Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package glibc for openSUSE:Factory checked in at 2026-04-30 20:26:11 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/glibc (Old) and /work/SRC/openSUSE:Factory/.glibc.new.30200 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "glibc" Thu Apr 30 20:26:11 2026 rev:303 rq:1346485 version:2.43 Changes: -------- --- /work/SRC/openSUSE:Factory/glibc/glibc.changes 2026-01-23 17:30:54.652630480 +0100 +++ /work/SRC/openSUSE:Factory/.glibc.new.30200/glibc.changes 2026-04-30 20:27:21.867368060 +0200 @@ -1,0 +2,118 @@ +Mon Apr 13 12:48:17 UTC 2026 - Andreas Schwab <[email protected]> + +- sys-mount-cloexec-flag.patch: include: isolate __O_CLOEXEC flag for + sys/mount.h and fcntl.h +- sys-mount-open-tree-macros.patch: Linux: Only define OPEN_TREE_* macros + in <sys/mount.h> if undefined (BZ #33921) + +------------------------------------------------------------------- +Mon Mar 30 09:15:23 UTC 2026 - Andreas Schwab <[email protected]> + +- resolv-count-resource-records.patch: resolv: Count records correctly + (CVE-2026-4437, bsc#1260078, BZ #34014) +- resolv-check-hostname.patch: resolv: Check hostname for validity + (CVE-2026-4438, bsc#1260082, BZ #34015) +- ldbl-128ibm-ceill-floorl-roundl-truncl.patch: Fix ldbl-128ibm ceill, + floorl, roundl and truncl zero-sign handling (BZ #33623) +- getlogin-utmp-fallback.patch: Linux: In getlogin_r, use utmp fallback + only for specific errors +- nss-malloc-failure-checks.patch: nss: Missing checks in + __nss_configure_lookup, __nss_database_get (BZ #28940) +- nss-database-for-fork.patch: nss: Introduce dedicated struct + nss_database_for_fork type +- malloc-sys-kernel-mm.patch: malloc: Avoid accessing /sys/kernel/mm files +- tests-aarch64-makefile-deps-bti.patch: tests: aarch64: fix makefile + dependencies for dlopen tests for BTI +- aarch64-lock-gcs-startup.patch: aarch64: Lock GCS status at startup +- elf-strlen-redir-ifunc.patch: elf: Use dl-symbol-redir-ifunc.h instead + _dl_strlen +- riscv-redir-memcpy-generic.patch: riscv: Resolve calls to memcpy using + memcpy-generic in early startup +- tst-rseq-linux-7.patch: tests: fix tst-rseq with Linux 7.0 + +------------------------------------------------------------------- +Fri Mar 27 12:39:30 UTC 2026 - Marcus Meissner <[email protected]> + +- remove -fcf-protection from optflags on non-x86_64 cross compilers. + +------------------------------------------------------------------- +Mon Jan 26 09:43:12 UTC 2026 - Andreas Schwab <[email protected]> + +- Update to glibc 2.43 + * The ISO C23 free_sized, free_aligned_sized, memset_explicit, and + memalignment functions have been added + * As specified in ISO C23, the assert macro is defined to take variable + arguments to support expressions with a comma inside a compound + literal initializer not surrounded by parentheses + * For ISO C23, the functions bsearch, memchr, strchr, strpbrk, strrchr, + strstr, wcschr, wcspbrk, wcsrchr, wcsstr and wmemchr that return + pointers into their input arrays now have definitions as macros that + return a pointer to a const-qualified type when the input argument is + a pointer to a const-qualified type + * The ISO C23 typedef names long_double_t, _Float32_t, _Float64_t, and + (on platforms supporting _Float128) _Float128_t, introduced in TS + 18661-3:2015, have been added to <math.h> + * The ISO C23 optional time bases TIME_MONOTONIC, TIME_ACTIVE, and + TIME_THREAD_ACTIVE have been added + * On Linux, the mseal function has been added + * Additional optimized and correctly rounded mathematical functions have + been imported from the CORE-MATH project, in particular acosh, asinh, + atanh, erf, erfc, lgamma, and tgamma. + * Optimized implementations for fma, fmaf, remainder, remaindef, frexpf, + frexp, frexpl (binary128), and frexpl (intel96) have been added. + * The SVID handling for acosf, acoshf, asinhf, atan2f, atanhf, coshf, fmodf, + lgammaf/lgammaf_r, log10f, remainderf, sinhf, sqrtf, tgammaf, y0/j0, + y1/j1, and yn/jn was moved to compat symbols, allowing improvements in + performance + * On Linux, the openat2 function has been added + * On AArch64, support for 2MB transparent huge pages has been enabled by + default in malloc (similar to setting glibc.malloc.hugetlb=1 tunable) + * On AArch64 Linux targets supporting the Scalable Matrix Extension + (SME), the clone() system call wrapper will disable the ZA state of the + SME + * On AArch64 targets supporting the Branch Target Identification (BTI) + extension, it is possible to enforce that all binaries in the process + support BTI using the glibc.cpu.aarch64_bti tunable + * On AArch64 Linux targets supporting at least one of the branch protection + extensions (e.g. Branch Target Identification or Guarded Control Stack), it + is possible to use LD_DEBUG=security to make the dynamic linker show + warning messages about loaded binaries that do not support the + corresponding security feature + * On AArch64, vector variants of the new C23 exp2m1, exp10m1, log10p1, + log2p1, and rsqrt routines have been added + * On RISC-V, an RVV-optimized implementation of memset has been added + * On x86, support for the Intel Nova Lake and Wildcat Lake processors + has been added + * Unicode support has been updated to Unicode 17.0.0 + * The manual has been updated and modernized, in particular also regarding + many of its code examples + * Support for dumped heaps has been removed + * The aforementioned change in ISO C23 of the declaration of bsearch, + memchr, strchr, strpbrk, strrchr, strstr, wcschr, wcspbrk, wcsrchr, + wcsstr, and wmemchr as const-preserving macros can lead to compilation + issues in code not set up for it + * The uimaxabs function has been renamed to umaxabs, following a change + to the name of that function in ISO C2Y + * The fromfp, fromfpx, ufromfp and ufromfpx functions, and the + corresponding functions for other floating-point types, now return + their result in the same type as their floating-point argument, rather + than intmax_t or uintmax_t, in accordance with a change to the + definition of these functions in ISO C23 + * The support for TX lock elision of pthread mutexes has been removed on all + architectures (powerpc, s390x, x86_64) + * The next linux 6.19 release will remove support for compat syscalls on s390x + * The LD_PROFILE functionality no longer has a default directory for the + profile data it writes + * GLIBC-SA-2026-0001: Integer overflow in memalign leads to heap + corruption (CVE-2026-0861) + * GLIBC-SA-2026-0002: getnetbyaddr and getnetbyaddr_r leak stack + contents to DNS resovler (CVE-2026-0915) + * GLIBC-SA-2026-0003: wordexp with WRDE_REUSE and WRDE_APPEND may return + uninitialized memory (CVE-2025-15281) +- inet-fortified-namespace.patch, abort-fork-lock-init.patch, + ld.so-load-segment-gaps.patch, cancelable-syscall-return-value.patch, + ctype-tls-IE.patch, i386-gnu-tls-abi-tag.patch, + x86-64-gnu2-tls-abi-tag.patch, x86-64-dt-x86-64-plt-abi-tag.patch, + i386-gnu2-tls-abi-tag.patch, aarch64-sve-powf.patch: Removed + +------------------------------------------------------------------- Old: ---- aarch64-sve-powf.patch abort-fork-lock-init.patch cancelable-syscall-return-value.patch ctype-tls-IE.patch glibc-2.42.tar.xz glibc-2.42.tar.xz.sig i386-gnu-tls-abi-tag.patch i386-gnu2-tls-abi-tag.patch inet-fortified-namespace.patch ld.so-load-segment-gaps.patch x86-64-dt-x86-64-plt-abi-tag.patch x86-64-gnu2-tls-abi-tag.patch New: ---- aarch64-lock-gcs-startup.patch elf-strlen-redir-ifunc.patch getlogin-utmp-fallback.patch glibc-2.43.tar.xz glibc-2.43.tar.xz.sig ldbl-128ibm-ceill-floorl-roundl-truncl.patch malloc-sys-kernel-mm.patch nss-database-for-fork.patch nss-malloc-failure-checks.patch resolv-check-hostname.patch resolv-count-resource-records.patch riscv-redir-memcpy-generic.patch sys-mount-cloexec-flag.patch sys-mount-open-tree-macros.patch tests-aarch64-makefile-deps-bti.patch tst-rseq-linux-7.patch ----------(Old B)---------- Old: x86-64-gnu2-tls-abi-tag.patch, x86-64-dt-x86-64-plt-abi-tag.patch, i386-gnu2-tls-abi-tag.patch, aarch64-sve-powf.patch: Removed Old: uninitialized memory (CVE-2025-15281) - inet-fortified-namespace.patch, abort-fork-lock-init.patch, ld.so-load-segment-gaps.patch, cancelable-syscall-return-value.patch, Old:- inet-fortified-namespace.patch, abort-fork-lock-init.patch, ld.so-load-segment-gaps.patch, cancelable-syscall-return-value.patch, ctype-tls-IE.patch, i386-gnu-tls-abi-tag.patch, Old: ld.so-load-segment-gaps.patch, cancelable-syscall-return-value.patch, ctype-tls-IE.patch, i386-gnu-tls-abi-tag.patch, x86-64-gnu2-tls-abi-tag.patch, x86-64-dt-x86-64-plt-abi-tag.patch, Old: ld.so-load-segment-gaps.patch, cancelable-syscall-return-value.patch, ctype-tls-IE.patch, i386-gnu-tls-abi-tag.patch, x86-64-gnu2-tls-abi-tag.patch, x86-64-dt-x86-64-plt-abi-tag.patch, Old: x86-64-gnu2-tls-abi-tag.patch, x86-64-dt-x86-64-plt-abi-tag.patch, i386-gnu2-tls-abi-tag.patch, aarch64-sve-powf.patch: Removed Old: uninitialized memory (CVE-2025-15281) - inet-fortified-namespace.patch, abort-fork-lock-init.patch, ld.so-load-segment-gaps.patch, cancelable-syscall-return-value.patch, Old:- inet-fortified-namespace.patch, abort-fork-lock-init.patch, ld.so-load-segment-gaps.patch, cancelable-syscall-return-value.patch, ctype-tls-IE.patch, i386-gnu-tls-abi-tag.patch, Old: ctype-tls-IE.patch, i386-gnu-tls-abi-tag.patch, x86-64-gnu2-tls-abi-tag.patch, x86-64-dt-x86-64-plt-abi-tag.patch, i386-gnu2-tls-abi-tag.patch, aarch64-sve-powf.patch: Removed Old: ctype-tls-IE.patch, i386-gnu-tls-abi-tag.patch, x86-64-gnu2-tls-abi-tag.patch, x86-64-dt-x86-64-plt-abi-tag.patch, i386-gnu2-tls-abi-tag.patch, aarch64-sve-powf.patch: Removed ----------(Old E)---------- ----------(New B)---------- New: dependencies for dlopen tests for BTI - aarch64-lock-gcs-startup.patch: aarch64: Lock GCS status at startup - elf-strlen-redir-ifunc.patch: elf: Use dl-symbol-redir-ifunc.h instead New:- aarch64-lock-gcs-startup.patch: aarch64: Lock GCS status at startup - elf-strlen-redir-ifunc.patch: elf: Use dl-symbol-redir-ifunc.h instead _dl_strlen New: floorl, roundl and truncl zero-sign handling (BZ #33623) - getlogin-utmp-fallback.patch: Linux: In getlogin_r, use utmp fallback only for specific errors New: (CVE-2026-4438, bsc#1260082, BZ #34015) - ldbl-128ibm-ceill-floorl-roundl-truncl.patch: Fix ldbl-128ibm ceill, floorl, roundl and truncl zero-sign handling (BZ #33623) New: nss_database_for_fork type - malloc-sys-kernel-mm.patch: malloc: Avoid accessing /sys/kernel/mm files - tests-aarch64-makefile-deps-bti.patch: tests: aarch64: fix makefile New: __nss_configure_lookup, __nss_database_get (BZ #28940) - nss-database-for-fork.patch: nss: Introduce dedicated struct nss_database_for_fork type New: only for specific errors - nss-malloc-failure-checks.patch: nss: Missing checks in __nss_configure_lookup, __nss_database_get (BZ #28940) New: (CVE-2026-4437, bsc#1260078, BZ #34014) - resolv-check-hostname.patch: resolv: Check hostname for validity (CVE-2026-4438, bsc#1260082, BZ #34015) New: - resolv-count-resource-records.patch: resolv: Count records correctly (CVE-2026-4437, bsc#1260078, BZ #34014) New: _dl_strlen - riscv-redir-memcpy-generic.patch: riscv: Resolve calls to memcpy using memcpy-generic in early startup New: - sys-mount-cloexec-flag.patch: include: isolate __O_CLOEXEC flag for sys/mount.h and fcntl.h New: sys/mount.h and fcntl.h - sys-mount-open-tree-macros.patch: Linux: Only define OPEN_TREE_* macros in <sys/mount.h> if undefined (BZ #33921) New:- malloc-sys-kernel-mm.patch: malloc: Avoid accessing /sys/kernel/mm files - tests-aarch64-makefile-deps-bti.patch: tests: aarch64: fix makefile dependencies for dlopen tests for BTI New: memcpy-generic in early startup - tst-rseq-linux-7.patch: tests: fix tst-rseq with Linux 7.0 ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ glibc.spec ++++++ --- /var/tmp/diff_new_pack.YS0xcI/_old 2026-04-30 20:27:24.303468042 +0200 +++ /var/tmp/diff_new_pack.YS0xcI/_new 2026-04-30 20:27:24.307468206 +0200 @@ -186,10 +186,10 @@ Summary: Standard Shared Libraries (from the GNU C Library) License: GPL-2.0-or-later AND LGPL-2.1-or-later AND LGPL-2.1-or-later WITH GCC-exception-2.0 Group: System/Libraries -Version: 2.42 +Version: 2.43 Release: 0 %if %{without snapshot} -%define git_id d2097651cc +%define git_id f762ccf84f %define libversion %version %else %define git_id %(echo %version | sed 's/.*\.g//') @@ -336,27 +336,35 @@ %if %{without snapshot} ### # Patches from upstream -# PATCH-FIX-UPSTREAM inet-fortified: fix namespace violation (BZ #33227) -Patch1000: inet-fortified-namespace.patch -# PATCH-FIX-UPSTREAM stdlib: resolve a double lock init issue after fork (BZ #32994) -Patch1001: abort-fork-lock-init.patch -# PATCH-FIX-UPSTREAM elf: Handle ld.so with LOAD segment gaps in _dl_find_object (BZ #31943) -Patch1002: ld.so-load-segment-gaps.patch -# PATCH-FIX-UPSTREAM nptl: Fix SYSCALL_CANCEL for return values larger than INT_MAX (BZ #33245) -Patch1003: cancelable-syscall-return-value.patch -# PATCH-FIX-UPSTREAM Use TLS initial-exec model for __libc_tsd_CTYPE_* thread variables (BZ #33234) -Patch1004: ctype-tls-IE.patch -# PATCH-FIX-UPSTREAM i386: Add GLIBC_ABI_GNU_TLS version (BZ #33221) -Patch1005: i386-gnu-tls-abi-tag.patch -# PATCH-FIX-UPSTREAM x86-64: Add GLIBC_ABI_GNU2_TLS version (BZ #33129) -Patch1006: x86-64-gnu2-tls-abi-tag.patch -# PATCH-FIX-UPSTREAM x86-64: Add GLIBC_ABI_DT_X86_64_PLT (BZ #33212) -Patch1007: x86-64-dt-x86-64-plt-abi-tag.patch -# PATCH-FIX-UPSTREAM i386: Also add GLIBC_ABI_GNU2_TLS version (BZ #33129) -Patch1008: i386-gnu2-tls-abi-tag.patch -# PATCH-FIX-UPSTREAM AArch64: Fix SVE powf routine (BZ #33299) -Patch1009: aarch64-sve-powf.patch ### +# PATCH-FIX-UPSTREAM resolv: Count records correctly (CVE-2026-4437, BZ #34014) +Patch1000: resolv-count-resource-records.patch +# PATCH-FIX-UPSTREAM resolv: Check hostname for validity (CVE-2026-4438, BZ #34015) +Patch1001: resolv-check-hostname.patch +# PATCH-FIX-UPSTREAM Fix ldbl-128ibm ceill, floorl, roundl and truncl zero-sign handling (BZ #33623) +Patch1002: ldbl-128ibm-ceill-floorl-roundl-truncl.patch +# PATCH-FIX-UPSTREAM Linux: In getlogin_r, use utmp fallback only for specific errors +Patch1003: getlogin-utmp-fallback.patch +# PATCH-FIX-UPSTREAM nss: Missing checks in __nss_configure_lookup, __nss_database_get (BZ #28940) +Patch1004: nss-malloc-failure-checks.patch +# PATCH-FIX-UPSTREAM nss: Introduce dedicated struct nss_database_for_fork type +Patch1005: nss-database-for-fork.patch +# PATCH-FIX-UPSTREAM malloc: Avoid accessing /sys/kernel/mm files +Patch1006: malloc-sys-kernel-mm.patch +# PATCH-FIX-UPSTREAM tests: aarch64: fix makefile dependencies for dlopen tests for BTI +Patch1007: tests-aarch64-makefile-deps-bti.patch +# PATCH-FIX-UPSTREAM aarch64: Lock GCS status at startup +Patch1008: aarch64-lock-gcs-startup.patch +# PATCH-FIX-UPSTREAM elf: Use dl-symbol-redir-ifunc.h instead _dl_strlen +Patch1009: elf-strlen-redir-ifunc.patch +# PATCH-FIX-UPSTREAM riscv: Resolve calls to memcpy using memcpy-generic in early startup +Patch1010: riscv-redir-memcpy-generic.patch +# PATCH-FIX-UPSTREAM tests: fix tst-rseq with Linux 7.0 +Patch1011: tst-rseq-linux-7.patch +# PATCH-FIX-UPSTREAM include: isolate __O_CLOEXEC flag for sys/mount.h and fcntl.h +Patch1012: sys-mount-cloexec-flag.patch +# PATCH-FIX-UPSTREAM Linux: Only define OPEN_TREE_* macros in <sys/mount.h> if undefined (BZ #33921) +Patch1013: sys-mount-open-tree-macros.patch %endif ### @@ -632,6 +640,10 @@ %endif %if %{build_cross} -m*) ;; # remove all machine specific options for crosses +%if "%{cross_arch}" != "x86_64" + # on cross archs not x86_64, remove -fcf-protection as its x86_64 only. + -fcf-protection*) ;; +%endif %endif %if "%{cross_arch}" == "hppa" # -fstack-clash-protection is not supported on targets where the @@ -710,18 +722,17 @@ # mkdir cc-base cd cc-base -%if %{build_profile} -profile="--enable-profile" -%else -profile="--disable-profile" -%endif ../configure \ CFLAGS="$BuildFlags" BUILD_CFLAGS="$BuildFlags" \ CC="$BuildCC" CXX="$BuildCCplus" \ --prefix=%{_prefix} \ --libexecdir=%{_libexecdir} --infodir=%{_infodir} \ - $profile \ +%if %{build_profile} + --enable-profile \ +%else + --disable-profile \ +%endif --build=%{build} --host=${target} \ %if %{build_cross} --with-headers=%{sysroot}/usr/include \ @@ -1441,7 +1452,7 @@ %files devel %defattr(-,root,root) -%license COPYING COPYING.LIB +%license COPYING* %doc NEWS README %doc %{_mandir}/man3/* %{_bindir}/sprof @@ -1573,7 +1584,7 @@ %if %{build_cross} %files -n cross-%{cross_arch}-glibc-devel %defattr(-,root,root) -%license COPYING COPYING.LIB +%license COPYING* %{sysroot} %endif ++++++ aarch64-lock-gcs-startup.patch ++++++ ++++ 781 lines (skipped) ++++++ add-locales.patch ++++++ --- /var/tmp/diff_new_pack.YS0xcI/_old 2026-04-30 20:27:24.439473624 +0200 +++ /var/tmp/diff_new_pack.YS0xcI/_new 2026-04-30 20:27:24.443473788 +0200 @@ -11,7 +11,7 @@ en_GB/ISO-8859-1 \ en_HK.UTF-8/UTF-8 \ @@ -152,6 +153,7 @@ en_PH/ISO-8859-1 \ - en_SC.UTF-8/UTF-8 \ + en_SE.UTF-8/UTF-8 \ en_SG.UTF-8/UTF-8 \ en_SG/ISO-8859-1 \ +en_US.ISO-8859-15/ISO-8859-15 \ ++++++ elf-strlen-redir-ifunc.patch ++++++ >From 02ffd413cf83c07c5c419b5cba72990e1ed140ca Mon Sep 17 00:00:00 2001 From: Adhemerval Zanella <[email protected]> Date: Thu, 12 Feb 2026 09:48:53 -0300 Subject: [PATCH] elf: Use dl-symbol-redir-ifunc.h instead _dl_strlen Also replace the loop with strlen And remove -fno-tree-loop-distribute-patterns usage. It requires redirect the strlen to the baseline implementation for x86_64, aarch64, and loongarch64. Checked on x86_64-linux-gnu{-v2,v3} and aarch64-linux-gnu with both gcc-15 and clang-21. Reviewed-by: DJ Delorie <[email protected]> (cherry picked from commit 15cc350e507101ac7b01e1343ac55087a6cd9317) --- elf/Makefile | 6 ------ elf/dl-tunables.c | 14 +------------- string/Makefile | 1 + sysdeps/aarch64/multiarch/dl-symbol-redir-ifunc.h | 1 + sysdeps/aarch64/multiarch/strlen_generic.S | 4 ++++ .../lp64/multiarch/dl-symbol-redir-ifunc.h | 1 + sysdeps/unix/sysv/linux/riscv/multiarch/Makefile | 2 ++ sysdeps/x86_64/multiarch/dl-symbol-redir-ifunc.h | 10 ++++++++++ 8 files changed, 20 insertions(+), 19 deletions(-) diff --git a/elf/Makefile b/elf/Makefile index 01cc51636e..11029be0ae 100644 --- a/elf/Makefile +++ b/elf/Makefile @@ -97,12 +97,6 @@ ifeq (yesyes,$(build-shared)$(run-built-tests)) tests-special += $(objpfx)list-tunables.out endif -# Make sure that the compiler does not insert any library calls in tunables -# code paths. -ifeq (yes,$(have-loop-to-function)) -CFLAGS-dl-tunables.c += -fno-tree-loop-distribute-patterns -endif - all-dl-routines = $(dl-routines) $(sysdep-dl-routines) # But they are absent from the shared libc, because that code is in ld.so. elide-routines.os = \ diff --git a/elf/dl-tunables.c b/elf/dl-tunables.c index 37ade374c6..bdb1de4ceb 100644 --- a/elf/dl-tunables.c +++ b/elf/dl-tunables.c @@ -37,16 +37,6 @@ #define TUNABLES_INTERNAL 1 #include "dl-tunables.h" -/* The function might be called before the process is self-relocated. */ -static size_t -__attribute_optimization_barrier__ -_dl_strlen (const char *s) -{ - const char *p = s; - for (; *s != '\0'; s++); - return s - p; -} - static char ** get_next_env (char **envp, char **name, char **val, char ***prev_envp) { @@ -335,10 +325,8 @@ __tunables_init (char **envp) if (tunable_is_name (name, envname)) { /* The environment variable is always null-terminated. */ - size_t envvallen = _dl_strlen (envval); - tunables_env_alias[i] = - (struct tunable_toset_t) { cur, envval, envvallen }; + (struct tunable_toset_t) { cur, envval, strlen (envval) }; break; } } diff --git a/string/Makefile b/string/Makefile index c4423c0437..aa0b0c2f57 100644 --- a/string/Makefile +++ b/string/Makefile @@ -286,6 +286,7 @@ CFLAGS-wordcopy.c += $(no-stack-protector) # Called during static initialization CFLAGS-strncmp.c += $(no-stack-protector) CFLAGS-memset.c += $(no-stack-protector) +CFLAGS-strlen.c += $(no-stack-protector) ifeq ($(run-built-tests),yes) $(objpfx)tst-svc-cmp.out: tst-svc.expect $(objpfx)tst-svc.out diff --git a/sysdeps/aarch64/multiarch/dl-symbol-redir-ifunc.h b/sysdeps/aarch64/multiarch/dl-symbol-redir-ifunc.h index 647bdd66dd..9f772614bf 100644 --- a/sysdeps/aarch64/multiarch/dl-symbol-redir-ifunc.h +++ b/sysdeps/aarch64/multiarch/dl-symbol-redir-ifunc.h @@ -20,5 +20,6 @@ #define _DL_IFUNC_GENERIC_H asm ("memset = __memset_generic"); +asm ("strlen = __strlen_generic"); #endif diff --git a/sysdeps/aarch64/multiarch/strlen_generic.S b/sysdeps/aarch64/multiarch/strlen_generic.S index cb9d5759ac..a362328142 100644 --- a/sysdeps/aarch64/multiarch/strlen_generic.S +++ b/sysdeps/aarch64/multiarch/strlen_generic.S @@ -40,3 +40,7 @@ #endif #include "../strlen.S" + +#if IS_IN (rtld) +strong_alias (strlen, __strlen_generic) +#endif diff --git a/sysdeps/loongarch/lp64/multiarch/dl-symbol-redir-ifunc.h b/sysdeps/loongarch/lp64/multiarch/dl-symbol-redir-ifunc.h index 9fdd039da0..8af00d2846 100644 --- a/sysdeps/loongarch/lp64/multiarch/dl-symbol-redir-ifunc.h +++ b/sysdeps/loongarch/lp64/multiarch/dl-symbol-redir-ifunc.h @@ -22,6 +22,7 @@ #ifndef SHARED asm ("memset = __memset_aligned"); asm ("memcmp = __memcmp_aligned"); +asm ("strlen = __strlen_aligned"); #endif #endif diff --git a/sysdeps/unix/sysv/linux/riscv/multiarch/Makefile b/sysdeps/unix/sysv/linux/riscv/multiarch/Makefile index 1d26966ded..a865090a53 100644 --- a/sysdeps/unix/sysv/linux/riscv/multiarch/Makefile +++ b/sysdeps/unix/sysv/linux/riscv/multiarch/Makefile @@ -9,4 +9,6 @@ sysdep_routines += \ # sysdep_routines CFLAGS-memcpy_noalignment.c += -mno-strict-align +# Called during static initialization +CFLAGS-memset-generic.c += $(no-stack-protector) endif diff --git a/sysdeps/x86_64/multiarch/dl-symbol-redir-ifunc.h b/sysdeps/x86_64/multiarch/dl-symbol-redir-ifunc.h index 04b6c1e6a3..b607e525f2 100644 --- a/sysdeps/x86_64/multiarch/dl-symbol-redir-ifunc.h +++ b/sysdeps/x86_64/multiarch/dl-symbol-redir-ifunc.h @@ -44,6 +44,16 @@ asm ("memset = " HAVE_MEMSET_IFUNC_GENERIC); asm ("memcmp = " HAVE_MEMCMP_IFUNC_GENERIC); +#if MINIMUM_X86_ISA_LEVEL >= 4 +# define HAVE_STRCMP_IFUNC_GENERIC "__strlen_evex" +#elif MINIMUM_X86_ISA_LEVEL == 3 +# define HAVE_STRCMP_IFUNC_GENERIC "__strlen_avx2" +#else +# define HAVE_STRCMP_IFUNC_GENERIC "__strlen_sse2" +#endif + +asm ("strlen = " HAVE_STRCMP_IFUNC_GENERIC); + #endif /* SHARED */ #endif -- 2.53.0 ++++++ getlogin-utmp-fallback.patch ++++++ >From d6cb7ce0e98b2c16df5b2f5b9693d0130ccb8af5 Mon Sep 17 00:00:00 2001 From: Florian Weimer <[email protected]> Date: Fri, 13 Feb 2026 09:02:07 +0100 Subject: [PATCH] Linux: In getlogin_r, use utmp fallback only for specific errors Most importantly, if getwpuid_r fails, it does not make sense to retry via utmp because the user ID obtained from there is less reliable than the one from /proc/self/loginuid. Reviewed-by: Sam James <[email protected]> (cherry picked from commit 28660f4b45afa8921c2faebaec2846f95f670ba0) --- sysdeps/unix/sysv/linux/getlogin_r.c | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/sysdeps/unix/sysv/linux/getlogin_r.c b/sysdeps/unix/sysv/linux/getlogin_r.c index 3b85e91be6..200c96860f 100644 --- a/sysdeps/unix/sysv/linux/getlogin_r.c +++ b/sysdeps/unix/sysv/linux/getlogin_r.c @@ -37,7 +37,12 @@ __getlogin_r_loginuid (char *name, size_t namesize) { int fd = __open_nocancel ("/proc/self/loginuid", O_RDONLY); if (fd == -1) - return -1; + { + if (errno == ENOENT) + /* Trigger utmp fallback. */ + return -1; + return errno; + } /* We are reading a 32-bit number. 12 bytes are enough for the text representation. If not, something is wrong. */ @@ -45,6 +50,8 @@ __getlogin_r_loginuid (char *name, size_t namesize) ssize_t n = TEMP_FAILURE_RETRY (__read_nocancel (fd, uidbuf, sizeof (uidbuf))); __close_nocancel_nostatus (fd); + if (n < 0) + return errno; uid_t uid; char *endp; @@ -53,12 +60,13 @@ __getlogin_r_loginuid (char *name, size_t namesize) || (uidbuf[n] = '\0', uid = strtoul (uidbuf, &endp, 10), endp == uidbuf || *endp != '\0')) - return -1; + return EINVAL; /* If there is no login uid, linux sets /proc/self/loginid to the sentinel value of, (uid_t) -1, so check if that value is set and return early to avoid making unneeded nss lookups. */ if (uid == (uid_t) -1) + /* Trigger utmp fallback. */ return -1; struct passwd pwd; @@ -78,9 +86,14 @@ __getlogin_r_loginuid (char *name, size_t namesize) } } - if (res != 0 || tpwd == NULL) + if (res != 0) + { + result = res; + goto out; + } + if (tpwd == NULL) { - result = -1; + result = ENOENT; goto out; } -- 2.53.0 ++++++ glibc-2.42.tar.xz -> glibc-2.43.tar.xz ++++++ /work/SRC/openSUSE:Factory/glibc/glibc-2.42.tar.xz /work/SRC/openSUSE:Factory/.glibc.new.30200/glibc-2.43.tar.xz differ: char 15, line 1 ++++++ glibc-version.diff ++++++ --- /var/tmp/diff_new_pack.YS0xcI/_old 2026-04-30 20:27:24.623481176 +0200 +++ /var/tmp/diff_new_pack.YS0xcI/_new 2026-04-30 20:27:24.627481340 +0200 @@ -8,7 +8,7 @@ static const char banner[] = -"GNU C Library "PKGVERSION RELEASE" release version "VERSION".\n\ +"GNU C Library "PKGVERSION RELEASE" release version "VERSION" (git "GITID").\n\ - Copyright (C) 2025 Free Software Foundation, Inc.\n\ + Copyright (C) 2026 Free Software Foundation, Inc.\n\ This is free software; see the source for copying conditions.\n\ There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A\n\ PARTICULAR PURPOSE.\n\ ++++++ ldbl-128ibm-ceill-floorl-roundl-truncl.patch ++++++ >From 022abaeacbc85d8409bad22375b16a8c07d3ae39 Mon Sep 17 00:00:00 2001 From: Aurelien Jarno <[email protected]> Date: Tue, 20 Jan 2026 18:25:08 +0100 Subject: [PATCH] Fix ldbl-128ibm ceill, floorl, roundl and truncl zero-sign handling When the result of ceill, floorl, roundl and truncl is zero, the sign of the result must match the sign of the input. For the IBM 128-bit long double format, the sign is determined by the high part. Ensure the correct sign when the high part is the result of computations, by copying the sign from the input high part to the output high part. On POWER, this conveniently maps to the fcpsgn instruction. In addition add test for the values provided in BZ #33623, and for the opposite value when the result is 0. Fixes: BZ #33623 Reviewed-by: Adhemerval Zanella <[email protected]> (cherry picked from commit 6f4b28b20aa9161aeb42a7f34f4d3b96194e5666) --- NEWS | 2 ++ math/libm-test-ceil.inc | 3 +++ math/libm-test-floor.inc | 3 +++ math/libm-test-round.inc | 4 ++++ math/libm-test-trunc.inc | 4 ++++ sysdeps/ieee754/ldbl-128ibm/s_ceill.c | 3 +++ sysdeps/ieee754/ldbl-128ibm/s_floorl.c | 3 +++ sysdeps/ieee754/ldbl-128ibm/s_roundl.c | 3 +++ sysdeps/ieee754/ldbl-128ibm/s_truncl.c | 3 +++ 9 files changed, 28 insertions(+) diff --git a/math/libm-test-ceil.inc b/math/libm-test-ceil.inc index a471b43932..48be68cf91 100644 --- a/math/libm-test-ceil.inc +++ b/math/libm-test-ceil.inc @@ -79,6 +79,9 @@ static const struct test_f_f_data ceil_test_data[] = TEST_f_f (ceil, -max_value, -max_value, NO_INEXACT_EXCEPTION|ERRNO_UNCHANGED), #if MANT_DIG >= 64 + /* The input value can only be represented in long double. */ + TEST_f_f (ceil, -0x0.ffffffffffffffffp0L, minus_zero, NO_INEXACT_EXCEPTION|ERRNO_UNCHANGED), + /* The result can only be represented in long double. */ TEST_f_f (ceil, 4503599627370495.5L, 4503599627370496.0L, NO_INEXACT_EXCEPTION|ERRNO_UNCHANGED), TEST_f_f (ceil, 4503599627370496.25L, 4503599627370497.0L, NO_INEXACT_EXCEPTION|ERRNO_UNCHANGED), diff --git a/math/libm-test-floor.inc b/math/libm-test-floor.inc index dee4afff7a..bc945a6c22 100644 --- a/math/libm-test-floor.inc +++ b/math/libm-test-floor.inc @@ -79,6 +79,9 @@ static const struct test_f_f_data floor_test_data[] = TEST_f_f (floor, -max_value, -max_value, NO_INEXACT_EXCEPTION|ERRNO_UNCHANGED), #if MANT_DIG >= 64 + /* The input value can only be represented in long double. */ + TEST_f_f (floor, 0x0.ffffffffffffffffp0L, plus_zero, NO_INEXACT_EXCEPTION|ERRNO_UNCHANGED), + /* The result can only be represented in long double. */ TEST_f_f (floor, 4503599627370495.5L, 4503599627370495.0L, NO_INEXACT_EXCEPTION|ERRNO_UNCHANGED), TEST_f_f (floor, 4503599627370496.25L, 4503599627370496.0L, NO_INEXACT_EXCEPTION|ERRNO_UNCHANGED), diff --git a/math/libm-test-round.inc b/math/libm-test-round.inc index 898ff3791b..1395c51d5d 100644 --- a/math/libm-test-round.inc +++ b/math/libm-test-round.inc @@ -99,6 +99,10 @@ static const struct test_f_f_data round_test_data[] = #endif #if MANT_DIG >= 64 + /* The input value can only be represented in long double. */ + TEST_f_f (round, 0x0.ffffffffffffffffp-1L, plus_zero, NO_INEXACT_EXCEPTION|ERRNO_UNCHANGED), + TEST_f_f (round, -0x0.ffffffffffffffffp-1L, minus_zero, NO_INEXACT_EXCEPTION|ERRNO_UNCHANGED), + /* The result can only be represented in long double. */ TEST_f_f (round, 4503599627370495.5L, 4503599627370496.0L, NO_INEXACT_EXCEPTION|ERRNO_UNCHANGED), TEST_f_f (round, 4503599627370496.25L, 4503599627370496.0L, NO_INEXACT_EXCEPTION|ERRNO_UNCHANGED), diff --git a/math/libm-test-trunc.inc b/math/libm-test-trunc.inc index 7df741f3ba..5d69cd4b5b 100644 --- a/math/libm-test-trunc.inc +++ b/math/libm-test-trunc.inc @@ -91,6 +91,10 @@ static const struct test_f_f_data trunc_test_data[] = TEST_f_f (trunc, -4294967296.625L, -4294967296.0L, NO_INEXACT_EXCEPTION|ERRNO_UNCHANGED), #if MANT_DIG >= 64 + /* The input value can only be represented in long double. */ + TEST_f_f (trunc, 0x0.ffffffffffffffffp0L, plus_zero, NO_INEXACT_EXCEPTION|ERRNO_UNCHANGED), + TEST_f_f (trunc, -0x0.ffffffffffffffffp0L, minus_zero, NO_INEXACT_EXCEPTION|ERRNO_UNCHANGED), + /* The result can only be represented in long double. */ TEST_f_f (trunc, 4503599627370495.5L, 4503599627370495.0L, NO_INEXACT_EXCEPTION|ERRNO_UNCHANGED), TEST_f_f (trunc, 4503599627370496.25L, 4503599627370496.0L, NO_INEXACT_EXCEPTION|ERRNO_UNCHANGED), diff --git a/sysdeps/ieee754/ldbl-128ibm/s_ceill.c b/sysdeps/ieee754/ldbl-128ibm/s_ceill.c index 8038cf9fda..88bc364db5 100644 --- a/sysdeps/ieee754/ldbl-128ibm/s_ceill.c +++ b/sysdeps/ieee754/ldbl-128ibm/s_ceill.c @@ -54,6 +54,9 @@ __ceill (long double x) xh = hi; xl = lo; ldbl_canonicalize_int (&xh, &xl); + + /* Ensure we return -0 rather than +0 when appropriate. */ + xh = copysign (xh, hi); } } else diff --git a/sysdeps/ieee754/ldbl-128ibm/s_floorl.c b/sysdeps/ieee754/ldbl-128ibm/s_floorl.c index 23f45b773f..4a8294cc78 100644 --- a/sysdeps/ieee754/ldbl-128ibm/s_floorl.c +++ b/sysdeps/ieee754/ldbl-128ibm/s_floorl.c @@ -54,6 +54,9 @@ __floorl (long double x) xh = hi; xl = lo; ldbl_canonicalize_int (&xh, &xl); + + /* Ensure we return -0 rather than +0 when appropriate. */ + xh = copysign (xh, hi); } } else diff --git a/sysdeps/ieee754/ldbl-128ibm/s_roundl.c b/sysdeps/ieee754/ldbl-128ibm/s_roundl.c index e8948a0c05..340a63c76a 100644 --- a/sysdeps/ieee754/ldbl-128ibm/s_roundl.c +++ b/sysdeps/ieee754/ldbl-128ibm/s_roundl.c @@ -80,6 +80,9 @@ __roundl (long double x) xh = hi; ldbl_canonicalize_int (&xh, &xl); } + + /* Ensure we return -0 rather than +0 when appropriate. */ + xh = copysign(xh, hi); } else /* Quiet signaling NaN arguments. */ diff --git a/sysdeps/ieee754/ldbl-128ibm/s_truncl.c b/sysdeps/ieee754/ldbl-128ibm/s_truncl.c index 7f0b77cd3f..21ecbd0c85 100644 --- a/sysdeps/ieee754/ldbl-128ibm/s_truncl.c +++ b/sysdeps/ieee754/ldbl-128ibm/s_truncl.c @@ -56,6 +56,9 @@ __truncl (long double x) xh = hi; xl = lo; ldbl_canonicalize_int (&xh, &xl); + + /* Ensure we return -0 rather than +0 when appropriate. */ + xh = copysign (xh, hi); } } else -- 2.53.0 ++++++ malloc-sys-kernel-mm.patch ++++++ >From 9898ea58b538e325a25f53bde021d0ca07d0a1c0 Mon Sep 17 00:00:00 2001 From: Wilco Dijkstra <[email protected]> Date: Fri, 27 Feb 2026 20:20:45 +0000 Subject: [PATCH] malloc: Avoid accessing /sys/kernel/mm files On AArch64 malloc always checks /sys/kernel/mm/transparent_hugepage/enabled to set the THP mode. However this check is quite expensive and the file may not be accessible in containers. If DEFAULT_THP_PAGESIZE is non-zero, use malloc_thp_mode_madvise so that we take advantage of THP in all cases. Since madvise is a fast systemcall, it adds only a small overhead compared to the cost of mmap and populating the pages. Reviewed-by: Aurelien Jarno <[email protected]> (cherry picked from commit 2e8a940df14e9e03fd5bd01015ebbd00c1a5e9b4) --- malloc/arena.c | 9 +++++++++ malloc/malloc.c | 18 ------------------ 2 files changed, 9 insertions(+), 18 deletions(-) diff --git a/malloc/arena.c b/malloc/arena.c index 5bfcd7f972..d83b4db068 100644 --- a/malloc/arena.c +++ b/malloc/arena.c @@ -276,6 +276,15 @@ __ptmalloc_init (void) __always_fail_morecore = true; #endif + /* Enable THP if DEFAULT_THP_PAGESIZE is non-zero. Avoid quering the THP + page size or mode since accessing /sys/kernel/mm is relatively slow and + might not be accessible in containers. */ + if (DEFAULT_THP_PAGESIZE > 0) + { + mp_.thp_mode = malloc_thp_mode_madvise; + mp_.thp_pagesize = DEFAULT_THP_PAGESIZE; + } + thread_arena = &main_arena; malloc_init_state (&main_arena); diff --git a/malloc/malloc.c b/malloc/malloc.c index a49e211925..771e7d40b7 100644 --- a/malloc/malloc.c +++ b/malloc/malloc.c @@ -1902,26 +1902,11 @@ free_perturb (char *p, size_t n) /* ----------- Routines dealing with transparent huge pages ----------- */ -static __always_inline void -thp_init (void) -{ - /* Initialize only once if DEFAULT_THP_PAGESIZE is defined. */ - if (DEFAULT_THP_PAGESIZE == 0 || mp_.thp_mode != malloc_thp_mode_not_supported) - return; - - /* Set thp_pagesize even if thp_mode is never. This reduces frequency - of MORECORE () invocation. */ - mp_.thp_mode = __malloc_thp_mode (); - mp_.thp_pagesize = DEFAULT_THP_PAGESIZE; -} - static inline void madvise_thp (void *p, INTERNAL_SIZE_T size) { #ifdef MADV_HUGEPAGE - thp_init (); - /* Only use __madvise if the system is using 'madvise' mode and the size is at least a huge page, otherwise the call is wasteful. */ if (mp_.thp_mode != malloc_thp_mode_madvise || size < mp_.thp_pagesize) @@ -2472,9 +2457,6 @@ sysmalloc (INTERNAL_SIZE_T nb, mstate av) previous calls. Otherwise, we correct to page-align below. */ - /* Ensure thp_pagesize is initialized. */ - thp_init (); - if (__glibc_unlikely (mp_.thp_pagesize != 0)) { uintptr_t lastbrk = (uintptr_t) MORECORE (0); -- 2.53.0 ++++++ nss-database-for-fork.patch ++++++ >From 140c760d711d03c0230dff218b5268b11935f92e Mon Sep 17 00:00:00 2001 From: Florian Weimer <[email protected]> Date: Fri, 13 Feb 2026 09:02:07 +0100 Subject: [PATCH] nss: Introduce dedicated struct nss_database_for_fork type The initialized field in struct nss_database_data is rather confusing because it is not used by the regular NSS code, only by the fork state synchronization code. Introduce a separate type and place the initialized field there. Reviewed-by: Sam James <[email protected]> (cherry picked from commit 7bb859f4198d0be19c31a9937eae4f6c2c9a079e) --- nss/nss_database.c | 14 +++++++------- nss/nss_database.h | 12 +++++++++--- posix/fork.c | 2 +- 3 files changed, 17 insertions(+), 11 deletions(-) diff --git a/nss/nss_database.c b/nss/nss_database.c index 6997b5bb04..19e752ef65 100644 --- a/nss/nss_database.c +++ b/nss/nss_database.c @@ -56,7 +56,6 @@ global_state_allocate (void *closure) { result->data.nsswitch_conf.size = -1; /* Force reload. */ memset (result->data.services, 0, sizeof (result->data.services)); - result->data.initialized = true; result->data.reload_disabled = false; __libc_lock_init (result->lock); result->root_ino = 0; @@ -439,8 +438,8 @@ nss_database_check_reload_and_get (struct nss_database_state *local, /* Avoid overwriting the global configuration until we have loaded everything successfully. Otherwise, if the file change information changes back to what is in the global configuration, - the lookups would use the partially-written configuration. */ - struct nss_database_data staging = { .initialized = true, }; + the lookups would use the partially-written configuration. */ + struct nss_database_data staging = { }; bool ok = nss_database_reload (&staging, &initial); @@ -491,7 +490,7 @@ __nss_database_freeres (void) } void -__nss_database_fork_prepare_parent (struct nss_database_data *data) +__nss_database_fork_prepare_parent (struct nss_database_for_fork *data) { /* Do not use allocate_once to trigger loading unnecessarily. */ struct nss_database_state *local = atomic_load_acquire (&global_database_state); @@ -503,20 +502,21 @@ __nss_database_fork_prepare_parent (struct nss_database_data *data) because it avoids acquiring the lock during the actual fork. */ __libc_lock_lock (local->lock); - *data = local->data; + data->data = local->data; __libc_lock_unlock (local->lock); + data->initialized = true; } } void -__nss_database_fork_subprocess (struct nss_database_data *data) +__nss_database_fork_subprocess (struct nss_database_for_fork *data) { struct nss_database_state *local = atomic_load_acquire (&global_database_state); if (data->initialized) { /* Restore the state at the point of the fork. */ assert (local != NULL); - local->data = *data; + local->data = data->data; __libc_lock_init (local->lock); } else if (local != NULL) diff --git a/nss/nss_database.h b/nss/nss_database.h index 1f2ff1639a..a4f3369eb0 100644 --- a/nss/nss_database.h +++ b/nss/nss_database.h @@ -70,15 +70,21 @@ struct nss_database_data struct file_change_detection nsswitch_conf; nss_action_list services[NSS_DATABASE_COUNT]; int reload_disabled; /* Actually bool; int for atomic access. */ - bool initialized; +}; + +/* Use to store a consistent state snapshot across fork. */ +struct nss_database_for_fork +{ + bool initialized; /* Set to true if the data field below is initialized. */ + struct nss_database_data data; }; /* Called by fork in the parent process, before forking. */ -void __nss_database_fork_prepare_parent (struct nss_database_data *data) +void __nss_database_fork_prepare_parent (struct nss_database_for_fork *) attribute_hidden; /* Called by fork in the new subprocess, after forking. */ -void __nss_database_fork_subprocess (struct nss_database_data *data) +void __nss_database_fork_subprocess (struct nss_database_for_fork *) attribute_hidden; #endif /* _NSS_DATABASE_H */ diff --git a/posix/fork.c b/posix/fork.c index 8e541ff985..933ac6fee7 100644 --- a/posix/fork.c +++ b/posix/fork.c @@ -50,7 +50,7 @@ __libc_fork (void) lastrun = __run_prefork_handlers (multiple_threads); - struct nss_database_data nss_database_data; + struct nss_database_for_fork nss_database_data; /* If we are not running multiple threads, we do not have to preserve lock state. If fork runs from a signal handler, only -- 2.53.0 ++++++ nss-malloc-failure-checks.patch ++++++ >From 48f5a05a7a1eeb9e0567ab429f654648f831307f Mon Sep 17 00:00:00 2001 From: Florian Weimer <[email protected]> Date: Fri, 13 Feb 2026 09:02:07 +0100 Subject: [PATCH] nss: Missing checks in __nss_configure_lookup, __nss_database_get (bug 28940) This avoids a null pointer dereference in the nss_database_check_reload_and_get function, and assertion failures. Reviewed-by: Sam James <[email protected]> (cherry picked from commit 5b713b49443eb6a4e54e50e2f0147105f86dab02) --- nss/Makefile | 1 + nss/nss_database.c | 7 +- nss/tst-nss-malloc-failure-getlogin_r.c | 345 ++++++++++++++++++++++++ 3 files changed, 352 insertions(+), 1 deletion(-) create mode 100644 nss/tst-nss-malloc-failure-getlogin_r.c diff --git a/nss/Makefile b/nss/Makefile index b0d80bd642..1c48bd0876 100644 --- a/nss/Makefile +++ b/nss/Makefile @@ -326,6 +326,7 @@ tests := \ tst-gshadow \ tst-nss-getpwent \ tst-nss-hash \ + tst-nss-malloc-failure-getlogin_r \ tst-nss-test1 \ tst-nss-test2 \ tst-nss-test4 \ diff --git a/nss/nss_database.c b/nss/nss_database.c index 19e752ef65..076d5a63fe 100644 --- a/nss/nss_database.c +++ b/nss/nss_database.c @@ -241,9 +241,12 @@ __nss_configure_lookup (const char *dbname, const char *service_line) /* Force any load/cache/read whatever to happen, so we can override it. */ - __nss_database_get (db, &result); + if (!__nss_database_get (db, &result)) + return -1; local = nss_database_state_get (); + if (local == NULL) + return -1; result = __nss_action_parse (service_line); if (result == NULL) @@ -465,6 +468,8 @@ bool __nss_database_get (enum nss_database db, nss_action_list *actions) { struct nss_database_state *local = nss_database_state_get (); + if (local == NULL) + return false; return nss_database_check_reload_and_get (local, actions, db); } libc_hidden_def (__nss_database_get) diff --git a/nss/tst-nss-malloc-failure-getlogin_r.c b/nss/tst-nss-malloc-failure-getlogin_r.c new file mode 100644 index 0000000000..0e2985ad57 --- /dev/null +++ b/nss/tst-nss-malloc-failure-getlogin_r.c @@ -0,0 +1,345 @@ +/* Test NSS/getlogin_r with injected allocation failures (bug 28940). + Copyright (C) 2026 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + <https://www.gnu.org/licenses/>. */ + +#include <errno.h> +#include <getopt.h> +#include <malloc.h> +#include <netdb.h> +#include <nss.h> +#include <stdbool.h> +#include <stdlib.h> +#include <string.h> +#include <support/check.h> +#include <support/namespace.h> +#include <support/support.h> +#include <support/xstdio.h> +#include <unistd.h> + +/* This test calls getpwuid_r via getlogin_r (on Linux). + + This test uses the NSS system configuration to exercise that code + path. It means that it can fail (crash) if malloc failure is not + handled by NSS modules for the passwd database. */ + +/* Data structure allocated via MAP_SHARED, so that writes from the + subprocess are visible. */ +struct shared_data +{ + /* Number of tracked allocations performed so far. */ + volatile unsigned int allocation_count; + + /* If this number is reached, one allocation fails. */ + volatile unsigned int failing_allocation; + + /* The number of allocations performed during initialization + (before the actual getlogin_r call). */ + volatile unsigned int init_allocation_count; + + /* Error code of an expected getlogin_r failure. */ + volatile int expected_failure; + + /* The subprocess stores the expected name here. */ + char name[100]; +}; + +/* Allocation count in shared mapping. */ +static struct shared_data *shared; + +/* Returns true if a failure should be injected for this allocation. */ +static bool +fail_this_allocation (void) +{ + if (shared != NULL) + { + unsigned int count = shared->allocation_count; + shared->allocation_count = count + 1; + return count == shared->failing_allocation; + } + else + return false; +} + +/* Failure-injecting wrappers for allocation functions used by glibc. */ + +void * +malloc (size_t size) +{ + if (fail_this_allocation ()) + { + errno = ENOMEM; + return NULL; + } + extern __typeof (malloc) __libc_malloc; + return __libc_malloc (size); +} + +void * +calloc (size_t a, size_t b) +{ + if (fail_this_allocation ()) + { + errno = ENOMEM; + return NULL; + } + extern __typeof (calloc) __libc_calloc; + return __libc_calloc (a, b); +} + +void * +realloc (void *ptr, size_t size) +{ + if (fail_this_allocation ()) + { + errno = ENOMEM; + return NULL; + } + extern __typeof (realloc) __libc_realloc; + return __libc_realloc (ptr, size); +} + +/* No-op subprocess to verify that support_isolate_in_subprocess does + not perform any heap allocations. */ +static void +no_op (void *ignored) +{ +} + +/* Perform a getlogin_r call in a subprocess, to obtain the number of + allocations used and the expected result of a successful call. */ +static void +initialize (void *configure_lookup) +{ + shared->init_allocation_count = 0; + if (configure_lookup != NULL) + { + TEST_COMPARE (__nss_configure_lookup ("passwd", configure_lookup), 0); + shared->init_allocation_count = shared->allocation_count; + } + + shared->name[0] = '\0'; + int ret = getlogin_r (shared->name, sizeof (shared->name)); + if (ret != 0) + { + printf ("info: getlogin_r failed: %s (%d)\n", + strerrorname_np (ret), ret); + shared->expected_failure = ret; + } + else + { + shared->expected_failure = 0; + if (shared->name[0] == '\0') + FAIL ("error: getlogin_r succeeded without result\n"); + else + printf ("info: getlogin_r: \"%s\"\n", shared->name); + } +} + +/* Perform getlogin_r in a subprocess with fault injection. */ +static void +test_in_subprocess (void *configure_lookup) +{ + if (configure_lookup != NULL + && __nss_configure_lookup ("passwd", configure_lookup) < 0) + { + printf ("info: __nss_configure_lookup failed: %s (%d)\n", + strerrorname_np (errno), errno); + TEST_COMPARE (errno, ENOMEM); + TEST_VERIFY (shared->allocation_count <= shared->init_allocation_count); + return; + } + + unsigned int inject_at = shared->failing_allocation; + char name[sizeof (shared->name)] = "name not set"; + int ret = getlogin_r (name, sizeof (name)); + shared->failing_allocation = ~0U; + + if (ret == 0) + { + TEST_COMPARE (shared->expected_failure, 0); + TEST_COMPARE_STRING (name, shared->name); + } + else + { + printf ("info: allocation %u failure results in error %s (%d)\n", + inject_at, strerrorname_np (ret), ret); + + if (ret != ENOMEM) + { + if (shared->expected_failure != 0) + TEST_COMPARE (ret, shared->expected_failure); + else if (configure_lookup == NULL) + /* The ENOENT failure can happen due to an issue related + to bug 22041: dlopen failure does not result in ENOMEM. */ + TEST_COMPARE (ret, ENOENT); + else + FAIL ("unexpected getlogin_r error"); + } + } + + if (shared->expected_failure == 0) + { + /* The second call should succeed. */ + puts ("info: about to perform second getlogin_r call"); + ret = getlogin_r (name, sizeof (name)); + if (configure_lookup == NULL) + { + /* This check can fail due to bug 22041 if the malloc error + injection causes a failure internally in dlopen. */ + if (ret != 0) + { + printf ("warning: second getlogin_r call failed with %s (%d)\n", + strerrorname_np (ret), ret); + TEST_COMPARE (ret, ENOENT); + } + } + else + /* If __nss_configure_lookup has been called, the error caching + bug does not happen because nss_files is built-in, and the + second getlogin_r is expected to succeed. */ + TEST_COMPARE (ret, 0); + if (ret == 0) + TEST_COMPARE_STRING (name, shared->name); + } +} + +/* Set by the --failing-allocation command line option. Together with + --direct, this can be used to trigger an allocation failure in the + original process, which may help with debugging. */ +static int option_failing_allocation = -1; + +/* Set by --override, to be used with --failing-allocation. Turns on + the __nss_configure_lookup call for passwd/files, which is disabled + by default. */ +static int option_override = 0; + +static int +do_test (void) +{ + char files[] = "files"; + + if (option_failing_allocation >= 0) + { + /* The test was invoked with --failing-allocation. Perform just + one test, using the original nsswitch.conf. This is a + condensed version of the probing/testing loop below. */ + printf ("info: testing with failing allocation %d\n", + option_failing_allocation); + shared = support_shared_allocate (sizeof (*shared)); + shared->failing_allocation = ~0U; + char *configure_lookup = option_override ? files : NULL; + support_isolate_in_subprocess (initialize, configure_lookup); + shared->allocation_count = 0; + shared->failing_allocation = option_failing_allocation; + test_in_subprocess (configure_lookup); /* No subprocess. */ + support_shared_free (shared); + shared = NULL; + return 0; + } + + bool any_success = false; + + for (int do_configure_lookup = 0; do_configure_lookup < 2; + ++do_configure_lookup) + { + if (do_configure_lookup) + puts ("info: testing with nsswitch.conf override"); + else + puts ("info: testing with original nsswitch.conf"); + + char *configure_lookup = do_configure_lookup ? files : NULL; + + shared = support_shared_allocate (sizeof (*shared)); + + /* Disable fault injection. */ + shared->failing_allocation = ~0U; + + support_isolate_in_subprocess (no_op, NULL); + TEST_COMPARE (shared->allocation_count, 0); + + support_isolate_in_subprocess (initialize, configure_lookup); + + if (shared->name[0] != '\0') + any_success = true; + + /* The number of allocations in the successful case. Once the + number of expected allocations is exceeded, injecting further + failures does not make a difference (assuming that the number + of malloc calls is deterministic). */ + unsigned int maximum_allocation_count = shared->allocation_count; + printf ("info: initial getlogin_r performed %u allocations\n", + maximum_allocation_count); + + for (unsigned int inject_at = 0; inject_at <= maximum_allocation_count; + ++inject_at) + { + printf ("info: running fault injection at allocation %u\n", + inject_at); + shared->allocation_count = 0; + shared->failing_allocation = inject_at; + support_isolate_in_subprocess (test_in_subprocess, configure_lookup); + } + + support_shared_free (shared); + shared = NULL; + } + + { + FILE *fp = fopen (_PATH_NSSWITCH_CONF, "r"); + if (fp == NULL) + printf ("info: no %s file\n", _PATH_NSSWITCH_CONF); + else + { + printf ("info: %s contents follows\n", _PATH_NSSWITCH_CONF); + int last_ch = '\n'; + while (true) + { + int ch = fgetc (fp); + if (ch == EOF) + break; + putchar (ch); + last_ch = ch; + } + if (last_ch != '\n') + putchar ('\n'); + printf ("(end of %s contents)\n", _PATH_NSSWITCH_CONF); + xfclose (fp); + } + } + + support_record_failure_barrier (); + + if (!any_success) + FAIL_UNSUPPORTED ("no successful getlogin_r calls"); + + return 0; +} + +static void +cmdline_process (int c) +{ + if (c == 'F') + option_failing_allocation = atoi (optarg); +} + +#define CMDLINE_OPTIONS \ + { "failing-allocation", required_argument, NULL, 'F' }, \ + { "override", no_argument, &option_override, 1 }, + +#define CMDLINE_PROCESS cmdline_process + +#include <support/test-driver.c> -- 2.53.0 ++++++ resolv-check-hostname.patch ++++++ >From dd9945c0ba40d2dbc9eb7c99291ba6b69bd66718 Mon Sep 17 00:00:00 2001 From: Carlos O'Donell <[email protected]> Date: Fri, 20 Mar 2026 17:14:33 -0400 Subject: [PATCH] resolv: Check hostname for validity (CVE-2026-4438) The processed hostname in getanswer_ptr should be correctly checked to avoid invalid characters from being allowed, including shell metacharacters. It is a security issue to fail to check the returned hostname for validity. A regression test is added for invalid metacharacters and other cases of invalid or valid characters. No regressions on x86_64-linux-gnu. Reviewed-by: Adhemerval Zanella <[email protected]> (cherry picked from commit e10977481f4db4b2a3ce34fa4c3a1e26651ae312) --- resolv/Makefile | 3 + resolv/nss_dns/dns-host.c | 2 +- resolv/tst-resolv-invalid-ptr.c | 255 ++++++++++++++++++++++++++++++++ 3 files changed, 259 insertions(+), 1 deletion(-) create mode 100644 resolv/tst-resolv-invalid-ptr.c diff --git a/resolv/Makefile b/resolv/Makefile index d5ef63cdbc..79a1b9647f 100644 --- a/resolv/Makefile +++ b/resolv/Makefile @@ -110,6 +110,7 @@ tests += \ tst-resolv-dns-section \ tst-resolv-edns \ tst-resolv-invalid-cname \ + tst-resolv-invalid-ptr \ tst-resolv-network \ tst-resolv-noaaaa \ tst-resolv-noaaaa-vc \ @@ -314,6 +315,8 @@ $(objpfx)tst-resolv-res_init-thread: $(objpfx)libresolv.so \ $(shared-thread-library) $(objpfx)tst-resolv-invalid-cname: $(objpfx)libresolv.so \ $(shared-thread-library) +$(objpfx)tst-resolv-invalid-ptr: $(objpfx)libresolv.so \ + $(shared-thread-library) $(objpfx)tst-resolv-noaaaa: $(objpfx)libresolv.so $(shared-thread-library) $(objpfx)tst-resolv-noaaaa-vc: $(objpfx)libresolv.so $(shared-thread-library) $(objpfx)tst-resolv-nondecimal: $(objpfx)libresolv.so $(shared-thread-library) diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c index 893137027e..728dae615d 100644 --- a/resolv/nss_dns/dns-host.c +++ b/resolv/nss_dns/dns-host.c @@ -866,7 +866,7 @@ getanswer_ptr (unsigned char *packet, size_t packetlen, char hname[MAXHOSTNAMELEN + 1]; if (__ns_name_unpack (c.begin, c.end, rr.rdata, name_buffer, sizeof (name_buffer)) < 0 - || !__res_binary_hnok (expected_name) + || !__res_binary_hnok (name_buffer) || __ns_name_ntop (name_buffer, hname, sizeof (hname)) < 0) { *h_errnop = NO_RECOVERY; diff --git a/resolv/tst-resolv-invalid-ptr.c b/resolv/tst-resolv-invalid-ptr.c new file mode 100644 index 0000000000..0c802ab967 --- /dev/null +++ b/resolv/tst-resolv-invalid-ptr.c @@ -0,0 +1,255 @@ +/* Test handling of invalid T_PTR results (bug 34015). + Copyright (C) 2022-2026 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + <https://www.gnu.org/licenses/>. */ + +#include <array_length.h> +#include <errno.h> +#include <netdb.h> +#include <resolv.h> +#include <stdlib.h> +#include <string.h> +#include <support/check.h> +#include <support/format_nss.h> +#include <support/resolv_test.h> +#include <support/support.h> + +/* Name of test, the answer, the expected error return, and if we + expect the call to fail. */ +struct item { + const char *test; + const char *answer; + int expected; + bool fail; +}; + +static const struct item test_items[] = + { + /* Test for invalid characters. */ + { "Invalid use of \"|\"", + "test.|.ptr.example", NO_RECOVERY, true }, + { "Invalid use of \"&\"", + "test.&.ptr.example", NO_RECOVERY, true }, + { "Invalid use of \";\"", + "test.;.ptr.example", NO_RECOVERY, true }, + { "Invalid use of \"<\"", + "test.<.ptr.example", NO_RECOVERY, true }, + { "Invalid use of \">\"", + "test.>.ptr.example", NO_RECOVERY, true }, + { "Invalid use of \"(\"", + "test.(.ptr.example", NO_RECOVERY, true }, + { "Invalid use of \")\"", + "test.).ptr.example", NO_RECOVERY, true }, + { "Invalid use of \"$\"", + "test.$.ptr.example", NO_RECOVERY, true }, + { "Invalid use of \"`\"", + "test.`.ptr.example", NO_RECOVERY, true }, + { "Invalid use of \"\\\"", + "test.\\.ptr.example", NO_RECOVERY, true }, + { "Invalid use of \"\'\"", + "test.'.ptr.example", NO_RECOVERY, true }, + { "Invalid use of \"\"\"", + "test.\".ptr.example", NO_RECOVERY, true }, + { "Invalid use of \" \"", + "test. .ptr.example", NO_RECOVERY, true }, + { "Invalid use of \"\\t\"", + "test.\t.ptr.example", NO_RECOVERY, true }, + { "Invalid use of \"\\n\"", + "test.\n.ptr.example", NO_RECOVERY, true }, + { "Invalid use of \"\\r\"", + "test.\r.ptr.example", NO_RECOVERY, true }, + { "Invalid use of \"*\"", + "test.*.ptr.example", NO_RECOVERY, true }, + { "Invalid use of \"?\"", + "test.?.ptr.example", NO_RECOVERY, true }, + { "Invalid use of \"[\"", + "test.[.ptr.example", NO_RECOVERY, true }, + { "Invalid use of \"]\"", + "test.].ptr.example", NO_RECOVERY, true }, + { "Invalid use of \",\"", + "test.,.ptr.example", NO_RECOVERY, true }, + { "Invalid use of \"~\"", + "test.~.ptr.example", NO_RECOVERY, true }, + { "Invalid use of \":\"", + "test.:.ptr.example", NO_RECOVERY, true }, + { "Invalid use of \"!\"", + "test.!.ptr.example", NO_RECOVERY, true }, + { "Invalid use of \"@\"", + "[email protected]", NO_RECOVERY, true }, + { "Invalid use of \"#\"", + "test.#.ptr.example", NO_RECOVERY, true }, + { "Invalid use of \"%\"", + "test.%%.ptr.example", NO_RECOVERY, true }, + { "Invalid use of \"^\"", + "test.^.ptr.example", NO_RECOVERY, true }, + + /* Test for invalid UTF-8 characters (2-byte, 4-byte, 6-byte). */ + { "Invalid use of UTF-8 (2-byte, U+00C0-U+00C2)", + "ÁÂÃ.test.ptr.example", NO_RECOVERY, true }, + { "Invalid use of UTF-8 (4-byte, U+0750-U+0752)", + "ݐݑݒ.test.ptr.example", NO_RECOVERY, true }, + { "Invalid use of UTF-8 (6-byte, U+0904-U+0906)", + "ऄअआ.test.ptr.example", NO_RECOVERY, true }, + + /* Test for "-" which may be valid depending on position. */ + { "Invalid leading \"-\"", + "-test.ptr.example", NO_RECOVERY, true }, + { "Valid trailing \"-\"", + "test-.ptr.example", 0, false }, + { "Valid mid-label use of \"-\"", + "te-st.ptr.example", 0, false }, + + /* Test for "_" which is always valid in any position. */ + { "Valid leading use of \"_\"", + "_test.ptr.example", 0, false }, + { "Valid mid-label use of \"_\"", + "te_st.ptr.example", 0, false }, + { "Valid trailing use of \"_\"", + "test_.ptr.example", 0, false }, + + /* Sanity test the broader set [A-Za-z0-9_-] of valid characters. */ + { "Valid \"[A-Z]\"", + "test.ABCDEFGHIJKLMNOPQRSTUVWXYZ.ptr.example", 0, false }, + { "Valid \"[a-z]\"", + "test.abcdefghijklmnopqrstuvwxyz.ptr.example", 0, false }, + { "Valid \"[0-9]\"", + "test.0123456789.ptr.example", 0, false }, + { "Valid mixed use of \"[A-Za-z0-9_-]\"", + "test.012abcABZ_-.ptr.example", 0, false }, + }; + +static void +response (const struct resolv_response_context *ctx, + struct resolv_response_builder *b, + const char *qname, uint16_t qclass, uint16_t qtype) +{ + TEST_COMPARE (qclass, C_IN); + + /* We only test PTR. */ + TEST_COMPARE (qtype, T_PTR); + + unsigned int count, count1; + char *tail = NULL; + + /* The test implementation can handle up to 255 tests. */ + if (strstr (qname, "in-addr.arpa") != NULL + && sscanf (qname, "%u.%ms", &count, &tail) == 2) + TEST_COMPARE_STRING (tail, "0.168.192.in-addr.arpa"); + else if (sscanf (qname, "%x.%x.%ms", &count, &count1, &tail) == 3) + { + TEST_COMPARE_STRING (tail, "\ +0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa"); + count |= count1 << 4; + } + else + FAIL_EXIT1 ("invalid QNAME: %s\n", qname); + free (tail); + + /* Cross check. Count has a fixed bound (soft limit). */ + TEST_VERIFY (count >= 0 && count <= 255); + + /* We have a fixed number of tests (hard limit). */ + TEST_VERIFY_EXIT (count < array_length (test_items)); + + struct resolv_response_flags flags = {}; + resolv_response_init (b, flags); + resolv_response_add_question (b, qname, qclass, qtype); + resolv_response_section (b, ns_s_an); + + /* Actual answer record. */ + resolv_response_open_record (b, qname, qclass, qtype, 60); + + /* Record the answer. */ + resolv_response_add_name (b, test_items[count].answer); + resolv_response_close_record (b); +} + +/* Perform one check using a reverse lookup. */ +static void +check_reverse (int af, int count) +{ + TEST_VERIFY (af == AF_INET || af == AF_INET6); + TEST_VERIFY_EXIT (count < array_length (test_items)); + + /* Generate an address to query for each test. */ + char addr[sizeof (struct in6_addr)] = { 0 }; + socklen_t addrlen; + if (af == AF_INET) + { + addr[0] = (char) 192; + addr[1] = (char) 168; + addr[2] = (char) 0; + addr[3] = (char) count; + addrlen = 4; + } + else + { + addr[0] = 0x20; + addr[1] = 0x01; + addr[2] = 0x0d; + addr[3] = 0xb8; + addr[4] = addr[5] = addr[6] = addr[7] = 0x0; + addr[8] = addr[9] = addr[10] = addr[11] = 0x0; + addr[12] = 0x0; + addr[13] = 0x0; + addr[14] = 0x0; + addr[15] = (char) count; + addrlen = 16; + } + + h_errno = 0; + struct hostent *answer = gethostbyaddr (addr, addrlen, af); + + /* Verify h_errno is as expected. */ + TEST_COMPARE (h_errno, test_items[count].expected); + if (h_errno != test_items[count].expected) + /* And print more information if it's not. */ + printf ("INFO: %s\n", test_items[count].test); + + if (test_items[count].fail) + { + /* We expected a failure so verify answer is NULL. */ + TEST_VERIFY (answer == NULL); + /* If it's not NULL we should print out what we received. */ + if (answer != NULL) + printf ("error: unexpected success: %s\n", + support_format_hostent (answer)); + } + else + /* We don't expect a failure so answer must be valid. */ + TEST_COMPARE_STRING (answer->h_name, test_items[count].answer); +} + +static int +do_test (void) +{ + struct resolv_test *obj = resolv_test_start + ((struct resolv_redirect_config) + { + .response_callback = response + }); + + for (int i = 0; i < array_length (test_items); i++) + { + check_reverse (AF_INET, i); + check_reverse (AF_INET6, i); + } + resolv_test_end (obj); + + return 0; +} + +#include <support/test-driver.c> -- 2.53.0 ++++++ resolv-count-resource-records.patch ++++++ >From e0e0ac89a94ca507d47f95cbdb8ba0e82a54faca Mon Sep 17 00:00:00 2001 From: Carlos O'Donell <[email protected]> Date: Fri, 20 Mar 2026 16:43:33 -0400 Subject: [PATCH] resolv: Count records correctly (CVE-2026-4437) The answer section boundary was previously ignored, and the code in getanswer_ptr would iterate past the last resource record, but not beyond the end of the returned data. This could lead to subsequent data being interpreted as answer records, thus violating the DNS specification. Such resource records could be maliciously crafted and hidden from other tooling, but processed by the glibc stub resolver and acted upon by the application. While we trust the data returned by the configured recursive resolvers, we should not trust its format and should validate it as required. It is a security issue to incorrectly process the DNS protocol. A regression test is added for response section crossing. No regressions on x86_64-linux-gnu. Reviewed-by: Collin Funk <[email protected]> --- resolv/Makefile | 4 + resolv/nss_dns/dns-host.c | 2 +- resolv/tst-resolv-dns-section.c | 162 ++++++++++++++++++++++++++++++++ 3 files changed, 167 insertions(+), 1 deletion(-) create mode 100644 resolv/tst-resolv-dns-section.c diff --git a/resolv/Makefile b/resolv/Makefile index b74c8f325e..d5ef63cdbc 100644 --- a/resolv/Makefile +++ b/resolv/Makefile @@ -107,6 +107,7 @@ tests += \ tst-resolv-basic \ tst-resolv-binary \ tst-resolv-byaddr \ + tst-resolv-dns-section \ tst-resolv-edns \ tst-resolv-invalid-cname \ tst-resolv-network \ @@ -118,6 +119,7 @@ tests += \ tst-resolv-semi-failure \ tst-resolv-short-response \ tst-resolv-trailing \ + # tests # This test calls __res_context_send directly, which is not exported # from libresolv. @@ -301,6 +303,8 @@ $(objpfx)tst-resolv-aliases: $(objpfx)libresolv.so $(shared-thread-library) $(objpfx)tst-resolv-basic: $(objpfx)libresolv.so $(shared-thread-library) $(objpfx)tst-resolv-binary: $(objpfx)libresolv.so $(shared-thread-library) $(objpfx)tst-resolv-byaddr: $(objpfx)libresolv.so $(shared-thread-library) +$(objpfx)tst-resolv-dns-section: $(objpfx)libresolv.so \ + $(shared-thread-library) $(objpfx)tst-resolv-edns: $(objpfx)libresolv.so $(shared-thread-library) $(objpfx)tst-resolv-network: $(objpfx)libresolv.so $(shared-thread-library) $(objpfx)tst-resolv-res_init: $(objpfx)libresolv.so diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c index 6a60c87532..893137027e 100644 --- a/resolv/nss_dns/dns-host.c +++ b/resolv/nss_dns/dns-host.c @@ -820,7 +820,7 @@ getanswer_ptr (unsigned char *packet, size_t packetlen, /* expected_name may be updated to point into this buffer. */ unsigned char name_buffer[NS_MAXCDNAME]; - while (ancount > 0) + for (; ancount > 0; --ancount) { struct ns_rr_wire rr; if (!__ns_rr_cursor_next (&c, &rr)) diff --git a/resolv/tst-resolv-dns-section.c b/resolv/tst-resolv-dns-section.c new file mode 100644 index 0000000000..1171baef51 --- /dev/null +++ b/resolv/tst-resolv-dns-section.c @@ -0,0 +1,162 @@ +/* Test handling of invalid section transitions (bug 34014). + Copyright (C) 2022-2026 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + <https://www.gnu.org/licenses/>. */ + +#include <array_length.h> +#include <errno.h> +#include <netdb.h> +#include <resolv.h> +#include <stdlib.h> +#include <string.h> +#include <support/check.h> +#include <support/format_nss.h> +#include <support/resolv_test.h> +#include <support/support.h> + +/* Name of test, and the second section type. */ +struct item { + const char *test; + int ns_section; +}; + +static const struct item test_items[] = + { + { "Test crossing from ns_s_an to ns_s_ar.", ns_s_ar }, + { "Test crossing from ns_s_an to ns_s_an.", ns_s_ns }, + + { NULL, 0 }, + }; + +/* The response is designed to contain the following: + - An Answer section with one T_PTR record that is skipped. + - A second section with a semantically invalid T_PTR record. + The original defect is that the response parsing would cross + section boundaries and handle the additional section T_PTR + as if it were an answer. A conforming implementation would + stop as soon as it reaches the end of the section. */ +static void +response (const struct resolv_response_context *ctx, + struct resolv_response_builder *b, + const char *qname, uint16_t qclass, uint16_t qtype) +{ + TEST_COMPARE (qclass, C_IN); + + /* We only test PTR. */ + TEST_COMPARE (qtype, T_PTR); + + unsigned int count; + char *tail = NULL; + + if (strstr (qname, "in-addr.arpa") != NULL + && sscanf (qname, "%u.%ms", &count, &tail) == 2) + TEST_COMPARE_STRING (tail, "0.168.192.in-addr.arpa"); + else if (sscanf (qname, "%x.%ms", &count, &tail) == 2) + { + TEST_COMPARE_STRING (tail, "\ +0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa"); + } + else + FAIL_EXIT1 ("invalid QNAME: %s\n", qname); + free (tail); + + /* We have a bounded number of possible tests. */ + TEST_VERIFY (count >= 0); + TEST_VERIFY (count <= 15); + + struct resolv_response_flags flags = {}; + resolv_response_init (b, flags); + resolv_response_add_question (b, qname, qclass, qtype); + resolv_response_section (b, ns_s_an); + + /* Actual answer record, but the wrong name (skipped). */ + resolv_response_open_record (b, "1.0.0.10.in-addr.arpa", qclass, qtype, 60); + + /* Record the answer. */ + resolv_response_add_name (b, "test.ptr.example.net"); + resolv_response_close_record (b); + + /* Add a second section to test section boundary crossing. */ + resolv_response_section (b, test_items[count].ns_section); + /* Semantically incorrect, but hide a T_PTR entry. */ + resolv_response_open_record (b, qname, qclass, qtype, 60); + resolv_response_add_name (b, "wrong.ptr.example.net"); + resolv_response_close_record (b); +} + + +/* Perform one check using a reverse lookup. */ +static void +check_reverse (int af, int count) +{ + TEST_VERIFY (af == AF_INET || af == AF_INET6); + TEST_VERIFY (count < array_length (test_items)); + + char addr[sizeof (struct in6_addr)] = { 0 }; + socklen_t addrlen; + if (af == AF_INET) + { + addr[0] = (char) 192; + addr[1] = (char) 168; + addr[2] = (char) 0; + addr[3] = (char) count; + addrlen = 4; + } + else + { + addr[0] = 0x20; + addr[1] = 0x01; + addr[2] = 0x0d; + addr[3] = 0xb8; + addr[4] = addr[5] = addr[6] = addr[7] = 0x0; + addr[8] = addr[9] = addr[10] = addr[11] = 0x0; + addr[12] = 0x0; + addr[13] = 0x0; + addr[14] = 0x0; + addr[15] = count; + addrlen = 16; + } + + h_errno = 0; + struct hostent *answer = gethostbyaddr (addr, addrlen, af); + TEST_VERIFY (answer == NULL); + TEST_VERIFY (h_errno == NO_RECOVERY); + if (answer != NULL) + printf ("error: unexpected success: %s\n", + support_format_hostent (answer)); +} + +static int +do_test (void) +{ + struct resolv_test *obj = resolv_test_start + ((struct resolv_redirect_config) + { + .response_callback = response + }); + + for (int i = 0; test_items[i].test != NULL; i++) + { + check_reverse (AF_INET, i); + check_reverse (AF_INET6, i); + } + + resolv_test_end (obj); + + return 0; +} + +#include <support/test-driver.c> -- 2.53.0 ++++++ riscv-redir-memcpy-generic.patch ++++++ >From 60cabd0464c6722d4e1f13bbbeef191ea40ef2ef Mon Sep 17 00:00:00 2001 From: Adhemerval Zanella Netto <[email protected]> Date: Sat, 21 Mar 2026 08:11:06 -0600 Subject: [PATCH] riscv: Resolve calls to memcpy using memcpy-generic in early startup This patch from Adhemerval sets up the ifunc redirections so that we resolve memcpy to memcpy_generic in early startup. This avoids infinite recursion for memcpy calls before the loader is fully initialized. Tested-by: Jeff Law <[email protected]> (cherry picked from commit 0a9e54d40a4321ebf7d87cdbc0868c43d1e8a657) --- elf/dl-reloc-static-pie.c | 1 + sysdeps/riscv/multiarch/dl-symbol-redir-ifunc.h | 1 + sysdeps/unix/sysv/linux/riscv/multiarch/Makefile | 1 + 3 files changed, 3 insertions(+) diff --git a/elf/dl-reloc-static-pie.c b/elf/dl-reloc-static-pie.c index bdff2b5ee2..63ce609024 100644 --- a/elf/dl-reloc-static-pie.c +++ b/elf/dl-reloc-static-pie.c @@ -25,6 +25,7 @@ #include <dl-machine.h> #include <dl-debug.h> +#include <dl-symbol-redir-ifunc.h> #define RESOLVE_MAP(map, scope, sym, version, flags) map #include "dynamic-link.h" diff --git a/sysdeps/riscv/multiarch/dl-symbol-redir-ifunc.h b/sysdeps/riscv/multiarch/dl-symbol-redir-ifunc.h index 24b78711e3..69a0790838 100644 --- a/sysdeps/riscv/multiarch/dl-symbol-redir-ifunc.h +++ b/sysdeps/riscv/multiarch/dl-symbol-redir-ifunc.h @@ -21,6 +21,7 @@ #ifndef SHARED asm ("memset = __memset_generic"); +asm ("memcpy = __memcpy_generic"); #endif #endif diff --git a/sysdeps/unix/sysv/linux/riscv/multiarch/Makefile b/sysdeps/unix/sysv/linux/riscv/multiarch/Makefile index a865090a53..a033ea9569 100644 --- a/sysdeps/unix/sysv/linux/riscv/multiarch/Makefile +++ b/sysdeps/unix/sysv/linux/riscv/multiarch/Makefile @@ -11,4 +11,5 @@ sysdep_routines += \ CFLAGS-memcpy_noalignment.c += -mno-strict-align # Called during static initialization CFLAGS-memset-generic.c += $(no-stack-protector) +CFLAGS-memcpy-generic.c += $(no-stack-protector) endif -- 2.53.0 ++++++ sys-mount-cloexec-flag.patch ++++++ >From 419245719ccbc7dad6a97f24465e7f09c090327a Mon Sep 17 00:00:00 2001 From: DJ Delorie <[email protected]> Date: Mon, 26 Jan 2026 22:24:42 -0500 Subject: [PATCH] include: isolate __O_CLOEXEC flag for sys/mount.h and fcntl.h Including sys/mount.h should not implicitly include fcntl.h as that causes namespace pollution and conflicts with kernel headers. It only needs O_CLOEXEC for OPEN_TREE_CLOEXEC (although it shouldn't need that, but it's defined that way) so we provide that define (via a private version) separately. Reviewed-by: Adhemerval Zanella <[email protected]> Tested-by: Florian Weimer <[email protected]> --- io/fcntl.c | 4 ++++ sysdeps/unix/sysv/linux/Makefile | 1 + sysdeps/unix/sysv/linux/alpha/bits/cloexec.h | 1 + sysdeps/unix/sysv/linux/bits/cloexec.h | 1 + sysdeps/unix/sysv/linux/bits/fcntl-linux.h | 4 +--- sysdeps/unix/sysv/linux/hppa/bits/cloexec.h | 1 + sysdeps/unix/sysv/linux/sparc/bits/cloexec.h | 1 + sysdeps/unix/sysv/linux/sys/mount.h | 6 +++++- sysdeps/unix/sysv/linux/tst-mount.c | 1 + 9 files changed, 16 insertions(+), 4 deletions(-) create mode 100644 sysdeps/unix/sysv/linux/alpha/bits/cloexec.h create mode 100644 sysdeps/unix/sysv/linux/bits/cloexec.h create mode 100644 sysdeps/unix/sysv/linux/hppa/bits/cloexec.h create mode 100644 sysdeps/unix/sysv/linux/sparc/bits/cloexec.h diff --git a/io/fcntl.c b/io/fcntl.c index c13546e4fd..4fbc522624 100644 --- a/io/fcntl.c +++ b/io/fcntl.c @@ -18,6 +18,10 @@ #include <errno.h> #include <fcntl.h> +#ifndef __O_CLOEXEC +# error __O_CLOEXEC not defined by fcntl.h/cloexec.h +#endif + /* Perform file control operations on FD. */ int __fcntl (int fd, int cmd, ...) diff --git a/sysdeps/unix/sysv/linux/Makefile b/sysdeps/unix/sysv/linux/Makefile index 955d316362..c6bd97abf1 100644 --- a/sysdeps/unix/sysv/linux/Makefile +++ b/sysdeps/unix/sysv/linux/Makefile @@ -129,6 +129,7 @@ CFLAGS-test-errno-linux.c += $(no-fortify-source) sysdep_headers += \ bits/a.out.h \ + bits/cloexec.h \ bits/epoll.h \ bits/eventfd.h \ bits/inotify.h \ diff --git a/sysdeps/unix/sysv/linux/alpha/bits/cloexec.h b/sysdeps/unix/sysv/linux/alpha/bits/cloexec.h new file mode 100644 index 0000000000..f381f28a53 --- /dev/null +++ b/sysdeps/unix/sysv/linux/alpha/bits/cloexec.h @@ -0,0 +1 @@ +#define __O_CLOEXEC 010000000 diff --git a/sysdeps/unix/sysv/linux/bits/cloexec.h b/sysdeps/unix/sysv/linux/bits/cloexec.h new file mode 100644 index 0000000000..3059fb6473 --- /dev/null +++ b/sysdeps/unix/sysv/linux/bits/cloexec.h @@ -0,0 +1 @@ +#define __O_CLOEXEC 02000000 diff --git a/sysdeps/unix/sysv/linux/bits/fcntl-linux.h b/sysdeps/unix/sysv/linux/bits/fcntl-linux.h index ad7f7c98c6..221a71aa62 100644 --- a/sysdeps/unix/sysv/linux/bits/fcntl-linux.h +++ b/sysdeps/unix/sysv/linux/bits/fcntl-linux.h @@ -81,9 +81,7 @@ #ifndef __O_NOFOLLOW # define __O_NOFOLLOW 0400000 #endif -#ifndef __O_CLOEXEC -# define __O_CLOEXEC 02000000 -#endif +#include <bits/cloexec.h> #ifndef __O_DIRECT # define __O_DIRECT 040000 #endif diff --git a/sysdeps/unix/sysv/linux/hppa/bits/cloexec.h b/sysdeps/unix/sysv/linux/hppa/bits/cloexec.h new file mode 100644 index 0000000000..f381f28a53 --- /dev/null +++ b/sysdeps/unix/sysv/linux/hppa/bits/cloexec.h @@ -0,0 +1 @@ +#define __O_CLOEXEC 010000000 diff --git a/sysdeps/unix/sysv/linux/sparc/bits/cloexec.h b/sysdeps/unix/sysv/linux/sparc/bits/cloexec.h new file mode 100644 index 0000000000..6706eaa7d5 --- /dev/null +++ b/sysdeps/unix/sysv/linux/sparc/bits/cloexec.h @@ -0,0 +1 @@ +#define __O_CLOEXEC 0x400000 diff --git a/sysdeps/unix/sysv/linux/sys/mount.h b/sysdeps/unix/sysv/linux/sys/mount.h index 457d8dcff2..5e496caf2f 100644 --- a/sysdeps/unix/sysv/linux/sys/mount.h +++ b/sysdeps/unix/sysv/linux/sys/mount.h @@ -21,7 +21,6 @@ #ifndef _SYS_MOUNT_H #define _SYS_MOUNT_H 1 -#include <fcntl.h> #include <features.h> #include <stdint.h> #include <stddef.h> @@ -266,6 +265,11 @@ enum fsconfig_command /* open_tree flags. */ #define OPEN_TREE_CLONE 1 /* Clone the target tree and attach the clone */ +#ifndef O_CLOEXEC +# include <bits/cloexec.h> +# define O_CLOEXEC __O_CLOEXEC +#endif +#undef OPEN_TREE_CLOEXEC #define OPEN_TREE_CLOEXEC O_CLOEXEC /* Close the file on execve() */ diff --git a/sysdeps/unix/sysv/linux/tst-mount.c b/sysdeps/unix/sysv/linux/tst-mount.c index 8e3ffbd56f..84dcd448d4 100644 --- a/sysdeps/unix/sysv/linux/tst-mount.c +++ b/sysdeps/unix/sysv/linux/tst-mount.c @@ -20,6 +20,7 @@ #include <support/check.h> #include <support/xunistd.h> #include <support/namespace.h> +#include <fcntl.h> /* For AT_ constants. */ #include <sys/mount.h> _Static_assert (sizeof (struct mount_attr) == MOUNT_ATTR_SIZE_VER0, -- 2.53.0 ++++++ sys-mount-open-tree-macros.patch ++++++ >From d12b017cddfeb9fe9920ba054ae3dfcb8e9238b8 Mon Sep 17 00:00:00 2001 From: Florian Weimer <[email protected]> Date: Wed, 4 Mar 2026 18:32:36 +0100 Subject: [PATCH] Linux: Only define OPEN_TREE_* macros in <sys/mount.h> if undefined (bug 33921) There is a conditional inclusion of <linux/mount.h> earlier in the file. If that defines the macros, do not redefine them. This addresses build problems as the token sequence used by the UAPI macro definitions changes between Linux versions. Reviewed-by: Adhemerval Zanella <[email protected]> --- sysdeps/unix/sysv/linux/sys/mount.h | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/sysdeps/unix/sysv/linux/sys/mount.h b/sysdeps/unix/sysv/linux/sys/mount.h index 5e496caf2f..0c5ebed33a 100644 --- a/sysdeps/unix/sysv/linux/sys/mount.h +++ b/sysdeps/unix/sysv/linux/sys/mount.h @@ -264,14 +264,16 @@ enum fsconfig_command #define FSOPEN_CLOEXEC 0x00000001 /* open_tree flags. */ -#define OPEN_TREE_CLONE 1 /* Clone the target tree and attach the clone */ +#ifndef OPEN_TREE_CLONE +# define OPEN_TREE_CLONE 1 /* Clone the target tree and attach the clone */ +#endif #ifndef O_CLOEXEC # include <bits/cloexec.h> # define O_CLOEXEC __O_CLOEXEC #endif -#undef OPEN_TREE_CLOEXEC -#define OPEN_TREE_CLOEXEC O_CLOEXEC /* Close the file on execve() */ - +#ifndef OPEN_TREE_CLOEXEC +# define OPEN_TREE_CLOEXEC O_CLOEXEC /* Close the file on execve() */ +#endif __BEGIN_DECLS -- 2.53.0 ++++++ tests-aarch64-makefile-deps-bti.patch ++++++ >From fa4a40c7d497fa99e578495f02b5ad5e449c72b1 Mon Sep 17 00:00:00 2001 From: Yury Khrustalev <[email protected]> Date: Mon, 16 Feb 2026 12:46:39 +0000 Subject: [PATCH] tests: aarch64: fix makefile dependencies for dlopen tests for BTI Some BTI tests in the sysdeps/aarch64 directory use test shared objects via dlopen. Due to lack of direct makefile level dependencies on these modules these tests could be run before the required .so files would be created. This could lead to flaky test results when running make check with -j flag. This commit fixes it. Reviewed-by: Wilco Dijkstra <[email protected]> (cherry picked from commit 4db97f4d04cd2ad87f75b7219de2cb851fc62ebd) --- sysdeps/aarch64/Makefile | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/sysdeps/aarch64/Makefile b/sysdeps/aarch64/Makefile index 0d32eddf36..ff4f72c45e 100644 --- a/sysdeps/aarch64/Makefile +++ b/sysdeps/aarch64/Makefile @@ -132,6 +132,12 @@ $(objpfx)tst-bti-permissive-transitive: $(objpfx)tst-bti-mod.so $(objpfx)tst-bti-ld-debug-shared: $(objpfx)tst-bti-mod.so $(objpfx)tst-bti-ld-debug-both: $(objpfx)tst-bti-mod-unprot.so +$(objpfx)tst-bti-dlopen-imm.out: $(objpfx)tst-bti-mod-unprot.so +$(objpfx)tst-bti-dlopen-prot.out: $(objpfx)tst-bti-mod-prot.so +$(objpfx)tst-bti-dlopen-transitive.out: $(objpfx)tst-bti-mod.so +$(objpfx)tst-bti-ld-debug-dlopen.out: $(objpfx)tst-bti-mod-unprot.so +$(objpfx)tst-bti-permissive-dlopen.out: $(objpfx)tst-bti-mod-unprot.so + $(objpfx)tst-bti-abort-unprot-preload.out: $(objpfx)tst-bti-mod-unprot-preload.so tst-bti-abort-unprot-preload-ENV = \ GLIBC_TUNABLES=glibc.cpu.aarch64_bti=1 \ -- 2.53.0 ++++++ tst-rseq-linux-7.patch ++++++ >From ce1013a197eb4a3b8ff2b07e0672f4d0b976ce7c Mon Sep 17 00:00:00 2001 From: Michael Jeanson <[email protected]> Date: Fri, 20 Feb 2026 11:01:00 -0500 Subject: [PATCH] tests: fix tst-rseq with Linux 7.0 A sub-test of tst-rseq is to validate the return code and errno of the rseq syscall when attempting to register the exact same rseq area as was done in the dynamic loader. This involves finding the rseq area address by adding the '__rseq_offset' to the thread pointer and calculating the area size from the AT_RSEQ_FEATURE_SIZE auxiliary vector. However the test currently calculates the size of the rseq area allocation in the TLS block which must be a multiple of AT_RSEQ_ALIGN. Up until now that happened to be the same value since the feature size and alignment exposed by the kernel were below the minimum ABI size of 32. Starting with Linux 7.0 the feature size has reached 33 while the alignment is now 64. This results in the test trying to re-register the rseq area with a different size and thus not getting the expected errno value. Signed-off-by: Michael Jeanson <[email protected]> Reviewed-by: Mathieu Desnoyers <[email protected]> (cherry picked from commit 67f303b47dc584f204e3f2441b9832082415eebc) --- sysdeps/unix/sysv/linux/tst-rseq.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/sysdeps/unix/sysv/linux/tst-rseq.c b/sysdeps/unix/sysv/linux/tst-rseq.c index 11371dc6c5..ba93d390f4 100644 --- a/sysdeps/unix/sysv/linux/tst-rseq.c +++ b/sysdeps/unix/sysv/linux/tst-rseq.c @@ -48,8 +48,7 @@ do_rseq_main_test (void) size_t rseq_align = MAX (getauxval (AT_RSEQ_ALIGN), RSEQ_MIN_ALIGN); size_t rseq_feature_size = MAX (getauxval (AT_RSEQ_FEATURE_SIZE), RSEQ_AREA_SIZE_INITIAL_USED); - size_t rseq_alloc_size = roundup (MAX (rseq_feature_size, - RSEQ_AREA_SIZE_INITIAL_USED), rseq_align); + size_t rseq_reg_size = MAX (rseq_feature_size, RSEQ_AREA_SIZE_INITIAL); struct rseq *rseq_abi = __thread_pointer () + __rseq_offset; TEST_VERIFY_EXIT (rseq_thread_registered ()); @@ -89,8 +88,8 @@ do_rseq_main_test (void) /* Test a rseq registration with the same arguments as the internal registration which should fail with errno == EBUSY. */ TEST_VERIFY (((unsigned long) rseq_abi % rseq_align) == 0); - TEST_VERIFY (__rseq_size <= rseq_alloc_size); - int ret = syscall (__NR_rseq, rseq_abi, rseq_alloc_size, 0, RSEQ_SIG); + TEST_VERIFY (__rseq_size <= rseq_reg_size); + int ret = syscall (__NR_rseq, rseq_abi, rseq_reg_size, 0, RSEQ_SIG); TEST_VERIFY (ret != 0); TEST_COMPARE (errno, EBUSY); } -- 2.53.0
