This is an automated email from the git hooks/post-receive script. aurel32 pushed a commit to branch sid in repository glibc.
commit eaf077d27ebd29c9adb1d591f6ad90ce98b07f41 Author: Aurelien Jarno <aurel...@aurel32.net> Date: Sun Apr 9 19:45:42 2017 +0200 debian/patches/git-updates.diff: update from upstream stable branch: * debian/patches/git-updates.diff: update from upstream stable branch: - Improve branch predication in _dl_runtime_resolve_avx512_opt; - Fix symbol redirect for fts_set on 32-bit architectures. - Fix AVX2/AVX512 optimized unaligned memset. - Don't use PLT nor GOT in static archives on amd64. - Drop GLIBC_TUNABLES in setxid processes. - Fix write-after-destroy in lock elision on powerpc/ppc64el. * Drop patches/any/cvs-resolv-internal-qtype.diff, merged upstream. --- debian/changelog | 8 + debian/patches/any/cvs-resolv-internal-qtype.diff | 78 --- debian/patches/git-updates.diff | 634 ++++++++++++++++++++-- debian/patches/series | 1 - 4 files changed, 610 insertions(+), 111 deletions(-) diff --git a/debian/changelog b/debian/changelog index 8abcc6c..aa8d722 100644 --- a/debian/changelog +++ b/debian/changelog @@ -6,6 +6,14 @@ glibc (2.24-10) UNRELEASED; urgency=medium posix. [ Aurelien Jarno ] + * debian/patches/git-updates.diff: update from upstream stable branch: + - Improve branch predication in _dl_runtime_resolve_avx512_opt; + - Fix symbol redirect for fts_set on 32-bit architectures. + - Fix AVX2/AVX512 optimized unaligned memset. + - Don't use PLT nor GOT in static archives on amd64. + - Drop GLIBC_TUNABLES in setxid processes. + - Fix write-after-destroy in lock elision on powerpc/ppc64el. + * Drop patches/any/cvs-resolv-internal-qtype.diff, merged upstream. * any/cvs-remove-pid-tid-cache-clone.diff: patch from upstream to remove cached PID/TID in clone. Closes: #857909. diff --git a/debian/patches/any/cvs-resolv-internal-qtype.diff b/debian/patches/any/cvs-resolv-internal-qtype.diff deleted file mode 100644 index 670d671..0000000 --- a/debian/patches/any/cvs-resolv-internal-qtype.diff +++ /dev/null @@ -1,78 +0,0 @@ -2016-12-31 Florian Weimer <fwei...@redhat.com> - - [BZ #18784] - CVE-2015-5180 - * include/arpa/nameser_compat.h (T_QUERY_A_AND_AAAA): Rename from - T_UNSPEC. Adjust value. - * resolv/nss_dns/dns-host.c (_nss_dns_gethostbyname4_r): Use it. - * resolv/res_query.c (__libc_res_nquery): Likewise. - * resolv/res_mkquery.c (res_nmkquery): Check for out-of-range - QTYPEs. - ---- a/include/arpa/nameser_compat.h -+++ b/include/arpa/nameser_compat.h -@@ -1,8 +1,8 @@ - #ifndef _ARPA_NAMESER_COMPAT_ - #include <resolv/arpa/nameser_compat.h> - --/* Picksome unused number to represent lookups of IPv4 and IPv6 (i.e., -- T_A and T_AAAA). */ --#define T_UNSPEC 62321 -+/* The number is outside the 16-bit RR type range and is used -+ internally by the implementation. */ -+#define T_QUERY_A_AND_AAAA 439963904 - - #endif ---- a/resolv/nss_dns/dns-host.c -+++ b/resolv/nss_dns/dns-host.c -@@ -323,7 +323,7 @@ - - int olderr = errno; - enum nss_status status; -- int n = __libc_res_nsearch (&_res, name, C_IN, T_UNSPEC, -+ int n = __libc_res_nsearch (&_res, name, C_IN, T_QUERY_A_AND_AAAA, - host_buffer.buf->buf, 2048, &host_buffer.ptr, - &ans2p, &nans2p, &resplen2, &ans2p_malloced); - if (n >= 0) ---- a/resolv/res_mkquery.c -+++ b/resolv/res_mkquery.c -@@ -103,6 +103,10 @@ - int n; - u_char *dnptrs[20], **dpp, **lastdnptr; - -+ if (class < 0 || class > 65535 -+ || type < 0 || type > 65535) -+ return -1; -+ - #ifdef DEBUG - if (statp->options & RES_DEBUG) - printf(";; res_nmkquery(%s, %s, %s, %s)\n", ---- a/resolv/res_query.c -+++ b/resolv/res_query.c -@@ -122,7 +122,7 @@ - int n, use_malloc = 0; - u_int oflags = statp->_flags; - -- size_t bufsize = (type == T_UNSPEC ? 2 : 1) * QUERYSIZE; -+ size_t bufsize = (type == T_QUERY_A_AND_AAAA ? 2 : 1) * QUERYSIZE; - u_char *buf = alloca (bufsize); - u_char *query1 = buf; - int nquery1 = -1; -@@ -137,7 +137,7 @@ - printf(";; res_query(%s, %d, %d)\n", name, class, type); - #endif - -- if (type == T_UNSPEC) -+ if (type == T_QUERY_A_AND_AAAA) - { - n = res_nmkquery(statp, QUERY, name, class, T_A, NULL, 0, NULL, - query1, bufsize); -@@ -190,7 +190,7 @@ - if (__builtin_expect (n <= 0, 0) && !use_malloc) { - /* Retry just in case res_nmkquery failed because of too - short buffer. Shouldn't happen. */ -- bufsize = (type == T_UNSPEC ? 2 : 1) * MAXPACKET; -+ bufsize = (type == T_QUERY_A_AND_AAAA ? 2 : 1) * MAXPACKET; - buf = malloc (bufsize); - if (buf != NULL) { - query1 = buf; diff --git a/debian/patches/git-updates.diff b/debian/patches/git-updates.diff index 1d719ce..ecf96cc 100644 --- a/debian/patches/git-updates.diff +++ b/debian/patches/git-updates.diff @@ -1,10 +1,86 @@ GIT update of git://sourceware.org/git/glibc.git/release/2.24/master from glibc-2.24 diff --git a/ChangeLog b/ChangeLog -index c44c926094..ddc01aecad 100644 +index c44c926094..6e4696c7df 100644 --- a/ChangeLog +++ b/ChangeLog -@@ -1,3 +1,275 @@ +@@ -1,3 +1,351 @@ ++2017-04-07 H.J. Lu <hongjiu...@intel.com> ++ ++ [BZ #21258] ++ * sysdeps/x86_64/dl-trampoline.S (_dl_runtime_resolve_opt): ++ Define only if _dl_runtime_resolve is defined to ++ _dl_runtime_resolve_sse_vex. ++ * sysdeps/x86_64/dl-trampoline.h (_dl_runtime_resolve_opt): ++ Fallthrough to _dl_runtime_resolve_sse_vex. ++ ++2017-04-03 Mike Frysinger <vap...@gentoo.org> ++ ++ [BZ #21253] ++ * sysdeps/unix/sysv/linux/spawni.c (__spawnix): Increase argv_size ++ slack space by 32KiB. ++ ++2017-03-31 Slava Barinov <v.bari...@samsung.com> ++ ++ [BZ #21289] ++ * io/fts.h (fts_set): Replace __REDIRECT with __REDIRECT_NTH. ++ ++2017-03-20 Mike Frysinger <vap...@gentoo.org> ++ ++ [BZ #21275] ++ * sysdeps/unix/sysv/linux/spawni.c [__ia64__] (CLONE): Rename ++ __stack to __stackbase. ++ (STACK): Invert _STACK_GROWS_DOWN and _STACK_GROWS_UP order of ++ checks so we can include defined(__ia64__) first. ++ ++2017-03-15 John David Anglin <dang...@gcc.gnu.org> ++ ++ * sysdeps/hppa/dl-machine.h (DL_STACK_END): Define. ++ (RTLD_START): Don't record stack end address in _dl_start_user. ++ ++2017-01-30 H.J. Lu <hongjiu...@intel.com> ++ ++ [BZ #21081] ++ * sysdeps/x86_64/multiarch/memset-vec-unaligned-erms.S ++ (L(stosb)): Add VZEROUPPER before ret. ++ ++2016-11-28 H.J. Lu <hongjiu...@intel.com> ++ ++ [BZ #20750] ++ * sysdeps/x86_64/sysdep.h (JUMPTARGET): Check SHARED instead ++ of PIC. ++ ++2016-12-31 Florian Weimer <fwei...@redhat.com> ++ ++ [BZ #18784] ++ CVE-2015-5180 ++ * include/arpa/nameser_compat.h (T_QUERY_A_AND_AAAA): Rename from ++ T_UNSPEC. Adjust value. ++ * resolv/nss_dns/dns-host.c (_nss_dns_gethostbyname4_r): Use it. ++ * resolv/res_query.c (__libc_res_nquery): Likewise. ++ * resolv/res_mkquery.c (res_nmkquery): Check for out-of-range ++ QTYPEs. ++ * resolv/tst-resolv-qtypes.c: New file. ++ * resolv/Makefile (xtests): Add tst-resolv-qtypes. ++ (tst-resolv-qtypes): Link against libresolv and libpthread. ++ ++2017-02-02 Siddhesh Poyarekar <siddh...@sourceware.org> ++ ++ * sysdeps/generic/unsecvars.h: Add GLIBC_TUNABLES. ++ ++2017-01-23 Rajalakshmi Srinivasaraghavan <r...@linux.vnet.ibm.com> ++ Steven Munroe <sjmun...@us.ibm.com> ++ Tulio Magno Quites Machado Filho <tul...@linux.vnet.ibm.com> ++ ++ [BZ #20822] ++ * sysdeps/unix/sysv/linux/powerpc/elision-lock.c ++ (__lll_lock_elision): Access adapt_count via C11 atomics. ++ * sysdeps/unix/sysv/linux/powerpc/elision-trylock.c ++ (__lll_trylock_elision): Likewise. ++ * sysdeps/unix/sysv/linux/powerpc/elision-unlock.c ++ (__lll_unlock_elision): Update adapt_count variable inside the ++ critical section using C11 atomics. ++ +2016-12-24 Carlos O'Donell <car...@redhat.com> + + [BZ #11941] @@ -281,10 +357,10 @@ index c44c926094..ddc01aecad 100644 * version.h (RELEASE): Set to "stable" diff --git a/NEWS b/NEWS -index b0447e7169..4a042dbe2b 100644 +index b0447e7169..71b41ea625 100644 --- a/NEWS +++ b/NEWS -@@ -5,6 +5,17 @@ See the end for copying conditions. +@@ -5,6 +5,26 @@ See the end for copying conditions. Please send GNU C library bug reports via <http://sourceware.org/bugzilla/> using `glibc' in the "product" field. @@ -298,6 +374,15 @@ index b0447e7169..4a042dbe2b 100644 + (denial of service) in some Go applications compiled with gccgo. Reported + by Andreas Schwab. (CVE-2016-6323) + ++* The DNS stub resolver functions would crash due to a NULL pointer ++ dereference when processing a query with a valid DNS question type which ++ was used internally in the implementation. The stub resolver now uses a ++ question type which is outside the range of valid question type values. ++ (CVE-2015-5180) ++ ++The following bugs are resolved with this release: ++ ++ [21289] Fix symbol redirect for fts_set + Version 2.24 @@ -748,6 +833,35 @@ index 8d8ce5813b..a87028047b 100644 } *__gconv_t; /* Transliteration using the locale's data. */ +diff --git a/include/arpa/nameser_compat.h b/include/arpa/nameser_compat.h +index 2e735ede4c..7c0deed9ae 100644 +--- a/include/arpa/nameser_compat.h ++++ b/include/arpa/nameser_compat.h +@@ -1,8 +1,8 @@ + #ifndef _ARPA_NAMESER_COMPAT_ + #include <resolv/arpa/nameser_compat.h> + +-/* Picksome unused number to represent lookups of IPv4 and IPv6 (i.e., +- T_A and T_AAAA). */ +-#define T_UNSPEC 62321 ++/* The number is outside the 16-bit RR type range and is used ++ internally by the implementation. */ ++#define T_QUERY_A_AND_AAAA 439963904 + + #endif +diff --git a/io/fts.h b/io/fts.h +index 127a0d2721..b6b45206c8 100644 +--- a/io/fts.h ++++ b/io/fts.h +@@ -193,7 +193,7 @@ FTS *__REDIRECT (fts_open, (char * const *, int, + int (*)(const FTSENT **, const FTSENT **)), + fts64_open); + FTSENT *__REDIRECT (fts_read, (FTS *), fts64_read); +-int __REDIRECT (fts_set, (FTS *, FTSENT *, int), fts64_set) __THROW; ++int __REDIRECT_NTH (fts_set, (FTS *, FTSENT *, int), fts64_set); + # else + # define fts_children fts64_children + # define fts_close fts64_close diff --git a/localedata/ChangeLog b/localedata/ChangeLog index 4be8afc110..6db3c88c9f 100644 --- a/localedata/ChangeLog @@ -1901,6 +2015,276 @@ index d933f9c92a..7cdb06a611 100644 __execve (buffer, argv, envp); +diff --git a/resolv/Makefile b/resolv/Makefile +index 8be41d3ae1..a4c86b9762 100644 +--- a/resolv/Makefile ++++ b/resolv/Makefile +@@ -40,6 +40,9 @@ ifeq ($(have-thread-library),yes) + extra-libs += libanl + routines += gai_sigqueue + tests += tst-res_hconf_reorder ++ ++# This test sends millions of packets and is rather slow. ++xtests += tst-resolv-qtypes + endif + extra-libs-others = $(extra-libs) + libresolv-routines := gethnamaddr res_comp res_debug \ +@@ -117,3 +120,5 @@ tst-leaks2-ENV = MALLOC_TRACE=$(objpfx)tst-leaks2.mtrace + $(objpfx)mtrace-tst-leaks2.out: $(objpfx)tst-leaks2.out + $(common-objpfx)malloc/mtrace $(objpfx)tst-leaks2.mtrace > $@; \ + $(evaluate-test) ++ ++$(objpfx)tst-resolv-qtypes: $(objpfx)libresolv.so $(shared-thread-library) +diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c +index 5f9e35701b..d16fa4b8ed 100644 +--- a/resolv/nss_dns/dns-host.c ++++ b/resolv/nss_dns/dns-host.c +@@ -323,7 +323,7 @@ _nss_dns_gethostbyname4_r (const char *name, struct gaih_addrtuple **pat, + + int olderr = errno; + enum nss_status status; +- int n = __libc_res_nsearch (&_res, name, C_IN, T_UNSPEC, ++ int n = __libc_res_nsearch (&_res, name, C_IN, T_QUERY_A_AND_AAAA, + host_buffer.buf->buf, 2048, &host_buffer.ptr, + &ans2p, &nans2p, &resplen2, &ans2p_malloced); + if (n >= 0) +diff --git a/resolv/res_mkquery.c b/resolv/res_mkquery.c +index 12f9730199..d80b5318e5 100644 +--- a/resolv/res_mkquery.c ++++ b/resolv/res_mkquery.c +@@ -103,6 +103,10 @@ res_nmkquery(res_state statp, + int n; + u_char *dnptrs[20], **dpp, **lastdnptr; + ++ if (class < 0 || class > 65535 ++ || type < 0 || type > 65535) ++ return -1; ++ + #ifdef DEBUG + if (statp->options & RES_DEBUG) + printf(";; res_nmkquery(%s, %s, %s, %s)\n", +diff --git a/resolv/res_query.c b/resolv/res_query.c +index 944d1a90f5..07dc6f6583 100644 +--- a/resolv/res_query.c ++++ b/resolv/res_query.c +@@ -122,7 +122,7 @@ __libc_res_nquery(res_state statp, + int n, use_malloc = 0; + u_int oflags = statp->_flags; + +- size_t bufsize = (type == T_UNSPEC ? 2 : 1) * QUERYSIZE; ++ size_t bufsize = (type == T_QUERY_A_AND_AAAA ? 2 : 1) * QUERYSIZE; + u_char *buf = alloca (bufsize); + u_char *query1 = buf; + int nquery1 = -1; +@@ -137,7 +137,7 @@ __libc_res_nquery(res_state statp, + printf(";; res_query(%s, %d, %d)\n", name, class, type); + #endif + +- if (type == T_UNSPEC) ++ if (type == T_QUERY_A_AND_AAAA) + { + n = res_nmkquery(statp, QUERY, name, class, T_A, NULL, 0, NULL, + query1, bufsize); +@@ -190,7 +190,7 @@ __libc_res_nquery(res_state statp, + if (__builtin_expect (n <= 0, 0) && !use_malloc) { + /* Retry just in case res_nmkquery failed because of too + short buffer. Shouldn't happen. */ +- bufsize = (type == T_UNSPEC ? 2 : 1) * MAXPACKET; ++ bufsize = (type == T_QUERY_A_AND_AAAA ? 2 : 1) * MAXPACKET; + buf = malloc (bufsize); + if (buf != NULL) { + query1 = buf; +diff --git a/resolv/tst-resolv-qtypes.c b/resolv/tst-resolv-qtypes.c +new file mode 100644 +index 0000000000..b3e60c693b +--- /dev/null ++++ b/resolv/tst-resolv-qtypes.c +@@ -0,0 +1,185 @@ ++/* Exercise low-level query functions with different QTYPEs. ++ Copyright (C) 2016 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ <http://www.gnu.org/licenses/>. */ ++ ++#include <resolv.h> ++#include <string.h> ++#include <support/check.h> ++#include <support/check_nss.h> ++#include <support/resolv_test.h> ++#include <support/support.h> ++#include <support/test-driver.h> ++#include <support/xmemstream.h> ++ ++/* If ture, the response function will send the actual response packet ++ over TCP instead of UDP. */ ++static volatile bool force_tcp; ++ ++/* Send back a fake resource record matching the QTYPE. */ ++static void ++response (const struct resolv_response_context *ctx, ++ struct resolv_response_builder *b, ++ const char *qname, uint16_t qclass, uint16_t qtype) ++{ ++ if (force_tcp && ctx->tcp) ++ { ++ resolv_response_init (b, (struct resolv_response_flags) { .tc = 1 }); ++ resolv_response_add_question (b, qname, qclass, qtype); ++ return; ++ } ++ ++ resolv_response_init (b, (struct resolv_response_flags) { }); ++ resolv_response_add_question (b, qname, qclass, qtype); ++ resolv_response_section (b, ns_s_an); ++ resolv_response_open_record (b, qname, qclass, qtype, 0); ++ resolv_response_add_data (b, &qtype, sizeof (qtype)); ++ resolv_response_close_record (b); ++} ++ ++static const const char *domain = "www.example.com"; ++ ++static int ++wrap_res_query (int type, unsigned char *answer, int answer_length) ++{ ++ return res_query (domain, C_IN, type, answer, answer_length); ++} ++ ++static int ++wrap_res_search (int type, unsigned char *answer, int answer_length) ++{ ++ return res_query (domain, C_IN, type, answer, answer_length); ++} ++ ++static int ++wrap_res_querydomain (int type, unsigned char *answer, int answer_length) ++{ ++ return res_querydomain ("www", "example.com", C_IN, type, ++ answer, answer_length); ++} ++ ++static int ++wrap_res_send (int type, unsigned char *answer, int answer_length) ++{ ++ unsigned char buf[512]; ++ int ret = res_mkquery (QUERY, domain, C_IN, type, ++ (const unsigned char *) "", 0, NULL, ++ buf, sizeof (buf)); ++ if (type < 0 || type >= 65536) ++ { ++ /* res_mkquery fails for out-of-range record types. */ ++ TEST_VERIFY_EXIT (ret == -1); ++ return -1; ++ } ++ TEST_VERIFY_EXIT (ret > 12); /* DNS header length. */ ++ return res_send (buf, ret, answer, answer_length); ++} ++ ++static int ++wrap_res_nquery (int type, unsigned char *answer, int answer_length) ++{ ++ return res_nquery (&_res, domain, C_IN, type, answer, answer_length); ++} ++ ++static int ++wrap_res_nsearch (int type, unsigned char *answer, int answer_length) ++{ ++ return res_nquery (&_res, domain, C_IN, type, answer, answer_length); ++} ++ ++static int ++wrap_res_nquerydomain (int type, unsigned char *answer, int answer_length) ++{ ++ return res_nquerydomain (&_res, "www", "example.com", C_IN, type, ++ answer, answer_length); ++} ++ ++static int ++wrap_res_nsend (int type, unsigned char *answer, int answer_length) ++{ ++ unsigned char buf[512]; ++ int ret = res_nmkquery (&_res, QUERY, domain, C_IN, type, ++ (const unsigned char *) "", 0, NULL, ++ buf, sizeof (buf)); ++ if (type < 0 || type >= 65536) ++ { ++ /* res_mkquery fails for out-of-range record types. */ ++ TEST_VERIFY_EXIT (ret == -1); ++ return -1; ++ } ++ TEST_VERIFY_EXIT (ret > 12); /* DNS header length. */ ++ return res_nsend (&_res, buf, ret, answer, answer_length); ++} ++ ++static void ++test_function (const char *fname, ++ int (*func) (int type, ++ unsigned char *answer, int answer_length)) ++{ ++ unsigned char buf[512]; ++ for (int tcp = 0; tcp < 2; ++tcp) ++ { ++ force_tcp = tcp; ++ for (unsigned int type = 1; type <= 65535; ++type) ++ { ++ if (test_verbose) ++ printf ("info: sending QTYPE %d with %s (tcp=%d)\n", ++ type, fname, tcp); ++ int ret = func (type, buf, sizeof (buf)); ++ if (ret != 47) ++ FAIL_EXIT1 ("%s tcp=%d qtype=%d return value %d", ++ fname,tcp, type, ret); ++ /* One question, one answer record. */ ++ TEST_VERIFY (memcmp (buf + 4, "\0\1\0\1\0\0\0\0", 8) == 0); ++ /* Question section. */ ++ static const char qname[] = "\3www\7example\3com"; ++ size_t qname_length = sizeof (qname); ++ TEST_VERIFY (memcmp (buf + 12, qname, qname_length) == 0); ++ /* RDATA part of answer. */ ++ uint16_t type16 = type; ++ TEST_VERIFY (memcmp (buf + ret - 2, &type16, sizeof (type16)) == 0); ++ } ++ } ++ ++ TEST_VERIFY (func (-1, buf, sizeof (buf) == -1)); ++ TEST_VERIFY (func (65536, buf, sizeof (buf) == -1)); ++} ++ ++static int ++do_test (void) ++{ ++ struct resolv_redirect_config config = ++ { ++ .response_callback = response, ++ }; ++ struct resolv_test *obj = resolv_test_start (config); ++ ++ test_function ("res_query", &wrap_res_query); ++ test_function ("res_search", &wrap_res_search); ++ test_function ("res_querydomain", &wrap_res_querydomain); ++ test_function ("res_send", &wrap_res_send); ++ ++ test_function ("res_nquery", &wrap_res_nquery); ++ test_function ("res_nsearch", &wrap_res_nsearch); ++ test_function ("res_nquerydomain", &wrap_res_nquerydomain); ++ test_function ("res_nsend", &wrap_res_nsend); ++ ++ resolv_test_end (obj); ++ return 0; ++} ++ ++#define TIMEOUT 300 ++#include <support/test-driver.c> diff --git a/sysdeps/alpha/fpu/s_ceil.c b/sysdeps/alpha/fpu/s_ceil.c index c1ff864d4b..e9c350af1c 100644 --- a/sysdeps/alpha/fpu/s_ceil.c @@ -2080,6 +2464,45 @@ index 2f7751d167..dfa7198306 100644 GLIBC_2.23 fts64_set F +GLIBC_2.24 GLIBC_2.24 A GLIBC_2.24 quick_exit F +diff --git a/sysdeps/generic/unsecvars.h b/sysdeps/generic/unsecvars.h +index d5b8119c9c..3e56538b51 100644 +--- a/sysdeps/generic/unsecvars.h ++++ b/sysdeps/generic/unsecvars.h +@@ -4,6 +4,7 @@ + #define UNSECURE_ENVVARS \ + "GCONV_PATH\0" \ + "GETCONF_DIR\0" \ ++ "GLIBC_TUNABLES\0" \ + "HOSTALIASES\0" \ + "LD_AUDIT\0" \ + "LD_DEBUG\0" \ +diff --git a/sysdeps/hppa/dl-machine.h b/sysdeps/hppa/dl-machine.h +index 9404211819..01bd5bf197 100644 +--- a/sysdeps/hppa/dl-machine.h ++++ b/sysdeps/hppa/dl-machine.h +@@ -302,6 +302,10 @@ elf_machine_runtime_setup (struct link_map *l, int lazy, int profile) + #define ARCH_LA_PLTENTER hppa_gnu_pltenter + #define ARCH_LA_PLTEXIT hppa_gnu_pltexit + ++/* Adjust DL_STACK_END to get value we want in __libc_stack_end. */ ++#define DL_STACK_END(cookie) \ ++ ((void *) (((long) (cookie)) + 0x160)) ++ + /* Initial entry point code for the dynamic linker. + The C function `_dl_start' is the real entry point; + its return value is the user program's entry point. */ +@@ -401,11 +405,6 @@ asm ( \ + /* Save the entry point in %r3. */ \ + " copy %ret0,%r3\n" \ + \ +- /* Remember the lowest stack address. */ \ +-" addil LT'__libc_stack_end,%r19\n" \ +-" ldw RT'__libc_stack_end(%r1),%r20\n" \ +-" stw %sp,0(%r20)\n" \ +- \ + /* See if we were called as a command with the executable file \ + name as an extra leading argument. */ \ + " addil LT'_dl_skip_args,%r19\n" \ diff --git a/sysdeps/ia64/nptl/Makefile b/sysdeps/ia64/nptl/Makefile index 48f1327446..1e6be8eea8 100644 --- a/sysdeps/ia64/nptl/Makefile @@ -3156,6 +3579,100 @@ index c89ed9ec7d..2cfb46eca3 100644 elision-trylock +libpthread-shared-only-routines += sysdep endif +diff --git a/sysdeps/unix/sysv/linux/powerpc/elision-lock.c b/sysdeps/unix/sysv/linux/powerpc/elision-lock.c +index dd1e4c3b17..7dd3d835b6 100644 +--- a/sysdeps/unix/sysv/linux/powerpc/elision-lock.c ++++ b/sysdeps/unix/sysv/linux/powerpc/elision-lock.c +@@ -45,7 +45,9 @@ + int + __lll_lock_elision (int *lock, short *adapt_count, EXTRAARG int pshared) + { +- if (*adapt_count > 0) ++ /* adapt_count is accessed concurrently but is just a hint. Thus, ++ use atomic accesses but relaxed MO is sufficient. */ ++ if (atomic_load_relaxed (adapt_count) > 0) + { + goto use_lock; + } +@@ -67,7 +69,8 @@ __lll_lock_elision (int *lock, short *adapt_count, EXTRAARG int pshared) + if (_TEXASRU_FAILURE_PERSISTENT (__builtin_get_texasru ())) + { + if (aconf.skip_lock_internal_abort > 0) +- *adapt_count = aconf.skip_lock_internal_abort; ++ atomic_store_relaxed (adapt_count, ++ aconf.skip_lock_internal_abort); + goto use_lock; + } + } +@@ -75,7 +78,8 @@ __lll_lock_elision (int *lock, short *adapt_count, EXTRAARG int pshared) + + /* Fall back to locks for a bit if retries have been exhausted */ + if (aconf.try_tbegin > 0 && aconf.skip_lock_out_of_tbegin_retries > 0) +- *adapt_count = aconf.skip_lock_out_of_tbegin_retries; ++ atomic_store_relaxed (adapt_count, ++ aconf.skip_lock_out_of_tbegin_retries); + + use_lock: + return LLL_LOCK ((*lock), pshared); +diff --git a/sysdeps/unix/sysv/linux/powerpc/elision-trylock.c b/sysdeps/unix/sysv/linux/powerpc/elision-trylock.c +index 0807a6a432..606185670d 100644 +--- a/sysdeps/unix/sysv/linux/powerpc/elision-trylock.c ++++ b/sysdeps/unix/sysv/linux/powerpc/elision-trylock.c +@@ -34,7 +34,7 @@ __lll_trylock_elision (int *futex, short *adapt_count) + __libc_tabort (_ABORT_NESTED_TRYLOCK); + + /* Only try a transaction if it's worth it. */ +- if (*adapt_count > 0) ++ if (atomic_load_relaxed (adapt_count) > 0) + { + goto use_lock; + } +@@ -49,7 +49,7 @@ __lll_trylock_elision (int *futex, short *adapt_count) + __libc_tend (0); + + if (aconf.skip_lock_busy > 0) +- *adapt_count = aconf.skip_lock_busy; ++ atomic_store_relaxed (adapt_count, aconf.skip_lock_busy); + } + else + { +@@ -59,7 +59,8 @@ __lll_trylock_elision (int *futex, short *adapt_count) + result in another failure. Use normal locking now and + for the next couple of calls. */ + if (aconf.skip_trylock_internal_abort > 0) +- *adapt_count = aconf.skip_trylock_internal_abort; ++ atomic_store_relaxed (adapt_count, ++ aconf.skip_trylock_internal_abort); + } + } + +diff --git a/sysdeps/unix/sysv/linux/powerpc/elision-unlock.c b/sysdeps/unix/sysv/linux/powerpc/elision-unlock.c +index 43c5a67df2..51d7018e4c 100644 +--- a/sysdeps/unix/sysv/linux/powerpc/elision-unlock.c ++++ b/sysdeps/unix/sysv/linux/powerpc/elision-unlock.c +@@ -28,13 +28,16 @@ __lll_unlock_elision (int *lock, short *adapt_count, int pshared) + __libc_tend (0); + else + { +- lll_unlock ((*lock), pshared); ++ /* Update adapt_count in the critical section to prevent a ++ write-after-destroy error as mentioned in BZ 20822. The ++ following update of adapt_count has to be contained within ++ the critical region of the fall-back lock in order to not violate ++ the mutex destruction requirements. */ ++ short __tmp = atomic_load_relaxed (adapt_count); ++ if (__tmp > 0) ++ atomic_store_relaxed (adapt_count, __tmp - 1); + +- /* Update the adapt count AFTER completing the critical section. +- Doing this here prevents unneeded stalling when entering +- a critical section. Saving about 8% runtime on P8. */ +- if (*adapt_count > 0) +- (*adapt_count)--; ++ lll_unlock ((*lock), pshared); + } + return 0; + } diff --git a/sysdeps/unix/sysv/linux/pread.c b/sysdeps/unix/sysv/linux/pread.c index 1bcff64781..46d974d952 100644 --- a/sysdeps/unix/sysv/linux/pread.c @@ -3372,10 +3889,10 @@ index e67aecf8f0..a67d199eb5 100644 +libpthread-shared-only-routines += sysdep endif diff --git a/sysdeps/unix/sysv/linux/spawni.c b/sysdeps/unix/sysv/linux/spawni.c -index bb3eecfde1..67e1c42426 100644 +index bb3eecfde1..b5f20a710b 100644 --- a/sysdeps/unix/sysv/linux/spawni.c +++ b/sysdeps/unix/sysv/linux/spawni.c -@@ -58,10 +58,6 @@ +@@ -58,22 +58,19 @@ normal program exit with the exit code 127. */ #define SPAWN_ERROR 127 @@ -3384,9 +3901,39 @@ index bb3eecfde1..67e1c42426 100644 - ((__sigset_t) { .__val = {[0 ... _SIGSET_NWORDS-1 ] = -1 } }) - #ifdef __ia64__ +-# define CLONE(__fn, __stack, __stacksize, __flags, __args) \ +- __clone2 (__fn, __stack, __stacksize, __flags, __args, 0, 0, 0) ++# define CLONE(__fn, __stackbase, __stacksize, __flags, __args) \ ++ __clone2 (__fn, __stackbase, __stacksize, __flags, __args, 0, 0, 0) + #else # define CLONE(__fn, __stack, __stacksize, __flags, __args) \ - __clone2 (__fn, __stack, __stacksize, __flags, __args, 0, 0, 0) -@@ -340,7 +336,9 @@ __spawnix (pid_t * pid, const char *file, + __clone (__fn, __stack, __flags, __args) + #endif + +-#if _STACK_GROWS_DOWN +-# define STACK(__stack, __stack_size) (__stack + __stack_size) +-#elif _STACK_GROWS_UP ++/* Since ia64 wants the stackbase w/clone2, re-use the grows-up macro. */ ++#if _STACK_GROWS_UP || defined (__ia64__) + # define STACK(__stack, __stack_size) (__stack) ++#elif _STACK_GROWS_DOWN ++# define STACK(__stack, __stack_size) (__stack + __stack_size) + #endif + + +@@ -329,6 +326,11 @@ __spawnix (pid_t * pid, const char *file, + + /* Add a slack area for child's stack. */ + size_t argv_size = (argc * sizeof (void *)) + 512; ++ /* We need at least a few pages in case the compiler's stack checking is ++ enabled. In some configs, it is known to use at least 24KiB. We use ++ 32KiB to be "safe" from anything the compiler might do. Besides, the ++ extra pages won't actually be allocated unless they get used. */ ++ argv_size += (32 * 1024); + size_t stack_size = ALIGN_UP (argv_size, GLRO(dl_pagesize)); + void *stack = __mmap (NULL, stack_size, prot, + MAP_PRIVATE | MAP_ANONYMOUS | MAP_STACK, -1, 0); +@@ -340,7 +342,9 @@ __spawnix (pid_t * pid, const char *file, } /* Disable asynchronous cancellation. */ @@ -3397,7 +3944,7 @@ index bb3eecfde1..67e1c42426 100644 args.file = file; args.exec = exec; -@@ -351,7 +349,7 @@ __spawnix (pid_t * pid, const char *file, +@@ -351,7 +355,7 @@ __spawnix (pid_t * pid, const char *file, args.envp = envp; args.xflags = xflags; @@ -3406,7 +3953,7 @@ index bb3eecfde1..67e1c42426 100644 /* The clone flags used will create a new child that will run in the same memory space (CLONE_VM) and the execution of calling thread will be -@@ -384,9 +382,9 @@ __spawnix (pid_t * pid, const char *file, +@@ -384,9 +388,9 @@ __spawnix (pid_t * pid, const char *file, if ((ec == 0) && (pid != NULL)) *pid = new_pid; @@ -3550,7 +4097,7 @@ index ed0c1a8efd..c0f0fa16a2 100644 *(ElfW(Addr) *) (got + 2) = (ElfW(Addr)) &_dl_runtime_resolve_sse; } diff --git a/sysdeps/x86_64/dl-trampoline.S b/sysdeps/x86_64/dl-trampoline.S -index 12f1a5cf84..39f595e1e1 100644 +index 12f1a5cf84..50b23633e3 100644 --- a/sysdeps/x86_64/dl-trampoline.S +++ b/sysdeps/x86_64/dl-trampoline.S @@ -18,6 +18,7 @@ @@ -3561,19 +4108,7 @@ index 12f1a5cf84..39f595e1e1 100644 #include <link-defines.h> #ifndef DL_STACK_ALIGNMENT -@@ -86,9 +87,11 @@ - #endif - #define VEC(i) zmm##i - #define _dl_runtime_resolve _dl_runtime_resolve_avx512 -+#define _dl_runtime_resolve_opt _dl_runtime_resolve_avx512_opt - #define _dl_runtime_profile _dl_runtime_profile_avx512 - #include "dl-trampoline.h" - #undef _dl_runtime_resolve -+#undef _dl_runtime_resolve_opt - #undef _dl_runtime_profile - #undef VEC - #undef VMOV -@@ -104,9 +107,11 @@ +@@ -104,9 +105,11 @@ #endif #define VEC(i) ymm##i #define _dl_runtime_resolve _dl_runtime_resolve_avx @@ -3585,7 +4120,7 @@ index 12f1a5cf84..39f595e1e1 100644 #undef _dl_runtime_profile #undef VEC #undef VMOV -@@ -126,3 +131,18 @@ +@@ -126,3 +129,19 @@ #define _dl_runtime_profile _dl_runtime_profile_sse #undef RESTORE_AVX #include "dl-trampoline.h" @@ -3603,12 +4138,13 @@ index 12f1a5cf84..39f595e1e1 100644 +# define VMOV vmovdqu +#endif +#define _dl_runtime_resolve _dl_runtime_resolve_sse_vex ++#define _dl_runtime_resolve_opt _dl_runtime_resolve_avx512_opt +#include "dl-trampoline.h" diff --git a/sysdeps/x86_64/dl-trampoline.h b/sysdeps/x86_64/dl-trampoline.h -index b90836ab13..abe4471c1d 100644 +index b90836ab13..32ad3af202 100644 --- a/sysdeps/x86_64/dl-trampoline.h +++ b/sysdeps/x86_64/dl-trampoline.h -@@ -50,6 +50,105 @@ +@@ -50,6 +50,106 @@ #endif .text @@ -3691,19 +4227,20 @@ index b90836ab13..abe4471c1d 100644 + # YMM state isn't in use. + PRESERVE_BND_REGS_PREFIX + jz _dl_runtime_resolve_sse_vex -+# elif VEC_SIZE == 64 ++# elif VEC_SIZE == 16 + # For ZMM registers, check if YMM state and ZMM state are in + # use. + andl $(bit_YMM_state | bit_ZMM0_15_state), %r11d + cmpl $bit_YMM_state, %r11d -+ # Preserve %xmm0 - %xmm7 registers with the zero upper 384 bits if -+ # neither YMM state nor ZMM state are in use. ++ # Preserve %zmm0 - %zmm7 registers if ZMM state is in use. + PRESERVE_BND_REGS_PREFIX -+ jl _dl_runtime_resolve_sse_vex ++ jg _dl_runtime_resolve_avx512 + # Preserve %ymm0 - %ymm7 registers with the zero upper 256 bits if + # ZMM state isn't in use. + PRESERVE_BND_REGS_PREFIX + je _dl_runtime_resolve_avx ++ # Preserve %xmm0 - %xmm7 registers with the zero upper 384 bits if ++ # neither YMM state nor ZMM state are in use. +# else +# error Unsupported VEC_SIZE! +# endif @@ -3714,7 +4251,7 @@ index b90836ab13..abe4471c1d 100644 .globl _dl_runtime_resolve .hidden _dl_runtime_resolve .type _dl_runtime_resolve, @function -@@ -162,7 +261,10 @@ _dl_runtime_resolve: +@@ -162,7 +262,10 @@ _dl_runtime_resolve: .size _dl_runtime_resolve, .-_dl_runtime_resolve @@ -3739,3 +4276,36 @@ index 2296b55119..a95b3ad3cf 100644 /* For libc.so this is defined in memcpy.S. For libc.a, this is a separate source to avoid memcpy bringing in __chk_fail and all routines +diff --git a/sysdeps/x86_64/multiarch/memset-vec-unaligned-erms.S b/sysdeps/x86_64/multiarch/memset-vec-unaligned-erms.S +index 28e71fd576..acf448c9a6 100644 +--- a/sysdeps/x86_64/multiarch/memset-vec-unaligned-erms.S ++++ b/sysdeps/x86_64/multiarch/memset-vec-unaligned-erms.S +@@ -110,6 +110,8 @@ ENTRY (__memset_erms) + ENTRY (MEMSET_SYMBOL (__memset, erms)) + # endif + L(stosb): ++ /* Issue vzeroupper before rep stosb. */ ++ VZEROUPPER + movq %rdx, %rcx + movzbl %sil, %eax + movq %rdi, %rdx +diff --git a/sysdeps/x86_64/sysdep.h b/sysdeps/x86_64/sysdep.h +index 75ac747be8..4b67fa80c1 100644 +--- a/sysdeps/x86_64/sysdep.h ++++ b/sysdeps/x86_64/sysdep.h +@@ -89,13 +89,14 @@ lose: \ + END (name) + + #undef JUMPTARGET +-#ifdef PIC ++#ifdef SHARED + # ifdef BIND_NOW + # define JUMPTARGET(name) *name##@GOTPCREL(%rip) + # else + # define JUMPTARGET(name) name##@PLT + # endif + #else ++/* For static archives, branch to target directly. */ + # define JUMPTARGET(name) name + #endif + diff --git a/debian/patches/series b/debian/patches/series index 7761543..16e7df0 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -217,5 +217,4 @@ any/local-bootstrap-headers.diff any/submitted-dlopen-noload.diff any/submitted-perl-inc.diff any/submitted-unicode-9.0.0.diff -any/cvs-resolv-internal-qtype.diff any/cvs-remove-pid-tid-cache-clone.diff -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-glibc/glibc.git