Age | Commit message (Collapse) | Author |
|
|
|
strcoll is implemented using a cache for indices and weights of
collation sequences in the strings so that subsequent passes do not
have to search through collation data again. For very large string
inputs, the cache size computation could overflow. In such a case,
use the fallback function that does not cache indices and weights of
collation sequences.
Fixes CVE-2012-4412.
|
|
strcoll currently falls back to alloca if malloc fails, resulting in a
possible stack overflow. This patch implements sequence traversal and
comparison without caching indices and rules.
Fixes CVE-2012-4424.
|
|
The pointer guard used for pointer mangling was not initialized for
static applications resulting in the security feature being disabled.
The pointer guard is now correctly initialized to a random value for
static applications. Existing static applications need to be
recompiled to take advantage of the fix.
The test tst-ptrguard1-static and tst-ptrguard1 add regression
coverage to ensure the pointer guards are sufficiently random
and initialized to a default value.
|
|
|
|
|
|
|
|
for ChangeLog
* NEWS: Mention malloc probes.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The end of the "Parsing of Floats" subsection currently reads:
The GNU C Library also provides '_l' versions of these functions,
which take an additional argument, the locale to use in conversion.
*Note Parsing of Integers::.
Split the final note as it is unrelated to the above comment and
reference it with "See also" instead.
|
|
The pt-chown binary is discussed in the "Running make install" section
without clarification of the needed configure option. Clarify this
and simplfy the discription which is already covered in the "Configuring
and compiling" section.
|
|
|
|
|
|
|
|
Fixes unclosed '{' if HAVE_SENDFILE is defined (BZ #15895).
|
|
Pull copies of these files directly from the GNU website:
http://www.gnu.org/licenses/gpl-2.0.txt
http://www.gnu.org/licenses/lgpl-2.1.txt
Fixes the address of the Free Software Foundation (BZ #15844). Also
includes some minor formatting changes and corrects references to
the GNU "Library" General Public License.
|
|
|
|
|
|
|
|
|
|
2013-09-03 Chris Leonard <cjl@sugarlabs.org>
[BZ#15886]
* locales/ht_HT: 1.1 revision of ht_HT locale.
|
|
2013-09-03 Chris Leonard <cjl@sugarlabs.org>
[BZ#15887]
* locales/quz_PE: New locale for quz_PE.
* SUPPORTED: Add quz_PE.
|
|
Resolves #15921
The test case nptl/tst-cleanup2 fails on s390x and power6 due to
instruction sheduling in gcc. This was reported in gcc:
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58034
but it was concluded that gcc is allowed to assume that the first
argument to sprintf is a character array - NULL not being a valid
character array.
|
|
|
|
The mov lr, pc instruction will lose the Thumb bit from the return address
so use blx lr instead.
ports/ChangeLog.arm:
2013-08-30 Will Newton <will.newton@linaro.org>
[BZ #15909]
* sysdeps/unix/sysv/linux/arm/clone.S (__clone): Use blx
instead of mov lr, pc.
|
|
|
|
For REL relocs pass dl_hwcap to the IFUNC resolver
as is required by the IFUNC API (bug 15905).
|
|
Since the dlopen funcs might invoke a constructor that calls a func
that is in the same compilation unit as the caller, we cannot mark
them as leaf funcs.
Similarly, dlclose might invoke a destructor that calls a func that
is in the same compilation unit as the caller.
URL: https://sourceware.org/bugzilla/show_bug.cgi?id=15897
Reportedy-by: Fabrice Bauzac <libnoon@gmail.com>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
Fixes BZ #15890.
|
|
|
|
|
|
|
|
|
|
* sysdeps/posix/dirstream.h (struct __dirstream): Add errcode
member.
* sysdeps/posix/opendir.c (__alloc_dir): Initialize errcode
member.
* sysdeps/posix/rewinddir.c (rewinddir): Reset errcode member.
* sysdeps/posix/readdir_r.c (__READDIR_R): Enforce NAME_MAX limit.
Return delayed error code. Remove GETDENTS_64BIT_ALIGNED
conditional.
* sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c: Do not define
GETDENTS_64BIT_ALIGNED.
* sysdeps/unix/sysv/linux/i386/readdir64_r.c: Likewise.
* manual/filesys.texi (Reading/Closing Directory): Document
ENAMETOOLONG return value of readdir_r. Recommend readdir more
strongly.
* manual/conf.texi (Limits for Files): Add portability note to
NAME_MAX, PATH_MAX.
(Pathconf): Add portability note for _PC_NAME_MAX, _PC_PATH_MAX.
|
|
|
|
* version.h (RELEASE): Set to "development".
(VERSION): Set to "2.18.90".
* NEWS: Add 2.19 section.
|
|
|
|
We returned without calling __munmap if not in the simulator.
Now we call a separate sim_dlclose() function to make the
control flow work correctly.
|
|
The helper binary pt_chown tricked into granting access to another
user's pseudo-terminal.
Pre-conditions for the attack:
* Attacker with local user account
* Kernel with FUSE support
* "user_allow_other" in /etc/fuse.conf
* Victim with allocated slave in /dev/pts
Using the setuid installed pt_chown and a weak check on whether a file
descriptor is a tty, an attacker could fake a pty check using FUSE and
trick pt_chown to grant ownership of a pty descriptor that the current
user does not own. It cannot access /dev/pts/ptmx however.
In most modern distributions pt_chown is not needed because devpts
is enabled by default. The fix for this CVE is to disable building
and using pt_chown by default. We still provide a configure option
to enable hte use of pt_chown but distributions do so at their own
risk.
|
|
The generated header is compiled with `-ffreestanding' to avoid any
circular dependencies against the installed implementation headers.
Such a dependency would require the implementation header to be
installed before the generated header could be built (See bug 15711).
In current practice the generated header dependencies do not include
any of the implementation headers removed by the use of `-ffreestanding'.
---
2013-07-15 Carlos O'Donell <carlos@redhat.com>
[BZ #15711]
* sysdeps/unix/sysv/linux/Makefile ($(objpfx)bits/syscall%h):
Avoid system header dependency with -ffreestanding.
($(objpfx)bits/syscall%d): Likewise.
|
|
|
|
|
|
|
|
This change creates a link map in static executables to serve as the
global search list for dlopen. It fixes a problem with the inability
to access the global symbol object and a crash on an attempt to map a
DSO into the global scope. Some code that has become dead after the
addition of this link map is removed too and test cases are provided.
|