Bug 21115 (CVE-2017-12133) - sunrpc: Use-after-free in error path in clntudp_call (CVE-2017-12133)
Summary: sunrpc: Use-after-free in error path in clntudp_call (CVE-2017-12133)
Status: RESOLVED FIXED
Alias: CVE-2017-12133
Product: glibc
Classification: Unclassified
Component: network (show other bugs)
Version: unspecified
: P2 normal
Target Milestone: 2.26
Assignee: Florian Weimer
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-02-08 11:10 UTC by Florian Weimer
Modified: 2018-04-06 20:17 UTC (History)
0 users

See Also:
Host:
Target:
Build:
Last reconfirmed:
fweimer: security+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Florian Weimer 2017-02-08 11:10:18 UTC
After commit bc779a1a5b3035133024b21e2f339fe4219fb11c (CVE-2016-4429: sunrpc: Do not use alloca in clntudp_call [BZ #20112]), ancillary data is stored on the heap, but it is accessed after it has been freed.

The free call needs to be moved further down:

diff --git a/sunrpc/clnt_udp.c b/sunrpc/clnt_udp.c
index a923521..be6b878 100644
--- a/sunrpc/clnt_udp.c
+++ b/sunrpc/clnt_udp.c
@@ -416,9 +416,9 @@ send_again:
 		 cmsg = CMSG_NXTHDR (&msg, cmsg))
 	      if (cmsg->cmsg_level == SOL_IP && cmsg->cmsg_type == IP_RECVERR)
 		{
-		  free (cbuf);
 		  e = (struct sock_extended_err *) CMSG_DATA(cmsg);
 		  cu->cu_error.re_errno = e->ee_errno;
+		  free (cbuf);
 		  return (cu->cu_error.re_status = RPC_CANTRECV);
 		}
 	  free (cbuf);

Technically, this is a security vulnerability, but the chance of information disclosure is very slim.
Comment 1 Sourceware Commits 2017-02-27 18:41:43 UTC
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  d42eed4a044e5e10dfb885cf9891c2518a72a491 (commit)
      from  963394a22b38c4ec92b6875a6c06d3b15d5c0d21 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d42eed4a044e5e10dfb885cf9891c2518a72a491

commit d42eed4a044e5e10dfb885cf9891c2518a72a491
Author: Florian Weimer <fweimer@redhat.com>
Date:   Mon Feb 27 19:05:13 2017 +0100

    sunrpc: Avoid use-after-free read access in clntudp_call [BZ #21115]
    
    After commit bc779a1a5b3035133024b21e2f339fe4219fb11c
    (CVE-2016-4429: sunrpc: Do not use alloca in clntudp_call
    [BZ #20112]), ancillary data is stored on the heap,
    but it is accessed after it has been freed.
    
    The test case must be run under a heap debugger such as valgrind
    to observe the invalid access.  A malloc implementation which
    immediately calls munmap on free would catch this bug as well.

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog              |    8 ++++++
 sunrpc/Makefile        |    3 +-
 sunrpc/clnt_udp.c      |    2 +-
 sunrpc/tst-udp-error.c |   62 ++++++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 73 insertions(+), 2 deletions(-)
 create mode 100644 sunrpc/tst-udp-error.c
Comment 2 Florian Weimer 2017-02-27 18:42:32 UTC
Fixed in 2.26.
Comment 3 Sourceware Commits 2017-02-28 16:35:41 UTC
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, release/2.25/master has been updated
       via  045e368799cd253ddbf8bdec42ed92e8ebb3ce67 (commit)
      from  58520986c38e34db60e07260c64c563e3efcf353 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=045e368799cd253ddbf8bdec42ed92e8ebb3ce67

commit 045e368799cd253ddbf8bdec42ed92e8ebb3ce67
Author: Florian Weimer <fweimer@redhat.com>
Date:   Tue Feb 28 17:05:46 2017 +0100

    sunrpc: Avoid use-after-free read access in clntudp_call [BZ #21115]
    
    After commit bc779a1a5b3035133024b21e2f339fe4219fb11c
    (CVE-2016-4429: sunrpc: Do not use alloca in clntudp_call
    [BZ #20112]), ancillary data is stored on the heap,
    but it is accessed after it has been freed.
    
    The test case must be run under a heap debugger such as valgrind
    to observe the invalid access.  A malloc implementation which
    immediately calls munmap on free would catch this bug as well.
    
    (cherry picked from commit d42eed4a044e5e10dfb885cf9891c2518a72a491)

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog              |    8 ++++++
 NEWS                   |    1 +
 sunrpc/Makefile        |    3 +-
 sunrpc/clnt_udp.c      |    2 +-
 sunrpc/tst-udp-error.c |   62 ++++++++++++++++++++++++++++++++++++++++++++++++
 5 files changed, 74 insertions(+), 2 deletions(-)
 create mode 100644 sunrpc/tst-udp-error.c
Comment 4 Sourceware Commits 2017-03-15 23:54:18 UTC
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, gentoo/2.25 has been updated
       via  55df1000167b0143106e063f23159515d0c9c61c (commit)
      from  0232af1ad6cbd8378025e804f535ce9449ad49de (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=55df1000167b0143106e063f23159515d0c9c61c

commit 55df1000167b0143106e063f23159515d0c9c61c
Author: Florian Weimer <fweimer@redhat.com>
Date:   Tue Feb 28 17:05:46 2017 +0100

    sunrpc: Avoid use-after-free read access in clntudp_call [BZ #21115]
    
    After commit bc779a1a5b3035133024b21e2f339fe4219fb11c
    (CVE-2016-4429: sunrpc: Do not use alloca in clntudp_call
    [BZ #20112]), ancillary data is stored on the heap,
    but it is accessed after it has been freed.
    
    The test case must be run under a heap debugger such as valgrind
    to observe the invalid access.  A malloc implementation which
    immediately calls munmap on free would catch this bug as well.
    
    (cherry picked from commit d42eed4a044e5e10dfb885cf9891c2518a72a491)
    (cherry picked from commit 045e368799cd253ddbf8bdec42ed92e8ebb3ce67)

-----------------------------------------------------------------------

Summary of changes:
 sunrpc/Makefile        |    3 +-
 sunrpc/clnt_udp.c      |    2 +-
 sunrpc/tst-udp-error.c |   62 ++++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 65 insertions(+), 2 deletions(-)
 create mode 100644 sunrpc/tst-udp-error.c
Comment 5 Sourceware Commits 2017-08-02 13:56:57 UTC
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The annotated tag, glibc-2.26 has been created
        at  ef82e26a1d7247c6b0b85e27880113a7690af64d (tag)
   tagging  1c9a5c270d8b66f30dcfaf1cb2d6cf39d3e18369 (commit)
  replaces  glibc-2.25
 tagged by  Siddhesh Poyarekar
        on  Wed Aug 2 19:12:20 2017 +0530

- Log -----------------------------------------------------------------
FROM: Siddhesh Poyarekar <siddhesh@sourceware.org>
SUBJECT: The GNU C Library version 2.26 is now available

The GNU C Library
=================

The GNU C Library version 2.26 is now available.

The GNU C Library is used as *the* C library in the GNU system and
in GNU/Linux systems, as well as many other systems that use Linux
as the kernel.

The GNU C Library is primarily designed to be a portable
and high performance C library.  It follows all relevant
standards including ISO C11 and POSIX.1-2008.  It is also
internationalized and has one of the most complete
internationalization interfaces known.

The GNU C Library webpage is at http://www.gnu.org/software/libc/

Packages for the 2.26 release may be downloaded from:
        http://ftpmirror.gnu.org/libc/
        http://ftp.gnu.org/gnu/libc/

The mirror list is at http://www.gnu.org/order/ftp.html

NEWS for version 2.26
=====================

Major new features:

* A per-thread cache has been added to malloc. Access to the cache requires
  no locks and therefore significantly accelerates the fast path to allocate
  and free small amounts of memory. Refilling an empty cache requires locking
  the underlying arena. Performance measurements show significant gains in a
  wide variety of user workloads. Workloads were captured using a special
  instrumented malloc and analyzed with a malloc simulator. Contributed by
  DJ Delorie with the help of Florian Weimer, and Carlos O'Donell.

* Unicode 10.0.0 Support: Character encoding, character type info, and
  transliteration tables are all updated to Unicode 10.0.0, using
  generator scripts contributed by Mike FABIAN (Red Hat).
  These updates cause user visible changes, especially the changes in
  wcwidth for many emoji characters cause problems when emoji sequences
  are rendered with pango, see for example:
  https://bugzilla.gnome.org/show_bug.cgi?id=780669#c5

* Collation of Hungarian has been overhauled and is now consistent with "The
  Rules of Hungarian Orthography, 12th edition" (Bug 18934).  Contributed by
  Egmont Koblinger.

* Improvements to the DNS stub resolver, contributed by Florian Weimer:

  - The GNU C Library will now detect when /etc/resolv.conf has been
    modified and reload the changed configuration.  The new resolver option
    “no-reload” (RES_NORELOAD) disables this behavior.

  - The GNU C Library now supports an arbitrary number of search domains
    (configured using the “search” directive in /etc/resolv.conf);
    previously, there was a hard limit of six domains.  For backward
    compatibility, applications that directly modify the ‘_res’ global
    object are still limited to six search domains.

  - When the “rotate” (RES_ROTATE) resolver option is active, the GNU C
    Library will now randomly pick a name server from the configuration as a
    starting point.  (Previously, the second name server was always used.)

* The tunables feature is now enabled by default.  This allows users to tweak
  behavior of the GNU C Library using the GLIBC_TUNABLES environment variable.

* New function reallocarray, which resizes an allocated block (like realloc)
  to the product of two sizes, with a guaranteed clean failure upon integer
  overflow in the multiplication.  Originally from OpenBSD, contributed by
  Dennis Wölfing and Rüdiger Sonderfeld.

* New wrappers for the Linux-specific system calls preadv2 and pwritev2.
  These are extended versions of preadv and pwritev, respectively, taking an
  additional flags argument.  The set of supported flags depends on the
  running kernel; full support currently requires kernel 4.7 or later.

* posix_spawnattr_setflags now supports the flag POSIX_SPAWN_SETSID, to
  create a new session ID for the spawned process.  This feature is
  scheduled to be added to the next major revision of POSIX; for the time
  being, it is available under _GNU_SOURCE.

* errno.h is now safe to use from C-preprocessed assembly language on all
  supported operating systems.  In this context, it will only define the
  Exxxx constants, as preprocessor macros expanding to integer literals.

* On ia64, powerpc64le, x86-32, and x86-64, the math library now implements
  128-bit floating point as defined by ISO/IEC/IEEE 60559:2011 (IEEE
  754-2008) and ISO/IEC TS 18661-3:2015.  Contributed by Paul E. Murphy,
  Gabriel F. T. Gomes, Tulio Magno Quites Machado Filho, and Joseph Myers.

  To compile programs that use this feature, the compiler must support
  128-bit floating point with the type name _Float128 (as defined by TS
  18661-3) or __float128 (the nonstandard name used by GCC for C++, and for
  C prior to version 7).  _GNU_SOURCE or __STDC_WANT_IEC_60559_TYPES_EXT__
  must be defined to make the new interfaces visible.

  The new functions and macros correspond to those present for other
  floating-point types (except for a few obsolescent interfaces not
  supported for the new type), with F128 or f128 suffixes; for example,
  strtof128, HUGE_VAL_F128 and cosf128.  Following TS 18661-3, there are no
  printf or scanf formats for the new type; the strfromf128 and strtof128
  interfaces should be used instead.

Deprecated and removed features, and other changes affecting compatibility:

* The synchronization that pthread_spin_unlock performs has been changed to
  now be equivalent to a C11 atomic store with release memory order to the
  spin lock's memory location.  Previously, several (but not all)
  architectures used stronger synchronization (e.g., containing what is
  often called a full barrier).  This change can improve performance, but
  may affect odd fringe uses of spin locks that depend on the previous
  behavior (e.g., using spin locks as atomic variables to try to implement
  Dekker's mutual exclusion algorithm).

* The port to Native Client running on ARMv7-A (--host=arm-nacl) has been
  removed.

* Sun RPC is deprecated.  The rpcgen program, librpcsvc, and Sun RPC headers
  will only be built and installed when the GNU C Library is configured with
  --enable-obsolete-rpc.  This allows alternative RPC implementations, such
  as TIRPC or rpcsvc-proto, to be used.

* The NIS(+) name service modules, libnss_nis, libnss_nisplus, and
  libnss_compat, are deprecated, and will not be built or installed by
  default.

  The NIS(+) support library, libnsl, is also deprecated.  By default, a
  compatibility shared library will be built and installed, but not headers
  or development libraries. Only a few NIS-related programs require this
  library.  (In particular, the GNU C Library has never required programs
  that use 'gethostbyname' to be linked with libnsl.)

  Replacement implementations based on TIRPC, which additionally support
  IPv6, are available from <https://github.com/thkukuk/>.  The configure
  option --enable-obsolete-nsl will cause libnsl's headers, and the NIS(+)
  name service modules, to be built and installed.

* The DNS stub resolver no longer performs EDNS fallback.  If EDNS or DNSSEC
  support is enabled, the configured recursive resolver must support EDNS.
  (Responding to EDNS-enabled queries with responses which are not
  EDNS-enabled is fine, but FORMERR responses are not.)

* res_mkquery and res_nmkquery no longer support the IQUERY opcode.  DNS
  servers have not supported this opcode for a long time.

* The _res_opcodes variable has been removed from libresolv.  It had been
  exported by accident.

* <string.h> no longer includes inline versions of any string functions,
  as this kind of optimization is better done by the compiler.  The macros
  __USE_STRING_INLINES and __NO_STRING_INLINES no longer have any effect.

* The nonstandard header <xlocale.h> has been removed.  Most programs should
  use <locale.h> instead.  If you have a specific need for the definition of
  locale_t with no other declarations, please contact
  libc-alpha@sourceware.org and explain.

* The obsolete header <sys/ultrasound.h> has been removed.

* The obsolete signal constant SIGUNUSED is no longer defined by <signal.h>.

* The obsolete function cfree has been removed.  Applications should use
  free instead.

* The stack_t type no longer has the name struct sigaltstack.  This changes
  the C++ name mangling for interfaces involving this type.

* The ucontext_t type no longer has the name struct ucontext.  This changes
  the C++ name mangling for interfaces involving this type.

* On M68k GNU/Linux and MIPS GNU/Linux, the fpregset_t type no longer has
  the name struct fpregset.  On Nios II GNU/Linux, the mcontext_t type no
  longer has the name struct mcontext.  On SPARC GNU/Linux, the struct
  mc_fq, struct rwindow, struct fpq and struct fq types are no longer
  defined in sys/ucontext.h, the mc_fpu_t type no longer has the name struct
  mc_fpu, the gwindows_t type no longer has the name struct gwindows and the
  fpregset_t type no longer has the name struct fpu.  This changes the C++
  name mangling for interfaces involving those types.

* On S/390 GNU/Linux, the constants defined by <sys/ptrace.h> have been
  synced with the kernel:

    - PTRACE_GETREGS, PTRACE_SETREGS, PTRACE_GETFPREGS and PTRACE_SETFPREGS
      are not supported on this architecture and have been removed.

    - PTRACE_SINGLEBLOCK, PTRACE_SECCOMP_GET_FILTER, PTRACE_PEEKUSR_AREA,
      PTRACE_POKEUSR_AREA, PTRACE_GET_LAST_BREAK, PTRACE_ENABLE_TE,
      PTRACE_DISABLE_TE and PTRACE_TE_ABORT_RAND have been added.

  Programs that assume the GET/SETREGS ptrace requests are universally
  available will now fail to build, instead of malfunctioning at runtime.

Changes to build and runtime requirements:

* Linux kernel 3.2 or later is required at runtime, on all architectures
  supported by that kernel.  (This is a change from version 2.25 only for
  x86-32 and x86-64.)

* GNU Binutils 2.25 or later is now required to build the GNU C Library.

* On most architectures, GCC 4.9 or later is required to build the GNU C
  Library.  On powerpc64le, GCC 6.2 or later is required.

  Older GCC versions and non-GNU compilers are still supported when
  compiling programs that use the GNU C Library.  (We do not know exactly
  how old, and some GNU extensions to C may be _de facto_ required.  If you
  are interested in helping us make this statement less vague, please
  contact libc-alpha@sourceware.org.)

Security related changes:

* The DNS stub resolver limits the advertised UDP buffer size to 1200 bytes,
  to avoid fragmentation-based spoofing attacks (CVE-2017-12132).

* LD_LIBRARY_PATH is now ignored in binaries running in privileged AT_SECURE
  mode to guard against local privilege escalation attacks (CVE-2017-1000366).

* Avoid printing a backtrace from the __stack_chk_fail function since it is
  called on a corrupt stack and a backtrace is unreliable on a corrupt stack
  (CVE-2010-3192).

* A use-after-free vulnerability in clntudp_call in the Sun RPC system has been
  fixed (CVE-2017-12133).

Contributors
============

This release was made possible by the contributions of many people.
The maintainers are grateful to everyone who has contributed
changes or bug reports.  These include:

Adhemerval Zanella
Akhilesh Kumar
Alan Modra
Alexey Neyman
Andreas Schwab
Arjun Shankar
Benjamin Cama
Carlos O'Donell
Chris Leonard
Christian Borntraeger
Christian Brauner
Christopher Chittleborough
Chung-Lin Tang
DJ Delorie
Dennis Wölfing
Dmitry Bilunov
Dmitry V. Levin
Egmont Koblinger
Eyolf Østrem
Florian Weimer
Gabriel F. T. Gomes
Gordana Cmiljanovic
H.J. Lu
Ihar Hrachyshka
Ivo Raisr
Jiong Wang
John David Anglin
Joseph Myers
Justus Winter
Kir Kolyshkin
Marko Myllynen
Massimeddu Cireddu
Matthew Krupcale
Mike FABIAN
Mike Frysinger
Mousa Moradi
Nathan Rossi
Paul Clarke
Paul E. Murphy
Paul Eggert
Peng Wu
Phil Blundell
Prakhar Bahuguna
Rabin Vincent
Rafal Luzynski
Rajalakshmi Srinivasaraghavan
Rical Jasan
Rogerio A. Cardoso
Samuel Thibault
Santhosh Thottingal
Siddhesh Poyarekar
Slava Barinov
Stefan Liebler
Steve Ellcey
Sunyeop Lee
Szabolcs Nagy
Thorsten Kukuk
Tulio Magno Quites Machado Filho
Uros Bizjak
Vladimir Mezentsev
Wainer dos Santos Moschetta
Wilco Dijkstra
Wladimir J. van der Laan
Yury Norov
Zack Weinberg
-----BEGIN PGP SIGNATURE-----

iQEcBAABAgAGBQJZgddcAAoJEHnEPfvxzyGH+WAH/3R1K41WWcqSDxX/fgbDzK53
Rgf2QlO0tgJdprRKodeMEDfEfLxhbyAO/aREiTcy7Jeg9zHpcdJgX5H0hax4MYGW
e9ibTSXlxOPhVBrj3cBF+Y2HcqIen0iLFFI9afpstTPitQKgOLLOfjZVs8RKsAUQ
m8FMfWNXZJmexqFnY9b0gukZEUvou5Fq61jXZH6P99MQfovR6/xBbuCUTkWK+Xjy
JmQ8sz69aoTyPlNJNWlg7lFuLTqRzywYDo4Xf6jL+9tVoaTSaKhil3Ld23gekXFE
TzRXo4xeihMjAxhS43BqaSttbcEV0ha0GVGiVqVZWiM+89wQRzj1UAlxa8Wyhlk=
=Myq/
-----END PGP SIGNATURE-----

Adhemerval Zanella (81):
      Consolidate arm and mips posix_fadvise implementations
      Remove i686, x86_64, and powerpc strtok implementations
      nptl: Remove COLORING_INCREMENT
      aarch64: fix errno address calculation in SYSCALL_ERROR_HANDLER
      Rework -fno-omit-frame-pointer support on i386
      hppa: set __IPC_64 as zero for SysV IPC calls
      Consolidate Linux accept implementation
      Consolidate Linux connect implementation
      Consolidate Linux recvfrom implementation
      Consolidate Linux recv implementation
      Consolidate Linux sendto implementation
      Consolidate Linux send implementation
      build-many-glibcs: Remove no_isolate from SH config
      Fix missing posix_fadvise64 mips64 static build (BZ #21232)
      Fix test-errno issues
      Consolidate set* Linux implementation
      Fix i686 memchr overflow calculation (BZ#21182)
      Fix more test-errno issues
      Remove __ASSUME_REQUEUE_PI
      Remove CALL_THREAD_FCT macro
      Build divdi3 only for architecture that required it
      sparc: Fix .udiv plt on libc
      Consolidate pthreadtype.h placementConsolidate pthreadtype.h placement
      posix: Add cleanup on the trap list for globtest.sh
      Consolidate Linux mmap implementation (BZ#21270)
      Fix missing timespec definition for sys/stat.h (BZ #21371)
      [BZ 21340] add support for POSIX_SPAWN_SETSID
      posix: Remove ununsed posix_spawn internal assignment
      posix: Using libsupport for p{write,read}v tests
      nptl: Using libsupport for tst-cancel4*
      posix: Fix internal p{read,write} plt usage
      Consolidate Linux poll implementation
      Consolidate Linux select implementation
      Consolidate Linux epoll_wait syscall
      manual: Add preadv and pwritev documentation
      Move shared pthread definitions to common headers
      Remove wrong definitions from pthread header refactor
      Consolidate Linux close syscall generation
      Consolidate Linux open implementation
      Consolidate Linux creat implementation
      Consolidate Linux read syscall
      Consolidate Linux write syscall
      Consolidate Linux readv implementation
      Consolidate Linux writev implementation
      powerpc: Fix signal handling in backtrace
      posix: Fix and simplify default p{read,write}v implementation
      posix: Consolidate Linux pause syscall
      posix: Consolidate Linux waitpid syscall
      posix: Consolidate Linux nanosleep syscall
      linux: Consolidate Linux tee implementation
      posix: Consolidate Linux sigsuspend implementation
      posix: Consolidate Linux msync syscall
      posix: Consolidate Linux fdatasync syscall
      posix: Consolidate Linux fsync syscall
      linux: Consolidate Linux vmsplice syscall
      linux: Consolidate Linux splice syscall
      linux: Consolidate Linux open_by_handle_at syscall
      posix: Consolidate Linux mq_timedreceive syscall
      posix: Consolidate Linux mq_timedsend syscall
      Fix makefile rules for vmsplice, splice, and open_by_handle_at
      libio: Avoid dup already opened file descriptor [BZ#21393]
      posix: Implement preadv2 and pwritev2
      posix: Add missing build flags for p{write,read}v2
      nptl: Invert the mmap/mprotect logic on allocated stacks (BZ#18988)
      support: Add optstring support
      linux: Consolidate sync_file_range implementation
      Fix gen-tunables.awk to work with older awk
      Consolidate Linux openat implementation
      posix: Add invalid flags test for p{write,read}v2
      Clean pthread functions namespaces for C11 threads
      Call exit directly in clone (BZ #21512)
      posix: Adapt tst-spawn{2,3} to use libsupport.
      posix: Improve default posix_spawn implementation
      Consolidate Linux fcntl implementation
      posix: Fix default posix_spawn return value
      posix: Add p{read,write}v2 RWF_NOWAIT flag (BZ#21738)
      hppa: Fix clone exit syscall argument passing (BZ#21512)
      alpha: Fix clone exit syscall argument passing (BZ#21512)
      Update sparc ulps
      tunables: Use direct syscall for access (BZ#21744)
      Update Alpha libm-test-ulps

Akhilesh Kumar (42):
      For Breton yesstr/nostr locale are missing
      Added Tok-Pisin locale.
      Pashto yesstr/nostr locale are missing
      Incorrect Full Weekday names for ks_IN@devanagari
      yesstr/nostr missing for Xhosa language locale
      Fix LC_NAME for hi_IN
      Added  missing yesstr and nostr for Tsonga language locale [LC_MESSAGES]
      Added yesstr/nostr for kw_GB
      Fix abday strings for ks_IN@devanagari to match the day strings
      Added yesstr and nostr to zh_HK locale
      Fix abday for ar_SA
      Fixed abday for ar_JO/ar_LB/ar_SY
      Added Samoan language locale for Samoa
      Added Fiji Hindi language locale for Fiji
      Added yesstr/nostr for nds_DE and nds_NL
      Added yesstr and nostr for Tigrinya
      Fix LC_MESSAGES and LC_ADDRESS for anp_IN
      Added yesstr/nostr and fix yesexpr for pap_AW and pap_CW
      Added Tongan language locale for Tonga
      Added yesstr and nostr for aa_ET
      New locale for bi_VU
      Fix country_name in li_NL
      Fix or add int_select international_call_prefixes
      Fix consistency in country_isbn in various locales and add comment to country_num in nr_ZA
      Fix country_post "Country Postal Abbreviations"
      Fix int_select international_call_prefixes
      Added int_select international_call_prefixes
      Add country_name and country_post, and country_isbn for pap_AW and pap_CW
      Add/Fix country_isbn for France
      Added country_isbn for Italy
      Added country_isbn for Republic of Korea
      Added country_name in mai_IN
      Fix LC_TIME for mai_IN
      Added yesstr/nostr for sa_IN
      Fix name_mrs for mag_IN
      Fix inconsistency in country_isbn and missing prefixes
      Remove redundant data for LC_MONETARY for Indian locales
      Removed redundant data for the_NP locale
      Added New Locale mai_NP
      Fix Latin characters and month sequence in mai_IN
      Fix wrong monetary system used in ta_LK locale
      Fix country name in title of mai_NP locale

Alan Modra (6):
      PowerPC64, fix calls to _mcount
      PowerPC64 FRAME_PARM_SAVE
      PowerPC64 sysdep.h tidy
      PowerPC64 strncpy, stpncpy and strstr fixes
      PowerPC64 ENTRY_TOCLESS
      PowerPC64 ELFv2 PPC64_OPT_LOCALENTRY

Alexey Neyman (3):
      sh: Fix building with gcc5/6
      Fix combreloc test with BSD grep
      Fix build with --enable-static-nss [BZ #21088]

Andreas Schwab (7):
      Refer to <signal.h> instead of <pthread.h> in <bits/sigthread.h>
      Remove _dl_platform_string
      Use test-driver in ntpl/tst-fork1.c
      m68k: handle default PIE
      Use test-driver in nptl/tst-fork3.c
      build-many-glibcs.py: also build profiled objects
      Remove extra semicolons in struct pthread_mutex (bug 21804)

Arjun Shankar (2):
      Use test-driver in sysdeps/unix/sysv/linux/tst-clone2.c
      Remove check for NULL buffer passed to `ptsname_r'

Benjamin Cama (1):
      inet: __inet6_scopeid_pton should accept node-local addresses [BZ #21657]

Carlos O'Donell (6):
      Bug 20116: Clarify behaviour of PD->lock.
      Bug 20686: Add el_GR@euro support.
      vfprintf.c: Refactor magic number 32 into EXTSIZ.
      Fixup localedata/ChangeLog.
      rwlock: Fix explicit hand-over (bug 21298)
      mutex: Fix robust mutex lock acquire (Bug 21778)

Chris Leonard (1):
      New locale for agr_PE.

Christian Borntraeger (1):
      s390: optimize syscall function

Christian Brauner (1):
      linux ttyname and ttyname_r: do not return wrong results

Christopher Chittleborough (1):
      Bug 21399: Fix CP1254 comment for U+00EC

Chung-Lin Tang (1):
      Update Nios II ULPs file.

DJ Delorie (9):
      Further harden glibc malloc metadata against 1-byte overflows.
      Tweak realloc/MREMAP comment to be more accurate.
      Add MAINTAINERS
      Add per-thread cache to malloc
      * manual/tunables.texi: Add missing @end deftp.
      Fix BZ #21654 - grp-merge.c alignment
      Extend NSS test suite
      Fix cast-after-dereference
      Correct nss/tst-nss-test5 configuration

Dennis Wölfing (1):
      Add reallocarray function

Dmitry Bilunov (1):
      getaddrinfo: Merge IPv6 addresses and IPv4 addresses [BZ #21295]

Dmitry V. Levin (2):
      Check for __mprotect failure in _dl_map_segments [BZ #20831]
      S390: fix sys/ptrace.h to make it includible again after asm/ptrace.h

Egmont Koblinger (1):
      localedata: hu_HU: fix multiple sorting bugs (bug 18934)

Eyolf Østrem (1):
      localedata: da_DK: set date_fmt [BZ #17297]

Florian Weimer (116):
      sunrpc: Avoid use-after-free read access in clntudp_call [BZ #21115]
      sunrpc: Do not unregister services if not registered [BZ #5010]
      sunrpc: Improvements for UDP client timeout handling [BZ #20257]
      Add scripts/backport-support.sh
      Document and fix --enable-bind-now [BZ #21015]
      Remove header file inclusion guard from elf/get-dynamic-info.h
      tzset: Remove __attribute_noinline__ from compute_offset
      tzset: Remove unused NOID macro
      timezone: Remove TZNAME_MAX limit from sysconf [BZ #15576]
      tzset: Clean up preprocessor macros min, max, sign
      Fix auto-merge issue in ChangeLog
      support_format_dns_packet: Fix CNAME and multiple RR handling
      support: Add error checking to close system calls [BZ #21244]
      support: Explain ignored failures of temporary file removal [BZ #21243]
      resolv: Add test coverage for ns_name_unpack, ns_name_ntop
      nss_dns: Remove superfluous dn_expand call from network handling
      nss_dns: Replace local declarations with declarations from a header file
      resolv: Add tst-resolv-canonname
      resolv: Remove IQUERY support
      manual: readdir, readdir64 are thread-safe
      resolv: Remove internal and unused definitions from <resolv.h>
      resolv: Support an exactly sized buffer in ns_name_pack [BZ #21359]
      resolv: Reduce EDNS payload size to 1200 bytes [BZ #21361]
      resolv: Remove EDNS fallback [BZ #21369]
      Assume that O_NOFOLLOW is always defined
      malloc: Turn cfree into a compatibility symbol
      Assume that pipe2 is always available
      Assume that dup3 is available
      Assume that O_CLOEXEC is always defined and works
      Assume that accept4 is always available and works
      Create more sockets with SOCK_CLOEXEC [BZ #15722]
      resolv: Replace __builtin_expect with __glibc_unlikely/__glibc_likely
      rcmd/rexec: Fix typo in comment
      nss_dns: Correct parentheses for the __glibc_unlikely argument
      manual: Document replacing malloc [BZ #20424]
      Remove <sys/ultrasound.h>
      support: Delete temporary files in LIFO order
      support: Prevent multiple deletion of temporary files
      resolv: Use RES_DFLRETRY consistently [BZ #21474]
      getaddrinfo: Unconditionally use malloc for address list
      support_format_addrinfo: Fix flags and canonname formatting
      inet_pton: Reformat in GNU style
      fork: Remove bogus parent PID assertions [BZ #21386]
      Add internal facility for dynamic array handling
      getaddrinfo: Always allocate canonical name on the heap
      resolv: Tests for various versions of res_init
      getaddrinfo: Fix localplt failure involving strdup
      getaddrinfo: Eliminate another strdup call
      support: Expose TEST_VERIFY_EXIT behavior to GCC optimizers
      malloc: Remove tst-dynarray, tst-dynarray-fail from test-srcs
      dynarray: Implement begin/end functions in the spirit of C++
      configure: Suppress expected compiler error message
      i686: Add missing IS_IN (libc) guards to vectorized strcspn
      dynarray: Use libc_hidden_proto only for !_ISOMAC
      resolv: Make __res_vinit hidden
      resolv: Move res_randomid to its own file
      resolv: Move _res deallocation functions to their own file
      resolv: Remove DEBUG preprocessor conditionals from res_setoptions
      resolv: Introduce is_sort_mask and call it from res_vinit
      resolv: Reformat res_vinit and related functions to GNU style
      resolv: Report allocation errors in __res_vinit
      resolv: Use getline for configuration file reading in res_vinit_1
      CVE-2017-1000366: Ignore LD_LIBRARY_PATH for AT_SECURE=1 programs [BZ #21624]
      ld.so: Reject overly long LD_PRELOAD path elements
      ld.so: Reject overly long LD_AUDIT path elements
      DCIGETTEXT: Do not make copy of localename
      inet: Add IPv6 getaddrinfo coverage to tst-inet6_scopeid_pton.c
      __inet_pton_length: Implement new internal helper function
      getaddrinfo: Avoid stack copy of IPv6 address
      DCIGETTEXT: Use getcwd, asprintf to construct absolute pathname
      Implement allocation buffers for internal use
      _nl_load_domain: Use calloc instead of alloca
      x86-64: memcmp-avx2-movbe.S needs saturating subtraction [BZ #21662]
      resolv: Clean up declarations of the __res_initstamp variable
      resolv/res_libc.c: Reformat to GNU style
      x86-64: Fix comment typo in memcmp-avx2-movbe.S
      inet_pton: Reject IPv6 addresses with many leading zeros [BZ #16637]
      resolv/tst-resolv-basic: Add test cases for bug 21295
      resolv: Call _res_hconf_init from __res_vinit
      resolv: Avoid timeouts in test-resolv-res-init, test-resolv-res_init-thread
      vfprintf: Add test case for user-defined types and format specifiers
      vfprintf: Add test case for multi-byte/wide strings and precision
      vfprintf: Reduce WORK_BUFFER_SIZE for wchar_t builds
      _i18n_number_rewrite: Use struct scratch_buffer
      vfprintf: Use struct scratch_buffer for positional arguments allocation
      vfprintf: Reuse work_buffer in group_number
      vfprintf: Fix tst-vfprintf-mbs-prec and tst-vfprintf-user-type
      resolv: Make RES_ROTATE start with a random name server [BZ #19570]
      support: Report actual exit status in support_capture_subprocess_check
      resolv: Remove DEBUG macro from resolv/res_mkquery.c
      resolv: Reformat resolv/res_mkquery.c to GNU style
      resolv: Move the res_mkquery function to the resolv/mk_query.c file
      resolv: Remove DEBUG from resolv/res_send.c
      resolv: Remove unused resolv/res_debug.h header file
      resolv: Move fp_nquery, fp_query, p_query, _res_opcodes
      resolv: Turn _res_opcodes into a compatibility symbol
      resolv: Move res_isourserver, res_send from res_data.c to res_send.c
      resolv: Move res_query, res_search res_querydomain, hostalias
      resolv: Reformat resolv/res_data.c to GNU style
      resolv: Remove DEBUG from resolv/res_query.c
      resolv: Remove source argument fron res_options
      resolv: Improve debugging output from tst-resolv-res_init
      resolv: Add preinit tests to resolv/tst-resolv-res_init-skeleton.c
      resolv: Introduce struct resolv_context [BZ #21668]
      resolv: Introduce struct resolv_conf with extended resolver state
      resolv: Lift domain search list limits [BZ #19569] [BZ #21475]
      resolv: Mirror the entire resolver configuration in struct resolv_conf
      resolv: Automatically reload a changed /etc/resolv.conf file [BZ #984]
      resolv: Introduce free list for resolv_conf index slosts
      resolv: Fix improper assert in __resolv_conf_attach
      resolv: Fix resolv_conf _res matching
      sysconf: Use conservative default for _SC_NPROCESSORS_ONLN [BZ #21542]
      support: Check isolation of loopback addresses in tst-support-namespace
      support: Add support_chroot_create and support_chroot_free
      support: Add resolver testing mode which does not patch _res
      resolv: Deal with non-deterministic address order in tst-resolv-basic

Gabriel F. T. Gomes (35):
      Move w_lgamma_r to libm-compat-calls-auto
      Move w_lgamma to libm-compat-calls-auto
      Move w_exp to libm-compat-call-auto
      Merge libm-compat-calls-auto and libm-compat-calls
      ldbl-128: Fix y0 and y1 for -Inf input [BZ #21130]
      Fix y0 and y1 exception handling for zero input [BZ #21134]
      Add new templates for IEEE wrappers
      Use internal __feraiseexcept in __iseqsig
      Split helper classification macros from mathcalls.h
      Macroize inclusion of math-finite.h
      Change return type in the declaration of __ieee754_rem_pio2l
      Fix condition for inclusion of math-finite.h for long double
      Remove unneeded declarations from math_private.h
      Macroize function declarations in math_private.h
      float128: Include math-finite.h for _Float128
      float128: Enable use of IEEE wrapper templates
      Convert e_exp2l.c into a template
      float128: Extend __MATH_TG for float128 support
      Include sys/param.h in stdlib/gmp-impl.h instead of redefining MAX/MIN
      float128: Add conversion from float128 to mpn
      Remove duplicated code from __printf_fp_l, __printf_fphex, and __printf_size
      Refactor PRINT_FPHEX_LONG_DOUBLE into a reusable macro
      float128: Add strfromf128
      float128: Add strfromf128, strtof128, and wcstof128 to the manual
      Allow macros prefixed with FLT128 in include/float.h
      Provide an additional macro expansion for F128 in stdlib/tst-strtod.h
      Describe remainder as primary and drem as alternative in the manual
      Include libc-header-start.h in include/float.h
      Prepare the manual to display math errors for float128 functions
      Add libio-mtsafe flags to the build of strfromf128
      Document _FloatN and _FloatNx versions of math functions
      powerpc64le: Check for compiler features for float128
      powerpc64le: Require at least POWER8 for powerpc64le
      float128: Add signbit alternative for old compilers
      powerpc64le: Iterate over all object suffixes when appending -mfloat128

Gordana Cmiljanovic (1):
      mips: Fix store/load gp registers to/from ucontext_t

H.J. Lu (68):
      x86-64: Verify that _dl_runtime_resolve preserves vector registers
      Use index_cpu_RTM and reg_RTM to clear the bit_cpu_RTM bit
      Use CPU_FEATURES_CPU_P to check if AVX is available
      x86-64: Improve branch predication in _dl_runtime_resolve_avx512_opt [BZ #21258]
      Define TEST_FUNCTION_ARGV in elf/tst-dlopen-aout.c
      Check if SSE is available with HAS_CPU_FEATURE
      Add sysdeps/x86/dl-procinfo.c
      x86: Set Prefer_No_VZEROUPPER if AVX512ER is available
      x86: Use AVX2 memcpy/memset on Skylake server [BZ #21396]
      x86: Set dl_platform and dl_hwcap from CPU features [BZ #21391]
      Correct comments in x86_64/multiarch/memcmp.S
      x86: Optimize SSE2 memchr overflow calculation
      x86_64: Remove L(return_null) from rawmemchr.S
      x86: Use __get_cpu_features to get cpu_features
      x86: Don't include cacheinfo.c in ld.so
      Support dl-tunables.list in subdirectories
      Make __tunables_init hidden and avoid PLT
      Add memchr tests for n == 0
      x86_64: Remove redundant REX bytes from memchr.S
      x86: Update __x86_shared_non_temporal_threshold
      benchtests: Add more tests for memrchr
      x86-64: Update LO_HI_LONG for p{readv,writev}{64}v2
      x86_64: Remove redundant REX bytes from memrchr.S
      x86-64: Update strlen.S to support wcslen/wcsnlen
      x86: Add macros to implement ifunce selection in C
      x86-64: Optimize wmemset with SSE2/AVX2/AVX512
      x86-64: Optimize memcmp/wmemcmp with AVX2 and MOVBE
      x86: Don't use dl_x86_cpu_features in cacheinfo.c
      x86-64: Move wcsnlen.S to multiarch/wcsnlen-sse4_1.S
      x86-64: Fold ifunc-sse4_1.h into wcsnlen.c
      x86-64: Rename wmemset.h to ifunc-wmemset.h
      Add more tests for memchr
      ld.so: Consolidate 2 strtouls into _dl_strtoul [BZ #21528]
      x86-64: Optimize memchr/rawmemchr/wmemchr with SSE2/AVX2
      x86-64: Optimize strlen/strnlen/wcslen/wcsnlen with AVX2
      x86-64: Optimize strchr/strchrnul/wcschr with AVX2
      x86-64: Optimize memrchr with AVX2
      x86-64: Optimize strrchr/wcsrchr with AVX2
      x86-64: Correct comments in ifunc-impl-list.c
      x86-64: Implement strcpy family IFUNC selectors in C
      Make copy of <bits/std_abs.h> from GCC 7 [BZ #21573]
      x86-64: Implement memmove family IFUNC selectors in C
      x86-64: Implement memset family IFUNC selectors in C
      x86-64: Implement memcmp family IFUNC selectors in C
      x86-64: Implement strcat family IFUNC selectors in C
      x86-64: Implement wcscpy IFUNC selector in C
      x86-64: Implement strcspn/strpbrk/strspn IFUNC selectors in C
      Remove _dl_out_of_memory from elf/Versions
      tunables: Add IFUNC selection and cache sizes
      Move x86 specific tunables to x86/dl-tunables.list
      x86: Rename glibc.tune.ifunc to glibc.tune.hwcaps
      x86-64: Implement strcmp family IFUNC selectors in C
      x86-64: Optimize L(between_2_3) in memcmp-avx2-movbe.S
      Avoid .symver on common symbols [BZ #21666]
      x86-64: Optimize memcmp-avx2-movbe.S for short difference
      Support building glibc with gold 1.14 or above [BZ #14995]
      i386: Increase MALLOC_ALIGNMENT to 16 [BZ #21120]
      Use __builtin_popcount in __sched_cpucount [BZ #21696]
      x86-64: Align the stack in __tls_get_addr [BZ #21609]
      x86-64: Update comments in ifunc-impl-list.c
      x86-64: Update comments in IFUNC selectors
      x86-64: Test memmove_chk and memset_chk only in libc.so [BZ #21741]
      Don't include _dl_resolve_conflicts in libc.a [BZ #21742]
      Avoid backtrace from __stack_chk_fail [BZ #12189]
      Compile tst-ssp-1.c with -fstack-protector-all
      Don't add stack_chk_fail_local.o to libc.a [BZ #21740]
      i386: Test memmove_chk and memset_chk only in libc.so [BZ #21741]
      Avoid accessing corrupted stack from __stack_chk_fail [BZ #21752]

Ihar Hrachyshka (1):
      Improve country_name in be_BY@latin

Ivo Raisr (1):
      sparc: Remove unused assignment in __clone

Jiong Wang (1):
      [ARM] Fix ld.so crash when built using Binutils 2.29

John David Anglin (17):
      hppa: Fix setting of __libc_stack_end
      Fix BZ #21049.
      Use generic pthread support on hppa.
      Update hppa ulps.
      Fix type in sysdeps/hppa/dl-machine.h.
      Fix failing sNaN tests on hppa.
      Fix guard alignment in allocate_stack when stack grows up.
      Fix [BZ locale/19838].
      Fix [BZ 20098].
      Remove extra braces from sysdeps/hppa/__longjmp.c.
      Remove _exit entry from sysdeps/unix/sysv/linux/hppa/localplt.data.
      Fix syscall cancellation on hppa.
      Fix __setcontext return value on hppa.
      Fix stack offset for r19 load in __getcontext.
      Add CFI annotation.
      Return to caller if dl_fixup fails to resolve callee on hppa.
      [BZ 19170]

Joseph Myers (133):
      Remove before-compile setting in math/Makefile.
      Do not hardcode list of libm functions in libm-err-tab.pl.
      Remove libm-test.inc comment listing functions tested and not tested.
      Move non-function-specific parts of libm-test.inc to separate file.
      Rework gen-libm-test.pl input/output handling.
      Eliminate libm-test.stmp.
      Split auto-libm-test-out by function.
      Split libm-test.inc by function.
      Move libm-test TEST_MSG definitions to libm-test-driver.c.
      Refactor some code in libm-test-driver.c.
      Fix powf inaccuracy (bug 21112).
      Clean up libm vector tests exception test disabling.
      Build most libm-test support code once per type.
      Move -U__LIBC_INTERNAL_MATH_INLINES to test-math-inline.h.
      Move more csin, csinh tests to auto-libm-test-in.
      Move INIT_ARCH_EXT call from libm-test-support to libm-test-driver.
      Move most libmvec test contents from .c to .h files.
      Revert header inclusion changes that break math/ testing on x86_64.
      Move tests of cacos, cacosh to auto-libm-test-*.
      Move tests of casin, casinh to auto-libm-test-*.
      Move tests of catan, catanh to auto-libm-test-*.
      Update arm, mips, powerpc-nofpu libm-test-ulps.
      Remove some unused libm-test exception macros.
      Add IP_RECVFRAGSIZE from Linux 4.10.
      Use Linux 4.10 in build-many-glibcs.py.
      Add TFD_TIMER_CANCEL_ON_SET to sys/timerfd.h.
      Run libm tests separately for each function.
      Regenerate MIPS catan, catanh long double ulps.
      Add more IPV6_* macros to sysdeps/unix/sysv/linux/bits/in.h.
      Fix test-math-vector-sincos.h aliasing.
      Improve float range reduction accuracy near pi/2 (bug 21094).
      Remove C++ namespace handling from glibc headers.
      conformtest: Make more tests into compilation tests.
      conformtest: Support system-specific XFAILs.
      conformtest: Skip execution tests when cross-compiling.
      conformtest: Add alpha XFAIL for struct netent n_net type (bug 21260).
      Add missing piece to last ChangeLog entry.
      conformtest: Add mips XFAIL for struct stat st_dev type (bug 17786).
      Make alpha termios.h define IXANY unconditionally (bug 21259).
      conformtest: Handle conditional XFAILs with allow-header.
      Fix sparc64 bits/setjmp.h namespace (bug 21261).
      conformtest: XFAIL tv_nsec tests for x32 (bug 16437).
      Fix alpha termios.h NL2, NL3 namespace (bug 21268).
      conformtest: Add mips XFAIL for struct stat st_rdev type (bug 21278).
      conformtest: Add x32 XFAILs for mq_attr element types (bug 21279).
      Regenerate INSTALL.
      Define more termios.h macros unconditionally for alpha (bug 21277).
      Fix bits/socket.h IOC* namespace issues (bug 21267).
      conformtest: Enable tests when cross compiling.
      Do not use wildcard symbol names for public versions in Versions files.
      conformtest: Allow *_t in sys/socket.h.
      Fix sys/socket.h namespace issues from sys/uio.h inclusion (bug 21426).
      Default build-many-glibcs.py to GCC 7 branch.
      conformtest: Fix XPG standard naming.
      conformtest: Allow time.h inclusion from semaphore.h for XOPEN2K.
      Default Linux kernel version in build-many-glibcs.py to 4.11.
      Add PF_SMC, AF_SMC from Linux 4.11 to bits/socket.h.
      Add TCP_FASTOPEN_CONNECT from Linux 4.11 to netinet/tcp.h.
      Add HWCAP_ASIMDRDM from Linux 4.11 to AArch64 bits/hwcap.h.
      Use __glibc_reserved convention in mcontext, sigcontext (bug 21457).
      Fix signal.h bsd_signal namespace (bug 21445).
      Fix network headers stdint.h namespace (bug 21455).
      Require Linux kernel 3.2 or later on x86 / x86_64.
      Remove __ASSUME_GETCPU_SYSCALL.
      Remove __ASSUME_PROC_PID_TASK_COMM.
      Assume prlimit64 is available.
      Simplify recvmmsg code.
      Simplify sendmmsg code.
      Simplify accept4, recvmmsg, sendmmsg code.
      Remove MIPS32 accept4, recvmmsg, sendmmsg implementations.
      Fix rawmemchr build with GCC 8.
      Condition some sys/ucontext.h contents on __USE_MISC (bug 21457).
      Remove __ASSUME_STATFS_F_FLAGS.
      Remove useless SPARC signbit aliases.
      Create and use first-versions.h with macros for function symbol versions.
      Also create and use ldbl-compat-choose.h.
      Split up bits/sigstack.h.
      Fix sys/ucontext.h namespace from signal.h etc. inclusion (bug 21457).
      Fix sigstack namespace (bug 21511).
      Fix more namespace issues in sys/ucontext.h (bug 21457).
      conformtest: Correct signal.h expectations for XPG4 / XPG42.
      Fix sigevent namespace (bug 21543).
      Fix struct sigaltstack namespace (bug 21517).
      Define SIG_HOLD for XPG4 (bug 21538).
      Fix tst-timezone race (bug 14096).
      Fix include paths in include/bits/types/*.h.
      conformtest: Correct sys/wait.h expectations for XPG4.
      Condition signal.h inclusion in sys/wait.h (bug 21560).
      Fix sigpause namespace (bug 21554).
      Update nios2, sparc32 localplt.data files for recent GCC change.
      Fix waitid namespace (bug 21561).
      Fix sigwait namespace (bug 21550).
      Fix XPG4 bsd_signal namespace (bug 21552).
      Update timezone code from tzcode 2017b.
      Define struct rusage in sys/wait.h when required (bug 21575).
      Fix signal stack namespace (bug 21584).
      Fix siginterrupt namespace (bug 21597).
      Fix another x86 sys/ucontext.h namespace issue (bug 21457).
      Require GCC 4.9 or later for building glibc.
      Fix wait3 namespace (bug 21625).
      Remove pre-GCC-4.9 MIPS code.
      conformtest: XFAIL uc_sigmask test for ia64 (bug 21634).
      conformtest: XFAIL uc_mcontext test for powerpc32 (bug 21635).
      Fix tile SA_* conditions for POSIX.1:2008 (bug 21622).
      Fix float128 uses of xlocale.h.
      Make errno-setting libm templates include errno.h.
      Correct min_of_type handling of _Float128.
      Make float128_private.h work with generic ieee754.h.
      Fix float128_private.h redefinition of SET_RESTORE_ROUNDL.
      Support _Float128 in math-tests.h.
      Support _Float128 in ldbl-96 bits/iscanonical.h.
      Avoid localplt issues from x86 fereaiseexcept inline.
      Make libm-test-support code clear exceptions after each test.
      Update x86 ulps for GCC 7.
      Add float128 support for x86_64, x86.
      Rename struct ucontext tag (bug 21457).
      Add float128 support for ia64.
      Fix strftime build with GCC 8.
      Fix elf/loadtest.c build with GCC 8.
      Miscellaneous sys/ucontext.h namespace fixes (bug 21457).
      Require binutils 2.25 or later to build glibc.
      Add more thorough generated tgmath.h test.
      Remove NO_LONG_DOUBLE conditionals in libm tests (bug 21607).
      Simplify tgmath.h for integer return types.
      Fix tgmath.h totalorder, totalordermag return type (bug 21687).
      Use clog10 not __clog10 in tgmath.h log10 macro.
      Support _Float128 in tgmath.h.
      Fix gen-tgmath-tests.py output for GCC 7 <float.h>.
      SPARC sys/ucontext.h namespace fixes (bug 21457).
      Update versions in build-many-glibcs.py.
      Consistently say "GNU C Library" in NEWS, not "glibc".
      Edit and shorten float128 NEWS item.
      Increase some test timeouts.

Justus Winter (1):
      hurd: Provide truncate64 and ftruncate64.

Kir Kolyshkin (1):
      Add Linux PTRACE_EVENT_STOP

Marko Myllynen (1):
      Fix send consolidation typo

Massimeddu Cireddu (1):
      Fix misspelled yesexpr/day/abday/mon/abmon/date_fmt fields in sc_IT

Matthew Krupcale (1):
      nptl: Fix typo on __have_pthread_attr_t (BZ#21715)

Mike FABIAN (24):
      Bug 20313: Update to Unicode 9.0.0
      Bug 21533: Update to Unicode 10.0.0
      Add ChangeLog entries for the last 6 commits
      Add iI and eE to  yesexpr and noexpr respectively for ts_ZA
      locales/om_ET (LC_MESSAGES): add yesstr and nostr.
      Fix wrong bug number in localedata/ChangeLog
      Fix country name in li_BE and encoding problem in abday in li_BE and li_NL
      Write "Latin" in title case in "title" in hif_FJ locale
      Fix yesexpr in new agr_PE locale
      Use U+02BB MODIFIER LETTER TURNED COMMA instead of U+0027 APOSTROPHE in yesstr and nostr for to_TO locale
      Add country_name to iu_CA locale
      Add int_select to many locales
      Add country_name to several locales
      Mention in NEWS that the Unicode 10.0.0 update causes user visible changes
      Add [BZ #21828] to ChangeLog
      Remove redundant data for LC_MONETARY in sd_IN@devanagari
      Use POSIX Portable Character Set in the new  mai_NP locale source file instead of <Uxxxx>
      Fix inappropriate escape sequences in LC_IDENTIFICATION in several locales
      Fix inappropriate characters in LC_IDENTIFICATION in several locales
      Remove erroneous tabs from some strings in locale files
      Remove erroneous spaces from some strings in locale files
      Revert "Remove redundant data for LC_MONETARY for Indian locales"
      Fix country_name in nds_NL
      Minor improvements to new az_IR locale

Mike Frysinger (5):
      x86_64: fix static build of __mempcpy_chk for compilers defaulting to PIC/PIE
      posix_spawn: fix stack setup on ia64 [BZ #21275]
      posix_spawn: use a larger min stack for -fstack-check [BZ #21253]
      ChangeLog: fix BZ style to be consistent and match majority of existing code
      localedata: CLDRv29: update LC_ADDRESS.lang_name translations

Mousa Moradi (1):
      Add new az_IR locale

Nathan Rossi (2):
      Update Microblaze libm-test-ulps
      microblaze: Resolve non-relocatable branch in pt-vfork.S (BZ#21779)

Paul Clarke (6):
      Support auxilliary vector components for cache geometries.
      powerpc: Add a POWER8-optimized version of cosf()
      powerpc: add sysconf support for cache geometries
      Add powf bench tests
      powerpc: fix sysconf support for cache geometries
      Optimized version of powf()

Paul E. Murphy (11):
      powerpc64le: Create divergent sysdep directory for powerpc64le.
      ldbl-128: Use mathx_hidden_def inplace of hidden_def
      float128: Add _Float128 make bits to libm.
      Add support for testing __STDC_WANT_IEC_60559_TYPES_EXT__
      float128: Add public _Float128 declarations to libm.
      float128: Add private _Float128 declarations for libm.
      float128: Add wrappers to override ldbl-128 as float128.
      float128: Extend the power of ten tables
      float128: Add strtof128, wcstof128, and related functions.
      float128: Add test-{float128,ifloat128,float128-finite}
      powerpc64le: Enable float128

Paul Eggert (1):
      getopt: merge from gnulib: use angle-bracket includes consistently

Peng Wu (1):
      Add yesstr and nostr to zh_CN locale

Phil Blundell (1):
      Correct misplaced comments in struct ip_mreq_source

Prakhar Bahuguna (1):
      [ARM] Optimise memchr for NEON-enabled processors

Rabin Vincent (1):
      [BZ 21357] unwind-dw2-fde: Call free() outside of unwind mutex

Rafal Luzynski (14):
      localedata: Remove trailing spaces [BZ #20275]
      localedata: ce_RU: update weekdays from CLDR [BZ #21207]
      localedata: fur_IT: Fix spelling of Wednesday (Miercus)
      localedata: Month names updated from CLDR-31 [BZ #21217]
      localedata: More months updated from CLDR-31 [BZ #21217]
      localedata: Months updated from CLDR - Arabic scripts [BZ #21217]
      localedata: Months updated from CLDR - Bengali scripts [BZ #21217]
      localedata: Months updated from CLDR - Devanagari scripts [BZ #21217]
      localedata: Months updated from CLDR - other Indic scripts [BZ #21217]
      localedata: Months updated from CLDR - other scripts [BZ #21217]
      More fixes after the recent import from CLDR-31
      Arabic scripts: More fixes after the recent import.
      localedata/locales/lg_UG: Fix some comments.
      Indian scripts: More fixes after the recent import.

Rajalakshmi Srinivasaraghavan (12):
      powerpc: Improve strcmp performance for shorter strings
      powerpc: Use latest optimizations for internal function calls
      powerpc: Set minimum kernel version for powerpc64le
      powerpc: Optimized strncat for POWER8
      powerpc64: strrchr optimization for power8
      powerpc: Fix strncat ifunc selection
      powerpc: Improve memcmp performance for POWER8
      powerpc: Add optimized version of [l]lrintf
      powerpc: Optimize memchr for power8
      powerpc: Add optimized version of [l]lroundf
      powerpc: refactor strrchr IFUNC
      powerpc: Clean up strlen and strnlen for power8

Rical Jasan (14):
      Fix a typo in the manual.
      manual: Fix up invalid header and standards syntax.
      manual: Convert @tables of annotated @items to @vtables.
      manual: Convert errno @comments to new @errno macro.
      manual: Provide consistent errno documentation.
      manual: Create empty placeholder macros for @standards.
      manual: Replace summary.awk with summary.pl.
      manual: Complete @standards in argp.texi.
      manual: Complete @standards in arith.texi.
      manual: Complete @standards in string.texi.
      manual: Complete @standards in lang.texi.
      manual: Fix a minor grammatical error.
      manual: Complete @standards in creature.texi.
      manual: Refactor documentation of CHAR_BIT.

Rogerio A. Cardoso (1):
      powerpc: Fix sinf() IFUNC fallback.

Samuel Thibault (1):
      hurd: Make send/recv more posixish

Santhosh Thottingal (1):
      Correct collation rules for Malayalam.

Siddhesh Poyarekar (40):
      Open master for development
      Fix typo in manual
      Fix getting tunable values on big-endian (BZ #21109)
      Ignore and remove LD_HWCAP_MASK for AT_SECURE programs (bug #21209)
      Actually add bench-memcpy-random
      tunables: Make tunable_list relro
      tunables: Specify a default value for tunables
      tunables: Add support for tunables of uint64_t type
      Reduce value of LD_HWCAP_MASK for tst-env-setuid test case
      Remove useless comment from sysdeps/sparc/sparc32/dl-machine.h
      arm: Fix typo in array count
      Delay initialization of CPU features struct in static binaries
      tunables: Clean up hooks to get and set tunables
      tunables: Add LD_HWCAP_MASK to tunables
      Add include guards to dl-procinfo.h
      tunables: Use glibc.tune.hwcap_mask tunable instead of _dl_hwcap_mask
      aarch64: Allow overriding HWCAP_CPUID feature check using HWCAP_MASK
      Make LD_HWCAP_MASK usable for static binaries
      aarch64: Add hwcap string routines
      aarch64: Fix undefined behavior in _dl_procinfo
      Enable tunables by default
      Fix typo when undefining weak_alias
      benchtests: Print string array elements, int and uint in json
      benchtests: Make memcpy benchmarks print results in json
      benchtests: New script to parse memcpy results
      Add ChangeLog entries for the last 3 commits
      aarch64: Call all string function implementations in tests
      tunables, aarch64: New tunable to override cpu
      Fix typo in glibc.tune.cpu name
      Regenerate libc.pot
      zic: Use PRIdMAX to print line numbers
      sv: Update translation
      Update translations
      Update translations
      Update NEWS
      Update translations
      Add list of bugs fixed in 2.26
      Fix up ChangeLog formatting
      Update contributors and latest gcc and binutils versions
      Update for 2.26 release

Slava Barinov (1):
      fts: Fix symbol redirect for fts_set [BZ #21289]

Stefan Liebler (23):
      Add __glibc_unlikely hint in lll_trylock, lll_cond_trylock.
      Get rid of duplicate const declaration specifier warning in tst-resolv-qtypes.c.
      S390: Optimize atomic macros.
      S390: Regenerate ULPs
      Update auto-libm-test-out for catan / catanh.
      Fix failing test malloc/tst-interpose-nothread with GCC 7.
      S390: Clobber also r14 in TLS_LD, TLS_GD macros on 31bit.
      S390: Use new s390_libc_ifunc_expr macro in s390 8bit-generic.c.
      S390: Move utf8-utf16-z9.c to multiarch folder and use s390_libc_ifunc_expr macro.
      S390: Move utf16-utf32-z9.c to multiarch folder and use s390_libc_ifunc_expr macro.
      S390: Move utf8-utf32-z9.c to multiarch folder and use s390_libc_ifunc_expr macro.
      S390: Regenerate ULPs
      Optimize generic spinlock code and use C11 like atomic macros.
      S390: Use generic spinlock code.
      S390: Fix build with gcc configured with --enable-default-pie. [BZ #21537]
      S390: Sync ptrace.h with kernel. [BZ #21539]
      S390: Save and restore r12 in TLS_IE macro.
      S390: Add new hwcap values for new cpu architecture - arch12.
      S390: Use cu41 instruction for converting from utf32 to utf8.
      S390: Use cu42 instruction for converting from utf32 to utf16.
      S390: Use cu24 instruction for converting from utf16 to utf32.
      S390: Use cu21 instruction for converting from utf16 to utf8.
      S390: Fix tst-ptrace-singleblock if kernel does not support PTRACE_SINGLEBLOCK.

Steve Ellcey (7):
      Add ifunc support for aarch64.
      Add ChangeLog entry for aarch64 ifunc support patch.
      Change TEST_NAME to memcpy to fix IFUNC testing of multiple versions.
      aarch64: Thunderx specific memcpy and memmove
      Fix cexpl when compiled with latest GCC
      Fix nss/nss_test1.c compile with latest GCC.
      Fix localedata test builds with latest GCC

Sunyeop Lee (1):
      Update old tunables framework document/script.

Szabolcs Nagy (8):
      [AArch64] Update libm-test-ulps
      [AArch64] Use hidden __GI__dl_argv in rtld startup code
      [AArch64] Add more cfi annotations to tlsdesc entry points
      Single threaded stdio optimization
      Disable single thread optimization for open_memstream
      Add HWCAP_ macros from Linux 4.12 to AArch64 bits/hwcap.h.
      [AArch64] Fix out of bound array access regression
      [AArch64] Update dl-procinfo for new HWCAP flags in Linux 4.12

Thorsten Kukuk (5):
      If sunrpc code is disabled, rpcsvc header files, rpcgen and
      The rpcgen tests should not run if we don't build rpcgen.
      Add missing ChangeLog entries.
      Deprecate libnsl by default (only shared library will be
      Merge branch 'master' of ssh://sourceware.org/git/glibc

Tulio Magno Quites Machado Filho (12):
      Fix lgamma*, log10* and log2* results [BZ #21171]
      powerpc: Update powerpc-fpu libm-test-ulps
      Use independent type literals in libm-test-support.c
      XFAIL catan and catanh tests on ibm128
      Change the order of function attributes in printf.h
      powerpc: Fix logbl on power7 [BZ# 21280]
      powerpc: Update powerpc-fpu libm-test-ulps
      Move tst-mutex*8* to tests-internal
      Add a way to bypass the PLT when calling getauxval
      powerpc: Update AT_HWCAP[2] bits
      Prevent an implicit int promotion in malloc/tst-alloc_buffer.c
      powerpc: Fix float128 IFUNC relocations [BZ #21707]

Uros Bizjak (1):
      Add earlyclobber to sqrtt/sqrtf insns.

Vladimir Mezentsev (1):
      sparc: handle R_SPARC_DISP64 and R_SPARC_REGISTER relocs

Wainer dos Santos Moschetta (16):
      powerpc: Convert tests to the new support test-driver
      powerpc: Add tests for __ppc_set_ppr_* functions.
      Update string tests to use the support test driver.
      Update wcsmbs tests to use the support test driver
      powerpc64: Add POWER8 strnlen
      Add page tests to string/test-strnlen.
      Update elf tests to use the support test driver.
      powerpc: refactor stpcpy, stpncpy, strcpy, and strncpy IFUNC.
      powerpc: refactor strcasecmp, strcmp, and strncmp IFUNC.
      powerpc: refactor strnlen and strlen IFUNC.
      powerpc: refactor strchr, strchrnul, and strrchr IFUNC.
      powerpc: refactor strcasestr and strstr IFUNC.
      powerpc: refactor memset IFUNC.
      powerpc: refactor memchr, memrchr, and rawmemchr IFUNC.
      powerpc: refactor memcpy and mempcpy IFUNC.
      powerpc: refactor memcmp and memmove IFUNC.

Wilco Dijkstra (11):
      As a minor cleanup remove the (r)index defines from include/string.h as
      GLIBC uses strchr (s, '\0') as an idiom to find the end of a string.
      The internal header include/string.h does not work in C++: it causes link errors
      Remove the str(n)cmp inlines from string/bits/string2.h.  The strncmp
      Remove the str(n)dup inlines from string/bits/string2.h.  Although inlining
      Add a new randomized memcpy test for copies up to 256 bytes.  The distribution
      Replace all internal uses of __bzero with memset.  This removes the need
      2017-06-12  Wilco Dijkstra  <wdijkstr@arm.com>
      Fix build issue on x86.
      Improve math benchmark infrastructure
      Add powf trace

Wladimir J. van der Laan (1):
      Call the right helper function when setting mallopt M_ARENA_MAX (BZ #21338)

Yury Norov (1):
      Test for correct setting of errno.

Zack Weinberg (55):
      Move bits/types.h into posix/bits.
      Clean up redundancies between string.h and strings.h.
      ChangeLog entry for previous changeset
      Add missing header files throughout the testsuite.
      build-many-glibcs: don't crash if email is not configured
      One more obvious missing #include in the testsuite.
      Clean up conditionals for declaration of gets.
      Split DIAG_* macros to new header libc-diag.h.
      Allow direct use of math_ldbl.h in testsuite.
      Miscellaneous low-risk changes preparing for _ISOMAC testsuite.
      Narrowing the visibility of libc-internal.h even further.
      Another round of inclusion fixes for _ISOMAC testsuite.
      getopt: remove USE_NONOPTION_FLAGS
      getopt: merge from gnulib: don't use `...' quotes
      getopt: merge straightforward changes from gnulib
      getopt: fix fencepost error in ambiguous-W-option handling
      getopt: clean up error reporting
      getopt: merge from gnulib: function prototype adjustments
      getopt: tidy up _getopt_initialize a bit
      getopt: refactor long-option handling
      getopt: merge from gnulib: alloca avoidance
      getopt: merge _GL_UNUSED annotations from gnulib
      getopt: eliminate __need_getopt by splitting up getopt.h.
      getopt: annotate files with relationship to gnulib.
      A third round of inclusion fixes for _ISOMAC testsuite.
      Rename cppflags-iterator.mk to libof-iterator.mk, remove extra-modules.mk.
      sunrpc/tst-xdrmem2.c: Include stdint.h.
      Remove _IO_MTSAFE_IO from public headers.
      Suppress internal declarations for most of the testsuite.
      Remove the bulk of the NaCl port.
      Remove sfi_* annotations from ARM assembly files.
      Remove __need_list_t and __need_res_state.
      Remove __need macros from signal.h.
      Add one more header to be installed, missed from previous patch.
      Fix a bug in 'Remove __need macros from signal.h' (a992f506)
      Avoid tickling a linker bug from microblaze pt-vfork.S.
      Add shim header for bits/syscall.h.
      Include shlib-compat.h in many sunrpc/nis source files.
      Add forgotten changelog entry for 82f43dd2d1
      Regenerate sysdeps/gnu/errlist.c.
      Remove __need macros from stdio.h and wchar.h.
      Polish the treatment of dl-tunable-list.h in Makeconfig.
      Remove bare use of __attribute__ in include/errno.h.
      Correct an outdated comment in stdlib/errno.h.
      Remove __need_schedparam and __cpu_set_t_defined.
      Correct indentation in posix/bits/cpu-set.h.
      Remove __need_IOV_MAX and __need_FOPEN_MAX.
      Remove __need macros from errno.h (__need_Emath, __need_error_t).
      Remove bits/string.h.
      Mention in NEWS that __(NO|USE)_STRING_INLINES don't do anything anymore.
      Fix fallout from bits/string.h removal.
      Rename xlocale.h to bits/types/__locale_t.h.
      Use locale_t, not __locale_t, throughout glibc
      Factor out shared definitions from bits/signum.h.
      Reorganize and revise NEWS for 2.26.

-----------------------------------------------------------------------
Comment 6 Sourceware Commits 2017-08-05 04:07:24 UTC
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, release/2.24/master has been updated
       via  36f173ab3709b4a920a833b9af67f30bcba1ea01 (commit)
      from  6aacb5befa4992dcbd6df17e914dd802fba8a1ea (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=36f173ab3709b4a920a833b9af67f30bcba1ea01

commit 36f173ab3709b4a920a833b9af67f30bcba1ea01
Author: Florian Weimer <fweimer@redhat.com>
Date:   Mon Feb 27 19:05:13 2017 +0100

    sunrpc: Avoid use-after-free read access in clntudp_call [BZ #21115]
    
    After commit bc779a1a5b3035133024b21e2f339fe4219fb11c
    (CVE-2016-4429: sunrpc: Do not use alloca in clntudp_call
    [BZ #20112]), ancillary data is stored on the heap,
    but it is accessed after it has been freed.
    
    The test case must be run under a heap debugger such as valgrind
    to observe the invalid access.  A malloc implementation which
    immediately calls munmap on free would catch this bug as well.
    
    (cherry picked from commit d42eed4a044e5e10dfb885cf9891c2518a72a491)

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog              |    8 ++++++
 sunrpc/Makefile        |    3 +-
 sunrpc/clnt_udp.c      |    2 +-
 sunrpc/tst-udp-error.c |   62 ++++++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 73 insertions(+), 2 deletions(-)
 create mode 100644 sunrpc/tst-udp-error.c
Comment 7 Sourceware Commits 2018-04-06 20:17:36 UTC
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, release/2.22/master has been updated
       via  017d97cd2ec0f626f8afb8c73ea3d612d8e844c3 (commit)
       via  436359fd41343c1db0616bd90e8a05bf188f237c (commit)
       via  407ec876262f0e6f55635ea0783f1f4a6c5d127f (commit)
       via  d2450a97c3df5527ea0fd49743bc354c979c185f (commit)
       via  c64d6bc3da8e61feab4117bcad53bd97e7a111cd (commit)
       via  d9c54360ca92a92ee8ee587f15a3cfc64fe4cb37 (commit)
       via  f87adbcaa47de2109e1c4561a2badf8aa82bc349 (commit)
       via  21c5d14bfb4e08bee86f94fd815535d3be2c3869 (commit)
       via  9d0aec236891576c7f12e935128364669b785233 (commit)
       via  89dc0372bb497b7d51bcf9999ce3f9684d450959 (commit)
       via  1be1845b280cfadff0cbd09170af554549849ffb (commit)
      from  771fb81f98a2be9e96f2a09056617ad93d64959f (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=017d97cd2ec0f626f8afb8c73ea3d612d8e844c3

commit 017d97cd2ec0f626f8afb8c73ea3d612d8e844c3
Author: Florian Weimer <fweimer@redhat.com>
Date:   Tue Feb 6 09:19:03 2018 +0100

    Record CVE-2018-6551 in NEWS and ChangeLog [BZ #22774]
    
    (cherry picked from commit 71aa429b029fdb6f9e65d44050388b51eca460d6)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=436359fd41343c1db0616bd90e8a05bf188f237c

commit 436359fd41343c1db0616bd90e8a05bf188f237c
Author: Florian Weimer <fweimer@redhat.com>
Date:   Thu Feb 1 15:00:44 2018 +0100

    Record CVE-2018-6485 in ChangeLog and NEWS [BZ #22343]
    
    (cherry picked from commit 4590634fd65162568b9f52fb4beb60aa25da37f2)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=407ec876262f0e6f55635ea0783f1f4a6c5d127f

commit 407ec876262f0e6f55635ea0783f1f4a6c5d127f
Author: Florian Weimer <fweimer@redhat.com>
Date:   Wed Aug 16 16:47:20 2017 +0200

    Add ChangeLog reference to bug 16750/CVE-2009-5064
    
    (cherry picked from commit 403143e1df85dadd374f304bd891be0cd7573e3b)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d2450a97c3df5527ea0fd49743bc354c979c185f

commit d2450a97c3df5527ea0fd49743bc354c979c185f
Author: Arjun Shankar <arjun.is@lostca.se>
Date:   Thu Jan 18 16:47:06 2018 +0000

    Fix integer overflows in internal memalign and malloc functions [BZ #22343]
    
    When posix_memalign is called with an alignment less than MALLOC_ALIGNMENT
    and a requested size close to SIZE_MAX, it falls back to malloc code
    (because the alignment of a block returned by malloc is sufficient to
    satisfy the call).  In this case, an integer overflow in _int_malloc leads
    to posix_memalign incorrectly returning successfully.
    
    Upon fixing this and writing a somewhat thorough regression test, it was
    discovered that when posix_memalign is called with an alignment larger than
    MALLOC_ALIGNMENT (so it uses _int_memalign instead) and a requested size
    close to SIZE_MAX, a different integer overflow in _int_memalign leads to
    posix_memalign incorrectly returning successfully.
    
    Both integer overflows affect other memory allocation functions that use
    _int_malloc (one affected malloc in x86) or _int_memalign as well.
    
    This commit fixes both integer overflows.  In addition to this, it adds a
    regression test to guard against false successful allocations by the
    following memory allocation functions when called with too-large allocation
    sizes and, where relevant, various valid alignments:
    malloc, realloc, calloc, reallocarray, memalign, posix_memalign,
    aligned_alloc, valloc, and pvalloc.
    
    (cherry picked from commit 8e448310d74b283c5cd02b9ed7fb997b47bf9b22)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c64d6bc3da8e61feab4117bcad53bd97e7a111cd

commit c64d6bc3da8e61feab4117bcad53bd97e7a111cd
Author: Florian Weimer <fweimer@redhat.com>
Date:   Thu Dec 14 15:18:38 2017 +0100

    elf: Compute correct array size in _dl_init_paths [BZ #22606]
    
    (cherry picked from commit 8a0b17e48b83e933960dfeb8fa08b259f03f310e)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d9c54360ca92a92ee8ee587f15a3cfc64fe4cb37

commit d9c54360ca92a92ee8ee587f15a3cfc64fe4cb37
Author: Florian Weimer <fweimer@redhat.com>
Date:   Thu Nov 2 12:14:01 2017 +0100

    <array_length.h>: New array_length and array_end macros
    
    (cherry picked from commit c94a5688fb1228a862b2d4a3f1239cdc0e3349e5)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f87adbcaa47de2109e1c4561a2badf8aa82bc349

commit f87adbcaa47de2109e1c4561a2badf8aa82bc349
Author: Florian Weimer <fweimer@redhat.com>
Date:   Thu Dec 14 15:05:57 2017 +0100

    elf: Count components of the expanded path in _dl_init_path [BZ #22607]
    
    (cherry picked from commit 3ff3dfa5af313a6ea33f3393916f30eece4f0171)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=21c5d14bfb4e08bee86f94fd815535d3be2c3869

commit 21c5d14bfb4e08bee86f94fd815535d3be2c3869
Author: Aurelien Jarno <aurelien@aurel32.net>
Date:   Sat Dec 30 10:54:23 2017 +0100

    elf: Check for empty tokens before dynamic string token expansion [BZ #22625]
    
    The fillin_rpath function in elf/dl-load.c loops over each RPATH or
    RUNPATH tokens and interprets empty tokens as the current directory
    ("./"). In practice the check for empty token is done *after* the
    dynamic string token expansion. The expansion process can return an
    empty string for the $ORIGIN token if __libc_enable_secure is set
    or if the path of the binary can not be determined (/proc not mounted).
    
    Fix that by moving the check for empty tokens before the dynamic string
    token expansion. In addition, check for NULL pointer or empty strings
    return by expand_dynamic_string_token.
    
    The above changes highlighted a bug in decompose_rpath, an empty array
    is represented by the first element being NULL at the fillin_rpath
    level, but by using a -1 pointer in decompose_rpath and other functions.
    
    Changelog:
    	[BZ #22625]
    	* elf/dl-load.c (fillin_rpath): Check for empty tokens before dynamic
    	string token expansion. Check for NULL pointer or empty string possibly
    	returned by expand_dynamic_string_token.
    	(decompose_rpath): Check for empty path after dynamic string
    	token expansion.
    
    (cherry picked from commit 3e3c904daef69b8bf7d5cc07f793c9f07c3553ef)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9d0aec236891576c7f12e935128364669b785233

commit 9d0aec236891576c7f12e935128364669b785233
Author: Florian Weimer <fweimer@redhat.com>
Date:   Thu Apr 13 13:09:38 2017 +0200

    sunrpc: Avoid use-after-free read access in clntudp_call [BZ #21115]
    
    After commit bc779a1a5b3035133024b21e2f339fe4219fb11c
    (CVE-2016-4429: sunrpc: Do not use alloca in clntudp_call
    [BZ #20112]), ancillary data is stored on the heap,
    but it is accessed after it has been freed.
    
    The test case must be run under a heap debugger such as valgrind
    to observe the invalid access.  A malloc implementation which
    immediately calls munmap on free would catch this bug as well.
    
    (cherry picked from commit d42eed4a044e5e10dfb885cf9891c2518a72a491)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=89dc0372bb497b7d51bcf9999ce3f9684d450959

commit 89dc0372bb497b7d51bcf9999ce3f9684d450959
Author: Andreas Schwab <schwab@suse.de>
Date:   Wed Aug 16 15:59:55 2017 +0200

    ldd: never run file directly
    
    (cherry picked from commit eedca9772e99c72ab4c3c34e43cc764250aa3e3c)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=1be1845b280cfadff0cbd09170af554549849ffb

commit 1be1845b280cfadff0cbd09170af554549849ffb
Author: Arjun Shankar <arjun.is@lostca.se>
Date:   Wed Jun 7 11:46:24 2017 +0200

    Synchronize support/ infrastructure with master
    
    This commit updates the support/ subdirectory to
    commit 2714c5f3c95f90977167c1d21326d907fb76b419
    on the master branch and modifies Makeconfig,
    Rules, and extra-lib.mk accordingly.
    
    (cherry picked from commit 4c5785aa129a5d195fc1cd5c7fcd6f62c2b0ff0c)
    
    Reviewed-by: Carlos O'Donell <carlos@redhat.com>

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog                                  |   57 ++
 Makeconfig                                 |   15 +-
 NEWS                                       |   32 +
 Rules                                      |    3 +
 elf/dl-load.c                              |   76 +-
 elf/ldd.bash.in                            |   14 +-
 extra-lib.mk                               |    5 +
 include/array_length.h                     |   36 +
 malloc/Makefile                            |    3 +-
 malloc/malloc.c                            |   30 +-
 malloc/tst-malloc-too-large.c              |  237 ++++++
 scripts/backport-support.sh                |  110 +++
 sunrpc/Makefile                            |    3 +-
 sunrpc/clnt_udp.c                          |    2 +-
 sunrpc/tst-udp-error.c                     |   62 ++
 support/Makefile                           |  146 ++++
 support/README                             |   29 +
 support/README-testing.c                   |   19 +
 support/capture_subprocess.h               |   61 ++
 support/check.c                            |   57 ++
 support/check.h                            |   94 +++
 support/check_addrinfo.c                   |   42 +
 support/check_dns_packet.c                 |   42 +
 support/check_hostent.c                    |   42 +
 support/check_netent.c                     |   42 +
 support/check_nss.h                        |   42 +
 support/delayed_exit.c                     |   55 ++
 support/format_nss.h                       |   41 +
 support/ignore_stderr.c                    |   38 +
 support/namespace.h                        |   65 ++
 support/oom_error.c                        |   29 +
 support/resolv_test.c                      | 1202 ++++++++++++++++++++++++++++
 support/resolv_test.h                      |  180 +++++
 support/run_diff.h                         |   31 +
 support/set_fortify_handler.c              |   34 +
 support/support-xstat.c                    |   30 +
 support/support.h                          |   74 ++
 support/support_become_root.c              |   40 +
 support/support_can_chroot.c               |   65 ++
 support/support_capture_subprocess.c       |  108 +++
 support/support_capture_subprocess_check.c |   67 ++
 support/support_enter_network_namespace.c  |   75 ++
 support/support_format_address_family.c    |   35 +
 support/support_format_addrinfo.c          |  239 ++++++
 support/support_format_dns_packet.c        |  222 +++++
 support/support_format_herrno.c            |   45 +
 support/support_format_hostent.c           |   75 ++
 support/support_format_netent.c            |   52 ++
 support/support_isolate_in_subprocess.c    |   38 +
 support/support_record_failure.c           |  106 +++
 support/support_run_diff.c                 |   76 ++
 support/support_shared_allocate.c          |   59 ++
 support/support_test_main.c                |  423 ++++++++++
 support/support_test_verify_impl.c         |   33 +
 support/support_write_file_string.c        |   39 +
 support/temp_file-internal.h               |   31 +
 support/temp_file.c                        |  132 +++
 support/temp_file.h                        |   37 +
 support/test-driver.c                      |  156 ++++
 support/test-driver.h                      |   74 ++
 support/tst-support-namespace.c            |   34 +
 support/tst-support_capture_subprocess.c   |  188 +++++
 support/tst-support_format_dns_packet.c    |  101 +++
 support/tst-support_record_failure-2.sh    |   69 ++
 support/tst-support_record_failure.c       |  153 ++++
 support/write_message.c                    |   29 +
 support/xaccept.c                          |   32 +
 support/xaccept4.c                         |   32 +
 support/xasprintf.c                        |   36 +
 support/xbind.c                            |   30 +
 support/xcalloc.c                          |   34 +
 support/xchroot.c                          |   28 +
 support/xclose.c                           |   28 +
 support/xconnect.c                         |   30 +
 support/xdup2.c                            |   28 +
 support/xfclose.c                          |   33 +
 support/xfopen.c                           |   31 +
 support/xfork.c                            |   32 +
 support/xgetsockname.c                     |   30 +
 support/xlisten.c                          |   30 +
 support/xmalloc.c                          |   34 +
 support/xmemstream.c                       |   42 +
 support/xmemstream.h                       |   49 ++
 support/xmkdir.c                           |   28 +
 support/xmmap.c                            |   31 +
 support/xmunmap.c                          |   28 +
 support/xopen.c                            |   30 +
 support/xpipe.c                            |   28 +
 support/xpoll.c                            |   32 +
 support/xpthread_attr_destroy.c            |   26 +
 support/xpthread_attr_init.c               |   25 +
 support/xpthread_attr_setdetachstate.c     |   27 +
 support/xpthread_attr_setstacksize.c       |   26 +
 support/xpthread_barrier_destroy.c         |   26 +
 support/xpthread_barrier_init.c            |   27 +
 support/xpthread_barrier_wait.c            |   28 +
 support/xpthread_cancel.c                  |   25 +
 support/xpthread_check_return.c            |   34 +
 support/xpthread_cond_wait.c               |   26 +
 support/xpthread_create.c                  |   29 +
 support/xpthread_detach.c                  |   25 +
 support/xpthread_join.c                    |   27 +
 support/xpthread_mutex_consistent.c        |   26 +
 support/xpthread_mutex_destroy.c           |   26 +
 support/xpthread_mutex_init.c              |   26 +
 support/xpthread_mutex_lock.c              |   25 +
 support/xpthread_mutex_unlock.c            |   25 +
 support/xpthread_mutexattr_destroy.c       |   26 +
 support/xpthread_mutexattr_init.c          |   25 +
 support/xpthread_mutexattr_setprotocol.c   |   26 +
 support/xpthread_mutexattr_setpshared.c    |   26 +
 support/xpthread_mutexattr_setrobust.c     |   26 +
 support/xpthread_mutexattr_settype.c       |   26 +
 support/xpthread_once.c                    |   25 +
 support/xpthread_sigmask.c                 |   34 +
 support/xpthread_spin_lock.c               |   25 +
 support/xpthread_spin_unlock.c             |   25 +
 support/xrealloc.c                         |   32 +
 support/xrecvfrom.c                        |   33 +
 support/xsendto.c                          |   35 +
 support/xsetsockopt.c                      |   31 +
 support/xsignal.h                          |   34 +
 support/xsocket.c                          |   32 +
 support/xsocket.h                          |   39 +
 support/xstdio.h                           |   32 +
 support/xstrdup.c                          |   30 +
 support/xthread.h                          |   77 ++
 support/xunistd.h                          |   56 ++
 support/xwaitpid.c                         |   33 +
 support/xwrite.c                           |   39 +
 130 files changed, 7804 insertions(+), 59 deletions(-)
 create mode 100644 include/array_length.h
 create mode 100644 malloc/tst-malloc-too-large.c
 create mode 100644 scripts/backport-support.sh
 create mode 100644 sunrpc/tst-udp-error.c
 create mode 100644 support/Makefile
 create mode 100644 support/README
 create mode 100644 support/README-testing.c
 create mode 100644 support/capture_subprocess.h
 create mode 100644 support/check.c
 create mode 100644 support/check.h
 create mode 100644 support/check_addrinfo.c
 create mode 100644 support/check_dns_packet.c
 create mode 100644 support/check_hostent.c
 create mode 100644 support/check_netent.c
 create mode 100644 support/check_nss.h
 create mode 100644 support/delayed_exit.c
 create mode 100644 support/format_nss.h
 create mode 100644 support/ignore_stderr.c
 create mode 100644 support/namespace.h
 create mode 100644 support/oom_error.c
 create mode 100644 support/resolv_test.c
 create mode 100644 support/resolv_test.h
 create mode 100644 support/run_diff.h
 create mode 100644 support/set_fortify_handler.c
 create mode 100644 support/support-xstat.c
 create mode 100644 support/support.h
 create mode 100644 support/support_become_root.c
 create mode 100644 support/support_can_chroot.c
 create mode 100644 support/support_capture_subprocess.c
 create mode 100644 support/support_capture_subprocess_check.c
 create mode 100644 support/support_enter_network_namespace.c
 create mode 100644 support/support_format_address_family.c
 create mode 100644 support/support_format_addrinfo.c
 create mode 100644 support/support_format_dns_packet.c
 create mode 100644 support/support_format_herrno.c
 create mode 100644 support/support_format_hostent.c
 create mode 100644 support/support_format_netent.c
 create mode 100644 support/support_isolate_in_subprocess.c
 create mode 100644 support/support_record_failure.c
 create mode 100644 support/support_run_diff.c
 create mode 100644 support/support_shared_allocate.c
 create mode 100644 support/support_test_main.c
 create mode 100644 support/support_test_verify_impl.c
 create mode 100644 support/support_write_file_string.c
 create mode 100644 support/temp_file-internal.h
 create mode 100644 support/temp_file.c
 create mode 100644 support/temp_file.h
 create mode 100644 support/test-driver.c
 create mode 100644 support/test-driver.h
 create mode 100644 support/tst-support-namespace.c
 create mode 100644 support/tst-support_capture_subprocess.c
 create mode 100644 support/tst-support_format_dns_packet.c
 create mode 100644 support/tst-support_record_failure-2.sh
 create mode 100644 support/tst-support_record_failure.c
 create mode 100644 support/write_message.c
 create mode 100644 support/xaccept.c
 create mode 100644 support/xaccept4.c
 create mode 100644 support/xasprintf.c
 create mode 100644 support/xbind.c
 create mode 100644 support/xcalloc.c
 create mode 100644 support/xchroot.c
 create mode 100644 support/xclose.c
 create mode 100644 support/xconnect.c
 create mode 100644 support/xdup2.c
 create mode 100644 support/xfclose.c
 create mode 100644 support/xfopen.c
 create mode 100644 support/xfork.c
 create mode 100644 support/xgetsockname.c
 create mode 100644 support/xlisten.c
 create mode 100644 support/xmalloc.c
 create mode 100644 support/xmemstream.c
 create mode 100644 support/xmemstream.h
 create mode 100644 support/xmkdir.c
 create mode 100644 support/xmmap.c
 create mode 100644 support/xmunmap.c
 create mode 100644 support/xopen.c
 create mode 100644 support/xpipe.c
 create mode 100644 support/xpoll.c
 create mode 100644 support/xpthread_attr_destroy.c
 create mode 100644 support/xpthread_attr_init.c
 create mode 100644 support/xpthread_attr_setdetachstate.c
 create mode 100644 support/xpthread_attr_setstacksize.c
 create mode 100644 support/xpthread_barrier_destroy.c
 create mode 100644 support/xpthread_barrier_init.c
 create mode 100644 support/xpthread_barrier_wait.c
 create mode 100644 support/xpthread_cancel.c
 create mode 100644 support/xpthread_check_return.c
 create mode 100644 support/xpthread_cond_wait.c
 create mode 100644 support/xpthread_create.c
 create mode 100644 support/xpthread_detach.c
 create mode 100644 support/xpthread_join.c
 create mode 100644 support/xpthread_mutex_consistent.c
 create mode 100644 support/xpthread_mutex_destroy.c
 create mode 100644 support/xpthread_mutex_init.c
 create mode 100644 support/xpthread_mutex_lock.c
 create mode 100644 support/xpthread_mutex_unlock.c
 create mode 100644 support/xpthread_mutexattr_destroy.c
 create mode 100644 support/xpthread_mutexattr_init.c
 create mode 100644 support/xpthread_mutexattr_setprotocol.c
 create mode 100644 support/xpthread_mutexattr_setpshared.c
 create mode 100644 support/xpthread_mutexattr_setrobust.c
 create mode 100644 support/xpthread_mutexattr_settype.c
 create mode 100644 support/xpthread_once.c
 create mode 100644 support/xpthread_sigmask.c
 create mode 100644 support/xpthread_spin_lock.c
 create mode 100644 support/xpthread_spin_unlock.c
 create mode 100644 support/xrealloc.c
 create mode 100644 support/xrecvfrom.c
 create mode 100644 support/xsendto.c
 create mode 100644 support/xsetsockopt.c
 create mode 100644 support/xsignal.h
 create mode 100644 support/xsocket.c
 create mode 100644 support/xsocket.h
 create mode 100644 support/xstdio.h
 create mode 100644 support/xstrdup.c
 create mode 100644 support/xthread.h
 create mode 100644 support/xunistd.h
 create mode 100644 support/xwaitpid.c
 create mode 100644 support/xwrite.c