The startup code in csu/, and the brk and sbrk functions are
needed very early in initialization of a statically-linked program,
before the stack guard is initialized; TLS initialization also uses
memcpy, which cannot overrun its own stack. Mark all of these as
-fno-stack-protector.
We also finally introduce @libc_cv_ssp@ and @no_stack_protector@, both
substituted by the configury changes made earlier, to detect the case
when -fno-stack-protector is supported by the compiler, and
unconditionally pass it in when this is the case, whether or not
--enable-stack-protector is passed to configure. (This means that
it'll even work when the compiler's been hacked to pass
-fstack-protector by default, unless the hackage is so broken that
it does so in a way that is impossible to override.)
Add a configure check that looks for python3 and python in that order
since we had agreed in the past to prefer python3 over python in all
our code. The patch also adjusts invocations through the various
Makefiles to use the set variable.
* configure.ac: Check for python3 or python.
* configure: Regenerated.
* config.make.in (PYTHON): New variable.
* benchtests/Makefile: Don't define PYTHON.
(bench): Define target only if PYTHON was defined.
* Rules: Don't define PYTHON.
Define pretty printer targets only if PYTHON was defined.
(tests-printers): Add to tests-unsupported if PYTHON is not
found.
(python-flags, python-invoke): Remove.
(tests-printers-out): Use PYTHON instead of python-invoke.
Some configurations may use NSS cryptographic routines but have no
static library for those routines. The following changes allow glibc to
be built and tested with --enable-nss-crypt, but without having a static
NSS library. At a high level the change does two things:
(1) Detect at configure time if static NSS crypto libraries are
available. Assumes libfreebl3.a (instead of the existing Fedora
libfreebl.a which is incomplete) which matches libfreebl3.so.
(2) If static NSS crypto libraries are _not_ available then adjust the
way in which we build tst-linkall-static. This includes excluding a
reference to crypt and not linking against libcrypt.a, all of which
will fail otherwise.
Testing assumptions:
* Static library is named libfreebl3.a (not libfreebl.a as is currently
provided in Fedora), matching libfreebl3.so shared link name.
Tested on x86_64 on Fedora with:
(a) --enable-nss-crypt, with no static NSS library support: PASS
(previous FAIL)
(b) --enable-nss-crypt, with faked static NSS library support: PASS
(unsupported)
* Requires changing elf/Makefile to include a stub
/lib64/libfreebl3.a for testing purposes.
(c) --disable-nss-crypt: PASS
(default)
No regressions on x86_64.
For details see:
https://www.sourceware.org/ml/libc-alpha/2016-11/msg00647.html
In 1999 the project split "localedir" into "localedir" (path to compiled
locale archives) and "msgcatdir" (path to message catalogs). This
predates the 2002 change in the GNU Coding Standard to document the use
of "localedir" for the path to the message catalogs. It appears that
newlib, gcc, and several other projects also used "msgcatdir" at one
point or another in the past, and so it is in line with historical
precedent that glibc would also use "msgcatdir." However, given that the
GNU Coding Standard uses "localedir", we will switch to that for
consistency as a GNU project. Previous uses of --localdir didn't work
anyway (see bug 14259).
I am committing this patch in the understanding that nobody would object
to fixing #14259 as part of aligning our variable usage to the GNU
Coding Standard.
Given that previous "localedir" uses were converted to "complocaledir"
by [1], we can now convert "msgcatdir" to "localedir" and complete the
transition. With an addition to config.make.in we also fix bug 14259 and
allow users to specify the locale dependent data directory with
"--localedir" at configure time. There is still no way to control at
configure time the location of the *compiled* locale directory.
Tested on x86_64 with no regressions.
Tested using "--localedir" to specify alternate locale dependent data
directory and verified with "make install DESTDIR=/tmp/glibc".
[1] 90fe682d30
In preparation to fix the --localedir configure argument we must
move the existing conflicting definition of localedir to a more
appropriate name. Given that all current internal uses of localedir
relate to the compiled locales we rename to complocaledir.
sysdeps/nptl/configure.ac tests for forced unwind support and the C
cleanup attribute, giving errors if either is unsupported. It does
nothing beyond running those two tests.
Both the attribute, and _Unwind_GetCFA which is used in the forced
unwind test, were added in GCC 3.3. Thus these tests are long
obsolete, and this patch removes the configure fragment running them,
along with associated conditionals.
Tested for x86_64 and x86 (testsuite, and that installed stripped
shared libraries are unchanged by the patch).
* sysdeps/nptl/configure.ac: Remove file.
* sysdeps/nptl/configure: Remove generated file.
* configure.ac (libc_cv_forced_unwind): Do not substitute.
* configure: Regenerated.
* config.h.in (HAVE_FORCED_UNWIND): Remove #undef.
* config.make.in (have-forced-unwind): Remove variable.
* nptl/Makefile [$(have-forced-unwind) = yes]: Make code
unconditional.
* nptl/descr.h [HAVE_FORCED_UNWIND]: Likewise.
* nptl/unwind.c [HAVE_FORCED_UNWIND]: Likewise.
(__pthread_unwind) [!HAVE_FORCED_UNWIND]: Remove conditional code.
* nptl/version.c [HAVE_FORCED_UNWIND]: Make code unconditional.
* sysdeps/nptl/Makefile [$(have-forced-unwind) = yes]: Make code
unconditional.
There is a configure test for the presence of glibc 2.0 headers (that
were renamed / no longer installed in glibc 2.1) and associated
support for removing them on "make install".
Normal practice for subsequent removal / renaming of installed files
has been not to do anything special about removing them; if you want
installed files from an old installation removed reliably, you need to
use a packaging system that tracks what files were installed by a
previous glibc package (via installing in an intermediate directory
with install_root). I think it's been long enough since 2.0 that it's
not particularly useful to have that special logic for those old
headers either; this patch removes it.
Tested for x86_64 and x86 (testsuite, and that installed shared
libraries are unchanged by the patch).
* configure.ac (old_glibc_headers): Remove configure test.
* configure: Regenerated.
* config.make.in (old-glibc-headers): Remove variable.
* Makefile [!$(install_root) && $(old-glibc-headers) = yes]
(install): Remove dependency on remove-old-headers.
(headers2_0): Remove variable.
(remove-old-headers): Remove rule.
With gcc-4.9, a new -fstack-protector-strong flag is available that is
between -fstack-protector (pretty weak) and -fstack-protector-all (pretty
strong) that provides good trade-offs between overhead but still providing
good coverage. Update the places in glibc that use ssp to use this flag
when it's available.
This also kills off the indirection of hardcoding the flag name in the
Makefiles and adding it based on a have-ssp boolean. Instead, the build
always expands the $(stack-protector) variable to the best ssp setting.
This makes the build logic a bit simpler and allows people to easily set
to a diff flag like:
make stack-protector=-fstack-protector-all
There is a configure test for -fgnu89-inline. This option was added
in GCC 4.2, so the test is obsolete; this patch removes it.
Tested for x86_64 (testsuite, and that installed shared libraries are
unchanged by the patch).
* configure.ac (libc_cv_gnu89_inline): Remove configure test.
* configure: Regenerated.
* config.make.in (gnu89-inline-CFLAGS): Remove variable.
* Makeconfig (CFLAGS): Use -fgnu89-inline instead of
$(gnu89-inline-CFLAGS).
There is a configure test for the -Bgroup linker option whose results
aren't used anywhere. This patch removes that test.
Tested for x86_64 (testsuite, and that installed shared libraries are
unchanged by the patch).
* configure.ac (libc_cv_Bgroup): Remove configure test.
* configure: Regenerated.
* config.make.in (have-Bgroup): Remove variable.
There is a configure test for sizeof (long double) whose results
aren't used anywhere. This patch removes that test.
Tested for x86_64 (testsuite, and that installed shared libraries are
unchanged by the patch).
* configure.ac (sizeof_long_double): Remove configure test.
* configure: Regenerated.
* config.make.in (sizeof-long-double): Remove variable.
There is a configure test for -static-libgcc. GCC added this option
in version 3.0, so this test is obsolete; this patch removes it.
Tested for x86_64 and x86 (testsuite, and that installed shared
libraries are unchanged by the patch).
* configure.ac (libc_cv_gcc_static_libgcc): Remove configure test.
* configure: Regenerated.
* config.make.in (static-libgcc): Remove variable.
* Makerules (build-shlib-helper): Use -static-libgcc instead of
$(static-libgcc).
(build-module-helper): Likewise.
Some distros build+install the timezone tools (zic/zdump/tzselect) outside
of glibc and use the upstream package directly. Add a configure flag to
glibc so they can disable install of those tools.
This allows tests to run & pass regardless of the configure flag. Only
the install of them is impacted.
To support building glibc with GCC 6 configured with --enable-default-pie,
which generates PIE by default, we need to build programs as PIE. But
elf/tst-dlopen-aout must not be built as PIE since it tests dlopen on
ET_EXEC file and PIE is ET_DYN.
[BZ #17841]
* Makeconfig (no-pie-ldflag): New.
(+link): Set to $(+link-pie) if default to PIE.
(+link-tests): Set to $(+link-pie-tests) if default to PIE.
* config.make.in (build-pie-default): New.
* configure.ac (libc_cv_pie_default): New. Set to yes if -fPIE
is default. AC_SUBST.
* configure: Regenerated.
* elf/Makefile (LDFLAGS-tst-dlopen-aout): New.
Linkers in some versions of binutils 2.25 and 2.26 don't support protected
data symbol with error messsage like:
/usr/bin/ld: copy reloc against protected `bar' is invalid
/usr/bin/ld: failed to set dynamic section sizes: Bad value
We check if linker supports copy reloc against protected data symbol to
avoid running the test if linker is broken.
[BZ #17711]
* config.make.in (have-protected-data): New.
* configure.ac: Check linker support for protected data symbol.
* configure: Regenerated.
* elf/Makefile (modules-names): Add tst-protected1moda and
tst-protected1modb if $(have-protected-data) is yes.
(tests): Add tst-protected1a and tst-protected1b if
$(have-protected-data) is yes.
($(objpfx)tst-protected1a): New.
($(objpfx)tst-protected1b): Likewise.
(tst-protected1modb.so-no-z-defs): Likewise.
* elf/tst-protected1a.c: New file.
* elf/tst-protected1b.c: Likewise.
* elf/tst-protected1mod.h: Likewise.
* elf/tst-protected1moda.c: Likewise.
* elf/tst-protected1modb.c: Likewise.
As discussed starting at
<https://sourceware.org/ml/libc-alpha/2014-11/msg00323.html>, this
patch makes the glibc build use -Werror by default to avoid
accidentally adding new warnings to the build. The configure option
--disable-werror can be used to disable this.
-Wno-error=undef is temporarily used because the build isn't clean
regarding -Wundef warnings. The idea is that once the remaining
-Wundef warnings have been cleaned up (in at least one configuration),
-Wno-error=undef will be removed.
I get a clean build and test on x86_64 (GCC 4.9 branch) with this
patch. The expectation is that this may well break the build for some
other configurations, and people seeing such breakage should make
appropriate fixes to fix or suppress the warnings for their
configurations. In some cases that may involve using pragmas as the
right fix (I think that will be right for the -Wno-inline issue for
MIPS I referred to in
<https://sourceware.org/ml/libc-alpha/2012-11/msg00798.html>, for
example), in some cases -Wno-error in sysdeps makefiles (__restore_rt
in MIPS sigaction, for example), in some cases substantive fixes for
the warnings.
Note that if, with a view to listing all the warnings then fixing them
all, you just look for "warning:" in output from building and testing
with --disable-werror, you'll see lots of warnings from the linker
about functions such as tmpnam. Those warnings can be ignored - only
compiler warnings are relevant to -Werror, not linker warnings.
* configure.ac (--disable-werror): New configure option.
(enable_werror): New AC_SUBST.
* configure: Regenerated.
* config.make.in (enable-werror): New variable.
* Makeconfig [$(enable-werror) = yes] (+gccwarn): Add -Werror
-Wno-error=undef.
(+gccwarn-c): Do not use -Werror=implicit-function-declaration.
* manual/install.texi (Configuring and compiling): Document
--disable-werror.
* INSTALL: Regenerated.
* debug/Makefile (CFLAGS-tst-chk1.c): Add -Wno-error.
(CFLAGS-tst-chk2.c): Likewise.
(CFLAGS-tst-chk3.c): Likewise.
(CFLAGS-tst-chk4.cc): Likewise.
(CFLAGS-tst-chk5.cc): Likewise.
(CFLAGS-tst-chk6.cc): Likewise.
(CFLAGS-tst-lfschk1.c): Likewise.
(CFLAGS-tst-lfschk2.c): Likewise.
(CFLAGS-tst-lfschk3.c): Likewise.
(CFLAGS-tst-lfschk4.cc): Likewise.
(CFLAGS-tst-lfschk5.cc): Likewise.
(CFLAGS-tst-lfschk6.cc): Likewise.
This patch removes the --enable-oldest-abi configure option, which has
long been bitrotten (as reported in bug 6652). The principle of
removing this option was agreed in the thread starting at
<https://sourceware.org/ml/libc-alpha/2013-07/msg00174.html>.
Tested for x86_64 and x86 that the installed shared libraries other
than libc.so are unchanged by this patch and that libc.so disassembly
and symbol versions are unchanged (debug info changes because of
changed line numbers in csu/version.c).
[BZ #6652]
* Makeconfig (soversions-default-setname): Remove variable.
($(common-objpfx)soversions.i): Don't pass default_setname to
soversions.awk.
* Makerules ($(common-objpfx)abi-versions.h): Don't pass
oldest_abi to abi-versions.awk.
* config.h.in (GLIBC_OLDEST_ABI): Remove macro undefine.
* config.make.in (oldest-abi): Remove variable.
* configure.ac (--enable-oldest-abi): Remove configure option.
* configure: Regenerated.
* csu/version.c (banner) [GLIBC_OLDEST_ABI]: Remove conditional
text.
* scripts/abi-versions.awk: Do not handle oldest_abi variable.
* scripts/soversions.awk: Do not handle default_setname variable.
* sysdeps/mach/hurd/configure.ac: Do not handle oldest_abi
variable.
* sysdeps/mach/hurd/configure: Regenerated.
* sysdeps/unix/sysv/linux/configure.ac: Do not handle oldest_abi
variable.
* sysdeps/unix/sysv/linux/configure: Regenerated.
Added support for TX lock elision of pthread mutexes on s390 and
s390x. This may improve lock scaling of existing programs on TX
capable systems. The lock elision code is only built with
--enable-lock-elision=yes and then requires a GCC version supporting
the TX builtins. With lock elision default mutexes are elided via
__builtin_tbegin, if the cpu supports transactions. By default lock
elision is not enabled and the elision code is not built.
This patch makes the configure adds -D_CALL_ELF=1 when compiler does
not define _CALL_ELF (versions before powerpc64le support). It cleans
up compiler warnings on old compiler where _CALL_ELF is not defined
on powerpc64(be) builds.
It does by add a new config.make variable for configure-deduced
CPPFLAGS and accumulate into that (confix-extra-cppflags). It also
generalizes libc_extra_cflags so it accumulates in sysdeps configure
fragmenets.
The helper binary pt_chown tricked into granting access to another
user's pseudo-terminal.
Pre-conditions for the attack:
* Attacker with local user account
* Kernel with FUSE support
* "user_allow_other" in /etc/fuse.conf
* Victim with allocated slave in /dev/pts
Using the setuid installed pt_chown and a weak check on whether a file
descriptor is a tty, an attacker could fake a pty check using FUSE and
trick pt_chown to grant ownership of a pty descriptor that the current
user does not own. It cannot access /dev/pts/ptmx however.
In most modern distributions pt_chown is not needed because devpts
is enabled by default. The fix for this CVE is to disable building
and using pt_chown by default. We still provide a configure option
to enable hte use of pt_chown but distributions do so at their own
risk.
New configure option --enable-obsolete-rpc makes the deprecated RPC
headers and functions available at compile time as they were before
version 2.14. This option will be removed at some time in the future
after the TI-RPC library becomes fully sufficient for the needs of
existing applications.
* sysdeps/sparc/configure.in: New file.
* sysdeps/sparc/configure: Generate.
* configure.in (libc_cv_sparc_as_vis3): Substitute.
* configure: Regenerate.
* config.h.in (HAVE_AS_VIS3_SUPPORT): New.
* config.make.in (have-as-vis3): New.
* sysdeps/sparc/sparc32/sparcv9/Makefile (ASFLAGS-*): If VIS3 is
available use -Av9d instead of -Av9a.
* sysdeps/sparc/sparc64/Makefile: Likewise.
* sysdeps/sparc/sparc32/sparcv9/fpu/multiarch/Makefile: New file.
* sysdeps/sparc/sparc32/sparcv9/fpu/multiarch/s_copysign-vis3.S: New file.
* sysdeps/sparc/sparc32/sparcv9/fpu/multiarch/s_copysign.S: New file.
* sysdeps/sparc/sparc32/sparcv9/fpu/multiarch/s_copysignf-vis3.S: New file.
* sysdeps/sparc/sparc32/sparcv9/fpu/multiarch/s_copysignf.S: New file.
* sysdeps/sparc/sparc64/fpu/multiarch/Makefile: New file.
* sysdeps/sparc/sparc64/fpu/multiarch/s_signbit-vis3.S: New file.
* sysdeps/sparc/sparc64/fpu/multiarch/s_signbit.S: New file.
* sysdeps/sparc/sparc64/fpu/multiarch/s_signbitf-vis3.S: New file.
* sysdeps/sparc/sparc64/fpu/multiarch/s_signbitf.S: New file.