Merge tag 'glibc-2.22' into baseline

The GNU C Library
=================

The GNU C Library version 2.22 is now available.

The GNU C Library is used as *the* C library in the GNU system and
in GNU/Linux systems, as well as many other systems that use Linux
as the kernel.

The GNU C Library is primarily designed to be a portable
and high performance C library.  It follows all relevant
standards including ISO C11 and POSIX.1-2008.  It is also
internationalized and has one of the most complete
internationalization interfaces known.

The GNU C Library webpage is at http://www.gnu.org/software/libc/

Packages for the 2.22 release may be downloaded from:
        http://ftpmirror.gnu.org/libc/
        http://ftp.gnu.org/gnu/libc/

The mirror list is at http://www.gnu.org/order/ftp.html

NEWS for version 2.22
=====================

* The following bugs are resolved with this release:

  438, 4719, 6544, 6792, 11216, 12836, 13028, 13064, 13151, 13152, 14094,
  14292, 14841, 14906, 14958, 15319, 15467, 15790, 15969, 16159, 16339,
  16350, 16351, 16352, 16353, 16361, 16512, 16526, 16538, 16559, 16560,
  16704, 16783, 16850, 17053, 17090, 17195, 17269, 17293, 17322, 17403,
  17475, 17523, 17542, 17569, 17581, 17588, 17596, 17620, 17621, 17628,
  17631, 17692, 17711, 17715, 17776, 17779, 17792, 17833, 17836, 17841,
  17912, 17916, 17930, 17932, 17944, 17949, 17964, 17965, 17967, 17969,
  17977, 17978, 17987, 17991, 17996, 17998, 17999, 18007, 18019, 18020,
  18029, 18030, 18032, 18034, 18036, 18038, 18039, 18042, 18043, 18046,
  18047, 18049, 18068, 18080, 18093, 18100, 18104, 18110, 18111, 18116,
  18125, 18128, 18134, 18138, 18185, 18196, 18197, 18206, 18210, 18211,
  18217, 18219, 18220, 18221, 18234, 18244, 18245, 18247, 18287, 18319,
  18324, 18333, 18346, 18371, 18383, 18397, 18400, 18409, 18410, 18412,
  18418, 18422, 18434, 18444, 18457, 18468, 18469, 18470, 18479, 18483,
  18495, 18496, 18497, 18498, 18502, 18507, 18508, 18512, 18513, 18519,
  18520, 18522, 18527, 18528, 18529, 18530, 18532, 18533, 18534, 18536,
  18539, 18540, 18542, 18544, 18545, 18546, 18547, 18549, 18553, 18557,
  18558, 18569, 18583, 18585, 18586, 18592, 18593, 18594, 18602, 18612,
  18613, 18619, 18633, 18641, 18643, 18648, 18657, 18676, 18694, 18696.

* Cache information can be queried via sysconf() function on s390 e.g. with
  _SC_LEVEL1_ICACHE_SIZE as argument.

* A buffer overflow in gethostbyname_r and related functions performing DNS
  requests has been fixed.  If the NSS functions were called with a
  misaligned buffer, the buffer length change due to pointer alignment was
  not taken into account.  This could result in application crashes or,
  potentially arbitrary code execution, using crafted, but syntactically
  valid DNS responses.  (CVE-2015-1781)

* The time zone file parser has been made more robust against crafted time
  zone files, avoiding heap buffer overflows related to the processing of
  the tzh_ttisstdcnt and tzh_ttisgmtcnt fields, and a stack overflow due to
  large time zone data files.  Overly long time zone specifiers in the TZ
  variable no longer result in stack overflows and crashes.

* A powerpc and powerpc64 optimization for TLS, similar to TLS descriptors
  for LD and GD on x86 and x86-64, has been implemented.  You will need
  binutils-2.24 or later to enable this optimization.

* Character encoding and ctype tables were updated to Unicode 7.0.0, using
  new generator scripts contributed by Pravin Satpute and Mike FABIAN (Red
  Hat).  These updates cause user visible changes, such as the fix for bug
  17998.

* CVE-2014-8121 The NSS backends shared internal state between the getXXent
  and getXXbyYY NSS calls for the same database, causing a denial-of-service
  condition in some applications.

* Added vector math library named libmvec with the following vectorized x86_64
  implementations: cos, cosf, sin, sinf, sincos, sincosf, log, logf, exp, expf,
  pow, powf.
  The library can be disabled with --disable-mathvec. Use of the functions is
  enabled with -fopenmp -ffast-math starting from -O1 for GCC version >= 4.9.0.
  Shared library libmvec.so is linked in as needed when using -lm (no need to
  specify -lmvec explicitly for not static builds).
  Visit <https://sourceware.org/glibc/wiki/libmvec> for detailed information.

* A new fmemopen implementation has been added with the goal of POSIX
  compliance. The new implementation fixes the following long-standing
  issues: BZ#6544, BZ#11216, BZ#12836, BZ#13151, BZ#13152, and BZ#14292. The
  old implementation is still present for use be by existing binaries.

* The 32-bit sparc sigaction ABI was inadvertently broken in the 2.20 and 2.21
  releases.  It has been fixed to match 2.19 and older, but binaries built
  against 2.20 and 2.21 might need to be recompiled.  See BZ#18694.

* Port to Native Client running on ARMv7-A (--host=arm-nacl).
  Contributed by Roland McGrath (Google).

Contributors
============

This release was made possible by the contributions of many people.
The maintainers are grateful to everyone who has contributed
changes or bug reports.  These include:

Adhemerval Zanella
Alan Modra
Alexandre Oliva
Andreas Schwab
Andrew Senkevich
Andriy Rysin
Arjun Shankar
Aurelien Jarno
Benno Schulenberg
Brad Hubbard
Carlos O'Donell
Chris Metcalf
Christian Schmidt
Chung-Lin Tang
Cong Wang
Cyril Hrubis
Daniel Marjamäki
David S. Miller
Dmitry V. Levin
Eric Rannaud
Evangelos Foutras
Feng Gao
Florian Weimer
Gleb Fotengauer-Malinovskiy
H.J. Lu
Igor Zamyatin
J William Piggott
James Cowgill
James Lemke
John David Anglin
Joseph Myers
Kevin Easton
Khem Raj
Leonhard Holz
Mark Wielaard
Marko Myllynen
Martin Galvan
Martin Sebor
Matthew Fortune
Mel Gorman
Mike Frysinger
Miroslav Lichvar
Nathan Lynch
Ondřej Bílka
Paul Eggert
Paul Pluzhnikov
Pavel Kopyl
Pravin Satpute
Rajalakshmi Srinivasaraghavan
Rical Jasan
Richard Henderson
Roland McGrath
Rüdiger Sonderfeld
Samuel Thibault
Siddhesh Poyarekar
Stefan Liebler
Steve Ellcey
Szabolcs Nagy
Torvald Riegel
Tulio Magno Quites Machado Filho
Vincent Bernat
Wilco Dijkstra
Yaakov Selkowitz
Zack Weinberg

1 files changed, 167 insertions, 0 deletions

diff --git a/sysdeps/unix/sysv/linux/ia64/__sigstack_longjmp.c b/sysdeps/unix/sysv/linux/ia64/__sigstack_longjmp.c
new file mode 100644
index 0000000000..73d7fdc7cd
--- /dev/null
+++ b/sysdeps/unix/sysv/linux/ia64/__sigstack_longjmp.c
@@ -0,0 +1,167 @@
+/* Copyright (C) 2004-2015 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+   Contributed by David Mosberger-Tang <davidm@hpl.hp.com>.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <http://www.gnu.org/licenses/>.  */
+
+/* The public __longjmp() implementation is limited to jumping within
+   the same stack.  That is, in general it is not possible to use this
+   __longjmp() implementation to cross from one stack to another.
+   In contrast, the __sigstack_longjmp() implemented here allows
+   crossing from the alternate signal stack to the normal stack
+   as a special case.  */
+
+#include <assert.h>
+#include <setjmp.h>
+#include <signal.h>
+#include <stdint.h>
+#include <stdlib.h>
+
+#include <sysdep.h>
+#include <sys/rse.h>
+
+#define JB_SP	0
+#define JB_BSP	17
+
+struct rbs_flush_values
+  {
+    unsigned long bsp;
+    unsigned long rsc;
+    unsigned long rnat;
+  };
+
+extern struct rbs_flush_values __ia64_flush_rbs (void);
+extern void __ia64_longjmp (__jmp_buf buf, int val, long rnat, long rsc)
+     __attribute__ ((__noreturn__));
+
+static void
+copy_rbs (unsigned long *dst, unsigned long *dst_end, unsigned long dst_rnat,
+	  unsigned long *src, unsigned long *src_end,
+	  unsigned long current_rnat)
+{
+  unsigned long dst_slot, src_rnat = 0, src_slot, *src_rnat_addr, nat_bit;
+  int first_time = 1;
+
+  while (dst < dst_end)
+    {
+      dst_slot = ia64_rse_slot_num (dst);
+      if (dst_slot == 63)
+	{
+	  *dst++ = dst_rnat;
+	  dst_rnat = 0;
+	}
+      else
+	{
+	  /* read source value, including NaT bit: */
+	  src_slot = ia64_rse_slot_num (src);
+	  if (src_slot == 63)
+	    {
+	      /* skip src RNaT slot */
+	      ++src;
+	      src_slot = 0;
+	    }
+	  if (first_time || src_slot == 0)
+	    {
+	      first_time = 0;
+	      src_rnat_addr = ia64_rse_rnat_addr (src);
+	      if (src_rnat_addr < src_end)
+		src_rnat = *src_rnat_addr;
+	      else
+		src_rnat = current_rnat;
+	    }
+	  nat_bit = (src_rnat >> src_slot) & 1;
+
+	  assert (src < src_end);
+
+	  *dst++ = *src++;
+	  if (nat_bit)
+	    dst_rnat |=  (1UL << dst_slot);
+	  else
+	    dst_rnat &= ~(1UL << dst_slot);
+	}
+    }
+  dst_slot = ia64_rse_slot_num (dst);
+  if (dst_slot > 0)
+    *ia64_rse_rnat_addr (dst) = dst_rnat;
+}
+
+void
+__sigstack_longjmp (__jmp_buf buf, int val)
+{
+  unsigned long *rbs_base, *bsp, *bspstore, *jb_bsp, jb_sp, ss_sp;
+  unsigned long ndirty, rnat, load_rnat, *jb_rnat_addr;
+  struct sigcontext *sc;
+  stack_t stk;
+  struct rbs_flush_values c;
+
+  /* put RSE into enforced-lazy mode and return current bsp/rsc/rnat: */
+  c = __ia64_flush_rbs ();
+
+  jb_sp  = ((unsigned long *)  buf)[JB_SP];
+  jb_bsp = ((unsigned long **) buf)[JB_BSP];
+
+  INTERNAL_SYSCALL_DECL (err);
+  (void) INTERNAL_SYSCALL (sigaltstack, err, 2, NULL, &stk);
+
+  ss_sp = (unsigned long) stk.ss_sp;
+  jb_rnat_addr = ia64_rse_rnat_addr (jb_bsp);
+
+  if ((stk.ss_flags & SS_ONSTACK) == 0 || jb_sp - ss_sp < stk.ss_size)
+    /* Normal non-stack-crossing longjmp; if the RNaT slot for the bsp
+       saved in the jump-buffer is the same as the one for the current
+       BSP, use the current AR.RNAT value, otherwise, load it from the
+       jump-buffer's RNaT-slot.  */
+    load_rnat = (ia64_rse_rnat_addr ((unsigned long *) c.bsp) != jb_rnat_addr);
+  else
+    {
+      /* If we are on the alternate signal-stack and the jump-buffer
+	 lies outside the signal-stack, we may need to copy back the
+	 dirty partition which was torn off and saved on the
+	 signal-stack when the signal was delivered.
+
+	 Caveat: we assume that the top of the alternate signal-stack
+		 stores the sigcontext structure of the signal that
+		 caused the switch to the signal-stack.	 This should
+		 be a fairly safe assumption but the kernel _could_
+		 do things differently.. */
+      sc = ((struct sigcontext *) ((ss_sp + stk.ss_size) & -16) - 1);
+
+      /* As a sanity-check, verify that the register-backing-store base
+	 of the alternate signal-stack is where we expect it.  */
+      rbs_base = (unsigned long *)
+	((ss_sp + sizeof (long) - 1) & -sizeof (long));
+
+      assert ((unsigned long) rbs_base == sc->sc_rbs_base);
+
+      ndirty = ia64_rse_num_regs (rbs_base, rbs_base + (sc->sc_loadrs >> 19));
+      bsp = (unsigned long *) sc->sc_ar_bsp;
+      bspstore = ia64_rse_skip_regs (bsp, -ndirty);
+
+      if (bspstore < jb_bsp)
+	/* AR.BSPSTORE at the time of the signal was below the value
+	   of AR.BSP saved in the jump-buffer => copy the missing
+	   portion from the torn off dirty partition which got saved
+	   on the alternate signal-stack.  */
+	copy_rbs (bspstore, jb_bsp, sc->sc_ar_rnat,
+		  rbs_base, (unsigned long *) c.bsp, c.rnat);
+
+      load_rnat = 1;
+    }
+  if (load_rnat)
+    rnat = *jb_rnat_addr;
+  else
+    rnat = c.rnat;
+  __ia64_longjmp (buf, val, rnat, c.rsc);
+}