| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Since the dlopen funcs might invoke a constructor that calls a func
that is in the same compilation unit as the caller, we cannot mark
them as leaf funcs.
Similarly, dlclose might invoke a destructor that calls a func that
is in the same compilation unit as the caller.
URL: https://sourceware.org/bugzilla/show_bug.cgi?id=15897
Reportedy-by: Fabrice Bauzac <libnoon@gmail.com>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
Fixes BZ #15890.
|
|
|
|
|
|
|
|
|
|
* sysdeps/posix/dirstream.h (struct __dirstream): Add errcode
member.
* sysdeps/posix/opendir.c (__alloc_dir): Initialize errcode
member.
* sysdeps/posix/rewinddir.c (rewinddir): Reset errcode member.
* sysdeps/posix/readdir_r.c (__READDIR_R): Enforce NAME_MAX limit.
Return delayed error code. Remove GETDENTS_64BIT_ALIGNED
conditional.
* sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c: Do not define
GETDENTS_64BIT_ALIGNED.
* sysdeps/unix/sysv/linux/i386/readdir64_r.c: Likewise.
* manual/filesys.texi (Reading/Closing Directory): Document
ENAMETOOLONG return value of readdir_r. Recommend readdir more
strongly.
* manual/conf.texi (Limits for Files): Add portability note to
NAME_MAX, PATH_MAX.
(Pathconf): Add portability note for _PC_NAME_MAX, _PC_PATH_MAX.
|
|
|
|
* version.h (RELEASE): Set to "development".
(VERSION): Set to "2.18.90".
* NEWS: Add 2.19 section.
|
|
|
|
We returned without calling __munmap if not in the simulator.
Now we call a separate sim_dlclose() function to make the
control flow work correctly.
|
|
The helper binary pt_chown tricked into granting access to another
user's pseudo-terminal.
Pre-conditions for the attack:
* Attacker with local user account
* Kernel with FUSE support
* "user_allow_other" in /etc/fuse.conf
* Victim with allocated slave in /dev/pts
Using the setuid installed pt_chown and a weak check on whether a file
descriptor is a tty, an attacker could fake a pty check using FUSE and
trick pt_chown to grant ownership of a pty descriptor that the current
user does not own. It cannot access /dev/pts/ptmx however.
In most modern distributions pt_chown is not needed because devpts
is enabled by default. The fix for this CVE is to disable building
and using pt_chown by default. We still provide a configure option
to enable hte use of pt_chown but distributions do so at their own
risk.
|
|
The generated header is compiled with `-ffreestanding' to avoid any
circular dependencies against the installed implementation headers.
Such a dependency would require the implementation header to be
installed before the generated header could be built (See bug 15711).
In current practice the generated header dependencies do not include
any of the implementation headers removed by the use of `-ffreestanding'.
---
2013-07-15 Carlos O'Donell <carlos@redhat.com>
[BZ #15711]
* sysdeps/unix/sysv/linux/Makefile ($(objpfx)bits/syscall%h):
Avoid system header dependency with -ffreestanding.
($(objpfx)bits/syscall%d): Likewise.
|
|
|
|
|
|
|
|
This change creates a link map in static executables to serve as the
global search list for dlopen. It fixes a problem with the inability
to access the global symbol object and a crash on an attempt to map a
DSO into the global scope. Some code that has become dead after the
addition of this link map is removed too and test cases are provided.
|
|
|
|
With compatibility for ev6 and non-ev6 builds, as the non-ev6 did
manage to get definitions emitted for the float and double functions.
|
|
Many Linux arches require fixed mmaps to be aligned higher than pagesize,
so use the SHMLBA define as it represents this quantity exactly.
This fixes spurious errors seen on those arches like:
cannot map archive header: Invalid argument
URL: http://sourceware.org/bugzilla/show_bug.cgi?id=10283
Reported-by: CHIKAMA Masaki <masaki.chikama@gmail.com>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
Static applications that call pthread_exit on the main
thread segfault. This is because after a thread terminates
__libc_start_main decrements __nptl_nthreads which is only
defined in pthread_create. Therefore the right solution is
to add a requirement to pthread_create from pthread_exit.
~~~
nptl/
2013-06-24 Vladimir Nikulichev <v.nikulichev@gmail.com>
[BZ #12310]
* pthread_exit.c: Add reference to pthread_create.
|
|
(bug 15667).
|
|
|
|
|
|
|
|
|
|
|
|
This patch introduces two new convenience functions to set the default
thread attributes used for creating threads. This allows a programmer
to set the default thread attributes just once in a process and then
run pthread_create without additional attributes.
|
|
|
|
|
|
Resolves: BZ #15627
Add an assembler version of rtld-memset to avoid using SSE registers.
|
|
Resolves BZ #15618.
pthread_attr_getaffinity_np may write beyond bounds of the input
cpuset buffer if the size of the input buffer is smaller than the
buffer present in the input pthread attributes. Fix is to copy to the
extent of the minimum of the source and the destination.
|
|
Text by Roland McGrath.
|
|
[BZ#15432]
* locales/sv_FI@euro: Add LC_MEASUREMENT.
|
|
[BZ#15431]
* locales/sv_FI: Add LC_MEASUREMENT, use copy in LC_TELEPHONE,
update LC_ADDRESS with using postal_fmt from Finnish Post Office
recommendations at
http://www.posti.fi/hinnatjaohjeet/osoitejakuorimerkinnat/osoitemerkinnat.html
and add missing entries.
|
|
Resolves #12515.
Use CLOCK_PROCESS_CPUTIME_ID instead of times to get better precision
in the value returned by clock.
|
|
|
|
|
|
|
|
|
|
In 128-bit IBM long double the precision of the type
decreases as you approach subnormal numbers, equaling
that of a double for subnormal numbers. Therefore
adjust the computation in ulp to use 2^(MIN_EXP - MANT_DIG)
which is correct for FP_SUBNORMAL for all types.
|
|
[BZ #15553] Increased the current limits large enough to load large
key and data values, but small enough to not pose a DoS threat.
|
|
* manual/errno.texi (ESTALE): Update to account for more than
just NFS file systems.
* sysdeps/gnu/errlist.c: Regenerated.
|
|
Resolves: #15465
The program name may be unavailable if the user application tampers
with argc and argv[]. Some parts of the dynamic linker caters for
this while others don't, so this patch consolidates the check and
fallback into a single macro and updates all users.
|
|
|
|
|
|
Fixes 15381.
Using wide character function is on byte oriented memstream is undefined
behaviour. This behaviour was masked by not initializing wide struct
info. We now initialize it to cause a predictable crash.
|
|
This patch fixes two issues, and perhaps should be two distinct commits,
but I present it here as one for the sake of completeness.
Commit 006dd86111c44572dbd3b26e9c63dd0f834d7762 fails to check malloc's
return in intl/dcigettext.c (_nl_find_msg):
~~~
freemem_size = INITIAL_BLOCK_SIZE;
newmem = (transmem_block_t *) malloc (freemem_size);
...
newmem->next = transmem_list;
transmem_list = newmem;
~~~
If malloc fails then newmem is NULL then newmem->next results in a
fault.
The fix is easy enough, check for newmem != NULL, and fall through to
the error condition below which returns (char *) -1 e.g. resource error.
The problem is that returning (char *) -1 will break all sorts of other
code, so while what we did is correct, the real failure case fix is
slightly broader.
There are 4 other places where _nl_find_msg is called, one is OK, the
other three are fixed to handle -1 error return value.
No regressions on x86-64 or x86.
However, no regressions isn't really a useful metric for this code.
The change was tested as documented here:
http://sourceware.org/glibc/wiki/Testing/WhiteBox
using SystemTap for fault injection to simulate malloc failure.
---
2013-05-03 Carlos O'Donell <carlos at redhat.com>
[BZ #15441]
* intl/dcigettext.c (DCIGETTEXT): Skip translating if _nl_find_msg
returns -1.
(_nl_find_msg): Return -1 if recursive call returned -1. If newmem is
null return -1.
* intl/loadmsgcat.c (_nl_load_domain): If _nl_find_msg returns -1 abort
loading the domain.
|
|
|
