=94464655b576985fdd5f66f7f6126ee1f92a41cc

commit 94464655b576985fdd5f66f7f6126ee1f92a41cc
Author: Peter Bergner <bergner@vnet.ibm.com>
Date:   Fri Jul 6 13:24:49 2012 -0500

    Add AT_PLATFORM env variable to ld.so to override auxv AT_PLATFORM.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d846920271a0f4dc54c0dbbd56998228e75e776c

commit d846920271a0f4dc54c0dbbd56998228e75e776c
Author: Ryan S. Arnold <rsa@linux.vnet.ibm.com>
Date:   Fri Jul 6 13:03:09 2012 -0500

    Remove assert() if DT_RUNPATH and DT_RPATH flags are found in ld.so.

-----------------------------------------------------------------------
Comment 12 Sourceware Commits 2015-01-29 18:47:20 UTC
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, ibm/2.16/master has been created
        at  ec36394743c15fedca294219f2254b180c4e327c (commit)

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ec36394743c15fedca294219f2254b180c4e327c

commit ec36394743c15fedca294219f2254b180c4e327c
Author: Andreas Schwab <schwab@suse.de>
Date:   Mon Jan 21 17:41:28 2013 +0100

    Fix parsing of numeric hosts in gethostbyname_r
    
    Conflicts:
    	ChangeLog
    	NEWS

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=20ac5d44837b82c064dfabd3646ec1f4f6826263

commit 20ac5d44837b82c064dfabd3646ec1f4f6826263
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date:   Mon Nov 19 13:01:43 2012 +0530

    Return EAI_SYSTEM if we're out of file descriptors
    
    Resolves BZ #14719.
    
    Conflicts:
    	ChangeLog
    	NEWS

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=dfc25d72984eb5a3354e104612d0ca0129af3f98

commit dfc25d72984eb5a3354e104612d0ca0129af3f98
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date:   Wed Sep 25 13:43:04 2013 -0500

    PowerPC: Fix POINTER_CHK_GUARD thread register for PPC64

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=1442655ba419867ce1a045a97cdd7904ac1ad516

commit 1442655ba419867ce1a045a97cdd7904ac1ad516
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date:   Mon Jan 20 12:29:51 2014 -0600

    PowerPC: Fix gettimeofday ifunc selection
    
    The IFUNC selector for gettimeofday runs before _libc_vdso_platform_setup where
    __vdso_gettimeofday is set. The selector then sets __gettimeofday (the internal
    version used within GLIBC) to use the system call version instead of the vDSO one.
    This patch changes the check if vDSO is available to get its value directly
    instead of rely on __vdso_gettimeofday.
    
    This patch changes it by getting the vDSO value directly.
    
    It fixes BZ#16431.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=1bdb6daceb10307543599df3b118afd2109d2ec8

commit 1bdb6daceb10307543599df3b118afd2109d2ec8
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date:   Thu Jan 16 06:53:18 2014 -0600

    PowerPC: Fix ftime gettimeofday internal call returning bogus data
    
    This patches fixes BZ#16430 by setting a different symbol for internal
    GLIBC calls that points to ifunc resolvers. For PPC32, if the symbol
    is defined as hidden (which is the case for gettimeofday and time) the
    compiler will create local branches (symbol@local) and linker will not
    create PLT calls (required for IFUNC). This will leads to internal symbol
    calling the IFUNC resolver instead of the resolved symbol.
    For PPC64 this behavior does not occur because a call to a function in
    another translation unit might use a different toc pointer thus requiring
    a PLT call.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e3008132765936162552b15a77fe348c01074310

commit e3008132765936162552b15a77fe348c01074310
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date:   Thu Nov 7 05:34:22 2013 -0600

    PowerPC: Fix vDSO missing ODP entries
    
    This patch fixes the vDSO symbol used directed in IFUNC resolver where
    they do not have an associated ODP entry leading to undefined behavior
    in some cases. It adds an artificial OPD static entry to such cases
    and set its TOC to non 0 to avoid triggering lazy resolutions.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6ff69e1eb81719ee907642f615cef889d5bf8b2c

commit 6ff69e1eb81719ee907642f615cef889d5bf8b2c
Author: Carlos O'Donell <carlos@redhat.com>
Date:   Wed Nov 19 11:44:12 2014 -0500

    CVE-2014-7817: wordexp fails to honour WRDE_NOCMD.
    
    The function wordexp() fails to properly handle the WRDE_NOCMD
    flag when processing arithmetic inputs in the form of "$((... ``))"
    where "..." can be anything valid. The backticks in the arithmetic
    epxression are evaluated by in a shell even if WRDE_NOCMD forbade
    command substitution. This allows an attacker to attempt to pass
    dangerous commands via constructs of the above form, and bypass
    the WRDE_NOCMD flag. This patch fixes this by checking for WRDE_NOCMD
    in exec_comm(), the only place that can execute a shell. All other
    checks for WRDE_NOCMD are superfluous and removed.
    
    We expand the testsuite and add 3 new regression tests of roughly
    the same form but with a couple of nested levels.
    
    On top of the 3 new tests we add fork validation to the WRDE_NOCMD
    testing. If any forks are detected during the execution of a wordexp()
    call with WRDE_NOCMD, the test is marked as failed. This is slightly
    heuristic since vfork might be used in the future, but it provides a
    higher level of assurance that no shells were executed as part of
    command substitution with WRDE_NOCMD in effect. In addition it doesn't
    require libpthread or libdl, instead we use the public implementation
    namespace function __register_atfork (already part of the public ABI
    for libpthread).
    
    Tested on x86_64 with no regressions.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3ded3d365f0237e92e8af90c878b233f265d7b4a

commit 3ded3d365f0237e92e8af90c878b233f265d7b4a
Author: Allan McRae <allan@archlinux.org>
Date:   Thu Dec 18 11:01:43 2014 +1000

    Label CVE-2014-9402 in NEWS

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c7093fd0fedd8a0b4ed5b01347e3798219ba22ec

commit c7093fd0fedd8a0b4ed5b01347e3798219ba22ec
Author: Florian Weimer <fweimer@redhat.com>
Date:   Mon Dec 15 17:41:13 2014 +0100

    Avoid infinite loop in nss_dns getnetbyname [BZ #17630]

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c9b43ec3890d5c750a5127a543a55cd94aa73c94

commit c9b43ec3890d5c750a5127a543a55cd94aa73c94
Author: Jeff Law <law@redhat.com>
Date:   Mon Dec 15 10:09:32 2014 +0100

    CVE-2012-3406: Stack overflow in vfprintf [BZ #16617]
    
    A larger number of format specifiers coudld cause a stack overflow,
    potentially allowing to bypass _FORTIFY_SOURCE format string
    protection.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3b6ac4b1093333f364698ca3bb812c80b11c2f77

commit 3b6ac4b1093333f364698ca3bb812c80b11c2f77
Author: Allan McRae <allan@archlinux.org>
Date:   Sat Jun 21 17:23:55 2014 +1000

    Mention CVE-2014-4043 in NEWS

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f7865ec21e8ad32929509796497fa3b44c3ef826

commit f7865ec21e8ad32929509796497fa3b44c3ef826
Author: Florian Weimer <fweimer@redhat.com>
Date:   Thu Jan 15 15:16:54 2015 -0500

    posix_spawn_file_actions_addopen needs to copy the path argument (BZ 17048)
    
    POSIX requires that we make a copy, so we allocate a new string
    and free it in posix_spawn_file_actions_destroy.
    
    Reported by David Reid, Alex Gaynor, and Glyph Lefkowitz.  This bug
    may have security implications.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c7a91d241b095855e06e0bd00287968df2f6d87e

commit c7a91d241b095855e06e0bd00287968df2f6d87e
Author: Florian Weimer <fweimer@redhat.com>
Date:   Mon May 12 15:24:12 2014 +0200

    _nl_find_locale: Improve handling of crafted locale names [BZ #17137]
    
    Prevent directory traversal in locale-related environment variables
    (CVE-2014-0475).

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=588b214bc7fa3e54d6b679ed4b755e6d1310e61d

commit 588b214bc7fa3e54d6b679ed4b755e6d1310e61d
Author: Florian Weimer <fweimer@redhat.com>
Date:   Tue Aug 26 19:38:59 2014 +0200

    __gconv_translit_find: Disable function [BZ #17187]
    
    This functionality has never worked correctly, and the implementation
    contained a security vulnerability (CVE-2014-5119).

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bd51e93f9305e37aa17e08dbdb86a2e146c09eff

commit bd51e93f9305e37aa17e08dbdb86a2e146c09eff
Author: Florian Weimer <fweimer@redhat.com>
Date:   Wed Sep 3 19:45:43 2014 +0200

    CVE-2014-6040: Crashes on invalid input in IBM gconv modules [BZ #17325]
    
    These changes are based on the fix for BZ #14134 in commit
    6e230d11837f3ae7b375ea69d7905f0d18eb79e5.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=97ef0b2223e10fe3053494defd8a008d7dd9d6d8

commit 97ef0b2223e10fe3053494defd8a008d7dd9d6d8
Author: Will Newton <will.newton@linaro.org>
Date:   Fri Sep 13 09:26:02 2013 +0100

    Add CVE-2013-4332 to NEWS.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ccb8f6bab96cfcc7aedf5cd0d1946f26b028d733

commit ccb8f6bab96cfcc7aedf5cd0d1946f26b028d733
Author: Will Newton <will.newton@linaro.org>
Date:   Fri Aug 16 12:54:29 2013 +0100

    malloc: Check for integer overflow in memalign.
    
    A large bytes parameter to memalign could cause an integer overflow
    and corrupt allocator internals. Check the overflow does not occur
    before continuing with the allocation.
    
    ChangeLog:
    
    2013-09-11  Will Newton  <will.newton@linaro.org>
    
    	[BZ #15857]
    	* malloc/malloc.c (__libc_memalign): Check the value of bytes
    	does not overflow.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f1292792799a507711ce24b497e40f8fea8f9c9c

commit f1292792799a507711ce24b497e40f8fea8f9c9c
Author: Will Newton <will.newton@linaro.org>
Date:   Fri Aug 16 11:59:37 2013 +0100

    malloc: Check for integer overflow in valloc.
    
    A large bytes parameter to valloc could cause an integer overflow
    and corrupt allocator internals. Check the overflow does not occur
    before continuing with the allocation.
    
    ChangeLog:
    
    2013-09-11  Will Newton  <will.newton@linaro.org>
    
    	[BZ #15856]
    	* malloc/malloc.c (__libc_valloc): Check the value of bytes
    	does not overflow.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b1e934aed5170eb8948e0f3c6618c9431d6810ad

commit b1e934aed5170eb8948e0f3c6618c9431d6810ad
Author: Will Newton <will.newton@linaro.org>
Date:   Mon Aug 12 15:08:02 2013 +0100

    malloc: Check for integer overflow in pvalloc.
    
    A large bytes parameter to pvalloc could cause an integer overflow
    and corrupt allocator internals. Check the overflow does not occur
    before continuing with the allocation.
    
    ChangeLog:
    
    2013-09-11  Will Newton  <will.newton@linaro.org>
    
    	[BZ #15855]
    	* malloc/malloc.c (__libc_pvalloc): Check the value of bytes
    	does not overflow.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bcd619797e785f90cc9fd67208267c26c8e4b40d

commit bcd619797e785f90cc9fd67208267c26c8e4b40d
Author: Florian Weimer <fweimer@redhat.com>
Date:   Fri Aug 16 09:38:52 2013 +0200

    CVE-2013-4237, BZ #14699: Buffer overflow in readdir_r
    
    	* sysdeps/posix/dirstream.h (struct __dirstream): Add errcode
    	member.
    	* sysdeps/posix/opendir.c (__alloc_dir): Initialize errcode
    	member.
    	* sysdeps/posix/rewinddir.c (rewinddir): Reset errcode member.
    	* sysdeps/posix/readdir_r.c (__READDIR_R): Enforce NAME_MAX limit.
    	Return delayed error code.  Remove GETDENTS_64BIT_ALIGNED
    	conditional.
    	* sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c: Do not define
    	GETDENTS_64BIT_ALIGNED.
    	* sysdeps/unix/sysv/linux/i386/readdir64_r.c: Likewise.
    	* manual/filesys.texi (Reading/Closing Directory): Document
    	ENAMETOOLONG return value of readdir_r.  Recommend readdir more
    	strongly.
    	* manual/conf.texi (Limits for Files): Add portability note to
    	NAME_MAX, PATH_MAX.
    	(Pathconf): Add portability note for _PC_NAME_MAX, _PC_PATH_MAX.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6fd8e941423354e6c7a951d37a60d2f1424d568e

commit 6fd8e941423354e6c7a951d37a60d2f1424d568e
Author: Carlos O'Donell <carlos@redhat.com>
Date:   Mon Sep 23 00:52:09 2013 -0400

    BZ #15754: CVE-2013-4788
    
    The pointer guard used for pointer mangling was not initialized for
    static applications resulting in the security feature being disabled.
    The pointer guard is now correctly initialized to a random value for
    static applications. Existing static applications need to be
    recompiled to take advantage of the fix.
    
    The test tst-ptrguard1-static and tst-ptrguard1 add regression
    coverage to ensure the pointer guards are sufficiently random
    and initialized to a default value.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a243b1a0797180e142d525d1325a173c758c3714

commit a243b1a0797180e142d525d1325a173c758c3714
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date:   Mon Sep 23 11:24:30 2013 +0530

    Check for integer overflow in cache size computation in strcoll
    
    strcoll is implemented using a cache for indices and weights of
    collation sequences in the strings so that subsequent passes do not
    have to search through collation data again.  For very large string
    inputs, the cache size computation could overflow.  In such a case,
    use the fallback function that does not cache indices and weights of
    collation sequences.
    
    Fixes CVE-2012-4412.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c1132021659d22753104762a074d6339ae6cbd01

commit c1132021659d22753104762a074d6339ae6cbd01
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date:   Mon Sep 23 11:20:02 2013 +0530

    Fall back to non-cached sequence traversal and comparison on malloc fail
    
    strcoll currently falls back to alloca if malloc fails, resulting in a
    possible stack overflow.  This patch implements sequence traversal and
    comparison without caching indices and rules.
    
    Fixes CVE-2012-4424.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=2dc811b78adc97b5f5d951716df30053a24da1a1

commit 2dc811b78adc97b5f5d951716df30053a24da1a1
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date:   Tue Aug 20 08:40:05 2013 +0530

    Simplify strcoll implementation
    
    Break up strcoll into simpler functions so that the logic is easier to
    follow and maintain.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9b951f59aa3c2f2d58d398aab146951216f9ff8d

commit 9b951f59aa3c2f2d58d398aab146951216f9ff8d
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date:   Fri Oct 25 10:22:12 2013 +0530

    Fix stack overflow due to large AF_INET6 requests
    
    Resolves #16072 (CVE-2013-4458).
    
    This patch fixes another stack overflow in getaddrinfo when it is
    called with AF_INET6.  The AF_UNSPEC case was fixed as CVE-2013-1914,
    but the AF_INET6 case went undetected back then.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=302c61e2d3536a6ff99d518499771afd6a951b0c

commit 302c61e2d3536a6ff99d518499771afd6a951b0c
Author: Andreas Schwab <schwab@suse.de>
Date:   Tue Jan 29 14:45:15 2013 +0100

    Fix buffer overrun in regexp matcher

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b7e0492e183efc24e5658c860ca5711e00524dd7

commit b7e0492e183efc24e5658c860ca5711e00524dd7
Author: Carlos O'Donell <carlos@redhat.com>
Date:   Fri Jul 19 02:42:03 2013 -0400

    CVE-2013-2207, BZ #15755: Disable pt_chown.
    
    The helper binary pt_chown tricked into granting access to another
    user's pseudo-terminal.
    
    Pre-conditions for the attack:
    
     * Attacker with local user account
     * Kernel with FUSE support
     * "user_allow_other" in /etc/fuse.conf
     * Victim with allocated slave in /dev/pts
    
    Using the setuid installed pt_chown and a weak check on whether a file
    descriptor is a tty, an attacker could fake a pty check using FUSE and
    trick pt_chown to grant ownership of a pty descriptor that the current
    user does not own.  It cannot access /dev/pts/ptmx however.
    
    In most modern distributions pt_chown is not needed because devpts
    is enabled by default. The fix for this CVE is to disable building
    and using pt_chown by default. We still provide a configure option
    to enable hte use of pt_chown but distributions do so at their own
    risk.
    
    Cherry-pick of e4608715e6e1dd2adc91982fd151d5ba4f761d69.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=02a002fe9c0b65532643a88b01253e95ba8ba8c6

commit 02a002fe9c0b65532643a88b01253e95ba8ba8c6
Author: Jeff Law <law@redhat.com>
Date:   Wed Nov 28 14:12:28 2012 -0700

           [BZ #14889]
            * sunrpc/rpc/svc.h (__svc_accept_failed): New prototype.
            * sunrpc/svc.c: Include time.h.
            (__svc_accept_failed): New function.
            * sunrpc/svc_tcp.c (rendezvous_request): If the accept fails for
            any reason other than EINTR, call __svc_accept_failed.
            * sunrpc/svc_udp.c (svcudp_recv): Similarly.
            * sunrpc/svc_unix.c (rendezvous_request): Similarly.
    
    Cherry-pick of 14bc93a967e62abf8cf2704725b6f76619399f83

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3b498440aac70e994f32f45a31102964313af690

commit 3b498440aac70e994f32f45a31102964313af690
Author: Andreas Schwab <schwab@suse.de>
Date:   Wed Nov 28 10:24:06 2012 +0100

    Properly handle indirect functions in ABI check on powerpc64

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8282b7f2aa6380e8a91515f748d4693d8151fc4f

commit 8282b7f2aa6380e8a91515f748d4693d8151fc4f
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date:   Fri Apr 26 13:00:56 2013 -0500

    PowerPC: modf optimization fix
    
    This patch fix the 3c0265394d9ffedff2b0de508602dc52e077ce5c commits
    by correctly setting minimum architecture for modf PPC optimization
    to power5+ instead of power5 (since only on power5+ round/ceil will
    be inline to inline assembly).

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=17e599d2613c2a2e4cb6d5c3f9d5f626879aa63f

commit 17e599d2613c2a2e4cb6d5c3f9d5f626879aa63f
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date:   Mon Mar 25 16:10:06 2013 -0500

    PowerPC: modf optimization
    
    This patch implements modf/modff optimization for POWER by focus
    on FP operations instead of relying in integer ones.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=60dc6d12c5c61b05013cb15f63349dd3d343f26d

commit 60dc6d12c5c61b05013cb15f63349dd3d343f26d
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date:   Wed Mar 13 10:46:08 2013 -0300

    PowerPC: Change sched_getcpu to use vDSO getcpu instead of syscall.
    
    Backport of d5e0b9bd6e296f3ec5263fa296d39f3fed9b8fa2.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=cc328ae264f5b97d2811a95d84112bb1c6c7cae3

commit cc328ae264f5b97d2811a95d84112bb1c6c7cae3
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date:   Mon Mar 4 22:02:41 2013 -0300

    PowerPC: gettimeofday optimization by using IFUNC

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=36016f626e72f5d1cb6107deeab29768d82ff7e3

commit 36016f626e72f5d1cb6107deeab29768d82ff7e3
Merge: 4e1f97c 043c748
Author: Ryan S. Arnold <rsa@linux.vnet.ibm.com>
Date:   Fri Mar 1 16:20:18 2013 -0600

    Merge remote branch 'remotes/origin/release/2.16/master' into local_ibm_2.16

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4e1f97ccdcc257eba262667f7a3179a7d530330d

commit 4e1f97ccdcc257eba262667f7a3179a7d530330d
Author: Mike Frysinger <vapier@gentoo.org>
Date:   Wed Nov 28 23:04:32 2012 -0500

    byteswap.h: fix gcc ver test for __builtin_bswap{32,64}
    
    The __builtin_bswap* functions were introduced in gcc-4.3, not gcc-4.2.
    Fix the __GNUC_PREREQ tests to reflect this.
    
    Otherwise trying to compile code with gcc-4.2 falls down:
    In file included from /usr/include/endian.h:60,
                     from /usr/include/ctype.h:40,
    /usr/include/bits/byteswap.h: In function 'unsigned int __bswap_32(unsigned int)':
    /usr/include/bits/byteswap.h:46: error: '__builtin_bswap32' was not declared in this scope
    /usr/include/bits/byteswap.h: In function 'long long unsigned int __bswap_64(long long unsigned int)':
    /usr/include/bits/byteswap.h:110: error: '__builtin_bswap64' was not declared in this scope
    
    Signed-off-by: Mike Frysinger <vapier@gentoo.org>
    (cherry picked from commit c9d6789ebe028a260d3e5be0c26b7d02fdfe99fe)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=025b233a88a30f5f0474ff2c6051313eb33e5689

commit 025b233a88a30f5f0474ff2c6051313eb33e5689
Author: Joseph Myers <joseph@codesourcery.com>
Date:   Tue Nov 20 00:04:45 2012 +0000

    Fix __bswap_64 return type in generic bits/byteswap.h.
    (cherry picked from commit ecd4caf9783c99fb068a100c35899a0c3a3c6d98)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=2c739e2cffb65d80787cfa861f9f6c62de327ad6

commit 2c739e2cffb65d80787cfa861f9f6c62de327ad6
Author: H.J. Lu <hjl.tools@gmail.com>
Date:   Fri Oct 12 09:21:47 2012 -0700

    Use __uint64_t in x86 __bswap_64
    (cherry picked from commit d394eb742a3565d7fe7a4b02710a60b5f219ee64)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a24f8ac8e65b451efc81839dd653d0a0e95a23ab

commit a24f8ac8e65b451efc81839dd653d0a0e95a23ab
Author: Andreas Schwab <schwab@linux-m68k.org>
Date:   Tue May 1 17:10:10 2012 +0200

    Fix missing _mcount@GLIBC_2.0 on powerpc32
    (cherry picked from commit 261f485936b283f4327fc1f2fc8fd1705d805c12)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=94464655b576985fdd5f66f7f6126ee1f92a41cc

commit 94464655b576985fdd5f66f7f6126ee1f92a41cc
Author: Peter Bergner <bergner@vnet.ibm.com>
Date:   Fri Jul 6 13:24:49 2012 -0500

    Add AT_PLATFORM env variable to ld.so to override auxv AT_PLATFORM.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d846920271a0f4dc54c0dbbd56998228e75e776c

commit d846920271a0f4dc54c0dbbd56998228e75e776c
Author: Ryan S. Arnold <rsa@linux.vnet.ibm.com>
Date:   Fri Jul 6 13:03:09 2012 -0500

    Remove assert() if DT_RUNPATH and DT_RPATH flags are found in ld.so.

-----------------------------------------------------------------------
Comment 13 Sourceware Commits 2015-02-23 15:02:17 UTC
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, ibm/2.16/master has been created
        at  627eabb20f2b70faa3698e2c0124094c6d51af8e (commit)

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=627eabb20f2b70faa3698e2c0124094c6d51af8e

commit 627eabb20f2b70faa3698e2c0124094c6d51af8e
Author: Paul Pluzhnikov <ppluzhnikov@google.com>
Date:   Fri Feb 6 00:30:42 2015 -0500

    CVE-2015-1472: wscanf allocates too little memory
    
    BZ #16618
    
    Under certain conditions wscanf can allocate too little memory for the
    to-be-scanned arguments and overflow the allocated buffer.  The
    implementation now correctly computes the required buffer size when
    using malloc.
    
    A regression test was added to tst-sscanf.
    
    Conflicts:
    	ChangeLog
    	NEWS
    	stdio-common/tst-sscanf.c

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ec36394743c15fedca294219f2254b180c4e327c

commit ec36394743c15fedca294219f2254b180c4e327c
Author: Andreas Schwab <schwab@suse.de>
Date:   Mon Jan 21 17:41:28 2013 +0100

    Fix parsing of numeric hosts in gethostbyname_r
    
    Conflicts:
    	ChangeLog
    	NEWS

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=20ac5d44837b82c064dfabd3646ec1f4f6826263

commit 20ac5d44837b82c064dfabd3646ec1f4f6826263
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date:   Mon Nov 19 13:01:43 2012 +0530

    Return EAI_SYSTEM if we're out of file descriptors
    
    Resolves BZ #14719.
    
    Conflicts:
    	ChangeLog
    	NEWS

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=dfc25d72984eb5a3354e104612d0ca0129af3f98

commit dfc25d72984eb5a3354e104612d0ca0129af3f98
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date:   Wed Sep 25 13:43:04 2013 -0500

    PowerPC: Fix POINTER_CHK_GUARD thread register for PPC64

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=1442655ba419867ce1a045a97cdd7904ac1ad516

commit 1442655ba419867ce1a045a97cdd7904ac1ad516
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date:   Mon Jan 20 12:29:51 2014 -0600

    PowerPC: Fix gettimeofday ifunc selection
    
    The IFUNC selector for gettimeofday runs before _libc_vdso_platform_setup where
    __vdso_gettimeofday is set. The selector then sets __gettimeofday (the internal
    version used within GLIBC) to use the system call version instead of the vDSO one.
    This patch changes the check if vDSO is available to get its value directly
    instead of rely on __vdso_gettimeofday.
    
    This patch changes it by getting the vDSO value directly.
    
    It fixes BZ#16431.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=1bdb6daceb10307543599df3b118afd2109d2ec8

commit 1bdb6daceb10307543599df3b118afd2109d2ec8
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date:   Thu Jan 16 06:53:18 2014 -0600

    PowerPC: Fix ftime gettimeofday internal call returning bogus data
    
    This patches fixes BZ#16430 by setting a different symbol for internal
    GLIBC calls that points to ifunc resolvers. For PPC32, if the symbol
    is defined as hidden (which is the case for gettimeofday and time) the
    compiler will create local branches (symbol@local) and linker will not
    create PLT calls (required for IFUNC). This will leads to internal symbol
    calling the IFUNC resolver instead of the resolved symbol.
    For PPC64 this behavior does not occur because a call to a function in
    another translation unit might use a different toc pointer thus requiring
    a PLT call.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e3008132765936162552b15a77fe348c01074310

commit e3008132765936162552b15a77fe348c01074310
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date:   Thu Nov 7 05:34:22 2013 -0600

    PowerPC: Fix vDSO missing ODP entries
    
    This patch fixes the vDSO symbol used directed in IFUNC resolver where
    they do not have an associated ODP entry leading to undefined behavior
    in some cases. It adds an artificial OPD static entry to such cases
    and set its TOC to non 0 to avoid triggering lazy resolutions.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6ff69e1eb81719ee907642f615cef889d5bf8b2c

commit 6ff69e1eb81719ee907642f615cef889d5bf8b2c
Author: Carlos O'Donell <carlos@redhat.com>
Date:   Wed Nov 19 11:44:12 2014 -0500

    CVE-2014-7817: wordexp fails to honour WRDE_NOCMD.
    
    The function wordexp() fails to properly handle the WRDE_NOCMD
    flag when processing arithmetic inputs in the form of "$((... ``))"
    where "..." can be anything valid. The backticks in the arithmetic
    epxression are evaluated by in a shell even if WRDE_NOCMD forbade
    command substitution. This allows an attacker to attempt to pass
    dangerous commands via constructs of the above form, and bypass
    the WRDE_NOCMD flag. This patch fixes this by checking for WRDE_NOCMD
    in exec_comm(), the only place that can execute a shell. All other
    checks for WRDE_NOCMD are superfluous and removed.
    
    We expand the testsuite and add 3 new regression tests of roughly
    the same form but with a couple of nested levels.
    
    On top of the 3 new tests we add fork validation to the WRDE_NOCMD
    testing. If any forks are detected during the execution of a wordexp()
    call with WRDE_NOCMD, the test is marked as failed. This is slightly
    heuristic since vfork might be used in the future, but it provides a
    higher level of assurance that no shells were executed as part of
    command substitution with WRDE_NOCMD in effect. In addition it doesn't
    require libpthread or libdl, instead we use the public implementation
    namespace function __register_atfork (already part of the public ABI
    for libpthread).
    
    Tested on x86_64 with no regressions.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3ded3d365f0237e92e8af90c878b233f265d7b4a

commit 3ded3d365f0237e92e8af90c878b233f265d7b4a
Author: Allan McRae <allan@archlinux.org>
Date:   Thu Dec 18 11:01:43 2014 +1000

    Label CVE-2014-9402 in NEWS

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c7093fd0fedd8a0b4ed5b01347e3798219ba22ec

commit c7093fd0fedd8a0b4ed5b01347e3798219ba22ec
Author: Florian Weimer <fweimer@redhat.com>
Date:   Mon Dec 15 17:41:13 2014 +0100

    Avoid infinite loop in nss_dns getnetbyname [BZ #17630]

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c9b43ec3890d5c750a5127a543a55cd94aa73c94

commit c9b43ec3890d5c750a5127a543a55cd94aa73c94
Author: Jeff Law <law@redhat.com>
Date:   Mon Dec 15 10:09:32 2014 +0100

    CVE-2012-3406: Stack overflow in vfprintf [BZ #16617]
    
    A larger number of format specifiers coudld cause a stack overflow,
    potentially allowing to bypass _FORTIFY_SOURCE format string
    protection.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3b6ac4b1093333f364698ca3bb812c80b11c2f77

commit 3b6ac4b1093333f364698ca3bb812c80b11c2f77
Author: Allan McRae <allan@archlinux.org>
Date:   Sat Jun 21 17:23:55 2014 +1000

    Mention CVE-2014-4043 in NEWS

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f7865ec21e8ad32929509796497fa3b44c3ef826

commit f7865ec21e8ad32929509796497fa3b44c3ef826
Author: Florian Weimer <fweimer@redhat.com>
Date:   Thu Jan 15 15:16:54 2015 -0500

    posix_spawn_file_actions_addopen needs to copy the path argument (BZ 17048)
    
    POSIX requires that we make a copy, so we allocate a new string
    and free it in posix_spawn_file_actions_destroy.
    
    Reported by David Reid, Alex Gaynor, and Glyph Lefkowitz.  This bug
    may have security implications.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c7a91d241b095855e06e0bd00287968df2f6d87e

commit c7a91d241b095855e06e0bd00287968df2f6d87e
Author: Florian Weimer <fweimer@redhat.com>
Date:   Mon May 12 15:24:12 2014 +0200

    _nl_find_locale: Improve handling of crafted locale names [BZ #17137]
    
    Prevent directory traversal in locale-related environment variables
    (CVE-2014-0475).

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=588b214bc7fa3e54d6b679ed4b755e6d1310e61d

commit 588b214bc7fa3e54d6b679ed4b755e6d1310e61d
Author: Florian Weimer <fweimer@redhat.com>
Date:   Tue Aug 26 19:38:59 2014 +0200

    __gconv_translit_find: Disable function [BZ #17187]
    
    This functionality has never worked correctly, and the implementation
    contained a security vulnerability (CVE-2014-5119).

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bd51e93f9305e37aa17e08dbdb86a2e146c09eff

commit bd51e93f9305e37aa17e08dbdb86a2e146c09eff
Author: Florian Weimer <fweimer@redhat.com>
Date:   Wed Sep 3 19:45:43 2014 +0200

    CVE-2014-6040: Crashes on invalid input in IBM gconv modules [BZ #17325]
    
    These changes are based on the fix for BZ #14134 in commit
    6e230d11837f3ae7b375ea69d7905f0d18eb79e5.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=97ef0b2223e10fe3053494defd8a008d7dd9d6d8

commit 97ef0b2223e10fe3053494defd8a008d7dd9d6d8
Author: Will Newton <will.newton@linaro.org>
Date:   Fri Sep 13 09:26:02 2013 +0100

    Add CVE-2013-4332 to NEWS.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ccb8f6bab96cfcc7aedf5cd0d1946f26b028d733

commit ccb8f6bab96cfcc7aedf5cd0d1946f26b028d733
Author: Will Newton <will.newton@linaro.org>
Date:   Fri Aug 16 12:54:29 2013 +0100

    malloc: Check for integer overflow in memalign.
    
    A large bytes parameter to memalign could cause an integer overflow
    and corrupt allocator internals. Check the overflow does not occur
    before continuing with the allocation.
    
    ChangeLog:
    
    2013-09-11  Will Newton  <will.newton@linaro.org>
    
    	[BZ #15857]
    	* malloc/malloc.c (__libc_memalign): Check the value of bytes
    	does not overflow.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f1292792799a507711ce24b497e40f8fea8f9c9c

commit f1292792799a507711ce24b497e40f8fea8f9c9c
Author: Will Newton <will.newton@linaro.org>
Date:   Fri Aug 16 11:59:37 2013 +0100

    malloc: Check for integer overflow in valloc.
    
    A large bytes parameter to valloc could cause an integer overflow
    and corrupt allocator internals. Check the overflow does not occur
    before continuing with the allocation.
    
    ChangeLog:
    
    2013-09-11  Will Newton  <will.newton@linaro.org>
    
    	[BZ #15856]
    	* malloc/malloc.c (__libc_valloc): Check the value of bytes
    	does not overflow.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b1e934aed5170eb8948e0f3c6618c9431d6810ad

commit b1e934aed5170eb8948e0f3c6618c9431d6810ad
Author: Will Newton <will.newton@linaro.org>
Date:   Mon Aug 12 15:08:02 2013 +0100

    malloc: Check for integer overflow in pvalloc.
    
    A large bytes parameter to pvalloc could cause an integer overflow
    and corrupt allocator internals. Check the overflow does not occur
    before continuing with the allocation.
    
    ChangeLog:
    
    2013-09-11  Will Newton  <will.newton@linaro.org>
    
    	[BZ #15855]
    	* malloc/malloc.c (__libc_pvalloc): Check the value of bytes
    	does not overflow.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bcd619797e785f90cc9fd67208267c26c8e4b40d

commit bcd619797e785f90cc9fd67208267c26c8e4b40d
Author: Florian Weimer <fweimer@redhat.com>
Date:   Fri Aug 16 09:38:52 2013 +0200

    CVE-2013-4237, BZ #14699: Buffer overflow in readdir_r
    
    	* sysdeps/posix/dirstream.h (struct __dirstream): Add errcode
    	member.
    	* sysdeps/posix/opendir.c (__alloc_dir): Initialize errcode
    	member.
    	* sysdeps/posix/rewinddir.c (rewinddir): Reset errcode member.
    	* sysdeps/posix/readdir_r.c (__READDIR_R): Enforce NAME_MAX limit.
    	Return delayed error code.  Remove GETDENTS_64BIT_ALIGNED
    	conditional.
    	* sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c: Do not define
    	GETDENTS_64BIT_ALIGNED.
    	* sysdeps/unix/sysv/linux/i386/readdir64_r.c: Likewise.
    	* manual/filesys.texi (Reading/Closing Directory): Document
    	ENAMETOOLONG return value of readdir_r.  Recommend readdir more
    	strongly.
    	* manual/conf.texi (Limits for Files): Add portability note to
    	NAME_MAX, PATH_MAX.
    	(Pathconf): Add portability note for _PC_NAME_MAX, _PC_PATH_MAX.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6fd8e941423354e6c7a951d37a60d2f1424d568e

commit 6fd8e941423354e6c7a951d37a60d2f1424d568e
Author: Carlos O'Donell <carlos@redhat.com>
Date:   Mon Sep 23 00:52:09 2013 -0400

    BZ #15754: CVE-2013-4788
    
    The pointer guard used for pointer mangling was not initialized for
    static applications resulting in the security feature being disabled.
    The pointer guard is now correctly initialized to a random value for
    static applications. Existing static applications need to be
    recompiled to take advantage of the fix.
    
    The test tst-ptrguard1-static and tst-ptrguard1 add regression
    coverage to ensure the pointer guards are sufficiently random
    and initialized to a default value.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a243b1a0797180e142d525d1325a173c758c3714

commit a243b1a0797180e142d525d1325a173c758c3714
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date:   Mon Sep 23 11:24:30 2013 +0530

    Check for integer overflow in cache size computation in strcoll
    
    strcoll is implemented using a cache for indices and weights of
    collation sequences in the strings so that subsequent passes do not
    have to search through collation data again.  For very large string
    inputs, the cache size computation could overflow.  In such a case,
    use the fallback function that does not cache indices and weights of
    collation sequences.
    
    Fixes CVE-2012-4412.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c1132021659d22753104762a074d6339ae6cbd01

commit c1132021659d22753104762a074d6339ae6cbd01
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date:   Mon Sep 23 11:20:02 2013 +0530

    Fall back to non-cached sequence traversal and comparison on malloc fail
    
    strcoll currently falls back to alloca if malloc fails, resulting in a
    possible stack overflow.  This patch implements sequence traversal and
    comparison without caching indices and rules.
    
    Fixes CVE-2012-4424.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=2dc811b78adc97b5f5d951716df30053a24da1a1

commit 2dc811b78adc97b5f5d951716df30053a24da1a1
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date:   Tue Aug 20 08:40:05 2013 +0530

    Simplify strcoll implementation
    
    Break up strcoll into simpler functions so that the logic is easier to
    follow and maintain.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9b951f59aa3c2f2d58d398aab146951216f9ff8d

commit 9b951f59aa3c2f2d58d398aab146951216f9ff8d
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date:   Fri Oct 25 10:22:12 2013 +0530

    Fix stack overflow due to large AF_INET6 requests
    
    Resolves #16072 (CVE-2013-4458).
    
    This patch fixes another stack overflow in getaddrinfo when it is
    called with AF_INET6.  The AF_UNSPEC case was fixed as CVE-2013-1914,
    but the AF_INET6 case went undetected back then.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=302c61e2d3536a6ff99d518499771afd6a951b0c

commit 302c61e2d3536a6ff99d518499771afd6a951b0c
Author: Andreas Schwab <schwab@suse.de>
Date:   Tue Jan 29 14:45:15 2013 +0100

    Fix buffer overrun in regexp matcher

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b7e0492e183efc24e5658c860ca5711e00524dd7

commit b7e0492e183efc24e5658c860ca5711e00524dd7
Author: Carlos O'Donell <carlos@redhat.com>
Date:   Fri Jul 19 02:42:03 2013 -0400

    CVE-2013-2207, BZ #15755: Disable pt_chown.
    
    The helper binary pt_chown tricked into granting access to another
    user's pseudo-terminal.
    
    Pre-conditions for the attack:
    
     * Attacker with local user account
     * Kernel with FUSE support
     * "user_allow_other" in /etc/fuse.conf
     * Victim with allocated slave in /dev/pts
    
    Using the setuid installed pt_chown and a weak check on whether a file
    descriptor is a tty, an attacker could fake a pty check using FUSE and
    trick pt_chown to grant ownership of a pty descriptor that the current
    user does not own.  It cannot access /dev/pts/ptmx however.
    
    In most modern distributions pt_chown is not needed because devpts
    is enabled by default. The fix for this CVE is to disable building
    and using pt_chown by default. We still provide a configure option
    to enable hte use of pt_chown but distributions do so at their own
    risk.
    
    Cherry-pick of e4608715e6e1dd2adc91982fd151d5ba4f761d69.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=02a002fe9c0b65532643a88b01253e95ba8ba8c6

commit 02a002fe9c0b65532643a88b01253e95ba8ba8c6
Author: Jeff Law <law@redhat.com>
Date:   Wed Nov 28 14:12:28 2012 -0700

           [BZ #14889]
            * sunrpc/rpc/svc.h (__svc_accept_failed): New prototype.
            * sunrpc/svc.c: Include time.h.
            (__svc_accept_failed): New function.
            * sunrpc/svc_tcp.c (rendezvous_request): If the accept fails for
            any reason other than EINTR, call __svc_accept_failed.
            * sunrpc/svc_udp.c (svcudp_recv): Similarly.
            * sunrpc/svc_unix.c (rendezvous_request): Similarly.
    
    Cherry-pick of 14bc93a967e62abf8cf2704725b6f76619399f83

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3b498440aac70e994f32f45a31102964313af690

commit 3b498440aac70e994f32f45a31102964313af690
Author: Andreas Schwab <schwab@suse.de>
Date:   Wed Nov 28 10:24:06 2012 +0100

    Properly handle indirect functions in ABI check on powerpc64

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8282b7f2aa6380e8a91515f748d4693d8151fc4f

commit 8282b7f2aa6380e8a91515f748d4693d8151fc4f
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date:   Fri Apr 26 13:00:56 2013 -0500

    PowerPC: modf optimization fix
    
    This patch fix the 3c0265394d9ffedff2b0de508602dc52e077ce5c commits
    by correctly setting minimum architecture for modf PPC optimization
    to power5+ instead of power5 (since only on power5+ round/ceil will
    be inline to inline assembly).

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=17e599d2613c2a2e4cb6d5c3f9d5f626879aa63f

commit 17e599d2613c2a2e4cb6d5c3f9d5f626879aa63f
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date:   Mon Mar 25 16:10:06 2013 -0500

    PowerPC: modf optimization
    
    This patch implements modf/modff optimization for POWER by focus
    on FP operations instead of relying in integer ones.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=60dc6d12c5c61b05013cb15f63349dd3d343f26d

commit 60dc6d12c5c61b05013cb15f63349dd3d343f26d
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date:   Wed Mar 13 10:46:08 2013 -0300

    PowerPC: Change sched_getcpu to use vDSO getcpu instead of syscall.
    
    Backport of d5e0b9bd6e296f3ec5263fa296d39f3fed9b8fa2.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=cc328ae264f5b97d2811a95d84112bb1c6c7cae3

commit cc328ae264f5b97d2811a95d84112bb1c6c7cae3
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date:   Mon Mar 4 22:02:41 2013 -0300

    PowerPC: gettimeofday optimization by using IFUNC

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=36016f626e72f5d1cb6107deeab29768d82ff7e3

commit 36016f626e72f5d1cb6107deeab29768d82ff7e3
Merge: 4e1f97c 043c748
Author: Ryan S. Arnold <rsa@linux.vnet.ibm.com>
Date:   Fri Mar 1 16:20:18 2013 -0600

    Merge remote branch 'remotes/origin/release/2.16/master' into local_ibm_2.16

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4e1f97ccdcc257eba262667f7a3179a7d530330d

commit 4e1f97ccdcc257eba262667f7a3179a7d530330d
Author: Mike Frysinger <vapier@gentoo.org>
Date:   Wed Nov 28 23:04:32 2012 -0500

    byteswap.h: fix gcc ver test for __builtin_bswap{32,64}
    
    The __builtin_bswap* functions were introduced in gcc-4.3, not gcc-4.2.
    Fix the __GNUC_PREREQ tests to reflect this.
    
    Otherwise trying to compile code with gcc-4.2 falls down:
    In file included from /usr/include/endian.h:60,
                     from /usr/include/ctype.h:40,
    /usr/include/bits/byteswap.h: In function 'unsigned int __bswap_32(unsigned int)':
    /usr/include/bits/byteswap.h:46: error: '__builtin_bswap32' was not declared in this scope
    /usr/include/bits/byteswap.h: In function 'long long unsigned int __bswap_64(long long unsigned int)':
    /usr/include/bits/byteswap.h:110: error: '__builtin_bswap64' was not declared in this scope
    
    Signed-off-by: Mike Frysinger <vapier@gentoo.org>
    (cherry picked from commit c9d6789ebe028a260d3e5be0c26b7d02fdfe99fe)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=025b233a88a30f5f0474ff2c6051313eb33e5689

commit 025b233a88a30f5f0474ff2c6051313eb33e5689
Author: Joseph Myers <joseph@codesourcery.com>
Date:   Tue Nov 20 00:04:45 2012 +0000

    Fix __bswap_64 return type in generic bits/byteswap.h.
    (cherry picked from commit ecd4caf9783c99fb068a100c35899a0c3a3c6d98)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=2c739e2cffb65d80787cfa861f9f6c62de327ad6

commit 2c739e2cffb65d80787cfa861f9f6c62de327ad6
Author: H.J. Lu <hjl.tools@gmail.com>
Date:   Fri Oct 12 09:21:47 2012 -0700

    Use __uint64_t in x86 __bswap_64
    (cherry picked from commit d394eb742a3565d7fe7a4b02710a60b5f219ee64)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a24f8ac8e65b451efc81839dd653d0a0e95a23ab

commit a24f8ac8e65b451efc81839dd653d0a0e95a23ab
Author: Andreas Schwab <schwab@linux-m68k.org>
Date:   Tue May 1 17:10:10 2012 +0200

    Fix missing _mcount@GLIBC_2.0 on powerpc32
    (cherry picked from commit 261f485936b283f4327fc1f2fc8fd1705d805c12)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=94464655b576985fdd5f66f7f6126ee1f92a41cc

commit 94464655b576985fdd5f66f7f6126ee1f92a41cc
Author: Peter Bergner <bergner@vnet.ibm.com>
Date:   Fri Jul 6 13:24:49 2012 -0500

    Add AT_PLATFORM env variable to ld.so to override auxv AT_PLATFORM.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d846920271a0f4dc54c0dbbd56998228e75e776c

commit d846920271a0f4dc54c0dbbd56998228e75e776c
Author: Ryan S. Arnold <rsa@linux.vnet.ibm.com>
Date:   Fri Jul 6 13:03:09 2012 -0500

    Remove assert() if DT_RUNPATH and DT_RPATH flags are found in ld.so.

-----------------------------------------------------------------------