Commit Graph

588 Commits

Author SHA1 Message Date
Florian Weimer
c533244b8e nscd: Do not use __inet_aton_exact@GLIBC_PRIVATE [BZ #20018]
This commit avoids referencing the __inet_aton_exact@GLIBC_PRIVATE
symbol from nscd.  In master, the separately-compiled getaddrinfo
implementation in nscd needs it, however such an internal ABI change
is not desirable on a release branch if it can be avoided.
2019-02-04 21:36:38 +01:00
Florian Weimer
2373941bd7 CVE-2016-10739: getaddrinfo: Fully parse IPv4 address strings [BZ #20018]
The IPv4 address parser in the getaddrinfo function is changed so that
it does not ignore trailing whitespace and all characters after it.
For backwards compatibility, the getaddrinfo function still recognizes
legacy name syntax, such as 192.000.002.010 interpreted as 192.0.2.8
(octal).

This commit does not change the behavior of inet_addr and inet_aton.
gethostbyname already had additional sanity checks (but is switched
over to the new __inet_aton_exact function for completeness as well).

To avoid sending the problematic query names over DNS, commit
6ca53a2453 ("resolv: Do not send queries
for non-host-names in nss_dns [BZ #24112]") is needed.

(cherry picked from commit 108bc4049f)
2019-02-04 21:36:37 +01:00
Paul Pluzhnikov
9071be6b3f [BZ #20271] Add newlines in __libc_fatal calls.
(cherry picked from commit a6e8926f8d)
2018-11-09 10:17:07 -05:00
Florian Weimer
7d174f5353 nscd: Fix use-after-free in addgetnetgrentX [BZ #23520]
addinnetgrX may use the heap-allocated buffer, so free the buffer
in this function.

(cherry picked from commit 745664bd79)
2018-11-09 10:17:00 -05:00
Florian Weimer
bfcfa22589 nscd: Deallocate existing user names in file parser
This avoids a theoretical memory leak (theoretical because it depends on
multiple server-user/stat-user directives in the configuration file).

(cherry picked from commit 2d7acfac3e)
2018-08-14 10:57:05 +02:00
Zack Weinberg
841785bad1 manual: Revise crypt.texi.
This is a major rewrite of the description of 'crypt', 'getentropy',
and 'getrandom'.

A few highlights of the content changes:

 - Throughout the manual, public headers, and user-visible messages,
   I replaced the term "password" with "passphrase", the term
   "password database" with "user database", and the term
   "encrypt(ion)" with "(one-way) hashing" whenever it was applied to
   passphrases.  I didn't bother making this change in internal code
   or tests.  The use of the term "password" in ruserpass.c survives,
   because that refers to a keyword in netrc files, but it is adjusted
   to make this clearer.

   There is a note in crypt.texi explaining that they were
   traditionally called passwords but single words are not good enough
   anymore, and a note in users.texi explaining that actual passphrase
   hashes are found in a "shadow" database nowadays.

 - There is a new short introduction to the "Cryptographic Functions"
   section, explaining how we do not intend to be a general-purpose
   cryptography library, and cautioning that there _are_, or have
   been, legal restrictions on the use of cryptography in many
   countries, without getting into any kind of detail that we can't
   promise to keep up to date.

 - I added more detail about what a "one-way function" is, and why
   they are used to obscure passphrases for storage.  I removed the
   paragraph saying that systems not connected to a network need no
   user authentication, because that's a pretty rare situation
   nowadays.  (It still says "sometimes it is necessary" to
   authenticate the user, though.)

 - I added documentation for all of the hash functions that glibc
   actually supports, but not for the additional hash functions
   supported by libxcrypt.  If we're going to keep this manual section
   around after the transition is more advanced, it would probably
   make sense to add them then.

 - There is much more detailed discussion of how to generate a salt,
   and the failure behavior for crypt is documented.  (Returning an
   invalid hash on failure is what libxcrypt does; Solar Designer's
   notes say that this was done "for compatibility with old programs
   that assume crypt can never fail".)

 - As far as I can tell, the header 'crypt.h' is entirely a GNU
   invention, and never existed on any other Unix lineage.  The
   function 'crypt', however, was in Issue 1 of the SVID and is now
   in the XSI component of POSIX.  I tried to make all of the
   @standards annotations consistent with this, but I'm not sure I got
   them perfectly right.

 - The genpass.c example has been improved to use getentropy instead
   of the current time to generate the salt, and to use a SHA-256 hash
   instead of MD5. It uses more random bytes than is strictly
   necessary because I didn't want to complicate the code with proper
   base64 encoding.

 - The testpass.c example has three hardwired hashes now, to
   demonstrate that different one-way functions produce different
   hashes for the same input.  It also demonstrates how DES hashing
   only pays attention to the first eight characters of the input.

 - There is new text explaining in more detail how a CSPRNG differs
   from a regular random number generator, and how
   getentropy/getrandom are not exactly a CSPRNG.  I tried not to make
   specific falsifiable claims here.  I also tried to make the
   blocking/cancellation/error behavior of both getentropy and
   getrandom clearer.
2018-06-29 16:53:37 +02:00
Florian Weimer
6b7b2abac7 nscd: Switch to struct scratch_buffer in adhstaiX [BZ #18023]
The pre-allocation of the three scratch buffers increased the initial
stack size somewhat, but if retries are needed, the previous version
used more stack space if extend_alloca could not merge allocations.
Lack of alloca accounting also means could be problematic with
extremely large NSS responses, too.

	[BZ #18023]
	* nscd/aicache.c (addhstaiX): Use struct scratch_buffer instead
	of extend_alloca.
2018-06-25 18:41:54 +02:00
Florian Weimer
2f9f0d182e nscd: Use struct scratch_buffer, not extend_alloca in most caches [BZ #18023]
This replaces the ERANGE retry loops with loops which have heap
fallback.  Heap allocation might actually be required for extremely
large NSS results.
2018-06-25 18:41:52 +02:00
Florian Weimer
318bad78b0 nscd restart: Use malloc instead of extend_alloca [BZ #18023]
This introduces a separate function, read_cmdline, which reads the
contents of /proc/self/cmdline into a heap-allocated buffer.
2018-06-25 17:10:15 +02:00
Florian Weimer
7f9f1ecb71 Switch IDNA implementation to libidn2 [BZ #19728] [BZ #19729] [BZ #22247]
This provides an implementation of the IDNA2008 standard and fixes
CVE-2016-6261, CVE-2016-6263, CVE-2017-14062.
2018-05-23 15:27:24 +02:00
Adhemerval Zanella
8c78faa9ef Fix concurrent changes on nscd aware files (BZ #23178)
As indicated by BZ#23178, concurrent access on some files read by nscd
may result non expected data send through service requisition.  This is
due 'sendfile' Linux implementation where for sockets with zero-copy
support, callers must ensure the transferred portions of the the file
reffered by input file descriptor remain unmodified until the reader
on the other end of socket has consumed the transferred data.

I could not find any explicit documentation stating this behaviour on
Linux kernel documentation.  However man-pages sendfile entry [1] states
in NOTES the aforementioned remark.  It was initially pushed on man-pages
with an explicit testcase [2] that shows changing the file used in
'sendfile' call prior the socket input data consumption results in
previous data being lost.

From commit message it stated on tested Linux version (3.15) only TCP
socket showed this issues, however on recent kernels (4.4) I noticed the
same behaviour for local sockets as well.

Since sendfile on HURD is a read/write operation and the underlying
issue on Linux, the straightforward fix is just remove sendfile use
altogether.  I am really skeptical it is hitting some hotstop (there
are indication over internet that sendfile is helpfull only for large
files, more than 10kb) here to justify that extra code complexity or
to pursuit other possible fix (through memory or file locks for
instance, which I am not sure it is doable).

Checked on x86_64-linux-gnu.

	[BZ #23178]
	* nscd/nscd-client.h (sendfileall): Remove prototype.
	* nscd/connections.c [HAVE_SENDFILE] (sendfileall): Remove function.
	(handle_request): Use writeall instead of sendfileall.
	* nscd/aicache.c (addhstaiX): Likewise.
	* nscd/grpcache.c (cache_addgr): Likewise.
	* nscd/hstcache.c (cache_addhst): Likewise.
	* nscd/initgrcache.c (addinitgroupsX): Likewise.
	* nscd/netgroupcache.c (addgetnetgrentX, addinnetgrX): Likewise.
	* nscd/pwdcache.c (cache_addpw): Likewise.
	* nscd/servicescache.c (cache_addserv): Likewise.
	* sysdeps/unix/sysv/linux/Makefile [$(subdir) == nscd]
	(sysdep-CFLAGS): Remove -DHAVE_SENDFILE.
	* sysdeps/unix/sysv/linux/kernel-features.h (__ASSUME_SENDFILE):
	Remove define.

[1] http://man7.org/linux/man-pages/man2/sendfile.2.html
[2] 7b6a329977 (diff-efd6af3a70f0f07c578e85b51e83b3c3)
2018-05-16 13:44:53 -03:00
Samuel Thibault
33574c17ee hurd: Add hurd thread library
Contributed by

Agustina Arzille <avarzille@riseup.net>
Amos Jeffries <squid3@treenet.co.nz>
David Michael <fedora.dm0@gmail.com>
Marco Gerards <marco@gnu.org>
Marcus Brinkmann <marcus@gnu.org>
Neal H. Walfield <neal@gnu.org>
Pino Toscano <toscano.pino@tiscali.it>
Richard Braun <rbraun@sceen.net>
Roland McGrath <roland@gnu.org>
Samuel Thibault <samuel.thibault@ens-lyon.org>
Thomas DiModica <ricinwich@yahoo.com>
Thomas Schwinge <tschwinge@gnu.org>

	* htl: New directory.
	* sysdeps/htl: New directory.
	* sysdeps/hurd/htl: New directory.
	* sysdeps/i386/htl: New directory.
	* sysdeps/mach/htl: New directory.
	* sysdeps/mach/hurd/htl: New directory.
	* sysdeps/mach/hurd/i386/htl: New directory.
	* nscd/Depend, resolv/Depend, rt/Depend: Add htl dependency.
	* sysdeps/mach/hurd/i386/Implies: Add mach/hurd/i386/htl imply.
	* sysdeps/mach/hurd/i386/libpthread.abilist: New file.
2018-04-02 01:44:14 +02:00
Andreas Schwab
eaf6753f8a Fix multiple definitions of __nss_*_database (bug 22918) 2018-03-03 17:44:24 +01:00
DJ Delorie
1c81d55fc4 [BZ #22342] Fix netgroup cache keys.
Unlike other nscd caches, the netgroup cache contains two types of
records - those for "iterate through a netgroup" (i.e. setnetgrent())
and those for "is this user in this netgroup" (i.e. innetgr()),
i.e. full and partial records.  The timeout code assumes these records
have the same key for the group name, so that the collection of records
that is "this netgroup" can be expired as a unit.

However, the keys are not the same, as the in-netgroup key is generated
by nscd rather than being passed to it from elsewhere, and is generated
without the trailing NUL.  All other keys have the trailing NUL, and as
noted in the linked BZ, debug statements confirm that two keys for the
same netgroup are added to the cache with two different lengths.

The result of this is that as records in the cache expire, the purge
code only cleans out one of the two types of entries, resulting in
stale, possibly incorrect, and possibly inconsistent cache data.

The patch simply includes the existing NUL in the computation for the
key length ('key' points to the char after the NUL, and 'group' to the
first char of the group, so 'key-group' includes the first char to the
NUL, inclusive).

	[BZ #22342]
	* nscd/netgroupcache.c (addinnetgrX): Include trailing NUL in
	key value.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2018-03-01 23:23:24 -05:00
Samuel Thibault
7bb087bd7b nscd: don't unconditionally use PTHREAD_RWLOCK_WRITER_NONRECURSIVE_INITIALIZER_NP
PTHREAD_RWLOCK_WRITER_NONRECURSIVE_INITIALIZER_NP is Linux-only.

* nscd/connections.c (RWLOCK_INITIALIZER): Define to
PTHREAD_RWLOCK_WRITER_NONRECURSIVE_INITIALIZER_NP or
PTHREAD_RWLOCK_INITIALIZER if that is not available.
(dbs): Use RWLOCK_INITIALIZER instead of
PTHREAD_RWLOCK_WRITER_NONRECURSIVE_INITIALIZER_NP.
2018-02-11 18:22:11 +01:00
Samuel Thibault
7c5b106dcb hurd: Fix getifaddrs / freeifaddrs exposition
400669754d ('hurd: Fix nscd build') had the side effect of making
libc's freeaddrinfo expose freeifaddrs through __check_pf.  We can just
move the renames to gai.c itself, along others.

* sysdeps/mach/hurd/check_pf.c (__getifaddrs, __freeifaddrs): Do not
define macros.
* nscd/gai.c (__getifaddrs): Define macro to getifaddrs.
(__freeifaddrs): Define macro to freeifaddrs.
2018-01-28 19:06:15 +01:00
Joseph Myers
09533208fe Update copyright dates not handled by scripts/update-copyrights.
I've updated copyright dates in glibc for 2018.  This is the patch for
the changes not generated by scripts/update-copyrights and subsequent
build / regeneration of generated files.

Please remember to include 2018 in the dates for any new files added
in future (which means updating any existing uncommitted patches you
have that add new files to use the new copyright dates in them).

	* NEWS: Update copyright dates.
	* catgets/gencat.c (print_version): Likewise.
	* csu/version.c (banner): Likewise.
	* debug/catchsegv.sh: Likewise.
	* debug/pcprofiledump.c (print_version): Likewise.
	* debug/xtrace.sh (do_version): Likewise.
	* elf/ldconfig.c (print_version): Likewise.
	* elf/ldd.bash.in: Likewise.
	* elf/pldd.c (print_version): Likewise.
	* elf/sotruss.sh: Likewise.
	* elf/sprof.c (print_version): Likewise.
	* iconv/iconv_prog.c (print_version): Likewise.
	* iconv/iconvconfig.c (print_version): Likewise.
	* locale/programs/locale.c (print_version): Likewise.
	* locale/programs/localedef.c (print_version): Likewise.
	* login/programs/pt_chown.c (print_version): Likewise.
	* malloc/memusage.sh (do_version): Likewise.
	* malloc/memusagestat.c (print_version): Likewise.
	* malloc/mtrace.pl: Likewise.
	* manual/libc.texinfo: Likewise.
	* nptl/version.c (banner): Likewise.
	* nscd/nscd.c (print_version): Likewise.
	* nss/getent.c (print_version): Likewise.
	* nss/makedb.c (print_version): Likewise.
	* posix/getconf.c (main): Likewise.
	* scripts/test-installation.pl: Likewise.
	* sysdeps/unix/sysv/linux/lddlibc4.c (main): Likewise.
2018-01-01 00:41:16 +00:00
Joseph Myers
688903eb3e Update copyright dates with scripts/update-copyrights.
* All files with FSF copyright notices: Update copyright dates
	using scripts/update-copyrights.
	* locale/programs/charmap-kw.h: Regenerated.
	* locale/programs/locfile-kw.h: Likewise.
2018-01-01 00:32:25 +00:00
Joseph Myers
49b036bce9 Fix nscd readlink argument aliasing (bug 22446).
Current GCC mainline detects that nscd calls readlink with the same
buffer for both input and output, which is not valid (those arguments
are both restrict-qualified in POSIX).  This patch makes it use a
separate buffer for readlink's input (with a size that is sufficient
to avoid truncation, so there should be no problems with warnings
about possible truncation, though not strictly minimal, but much
smaller than the buffer for output) to avoid this problem.

Tested compilation for aarch64-linux-gnu with build-many-glibcs.py.

	[BZ #22446]
	* nscd/connections.c (handle_request) [SO_PEERCRED]: Use separate
	buffers for readlink input and output.
2017-12-18 18:50:40 +00:00
Steve Ellcey
a7e3edf4f2 Increase buffer size due to warning from ToT GCC
* nscd/dbg_log.c (dbg_log): Increase msg buffer size.
2017-12-15 09:08:23 -08:00
Steve Ellcey
eb4285768b Use memcpy instead of strncpy in nscd/nscd.h to fix build problem with ToT GCC
* nscd/nscd.h (init_traced_file): Change strncpy to memcpy.
2017-12-12 13:47:32 -08:00
H.J. Lu
36975e8e7e Replace = with += in CFLAGS-xxx.c/CPPFLAGS-xxx.c
Replace = with += in CFLAGS-xxx.c and CPPFLAGS-xxx.c to allow Makefile
under sysdeps to define CFLAGS-xx.c and CPPFLAGS-xxx.c.

	* argp/Makefile (CFLAGS-argp-help.c): Replace = with +=.
	(CFLAGS-argp-parse.c): Likewise.
	(CFLAGS-argp-fmtstream.c): Likewise.
	* crypt/Makefile (CPPFLAGS-sha256-crypt.c): Likewise.
	(CPPFLAGS-sha512-crypt.c): Likewise.
	(CPPFLAGS-md5-crypt.c): Likewise.
	* debug/Makefile (CFLAGS-stack_chk_fail.c): Likewise.
	(CFLAGS-stack_chk_fail_local.c): Likewise.
	(CFLAGS-backtrace.c): Likewise.
	(CFLAGS-sprintf_chk.c): Likewise.
	(CFLAGS-snprintf_chk.c): Likewise.
	(CFLAGS-vsprintf_chk.c): Likewise.
	(CFLAGS-vsnprintf_chk.c): Likewise.
	(CFLAGS-asprintf_chk.c): Likewise.
	(CFLAGS-vasprintf_chk.c): Likewise.
	(CFLAGS-obprintf_chk.c): Likewise.
	(CFLAGS-dprintf_chk.c): Likewise.
	(CFLAGS-vdprintf_chk.c): Likewise.
	(CFLAGS-printf_chk.c): Likewise.
	(CFLAGS-fprintf_chk.c): Likewise.
	(CFLAGS-vprintf_chk.c): Likewise.
	(CFLAGS-vfprintf_chk.c): Likewise.
	(CFLAGS-gets_chk.c): Likewise.
	(CFLAGS-fgets_chk.c): Likewise.
	(CFLAGS-fgets_u_chk.c): Likewise.
	(CFLAGS-fread_chk.c): Likewise.
	(CFLAGS-fread_u_chk.c): Likewise.
	(CFLAGS-swprintf_chk.c): Likewise.
	(CFLAGS-vswprintf_chk.c): Likewise.
	(CFLAGS-wprintf_chk.c): Likewise.
	(CFLAGS-fwprintf_chk.c): Likewise.
	(CFLAGS-vwprintf_chk.c): Likewise.
	(CFLAGS-vfwprintf_chk.c): Likewise.
	(CFLAGS-fgetws_chk.c): Likewise.
	(CFLAGS-fgetws_u_chk.c): Likewise.
	(CFLAGS-read_chk.c): Likewise.
	(CFLAGS-pread_chk.c): Likewise.
	(CFLAGS-pread64_chk.c): Likewise.
	(CFLAGS-recv_chk.c): Likewise.
	(CFLAGS-recvfrom_chk.c): Likewise.
	(CFLAGS-tst-longjmp_chk.c): Likewise.
	(CPPFLAGS-tst-longjmp_chk.c): Likewise.
	(CFLAGS-tst-longjmp_chk2.c): Likewise.
	(CPPFLAGS-tst-longjmp_chk2.c): Likewise.
	(CFLAGS-tst-longjmp_chk3.c): Likewise.
	(CPPFLAGS-tst-longjmp_chk3.c): Likewise.
	(CFLAGS-tst-chk1.c): Likewise.
	(CFLAGS-tst-chk2.c): Likewise.
	(CFLAGS-tst-chk3.c): Likewise.
	(CFLAGS-tst-chk4.cc): Likewise.
	(CFLAGS-tst-chk5.cc): Likewise.
	(CFLAGS-tst-chk6.cc): Likewise.
	(CFLAGS-tst-lfschk1.c): Likewise.
	(CFLAGS-tst-lfschk2.c): Likewise.
	(CFLAGS-tst-lfschk3.c): Likewise.
	(CFLAGS-tst-lfschk4.cc): Likewise.
	(CFLAGS-tst-lfschk5.cc): Likewise.
	(CFLAGS-tst-lfschk6.cc): Likewise.
	(CFLAGS-tst-ssp-1.c): Likewise.
	* dirent/Makefile (CFLAGS-scandir.c): Likewise.
	(CFLAGS-scandir64.c): Likewise.
	(CFLAGS-scandir-tail.c): Likewise.
	(CFLAGS-scandir64-tail.c): Likewise.
	* elf/Makefile (CPPFLAGS-dl-tunables.c): Likewise.
	(CFLAGS-dl-tunables.c): Likewise.
	(CFLAGS-dl-runtime.c): Likewise.
	(CFLAGS-dl-lookup.c): Likewise.
	(CFLAGS-dl-iterate-phdr.c): Likewise.
	(CFLAGS-vismain.c): Likewise.
	(CFLAGS-tst-linkall-static.c): Likewise.
	(CFLAGS-tst-linkall-static.c): Likewise.
	(CPPFLAGS-dl-load.c): Likewise.
	(CFLAGS-ldconfig.c): Likewise.
	(CFLAGS-dl-cache.c): Likewise.
	(CFLAGS-cache.c): Likewise.
	(CFLAGS-rtld.c): Likewise.
	(CFLAGS-multiload.c): Likewise.
	(CFLAGS-filtmod1.c): Likewise.
	(CFLAGS-tst-align.c): Likewise.
	(CFLAGS-tst-align2.c): Likewise.
	(CFLAGS-tst-alignmod.c): Likewise.
	(CFLAGS-tst-alignmod2.c): Likewise.
	(CPPFLAGS-tst-execstack.c): Likewise.
	(CFLAGS-tst-ptrguard1-static.c): Likewise.
	(CFLAGS-tst-latepthreadmod.c): Likewise.
	* grp/Makefile (CFLAGS-getgrgid_r.c): Likewise.
	(CFLAGS-getgrnam_r.c): Likewise.
	(CFLAGS-getgrent_r.c): Likewise.
	(CFLAGS-getgrent.c): Likewise.
	(CFLAGS-fgetgrent.c): Likewise.
	(CFLAGS-fgetgrent_r.c): Likewise.
	(CFLAGS-putgrent.c): Likewise.
	(CFLAGS-initgroups.c): Likewise.
	(CFLAGS-getgrgid.c): Likewise.
	* gshadow/Makefile (CFLAGS-getsgent_r.c): Likewise.
	(CFLAGS-getsgent.c): Likewise.
	(CFLAGS-fgetsgent.c): Likewise.
	(CFLAGS-fgetsgent_r.c): Likewise.
	(CFLAGS-putsgent.c): Likewise.
	(CFLAGS-getsgnam.c): Likewise.
	(CFLAGS-getsgnam_r.c): Likewise.
	* iconv/Makefile (CFLAGS-iconv_prog.c): Likewise.
	(CFLAGS-iconv_charmap.c): Likewise.
	(CFLAGS-dummy-repertoire.c): Likewise.
	(CFLAGS-charmap.c): Likewise.
	(CFLAGS-linereader.c): Likewise.
	(CFLAGS-simple-hash.c): Likewise.
	(CFLAGS-gconv_conf.c): Likewise.
	(CFLAGS-iconvconfig.c): Likewise.
	* inet/Makefile (CFLAGS-gethstbyad_r.c): Likewise.
	(CFLAGS-gethstbyad.c): Likewise.
	(CFLAGS-gethstbynm_r.c): Likewise.
	(CFLAGS-gethstbynm.c): Likewise.
	(CFLAGS-gethstbynm2_r.c): Likewise.
	(CFLAGS-gethstbynm2.c): Likewise.
	(CFLAGS-gethstent_r.c): Likewise.
	(CFLAGS-gethstent.c): Likewise.
	(CFLAGS-rcmd.c): Likewise.
	(CFLAGS-getnetbynm_r.c): Likewise.
	(CFLAGS-getnetbynm.c): Likewise.
	(CFLAGS-getnetbyad_r.c): Likewise.
	(CFLAGS-getnetbyad.c): Likewise.
	(CFLAGS-getnetent_r.c): Likewise.
	(CFLAGS-getnetent.c): Likewise.
	(CFLAGS-getaliasent_r.c): Likewise.
	(CFLAGS-getaliasent.c): Likewise.
	(CFLAGS-getrpcent_r.c): Likewise.
	(CFLAGS-getrpcent.c): Likewise.
	(CFLAGS-getservent_r.c): Likewise.
	(CFLAGS-getservent.c): Likewise.
	(CFLAGS-getprtent_r.c): Likewise.
	(CFLAGS-getprtent.c): Likewise.
	(CFLAGS-either_ntoh.c): Likewise.
	(CFLAGS-either_hton.c): Likewise.
	(CFLAGS-getnetgrent.c): Likewise.
	(CFLAGS-getnetgrent_r.c): Likewise.
	(CFLAGS-tst-checks-posix.c): Likewise.
	(CFLAGS-tst-sockaddr.c): Likewise.
	* intl/Makefile (CFLAGS-tst-gettext.c): Likewise.
	(CFLAGS-tst-translit.c): Likewise.
	(CFLAGS-tst-gettext2.c): Likewise.
	(CFLAGS-tst-codeset.c): Likewise.
	(CFLAGS-tst-gettext3.c): Likewise.
	(CFLAGS-tst-gettext4.c): Likewise.
	(CFLAGS-tst-gettext5.c): Likewise.
	(CFLAGS-tst-gettext6.c): Likewise.
	* io/Makefile (CFLAGS-open.c): Likewise.
	(CFLAGS-open64.c): Likewise.
	(CFLAGS-creat.c): Likewise.
	(CFLAGS-creat64.c): Likewise.
	(CFLAGS-fcntl.c): Likewise.
	(CFLAGS-poll.c): Likewise.
	(CFLAGS-ppoll.c): Likewise.
	(CFLAGS-lockf.c): Likewise.
	(CFLAGS-statfs.c): Likewise.
	(CFLAGS-fstatfs.c): Likewise.
	(CFLAGS-statvfs.c): Likewise.
	(CFLAGS-fstatvfs.c): Likewise.
	(CFLAGS-fts.c): Likewise.
	(CFLAGS-fts64.c): Likewise.
	(CFLAGS-ftw.c): Likewise.
	(CFLAGS-ftw64.c): Likewise.
	(CFLAGS-lockf.c): Likewise.
	(CFLAGS-posix_fallocate.c): Likewise.
	(CFLAGS-posix_fallocate64.c): Likewise.
	(CFLAGS-fallocate.c): Likewise.
	(CFLAGS-fallocate64.c): Likewise.
	(CFLAGS-read.c): Likewise.
	(CFLAGS-write.c): Likewise.
	(CFLAGS-test-stat.c): Likewise.
	(CFLAGS-test-lfs.c): Likewise.
	* libio/Makefile (CFLAGS-fileops.c): Likewise.
	(CFLAGS-fputc.c): Likewise.
	(CFLAGS-fputwc.c): Likewise.
	(CFLAGS-freopen64.c): Likewise.
	(CFLAGS-freopen.c): Likewise.
	(CFLAGS-fseek.c): Likewise.
	(CFLAGS-fseeko64.c): Likewise.
	(CFLAGS-fseeko.c): Likewise.
	(CFLAGS-ftello64.c): Likewise.
	(CFLAGS-ftello.c): Likewise.
	(CFLAGS-fwide.c): Likewise.
	(CFLAGS-genops.c): Likewise.
	(CFLAGS-getc.c): Likewise.
	(CFLAGS-getchar.c): Likewise.
	(CFLAGS-getwc.c): Likewise.
	(CFLAGS-getwchar.c): Likewise.
	(CFLAGS-iofclose.c): Likewise.
	(CFLAGS-iofflush.c): Likewise.
	(CFLAGS-iofgetpos64.c): Likewise.
	(CFLAGS-iofgetpos.c): Likewise.
	(CFLAGS-iofgets.c): Likewise.
	(CFLAGS-iofgetws.c): Likewise.
	(CFLAGS-iofputs.c): Likewise.
	(CFLAGS-iofputws.c): Likewise.
	(CFLAGS-iofread.c): Likewise.
	(CFLAGS-iofsetpos64.c): Likewise.
	(CFLAGS-iofsetpos.c): Likewise.
	(CFLAGS-ioftell.c): Likewise.
	(CFLAGS-iofwrite.c): Likewise.
	(CFLAGS-iogetdelim.c): Likewise.
	(CFLAGS-iogetline.c): Likewise.
	(CFLAGS-iogets.c): Likewise.
	(CFLAGS-iogetwline.c): Likewise.
	(CFLAGS-ioputs.c): Likewise.
	(CFLAGS-ioseekoff.c): Likewise.
	(CFLAGS-ioseekpos.c): Likewise.
	(CFLAGS-iosetbuffer.c): Likewise.
	(CFLAGS-iosetvbuf.c): Likewise.
	(CFLAGS-ioungetc.c): Likewise.
	(CFLAGS-ioungetwc.c): Likewise.
	(CFLAGS-oldfileops.c): Likewise.
	(CFLAGS-oldiofclose.c): Likewise.
	(CFLAGS-oldiofgetpos64.c): Likewise.
	(CFLAGS-oldiofgetpos.c): Likewise.
	(CFLAGS-oldiofsetpos64.c): Likewise.
	(CFLAGS-oldiofsetpos.c): Likewise.
	(CFLAGS-peekc.c): Likewise.
	(CFLAGS-putc.c): Likewise.
	(CFLAGS-putchar.c): Likewise.
	(CFLAGS-putwc.c): Likewise.
	(CFLAGS-putwchar.c): Likewise.
	(CFLAGS-rewind.c): Likewise.
	(CFLAGS-wfileops.c): Likewise.
	(CFLAGS-wgenops.c): Likewise.
	(CFLAGS-oldiofopen.c): Likewise.
	(CFLAGS-iofopen.c): Likewise.
	(CFLAGS-iofopen64.c): Likewise.
	(CFLAGS-oldtmpfile.c): Likewise.
	(CFLAGS-tst_putwc.c): Likewise.
	* locale/Makefile (CFLAGS-md5.c): Likewise.
	(CFLAGS-charmap.c): Likewise.
	(CFLAGS-locfile.c): Likewise.
	(CFLAGS-charmap-dir.c): Likewise.
	* login/Makefile (CFLAGS-grantpt.c): Likewise.
	(CFLAGS-getpt.c): Likewise.
	(CFLAGS-pt_chown.c): Likewise.
	* malloc/Makefile (CFLAGS-mcheck-init.c): Likewise.
	(CFLAGS-obstack.c): Likewise.
	* math/Makefile (CFLAGS-test-tgmath3.c): Likewise.
	(CFLAGS-test-double-vlen4-wrappers.c): Likewise.
	(CFLAGS-test-double-vlen8-wrappers.c): Likewise.
	(CFLAGS-test-float-vlen8-wrappers.c): Likewise.
	(CFLAGS-test-float-vlen16-wrappers.c): Likewise.
	(CFLAGS-test-tgmath.c): Likewise.
	(CFLAGS-test-tgmath2.c): Likewise.
	(CFLAGS-test-tgmath-ret.c): Likewise.
	(CFLAGS-test-powl.c): Likewise.
	(CFLAGS-test-snan.c): Likewise.
	(CFLAGS-test-signgam-finite.c): Likewise.
	(CFLAGS-test-signgam-finite-c99.c): Likewise.
	(CFLAGS-test-signgam-finite-c11.c): Likewise.
	(CFLAGS-test-signgam-uchar.c): Likewise.
	(CFLAGS-test-signgam-uchar-init.c): Likewise.
	(CFLAGS-test-signgam-uchar-static.c): Likewise.
	(CFLAGS-test-signgam-uchar-init-static.c): Likewise.
	(CFLAGS-test-signgam-uint.c): Likewise.
	(CFLAGS-test-signgam-uint-init.c): Likewise.
	(CFLAGS-test-signgam-uint-static.c): Likewise.
	(CFLAGS-test-signgam-uint-init-static.c): Likewise.
	(CFLAGS-test-signgam-ullong.c): Likewise.
	(CFLAGS-test-signgam-ullong-init.c): Likewise.
	(CFLAGS-test-signgam-ullong-static.c): Likewise.
	(CFLAGS-test-signgam-ullong-init-static.c): Likewise.
	(CFLAGS-test-math-cxx11.cc): Likewise.
	(CFLAGS-test-math-isinff.cc): Likewise.
	(CFLAGS-test-math-iszero.cc): Likewise.
	(CFLAGS-test-math-issignaling.cc): Likewise.
	(CFLAGS-test-math-iscanonical.cc): Likewise.
	(CFLAGS-test-iszero-excess-precision.c): Likewise.
	(CFLAGS-test-iseqsig-excess-precision.c): Likewise.
	(CFLAGS-test-flt-eval-method.c): Likewise.
	(CFLAGS-test-fe-snans-always-signal.c): Likewise.
	(CFLAGS-test-finite-macros.c): Likewise.
	* misc/Makefile (CFLAGS-select.c): Likewise.
	(CFLAGS-tsearch.c): Likewise.
	(CFLAGS-lsearch.c): Likewise.
	(CFLAGS-pselect.c): Likewise.
	(CFLAGS-readv.c): Likewise.
	(CFLAGS-writev.c): Likewise.
	(CFLAGS-preadv.c): Likewise.
	(CFLAGS-preadv64.c): Likewise.
	(CFLAGS-pwritev.c): Likewise.
	(CFLAGS-pwritev64.c): Likewise.
	(CFLAGS-preadv2.c): Likewise.
	(CFLAGS-preadv64v2.c): Likewise.
	(CFLAGS-pwritev2.c): Likewise.
	(CFLAGS-pwritev64v2.c): Likewise.
	(CFLAGS-usleep.c): Likewise.
	(CFLAGS-syslog.c): Likewise.
	(CFLAGS-error.c): Likewise.
	(CFLAGS-getpass.c): Likewise.
	(CFLAGS-mkstemp.c): Likewise.
	(CFLAGS-mkstemp64.c): Likewise.
	(CFLAGS-getsysstats.c): Likewise.
	(CFLAGS-getusershell.c): Likewise.
	(CFLAGS-err.c): Likewise.
	(CFLAGS-tst-tsearch.c): Likewise.
	(CFLAGS-msync.c): Likewise.
	(CFLAGS-fdatasync.c): Likewise.
	(CFLAGS-fsync.c): Likewise.
	* nptl/Makefile (CFLAGS-nptl-init.c): Likewise.
	(CFLAGS-unwind.c): Likewise.
	(CFLAGS-unwind-forcedunwind.c): Likewise.
	(CFLAGS-pthread_cancel.c): Likewise.
	(CFLAGS-pthread_setcancelstate.c): Likewise.
	(CFLAGS-pthread_setcanceltype.c): Likewise.
	(CFLAGS-cancellation.c): Likewise.
	(CFLAGS-libc-cancellation.c): Likewise.
	(CFLAGS-pthread_exit.c): Likewise.
	(CFLAGS-forward.c): Likewise.
	(CFLAGS-pthread_testcancel.c): Likewise.
	(CFLAGS-pthread_join.c): Likewise.
	(CFLAGS-pthread_timedjoin.c): Likewise.
	(CFLAGS-pthread_once.c): Likewise.
	(CFLAGS-pthread_cond_wait.c): Likewise.
	(CFLAGS-sem_wait.c): Likewise.
	(CFLAGS-sem_timedwait.c): Likewise.
	(CFLAGS-fcntl.c): Likewise.
	(CFLAGS-lockf.c): Likewise.
	(CFLAGS-pread.c): Likewise.
	(CFLAGS-pread64.c): Likewise.
	(CFLAGS-pwrite.c): Likewise.
	(CFLAGS-pwrite64.c): Likewise.
	(CFLAGS-wait.c): Likewise.
	(CFLAGS-waitpid.c): Likewise.
	(CFLAGS-sigwait.c): Likewise.
	(CFLAGS-msgrcv.c): Likewise.
	(CFLAGS-msgsnd.c): Likewise.
	(CFLAGS-tcdrain.c): Likewise.
	(CFLAGS-open.c): Likewise.
	(CFLAGS-open64.c): Likewise.
	(CFLAGS-pause.c): Likewise.
	(CFLAGS-recv.c): Likewise.
	(CFLAGS-send.c): Likewise.
	(CFLAGS-accept.c): Likewise.
	(CFLAGS-sendto.c): Likewise.
	(CFLAGS-connect.c): Likewise.
	(CFLAGS-recvfrom.c): Likewise.
	(CFLAGS-recvmsg.c): Likewise.
	(CFLAGS-sendmsg.c): Likewise.
	(CFLAGS-close.c): Likewise.
	(CFLAGS-read.c): Likewise.
	(CFLAGS-write.c): Likewise.
	(CFLAGS-nanosleep.c): Likewise.
	(CFLAGS-sigsuspend.c): Likewise.
	(CFLAGS-msync.c): Likewise.
	(CFLAGS-fdatasync.c): Likewise.
	(CFLAGS-fsync.c): Likewise.
	(CFLAGS-pt-system.c): Likewise.
	(CFLAGS-tst-cleanup2.c): Likewise.
	(CFLAGS-tst-cleanupx2.c): Likewise.
	(CFLAGS-flockfile.c): Likewise.
	(CFLAGS-ftrylockfile.c): Likewise.
	(CFLAGS-funlockfile.c): Likewise.
	(CFLAGS-tst-initializers1.c): Likewise.
	(CFLAGS-tst-initializers1-c89.c): Likewise.
	(CFLAGS-tst-initializers1-c99.c): Likewise.
	(CFLAGS-tst-initializers1-c11.c): Likewise.
	(CFLAGS-tst-initializers1-gnu89.c): Likewise.
	(CFLAGS-tst-initializers1-gnu99.c): Likewise.
	(CFLAGS-tst-initializers1-gnu11.c): Likewise.
	* nscd/Makefile (CFLAGS-nscd_getpw_r.c): Likewise.
	(CFLAGS-nscd_getgr_r.c): Likewise.
	(CFLAGS-nscd_gethst_r.c): Likewise.
	(CFLAGS-nscd_getai.c): Likewise.
	(CFLAGS-nscd_initgroups.c): Likewise.
	* posix/Makefile (CFLAGS-getaddrinfo.c): Likewise.
	(CFLAGS-pause.c): Likewise.
	(CFLAGS-pread.c): Likewise.
	(CFLAGS-pread64.c): Likewise.
	(CFLAGS-pwrite.c): Likewise.
	(CFLAGS-pwrite64.c): Likewise.
	(CFLAGS-sleep.c): Likewise.
	(CFLAGS-wait.c): Likewise.
	(CFLAGS-waitid.c): Likewise.
	(CFLAGS-waitpid.c): Likewise.
	(CFLAGS-getopt.c): Likewise.
	(CFLAGS-wordexp.c): Likewise.
	(CFLAGS-sysconf.c): Likewise.
	(CFLAGS-pathconf.c): Likewise.
	(CFLAGS-fpathconf.c): Likewise.
	(CFLAGS-spawn.c): Likewise.
	(CFLAGS-spawnp.c): Likewise.
	(CFLAGS-spawni.c): Likewise.
	(CFLAGS-glob.c): Likewise.
	(CFLAGS-glob64.c): Likewise.
	(CFLAGS-getconf.c): Likewise.
	(CFLAGS-nanosleep.c): Likewise.
	* pwd/Makefile (CFLAGS-getpwent_r.c): Likewise.
	(CFLAGS-getpwent.c): Likewise.
	(CFLAGS-getpw.c): Likewise.
	(CFLAGS-fgetpwent_r.c): Likewise.
	* resolv/Makefile (CFLAGS-res_hconf.c): Likewise.
	* rt/Makefile (CFLAGS-aio_suspend.c): Likewise.
	(CFLAGS-mq_timedreceive.c): Likewise.
	(CFLAGS-mq_timedsend.c): Likewise.
	(CFLAGS-clock_nanosleep.c): Likewise.
	(CFLAGS-librt-cancellation.c): Likewise.
	* shadow/Makefile (CFLAGS-getspent_r.c): Likewise.
	(CFLAGS-getspent.c): Likewise.
	(CFLAGS-fgetspent.c): Likewise.
	(CFLAGS-fgetspent_r.c): Likewise.
	(CFLAGS-putspent.c): Likewise.
	(CFLAGS-getspnam.c): Likewise.
	(CFLAGS-getspnam_r.c): Likewise.
	* signal/Makefile (CFLAGS-sigpause.c): Likewise.
	(CFLAGS-sigsuspend.c): Likewise.
	(CFLAGS-sigtimedwait.c): Likewise.
	(CFLAGS-sigwait.c): Likewise.
	(CFLAGS-sigwaitinfo.c): Likewise.
	(CFLAGS-sigreturn.c): Likewise.
	* stdio-common/Makefile (CFLAGS-vfprintf.c): Likewise.
	(CFLAGS-vfwprintf.c): Likewise.
	(CFLAGS-tmpfile.c): Likewise.
	(CFLAGS-tmpfile64.c): Likewise.
	(CFLAGS-tempname.c): Likewise.
	(CFLAGS-psignal.c): Likewise.
	(CFLAGS-vprintf.c): Likewise.
	(CFLAGS-cuserid.c): Likewise.
	(CFLAGS-errlist.c): Likewise.
	(CFLAGS-siglist.c): Likewise.
	(CFLAGS-scanf15.c): Likewise.
	(CFLAGS-scanf17.c): Likewise.
	* stdlib/Makefile (CFLAGS-bsearch.c): Likewise.
	(CFLAGS-msort.c): Likewise.
	(CFLAGS-qsort.c): Likewise.
	(CFLAGS-system.c): Likewise.
	(CFLAGS-fmtmsg.c): Likewise.
	(CFLAGS-strfmon.c): Likewise.
	(CFLAGS-strfmon_l.c): Likewise.
	(CFLAGS-strfromd.c): Likewise.
	(CFLAGS-strfromf.c): Likewise.
	(CFLAGS-strfroml.c): Likewise.
	(CFLAGS-tst-bsearch.c): Likewise.
	(CFLAGS-tst-qsort.c): Likewise.
	(CFLAGS-tst-makecontext2.c): Likewise.
	* sunrpc/Makefile (CFLAGS-xbootparam_prot.c): Likewise.
	(CFLAGS-xnlm_prot.c): Likewise.
	(CFLAGS-xrstat.c): Likewise.
	(CFLAGS-xyppasswd.c): Likewise.
	(CFLAGS-xklm_prot.c): Likewise.
	(CFLAGS-xrex.c): Likewise.
	(CFLAGS-xsm_inter.c): Likewise.
	(CFLAGS-xmount.c): Likewise.
	(CFLAGS-xrusers.c): Likewise.
	(CFLAGS-xspray.c): Likewise.
	(CFLAGS-xnfs_prot.c): Likewise.
	(CFLAGS-xrquota.c): Likewise.
	(CFLAGS-xkey_prot.c): Likewise.
	(CFLAGS-auth_unix.c): Likewise.
	(CFLAGS-key_call.c): Likewise.
	(CFLAGS-pmap_rmt.c): Likewise.
	(CFLAGS-clnt_perr.c): Likewise.
	(CFLAGS-openchild.c): Likewise.
	* sysvipc/Makefile (CFLAGS-msgrcv.c): Likewise.
	(CFLAGS-msgsnd.c): Likewise.
	* termios/Makefile (CFLAGS-tcdrain.c): Likewise.
	* time/Makefile (CFLAGS-tzfile.c): Likewise.
	(CFLAGS-tzset.c): Likewise.
	(CFLAGS-getdate.c): Likewise.
	(CFLAGS-test_time.c): Likewise.
	(CPPFLAGS-tst-tzname.c): Likewise.
	* timezone/Makefile (CFLAGS-zdump.c): Likewise.
	(CFLAGS-zic.c): Likewise.
	* wcsmbs/Makefile (CFLAGS-wcwidth.c): Likewise.
	(CFLAGS-wcswidth.c): Likewise.
	(CFLAGS-wcstol.c): Likewise.
	(CFLAGS-wcstoul.c): Likewise.
	(CFLAGS-wcstoll.c): Likewise.
	(CFLAGS-wcstoull.c): Likewise.
	(CFLAGS-wcstod.c): Likewise.
	(CFLAGS-wcstold.c): Likewise.
	(CFLAGS-wcstof128.c): Likewise.
	(CFLAGS-wcstof.c): Likewise.
	(CFLAGS-wcstol_l.c): Likewise.
	(CFLAGS-wcstoul_l.c): Likewise.
	(CFLAGS-wcstoll_l.c): Likewise.
	(CFLAGS-wcstoull_l.c): Likewise.
	(CFLAGS-wcstod_l.c): Likewise.
	(CFLAGS-wcstold_l.c): Likewise.
	(CFLAGS-wcstof128_l.c): Likewise.
	(CFLAGS-wcstof_l.c): Likewise.
	(CPPFLAGS-tst-wchar-h.c): Likewise.
	(CPPFLAGS-wcstold_l.c): Likewise.

Reviewed-by: Jonathan Nieder <jrnieder@gmail.com>
2017-12-11 13:11:33 -08:00
Florian Weimer
67f36c7922 nss: Export nscd hash function as __nss_hash [BZ #22459] 2017-11-23 14:08:11 +01:00
Andreas Schwab
2faa42daa8 nscd: remove reference to libnsl
This removes the dependency on libnsl from nscd.  It only used __nis_hash,
build its own copy under the name __nscd_hash.
2017-10-11 15:51:52 +02:00
Florian Weimer
1e9522c61c nscd: Eliminate compilation time dependency in the build output
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2017-10-05 18:14:57 +02:00
H.J. Lu
36e7ae1e9d Hide internal __nis_hash function [BZ #18822]
Hide internal __nis_hash function to allow direct access within libc.so
and libc.a without using GOT nor PLT.

	[BZ #18822]
	* nscd/nscd_helper.c (__nis_hash): New prototype.
2017-10-01 17:49:59 -07:00
H.J. Lu
a4338d994f Mark internal nscd functions with attribute_hidden [BZ #18822]
Mark internal nscd functions with attribute_hidden to allow direct
access within libc.so and libc.a without using GOT nor PLT.

	[BZ #18822]
	* nscd/nscd-client.h (__nscd_get_map_ref): Add attribute_hidden.
	(__nscd_unmap): Likewise.
	(__nscd_cache_search): Likewise.
	(__nscd_get_nl_timestamp): Likewise.
	(__nscd_getpwnam_r): Likewise.
	(__nscd_getpwuid_r): Likewise.
	(__nscd_getgrnam_r): Likewise.
	(__nscd_getgrgid_r): Likewise.
	(__nscd_gethostbyname_r): Likewise.
	(__nscd_gethostbyname2_r): Likewise.
	(__nscd_gethostbyaddr_r): Likewise.
	(__nscd_getai): Likewise.
	(__nscd_getgrouplist): Likewise.
	(__nscd_getservbyname_r): Likewise.
	(__nscd_getservbyport_r): Likewise.
	(__nscd_innetgr): Likewise.
	(__nscd_setnetgrent): Likewise.
2017-10-01 15:16:27 -07:00
DJ Delorie
3de93d194a nscd: Release read lock after resetting timeout.
[BZ #22161]
	* nscd/netgroupcache.c (addinnetgrX): Release read lock after
	resetting timeout.

Reviewed-by: Jonathan Nieder <jrnieder@gmail.com>
Reviewed-by: Andreas Schwab <schwab@suse.de>

A lock is held by mempool_allocate() when CACHEABLE is true; we
must release this lock if we exit early.
2017-09-25 19:49:36 -04:00
Steve Ellcey
a1a7820416 Remove compat from DEFAULT_CONFIG lookup strings
* grp/initgroups.c: Include config.h.
	(DEFAULT_CONFIG): New macro.
	(internal_getgrouplist): Use DEFAULT_CONFIG.
	* nscd/initgrcache.c (addinitgroupsX): Likewise.
	* nss/nsswitch.c (__nss_disable_nscd): Likewise.
	(DEFAULT_DEFCONFIG): New macro.
	(__nss_database_lookup): Use DEFAULT_DEFCONFIG.
	* nss/grp-lookup.c: Include config.h
	(DEFAULT_CONFIG): Set definition based on LINK_OBSOLETE_NSL.
	* nss/pwd-lookup.c (DEFAULT_CONFIG): Likewise.
	* nss/spwd-lookup.c (DEFAULT_CONFIG): Likewise.
	* manual/nss.texi: Update default values section.
2017-09-12 10:21:48 -07:00
Florian Weimer
75b3047eac NSS: Remove internal_function function attribute 2017-08-31 15:59:06 +02:00
H.J. Lu
1dbbb1ec7a Mark internal nss symbols with attribute_hidden [BZ #18822]
Mark internal nss symbols with attribute_hidden to allow direct access
within libc.so and libc.a without using GOT nor PLT.

Tested on x86-64 with and without --disable-nscd.

	[BZ #18822]
	* grp/initgroups.c (__nss_group_database): Removed.
	(__nss_initgroups_database): Likewise.
	* nscd/gai.c (__nss_hosts_database): Likewise.
	* nss/XXX-lookup.c (DATABASE_NAME_SYMBOL): Likewise.
	* posix/tst-rfc3484-2.c (__nss_hosts_database): Likewise.
	* posix/tst-rfc3484-3.c (__nss_hosts_database): Likewise.
	* posix/tst-rfc3484.c (__nss_hosts_database): Likewise.
	* sysdeps/posix/getaddrinfo.c (__nss_hosts_database): Likewise.
	* nss/getXXent.c (INTERNAL (REENTRANT_GETNAME)): Add
	attribute_hidden.
	* nss/nsswitch.c (__nss_database_custom): Define only if
	USE_NSCD is defined.
	(__nss_configure_lookup): Use __nss_database_custom only if
	USE_NSCD is defined.
	* nss/nsswitch.h (__nss_database_custom): Declare only if
	USE_NSCD is defined.  Add attribute_hidden.
	(__nss_setent): Add attribute_hidden.
	(__nss_endent): Likewise.
	(__nss_getent_r): Likewise.
	(__nss_getent): Likewise.
	(DEFINE_DATABASE): Declare __nss_##arg##_database.
2017-08-21 05:31:19 -07:00
Adhemerval Zanella
c181840c93 Consolidate non cancellable close call
This patch consolidates all the non cancellable close calls to use
the __close_nocancel{_nostatus} identifier.  For non cancellable targets
it will be just a macro to call the default respective symbol while on Linux
will be a internal one.

Also, since it is used on libcrypto it is also exported in GLIBC_PRIVATE
namespace.

Checked on x86_64-linux-gnu, x86_64-linux-gnu-x32, and i686-linux-gnu.

	* sysdeps/generic/not-cancel.h (close_not_cancel): Remove macro.
	(close_not_cancel_no_status): Likewise.
	(__close_nocancel): New macro.
	(__close_nocancel_no_status): Likewise.
	* sysdeps/unix/sysv/linux/not-cancel.h (__close_nocancel): Remove
	macro.
	(close_not_cancel): Likewise.
	(close_not_cancel_no_status): Likewise.
	(__close_nocancel): New prototype.
	(__close_nocancel_no_status): New function.
	* sysdeps/unix/sysv/linux/close.c (__close_nocancel): New function.
	* catgets/open_catalog.c (__open_catalog): Replace
	close_not_cancel{_no_status) with __close_nocancel{_nostatus}.
	* gmon/gmon.c (write_gmon): Likewise.
	* iconv/gconv_cache.c (__gconv_load_cache): Likewise.
	* intl/loadmsgcat.c (close): Likewise.
	* io/ftw.c (open_dir_stream): Likewise.
	(ftw_startup): Likewise.
	* libio/fileops.c (_IO_file_open): Likewise.
	(_IO_file_close_mmap): Likewise.
	(_IO_file_close): Likewise.
	* libio/iopopen.c (_IO_dup2): Likewise.
	* locale/loadarchive.c (_nl_load_locale_from_archive): Likewise.
	* locale/loadlocale.c (_nl_load_locale): Likewise.
	* login/utmp_file.c (pututline_file): Likewise.
	(endutent_file): Likewise.
	* misc/daemon.c (daemon): Likewise.
	* nscd/nscd_getai.c (__nscd_getai): Likewise.
	* nscd/nscd_getgr_r.c (nscd_getgr_r): Likewise.
	* nscd/nscd_gethst_r.c (nscd_gethst_r): Likewise.
	* nscd/nscd_getpw_r.c (nscd_getpw_r): Likewise.
	* nscd/nscd_getserv_r.c (nscd_getserv_r): Likewise.
	* nscd/nscd_helper.c (open_socket): Likewise.
	(__nscd_open_socket): Likewise.
	* nscd/nscd_initgroups.c (__nscd_getgrouplist): Likewise.
	* nscd/nscd_netgroup.c (__nscd_setnetgrent): Likewise.
	(__nscd_innetgr): Likewise.
	* nss/nss_db/db-open.c (internal_setent): Likewise.
	* resolv/res-close.c (__res_iclose): Likewise.
	* sunrpc/pm_getmaps.c (pmap_getmaps): Likewise.
	* sysdeps/posix/closedir.c (__closedir): Likewise.
	* sysdeps/posix/getaddrinfo.c (getaddrinfo): Likewise.
	* sysdeps/posix/getcwd.c (__getcwd): Likewise.
	* sysdeps/posix/opendir.c (tryopen_o_directory): Likewise.
	(opendir_tail): Likewise.
	* sysdeps/posix/spawni.c (__spawni_child): Likewise.
	* sysdeps/unix/sysv/linux/check_native.c (__check_native): Likewise.
	* sysdeps/unix/sysv/linux/check_pf.c (__check_pf): Likewise.
	* sysdeps/unix/sysv/linux/fips-private.h (fips_enabled_p): Likewise.
	* sysdeps/unix/sysv/linux/gethostid.c (sethostid): Likewise.
	(gethostid): Likewise.
	* sysdeps/unix/sysv/linux/getloadavg.c (getloadavg): Likewise.
	* sysdeps/unix/sysv/linux/getlogin_r.c (__getlogin_r_loginuid):
	Likewise.
	* sysdeps/unix/sysv/linux/getsysstats.c (__get_nprocs): Likewise.
	* sysdeps/unix/sysv/linux/grantpt.c (close_all_fds): Likewise.
	* sysdeps/unix/sysv/linux/i386/smp.h (is_smp_system): Likewise.
	* sysdeps/unix/sysv/linux/ia64/has_cpuclock.c (has_cpuclock):
	Likewise.
	* sysdeps/unix/sysv/linux/if_index.c (__if_nametoindex): Likewise.
	* sysdeps/unix/sysv/linux/libc_fatal.c (backtrace_and_maps): Likewise.
	* sysdeps/unix/sysv/linux/malloc-sysdep.h (check_may_shrink_heap):
	Likewise.
	* sysdeps/unix/sysv/linux/mq_notify.c (init_mq_netlink): Likewise.
	* sysdeps/unix/sysv/linux/pthread_getname.c (pthread_getname_np):
	Likewise.
	* sysdeps/unix/sysv/linux/pthread_setname.c (pthread_setname_np):
	Likewise.
	* sysdeps/unix/sysv/linux/spawni.c (__spawni_child): Likewise.
	* sysdeps/unix/sysv/linux/sysconf.c (__sysconf): Likewise.
2017-08-18 18:38:55 -03:00
Florian Weimer
352f4ff9a2 resolv: Introduce struct resolv_context [BZ #21668]
struct resolv_context objects provide a temporary resolver context
which does not change during a name lookup operation.  Only when the
outmost context is created, the stub resolver configuration is
verified to be current (at present, only against previous res_init
calls).  Subsequent attempts to obtain the context will reuse the
result of the initial verification operation.

struct resolv_context can also be extended in the future to store
data which needs to be deallocated during thread cancellation.
2017-07-03 20:52:59 +02:00
Florian Weimer
e6b4e2de6d resolv: Call _res_hconf_init from __res_vinit
Many callers of __res_maybe_init also call _res_hconf_init.
Additional calls to the latter do not hurt because the function
does its work only once.  (/etc/hosts.conf is not reloaded or
even checked for changes.)  This means that we can simplify the
code by calling _res_hconf_init directly from __res_vinit.
2017-06-27 09:26:46 +02:00
Zack Weinberg
2bfdaeddaa Rename cppflags-iterator.mk to libof-iterator.mk, remove extra-modules.mk.
cppflags-iterator.mk no longer has anything to do with CPPFLAGS; all
it does is set libof-$(foo) for a list of files.  extra-modules.mk
does the same thing, but with a different input variable, and doesn't
let the caller control the module.  Therefore, this patch gives
cppflags-iterator.mk a better name, removes extra-modules.mk, and
updates all uses of both.

	* extra-modules.mk: Delete file.
	* cppflags-iterator.mk: Rename to ...
	* libof-iterator.mk: ...this.  Adjust comments.

	* Makerules, extra-lib.mk, benchtests/Makefile, elf/Makefile
	* elf/rtld-Rules, iconv/Makefile, locale/Makefile, malloc/Makefile
	* nscd/Makefile, sunrpc/Makefile, sysdeps/s390/Makefile:
	Use libof-iterator.mk instead of cppflags-iterator.mk or
	extra-modules.mk.

	* benchtests/strcoll-inputs/filelist#en_US.UTF-8: Remove
	extra-modules.mk and cppflags-iterator.mk, add libof-iterator.mk.
2017-05-09 07:06:29 -04:00
Florian Weimer
e92030239a Assume that accept4 is always available and works
Simplify the Linux accept4 implementation based on the assumption
that it is available in some way.  __ASSUME_ACCEPT4_SOCKETCALL was
previously unused, so remove it.

For ia64, the accept4 system call (and socket call) were backported
in kernel version 3.2.18.  Reflect this in the installation
instructions.
2017-04-19 07:44:48 +02:00
Florian Weimer
cef9b65376 Assume that O_CLOEXEC is always defined and works 2017-04-18 14:56:51 +02:00
Zack Weinberg
9090848d06 Narrowing the visibility of libc-internal.h even further.
posix/wordexp-test.c used libc-internal.h for PTR_ALIGN_DOWN; similar
to what was done with libc-diag.h, I have split the definitions of
cast_to_integer, ALIGN_UP, ALIGN_DOWN, PTR_ALIGN_UP, and PTR_ALIGN_DOWN
to a new header, libc-pointer-arith.h.

It then occurred to me that the remaining declarations in libc-internal.h
are mostly to do with early initialization, and probably most of the
files including it, even in the core code, don't need it anymore.  Indeed,
only 19 files actually need what remains of libc-internal.h.  23 others
need libc-diag.h instead, and 12 need libc-pointer-arith.h instead.
No file needs more than one of them, and 16 don't need any of them!

So, with this patch, libc-internal.h stops including libc-diag.h as
well as losing the pointer arithmetic macros, and all including files
are adjusted.

        * include/libc-pointer-arith.h: New file.  Define
	cast_to_integer, ALIGN_UP, ALIGN_DOWN, PTR_ALIGN_UP, and
        PTR_ALIGN_DOWN here.
        * include/libc-internal.h: Definitions of above macros
	moved from here.  Don't include libc-diag.h anymore either.
	* posix/wordexp-test.c: Include stdint.h and libc-pointer-arith.h.
        Don't include libc-internal.h.

	* debug/pcprofile.c, elf/dl-tunables.c, elf/soinit.c, io/openat.c
	* io/openat64.c, misc/ptrace.c, nptl/pthread_clock_gettime.c
	* nptl/pthread_clock_settime.c, nptl/pthread_cond_common.c
	* string/strcoll_l.c, sysdeps/nacl/brk.c
	* sysdeps/unix/clock_settime.c
	* sysdeps/unix/sysv/linux/i386/get_clockfreq.c
	* sysdeps/unix/sysv/linux/ia64/get_clockfreq.c
	* sysdeps/unix/sysv/linux/powerpc/get_clockfreq.c
	* sysdeps/unix/sysv/linux/sparc/sparc64/get_clockfreq.c:
	Don't include libc-internal.h.

	* elf/get-dynamic-info.h, iconv/loop.c
	* iconvdata/iso-2022-cn-ext.c, locale/weight.h, locale/weightwc.h
	* misc/reboot.c, nis/nis_table.c, nptl_db/thread_dbP.h
	* nscd/connections.c, resolv/res_send.c, soft-fp/fmadf4.c
	* soft-fp/fmasf4.c, soft-fp/fmatf4.c, stdio-common/vfscanf.c
	* sysdeps/ieee754/dbl-64/e_lgamma_r.c
	* sysdeps/ieee754/dbl-64/k_rem_pio2.c
	* sysdeps/ieee754/flt-32/e_lgammaf_r.c
	* sysdeps/ieee754/flt-32/k_rem_pio2f.c
	* sysdeps/ieee754/ldbl-128/k_tanl.c
	* sysdeps/ieee754/ldbl-128ibm/k_tanl.c
	* sysdeps/ieee754/ldbl-96/e_lgammal_r.c
	* sysdeps/ieee754/ldbl-96/k_tanl.c, sysdeps/nptl/futex-internal.h:
	Include libc-diag.h instead of libc-internal.h.

        * elf/dl-load.c, elf/dl-reloc.c, locale/programs/locarchive.c
        * nptl/nptl-init.c, string/strcspn.c, string/strspn.c
	* malloc/malloc.c, sysdeps/i386/nptl/tls.h
	* sysdeps/nacl/dl-map-segments.h, sysdeps/x86_64/atomic-machine.h
	* sysdeps/unix/sysv/linux/spawni.c
        * sysdeps/x86_64/nptl/tls.h:
        Include libc-pointer-arith.h instead of libc-internal.h.

	* elf/get-dynamic-info.h, sysdeps/nacl/dl-map-segments.h
	* sysdeps/x86_64/atomic-machine.h:
        Add multiple include guard.
2017-03-01 20:33:46 -05:00
Joseph Myers
58b587c1f8 Update copyright dates not handled by scripts/update-copyrights.
I've updated copyright dates in glibc for 2017.  This is the patch for
the changes not generated by scripts/update-copyrights and subsequent
build / regeneration of generated files.

Please remember to include 2017 in the dates for any new files added
in future (which means updating any existing uncommitted patches you
have that add new files to use the new copyright dates in them).

	* NEWS: Update copyright dates.
	* catgets/gencat.c (print_version): Likewise.
	* csu/version.c (banner): Likewise.
	* debug/catchsegv.sh: Likewise.
	* debug/pcprofiledump.c (print_version): Likewise.
	* debug/xtrace.sh (do_version): Likewise.
	* elf/ldconfig.c (print_version): Likewise.
	* elf/ldd.bash.in: Likewise.
	* elf/pldd.c (print_version): Likewise.
	* elf/sotruss.sh: Likewise.
	* elf/sprof.c (print_version): Likewise.
	* iconv/iconv_prog.c (print_version): Likewise.
	* iconv/iconvconfig.c (print_version): Likewise.
	* locale/programs/locale.c (print_version): Likewise.
	* locale/programs/localedef.c (print_version): Likewise.
	* login/programs/pt_chown.c (print_version): Likewise.
	* malloc/memusage.sh (do_version): Likewise.
	* malloc/memusagestat.c (print_version): Likewise.
	* malloc/mtrace.pl: Likewise.
	* manual/libc.texinfo: Likewise.
	* nptl/version.c (banner): Likewise.
	* nscd/nscd.c (print_version): Likewise.
	* nss/getent.c (print_version): Likewise.
	* nss/makedb.c (print_version): Likewise.
	* posix/getconf.c (main): Likewise.
	* scripts/test-installation.pl: Likewise.
	* sysdeps/unix/sysv/linux/lddlibc4.c (main): Likewise.
2017-01-01 00:26:24 +00:00
Joseph Myers
bfff8b1bec Update copyright dates with scripts/update-copyrights. 2017-01-01 00:14:16 +00:00
Florian Weimer
b76e065991 resolv: Deprecate the "inet6" option and RES_USE_INET6 [BZ #19582] 2016-12-31 18:55:14 +01:00
Nick Alcock
1ad4ba28e9 Drop explicit stack-protection of pieces of the system [BZ #7065] 2016-12-26 10:11:05 +01:00
Torvald Riegel
6f9d4f595e Fix incorrect double-checked locking related to _res_hconf.initialized.
_res_hconf.initialized was not suitable for use in a multi-threaded
environment due to the lack of atomics and memory barriers.  Use of it was
also unnecessary because _res_hconf_init did the right thing by using
__libc_once.  This patch fixes the glibc-internal uses by just calling
_res_hconf_init unconditionally, and switches to a release MO atomic store
for _res_hconf.initialized to fix the glibc side of the synchronization
problem (which will maintain backward compatibility, but cannot fix the
lack of acquire MO on any glibc-external loads).

	[BZ #20477]
	* resolv/res_hconf.c (do_init): Use atomic access.
	* resolv/res_hconf.h: Add comments.
	* nscd/aicache.c (addhstaiX): Call _res_hconf_init unconditionally.
	* nss/getXXbyYY_r.c (REENTRANT_NAME): Likewise.
	* sysdeps/posix/getaddrinfo.c (gaih_inet): Likewise.
2016-08-18 20:53:37 +02:00
Torvald Riegel
76a0b73e81 Remove atomic_compare_and_exchange_bool_rel.
atomic_compare_and_exchange_bool_rel and
catomic_compare_and_exchange_bool_rel are removed and replaced with the
new C11-like atomic_compare_exchange_weak_release.  The concurrent code
in nscd/cache.c has not been reviewed yet, so this patch does not add
detailed comments.

	* nscd/cache.c (cache_add): Use new C11-like atomic operation instead
	of atomic_compare_and_exchange_bool_rel.
	* nptl/pthread_mutex_unlock.c (__pthread_mutex_unlock_full): Likewise.
	* include/atomic.h (atomic_compare_and_exchange_bool_rel,
	catomic_compare_and_exchange_bool_rel): Remove.
	* sysdeps/aarch64/atomic-machine.h
	(atomic_compare_and_exchange_bool_rel): Likewise.
	* sysdeps/alpha/atomic-machine.h
	(atomic_compare_and_exchange_bool_rel): Likewise.
	* sysdeps/arm/atomic-machine.h
	(atomic_compare_and_exchange_bool_rel): Likewise.
	* sysdeps/mips/atomic-machine.h
	(atomic_compare_and_exchange_bool_rel): Likewise.
	* sysdeps/tile/atomic-machine.h
	(atomic_compare_and_exchange_bool_rel): Likewise.
2016-06-24 23:04:40 +03:00
Andreas Schwab
bd499987c6 Fix nscd assertion failure in gc (bug 19755)
If a GETxxBYyy request (for passwd or group) is running in parallel to
an INVALIDATE request (for the same database) then in a particular order
of events the garbage collector is not properly marking all used memory
and fails an assertion:

   GETGRBYNAME (root)
Haven't found "root" in group cache!
add new entry "root" of type GETGRBYNAME for group to cache (first)
handle_request: request received (Version = 2) from PID 7413
   INVALIDATE (group)
pruning group cache; time 9223372036854775807
considering GETGRBYNAME entry "root", timeout 1456763027
add new entry "0" of type GETGRBYGID for group to cache
remove GETGRBYNAME entry "root"
nscd: mem.c:403: gc: Assertion `next_data == &he_data[db->head->nentries]' failed.

Here the first call to cache_add added the GETGRBYNAME entry, which is
immediately marked for collection by prune_cache.  Then the GETGRBYGID
entry is added which shares the data packet with the first entry and
therefore is marked as !first, while the marking look in prune_cache has
already finished.  When the garbage collector runs, it only considers
references by entries marked as first, missing the reference by the
secondary entry.

The only way to fix that is to prevent prune_cache from running while the
two related entries are added.
2016-06-09 09:57:40 +02:00
Stephen Gallagher
ced8f89336 NSS: Implement group merging support.
https://sourceware.org/glibc/wiki/Proposals/GroupMerging

== Justification ==
It is common today for users to rely on centrally-managed user stores for
handling their user accounts. However, much software existing today does
not have an innate understanding of such accounts. Instead, they commonly
rely on membership in known groups for managing access-control (for
example the "wheel" group on Fedora and RHEL systems or the "adm" group
on Debian-derived systems). In the present incarnation of nsswitch, the
only way to have such groups managed by a remote user store such as
FreeIPA or Active Directory would be to manually remove the groups from
/etc/group on the clients so that nsswitch would then move past nss_files
and into the SSSD, nss-ldap or other remote user database.

== Solution ==
With this patch, a new action is introduced for nsswitch:
NSS_ACTION_MERGE. To take advantage of it, one will add [SUCCESS=merge]
between two database entries in the nsswitch.conf file. When a group is
located in the first of the two group entries, processing will continue
on to the next one. If the group is also found in the next entry (and the
group name and GID are an exact match), the member list of the second
entry will be added to the group object to be returned.

== Implementation ==
After each DL_LOOKUP_FN() returns, the next action is checked. If the
function returned NSS_STATUS_SUCCESS and the next action is
NSS_ACTION_MERGE, a copy of the result buffer is saved for the next pass
through the loop. If on this next pass through the loop the database
returns another instance of a group matching both the group name and GID,
the member list is added to the previous list and it is returned as a
single object. If the following database does not contain the same group,
then the original is copied back into the destination buffer.

This patch implements merge functionality only for the group database.
For other databases, there is a default implementation that will return
the EINVAL errno if a merge is requested. The merge functionality can be
implemented for other databases at a later time if such is needed. Each
database must provide a unique implementation of the deep-copy and merge
functions.

If [SUCCESS=merge] is present in nsswitch.conf for a glibc version that
does not support it, glibc will process results up until that operation,
at which time it will return results if it has found them or else will
simply return an error. In practical terms, this ends up behaving like
the remainder of the nsswitch.conf line does not exist.

== Iterators ==
This feature does not modify the iterator functionality from its current
behavior. If getgrnam() or getgrgid() is called, glibc will iterate
through all entries in the `group` line in nsswitch.conf and display the
list of members without attempting to merge them. This is consistent with
the behavior of nss_files where if two separate lines are specified for
the same group in /etc/groups, getgrnam()/getgrgid() will display both.
Clients are already expected to handle this gracefully.

== No Premature Optimizations ==
The following is a list of places that might be eligible for
optimization, but were not overengineered for this initial contribution:
 * Any situation where a merge may occur will result in one malloc() of
   the same size as the input buffer.
 * Any situation where a merge does occur will result in a second
   malloc() to hold the list of pointers to member name strings.
 * The list of members is simply concatenated together and is not tested
   for uniqueness (which is identical to the behavior for nss_files,
   which will simply return identical values if they both exist on the
   line in the file. This could potentially be optimized to reduce space
   usage in the buffer, but it is both complex and computationally
   expensive to do so.

== Testing ==
I performed testing by running the getent utility against my newly-built
glibc and configuring /etc/nsswitch.conf with the following entry:
group: group:      files [SUCCESS=merge] sss

In /etc/group I included the line:
wheel10:sgallagh

I then configured my local SSSD using the id_provider=local to respond
with:
wheel:*:10:localuser,localuser2

I then ran `getent group wheel` against the newly-built glibc in
multiple situations and received the expected output as described
above:
 * When SSSD was running.
 * When SSSD was configured in nsswitch.conf but the daemon was not
   running.
 * When SSSD was configured in nsswitch.conf but nss_sss.so.2 was not
   installed on the system.
 * When the order of 'sss' and 'files' was reversed.
 * All of the above with the [SUCCESS=merge] removed (to ensure no
   regressions).
 * All of the above with `getent group 10`.
 * All of the above with `getent group` with and without
   `enumerate=true` set in SSSD.
 * All of the above with and without nscd enabled on the system.
2016-04-29 22:18:21 -04:00
Martin Sebor
ad37480c4b Fix build errors with -DNDEBUG.
[BZ #18755]
        * iconv/skeleton.c (FUNCTION_NAME): Suppress -Wunused-but-set-variable
        warnings.
        * sysdeps/nptl/gai_misc.h (__gai_start_notify_thread): Same.
        (__gai_create_helper_thread): Same.
        * nscd/nscd.c (do_exit): Suppress -Wunused-variable.
        * iconvdata/iso-2022-cn-ext.c (BODY): Initialize local variable
        to suppress -Wmaybe-uninitialized warnings.
2016-01-15 10:44:07 -07:00
Joseph Myers
1979f3c1ad Update copyright dates not handled by scripts/update-copyrights.
I've updated copyright dates in glibc for 2016.  This is the patch for
the changes not generated by scripts/update-copyrights and subsequent
build / regeneration of generated files.

	* NEWS: Update copyright dates.
	* catgets/gencat.c (print_version): Likewise.
	* csu/version.c (banner): Likewise.
	* debug/catchsegv.sh: Likewise.
	* debug/pcprofiledump.c (print_version): Likewise.
	* debug/xtrace.sh (do_version): Likewise.
	* elf/ldconfig.c (print_version): Likewise.
	* elf/ldd.bash.in: Likewise.
	* elf/pldd.c (print_version): Likewise.
	* elf/sotruss.sh: Likewise.
	* elf/sprof.c (print_version): Likewise.
	* iconv/iconv_prog.c (print_version): Likewise.
	* iconv/iconvconfig.c (print_version): Likewise.
	* locale/programs/locale.c (print_version): Likewise.
	* locale/programs/localedef.c (print_version): Likewise.
	* login/programs/pt_chown.c (print_version): Likewise.
	* malloc/memusage.sh (do_version): Likewise.
	* malloc/memusagestat.c (print_version): Likewise.
	* malloc/mtrace.pl: Likewise.
	* manual/libc.texinfo: Likewise.
	* nptl/version.c (banner): Likewise.
	* nscd/nscd.c (print_version): Likewise.
	* nss/getent.c (print_version): Likewise.
	* nss/makedb.c (print_version): Likewise.
	* posix/getconf.c (main): Likewise.
	* scripts/test-installation.pl: Likewise.
	* sysdeps/unix/sysv/linux/lddlibc4.c (main): Likewise.
2016-01-04 16:26:30 +00:00
Joseph Myers
f7a9f785e5 Update copyright dates with scripts/update-copyrights. 2016-01-04 16:05:18 +00:00
Mike Frysinger
6ab674ebff use -fstack-protector-strong when available
With gcc-4.9, a new -fstack-protector-strong flag is available that is
between -fstack-protector (pretty weak) and -fstack-protector-all (pretty
strong) that provides good trade-offs between overhead but still providing
good coverage.  Update the places in glibc that use ssp to use this flag
when it's available.

This also kills off the indirection of hardcoding the flag name in the
Makefiles and adding it based on a have-ssp boolean.  Instead, the build
always expands the $(stack-protector) variable to the best ssp setting.
This makes the build logic a bit simpler and allows people to easily set
to a diff flag like:
	make stack-protector=-fstack-protector-all
2015-10-19 15:36:48 -04:00