Commit Graph

2168 Commits

Author SHA1 Message Date
Siddhesh Poyarekar
4ad1659d8c getcwd: Set errno to ERANGE for size == 1 (CVE-2021-3999)
No valid path returned by getcwd would fit into 1 byte, so reject the
size early and return NULL with errno set to ERANGE.  This change is
prompted by CVE-2021-3999, which describes a single byte buffer
underflow and overflow when all of the following conditions are met:

- The buffer size (i.e. the second argument of getcwd) is 1 byte
- The current working directory is too long
- '/' is also mounted on the current working directory

Sequence of events:

- In sysdeps/unix/sysv/linux/getcwd.c, the syscall returns ENAMETOOLONG
  because the linux kernel checks for name length before it checks
  buffer size

- The code falls back to the generic getcwd in sysdeps/posix

- In the generic func, the buf[0] is set to '\0' on line 250

- this while loop on line 262 is bypassed:

    while (!(thisdev == rootdev && thisino == rootino))

  since the rootfs (/) is bind mounted onto the directory and the flow
  goes on to line 449, where it puts a '/' in the byte before the
  buffer.

- Finally on line 458, it moves 2 bytes (the underflowed byte and the
  '\0') to the buf[0] and buf[1], resulting in a 1 byte buffer overflow.

- buf is returned on line 469 and errno is not set.

This resolves BZ #28769.

Reviewed-by: Andreas Schwab <schwab@linux-m68k.org>
Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
Signed-off-by: Qualys Security Advisory <qsa@qualys.com>
Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
(cherry picked from commit 23e0e8f5f1)
2022-08-18 00:14:28 +02:00
H.J. Lu
183709983d NEWS: Add a bug fix entry for BZ #28896 2022-02-18 19:12:04 -08:00
H.J. Lu
70d293a158 NEWS: Add a bug fix entry for BZ #27974 2022-01-27 15:50:22 -08:00
H.J. Lu
c0cbb9345e NEWS: Add a bug fix entry for BZ #27457 2022-01-27 12:23:42 -08:00
H.J. Lu
5b13651085 NEWS: Add a bug fix entry for BZ #28755 2022-01-27 05:16:30 -08:00
Florian Weimer
3ef8be9b89 CVE-2022-23218: Buffer overflow in sunrpc svcunix_create (bug 28768)
The sunrpc function svcunix_create suffers from a stack-based buffer
overflow with overlong pathname arguments.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
(cherry picked from commit f545ad4928)
2022-01-18 11:17:44 +01:00
Florian Weimer
c4c833d3dd CVE-2022-23219: Buffer overflow in sunrpc clnt_create for "unix" (bug 22542)
Processing an overlong pathname in the sunrpc clnt_create function
results in a stack-based buffer overflow.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
(cherry picked from commit 226b46770c)
2022-01-18 08:27:04 +01:00
Nikita Popov
e26a2db141 gconv: Do not emit spurious NUL character in ISO-2022-JP-3 (bug 28524)
Bugfix 27256 has introduced another issue:
In conversion from ISO-2022-JP-3 encoding, it is possible
to force iconv to emit extra NUL character on internal state reset.
To do this, it is sufficient to feed iconv with escape sequence
which switches active character set.
The simplified check 'data->__statep->__count != ASCII_set'
introduced by the aforementioned bugfix picks that case and
behaves as if '\0' character has been queued thus emitting it.

To eliminate this issue, these steps are taken:
* Restore original condition
'(data->__statep->__count & ~7) != ASCII_set'.
It is necessary since bits 0-2 may contain
number of buffered input characters.
* Check that queued character is not NUL.
Similar step is taken for main conversion loop.

Bundled test case follows following logic:
* Try to convert ISO-2022-JP-3 escape sequence
switching active character set
* Reset internal state by providing NULL as input buffer
* Ensure that nothing has been converted.

Signed-off-by: Nikita Popov <npv1310@gmail.com>
(cherry picked from commit ff012870b2)
2021-12-05 12:04:05 +01:00
H.J. Lu
af316e4627 x86: Check IFUNC definition in unrelocated executable [BZ #20019]
Calling an IFUNC function defined in unrelocated executable also leads to
segfault.  Issue a fatal error message when calling IFUNC function defined
in the unrelocated executable from a shared library.

On x86, ifuncmain6pie failed with:

[hjl@gnu-cfl-2 build-i686-linux]$ ./elf/ifuncmain6pie --direct
./elf/ifuncmain6pie: IFUNC symbol 'foo' referenced in '/export/build/gnu/tools-build/glibc-32bit/build-i686-linux/elf/ifuncmod6.so' is defined in the executable and creates an unsatisfiable circular dependency.
[hjl@gnu-cfl-2 build-i686-linux]$ readelf -rW elf/ifuncmod6.so | grep foo
00003ff4  00000706 R_386_GLOB_DAT         0000400c   foo_ptr
00003ff8  00000406 R_386_GLOB_DAT         00000000   foo
0000400c  00000401 R_386_32               00000000   foo
[hjl@gnu-cfl-2 build-i686-linux]$

Remove non-JUMP_SLOT relocations against foo in ifuncmod6.so, which
trigger the circular IFUNC dependency, and build ifuncmain6pie with
-Wl,-z,lazy.

(cherry picked from commits 6ea5b57afa
 and 7137d682eb)
2021-01-13 14:02:11 -08:00
H.J. Lu
36eb01dd85 x86: Set header.feature_1 in TCB for always-on CET [BZ #27177]
Update dl_cet_check() to set header.feature_1 in TCB when both IBT and
SHSTK are always on.

(cherry picked from commit 2ef23b5205)
2021-01-13 08:21:58 -08:00
H.J. Lu
8b7be87aa2 x86-64: Avoid rep movsb with short distance [BZ #27130]
When copying with "rep movsb", if the distance between source and
destination is N*4GB + [1..63] with N >= 0, performance may be very
slow.  This patch updates memmove-vec-unaligned-erms.S for AVX and
AVX512 versions with the distance in RCX:

	cmpl	$63, %ecx
	// Don't use "rep movsb" if ECX <= 63
	jbe	L(Don't use rep movsb")
	Use "rep movsb"

Benchtests data with bench-memcpy, bench-memcpy-large, bench-memcpy-random
and bench-memcpy-walk on Skylake, Ice Lake and Tiger Lake show that its
performance impact is within noise range as "rep movsb" is only used for
data size >= 4KB.

(cherry picked from commit 3ec5d83d2a)
2021-01-12 05:40:10 -08:00
Andreas Schwab
c4f5e32aae Fix buffer overrun in EUC-KR conversion module (bz #24973)
The byte 0xfe as input to the EUC-KR conversion denotes a user-defined
area and is not allowed.  The from_euc_kr function used to skip two bytes
when told to skip over the unknown designation, potentially running over
the buffer end.

(cherry picked from commit ee7a3144c9)
2021-01-05 06:33:06 +01:00
Siddhesh Poyarekar
0858f46440 Add NEWS entry for CVE-2020-29562 (BZ #26923)
BZ #26923 now has a CVE entry, so add a NEWS entry for it.

(cherry picked from commit 38a9e93cb1)
2021-01-03 13:21:12 +01:00
Michael Colavita
1e40391de2 iconv: Fix incorrect UCS4 inner loop bounds (BZ#26923)
Previously, in UCS4 conversion routines we limit the number of
characters we examine to the minimum of the number of characters in the
input and the number of characters in the output. This is not the
correct behavior when __GCONV_IGNORE_ERRORS is set, as we do not consume
an output character when we skip a code unit. Instead, track the input
and output pointers and terminate the loop when either reaches its
limit.

This resolves assertion failures when resetting the input buffer in a step of
iconv, which assumes that the input will be fully consumed given sufficient
output space.

(cherry picked from commit 228edd356f)
2021-01-03 13:20:30 +01:00
Arjun Shankar
df31c7ca92 iconv: Accept redundant shift sequences in IBM1364 [BZ #26224]
The IBM1364, IBM1371, IBM1388, IBM1390 and IBM1399 character sets
share converter logic (iconvdata/ibm1364.c) which would reject
redundant shift sequences when processing input in these character
sets.  This led to a hang in the iconv program (CVE-2020-27618).

This commit adjusts the converter to ignore redundant shift sequences
and adds test cases for iconv_prog hangs that would be triggered upon
their rejection.  This brings the implementation in line with other
converters that also ignore redundant shift sequences (e.g. IBM930
etc., fixed in commit 692de4b396).

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
(cherry picked from commit 9a99c68214)
2020-11-30 23:59:53 +01:00
Adhemerval Zanella
7df507808c sh: Add sh4 fpu Implies folder
The commit 605f38177d (sh: Split BE/LE abilist) did not take in
consideration the SH4 fpu support.

Checked with a build for sh4-linux-gnu and manually checked that
the implementations at sysdeps/sh/sh4/fpu/ are selected.

John Paul Adrian Glaubitz also confirmed it fixes the build issues
he encontered.

(cherry-picked from 9ff2674ef8)
2020-11-27 09:34:02 -03:00
Arjun Shankar
32965a46ce intl: Handle translation output codesets with suffixes [BZ #26383]
Commit 91927b7c76 (Rewrite iconv option parsing [BZ #19519]) did not
handle cases where the output codeset for translations (via the `gettext'
family of functions) might have a caller specified encoding suffix such as
TRANSLIT or IGNORE.  This led to a regression where translations did not
work when the codeset had a suffix.

This commit fixes the above issue by parsing any suffixes passed to
__dcigettext and adds two new test-cases to intl/tst-codeset.c to
verify correct behaviour.  The iconv-internal function __gconv_create_spec
and the static iconv-internal function gconv_destroy_spec are now visible
internally within glibc and used in intl/dcigettext.c.

(cherry picked from commit 7d4ec75e11)
2020-10-10 14:51:27 +02:00
Aurelien Jarno
6fdf971c9d Add NEWS entry for CVE-2016-10228 (bug 19519)
(cherry picked from commit 17a0126abf)
2020-08-03 23:34:51 +02:00
Arjun Shankar
70d585151c Rewrite iconv option parsing [BZ #19519]
This commit replaces string manipulation during `iconv_open' and iconv_prog
option parsing with a structured, flag based conversion specification.  In
doing so, it alters the internal `__gconv_open' interface and accordingly
adjusts its uses.

This change fixes several hangs in the iconv program and therefore includes
a new test to exercise iconv_prog options that originally led to these hangs.
It also includes a new regression test for option handling in the iconv
function.

Reviewed-by: Florian Weimer <fweimer@redhat.com>
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>

(cherry picked from commit 91927b7c76)
2020-08-03 23:34:44 +02:00
Florian Weimer
1c8efe848b powerpc: Fix incorrect cache line size load in memset (bug 26332)
__GLRO loaded the word after the requested variable on big-endian
PowerPC, where LOWORD is 4.  This can cause the memset implement
go wrong because the masking with the cache line size produces
wrong results, particularly if the loaded value happens to be 1.

The __GLRO macro is not used in any place where loading the lower
32-bit word of a 64-bit value is desired, so the +4 offset is always
wrong.

Fixes commit 18363b4f01
("powerpc: Move cache line size to rtld_global_ro") and bug 26332.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>

(cherry picked from commit 7650321ce0)
2020-08-03 23:32:32 +02:00
H.J. Lu
7611339a9b nptl: Zero-extend arguments to SETXID syscalls [BZ #26248]
nptl has

/* Opcodes and data types for communication with the signal handler to
   change user/group IDs.  */
struct xid_command
{
  int syscall_no;
  long int id[3];
  volatile int cntr;
  volatile int error;
};

 /* This must be last, otherwise the current thread might not have
     permissions to send SIGSETXID syscall to the other threads.  */
  result = INTERNAL_SYSCALL_NCS (cmdp->syscall_no, 3,
                                 cmdp->id[0], cmdp->id[1], cmdp->id[2]);

But the second argument of setgroups syscal is a pointer:

       int setgroups (size_t size, const gid_t *list);

But on x32, pointers passed to syscall must have pointer type so that
they will be zero-extended.  The kernel XID arguments are unsigned and
do not require sign extension.  Change xid_command to

struct xid_command
{
  int syscall_no;
  unsigned long int id[3];
  volatile int cntr;
  volatile int error;
};

so that all arguments are zero-extended.  A testcase is added for x32 and
setgroups returned with EFAULT when running as root without the fix.

(cherry picked from commit 0ad926f349)
2020-07-29 23:18:33 +02:00
Aurelien Jarno
6f3459f985 Add NEWS entry for CVE-2020-6096 (bug 25620)
Reviewed-by: Carlos O'Donell <carlos@redhat.com>

(cherry picked from commit 17400c4bcd)
2020-07-16 19:23:43 +02:00
H.J. Lu
4e8a33a959 NEWS: Mention BZ 25933 fix 2020-07-04 09:45:21 -07:00
Florian Weimer
3a44844c97 nss_compat: internal_end*ent may clobber errno, hiding ERANGE [BZ #25976]
During cleanup, before returning from get*_r functions, the end*ent
calls must not change errno.  Otherwise, an ERANGE error from the
underlying implementation can be hidden, causing unexpected lookup
failures.  This commit introduces an internal_end*ent_noerror
function which saves and restore errno, and marks the original
internal_end*ent function as warn_unused_result, so that it is used
only in contexts were errors from it can be handled explicitly.

Reviewed-by: DJ Delorie <dj@redhat.com>
(cherry picked from commit 790b8dda44)
2020-05-19 16:28:53 +02:00
H.J. Lu
a98b8b221c NEWS: Mention fixes for BZ 25810/25896/25902/25966 2020-05-09 12:43:53 -07:00
Rafał Lużyński
3b9ceb3320 NEWS: Mention bug 25639 fixed in 2.31 branch 2020-05-09 17:07:24 +02:00
John David Anglin
91b909315c Fix data race in setting function descriptors during lazy binding on hppa.
This addresses an issue that is present mainly on SMP machines running
threaded code.  In a typical indirect call or PLT import stub, the
target address is loaded first.  Then the global pointer is loaded into
the PIC register in the delay slot of a branch to the target address.
During lazy binding, the target address is a trampoline which transfers
to _dl_runtime_resolve().

_dl_runtime_resolve() uses the relocation offset stored in the global
pointer and the linkage map stored in the trampoline to find the
relocation.  Then, the function descriptor is updated.

In a multi-threaded application, it is possible for the global pointer
to be updated between the load of the target address and the global
pointer.  When this happens, the relocation offset has been replaced
by the new global pointer.  The function pointer has probably been
updated as well but there is no way to find the address of the function
descriptor and to transfer to the target.  So, _dl_runtime_resolve()
typically crashes.

HP-UX addressed this problem by adding an extra pc-relative branch to
the trampoline.  The descriptor is initially setup to point to the
branch.  The branch then transfers to the trampoline.  This allowed
the trampoline code to figure out which descriptor was being used
without any modification to user code.  I didn't use this approach
as it is more complex and changes function pointer canonicalization.

The order of loading the target address and global pointer in
indirect calls was not consistent with the order used in import stubs.
In particular, $$dyncall and some inline versions of it loaded the
global pointer first.  This was inconsistent with the global pointer
being updated first in dl-machine.h.  Assuming the accesses are
ordered, we want elf_machine_fixup_plt() to store the global pointer
first and calls to load it last.  Then, the global pointer will be
correct when the target function is entered.

However, just to make things more fun, HP added support for
out-of-order execution of accesses in PA 2.0.  The accesses used by
calls are weakly ordered. So, it's possibly under some circumstances
that a function might be entered with the wrong global pointer.
However, HP uses weakly ordered accesses in 64-bit HP-UX, so I assume
that loading the global pointer in the delay slot of the branch must
work consistently.

The basic fix for the race is a combination of modifying user code to
preserve the address of the function descriptor in register %r22 and
setting the least-significant bit in the relocation offset.  The
latter was suggested by Carlos as a way to distinguish relocation
offsets from global pointer values.  Conventionally, %r22 is used
as the address of the function descriptor in calls to $$dyncall.
So, it wasn't hard to preserve the address in %r22.

I have updated gcc trunk and gcc-9 branch to not clobber %r22 in
$$dyncall and inline indirect calls.  I have also modified the import
stubs in binutils trunk and the 2.33 branch to preserve %r22.  This
required making the stubs one instruction longer but we save one
relocation.  I also modified binutils to align the .plt section on
a 8-byte boundary.  This allows descriptors to be updated atomically
with a floting-point store.

With these changes, _dl_runtime_resolve() can fallback to an alternate
mechanism to find the relocation offset when it has been clobbered.
There's just one additional instruction in the fast path. I tested
the fallback function, _dl_fix_reloc_arg(), by changing the branch to
always use the fallback.  Old code still runs as it did before.

Fixes bug 23296.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
(cherry picked from commit 1a044511a3)
2020-05-04 21:56:38 +02:00
Aurelien Jarno
d39fb022c2 Add NEWS entry for CVE-2020-1751 (bug 25423)
Reviewed-by: Carlos O'Donell <carlos@redhat.com>

(cherry picked from commit 07d16a6deb)
2020-03-24 23:12:55 +01:00
Adhemerval Zanella
46bbbd4622 posix: Fix system error return value [BZ #25715]
It fixes 5fb7fc9635 when posix_spawn fails.

Checked on x86_64-linux-gnu and i686-linux-gnu.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>

(cheery picked from commit f09542c584)
2020-03-24 09:15:19 -03:00
Aurelien Jarno
3937f6806d Add NEWS entry for CVE-2020-1752 (bug 25414)
(cherry picked from commit 39a05214fe)
2020-03-19 22:58:30 +01:00
Aurelien Jarno
05c08d5aea NEWS: update list of bugs fixed on the 2.31 branch 2020-03-11 12:55:36 +01:00
Aurelien Jarno
123d48b33a Add NEWS entry for CVE-2020-10029 (bug 25487)
(cherry picked from commit 15ab195229)
2020-03-11 12:26:52 +01:00
Joseph Myers
9f997ceca2 Avoid ldbl-96 stack corruption from range reduction of pseudo-zero (bug 25487).
Bug 25487 reports stack corruption in ldbl-96 sinl on a pseudo-zero
argument (an representation where all the significand bits, including
the explicit high bit, are zero, but the exponent is not zero, which
is not a valid representation for the long double type).

Although this is not a valid long double representation, existing
practice in this area (see bug 4586, originally marked invalid but
subsequently fixed) is that we still seek to avoid invalid memory
accesses as a result, in case of programs that treat arbitrary binary
data as long double representations, although the invalid
representations of the ldbl-96 format do not need to be consistently
handled the same as any particular valid representation.

This patch makes the range reduction detect pseudo-zero and unnormal
representations that would otherwise go to __kernel_rem_pio2, and
returns a NaN for them instead of continuing with the range reduction
process.  (Pseudo-zero and unnormal representations whose unbiased
exponent is less than -1 have already been safely returned from the
function before this point without going through the rest of range
reduction.)  Pseudo-zero representations would previously result in
the value passed to __kernel_rem_pio2 being all-zero, which is
definitely unsafe; unnormal representations would previously result in
a value passed whose high bit is zero, which might well be unsafe
since that is not a form of input expected by __kernel_rem_pio2.

Tested for x86_64.

(cherry picked from commit 9333498794)
2020-03-04 22:11:55 +01:00
WANG Xuerui
aa638b86b2 mips: Fix argument passing for inlined syscalls on Linux [BZ #25523]
According to [gcc documentation][1], temporary variables must be used for
the desired content to not be call-clobbered.

Fix the Linux inline syscall templates by adding temporary variables,
much like what x86 did before
(commit 381a0c26d7).

Tested with gcc 9.2.0, both cross-compiled and natively on Loongson
3A4000.

[1]: https://gcc.gnu.org/onlinedocs/gcc/Local-Register-Variables.html

(cherry picked from commit 4fbba6fe90)
2020-02-13 20:18:20 +01:00
Siddhesh Poyarekar
e7daa7fcf7 Add bugs fixed in 2.31 in NEWS 2020-02-01 17:16:54 +05:30
Siddhesh Poyarekar
f1bb5499d1 Add note to NEWS about kernel headers dependency on risc-v
It was discovered that RISC-V 64-bit still needs kernel headers >= 5.0
to be installed to build correctly:

https://gitlab.com/kubu93/toolchains-builder/-/jobs/422726962

Fix up the NEWS item to make that clear.
2020-02-01 17:16:54 +05:30
Szabolcs Nagy
2cd01a1df2 Add NEWS entry about 64-bit time_t syscall use on 32-bit targets
This internal change ideally should not affect the public API or ABI,
but there is a widespread use of seccomp sandboxes, even on 32-bit
targets, that don't handle new Linux syscall usage well, so it's
worth mentioning in the NEWS.

Co-authored-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2020-01-31 10:00:48 +00:00
Dragan Mladjenovic
ba44e5b508 Add NEWS entry about the change in handling of PT_GNU_STACK on MIPS
The change was introduced in:

commit 33bc9efd91
Author: Dragan Mladjenovic <dmladjenovic@wavecomp.com>
Date:   Fri Aug 23 16:38:04 2019 +0000

    mips: Force RWX stack for hard-float builds that can run on pre-4.8 kernels

and probably requires a small explanation.

Co-authored-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2020-01-23 19:58:55 +05:30
Zack Weinberg
521c7fc65f
Revise NEWS description of changes to gettimeofday etc.
Mostly English grammar and style improvements.  The bullet list is
reorganized a little for clarity.  The details of exactly which
Linux-based ports still report system-wide time zone information
from gettimeofday has been removed, as this is not intended to be
something people should rely on.

Also clarify the deprecation of older SPARC ISAs, based on the fact
that “SPARC version 7” is actually the very first version of the SPARC
ISA (Sun Microsystems was very fond of letting the marketing
department pick version numbers).

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2020-01-09 09:46:46 -05:00
Siddhesh Poyarekar
97ff54d2fc Drop dependency of dist target on ChangeLog
We no longer write manual ChangeLog entries since they are
auto-generated at release time.  Drop dependency of the `make dist`
target on the file and document the fact that the latest ChangeLog
entries can be read in the highest numbered ChangeLog.N file in
ChangeLog.old.

The ChangeLog.old/ChangeLog.20 file for 2.31 will thus be generated
just before tagging a release.

Reviewed-by: Paul Eggert <eggert@cs.ucla.edu>
Reviewed-by: Jonathan Nieder <jrnieder@gmail.com>
2020-01-09 13:28:08 +05:30
Florian Weimer
a1bd5f8673 Linux: Use system call tables during build
Use <arch-syscall.h> instead of <asm/unistd.h> to obtain the system
call numbers.  A few direct includes of <asm/unistd.h> need to be
removed (if the system call numbers are already provided indirectly
by <sysdep.h>) or replaced with <sys/syscall.h>.

Current Linux headers for alpha define the required system call names,
so most of the _NR_* hacks are no longer needed.  For the 32-bit arm
architecture, eliminate the INTERNAL_SYSCALL_ARM macro, now that we
have regular system call names for cacheflush and set_tls.  There are
more such cleanup opportunities for other architectures, but these
cleanups are required to avoid macro redefinition errors during the
build.

For ia64, it is desirable to use <asm/break.h> directly to obtain
the break number for system calls (which is not a system call number
itself).  This requires replacing __BREAK_SYSCALL with
__IA64_BREAK_SYSCALL because the former is defined as an alias in
<asm/unistd.h>, but not in <asm/break.h>.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2020-01-02 10:18:23 +01:00
Joseph Myers
5f72f9800b Update copyright dates not handled by scripts/update-copyrights.
I've updated copyright dates in glibc for 2020.  This is the patch for
the changes not generated by scripts/update-copyrights and subsequent
build / regeneration of generated files.  As well as the usual annual
updates, mainly dates in --version output (minus libc.texinfo which
previously had to be handled manually but is now successfully updated
by update-copyrights), there is a fix to
sysdeps/unix/sysv/linux/powerpc/bits/termios-c_lflag.h where a typo in
the copyright notice meant it failed to be updated automatically.

Please remember to include 2020 in the dates for any new files added
in future (which means updating any existing uncommitted patches you
have that add new files to use the new copyright dates in them).
2020-01-01 00:21:22 +00:00
Joseph Myers
d614a75396 Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
Florian Weimer
79e0cd7b3c Lazy binding failures during dlopen/dlclose must be fatal [BZ #24304]
If a lazy binding failure happens during the execution of an ELF
constructor or destructor, the dynamic loader catches the error
and reports it using the dlerror mechanism.  This is undesirable
because there could be other constructors and destructors that
need processing (which are skipped), and the process is in an
inconsistent state at this point.  Therefore, we have to issue
a fatal dynamic loader error error and terminate the process.

Note that the _dl_catch_exception in _dl_open is just an inner catch,
to roll back some state locally.  If called from dlopen, there is
still an outer catch, which is why calling _dl_init via call_dl_init
and a no-exception is required and cannot be avoiding by moving the
_dl_init call directly into _dl_open.

_dl_fini does not need changes because it does not install an error
handler, so errors are already fatal there.

Change-Id: I6b1addfe2e30f50a1781595f046f44173db9491a
2019-11-27 20:55:35 +01:00
Florian Weimer
446997ff14 resolv: Implement trust-ad option for /etc/resolv.conf [BZ #20358]
This introduces a concept of trusted name servers, for which the
AD bit is passed through to applications.  For untrusted name
servers (the default), the AD bit in responses are cleared, to
provide a safe default.

This approach is very similar to the one suggested by Pavel Šimerda
in <https://bugzilla.redhat.com/show_bug.cgi?id=1164339#c15>.

The DNS test framework in support/ is enhanced with support for
setting the AD bit in responses.

Tested on x86_64-linux-gnu.

Change-Id: Ibfe0f7c73ea221c35979842c5c3b6ed486495ccc
2019-11-27 20:54:37 +01:00
Adhemerval Zanella
5d9b7b9fa7 Remove 32 bit sparc v7 support
The patch is straighforward:

  - The sparc32 v8 implementations are moved as the generic ones.

  - A configure test is added to check for either __sparc_v8__ or
    __sparc_v9__.

  - The triple names are simplified and sparc implies sparcv8.

The idea is to keep support on sparcv8 architectures that does support
CAS instructions, such as LEON3/LEON4.

Checked on a sparcv9-linux-gnu and sparc64-linux-gnu.

Tested-by: Andreas Larsson <andreas@gaisler.com>
2019-11-27 09:37:57 -03:00
Marcin Kościelnicki
d5dfad4326 rtld: Check __libc_enable_secure before honoring LD_PREFER_MAP_32BIT_EXEC (CVE-2019-19126) [BZ #25204]
The problem was introduced in glibc 2.23, in commit
b9eb92ab05
("Add Prefer_MAP_32BIT_EXEC to map executable pages with MAP_32BIT").
2019-11-21 12:56:44 +01:00
Talachan Mon
c5fbd7c3ea Add new locale: mnw_MM (Mon language spoken in Myanmar) [BZ #25139] 2019-11-06 08:15:16 +01:00
Mike Crowe
3ef5e118f2 nptl: Fix niggles with pthread_clockjoin_np
Joseph Myers spotted[1] that 69ca4b54c1 added
pthread_clockjoin_np to sysdeps/nptl/pthread.h but not to its hppa-specific
equivalent sysdeps/unix/sysv/linux/hppa/pthread.h.

Rafal Luzynski spotted[2] typos in the NEWS entry and manual updates too.

Florian Weimer spotted[3] that the clockid parameter was not using a
reserved identifier in pthread.h.

[1] https://sourceware.org/ml/libc-alpha/2019-11/msg00016.html
[2] https://sourceware.org/ml/libc-alpha/2019-11/msg00019.html
[3] https://sourceware.org/ml/libc-alpha/2019-11/msg00022.html

Reviewed-by: Joseph Myers <joseph@codesourcery.com>
Reviewed-by: Rafal Luzynski <digitalfreak@lingonborough.com>
Reviewed-by: Florian Weimer <fw@deneb.enyo.de>
2019-11-04 16:44:49 -03:00
Mike Crowe
69ca4b54c1 nptl: Add pthread_clockjoin_np
Introduce pthread_clockjoin_np as a version of pthread_timedjoin_np that
accepts a clockid_t parameter to indicate which clock the timeout should be
measured against. This mirrors the recently-added POSIX-proposed "clock"
wait functions.

Checked on x86_64-linux-gnu.

Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2019-11-01 11:23:43 -03:00