Merge tag 'glibc-2.22' into baseline

The GNU C Library
=================

The GNU C Library version 2.22 is now available.

The GNU C Library is used as *the* C library in the GNU system and
in GNU/Linux systems, as well as many other systems that use Linux
as the kernel.

The GNU C Library is primarily designed to be a portable
and high performance C library.  It follows all relevant
standards including ISO C11 and POSIX.1-2008.  It is also
internationalized and has one of the most complete
internationalization interfaces known.

The GNU C Library webpage is at http://www.gnu.org/software/libc/

Packages for the 2.22 release may be downloaded from:
        http://ftpmirror.gnu.org/libc/
        http://ftp.gnu.org/gnu/libc/

The mirror list is at http://www.gnu.org/order/ftp.html

NEWS for version 2.22
=====================

* The following bugs are resolved with this release:

  438, 4719, 6544, 6792, 11216, 12836, 13028, 13064, 13151, 13152, 14094,
  14292, 14841, 14906, 14958, 15319, 15467, 15790, 15969, 16159, 16339,
  16350, 16351, 16352, 16353, 16361, 16512, 16526, 16538, 16559, 16560,
  16704, 16783, 16850, 17053, 17090, 17195, 17269, 17293, 17322, 17403,
  17475, 17523, 17542, 17569, 17581, 17588, 17596, 17620, 17621, 17628,
  17631, 17692, 17711, 17715, 17776, 17779, 17792, 17833, 17836, 17841,
  17912, 17916, 17930, 17932, 17944, 17949, 17964, 17965, 17967, 17969,
  17977, 17978, 17987, 17991, 17996, 17998, 17999, 18007, 18019, 18020,
  18029, 18030, 18032, 18034, 18036, 18038, 18039, 18042, 18043, 18046,
  18047, 18049, 18068, 18080, 18093, 18100, 18104, 18110, 18111, 18116,
  18125, 18128, 18134, 18138, 18185, 18196, 18197, 18206, 18210, 18211,
  18217, 18219, 18220, 18221, 18234, 18244, 18245, 18247, 18287, 18319,
  18324, 18333, 18346, 18371, 18383, 18397, 18400, 18409, 18410, 18412,
  18418, 18422, 18434, 18444, 18457, 18468, 18469, 18470, 18479, 18483,
  18495, 18496, 18497, 18498, 18502, 18507, 18508, 18512, 18513, 18519,
  18520, 18522, 18527, 18528, 18529, 18530, 18532, 18533, 18534, 18536,
  18539, 18540, 18542, 18544, 18545, 18546, 18547, 18549, 18553, 18557,
  18558, 18569, 18583, 18585, 18586, 18592, 18593, 18594, 18602, 18612,
  18613, 18619, 18633, 18641, 18643, 18648, 18657, 18676, 18694, 18696.

* Cache information can be queried via sysconf() function on s390 e.g. with
  _SC_LEVEL1_ICACHE_SIZE as argument.

* A buffer overflow in gethostbyname_r and related functions performing DNS
  requests has been fixed.  If the NSS functions were called with a
  misaligned buffer, the buffer length change due to pointer alignment was
  not taken into account.  This could result in application crashes or,
  potentially arbitrary code execution, using crafted, but syntactically
  valid DNS responses.  (CVE-2015-1781)

* The time zone file parser has been made more robust against crafted time
  zone files, avoiding heap buffer overflows related to the processing of
  the tzh_ttisstdcnt and tzh_ttisgmtcnt fields, and a stack overflow due to
  large time zone data files.  Overly long time zone specifiers in the TZ
  variable no longer result in stack overflows and crashes.

* A powerpc and powerpc64 optimization for TLS, similar to TLS descriptors
  for LD and GD on x86 and x86-64, has been implemented.  You will need
  binutils-2.24 or later to enable this optimization.

* Character encoding and ctype tables were updated to Unicode 7.0.0, using
  new generator scripts contributed by Pravin Satpute and Mike FABIAN (Red
  Hat).  These updates cause user visible changes, such as the fix for bug
  17998.

* CVE-2014-8121 The NSS backends shared internal state between the getXXent
  and getXXbyYY NSS calls for the same database, causing a denial-of-service
  condition in some applications.

* Added vector math library named libmvec with the following vectorized x86_64
  implementations: cos, cosf, sin, sinf, sincos, sincosf, log, logf, exp, expf,
  pow, powf.
  The library can be disabled with --disable-mathvec. Use of the functions is
  enabled with -fopenmp -ffast-math starting from -O1 for GCC version >= 4.9.0.
  Shared library libmvec.so is linked in as needed when using -lm (no need to
  specify -lmvec explicitly for not static builds).
  Visit <https://sourceware.org/glibc/wiki/libmvec> for detailed information.

* A new fmemopen implementation has been added with the goal of POSIX
  compliance. The new implementation fixes the following long-standing
  issues: BZ#6544, BZ#11216, BZ#12836, BZ#13151, BZ#13152, and BZ#14292. The
  old implementation is still present for use be by existing binaries.

* The 32-bit sparc sigaction ABI was inadvertently broken in the 2.20 and 2.21
  releases.  It has been fixed to match 2.19 and older, but binaries built
  against 2.20 and 2.21 might need to be recompiled.  See BZ#18694.

* Port to Native Client running on ARMv7-A (--host=arm-nacl).
  Contributed by Roland McGrath (Google).

Contributors
============

This release was made possible by the contributions of many people.
The maintainers are grateful to everyone who has contributed
changes or bug reports.  These include:

Adhemerval Zanella
Alan Modra
Alexandre Oliva
Andreas Schwab
Andrew Senkevich
Andriy Rysin
Arjun Shankar
Aurelien Jarno
Benno Schulenberg
Brad Hubbard
Carlos O'Donell
Chris Metcalf
Christian Schmidt
Chung-Lin Tang
Cong Wang
Cyril Hrubis
Daniel Marjamäki
David S. Miller
Dmitry V. Levin
Eric Rannaud
Evangelos Foutras
Feng Gao
Florian Weimer
Gleb Fotengauer-Malinovskiy
H.J. Lu
Igor Zamyatin
J William Piggott
James Cowgill
James Lemke
John David Anglin
Joseph Myers
Kevin Easton
Khem Raj
Leonhard Holz
Mark Wielaard
Marko Myllynen
Martin Galvan
Martin Sebor
Matthew Fortune
Mel Gorman
Mike Frysinger
Miroslav Lichvar
Nathan Lynch
Ondřej Bílka
Paul Eggert
Paul Pluzhnikov
Pavel Kopyl
Pravin Satpute
Rajalakshmi Srinivasaraghavan
Rical Jasan
Richard Henderson
Roland McGrath
Rüdiger Sonderfeld
Samuel Thibault
Siddhesh Poyarekar
Stefan Liebler
Steve Ellcey
Szabolcs Nagy
Torvald Riegel
Tulio Magno Quites Machado Filho
Vincent Bernat
Wilco Dijkstra
Yaakov Selkowitz
Zack Weinberg

1 files changed, 51 insertions, 38 deletions

diff --git a/resolv/res_query.c b/resolv/res_query.c
index 1325f9772d..4a9b3b3f27 100644
--- a/resolv/res_query.c
+++ b/resolv/res_query.c
@@ -98,7 +98,7 @@ static int
 __libc_res_nquerydomain(res_state statp, const char *name, const char *domain,
 			int class, int type, u_char *answer, int anslen,
 			u_char **answerp, u_char **answerp2, int *nanswerp2,
-			int *resplen2);
+			int *resplen2, int *answerp2_malloced);
 
 /*
  * Formulate a normal query, send, and await answer.
@@ -119,7 +119,8 @@ __libc_res_nquery(res_state statp,
 		  u_char **answerp,	/* if buffer needs to be enlarged */
 		  u_char **answerp2,
 		  int *nanswerp2,
-		  int *resplen2)
+		  int *resplen2,
+		  int *answerp2_malloced)
 {
 	HEADER *hp = (HEADER *) answer;
 	HEADER *hp2;
@@ -202,7 +203,7 @@ __libc_res_nquery(res_state statp,
 			goto again;
 		}
 	}
-	if (__builtin_expect (n <= 0, 0)) {
+	if (__glibc_unlikely (n <= 0))       {
 		/* If the query choked with EDNS0, retry without EDNS0.  */
 		if ((statp->options & (RES_USE_EDNS0|RES_USE_DNSSEC)) != 0
 		    && ((oflags ^ statp->_flags) & RES_F_EDNS0ERR) != 0) {
@@ -224,7 +225,8 @@ __libc_res_nquery(res_state statp,
 	}
 	assert (answerp == NULL || (void *) *answerp == (void *) answer);
 	n = __libc_res_nsend(statp, query1, nquery1, query2, nquery2, answer,
-			     anslen, answerp, answerp2, nanswerp2, resplen2);
+			     anslen, answerp, answerp2, nanswerp2, resplen2,
+			     answerp2_malloced);
 	if (use_malloc)
 		free (buf);
 	if (n < 0) {
@@ -316,7 +318,7 @@ res_nquery(res_state statp,
 	   int anslen)		/* size of answer buffer */
 {
 	return __libc_res_nquery(statp, name, class, type, answer, anslen,
-				 NULL, NULL, NULL, NULL);
+				 NULL, NULL, NULL, NULL, NULL);
 }
 libresolv_hidden_def (res_nquery)
 
@@ -335,7 +337,8 @@ __libc_res_nsearch(res_state statp,
 		   u_char **answerp,
 		   u_char **answerp2,
 		   int *nanswerp2,
-		   int *resplen2)
+		   int *resplen2,
+		   int *answerp2_malloced)
 {
 	const char *cp, * const *domain;
 	HEADER *hp = (HEADER *) answer;
@@ -360,7 +363,7 @@ __libc_res_nsearch(res_state statp,
 	if (!dots && (cp = res_hostalias(statp, name, tmp, sizeof tmp))!= NULL)
 		return (__libc_res_nquery(statp, cp, class, type, answer,
 					  anslen, answerp, answerp2,
-					  nanswerp2, resplen2));
+					  nanswerp2, resplen2, answerp2_malloced));
 
 #ifdef DEBUG
 	if (statp->options & RES_DEBUG)
@@ -377,8 +380,11 @@ __libc_res_nsearch(res_state statp,
 	if (dots >= statp->ndots || trailing_dot) {
 		ret = __libc_res_nquerydomain(statp, name, NULL, class, type,
 					      answer, anslen, answerp,
-					      answerp2, nanswerp2, resplen2);
-		if (ret > 0 || trailing_dot)
+					      answerp2, nanswerp2, resplen2,
+					      answerp2_malloced);
+		if (ret > 0 || trailing_dot
+		    /* If the second response is valid then we use that.  */
+		    || (ret == 0 && resplen2 != NULL && *resplen2 > 0))
 			return (ret);
 		saved_herrno = h_errno;
 		tried_as_is++;
@@ -386,11 +392,11 @@ __libc_res_nsearch(res_state statp,
 			answer = *answerp;
 			anslen = MAXPACKET;
 		}
-		if (answerp2
-		    && (*answerp2 < answer || *answerp2 >= answer + anslen))
+		if (answerp2 && *answerp2_malloced)
 		  {
 		    free (*answerp2);
 		    *answerp2 = NULL;
+		    *answerp2_malloced = 0;
 		  }
 	}
 
@@ -407,30 +413,41 @@ __libc_res_nsearch(res_state statp,
 		for (domain = (const char * const *)statp->dnsrch;
 		     *domain && !done;
 		     domain++) {
+			const char *dname = domain[0];
 			searched = 1;
 
-			if (domain[0][0] == '\0' ||
-			    (domain[0][0] == '.' && domain[0][1] == '\0'))
+			/* __libc_res_nquerydoman concatenates name
+			   with dname with a "." in between.  If we
+			   pass it in dname the "." we got from the
+			   configured default search path, we'll end
+			   up with "name..", which won't resolve.
+			   OTOH, passing it "" will result in "name.",
+			   which has the intended effect for both
+			   possible representations of the root
+			   domain.  */
+			if (dname[0] == '.')
+				dname++;
+			if (dname[0] == '\0')
 				root_on_list++;
 
-			ret = __libc_res_nquerydomain(statp, name, *domain,
+			ret = __libc_res_nquerydomain(statp, name, dname,
 						      class, type,
 						      answer, anslen, answerp,
 						      answerp2, nanswerp2,
-						      resplen2);
-			if (ret > 0)
+						      resplen2, answerp2_malloced);
+			if (ret > 0 || (ret == 0 && resplen2 != NULL
+					&& *resplen2 > 0))
 				return (ret);
 
 			if (answerp && *answerp != answer) {
 				answer = *answerp;
 				anslen = MAXPACKET;
 			}
-			if (answerp2
-			    && (*answerp2 < answer
-				|| *answerp2 >= answer + anslen))
+			if (answerp2 && *answerp2_malloced)
 			  {
 			    free (*answerp2);
 			    *answerp2 = NULL;
+			    *answerp2_malloced = 0;
 			  }
 
 			/*
@@ -479,15 +496,17 @@ __libc_res_nsearch(res_state statp,
 	}
 
 	/*
-	 * f the query has not already been tried as is then try it
+	 * If the query has not already been tried as is then try it
 	 * unless RES_NOTLDQUERY is set and there were no dots.
 	 */
 	if ((dots || !searched || (statp->options & RES_NOTLDQUERY) == 0)
 	    && !(tried_as_is || root_on_list)) {
 		ret = __libc_res_nquerydomain(statp, name, NULL, class, type,
 					      answer, anslen, answerp,
-					      answerp2, nanswerp2, resplen2);
-		if (ret > 0)
+					      answerp2, nanswerp2, resplen2,
+					      answerp2_malloced);
+		if (ret > 0 || (ret == 0 && resplen2 != NULL
+				&& *resplen2 > 0))
 			return (ret);
 	}
 
@@ -498,10 +517,11 @@ __libc_res_nsearch(res_state statp,
 	 * else send back meaningless H_ERRNO, that being the one from
 	 * the last DNSRCH we did.
 	 */
-	if (answerp2 && (*answerp2 < answer || *answerp2 >= answer + anslen))
+	if (answerp2 && *answerp2_malloced)
 	  {
 	    free (*answerp2);
 	    *answerp2 = NULL;
+	    *answerp2_malloced = 0;
 	  }
 	if (saved_herrno != -1)
 		RES_SET_H_ERRNO(statp, saved_herrno);
@@ -521,13 +541,12 @@ res_nsearch(res_state statp,
 	    int anslen)		/* size of answer */
 {
 	return __libc_res_nsearch(statp, name, class, type, answer,
-				  anslen, NULL, NULL, NULL, NULL);
+				  anslen, NULL, NULL, NULL, NULL, NULL);
 }
 libresolv_hidden_def (res_nsearch)
 
 /*
- * Perform a call on res_query on the concatenation of name and domain,
- * removing a trailing dot from name if domain is NULL.
+ * Perform a call on res_query on the concatenation of name and domain.
  */
 static int
 __libc_res_nquerydomain(res_state statp,
@@ -539,7 +558,8 @@ __libc_res_nquerydomain(res_state statp,
 			u_char **answerp,
 			u_char **answerp2,
 			int *nanswerp2,
-			int *resplen2)
+			int *resplen2,
+			int *answerp2_malloced)
 {
 	char nbuf[MAXDNAME];
 	const char *longname = nbuf;
@@ -551,10 +571,6 @@ __libc_res_nquerydomain(res_state statp,
 		       name, domain?domain:"<Nil>", class, type);
 #endif
 	if (domain == NULL) {
-		/*
-		 * Check for trailing '.';
-		 * copy without '.' if present.
-		 */
 		n = strlen(name);
 
 		/* Decrement N prior to checking it against MAXDNAME
@@ -565,11 +581,7 @@ __libc_res_nquerydomain(res_state statp,
 			RES_SET_H_ERRNO(statp, NO_RECOVERY);
 			return (-1);
 		}
-		if (name[n] == '.') {
-			strncpy(nbuf, name, n);
-			nbuf[n] = '\0';
-		} else
-			longname = name;
+		longname = name;
 	} else {
 		n = strlen(name);
 		d = strlen(domain);
@@ -581,7 +593,7 @@ __libc_res_nquerydomain(res_state statp,
 	}
 	return (__libc_res_nquery(statp, longname, class, type, answer,
 				  anslen, answerp, answerp2, nanswerp2,
-				  resplen2));
+				  resplen2, answerp2_malloced));
 }
 
 int
@@ -593,7 +605,8 @@ res_nquerydomain(res_state statp,
 	    int anslen)		/* size of answer */
 {
 	return __libc_res_nquerydomain(statp, name, domain, class, type,
-				       answer, anslen, NULL, NULL, NULL, NULL);
+				       answer, anslen, NULL, NULL, NULL, NULL,
+				       NULL);
 }
 libresolv_hidden_def (res_nquerydomain)