Autoconf has been deprecating configure.in for quite a long time.
Rename all our configure.in and preconfigure.in files to .ac.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
The Secure RPC implementation in glibc uses DES encryption
during authentication of the user. This use of DES means
that anyone using Sun RPC will likely not be compliant
with FIPS 140-2 which forbids the use of DES.
One solution to the compliance issue is to disable AUTH_DES
and AUTH_KERB, both use DES, when in FIPS compliance mode.
This is not a good idea because it disables all of the even
mildly secure methods of authentication allowing only plain
text methods.
Instead we leave AUTH_DES and AUTH_KERB enabled in FIPS
compliance mode and document the compliance issue in the
manual. FIPS allows this, that is to say that if you can't
fix it you must document the non-compliance.
This commit adds documentation to that effect in the
"DES encryption and password handling" section of the
manual.
Add systemtap probes to various slow paths in libm so that application
developers may use systemtap to find out if their applications are
hitting these slow paths. We have added probes for pow, exp, log,
tan, atan and atan2.
for ChangeLog
* malloc/arena.c (new_heap): New memory_heap_new probe.
(grow_heap): New memory_heap_more probe.
(shrink_heap): New memory_heap_less probe.
(heap_trim): New memory_heap_free probe.
* malloc/malloc.c (sysmalloc): New memory_sbrk_more probe.
(systrim): New memory_sbrk_less probe.
* manual/probes.texi: Document them.
The end of the "Parsing of Floats" subsection currently reads:
The GNU C Library also provides '_l' versions of these functions,
which take an additional argument, the locale to use in conversion.
*Note Parsing of Integers::.
Split the final note as it is unrelated to the above comment and
reference it with "See also" instead.
The pt-chown binary is discussed in the "Running make install" section
without clarification of the needed configure option. Clarify this
and simplfy the discription which is already covered in the "Configuring
and compiling" section.
The helper binary pt_chown tricked into granting access to another
user's pseudo-terminal.
Pre-conditions for the attack:
* Attacker with local user account
* Kernel with FUSE support
* "user_allow_other" in /etc/fuse.conf
* Victim with allocated slave in /dev/pts
Using the setuid installed pt_chown and a weak check on whether a file
descriptor is a tty, an attacker could fake a pty check using FUSE and
trick pt_chown to grant ownership of a pty descriptor that the current
user does not own. It cannot access /dev/pts/ptmx however.
In most modern distributions pt_chown is not needed because devpts
is enabled by default. The fix for this CVE is to disable building
and using pt_chown by default. We still provide a configure option
to enable hte use of pt_chown but distributions do so at their own
risk.
It is the magnitude of the return value which lies
in [0.5, 1), not the return value itself.
---
2013-05-28 Ben North <ben@redfrontdoor.org>
* manual/arith.texi (frexp): It is the magnitude of the return
value which lies in [0.5, 1), not the return value itself.
Rewrite the first paragraph to talk about users not humans,
and to use correct English.
Clarify that it is the mapping of messages to IDs that
impacts the design of the message translation API.
---
2013-05-07 Carlos O'Donell <carlos@redhat.com>
* manual/message.texi (Message Translation): Talk about users.
Message to key mapping impacts design.
This adds the base chapter for POSIX threads and also documentation
for thread-specific data, along with a note on its interaction with
C++11 thread_local variables.
Surround the "Detailed Node Listing" section of the info page menu with
@detailmenu flags to avoid confusing texinfo. Resolves a large number
of warnings printed by texinfo-5.0.