1. 14 7月, 2018 1 次提交
    • R
      fix writes outside buffer by ungetc after setvbuf · 9cad27a3
      Rich Felker 提交于
      commit 0b80a7b0, which added non-stub
      setvbuf, applied the UNGET pushback adjustment to the size of the
      buffer passed in, but inadvertently omitted offsetting the start by
      the same amount, thereby allowing unget to clobber up to 8 bytes
      before the start of the buffer. this bug was introduced in the present
      release cycle; no releases are affected.
      9cad27a3
  2. 13 7月, 2018 1 次提交
  3. 12 7月, 2018 1 次提交
    • R
      resolver: don't depend on v4mapped ipv6 to probe routability of v4 addrs · 4f35eb75
      Rich Felker 提交于
      to produce sorted results roughly corresponding to RFC 3484/6724,
      __lookup_name computes routability and choice of source address via
      dummy UDP connect operations (which do not produce any packets). since
      at the logical level, the properties fed into the sort key are
      computed on ipv6 addresses, the code was written to use the v4mapped
      ipv6 form of ipv4 addresses and share a common code path for them all.
      however, on kernels where ipv6 support has been completely omitted,
      this causes ipv4 to appear equally unroutable as ipv6, thereby putting
      unreachable ipv6 addresses before ipv4 addresses in the results.
      
      instead, use only ipv4 sockets to compute routability for ipv4
      addresses. some gratuitous conversion back and forth is left so that
      the logic is not affected by these changes. it may be possible to
      simplify the ipv4 case considerably, thereby reducing code size and
      complexity.
      4f35eb75
  4. 03 7月, 2018 1 次提交
  5. 29 6月, 2018 3 次提交
    • R
      avoid spurious dso matches by dladdr outside bounds of load segments · 193338e6
      Rich Felker 提交于
      since slack space at the beginning and/or end of writable load maps is
      donated to malloc, the application could obtain valid pointers in
      these ranges which dladdr would erroneously identify as part of the
      shared object whose mapping they came from.
      
      instead of checking the queried address against the mapping base and
      length, check it against the load segments from the program headers,
      and only match the dso if it lies within the bounds of one of them.
      
      as a shortcut, if the address does match the range of the mapping but
      not any of the load segments, we know it cannot match any other dso
      and can immediately return failure.
      193338e6
    • R
      make dladdr consistently produce the first symbol in presence of aliases · f6870d6b
      Rich Felker 提交于
      the early-exit condition for the symbol match loop on exact matches
      caused dladdr to produce the first match for an exact match, but the
      last match for an inexact match. in the interest of consistency,
      require a strictly-closer match to replace an already-found one.
      f6870d6b
    • R
      fix symtab-order-dependent spurious matches in dladdr · c8b49b2f
      Rich Felker 提交于
      commit 8b8fb7f0 added logic to prevent
      matching a symbol with no recorded size (closest-match) when there is
      an intervening symbol whose size was recorded, but it only worked when
      the intervening symbol was encountered later in the search.
      
      instead of rejecting symbols where addr falls outside their recorded
      size during the closest-match search, accept them to find the true
      closest-match, then reject such a result only once the search has
      finished.
      c8b49b2f
  6. 28 6月, 2018 2 次提交
    • R
      correctly handle non-matching symbols in dladdr · 8b8fb7f0
      Rich Felker 提交于
      based on patch by Axel Siebenborn, with fixes discussed on the mailing
      list after submission and and rebased around the UB fix in commit
      e829695f.
      
      avoid spurious symbol matches by dladdr beyond symbol size. for
      symbols with a size recorded, only match if the queried address lies
      within the address range determined by the symbol address and size.
      for symbols with no size recorded, the old closest-match behavior is
      kept, as long as there is no intervening symbol with a recorded size.
      
      the case where no symbol is matched, but the address does lie within
      the memory range of a shared object, is specified as success. fix the
      return value and produce a valid (with null dli_sname and dli_saddr)
      Dl_info structure.
      8b8fb7f0
    • R
      avoid using undefined pointer arithmetic in dladdr · e829695f
      Rich Felker 提交于
      e829695f
  7. 27 6月, 2018 9 次提交
    • P
    • D
      add explicit_bzero implementation · 05ac345f
      David Carlier 提交于
      maintainer's note: past sentiment was that, despite being imperfect
      and unable to force clearing of all possible copies of sensitive data
      (e.g. in registers, register spills, signal contexts left on the
      stack, etc.) this function would be added if major implementations
      agreed on it, which has happened -- several BSDs and glibc all include
      it.
      05ac345f
    • A
      inet_ntop: do not compress single zeros in IPv6 · 5c8e6926
      Arthur Jones 提交于
      maintainer's note: this change is for conformance with RFC 5952,
      4.2.2, which explicitly forbids use of :: to shorten a single 16-bit 0
      field when producing the canonical text representation for an IPv6
      address. fixes a test failure reported by Philip Homburg, who also
      submitted a patch, but this fix is simpler and should produce smaller
      code.
      5c8e6926
    • D
      strftime: fix underlying format string in %z format · da5851e9
      Daniel Sabogal 提交于
      the expression (tm->__tm_gmtoff)/3600 has type long. use %+.2ld instead.
      da5851e9
    • R
      resolver: omit final dot (root/suppress-search) in canonical name · 63e2e40e
      Rich Felker 提交于
      if a final dot was included in the queried host name to anchor it to
      the dns root/suppress search domains, and the result was not a CNAME,
      the returned canonical name included the final dot. this was not
      consistent with other implementations, confused some applications, and
      does not seem desirable.
      
      POSIX specifies returning a pointer to, or to a copy of, the input
      nodename, when the canonical name is not available, but does not
      attempt to specify what constitutes "not available". in the case of
      search, we already have an implementation-defined "availability" of a
      canonical name as the fully-qualified name resulting from search, so
      defining it similarly in the no-search case seems reasonable in
      addition to being consistent with other implementations.
      
      as a bonus, fix the case where more than one trailing dot is included,
      since otherwise the changes made here would wrongly cause lookups with
      two trailing dots to succeed. previously this case resulted in
      malformed dns queries and produced EAI_AGAIN after a timeout. now it
      fails immediately with EAI_NONAME.
      63e2e40e
    • R
      fix regression in powerpc[64] SO_PEERSEC definition · efda534b
      Rich Felker 提交于
      commit 587f5a53 moved the definition
      of SO_PEERSEC to bits/socket.h for archs where the SO_* macros differ
      from their standard values, but failed to add copies of the generic
      definition for powerpc and powerpc64.
      efda534b
    • R
      fix value of SO_PEERSEC on mips archs · 587f5a53
      Rich Felker 提交于
      adapted from patch by Matthias Schiffer.
      587f5a53
    • R
      add m68k reg.h and user.h · 471497ab
      Rich Felker 提交于
      471497ab
    • R
      fix dynamic linker mapping/clearing bss in first/only LOAD segment · 68a5a23a
      Rich Felker 提交于
      writable load segments can have size-in-memory larger than their size
      in the ELF file, representing bss or equivalent. the initial partial
      page has to be zero-filled, and additional anonymous pages have to be
      mapped such that accesses don't failt with SIGBUS.
      
      map_library skips redundant MAP_FIXED mapping of the initial
      (lowest-address) segment when processing LOAD segments since it was
      already mapped when reserving the virtual address range, but in doing
      so, inadvertently also skipped the code to fill/map bss. typical
      executable and library files have two or more LOAD segments, and the
      first one is text/rodata (non-writable) and thus has no bss, but it is
      syntactically valid for an ELF program/library to put its writable
      segment first, or to have only one segment (everything writable). the
      binutils bfd-based linker has been observed to create such programs in
      the presence of unusual sections or linker scripts.
      
      fix by moving only the mmap_fixed operation under the conditional
      rather than skipping the remainder of the loop body. add a check to
      avoid bss processing in the case where the segment is not writable;
      this should not happen, but if it does, the change would be a crashing
      regression without this check.
      68a5a23a
  8. 21 6月, 2018 3 次提交
  9. 20 6月, 2018 16 次提交
    • R
      work around broken kernel struct ipc_perm on some big endian archs · 0cd2be23
      Rich Felker 提交于
      the mode member of struct ipc_perm is specified by POSIX to have type
      mode_t, which is uniformly defined as unsigned int. however, Linux
      defines it with type __kernel_mode_t, and defines __kernel_mode_t as
      unsigned short on some archs. since there is a subsequent padding
      field, treating it as a 32-bit unsigned int works on little endian
      archs, but the order is backwards on big endian archs with the
      erroneous definition.
      
      since multiple archs are affected, remedy the situation with fixup
      code in the affected functions (shmctl, semctl, and msgctl) rather
      than repeating the same shims in syscall_arch.h for every affected
      arch.
      0cd2be23
    • S
      s390x: add kexec_file_load syscall number from linux v4.17 · 7ea235b1
      Szabolcs Nagy 提交于
      new in linux commit 71406883fd35794d573b3085433c41d0a3bf6c21
      7ea235b1
    • S
      mips: add HWCAP_ flags from linux v4.17 · 1177f61d
      Szabolcs Nagy 提交于
      new in linux commit 256211f2b0b251e532d1899b115e374feb16fa7a
      1177f61d
    • S
      aarch64: add HWCAP_ flags from linux v4.17 · f3b6690a
      Szabolcs Nagy 提交于
      hwcaps for armv8.4, new in linux commit
      7206dc93a58fb76421c4411eefa3c003337bcb2d
      f3b6690a
    • S
      add speculation control prctls from linux v4.17 · da9f2b2a
      Szabolcs Nagy 提交于
      PR_{SET,GET}_SPECULATION_CTRL controls speculation related vulnerability
      mitigations, new in commits
      b617cfc858161140d69cc0b5cc211996b557a1c7
      356e4bfff2c5489e016fdb925adbf12a1e3950ee
      da9f2b2a
    • S
      add ETH_P_PREAUTH ethertype from linux v4.17 · 5b85ed5c
      Szabolcs Nagy 提交于
      added in linux commit 4fe0de5b143762d327bfaf1d7be7c5b58041a18c
      5b85ed5c
    • S
      add TCP_NLA_* from linux v4.17 · ebeb1de2
      Szabolcs Nagy 提交于
      new and missing netlink attributes types for SCM_TIMESTAMPING_OPT_STATS,
      new ones were added in commits
      7156d194a0772f733865267e7207e0b08f81b02b
      be631892948060f44b1ceee3132be1266932071e
      87ecc95d81d951b0984f2eb9c5c118cb68d0dce8
      ebeb1de2
    • S
      add {MSG,SEM,SHM}_STAT_ANY from linux v4.17 · af55070e
      Szabolcs Nagy 提交于
      introduced to stat ipc objects without permission checks since the
      info is available in /proc/sysvipc anyway, new in linux commits
      23c8cec8cf679b10997a512abb1e86f0cedc42ba
      a280d6dc77eb6002f269d58cd47c7c7e69b617b6
      c21a6970ae727839a2f300cd8dd957de0d0238c3
      af55070e
    • S
      add MAP_FIXED_NOREPLACE from linux v4.17 · 156a3bed
      Szabolcs Nagy 提交于
      to map at a fixed address without unmapping underlying mappings
      (fails with EEXIST unlike MAP_FIXED), new in linux commits
      4ed28639519c7bad5f518e70b3284c6e0763e650 and
      a4ff8e8620d3f4f50ac4b41e8067b7d395056843.
      156a3bed
    • S
      powerpc: add pkey syscall numbers from linux v4.16 · 90ac71d8
      Szabolcs Nagy 提交于
      add pkey_mprotect, pkey_alloc, pkey_free syscall numbers,
      new in linux commits 3350eb2ea127978319ced883523d828046af4045
      and 9499ec1b5e82321829e1c1510bcc37edc20b6f38
      90ac71d8
    • S
      aarch64: add HWCAP_ASIMDFHM from linux v4.16 · a697a1c9
      Szabolcs Nagy 提交于
      armv8.4 fp mul instructions.
      added in commit 3b3b681097fae73b7f5dcdd42db6cfdf32943d4c
      a697a1c9
    • S
      sys/ptrace.h: add PTRACE_SECCOMP_GET_METADATA from linux v4.16 · 0f7aa600
      Szabolcs Nagy 提交于
      to get seccomp state for checkpoint restore.
      added in linux commit 26500475ac1b499d8636ff281311d633909f5d20
      
      struct tag follows the glibc api and ptrace_peeksiginfo_args
      got changed too accordingly.
      0f7aa600
    • S
      netinet/if_ether.h: add ETH_TLEN from linux v4.16 · 3a81cbe6
      Szabolcs Nagy 提交于
      octets in ethernet type field
      added in linux commit 4bbb3e0e8239f9079bf1fe20b3c0cb598714ae61
      3a81cbe6
    • S
      netinet/if_ether.h: add ETH_P_ERSPAN2 from linux v4.16 · 833df867
      Szabolcs Nagy 提交于
      protocol number for erspan v2 support
      added in linux commit f551c91de262ba36b20c3ac19538afb4f4507441
      833df867
    • S
      sys/epoll.h: add EPOLLNVAL from linux v4.16 · 29f3202b
      Szabolcs Nagy 提交于
      added to uapi in commit 65aaf87b3aa2d049c6b9fd85221858a895df3393
      used since commit a9a08845e9acbd224e4ee466f5c1275ed50054e8,
      which renamed POLL* to EPOLL* in the kernel.
      29f3202b
    • R
      add m68k port · f81e44a0
      Rich Felker 提交于
      three ABIs are supported: the default with 68881 80-bit fpu format and
      results returned in floating point registers, softfloat-only with the
      same format, and coldfire fpu with IEEE single/double only. only the
      first is tested at all, and only under qemu which has fpu emulation
      bugs.
      
      basic functionality smoke tests have been performed for the most
      common arch-specific breakage via libc-test and qemu user-level
      emulation. some sysvipc failures remain, but are shared with other big
      endian archs and will be fixed separately.
      f81e44a0
  10. 15 6月, 2018 1 次提交
    • R
      add support for m68k 80-bit long double variant · 18f02c42
      Rich Felker 提交于
      since x86 and m68k are the only archs with 80-bit long double and each
      has mandatory endianness, select the variant via endianness.
      differences are minor: apparently just byte order and representation
      of infinities. the m68k format is not well-documented anywhere I could
      find, so if other differences are found they may require additional
      changes later.
      18f02c42
  11. 13 6月, 2018 1 次提交
  12. 03 6月, 2018 1 次提交
    • S
      fix TLS layout of TLS variant I when there is a gap above TP · 610c5a85
      Szabolcs Nagy 提交于
      In TLS variant I the TLS is above TP (or above a fixed offset from TP)
      but on some targets there is a reserved gap above TP before TLS starts.
      
      This matters for the local-exec tls access model when the offsets of
      TLS variables from the TP are hard coded by the linker into the
      executable, so the libc must compute these offsets the same way as the
      linker.  The tls offset of the main module has to be
      
      	alignup(GAP_ABOVE_TP, main_tls_align).
      
      If there is no TLS in the main module then the gap can be ignored
      since musl does not use it and the tls access models of shared
      libraries are not affected.
      
      The previous setup only worked if (tls_align & -GAP_ABOVE_TP) == 0
      (i.e. TLS did not require large alignment) because the gap was
      treated as a fixed offset from TP.  Now the TP points at the end
      of the pthread struct (which is aligned) and there is a gap above
      it (which may also need alignment).
      
      The fix required changing TP_ADJ and __pthread_self on affected
      targets (aarch64, arm and sh) and in the tlsdesc asm the offset to
      access the dtv changed too.
      610c5a85