summaryrefslogtreecommitdiff
path: root/scripts
AgeCommit message (Collapse)Author
2024-01-30Update advisory format and introduce some automationSiddhesh Poyarekar
Simplify the advisory format by dropping the -Backport tags and instead stick to using just the -Commit tags. To identify backports, put a substring of git-describe into the release version in the brackets next to the commit ref. This way, it not only identifies that the fix (or regression) is on the release/2.YY/master branch, it also disambiguates regressions/fixes in the branch from those in the tarball. Add a README to make it easier for consumers to understand the format. Additionally, the Release wiki needs to be updated to inform the release manager to: 1. Generate a NEWS snipped from the advisories directory AND 2. on release/2.YY/master, replace the advisories directory with a text file pointing to the advisories directory in master so that we don't have to update multiple locations. Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org> Reviewed-by: Andreas K. Hüttel <dilfridge@gentoo.org>
2024-01-30Use binutils 2.42 branch in build-many-glibcs.pyJoseph Myers
This patch makes build-many-glibcs.py use binutils 2.42 branch. Tested with build-many-glibcs.py (host-libraries, compilers and glibcs builds).
2024-01-22Use --disable-default-pie for sparc in build-many-glibcs.pyAdhemerval Zanella
The staticcally built binaries fails without this option [1]. Checked on sparc64-linux-gnu and sparcv9-linux-gnu. [1] https://sourceware.org/bugzilla/show_bug.cgi?id=29575
2024-01-19Further build-many-glibcs.py fixes for utcnow() deprecationJoseph Myers
It turns out that the replacement of datetime.datetime.utcnow(), for a warning produced early in running build-many-glibcs.py with Python 3.12, (a) wasn't complete (there were other uses elsewhere in the script also needing updating) and (b) broke reading of build-time from build-state.json, because an aware datetime was written out including +00:00 for the timezone, which was not expected by the strptime call. Fix the first by making the change to datetime.datetime.now(datetime.timezone.utc) for all the remaining utcnow() calls. Fix the second by using strftime with an explicit format instead of just str() when formatting build times for build-state.json and and email subjects, and then setting the timezone explicitly when reading from build-state.json. (Other uses, in particular messages output by the bot, continue to use str() as the precise format should not matter in those cases; it shouldn't actually matter for email subjects either but it seems a good idea to keep those short.) Tested with a bot-cycle run and checking the format of times in build-state.json afterwards.
2024-01-17Use Linux 6.7 in build-many-glibcs.pyJoseph Myers
This patch makes build-many-glibcs.py use Linux 6.7. Tested with build-many-glibcs.py (host-libraries, compilers and glibcs builds).
2024-01-10Fix deprecated utcnow() usage in build-many-glibcs.pyJoseph Myers
Running build-many-glibcs.py with Python 3.12 or later produces a warning: build-many-glibcs.py:566: DeprecationWarning: datetime.datetime.utcnow() is deprecated and scheduled for removal in a future version. Use timezone-aware objects to represent datetimes in UTC: datetime.datetime.now(datetime.UTC). build_time = datetime.datetime.utcnow() Replace with datetime.datetime.now(datetime.timezone.utc) (the datetime.UTC constant is new in 3.11, so not suitable for use in this script at present).
2024-01-10Fix invalid escape sequence in build-many-glibcs.pyJoseph Myers
Running build-many-glibcs.py with Python 3.12 or later produces a warning: build-many-glibcs.py:173: SyntaxWarning: invalid escape sequence '\.' m = re.fullmatch('([0-9]+)\.([0-9]+)[.0-9]*', l) Use a raw string instead to avoid that warning. (Note: I haven't checked whether any other Python scripts included with glibc might have issues with newer Python versions.)
2024-01-08Remove ia64-linux-gnuAdhemerval Zanella
Linux 6.7 removed ia64 from the official tree [1], following the general principle that a glibc port needs upstream support for the architecture in all the components it depends on (binutils, GCC, and the Linux kernel). Apart from the removal of sysdeps/ia64 and sysdeps/unix/sysv/linux/ia64, there are updates to various comments referencing ia64 for which removal of those references seemed appropriate. The configuration is removed from README and build-many-glibcs.py. The CONTRIBUTED-BY, elf/elf.h, manual/contrib.texi (the porting mention), *.po files, config.guess, and longlong.h are not changed. For Linux it allows cleanup some clone2 support on multiple files. The following bug can be closed as WONTFIX: BZ 22634 [2], BZ 14250 [3], BZ 21634 [4], BZ 10163 [5], BZ 16401 [6], and BZ 11585 [7]. [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=43ff221426d33db909f7159fdf620c3b052e2d1c [2] https://sourceware.org/bugzilla/show_bug.cgi?id=22634 [3] https://sourceware.org/bugzilla/show_bug.cgi?id=14250 [4] https://sourceware.org/bugzilla/show_bug.cgi?id=21634 [5] https://sourceware.org/bugzilla/show_bug.cgi?id=10163 [6] https://sourceware.org/bugzilla/show_bug.cgi?id=16401 [7] https://sourceware.org/bugzilla/show_bug.cgi?id=11585 Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2024-01-05elf: Add ELF_DYNAMIC_AFTER_RELOC to rewrite PLTH.J. Lu
Add ELF_DYNAMIC_AFTER_RELOC to allow target specific processing after relocation. For x86-64, add #define DT_X86_64_PLT (DT_LOPROC + 0) #define DT_X86_64_PLTSZ (DT_LOPROC + 1) #define DT_X86_64_PLTENT (DT_LOPROC + 3) 1. DT_X86_64_PLT: The address of the procedure linkage table. 2. DT_X86_64_PLTSZ: The total size, in bytes, of the procedure linkage table. 3. DT_X86_64_PLTENT: The size, in bytes, of a procedure linkage table entry. With the r_addend field of the R_X86_64_JUMP_SLOT relocation set to the memory offset of the indirect branch instruction. Define ELF_DYNAMIC_AFTER_RELOC for x86-64 to rewrite the PLT section with direct branch after relocation when the lazy binding is disabled. PLT rewrite is disabled by default since SELinux may disallow modifying code pages and ld.so can't detect it in all cases. Use $ export GLIBC_TUNABLES=glibc.cpu.plt_rewrite=1 to enable PLT rewrite with 32-bit direct jump at run-time or $ export GLIBC_TUNABLES=glibc.cpu.plt_rewrite=2 to enable PLT rewrite with 32-bit direct jump and on APX processors with 64-bit absolute jump at run-time. Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
2024-01-01Update copyright dates not handled by scripts/update-copyrightsPaul Eggert
I've updated copyright dates in glibc for 2024. This is the patch for the changes not generated by scripts/update-copyrights and subsequent build / regeneration of generated files.
2024-01-01Update copyright dates with scripts/update-copyrightsPaul Eggert
2023-12-07Move CVE information into advisories directorySiddhesh Poyarekar
One of the requirements to becoming a CVE Numbering Authority (CNA) is to publish advisories. Do this by maintaining a file for each CVE fixed in the advisories directory in the source tree. Links to the advisories can then be shared as: https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-YYYY-NNNN The file format at the moment is rudimentary and derives from the git commit format, i.e. a subject line and a potentially multi-paragraph description and then tags to describe some meta information. This is a loose format at the moment and could change as we evolve this. Also add a script process-fixed-cves.sh that processes these advisories and generates a list to add to NEWS at release time. Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2023-11-29elf: Add a way to check if tunable is set (BZ 27069)Adhemerval Zanella
The patch adds two new macros, TUNABLE_GET_DEFAULT and TUNABLE_IS_INITIALIZED, here the former get the default value with a signature similar to TUNABLE_GET, while the later returns whether the tunable was set by the environment variable. Checked on x86_64-linux-gnu. Reviewed-by: DJ Delorie <dj@redhat.com> Tested-by: Zhangfei Gao <zhangfei.gao@linaro.org>
2023-11-21elf: Ignore GLIBC_TUNABLES for setuid/setgid binariesAdhemerval Zanella
The tunable privilege levels were a retrofit to try and keep the malloc tunable environment variables' behavior unchanged across security boundaries. However, CVE-2023-4911 shows how tricky can be tunable parsing in a security-sensitive environment. Not only parsing, but the malloc tunable essentially changes some semantics on setuid/setgid processes. Although it is not a direct security issue, allowing users to change setuid/setgid semantics is not a good security practice, and requires extra code and analysis to check if each tunable is safe to use on all security boundaries. It also means that security opt-in features, like aarch64 MTE, would need to be explicit enabled by an administrator with a wrapper script or with a possible future system-wide tunable setting. Co-authored-by: Siddhesh Poyarekar <siddhesh@sourceware.org> Reviewed-by: DJ Delorie <dj@redhat.com>
2023-11-03Format test results closer to what DejaGnu doesMaxim Kuvyrkov
The years of dealing with Binutils, GCC and GDB test results made the community create good tools for comparison and analysis of DejaGnu test results. This change allows to use those tools for Glibc's test results as well. The motivation for this change is Linaro's pre-commit testers, which use a modified version of GCC's validate_failures.py to create test xfail lists with baseline failures and known flaky tests. See below links for an example xfails file (only one link is supposed to work at any given time): - https://ci.linaro.org/job/tcwg_glibc_check--master-arm-build/lastSuccessfulBuild/artifact/artifacts/artifacts.precommit/sumfiles/xfails.xfail/*view*/ - https://ci.linaro.org/job/tcwg_glibc_check--master-arm-build/lastSuccessfulBuild/artifact/artifacts/sumfiles/xfails.xfail/*view*/ Specifacally, this patch changes format of glibc's .sum files from ... <cut> FAIL: elf/test1 PASS: string/test2 </cut> ... to ... <cut> === glibc tests === Running elf ... FAIL: elf/test1 Running string ... PASS: string/test2 </cut>. And output of "make check" from ... <cut> FAIL: elf/test1 </cut> ... to ... <cut> FAIL: elf/test1 === Summary of results === 1 FAIL 1 PASS </cut>. Signed-off-by: Maxim Kuvyrkov <maxim.kuvyrkov@linaro.org> Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2023-10-31Use Linux 6.6 in build-many-glibcs.pyJoseph Myers
This patch makes build-many-glibcs.py use Linux 6.6. Tested with build-many-glibcs.py (host-libraries, compilers and glibcs builds).
2023-10-30crypt: Remove libcrypt supportAdhemerval Zanella
All the crypt related functions, cryptographic algorithms, and make requirements are removed, with only the exception of md5 implementation which is moved to locale folder since it is required by localedef for integrity protection (libc's locale-reading code does not check these, but localedef does generate them). Besides thec code itself, both internal documentation and the manual is also adjusted. This allows to remove both --enable-crypt and --enable-nss-crypt configure options. Checked with a build for all affected ABIs. Co-authored-by: Zack Weinberg <zack@owlfolio.org> Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2023-10-30sparc: Remove optimize md5, sha256, and sha512Adhemerval Zanella
The libcrypt was maked to be phase out on 2.38, and a better project already exist that provide both compatibility and better API (libxcrypt). The sparc optimizations add the burden to extra build-many-glibcs.py configurations. Checked on sparc64 and sparcv9. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2023-10-30build-many-glibcs: Fix traililing whitespaceAdhemerval Zanella
From commit d846c2838942297c9644f2f38bdad0fb88f42245.
2023-10-24Remove 'grp' and merge into 'nss' and 'posix'Arjun Shankar
The majority of grp routines are entry points for nss functionality. This commit removes the 'grp' subdirectory and moves all nss-relevant functionality and all tests to 'nss', and the 'setgroups' stub into 'posix' (alongside the 'getgroups' stub). References to grp/ are accordingly changed. In addition, compat-initgroups.c, a fallback implementation of initgroups is renamed to initgroups-fallback.c so that the build system does not confuse it for nss_compat/compat-initgroups.c. Build time improves very slightly; e.g. down from an average of 45.5s to 44.5s on an 8-thread mobile x86_64 CPU. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2023-10-09build-many-glibcs: Check for required system toolsDJ Delorie
Notes for future devs: * Add tools as you find they're needed, with version 0,0 * Bump version when you find an old tool that doesn't work * Don't add a version just because you know it works Co-authored-by: Lukasz Majewski <lukma@denx.de> Co-authored-by: Adhemerval Zanella Netto <adhemerval.zanella@linaro.org>
2023-09-08Use Linux 6.5 in build-many-glibcs.pyJoseph Myers
This patch makes build-many-glibcs.py use Linux 6.5. Tested with build-many-glibcs.py (host-libraries, compilers and glibcs builds).
2023-08-29Use GMP 6.3.0, MPFR 4.2.1 in build-many-glibcs.pyJoseph Myers
This patch makes build-many-glibcs.py use the new GMP 6.3.0 and MPFR 4.2.1 releases. Tested with build-many-glibcs.py (host-libraries, compilers and glibcs builds).
2023-08-08Use binutils 2.41 branch in build-many-glibcs.pyJoseph Myers
This patch makes build-many-glibcs.py use binutils 2.41 branch. Tested with build-many-glibcs.py (host-libraries, compilers and glibcs builds).
2023-07-20scripts: Fix fortify checks if compiler does not support _FORTIFY_SOURCE=3Adhemerval Zanella
The 30379efad1 added _FORTIFY_SOURCE checks without check if compiler does support all used fortify levels. This patch fixes it by first checking at configure time the maximum support fortify level and using it instead of a pre-defined one. Checked on x86_64 with gcc 11, 12, and 13. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org> Tested-by: Florian Weimer <fweimer@redhat.com>
2023-07-20configure: Disable building libcrypt by defaultSiddhesh Poyarekar
We mentioned eventual dropping of libcrypt in the 2.28 NEWS. Actually put that plan in motion by first disabling building libcrypt by default. note in NEWS that the library will be dropped completely in a future release. Also add a couple of builds into build-many-glibcs.py. Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org> Reviewed-by: Andreas K. Hüttel <dilfridge@gentoo.org>
2023-07-19scripts: Add fortify checks on installed headersAdhemerval Zanella
The _FORTIFY_SOURCE is used as default by some system compilers, and there is no way to check if some fortify extension does not trigger any conformance issue. Checked on x86_64-linux-gnu. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2023-07-05Allow glibc to be built with _FORTIFY_SOURCEFrédéric Bérat
Add --enable-fortify-source option. It is now possible to enable fortification through a configure option. The level may be given as parameter, if none is provided, the configure script will determine what is the highest level possible that can be set considering GCC built-ins availability and set it. If level is explicitly set to 3, configure checks if the compiler supports the built-in function necessary for it or raise an error if it isn't. If the configure option isn't explicitly enabled, it _FORTIFY_SOURCE is forcibly undefined (and therefore disabled). The result of the configure checks are new variables, ${fortify_source} and ${no_fortify_source} that can be used to appropriately populate CFLAGS. A dedicated patch will follow to make use of this variable in Makefiles when necessary. Updated NEWS and INSTALL. Adding dedicated x86_64 variant that enables the configuration. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2023-06-27Use Linux 6.4 in build-many-glibcs.pyJoseph Myers
This patch makes build-many-glibcs.py use Linux 6.4. Tested with build-many-glibcs.py (host-libraries, compilers and glibcs builds).
2023-06-02Add lint-makefiles Makefile linting test.Carlos O'Donell
We add a 'make check' test that lints all Makefiles in the source directory of the glibc build. This linting test ensures that the lines in all Makefiles will be sorted correctly as developers creates patches. It is added to 'make check' because it is light-weight and supports the existing developer workflow The test adds ~3s to a 'make check' execution. No regressions on x86_64 and i686. Reviewed-by: Florian Weimer <fweimer@redhat.com>
2023-06-02Fix a few more typos I missed in previous round -- BZ 25337Paul Pluzhnikov
2023-06-02Fix all the remaining misspellings -- BZ 25337Paul Pluzhnikov
2023-05-18scripts: sort-makefile-lines.pyCarlos O'Donell
We must return < 0, 0, or > 0 as the result of the comparison function for cmp_to_key() to work correctly across all comparisons. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2023-05-10scripts: Add sort-makefile-lines.py to sort Makefile variables.Carlos O'Donell
The scripts/sort-makefile-lines.py script sorts Makefile variables according to project expected order. The script can be used like this: $ scripts/sort-makefile-lines.py < elf/Makefile > elf/Makefile.tmp $ mv elf/Makefile.tmp elf/Makefile Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2023-05-02hurd: Enable x86_64 build scriptSamuel Thibault
This now passes crossbuilds.
2023-05-02Use GCC 13 branch, Linux 6.3 in build-many-glibcs.pyJoseph Myers
This patch updates build-many-glibcs.py to use Linux 6.3 and GCC 13 branch by default. Tested with build-many-glibcs.py (host-libraries, compilers and glibc builds).
2023-05-01mach: Disable 32bit compatibility modeSamuel Thibault
32bit compatibility is the default for now with 64bit gnumach, until 64bit userland is ready. Here we however want native 64bit userland anyway.
2023-04-19build-many-glibcs.py: --disable-gcov for gcc-firstJan-Benedict Glaw
This is also being tracked n GCC [1]. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org> [1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100289
2023-03-29Remove --enable-tunables configure optionAdhemerval Zanella Netto
And make always supported. The configure option was added on glibc 2.25 and some features require it (such as hwcap mask, huge pages support, and lock elisition tuning). It also simplifies the build permutations. Changes from v1: * Remove glibc.rtld.dynamic_sort changes, it is orthogonal and needs more discussion. * Cleanup more code. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2023-03-29Remove --disable-experimental-malloc optionAdhemerval Zanella
It is the default since 2.26 and it has bitrotten over the years, By using it multiple malloc tests fails: FAIL: malloc/tst-memalign-2 FAIL: malloc/tst-memalign-2-malloc-hugetlb1 FAIL: malloc/tst-memalign-2-malloc-hugetlb2 FAIL: malloc/tst-memalign-2-mcheck FAIL: malloc/tst-mxfast-malloc-hugetlb1 FAIL: malloc/tst-mxfast-malloc-hugetlb2 FAIL: malloc/tst-tcfree2 FAIL: malloc/tst-tcfree2-malloc-hugetlb1 FAIL: malloc/tst-tcfree2-malloc-hugetlb2 Checked on x86_64-linux-gnu. Reviewed-by: DJ Delorie <dj@redhat.com>
2023-02-22Use Linux 6.2 in build-many-glibcs.pyJoseph Myers
This patch makes build-many-glibcs.py use Linux 6.2. Tested with build-many-glibcs.py (host-libraries, compilers and glibcs builds).
2023-01-27Use binutils 2.40 branch in build-many-glibcs.pyJoseph Myers
This patch makes build-many-glibcs.py use binutils 2.40 branch. Tested with build-many-glibcs.py (host-libraries, compilers and glibcs builds).
2023-01-27Use MPFR 4.2.0, MPC 1.3.1 in build-many-glibcs.pyJoseph Myers
This patch makes build-many-glibcs.py use the new MPFR 4.2.0 and MPC 1.3.1 releases. Tested with build-many-glibcs.py (host-libraries, compilers and glibcs builds).
2023-01-12scripts/build-many-glibcs.py: Remove unused RANLIB and STRIP optionAdhemerval Zanella
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2023-01-12configure: Move nm, objdump, and readelf to LIBC_PROG_BINUTILSAdhemerval Zanella
Allow the variables to be overriden or have the defaults come from the compiler currently in use. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2023-01-11configure: Allow user override LD, AR, OBJCOPY, and GPROFAdhemerval Zanella
The only way to override LD, AR, OBJCOPY, and GPROF is through --with-binutils (setting the environments variables on configure is overridden by LIBC_PROG_BINUTILS). The build-many-glibcs.py (bmg) glibcs option generates a working config, but not fully concise (some tools will be set from environment variable, while other will be set from $CC --print-prog-name). So remove the environment variable set to always use the "$CC --print-prog-name". Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2023-01-06Update copyright dates not handled by scripts/update-copyrightsJoseph Myers
I've updated copyright dates in glibc for 2023. This is the patch for the changes not generated by scripts/update-copyrights and subsequent build / regeneration of generated files.
2023-01-06Update copyright dates with scripts/update-copyrightsJoseph Myers
2022-12-22Simplify scripts/cross-test-ssh.sh configuration.Carlos O'Donell
With modern ssh clients and daemons it is required to use AcceptEnv and SendEnv configuration options to correctly support testing the DSO sort ordering tests. This requirement is present because scripts/dso-ordering-test.py injects GLIBC_TUNABLES to the left of the ${test_wrapper_env} and so it must both be sent by the ssh client and accepted by the ssh daemon. This requirement is removed in this change and the injected GLIBC_TUNABLES is placed after ${run_program_env} and so still correctly provides the override that the test requires. This is similar to existing tests like elf/tst-pathopt.sh, elf/tst-rtld-load-self.sh, and locale/tst-locale-locpath.sh. Tested that it fixes two failures when cross-testing on aarch64 with scripts/cross-test-ssh.sh and an ssh client and daemon that do not pass GLIBC_TUNABLES. Without this fix such a configuration will report the following failures (since the GLIBC_TUNABLES not preserved): FAIL: elf/tst-bz15311 FAIL: elf/tst-bz28937 Tested without regression on native x86_64 and aarch64 builds. Reviewed-by: Florian Weimer <fweimer@redhat.com>
2022-12-19Use Linux 6.1 in build-many-glibcs.pyJoseph Myers
This patch makes build-many-glibcs.py use Linux 6.1. Tested with build-many-glibcs.py (host-libraries, compilers and glibcs builds).