about summary refs log tree commit diff
Commit message (Collapse)AuthorAgeFilesLines
* release 1.2.3 v1.2.3Rich Felker2022-04-072-1/+41
|
* accept null pointer as message argument to gettext functionspsykose2022-03-271-0/+3
| | | | | | | | | | the change to support passing null was rejected in the past on the grounds that GNU gettext documented it as undefined, on an assumption that only glibc accepted it and that the standalone GNU gettext did not. but it turned out that both explicitly accept it. in light of this, since some software assumes null can be passed safely, allow it.
* fix invalid free of duplocale object when malloc has been replacedIsaiah Poston2022-03-161-0/+5
| | | | | | | | | | | | newlocale and freelocale use __libc_malloc and __libc_free, but duplocale used malloc. If malloc was replaced, this resulted in invalid free using the wrong allocator when passing the result of duplocale to freelocale. Instead, use libc-internal malloc for duplocale. This bug was introduced by commit 1e4204d522670a1d8b8ab85f1cfefa960547e8af.
* fix __WORDSIZE on x32 sys/user.hRich Felker2022-03-081-1/+1
| | | | | | sys/reg.h already had it right as 32, to which it was explicitly changed when commit 664cd341921007cea52c8891f27ce35927dca378 derived x32 from x86_64. but the copy exposed in sys/user.h was missed.
* sys/ptrace.h: add PTRACE_GET_RSEQ_CONFIGURATION from linux v5.13Szabolcs Nagy2022-03-081-0/+9
| | | | | | | | | see linux commit 90f093fa8ea48e5d991332cee160b761423d55c1 rseq, ptrace: Add PTRACE_GET_RSEQ_CONFIGURATION request the struct type got __ prefix to follow existing practice.
* sys/prctl.h: add PR_PAC_{SET,GET}_ENABLED_KEYS from linux v5.13Szabolcs Nagy2022-03-081-0/+3
| | | | | | | see linux commit 201698626fbca1cf1a3b686ba14cf2a056500716 arm64: Introduce prctl(PR_PAC_{SET,GET}_ENABLED_KEYS)
* elf.h: add NT_ARM_PAC_ENABLED_KEYS from linux v5.13Szabolcs Nagy2022-03-081-0/+1
| | | | | | | see linux commit 201698626fbca1cf1a3b686ba14cf2a056500716 arm64: Introduce prctl(PR_PAC_{SET,GET}_ENABLED_KEYS)
* netinet/in.h: add INADDR_DUMMY from linux v5.13Szabolcs Nagy2022-03-081-0/+1
| | | | | | | | | | | | see linux commit 321827477360934dc040e9d3c626bf1de6c3ab3c icmp: don't send out ICMP messages with a source address of 0.0.0.0 "RFC7600 reserves a dummy address to be used as a source for ICMP messages (192.0.0.8/32), so let's teach the kernel to substitute that address as a last resort if the regular source address selection procedure fails."
* bits/syscall.h: add landlock syscalls from linux v5.13Szabolcs Nagy2022-03-0816-0/+48
| | | | | | | | | | | | | | | | | see linux commit a49f4f81cb48925e8d7cbd9e59068f516e984144 arch: Wire up Landlock syscalls linuxcommit 17ae69aba89dbfa2139b7f8024b757ab3cc42f59 Merge tag 'landlock_v34' of ... jmorris/linux-security Landlock provides for unprivileged application sandboxing. The goal of Landlock is to enable to restrict ambient rights (e.g. global filesystem access) for a set of processes. Landlock is inspired by seccomp-bpf but instead of filtering syscalls and their raw arguments, a Landlock rule can restrict the use of kernel objects like file hierarchies, according to the kernel semantic.
* netinet/tcp.h: add tcp_zerocopy_receive fields from linux v5.12Szabolcs Nagy2022-03-081-0/+4
| | | | | | | | | | see linux commit 7eeba1706eba6def15f6cb2fc7b3c3b9a2651edc tcp: Add receive timestamp support for receive zerocopy. linux commit 3c5a2fd042d0bfac71a2dfb99515723d318df47b tcp: Sanitize CMSG flags and reserved args in tcp_zerocopy_receive.
* netinet/tcp.h: add TCP_NLA_* values up to linux v5.12Szabolcs Nagy2022-03-081-0/+2
| | | | | | | | | | | | TCP_NLA_EDT was new in v5.9, see linux commit 48040793fa6003d211f021c6ad273477bcd90d91 tcp: add earliest departure time to SCM_TIMESTAMPING_OPT_STATS TCP_NLA_TTL is new in v5.12, see linux commit e7ed11ee945438b737e2ae2370e35591e16ec371 tcp: add TTL to SCM_TIMESTAMPING_OPT_STATS
* s390x: add ptrace requests from linux v5.12Szabolcs Nagy2022-03-081-0/+3
| | | | | | | | PTRACE_OLDSETOPTIONS is old, but it was missing, PTRACE_SYSEMU and PTRACE_SYSEMU_SINGLESTEP are new, see linux commit 56e62a73702836017564eaacd5212e4d0fa1c01d s390: convert to generic entry
* bits/syscall.h: add mount_setattr from linux v5.12Szabolcs Nagy2022-03-0816-0/+16
| | | | | | | | new syscall to change the properties of a mount or a mount tree using file descriptors which the new mount api is based on, see linux commit 2a1867219c7b27f928e2545782b86daaf9ad50bd fs: add mount_setattr()
* signal.h: add new sa_flags from linux v5.11Szabolcs Nagy2022-03-081-0/+3
| | | | | | | | | | | | | see linux commit a54f0dfda754c5cecc89a14dab68a3edc1e497b5 signal: define the SA_UNSUPPORTED bit in sa_flags linux commit 6ac05e832a9e96f9b1c42a8917cdd317d7b6c8fa signal: define the SA_EXPOSE_TAGBITS bit in sa_flags Note: SA_ is in the posix reserved namespace so these linux specific flags can be exposed when compiling for posix.
* signal.h: add SYS_USER_DISPATCH si_code value from linux v5.11Szabolcs Nagy2022-03-081-0/+1
| | | | | | | see linux commit 1d7637d89cfce54a4f4a41c2325288c2f47470e8 signal: Expose SYS_USER_DISPATCH si_code type
* signal.h: add si_code values for SIGSYSSzabolcs Nagy2022-03-081-0/+2
| | | | | | unlike other si_code defines, SYS_ is not in the posix reserved namespace which is likely the reason why SYS_SECCOMP was previously missing (was new in linux v3.5).
* netinet/tcp.h: add tcp zerocopy related changes from linux v5.11Szabolcs Nagy2022-03-081-0/+5
| | | | | | | | | | see linux commit 18fb76ed53865c1b5d5f0157b1b825704590beb5 net-zerocopy: Copy straggler unaligned data for TCP Rx. zerocopy. linux commit 94ab9eb9b234ddf23af04a4bc7e8db68e67b8778 net-zerocopy: Defer vm zap unless actually needed.
* netinet/if_ether.h: add ETH_P_CFM from linux v5.11Szabolcs Nagy2022-03-081-0/+1
| | | | | | | see linux commit fbaedb4129838252570410c65abb2036b5505cbd bridge: uapi: cfm: Added EtherType used by the CFM protocol.
* sys/socket.h: add new SO_ socket options from linux v5.11Szabolcs Nagy2022-03-081-0/+2
| | | | | | | | | | see linux commit 7fd3253a7de6a317a0683f83739479fb880bffc8 net: Introduce preferred busy-polling linux commit 7c951cafc0cb2e575f1d58677b95ac387ac0a5bd net: Add SO_BUSY_POLL_BUDGET socket option
* sys/prctl.h: add PR_SET_SYSCALL_USER_DISPATCH from linux v5.11Szabolcs Nagy2022-03-081-0/+6
| | | | | | | | | | | | | | see linux commit 1446e1df9eb183fdf81c3f0715402f1d7595d4cb kernel: Implement selective syscall userspace redirection linux commit 36a6c843fd0d8e02506681577e96dabd203dd8e8 entry: Use different define for selector variable in SUD redirect syscalls to a userspace handler via SIGSYS, except for a specific range of code. can be toggled via a memory write to a selector variable. mainly for wine.
* bits/syscall.h: add epoll_pwait2 from linux v5.11Szabolcs Nagy2022-03-0816-0/+16
| | | | | | | | | | | | see linux commit b0a0c2615f6f199a656ed8549d7dce625d77aa77 epoll: wire up syscall epoll_pwait2 linux commit 58169a52ebc9a733aeb5bea857bc5daa71a301bb epoll: add syscall epoll_pwait2 epoll_wait with struct timespec timeout instead of int. no time32 variant.
* nice: return EPERM instead of EACCESAlexey Kodanev2022-03-081-1/+8
| | | | | To comply with POSIX, change errno from EACCES to EPERM when the caller did not have the required privilege.
* protect stack canary from leak via read-as-string by zeroing second bytejvoisin2022-03-081-0/+9
| | | | | | | | | This reduces entropy of the canary from 64-bit to 56-bit in exchange for mitigating non-terminated C string overflows by setting the second byte of the canary to nul, so that off-by-one write overflow with a nul byte can still be detected. Idea from GrapheneOS bionic commit 7024d880b51f03a796ff8832f1298f2f1531fd7b
* math: avoid runtime conversions of floating-point constantsSzabolcs Nagy2022-03-082-2/+6
| | | | | | | | | | | | | | | gcc-12 with -frounding-mode will do inexact constant conversions at runtime according to the runtime rounding mode. in the math library we want constants to be rounding mode independent so this patch fixes cases where new runtime conversions happen with gcc-12. fortunately this only affects two minor cases, the fix uses global initializers where rounding mode does not apply. after the patch the same amount of conversions happen with gcc-12 as with gcc-11.
* fix spurious failures by fgetws when buffer ends with partial characterRich Felker2022-02-201-6/+1
| | | | | | | | | | | | | | | | | | | | commit a90d9da1d1b14d81c4f93e1a6d1a686c3312e4ba made fgetws look for changes to errno by fgetwc to detect encoding errors, since ISO C did not allow the implementation to set the stream's error flag in this case, and the fgetwc interface did not admit any other way to detect the error. however, the possibility of fgetwc setting errno to EILSEQ in the success path was overlooked, and in fact this can happen if the buffer ends with a partial character, causing mbtowc to be called with only part of the character available. since that change was made, the C standard was amended to specify that fgetwc set the stream error flag on encoding errors, and commit 511d70738bce11a67219d0132ce725c323d00e4e made it do so. thus, there is no longer any need for fgetws to poke at errno to handle encoding errors. this commit reverts commit a90d9da1d1b14d81c4f93e1a6d1a686c3312e4ba and thereby fixes the problem.
* add missing strerror text for key managementpelco2022-02-191-0/+4
|
* fix out-of-bound read processing time zone data with distant-past datesRich Felker2022-02-091-14/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | this bug goes back to commit 1cc81f5cb0df2b66a795ff0c26d7bbc4d16e13c6 where zoneinfo file support was first added. in scan_trans, which searches for the appropriate local time/dst rule in effect at a given time, times prior to the second transition time caused the -1 slot of the index to be read to determine the previous rule in effect. this memory was always valid (part of another zoneinfo table in the mapped file) but the byte value read was then used to index another table, possibly going outside the bounds of the mmap. most of the time, the result was limited to misinterpretation of the rule in effect at that time (pre-1900s), but it could produce a crash if adjacent memory was not readable. the root cause of the problem, however, was that the logic for this code path was all wrong. as documented in the comment, times before the first transition should be treated as using the lowest-numbered non-dst rule, or rule 0 if no non-dst rules exist. if the argument is in units of local time, however, the rule prior to the first transition is needed to determine if it falls before or after it, and that's where the -1 index was wrongly used. instead, use the documented logic to find out what rule would be in effect before the first transition, and apply it as the offset if the argument was given in local time. the new code has not been heavily tested, but no longer performs potentially out-of-bounds accesses, and successfully handles the 1883 transition from local mean time to central standard time in the test case the error was reported for.
* fix potentially wrong-sign zero in cproj functions at infinityRich Felker2022-01-183-3/+3
| | | | | | these are specified to use the sign of the imaginary part of the input as the sign of zero in the result, but wrongly copied the sign of the real part.
* make fseek detect and produce an error for invalid whence argumentsRich Felker2022-01-091-0/+7
| | | | | | | | this is a POSIX requirement. we previously relied on the underlying fd (or other backend) seek operation to produce the error, but since linux lseek now supports other seek modes (SEEK_DATA and SEEK_HOLE) which do not interact well with stdio buffering, this is insufficient. instead, explicitly check whence before performing any operations.
* add SEEK_DATA and SEEK_HOLE to unistd.hÉrico Nogueira2022-01-091-0/+2
| | | | | | | | these are linux specific constants. glibc exposes them behind _GNU_SOURCE, but, since SEEK_* is reserved for the implementation, we can simply define them. furthermore, since they can't be used with fseek() and other functions that deal with FILE, we don't add them to stdio.h.
* fix failure to use add-cfi scripts on asm when building out-of-treeWesley Wiser2022-01-071-1/+1
| | | | use $srcdir in configure test for add-cfi script.
* fix wcwidth of hangul combining (vowel/final) lettersRich Felker2021-12-271-58/+60
| | | | | | | | | | these characters combine onto a base character (initial) and therefore need to have width 0. the original binary-search implementation of wcwidth handled them correctly, but a regression was introduced in commit 1b0ce9af6d2aa7b92edaf3e9c631cb635bae22bd by generating the new tables from unicode without noticing that the classification logic in use (unicode character category Mn/Me/Cf) was insufficient to catch these characters.
* fix mismatched signatures for strtod_l familyRich Felker2021-12-092-7/+22
| | | | | | | | | | | | | strtod_l, strtof_l, and strtold_l originally existed only as glibc-ABI-compat symbols. as noted in the commit which added them, 17a60f9d327c6f8b5707a06f9497d846e75c01f2, making them aliases for the non-_l functions was a hack and not appropriate if they ever became public API. unfortunately, commit 35eb1a1a9b97577e113240cd65bf9fc44b8df030 did make them public without undoing the hack. fix that now by moving the the _l functions to their own file as wrappers that just throw away the locale_t argument.
* define NULL as nullptr when used in C++11 or laterIsmael Luceno2021-11-298-8/+24
| | | | | This should be safer for casting and more compatible with existing code bases that wrongly assume it must be defined as a pointer.
* fix hwcap access in powerpc-sf setjmp/longjmpRich Felker2021-11-292-2/+2
| | | | | | | commit 7be59733d71ada3a32a98622507399253f1d5e48 introduced the hwcap-based branches to support the SPE FPU, but wrongly coded them as bitwise tests on the computed address of __hwcap, not a value loaded from that address. replace the add with indexed load to fix it.
* fix struct layout mismatch in sound ioctl time32 fallback conversionRich Felker2021-10-191-2/+7
| | | | | | | | | | | | | | | | | | | | | | the snd_pcm_mmap_control struct used with SNDRV_PCM_IOCTL_SYNC_PTR was mistakenly defined in the kernel uapi with "before u32" padding both before and after the first u32 member. our conversion between the modern struct and the legacy time32 struct was written without awareness of that mistake, and assumed the time64 version of the struct was the intended form with padding to match the layout on 64-bit archs. as a result, the struct was not converted correctly when running on old kernels, with audio glitches as the likely result. this was discovered thanks to a related bug in the kernel, whereby 32-bit userspace running on a 64-bit kernel also suffered from the types mismatching. the mistaken layout is now the ABI and can't be changed -- or at least making a new ioctl to change it would just result in a worse situation. our conversion here is changed to treat the snd_pcm_mmap_control substruct as two separate substructs at locations dependent on endianness (since the displacement depends on endianness), using the existing conversion framework.
* add qsort_r and make qsort a wrapper around itÉrico Nogueira2021-09-234-17/+36
| | | | | | | | | | | | | we make qsort a wrapper by providing a wrapper_cmp function that uses the extra argument as a function pointer. should be optimized to a tail call on most architectures, as long as it's built with -fomit-frame-pointer, so the performance impact should be minimal. to keep the git history clean, for now qsort_r is implemented in qsort.c and qsort is implemented in qsort_nr.c. qsort.c also received a few trivial cleanups, including replacing (*cmp)() calls with cmp(). qsort_nr.c contains only wrapper_cmp and qsort as a qsort_r wrapper itself.
* add SPE FPU support to powerpc-sfRich Felker2021-09-2311-13/+71
| | | | | | | | | | | | | | | | | | | When the soft-float ABI for PowerPC was added in commit 5a92dd95c77cee81755f1a441ae0b71e3ae2bcdb, with Freescale cpus using the alternative SPE FPU as the main use case, it was noted that we could probably support hard float on them, but that it would involve determining some difficult ABI constraints. This commit is the completion of that work. The Power-Arch-32 ABI supplement defines the ABI profiles, and indeed ATR-SPE is built on ATR-SOFT-FLOAT. But setjmp/longjmp compatibility are problematic for the same reason they're problematic on ARM, where optional float-related parts of the register file are "call-saved if present". This requires testing __hwcap, which is now done. In keeping with the existing powerpc-sf subarch definition, which did not have fenv, the fenv macros are not defined for SPE and the SPEFSCR control register is left (and assumed to start in) the default mode.
* fix undefined behavior in getdelim via null pointer arithmetic and memcpyRich Felker2021-09-111-3/+5
| | | | | | | | | both passing a null pointer to memcpy with length 0, and adding 0 to a null pointer, are undefined. in some sense this is 'benign' UB, but having it precludes use of tooling that strictly traps on UB. there may be better ways to fix it, but conditioning the operations which are intended to be no-ops in the k==0 case on k being nonzero is a simple and safe solution.
* fix excessively slow TLS performance on some mips modelsRich Felker2021-08-121-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | commit 6d99ad91e869aab35a4d76d34c3c9eaf29482bad introduced this regression as part of a larger change, based on an incorrect assumption that rdhwr being part of the mips r2 ISA level meant that the TLS register, known in the mips documentation as UserLocal, was unconditionally present on chips providing this ISA level and would not need trap-and-emulate. this turns out to be false. based on research by Stanislav Kljuhhin and Abilio Marques, who reported the problem as a performance regression on certain routers using OpenWRT vs older uclibc-based versions, it turns out the mips manuals document the UserLocal register as a feature that might or might not be implemented or enabled, reflected by a cpu capability bit in the CONFIG3 register, and that Linux checks for this and has to explicitly enable it on models that have it. thus, it's indeed possible that r2+ chips can lack the feature, bringing us back to the situation where Linux only has a fast trap-and-emulate path for the case where the destination register is $3. so, always read the thread pointer through $3. this may incur a gratuitous move to the desired final register on chips where it's not needed, but it really doesn't matter.
* fix error checking in pthread_getname_npÉrico Nogueira2021-08-061-1/+1
| | | | | | | len is unsigned and can never be smaller than 0. though unlikely, an error in read() would have lead to an out of bounds write to name. Reported-by: Michael Forney <mforney@mforney.org>
* fix libc-internal signal blocking on mips archsRich Felker2021-07-291-2/+2
| | | | | | | | | | | | due to historical reasons, the mips signal set has 128 bits rather than 64 like on every other arch. this was special-cased correctly, at least for 32-bit mips, at one time, but was inadvertently broken in commit 7c440977db9444d7e6b1c3dcb1fdf4ee49ca4158, and seems never to have been right on mips64/n32. as consequenct of this bug, applications making use of high realtime signal numbers on mips may have been able to execute application code in contexts where doing so was unsafe.
* fix broken struct shmid_ds on powerpc (32-bit)Rich Felker2021-07-061-1/+1
| | | | | | | | | | | | | | | | | the kernel structure has padding of the shm_segsz member up to 64 bits, as well as 2 unused longs at the end. somehow that was overlooked when the powerpc port was added, and it has been broken ever since; applications compiled with the wrong definition do not correctly see the shm_segsz, shm_cpid, and shm_lpid members. fixing the definition just by adding the missing padding would break the ABI size of the structure as well as the position of the time64 shm_atime and shm_dtime members we added at the end. instead, just move one of the unused padding members from the original end (before time64) of the structure to the position of the missing padding. this preserves size and preserves correct behavior of any compiled code that was already working. programs affected by the wrong definition need to be recompiled with the correct one.
* math: fix fmaf not to depend on FE_TOWARDZEROSzabolcs Nagy2021-07-061-11/+10
|
* fix TZ parsing logic for identifying POSIX-form stringsRich Felker2021-06-231-1/+13
| | | | | | | | | | | | | | | | previously, the contents of the TZ variable were considered a candidate for a file/path name only if they began with a colon or contained a slash before any comma. the latter was very sloppy logic to avoid treating any valid POSIX TZ string as a file name, but it also triggered on values that are not valid POSIX TZ strings, including 3-letter timezone names without any offset. instead, only treat the TZ variable as POSIX form if it begins with a nonzero standard time name followed by +, -, or a digit. also, special case GMT and UTC to always be treated as POSIX form (with implicit zero offset) so that a stray file by the same name cannot break software that depends on setting TZ=GMT or TZ=UTC.
* riscv: rename __NR_fstatat __NR_newfstatatKhem Raj2021-06-051-1/+1
| | | | | | on riscv64 this syscall is called __NR_newfstatat this helps the name match kernel UAPI for external programs
* remove return with expression in void functionMichael Forney2021-04-271-1/+1
|
* remove unnecessary cast for map_library returnÉrico Nogueira2021-04-201-1/+1
| | | | the function already returns (void *)
* add pthread_getname_np functionÉrico Rolim2021-04-202-0/+26
| | | | based on the pthread_setname_np implementation
* fix popen not to leak pipes from one child to anotherRich Felker2021-04-201-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | POSIX places an obscure requirement on popen which is like a limited version of close-on-exec: "The popen() function shall ensure that any streams from previous popen() calls that remain open in the parent process are closed in the new child process." if the POSIX-future 'e' mode flag is passed, producing a pipe FILE with FD_CLOEXEC on the underlying pipe, this requirement is automatically satisfied. however, for applications which use multiple concurrent popen pipes but don't request close-on-exec, fd leaks from earlier popen calls to later ones could produce deadlock situations where processes are waiting for a pipe EOF that will never happen. to fix this, iterate through all open FILEs and add close actions for those obtained from popen. this requires holding a lock on the open file list across the posix_spawn call so that additional popen FILEs are not created after the list is traversed. note that it's still possible for another popen call to start and create its pipe while the lock is held, but such pipes are created with O_CLOEXEC and only drop close-on-exec status (when 'e' flag is omitted) under control of the lock.