CRUX
Threads by month
- ----- 2024 -----
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
January 2018
- 3 participants
- 20 discussions
19 Jan '18
commit 845fdf2bb18f120b6839b34e8c125b68fc338b2c
Author: Juergen Daubert <jue(a)jue.li>
Date: Wed Jan 17 14:04:04 2018 +0100
[notify] rsync: update to 3.1.3pre1, closes FS#1558
includes security fixes for CVE-2017-{16548,17433,17434}, see
- https://download.samba.org/pub/rsync/src-previews/rsync-3.1.3pre1-NEWS
- https://www.cvedetails.com/vulnerability-list/vendor_id-102/product_id-1378…
diff --git a/rsync/.md5sum b/rsync/.md5sum
index e648e66d..5453a749 100644
--- a/rsync/.md5sum
+++ b/rsync/.md5sum
@@ -1,4 +1,4 @@
-0f758d7e000c0f7f7d3792610fad70cb rsync-3.1.2.tar.gz
+e116473719712d312d4db7e877e7b0df rsync-3.1.3pre1.tar.gz
bd6cc8e2c83d5e845af20a30e105fb5f rsync.driver
d20f1ca0fb415a6788808c75170d951a rsyncd
b4e95fa8c8f3ae13cfdf616abd6a3960 rsyncd.conf
diff --git a/rsync/.signature b/rsync/.signature
index 9a6dadda..1d425afe 100644
--- a/rsync/.signature
+++ b/rsync/.signature
@@ -1,8 +1,8 @@
untrusted comment: verify with /etc/ports/core.pub
-RWRJc1FUaeVeqo/eo6PI41PWGO6F7OSVUW71UxJF1cg80Q3xrm+6G8dxClUtLeyfZE0ZtoZcpmT05tkxQ4dHyWB35EkrTc6JyQY=
-SHA256 (Pkgfile) = 14f7d621c44d11d246a7b2f77ec238bcdd687c16e78952a9b87c321392f0b47d
+RWRJc1FUaeVeqi9UpxXd1+wORN1GuNbXWnl+3vYO9uZ2WKA9BnptI6VivnqBcG8qfIG65hXXRJuDJkoI7sEyU0yzcj56B6RWXQ8=
+SHA256 (Pkgfile) = de1cbfee92e8a29d34d0afeb9b30ccf03625e21bc08f059c331536624aa4efad
SHA256 (.footprint) = 66208e83d257797b507df7559291a4059dba7f26019d5832ef535e6f3bd4c71a
-SHA256 (rsync-3.1.2.tar.gz) = ecfa62a7fa3c4c18b9eccd8c16eaddee4bd308a76ea50b5c02a5840f09c0a1c2
+SHA256 (rsync-3.1.3pre1.tar.gz) = 6337962632006f9e8664d759cd2bbe5958e4e20a12a72a05c9dbcad0b955faf5
SHA256 (rsyncd.conf) = 095447801d8ba0101809c18acfb5a492c65323bed9ef5dd3739b3af5e9f7c56d
SHA256 (rsyncd) = e8dc013ff31ee7b1f249fcfbde579ec76fe3103f61d26d098d45290727060c85
SHA256 (rsync.driver) = 5e0f94a972cf7e47f153ccd0ac454ec2bd3056a834b69e82d3f3984d44308ef7
diff --git a/rsync/Pkgfile b/rsync/Pkgfile
index ec410a0d..0dee14ff 100644
--- a/rsync/Pkgfile
+++ b/rsync/Pkgfile
@@ -4,9 +4,9 @@
# Depends on: acl
name=rsync
-version=3.1.2
+version=3.1.3pre1
release=1
-source=(https://rsync.samba.org/ftp/$name/src/$name-$version.tar.gz \
+source=(https://download.samba.org/pub/rsync/src-previews/$name-$version.tar.gz \
rsyncd.conf rsyncd rsync.driver)
build () {
1
0
ports/core (3.3): [notify] glibc-32: updated to 2.24-10. Fix for CVE-2018-1000001
by crux@crux.nu 19 Jan '18
by crux@crux.nu 19 Jan '18
19 Jan '18
commit 2a11487ab107d123b7eed0c8a4bf5a68e0febd10
Author: Fredrik Rinnestam <fredrik(a)crux.nu>
Date: Fri Jan 19 15:18:59 2018 +0100
[notify] glibc-32: updated to 2.24-10. Fix for CVE-2018-1000001
diff --git a/glibc-32/.md5sum b/glibc-32/.md5sum
index 8d31067f..5153d4c0 100644
--- a/glibc-32/.md5sum
+++ b/glibc-32/.md5sum
@@ -1,5 +1,4 @@
-bcfb2cb7f1cb0b4ecce27fcd5d5d2b21 0001-CVE-2017-15670-glob-Fix-one-byte-overflow-BZ-22320.patch
-cb9c54c9d22b3ab597a69d05420b5e80 glibc-2.24.8.patch
+4382c5b030a4995a9a4649dd735f6685 glibc-2.24-10.patch
97dc5517f92016f3d70d83e3162ad318 glibc-2.24.tar.xz
ac19b5dac0b160aa59a2e265998c3e91 kernel-headers-4.9.5.tar.xz
a8f4549c716cd37244fbf1ed059497f8 lib32.conf
diff --git a/glibc-32/.signature b/glibc-32/.signature
index 6b94ce07..3d2cfea5 100644
--- a/glibc-32/.signature
+++ b/glibc-32/.signature
@@ -1,9 +1,8 @@
untrusted comment: verify with /etc/ports/core.pub
-RWRJc1FUaeVeqjeyptGRCBcjcyr/ot+fF8dm4Kc50exfkG6Dh1ByVtDUMJHkKHGfkRAeiq/6S6qY0oYbewnOS8I7fQ3Vjzj3xw0=
-SHA256 (Pkgfile) = e3f3c583e8e6da48eb296cab0aee6bae04c9def714432f8b81fe749c1b08adec
+RWRJc1FUaeVeqv63VY26UMnegawgY0CQLl5mA57dECmhixK7nB9GmUO6dNFJ7W8/pp+6UjRc8+TY3TNXGKu/T+r/2ohIUUfkrwk=
+SHA256 (Pkgfile) = 034acc49e0f428aaa3d606d58400ff9586c3c11ccff0480fcb0de7b3c30411af
SHA256 (.footprint) = 0af47db3e8a5ea832d1f971ca56f7718a59167c0214375307a508ff46b327119
SHA256 (glibc-2.24.tar.xz) = 99d4a3e8efd144d71488e478f62587578c0f4e1fa0b4eed47ee3d4975ebeb5d3
SHA256 (kernel-headers-4.9.5.tar.xz) = 5783ad8f668ee71561fae370fbcdc477aaa6df249bd85635b87a8c204aeb4aa9
-SHA256 (glibc-2.24.8.patch) = 314fe8ec41042a85991e830a002abf2ff0b98dc4467afa238d8bb369d3be7cca
-SHA256 (0001-CVE-2017-15670-glob-Fix-one-byte-overflow-BZ-22320.patch) = 3f634bf301eb8bab57e5ea552de3f694fb063ab45af3cc91990e1bc24f280ddd
+SHA256 (glibc-2.24-10.patch) = 166d8a11ef5e616e65f5f626ad0a47b881712865ceef6e78bb4bc9bdc8af2c55
SHA256 (lib32.conf) = 2f174d2bcefe1c29327690514f34d6970fffdd54398320ca23a11b5f1e3c9b2d
diff --git a/glibc-32/0001-CVE-2017-15670-glob-Fix-one-byte-overflow-BZ-22320.patch b/glibc-32/0001-CVE-2017-15670-glob-Fix-one-byte-overflow-BZ-22320.patch
deleted file mode 100644
index bc410b26..00000000
--- a/glibc-32/0001-CVE-2017-15670-glob-Fix-one-byte-overflow-BZ-22320.patch
+++ /dev/null
@@ -1,765 +0,0 @@
-From b9911eb529e51ebe7c5daa3b4f17e2caf7ddb9a4 Mon Sep 17 00:00:00 2001
-From: Fredrik Rinnestam <fredrik(a)crux.nu>
-Date: Sun, 22 Oct 2017 16:18:40 +0200
-Subject: [PATCH] CVE-2017-15670: glob: Fix one-byte overflow [BZ #22320]
-
----
- ChangeLog | 10 +
- NEWS | 701 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- posix/glob.c | 2 +-
- 3 files changed, 712 insertions(+), 1 deletion(-)
-
-diff --git a/ChangeLog b/ChangeLog
-index 84189ec762..1fb38cb7ee 100644
---- a/ChangeLog
-+++ b/ChangeLog
-@@ -1,3 +1,4 @@
-+<<<<<<< HEAD
- 2017-10-19 H.J. Lu <hongjiu.lu(a)intel.com>
-
- * sysdeps/x86_64/Makefile (tests): Add tst-sse, tst-avx and
-@@ -20,6 +21,15 @@
- * sysdeps/x86_64/tst-avxmod.c: Likewise.
- * sysdeps/x86_64/tst-sse.c: Likewise.
- * sysdeps/x86_64/tst-ssemod.c: Likewise.
-+=======
-+2017-10-20 Paul Eggert <eggert(a)cs.ucla.edu>
-+
-+ [BZ #22320]
-+ CVE-2017-15670
-+ * posix/glob.c (__glob): Fix one-byte overflow.
-+
-+2017-10-20 Wilco Dijkstra <wdijkstr(a)arm.com>
-+>>>>>>> c369d66e54... CVE-2017-15670: glob: Fix one-byte overflow [BZ #22320]
-
- 2017-10-19 H.J. Lu <hongjiu.lu(a)intel.com>
-
-diff --git a/NEWS b/NEWS
-index 4831542023..90cae42eee 100644
---- a/NEWS
-+++ b/NEWS
-@@ -5,7 +5,708 @@ See the end for copying conditions.
- Please send GNU C library bug reports via <http://sourceware.org/bugzilla/>
- using `glibc' in the "product" field.
-
-+<<<<<<< HEAD
- Version 2.24.1
-+=======
-+Version 2.27
-+
-+Major new features:
-+
-+* Optimized x86-64 asin, atan2, exp, expf, log, pow, atan, sin and tan
-+ with FMA, contributed by Arjan van de Ven and H.J. Lu from Intel.
-+
-+* Optimized x86-64 trunc and truncf for processors with SSE4.1.
-+
-+* Optimized generic expf, exp2f, logf, log2f and powf.
-+
-+* In order to support faster and safer process termination the malloc API
-+ family of functions will no longer print a failure address and stack
-+ backtrace after detecting heap corruption. The goal is to minimize the
-+ amount of work done after corruption is detected and to avoid potential
-+ security issues in continued process execution. Reducing shutdown time
-+ leads to lower overall process restart latency, so there is benefit both
-+ from a security and performance perspective.
-+
-+* The abort function terminates the process immediately, without flushing
-+ stdio streams. Previous glibc versions used to flush streams, resulting
-+ in deadlocks and further data corruption. This change also affects
-+ process aborts as the result of assertion failures.
-+
-+* On platforms where long double has the IEEE binary128 format (aarch64,
-+ alpha, mips64, s390 and sparc), the math library now implements _Float128
-+ interfaces for that type, as defined by ISO/IEC TS 18661-3:2015. These
-+ are the same interfaces added in version 2.26 for some platforms where
-+ this format is supported but is not the format of long double.
-+
-+Deprecated and removed features, and other changes affecting compatibility:
-+
-+* On GNU/Linux, the obsolete Linux constant PTRACE_SEIZE_DEVEL is no longer
-+ defined by <sys/ptrace.h>.
-+
-+* libm no longer supports SVID error handling (calling a user-provided
-+ matherr function on error) or the _LIB_VERSION variable to control error
-+ handling. (SVID error handling and the _LIB_VERSION variable still work
-+ for binaries linked against older versions of the GNU C Library.) The
-+ libieee.a library is no longer provided. math.h no longer defines struct
-+ exception, or the macros X_TLOSS, DOMAIN, SING, OVERFLOW, UNDERFLOW,
-+ TLOSS, PLOSS and HUGE.
-+
-+* The libm functions pow10, pow10f and pow10l are no longer supported for
-+ new programs. Programs should use the standard names exp10, exp10f and
-+ exp10l for these functions instead.
-+
-+* The mcontext_t type is no longer the same as struct sigcontext. On
-+ platforms where it was previously the same, this changes the C++ name
-+ mangling for interfaces involving this type.
-+
-+* The add-ons mechanism for building additional packages at the same time as
-+ glibc has been removed. The --enable-add-ons configure option is now
-+ ignored.
-+
-+Changes to build and runtime requirements:
-+
-+ [Add changes to build and runtime requirements here]
-+
-+Security related changes:
-+
-+ CVE-2009-5064: The ldd script would sometimes run the program under
-+ examination directly, without preventing code execution through the
-+ dynamic linker. (The glibc project disputes that this is a security
-+ vulnerability; only trusted binaries must be examined using the ldd
-+ script.)
-+
-+ CVE-2017-15670: The glob function, when invoked with GLOB_TILDE, suffered
-+ from a one-byte overflow during ~ operator processing (either on the stack
-+ or the heap, depending on the length of the user name).
-+
-+The following bugs are resolved with this release:
-+
-+ [The release manager will add the list generated by
-+ scripts/list-fixed-bugs.py just before the release.]
-+
-+
-+Version 2.26
-+
-+Major new features:
-+
-+* A per-thread cache has been added to malloc. Access to the cache requires
-+ no locks and therefore significantly accelerates the fast path to allocate
-+ and free small amounts of memory. Refilling an empty cache requires locking
-+ the underlying arena. Performance measurements show significant gains in a
-+ wide variety of user workloads. Workloads were captured using a special
-+ instrumented malloc and analyzed with a malloc simulator. Contributed by
-+ DJ Delorie with the help of Florian Weimer, and Carlos O'Donell.
-+
-+* Unicode 10.0.0 Support: Character encoding, character type info, and
-+ transliteration tables are all updated to Unicode 10.0.0, using
-+ generator scripts contributed by Mike FABIAN (Red Hat).
-+ These updates cause user visible changes, especially the changes in
-+ wcwidth for many emoji characters cause problems when emoji sequences
-+ are rendered with pango, see for example:
-+ https://bugzilla.gnome.org/show_bug.cgi?id=780669#c5
-+
-+* Collation of Hungarian has been overhauled and is now consistent with "The
-+ Rules of Hungarian Orthography, 12th edition" (Bug 18934). Contributed by
-+ Egmont Koblinger.
-+
-+* Improvements to the DNS stub resolver, contributed by Florian Weimer:
-+
-+ - The GNU C Library will now detect when /etc/resolv.conf has been
-+ modified and reload the changed configuration. The new resolver option
-+ “no-reload” (RES_NORELOAD) disables this behavior.
-+
-+ - The GNU C Library now supports an arbitrary number of search domains
-+ (configured using the “search” directive in /etc/resolv.conf);
-+ previously, there was a hard limit of six domains. For backward
-+ compatibility, applications that directly modify the ‘_res’ global
-+ object are still limited to six search domains.
-+
-+ - When the “rotate” (RES_ROTATE) resolver option is active, the GNU C
-+ Library will now randomly pick a name server from the configuration as a
-+ starting point. (Previously, the second name server was always used.)
-+
-+* The tunables feature is now enabled by default. This allows users to tweak
-+ behavior of the GNU C Library using the GLIBC_TUNABLES environment variable.
-+
-+* New function reallocarray, which resizes an allocated block (like realloc)
-+ to the product of two sizes, with a guaranteed clean failure upon integer
-+ overflow in the multiplication. Originally from OpenBSD, contributed by
-+ Dennis Wölfing and Rüdiger Sonderfeld.
-+
-+* New wrappers for the Linux-specific system calls preadv2 and pwritev2.
-+ These are extended versions of preadv and pwritev, respectively, taking an
-+ additional flags argument. The set of supported flags depends on the
-+ running kernel; full support currently requires kernel 4.7 or later.
-+
-+* posix_spawnattr_setflags now supports the flag POSIX_SPAWN_SETSID, to
-+ create a new session ID for the spawned process. This feature is
-+ scheduled to be added to the next major revision of POSIX; for the time
-+ being, it is available under _GNU_SOURCE.
-+
-+* errno.h is now safe to use from C-preprocessed assembly language on all
-+ supported operating systems. In this context, it will only define the
-+ Exxxx constants, as preprocessor macros expanding to integer literals.
-+
-+* On ia64, powerpc64le, x86-32, and x86-64, the math library now implements
-+ 128-bit floating point as defined by ISO/IEC/IEEE 60559:2011 (IEEE
-+ 754-2008) and ISO/IEC TS 18661-3:2015. Contributed by Paul E. Murphy,
-+ Gabriel F. T. Gomes, Tulio Magno Quites Machado Filho, and Joseph Myers.
-+
-+ To compile programs that use this feature, the compiler must support
-+ 128-bit floating point with the type name _Float128 (as defined by TS
-+ 18661-3) or __float128 (the nonstandard name used by GCC for C++, and for
-+ C prior to version 7). _GNU_SOURCE or __STDC_WANT_IEC_60559_TYPES_EXT__
-+ must be defined to make the new interfaces visible.
-+
-+ The new functions and macros correspond to those present for other
-+ floating-point types (except for a few obsolescent interfaces not
-+ supported for the new type), with F128 or f128 suffixes; for example,
-+ strtof128, HUGE_VAL_F128 and cosf128. Following TS 18661-3, there are no
-+ printf or scanf formats for the new type; the strfromf128 and strtof128
-+ interfaces should be used instead.
-+
-+Deprecated and removed features, and other changes affecting compatibility:
-+
-+* The synchronization that pthread_spin_unlock performs has been changed to
-+ now be equivalent to a C11 atomic store with release memory order to the
-+ spin lock's memory location. Previously, several (but not all)
-+ architectures used stronger synchronization (e.g., containing what is
-+ often called a full barrier). This change can improve performance, but
-+ may affect odd fringe uses of spin locks that depend on the previous
-+ behavior (e.g., using spin locks as atomic variables to try to implement
-+ Dekker's mutual exclusion algorithm).
-+
-+* The port to Native Client running on ARMv7-A (--host=arm-nacl) has been
-+ removed.
-+
-+* Sun RPC is deprecated. The rpcgen program, librpcsvc, and Sun RPC headers
-+ will only be built and installed when the GNU C Library is configured with
-+ --enable-obsolete-rpc. This allows alternative RPC implementations, such
-+ as TIRPC or rpcsvc-proto, to be used.
-+
-+* The NIS(+) name service modules, libnss_nis, libnss_nisplus, and
-+ libnss_compat, are deprecated, and will not be built or installed by
-+ default.
-+
-+ The NIS(+) support library, libnsl, is also deprecated. By default, a
-+ compatibility shared library will be built and installed, but not headers
-+ or development libraries. Only a few NIS-related programs require this
-+ library. (In particular, the GNU C Library has never required programs
-+ that use 'gethostbyname' to be linked with libnsl.)
-+
-+ Replacement implementations based on TIRPC, which additionally support
-+ IPv6, are available from <https://github.com/thkukuk/>. The configure
-+ option --enable-obsolete-nsl will cause libnsl's headers, and the NIS(+)
-+ name service modules, to be built and installed.
-+
-+* The DNS stub resolver no longer performs EDNS fallback. If EDNS or DNSSEC
-+ support is enabled, the configured recursive resolver must support EDNS.
-+ (Responding to EDNS-enabled queries with responses which are not
-+ EDNS-enabled is fine, but FORMERR responses are not.)
-+
-+* res_mkquery and res_nmkquery no longer support the IQUERY opcode. DNS
-+ servers have not supported this opcode for a long time.
-+
-+* The _res_opcodes variable has been removed from libresolv. It had been
-+ exported by accident.
-+
-+* <string.h> no longer includes inline versions of any string functions,
-+ as this kind of optimization is better done by the compiler. The macros
-+ __USE_STRING_INLINES and __NO_STRING_INLINES no longer have any effect.
-+
-+* The nonstandard header <xlocale.h> has been removed. Most programs should
-+ use <locale.h> instead. If you have a specific need for the definition of
-+ locale_t with no other declarations, please contact
-+ libc-alpha(a)sourceware.org and explain.
-+
-+* The obsolete header <sys/ultrasound.h> has been removed.
-+
-+* The obsolete signal constant SIGUNUSED is no longer defined by <signal.h>.
-+
-+* The obsolete function cfree has been removed. Applications should use
-+ free instead.
-+
-+* The stack_t type no longer has the name struct sigaltstack. This changes
-+ the C++ name mangling for interfaces involving this type.
-+
-+* The ucontext_t type no longer has the name struct ucontext. This changes
-+ the C++ name mangling for interfaces involving this type.
-+
-+* On M68k GNU/Linux and MIPS GNU/Linux, the fpregset_t type no longer has
-+ the name struct fpregset. On Nios II GNU/Linux, the mcontext_t type no
-+ longer has the name struct mcontext. On SPARC GNU/Linux, the struct
-+ mc_fq, struct rwindow, struct fpq and struct fq types are no longer
-+ defined in sys/ucontext.h, the mc_fpu_t type no longer has the name struct
-+ mc_fpu, the gwindows_t type no longer has the name struct gwindows and the
-+ fpregset_t type no longer has the name struct fpu. This changes the C++
-+ name mangling for interfaces involving those types.
-+
-+* On S/390 GNU/Linux, the constants defined by <sys/ptrace.h> have been
-+ synced with the kernel:
-+
-+ - PTRACE_GETREGS, PTRACE_SETREGS, PTRACE_GETFPREGS and PTRACE_SETFPREGS
-+ are not supported on this architecture and have been removed.
-+
-+ - PTRACE_SINGLEBLOCK, PTRACE_SECCOMP_GET_FILTER, PTRACE_PEEKUSR_AREA,
-+ PTRACE_POKEUSR_AREA, PTRACE_GET_LAST_BREAK, PTRACE_ENABLE_TE,
-+ PTRACE_DISABLE_TE and PTRACE_TE_ABORT_RAND have been added.
-+
-+ Programs that assume the GET/SETREGS ptrace requests are universally
-+ available will now fail to build, instead of malfunctioning at runtime.
-+
-+Changes to build and runtime requirements:
-+
-+* Linux kernel 3.2 or later is required at runtime, on all architectures
-+ supported by that kernel. (This is a change from version 2.25 only for
-+ x86-32 and x86-64.)
-+
-+* GNU Binutils 2.25 or later is now required to build the GNU C Library.
-+
-+* On most architectures, GCC 4.9 or later is required to build the GNU C
-+ Library. On powerpc64le, GCC 6.2 or later is required.
-+
-+ Older GCC versions and non-GNU compilers are still supported when
-+ compiling programs that use the GNU C Library. (We do not know exactly
-+ how old, and some GNU extensions to C may be _de facto_ required. If you
-+ are interested in helping us make this statement less vague, please
-+ contact libc-alpha(a)sourceware.org.)
-+
-+Security related changes:
-+
-+* The DNS stub resolver limits the advertised UDP buffer size to 1200 bytes,
-+ to avoid fragmentation-based spoofing attacks (CVE-2017-12132).
-+
-+* LD_LIBRARY_PATH is now ignored in binaries running in privileged AT_SECURE
-+ mode to guard against local privilege escalation attacks (CVE-2017-1000366).
-+
-+* Avoid printing a backtrace from the __stack_chk_fail function since it is
-+ called on a corrupt stack and a backtrace is unreliable on a corrupt stack
-+ (CVE-2010-3192).
-+
-+* A use-after-free vulnerability in clntudp_call in the Sun RPC system has been
-+ fixed (CVE-2017-12133).
-+
-+The following bugs are resolved with this release:
-+
-+ [984] network: Respond to changed resolv.conf in gethostbyname
-+ [5010] network: sunrpc service cleanup causes unwanted port mapper traffic
-+ [12068] localedata: sc_IT: misspelled yesexpr/day/abday/mon/abmon/date_fmt
-+ fields
-+ [12189] libc: __stack_chk_fail should not attempt a backtrace
-+ (CVE-2010-3192)
-+ [14096] time: Race condition on timezone/tst-timezone.out
-+ [14172] localedata: az_IR: new locale
-+ [14995] build: glibc fails to build if gold is the default linker, even if
-+ ld.bfd is available
-+ [15998] build: [powerpc] Set arch_minimum_kernel for powerpc LE
-+ [16637] network: inet_pton function is accepting IPv6 with bad format
-+ [16640] string: string/strtok.c: undefined behaviour inconsistent between
-+ x86 and other generic code
-+ [16875] localedata: ko_KR: fix lang_name
-+ [17225] localedata: ar_SY: localized month names for May and June are
-+ incorrect
-+ [17297] localedata: da_DK: wrong date_fmt string
-+ [18907] stdio: Incorrect order of __wur __THROW in <printf.h>
-+ [18934] localedata: hu_HU: collate: fix multiple bugs and add tests
-+ [18988] nptl: pthread wastes memory with mlockall(MCL_FUTURE)
-+ [19066] localedata: ar_SA abbreviated day and month names are in English
-+ [19569] network: resolv: Support an arbitrary number of search domains
-+ [19570] network: Implement random DNS server selection in the stub
-+ resolver
-+ [19838] locale: localedef fails on PA-RISC
-+ [19919] localedata: iso14651_t1_common: Correct the Malayalam sorting
-+ order of 0D36 and 0D37
-+ [19922] localedata: iso14651_t1_common: Define collation for Malayalam
-+ chillu characters
-+ [20098] libc: FAIL: debug/backtrace-tst on hppa
-+ [20257] network: sunrpc: clntudp_call does not enforce timeout when
-+ receiving data
-+ [20275] localedata: locale day/abday/mon/abmon should not have trailing
-+ whitespace
-+ [20313] localedata: Update locale data to Unicode 9.0
-+ [20424] manual: Document how to provide a malloc replacement
-+ [20496] localedata: agr_PE: new language locale Awajún / Aguaruna (agr)
-+ for Peru
-+ [20686] locale: Add el_GR@euro to SUPPORTED.
-+ [20831] dynamic-link: _dl_map_segments does not test for __mprotect
-+ failures consistently
-+ [21015] dynamic-link: Document and fix --enable-bind-now
-+ [21016] nptl: pthread_cond support is broken on hppa
-+ [21029] libc: glibc-2.23 (and later) fails to compile with -fno-omit-
-+ frame-pointer on i386
-+ [21049] libc: segfault in longjmp_chk() due to clobbered processor
-+ register
-+ [21075] libc: unused assigment to %g4 in sparc/sparc{64,32}/clone.S
-+ [21088] libc: Build fails with --enable-static-nss
-+ [21094] math: cosf(1.57079697) has 3 ulp error on targets where the
-+ generic c code is used
-+ [21109] libc: Tunables broken on big-endian
-+ [21112] math: powf has large ulp errors with base close to 1 and exponent
-+ around 4000
-+ [21115] network: sunrpc: Use-after-free in error path in clntudp_call
-+ (CVE-2017-12133)
-+ [21120] malloc: glibc malloc is incompatible with GCC 7
-+ [21130] math: Incorrect return from y0l (-inf) and y1l (-inf) when linking
-+ with -lieee
-+ [21134] math: Exception (divide by zero) not set for y0/y1 (0.0) and y0/y1
-+ (-0.0) when linking with -lieee
-+ [21171] math: log10, log2 and lgamma return incorrect results
-+ [21179] libc: handle R_SPARC_DISP64 and R_SPARC_REGISTER relocs
-+ [21182] libc: __memchr_sse2: regression in glibc-2.25 on i686
-+ [21207] localedata: ce_RU: update weekdays from CLDR
-+ [21209] dynamic-link: LD_HWCAP_MASK read in setuid binaries
-+ [21217] localedata: Update months from CLDR-31
-+ [21232] libc: miss posix_fadvise64 on MIPS64 when static linking
-+ [21243] libc: support_delete_temp_file should issue warning for failed
-+ remove()
-+ [21244] libc: support resolv_test_start() socket fd close should be
-+ checked for errors.
-+ [21253] libc: localedef randomly segfaults when using -fstack-check due to
-+ new posix_spawn implementation
-+ [21258] dynamic-link: Branch predication in _dl_runtime_resolve_avx512_opt
-+ leads to lower CPU frequency
-+ [21259] libc: [alpha] termios.h missing IXANY for POSIX
-+ [21261] libc: [sparc64] bits/setjmp.h namespace
-+ [21267] network: [mips] bits/socket.h IOC* namespace
-+ [21268] libc: [alpha] termios.h NL2, NL3 namespace
-+ [21270] libc: mmap64 silently truncates large offset values
-+ [21275] libc: posix_spawn always crashes on ia64 now
-+ [21277] libc: [alpha] termios.h missing IUCLC for UNIX98 and older
-+ [21280] math: [powerpc] logbl for POWER7 return incorrect results
-+ [21289] libc: Incorrect declaration for 32-bit platforms with
-+ _FILE_OFFSET_BITS=64 causes build error
-+ [21295] network: GETAI(AF_UNSPEC) drops IPv6 addresses if nss module does
-+ not support gethostbyname4_r
-+ [21298] nptl: rwlock can deadlock on frequent reader/writer phase
-+ switching
-+ [21338] malloc: mallopt M_ARENA_MAX doesn't set the maximum number of
-+ arenas
-+ [21340] libc: Support POSIX_SPAWN_SETSID
-+ [21357] libc: unwind-dw2-fde deadlock when using AddressSanitizer
-+ [21359] network: ns_name_pack needs additional byte in destination buffer
-+ [21361] network: resolv: Reduce advertised EDNS0 buffer size to guard
-+ against fragmentation attacks (CVE-2017-12132)
-+ [21369] network: resolv: Remove EDNS fallback
-+ [21371] libc: Missing timespec definition when compiled with _XOPEN_SOURCE
-+ and _POSIX_C_SOURCE
-+ [21386] nptl: Assertion in fork for distinct parent PID is incorrect
-+ [21391] dynamic-link: x86: Set dl_platform and dl_hwcap from CPU features
-+ [21393] stdio: Missing dup3 error check in freopen, freopen64
-+ [21396] libc: Use AVX2 memcpy/memset on Skylake server
-+ [21399] localedata: Bad description for U00EC in
-+ localedata/charmaps/CP1254
-+ [21411] malloc: realloc documentation error
-+ [21426] network: sys/socket.h uio.h namespace
-+ [21428] libc: [aarch64] tst-backtrace5 testsuite failure
-+ [21445] libc: signal.h bsd_signal namespace
-+ [21455] network: Network headers stdint.h namespace
-+ [21474] network: resolv: res_init does not use RES_DFLRETRY (2) but 4 for
-+ retry value
-+ [21475] network: resolv: Overlong search path is truncated mid-label
-+ [21511] libc: sigstack namespace
-+ [21512] libc: clone() ends up calling exit_group() through _exit() wrapper
-+ [21514] libc: sysdeps/unix/sysv/linux/sys/syscall.h:31:27: fatal error:
-+ bits/syscall.h: No such file or directory
-+ [21517] libc: struct sigaltstack namespace
-+ [21528] dynamic-link: Duplicated minimal strtoul implementations in ld.so
-+ [21533] localedata: Update locale data to Unicode 10.0
-+ [21537] libc:
-+ ../sysdeps/unix/sysv/linux/s390/s390-32/__makecontext_ret.S:44: Error:
-+ junk at end of line, first unrecognized character is `@'
-+ [21538] libc: SIG_HOLD missing for XPG4
-+ [21539] libc: S390: Mismatch between kernel and glibc ptrace.h with
-+ request 12: PTRACE_SINGLEBLOCK vs PTRACE_GETREGS.
-+ [21542] libc: Use conservative default for sysconf (_SC_NPROCESSORS_ONLN)
-+ [21543] libc: sigevent namespace
-+ [21548] libc: [mips] get/set/make/swap context for MIPS O32 assume wrong
-+ size for general purpose registers in mcontext_t structure
-+ [21550] libc: sigwait namespace
-+ [21552] libc: XPG4 bsd_signal namespace
-+ [21554] libc: sigpause namespace
-+ [21560] libc: sys/wait.h signal.h namespace
-+ [21561] libc: waitid namespace
-+ [21573] nptl: GCC 7: /usr/bin/install: cannot remove
-+ '/usr/include/stdlib.h': Permission denied
-+ [21575] libc: sys/wait.h missing struct rusage definition
-+ [21584] libc: sigaltstack etc namespace
-+ [21597] libc: siginterrupt namespace
-+ [21607] math: hppa: FAIL: math/test-tgmath
-+ [21609] dynamic-link: Incomplete workaround for GCC __tls_get_addr ABI
-+ issue on x86-64
-+ [21622] libc: [tile] missing SA_* for POSIX.1:2008
-+ [21624] dynamic-link: ld.so: Unsafe alloca allows local attackers to alias
-+ stack and heap (CVE-2017-1000366)
-+ [21625] libc: wait3 namespace
-+ [21654] nss: Incorrect pointer alignment in NSS group merge result
-+ construction
-+ [21657] network: Parse interface zone id for node-local multicast
-+ [21662] string: memcmp-avx2-movbe.S lacks saturating subtraction for
-+ between_2_3
-+ [21666] libc: .symver is used on common symbol
-+ [21668] network: resolv: res_init cross-thread broadcast introduces race
-+ conditions
-+ [21687] math: tgmath.h totalorder, totalordermag return type
-+ [21694] locale: Current Glibc Locale Does Not Support Tok-Pisin and Fiji
-+ Hindi Locale
-+ [21696] libc: Incorrect assumption of of __cpu_mask in
-+ posix/sched_cpucount.c
-+ [21697] libc: sysdeps/posix/spawni.c: 2 * suspicious condition ?
-+ [21706] localedata: yesstr and nostr are missing for Breton [LC_MESSAGES]
-+ locale
-+ [21707] math: ppc64le: Invalid IFUNC resolver from libgcc calls getauxval,
-+ leading to relocation crash
-+ [21709] libc: resolv_conf.c:552: update_from_conf: Assertion
-+ `resolv_conf_matches (resp, conf)' failed.
-+ [21710] localedata: Added Samoan language locale for Samoa
-+ [21711] localedata: Pashto yesstr/nostr locale are missing
-+ [21715] nptl: sysdeps/nptl/bits/pthreadtypes.h: typedef guard
-+ __have_pthread_attr_t can cause redefinition of typedef ‘pthread_attr_t’
-+ [21721] localedata: Incorrect Full Weekday names for ks_IN@devanagari
-+ [21723] localedata: yesstr/nostr missing for Chinese language locale
-+ [21724] localedata: yesstr and nostr are missing for Xhosa [LC_MESSAGES]
-+ locale
-+ [21727] localedata: yesstr and nostr are missing for Tsonga [LC_MESSAGES]
-+ locale
-+ [21728] localedata: New Locale for Tongan language
-+ [21729] localedata: incorrect LC_NAME fields for hi_IN
-+ [21733] localedata: yesstr and nostr are missing for zh_HK
-+ [21734] localedata: Missing yesstr and nostr are for kw_GB
-+ [21738] libc: misc/tst-preadvwritev2 and misc/tst-preadvwritev64v2 fail
-+ [21741] libc: Undefined __memmove_chk_XXX and __memset_chk_XXX in libc.a
-+ [21742] libc: _dl_num_cache_relocations is undefined in libc.a
-+ [21743] localedata: ks_IN@devanagari: abday strings mismatch the day
-+ strings
-+ [21744] libc: Tests failing on --enable-tunables --enable-stack-
-+ protector=all
-+ [21749] localedata: Wrong abbreviated day name (“abday”) for
-+ ar_JO/ar_LB/ar_SY
-+ [21756] localedata: missing yesstr, nostr for nds_DE and nds_NL
-+ [21757] localedata: missing yesstr, nostr for pap_AW and pap_CW
-+ [21759] localedata: missing yesstr and nostr for Tigrinya
-+ [21760] localedata: Fix LC_MESSAGES and LC_ADDRESS for anp_IN
-+ [21766] localedata: Wrong LC_MESSAGES for om_ET Locale
-+ [21767] localedata: Missing Bislama locales
-+ [21768] localedata: Missing yesstr and nostr for aa_ET
-+ [21770] localedata: Missing Field in li_NL
-+ [21778] nptl: Robust mutex may deadlock
-+ [21779] libc: MicroBlaze segfaults when loading libpthread
-+ [21783] localedata: Fix int_select international_call_prefixes
-+ [21784] localedata: Inconsistency in country_isbn
-+ [21788] localedata: Missing Country Postal Abbreviations
-+ [21794] localedata: Added-country_isbn-for-Italy
-+ [21795] localedata: Add/Fix country_isbn for France
-+ [21796] localedata: Added country_isbn for Republic of Korea
-+ [21797] localedata: Fix inconsistency in country_isbn and missing prefixes
-+ [21799] localedata: Added int_select international_call_prefixes
-+ [21801] localedata: Added int_select international_call_prefixes
-+ [21804] nptl: Double semicolon in thread-shared-types.h
-+ [21807] localedata: LC_ADDRESS fix for pap_CW
-+ [21808] localedata: Fix LC_ADDRESS for pap_AW
-+ [21821] localedata: Added country_name in mai_IN
-+ [21822] localedata: Fix LC_TIME for mai_IN
-+ [21823] localedata: missing yesstr, nostr for sa_IN
-+ [21825] localedata: Fix name_mrs for mag_IN
-+ [21828] localedata: 2.26 changelog should mention user visible changes
-+ with unicode 9.0
-+ [21835] localedata: Added Maithili language locale for Nepal
-+ [21838] localedata: Removed redundant data for the_NP
-+ [21839] localedata: Fix LC_MONETARY for ta_LK
-+ [21844] localedata: Fix Latin characters and Months Sequence.
-+ [21848] localedata: Fix mai_NP Title Name
-+
-+
-+Version 2.25
-+
-+* The feature test macro __STDC_WANT_LIB_EXT2__, from ISO/IEC TR
-+ 24731-2:2010, is supported to enable declarations of functions from that
-+ TR. Note that not all functions from that TR are supported by the GNU C
-+ Library.
-+
-+* The feature test macro __STDC_WANT_IEC_60559_BFP_EXT__, from ISO/IEC TS
-+ 18661-1:2014, is supported to enable declarations of functions and macros
-+ from that TS. Note that not all features from that TS are supported by
-+ the GNU C Library.
-+
-+* The feature test macro __STDC_WANT_IEC_60559_FUNCS_EXT__, from ISO/IEC TS
-+ 18661-4:2015, is supported to enable declarations of functions and macros
-+ from that TS. Note that most features from that TS are not supported by
-+ the GNU C Library.
-+
-+* The nonstandard feature selection macros _REENTRANT and _THREAD_SAFE are
-+ now treated as compatibility synonyms for _POSIX_C_SOURCE=199506L.
-+ Since the GNU C Library defaults to a much newer revision of POSIX, this
-+ will only affect programs that specifically request an old conformance
-+ mode. For instance, a program compiled with -std=c89 -D_REENTRANT will
-+ see a change in the visible declarations, but a program compiled with
-+ just -D_REENTRANT, or -std=c99 -D_POSIX_C_SOURCE=200809L -D_REENTRANT,
-+ will not.
-+
-+ Some C libraries once required _REENTRANT and/or _THREAD_SAFE to be
-+ defined by all multithreaded code, but glibc has not required this for
-+ many years.
-+
-+* The inclusion of <sys/sysmacros.h> by <sys/types.h> is deprecated. This
-+ means that in a future release, the macros “major”, “minor”, and “makedev”
-+ will only be available from <sys/sysmacros.h>.
-+
-+ These macros are not part of POSIX nor XSI, and their names frequently
-+ collide with user code; see for instance glibc bug 19239 and Red Hat bug
-+ 130601. <stdlib.h> includes <sys/types.h> under _GNU_SOURCE, and C++ code
-+ presently cannot avoid being compiled under _GNU_SOURCE, exacerbating the
-+ problem.
-+
-+* New <fenv.h> features from TS 18661-1:2014 are added to libm: the
-+ fesetexcept, fetestexceptflag, fegetmode and fesetmode functions, the
-+ femode_t type and the FE_DFL_MODE and FE_SNANS_ALWAYS_SIGNAL macros.
-+
-+* Integer width macros from TS 18661-1:2014 are added to <limits.h>:
-+ CHAR_WIDTH, SCHAR_WIDTH, UCHAR_WIDTH, SHRT_WIDTH, USHRT_WIDTH, INT_WIDTH,
-+ UINT_WIDTH, LONG_WIDTH, ULONG_WIDTH, LLONG_WIDTH, ULLONG_WIDTH; and to
-+ <stdint.h>: INT8_WIDTH, UINT8_WIDTH, INT16_WIDTH, UINT16_WIDTH,
-+ INT32_WIDTH, UINT32_WIDTH, INT64_WIDTH, UINT64_WIDTH, INT_LEAST8_WIDTH,
-+ UINT_LEAST8_WIDTH, INT_LEAST16_WIDTH, UINT_LEAST16_WIDTH,
-+ INT_LEAST32_WIDTH, UINT_LEAST32_WIDTH, INT_LEAST64_WIDTH,
-+ UINT_LEAST64_WIDTH, INT_FAST8_WIDTH, UINT_FAST8_WIDTH, INT_FAST16_WIDTH,
-+ UINT_FAST16_WIDTH, INT_FAST32_WIDTH, UINT_FAST32_WIDTH, INT_FAST64_WIDTH,
-+ UINT_FAST64_WIDTH, INTPTR_WIDTH, UINTPTR_WIDTH, INTMAX_WIDTH,
-+ UINTMAX_WIDTH, PTRDIFF_WIDTH, SIG_ATOMIC_WIDTH, SIZE_WIDTH, WCHAR_WIDTH,
-+ WINT_WIDTH.
-+
-+* New <math.h> features are added from TS 18661-1:2014:
-+
-+ - Signaling NaN macros: SNANF, SNAN, SNANL.
-+
-+ - Nearest integer functions: roundeven, roundevenf, roundevenl, fromfp,
-+ fromfpf, fromfpl, ufromfp, ufromfpf, ufromfpl, fromfpx, fromfpxf,
-+ fromfpxl, ufromfpx, ufromfpxf, ufromfpxl.
-+
-+ - llogb functions: the llogb, llogbf and llogbl functions, and the
-+ FP_LLOGB0 and FP_LLOGBNAN macros.
-+
-+ - Max-min magnitude functions: fmaxmag, fmaxmagf, fmaxmagl, fminmag,
-+ fminmagf, fminmagl.
-+
-+ - Comparison macros: iseqsig.
-+
-+ - Classification macros: iscanonical, issubnormal, iszero.
-+
-+ - Total order functions: totalorder, totalorderf, totalorderl,
-+ totalordermag, totalordermagf, totalordermagl.
-+
-+ - Canonicalize functions: canonicalize, canonicalizef, canonicalizel.
-+
-+ - NaN functions: getpayload, getpayloadf, getpayloadl, setpayload,
-+ setpayloadf, setpayloadl, setpayloadsig, setpayloadsigf, setpayloadsigl.
-+
-+* The functions strfromd, strfromf, and strfroml, from ISO/IEC TS 18661-1:2014,
-+ are added to libc. They convert a floating-point number into string.
-+
-+* Most of glibc can now be built with the stack smashing protector enabled.
-+ It is recommended to build glibc with --enable-stack-protector=strong.
-+ Implemented by Nick Alcock (Oracle).
-+
-+* The function explicit_bzero, from OpenBSD, has been added to libc. It is
-+ intended to be used instead of memset() to erase sensitive data after use;
-+ the compiler will not optimize out calls to explicit_bzero even if they
-+ are "unnecessary" (in the sense that no _correct_ program can observe the
-+ effects of the memory clear).
-+
-+* On ColdFire, MicroBlaze, Nios II and SH3, the float_t type is now defined
-+ to float instead of double. This does not affect the ABI of any libraries
-+ that are part of the GNU C Library, but may affect the ABI of other
-+ libraries that use this type in their interfaces.
-+
-+* On x86_64, when compiling with -mfpmath=387 or -mfpmath=sse+387, the
-+ float_t and double_t types are now defined to long double instead of float
-+ and double. These options are not the default, and this does not affect
-+ the ABI of any libraries that are part of the GNU C Library, but it may
-+ affect the ABI of other libraries that use this type in their interfaces,
-+ if they are compiled or used with those options.
-+
-+* The getentropy and getrandom functions, and the <sys/random.h> header file
-+ have been added.
-+
-+* The buffer size for byte-oriented stdio streams is now limited to 8192
-+ bytes by default. Previously, on Linux, the default buffer size on most
-+ file systems was 4096 bytes (and thus remains unchanged), except on
-+ network file systems, where the buffer size was unpredictable and could be
-+ as large as several megabytes.
-+
-+* The <sys/quota.h> header now includes the <linux/quota.h> header. Support
-+ for the Linux quota interface which predates kernel version 2.4.22 has
-+ been removed.
-+
-+* The malloc_get_state and malloc_set_state functions have been removed.
-+ Already-existing binaries that dynamically link to these functions will
-+ get a hidden implementation in which malloc_get_state is a stub. As far
-+ as we know, these functions are used only by GNU Emacs and this change
-+ will not adversely affect already-built Emacs executables. Any undumped
-+ Emacs executables, which normally exist only during an Emacs build, should
-+ be rebuilt by re-running “./configure; make” in the Emacs build tree.
-+
-+* The “ip6-dotint” and “no-ip6-dotint” resolver options, and the
-+ corresponding RES_NOIP6DOTINT flag from <resolv.h> have been removed.
-+ “no-ip6-dotint” had already been the default, and support for the
-+ “ip6-dotint” option was removed from the Internet in 2006.
-+
-+* The "ip6-bytestring" resolver option and the corresponding RES_USEBSTRING
-+ flag from <resolv.h> have been removed. The option relied on a
-+ backwards-incompatible DNS extension which was never deployed on the
-+ Internet.
-+
-+* The flags RES_AAONLY, RES_PRIMARY, RES_NOCHECKNAME, RES_KEEPTSIG,
-+ RES_BLAST defined in the <resolv.h> header file have been deprecated.
-+ They were already unimplemented.
-+
-+* The "inet6" option in /etc/resolv.conf and the RES_USE_INET6 flag for
-+ _res.flags are deprecated. The flag was standardized in RFC 2133, but
-+ removed again from the IETF name lookup interface specification in RFC
-+ 2553. Applications should use getaddrinfo instead.
-+
-+* DNSSEC-related declarations and definitions have been removed from the
-+ <arpa/nameser.h> header file, and libresolv will no longer attempt to
-+ decode the data part of DNSSEC record types. Previous versions of glibc
-+ only implemented minimal support for the previous version of DNSSEC, which
-+ is incompatible with the currently deployed version.
-+
-+* The resource record type classification macros ns_t_qt_p, ns_t_mrr_p,
-+ ns_t_rr_p, ns_t_udp_p, ns_t_xfr_p have been removed from the
-+ <arpa/nameser.h> header file because the distinction between RR types and
-+ meta-RR types is not officially standardized, subject to revision, and
-+ thus not suitable for encoding in a macro.
-+
-+* The types res_sendhookact, res_send_qhook, re_send_rhook, and the qhook
-+ and rhook members of the res_state type in <resolv.h> have been removed.
-+ The glibc stub resolver did not support these hooks, but the header file
-+ did not reflect that.
-+
-+* For multi-arch support it is recommended to use a GCC which has
-+ been built with support for GNU indirect functions. This ensures
-+ that correct debugging information is generated for functions
-+ selected by IFUNC resolvers. This support can either be enabled by
-+ configuring GCC with '--enable-gnu-indirect-function', or by
-+ enabling it by default by setting 'default_gnu_indirect_function'
-+ variable for a particular architecture in the GCC source file
-+ 'gcc/config.gcc'.
-+
-+* GDB pretty printers have been added for mutex and condition variable
-+ structures in POSIX Threads. When installed and loaded in gdb these pretty
-+ printers show various pthread variables in human-readable form when read
-+ using the 'print' or 'display' commands in gdb.
-+
-+* Tunables feature added to allow tweaking of the runtime for an application
-+ program. This feature can be enabled with the '--enable-tunables' configure
-+ flag. The GNU C Library manual has details on usage and README.tunables has
-+ instructions on adding new tunables to the library.
-+
-+* A new version of condition variables functions have been implemented in
-+ the NPTL implementation of POSIX Threads to provide stronger ordering
-+ guarantees.
-+
-+* A new version of pthread_rwlock functions have been implemented to use a more
-+ scalable algorithm primarily through not using a critical section anymore to
-+ make state changes.
-+>>>>>>> c369d66e54... CVE-2017-15670: glob: Fix one-byte overflow [BZ #22320]
-
- Security related changes:
-
-diff --git a/posix/glob.c b/posix/glob.c
-index ea4b0b61eb..08f240a1ff 100644
---- a/posix/glob.c
-+++ b/posix/glob.c
-@@ -856,7 +856,7 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
- *p = '\0';
- }
- else
-- *((char *) mempcpy (newp, dirname + 1, end_name - dirname))
-+ *((char *) mempcpy (newp, dirname + 1, end_name - dirname - 1))
- = '\0';
- user_name = newp;
- }
---
-2.14.2
-
diff --git a/glibc-32/Pkgfile b/glibc-32/Pkgfile
index f9948ec4..b3c99d23 100644
--- a/glibc-32/Pkgfile
+++ b/glibc-32/Pkgfile
@@ -4,10 +4,10 @@
name=glibc-32
version=2.24
-release=8
+release=10
source=(http://ftpmirror.gnu.org/gnu/glibc/glibc-2.24.tar.xz \
http://crux.nu/files/distfiles/kernel-headers-4.9.5.tar.xz \
- glibc-2.24.8.patch 0001-CVE-2017-15670-glob-Fix-one-byte-overflow-BZ-22320.patch \
+ glibc-2.24-$release.patch \
lib32.conf)
build() {
@@ -18,8 +18,7 @@ build() {
export CC="${CC:-gcc} -m32"
export CFLAGS="$CFLAGS -Wno-error=parentheses"
- patch -p1 -d $SRC/glibc-${version:0:4} -i $SRC/glibc-2.24.8.patch
- patch -p1 -d $SRC/glibc-${version:0:4} -i $SRC/0001-CVE-2017-15670-glob-Fix-one-byte-overflow-BZ-22320.patch
+ patch -p1 -d $SRC/glibc-${version:0:4} -i $SRC/glibc-2.24-$release.patch
../glibc-${version:0:4}/configure --prefix=/usr \
--libdir=/usr/lib32 \
diff --git a/glibc-32/glibc-2.24.8.patch b/glibc-32/glibc-2.24-10.patch
similarity index 83%
rename from glibc-32/glibc-2.24.8.patch
rename to glibc-32/glibc-2.24-10.patch
index 4f1db10c..194691df 100644
--- a/glibc-32/glibc-2.24.8.patch
+++ b/glibc-32/glibc-2.24-10.patch
@@ -1,8 +1,210 @@
diff --git a/ChangeLog b/ChangeLog
-index c44c926094..84189ec762 100644
+index c44c926094..cd499c5fe3 100644
--- a/ChangeLog
+++ b/ChangeLog
-@@ -1,3 +1,685 @@
+@@ -1,3 +1,887 @@
++2018-01-12 Dmitry V. Levin <ldv(a)altlinux.org>
++
++ [BZ #22679]
++ CVE-2018-1000001
++ * sysdeps/unix/sysv/linux/getcwd.c (__getcwd): Fall back to
++ generic_getcwd if the path returned by getcwd syscall is not absolute.
++ * io/tst-getcwd-abspath.c: New test.
++ * io/Makefile (tests): Add tst-getcwd-abspath.
++
++ (gaih_inet): Likewise.
++
++2017-12-30 Aurelien Jarno <aurelien(a)aurel32.net>
++
++ [BZ #22625]
++ * elf/dl-load.c (fillin_rpath): Check for empty tokens before dynamic
++ string token expansion. Check for NULL pointer or empty string possibly
++ returned by expand_dynamic_string_token.
++ (decompose_rpath): Check for empty path after dynamic string
++ token expansion.
++
++2017-12-18 Dmitry V. Levin <ldv(a)altlinux.org>
++
++ [BZ #22627]
++ * elf/dl-load.c (_dl_init_paths): Remove _dl_dst_substitute preparatory
++ code and invocation.
++
++2017-12-14 Florian Weimer <fweimer(a)redhat.com>
++
++ [BZ #22607]
++ CVE-2017-1000409
++ * elf/dl-load.c (_dl_init_paths): Compute number of components in
++ the expanded path string.
++
++2017-12-14 Florian Weimer <fweimer(a)redhat.com>
++
++ [BZ #22606]
++ CVE-2017-1000408
++ * elf/dl-load.c (system_dirs): Update comment.
++ (nsystem_dirs_len): Use array_length.
++ (_dl_init_paths): Use nsystem_dirs_len to compute the array size.
++
++2017-11-02 Florian Weimer <fweimer(a)redhat.com>
++
++ Add array_length and array_end macros.
++ * include/array_length.h: New file.
++
++2017-11-02 Florian Weimer <fweimer(a)redhat.com>
++
++ [BZ #22332]
++ * posix/tst-glob-tilde.c (do_noescape): New variable.
++ (one_test): Process it.
++ (do_test): Set do_noescape. Add unescaping test case.
++
++2017-10-22 Paul Eggert <eggert(a)cs.ucla.edu>
++
++ [BZ #22332]
++ * posix/glob.c (__glob): Fix buffer overflow during GLOB_TILDE
++ unescaping.
++
++2017-10-21 Florian Weimer <fweimer(a)redhat.com>
++
++ * posix/Makefile (tests): Add tst-glob-tilde.
++ (tests-special): Add tst-glob-tilde-mem.out
++ (tst-glob-tilde-ENV): Set MALLOC_TRACE.
++ (tst-glob-tilde-mem.out): Add mtrace check.
++ * posix/tst-glob-tilde.c: New file.
++
++2017-10-20 Paul Eggert <eggert(a)cs.ucla.edu>
++
++ [BZ #22320]
++ CVE-2017-15670
++ * posix/glob.c (__glob): Fix one-byte overflow.
++
++2017-09-08 Adhemerval Zanella <adhemerval.zanella(a)linaro.org>
++
++ [BZ #1062]
++ CVE-2017-15671
++ * posix/Makefile (routines): Add globfree, globfree64, and
++ glob_pattern_p.
++ * posix/flexmember.h: New file.
++ * posix/glob_internal.h: Likewise.
++ * posix/glob_pattern_p.c: Likewise.
++ * posix/globfree.c: Likewise.
++ * posix/globfree64.c: Likewise.
++ * sysdeps/gnu/globfree64.c: Likewise.
++ * sysdeps/unix/sysv/linux/alpha/globfree.c: Likewise.
++ * sysdeps/unix/sysv/linux/mips/mips64/n64/globfree64.c: Likewise.
++ * sysdeps/unix/sysv/linux/oldglob.c: Likewise.
++ * sysdeps/unix/sysv/linux/wordsize-64/globfree64.c: Likewise.
++ * sysdeps/unix/sysv/linux/x86_64/x32/globfree.c: Likewise.
++ * sysdeps/wordsize-64/globfree.c: Likewise.
++ * sysdeps/wordsize-64/globfree64.c: Likewise.
++ * posix/glob.c (HAVE_CONFIG_H): Use !_LIBC instead.
++ [NDEBUG): Remove comments.
++ (GLOB_ONLY_P, _AMIGA, VMS): Remove define.
++ (dirent_type): New type. Use uint_fast8_t not
++ uint8_t, as C99 does not require uint8_t.
++ (DT_UNKNOWN, DT_DIR, DT_LNK): New macros.
++ (struct readdir_result): Use dirent_type. Do not define skip_entry
++ unless it is needed; this saves a byte on platforms lacking d_ino.
++ (readdir_result_type, readdir_result_skip_entry):
++ New functions, replacing ...
++ (readdir_result_might_be_symlink, readdir_result_might_be_dir):
++ these functions, which were removed. This makes the callers
++ easier to read. All callers changed.
++ (D_INO_TO_RESULT): Now empty if there is no d_ino.
++ (size_add_wrapv, glob_use_alloca): New static functions.
++ (glob, glob_in_dir): Check for size_t overflow in several places,
++ and fix some size_t checks that were not quite right.
++ Remove old code using SHELL since Bash no longer
++ uses this.
++ (glob, prefix_array): Separate MS code better.
++ (glob_in_dir): Remove old Amiga and VMS code.
++ (globfree, __glob_pattern_type, __glob_pattern_p): Move to
++ separate files.
++ (glob_in_dir): Do not rely on undefined behavior in accessing
++ struct members beyond their bounds. Use a flexible array member
++ instead
++ (link_stat): Rename from link_exists2_p and return -1/0 instead of
++ 0/1. Caller changed.
++ (glob): Fix memory leaks.
++ * posix/glob64 (globfree64): Move to separate file.
++ * sysdeps/gnu/glob64.c (NO_GLOB_PATTERN_P): Remove define.
++ (globfree64): Remove hidden alias.
++ * sysdeps/unix/sysv/linux/Makefile (sysdeps_routines): Add
++ oldglob.
++ * sysdeps/unix/sysv/linux/alpha/glob.c (__new_globfree): Move to
++ separate file.
++ * sysdeps/unix/sysv/linux/i386/glob64.c (NO_GLOB_PATTERN_P): Remove
++ define.
++ Move compat code to separate file.
++ * sysdeps/wordsize-64/glob.c (globfree): Move definitions to
++ separate file.
++
++2017-08-20 H.J. Lu <hongjiu.lu(a)intel.com>
++
++ [BZ #18822]
++ * sysdeps/unix/sysv/linux/i386/glob64.c (__old_glob64): Add
++ libc_hidden_proto and libc_hidden_def.
++
++2017-10-22 H.J. Lu <hongjiu.lu(a)intel.com>
++
++ [BZ #21265]
++ * sysdeps/x86/cpu-features-offsets.sym (XSAVE_STATE_SIZE_OFFSET):
++ New.
++ * sysdeps/x86/cpu-features.c: Include <libc-internal.h>.
++ (get_common_indeces): Set xsave_state_size and
++ bit_arch_XSAVEC_Usable if needed.
++ (init_cpu_features): Remove bit_arch_Use_dl_runtime_resolve_slow
++ and bit_arch_Use_dl_runtime_resolve_opt.
++ * sysdeps/x86/cpu-features.h (bit_arch_Use_dl_runtime_resolve_opt):
++ Removed.
++ (bit_arch_Use_dl_runtime_resolve_slow): Likewise.
++ (bit_arch_Prefer_No_AVX512): Updated.
++ (bit_arch_MathVec_Prefer_No_AVX512): Likewise.
++ (bit_arch_XSAVEC_Usable): New.
++ (STATE_SAVE_OFFSET): Likewise.
++ (STATE_SAVE_MASK): Likewise.
++ [__ASSEMBLER__]: Include <cpu-features-offsets.h>.
++ (cpu_features): Add xsave_state_size.
++ (index_arch_Use_dl_runtime_resolve_opt): Removed.
++ (index_arch_Use_dl_runtime_resolve_slow): Likewise.
++ (index_arch_XSAVEC_Usable): New.
++ * sysdeps/x86_64/dl-machine.h (elf_machine_runtime_setup):
++ Replace _dl_runtime_resolve_sse, _dl_runtime_resolve_avx,
++ _dl_runtime_resolve_avx_slow, _dl_runtime_resolve_avx_opt,
++ _dl_runtime_resolve_avx512 and _dl_runtime_resolve_avx512_opt
++ with _dl_runtime_resolve_fxsave, _dl_runtime_resolve_xsave and
++ _dl_runtime_resolve_xsavec.
++ * sysdeps/x86_64/dl-trampoline.S (DL_RUNTIME_UNALIGNED_VEC_SIZE):
++ Removed.
++ (DL_RUNTIME_RESOLVE_REALIGN_STACK): Check STATE_SAVE_ALIGNMENT
++ instead of VEC_SIZE.
++ (REGISTER_SAVE_BND0): Removed.
++ (REGISTER_SAVE_BND1): Likewise.
++ (REGISTER_SAVE_BND3): Likewise.
++ (REGISTER_SAVE_RAX): Always defined to 0.
++ (VMOV): Removed.
++ (_dl_runtime_resolve_avx): Likewise.
++ (_dl_runtime_resolve_avx_slow): Likewise.
++ (_dl_runtime_resolve_avx_opt): Likewise.
++ (_dl_runtime_resolve_avx512): Likewise.
++ (_dl_runtime_resolve_avx512_opt): Likewise.
++ (_dl_runtime_resolve_sse): Likewise.
++ (_dl_runtime_resolve_sse_vex): Likewise.
++ (USE_FXSAVE): New.
++ (_dl_runtime_resolve_fxsave): Likewise.
++ (USE_XSAVE): Likewise.
++ (_dl_runtime_resolve_xsave): Likewise.
++ (USE_XSAVEC): Likewise.
++ (_dl_runtime_resolve_xsavec): Likewise.
++ * sysdeps/x86_64/dl-trampoline.h (_dl_runtime_resolve_avx512):
++ Removed.
++ (_dl_runtime_resolve_avx512_opt): Likewise.
++ (_dl_runtime_resolve_avx): Likewise.
++ (_dl_runtime_resolve_avx_opt): Likewise.
++ (_dl_runtime_resolve_sse): Likewise.
++ (_dl_runtime_resolve_sse_vex): Likewise.
++ (_dl_runtime_resolve_fxsave): New.
++ (_dl_runtime_resolve_xsave): Likewise.
++ (_dl_runtime_resolve_xsavec): Likewise.
++
+2017-10-19 H.J. Lu <hongjiu.lu(a)intel.com>
+
+ * sysdeps/x86_64/Makefile (tests): Add tst-sse, tst-avx and
@@ -743,10 +945,10 @@ index 03fd89c13e..ee379f5852 100644
ifndef avoid-generated
diff --git a/NEWS b/NEWS
-index b0447e7169..4831542023 100644
+index b0447e7169..20e30028cf 100644
--- a/NEWS
+++ b/NEWS
-@@ -5,6 +5,33 @@ See the end for copying conditions.
+@@ -5,6 +5,68 @@ See the end for copying conditions.
Please send GNU C library bug reports via <http://sourceware.org/bugzilla/>
using `glibc' in the "product" field.
@@ -766,16 +968,51 @@ index b0447e7169..4831542023 100644
+ question type which is outside the range of valid question type values.
+ (CVE-2015-5180)
+
++* CVE-2017-15670: The glob function, when invoked with GLOB_TILDE, suffered
++ from a one-byte overflow during ~ operator processing (either on the stack
++ or the heap, depending on the length of the user name).
++
++* CVE-2017-15671: The glob function, when invoked with GLOB_TILDE,
++ would sometimes fail to free memory allocated during ~ operator
++ processing, leading to a memory leak and, potentially, to a denial
++ of service.
++
++* CVE-2017-15804: The glob function, when invoked with GLOB_TILDE and
++ without GLOB_NOESCAPE, could write past the end of a buffer while
++ unescaping user names. Reported by Tim Rühsen.
++
++* CVE-2017-1000408: Incorrect array size computation in _dl_init_paths leads
++ to the allocation of too much memory. (This is not a security bug per se,
++ it is mentioned here only because of the CVE assignment.) Reported by
++ Qualys.
++
++* CVE-2017-1000409: Buffer overflow in _dl_init_paths due to miscomputation
++ of the number of search path components. (This is not a security
++ vulnerability per se because no trust boundary is crossed if the fix for
++ CVE-2017-1000366 has been applied, but it is mentioned here only because
++ of the CVE assignment.) Reported by Qualys.
++
++ CVE-2017-16997: Incorrect handling of RPATH or RUNPATH containing $ORIGIN
++ for AT_SECURE or SUID binaries could be used to load libraries from the
++ current directory.
++
++ CVE-2018-1000001: Buffer underflow in realpath function when getcwd function
++ succeeds without returning an absolute path due to unexpected behaviour
++ of the Linux kernel getcwd syscall. Reported by halfdog.
++
+The following bugs are resolved with this release:
+
+ [20790] Fix rpcgen buffer overrun
+ [20978] Fix strlen on null pointer in nss_nisplus
+ [21209] Ignore and remove LD_HWCAP_MASK for AT_SECURE programs
++ [21265] x86-64: Use fxsave/xsave/xsavec in _dl_runtime_resolve
+ [21289] Fix symbol redirect for fts_set
+ [21386] Assertion in fork for distinct parent PID is incorrect
+ [21609] x86-64: Align the stack in __tls_get_addr
+ [21624] Unsafe alloca allows local attackers to alias stack and heap (CVE-2017-1000366)
+ [21654] nss: Fix invalid cast in group merging
++ [22679] getcwd(3) can succeed without returning an absolute path
++ (CVE-2018-1000001)
+
Version 2.24
@@ -1078,6 +1315,167 @@ index 687d7de874..9f93ab7628 100644
_dl_close_worker (map, false);
+diff --git a/elf/dl-load.c b/elf/dl-load.c
+index c0d6249373..1f774e139f 100644
+--- a/elf/dl-load.c
++++ b/elf/dl-load.c
+@@ -37,6 +37,7 @@
+ #include <sysdep.h>
+ #include <stap-probe.h>
+ #include <libc-internal.h>
++#include <array_length.h>
+
+ #include <dl-dst.h>
+ #include <dl-load.h>
+@@ -103,7 +104,9 @@ static size_t ncapstr attribute_relro;
+ static size_t max_capstrlen attribute_relro;
+
+
+-/* Get the generated information about the trusted directories. */
++/* Get the generated information about the trusted directories. Use
++ an array of concatenated strings to avoid relocations. See
++ gen-trusted-dirs.awk. */
+ #include "trusted-dirs.h"
+
+ static const char system_dirs[] = SYSTEM_DIRS;
+@@ -111,9 +114,7 @@ static const size_t system_dirs_len[] =
+ {
+ SYSTEM_DIRS_LEN
+ };
+-#define nsystem_dirs_len \
+- (sizeof (system_dirs_len) / sizeof (system_dirs_len[0]))
+-
++#define nsystem_dirs_len array_length (system_dirs_len)
+
+ static bool
+ is_trusted_path (const char *path, size_t len)
+@@ -433,31 +434,40 @@ fillin_rpath (char *rpath, struct r_search_path_elem **result, const char *sep,
+ {
+ char *cp;
+ size_t nelems = 0;
+- char *to_free;
+
+ while ((cp = __strsep (&rpath, sep)) != NULL)
+ {
+ struct r_search_path_elem *dirp;
++ char *to_free = NULL;
++ size_t len = 0;
+
+- to_free = cp = expand_dynamic_string_token (l, cp, 1);
++ /* `strsep' can pass an empty string. */
++ if (*cp != '\0')
++ {
++ to_free = cp = expand_dynamic_string_token (l, cp, 1);
+
+- size_t len = strlen (cp);
++ /* expand_dynamic_string_token can return NULL in case of empty
++ path or memory allocation failure. */
++ if (cp == NULL)
++ continue;
+
+- /* `strsep' can pass an empty string. This has to be
+- interpreted as `use the current directory'. */
+- if (len == 0)
+- {
+- static const char curwd[] = "./";
+- cp = (char *) curwd;
+- }
++ /* Compute the length after dynamic string token expansion and
++ ignore empty paths. */
++ len = strlen (cp);
++ if (len == 0)
++ {
++ free (to_free);
++ continue;
++ }
+
+- /* Remove trailing slashes (except for "/"). */
+- while (len > 1 && cp[len - 1] == '/')
+- --len;
++ /* Remove trailing slashes (except for "/"). */
++ while (len > 1 && cp[len - 1] == '/')
++ --len;
+
+- /* Now add one if there is none so far. */
+- if (len > 0 && cp[len - 1] != '/')
+- cp[len++] = '/';
++ /* Now add one if there is none so far. */
++ if (len > 0 && cp[len - 1] != '/')
++ cp[len++] = '/';
++ }
+
+ /* Make sure we don't use untrusted directories if we run SUID. */
+ if (__glibc_unlikely (check_trusted) && !is_trusted_path (cp, len))
+@@ -621,6 +631,14 @@ decompose_rpath (struct r_search_path_struct *sps,
+ necessary. */
+ free (copy);
+
++ /* There is no path after expansion. */
++ if (result[0] == NULL)
++ {
++ free (result);
++ sps->dirs = (struct r_search_path_elem **) -1;
++ return false;
++ }
++
+ sps->dirs = result;
+ /* The caller will change this value if we haven't used a real malloc. */
+ sps->malloced = 1;
+@@ -688,9 +706,8 @@ _dl_init_paths (const char *llp)
+ + ncapstr * sizeof (enum r_dir_status))
+ / sizeof (struct r_search_path_elem));
+
+- rtld_search_dirs.dirs[0] = (struct r_search_path_elem *)
+- malloc ((sizeof (system_dirs) / sizeof (system_dirs[0]))
+- * round_size * sizeof (struct r_search_path_elem));
++ rtld_search_dirs.dirs[0] = malloc (nsystem_dirs_len * round_size
++ * sizeof (*rtld_search_dirs.dirs[0]));
+ if (rtld_search_dirs.dirs[0] == NULL)
+ {
+ errstring = N_("cannot create cache for search path");
+@@ -776,37 +793,14 @@ _dl_init_paths (const char *llp)
+
+ if (llp != NULL && *llp != '\0')
+ {
+- size_t nllp;
+- const char *cp = llp;
+- char *llp_tmp;
+-
+-#ifdef SHARED
+- /* Expand DSTs. */
+- size_t cnt = DL_DST_COUNT (llp, 1);
+- if (__glibc_likely (cnt == 0))
+- llp_tmp = strdupa (llp);
+- else
+- {
+- /* Determine the length of the substituted string. */
+- size_t total = DL_DST_REQUIRED (l, llp, strlen (llp), cnt);
+-
+- /* Allocate the necessary memory. */
+- llp_tmp = (char *) alloca (total + 1);
+- llp_tmp = _dl_dst_substitute (l, llp, llp_tmp, 1);
+- }
+-#else
+- llp_tmp = strdupa (llp);
+-#endif
++ char *llp_tmp = strdupa (llp);
+
+ /* Decompose the LD_LIBRARY_PATH contents. First determine how many
+ elements it has. */
+- nllp = 1;
+- while (*cp)
+- {
+- if (*cp == ':' || *cp == ';')
+- ++nllp;
+- ++cp;
+- }
++ size_t nllp = 1;
++ for (const char *cp = llp_tmp; *cp != '\0'; ++cp)
++ if (*cp == ':' || *cp == ';')
++ ++nllp;
+
+ env_path_list.dirs = (struct r_search_path_elem **)
+ malloc ((nllp + 1) * sizeof (struct r_search_path_elem *));
diff --git a/elf/rtld.c b/elf/rtld.c
index 647661ca45..8f56d6edd3 100644
--- a/elf/rtld.c
@@ -1664,6 +2062,62 @@ index 2e735ede4c..7c0deed9ae 100644
+#define T_QUERY_A_AND_AAAA 439963904
#endif
+diff --git a/include/array_length.h b/include/array_length.h
+new file mode 100644
+index 0000000000..cb4a8b2a56
+--- /dev/null
++++ b/include/array_length.h
+@@ -0,0 +1,36 @@
++/* The array_length and array_end macros.
++ Copyright (C) 2017 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#ifndef _ARRAY_LENGTH_H
++#define _ARRAY_LENGTH_H
++
++/* array_length (VAR) is the number of elements in the array VAR. VAR
++ must evaluate to an array, not a pointer. */
++#define array_length(var) \
++ __extension__ ({ \
++ _Static_assert (!__builtin_types_compatible_p \
++ (__typeof (var), __typeof (&(var)[0])), \
++ "argument must be an array"); \
++ sizeof (var) / sizeof ((var)[0]); \
++ })
++
++/* array_end (VAR) is a pointer one past the end of the array VAR.
++ VAR must evaluate to an array, not a pointer. */
++#define array_end(var) (&(var)[array_length (var)])
++
++#endif /* _ARRAY_LENGTH_H */
+diff --git a/io/Makefile b/io/Makefile
+index deb6100156..1128f4881f 100644
+--- a/io/Makefile
++++ b/io/Makefile
+@@ -71,7 +71,8 @@ tests := test-utime test-stat test-stat2 test-lfs tst-getcwd \
+ tst-renameat tst-fchownat tst-fchmodat tst-faccessat \
+ tst-symlinkat tst-linkat tst-readlinkat tst-mkdirat \
+ tst-mknodat tst-mkfifoat tst-ttyname_r bug-ftw5 \
+- tst-posix_fallocate tst-fts tst-fts-lfs
++ tst-posix_fallocate tst-posix_fallocate64 \
++ tst-fts tst-fts-lfs tst-open-tmpfile tst-getcwd-abspath
+
+ ifeq ($(run-built-tests),yes)
+ tests-special += $(objpfx)ftwtest.out
diff --git a/io/fts.h b/io/fts.h
index 127a0d2721..b6b45206c8 100644
--- a/io/fts.h
@@ -1677,6 +2131,78 @@ index 127a0d2721..b6b45206c8 100644
# else
# define fts_children fts64_children
# define fts_close fts64_close
+diff --git a/io/tst-getcwd-abspath.c b/io/tst-getcwd-abspath.c
+new file mode 100644
+index 0000000000..3a3636f2ed
+--- /dev/null
++++ b/io/tst-getcwd-abspath.c
+@@ -0,0 +1,66 @@
++/* BZ #22679 getcwd(3) should not succeed without returning an absolute path.
++
++ Copyright (C) 2018 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <https://www.gnu.org/licenses/>. */
++
++#include <errno.h>
++#include <stdio.h>
++#include <stdlib.h>
++#include <support/check.h>
++#include <support/namespace.h>
++#include <support/support.h>
++#include <support/temp_file.h>
++#include <support/test-driver.h>
++#include <support/xunistd.h>
++#include <unistd.h>
++
++static char *chroot_dir;
++
++/* The actual test. Run it in a subprocess, so that the test harness
++ can remove the temporary directory in --direct mode. */
++static void
++getcwd_callback (void *closure)
++{
++ xchroot (chroot_dir);
++
++ errno = 0;
++ char *cwd = getcwd (NULL, 0);
++ TEST_COMPARE (errno, ENOENT);
++ TEST_VERIFY (cwd == NULL);
++
++ errno = 0;
++ cwd = realpath (".", NULL);
++ TEST_COMPARE (errno, ENOENT);
++ TEST_VERIFY (cwd == NULL);
++
++ _exit (0);
++}
++
++static int
++do_test (void)
++{
++ support_become_root ();
++ if (!support_can_chroot ())
++ return EXIT_UNSUPPORTED;
++
++ chroot_dir = support_create_temp_directory ("tst-getcwd-abspath-");
++ support_isolate_in_subprocess (getcwd_callback, NULL);
++
++ return 0;
++}
++
++#include <support/test-driver.c>
diff --git a/localedata/ChangeLog b/localedata/ChangeLog
index 4be8afc110..a7688e3df6 100644
--- a/localedata/ChangeLog
@@ -3208,6 +3734,51 @@ index 49d1f23904..e046577b08 100644
-
-#~ msgid "cannot create internal descriptors"
-#~ msgstr "kan inte skapa interna deskriptorer"
+diff --git a/posix/Makefile b/posix/Makefile
+index 5b0e298f75..82a4020c76 100644
+--- a/posix/Makefile
++++ b/posix/Makefile
+@@ -43,7 +43,7 @@ routines := \
+ getpgid setpgid getpgrp bsd-getpgrp setpgrp getsid setsid \
+ getresuid getresgid setresuid setresgid \
+ pathconf sysconf fpathconf \
+- glob glob64 fnmatch regex \
++ glob glob64 globfree globfree64 glob_pattern_p fnmatch regex \
+ confstr \
+ getopt getopt1 getopt_init \
+ sched_setp sched_getp sched_sets sched_gets sched_yield sched_primax \
+@@ -90,7 +90,7 @@ tests := tstgetopt testfnm runtests runptests \
+ bug-getopt5 tst-getopt_long1 bug-regex34 bug-regex35 \
+ tst-pathconf tst-getaddrinfo4 tst-rxspencer-no-utf8 \
+ tst-fnmatch3 bug-regex36 tst-getaddrinfo5 \
+- tst-posix_spawn-fd
++ tst-posix_spawn-fd tst-glob-tilde
+ xtests := bug-ga2
+ ifeq (yes,$(build-shared))
+ test-srcs := globtest
+@@ -133,7 +133,8 @@ tests-special += $(objpfx)bug-regex2-mem.out $(objpfx)bug-regex14-mem.out \
+ $(objpfx)tst-rxspencer-no-utf8-mem.out $(objpfx)tst-pcre-mem.out \
+ $(objpfx)tst-boost-mem.out $(objpfx)tst-getconf.out \
+ $(objpfx)bug-glob2-mem.out $(objpfx)tst-vfork3-mem.out \
+- $(objpfx)tst-fnmatch-mem.out $(objpfx)bug-regex36-mem.out
++ $(objpfx)tst-fnmatch-mem.out $(objpfx)bug-regex36-mem.out \
++ $(objpfx)tst-glob-tilde-mem.out
+ xtests-special += $(objpfx)bug-ga2-mem.out
+ endif
+
+@@ -340,6 +341,12 @@ $(objpfx)bug-glob2-mem.out: $(objpfx)bug-glob2.out
+ $(common-objpfx)malloc/mtrace $(objpfx)bug-glob2.mtrace > $@; \
+ $(evaluate-test)
+
++tst-glob-tilde-ENV = MALLOC_TRACE=$(objpfx)tst-glob-tilde.mtrace
++
++$(objpfx)tst-glob-tilde-mem.out: $(objpfx)tst-glob-tilde.out
++ $(common-objpfx)malloc/mtrace $(objpfx)tst-glob-tilde.mtrace > $@; \
++ $(evaluate-test)
++
+ $(inst_libexecdir)/getconf: $(inst_bindir)/getconf \
+ $(objpfx)getconf.speclist FORCE
+ $(addprefix $(..)./scripts/mkinstalldirs ,\
diff --git a/posix/execvpe.c b/posix/execvpe.c
index d933f9c92a..7cdb06a611 100644
--- a/posix/execvpe.c
@@ -3261,6 +3832,1881 @@ index d933f9c92a..7cdb06a611 100644
__execve (buffer, argv, envp);
+diff --git a/posix/flexmember.h b/posix/flexmember.h
+new file mode 100644
+index 0000000000..107c1f09e9
+--- /dev/null
++++ b/posix/flexmember.h
+@@ -0,0 +1,45 @@
++/* Sizes of structs with flexible array members.
++
++ Copyright 2016-2017 Free Software Foundation, Inc.
++
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>.
++
++ Written by Paul Eggert. */
++
++#include <stddef.h>
++
++/* Nonzero multiple of alignment of TYPE, suitable for FLEXSIZEOF below.
++ On older platforms without _Alignof, use a pessimistic bound that is
++ safe in practice even if FLEXIBLE_ARRAY_MEMBER is 1.
++ On newer platforms, use _Alignof to get a tighter bound. */
++
++#if !defined __STDC_VERSION__ || __STDC_VERSION__ < 201112
++# define FLEXALIGNOF(type) (sizeof (type) & ~ (sizeof (type) - 1))
++#else
++# define FLEXALIGNOF(type) _Alignof (type)
++#endif
++
++/* Upper bound on the size of a struct of type TYPE with a flexible
++ array member named MEMBER that is followed by N bytes of other data.
++ This is not simply sizeof (TYPE) + N, since it may require
++ alignment on unusually picky C11 platforms, and
++ FLEXIBLE_ARRAY_MEMBER may be 1 on pre-C11 platforms.
++ Yield a value less than N if and only if arithmetic overflow occurs. */
++
++#define FLEXSIZEOF(type, member, n) \
++ ((offsetof (type, member) + FLEXALIGNOF (type) - 1 + (n)) \
++ & ~ (FLEXALIGNOF (type) - 1))
+diff --git a/posix/glob.c b/posix/glob.c
+index ea4b0b61eb..f3fa807700 100644
+--- a/posix/glob.c
++++ b/posix/glob.c
+@@ -15,7 +15,7 @@
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+-#ifdef HAVE_CONFIG_H
++#ifndef _LIBC
+ # include <config.h>
+ #endif
+
+@@ -27,29 +27,15 @@
+ #include <stdbool.h>
+ #include <stddef.h>
+ #include <stdint.h>
+-
+-/* Outcomment the following line for production quality code. */
+-/* #define NDEBUG 1 */
+ #include <assert.h>
++#include <unistd.h>
+
+-#include <stdio.h> /* Needed on stupid SunOS for assert. */
+-
+-#if !defined _LIBC || !defined GLOB_ONLY_P
+-#if defined HAVE_UNISTD_H || defined _LIBC
+-# include <unistd.h>
+-# ifndef POSIX
+-# ifdef _POSIX_VERSION
+-# define POSIX
+-# endif
+-# endif
++#if (defined _WIN32 || defined __WIN32__) && ! defined __CYGWIN__
++# define WINDOWS32
+ #endif
+
+-#include <pwd.h>
+-
+-#if defined HAVE_STDINT_H || defined _LIBC
+-# include <stdint.h>
+-#elif !defined UINTPTR_MAX
+-# define UINTPTR_MAX (~((size_t) 0))
++#ifndef WINDOWS32
++# include <pwd.h>
+ #endif
+
+ #include <errno.h>
+@@ -57,24 +43,7 @@
+ # define __set_errno(val) errno = (val)
+ #endif
+
+-#if defined HAVE_DIRENT_H || defined __GNU_LIBRARY__
+-# include <dirent.h>
+-#else
+-# define dirent direct
+-# ifdef HAVE_SYS_NDIR_H
+-# include <sys/ndir.h>
+-# endif
+-# ifdef HAVE_SYS_DIR_H
+-# include <sys/dir.h>
+-# endif
+-# ifdef HAVE_NDIR_H
+-# include <ndir.h>
+-# endif
+-# ifdef HAVE_VMSDIR_H
+-# include "vmsdir.h"
+-# endif /* HAVE_VMSDIR_H */
+-#endif
+-
++#include <dirent.h>
+ #include <stdlib.h>
+ #include <string.h>
+ #include <alloca.h>
+@@ -87,27 +56,29 @@
+ # define opendir(name) __opendir (name)
+ # define readdir(str) __readdir64 (str)
+ # define getpwnam_r(name, bufp, buf, len, res) \
+- __getpwnam_r (name, bufp, buf, len, res)
++ __getpwnam_r (name, bufp, buf, len, res)
+ # ifndef __stat64
+ # define __stat64(fname, buf) __xstat64 (_STAT_VER, fname, buf)
+ # endif
+ # define struct_stat64 struct stat64
++# define FLEXIBLE_ARRAY_MEMBER
+ #else /* !_LIBC */
+-# include "getlogin_r.h"
+-# include "mempcpy.h"
+-# include "stat-macros.h"
+-# include "strdup.h"
+-# define __stat64(fname, buf) stat (fname, buf)
+-# define struct_stat64 struct stat
+-# define __stat(fname, buf) stat (fname, buf)
+-# define __alloca alloca
+-# define __readdir readdir
+-# define __readdir64 readdir64
+-# define __glob_pattern_p glob_pattern_p
++# define __getlogin_r(buf, len) getlogin_r (buf, len)
++# define __stat64(fname, buf) stat (fname, buf)
++# define __fxstatat64(_, d, f, st, flag) fstatat (d, f, st, flag)
++# define struct_stat64 struct stat
++# ifndef __MVS__
++# define __alloca alloca
++# endif
++# define __readdir readdir
++# define COMPILE_GLOB64
+ #endif /* _LIBC */
+
+ #include <fnmatch.h>
+
++#include <flexmember.h>
++#include <glob_internal.h>
++
+ #ifdef _SC_GETPW_R_SIZE_MAX
+ # define GETPW_R_SIZE_MAX() sysconf (_SC_GETPW_R_SIZE_MAX)
+ #else
+@@ -121,61 +92,59 @@
+
+ static const char *next_brace_sub (const char *begin, int flags) __THROWNL;
+
++typedef uint_fast8_t dirent_type;
++
++#if !defined _LIBC && !defined HAVE_STRUCT_DIRENT_D_TYPE
++/* Any distinct values will do here.
++ Undef any existing macros out of the way. */
++# undef DT_UNKNOWN
++# undef DT_DIR
++# undef DT_LNK
++# define DT_UNKNOWN 0
++# define DT_DIR 1
++# define DT_LNK 2
++#endif
++
+ /* A representation of a directory entry which does not depend on the
+ layout of struct dirent, or the size of ino_t. */
+ struct readdir_result
+ {
+ const char *name;
+-# if defined _DIRENT_HAVE_D_TYPE || defined HAVE_STRUCT_DIRENT_D_TYPE
+- uint8_t type;
+-# endif
++#if defined _DIRENT_HAVE_D_TYPE || defined HAVE_STRUCT_DIRENT_D_TYPE
++ dirent_type type;
++#endif
++#if defined _LIBC || defined D_INO_IN_DIRENT
+ bool skip_entry;
++#endif
+ };
+
+-# if defined _DIRENT_HAVE_D_TYPE || defined HAVE_STRUCT_DIRENT_D_TYPE
+-/* Initializer based on the d_type member of struct dirent. */
+-# define D_TYPE_TO_RESULT(source) (source)->d_type,
+-
+-/* True if the directory entry D might be a symbolic link. */
+-static bool
+-readdir_result_might_be_symlink (struct readdir_result d)
+-{
+- return d.type == DT_UNKNOWN || d.type == DT_LNK;
+-}
+-
+-/* True if the directory entry D might be a directory. */
+-static bool
+-readdir_result_might_be_dir (struct readdir_result d)
+-{
+- return d.type == DT_DIR || readdir_result_might_be_symlink (d);
+-}
+-# else /* defined _DIRENT_HAVE_D_TYPE || defined HAVE_STRUCT_DIRENT_D_TYPE */
+-# define D_TYPE_TO_RESULT(source)
+-
+-/* If we do not have type information, symbolic links and directories
+- are always a possibility. */
+-
+-static bool
+-readdir_result_might_be_symlink (struct readdir_result d)
++/* Initialize and return type member of struct readdir_result. */
++static dirent_type
++readdir_result_type (struct readdir_result d)
+ {
+- return true;
++#if defined _DIRENT_HAVE_D_TYPE || defined HAVE_STRUCT_DIRENT_D_TYPE
++# define D_TYPE_TO_RESULT(source) (source)->d_type,
++ return d.type;
++#else
++# define D_TYPE_TO_RESULT(source)
++ return DT_UNKNOWN;
++#endif
+ }
+
++/* Initialize and return skip_entry member of struct readdir_result. */
+ static bool
+-readdir_result_might_be_dir (struct readdir_result d)
++readdir_result_skip_entry (struct readdir_result d)
+ {
+- return true;
+-}
+-
+-# endif /* defined _DIRENT_HAVE_D_TYPE || defined HAVE_STRUCT_DIRENT_D_TYPE */
+-
+-# if (defined POSIX || defined WINDOWS32) && !defined __GNU_LIBRARY__
+ /* Initializer for skip_entry. POSIX does not require that the d_ino
+ field be present, and some systems do not provide it. */
+-# define D_INO_TO_RESULT(source) false,
+-# else
+-# define D_INO_TO_RESULT(source) (source)->d_ino == 0,
+-# endif
++#if defined _LIBC || defined D_INO_IN_DIRENT
++# define D_INO_TO_RESULT(source) (source)->d_ino == 0,
++ return d.skip_entry;
++#else
++# define D_INO_TO_RESULT(source)
++ return false;
++#endif
++}
+
+ /* Construct an initializer for a struct readdir_result object from a
+ struct dirent *. No copy of the name is made. */
+@@ -186,8 +155,6 @@ readdir_result_might_be_dir (struct readdir_result d)
+ D_INO_TO_RESULT (source) \
+ }
+
+-#endif /* !defined _LIBC || !defined GLOB_ONLY_P */
+-
+ /* Call gl_readdir on STREAM. This macro can be overridden to reduce
+ type safety if an old interface version needs to be supported. */
+ #ifndef GL_READDIR
+@@ -225,18 +192,55 @@ convert_dirent64 (const struct dirent64 *source)
+ }
+ #endif
+
++#ifndef _LIBC
++/* The results of opendir() in this file are not used with dirfd and fchdir,
++ and we do not leak fds to any single-threaded code that could use stdio,
++ therefore save some unnecessary recursion in fchdir.c and opendir_safer.c.
++ FIXME - if the kernel ever adds support for multi-thread safety for
++ avoiding standard fds, then we should use opendir_safer. */
++# ifdef GNULIB_defined_opendir
++# undef opendir
++# endif
++# ifdef GNULIB_defined_closedir
++# undef closedir
++# endif
+
+-#ifndef attribute_hidden
+-# define attribute_hidden
++/* Just use malloc. */
++# define __libc_use_alloca(n) false
++# define alloca_account(len, avar) ((void) (len), (void) (avar), (void *) 0)
++# define extend_alloca_account(buf, len, newlen, avar) \
++ ((void) (buf), (void) (len), (void) (newlen), (void) (avar), (void *) 0)
+ #endif
+
++/* Set *R = A + B. Return true if the answer is mathematically
++ incorrect due to overflow; in this case, *R is the low order
++ bits of the correct answer. */
++
++static bool
++size_add_wrapv (size_t a, size_t b, size_t *r)
++{
++#if 5 <= __GNUC__ && !defined __ICC
++ return __builtin_add_overflow (a, b, r);
++#else
++ *r = a + b;
++ return *r < a;
++#endif
++}
++
++static bool
++glob_use_alloca (size_t alloca_used, size_t len)
++{
++ size_t size;
++ return (!size_add_wrapv (alloca_used, len, &size)
++ && __libc_use_alloca (size));
++}
++
+ static int glob_in_dir (const char *pattern, const char *directory,
+ int flags, int (*errfunc) (const char *, int),
+ glob_t *pglob, size_t alloca_used);
+ extern int __glob_pattern_type (const char *pattern, int quote)
+ attribute_hidden;
+
+-#if !defined _LIBC || !defined GLOB_ONLY_P
+ static int prefix_array (const char *prefix, char **array, size_t n) __THROWNL;
+ static int collated_compare (const void *, const void *) __THROWNL;
+
+@@ -265,16 +269,15 @@ next_brace_sub (const char *cp, int flags)
+ return *cp != '\0' ? cp : NULL;
+ }
+
+-#endif /* !defined _LIBC || !defined GLOB_ONLY_P */
+
+ /* Do glob searching for PATTERN, placing results in PGLOB.
+ The bits defined above may be set in FLAGS.
+ If a directory cannot be opened or read and ERRFUNC is not nil,
+ it is called with the pathname that caused the error, and the
+- `errno' value from the failing call; if it returns non-zero
+- `glob' returns GLOB_ABORTED; if it returns zero, the error is ignored.
++ 'errno' value from the failing call; if it returns non-zero
++ 'glob' returns GLOB_ABORTED; if it returns zero, the error is ignored.
+ If memory cannot be allocated for PGLOB, GLOB_NOSPACE is returned.
+- Otherwise, `glob' returns zero. */
++ Otherwise, 'glob' returns zero. */
+ int
+ #ifdef GLOB_ATTRIBUTE
+ GLOB_ATTRIBUTE
+@@ -292,9 +295,7 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ int malloc_dirname = 0;
+ glob_t dirs;
+ int retval = 0;
+-#ifdef _LIBC
+ size_t alloca_used = 0;
+-#endif
+
+ if (pattern == NULL || pglob == NULL || (flags & ~__GLOB_FLAGS) != 0)
+ {
+@@ -308,7 +309,7 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ flags |= GLOB_ONLYDIR;
+
+ if (!(flags & GLOB_DOOFFS))
+- /* Have to do this so `globfree' knows where to start freeing. It
++ /* Have to do this so 'globfree' knows where to start freeing. It
+ also makes all the code that uses gl_offs simpler. */
+ pglob->gl_offs = 0;
+
+@@ -350,14 +351,12 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ size_t rest_len;
+ char *onealt;
+ size_t pattern_len = strlen (pattern) - 1;
+-#ifdef _LIBC
+- int alloca_onealt = __libc_use_alloca (alloca_used + pattern_len);
++ int alloca_onealt = glob_use_alloca (alloca_used, pattern_len);
+ if (alloca_onealt)
+ onealt = alloca_account (pattern_len, alloca_used);
+ else
+-#endif
+ {
+- onealt = (char *) malloc (pattern_len);
++ onealt = malloc (pattern_len);
+ if (onealt == NULL)
+ {
+ if (!(flags & GLOB_APPEND))
+@@ -377,11 +376,9 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ next = next_brace_sub (begin + 1, flags);
+ if (next == NULL)
+ {
+- /* It is an illegal expression. */
++ /* It is an invalid expression. */
+ illegal_brace:
+-#ifdef _LIBC
+ if (__glibc_unlikely (!alloca_onealt))
+-#endif
+ free (onealt);
+ return glob (pattern, flags & ~GLOB_BRACE, errfunc, pglob);
+ }
+@@ -429,9 +426,7 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ /* If we got an error, return it. */
+ if (result && result != GLOB_NOMATCH)
+ {
+-#ifdef _LIBC
+ if (__glibc_unlikely (!alloca_onealt))
+-#endif
+ free (onealt);
+ if (!(flags & GLOB_APPEND))
+ {
+@@ -450,9 +445,7 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ assert (next != NULL);
+ }
+
+-#ifdef _LIBC
+ if (__glibc_unlikely (!alloca_onealt))
+-#endif
+ free (onealt);
+
+ if (pglob->gl_pathc != firstc)
+@@ -489,14 +482,16 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+
+ /* Find the filename. */
+ filename = strrchr (pattern, '/');
++
+ #if defined __MSDOS__ || defined WINDOWS32
+- /* The case of "d:pattern". Since `:' is not allowed in
++ /* The case of "d:pattern". Since ':' is not allowed in
+ file names, we can safely assume that wherever it
+ happens in pattern, it signals the filename part. This
+ is so we could some day support patterns like "[a-z]:foo". */
+ if (filename == NULL)
+ filename = strchr (pattern, ':');
+ #endif /* __MSDOS__ || WINDOWS32 */
++
+ dirname_modified = 0;
+ if (filename == NULL)
+ {
+@@ -521,11 +516,7 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ }
+
+ filename = pattern;
+-#ifdef _AMIGA
+- dirname = (char *) "";
+-#else
+ dirname = (char *) ".";
+-#endif
+ dirlen = 0;
+ }
+ }
+@@ -549,22 +540,21 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ char *drive_spec;
+
+ ++dirlen;
+- drive_spec = (char *) __alloca (dirlen + 1);
++ drive_spec = __alloca (dirlen + 1);
+ *((char *) mempcpy (drive_spec, pattern, dirlen)) = '\0';
+ /* For now, disallow wildcards in the drive spec, to
+ prevent infinite recursion in glob. */
+ if (__glob_pattern_p (drive_spec, !(flags & GLOB_NOESCAPE)))
+ return GLOB_NOMATCH;
+- /* If this is "d:pattern", we need to copy `:' to DIRNAME
++ /* If this is "d:pattern", we need to copy ':' to DIRNAME
+ as well. If it's "d:/pattern", don't remove the slash
+ from "d:/", since "d:" and "d:/" are not the same.*/
+ }
+ #endif
+-#ifdef _LIBC
+- if (__libc_use_alloca (alloca_used + dirlen + 1))
++
++ if (glob_use_alloca (alloca_used, dirlen + 1))
+ newp = alloca_account (dirlen + 1, alloca_used);
+ else
+-#endif
+ {
+ newp = malloc (dirlen + 1);
+ if (newp == NULL)
+@@ -575,14 +565,17 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ dirname = newp;
+ ++filename;
+
+- if (filename[0] == '\0'
+ #if defined __MSDOS__ || defined WINDOWS32
+- && dirname[dirlen - 1] != ':'
+- && (dirlen < 3 || dirname[dirlen - 2] != ':'
+- || dirname[dirlen - 1] != '/')
++ bool drive_root = (dirlen > 1
++ && (dirname[dirlen - 1] == ':'
++ || (dirlen > 2 && dirname[dirlen - 2] == ':'
++ && dirname[dirlen - 1] == '/')));
++#else
++ bool drive_root = false;
+ #endif
+- && dirlen > 1)
+- /* "pattern/". Expand "pattern", appending slashes. */
++
++ if (filename[0] == '\0' && dirlen > 1 && !drive_root)
++ /* "pattern/". Expand "pattern", appending slashes. */
+ {
+ int orig_flags = flags;
+ if (!(flags & GLOB_NOESCAPE) && dirname[dirlen - 1] == '\\')
+@@ -615,7 +608,6 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ }
+ }
+
+-#ifndef VMS
+ if ((flags & (GLOB_TILDE|GLOB_TILDE_CHECK)) && dirname[0] == '~')
+ {
+ if (dirname[1] == '\0' || dirname[1] == '/'
+@@ -625,100 +617,127 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ /* Look up home directory. */
+ char *home_dir = getenv ("HOME");
+ int malloc_home_dir = 0;
+-# ifdef _AMIGA
+- if (home_dir == NULL || home_dir[0] == '\0')
+- home_dir = "SYS:";
+-# else
+-# ifdef WINDOWS32
+- if (home_dir == NULL || home_dir[0] == '\0')
+- home_dir = "c:/users/default"; /* poor default */
+-# else
+ if (home_dir == NULL || home_dir[0] == '\0')
+ {
++#ifdef WINDOWS32
++ /* Windows NT defines HOMEDRIVE and HOMEPATH. But give
++ preference to HOME, because the user can change HOME. */
++ const char *home_drive = getenv ("HOMEDRIVE");
++ const char *home_path = getenv ("HOMEPATH");
++
++ if (home_drive != NULL && home_path != NULL)
++ {
++ size_t home_drive_len = strlen (home_drive);
++ size_t home_path_len = strlen (home_path);
++ char *mem = alloca (home_drive_len + home_path_len + 1);
++
++ memcpy (mem, home_drive, home_drive_len);
++ memcpy (mem + home_drive_len, home_path, home_path_len + 1);
++ home_dir = mem;
++ }
++ else
++ home_dir = "c:/users/default"; /* poor default */
++#else
+ int success;
+ char *name;
++ int malloc_name = 0;
+ size_t buflen = GET_LOGIN_NAME_MAX () + 1;
+
+ if (buflen == 0)
+- /* `sysconf' does not support _SC_LOGIN_NAME_MAX. Try
++ /* 'sysconf' does not support _SC_LOGIN_NAME_MAX. Try
+ a moderate value. */
+ buflen = 20;
+- name = alloca_account (buflen, alloca_used);
++ if (glob_use_alloca (alloca_used, buflen))
++ name = alloca_account (buflen, alloca_used);
++ else
++ {
++ name = malloc (buflen);
++ if (name == NULL)
++ {
++ retval = GLOB_NOSPACE;
++ goto out;
++ }
++ malloc_name = 1;
++ }
+
+ success = __getlogin_r (name, buflen) == 0;
+ if (success)
+ {
+ struct passwd *p;
+-# if defined HAVE_GETPWNAM_R || defined _LIBC
+- long int pwbuflen = GETPW_R_SIZE_MAX ();
++ char *malloc_pwtmpbuf = NULL;
+ char *pwtmpbuf;
++# if defined HAVE_GETPWNAM_R || defined _LIBC
++ long int pwbuflenmax = GETPW_R_SIZE_MAX ();
++ size_t pwbuflen = pwbuflenmax;
+ struct passwd pwbuf;
+- int malloc_pwtmpbuf = 0;
+ int save = errno;
+
+-# ifndef _LIBC
+- if (pwbuflen == -1)
+- /* `sysconf' does not support _SC_GETPW_R_SIZE_MAX.
++# ifndef _LIBC
++ if (! (0 < pwbuflenmax && pwbuflenmax <= SIZE_MAX))
++ /* 'sysconf' does not support _SC_GETPW_R_SIZE_MAX.
+ Try a moderate value. */
+ pwbuflen = 1024;
+-# endif
+- if (__libc_use_alloca (alloca_used + pwbuflen))
++# endif
++ if (glob_use_alloca (alloca_used, pwbuflen))
+ pwtmpbuf = alloca_account (pwbuflen, alloca_used);
+ else
+ {
+ pwtmpbuf = malloc (pwbuflen);
+ if (pwtmpbuf == NULL)
+ {
++ if (__glibc_unlikely (malloc_name))
++ free (name);
+ retval = GLOB_NOSPACE;
+ goto out;
+ }
+- malloc_pwtmpbuf = 1;
++ malloc_pwtmpbuf = pwtmpbuf;
+ }
+
+ while (getpwnam_r (name, &pwbuf, pwtmpbuf, pwbuflen, &p)
+ != 0)
+ {
++ size_t newlen;
++ bool v;
+ if (errno != ERANGE)
+ {
+ p = NULL;
+ break;
+ }
+-
+- if (!malloc_pwtmpbuf
+- && __libc_use_alloca (alloca_used
+- + 2 * pwbuflen))
++ v = size_add_wrapv (pwbuflen, pwbuflen, &newlen);
++ if (!v && malloc_pwtmpbuf == NULL
++ && glob_use_alloca (alloca_used, newlen))
+ pwtmpbuf = extend_alloca_account (pwtmpbuf, pwbuflen,
+- 2 * pwbuflen,
+- alloca_used);
++ newlen, alloca_used);
+ else
+ {
+- char *newp = realloc (malloc_pwtmpbuf
+- ? pwtmpbuf : NULL,
+- 2 * pwbuflen);
++ char *newp = (v ? NULL
++ : realloc (malloc_pwtmpbuf, newlen));
+ if (newp == NULL)
+ {
+- if (__glibc_unlikely (malloc_pwtmpbuf))
+- free (pwtmpbuf);
++ free (malloc_pwtmpbuf);
++ if (__glibc_unlikely (malloc_name))
++ free (name);
+ retval = GLOB_NOSPACE;
+ goto out;
+ }
+- pwtmpbuf = newp;
+- pwbuflen = 2 * pwbuflen;
+- malloc_pwtmpbuf = 1;
++ malloc_pwtmpbuf = pwtmpbuf = newp;
+ }
++ pwbuflen = newlen;
+ __set_errno (save);
+ }
+-# else
++# else
+ p = getpwnam (name);
+-# endif
++# endif
++ if (__glibc_unlikely (malloc_name))
++ free (name);
+ if (p != NULL)
+ {
+- if (!malloc_pwtmpbuf)
++ if (malloc_pwtmpbuf == NULL)
+ home_dir = p->pw_dir;
+ else
+ {
+ size_t home_dir_len = strlen (p->pw_dir) + 1;
+- if (__libc_use_alloca (alloca_used + home_dir_len))
++ if (glob_use_alloca (alloca_used, home_dir_len))
+ home_dir = alloca_account (home_dir_len,
+ alloca_used);
+ else
+@@ -733,26 +752,32 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ malloc_home_dir = 1;
+ }
+ memcpy (home_dir, p->pw_dir, home_dir_len);
+-
+- free (pwtmpbuf);
+ }
+ }
++ free (malloc_pwtmpbuf);
+ }
++ else
++ {
++ if (__glibc_unlikely (malloc_name))
++ free (name);
++ }
++#endif /* WINDOWS32 */
+ }
+ if (home_dir == NULL || home_dir[0] == '\0')
+ {
++ if (__glibc_unlikely (malloc_home_dir))
++ free (home_dir);
+ if (flags & GLOB_TILDE_CHECK)
+ {
+- if (__glibc_unlikely (malloc_home_dir))
+- free (home_dir);
+ retval = GLOB_NOMATCH;
+ goto out;
+ }
+ else
+- home_dir = (char *) "~"; /* No luck. */
++ {
++ home_dir = (char *) "~"; /* No luck. */
++ malloc_home_dir = 0;
++ }
+ }
+-# endif /* WINDOWS32 */
+-# endif
+ /* Now construct the full directory. */
+ if (dirname[1] == '\0')
+ {
+@@ -767,8 +792,7 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ {
+ char *newp;
+ size_t home_len = strlen (home_dir);
+- int use_alloca = __libc_use_alloca (alloca_used
+- + home_len + dirlen);
++ int use_alloca = glob_use_alloca (alloca_used, home_len + dirlen);
+ if (use_alloca)
+ newp = alloca_account (home_len + dirlen, alloca_used);
+ else
+@@ -792,12 +816,15 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ dirname = newp;
+ dirlen += home_len - 1;
+ malloc_dirname = !use_alloca;
++
++ if (__glibc_unlikely (malloc_home_dir))
++ free (home_dir);
+ }
+ dirname_modified = 1;
+ }
+-# if !defined _AMIGA && !defined WINDOWS32
+ else
+ {
++#ifndef WINDOWS32
+ char *end_name = strchr (dirname, '/');
+ char *user_name;
+ int malloc_user_name = 0;
+@@ -819,7 +846,7 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ else
+ {
+ char *newp;
+- if (__libc_use_alloca (alloca_used + (end_name - dirname)))
++ if (glob_use_alloca (alloca_used, end_name - dirname))
+ newp = alloca_account (end_name - dirname, alloca_used);
+ else
+ {
+@@ -836,11 +863,11 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ char *p = mempcpy (newp, dirname + 1,
+ unescape - dirname - 1);
+ char *q = unescape;
+- while (*q != '\0')
++ while (q != end_name)
+ {
+ if (*q == '\\')
+ {
+- if (q[1] == '\0')
++ if (q + 1 == end_name)
+ {
+ /* "~fo\\o\\" unescape to user_name "foo\\",
+ but "~fo\\o\\/" unescape to user_name
+@@ -856,7 +883,7 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ *p = '\0';
+ }
+ else
+- *((char *) mempcpy (newp, dirname + 1, end_name - dirname))
++ *((char *) mempcpy (newp, dirname + 1, end_name - dirname - 1))
+ = '\0';
+ user_name = newp;
+ }
+@@ -864,20 +891,21 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ /* Look up specific user's home directory. */
+ {
+ struct passwd *p;
++ char *malloc_pwtmpbuf = NULL;
+ # if defined HAVE_GETPWNAM_R || defined _LIBC
+- long int buflen = GETPW_R_SIZE_MAX ();
++ long int buflenmax = GETPW_R_SIZE_MAX ();
++ size_t buflen = buflenmax;
+ char *pwtmpbuf;
+- int malloc_pwtmpbuf = 0;
+ struct passwd pwbuf;
+ int save = errno;
+
+ # ifndef _LIBC
+- if (buflen == -1)
+- /* `sysconf' does not support _SC_GETPW_R_SIZE_MAX. Try a
++ if (! (0 <= buflenmax && buflenmax <= SIZE_MAX))
++ /* Perhaps 'sysconf' does not support _SC_GETPW_R_SIZE_MAX. Try a
+ moderate value. */
+ buflen = 1024;
+ # endif
+- if (__libc_use_alloca (alloca_used + buflen))
++ if (glob_use_alloca (alloca_used, buflen))
+ pwtmpbuf = alloca_account (buflen, alloca_used);
+ else
+ {
+@@ -890,32 +918,32 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ retval = GLOB_NOSPACE;
+ goto out;
+ }
+- malloc_pwtmpbuf = 1;
++ malloc_pwtmpbuf = pwtmpbuf;
+ }
+
+ while (getpwnam_r (user_name, &pwbuf, pwtmpbuf, buflen, &p) != 0)
+ {
++ size_t newlen;
++ bool v;
+ if (errno != ERANGE)
+ {
+ p = NULL;
+ break;
+ }
+- if (!malloc_pwtmpbuf
+- && __libc_use_alloca (alloca_used + 2 * buflen))
++ v = size_add_wrapv (buflen, buflen, &newlen);
++ if (!v && malloc_pwtmpbuf == NULL
++ && glob_use_alloca (alloca_used, newlen))
+ pwtmpbuf = extend_alloca_account (pwtmpbuf, buflen,
+- 2 * buflen, alloca_used);
++ newlen, alloca_used);
+ else
+ {
+- char *newp = realloc (malloc_pwtmpbuf ? pwtmpbuf : NULL,
+- 2 * buflen);
++ char *newp = v ? NULL : realloc (malloc_pwtmpbuf, newlen);
+ if (newp == NULL)
+ {
+- if (__glibc_unlikely (malloc_pwtmpbuf))
+- free (pwtmpbuf);
++ free (malloc_pwtmpbuf);
+ goto nomem_getpw;
+ }
+- pwtmpbuf = newp;
+- malloc_pwtmpbuf = 1;
++ malloc_pwtmpbuf = pwtmpbuf = newp;
+ }
+ __set_errno (save);
+ }
+@@ -936,7 +964,7 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ free (dirname);
+ malloc_dirname = 0;
+
+- if (__libc_use_alloca (alloca_used + home_len + rest_len + 1))
++ if (glob_use_alloca (alloca_used, home_len + rest_len + 1))
+ dirname = alloca_account (home_len + rest_len + 1,
+ alloca_used);
+ else
+@@ -944,8 +972,7 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ dirname = malloc (home_len + rest_len + 1);
+ if (dirname == NULL)
+ {
+- if (__glibc_unlikely (malloc_pwtmpbuf))
+- free (pwtmpbuf);
++ free (malloc_pwtmpbuf);
+ retval = GLOB_NOSPACE;
+ goto out;
+ }
+@@ -957,24 +984,24 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ dirlen = home_len + rest_len;
+ dirname_modified = 1;
+
+- if (__glibc_unlikely (malloc_pwtmpbuf))
+- free (pwtmpbuf);
++ free (malloc_pwtmpbuf);
+ }
+ else
+ {
+- if (__glibc_unlikely (malloc_pwtmpbuf))
+- free (pwtmpbuf);
++ free (malloc_pwtmpbuf);
+
+ if (flags & GLOB_TILDE_CHECK)
+- /* We have to regard it as an error if we cannot find the
+- home directory. */
+- return GLOB_NOMATCH;
++ {
++ /* We have to regard it as an error if we cannot find the
++ home directory. */
++ retval = GLOB_NOMATCH;
++ goto out;
++ }
+ }
+ }
++#endif /* !WINDOWS32 */
+ }
+-# endif /* Not Amiga && not WINDOWS32. */
+ }
+-#endif /* Not VMS. */
+
+ /* Now test whether we looked for "~" or "~NAME". In this case we
+ can give the answer now. */
+@@ -993,19 +1020,18 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ size_t newcount = pglob->gl_pathc + pglob->gl_offs;
+ char **new_gl_pathv;
+
+- if (newcount > UINTPTR_MAX - (1 + 1)
+- || newcount + 1 + 1 > ~((size_t) 0) / sizeof (char *))
++ if (newcount > SIZE_MAX / sizeof (char *) - 2)
+ {
+ nospace:
+ free (pglob->gl_pathv);
+ pglob->gl_pathv = NULL;
+ pglob->gl_pathc = 0;
+- return GLOB_NOSPACE;
++ retval = GLOB_NOSPACE;
++ goto out;
+ }
+
+- new_gl_pathv
+- = (char **) realloc (pglob->gl_pathv,
+- (newcount + 1 + 1) * sizeof (char *));
++ new_gl_pathv = realloc (pglob->gl_pathv,
++ (newcount + 2) * sizeof (char *));
+ if (new_gl_pathv == NULL)
+ goto nospace;
+ pglob->gl_pathv = new_gl_pathv;
+@@ -1019,12 +1045,19 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ p = mempcpy (pglob->gl_pathv[newcount], dirname, dirlen);
+ p[0] = '/';
+ p[1] = '\0';
++ if (__glibc_unlikely (malloc_dirname))
++ free (dirname);
+ }
+ else
+ {
+- pglob->gl_pathv[newcount] = strdup (dirname);
+- if (pglob->gl_pathv[newcount] == NULL)
+- goto nospace;
++ if (__glibc_unlikely (malloc_dirname))
++ pglob->gl_pathv[newcount] = dirname;
++ else
++ {
++ pglob->gl_pathv[newcount] = strdup (dirname);
++ if (pglob->gl_pathv[newcount] == NULL)
++ goto nospace;
++ }
+ }
+ pglob->gl_pathv[++newcount] = NULL;
+ ++pglob->gl_pathc;
+@@ -1034,7 +1067,8 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ }
+
+ /* Not found. */
+- return GLOB_NOMATCH;
++ retval = GLOB_NOMATCH;
++ goto out;
+ }
+
+ meta = __glob_pattern_type (dirname, !(flags & GLOB_NOESCAPE));
+@@ -1080,7 +1114,10 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ if (status != 0)
+ {
+ if ((flags & GLOB_NOCHECK) == 0 || status != GLOB_NOMATCH)
+- return status;
++ {
++ retval = status;
++ goto out;
++ }
+ goto no_matches;
+ }
+
+@@ -1091,19 +1128,6 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ {
+ size_t old_pathc;
+
+-#ifdef SHELL
+- {
+- /* Make globbing interruptible in the bash shell. */
+- extern int interrupt_state;
+-
+- if (interrupt_state)
+- {
+- globfree (&dirs);
+- return GLOB_ABORTED;
+- }
+- }
+-#endif /* SHELL. */
+-
+ old_pathc = pglob->gl_pathc;
+ status = glob_in_dir (filename, dirs.gl_pathv[i],
+ ((flags | GLOB_APPEND)
+@@ -1118,7 +1142,8 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ globfree (&dirs);
+ globfree (pglob);
+ pglob->gl_pathc = 0;
+- return status;
++ retval = status;
++ goto out;
+ }
+
+ /* Stick the directory on the front of each name. */
+@@ -1129,13 +1154,14 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ globfree (&dirs);
+ globfree (pglob);
+ pglob->gl_pathc = 0;
+- return GLOB_NOSPACE;
++ retval = GLOB_NOSPACE;
++ goto out;
+ }
+ }
+
+ flags |= GLOB_MAGCHAR;
+
+- /* We have ignored the GLOB_NOCHECK flag in the `glob_in_dir' calls.
++ /* We have ignored the GLOB_NOCHECK flag in the 'glob_in_dir' calls.
+ But if we have not found any matching entry and the GLOB_NOCHECK
+ flag was set we must return the input pattern itself. */
+ if (pglob->gl_pathc + pglob->gl_offs == oldcount)
+@@ -1147,28 +1173,28 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ size_t newcount = pglob->gl_pathc + pglob->gl_offs;
+ char **new_gl_pathv;
+
+- if (newcount > UINTPTR_MAX - 2
+- || newcount + 2 > ~((size_t) 0) / sizeof (char *))
++ if (newcount > SIZE_MAX / sizeof (char *) - 2)
+ {
+ nospace2:
+ globfree (&dirs);
+- return GLOB_NOSPACE;
++ retval = GLOB_NOSPACE;
++ goto out;
+ }
+
+- new_gl_pathv = (char **) realloc (pglob->gl_pathv,
+- (newcount + 2)
+- * sizeof (char *));
++ new_gl_pathv = realloc (pglob->gl_pathv,
++ (newcount + 2) * sizeof (char *));
+ if (new_gl_pathv == NULL)
+ goto nospace2;
+ pglob->gl_pathv = new_gl_pathv;
+
+- pglob->gl_pathv[newcount] = __strdup (pattern);
++ pglob->gl_pathv[newcount] = strdup (pattern);
+ if (pglob->gl_pathv[newcount] == NULL)
+ {
+ globfree (&dirs);
+ globfree (pglob);
+ pglob->gl_pathc = 0;
+- return GLOB_NOSPACE;
++ retval = GLOB_NOSPACE;
++ goto out;
+ }
+
+ ++pglob->gl_pathc;
+@@ -1180,7 +1206,8 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ else
+ {
+ globfree (&dirs);
+- return GLOB_NOMATCH;
++ retval = GLOB_NOMATCH;
++ goto out;
+ }
+ }
+
+@@ -1226,7 +1253,8 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ flags = orig_flags;
+ goto no_matches;
+ }
+- return status;
++ retval = status;
++ goto out;
+ }
+
+ if (dirlen > 0)
+@@ -1238,7 +1266,8 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ {
+ globfree (pglob);
+ pglob->gl_pathc = 0;
+- return GLOB_NOSPACE;
++ retval = GLOB_NOSPACE;
++ goto out;
+ }
+ }
+ }
+@@ -1263,7 +1292,8 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ {
+ globfree (pglob);
+ pglob->gl_pathc = 0;
+- return GLOB_NOSPACE;
++ retval = GLOB_NOSPACE;
++ goto out;
+ }
+ strcpy (&new[len - 2], "/");
+ pglob->gl_pathv[i] = new;
+@@ -1289,32 +1319,12 @@ libc_hidden_def (glob)
+ #endif
+
+
+-#if !defined _LIBC || !defined GLOB_ONLY_P
+-
+-/* Free storage allocated in PGLOB by a previous `glob' call. */
+-void
+-globfree (glob_t *pglob)
+-{
+- if (pglob->gl_pathv != NULL)
+- {
+- size_t i;
+- for (i = 0; i < pglob->gl_pathc; ++i)
+- free (pglob->gl_pathv[pglob->gl_offs + i]);
+- free (pglob->gl_pathv);
+- pglob->gl_pathv = NULL;
+- }
+-}
+-#if defined _LIBC && !defined globfree
+-libc_hidden_def (globfree)
+-#endif
+-
+-
+ /* Do a collated comparison of A and B. */
+ static int
+ collated_compare (const void *a, const void *b)
+ {
+- const char *const s1 = *(const char *const * const) a;
+- const char *const s2 = *(const char *const * const) b;
++ char *const *ps1 = a; char *s1 = *ps1;
++ char *const *ps2 = b; char *s2 = *ps2;
+
+ if (s1 == s2)
+ return 0;
+@@ -1335,28 +1345,24 @@ prefix_array (const char *dirname, char **array, size_t n)
+ {
+ size_t i;
+ size_t dirlen = strlen (dirname);
+-#if defined __MSDOS__ || defined WINDOWS32
+- int sep_char = '/';
+-# define DIRSEP_CHAR sep_char
+-#else
+-# define DIRSEP_CHAR '/'
+-#endif
++ char dirsep_char = '/';
+
+ if (dirlen == 1 && dirname[0] == '/')
+ /* DIRNAME is just "/", so normal prepending would get us "//foo".
+ We want "/foo" instead, so don't prepend any chars from DIRNAME. */
+ dirlen = 0;
++
+ #if defined __MSDOS__ || defined WINDOWS32
+- else if (dirlen > 1)
++ if (dirlen > 1)
+ {
+ if (dirname[dirlen - 1] == '/' && dirname[dirlen - 2] == ':')
+ /* DIRNAME is "d:/". Don't prepend the slash from DIRNAME. */
+ --dirlen;
+ else if (dirname[dirlen - 1] == ':')
+ {
+- /* DIRNAME is "d:". Use `:' instead of `/'. */
++ /* DIRNAME is "d:". Use ':' instead of '/'. */
+ --dirlen;
+- sep_char = ':';
++ dirsep_char = ':';
+ }
+ }
+ #endif
+@@ -1364,7 +1370,7 @@ prefix_array (const char *dirname, char **array, size_t n)
+ for (i = 0; i < n; ++i)
+ {
+ size_t eltlen = strlen (array[i]) + 1;
+- char *new = (char *) malloc (dirlen + 1 + eltlen);
++ char *new = malloc (dirlen + 1 + eltlen);
+ if (new == NULL)
+ {
+ while (i > 0)
+@@ -1374,7 +1380,7 @@ prefix_array (const char *dirname, char **array, size_t n)
+
+ {
+ char *endp = mempcpy (new, dirname, dirlen);
+- *endp++ = DIRSEP_CHAR;
++ *endp++ = dirsep_char;
+ mempcpy (endp, array[i], eltlen);
+ }
+ free (array[i]);
+@@ -1384,103 +1390,57 @@ prefix_array (const char *dirname, char **array, size_t n)
+ return 0;
+ }
+
+-
+-/* We must not compile this function twice. */
+-#if !defined _LIBC || !defined NO_GLOB_PATTERN_P
+-int
+-__glob_pattern_type (const char *pattern, int quote)
+-{
+- const char *p;
+- int ret = 0;
+-
+- for (p = pattern; *p != '\0'; ++p)
+- switch (*p)
+- {
+- case '?':
+- case '*':
+- return 1;
+-
+- case '\\':
+- if (quote)
+- {
+- if (p[1] != '\0')
+- ++p;
+- ret |= 2;
+- }
+- break;
+-
+- case '[':
+- ret |= 4;
+- break;
+-
+- case ']':
+- if (ret & 4)
+- return 1;
+- break;
+- }
+-
+- return ret;
+-}
+-
+-/* Return nonzero if PATTERN contains any metacharacters.
+- Metacharacters can be quoted with backslashes if QUOTE is nonzero. */
+-int
+-__glob_pattern_p (const char *pattern, int quote)
+-{
+- return __glob_pattern_type (pattern, quote) == 1;
+-}
+-# ifdef _LIBC
+-weak_alias (__glob_pattern_p, glob_pattern_p)
+-# endif
+-#endif
+-
+-#endif /* !GLOB_ONLY_P */
+-
+-
+ /* We put this in a separate function mainly to allow the memory
+ allocated with alloca to be recycled. */
+-#if !defined _LIBC || !defined GLOB_ONLY_P
+ static int
+ __attribute_noinline__
+-link_exists2_p (const char *dir, size_t dirlen, const char *fname,
+- glob_t *pglob
+-# ifndef _LIBC
+- , int flags
++link_stat (const char *dir, size_t dirlen, const char *fname,
++ glob_t *pglob
++# if !defined _LIBC && !HAVE_FSTATAT
++ , int flags
+ # endif
+- )
++ )
+ {
+ size_t fnamelen = strlen (fname);
+- char *fullname = (char *) __alloca (dirlen + 1 + fnamelen + 1);
++ char *fullname = __alloca (dirlen + 1 + fnamelen + 1);
+ struct stat st;
+-# ifndef _LIBC
+- struct_stat64 st64;
+-# endif
+
+ mempcpy (mempcpy (mempcpy (fullname, dir, dirlen), "/", 1),
+ fname, fnamelen + 1);
+
+-# ifdef _LIBC
+- return (*pglob->gl_stat) (fullname, &st) == 0;
+-# else
+- return ((__builtin_expect (flags & GLOB_ALTDIRFUNC, 0)
+- ? (*pglob->gl_stat) (fullname, &st)
+- : __stat64 (fullname, &st64)) == 0);
++# if !defined _LIBC && !HAVE_FSTATAT
++ if (__builtin_expect ((flags & GLOB_ALTDIRFUNC) == 0, 1))
++ {
++ struct_stat64 st64;
++ return __stat64 (fullname, &st64);
++ }
+ # endif
++ return (*pglob->gl_stat) (fullname, &st);
+ }
+-# ifdef _LIBC
+-# define link_exists_p(dfd, dirname, dirnamelen, fname, pglob, flags) \
+- (__builtin_expect (flags & GLOB_ALTDIRFUNC, 0) \
+- ? link_exists2_p (dirname, dirnamelen, fname, pglob) \
+- : ({ struct stat64 st64; \
+- __fxstatat64 (_STAT_VER, dfd, fname, &st64, 0) == 0; }))
++
++/* Return true if DIR/FNAME exists. */
++static int
++link_exists_p (int dfd, const char *dir, size_t dirlen, const char *fname,
++ glob_t *pglob, int flags)
++{
++ int status;
++# if defined _LIBC || HAVE_FSTATAT
++ if (__builtin_expect (flags & GLOB_ALTDIRFUNC, 0))
++ status = link_stat (dir, dirlen, fname, pglob);
++ else
++ {
++ /* dfd cannot be -1 here, because dirfd never returns -1 on
++ glibc, or on hosts that have fstatat. */
++ struct_stat64 st64;
++ status = __fxstatat64 (_STAT_VER, dfd, fname, &st64, 0);
++ }
+ # else
+-# define link_exists_p(dfd, dirname, dirnamelen, fname, pglob, flags) \
+- link_exists2_p (dirname, dirnamelen, fname, pglob, flags)
++ status = link_stat (dir, dirlen, fname, pglob, flags);
+ # endif
+-#endif
+-
++ return status == 0 || errno == EOVERFLOW;
++}
+
+-/* Like `glob', but PATTERN is a final pathname component,
++/* Like 'glob', but PATTERN is a final pathname component,
+ and matches are searched for in DIRECTORY.
+ The GLOB_NOSORT bit in FLAGS is ignored. No sorting is ever done.
+ The GLOB_APPEND flag is assumed to be set (always appends). */
+@@ -1491,25 +1451,25 @@ glob_in_dir (const char *pattern, const char *directory, int flags,
+ {
+ size_t dirlen = strlen (directory);
+ void *stream = NULL;
+- struct globnames
+- {
+- struct globnames *next;
+- size_t count;
+- char *name[64];
+- };
+-#define INITIAL_COUNT sizeof (init_names.name) / sizeof (init_names.name[0])
+- struct globnames init_names;
+- struct globnames *names = &init_names;
+- struct globnames *names_alloca = &init_names;
++# define GLOBNAMES_MEMBERS(nnames) \
++ struct globnames *next; size_t count; char *name[nnames];
++ struct globnames { GLOBNAMES_MEMBERS (FLEXIBLE_ARRAY_MEMBER) };
++ struct { GLOBNAMES_MEMBERS (64) } init_names_buf;
++ struct globnames *init_names = (struct globnames *) &init_names_buf;
++ struct globnames *names = init_names;
++ struct globnames *names_alloca = init_names;
+ size_t nfound = 0;
+ size_t cur = 0;
+ int meta;
+ int save;
++ int result;
+
+- alloca_used += sizeof (init_names);
++ alloca_used += sizeof init_names_buf;
+
+- init_names.next = NULL;
+- init_names.count = INITIAL_COUNT;
++ init_names->next = NULL;
++ init_names->count = ((sizeof init_names_buf
++ - offsetof (struct globnames, name))
++ / sizeof init_names->name[0]);
+
+ meta = __glob_pattern_type (pattern, !(flags & GLOB_NOESCAPE));
+ if (meta == 0 && (flags & (GLOB_NOCHECK|GLOB_NOMAGIC)))
+@@ -1529,14 +1489,16 @@ glob_in_dir (const char *pattern, const char *directory, int flags,
+ struct_stat64 st64;
+ } ust;
+ size_t patlen = strlen (pattern);
+- int alloca_fullname = __libc_use_alloca (alloca_used
+- + dirlen + 1 + patlen + 1);
++ size_t fullsize;
++ bool alloca_fullname
++ = (! size_add_wrapv (dirlen + 1, patlen + 1, &fullsize)
++ && glob_use_alloca (alloca_used, fullsize));
+ char *fullname;
+ if (alloca_fullname)
+- fullname = alloca_account (dirlen + 1 + patlen + 1, alloca_used);
++ fullname = alloca_account (fullsize, alloca_used);
+ else
+ {
+- fullname = malloc (dirlen + 1 + patlen + 1);
++ fullname = malloc (fullsize);
+ if (fullname == NULL)
+ return GLOB_NOSPACE;
+ }
+@@ -1544,9 +1506,11 @@ glob_in_dir (const char *pattern, const char *directory, int flags,
+ mempcpy (mempcpy (mempcpy (fullname, directory, dirlen),
+ "/", 1),
+ pattern, patlen + 1);
+- if ((__builtin_expect (flags & GLOB_ALTDIRFUNC, 0)
++ if (((__builtin_expect (flags & GLOB_ALTDIRFUNC, 0)
+ ? (*pglob->gl_stat) (fullname, &ust.st)
+- : __stat64 (fullname, &ust.st64)) == 0)
++ : __stat64 (fullname, &ust.st64))
++ == 0)
++ || errno == EOVERFLOW)
+ /* We found this file to be existing. Now tell the rest
+ of the function to copy this name into the result. */
+ flags |= GLOB_NOCHECK;
+@@ -1568,16 +1532,10 @@ glob_in_dir (const char *pattern, const char *directory, int flags,
+ }
+ else
+ {
+-#ifdef _LIBC
+ int dfd = (__builtin_expect (flags & GLOB_ALTDIRFUNC, 0)
+ ? -1 : dirfd ((DIR *) stream));
+-#endif
+ int fnm_flags = ((!(flags & GLOB_PERIOD) ? FNM_PERIOD : 0)
+- | ((flags & GLOB_NOESCAPE) ? FNM_NOESCAPE : 0)
+-#if defined _AMIGA || defined VMS
+- | FNM_CASEFOLD
+-#endif
+- );
++ | ((flags & GLOB_NOESCAPE) ? FNM_NOESCAPE : 0));
+ flags |= GLOB_MAGCHAR;
+
+ while (1)
+@@ -1597,19 +1555,24 @@ glob_in_dir (const char *pattern, const char *directory, int flags,
+ }
+ if (d.name == NULL)
+ break;
+- if (d.skip_entry)
++ if (readdir_result_skip_entry (d))
+ continue;
+
+ /* If we shall match only directories use the information
+ provided by the dirent call if possible. */
+- if ((flags & GLOB_ONLYDIR) && !readdir_result_might_be_dir (d))
+- continue;
++ if (flags & GLOB_ONLYDIR)
++ switch (readdir_result_type (d))
++ {
++ case DT_DIR: case DT_LNK: case DT_UNKNOWN: break;
++ default: continue;
++ }
+
+ if (fnmatch (pattern, d.name, fnm_flags) == 0)
+ {
+ /* If the file we found is a symlink we have to
+ make sure the target file exists. */
+- if (!readdir_result_might_be_symlink (d)
++ dirent_type type = readdir_result_type (d);
++ if (! (type == DT_LNK || type == DT_UNKNOWN)
+ || link_exists_p (dfd, directory, dirlen, d.name,
+ pglob, flags))
+ {
+@@ -1617,10 +1580,13 @@ glob_in_dir (const char *pattern, const char *directory, int flags,
+ {
+ struct globnames *newnames;
+ size_t count = names->count * 2;
+- size_t size = (sizeof (struct globnames)
+- + ((count - INITIAL_COUNT)
+- * sizeof (char *)));
+- if (__libc_use_alloca (alloca_used + size))
++ size_t nameoff = offsetof (struct globnames, name);
++ size_t size = FLEXSIZEOF (struct globnames, name,
++ count * sizeof (char *));
++ if ((SIZE_MAX - nameoff) / 2 / sizeof (char *)
++ < names->count)
++ goto memory_error;
++ if (glob_use_alloca (alloca_used, size))
+ newnames = names_alloca
+ = alloca_account (size, alloca_used);
+ else if ((newnames = malloc (size))
+@@ -1636,6 +1602,8 @@ glob_in_dir (const char *pattern, const char *directory, int flags,
+ goto memory_error;
+ ++cur;
+ ++nfound;
++ if (SIZE_MAX - pglob->gl_offs <= nfound)
++ goto memory_error;
+ }
+ }
+ }
+@@ -1646,29 +1614,27 @@ glob_in_dir (const char *pattern, const char *directory, int flags,
+ {
+ size_t len = strlen (pattern);
+ nfound = 1;
+- names->name[cur] = (char *) malloc (len + 1);
++ names->name[cur] = malloc (len + 1);
+ if (names->name[cur] == NULL)
+ goto memory_error;
+ *((char *) mempcpy (names->name[cur++], pattern, len)) = '\0';
+ }
+
+- int result = GLOB_NOMATCH;
++ result = GLOB_NOMATCH;
+ if (nfound != 0)
+ {
++ char **new_gl_pathv;
+ result = 0;
+
+- if (pglob->gl_pathc > UINTPTR_MAX - pglob->gl_offs
+- || pglob->gl_pathc + pglob->gl_offs > UINTPTR_MAX - nfound
+- || pglob->gl_pathc + pglob->gl_offs + nfound > UINTPTR_MAX - 1
+- || (pglob->gl_pathc + pglob->gl_offs + nfound + 1
+- > UINTPTR_MAX / sizeof (char *)))
++ if (SIZE_MAX / sizeof (char *) - pglob->gl_pathc
++ < pglob->gl_offs + nfound + 1)
+ goto memory_error;
+
+- char **new_gl_pathv;
+ new_gl_pathv
+- = (char **) realloc (pglob->gl_pathv,
+- (pglob->gl_pathc + pglob->gl_offs + nfound + 1)
+- * sizeof (char *));
++ = realloc (pglob->gl_pathv,
++ (pglob->gl_pathc + pglob->gl_offs + nfound + 1)
++ * sizeof (char *));
++
+ if (new_gl_pathv == NULL)
+ {
+ memory_error:
+@@ -1684,7 +1650,7 @@ glob_in_dir (const char *pattern, const char *directory, int flags,
+ and this is the block assigned to OLD here. */
+ if (names == NULL)
+ {
+- assert (old == &init_names);
++ assert (old == init_names);
+ break;
+ }
+ cur = names->count;
+@@ -1710,7 +1676,7 @@ glob_in_dir (const char *pattern, const char *directory, int flags,
+ and this is the block assigned to OLD here. */
+ if (names == NULL)
+ {
+- assert (old == &init_names);
++ assert (old == init_names);
+ break;
+ }
+ cur = names->count;
+diff --git a/posix/glob64.c b/posix/glob64.c
+index a5f5a7f9e2..39e54afe8b 100644
+--- a/posix/glob64.c
++++ b/posix/glob64.c
+@@ -43,10 +43,4 @@ glob64 (const char *pattern, int flags,
+ }
+ libc_hidden_def (glob64)
+
+-void
+-globfree64 (glob64_t *pglob)
+-{
+-}
+-libc_hidden_def (globfree64)
+-
+ stub_warning (glob64)
+diff --git a/posix/glob_internal.h b/posix/glob_internal.h
+new file mode 100644
+index 0000000000..12c93660b7
+--- /dev/null
++++ b/posix/glob_internal.h
+@@ -0,0 +1,57 @@
++/* Shared definition for glob and glob_pattern_p.
++ Copyright (C) 2017 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#ifndef GLOB_INTERNAL_H
++# define GLOB_INTERNAL_H
++
++static inline int
++__glob_pattern_type (const char *pattern, int quote)
++{
++ const char *p;
++ int ret = 0;
++
++ for (p = pattern; *p != '\0'; ++p)
++ switch (*p)
++ {
++ case '?':
++ case '*':
++ return 1;
++
++ case '\\':
++ if (quote)
++ {
++ if (p[1] != '\0')
++ ++p;
++ ret |= 2;
++ }
++ break;
++
++ case '[':
++ ret |= 4;
++ break;
++
++ case ']':
++ if (ret & 4)
++ return 1;
++ break;
++ }
++
++ return ret;
++}
++
++#endif /* GLOB_INTERNAL_H */
+diff --git a/posix/glob_pattern_p.c b/posix/glob_pattern_p.c
+new file mode 100644
+index 0000000000..a17d337182
+--- /dev/null
++++ b/posix/glob_pattern_p.c
+@@ -0,0 +1,33 @@
++/* Return nonzero if PATTERN contains any metacharacters.
++ Copyright (C) 2017 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#ifndef _LIBC
++# include <config.h>
++#endif
++
++#include <glob.h>
++#include "glob_internal.h"
++
++/* Return nonzero if PATTERN contains any metacharacters.
++ Metacharacters can be quoted with backslashes if QUOTE is nonzero. */
++int
++__glob_pattern_p (const char *pattern, int quote)
++{
++ return __glob_pattern_type (pattern, quote) == 1;
++}
++weak_alias (__glob_pattern_p, glob_pattern_p)
+diff --git a/posix/globfree.c b/posix/globfree.c
+new file mode 100644
+index 0000000000..042e29d9b0
+--- /dev/null
++++ b/posix/globfree.c
+@@ -0,0 +1,41 @@
++/* Frees the dynamically allocated storage from an earlier call to glob.
++ Copyright (C) 2017 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#ifndef _LIBC
++# include <config.h>
++#endif
++
++#include <glob.h>
++#include <stdlib.h>
++
++/* Free storage allocated in PGLOB by a previous `glob' call. */
++void
++globfree (glob_t *pglob)
++{
++ if (pglob->gl_pathv != NULL)
++ {
++ size_t i;
++ for (i = 0; i < pglob->gl_pathc; ++i)
++ free (pglob->gl_pathv[pglob->gl_offs + i]);
++ free (pglob->gl_pathv);
++ pglob->gl_pathv = NULL;
++ }
++}
++#ifndef globfree
++libc_hidden_def (globfree)
++#endif
+diff --git a/sysdeps/unix/sysv/linux/sh/pread.c b/posix/globfree64.c
+similarity index 68%
+rename from sysdeps/unix/sysv/linux/sh/pread.c
+rename to posix/globfree64.c
+index d3f99f35db..c9f8908a4e 100644
+--- a/sysdeps/unix/sysv/linux/sh/pread.c
++++ b/posix/globfree64.c
+@@ -1,6 +1,6 @@
+-/* Copyright (C) 1997-2016 Free Software Foundation, Inc.
++/* Frees the dynamically allocated storage from an earlier call to glob.
++ Copyright (C) 2017 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+- Contributed by Ulrich Drepper <drepper(a)cygnus.com>, 1997.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+@@ -16,8 +16,16 @@
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+-/* SH4 ABI does not really require argument alignment for 64-bits, but
+- the kernel interface for pread adds a dummy long argument before the
+- offset. */
+-#define __ALIGNMENT_ARG
+-#include <sysdeps/unix/sysv/linux/pread.c>
++#ifndef _LIBC
++# include <config.h>
++#endif
++
++#include <glob.h>
++#include <stdlib.h>
++
++/* Free storage allocated in PGLOB by a previous `glob' call. */
++void
++globfree64 (glob64_t *pglob)
++{
++}
++libc_hidden_def (globfree64)
+diff --git a/posix/tst-glob-tilde.c b/posix/tst-glob-tilde.c
+new file mode 100644
+index 0000000000..6886f4371f
+--- /dev/null
++++ b/posix/tst-glob-tilde.c
+@@ -0,0 +1,143 @@
++/* Check for GLOB_TIDLE heap allocation issues (bugs 22320, 22325, 22332).
++ Copyright (C) 2017 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#include <glob.h>
++#include <mcheck.h>
++#include <nss.h>
++#include <pwd.h>
++#include <stdlib.h>
++#include <string.h>
++#include <support/check.h>
++#include <support/support.h>
++
++/* Flag which indicates whether to pass the GLOB_ONLYDIR flag. */
++static int do_onlydir;
++
++/* Flag which indicates whether to pass the GLOB_NOCHECK flag. */
++static int do_nocheck;
++
++/* Flag which indicates whether to pass the GLOB_MARK flag. */
++static int do_mark;
++
++/* Flag which indicates whether to pass the GLOB_NOESCAPE flag. */
++static int do_noescape;
++
++static void
++one_test (const char *prefix, const char *middle, const char *suffix)
++{
++ char *pattern = xasprintf ("%s%s%s", prefix, middle, suffix);
++ int flags = GLOB_TILDE;
++ if (do_onlydir)
++ flags |= GLOB_ONLYDIR;
++ if (do_nocheck)
++ flags |= GLOB_NOCHECK;
++ if (do_mark)
++ flags |= GLOB_MARK;
++ if (do_noescape)
++ flags |= GLOB_NOESCAPE;
++ glob_t gl;
++ /* This glob call might result in crashes or memory leaks. */
++ if (glob (pattern, flags, NULL, &gl) == 0)
++ globfree (&gl);
++ free (pattern);
++}
++
++enum
++ {
++ /* The largest base being tested. */
++ largest_base_size = 500000,
++
++ /* The actual size is the base size plus a variable whose absolute
++ value is not greater than this. This helps malloc to trigger
++ overflows. */
++ max_size_skew = 16,
++
++ /* The maximum string length supported by repeating_string
++ below. */
++ repeat_size = largest_base_size + max_size_skew,
++ };
++
++/* Used to construct strings which repeat a single character 'x'. */
++static char *repeat;
++
++/* Return a string of SIZE characters. */
++const char *
++repeating_string (int size)
++{
++ TEST_VERIFY (size >= 0);
++ TEST_VERIFY (size <= repeat_size);
++ const char *repeated_shifted = repeat + repeat_size - size;
++ TEST_VERIFY (strlen (repeated_shifted) == size);
++ return repeated_shifted;
++}
++
++static int
++do_test (void)
++{
++ /* Avoid network-based NSS modules and initialize nss_files with a
++ dummy lookup. This has to come before mtrace because NSS does
++ not free all memory. */
++ __nss_configure_lookup ("passwd", "files");
++ (void) getpwnam ("root");
++
++ mtrace ();
++
++ repeat = xmalloc (repeat_size + 1);
++ memset (repeat, 'x', repeat_size);
++ repeat[repeat_size] = '\0';
++
++ /* These numbers control the size of the user name. The values
++ cover the minimum (0), a typical size (8), a large
++ stack-allocated size (100000), and a somewhat large
++ heap-allocated size (largest_base_size). */
++ static const int base_sizes[] = { 0, 8, 100, 100000, largest_base_size, -1 };
++
++ for (do_onlydir = 0; do_onlydir < 2; ++do_onlydir)
++ for (do_nocheck = 0; do_nocheck < 2; ++do_nocheck)
++ for (do_mark = 0; do_mark < 2; ++do_mark)
++ for (do_noescape = 0; do_noescape < 2; ++do_noescape)
++ for (int base_idx = 0; base_sizes[base_idx] >= 0; ++base_idx)
++ {
++ for (int size_skew = -max_size_skew; size_skew <= max_size_skew;
++ ++size_skew)
++ {
++ int size = base_sizes[base_idx] + size_skew;
++ if (size < 0)
++ continue;
++
++ const char *user_name = repeating_string (size);
++ one_test ("~", user_name, "/a/b");
++ one_test ("~", user_name, "x\\x\\x////x\\a");
++ }
++
++ const char *user_name = repeating_string (base_sizes[base_idx]);
++ one_test ("~", user_name, "");
++ one_test ("~", user_name, "/");
++ one_test ("~", user_name, "/a");
++ one_test ("~", user_name, "/*/*");
++ one_test ("~", user_name, "\\/");
++ one_test ("/~", user_name, "");
++ one_test ("*/~", user_name, "/a/b");
++ }
++
++ free (repeat);
++
++ return 0;
++}
++
++#include <support/test-driver.c>
diff --git a/resolv/Makefile b/resolv/Makefile
index 8be41d3ae1..a4c86b9762 100644
--- a/resolv/Makefile
@@ -9482,12 +11928,12 @@ index 0000000000..cfc6dd8fa8
+ if (bind (fd, sa, sa_len) != 0)
+ FAIL_EXIT1 ("bind (%d), family %d: %m", fd, sa->sa_family);
+}
-diff --git a/sysdeps/unix/sysv/linux/sh/pread.c b/support/xcalloc.c
-similarity index 68%
-rename from sysdeps/unix/sysv/linux/sh/pread.c
+diff --git a/sysdeps/unix/sysv/linux/sh/pread64.c b/support/xcalloc.c
+similarity index 67%
+rename from sysdeps/unix/sysv/linux/sh/pread64.c
rename to support/xcalloc.c
-index d3f99f35db..135f42dab2 100644
---- a/sysdeps/unix/sysv/linux/sh/pread.c
+index b2e8a25788..135f42dab2 100644
+--- a/sysdeps/unix/sysv/linux/sh/pread64.c
+++ b/support/xcalloc.c
@@ -1,6 +1,6 @@
-/* Copyright (C) 1997-2016 Free Software Foundation, Inc.
@@ -9506,7 +11952,7 @@ index d3f99f35db..135f42dab2 100644
- the kernel interface for pread adds a dummy long argument before the
- offset. */
-#define __ALIGNMENT_ARG
--#include <sysdeps/unix/sysv/linux/pread.c>
+-#include <sysdeps/unix/sysv/linux/pread64.c>
+#include <support/support.h>
+
+#include <stdarg.h>
@@ -9523,31 +11969,30 @@ index d3f99f35db..135f42dab2 100644
+ oom_error ("calloc", n * s);
+ return p;
+}
-diff --git a/sysdeps/unix/sysv/linux/sh/pread64.c b/support/xchroot.c
-similarity index 67%
-rename from sysdeps/unix/sysv/linux/sh/pread64.c
-rename to support/xchroot.c
-index b2e8a25788..abcc299e00 100644
---- a/sysdeps/unix/sysv/linux/sh/pread64.c
+diff --git a/support/xchroot.c b/support/xchroot.c
+new file mode 100644
+index 0000000000..abcc299e00
+--- /dev/null
+++ b/support/xchroot.c
-@@ -1,6 +1,6 @@
--/* Copyright (C) 1997-2016 Free Software Foundation, Inc.
+@@ -0,0 +1,28 @@
+/* chroot with error checking.
+ Copyright (C) 2017 Free Software Foundation, Inc.
- This file is part of the GNU C Library.
-- Contributed by Ulrich Drepper <drepper(a)cygnus.com>, 1997.
-
- The GNU C Library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
-@@ -16,8 +16,13 @@
- License along with the GNU C Library; if not, see
- <http://www.gnu.org/licenses/>. */
-
--/* SH4 ABI does not really require argument alignment for 64-bits, but
-- the kernel interface for pread adds a dummy long argument before the
-- offset. */
--#define __ALIGNMENT_ARG
--#include <sysdeps/unix/sysv/linux/pread64.c>
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
+#include <support/check.h>
+#include <support/xunistd.h>
+#include <sys/stat.h>
@@ -11998,6 +14443,38 @@ index d5b8119c9c..ac57bd5db0 100644
"LD_LIBRARY_PATH\0" \
"LD_ORIGIN_PATH\0" \
"LD_PRELOAD\0" \
+diff --git a/sysdeps/gnu/glob64.c b/sysdeps/gnu/glob64.c
+index d1e4e6f0d5..52e97e2f6a 100644
+--- a/sysdeps/gnu/glob64.c
++++ b/sysdeps/gnu/glob64.c
+@@ -15,11 +15,8 @@
+ #undef __stat
+ #define __stat(file, buf) __xstat64 (_STAT_VER, file, buf)
+
+-#define NO_GLOB_PATTERN_P 1
+-
+ #define COMPILE_GLOB64 1
+
+ #include <posix/glob.c>
+
+ libc_hidden_def (glob64)
+-libc_hidden_def (globfree64)
+diff --git a/sysdeps/gnu/globfree64.c b/sysdeps/gnu/globfree64.c
+new file mode 100644
+index 0000000000..f092d0bf8b
+--- /dev/null
++++ b/sysdeps/gnu/globfree64.c
+@@ -0,0 +1,10 @@
++#include <dirent.h>
++#include <glob.h>
++#include <sys/stat.h>
++
++#define glob_t glob64_t
++#define globfree(pglob) globfree64 (pglob)
++
++#include <posix/globfree.c>
++
++libc_hidden_def (globfree64)
diff --git a/sysdeps/hppa/dl-machine.h b/sysdeps/hppa/dl-machine.h
index 9404211819..01bd5bf197 100644
--- a/sysdeps/hppa/dl-machine.h
@@ -13053,6 +15530,19 @@ index 94a2ce0e37..38c2432002 100644
LIBC_CANCEL_RESET (sc_cancel_oldtype); \
} \
sc_ret; \
+diff --git a/sysdeps/unix/sysv/linux/Makefile b/sysdeps/unix/sysv/linux/Makefile
+index 35e1ed48d2..32beaa67d0 100644
+--- a/sysdeps/unix/sysv/linux/Makefile
++++ b/sysdeps/unix/sysv/linux/Makefile
+@@ -140,7 +140,7 @@ endif
+ ifeq ($(subdir),posix)
+ sysdep_headers += bits/initspin.h
+
+-sysdep_routines += sched_getcpu
++sysdep_routines += sched_getcpu oldglob
+
+ tests += tst-affinity tst-affinity-pid
+
diff --git a/sysdeps/unix/sysv/linux/aarch64/clone.S b/sysdeps/unix/sysv/linux/aarch64/clone.S
index 76baa7a698..96482e53c0 100644
--- a/sysdeps/unix/sysv/linux/aarch64/clone.S
@@ -13150,6 +15640,64 @@ index 6a3154f9a7..2757bf20c3 100644
cfi_endproc
.end thread_start
+diff --git a/sysdeps/unix/sysv/linux/alpha/glob.c b/sysdeps/unix/sysv/linux/alpha/glob.c
+index c5dfb85468..19eb9b1c07 100644
+--- a/sysdeps/unix/sysv/linux/alpha/glob.c
++++ b/sysdeps/unix/sysv/linux/alpha/glob.c
+@@ -42,10 +42,6 @@ extern void __new_globfree (glob_t *__pglob);
+ #undef globfree64
+
+ versioned_symbol (libc, __new_glob, glob, GLIBC_2_1);
+-versioned_symbol (libc, __new_globfree, globfree, GLIBC_2_1);
+ libc_hidden_ver (__new_glob, glob)
+-libc_hidden_ver (__new_globfree, globfree)
+
+ weak_alias (__new_glob, glob64)
+-weak_alias (__new_globfree, globfree64)
+-libc_hidden_ver (__new_globfree, globfree64)
+diff --git a/sysdeps/unix/sysv/linux/alpha/globfree.c b/sysdeps/unix/sysv/linux/alpha/globfree.c
+new file mode 100644
+index 0000000000..98cf1c200b
+--- /dev/null
++++ b/sysdeps/unix/sysv/linux/alpha/globfree.c
+@@ -0,0 +1,37 @@
++/* Compat globfree. Linux/alpha version.
++ Copyright (C) 2017 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library. If not, see
++ <http://www.gnu.org/licenses/>. */
++
++#define globfree64 __no_globfree64_decl
++#include <sys/types.h>
++#include <glob.h>
++#include <shlib-compat.h>
++
++#define globfree(pglob) \
++ __new_globfree (pglob)
++
++extern void __new_globfree (glob_t *__pglob);
++
++#include <posix/globfree.c>
++
++#undef globfree64
++
++versioned_symbol (libc, __new_globfree, globfree, GLIBC_2_1);
++libc_hidden_ver (__new_globfree, globfree)
++
++weak_alias (__new_globfree, globfree64)
++libc_hidden_ver (__new_globfree, globfree64)
diff --git a/sysdeps/unix/sysv/linux/alpha/vfork.S b/sysdeps/unix/sysv/linux/alpha/vfork.S
index 9fc199ac41..e5f7ed0661 100644
--- a/sysdeps/unix/sysv/linux/alpha/vfork.S
@@ -13275,6 +15823,33 @@ index 6d32cece48..ec86f50814 100644
return INTERNAL_SYSCALL_ERRNO (res, err);
}
+diff --git a/sysdeps/unix/sysv/linux/getcwd.c b/sysdeps/unix/sysv/linux/getcwd.c
+index 3f21ae743f..d0b2c38c17 100644
+--- a/sysdeps/unix/sysv/linux/getcwd.c
++++ b/sysdeps/unix/sysv/linux/getcwd.c
+@@ -76,7 +76,7 @@ __getcwd (char *buf, size_t size)
+ int retval;
+
+ retval = INLINE_SYSCALL (getcwd, 2, path, alloc_size);
+- if (retval >= 0)
++ if (retval > 0 && path[0] == '/')
+ {
+ #ifndef NO_ALLOCATION
+ if (buf == NULL && size == 0)
+@@ -92,10 +92,10 @@ __getcwd (char *buf, size_t size)
+ return buf;
+ }
+
+- /* The system call cannot handle paths longer than a page.
+- Neither can the magic symlink in /proc/self. Just use the
++ /* The system call either cannot handle paths longer than a page
++ or can succeed without returning an absolute path. Just use the
+ generic implementation right away. */
+- if (errno == ENAMETOOLONG)
++ if (retval >= 0 || errno == ENAMETOOLONG)
+ {
+ #ifndef NO_ALLOCATION
+ if (buf == NULL && size == 0)
diff --git a/sysdeps/unix/sysv/linux/getpid.c b/sysdeps/unix/sysv/linux/getpid.c
deleted file mode 100644
index 1124549326..0000000000
@@ -13473,6 +16048,63 @@ index 25f2a9c340..feae504ce6 100644
PSEUDO_END (__clone)
libc_hidden_def (__clone)
+diff --git a/sysdeps/unix/sysv/linux/i386/glob64.c b/sysdeps/unix/sysv/linux/i386/glob64.c
+index 802c957d6c..c2cc85741f 100644
+--- a/sysdeps/unix/sysv/linux/i386/glob64.c
++++ b/sysdeps/unix/sysv/linux/i386/glob64.c
+@@ -19,6 +19,7 @@
+ #include <dirent.h>
+ #include <glob.h>
+ #include <sys/stat.h>
++#include <shlib-compat.h>
+
+ #define dirent dirent64
+ #define __readdir(dirp) __readdir64 (dirp)
+@@ -33,44 +34,9 @@
+ #undef __stat
+ #define __stat(file, buf) __xstat64 (_STAT_VER, file, buf)
+
+-#define NO_GLOB_PATTERN_P 1
+-
+ #define COMPILE_GLOB64 1
+
+ #include <posix/glob.c>
+
+-#include "shlib-compat.h"
+-
+-libc_hidden_def (globfree64)
+-
+ versioned_symbol (libc, __glob64, glob64, GLIBC_2_2);
+ libc_hidden_ver (__glob64, glob64)
+-
+-#if SHLIB_COMPAT(libc, GLIBC_2_1, GLIBC_2_2)
+-
+-#include <sysdeps/unix/sysv/linux/i386/olddirent.h>
+-
+-int __old_glob64 (const char *__pattern, int __flags,
+- int (*__errfunc) (const char *, int),
+- glob64_t *__pglob);
+-
+-#undef dirent
+-#define dirent __old_dirent64
+-#undef GL_READDIR
+-# define GL_READDIR(pglob, stream) \
+- ((struct __old_dirent64 *) (pglob)->gl_readdir (stream))
+-#undef __readdir
+-#define __readdir(dirp) __old_readdir64 (dirp)
+-#undef glob
+-#define glob(pattern, flags, errfunc, pglob) \
+- __old_glob64 (pattern, flags, errfunc, pglob)
+-#define convert_dirent __old_convert_dirent
+-#define glob_in_dir __old_glob_in_dir
+-#define GLOB_ATTRIBUTE attribute_compat_text_section
+-
+-#define GLOB_ONLY_P 1
+-
+-#include <posix/glob.c>
+-
+-compat_symbol (libc, __old_glob64, glob64, GLIBC_2_1);
+-#endif
diff --git a/sysdeps/unix/sysv/linux/i386/vfork.S b/sysdeps/unix/sysv/linux/i386/vfork.S
index 7a1d3373bb..a865de2201 100644
--- a/sysdeps/unix/sysv/linux/i386/vfork.S
@@ -13689,6 +16321,13 @@ index 39634c5cf0..7ae65ef723 100644
END(__thread_start)
libc_hidden_def (__clone)
+diff --git a/sysdeps/unix/sysv/linux/mips/mips64/n64/globfree64.c b/sysdeps/unix/sysv/linux/mips/mips64/n64/globfree64.c
+new file mode 100644
+index 0000000000..abc35fdd2b
+--- /dev/null
++++ b/sysdeps/unix/sysv/linux/mips/mips64/n64/globfree64.c
+@@ -0,0 +1 @@
++/* glob64 is in globfree64.c */
diff --git a/sysdeps/unix/sysv/linux/mips/mips64/n64/syscalls.list b/sysdeps/unix/sysv/linux/mips/mips64/n64/syscalls.list
index 890a74494a..26ab6d0b75 100644
--- a/sysdeps/unix/sysv/linux/mips/mips64/n64/syscalls.list
@@ -13783,6 +16422,54 @@ index c1bb9c7134..8997269199 100644
bne r7, zero, SYSCALL_ERROR_LABEL
ret
+diff --git a/sysdeps/unix/sysv/linux/oldglob.c b/sysdeps/unix/sysv/linux/oldglob.c
+new file mode 100644
+index 0000000000..8233e57ce9
+--- /dev/null
++++ b/sysdeps/unix/sysv/linux/oldglob.c
+@@ -0,0 +1,42 @@
++#include <shlib-compat.h>
++
++#if SHLIB_COMPAT(libc, GLIBC_2_1, GLIBC_2_2)
++
++#include <dirent.h>
++#include <glob.h>
++#include <sys/stat.h>
++
++#include <sysdeps/unix/sysv/linux/i386/olddirent.h>
++
++int __old_glob64 (const char *__pattern, int __flags,
++ int (*__errfunc) (const char *, int),
++ glob64_t *__pglob);
++libc_hidden_proto (__old_glob64);
++
++#define dirent __old_dirent64
++#define GL_READDIR(pglob, stream) \
++ ((struct __old_dirent64 *) (pglob)->gl_readdir (stream))
++#undef __readdir
++#define __readdir(dirp) __old_readdir64 (dirp)
++
++#define glob_t glob64_t
++#define glob(pattern, flags, errfunc, pglob) \
++ __old_glob64 (pattern, flags, errfunc, pglob)
++#define globfree(pglob) globfree64(pglob)
++
++#define convert_dirent __old_convert_dirent
++#define glob_in_dir __old_glob_in_dir
++
++#undef stat
++#define stat stat64
++#undef __stat
++#define __stat(file, buf) __xstat64 (_STAT_VER, file, buf)
++
++#define GLOB_ATTRIBUTE attribute_compat_text_section
++
++#include <posix/glob.c>
++
++libc_hidden_def (__old_glob64);
++
++compat_symbol (libc, __old_glob64, glob64, GLIBC_2_1);
++#endif
diff --git a/sysdeps/unix/sysv/linux/powerpc/Makefile b/sysdeps/unix/sysv/linux/powerpc/Makefile
index c89ed9ec7d..2cfb46eca3 100644
--- a/sysdeps/unix/sysv/linux/powerpc/Makefile
@@ -15053,6 +17740,14 @@ index 68a7e6d6e2..1472311947 100644
-#define TEST_FUNCTION do_test ()
-#include "../test-skeleton.c"
+#include <support/test-driver.c>
+diff --git a/sysdeps/unix/sysv/linux/wordsize-64/globfree64.c b/sysdeps/unix/sysv/linux/wordsize-64/globfree64.c
+new file mode 100644
+index 0000000000..af035e1514
+--- /dev/null
++++ b/sysdeps/unix/sysv/linux/wordsize-64/globfree64.c
+@@ -0,0 +1,2 @@
++/* This file is here so sysdeps/gnu/glob64.c doesn't take precedence. */
++#include <sysdeps/wordsize-64/globfree64.c>
diff --git a/sysdeps/unix/sysv/linux/x86_64/clone.S b/sysdeps/unix/sysv/linux/x86_64/clone.S
index 66f4b11490..5629aed395 100644
--- a/sysdeps/unix/sysv/linux/x86_64/clone.S
@@ -15108,11 +17803,138 @@ index 8332ade9fb..cdd2dea32a 100644
cmpl $-4095, %eax
jae SYSCALL_ERROR_LABEL /* Branch forward if it failed. */
+diff --git a/sysdeps/unix/sysv/linux/x86_64/x32/globfree.c b/sysdeps/unix/sysv/linux/x86_64/x32/globfree.c
+new file mode 100644
+index 0000000000..b76a761c17
+--- /dev/null
++++ b/sysdeps/unix/sysv/linux/x86_64/x32/globfree.c
+@@ -0,0 +1 @@
++#include <sysdeps/wordsize-64/globfree.c>
+diff --git a/sysdeps/wordsize-64/glob.c b/sysdeps/wordsize-64/glob.c
+index 082faf1c70..954e8d37e2 100644
+--- a/sysdeps/wordsize-64/glob.c
++++ b/sysdeps/wordsize-64/glob.c
+@@ -4,5 +4,3 @@
+ #undef glob64
+ #undef globfree64
+ weak_alias (glob, glob64)
+-weak_alias (globfree, globfree64)
+-libc_hidden_ver (globfree, globfree64)
+diff --git a/sysdeps/wordsize-64/globfree.c b/sysdeps/wordsize-64/globfree.c
+new file mode 100644
+index 0000000000..ec8c35b489
+--- /dev/null
++++ b/sysdeps/wordsize-64/globfree.c
+@@ -0,0 +1,5 @@
++#define globfree64 __no_globfree64_decl
++#include <posix/globfree.c>
++#undef globfree64
++weak_alias (globfree, globfree64)
++libc_hidden_ver (globfree, globfree64)
+diff --git a/sysdeps/wordsize-64/globfree64.c b/sysdeps/wordsize-64/globfree64.c
+new file mode 100644
+index 0000000000..a0f57ff4b3
+--- /dev/null
++++ b/sysdeps/wordsize-64/globfree64.c
+@@ -0,0 +1 @@
++/* globfree64 is in globfree.c */
+diff --git a/sysdeps/x86/cpu-features-offsets.sym b/sysdeps/x86/cpu-features-offsets.sym
+index f6739fae81..33dd094e37 100644
+--- a/sysdeps/x86/cpu-features-offsets.sym
++++ b/sysdeps/x86/cpu-features-offsets.sym
+@@ -15,6 +15,7 @@ CPUID_ECX_OFFSET offsetof (struct cpuid_registers, ecx)
+ CPUID_EDX_OFFSET offsetof (struct cpuid_registers, edx)
+ FAMILY_OFFSET offsetof (struct cpu_features, family)
+ MODEL_OFFSET offsetof (struct cpu_features, model)
++XSAVE_STATE_SIZE_OFFSET offsetof (struct cpu_features, xsave_state_size)
+ FEATURE_OFFSET offsetof (struct cpu_features, feature)
+ FEATURE_SIZE sizeof (unsigned int)
+
diff --git a/sysdeps/x86/cpu-features.c b/sysdeps/x86/cpu-features.c
-index 9ce4b495a5..508ad2ae7b 100644
+index 9ce4b495a5..9eca98817d 100644
--- a/sysdeps/x86/cpu-features.c
+++ b/sysdeps/x86/cpu-features.c
-@@ -133,8 +133,6 @@ init_cpu_features (struct cpu_features *cpu_features)
+@@ -18,6 +18,7 @@
+
+ #include <cpuid.h>
+ #include <cpu-features.h>
++#include <libc-internal.h>
+
+ static void
+ get_common_indeces (struct cpu_features *cpu_features,
+@@ -88,6 +89,71 @@ get_common_indeces (struct cpu_features *cpu_features,
+ cpu_features->feature[index_arch_FMA_Usable]
+ |= bit_arch_FMA_Usable;
+ }
++
++ /* For _dl_runtime_resolve, set xsave_state_size to xsave area
++ size + integer register save size and align it to 64 bytes. */
++ if (cpu_features->max_cpuid >= 0xd)
++ {
++ unsigned int eax, ebx, ecx, edx;
++
++ __cpuid_count (0xd, 0, eax, ebx, ecx, edx);
++ if (ebx != 0)
++ {
++ cpu_features->xsave_state_size
++ = ALIGN_UP (ebx + STATE_SAVE_OFFSET, 64);
++
++ __cpuid_count (0xd, 1, eax, ebx, ecx, edx);
++
++ /* Check if XSAVEC is available. */
++ if ((eax & (1 << 1)) != 0)
++ {
++ unsigned int xstate_comp_offsets[32];
++ unsigned int xstate_comp_sizes[32];
++ unsigned int i;
++
++ xstate_comp_offsets[0] = 0;
++ xstate_comp_offsets[1] = 160;
++ xstate_comp_offsets[2] = 576;
++ xstate_comp_sizes[0] = 160;
++ xstate_comp_sizes[1] = 256;
++
++ for (i = 2; i < 32; i++)
++ {
++ if ((STATE_SAVE_MASK & (1 << i)) != 0)
++ {
++ __cpuid_count (0xd, i, eax, ebx, ecx, edx);
++ xstate_comp_sizes[i] = eax;
++ }
++ else
++ {
++ ecx = 0;
++ xstate_comp_sizes[i] = 0;
++ }
++
++ if (i > 2)
++ {
++ xstate_comp_offsets[i]
++ = (xstate_comp_offsets[i - 1]
++ + xstate_comp_sizes[i -1]);
++ if ((ecx & (1 << 1)) != 0)
++ xstate_comp_offsets[i]
++ = ALIGN_UP (xstate_comp_offsets[i], 64);
++ }
++ }
++
++ /* Use XSAVEC. */
++ unsigned int size
++ = xstate_comp_offsets[31] + xstate_comp_sizes[31];
++ if (size)
++ {
++ cpu_features->xsave_state_size
++ = ALIGN_UP (size + STATE_SAVE_OFFSET, 64);
++ cpu_features->feature[index_arch_XSAVEC_Usable]
++ |= bit_arch_XSAVEC_Usable;
++ }
++ }
++ }
++ }
+ }
+ }
+
+@@ -133,8 +199,6 @@ init_cpu_features (struct cpu_features *cpu_features)
case 0x57:
/* Knights Landing. Enable Silvermont optimizations. */
@@ -15121,7 +17943,7 @@ index 9ce4b495a5..508ad2ae7b 100644
case 0x5c:
case 0x5f:
-@@ -205,6 +203,33 @@ init_cpu_features (struct cpu_features *cpu_features)
+@@ -205,6 +269,16 @@ init_cpu_features (struct cpu_features *cpu_features)
if (CPU_FEATURES_ARCH_P (cpu_features, AVX2_Usable))
cpu_features->feature[index_arch_AVX_Fast_Unaligned_Load]
|= bit_arch_AVX_Fast_Unaligned_Load;
@@ -15135,41 +17957,23 @@ index 9ce4b495a5..508ad2ae7b 100644
+ else
+ cpu_features->feature[index_arch_Prefer_No_AVX512]
+ |= bit_arch_Prefer_No_AVX512;
-+
-+ /* To avoid SSE transition penalty, use _dl_runtime_resolve_slow.
-+ If XGETBV suports ECX == 1, use _dl_runtime_resolve_opt.
-+ Use _dl_runtime_resolve_opt only with AVX512F since it is
-+ slower than _dl_runtime_resolve_slow with AVX. */
-+ cpu_features->feature[index_arch_Use_dl_runtime_resolve_slow]
-+ |= bit_arch_Use_dl_runtime_resolve_slow;
-+ if (CPU_FEATURES_ARCH_P (cpu_features, AVX512F_Usable)
-+ && cpu_features->max_cpuid >= 0xd)
-+ {
-+ unsigned int eax;
-+
-+ __cpuid_count (0xd, 1, eax, ebx, ecx, edx);
-+ if ((eax & (1 << 2)) != 0)
-+ cpu_features->feature[index_arch_Use_dl_runtime_resolve_opt]
-+ |= bit_arch_Use_dl_runtime_resolve_opt;
-+ }
}
/* This spells out "AuthenticAMD". */
else if (ebx == 0x68747541 && ecx == 0x444d4163 && edx == 0x69746e65)
diff --git a/sysdeps/x86/cpu-features.h b/sysdeps/x86/cpu-features.h
-index 97ffe765f4..2609ac0999 100644
+index 97ffe765f4..507a141414 100644
--- a/sysdeps/x86/cpu-features.h
+++ b/sysdeps/x86/cpu-features.h
-@@ -37,6 +37,9 @@
+@@ -37,6 +37,8 @@
#define bit_arch_Prefer_No_VZEROUPPER (1 << 17)
#define bit_arch_Fast_Unaligned_Copy (1 << 18)
#define bit_arch_Prefer_ERMS (1 << 19)
-+#define bit_arch_Use_dl_runtime_resolve_opt (1 << 20)
-+#define bit_arch_Use_dl_runtime_resolve_slow (1 << 21)
-+#define bit_arch_Prefer_No_AVX512 (1 << 22)
++#define bit_arch_Prefer_No_AVX512 (1 << 20)
++#define bit_arch_XSAVEC_Usable (1 << 21)
/* CPUID Feature flags. */
-@@ -60,6 +63,11 @@
+@@ -60,6 +62,11 @@
#define bit_cpu_AVX2 (1 << 5)
#define bit_cpu_AVX512F (1 << 16)
#define bit_cpu_AVX512DQ (1 << 17)
@@ -15181,7 +17985,23 @@ index 97ffe765f4..2609ac0999 100644
/* XCR0 Feature flags. */
#define bit_XMM_state (1 << 1)
-@@ -107,6 +115,9 @@
+@@ -74,6 +81,15 @@
+ /* The current maximum size of the feature integer bit array. */
+ #define FEATURE_INDEX_MAX 1
+
++/* Offset for fxsave/xsave area used by _dl_runtime_resolve. Also need
++ space to preserve RCX, RDX, RSI, RDI, R8, R9 and RAX. It must be
++ aligned to 16 bytes for fxsave and 64 bytes for xsave. */
++#define STATE_SAVE_OFFSET (8 * 7 + 8)
++
++/* Save SSE, AVX, AVX512, mask and bound registers. */
++#define STATE_SAVE_MASK \
++ ((1 << 1) | (1 << 2) | (1 << 3) | (1 << 5) | (1 << 6) | (1 << 7))
++
+ #ifdef __ASSEMBLER__
+
+ # include <cpu-features-offsets.h>
+@@ -107,6 +123,9 @@
# define index_arch_Prefer_No_VZEROUPPER FEATURE_INDEX_1*FEATURE_SIZE
# define index_arch_Fast_Unaligned_Copy FEATURE_INDEX_1*FEATURE_SIZE
# define index_arch_Prefer_ERMS FEATURE_INDEX_1*FEATURE_SIZE
@@ -15191,7 +18011,20 @@ index 97ffe765f4..2609ac0999 100644
# if defined (_LIBC) && !IS_IN (nonlib)
-@@ -232,6 +243,11 @@ extern const struct cpu_features *__get_cpu_features (void)
+@@ -195,6 +214,12 @@ struct cpu_features
+ } cpuid[COMMON_CPUID_INDEX_MAX];
+ unsigned int family;
+ unsigned int model;
++ /* The type must be unsigned long int so that we use
++
++ sub xsave_state_size_offset(%rip) %RSP_LP
++
++ in _dl_runtime_resolve. */
++ unsigned long int xsave_state_size;
+ unsigned int feature[FEATURE_INDEX_MAX];
+ };
+
+@@ -232,6 +257,11 @@ extern const struct cpu_features *__get_cpu_features (void)
# define index_cpu_AVX2 COMMON_CPUID_INDEX_7
# define index_cpu_AVX512F COMMON_CPUID_INDEX_7
# define index_cpu_AVX512DQ COMMON_CPUID_INDEX_7
@@ -15203,7 +18036,7 @@ index 97ffe765f4..2609ac0999 100644
# define index_cpu_ERMS COMMON_CPUID_INDEX_7
# define index_cpu_RTM COMMON_CPUID_INDEX_7
# define index_cpu_FMA COMMON_CPUID_INDEX_1
-@@ -250,6 +266,11 @@ extern const struct cpu_features *__get_cpu_features (void)
+@@ -250,6 +280,11 @@ extern const struct cpu_features *__get_cpu_features (void)
# define reg_AVX2 ebx
# define reg_AVX512F ebx
# define reg_AVX512DQ ebx
@@ -15215,13 +18048,12 @@ index 97ffe765f4..2609ac0999 100644
# define reg_ERMS ebx
# define reg_RTM ebx
# define reg_FMA ecx
-@@ -277,6 +298,9 @@ extern const struct cpu_features *__get_cpu_features (void)
+@@ -277,6 +312,8 @@ extern const struct cpu_features *__get_cpu_features (void)
# define index_arch_Prefer_No_VZEROUPPER FEATURE_INDEX_1
# define index_arch_Fast_Unaligned_Copy FEATURE_INDEX_1
# define index_arch_Prefer_ERMS FEATURE_INDEX_1
-+# define index_arch_Use_dl_runtime_resolve_opt FEATURE_INDEX_1
-+# define index_arch_Use_dl_runtime_resolve_slow FEATURE_INDEX_1
+# define index_arch_Prefer_No_AVX512 FEATURE_INDEX_1
++# define index_arch_XSAVEC_Usable FEATURE_INDEX_1
#endif /* !__ASSEMBLER__ */
@@ -15296,49 +18128,42 @@ index 6d99284cd0..cc990a9685 100644
+gen-as-const-headers += tlsdesc.sym rtld-offsets.sym
endif
diff --git a/sysdeps/x86_64/dl-machine.h b/sysdeps/x86_64/dl-machine.h
-index ed0c1a8efd..c0f0fa16a2 100644
+index ed0c1a8efd..8355432dfc 100644
--- a/sysdeps/x86_64/dl-machine.h
+++ b/sysdeps/x86_64/dl-machine.h
-@@ -68,7 +68,10 @@ elf_machine_runtime_setup (struct link_map *l, int lazy, int profile)
+@@ -66,9 +66,9 @@ static inline int __attribute__ ((unused, always_inline))
+ elf_machine_runtime_setup (struct link_map *l, int lazy, int profile)
+ {
Elf64_Addr *got;
- extern void _dl_runtime_resolve_sse (ElfW(Word)) attribute_hidden;
- extern void _dl_runtime_resolve_avx (ElfW(Word)) attribute_hidden;
-+ extern void _dl_runtime_resolve_avx_slow (ElfW(Word)) attribute_hidden;
-+ extern void _dl_runtime_resolve_avx_opt (ElfW(Word)) attribute_hidden;
- extern void _dl_runtime_resolve_avx512 (ElfW(Word)) attribute_hidden;
-+ extern void _dl_runtime_resolve_avx512_opt (ElfW(Word)) attribute_hidden;
+- extern void _dl_runtime_resolve_sse (ElfW(Word)) attribute_hidden;
+- extern void _dl_runtime_resolve_avx (ElfW(Word)) attribute_hidden;
+- extern void _dl_runtime_resolve_avx512 (ElfW(Word)) attribute_hidden;
++ extern void _dl_runtime_resolve_fxsave (ElfW(Word)) attribute_hidden;
++ extern void _dl_runtime_resolve_xsave (ElfW(Word)) attribute_hidden;
++ extern void _dl_runtime_resolve_xsavec (ElfW(Word)) attribute_hidden;
extern void _dl_runtime_profile_sse (ElfW(Word)) attribute_hidden;
extern void _dl_runtime_profile_avx (ElfW(Word)) attribute_hidden;
extern void _dl_runtime_profile_avx512 (ElfW(Word)) attribute_hidden;
-@@ -118,9 +121,26 @@ elf_machine_runtime_setup (struct link_map *l, int lazy, int profile)
+@@ -117,12 +117,14 @@ elf_machine_runtime_setup (struct link_map *l, int lazy, int profile)
+ /* This function will get called to fix up the GOT entry
indicated by the offset on the stack, and then jump to
the resolved address. */
- if (HAS_ARCH_FEATURE (AVX512F_Usable))
+- if (HAS_ARCH_FEATURE (AVX512F_Usable))
- *(ElfW(Addr) *) (got + 2) = (ElfW(Addr)) &_dl_runtime_resolve_avx512;
-+ {
-+ if (HAS_ARCH_FEATURE (Use_dl_runtime_resolve_opt))
-+ *(ElfW(Addr) *) (got + 2)
-+ = (ElfW(Addr)) &_dl_runtime_resolve_avx512_opt;
-+ else
-+ *(ElfW(Addr) *) (got + 2)
-+ = (ElfW(Addr)) &_dl_runtime_resolve_avx512;
-+ }
- else if (HAS_ARCH_FEATURE (AVX_Usable))
+- else if (HAS_ARCH_FEATURE (AVX_Usable))
- *(ElfW(Addr) *) (got + 2) = (ElfW(Addr)) &_dl_runtime_resolve_avx;
-+ {
-+ if (HAS_ARCH_FEATURE (Use_dl_runtime_resolve_opt))
-+ *(ElfW(Addr) *) (got + 2)
-+ = (ElfW(Addr)) &_dl_runtime_resolve_avx_opt;
-+ else if (HAS_ARCH_FEATURE (Use_dl_runtime_resolve_slow))
-+ *(ElfW(Addr) *) (got + 2)
-+ = (ElfW(Addr)) &_dl_runtime_resolve_avx_slow;
-+ else
-+ *(ElfW(Addr) *) (got + 2)
-+ = (ElfW(Addr)) &_dl_runtime_resolve_avx;
-+ }
++ if (GLRO(dl_x86_cpu_features).xsave_state_size != 0)
++ *(ElfW(Addr) *) (got + 2)
++ = (HAS_ARCH_FEATURE (XSAVEC_Usable)
++ ? (ElfW(Addr)) &_dl_runtime_resolve_xsavec
++ : (ElfW(Addr)) &_dl_runtime_resolve_xsave);
else
- *(ElfW(Addr) *) (got + 2) = (ElfW(Addr)) &_dl_runtime_resolve_sse;
+- *(ElfW(Addr) *) (got + 2) = (ElfW(Addr)) &_dl_runtime_resolve_sse;
++ *(ElfW(Addr) *) (got + 2)
++ = (ElfW(Addr)) &_dl_runtime_resolve_fxsave;
}
+ }
+
diff --git a/sysdeps/x86_64/dl-tls.c b/sysdeps/x86_64/dl-tls.c
new file mode 100644
index 0000000000..3584805c8e
@@ -15419,7 +18244,7 @@ index cf6c107f54..fa5bf6cd93 100644
+
+#endif /* _X86_64_DL_TLS_H */
diff --git a/sysdeps/x86_64/dl-trampoline.S b/sysdeps/x86_64/dl-trampoline.S
-index 12f1a5cf84..50b23633e3 100644
+index 12f1a5cf84..b4cda0f535 100644
--- a/sysdeps/x86_64/dl-trampoline.S
+++ b/sysdeps/x86_64/dl-trampoline.S
@@ -18,6 +18,7 @@
@@ -15430,167 +18255,364 @@ index 12f1a5cf84..50b23633e3 100644
#include <link-defines.h>
#ifndef DL_STACK_ALIGNMENT
-@@ -104,9 +105,11 @@
+@@ -33,41 +34,24 @@
+ # define DL_STACK_ALIGNMENT 8
+ #endif
+
+-#ifndef DL_RUNTIME_UNALIGNED_VEC_SIZE
+-/* The maximum size in bytes of unaligned vector load and store in the
+- dynamic linker. Since SSE optimized memory/string functions with
+- aligned SSE register load and store are used in the dynamic linker,
+- we must set this to 8 so that _dl_runtime_resolve_sse will align the
+- stack before calling _dl_fixup. */
+-# define DL_RUNTIME_UNALIGNED_VEC_SIZE 8
+-#endif
+-
+-/* True if _dl_runtime_resolve should align stack to VEC_SIZE bytes. */
++/* True if _dl_runtime_resolve should align stack for STATE_SAVE or align
++ stack to 16 bytes before calling _dl_fixup. */
+ #define DL_RUNTIME_RESOLVE_REALIGN_STACK \
+- (VEC_SIZE > DL_STACK_ALIGNMENT \
+- && VEC_SIZE > DL_RUNTIME_UNALIGNED_VEC_SIZE)
+-
+-/* Align vector register save area to 16 bytes. */
+-#define REGISTER_SAVE_VEC_OFF 0
++ (STATE_SAVE_ALIGNMENT > DL_STACK_ALIGNMENT \
++ || 16 > DL_STACK_ALIGNMENT)
+
+ /* Area on stack to save and restore registers used for parameter
+ passing when calling _dl_fixup. */
+ #ifdef __ILP32__
+-# define REGISTER_SAVE_RAX (REGISTER_SAVE_VEC_OFF + VEC_SIZE * 8)
+ # define PRESERVE_BND_REGS_PREFIX
+ #else
+-/* Align bound register save area to 16 bytes. */
+-# define REGISTER_SAVE_BND0 (REGISTER_SAVE_VEC_OFF + VEC_SIZE * 8)
+-# define REGISTER_SAVE_BND1 (REGISTER_SAVE_BND0 + 16)
+-# define REGISTER_SAVE_BND2 (REGISTER_SAVE_BND1 + 16)
+-# define REGISTER_SAVE_BND3 (REGISTER_SAVE_BND2 + 16)
+-# define REGISTER_SAVE_RAX (REGISTER_SAVE_BND3 + 16)
+ # ifdef HAVE_MPX_SUPPORT
+ # define PRESERVE_BND_REGS_PREFIX bnd
+ # else
+ # define PRESERVE_BND_REGS_PREFIX .byte 0xf2
+ # endif
#endif
++#define REGISTER_SAVE_RAX 0
+ #define REGISTER_SAVE_RCX (REGISTER_SAVE_RAX + 8)
+ #define REGISTER_SAVE_RDX (REGISTER_SAVE_RCX + 8)
+ #define REGISTER_SAVE_RSI (REGISTER_SAVE_RDX + 8)
+@@ -79,50 +63,56 @@
+
+ #define VEC_SIZE 64
+ #define VMOVA vmovdqa64
+-#if DL_RUNTIME_RESOLVE_REALIGN_STACK || VEC_SIZE <= DL_STACK_ALIGNMENT
+-# define VMOV vmovdqa64
+-#else
+-# define VMOV vmovdqu64
+-#endif
+ #define VEC(i) zmm##i
+-#define _dl_runtime_resolve _dl_runtime_resolve_avx512
+ #define _dl_runtime_profile _dl_runtime_profile_avx512
+ #include "dl-trampoline.h"
+-#undef _dl_runtime_resolve
+ #undef _dl_runtime_profile
+ #undef VEC
+-#undef VMOV
+ #undef VMOVA
+ #undef VEC_SIZE
+
+ #define VEC_SIZE 32
+ #define VMOVA vmovdqa
+-#if DL_RUNTIME_RESOLVE_REALIGN_STACK || VEC_SIZE <= DL_STACK_ALIGNMENT
+-# define VMOV vmovdqa
+-#else
+-# define VMOV vmovdqu
+-#endif
#define VEC(i) ymm##i
- #define _dl_runtime_resolve _dl_runtime_resolve_avx
-+#define _dl_runtime_resolve_opt _dl_runtime_resolve_avx_opt
+-#define _dl_runtime_resolve _dl_runtime_resolve_avx
#define _dl_runtime_profile _dl_runtime_profile_avx
#include "dl-trampoline.h"
- #undef _dl_runtime_resolve
-+#undef _dl_runtime_resolve_opt
+-#undef _dl_runtime_resolve
#undef _dl_runtime_profile
#undef VEC
- #undef VMOV
-@@ -126,3 +129,19 @@
+-#undef VMOV
+ #undef VMOVA
+ #undef VEC_SIZE
+
+ /* movaps/movups is 1-byte shorter. */
+ #define VEC_SIZE 16
+ #define VMOVA movaps
+-#if DL_RUNTIME_RESOLVE_REALIGN_STACK || VEC_SIZE <= DL_STACK_ALIGNMENT
+-# define VMOV movaps
+-#else
+-# define VMOV movups
+-#endif
+ #define VEC(i) xmm##i
+-#define _dl_runtime_resolve _dl_runtime_resolve_sse
#define _dl_runtime_profile _dl_runtime_profile_sse
#undef RESTORE_AVX
#include "dl-trampoline.h"
-+#undef _dl_runtime_resolve
+#undef _dl_runtime_profile
-+#undef VMOV
++#undef VEC
+#undef VMOVA
++#undef VEC_SIZE
+
-+/* Used by _dl_runtime_resolve_avx_opt/_dl_runtime_resolve_avx512_opt
-+ to preserve the full vector registers with zero upper bits. */
-+#define VMOVA vmovdqa
-+#if DL_RUNTIME_RESOLVE_REALIGN_STACK || VEC_SIZE <= DL_STACK_ALIGNMENT
-+# define VMOV vmovdqa
-+#else
-+# define VMOV vmovdqu
-+#endif
-+#define _dl_runtime_resolve _dl_runtime_resolve_sse_vex
-+#define _dl_runtime_resolve_opt _dl_runtime_resolve_avx512_opt
++#define USE_FXSAVE
++#define STATE_SAVE_ALIGNMENT 16
++#define _dl_runtime_resolve _dl_runtime_resolve_fxsave
++#include "dl-trampoline.h"
++#undef _dl_runtime_resolve
++#undef USE_FXSAVE
++#undef STATE_SAVE_ALIGNMENT
++
++#define USE_XSAVE
++#define STATE_SAVE_ALIGNMENT 64
++#define _dl_runtime_resolve _dl_runtime_resolve_xsave
++#include "dl-trampoline.h"
++#undef _dl_runtime_resolve
++#undef USE_XSAVE
++#undef STATE_SAVE_ALIGNMENT
++
++#define USE_XSAVEC
++#define STATE_SAVE_ALIGNMENT 64
++#define _dl_runtime_resolve _dl_runtime_resolve_xsavec
+#include "dl-trampoline.h"
++#undef _dl_runtime_resolve
++#undef USE_XSAVEC
++#undef STATE_SAVE_ALIGNMENT
diff --git a/sysdeps/x86_64/dl-trampoline.h b/sysdeps/x86_64/dl-trampoline.h
-index b90836ab13..d21c5a987a 100644
+index b90836ab13..b9c2f1796f 100644
--- a/sysdeps/x86_64/dl-trampoline.h
+++ b/sysdeps/x86_64/dl-trampoline.h
-@@ -50,6 +50,106 @@
- #endif
+@@ -16,40 +16,47 @@
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
- .text
-+#ifdef _dl_runtime_resolve_opt
-+/* Use the smallest vector registers to preserve the full YMM/ZMM
-+ registers to avoid SSE transition penalty. */
-+
-+# if VEC_SIZE == 32
-+/* Check if the upper 128 bits in %ymm0 - %ymm7 registers are non-zero
-+ and preserve %xmm0 - %xmm7 registers with the zero upper bits. Since
-+ there is no SSE transition penalty on AVX512 processors which don't
-+ support XGETBV with ECX == 1, _dl_runtime_resolve_avx512_slow isn't
-+ provided. */
-+ .globl _dl_runtime_resolve_avx_slow
-+ .hidden _dl_runtime_resolve_avx_slow
-+ .type _dl_runtime_resolve_avx_slow, @function
-+ .align 16
-+_dl_runtime_resolve_avx_slow:
-+ cfi_startproc
-+ cfi_adjust_cfa_offset(16) # Incorporate PLT
-+ vorpd %ymm0, %ymm1, %ymm8
-+ vorpd %ymm2, %ymm3, %ymm9
-+ vorpd %ymm4, %ymm5, %ymm10
-+ vorpd %ymm6, %ymm7, %ymm11
-+ vorpd %ymm8, %ymm9, %ymm9
-+ vorpd %ymm10, %ymm11, %ymm10
-+ vpcmpeqd %xmm8, %xmm8, %xmm8
-+ vorpd %ymm9, %ymm10, %ymm10
-+ vptest %ymm10, %ymm8
-+ # Preserve %ymm0 - %ymm7 registers if the upper 128 bits of any
-+ # %ymm0 - %ymm7 registers aren't zero.
-+ PRESERVE_BND_REGS_PREFIX
-+ jnc _dl_runtime_resolve_avx
-+ # Use vzeroupper to avoid SSE transition penalty.
-+ vzeroupper
-+ # Preserve %xmm0 - %xmm7 registers with the zero upper 128 bits
-+ # when the upper 128 bits of %ymm0 - %ymm7 registers are zero.
-+ PRESERVE_BND_REGS_PREFIX
-+ jmp _dl_runtime_resolve_sse_vex
-+ cfi_adjust_cfa_offset(-16) # Restore PLT adjustment
-+ cfi_endproc
-+ .size _dl_runtime_resolve_avx_slow, .-_dl_runtime_resolve_avx_slow
+-#undef REGISTER_SAVE_AREA_RAW
+-#ifdef __ILP32__
+-/* X32 saves RCX, RDX, RSI, RDI, R8 and R9 plus RAX as well as VEC0 to
+- VEC7. */
+-# define REGISTER_SAVE_AREA_RAW (8 * 7 + VEC_SIZE * 8)
+-#else
+-/* X86-64 saves RCX, RDX, RSI, RDI, R8 and R9 plus RAX as well as
+- BND0, BND1, BND2, BND3 and VEC0 to VEC7. */
+-# define REGISTER_SAVE_AREA_RAW (8 * 7 + 16 * 4 + VEC_SIZE * 8)
+-#endif
++ .text
++#ifdef _dl_runtime_resolve
+
+-#undef REGISTER_SAVE_AREA
+-#undef LOCAL_STORAGE_AREA
+-#undef BASE
+-#if DL_RUNTIME_RESOLVE_REALIGN_STACK
+-# define REGISTER_SAVE_AREA (REGISTER_SAVE_AREA_RAW + 8)
+-/* Local stack area before jumping to function address: RBX. */
+-# define LOCAL_STORAGE_AREA 8
+-# define BASE rbx
+-# if (REGISTER_SAVE_AREA % VEC_SIZE) != 0
+-# error REGISTER_SAVE_AREA must be multples of VEC_SIZE
++# undef REGISTER_SAVE_AREA
++# undef LOCAL_STORAGE_AREA
++# undef BASE
++
++# if (STATE_SAVE_ALIGNMENT % 16) != 0
++# error STATE_SAVE_ALIGNMENT must be multples of 16
+ # endif
+-#else
+-# define REGISTER_SAVE_AREA REGISTER_SAVE_AREA_RAW
++
++# if (STATE_SAVE_OFFSET % STATE_SAVE_ALIGNMENT) != 0
++# error STATE_SAVE_OFFSET must be multples of STATE_SAVE_ALIGNMENT
+# endif
+
-+/* Use XGETBV with ECX == 1 to check which bits in vector registers are
-+ non-zero and only preserve the non-zero lower bits with zero upper
-+ bits. */
-+ .globl _dl_runtime_resolve_opt
-+ .hidden _dl_runtime_resolve_opt
-+ .type _dl_runtime_resolve_opt, @function
-+ .align 16
-+_dl_runtime_resolve_opt:
-+ cfi_startproc
-+ cfi_adjust_cfa_offset(16) # Incorporate PLT
-+ pushq %rax
-+ cfi_adjust_cfa_offset(8)
-+ cfi_rel_offset(%rax, 0)
-+ pushq %rcx
-+ cfi_adjust_cfa_offset(8)
-+ cfi_rel_offset(%rcx, 0)
-+ pushq %rdx
-+ cfi_adjust_cfa_offset(8)
-+ cfi_rel_offset(%rdx, 0)
-+ movl $1, %ecx
-+ xgetbv
-+ movl %eax, %r11d
-+ popq %rdx
-+ cfi_adjust_cfa_offset(-8)
-+ cfi_restore (%rdx)
-+ popq %rcx
-+ cfi_adjust_cfa_offset(-8)
-+ cfi_restore (%rcx)
-+ popq %rax
-+ cfi_adjust_cfa_offset(-8)
-+ cfi_restore (%rax)
-+# if VEC_SIZE == 32
-+ # For YMM registers, check if YMM state is in use.
-+ andl $bit_YMM_state, %r11d
-+ # Preserve %xmm0 - %xmm7 registers with the zero upper 128 bits if
-+ # YMM state isn't in use.
-+ PRESERVE_BND_REGS_PREFIX
-+ jz _dl_runtime_resolve_sse_vex
-+# elif VEC_SIZE == 16
-+ # For ZMM registers, check if YMM state and ZMM state are in
-+ # use.
-+ andl $(bit_YMM_state | bit_ZMM0_15_state), %r11d
-+ cmpl $bit_YMM_state, %r11d
-+ # Preserve %zmm0 - %zmm7 registers if ZMM state is in use.
-+ PRESERVE_BND_REGS_PREFIX
-+ jg _dl_runtime_resolve_avx512
-+ # Preserve %ymm0 - %ymm7 registers with the zero upper 256 bits if
-+ # ZMM state isn't in use.
-+ PRESERVE_BND_REGS_PREFIX
-+ je _dl_runtime_resolve_avx
-+ # Preserve %xmm0 - %xmm7 registers with the zero upper 384 bits if
-+ # neither YMM state nor ZMM state are in use.
++# if DL_RUNTIME_RESOLVE_REALIGN_STACK
++/* Local stack area before jumping to function address: RBX. */
++# define LOCAL_STORAGE_AREA 8
++# define BASE rbx
++# ifdef USE_FXSAVE
++/* Use fxsave to save XMM registers. */
++# define REGISTER_SAVE_AREA (512 + STATE_SAVE_OFFSET)
++# if (REGISTER_SAVE_AREA % 16) != 0
++# error REGISTER_SAVE_AREA must be multples of 16
++# endif
++# endif
+# else
-+# error Unsupported VEC_SIZE!
-+# endif
-+ cfi_adjust_cfa_offset(-16) # Restore PLT adjustment
-+ cfi_endproc
-+ .size _dl_runtime_resolve_opt, .-_dl_runtime_resolve_opt
-+#endif
++# ifndef USE_FXSAVE
++# error USE_FXSAVE must be defined
++# endif
++/* Use fxsave to save XMM registers. */
++# define REGISTER_SAVE_AREA (512 + STATE_SAVE_OFFSET + 8)
+ /* Local stack area before jumping to function address: All saved
+ registers. */
+-# define LOCAL_STORAGE_AREA REGISTER_SAVE_AREA
+-# define BASE rsp
+-# if (REGISTER_SAVE_AREA % 16) != 8
+-# error REGISTER_SAVE_AREA must be odd multples of 8
++# define LOCAL_STORAGE_AREA REGISTER_SAVE_AREA
++# define BASE rsp
++# if (REGISTER_SAVE_AREA % 16) != 8
++# error REGISTER_SAVE_AREA must be odd multples of 8
++# endif
+ # endif
+-#endif
+
+- .text
.globl _dl_runtime_resolve
.hidden _dl_runtime_resolve
.type _dl_runtime_resolve, @function
-@@ -69,7 +169,9 @@ _dl_runtime_resolve:
- and $-VEC_SIZE, %RSP_LP
- #endif
+@@ -57,19 +64,30 @@
+ cfi_startproc
+ _dl_runtime_resolve:
+ cfi_adjust_cfa_offset(16) # Incorporate PLT
+-#if DL_RUNTIME_RESOLVE_REALIGN_STACK
+-# if LOCAL_STORAGE_AREA != 8
+-# error LOCAL_STORAGE_AREA must be 8
+-# endif
++# if DL_RUNTIME_RESOLVE_REALIGN_STACK
++# if LOCAL_STORAGE_AREA != 8
++# error LOCAL_STORAGE_AREA must be 8
++# endif
+ pushq %rbx # push subtracts stack by 8.
+ cfi_adjust_cfa_offset(8)
+ cfi_rel_offset(%rbx, 0)
+ mov %RSP_LP, %RBX_LP
+ cfi_def_cfa_register(%rbx)
+- and $-VEC_SIZE, %RSP_LP
+-#endif
++ and $-STATE_SAVE_ALIGNMENT, %RSP_LP
++# endif
++# ifdef REGISTER_SAVE_AREA
sub $REGISTER_SAVE_AREA, %RSP_LP
-+#if !DL_RUNTIME_RESOLVE_REALIGN_STACK
++# if !DL_RUNTIME_RESOLVE_REALIGN_STACK
cfi_adjust_cfa_offset(REGISTER_SAVE_AREA)
-+#endif
++# endif
++# else
++ # Allocate stack space of the required size to save the state.
++# if IS_IN (rtld)
++ sub _rtld_local_ro+RTLD_GLOBAL_RO_DL_X86_CPU_FEATURES_OFFSET+XSAVE_STATE_SIZE_OFFSET(%rip), %RSP_LP
++# else
++ sub _dl_x86_cpu_features+XSAVE_STATE_SIZE_OFFSET(%rip), %RSP_LP
++# endif
++# endif
# Preserve registers otherwise clobbered.
movq %rax, REGISTER_SAVE_RAX(%rsp)
movq %rcx, REGISTER_SAVE_RCX(%rsp)
-@@ -162,7 +264,10 @@ _dl_runtime_resolve:
+@@ -78,59 +96,42 @@ _dl_runtime_resolve:
+ movq %rdi, REGISTER_SAVE_RDI(%rsp)
+ movq %r8, REGISTER_SAVE_R8(%rsp)
+ movq %r9, REGISTER_SAVE_R9(%rsp)
+- VMOV %VEC(0), (REGISTER_SAVE_VEC_OFF)(%rsp)
+- VMOV %VEC(1), (REGISTER_SAVE_VEC_OFF + VEC_SIZE)(%rsp)
+- VMOV %VEC(2), (REGISTER_SAVE_VEC_OFF + VEC_SIZE * 2)(%rsp)
+- VMOV %VEC(3), (REGISTER_SAVE_VEC_OFF + VEC_SIZE * 3)(%rsp)
+- VMOV %VEC(4), (REGISTER_SAVE_VEC_OFF + VEC_SIZE * 4)(%rsp)
+- VMOV %VEC(5), (REGISTER_SAVE_VEC_OFF + VEC_SIZE * 5)(%rsp)
+- VMOV %VEC(6), (REGISTER_SAVE_VEC_OFF + VEC_SIZE * 6)(%rsp)
+- VMOV %VEC(7), (REGISTER_SAVE_VEC_OFF + VEC_SIZE * 7)(%rsp)
+-#ifndef __ILP32__
+- # We also have to preserve bound registers. These are nops if
+- # Intel MPX isn't available or disabled.
+-# ifdef HAVE_MPX_SUPPORT
+- bndmov %bnd0, REGISTER_SAVE_BND0(%rsp)
+- bndmov %bnd1, REGISTER_SAVE_BND1(%rsp)
+- bndmov %bnd2, REGISTER_SAVE_BND2(%rsp)
+- bndmov %bnd3, REGISTER_SAVE_BND3(%rsp)
++# ifdef USE_FXSAVE
++ fxsave STATE_SAVE_OFFSET(%rsp)
+ # else
+-# if REGISTER_SAVE_BND0 == 0
+- .byte 0x66,0x0f,0x1b,0x04,0x24
++ movl $STATE_SAVE_MASK, %eax
++ xorl %edx, %edx
++ # Clear the XSAVE Header.
++# ifdef USE_XSAVE
++ movq %rdx, (STATE_SAVE_OFFSET + 512)(%rsp)
++ movq %rdx, (STATE_SAVE_OFFSET + 512 + 8)(%rsp)
++# endif
++ movq %rdx, (STATE_SAVE_OFFSET + 512 + 8 * 2)(%rsp)
++ movq %rdx, (STATE_SAVE_OFFSET + 512 + 8 * 3)(%rsp)
++ movq %rdx, (STATE_SAVE_OFFSET + 512 + 8 * 4)(%rsp)
++ movq %rdx, (STATE_SAVE_OFFSET + 512 + 8 * 5)(%rsp)
++ movq %rdx, (STATE_SAVE_OFFSET + 512 + 8 * 6)(%rsp)
++ movq %rdx, (STATE_SAVE_OFFSET + 512 + 8 * 7)(%rsp)
++# ifdef USE_XSAVE
++ xsave STATE_SAVE_OFFSET(%rsp)
+ # else
+- .byte 0x66,0x0f,0x1b,0x44,0x24,REGISTER_SAVE_BND0
++ xsavec STATE_SAVE_OFFSET(%rsp)
+ # endif
+- .byte 0x66,0x0f,0x1b,0x4c,0x24,REGISTER_SAVE_BND1
+- .byte 0x66,0x0f,0x1b,0x54,0x24,REGISTER_SAVE_BND2
+- .byte 0x66,0x0f,0x1b,0x5c,0x24,REGISTER_SAVE_BND3
+ # endif
+-#endif
+ # Copy args pushed by PLT in register.
+ # %rdi: link_map, %rsi: reloc_index
+ mov (LOCAL_STORAGE_AREA + 8)(%BASE), %RSI_LP
+ mov LOCAL_STORAGE_AREA(%BASE), %RDI_LP
+ call _dl_fixup # Call resolver.
+ mov %RAX_LP, %R11_LP # Save return value
+-#ifndef __ILP32__
+- # Restore bound registers. These are nops if Intel MPX isn't
+- # avaiable or disabled.
+-# ifdef HAVE_MPX_SUPPORT
+- bndmov REGISTER_SAVE_BND3(%rsp), %bnd3
+- bndmov REGISTER_SAVE_BND2(%rsp), %bnd2
+- bndmov REGISTER_SAVE_BND1(%rsp), %bnd1
+- bndmov REGISTER_SAVE_BND0(%rsp), %bnd0
++ # Get register content back.
++# ifdef USE_FXSAVE
++ fxrstor STATE_SAVE_OFFSET(%rsp)
+ # else
+- .byte 0x66,0x0f,0x1a,0x5c,0x24,REGISTER_SAVE_BND3
+- .byte 0x66,0x0f,0x1a,0x54,0x24,REGISTER_SAVE_BND2
+- .byte 0x66,0x0f,0x1a,0x4c,0x24,REGISTER_SAVE_BND1
+-# if REGISTER_SAVE_BND0 == 0
+- .byte 0x66,0x0f,0x1a,0x04,0x24
+-# else
+- .byte 0x66,0x0f,0x1a,0x44,0x24,REGISTER_SAVE_BND0
+-# endif
++ movl $STATE_SAVE_MASK, %eax
++ xorl %edx, %edx
++ xrstor STATE_SAVE_OFFSET(%rsp)
+ # endif
+-#endif
+- # Get register content back.
+ movq REGISTER_SAVE_R9(%rsp), %r9
+ movq REGISTER_SAVE_R8(%rsp), %r8
+ movq REGISTER_SAVE_RDI(%rsp), %rdi
+@@ -138,20 +139,12 @@ _dl_runtime_resolve:
+ movq REGISTER_SAVE_RDX(%rsp), %rdx
+ movq REGISTER_SAVE_RCX(%rsp), %rcx
+ movq REGISTER_SAVE_RAX(%rsp), %rax
+- VMOV (REGISTER_SAVE_VEC_OFF)(%rsp), %VEC(0)
+- VMOV (REGISTER_SAVE_VEC_OFF + VEC_SIZE)(%rsp), %VEC(1)
+- VMOV (REGISTER_SAVE_VEC_OFF + VEC_SIZE * 2)(%rsp), %VEC(2)
+- VMOV (REGISTER_SAVE_VEC_OFF + VEC_SIZE * 3)(%rsp), %VEC(3)
+- VMOV (REGISTER_SAVE_VEC_OFF + VEC_SIZE * 4)(%rsp), %VEC(4)
+- VMOV (REGISTER_SAVE_VEC_OFF + VEC_SIZE * 5)(%rsp), %VEC(5)
+- VMOV (REGISTER_SAVE_VEC_OFF + VEC_SIZE * 6)(%rsp), %VEC(6)
+- VMOV (REGISTER_SAVE_VEC_OFF + VEC_SIZE * 7)(%rsp), %VEC(7)
+-#if DL_RUNTIME_RESOLVE_REALIGN_STACK
++# if DL_RUNTIME_RESOLVE_REALIGN_STACK
+ mov %RBX_LP, %RSP_LP
+ cfi_def_cfa_register(%rsp)
+ movq (%rsp), %rbx
+ cfi_restore(%rbx)
+-#endif
++# endif
+ # Adjust stack(PLT did 2 pushes)
+ add $(LOCAL_STORAGE_AREA + 16), %RSP_LP
+ cfi_adjust_cfa_offset(-(LOCAL_STORAGE_AREA + 16))
+@@ -160,9 +153,10 @@ _dl_runtime_resolve:
+ jmp *%r11 # Jump to function address.
+ cfi_endproc
.size _dl_runtime_resolve, .-_dl_runtime_resolve
++#endif
-#ifndef PROF
-+/* To preserve %xmm0 - %xmm7 registers, dl-trampoline.h is included
-+ twice, for _dl_runtime_resolve_sse and _dl_runtime_resolve_sse_vex.
-+ But we don't need another _dl_runtime_profile for XMM registers. */
+#if !defined PROF && defined _dl_runtime_profile
# if (LR_VECTOR_OFFSET % VEC_SIZE) != 0
# error LR_VECTOR_OFFSET must be multples of VEC_SIZE
1
0
ports/core (3.3): [notify] glibc: updated to 2.24-10. Fix for CVE-2018-1000001
by crux@crux.nu 19 Jan '18
by crux@crux.nu 19 Jan '18
19 Jan '18
commit 9a5975b0aaed19d3c06f69dd46e36c7c23f3fe69
Author: Fredrik Rinnestam <fredrik(a)crux.nu>
Date: Fri Jan 19 15:05:14 2018 +0100
[notify] glibc: updated to 2.24-10. Fix for CVE-2018-1000001
diff --git a/glibc/.md5sum b/glibc/.md5sum
index 757ebc60..c6cb1113 100644
--- a/glibc/.md5sum
+++ b/glibc/.md5sum
@@ -1,6 +1,5 @@
-bcfb2cb7f1cb0b4ecce27fcd5d5d2b21 0001-CVE-2017-15670-glob-Fix-one-byte-overflow-BZ-22320.patch
aaad345ff18993dafe3e44ac947f7157 glibc-2.20-multilib-dirs.patch
-cb9c54c9d22b3ab597a69d05420b5e80 glibc-2.24.8.patch
+4382c5b030a4995a9a4649dd735f6685 glibc-2.24-10.patch
97dc5517f92016f3d70d83e3162ad318 glibc-2.24.tar.xz
96156bec8e05de67384dc93e72bdc313 host.conf
fbbc215a9b15ba4846f326cc88108057 hosts
diff --git a/glibc/.signature b/glibc/.signature
index e37cfd3e..05d98733 100644
--- a/glibc/.signature
+++ b/glibc/.signature
@@ -1,6 +1,6 @@
untrusted comment: verify with /etc/ports/core.pub
-RWRJc1FUaeVeqgAZOOo9pTZ8Kkhyn33vUDz6ZScBxuUJQ6SeGXgbji+1Hk8NhAeXhzpTxD/z+samesI/MdBUnJ7FWpznMnezQgk=
-SHA256 (Pkgfile) = 5d3c266de36bc04680358a4a7231bd7de49ead7e44da17d6a7edcb2a8d4cc3b5
+RWRJc1FUaeVeqsBKjyM8wdd/C2rlJ/gFfK8cx67MV3xb/bI841ZYrLyS3oFcfaUv3weOhVQjgQpN8ToKwmEykQRHEtqCvlfzgA8=
+SHA256 (Pkgfile) = 4edcaa1db1ba626fa4970327676b6623d925ab76831a5bcaac4ec5a6be4184fc
SHA256 (.footprint) = 9bfd444359441e61174162207102b96597aa3a7051b4c5d8401d9d0e2713ec81
SHA256 (glibc-2.24.tar.xz) = 99d4a3e8efd144d71488e478f62587578c0f4e1fa0b4eed47ee3d4975ebeb5d3
SHA256 (kernel-headers-4.9.5.tar.xz) = 5783ad8f668ee71561fae370fbcdc477aaa6df249bd85635b87a8c204aeb4aa9
@@ -10,5 +10,4 @@ SHA256 (resolv.conf) = 72ccb58768a72a771ec37142bc361a18478a07ec9de6e925a20760794
SHA256 (nsswitch.conf) = 859b8984e5e90aff3cce8f9779996ae4033b280d2122840e9411e2f44a1c2e61
SHA256 (host.conf) = 1bffc6575eb6204458758c34656cd44d87e7d89f545055f8857dd8906b7fb277
SHA256 (ld.so.conf) = 441a37924864b5b063208922ea04a926cd9654e74ed3f160b9d455b56d23387f
-SHA256 (glibc-2.24.8.patch) = 314fe8ec41042a85991e830a002abf2ff0b98dc4467afa238d8bb369d3be7cca
-SHA256 (0001-CVE-2017-15670-glob-Fix-one-byte-overflow-BZ-22320.patch) = 3f634bf301eb8bab57e5ea552de3f694fb063ab45af3cc91990e1bc24f280ddd
+SHA256 (glibc-2.24-10.patch) = 166d8a11ef5e616e65f5f626ad0a47b881712865ceef6e78bb4bc9bdc8af2c55
diff --git a/glibc/0001-CVE-2017-15670-glob-Fix-one-byte-overflow-BZ-22320.patch b/glibc/0001-CVE-2017-15670-glob-Fix-one-byte-overflow-BZ-22320.patch
deleted file mode 100644
index bc410b26..00000000
--- a/glibc/0001-CVE-2017-15670-glob-Fix-one-byte-overflow-BZ-22320.patch
+++ /dev/null
@@ -1,765 +0,0 @@
-From b9911eb529e51ebe7c5daa3b4f17e2caf7ddb9a4 Mon Sep 17 00:00:00 2001
-From: Fredrik Rinnestam <fredrik(a)crux.nu>
-Date: Sun, 22 Oct 2017 16:18:40 +0200
-Subject: [PATCH] CVE-2017-15670: glob: Fix one-byte overflow [BZ #22320]
-
----
- ChangeLog | 10 +
- NEWS | 701 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- posix/glob.c | 2 +-
- 3 files changed, 712 insertions(+), 1 deletion(-)
-
-diff --git a/ChangeLog b/ChangeLog
-index 84189ec762..1fb38cb7ee 100644
---- a/ChangeLog
-+++ b/ChangeLog
-@@ -1,3 +1,4 @@
-+<<<<<<< HEAD
- 2017-10-19 H.J. Lu <hongjiu.lu(a)intel.com>
-
- * sysdeps/x86_64/Makefile (tests): Add tst-sse, tst-avx and
-@@ -20,6 +21,15 @@
- * sysdeps/x86_64/tst-avxmod.c: Likewise.
- * sysdeps/x86_64/tst-sse.c: Likewise.
- * sysdeps/x86_64/tst-ssemod.c: Likewise.
-+=======
-+2017-10-20 Paul Eggert <eggert(a)cs.ucla.edu>
-+
-+ [BZ #22320]
-+ CVE-2017-15670
-+ * posix/glob.c (__glob): Fix one-byte overflow.
-+
-+2017-10-20 Wilco Dijkstra <wdijkstr(a)arm.com>
-+>>>>>>> c369d66e54... CVE-2017-15670: glob: Fix one-byte overflow [BZ #22320]
-
- 2017-10-19 H.J. Lu <hongjiu.lu(a)intel.com>
-
-diff --git a/NEWS b/NEWS
-index 4831542023..90cae42eee 100644
---- a/NEWS
-+++ b/NEWS
-@@ -5,7 +5,708 @@ See the end for copying conditions.
- Please send GNU C library bug reports via <http://sourceware.org/bugzilla/>
- using `glibc' in the "product" field.
-
-+<<<<<<< HEAD
- Version 2.24.1
-+=======
-+Version 2.27
-+
-+Major new features:
-+
-+* Optimized x86-64 asin, atan2, exp, expf, log, pow, atan, sin and tan
-+ with FMA, contributed by Arjan van de Ven and H.J. Lu from Intel.
-+
-+* Optimized x86-64 trunc and truncf for processors with SSE4.1.
-+
-+* Optimized generic expf, exp2f, logf, log2f and powf.
-+
-+* In order to support faster and safer process termination the malloc API
-+ family of functions will no longer print a failure address and stack
-+ backtrace after detecting heap corruption. The goal is to minimize the
-+ amount of work done after corruption is detected and to avoid potential
-+ security issues in continued process execution. Reducing shutdown time
-+ leads to lower overall process restart latency, so there is benefit both
-+ from a security and performance perspective.
-+
-+* The abort function terminates the process immediately, without flushing
-+ stdio streams. Previous glibc versions used to flush streams, resulting
-+ in deadlocks and further data corruption. This change also affects
-+ process aborts as the result of assertion failures.
-+
-+* On platforms where long double has the IEEE binary128 format (aarch64,
-+ alpha, mips64, s390 and sparc), the math library now implements _Float128
-+ interfaces for that type, as defined by ISO/IEC TS 18661-3:2015. These
-+ are the same interfaces added in version 2.26 for some platforms where
-+ this format is supported but is not the format of long double.
-+
-+Deprecated and removed features, and other changes affecting compatibility:
-+
-+* On GNU/Linux, the obsolete Linux constant PTRACE_SEIZE_DEVEL is no longer
-+ defined by <sys/ptrace.h>.
-+
-+* libm no longer supports SVID error handling (calling a user-provided
-+ matherr function on error) or the _LIB_VERSION variable to control error
-+ handling. (SVID error handling and the _LIB_VERSION variable still work
-+ for binaries linked against older versions of the GNU C Library.) The
-+ libieee.a library is no longer provided. math.h no longer defines struct
-+ exception, or the macros X_TLOSS, DOMAIN, SING, OVERFLOW, UNDERFLOW,
-+ TLOSS, PLOSS and HUGE.
-+
-+* The libm functions pow10, pow10f and pow10l are no longer supported for
-+ new programs. Programs should use the standard names exp10, exp10f and
-+ exp10l for these functions instead.
-+
-+* The mcontext_t type is no longer the same as struct sigcontext. On
-+ platforms where it was previously the same, this changes the C++ name
-+ mangling for interfaces involving this type.
-+
-+* The add-ons mechanism for building additional packages at the same time as
-+ glibc has been removed. The --enable-add-ons configure option is now
-+ ignored.
-+
-+Changes to build and runtime requirements:
-+
-+ [Add changes to build and runtime requirements here]
-+
-+Security related changes:
-+
-+ CVE-2009-5064: The ldd script would sometimes run the program under
-+ examination directly, without preventing code execution through the
-+ dynamic linker. (The glibc project disputes that this is a security
-+ vulnerability; only trusted binaries must be examined using the ldd
-+ script.)
-+
-+ CVE-2017-15670: The glob function, when invoked with GLOB_TILDE, suffered
-+ from a one-byte overflow during ~ operator processing (either on the stack
-+ or the heap, depending on the length of the user name).
-+
-+The following bugs are resolved with this release:
-+
-+ [The release manager will add the list generated by
-+ scripts/list-fixed-bugs.py just before the release.]
-+
-+
-+Version 2.26
-+
-+Major new features:
-+
-+* A per-thread cache has been added to malloc. Access to the cache requires
-+ no locks and therefore significantly accelerates the fast path to allocate
-+ and free small amounts of memory. Refilling an empty cache requires locking
-+ the underlying arena. Performance measurements show significant gains in a
-+ wide variety of user workloads. Workloads were captured using a special
-+ instrumented malloc and analyzed with a malloc simulator. Contributed by
-+ DJ Delorie with the help of Florian Weimer, and Carlos O'Donell.
-+
-+* Unicode 10.0.0 Support: Character encoding, character type info, and
-+ transliteration tables are all updated to Unicode 10.0.0, using
-+ generator scripts contributed by Mike FABIAN (Red Hat).
-+ These updates cause user visible changes, especially the changes in
-+ wcwidth for many emoji characters cause problems when emoji sequences
-+ are rendered with pango, see for example:
-+ https://bugzilla.gnome.org/show_bug.cgi?id=780669#c5
-+
-+* Collation of Hungarian has been overhauled and is now consistent with "The
-+ Rules of Hungarian Orthography, 12th edition" (Bug 18934). Contributed by
-+ Egmont Koblinger.
-+
-+* Improvements to the DNS stub resolver, contributed by Florian Weimer:
-+
-+ - The GNU C Library will now detect when /etc/resolv.conf has been
-+ modified and reload the changed configuration. The new resolver option
-+ “no-reload” (RES_NORELOAD) disables this behavior.
-+
-+ - The GNU C Library now supports an arbitrary number of search domains
-+ (configured using the “search” directive in /etc/resolv.conf);
-+ previously, there was a hard limit of six domains. For backward
-+ compatibility, applications that directly modify the ‘_res’ global
-+ object are still limited to six search domains.
-+
-+ - When the “rotate” (RES_ROTATE) resolver option is active, the GNU C
-+ Library will now randomly pick a name server from the configuration as a
-+ starting point. (Previously, the second name server was always used.)
-+
-+* The tunables feature is now enabled by default. This allows users to tweak
-+ behavior of the GNU C Library using the GLIBC_TUNABLES environment variable.
-+
-+* New function reallocarray, which resizes an allocated block (like realloc)
-+ to the product of two sizes, with a guaranteed clean failure upon integer
-+ overflow in the multiplication. Originally from OpenBSD, contributed by
-+ Dennis Wölfing and Rüdiger Sonderfeld.
-+
-+* New wrappers for the Linux-specific system calls preadv2 and pwritev2.
-+ These are extended versions of preadv and pwritev, respectively, taking an
-+ additional flags argument. The set of supported flags depends on the
-+ running kernel; full support currently requires kernel 4.7 or later.
-+
-+* posix_spawnattr_setflags now supports the flag POSIX_SPAWN_SETSID, to
-+ create a new session ID for the spawned process. This feature is
-+ scheduled to be added to the next major revision of POSIX; for the time
-+ being, it is available under _GNU_SOURCE.
-+
-+* errno.h is now safe to use from C-preprocessed assembly language on all
-+ supported operating systems. In this context, it will only define the
-+ Exxxx constants, as preprocessor macros expanding to integer literals.
-+
-+* On ia64, powerpc64le, x86-32, and x86-64, the math library now implements
-+ 128-bit floating point as defined by ISO/IEC/IEEE 60559:2011 (IEEE
-+ 754-2008) and ISO/IEC TS 18661-3:2015. Contributed by Paul E. Murphy,
-+ Gabriel F. T. Gomes, Tulio Magno Quites Machado Filho, and Joseph Myers.
-+
-+ To compile programs that use this feature, the compiler must support
-+ 128-bit floating point with the type name _Float128 (as defined by TS
-+ 18661-3) or __float128 (the nonstandard name used by GCC for C++, and for
-+ C prior to version 7). _GNU_SOURCE or __STDC_WANT_IEC_60559_TYPES_EXT__
-+ must be defined to make the new interfaces visible.
-+
-+ The new functions and macros correspond to those present for other
-+ floating-point types (except for a few obsolescent interfaces not
-+ supported for the new type), with F128 or f128 suffixes; for example,
-+ strtof128, HUGE_VAL_F128 and cosf128. Following TS 18661-3, there are no
-+ printf or scanf formats for the new type; the strfromf128 and strtof128
-+ interfaces should be used instead.
-+
-+Deprecated and removed features, and other changes affecting compatibility:
-+
-+* The synchronization that pthread_spin_unlock performs has been changed to
-+ now be equivalent to a C11 atomic store with release memory order to the
-+ spin lock's memory location. Previously, several (but not all)
-+ architectures used stronger synchronization (e.g., containing what is
-+ often called a full barrier). This change can improve performance, but
-+ may affect odd fringe uses of spin locks that depend on the previous
-+ behavior (e.g., using spin locks as atomic variables to try to implement
-+ Dekker's mutual exclusion algorithm).
-+
-+* The port to Native Client running on ARMv7-A (--host=arm-nacl) has been
-+ removed.
-+
-+* Sun RPC is deprecated. The rpcgen program, librpcsvc, and Sun RPC headers
-+ will only be built and installed when the GNU C Library is configured with
-+ --enable-obsolete-rpc. This allows alternative RPC implementations, such
-+ as TIRPC or rpcsvc-proto, to be used.
-+
-+* The NIS(+) name service modules, libnss_nis, libnss_nisplus, and
-+ libnss_compat, are deprecated, and will not be built or installed by
-+ default.
-+
-+ The NIS(+) support library, libnsl, is also deprecated. By default, a
-+ compatibility shared library will be built and installed, but not headers
-+ or development libraries. Only a few NIS-related programs require this
-+ library. (In particular, the GNU C Library has never required programs
-+ that use 'gethostbyname' to be linked with libnsl.)
-+
-+ Replacement implementations based on TIRPC, which additionally support
-+ IPv6, are available from <https://github.com/thkukuk/>. The configure
-+ option --enable-obsolete-nsl will cause libnsl's headers, and the NIS(+)
-+ name service modules, to be built and installed.
-+
-+* The DNS stub resolver no longer performs EDNS fallback. If EDNS or DNSSEC
-+ support is enabled, the configured recursive resolver must support EDNS.
-+ (Responding to EDNS-enabled queries with responses which are not
-+ EDNS-enabled is fine, but FORMERR responses are not.)
-+
-+* res_mkquery and res_nmkquery no longer support the IQUERY opcode. DNS
-+ servers have not supported this opcode for a long time.
-+
-+* The _res_opcodes variable has been removed from libresolv. It had been
-+ exported by accident.
-+
-+* <string.h> no longer includes inline versions of any string functions,
-+ as this kind of optimization is better done by the compiler. The macros
-+ __USE_STRING_INLINES and __NO_STRING_INLINES no longer have any effect.
-+
-+* The nonstandard header <xlocale.h> has been removed. Most programs should
-+ use <locale.h> instead. If you have a specific need for the definition of
-+ locale_t with no other declarations, please contact
-+ libc-alpha(a)sourceware.org and explain.
-+
-+* The obsolete header <sys/ultrasound.h> has been removed.
-+
-+* The obsolete signal constant SIGUNUSED is no longer defined by <signal.h>.
-+
-+* The obsolete function cfree has been removed. Applications should use
-+ free instead.
-+
-+* The stack_t type no longer has the name struct sigaltstack. This changes
-+ the C++ name mangling for interfaces involving this type.
-+
-+* The ucontext_t type no longer has the name struct ucontext. This changes
-+ the C++ name mangling for interfaces involving this type.
-+
-+* On M68k GNU/Linux and MIPS GNU/Linux, the fpregset_t type no longer has
-+ the name struct fpregset. On Nios II GNU/Linux, the mcontext_t type no
-+ longer has the name struct mcontext. On SPARC GNU/Linux, the struct
-+ mc_fq, struct rwindow, struct fpq and struct fq types are no longer
-+ defined in sys/ucontext.h, the mc_fpu_t type no longer has the name struct
-+ mc_fpu, the gwindows_t type no longer has the name struct gwindows and the
-+ fpregset_t type no longer has the name struct fpu. This changes the C++
-+ name mangling for interfaces involving those types.
-+
-+* On S/390 GNU/Linux, the constants defined by <sys/ptrace.h> have been
-+ synced with the kernel:
-+
-+ - PTRACE_GETREGS, PTRACE_SETREGS, PTRACE_GETFPREGS and PTRACE_SETFPREGS
-+ are not supported on this architecture and have been removed.
-+
-+ - PTRACE_SINGLEBLOCK, PTRACE_SECCOMP_GET_FILTER, PTRACE_PEEKUSR_AREA,
-+ PTRACE_POKEUSR_AREA, PTRACE_GET_LAST_BREAK, PTRACE_ENABLE_TE,
-+ PTRACE_DISABLE_TE and PTRACE_TE_ABORT_RAND have been added.
-+
-+ Programs that assume the GET/SETREGS ptrace requests are universally
-+ available will now fail to build, instead of malfunctioning at runtime.
-+
-+Changes to build and runtime requirements:
-+
-+* Linux kernel 3.2 or later is required at runtime, on all architectures
-+ supported by that kernel. (This is a change from version 2.25 only for
-+ x86-32 and x86-64.)
-+
-+* GNU Binutils 2.25 or later is now required to build the GNU C Library.
-+
-+* On most architectures, GCC 4.9 or later is required to build the GNU C
-+ Library. On powerpc64le, GCC 6.2 or later is required.
-+
-+ Older GCC versions and non-GNU compilers are still supported when
-+ compiling programs that use the GNU C Library. (We do not know exactly
-+ how old, and some GNU extensions to C may be _de facto_ required. If you
-+ are interested in helping us make this statement less vague, please
-+ contact libc-alpha(a)sourceware.org.)
-+
-+Security related changes:
-+
-+* The DNS stub resolver limits the advertised UDP buffer size to 1200 bytes,
-+ to avoid fragmentation-based spoofing attacks (CVE-2017-12132).
-+
-+* LD_LIBRARY_PATH is now ignored in binaries running in privileged AT_SECURE
-+ mode to guard against local privilege escalation attacks (CVE-2017-1000366).
-+
-+* Avoid printing a backtrace from the __stack_chk_fail function since it is
-+ called on a corrupt stack and a backtrace is unreliable on a corrupt stack
-+ (CVE-2010-3192).
-+
-+* A use-after-free vulnerability in clntudp_call in the Sun RPC system has been
-+ fixed (CVE-2017-12133).
-+
-+The following bugs are resolved with this release:
-+
-+ [984] network: Respond to changed resolv.conf in gethostbyname
-+ [5010] network: sunrpc service cleanup causes unwanted port mapper traffic
-+ [12068] localedata: sc_IT: misspelled yesexpr/day/abday/mon/abmon/date_fmt
-+ fields
-+ [12189] libc: __stack_chk_fail should not attempt a backtrace
-+ (CVE-2010-3192)
-+ [14096] time: Race condition on timezone/tst-timezone.out
-+ [14172] localedata: az_IR: new locale
-+ [14995] build: glibc fails to build if gold is the default linker, even if
-+ ld.bfd is available
-+ [15998] build: [powerpc] Set arch_minimum_kernel for powerpc LE
-+ [16637] network: inet_pton function is accepting IPv6 with bad format
-+ [16640] string: string/strtok.c: undefined behaviour inconsistent between
-+ x86 and other generic code
-+ [16875] localedata: ko_KR: fix lang_name
-+ [17225] localedata: ar_SY: localized month names for May and June are
-+ incorrect
-+ [17297] localedata: da_DK: wrong date_fmt string
-+ [18907] stdio: Incorrect order of __wur __THROW in <printf.h>
-+ [18934] localedata: hu_HU: collate: fix multiple bugs and add tests
-+ [18988] nptl: pthread wastes memory with mlockall(MCL_FUTURE)
-+ [19066] localedata: ar_SA abbreviated day and month names are in English
-+ [19569] network: resolv: Support an arbitrary number of search domains
-+ [19570] network: Implement random DNS server selection in the stub
-+ resolver
-+ [19838] locale: localedef fails on PA-RISC
-+ [19919] localedata: iso14651_t1_common: Correct the Malayalam sorting
-+ order of 0D36 and 0D37
-+ [19922] localedata: iso14651_t1_common: Define collation for Malayalam
-+ chillu characters
-+ [20098] libc: FAIL: debug/backtrace-tst on hppa
-+ [20257] network: sunrpc: clntudp_call does not enforce timeout when
-+ receiving data
-+ [20275] localedata: locale day/abday/mon/abmon should not have trailing
-+ whitespace
-+ [20313] localedata: Update locale data to Unicode 9.0
-+ [20424] manual: Document how to provide a malloc replacement
-+ [20496] localedata: agr_PE: new language locale Awajún / Aguaruna (agr)
-+ for Peru
-+ [20686] locale: Add el_GR@euro to SUPPORTED.
-+ [20831] dynamic-link: _dl_map_segments does not test for __mprotect
-+ failures consistently
-+ [21015] dynamic-link: Document and fix --enable-bind-now
-+ [21016] nptl: pthread_cond support is broken on hppa
-+ [21029] libc: glibc-2.23 (and later) fails to compile with -fno-omit-
-+ frame-pointer on i386
-+ [21049] libc: segfault in longjmp_chk() due to clobbered processor
-+ register
-+ [21075] libc: unused assigment to %g4 in sparc/sparc{64,32}/clone.S
-+ [21088] libc: Build fails with --enable-static-nss
-+ [21094] math: cosf(1.57079697) has 3 ulp error on targets where the
-+ generic c code is used
-+ [21109] libc: Tunables broken on big-endian
-+ [21112] math: powf has large ulp errors with base close to 1 and exponent
-+ around 4000
-+ [21115] network: sunrpc: Use-after-free in error path in clntudp_call
-+ (CVE-2017-12133)
-+ [21120] malloc: glibc malloc is incompatible with GCC 7
-+ [21130] math: Incorrect return from y0l (-inf) and y1l (-inf) when linking
-+ with -lieee
-+ [21134] math: Exception (divide by zero) not set for y0/y1 (0.0) and y0/y1
-+ (-0.0) when linking with -lieee
-+ [21171] math: log10, log2 and lgamma return incorrect results
-+ [21179] libc: handle R_SPARC_DISP64 and R_SPARC_REGISTER relocs
-+ [21182] libc: __memchr_sse2: regression in glibc-2.25 on i686
-+ [21207] localedata: ce_RU: update weekdays from CLDR
-+ [21209] dynamic-link: LD_HWCAP_MASK read in setuid binaries
-+ [21217] localedata: Update months from CLDR-31
-+ [21232] libc: miss posix_fadvise64 on MIPS64 when static linking
-+ [21243] libc: support_delete_temp_file should issue warning for failed
-+ remove()
-+ [21244] libc: support resolv_test_start() socket fd close should be
-+ checked for errors.
-+ [21253] libc: localedef randomly segfaults when using -fstack-check due to
-+ new posix_spawn implementation
-+ [21258] dynamic-link: Branch predication in _dl_runtime_resolve_avx512_opt
-+ leads to lower CPU frequency
-+ [21259] libc: [alpha] termios.h missing IXANY for POSIX
-+ [21261] libc: [sparc64] bits/setjmp.h namespace
-+ [21267] network: [mips] bits/socket.h IOC* namespace
-+ [21268] libc: [alpha] termios.h NL2, NL3 namespace
-+ [21270] libc: mmap64 silently truncates large offset values
-+ [21275] libc: posix_spawn always crashes on ia64 now
-+ [21277] libc: [alpha] termios.h missing IUCLC for UNIX98 and older
-+ [21280] math: [powerpc] logbl for POWER7 return incorrect results
-+ [21289] libc: Incorrect declaration for 32-bit platforms with
-+ _FILE_OFFSET_BITS=64 causes build error
-+ [21295] network: GETAI(AF_UNSPEC) drops IPv6 addresses if nss module does
-+ not support gethostbyname4_r
-+ [21298] nptl: rwlock can deadlock on frequent reader/writer phase
-+ switching
-+ [21338] malloc: mallopt M_ARENA_MAX doesn't set the maximum number of
-+ arenas
-+ [21340] libc: Support POSIX_SPAWN_SETSID
-+ [21357] libc: unwind-dw2-fde deadlock when using AddressSanitizer
-+ [21359] network: ns_name_pack needs additional byte in destination buffer
-+ [21361] network: resolv: Reduce advertised EDNS0 buffer size to guard
-+ against fragmentation attacks (CVE-2017-12132)
-+ [21369] network: resolv: Remove EDNS fallback
-+ [21371] libc: Missing timespec definition when compiled with _XOPEN_SOURCE
-+ and _POSIX_C_SOURCE
-+ [21386] nptl: Assertion in fork for distinct parent PID is incorrect
-+ [21391] dynamic-link: x86: Set dl_platform and dl_hwcap from CPU features
-+ [21393] stdio: Missing dup3 error check in freopen, freopen64
-+ [21396] libc: Use AVX2 memcpy/memset on Skylake server
-+ [21399] localedata: Bad description for U00EC in
-+ localedata/charmaps/CP1254
-+ [21411] malloc: realloc documentation error
-+ [21426] network: sys/socket.h uio.h namespace
-+ [21428] libc: [aarch64] tst-backtrace5 testsuite failure
-+ [21445] libc: signal.h bsd_signal namespace
-+ [21455] network: Network headers stdint.h namespace
-+ [21474] network: resolv: res_init does not use RES_DFLRETRY (2) but 4 for
-+ retry value
-+ [21475] network: resolv: Overlong search path is truncated mid-label
-+ [21511] libc: sigstack namespace
-+ [21512] libc: clone() ends up calling exit_group() through _exit() wrapper
-+ [21514] libc: sysdeps/unix/sysv/linux/sys/syscall.h:31:27: fatal error:
-+ bits/syscall.h: No such file or directory
-+ [21517] libc: struct sigaltstack namespace
-+ [21528] dynamic-link: Duplicated minimal strtoul implementations in ld.so
-+ [21533] localedata: Update locale data to Unicode 10.0
-+ [21537] libc:
-+ ../sysdeps/unix/sysv/linux/s390/s390-32/__makecontext_ret.S:44: Error:
-+ junk at end of line, first unrecognized character is `@'
-+ [21538] libc: SIG_HOLD missing for XPG4
-+ [21539] libc: S390: Mismatch between kernel and glibc ptrace.h with
-+ request 12: PTRACE_SINGLEBLOCK vs PTRACE_GETREGS.
-+ [21542] libc: Use conservative default for sysconf (_SC_NPROCESSORS_ONLN)
-+ [21543] libc: sigevent namespace
-+ [21548] libc: [mips] get/set/make/swap context for MIPS O32 assume wrong
-+ size for general purpose registers in mcontext_t structure
-+ [21550] libc: sigwait namespace
-+ [21552] libc: XPG4 bsd_signal namespace
-+ [21554] libc: sigpause namespace
-+ [21560] libc: sys/wait.h signal.h namespace
-+ [21561] libc: waitid namespace
-+ [21573] nptl: GCC 7: /usr/bin/install: cannot remove
-+ '/usr/include/stdlib.h': Permission denied
-+ [21575] libc: sys/wait.h missing struct rusage definition
-+ [21584] libc: sigaltstack etc namespace
-+ [21597] libc: siginterrupt namespace
-+ [21607] math: hppa: FAIL: math/test-tgmath
-+ [21609] dynamic-link: Incomplete workaround for GCC __tls_get_addr ABI
-+ issue on x86-64
-+ [21622] libc: [tile] missing SA_* for POSIX.1:2008
-+ [21624] dynamic-link: ld.so: Unsafe alloca allows local attackers to alias
-+ stack and heap (CVE-2017-1000366)
-+ [21625] libc: wait3 namespace
-+ [21654] nss: Incorrect pointer alignment in NSS group merge result
-+ construction
-+ [21657] network: Parse interface zone id for node-local multicast
-+ [21662] string: memcmp-avx2-movbe.S lacks saturating subtraction for
-+ between_2_3
-+ [21666] libc: .symver is used on common symbol
-+ [21668] network: resolv: res_init cross-thread broadcast introduces race
-+ conditions
-+ [21687] math: tgmath.h totalorder, totalordermag return type
-+ [21694] locale: Current Glibc Locale Does Not Support Tok-Pisin and Fiji
-+ Hindi Locale
-+ [21696] libc: Incorrect assumption of of __cpu_mask in
-+ posix/sched_cpucount.c
-+ [21697] libc: sysdeps/posix/spawni.c: 2 * suspicious condition ?
-+ [21706] localedata: yesstr and nostr are missing for Breton [LC_MESSAGES]
-+ locale
-+ [21707] math: ppc64le: Invalid IFUNC resolver from libgcc calls getauxval,
-+ leading to relocation crash
-+ [21709] libc: resolv_conf.c:552: update_from_conf: Assertion
-+ `resolv_conf_matches (resp, conf)' failed.
-+ [21710] localedata: Added Samoan language locale for Samoa
-+ [21711] localedata: Pashto yesstr/nostr locale are missing
-+ [21715] nptl: sysdeps/nptl/bits/pthreadtypes.h: typedef guard
-+ __have_pthread_attr_t can cause redefinition of typedef ‘pthread_attr_t’
-+ [21721] localedata: Incorrect Full Weekday names for ks_IN@devanagari
-+ [21723] localedata: yesstr/nostr missing for Chinese language locale
-+ [21724] localedata: yesstr and nostr are missing for Xhosa [LC_MESSAGES]
-+ locale
-+ [21727] localedata: yesstr and nostr are missing for Tsonga [LC_MESSAGES]
-+ locale
-+ [21728] localedata: New Locale for Tongan language
-+ [21729] localedata: incorrect LC_NAME fields for hi_IN
-+ [21733] localedata: yesstr and nostr are missing for zh_HK
-+ [21734] localedata: Missing yesstr and nostr are for kw_GB
-+ [21738] libc: misc/tst-preadvwritev2 and misc/tst-preadvwritev64v2 fail
-+ [21741] libc: Undefined __memmove_chk_XXX and __memset_chk_XXX in libc.a
-+ [21742] libc: _dl_num_cache_relocations is undefined in libc.a
-+ [21743] localedata: ks_IN@devanagari: abday strings mismatch the day
-+ strings
-+ [21744] libc: Tests failing on --enable-tunables --enable-stack-
-+ protector=all
-+ [21749] localedata: Wrong abbreviated day name (“abday”) for
-+ ar_JO/ar_LB/ar_SY
-+ [21756] localedata: missing yesstr, nostr for nds_DE and nds_NL
-+ [21757] localedata: missing yesstr, nostr for pap_AW and pap_CW
-+ [21759] localedata: missing yesstr and nostr for Tigrinya
-+ [21760] localedata: Fix LC_MESSAGES and LC_ADDRESS for anp_IN
-+ [21766] localedata: Wrong LC_MESSAGES for om_ET Locale
-+ [21767] localedata: Missing Bislama locales
-+ [21768] localedata: Missing yesstr and nostr for aa_ET
-+ [21770] localedata: Missing Field in li_NL
-+ [21778] nptl: Robust mutex may deadlock
-+ [21779] libc: MicroBlaze segfaults when loading libpthread
-+ [21783] localedata: Fix int_select international_call_prefixes
-+ [21784] localedata: Inconsistency in country_isbn
-+ [21788] localedata: Missing Country Postal Abbreviations
-+ [21794] localedata: Added-country_isbn-for-Italy
-+ [21795] localedata: Add/Fix country_isbn for France
-+ [21796] localedata: Added country_isbn for Republic of Korea
-+ [21797] localedata: Fix inconsistency in country_isbn and missing prefixes
-+ [21799] localedata: Added int_select international_call_prefixes
-+ [21801] localedata: Added int_select international_call_prefixes
-+ [21804] nptl: Double semicolon in thread-shared-types.h
-+ [21807] localedata: LC_ADDRESS fix for pap_CW
-+ [21808] localedata: Fix LC_ADDRESS for pap_AW
-+ [21821] localedata: Added country_name in mai_IN
-+ [21822] localedata: Fix LC_TIME for mai_IN
-+ [21823] localedata: missing yesstr, nostr for sa_IN
-+ [21825] localedata: Fix name_mrs for mag_IN
-+ [21828] localedata: 2.26 changelog should mention user visible changes
-+ with unicode 9.0
-+ [21835] localedata: Added Maithili language locale for Nepal
-+ [21838] localedata: Removed redundant data for the_NP
-+ [21839] localedata: Fix LC_MONETARY for ta_LK
-+ [21844] localedata: Fix Latin characters and Months Sequence.
-+ [21848] localedata: Fix mai_NP Title Name
-+
-+
-+Version 2.25
-+
-+* The feature test macro __STDC_WANT_LIB_EXT2__, from ISO/IEC TR
-+ 24731-2:2010, is supported to enable declarations of functions from that
-+ TR. Note that not all functions from that TR are supported by the GNU C
-+ Library.
-+
-+* The feature test macro __STDC_WANT_IEC_60559_BFP_EXT__, from ISO/IEC TS
-+ 18661-1:2014, is supported to enable declarations of functions and macros
-+ from that TS. Note that not all features from that TS are supported by
-+ the GNU C Library.
-+
-+* The feature test macro __STDC_WANT_IEC_60559_FUNCS_EXT__, from ISO/IEC TS
-+ 18661-4:2015, is supported to enable declarations of functions and macros
-+ from that TS. Note that most features from that TS are not supported by
-+ the GNU C Library.
-+
-+* The nonstandard feature selection macros _REENTRANT and _THREAD_SAFE are
-+ now treated as compatibility synonyms for _POSIX_C_SOURCE=199506L.
-+ Since the GNU C Library defaults to a much newer revision of POSIX, this
-+ will only affect programs that specifically request an old conformance
-+ mode. For instance, a program compiled with -std=c89 -D_REENTRANT will
-+ see a change in the visible declarations, but a program compiled with
-+ just -D_REENTRANT, or -std=c99 -D_POSIX_C_SOURCE=200809L -D_REENTRANT,
-+ will not.
-+
-+ Some C libraries once required _REENTRANT and/or _THREAD_SAFE to be
-+ defined by all multithreaded code, but glibc has not required this for
-+ many years.
-+
-+* The inclusion of <sys/sysmacros.h> by <sys/types.h> is deprecated. This
-+ means that in a future release, the macros “major”, “minor”, and “makedev”
-+ will only be available from <sys/sysmacros.h>.
-+
-+ These macros are not part of POSIX nor XSI, and their names frequently
-+ collide with user code; see for instance glibc bug 19239 and Red Hat bug
-+ 130601. <stdlib.h> includes <sys/types.h> under _GNU_SOURCE, and C++ code
-+ presently cannot avoid being compiled under _GNU_SOURCE, exacerbating the
-+ problem.
-+
-+* New <fenv.h> features from TS 18661-1:2014 are added to libm: the
-+ fesetexcept, fetestexceptflag, fegetmode and fesetmode functions, the
-+ femode_t type and the FE_DFL_MODE and FE_SNANS_ALWAYS_SIGNAL macros.
-+
-+* Integer width macros from TS 18661-1:2014 are added to <limits.h>:
-+ CHAR_WIDTH, SCHAR_WIDTH, UCHAR_WIDTH, SHRT_WIDTH, USHRT_WIDTH, INT_WIDTH,
-+ UINT_WIDTH, LONG_WIDTH, ULONG_WIDTH, LLONG_WIDTH, ULLONG_WIDTH; and to
-+ <stdint.h>: INT8_WIDTH, UINT8_WIDTH, INT16_WIDTH, UINT16_WIDTH,
-+ INT32_WIDTH, UINT32_WIDTH, INT64_WIDTH, UINT64_WIDTH, INT_LEAST8_WIDTH,
-+ UINT_LEAST8_WIDTH, INT_LEAST16_WIDTH, UINT_LEAST16_WIDTH,
-+ INT_LEAST32_WIDTH, UINT_LEAST32_WIDTH, INT_LEAST64_WIDTH,
-+ UINT_LEAST64_WIDTH, INT_FAST8_WIDTH, UINT_FAST8_WIDTH, INT_FAST16_WIDTH,
-+ UINT_FAST16_WIDTH, INT_FAST32_WIDTH, UINT_FAST32_WIDTH, INT_FAST64_WIDTH,
-+ UINT_FAST64_WIDTH, INTPTR_WIDTH, UINTPTR_WIDTH, INTMAX_WIDTH,
-+ UINTMAX_WIDTH, PTRDIFF_WIDTH, SIG_ATOMIC_WIDTH, SIZE_WIDTH, WCHAR_WIDTH,
-+ WINT_WIDTH.
-+
-+* New <math.h> features are added from TS 18661-1:2014:
-+
-+ - Signaling NaN macros: SNANF, SNAN, SNANL.
-+
-+ - Nearest integer functions: roundeven, roundevenf, roundevenl, fromfp,
-+ fromfpf, fromfpl, ufromfp, ufromfpf, ufromfpl, fromfpx, fromfpxf,
-+ fromfpxl, ufromfpx, ufromfpxf, ufromfpxl.
-+
-+ - llogb functions: the llogb, llogbf and llogbl functions, and the
-+ FP_LLOGB0 and FP_LLOGBNAN macros.
-+
-+ - Max-min magnitude functions: fmaxmag, fmaxmagf, fmaxmagl, fminmag,
-+ fminmagf, fminmagl.
-+
-+ - Comparison macros: iseqsig.
-+
-+ - Classification macros: iscanonical, issubnormal, iszero.
-+
-+ - Total order functions: totalorder, totalorderf, totalorderl,
-+ totalordermag, totalordermagf, totalordermagl.
-+
-+ - Canonicalize functions: canonicalize, canonicalizef, canonicalizel.
-+
-+ - NaN functions: getpayload, getpayloadf, getpayloadl, setpayload,
-+ setpayloadf, setpayloadl, setpayloadsig, setpayloadsigf, setpayloadsigl.
-+
-+* The functions strfromd, strfromf, and strfroml, from ISO/IEC TS 18661-1:2014,
-+ are added to libc. They convert a floating-point number into string.
-+
-+* Most of glibc can now be built with the stack smashing protector enabled.
-+ It is recommended to build glibc with --enable-stack-protector=strong.
-+ Implemented by Nick Alcock (Oracle).
-+
-+* The function explicit_bzero, from OpenBSD, has been added to libc. It is
-+ intended to be used instead of memset() to erase sensitive data after use;
-+ the compiler will not optimize out calls to explicit_bzero even if they
-+ are "unnecessary" (in the sense that no _correct_ program can observe the
-+ effects of the memory clear).
-+
-+* On ColdFire, MicroBlaze, Nios II and SH3, the float_t type is now defined
-+ to float instead of double. This does not affect the ABI of any libraries
-+ that are part of the GNU C Library, but may affect the ABI of other
-+ libraries that use this type in their interfaces.
-+
-+* On x86_64, when compiling with -mfpmath=387 or -mfpmath=sse+387, the
-+ float_t and double_t types are now defined to long double instead of float
-+ and double. These options are not the default, and this does not affect
-+ the ABI of any libraries that are part of the GNU C Library, but it may
-+ affect the ABI of other libraries that use this type in their interfaces,
-+ if they are compiled or used with those options.
-+
-+* The getentropy and getrandom functions, and the <sys/random.h> header file
-+ have been added.
-+
-+* The buffer size for byte-oriented stdio streams is now limited to 8192
-+ bytes by default. Previously, on Linux, the default buffer size on most
-+ file systems was 4096 bytes (and thus remains unchanged), except on
-+ network file systems, where the buffer size was unpredictable and could be
-+ as large as several megabytes.
-+
-+* The <sys/quota.h> header now includes the <linux/quota.h> header. Support
-+ for the Linux quota interface which predates kernel version 2.4.22 has
-+ been removed.
-+
-+* The malloc_get_state and malloc_set_state functions have been removed.
-+ Already-existing binaries that dynamically link to these functions will
-+ get a hidden implementation in which malloc_get_state is a stub. As far
-+ as we know, these functions are used only by GNU Emacs and this change
-+ will not adversely affect already-built Emacs executables. Any undumped
-+ Emacs executables, which normally exist only during an Emacs build, should
-+ be rebuilt by re-running “./configure; make” in the Emacs build tree.
-+
-+* The “ip6-dotint” and “no-ip6-dotint” resolver options, and the
-+ corresponding RES_NOIP6DOTINT flag from <resolv.h> have been removed.
-+ “no-ip6-dotint” had already been the default, and support for the
-+ “ip6-dotint” option was removed from the Internet in 2006.
-+
-+* The "ip6-bytestring" resolver option and the corresponding RES_USEBSTRING
-+ flag from <resolv.h> have been removed. The option relied on a
-+ backwards-incompatible DNS extension which was never deployed on the
-+ Internet.
-+
-+* The flags RES_AAONLY, RES_PRIMARY, RES_NOCHECKNAME, RES_KEEPTSIG,
-+ RES_BLAST defined in the <resolv.h> header file have been deprecated.
-+ They were already unimplemented.
-+
-+* The "inet6" option in /etc/resolv.conf and the RES_USE_INET6 flag for
-+ _res.flags are deprecated. The flag was standardized in RFC 2133, but
-+ removed again from the IETF name lookup interface specification in RFC
-+ 2553. Applications should use getaddrinfo instead.
-+
-+* DNSSEC-related declarations and definitions have been removed from the
-+ <arpa/nameser.h> header file, and libresolv will no longer attempt to
-+ decode the data part of DNSSEC record types. Previous versions of glibc
-+ only implemented minimal support for the previous version of DNSSEC, which
-+ is incompatible with the currently deployed version.
-+
-+* The resource record type classification macros ns_t_qt_p, ns_t_mrr_p,
-+ ns_t_rr_p, ns_t_udp_p, ns_t_xfr_p have been removed from the
-+ <arpa/nameser.h> header file because the distinction between RR types and
-+ meta-RR types is not officially standardized, subject to revision, and
-+ thus not suitable for encoding in a macro.
-+
-+* The types res_sendhookact, res_send_qhook, re_send_rhook, and the qhook
-+ and rhook members of the res_state type in <resolv.h> have been removed.
-+ The glibc stub resolver did not support these hooks, but the header file
-+ did not reflect that.
-+
-+* For multi-arch support it is recommended to use a GCC which has
-+ been built with support for GNU indirect functions. This ensures
-+ that correct debugging information is generated for functions
-+ selected by IFUNC resolvers. This support can either be enabled by
-+ configuring GCC with '--enable-gnu-indirect-function', or by
-+ enabling it by default by setting 'default_gnu_indirect_function'
-+ variable for a particular architecture in the GCC source file
-+ 'gcc/config.gcc'.
-+
-+* GDB pretty printers have been added for mutex and condition variable
-+ structures in POSIX Threads. When installed and loaded in gdb these pretty
-+ printers show various pthread variables in human-readable form when read
-+ using the 'print' or 'display' commands in gdb.
-+
-+* Tunables feature added to allow tweaking of the runtime for an application
-+ program. This feature can be enabled with the '--enable-tunables' configure
-+ flag. The GNU C Library manual has details on usage and README.tunables has
-+ instructions on adding new tunables to the library.
-+
-+* A new version of condition variables functions have been implemented in
-+ the NPTL implementation of POSIX Threads to provide stronger ordering
-+ guarantees.
-+
-+* A new version of pthread_rwlock functions have been implemented to use a more
-+ scalable algorithm primarily through not using a critical section anymore to
-+ make state changes.
-+>>>>>>> c369d66e54... CVE-2017-15670: glob: Fix one-byte overflow [BZ #22320]
-
- Security related changes:
-
-diff --git a/posix/glob.c b/posix/glob.c
-index ea4b0b61eb..08f240a1ff 100644
---- a/posix/glob.c
-+++ b/posix/glob.c
-@@ -856,7 +856,7 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
- *p = '\0';
- }
- else
-- *((char *) mempcpy (newp, dirname + 1, end_name - dirname))
-+ *((char *) mempcpy (newp, dirname + 1, end_name - dirname - 1))
- = '\0';
- user_name = newp;
- }
---
-2.14.2
-
diff --git a/glibc/Pkgfile b/glibc/Pkgfile
index d69230e5..85b9b03a 100644
--- a/glibc/Pkgfile
+++ b/glibc/Pkgfile
@@ -4,12 +4,12 @@
name=glibc
version=2.24
-release=9
+release=10
source=(http://ftpmirror.gnu.org/gnu/glibc/glibc-2.24.tar.xz \
http://crux.nu/files/distfiles/kernel-headers-4.9.5.tar.xz \
$name-2.20-multilib-dirs.patch \
hosts resolv.conf nsswitch.conf host.conf ld.so.conf \
- glibc-2.24.8.patch 0001-CVE-2017-15670-glob-Fix-one-byte-overflow-BZ-22320.patch)
+ glibc-2.24-10.patch)
build() {
# install kernel headers
@@ -17,9 +17,8 @@ build() {
cp -r $SRC/kernel-headers-4.9.5/include $PKG/usr
chown root:root $PKG/usr
- patch -p1 -d $SRC/$name-${version:0:4} -i $SRC/glibc-2.24.8.patch
+ patch -p1 -d $SRC/$name-${version:0:4} -i $SRC/glibc-2.24-10.patch
patch -p1 -d $SRC/$name-${version:0:4} -i $SRC/$name-2.20-multilib-dirs.patch
- patch -p1 -d $SRC/$name-${version:0:4} -i $SRC/0001-CVE-2017-15670-glob-Fix-one-byte-overflow-BZ-22320.patch
mkdir $SRC/build
cd $SRC/build
diff --git a/glibc/glibc-2.24.8.patch b/glibc/glibc-2.24-10.patch
similarity index 83%
rename from glibc/glibc-2.24.8.patch
rename to glibc/glibc-2.24-10.patch
index 4f1db10c..194691df 100644
--- a/glibc/glibc-2.24.8.patch
+++ b/glibc/glibc-2.24-10.patch
@@ -1,8 +1,210 @@
diff --git a/ChangeLog b/ChangeLog
-index c44c926094..84189ec762 100644
+index c44c926094..cd499c5fe3 100644
--- a/ChangeLog
+++ b/ChangeLog
-@@ -1,3 +1,685 @@
+@@ -1,3 +1,887 @@
++2018-01-12 Dmitry V. Levin <ldv(a)altlinux.org>
++
++ [BZ #22679]
++ CVE-2018-1000001
++ * sysdeps/unix/sysv/linux/getcwd.c (__getcwd): Fall back to
++ generic_getcwd if the path returned by getcwd syscall is not absolute.
++ * io/tst-getcwd-abspath.c: New test.
++ * io/Makefile (tests): Add tst-getcwd-abspath.
++
++ (gaih_inet): Likewise.
++
++2017-12-30 Aurelien Jarno <aurelien(a)aurel32.net>
++
++ [BZ #22625]
++ * elf/dl-load.c (fillin_rpath): Check for empty tokens before dynamic
++ string token expansion. Check for NULL pointer or empty string possibly
++ returned by expand_dynamic_string_token.
++ (decompose_rpath): Check for empty path after dynamic string
++ token expansion.
++
++2017-12-18 Dmitry V. Levin <ldv(a)altlinux.org>
++
++ [BZ #22627]
++ * elf/dl-load.c (_dl_init_paths): Remove _dl_dst_substitute preparatory
++ code and invocation.
++
++2017-12-14 Florian Weimer <fweimer(a)redhat.com>
++
++ [BZ #22607]
++ CVE-2017-1000409
++ * elf/dl-load.c (_dl_init_paths): Compute number of components in
++ the expanded path string.
++
++2017-12-14 Florian Weimer <fweimer(a)redhat.com>
++
++ [BZ #22606]
++ CVE-2017-1000408
++ * elf/dl-load.c (system_dirs): Update comment.
++ (nsystem_dirs_len): Use array_length.
++ (_dl_init_paths): Use nsystem_dirs_len to compute the array size.
++
++2017-11-02 Florian Weimer <fweimer(a)redhat.com>
++
++ Add array_length and array_end macros.
++ * include/array_length.h: New file.
++
++2017-11-02 Florian Weimer <fweimer(a)redhat.com>
++
++ [BZ #22332]
++ * posix/tst-glob-tilde.c (do_noescape): New variable.
++ (one_test): Process it.
++ (do_test): Set do_noescape. Add unescaping test case.
++
++2017-10-22 Paul Eggert <eggert(a)cs.ucla.edu>
++
++ [BZ #22332]
++ * posix/glob.c (__glob): Fix buffer overflow during GLOB_TILDE
++ unescaping.
++
++2017-10-21 Florian Weimer <fweimer(a)redhat.com>
++
++ * posix/Makefile (tests): Add tst-glob-tilde.
++ (tests-special): Add tst-glob-tilde-mem.out
++ (tst-glob-tilde-ENV): Set MALLOC_TRACE.
++ (tst-glob-tilde-mem.out): Add mtrace check.
++ * posix/tst-glob-tilde.c: New file.
++
++2017-10-20 Paul Eggert <eggert(a)cs.ucla.edu>
++
++ [BZ #22320]
++ CVE-2017-15670
++ * posix/glob.c (__glob): Fix one-byte overflow.
++
++2017-09-08 Adhemerval Zanella <adhemerval.zanella(a)linaro.org>
++
++ [BZ #1062]
++ CVE-2017-15671
++ * posix/Makefile (routines): Add globfree, globfree64, and
++ glob_pattern_p.
++ * posix/flexmember.h: New file.
++ * posix/glob_internal.h: Likewise.
++ * posix/glob_pattern_p.c: Likewise.
++ * posix/globfree.c: Likewise.
++ * posix/globfree64.c: Likewise.
++ * sysdeps/gnu/globfree64.c: Likewise.
++ * sysdeps/unix/sysv/linux/alpha/globfree.c: Likewise.
++ * sysdeps/unix/sysv/linux/mips/mips64/n64/globfree64.c: Likewise.
++ * sysdeps/unix/sysv/linux/oldglob.c: Likewise.
++ * sysdeps/unix/sysv/linux/wordsize-64/globfree64.c: Likewise.
++ * sysdeps/unix/sysv/linux/x86_64/x32/globfree.c: Likewise.
++ * sysdeps/wordsize-64/globfree.c: Likewise.
++ * sysdeps/wordsize-64/globfree64.c: Likewise.
++ * posix/glob.c (HAVE_CONFIG_H): Use !_LIBC instead.
++ [NDEBUG): Remove comments.
++ (GLOB_ONLY_P, _AMIGA, VMS): Remove define.
++ (dirent_type): New type. Use uint_fast8_t not
++ uint8_t, as C99 does not require uint8_t.
++ (DT_UNKNOWN, DT_DIR, DT_LNK): New macros.
++ (struct readdir_result): Use dirent_type. Do not define skip_entry
++ unless it is needed; this saves a byte on platforms lacking d_ino.
++ (readdir_result_type, readdir_result_skip_entry):
++ New functions, replacing ...
++ (readdir_result_might_be_symlink, readdir_result_might_be_dir):
++ these functions, which were removed. This makes the callers
++ easier to read. All callers changed.
++ (D_INO_TO_RESULT): Now empty if there is no d_ino.
++ (size_add_wrapv, glob_use_alloca): New static functions.
++ (glob, glob_in_dir): Check for size_t overflow in several places,
++ and fix some size_t checks that were not quite right.
++ Remove old code using SHELL since Bash no longer
++ uses this.
++ (glob, prefix_array): Separate MS code better.
++ (glob_in_dir): Remove old Amiga and VMS code.
++ (globfree, __glob_pattern_type, __glob_pattern_p): Move to
++ separate files.
++ (glob_in_dir): Do not rely on undefined behavior in accessing
++ struct members beyond their bounds. Use a flexible array member
++ instead
++ (link_stat): Rename from link_exists2_p and return -1/0 instead of
++ 0/1. Caller changed.
++ (glob): Fix memory leaks.
++ * posix/glob64 (globfree64): Move to separate file.
++ * sysdeps/gnu/glob64.c (NO_GLOB_PATTERN_P): Remove define.
++ (globfree64): Remove hidden alias.
++ * sysdeps/unix/sysv/linux/Makefile (sysdeps_routines): Add
++ oldglob.
++ * sysdeps/unix/sysv/linux/alpha/glob.c (__new_globfree): Move to
++ separate file.
++ * sysdeps/unix/sysv/linux/i386/glob64.c (NO_GLOB_PATTERN_P): Remove
++ define.
++ Move compat code to separate file.
++ * sysdeps/wordsize-64/glob.c (globfree): Move definitions to
++ separate file.
++
++2017-08-20 H.J. Lu <hongjiu.lu(a)intel.com>
++
++ [BZ #18822]
++ * sysdeps/unix/sysv/linux/i386/glob64.c (__old_glob64): Add
++ libc_hidden_proto and libc_hidden_def.
++
++2017-10-22 H.J. Lu <hongjiu.lu(a)intel.com>
++
++ [BZ #21265]
++ * sysdeps/x86/cpu-features-offsets.sym (XSAVE_STATE_SIZE_OFFSET):
++ New.
++ * sysdeps/x86/cpu-features.c: Include <libc-internal.h>.
++ (get_common_indeces): Set xsave_state_size and
++ bit_arch_XSAVEC_Usable if needed.
++ (init_cpu_features): Remove bit_arch_Use_dl_runtime_resolve_slow
++ and bit_arch_Use_dl_runtime_resolve_opt.
++ * sysdeps/x86/cpu-features.h (bit_arch_Use_dl_runtime_resolve_opt):
++ Removed.
++ (bit_arch_Use_dl_runtime_resolve_slow): Likewise.
++ (bit_arch_Prefer_No_AVX512): Updated.
++ (bit_arch_MathVec_Prefer_No_AVX512): Likewise.
++ (bit_arch_XSAVEC_Usable): New.
++ (STATE_SAVE_OFFSET): Likewise.
++ (STATE_SAVE_MASK): Likewise.
++ [__ASSEMBLER__]: Include <cpu-features-offsets.h>.
++ (cpu_features): Add xsave_state_size.
++ (index_arch_Use_dl_runtime_resolve_opt): Removed.
++ (index_arch_Use_dl_runtime_resolve_slow): Likewise.
++ (index_arch_XSAVEC_Usable): New.
++ * sysdeps/x86_64/dl-machine.h (elf_machine_runtime_setup):
++ Replace _dl_runtime_resolve_sse, _dl_runtime_resolve_avx,
++ _dl_runtime_resolve_avx_slow, _dl_runtime_resolve_avx_opt,
++ _dl_runtime_resolve_avx512 and _dl_runtime_resolve_avx512_opt
++ with _dl_runtime_resolve_fxsave, _dl_runtime_resolve_xsave and
++ _dl_runtime_resolve_xsavec.
++ * sysdeps/x86_64/dl-trampoline.S (DL_RUNTIME_UNALIGNED_VEC_SIZE):
++ Removed.
++ (DL_RUNTIME_RESOLVE_REALIGN_STACK): Check STATE_SAVE_ALIGNMENT
++ instead of VEC_SIZE.
++ (REGISTER_SAVE_BND0): Removed.
++ (REGISTER_SAVE_BND1): Likewise.
++ (REGISTER_SAVE_BND3): Likewise.
++ (REGISTER_SAVE_RAX): Always defined to 0.
++ (VMOV): Removed.
++ (_dl_runtime_resolve_avx): Likewise.
++ (_dl_runtime_resolve_avx_slow): Likewise.
++ (_dl_runtime_resolve_avx_opt): Likewise.
++ (_dl_runtime_resolve_avx512): Likewise.
++ (_dl_runtime_resolve_avx512_opt): Likewise.
++ (_dl_runtime_resolve_sse): Likewise.
++ (_dl_runtime_resolve_sse_vex): Likewise.
++ (USE_FXSAVE): New.
++ (_dl_runtime_resolve_fxsave): Likewise.
++ (USE_XSAVE): Likewise.
++ (_dl_runtime_resolve_xsave): Likewise.
++ (USE_XSAVEC): Likewise.
++ (_dl_runtime_resolve_xsavec): Likewise.
++ * sysdeps/x86_64/dl-trampoline.h (_dl_runtime_resolve_avx512):
++ Removed.
++ (_dl_runtime_resolve_avx512_opt): Likewise.
++ (_dl_runtime_resolve_avx): Likewise.
++ (_dl_runtime_resolve_avx_opt): Likewise.
++ (_dl_runtime_resolve_sse): Likewise.
++ (_dl_runtime_resolve_sse_vex): Likewise.
++ (_dl_runtime_resolve_fxsave): New.
++ (_dl_runtime_resolve_xsave): Likewise.
++ (_dl_runtime_resolve_xsavec): Likewise.
++
+2017-10-19 H.J. Lu <hongjiu.lu(a)intel.com>
+
+ * sysdeps/x86_64/Makefile (tests): Add tst-sse, tst-avx and
@@ -743,10 +945,10 @@ index 03fd89c13e..ee379f5852 100644
ifndef avoid-generated
diff --git a/NEWS b/NEWS
-index b0447e7169..4831542023 100644
+index b0447e7169..20e30028cf 100644
--- a/NEWS
+++ b/NEWS
-@@ -5,6 +5,33 @@ See the end for copying conditions.
+@@ -5,6 +5,68 @@ See the end for copying conditions.
Please send GNU C library bug reports via <http://sourceware.org/bugzilla/>
using `glibc' in the "product" field.
@@ -766,16 +968,51 @@ index b0447e7169..4831542023 100644
+ question type which is outside the range of valid question type values.
+ (CVE-2015-5180)
+
++* CVE-2017-15670: The glob function, when invoked with GLOB_TILDE, suffered
++ from a one-byte overflow during ~ operator processing (either on the stack
++ or the heap, depending on the length of the user name).
++
++* CVE-2017-15671: The glob function, when invoked with GLOB_TILDE,
++ would sometimes fail to free memory allocated during ~ operator
++ processing, leading to a memory leak and, potentially, to a denial
++ of service.
++
++* CVE-2017-15804: The glob function, when invoked with GLOB_TILDE and
++ without GLOB_NOESCAPE, could write past the end of a buffer while
++ unescaping user names. Reported by Tim Rühsen.
++
++* CVE-2017-1000408: Incorrect array size computation in _dl_init_paths leads
++ to the allocation of too much memory. (This is not a security bug per se,
++ it is mentioned here only because of the CVE assignment.) Reported by
++ Qualys.
++
++* CVE-2017-1000409: Buffer overflow in _dl_init_paths due to miscomputation
++ of the number of search path components. (This is not a security
++ vulnerability per se because no trust boundary is crossed if the fix for
++ CVE-2017-1000366 has been applied, but it is mentioned here only because
++ of the CVE assignment.) Reported by Qualys.
++
++ CVE-2017-16997: Incorrect handling of RPATH or RUNPATH containing $ORIGIN
++ for AT_SECURE or SUID binaries could be used to load libraries from the
++ current directory.
++
++ CVE-2018-1000001: Buffer underflow in realpath function when getcwd function
++ succeeds without returning an absolute path due to unexpected behaviour
++ of the Linux kernel getcwd syscall. Reported by halfdog.
++
+The following bugs are resolved with this release:
+
+ [20790] Fix rpcgen buffer overrun
+ [20978] Fix strlen on null pointer in nss_nisplus
+ [21209] Ignore and remove LD_HWCAP_MASK for AT_SECURE programs
++ [21265] x86-64: Use fxsave/xsave/xsavec in _dl_runtime_resolve
+ [21289] Fix symbol redirect for fts_set
+ [21386] Assertion in fork for distinct parent PID is incorrect
+ [21609] x86-64: Align the stack in __tls_get_addr
+ [21624] Unsafe alloca allows local attackers to alias stack and heap (CVE-2017-1000366)
+ [21654] nss: Fix invalid cast in group merging
++ [22679] getcwd(3) can succeed without returning an absolute path
++ (CVE-2018-1000001)
+
Version 2.24
@@ -1078,6 +1315,167 @@ index 687d7de874..9f93ab7628 100644
_dl_close_worker (map, false);
+diff --git a/elf/dl-load.c b/elf/dl-load.c
+index c0d6249373..1f774e139f 100644
+--- a/elf/dl-load.c
++++ b/elf/dl-load.c
+@@ -37,6 +37,7 @@
+ #include <sysdep.h>
+ #include <stap-probe.h>
+ #include <libc-internal.h>
++#include <array_length.h>
+
+ #include <dl-dst.h>
+ #include <dl-load.h>
+@@ -103,7 +104,9 @@ static size_t ncapstr attribute_relro;
+ static size_t max_capstrlen attribute_relro;
+
+
+-/* Get the generated information about the trusted directories. */
++/* Get the generated information about the trusted directories. Use
++ an array of concatenated strings to avoid relocations. See
++ gen-trusted-dirs.awk. */
+ #include "trusted-dirs.h"
+
+ static const char system_dirs[] = SYSTEM_DIRS;
+@@ -111,9 +114,7 @@ static const size_t system_dirs_len[] =
+ {
+ SYSTEM_DIRS_LEN
+ };
+-#define nsystem_dirs_len \
+- (sizeof (system_dirs_len) / sizeof (system_dirs_len[0]))
+-
++#define nsystem_dirs_len array_length (system_dirs_len)
+
+ static bool
+ is_trusted_path (const char *path, size_t len)
+@@ -433,31 +434,40 @@ fillin_rpath (char *rpath, struct r_search_path_elem **result, const char *sep,
+ {
+ char *cp;
+ size_t nelems = 0;
+- char *to_free;
+
+ while ((cp = __strsep (&rpath, sep)) != NULL)
+ {
+ struct r_search_path_elem *dirp;
++ char *to_free = NULL;
++ size_t len = 0;
+
+- to_free = cp = expand_dynamic_string_token (l, cp, 1);
++ /* `strsep' can pass an empty string. */
++ if (*cp != '\0')
++ {
++ to_free = cp = expand_dynamic_string_token (l, cp, 1);
+
+- size_t len = strlen (cp);
++ /* expand_dynamic_string_token can return NULL in case of empty
++ path or memory allocation failure. */
++ if (cp == NULL)
++ continue;
+
+- /* `strsep' can pass an empty string. This has to be
+- interpreted as `use the current directory'. */
+- if (len == 0)
+- {
+- static const char curwd[] = "./";
+- cp = (char *) curwd;
+- }
++ /* Compute the length after dynamic string token expansion and
++ ignore empty paths. */
++ len = strlen (cp);
++ if (len == 0)
++ {
++ free (to_free);
++ continue;
++ }
+
+- /* Remove trailing slashes (except for "/"). */
+- while (len > 1 && cp[len - 1] == '/')
+- --len;
++ /* Remove trailing slashes (except for "/"). */
++ while (len > 1 && cp[len - 1] == '/')
++ --len;
+
+- /* Now add one if there is none so far. */
+- if (len > 0 && cp[len - 1] != '/')
+- cp[len++] = '/';
++ /* Now add one if there is none so far. */
++ if (len > 0 && cp[len - 1] != '/')
++ cp[len++] = '/';
++ }
+
+ /* Make sure we don't use untrusted directories if we run SUID. */
+ if (__glibc_unlikely (check_trusted) && !is_trusted_path (cp, len))
+@@ -621,6 +631,14 @@ decompose_rpath (struct r_search_path_struct *sps,
+ necessary. */
+ free (copy);
+
++ /* There is no path after expansion. */
++ if (result[0] == NULL)
++ {
++ free (result);
++ sps->dirs = (struct r_search_path_elem **) -1;
++ return false;
++ }
++
+ sps->dirs = result;
+ /* The caller will change this value if we haven't used a real malloc. */
+ sps->malloced = 1;
+@@ -688,9 +706,8 @@ _dl_init_paths (const char *llp)
+ + ncapstr * sizeof (enum r_dir_status))
+ / sizeof (struct r_search_path_elem));
+
+- rtld_search_dirs.dirs[0] = (struct r_search_path_elem *)
+- malloc ((sizeof (system_dirs) / sizeof (system_dirs[0]))
+- * round_size * sizeof (struct r_search_path_elem));
++ rtld_search_dirs.dirs[0] = malloc (nsystem_dirs_len * round_size
++ * sizeof (*rtld_search_dirs.dirs[0]));
+ if (rtld_search_dirs.dirs[0] == NULL)
+ {
+ errstring = N_("cannot create cache for search path");
+@@ -776,37 +793,14 @@ _dl_init_paths (const char *llp)
+
+ if (llp != NULL && *llp != '\0')
+ {
+- size_t nllp;
+- const char *cp = llp;
+- char *llp_tmp;
+-
+-#ifdef SHARED
+- /* Expand DSTs. */
+- size_t cnt = DL_DST_COUNT (llp, 1);
+- if (__glibc_likely (cnt == 0))
+- llp_tmp = strdupa (llp);
+- else
+- {
+- /* Determine the length of the substituted string. */
+- size_t total = DL_DST_REQUIRED (l, llp, strlen (llp), cnt);
+-
+- /* Allocate the necessary memory. */
+- llp_tmp = (char *) alloca (total + 1);
+- llp_tmp = _dl_dst_substitute (l, llp, llp_tmp, 1);
+- }
+-#else
+- llp_tmp = strdupa (llp);
+-#endif
++ char *llp_tmp = strdupa (llp);
+
+ /* Decompose the LD_LIBRARY_PATH contents. First determine how many
+ elements it has. */
+- nllp = 1;
+- while (*cp)
+- {
+- if (*cp == ':' || *cp == ';')
+- ++nllp;
+- ++cp;
+- }
++ size_t nllp = 1;
++ for (const char *cp = llp_tmp; *cp != '\0'; ++cp)
++ if (*cp == ':' || *cp == ';')
++ ++nllp;
+
+ env_path_list.dirs = (struct r_search_path_elem **)
+ malloc ((nllp + 1) * sizeof (struct r_search_path_elem *));
diff --git a/elf/rtld.c b/elf/rtld.c
index 647661ca45..8f56d6edd3 100644
--- a/elf/rtld.c
@@ -1664,6 +2062,62 @@ index 2e735ede4c..7c0deed9ae 100644
+#define T_QUERY_A_AND_AAAA 439963904
#endif
+diff --git a/include/array_length.h b/include/array_length.h
+new file mode 100644
+index 0000000000..cb4a8b2a56
+--- /dev/null
++++ b/include/array_length.h
+@@ -0,0 +1,36 @@
++/* The array_length and array_end macros.
++ Copyright (C) 2017 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#ifndef _ARRAY_LENGTH_H
++#define _ARRAY_LENGTH_H
++
++/* array_length (VAR) is the number of elements in the array VAR. VAR
++ must evaluate to an array, not a pointer. */
++#define array_length(var) \
++ __extension__ ({ \
++ _Static_assert (!__builtin_types_compatible_p \
++ (__typeof (var), __typeof (&(var)[0])), \
++ "argument must be an array"); \
++ sizeof (var) / sizeof ((var)[0]); \
++ })
++
++/* array_end (VAR) is a pointer one past the end of the array VAR.
++ VAR must evaluate to an array, not a pointer. */
++#define array_end(var) (&(var)[array_length (var)])
++
++#endif /* _ARRAY_LENGTH_H */
+diff --git a/io/Makefile b/io/Makefile
+index deb6100156..1128f4881f 100644
+--- a/io/Makefile
++++ b/io/Makefile
+@@ -71,7 +71,8 @@ tests := test-utime test-stat test-stat2 test-lfs tst-getcwd \
+ tst-renameat tst-fchownat tst-fchmodat tst-faccessat \
+ tst-symlinkat tst-linkat tst-readlinkat tst-mkdirat \
+ tst-mknodat tst-mkfifoat tst-ttyname_r bug-ftw5 \
+- tst-posix_fallocate tst-fts tst-fts-lfs
++ tst-posix_fallocate tst-posix_fallocate64 \
++ tst-fts tst-fts-lfs tst-open-tmpfile tst-getcwd-abspath
+
+ ifeq ($(run-built-tests),yes)
+ tests-special += $(objpfx)ftwtest.out
diff --git a/io/fts.h b/io/fts.h
index 127a0d2721..b6b45206c8 100644
--- a/io/fts.h
@@ -1677,6 +2131,78 @@ index 127a0d2721..b6b45206c8 100644
# else
# define fts_children fts64_children
# define fts_close fts64_close
+diff --git a/io/tst-getcwd-abspath.c b/io/tst-getcwd-abspath.c
+new file mode 100644
+index 0000000000..3a3636f2ed
+--- /dev/null
++++ b/io/tst-getcwd-abspath.c
+@@ -0,0 +1,66 @@
++/* BZ #22679 getcwd(3) should not succeed without returning an absolute path.
++
++ Copyright (C) 2018 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <https://www.gnu.org/licenses/>. */
++
++#include <errno.h>
++#include <stdio.h>
++#include <stdlib.h>
++#include <support/check.h>
++#include <support/namespace.h>
++#include <support/support.h>
++#include <support/temp_file.h>
++#include <support/test-driver.h>
++#include <support/xunistd.h>
++#include <unistd.h>
++
++static char *chroot_dir;
++
++/* The actual test. Run it in a subprocess, so that the test harness
++ can remove the temporary directory in --direct mode. */
++static void
++getcwd_callback (void *closure)
++{
++ xchroot (chroot_dir);
++
++ errno = 0;
++ char *cwd = getcwd (NULL, 0);
++ TEST_COMPARE (errno, ENOENT);
++ TEST_VERIFY (cwd == NULL);
++
++ errno = 0;
++ cwd = realpath (".", NULL);
++ TEST_COMPARE (errno, ENOENT);
++ TEST_VERIFY (cwd == NULL);
++
++ _exit (0);
++}
++
++static int
++do_test (void)
++{
++ support_become_root ();
++ if (!support_can_chroot ())
++ return EXIT_UNSUPPORTED;
++
++ chroot_dir = support_create_temp_directory ("tst-getcwd-abspath-");
++ support_isolate_in_subprocess (getcwd_callback, NULL);
++
++ return 0;
++}
++
++#include <support/test-driver.c>
diff --git a/localedata/ChangeLog b/localedata/ChangeLog
index 4be8afc110..a7688e3df6 100644
--- a/localedata/ChangeLog
@@ -3208,6 +3734,51 @@ index 49d1f23904..e046577b08 100644
-
-#~ msgid "cannot create internal descriptors"
-#~ msgstr "kan inte skapa interna deskriptorer"
+diff --git a/posix/Makefile b/posix/Makefile
+index 5b0e298f75..82a4020c76 100644
+--- a/posix/Makefile
++++ b/posix/Makefile
+@@ -43,7 +43,7 @@ routines := \
+ getpgid setpgid getpgrp bsd-getpgrp setpgrp getsid setsid \
+ getresuid getresgid setresuid setresgid \
+ pathconf sysconf fpathconf \
+- glob glob64 fnmatch regex \
++ glob glob64 globfree globfree64 glob_pattern_p fnmatch regex \
+ confstr \
+ getopt getopt1 getopt_init \
+ sched_setp sched_getp sched_sets sched_gets sched_yield sched_primax \
+@@ -90,7 +90,7 @@ tests := tstgetopt testfnm runtests runptests \
+ bug-getopt5 tst-getopt_long1 bug-regex34 bug-regex35 \
+ tst-pathconf tst-getaddrinfo4 tst-rxspencer-no-utf8 \
+ tst-fnmatch3 bug-regex36 tst-getaddrinfo5 \
+- tst-posix_spawn-fd
++ tst-posix_spawn-fd tst-glob-tilde
+ xtests := bug-ga2
+ ifeq (yes,$(build-shared))
+ test-srcs := globtest
+@@ -133,7 +133,8 @@ tests-special += $(objpfx)bug-regex2-mem.out $(objpfx)bug-regex14-mem.out \
+ $(objpfx)tst-rxspencer-no-utf8-mem.out $(objpfx)tst-pcre-mem.out \
+ $(objpfx)tst-boost-mem.out $(objpfx)tst-getconf.out \
+ $(objpfx)bug-glob2-mem.out $(objpfx)tst-vfork3-mem.out \
+- $(objpfx)tst-fnmatch-mem.out $(objpfx)bug-regex36-mem.out
++ $(objpfx)tst-fnmatch-mem.out $(objpfx)bug-regex36-mem.out \
++ $(objpfx)tst-glob-tilde-mem.out
+ xtests-special += $(objpfx)bug-ga2-mem.out
+ endif
+
+@@ -340,6 +341,12 @@ $(objpfx)bug-glob2-mem.out: $(objpfx)bug-glob2.out
+ $(common-objpfx)malloc/mtrace $(objpfx)bug-glob2.mtrace > $@; \
+ $(evaluate-test)
+
++tst-glob-tilde-ENV = MALLOC_TRACE=$(objpfx)tst-glob-tilde.mtrace
++
++$(objpfx)tst-glob-tilde-mem.out: $(objpfx)tst-glob-tilde.out
++ $(common-objpfx)malloc/mtrace $(objpfx)tst-glob-tilde.mtrace > $@; \
++ $(evaluate-test)
++
+ $(inst_libexecdir)/getconf: $(inst_bindir)/getconf \
+ $(objpfx)getconf.speclist FORCE
+ $(addprefix $(..)./scripts/mkinstalldirs ,\
diff --git a/posix/execvpe.c b/posix/execvpe.c
index d933f9c92a..7cdb06a611 100644
--- a/posix/execvpe.c
@@ -3261,6 +3832,1881 @@ index d933f9c92a..7cdb06a611 100644
__execve (buffer, argv, envp);
+diff --git a/posix/flexmember.h b/posix/flexmember.h
+new file mode 100644
+index 0000000000..107c1f09e9
+--- /dev/null
++++ b/posix/flexmember.h
+@@ -0,0 +1,45 @@
++/* Sizes of structs with flexible array members.
++
++ Copyright 2016-2017 Free Software Foundation, Inc.
++
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>.
++
++ Written by Paul Eggert. */
++
++#include <stddef.h>
++
++/* Nonzero multiple of alignment of TYPE, suitable for FLEXSIZEOF below.
++ On older platforms without _Alignof, use a pessimistic bound that is
++ safe in practice even if FLEXIBLE_ARRAY_MEMBER is 1.
++ On newer platforms, use _Alignof to get a tighter bound. */
++
++#if !defined __STDC_VERSION__ || __STDC_VERSION__ < 201112
++# define FLEXALIGNOF(type) (sizeof (type) & ~ (sizeof (type) - 1))
++#else
++# define FLEXALIGNOF(type) _Alignof (type)
++#endif
++
++/* Upper bound on the size of a struct of type TYPE with a flexible
++ array member named MEMBER that is followed by N bytes of other data.
++ This is not simply sizeof (TYPE) + N, since it may require
++ alignment on unusually picky C11 platforms, and
++ FLEXIBLE_ARRAY_MEMBER may be 1 on pre-C11 platforms.
++ Yield a value less than N if and only if arithmetic overflow occurs. */
++
++#define FLEXSIZEOF(type, member, n) \
++ ((offsetof (type, member) + FLEXALIGNOF (type) - 1 + (n)) \
++ & ~ (FLEXALIGNOF (type) - 1))
+diff --git a/posix/glob.c b/posix/glob.c
+index ea4b0b61eb..f3fa807700 100644
+--- a/posix/glob.c
++++ b/posix/glob.c
+@@ -15,7 +15,7 @@
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+-#ifdef HAVE_CONFIG_H
++#ifndef _LIBC
+ # include <config.h>
+ #endif
+
+@@ -27,29 +27,15 @@
+ #include <stdbool.h>
+ #include <stddef.h>
+ #include <stdint.h>
+-
+-/* Outcomment the following line for production quality code. */
+-/* #define NDEBUG 1 */
+ #include <assert.h>
++#include <unistd.h>
+
+-#include <stdio.h> /* Needed on stupid SunOS for assert. */
+-
+-#if !defined _LIBC || !defined GLOB_ONLY_P
+-#if defined HAVE_UNISTD_H || defined _LIBC
+-# include <unistd.h>
+-# ifndef POSIX
+-# ifdef _POSIX_VERSION
+-# define POSIX
+-# endif
+-# endif
++#if (defined _WIN32 || defined __WIN32__) && ! defined __CYGWIN__
++# define WINDOWS32
+ #endif
+
+-#include <pwd.h>
+-
+-#if defined HAVE_STDINT_H || defined _LIBC
+-# include <stdint.h>
+-#elif !defined UINTPTR_MAX
+-# define UINTPTR_MAX (~((size_t) 0))
++#ifndef WINDOWS32
++# include <pwd.h>
+ #endif
+
+ #include <errno.h>
+@@ -57,24 +43,7 @@
+ # define __set_errno(val) errno = (val)
+ #endif
+
+-#if defined HAVE_DIRENT_H || defined __GNU_LIBRARY__
+-# include <dirent.h>
+-#else
+-# define dirent direct
+-# ifdef HAVE_SYS_NDIR_H
+-# include <sys/ndir.h>
+-# endif
+-# ifdef HAVE_SYS_DIR_H
+-# include <sys/dir.h>
+-# endif
+-# ifdef HAVE_NDIR_H
+-# include <ndir.h>
+-# endif
+-# ifdef HAVE_VMSDIR_H
+-# include "vmsdir.h"
+-# endif /* HAVE_VMSDIR_H */
+-#endif
+-
++#include <dirent.h>
+ #include <stdlib.h>
+ #include <string.h>
+ #include <alloca.h>
+@@ -87,27 +56,29 @@
+ # define opendir(name) __opendir (name)
+ # define readdir(str) __readdir64 (str)
+ # define getpwnam_r(name, bufp, buf, len, res) \
+- __getpwnam_r (name, bufp, buf, len, res)
++ __getpwnam_r (name, bufp, buf, len, res)
+ # ifndef __stat64
+ # define __stat64(fname, buf) __xstat64 (_STAT_VER, fname, buf)
+ # endif
+ # define struct_stat64 struct stat64
++# define FLEXIBLE_ARRAY_MEMBER
+ #else /* !_LIBC */
+-# include "getlogin_r.h"
+-# include "mempcpy.h"
+-# include "stat-macros.h"
+-# include "strdup.h"
+-# define __stat64(fname, buf) stat (fname, buf)
+-# define struct_stat64 struct stat
+-# define __stat(fname, buf) stat (fname, buf)
+-# define __alloca alloca
+-# define __readdir readdir
+-# define __readdir64 readdir64
+-# define __glob_pattern_p glob_pattern_p
++# define __getlogin_r(buf, len) getlogin_r (buf, len)
++# define __stat64(fname, buf) stat (fname, buf)
++# define __fxstatat64(_, d, f, st, flag) fstatat (d, f, st, flag)
++# define struct_stat64 struct stat
++# ifndef __MVS__
++# define __alloca alloca
++# endif
++# define __readdir readdir
++# define COMPILE_GLOB64
+ #endif /* _LIBC */
+
+ #include <fnmatch.h>
+
++#include <flexmember.h>
++#include <glob_internal.h>
++
+ #ifdef _SC_GETPW_R_SIZE_MAX
+ # define GETPW_R_SIZE_MAX() sysconf (_SC_GETPW_R_SIZE_MAX)
+ #else
+@@ -121,61 +92,59 @@
+
+ static const char *next_brace_sub (const char *begin, int flags) __THROWNL;
+
++typedef uint_fast8_t dirent_type;
++
++#if !defined _LIBC && !defined HAVE_STRUCT_DIRENT_D_TYPE
++/* Any distinct values will do here.
++ Undef any existing macros out of the way. */
++# undef DT_UNKNOWN
++# undef DT_DIR
++# undef DT_LNK
++# define DT_UNKNOWN 0
++# define DT_DIR 1
++# define DT_LNK 2
++#endif
++
+ /* A representation of a directory entry which does not depend on the
+ layout of struct dirent, or the size of ino_t. */
+ struct readdir_result
+ {
+ const char *name;
+-# if defined _DIRENT_HAVE_D_TYPE || defined HAVE_STRUCT_DIRENT_D_TYPE
+- uint8_t type;
+-# endif
++#if defined _DIRENT_HAVE_D_TYPE || defined HAVE_STRUCT_DIRENT_D_TYPE
++ dirent_type type;
++#endif
++#if defined _LIBC || defined D_INO_IN_DIRENT
+ bool skip_entry;
++#endif
+ };
+
+-# if defined _DIRENT_HAVE_D_TYPE || defined HAVE_STRUCT_DIRENT_D_TYPE
+-/* Initializer based on the d_type member of struct dirent. */
+-# define D_TYPE_TO_RESULT(source) (source)->d_type,
+-
+-/* True if the directory entry D might be a symbolic link. */
+-static bool
+-readdir_result_might_be_symlink (struct readdir_result d)
+-{
+- return d.type == DT_UNKNOWN || d.type == DT_LNK;
+-}
+-
+-/* True if the directory entry D might be a directory. */
+-static bool
+-readdir_result_might_be_dir (struct readdir_result d)
+-{
+- return d.type == DT_DIR || readdir_result_might_be_symlink (d);
+-}
+-# else /* defined _DIRENT_HAVE_D_TYPE || defined HAVE_STRUCT_DIRENT_D_TYPE */
+-# define D_TYPE_TO_RESULT(source)
+-
+-/* If we do not have type information, symbolic links and directories
+- are always a possibility. */
+-
+-static bool
+-readdir_result_might_be_symlink (struct readdir_result d)
++/* Initialize and return type member of struct readdir_result. */
++static dirent_type
++readdir_result_type (struct readdir_result d)
+ {
+- return true;
++#if defined _DIRENT_HAVE_D_TYPE || defined HAVE_STRUCT_DIRENT_D_TYPE
++# define D_TYPE_TO_RESULT(source) (source)->d_type,
++ return d.type;
++#else
++# define D_TYPE_TO_RESULT(source)
++ return DT_UNKNOWN;
++#endif
+ }
+
++/* Initialize and return skip_entry member of struct readdir_result. */
+ static bool
+-readdir_result_might_be_dir (struct readdir_result d)
++readdir_result_skip_entry (struct readdir_result d)
+ {
+- return true;
+-}
+-
+-# endif /* defined _DIRENT_HAVE_D_TYPE || defined HAVE_STRUCT_DIRENT_D_TYPE */
+-
+-# if (defined POSIX || defined WINDOWS32) && !defined __GNU_LIBRARY__
+ /* Initializer for skip_entry. POSIX does not require that the d_ino
+ field be present, and some systems do not provide it. */
+-# define D_INO_TO_RESULT(source) false,
+-# else
+-# define D_INO_TO_RESULT(source) (source)->d_ino == 0,
+-# endif
++#if defined _LIBC || defined D_INO_IN_DIRENT
++# define D_INO_TO_RESULT(source) (source)->d_ino == 0,
++ return d.skip_entry;
++#else
++# define D_INO_TO_RESULT(source)
++ return false;
++#endif
++}
+
+ /* Construct an initializer for a struct readdir_result object from a
+ struct dirent *. No copy of the name is made. */
+@@ -186,8 +155,6 @@ readdir_result_might_be_dir (struct readdir_result d)
+ D_INO_TO_RESULT (source) \
+ }
+
+-#endif /* !defined _LIBC || !defined GLOB_ONLY_P */
+-
+ /* Call gl_readdir on STREAM. This macro can be overridden to reduce
+ type safety if an old interface version needs to be supported. */
+ #ifndef GL_READDIR
+@@ -225,18 +192,55 @@ convert_dirent64 (const struct dirent64 *source)
+ }
+ #endif
+
++#ifndef _LIBC
++/* The results of opendir() in this file are not used with dirfd and fchdir,
++ and we do not leak fds to any single-threaded code that could use stdio,
++ therefore save some unnecessary recursion in fchdir.c and opendir_safer.c.
++ FIXME - if the kernel ever adds support for multi-thread safety for
++ avoiding standard fds, then we should use opendir_safer. */
++# ifdef GNULIB_defined_opendir
++# undef opendir
++# endif
++# ifdef GNULIB_defined_closedir
++# undef closedir
++# endif
+
+-#ifndef attribute_hidden
+-# define attribute_hidden
++/* Just use malloc. */
++# define __libc_use_alloca(n) false
++# define alloca_account(len, avar) ((void) (len), (void) (avar), (void *) 0)
++# define extend_alloca_account(buf, len, newlen, avar) \
++ ((void) (buf), (void) (len), (void) (newlen), (void) (avar), (void *) 0)
+ #endif
+
++/* Set *R = A + B. Return true if the answer is mathematically
++ incorrect due to overflow; in this case, *R is the low order
++ bits of the correct answer. */
++
++static bool
++size_add_wrapv (size_t a, size_t b, size_t *r)
++{
++#if 5 <= __GNUC__ && !defined __ICC
++ return __builtin_add_overflow (a, b, r);
++#else
++ *r = a + b;
++ return *r < a;
++#endif
++}
++
++static bool
++glob_use_alloca (size_t alloca_used, size_t len)
++{
++ size_t size;
++ return (!size_add_wrapv (alloca_used, len, &size)
++ && __libc_use_alloca (size));
++}
++
+ static int glob_in_dir (const char *pattern, const char *directory,
+ int flags, int (*errfunc) (const char *, int),
+ glob_t *pglob, size_t alloca_used);
+ extern int __glob_pattern_type (const char *pattern, int quote)
+ attribute_hidden;
+
+-#if !defined _LIBC || !defined GLOB_ONLY_P
+ static int prefix_array (const char *prefix, char **array, size_t n) __THROWNL;
+ static int collated_compare (const void *, const void *) __THROWNL;
+
+@@ -265,16 +269,15 @@ next_brace_sub (const char *cp, int flags)
+ return *cp != '\0' ? cp : NULL;
+ }
+
+-#endif /* !defined _LIBC || !defined GLOB_ONLY_P */
+
+ /* Do glob searching for PATTERN, placing results in PGLOB.
+ The bits defined above may be set in FLAGS.
+ If a directory cannot be opened or read and ERRFUNC is not nil,
+ it is called with the pathname that caused the error, and the
+- `errno' value from the failing call; if it returns non-zero
+- `glob' returns GLOB_ABORTED; if it returns zero, the error is ignored.
++ 'errno' value from the failing call; if it returns non-zero
++ 'glob' returns GLOB_ABORTED; if it returns zero, the error is ignored.
+ If memory cannot be allocated for PGLOB, GLOB_NOSPACE is returned.
+- Otherwise, `glob' returns zero. */
++ Otherwise, 'glob' returns zero. */
+ int
+ #ifdef GLOB_ATTRIBUTE
+ GLOB_ATTRIBUTE
+@@ -292,9 +295,7 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ int malloc_dirname = 0;
+ glob_t dirs;
+ int retval = 0;
+-#ifdef _LIBC
+ size_t alloca_used = 0;
+-#endif
+
+ if (pattern == NULL || pglob == NULL || (flags & ~__GLOB_FLAGS) != 0)
+ {
+@@ -308,7 +309,7 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ flags |= GLOB_ONLYDIR;
+
+ if (!(flags & GLOB_DOOFFS))
+- /* Have to do this so `globfree' knows where to start freeing. It
++ /* Have to do this so 'globfree' knows where to start freeing. It
+ also makes all the code that uses gl_offs simpler. */
+ pglob->gl_offs = 0;
+
+@@ -350,14 +351,12 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ size_t rest_len;
+ char *onealt;
+ size_t pattern_len = strlen (pattern) - 1;
+-#ifdef _LIBC
+- int alloca_onealt = __libc_use_alloca (alloca_used + pattern_len);
++ int alloca_onealt = glob_use_alloca (alloca_used, pattern_len);
+ if (alloca_onealt)
+ onealt = alloca_account (pattern_len, alloca_used);
+ else
+-#endif
+ {
+- onealt = (char *) malloc (pattern_len);
++ onealt = malloc (pattern_len);
+ if (onealt == NULL)
+ {
+ if (!(flags & GLOB_APPEND))
+@@ -377,11 +376,9 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ next = next_brace_sub (begin + 1, flags);
+ if (next == NULL)
+ {
+- /* It is an illegal expression. */
++ /* It is an invalid expression. */
+ illegal_brace:
+-#ifdef _LIBC
+ if (__glibc_unlikely (!alloca_onealt))
+-#endif
+ free (onealt);
+ return glob (pattern, flags & ~GLOB_BRACE, errfunc, pglob);
+ }
+@@ -429,9 +426,7 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ /* If we got an error, return it. */
+ if (result && result != GLOB_NOMATCH)
+ {
+-#ifdef _LIBC
+ if (__glibc_unlikely (!alloca_onealt))
+-#endif
+ free (onealt);
+ if (!(flags & GLOB_APPEND))
+ {
+@@ -450,9 +445,7 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ assert (next != NULL);
+ }
+
+-#ifdef _LIBC
+ if (__glibc_unlikely (!alloca_onealt))
+-#endif
+ free (onealt);
+
+ if (pglob->gl_pathc != firstc)
+@@ -489,14 +482,16 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+
+ /* Find the filename. */
+ filename = strrchr (pattern, '/');
++
+ #if defined __MSDOS__ || defined WINDOWS32
+- /* The case of "d:pattern". Since `:' is not allowed in
++ /* The case of "d:pattern". Since ':' is not allowed in
+ file names, we can safely assume that wherever it
+ happens in pattern, it signals the filename part. This
+ is so we could some day support patterns like "[a-z]:foo". */
+ if (filename == NULL)
+ filename = strchr (pattern, ':');
+ #endif /* __MSDOS__ || WINDOWS32 */
++
+ dirname_modified = 0;
+ if (filename == NULL)
+ {
+@@ -521,11 +516,7 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ }
+
+ filename = pattern;
+-#ifdef _AMIGA
+- dirname = (char *) "";
+-#else
+ dirname = (char *) ".";
+-#endif
+ dirlen = 0;
+ }
+ }
+@@ -549,22 +540,21 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ char *drive_spec;
+
+ ++dirlen;
+- drive_spec = (char *) __alloca (dirlen + 1);
++ drive_spec = __alloca (dirlen + 1);
+ *((char *) mempcpy (drive_spec, pattern, dirlen)) = '\0';
+ /* For now, disallow wildcards in the drive spec, to
+ prevent infinite recursion in glob. */
+ if (__glob_pattern_p (drive_spec, !(flags & GLOB_NOESCAPE)))
+ return GLOB_NOMATCH;
+- /* If this is "d:pattern", we need to copy `:' to DIRNAME
++ /* If this is "d:pattern", we need to copy ':' to DIRNAME
+ as well. If it's "d:/pattern", don't remove the slash
+ from "d:/", since "d:" and "d:/" are not the same.*/
+ }
+ #endif
+-#ifdef _LIBC
+- if (__libc_use_alloca (alloca_used + dirlen + 1))
++
++ if (glob_use_alloca (alloca_used, dirlen + 1))
+ newp = alloca_account (dirlen + 1, alloca_used);
+ else
+-#endif
+ {
+ newp = malloc (dirlen + 1);
+ if (newp == NULL)
+@@ -575,14 +565,17 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ dirname = newp;
+ ++filename;
+
+- if (filename[0] == '\0'
+ #if defined __MSDOS__ || defined WINDOWS32
+- && dirname[dirlen - 1] != ':'
+- && (dirlen < 3 || dirname[dirlen - 2] != ':'
+- || dirname[dirlen - 1] != '/')
++ bool drive_root = (dirlen > 1
++ && (dirname[dirlen - 1] == ':'
++ || (dirlen > 2 && dirname[dirlen - 2] == ':'
++ && dirname[dirlen - 1] == '/')));
++#else
++ bool drive_root = false;
+ #endif
+- && dirlen > 1)
+- /* "pattern/". Expand "pattern", appending slashes. */
++
++ if (filename[0] == '\0' && dirlen > 1 && !drive_root)
++ /* "pattern/". Expand "pattern", appending slashes. */
+ {
+ int orig_flags = flags;
+ if (!(flags & GLOB_NOESCAPE) && dirname[dirlen - 1] == '\\')
+@@ -615,7 +608,6 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ }
+ }
+
+-#ifndef VMS
+ if ((flags & (GLOB_TILDE|GLOB_TILDE_CHECK)) && dirname[0] == '~')
+ {
+ if (dirname[1] == '\0' || dirname[1] == '/'
+@@ -625,100 +617,127 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ /* Look up home directory. */
+ char *home_dir = getenv ("HOME");
+ int malloc_home_dir = 0;
+-# ifdef _AMIGA
+- if (home_dir == NULL || home_dir[0] == '\0')
+- home_dir = "SYS:";
+-# else
+-# ifdef WINDOWS32
+- if (home_dir == NULL || home_dir[0] == '\0')
+- home_dir = "c:/users/default"; /* poor default */
+-# else
+ if (home_dir == NULL || home_dir[0] == '\0')
+ {
++#ifdef WINDOWS32
++ /* Windows NT defines HOMEDRIVE and HOMEPATH. But give
++ preference to HOME, because the user can change HOME. */
++ const char *home_drive = getenv ("HOMEDRIVE");
++ const char *home_path = getenv ("HOMEPATH");
++
++ if (home_drive != NULL && home_path != NULL)
++ {
++ size_t home_drive_len = strlen (home_drive);
++ size_t home_path_len = strlen (home_path);
++ char *mem = alloca (home_drive_len + home_path_len + 1);
++
++ memcpy (mem, home_drive, home_drive_len);
++ memcpy (mem + home_drive_len, home_path, home_path_len + 1);
++ home_dir = mem;
++ }
++ else
++ home_dir = "c:/users/default"; /* poor default */
++#else
+ int success;
+ char *name;
++ int malloc_name = 0;
+ size_t buflen = GET_LOGIN_NAME_MAX () + 1;
+
+ if (buflen == 0)
+- /* `sysconf' does not support _SC_LOGIN_NAME_MAX. Try
++ /* 'sysconf' does not support _SC_LOGIN_NAME_MAX. Try
+ a moderate value. */
+ buflen = 20;
+- name = alloca_account (buflen, alloca_used);
++ if (glob_use_alloca (alloca_used, buflen))
++ name = alloca_account (buflen, alloca_used);
++ else
++ {
++ name = malloc (buflen);
++ if (name == NULL)
++ {
++ retval = GLOB_NOSPACE;
++ goto out;
++ }
++ malloc_name = 1;
++ }
+
+ success = __getlogin_r (name, buflen) == 0;
+ if (success)
+ {
+ struct passwd *p;
+-# if defined HAVE_GETPWNAM_R || defined _LIBC
+- long int pwbuflen = GETPW_R_SIZE_MAX ();
++ char *malloc_pwtmpbuf = NULL;
+ char *pwtmpbuf;
++# if defined HAVE_GETPWNAM_R || defined _LIBC
++ long int pwbuflenmax = GETPW_R_SIZE_MAX ();
++ size_t pwbuflen = pwbuflenmax;
+ struct passwd pwbuf;
+- int malloc_pwtmpbuf = 0;
+ int save = errno;
+
+-# ifndef _LIBC
+- if (pwbuflen == -1)
+- /* `sysconf' does not support _SC_GETPW_R_SIZE_MAX.
++# ifndef _LIBC
++ if (! (0 < pwbuflenmax && pwbuflenmax <= SIZE_MAX))
++ /* 'sysconf' does not support _SC_GETPW_R_SIZE_MAX.
+ Try a moderate value. */
+ pwbuflen = 1024;
+-# endif
+- if (__libc_use_alloca (alloca_used + pwbuflen))
++# endif
++ if (glob_use_alloca (alloca_used, pwbuflen))
+ pwtmpbuf = alloca_account (pwbuflen, alloca_used);
+ else
+ {
+ pwtmpbuf = malloc (pwbuflen);
+ if (pwtmpbuf == NULL)
+ {
++ if (__glibc_unlikely (malloc_name))
++ free (name);
+ retval = GLOB_NOSPACE;
+ goto out;
+ }
+- malloc_pwtmpbuf = 1;
++ malloc_pwtmpbuf = pwtmpbuf;
+ }
+
+ while (getpwnam_r (name, &pwbuf, pwtmpbuf, pwbuflen, &p)
+ != 0)
+ {
++ size_t newlen;
++ bool v;
+ if (errno != ERANGE)
+ {
+ p = NULL;
+ break;
+ }
+-
+- if (!malloc_pwtmpbuf
+- && __libc_use_alloca (alloca_used
+- + 2 * pwbuflen))
++ v = size_add_wrapv (pwbuflen, pwbuflen, &newlen);
++ if (!v && malloc_pwtmpbuf == NULL
++ && glob_use_alloca (alloca_used, newlen))
+ pwtmpbuf = extend_alloca_account (pwtmpbuf, pwbuflen,
+- 2 * pwbuflen,
+- alloca_used);
++ newlen, alloca_used);
+ else
+ {
+- char *newp = realloc (malloc_pwtmpbuf
+- ? pwtmpbuf : NULL,
+- 2 * pwbuflen);
++ char *newp = (v ? NULL
++ : realloc (malloc_pwtmpbuf, newlen));
+ if (newp == NULL)
+ {
+- if (__glibc_unlikely (malloc_pwtmpbuf))
+- free (pwtmpbuf);
++ free (malloc_pwtmpbuf);
++ if (__glibc_unlikely (malloc_name))
++ free (name);
+ retval = GLOB_NOSPACE;
+ goto out;
+ }
+- pwtmpbuf = newp;
+- pwbuflen = 2 * pwbuflen;
+- malloc_pwtmpbuf = 1;
++ malloc_pwtmpbuf = pwtmpbuf = newp;
+ }
++ pwbuflen = newlen;
+ __set_errno (save);
+ }
+-# else
++# else
+ p = getpwnam (name);
+-# endif
++# endif
++ if (__glibc_unlikely (malloc_name))
++ free (name);
+ if (p != NULL)
+ {
+- if (!malloc_pwtmpbuf)
++ if (malloc_pwtmpbuf == NULL)
+ home_dir = p->pw_dir;
+ else
+ {
+ size_t home_dir_len = strlen (p->pw_dir) + 1;
+- if (__libc_use_alloca (alloca_used + home_dir_len))
++ if (glob_use_alloca (alloca_used, home_dir_len))
+ home_dir = alloca_account (home_dir_len,
+ alloca_used);
+ else
+@@ -733,26 +752,32 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ malloc_home_dir = 1;
+ }
+ memcpy (home_dir, p->pw_dir, home_dir_len);
+-
+- free (pwtmpbuf);
+ }
+ }
++ free (malloc_pwtmpbuf);
+ }
++ else
++ {
++ if (__glibc_unlikely (malloc_name))
++ free (name);
++ }
++#endif /* WINDOWS32 */
+ }
+ if (home_dir == NULL || home_dir[0] == '\0')
+ {
++ if (__glibc_unlikely (malloc_home_dir))
++ free (home_dir);
+ if (flags & GLOB_TILDE_CHECK)
+ {
+- if (__glibc_unlikely (malloc_home_dir))
+- free (home_dir);
+ retval = GLOB_NOMATCH;
+ goto out;
+ }
+ else
+- home_dir = (char *) "~"; /* No luck. */
++ {
++ home_dir = (char *) "~"; /* No luck. */
++ malloc_home_dir = 0;
++ }
+ }
+-# endif /* WINDOWS32 */
+-# endif
+ /* Now construct the full directory. */
+ if (dirname[1] == '\0')
+ {
+@@ -767,8 +792,7 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ {
+ char *newp;
+ size_t home_len = strlen (home_dir);
+- int use_alloca = __libc_use_alloca (alloca_used
+- + home_len + dirlen);
++ int use_alloca = glob_use_alloca (alloca_used, home_len + dirlen);
+ if (use_alloca)
+ newp = alloca_account (home_len + dirlen, alloca_used);
+ else
+@@ -792,12 +816,15 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ dirname = newp;
+ dirlen += home_len - 1;
+ malloc_dirname = !use_alloca;
++
++ if (__glibc_unlikely (malloc_home_dir))
++ free (home_dir);
+ }
+ dirname_modified = 1;
+ }
+-# if !defined _AMIGA && !defined WINDOWS32
+ else
+ {
++#ifndef WINDOWS32
+ char *end_name = strchr (dirname, '/');
+ char *user_name;
+ int malloc_user_name = 0;
+@@ -819,7 +846,7 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ else
+ {
+ char *newp;
+- if (__libc_use_alloca (alloca_used + (end_name - dirname)))
++ if (glob_use_alloca (alloca_used, end_name - dirname))
+ newp = alloca_account (end_name - dirname, alloca_used);
+ else
+ {
+@@ -836,11 +863,11 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ char *p = mempcpy (newp, dirname + 1,
+ unescape - dirname - 1);
+ char *q = unescape;
+- while (*q != '\0')
++ while (q != end_name)
+ {
+ if (*q == '\\')
+ {
+- if (q[1] == '\0')
++ if (q + 1 == end_name)
+ {
+ /* "~fo\\o\\" unescape to user_name "foo\\",
+ but "~fo\\o\\/" unescape to user_name
+@@ -856,7 +883,7 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ *p = '\0';
+ }
+ else
+- *((char *) mempcpy (newp, dirname + 1, end_name - dirname))
++ *((char *) mempcpy (newp, dirname + 1, end_name - dirname - 1))
+ = '\0';
+ user_name = newp;
+ }
+@@ -864,20 +891,21 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ /* Look up specific user's home directory. */
+ {
+ struct passwd *p;
++ char *malloc_pwtmpbuf = NULL;
+ # if defined HAVE_GETPWNAM_R || defined _LIBC
+- long int buflen = GETPW_R_SIZE_MAX ();
++ long int buflenmax = GETPW_R_SIZE_MAX ();
++ size_t buflen = buflenmax;
+ char *pwtmpbuf;
+- int malloc_pwtmpbuf = 0;
+ struct passwd pwbuf;
+ int save = errno;
+
+ # ifndef _LIBC
+- if (buflen == -1)
+- /* `sysconf' does not support _SC_GETPW_R_SIZE_MAX. Try a
++ if (! (0 <= buflenmax && buflenmax <= SIZE_MAX))
++ /* Perhaps 'sysconf' does not support _SC_GETPW_R_SIZE_MAX. Try a
+ moderate value. */
+ buflen = 1024;
+ # endif
+- if (__libc_use_alloca (alloca_used + buflen))
++ if (glob_use_alloca (alloca_used, buflen))
+ pwtmpbuf = alloca_account (buflen, alloca_used);
+ else
+ {
+@@ -890,32 +918,32 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ retval = GLOB_NOSPACE;
+ goto out;
+ }
+- malloc_pwtmpbuf = 1;
++ malloc_pwtmpbuf = pwtmpbuf;
+ }
+
+ while (getpwnam_r (user_name, &pwbuf, pwtmpbuf, buflen, &p) != 0)
+ {
++ size_t newlen;
++ bool v;
+ if (errno != ERANGE)
+ {
+ p = NULL;
+ break;
+ }
+- if (!malloc_pwtmpbuf
+- && __libc_use_alloca (alloca_used + 2 * buflen))
++ v = size_add_wrapv (buflen, buflen, &newlen);
++ if (!v && malloc_pwtmpbuf == NULL
++ && glob_use_alloca (alloca_used, newlen))
+ pwtmpbuf = extend_alloca_account (pwtmpbuf, buflen,
+- 2 * buflen, alloca_used);
++ newlen, alloca_used);
+ else
+ {
+- char *newp = realloc (malloc_pwtmpbuf ? pwtmpbuf : NULL,
+- 2 * buflen);
++ char *newp = v ? NULL : realloc (malloc_pwtmpbuf, newlen);
+ if (newp == NULL)
+ {
+- if (__glibc_unlikely (malloc_pwtmpbuf))
+- free (pwtmpbuf);
++ free (malloc_pwtmpbuf);
+ goto nomem_getpw;
+ }
+- pwtmpbuf = newp;
+- malloc_pwtmpbuf = 1;
++ malloc_pwtmpbuf = pwtmpbuf = newp;
+ }
+ __set_errno (save);
+ }
+@@ -936,7 +964,7 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ free (dirname);
+ malloc_dirname = 0;
+
+- if (__libc_use_alloca (alloca_used + home_len + rest_len + 1))
++ if (glob_use_alloca (alloca_used, home_len + rest_len + 1))
+ dirname = alloca_account (home_len + rest_len + 1,
+ alloca_used);
+ else
+@@ -944,8 +972,7 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ dirname = malloc (home_len + rest_len + 1);
+ if (dirname == NULL)
+ {
+- if (__glibc_unlikely (malloc_pwtmpbuf))
+- free (pwtmpbuf);
++ free (malloc_pwtmpbuf);
+ retval = GLOB_NOSPACE;
+ goto out;
+ }
+@@ -957,24 +984,24 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ dirlen = home_len + rest_len;
+ dirname_modified = 1;
+
+- if (__glibc_unlikely (malloc_pwtmpbuf))
+- free (pwtmpbuf);
++ free (malloc_pwtmpbuf);
+ }
+ else
+ {
+- if (__glibc_unlikely (malloc_pwtmpbuf))
+- free (pwtmpbuf);
++ free (malloc_pwtmpbuf);
+
+ if (flags & GLOB_TILDE_CHECK)
+- /* We have to regard it as an error if we cannot find the
+- home directory. */
+- return GLOB_NOMATCH;
++ {
++ /* We have to regard it as an error if we cannot find the
++ home directory. */
++ retval = GLOB_NOMATCH;
++ goto out;
++ }
+ }
+ }
++#endif /* !WINDOWS32 */
+ }
+-# endif /* Not Amiga && not WINDOWS32. */
+ }
+-#endif /* Not VMS. */
+
+ /* Now test whether we looked for "~" or "~NAME". In this case we
+ can give the answer now. */
+@@ -993,19 +1020,18 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ size_t newcount = pglob->gl_pathc + pglob->gl_offs;
+ char **new_gl_pathv;
+
+- if (newcount > UINTPTR_MAX - (1 + 1)
+- || newcount + 1 + 1 > ~((size_t) 0) / sizeof (char *))
++ if (newcount > SIZE_MAX / sizeof (char *) - 2)
+ {
+ nospace:
+ free (pglob->gl_pathv);
+ pglob->gl_pathv = NULL;
+ pglob->gl_pathc = 0;
+- return GLOB_NOSPACE;
++ retval = GLOB_NOSPACE;
++ goto out;
+ }
+
+- new_gl_pathv
+- = (char **) realloc (pglob->gl_pathv,
+- (newcount + 1 + 1) * sizeof (char *));
++ new_gl_pathv = realloc (pglob->gl_pathv,
++ (newcount + 2) * sizeof (char *));
+ if (new_gl_pathv == NULL)
+ goto nospace;
+ pglob->gl_pathv = new_gl_pathv;
+@@ -1019,12 +1045,19 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ p = mempcpy (pglob->gl_pathv[newcount], dirname, dirlen);
+ p[0] = '/';
+ p[1] = '\0';
++ if (__glibc_unlikely (malloc_dirname))
++ free (dirname);
+ }
+ else
+ {
+- pglob->gl_pathv[newcount] = strdup (dirname);
+- if (pglob->gl_pathv[newcount] == NULL)
+- goto nospace;
++ if (__glibc_unlikely (malloc_dirname))
++ pglob->gl_pathv[newcount] = dirname;
++ else
++ {
++ pglob->gl_pathv[newcount] = strdup (dirname);
++ if (pglob->gl_pathv[newcount] == NULL)
++ goto nospace;
++ }
+ }
+ pglob->gl_pathv[++newcount] = NULL;
+ ++pglob->gl_pathc;
+@@ -1034,7 +1067,8 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ }
+
+ /* Not found. */
+- return GLOB_NOMATCH;
++ retval = GLOB_NOMATCH;
++ goto out;
+ }
+
+ meta = __glob_pattern_type (dirname, !(flags & GLOB_NOESCAPE));
+@@ -1080,7 +1114,10 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ if (status != 0)
+ {
+ if ((flags & GLOB_NOCHECK) == 0 || status != GLOB_NOMATCH)
+- return status;
++ {
++ retval = status;
++ goto out;
++ }
+ goto no_matches;
+ }
+
+@@ -1091,19 +1128,6 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ {
+ size_t old_pathc;
+
+-#ifdef SHELL
+- {
+- /* Make globbing interruptible in the bash shell. */
+- extern int interrupt_state;
+-
+- if (interrupt_state)
+- {
+- globfree (&dirs);
+- return GLOB_ABORTED;
+- }
+- }
+-#endif /* SHELL. */
+-
+ old_pathc = pglob->gl_pathc;
+ status = glob_in_dir (filename, dirs.gl_pathv[i],
+ ((flags | GLOB_APPEND)
+@@ -1118,7 +1142,8 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ globfree (&dirs);
+ globfree (pglob);
+ pglob->gl_pathc = 0;
+- return status;
++ retval = status;
++ goto out;
+ }
+
+ /* Stick the directory on the front of each name. */
+@@ -1129,13 +1154,14 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ globfree (&dirs);
+ globfree (pglob);
+ pglob->gl_pathc = 0;
+- return GLOB_NOSPACE;
++ retval = GLOB_NOSPACE;
++ goto out;
+ }
+ }
+
+ flags |= GLOB_MAGCHAR;
+
+- /* We have ignored the GLOB_NOCHECK flag in the `glob_in_dir' calls.
++ /* We have ignored the GLOB_NOCHECK flag in the 'glob_in_dir' calls.
+ But if we have not found any matching entry and the GLOB_NOCHECK
+ flag was set we must return the input pattern itself. */
+ if (pglob->gl_pathc + pglob->gl_offs == oldcount)
+@@ -1147,28 +1173,28 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ size_t newcount = pglob->gl_pathc + pglob->gl_offs;
+ char **new_gl_pathv;
+
+- if (newcount > UINTPTR_MAX - 2
+- || newcount + 2 > ~((size_t) 0) / sizeof (char *))
++ if (newcount > SIZE_MAX / sizeof (char *) - 2)
+ {
+ nospace2:
+ globfree (&dirs);
+- return GLOB_NOSPACE;
++ retval = GLOB_NOSPACE;
++ goto out;
+ }
+
+- new_gl_pathv = (char **) realloc (pglob->gl_pathv,
+- (newcount + 2)
+- * sizeof (char *));
++ new_gl_pathv = realloc (pglob->gl_pathv,
++ (newcount + 2) * sizeof (char *));
+ if (new_gl_pathv == NULL)
+ goto nospace2;
+ pglob->gl_pathv = new_gl_pathv;
+
+- pglob->gl_pathv[newcount] = __strdup (pattern);
++ pglob->gl_pathv[newcount] = strdup (pattern);
+ if (pglob->gl_pathv[newcount] == NULL)
+ {
+ globfree (&dirs);
+ globfree (pglob);
+ pglob->gl_pathc = 0;
+- return GLOB_NOSPACE;
++ retval = GLOB_NOSPACE;
++ goto out;
+ }
+
+ ++pglob->gl_pathc;
+@@ -1180,7 +1206,8 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ else
+ {
+ globfree (&dirs);
+- return GLOB_NOMATCH;
++ retval = GLOB_NOMATCH;
++ goto out;
+ }
+ }
+
+@@ -1226,7 +1253,8 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ flags = orig_flags;
+ goto no_matches;
+ }
+- return status;
++ retval = status;
++ goto out;
+ }
+
+ if (dirlen > 0)
+@@ -1238,7 +1266,8 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ {
+ globfree (pglob);
+ pglob->gl_pathc = 0;
+- return GLOB_NOSPACE;
++ retval = GLOB_NOSPACE;
++ goto out;
+ }
+ }
+ }
+@@ -1263,7 +1292,8 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ {
+ globfree (pglob);
+ pglob->gl_pathc = 0;
+- return GLOB_NOSPACE;
++ retval = GLOB_NOSPACE;
++ goto out;
+ }
+ strcpy (&new[len - 2], "/");
+ pglob->gl_pathv[i] = new;
+@@ -1289,32 +1319,12 @@ libc_hidden_def (glob)
+ #endif
+
+
+-#if !defined _LIBC || !defined GLOB_ONLY_P
+-
+-/* Free storage allocated in PGLOB by a previous `glob' call. */
+-void
+-globfree (glob_t *pglob)
+-{
+- if (pglob->gl_pathv != NULL)
+- {
+- size_t i;
+- for (i = 0; i < pglob->gl_pathc; ++i)
+- free (pglob->gl_pathv[pglob->gl_offs + i]);
+- free (pglob->gl_pathv);
+- pglob->gl_pathv = NULL;
+- }
+-}
+-#if defined _LIBC && !defined globfree
+-libc_hidden_def (globfree)
+-#endif
+-
+-
+ /* Do a collated comparison of A and B. */
+ static int
+ collated_compare (const void *a, const void *b)
+ {
+- const char *const s1 = *(const char *const * const) a;
+- const char *const s2 = *(const char *const * const) b;
++ char *const *ps1 = a; char *s1 = *ps1;
++ char *const *ps2 = b; char *s2 = *ps2;
+
+ if (s1 == s2)
+ return 0;
+@@ -1335,28 +1345,24 @@ prefix_array (const char *dirname, char **array, size_t n)
+ {
+ size_t i;
+ size_t dirlen = strlen (dirname);
+-#if defined __MSDOS__ || defined WINDOWS32
+- int sep_char = '/';
+-# define DIRSEP_CHAR sep_char
+-#else
+-# define DIRSEP_CHAR '/'
+-#endif
++ char dirsep_char = '/';
+
+ if (dirlen == 1 && dirname[0] == '/')
+ /* DIRNAME is just "/", so normal prepending would get us "//foo".
+ We want "/foo" instead, so don't prepend any chars from DIRNAME. */
+ dirlen = 0;
++
+ #if defined __MSDOS__ || defined WINDOWS32
+- else if (dirlen > 1)
++ if (dirlen > 1)
+ {
+ if (dirname[dirlen - 1] == '/' && dirname[dirlen - 2] == ':')
+ /* DIRNAME is "d:/". Don't prepend the slash from DIRNAME. */
+ --dirlen;
+ else if (dirname[dirlen - 1] == ':')
+ {
+- /* DIRNAME is "d:". Use `:' instead of `/'. */
++ /* DIRNAME is "d:". Use ':' instead of '/'. */
+ --dirlen;
+- sep_char = ':';
++ dirsep_char = ':';
+ }
+ }
+ #endif
+@@ -1364,7 +1370,7 @@ prefix_array (const char *dirname, char **array, size_t n)
+ for (i = 0; i < n; ++i)
+ {
+ size_t eltlen = strlen (array[i]) + 1;
+- char *new = (char *) malloc (dirlen + 1 + eltlen);
++ char *new = malloc (dirlen + 1 + eltlen);
+ if (new == NULL)
+ {
+ while (i > 0)
+@@ -1374,7 +1380,7 @@ prefix_array (const char *dirname, char **array, size_t n)
+
+ {
+ char *endp = mempcpy (new, dirname, dirlen);
+- *endp++ = DIRSEP_CHAR;
++ *endp++ = dirsep_char;
+ mempcpy (endp, array[i], eltlen);
+ }
+ free (array[i]);
+@@ -1384,103 +1390,57 @@ prefix_array (const char *dirname, char **array, size_t n)
+ return 0;
+ }
+
+-
+-/* We must not compile this function twice. */
+-#if !defined _LIBC || !defined NO_GLOB_PATTERN_P
+-int
+-__glob_pattern_type (const char *pattern, int quote)
+-{
+- const char *p;
+- int ret = 0;
+-
+- for (p = pattern; *p != '\0'; ++p)
+- switch (*p)
+- {
+- case '?':
+- case '*':
+- return 1;
+-
+- case '\\':
+- if (quote)
+- {
+- if (p[1] != '\0')
+- ++p;
+- ret |= 2;
+- }
+- break;
+-
+- case '[':
+- ret |= 4;
+- break;
+-
+- case ']':
+- if (ret & 4)
+- return 1;
+- break;
+- }
+-
+- return ret;
+-}
+-
+-/* Return nonzero if PATTERN contains any metacharacters.
+- Metacharacters can be quoted with backslashes if QUOTE is nonzero. */
+-int
+-__glob_pattern_p (const char *pattern, int quote)
+-{
+- return __glob_pattern_type (pattern, quote) == 1;
+-}
+-# ifdef _LIBC
+-weak_alias (__glob_pattern_p, glob_pattern_p)
+-# endif
+-#endif
+-
+-#endif /* !GLOB_ONLY_P */
+-
+-
+ /* We put this in a separate function mainly to allow the memory
+ allocated with alloca to be recycled. */
+-#if !defined _LIBC || !defined GLOB_ONLY_P
+ static int
+ __attribute_noinline__
+-link_exists2_p (const char *dir, size_t dirlen, const char *fname,
+- glob_t *pglob
+-# ifndef _LIBC
+- , int flags
++link_stat (const char *dir, size_t dirlen, const char *fname,
++ glob_t *pglob
++# if !defined _LIBC && !HAVE_FSTATAT
++ , int flags
+ # endif
+- )
++ )
+ {
+ size_t fnamelen = strlen (fname);
+- char *fullname = (char *) __alloca (dirlen + 1 + fnamelen + 1);
++ char *fullname = __alloca (dirlen + 1 + fnamelen + 1);
+ struct stat st;
+-# ifndef _LIBC
+- struct_stat64 st64;
+-# endif
+
+ mempcpy (mempcpy (mempcpy (fullname, dir, dirlen), "/", 1),
+ fname, fnamelen + 1);
+
+-# ifdef _LIBC
+- return (*pglob->gl_stat) (fullname, &st) == 0;
+-# else
+- return ((__builtin_expect (flags & GLOB_ALTDIRFUNC, 0)
+- ? (*pglob->gl_stat) (fullname, &st)
+- : __stat64 (fullname, &st64)) == 0);
++# if !defined _LIBC && !HAVE_FSTATAT
++ if (__builtin_expect ((flags & GLOB_ALTDIRFUNC) == 0, 1))
++ {
++ struct_stat64 st64;
++ return __stat64 (fullname, &st64);
++ }
+ # endif
++ return (*pglob->gl_stat) (fullname, &st);
+ }
+-# ifdef _LIBC
+-# define link_exists_p(dfd, dirname, dirnamelen, fname, pglob, flags) \
+- (__builtin_expect (flags & GLOB_ALTDIRFUNC, 0) \
+- ? link_exists2_p (dirname, dirnamelen, fname, pglob) \
+- : ({ struct stat64 st64; \
+- __fxstatat64 (_STAT_VER, dfd, fname, &st64, 0) == 0; }))
++
++/* Return true if DIR/FNAME exists. */
++static int
++link_exists_p (int dfd, const char *dir, size_t dirlen, const char *fname,
++ glob_t *pglob, int flags)
++{
++ int status;
++# if defined _LIBC || HAVE_FSTATAT
++ if (__builtin_expect (flags & GLOB_ALTDIRFUNC, 0))
++ status = link_stat (dir, dirlen, fname, pglob);
++ else
++ {
++ /* dfd cannot be -1 here, because dirfd never returns -1 on
++ glibc, or on hosts that have fstatat. */
++ struct_stat64 st64;
++ status = __fxstatat64 (_STAT_VER, dfd, fname, &st64, 0);
++ }
+ # else
+-# define link_exists_p(dfd, dirname, dirnamelen, fname, pglob, flags) \
+- link_exists2_p (dirname, dirnamelen, fname, pglob, flags)
++ status = link_stat (dir, dirlen, fname, pglob, flags);
+ # endif
+-#endif
+-
++ return status == 0 || errno == EOVERFLOW;
++}
+
+-/* Like `glob', but PATTERN is a final pathname component,
++/* Like 'glob', but PATTERN is a final pathname component,
+ and matches are searched for in DIRECTORY.
+ The GLOB_NOSORT bit in FLAGS is ignored. No sorting is ever done.
+ The GLOB_APPEND flag is assumed to be set (always appends). */
+@@ -1491,25 +1451,25 @@ glob_in_dir (const char *pattern, const char *directory, int flags,
+ {
+ size_t dirlen = strlen (directory);
+ void *stream = NULL;
+- struct globnames
+- {
+- struct globnames *next;
+- size_t count;
+- char *name[64];
+- };
+-#define INITIAL_COUNT sizeof (init_names.name) / sizeof (init_names.name[0])
+- struct globnames init_names;
+- struct globnames *names = &init_names;
+- struct globnames *names_alloca = &init_names;
++# define GLOBNAMES_MEMBERS(nnames) \
++ struct globnames *next; size_t count; char *name[nnames];
++ struct globnames { GLOBNAMES_MEMBERS (FLEXIBLE_ARRAY_MEMBER) };
++ struct { GLOBNAMES_MEMBERS (64) } init_names_buf;
++ struct globnames *init_names = (struct globnames *) &init_names_buf;
++ struct globnames *names = init_names;
++ struct globnames *names_alloca = init_names;
+ size_t nfound = 0;
+ size_t cur = 0;
+ int meta;
+ int save;
++ int result;
+
+- alloca_used += sizeof (init_names);
++ alloca_used += sizeof init_names_buf;
+
+- init_names.next = NULL;
+- init_names.count = INITIAL_COUNT;
++ init_names->next = NULL;
++ init_names->count = ((sizeof init_names_buf
++ - offsetof (struct globnames, name))
++ / sizeof init_names->name[0]);
+
+ meta = __glob_pattern_type (pattern, !(flags & GLOB_NOESCAPE));
+ if (meta == 0 && (flags & (GLOB_NOCHECK|GLOB_NOMAGIC)))
+@@ -1529,14 +1489,16 @@ glob_in_dir (const char *pattern, const char *directory, int flags,
+ struct_stat64 st64;
+ } ust;
+ size_t patlen = strlen (pattern);
+- int alloca_fullname = __libc_use_alloca (alloca_used
+- + dirlen + 1 + patlen + 1);
++ size_t fullsize;
++ bool alloca_fullname
++ = (! size_add_wrapv (dirlen + 1, patlen + 1, &fullsize)
++ && glob_use_alloca (alloca_used, fullsize));
+ char *fullname;
+ if (alloca_fullname)
+- fullname = alloca_account (dirlen + 1 + patlen + 1, alloca_used);
++ fullname = alloca_account (fullsize, alloca_used);
+ else
+ {
+- fullname = malloc (dirlen + 1 + patlen + 1);
++ fullname = malloc (fullsize);
+ if (fullname == NULL)
+ return GLOB_NOSPACE;
+ }
+@@ -1544,9 +1506,11 @@ glob_in_dir (const char *pattern, const char *directory, int flags,
+ mempcpy (mempcpy (mempcpy (fullname, directory, dirlen),
+ "/", 1),
+ pattern, patlen + 1);
+- if ((__builtin_expect (flags & GLOB_ALTDIRFUNC, 0)
++ if (((__builtin_expect (flags & GLOB_ALTDIRFUNC, 0)
+ ? (*pglob->gl_stat) (fullname, &ust.st)
+- : __stat64 (fullname, &ust.st64)) == 0)
++ : __stat64 (fullname, &ust.st64))
++ == 0)
++ || errno == EOVERFLOW)
+ /* We found this file to be existing. Now tell the rest
+ of the function to copy this name into the result. */
+ flags |= GLOB_NOCHECK;
+@@ -1568,16 +1532,10 @@ glob_in_dir (const char *pattern, const char *directory, int flags,
+ }
+ else
+ {
+-#ifdef _LIBC
+ int dfd = (__builtin_expect (flags & GLOB_ALTDIRFUNC, 0)
+ ? -1 : dirfd ((DIR *) stream));
+-#endif
+ int fnm_flags = ((!(flags & GLOB_PERIOD) ? FNM_PERIOD : 0)
+- | ((flags & GLOB_NOESCAPE) ? FNM_NOESCAPE : 0)
+-#if defined _AMIGA || defined VMS
+- | FNM_CASEFOLD
+-#endif
+- );
++ | ((flags & GLOB_NOESCAPE) ? FNM_NOESCAPE : 0));
+ flags |= GLOB_MAGCHAR;
+
+ while (1)
+@@ -1597,19 +1555,24 @@ glob_in_dir (const char *pattern, const char *directory, int flags,
+ }
+ if (d.name == NULL)
+ break;
+- if (d.skip_entry)
++ if (readdir_result_skip_entry (d))
+ continue;
+
+ /* If we shall match only directories use the information
+ provided by the dirent call if possible. */
+- if ((flags & GLOB_ONLYDIR) && !readdir_result_might_be_dir (d))
+- continue;
++ if (flags & GLOB_ONLYDIR)
++ switch (readdir_result_type (d))
++ {
++ case DT_DIR: case DT_LNK: case DT_UNKNOWN: break;
++ default: continue;
++ }
+
+ if (fnmatch (pattern, d.name, fnm_flags) == 0)
+ {
+ /* If the file we found is a symlink we have to
+ make sure the target file exists. */
+- if (!readdir_result_might_be_symlink (d)
++ dirent_type type = readdir_result_type (d);
++ if (! (type == DT_LNK || type == DT_UNKNOWN)
+ || link_exists_p (dfd, directory, dirlen, d.name,
+ pglob, flags))
+ {
+@@ -1617,10 +1580,13 @@ glob_in_dir (const char *pattern, const char *directory, int flags,
+ {
+ struct globnames *newnames;
+ size_t count = names->count * 2;
+- size_t size = (sizeof (struct globnames)
+- + ((count - INITIAL_COUNT)
+- * sizeof (char *)));
+- if (__libc_use_alloca (alloca_used + size))
++ size_t nameoff = offsetof (struct globnames, name);
++ size_t size = FLEXSIZEOF (struct globnames, name,
++ count * sizeof (char *));
++ if ((SIZE_MAX - nameoff) / 2 / sizeof (char *)
++ < names->count)
++ goto memory_error;
++ if (glob_use_alloca (alloca_used, size))
+ newnames = names_alloca
+ = alloca_account (size, alloca_used);
+ else if ((newnames = malloc (size))
+@@ -1636,6 +1602,8 @@ glob_in_dir (const char *pattern, const char *directory, int flags,
+ goto memory_error;
+ ++cur;
+ ++nfound;
++ if (SIZE_MAX - pglob->gl_offs <= nfound)
++ goto memory_error;
+ }
+ }
+ }
+@@ -1646,29 +1614,27 @@ glob_in_dir (const char *pattern, const char *directory, int flags,
+ {
+ size_t len = strlen (pattern);
+ nfound = 1;
+- names->name[cur] = (char *) malloc (len + 1);
++ names->name[cur] = malloc (len + 1);
+ if (names->name[cur] == NULL)
+ goto memory_error;
+ *((char *) mempcpy (names->name[cur++], pattern, len)) = '\0';
+ }
+
+- int result = GLOB_NOMATCH;
++ result = GLOB_NOMATCH;
+ if (nfound != 0)
+ {
++ char **new_gl_pathv;
+ result = 0;
+
+- if (pglob->gl_pathc > UINTPTR_MAX - pglob->gl_offs
+- || pglob->gl_pathc + pglob->gl_offs > UINTPTR_MAX - nfound
+- || pglob->gl_pathc + pglob->gl_offs + nfound > UINTPTR_MAX - 1
+- || (pglob->gl_pathc + pglob->gl_offs + nfound + 1
+- > UINTPTR_MAX / sizeof (char *)))
++ if (SIZE_MAX / sizeof (char *) - pglob->gl_pathc
++ < pglob->gl_offs + nfound + 1)
+ goto memory_error;
+
+- char **new_gl_pathv;
+ new_gl_pathv
+- = (char **) realloc (pglob->gl_pathv,
+- (pglob->gl_pathc + pglob->gl_offs + nfound + 1)
+- * sizeof (char *));
++ = realloc (pglob->gl_pathv,
++ (pglob->gl_pathc + pglob->gl_offs + nfound + 1)
++ * sizeof (char *));
++
+ if (new_gl_pathv == NULL)
+ {
+ memory_error:
+@@ -1684,7 +1650,7 @@ glob_in_dir (const char *pattern, const char *directory, int flags,
+ and this is the block assigned to OLD here. */
+ if (names == NULL)
+ {
+- assert (old == &init_names);
++ assert (old == init_names);
+ break;
+ }
+ cur = names->count;
+@@ -1710,7 +1676,7 @@ glob_in_dir (const char *pattern, const char *directory, int flags,
+ and this is the block assigned to OLD here. */
+ if (names == NULL)
+ {
+- assert (old == &init_names);
++ assert (old == init_names);
+ break;
+ }
+ cur = names->count;
+diff --git a/posix/glob64.c b/posix/glob64.c
+index a5f5a7f9e2..39e54afe8b 100644
+--- a/posix/glob64.c
++++ b/posix/glob64.c
+@@ -43,10 +43,4 @@ glob64 (const char *pattern, int flags,
+ }
+ libc_hidden_def (glob64)
+
+-void
+-globfree64 (glob64_t *pglob)
+-{
+-}
+-libc_hidden_def (globfree64)
+-
+ stub_warning (glob64)
+diff --git a/posix/glob_internal.h b/posix/glob_internal.h
+new file mode 100644
+index 0000000000..12c93660b7
+--- /dev/null
++++ b/posix/glob_internal.h
+@@ -0,0 +1,57 @@
++/* Shared definition for glob and glob_pattern_p.
++ Copyright (C) 2017 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#ifndef GLOB_INTERNAL_H
++# define GLOB_INTERNAL_H
++
++static inline int
++__glob_pattern_type (const char *pattern, int quote)
++{
++ const char *p;
++ int ret = 0;
++
++ for (p = pattern; *p != '\0'; ++p)
++ switch (*p)
++ {
++ case '?':
++ case '*':
++ return 1;
++
++ case '\\':
++ if (quote)
++ {
++ if (p[1] != '\0')
++ ++p;
++ ret |= 2;
++ }
++ break;
++
++ case '[':
++ ret |= 4;
++ break;
++
++ case ']':
++ if (ret & 4)
++ return 1;
++ break;
++ }
++
++ return ret;
++}
++
++#endif /* GLOB_INTERNAL_H */
+diff --git a/posix/glob_pattern_p.c b/posix/glob_pattern_p.c
+new file mode 100644
+index 0000000000..a17d337182
+--- /dev/null
++++ b/posix/glob_pattern_p.c
+@@ -0,0 +1,33 @@
++/* Return nonzero if PATTERN contains any metacharacters.
++ Copyright (C) 2017 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#ifndef _LIBC
++# include <config.h>
++#endif
++
++#include <glob.h>
++#include "glob_internal.h"
++
++/* Return nonzero if PATTERN contains any metacharacters.
++ Metacharacters can be quoted with backslashes if QUOTE is nonzero. */
++int
++__glob_pattern_p (const char *pattern, int quote)
++{
++ return __glob_pattern_type (pattern, quote) == 1;
++}
++weak_alias (__glob_pattern_p, glob_pattern_p)
+diff --git a/posix/globfree.c b/posix/globfree.c
+new file mode 100644
+index 0000000000..042e29d9b0
+--- /dev/null
++++ b/posix/globfree.c
+@@ -0,0 +1,41 @@
++/* Frees the dynamically allocated storage from an earlier call to glob.
++ Copyright (C) 2017 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#ifndef _LIBC
++# include <config.h>
++#endif
++
++#include <glob.h>
++#include <stdlib.h>
++
++/* Free storage allocated in PGLOB by a previous `glob' call. */
++void
++globfree (glob_t *pglob)
++{
++ if (pglob->gl_pathv != NULL)
++ {
++ size_t i;
++ for (i = 0; i < pglob->gl_pathc; ++i)
++ free (pglob->gl_pathv[pglob->gl_offs + i]);
++ free (pglob->gl_pathv);
++ pglob->gl_pathv = NULL;
++ }
++}
++#ifndef globfree
++libc_hidden_def (globfree)
++#endif
+diff --git a/sysdeps/unix/sysv/linux/sh/pread.c b/posix/globfree64.c
+similarity index 68%
+rename from sysdeps/unix/sysv/linux/sh/pread.c
+rename to posix/globfree64.c
+index d3f99f35db..c9f8908a4e 100644
+--- a/sysdeps/unix/sysv/linux/sh/pread.c
++++ b/posix/globfree64.c
+@@ -1,6 +1,6 @@
+-/* Copyright (C) 1997-2016 Free Software Foundation, Inc.
++/* Frees the dynamically allocated storage from an earlier call to glob.
++ Copyright (C) 2017 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+- Contributed by Ulrich Drepper <drepper(a)cygnus.com>, 1997.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+@@ -16,8 +16,16 @@
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+-/* SH4 ABI does not really require argument alignment for 64-bits, but
+- the kernel interface for pread adds a dummy long argument before the
+- offset. */
+-#define __ALIGNMENT_ARG
+-#include <sysdeps/unix/sysv/linux/pread.c>
++#ifndef _LIBC
++# include <config.h>
++#endif
++
++#include <glob.h>
++#include <stdlib.h>
++
++/* Free storage allocated in PGLOB by a previous `glob' call. */
++void
++globfree64 (glob64_t *pglob)
++{
++}
++libc_hidden_def (globfree64)
+diff --git a/posix/tst-glob-tilde.c b/posix/tst-glob-tilde.c
+new file mode 100644
+index 0000000000..6886f4371f
+--- /dev/null
++++ b/posix/tst-glob-tilde.c
+@@ -0,0 +1,143 @@
++/* Check for GLOB_TIDLE heap allocation issues (bugs 22320, 22325, 22332).
++ Copyright (C) 2017 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#include <glob.h>
++#include <mcheck.h>
++#include <nss.h>
++#include <pwd.h>
++#include <stdlib.h>
++#include <string.h>
++#include <support/check.h>
++#include <support/support.h>
++
++/* Flag which indicates whether to pass the GLOB_ONLYDIR flag. */
++static int do_onlydir;
++
++/* Flag which indicates whether to pass the GLOB_NOCHECK flag. */
++static int do_nocheck;
++
++/* Flag which indicates whether to pass the GLOB_MARK flag. */
++static int do_mark;
++
++/* Flag which indicates whether to pass the GLOB_NOESCAPE flag. */
++static int do_noescape;
++
++static void
++one_test (const char *prefix, const char *middle, const char *suffix)
++{
++ char *pattern = xasprintf ("%s%s%s", prefix, middle, suffix);
++ int flags = GLOB_TILDE;
++ if (do_onlydir)
++ flags |= GLOB_ONLYDIR;
++ if (do_nocheck)
++ flags |= GLOB_NOCHECK;
++ if (do_mark)
++ flags |= GLOB_MARK;
++ if (do_noescape)
++ flags |= GLOB_NOESCAPE;
++ glob_t gl;
++ /* This glob call might result in crashes or memory leaks. */
++ if (glob (pattern, flags, NULL, &gl) == 0)
++ globfree (&gl);
++ free (pattern);
++}
++
++enum
++ {
++ /* The largest base being tested. */
++ largest_base_size = 500000,
++
++ /* The actual size is the base size plus a variable whose absolute
++ value is not greater than this. This helps malloc to trigger
++ overflows. */
++ max_size_skew = 16,
++
++ /* The maximum string length supported by repeating_string
++ below. */
++ repeat_size = largest_base_size + max_size_skew,
++ };
++
++/* Used to construct strings which repeat a single character 'x'. */
++static char *repeat;
++
++/* Return a string of SIZE characters. */
++const char *
++repeating_string (int size)
++{
++ TEST_VERIFY (size >= 0);
++ TEST_VERIFY (size <= repeat_size);
++ const char *repeated_shifted = repeat + repeat_size - size;
++ TEST_VERIFY (strlen (repeated_shifted) == size);
++ return repeated_shifted;
++}
++
++static int
++do_test (void)
++{
++ /* Avoid network-based NSS modules and initialize nss_files with a
++ dummy lookup. This has to come before mtrace because NSS does
++ not free all memory. */
++ __nss_configure_lookup ("passwd", "files");
++ (void) getpwnam ("root");
++
++ mtrace ();
++
++ repeat = xmalloc (repeat_size + 1);
++ memset (repeat, 'x', repeat_size);
++ repeat[repeat_size] = '\0';
++
++ /* These numbers control the size of the user name. The values
++ cover the minimum (0), a typical size (8), a large
++ stack-allocated size (100000), and a somewhat large
++ heap-allocated size (largest_base_size). */
++ static const int base_sizes[] = { 0, 8, 100, 100000, largest_base_size, -1 };
++
++ for (do_onlydir = 0; do_onlydir < 2; ++do_onlydir)
++ for (do_nocheck = 0; do_nocheck < 2; ++do_nocheck)
++ for (do_mark = 0; do_mark < 2; ++do_mark)
++ for (do_noescape = 0; do_noescape < 2; ++do_noescape)
++ for (int base_idx = 0; base_sizes[base_idx] >= 0; ++base_idx)
++ {
++ for (int size_skew = -max_size_skew; size_skew <= max_size_skew;
++ ++size_skew)
++ {
++ int size = base_sizes[base_idx] + size_skew;
++ if (size < 0)
++ continue;
++
++ const char *user_name = repeating_string (size);
++ one_test ("~", user_name, "/a/b");
++ one_test ("~", user_name, "x\\x\\x////x\\a");
++ }
++
++ const char *user_name = repeating_string (base_sizes[base_idx]);
++ one_test ("~", user_name, "");
++ one_test ("~", user_name, "/");
++ one_test ("~", user_name, "/a");
++ one_test ("~", user_name, "/*/*");
++ one_test ("~", user_name, "\\/");
++ one_test ("/~", user_name, "");
++ one_test ("*/~", user_name, "/a/b");
++ }
++
++ free (repeat);
++
++ return 0;
++}
++
++#include <support/test-driver.c>
diff --git a/resolv/Makefile b/resolv/Makefile
index 8be41d3ae1..a4c86b9762 100644
--- a/resolv/Makefile
@@ -9482,12 +11928,12 @@ index 0000000000..cfc6dd8fa8
+ if (bind (fd, sa, sa_len) != 0)
+ FAIL_EXIT1 ("bind (%d), family %d: %m", fd, sa->sa_family);
+}
-diff --git a/sysdeps/unix/sysv/linux/sh/pread.c b/support/xcalloc.c
-similarity index 68%
-rename from sysdeps/unix/sysv/linux/sh/pread.c
+diff --git a/sysdeps/unix/sysv/linux/sh/pread64.c b/support/xcalloc.c
+similarity index 67%
+rename from sysdeps/unix/sysv/linux/sh/pread64.c
rename to support/xcalloc.c
-index d3f99f35db..135f42dab2 100644
---- a/sysdeps/unix/sysv/linux/sh/pread.c
+index b2e8a25788..135f42dab2 100644
+--- a/sysdeps/unix/sysv/linux/sh/pread64.c
+++ b/support/xcalloc.c
@@ -1,6 +1,6 @@
-/* Copyright (C) 1997-2016 Free Software Foundation, Inc.
@@ -9506,7 +11952,7 @@ index d3f99f35db..135f42dab2 100644
- the kernel interface for pread adds a dummy long argument before the
- offset. */
-#define __ALIGNMENT_ARG
--#include <sysdeps/unix/sysv/linux/pread.c>
+-#include <sysdeps/unix/sysv/linux/pread64.c>
+#include <support/support.h>
+
+#include <stdarg.h>
@@ -9523,31 +11969,30 @@ index d3f99f35db..135f42dab2 100644
+ oom_error ("calloc", n * s);
+ return p;
+}
-diff --git a/sysdeps/unix/sysv/linux/sh/pread64.c b/support/xchroot.c
-similarity index 67%
-rename from sysdeps/unix/sysv/linux/sh/pread64.c
-rename to support/xchroot.c
-index b2e8a25788..abcc299e00 100644
---- a/sysdeps/unix/sysv/linux/sh/pread64.c
+diff --git a/support/xchroot.c b/support/xchroot.c
+new file mode 100644
+index 0000000000..abcc299e00
+--- /dev/null
+++ b/support/xchroot.c
-@@ -1,6 +1,6 @@
--/* Copyright (C) 1997-2016 Free Software Foundation, Inc.
+@@ -0,0 +1,28 @@
+/* chroot with error checking.
+ Copyright (C) 2017 Free Software Foundation, Inc.
- This file is part of the GNU C Library.
-- Contributed by Ulrich Drepper <drepper(a)cygnus.com>, 1997.
-
- The GNU C Library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
-@@ -16,8 +16,13 @@
- License along with the GNU C Library; if not, see
- <http://www.gnu.org/licenses/>. */
-
--/* SH4 ABI does not really require argument alignment for 64-bits, but
-- the kernel interface for pread adds a dummy long argument before the
-- offset. */
--#define __ALIGNMENT_ARG
--#include <sysdeps/unix/sysv/linux/pread64.c>
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
+#include <support/check.h>
+#include <support/xunistd.h>
+#include <sys/stat.h>
@@ -11998,6 +14443,38 @@ index d5b8119c9c..ac57bd5db0 100644
"LD_LIBRARY_PATH\0" \
"LD_ORIGIN_PATH\0" \
"LD_PRELOAD\0" \
+diff --git a/sysdeps/gnu/glob64.c b/sysdeps/gnu/glob64.c
+index d1e4e6f0d5..52e97e2f6a 100644
+--- a/sysdeps/gnu/glob64.c
++++ b/sysdeps/gnu/glob64.c
+@@ -15,11 +15,8 @@
+ #undef __stat
+ #define __stat(file, buf) __xstat64 (_STAT_VER, file, buf)
+
+-#define NO_GLOB_PATTERN_P 1
+-
+ #define COMPILE_GLOB64 1
+
+ #include <posix/glob.c>
+
+ libc_hidden_def (glob64)
+-libc_hidden_def (globfree64)
+diff --git a/sysdeps/gnu/globfree64.c b/sysdeps/gnu/globfree64.c
+new file mode 100644
+index 0000000000..f092d0bf8b
+--- /dev/null
++++ b/sysdeps/gnu/globfree64.c
+@@ -0,0 +1,10 @@
++#include <dirent.h>
++#include <glob.h>
++#include <sys/stat.h>
++
++#define glob_t glob64_t
++#define globfree(pglob) globfree64 (pglob)
++
++#include <posix/globfree.c>
++
++libc_hidden_def (globfree64)
diff --git a/sysdeps/hppa/dl-machine.h b/sysdeps/hppa/dl-machine.h
index 9404211819..01bd5bf197 100644
--- a/sysdeps/hppa/dl-machine.h
@@ -13053,6 +15530,19 @@ index 94a2ce0e37..38c2432002 100644
LIBC_CANCEL_RESET (sc_cancel_oldtype); \
} \
sc_ret; \
+diff --git a/sysdeps/unix/sysv/linux/Makefile b/sysdeps/unix/sysv/linux/Makefile
+index 35e1ed48d2..32beaa67d0 100644
+--- a/sysdeps/unix/sysv/linux/Makefile
++++ b/sysdeps/unix/sysv/linux/Makefile
+@@ -140,7 +140,7 @@ endif
+ ifeq ($(subdir),posix)
+ sysdep_headers += bits/initspin.h
+
+-sysdep_routines += sched_getcpu
++sysdep_routines += sched_getcpu oldglob
+
+ tests += tst-affinity tst-affinity-pid
+
diff --git a/sysdeps/unix/sysv/linux/aarch64/clone.S b/sysdeps/unix/sysv/linux/aarch64/clone.S
index 76baa7a698..96482e53c0 100644
--- a/sysdeps/unix/sysv/linux/aarch64/clone.S
@@ -13150,6 +15640,64 @@ index 6a3154f9a7..2757bf20c3 100644
cfi_endproc
.end thread_start
+diff --git a/sysdeps/unix/sysv/linux/alpha/glob.c b/sysdeps/unix/sysv/linux/alpha/glob.c
+index c5dfb85468..19eb9b1c07 100644
+--- a/sysdeps/unix/sysv/linux/alpha/glob.c
++++ b/sysdeps/unix/sysv/linux/alpha/glob.c
+@@ -42,10 +42,6 @@ extern void __new_globfree (glob_t *__pglob);
+ #undef globfree64
+
+ versioned_symbol (libc, __new_glob, glob, GLIBC_2_1);
+-versioned_symbol (libc, __new_globfree, globfree, GLIBC_2_1);
+ libc_hidden_ver (__new_glob, glob)
+-libc_hidden_ver (__new_globfree, globfree)
+
+ weak_alias (__new_glob, glob64)
+-weak_alias (__new_globfree, globfree64)
+-libc_hidden_ver (__new_globfree, globfree64)
+diff --git a/sysdeps/unix/sysv/linux/alpha/globfree.c b/sysdeps/unix/sysv/linux/alpha/globfree.c
+new file mode 100644
+index 0000000000..98cf1c200b
+--- /dev/null
++++ b/sysdeps/unix/sysv/linux/alpha/globfree.c
+@@ -0,0 +1,37 @@
++/* Compat globfree. Linux/alpha version.
++ Copyright (C) 2017 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library. If not, see
++ <http://www.gnu.org/licenses/>. */
++
++#define globfree64 __no_globfree64_decl
++#include <sys/types.h>
++#include <glob.h>
++#include <shlib-compat.h>
++
++#define globfree(pglob) \
++ __new_globfree (pglob)
++
++extern void __new_globfree (glob_t *__pglob);
++
++#include <posix/globfree.c>
++
++#undef globfree64
++
++versioned_symbol (libc, __new_globfree, globfree, GLIBC_2_1);
++libc_hidden_ver (__new_globfree, globfree)
++
++weak_alias (__new_globfree, globfree64)
++libc_hidden_ver (__new_globfree, globfree64)
diff --git a/sysdeps/unix/sysv/linux/alpha/vfork.S b/sysdeps/unix/sysv/linux/alpha/vfork.S
index 9fc199ac41..e5f7ed0661 100644
--- a/sysdeps/unix/sysv/linux/alpha/vfork.S
@@ -13275,6 +15823,33 @@ index 6d32cece48..ec86f50814 100644
return INTERNAL_SYSCALL_ERRNO (res, err);
}
+diff --git a/sysdeps/unix/sysv/linux/getcwd.c b/sysdeps/unix/sysv/linux/getcwd.c
+index 3f21ae743f..d0b2c38c17 100644
+--- a/sysdeps/unix/sysv/linux/getcwd.c
++++ b/sysdeps/unix/sysv/linux/getcwd.c
+@@ -76,7 +76,7 @@ __getcwd (char *buf, size_t size)
+ int retval;
+
+ retval = INLINE_SYSCALL (getcwd, 2, path, alloc_size);
+- if (retval >= 0)
++ if (retval > 0 && path[0] == '/')
+ {
+ #ifndef NO_ALLOCATION
+ if (buf == NULL && size == 0)
+@@ -92,10 +92,10 @@ __getcwd (char *buf, size_t size)
+ return buf;
+ }
+
+- /* The system call cannot handle paths longer than a page.
+- Neither can the magic symlink in /proc/self. Just use the
++ /* The system call either cannot handle paths longer than a page
++ or can succeed without returning an absolute path. Just use the
+ generic implementation right away. */
+- if (errno == ENAMETOOLONG)
++ if (retval >= 0 || errno == ENAMETOOLONG)
+ {
+ #ifndef NO_ALLOCATION
+ if (buf == NULL && size == 0)
diff --git a/sysdeps/unix/sysv/linux/getpid.c b/sysdeps/unix/sysv/linux/getpid.c
deleted file mode 100644
index 1124549326..0000000000
@@ -13473,6 +16048,63 @@ index 25f2a9c340..feae504ce6 100644
PSEUDO_END (__clone)
libc_hidden_def (__clone)
+diff --git a/sysdeps/unix/sysv/linux/i386/glob64.c b/sysdeps/unix/sysv/linux/i386/glob64.c
+index 802c957d6c..c2cc85741f 100644
+--- a/sysdeps/unix/sysv/linux/i386/glob64.c
++++ b/sysdeps/unix/sysv/linux/i386/glob64.c
+@@ -19,6 +19,7 @@
+ #include <dirent.h>
+ #include <glob.h>
+ #include <sys/stat.h>
++#include <shlib-compat.h>
+
+ #define dirent dirent64
+ #define __readdir(dirp) __readdir64 (dirp)
+@@ -33,44 +34,9 @@
+ #undef __stat
+ #define __stat(file, buf) __xstat64 (_STAT_VER, file, buf)
+
+-#define NO_GLOB_PATTERN_P 1
+-
+ #define COMPILE_GLOB64 1
+
+ #include <posix/glob.c>
+
+-#include "shlib-compat.h"
+-
+-libc_hidden_def (globfree64)
+-
+ versioned_symbol (libc, __glob64, glob64, GLIBC_2_2);
+ libc_hidden_ver (__glob64, glob64)
+-
+-#if SHLIB_COMPAT(libc, GLIBC_2_1, GLIBC_2_2)
+-
+-#include <sysdeps/unix/sysv/linux/i386/olddirent.h>
+-
+-int __old_glob64 (const char *__pattern, int __flags,
+- int (*__errfunc) (const char *, int),
+- glob64_t *__pglob);
+-
+-#undef dirent
+-#define dirent __old_dirent64
+-#undef GL_READDIR
+-# define GL_READDIR(pglob, stream) \
+- ((struct __old_dirent64 *) (pglob)->gl_readdir (stream))
+-#undef __readdir
+-#define __readdir(dirp) __old_readdir64 (dirp)
+-#undef glob
+-#define glob(pattern, flags, errfunc, pglob) \
+- __old_glob64 (pattern, flags, errfunc, pglob)
+-#define convert_dirent __old_convert_dirent
+-#define glob_in_dir __old_glob_in_dir
+-#define GLOB_ATTRIBUTE attribute_compat_text_section
+-
+-#define GLOB_ONLY_P 1
+-
+-#include <posix/glob.c>
+-
+-compat_symbol (libc, __old_glob64, glob64, GLIBC_2_1);
+-#endif
diff --git a/sysdeps/unix/sysv/linux/i386/vfork.S b/sysdeps/unix/sysv/linux/i386/vfork.S
index 7a1d3373bb..a865de2201 100644
--- a/sysdeps/unix/sysv/linux/i386/vfork.S
@@ -13689,6 +16321,13 @@ index 39634c5cf0..7ae65ef723 100644
END(__thread_start)
libc_hidden_def (__clone)
+diff --git a/sysdeps/unix/sysv/linux/mips/mips64/n64/globfree64.c b/sysdeps/unix/sysv/linux/mips/mips64/n64/globfree64.c
+new file mode 100644
+index 0000000000..abc35fdd2b
+--- /dev/null
++++ b/sysdeps/unix/sysv/linux/mips/mips64/n64/globfree64.c
+@@ -0,0 +1 @@
++/* glob64 is in globfree64.c */
diff --git a/sysdeps/unix/sysv/linux/mips/mips64/n64/syscalls.list b/sysdeps/unix/sysv/linux/mips/mips64/n64/syscalls.list
index 890a74494a..26ab6d0b75 100644
--- a/sysdeps/unix/sysv/linux/mips/mips64/n64/syscalls.list
@@ -13783,6 +16422,54 @@ index c1bb9c7134..8997269199 100644
bne r7, zero, SYSCALL_ERROR_LABEL
ret
+diff --git a/sysdeps/unix/sysv/linux/oldglob.c b/sysdeps/unix/sysv/linux/oldglob.c
+new file mode 100644
+index 0000000000..8233e57ce9
+--- /dev/null
++++ b/sysdeps/unix/sysv/linux/oldglob.c
+@@ -0,0 +1,42 @@
++#include <shlib-compat.h>
++
++#if SHLIB_COMPAT(libc, GLIBC_2_1, GLIBC_2_2)
++
++#include <dirent.h>
++#include <glob.h>
++#include <sys/stat.h>
++
++#include <sysdeps/unix/sysv/linux/i386/olddirent.h>
++
++int __old_glob64 (const char *__pattern, int __flags,
++ int (*__errfunc) (const char *, int),
++ glob64_t *__pglob);
++libc_hidden_proto (__old_glob64);
++
++#define dirent __old_dirent64
++#define GL_READDIR(pglob, stream) \
++ ((struct __old_dirent64 *) (pglob)->gl_readdir (stream))
++#undef __readdir
++#define __readdir(dirp) __old_readdir64 (dirp)
++
++#define glob_t glob64_t
++#define glob(pattern, flags, errfunc, pglob) \
++ __old_glob64 (pattern, flags, errfunc, pglob)
++#define globfree(pglob) globfree64(pglob)
++
++#define convert_dirent __old_convert_dirent
++#define glob_in_dir __old_glob_in_dir
++
++#undef stat
++#define stat stat64
++#undef __stat
++#define __stat(file, buf) __xstat64 (_STAT_VER, file, buf)
++
++#define GLOB_ATTRIBUTE attribute_compat_text_section
++
++#include <posix/glob.c>
++
++libc_hidden_def (__old_glob64);
++
++compat_symbol (libc, __old_glob64, glob64, GLIBC_2_1);
++#endif
diff --git a/sysdeps/unix/sysv/linux/powerpc/Makefile b/sysdeps/unix/sysv/linux/powerpc/Makefile
index c89ed9ec7d..2cfb46eca3 100644
--- a/sysdeps/unix/sysv/linux/powerpc/Makefile
@@ -15053,6 +17740,14 @@ index 68a7e6d6e2..1472311947 100644
-#define TEST_FUNCTION do_test ()
-#include "../test-skeleton.c"
+#include <support/test-driver.c>
+diff --git a/sysdeps/unix/sysv/linux/wordsize-64/globfree64.c b/sysdeps/unix/sysv/linux/wordsize-64/globfree64.c
+new file mode 100644
+index 0000000000..af035e1514
+--- /dev/null
++++ b/sysdeps/unix/sysv/linux/wordsize-64/globfree64.c
+@@ -0,0 +1,2 @@
++/* This file is here so sysdeps/gnu/glob64.c doesn't take precedence. */
++#include <sysdeps/wordsize-64/globfree64.c>
diff --git a/sysdeps/unix/sysv/linux/x86_64/clone.S b/sysdeps/unix/sysv/linux/x86_64/clone.S
index 66f4b11490..5629aed395 100644
--- a/sysdeps/unix/sysv/linux/x86_64/clone.S
@@ -15108,11 +17803,138 @@ index 8332ade9fb..cdd2dea32a 100644
cmpl $-4095, %eax
jae SYSCALL_ERROR_LABEL /* Branch forward if it failed. */
+diff --git a/sysdeps/unix/sysv/linux/x86_64/x32/globfree.c b/sysdeps/unix/sysv/linux/x86_64/x32/globfree.c
+new file mode 100644
+index 0000000000..b76a761c17
+--- /dev/null
++++ b/sysdeps/unix/sysv/linux/x86_64/x32/globfree.c
+@@ -0,0 +1 @@
++#include <sysdeps/wordsize-64/globfree.c>
+diff --git a/sysdeps/wordsize-64/glob.c b/sysdeps/wordsize-64/glob.c
+index 082faf1c70..954e8d37e2 100644
+--- a/sysdeps/wordsize-64/glob.c
++++ b/sysdeps/wordsize-64/glob.c
+@@ -4,5 +4,3 @@
+ #undef glob64
+ #undef globfree64
+ weak_alias (glob, glob64)
+-weak_alias (globfree, globfree64)
+-libc_hidden_ver (globfree, globfree64)
+diff --git a/sysdeps/wordsize-64/globfree.c b/sysdeps/wordsize-64/globfree.c
+new file mode 100644
+index 0000000000..ec8c35b489
+--- /dev/null
++++ b/sysdeps/wordsize-64/globfree.c
+@@ -0,0 +1,5 @@
++#define globfree64 __no_globfree64_decl
++#include <posix/globfree.c>
++#undef globfree64
++weak_alias (globfree, globfree64)
++libc_hidden_ver (globfree, globfree64)
+diff --git a/sysdeps/wordsize-64/globfree64.c b/sysdeps/wordsize-64/globfree64.c
+new file mode 100644
+index 0000000000..a0f57ff4b3
+--- /dev/null
++++ b/sysdeps/wordsize-64/globfree64.c
+@@ -0,0 +1 @@
++/* globfree64 is in globfree.c */
+diff --git a/sysdeps/x86/cpu-features-offsets.sym b/sysdeps/x86/cpu-features-offsets.sym
+index f6739fae81..33dd094e37 100644
+--- a/sysdeps/x86/cpu-features-offsets.sym
++++ b/sysdeps/x86/cpu-features-offsets.sym
+@@ -15,6 +15,7 @@ CPUID_ECX_OFFSET offsetof (struct cpuid_registers, ecx)
+ CPUID_EDX_OFFSET offsetof (struct cpuid_registers, edx)
+ FAMILY_OFFSET offsetof (struct cpu_features, family)
+ MODEL_OFFSET offsetof (struct cpu_features, model)
++XSAVE_STATE_SIZE_OFFSET offsetof (struct cpu_features, xsave_state_size)
+ FEATURE_OFFSET offsetof (struct cpu_features, feature)
+ FEATURE_SIZE sizeof (unsigned int)
+
diff --git a/sysdeps/x86/cpu-features.c b/sysdeps/x86/cpu-features.c
-index 9ce4b495a5..508ad2ae7b 100644
+index 9ce4b495a5..9eca98817d 100644
--- a/sysdeps/x86/cpu-features.c
+++ b/sysdeps/x86/cpu-features.c
-@@ -133,8 +133,6 @@ init_cpu_features (struct cpu_features *cpu_features)
+@@ -18,6 +18,7 @@
+
+ #include <cpuid.h>
+ #include <cpu-features.h>
++#include <libc-internal.h>
+
+ static void
+ get_common_indeces (struct cpu_features *cpu_features,
+@@ -88,6 +89,71 @@ get_common_indeces (struct cpu_features *cpu_features,
+ cpu_features->feature[index_arch_FMA_Usable]
+ |= bit_arch_FMA_Usable;
+ }
++
++ /* For _dl_runtime_resolve, set xsave_state_size to xsave area
++ size + integer register save size and align it to 64 bytes. */
++ if (cpu_features->max_cpuid >= 0xd)
++ {
++ unsigned int eax, ebx, ecx, edx;
++
++ __cpuid_count (0xd, 0, eax, ebx, ecx, edx);
++ if (ebx != 0)
++ {
++ cpu_features->xsave_state_size
++ = ALIGN_UP (ebx + STATE_SAVE_OFFSET, 64);
++
++ __cpuid_count (0xd, 1, eax, ebx, ecx, edx);
++
++ /* Check if XSAVEC is available. */
++ if ((eax & (1 << 1)) != 0)
++ {
++ unsigned int xstate_comp_offsets[32];
++ unsigned int xstate_comp_sizes[32];
++ unsigned int i;
++
++ xstate_comp_offsets[0] = 0;
++ xstate_comp_offsets[1] = 160;
++ xstate_comp_offsets[2] = 576;
++ xstate_comp_sizes[0] = 160;
++ xstate_comp_sizes[1] = 256;
++
++ for (i = 2; i < 32; i++)
++ {
++ if ((STATE_SAVE_MASK & (1 << i)) != 0)
++ {
++ __cpuid_count (0xd, i, eax, ebx, ecx, edx);
++ xstate_comp_sizes[i] = eax;
++ }
++ else
++ {
++ ecx = 0;
++ xstate_comp_sizes[i] = 0;
++ }
++
++ if (i > 2)
++ {
++ xstate_comp_offsets[i]
++ = (xstate_comp_offsets[i - 1]
++ + xstate_comp_sizes[i -1]);
++ if ((ecx & (1 << 1)) != 0)
++ xstate_comp_offsets[i]
++ = ALIGN_UP (xstate_comp_offsets[i], 64);
++ }
++ }
++
++ /* Use XSAVEC. */
++ unsigned int size
++ = xstate_comp_offsets[31] + xstate_comp_sizes[31];
++ if (size)
++ {
++ cpu_features->xsave_state_size
++ = ALIGN_UP (size + STATE_SAVE_OFFSET, 64);
++ cpu_features->feature[index_arch_XSAVEC_Usable]
++ |= bit_arch_XSAVEC_Usable;
++ }
++ }
++ }
++ }
+ }
+ }
+
+@@ -133,8 +199,6 @@ init_cpu_features (struct cpu_features *cpu_features)
case 0x57:
/* Knights Landing. Enable Silvermont optimizations. */
@@ -15121,7 +17943,7 @@ index 9ce4b495a5..508ad2ae7b 100644
case 0x5c:
case 0x5f:
-@@ -205,6 +203,33 @@ init_cpu_features (struct cpu_features *cpu_features)
+@@ -205,6 +269,16 @@ init_cpu_features (struct cpu_features *cpu_features)
if (CPU_FEATURES_ARCH_P (cpu_features, AVX2_Usable))
cpu_features->feature[index_arch_AVX_Fast_Unaligned_Load]
|= bit_arch_AVX_Fast_Unaligned_Load;
@@ -15135,41 +17957,23 @@ index 9ce4b495a5..508ad2ae7b 100644
+ else
+ cpu_features->feature[index_arch_Prefer_No_AVX512]
+ |= bit_arch_Prefer_No_AVX512;
-+
-+ /* To avoid SSE transition penalty, use _dl_runtime_resolve_slow.
-+ If XGETBV suports ECX == 1, use _dl_runtime_resolve_opt.
-+ Use _dl_runtime_resolve_opt only with AVX512F since it is
-+ slower than _dl_runtime_resolve_slow with AVX. */
-+ cpu_features->feature[index_arch_Use_dl_runtime_resolve_slow]
-+ |= bit_arch_Use_dl_runtime_resolve_slow;
-+ if (CPU_FEATURES_ARCH_P (cpu_features, AVX512F_Usable)
-+ && cpu_features->max_cpuid >= 0xd)
-+ {
-+ unsigned int eax;
-+
-+ __cpuid_count (0xd, 1, eax, ebx, ecx, edx);
-+ if ((eax & (1 << 2)) != 0)
-+ cpu_features->feature[index_arch_Use_dl_runtime_resolve_opt]
-+ |= bit_arch_Use_dl_runtime_resolve_opt;
-+ }
}
/* This spells out "AuthenticAMD". */
else if (ebx == 0x68747541 && ecx == 0x444d4163 && edx == 0x69746e65)
diff --git a/sysdeps/x86/cpu-features.h b/sysdeps/x86/cpu-features.h
-index 97ffe765f4..2609ac0999 100644
+index 97ffe765f4..507a141414 100644
--- a/sysdeps/x86/cpu-features.h
+++ b/sysdeps/x86/cpu-features.h
-@@ -37,6 +37,9 @@
+@@ -37,6 +37,8 @@
#define bit_arch_Prefer_No_VZEROUPPER (1 << 17)
#define bit_arch_Fast_Unaligned_Copy (1 << 18)
#define bit_arch_Prefer_ERMS (1 << 19)
-+#define bit_arch_Use_dl_runtime_resolve_opt (1 << 20)
-+#define bit_arch_Use_dl_runtime_resolve_slow (1 << 21)
-+#define bit_arch_Prefer_No_AVX512 (1 << 22)
++#define bit_arch_Prefer_No_AVX512 (1 << 20)
++#define bit_arch_XSAVEC_Usable (1 << 21)
/* CPUID Feature flags. */
-@@ -60,6 +63,11 @@
+@@ -60,6 +62,11 @@
#define bit_cpu_AVX2 (1 << 5)
#define bit_cpu_AVX512F (1 << 16)
#define bit_cpu_AVX512DQ (1 << 17)
@@ -15181,7 +17985,23 @@ index 97ffe765f4..2609ac0999 100644
/* XCR0 Feature flags. */
#define bit_XMM_state (1 << 1)
-@@ -107,6 +115,9 @@
+@@ -74,6 +81,15 @@
+ /* The current maximum size of the feature integer bit array. */
+ #define FEATURE_INDEX_MAX 1
+
++/* Offset for fxsave/xsave area used by _dl_runtime_resolve. Also need
++ space to preserve RCX, RDX, RSI, RDI, R8, R9 and RAX. It must be
++ aligned to 16 bytes for fxsave and 64 bytes for xsave. */
++#define STATE_SAVE_OFFSET (8 * 7 + 8)
++
++/* Save SSE, AVX, AVX512, mask and bound registers. */
++#define STATE_SAVE_MASK \
++ ((1 << 1) | (1 << 2) | (1 << 3) | (1 << 5) | (1 << 6) | (1 << 7))
++
+ #ifdef __ASSEMBLER__
+
+ # include <cpu-features-offsets.h>
+@@ -107,6 +123,9 @@
# define index_arch_Prefer_No_VZEROUPPER FEATURE_INDEX_1*FEATURE_SIZE
# define index_arch_Fast_Unaligned_Copy FEATURE_INDEX_1*FEATURE_SIZE
# define index_arch_Prefer_ERMS FEATURE_INDEX_1*FEATURE_SIZE
@@ -15191,7 +18011,20 @@ index 97ffe765f4..2609ac0999 100644
# if defined (_LIBC) && !IS_IN (nonlib)
-@@ -232,6 +243,11 @@ extern const struct cpu_features *__get_cpu_features (void)
+@@ -195,6 +214,12 @@ struct cpu_features
+ } cpuid[COMMON_CPUID_INDEX_MAX];
+ unsigned int family;
+ unsigned int model;
++ /* The type must be unsigned long int so that we use
++
++ sub xsave_state_size_offset(%rip) %RSP_LP
++
++ in _dl_runtime_resolve. */
++ unsigned long int xsave_state_size;
+ unsigned int feature[FEATURE_INDEX_MAX];
+ };
+
+@@ -232,6 +257,11 @@ extern const struct cpu_features *__get_cpu_features (void)
# define index_cpu_AVX2 COMMON_CPUID_INDEX_7
# define index_cpu_AVX512F COMMON_CPUID_INDEX_7
# define index_cpu_AVX512DQ COMMON_CPUID_INDEX_7
@@ -15203,7 +18036,7 @@ index 97ffe765f4..2609ac0999 100644
# define index_cpu_ERMS COMMON_CPUID_INDEX_7
# define index_cpu_RTM COMMON_CPUID_INDEX_7
# define index_cpu_FMA COMMON_CPUID_INDEX_1
-@@ -250,6 +266,11 @@ extern const struct cpu_features *__get_cpu_features (void)
+@@ -250,6 +280,11 @@ extern const struct cpu_features *__get_cpu_features (void)
# define reg_AVX2 ebx
# define reg_AVX512F ebx
# define reg_AVX512DQ ebx
@@ -15215,13 +18048,12 @@ index 97ffe765f4..2609ac0999 100644
# define reg_ERMS ebx
# define reg_RTM ebx
# define reg_FMA ecx
-@@ -277,6 +298,9 @@ extern const struct cpu_features *__get_cpu_features (void)
+@@ -277,6 +312,8 @@ extern const struct cpu_features *__get_cpu_features (void)
# define index_arch_Prefer_No_VZEROUPPER FEATURE_INDEX_1
# define index_arch_Fast_Unaligned_Copy FEATURE_INDEX_1
# define index_arch_Prefer_ERMS FEATURE_INDEX_1
-+# define index_arch_Use_dl_runtime_resolve_opt FEATURE_INDEX_1
-+# define index_arch_Use_dl_runtime_resolve_slow FEATURE_INDEX_1
+# define index_arch_Prefer_No_AVX512 FEATURE_INDEX_1
++# define index_arch_XSAVEC_Usable FEATURE_INDEX_1
#endif /* !__ASSEMBLER__ */
@@ -15296,49 +18128,42 @@ index 6d99284cd0..cc990a9685 100644
+gen-as-const-headers += tlsdesc.sym rtld-offsets.sym
endif
diff --git a/sysdeps/x86_64/dl-machine.h b/sysdeps/x86_64/dl-machine.h
-index ed0c1a8efd..c0f0fa16a2 100644
+index ed0c1a8efd..8355432dfc 100644
--- a/sysdeps/x86_64/dl-machine.h
+++ b/sysdeps/x86_64/dl-machine.h
-@@ -68,7 +68,10 @@ elf_machine_runtime_setup (struct link_map *l, int lazy, int profile)
+@@ -66,9 +66,9 @@ static inline int __attribute__ ((unused, always_inline))
+ elf_machine_runtime_setup (struct link_map *l, int lazy, int profile)
+ {
Elf64_Addr *got;
- extern void _dl_runtime_resolve_sse (ElfW(Word)) attribute_hidden;
- extern void _dl_runtime_resolve_avx (ElfW(Word)) attribute_hidden;
-+ extern void _dl_runtime_resolve_avx_slow (ElfW(Word)) attribute_hidden;
-+ extern void _dl_runtime_resolve_avx_opt (ElfW(Word)) attribute_hidden;
- extern void _dl_runtime_resolve_avx512 (ElfW(Word)) attribute_hidden;
-+ extern void _dl_runtime_resolve_avx512_opt (ElfW(Word)) attribute_hidden;
+- extern void _dl_runtime_resolve_sse (ElfW(Word)) attribute_hidden;
+- extern void _dl_runtime_resolve_avx (ElfW(Word)) attribute_hidden;
+- extern void _dl_runtime_resolve_avx512 (ElfW(Word)) attribute_hidden;
++ extern void _dl_runtime_resolve_fxsave (ElfW(Word)) attribute_hidden;
++ extern void _dl_runtime_resolve_xsave (ElfW(Word)) attribute_hidden;
++ extern void _dl_runtime_resolve_xsavec (ElfW(Word)) attribute_hidden;
extern void _dl_runtime_profile_sse (ElfW(Word)) attribute_hidden;
extern void _dl_runtime_profile_avx (ElfW(Word)) attribute_hidden;
extern void _dl_runtime_profile_avx512 (ElfW(Word)) attribute_hidden;
-@@ -118,9 +121,26 @@ elf_machine_runtime_setup (struct link_map *l, int lazy, int profile)
+@@ -117,12 +117,14 @@ elf_machine_runtime_setup (struct link_map *l, int lazy, int profile)
+ /* This function will get called to fix up the GOT entry
indicated by the offset on the stack, and then jump to
the resolved address. */
- if (HAS_ARCH_FEATURE (AVX512F_Usable))
+- if (HAS_ARCH_FEATURE (AVX512F_Usable))
- *(ElfW(Addr) *) (got + 2) = (ElfW(Addr)) &_dl_runtime_resolve_avx512;
-+ {
-+ if (HAS_ARCH_FEATURE (Use_dl_runtime_resolve_opt))
-+ *(ElfW(Addr) *) (got + 2)
-+ = (ElfW(Addr)) &_dl_runtime_resolve_avx512_opt;
-+ else
-+ *(ElfW(Addr) *) (got + 2)
-+ = (ElfW(Addr)) &_dl_runtime_resolve_avx512;
-+ }
- else if (HAS_ARCH_FEATURE (AVX_Usable))
+- else if (HAS_ARCH_FEATURE (AVX_Usable))
- *(ElfW(Addr) *) (got + 2) = (ElfW(Addr)) &_dl_runtime_resolve_avx;
-+ {
-+ if (HAS_ARCH_FEATURE (Use_dl_runtime_resolve_opt))
-+ *(ElfW(Addr) *) (got + 2)
-+ = (ElfW(Addr)) &_dl_runtime_resolve_avx_opt;
-+ else if (HAS_ARCH_FEATURE (Use_dl_runtime_resolve_slow))
-+ *(ElfW(Addr) *) (got + 2)
-+ = (ElfW(Addr)) &_dl_runtime_resolve_avx_slow;
-+ else
-+ *(ElfW(Addr) *) (got + 2)
-+ = (ElfW(Addr)) &_dl_runtime_resolve_avx;
-+ }
++ if (GLRO(dl_x86_cpu_features).xsave_state_size != 0)
++ *(ElfW(Addr) *) (got + 2)
++ = (HAS_ARCH_FEATURE (XSAVEC_Usable)
++ ? (ElfW(Addr)) &_dl_runtime_resolve_xsavec
++ : (ElfW(Addr)) &_dl_runtime_resolve_xsave);
else
- *(ElfW(Addr) *) (got + 2) = (ElfW(Addr)) &_dl_runtime_resolve_sse;
+- *(ElfW(Addr) *) (got + 2) = (ElfW(Addr)) &_dl_runtime_resolve_sse;
++ *(ElfW(Addr) *) (got + 2)
++ = (ElfW(Addr)) &_dl_runtime_resolve_fxsave;
}
+ }
+
diff --git a/sysdeps/x86_64/dl-tls.c b/sysdeps/x86_64/dl-tls.c
new file mode 100644
index 0000000000..3584805c8e
@@ -15419,7 +18244,7 @@ index cf6c107f54..fa5bf6cd93 100644
+
+#endif /* _X86_64_DL_TLS_H */
diff --git a/sysdeps/x86_64/dl-trampoline.S b/sysdeps/x86_64/dl-trampoline.S
-index 12f1a5cf84..50b23633e3 100644
+index 12f1a5cf84..b4cda0f535 100644
--- a/sysdeps/x86_64/dl-trampoline.S
+++ b/sysdeps/x86_64/dl-trampoline.S
@@ -18,6 +18,7 @@
@@ -15430,167 +18255,364 @@ index 12f1a5cf84..50b23633e3 100644
#include <link-defines.h>
#ifndef DL_STACK_ALIGNMENT
-@@ -104,9 +105,11 @@
+@@ -33,41 +34,24 @@
+ # define DL_STACK_ALIGNMENT 8
+ #endif
+
+-#ifndef DL_RUNTIME_UNALIGNED_VEC_SIZE
+-/* The maximum size in bytes of unaligned vector load and store in the
+- dynamic linker. Since SSE optimized memory/string functions with
+- aligned SSE register load and store are used in the dynamic linker,
+- we must set this to 8 so that _dl_runtime_resolve_sse will align the
+- stack before calling _dl_fixup. */
+-# define DL_RUNTIME_UNALIGNED_VEC_SIZE 8
+-#endif
+-
+-/* True if _dl_runtime_resolve should align stack to VEC_SIZE bytes. */
++/* True if _dl_runtime_resolve should align stack for STATE_SAVE or align
++ stack to 16 bytes before calling _dl_fixup. */
+ #define DL_RUNTIME_RESOLVE_REALIGN_STACK \
+- (VEC_SIZE > DL_STACK_ALIGNMENT \
+- && VEC_SIZE > DL_RUNTIME_UNALIGNED_VEC_SIZE)
+-
+-/* Align vector register save area to 16 bytes. */
+-#define REGISTER_SAVE_VEC_OFF 0
++ (STATE_SAVE_ALIGNMENT > DL_STACK_ALIGNMENT \
++ || 16 > DL_STACK_ALIGNMENT)
+
+ /* Area on stack to save and restore registers used for parameter
+ passing when calling _dl_fixup. */
+ #ifdef __ILP32__
+-# define REGISTER_SAVE_RAX (REGISTER_SAVE_VEC_OFF + VEC_SIZE * 8)
+ # define PRESERVE_BND_REGS_PREFIX
+ #else
+-/* Align bound register save area to 16 bytes. */
+-# define REGISTER_SAVE_BND0 (REGISTER_SAVE_VEC_OFF + VEC_SIZE * 8)
+-# define REGISTER_SAVE_BND1 (REGISTER_SAVE_BND0 + 16)
+-# define REGISTER_SAVE_BND2 (REGISTER_SAVE_BND1 + 16)
+-# define REGISTER_SAVE_BND3 (REGISTER_SAVE_BND2 + 16)
+-# define REGISTER_SAVE_RAX (REGISTER_SAVE_BND3 + 16)
+ # ifdef HAVE_MPX_SUPPORT
+ # define PRESERVE_BND_REGS_PREFIX bnd
+ # else
+ # define PRESERVE_BND_REGS_PREFIX .byte 0xf2
+ # endif
#endif
++#define REGISTER_SAVE_RAX 0
+ #define REGISTER_SAVE_RCX (REGISTER_SAVE_RAX + 8)
+ #define REGISTER_SAVE_RDX (REGISTER_SAVE_RCX + 8)
+ #define REGISTER_SAVE_RSI (REGISTER_SAVE_RDX + 8)
+@@ -79,50 +63,56 @@
+
+ #define VEC_SIZE 64
+ #define VMOVA vmovdqa64
+-#if DL_RUNTIME_RESOLVE_REALIGN_STACK || VEC_SIZE <= DL_STACK_ALIGNMENT
+-# define VMOV vmovdqa64
+-#else
+-# define VMOV vmovdqu64
+-#endif
+ #define VEC(i) zmm##i
+-#define _dl_runtime_resolve _dl_runtime_resolve_avx512
+ #define _dl_runtime_profile _dl_runtime_profile_avx512
+ #include "dl-trampoline.h"
+-#undef _dl_runtime_resolve
+ #undef _dl_runtime_profile
+ #undef VEC
+-#undef VMOV
+ #undef VMOVA
+ #undef VEC_SIZE
+
+ #define VEC_SIZE 32
+ #define VMOVA vmovdqa
+-#if DL_RUNTIME_RESOLVE_REALIGN_STACK || VEC_SIZE <= DL_STACK_ALIGNMENT
+-# define VMOV vmovdqa
+-#else
+-# define VMOV vmovdqu
+-#endif
#define VEC(i) ymm##i
- #define _dl_runtime_resolve _dl_runtime_resolve_avx
-+#define _dl_runtime_resolve_opt _dl_runtime_resolve_avx_opt
+-#define _dl_runtime_resolve _dl_runtime_resolve_avx
#define _dl_runtime_profile _dl_runtime_profile_avx
#include "dl-trampoline.h"
- #undef _dl_runtime_resolve
-+#undef _dl_runtime_resolve_opt
+-#undef _dl_runtime_resolve
#undef _dl_runtime_profile
#undef VEC
- #undef VMOV
-@@ -126,3 +129,19 @@
+-#undef VMOV
+ #undef VMOVA
+ #undef VEC_SIZE
+
+ /* movaps/movups is 1-byte shorter. */
+ #define VEC_SIZE 16
+ #define VMOVA movaps
+-#if DL_RUNTIME_RESOLVE_REALIGN_STACK || VEC_SIZE <= DL_STACK_ALIGNMENT
+-# define VMOV movaps
+-#else
+-# define VMOV movups
+-#endif
+ #define VEC(i) xmm##i
+-#define _dl_runtime_resolve _dl_runtime_resolve_sse
#define _dl_runtime_profile _dl_runtime_profile_sse
#undef RESTORE_AVX
#include "dl-trampoline.h"
-+#undef _dl_runtime_resolve
+#undef _dl_runtime_profile
-+#undef VMOV
++#undef VEC
+#undef VMOVA
++#undef VEC_SIZE
+
-+/* Used by _dl_runtime_resolve_avx_opt/_dl_runtime_resolve_avx512_opt
-+ to preserve the full vector registers with zero upper bits. */
-+#define VMOVA vmovdqa
-+#if DL_RUNTIME_RESOLVE_REALIGN_STACK || VEC_SIZE <= DL_STACK_ALIGNMENT
-+# define VMOV vmovdqa
-+#else
-+# define VMOV vmovdqu
-+#endif
-+#define _dl_runtime_resolve _dl_runtime_resolve_sse_vex
-+#define _dl_runtime_resolve_opt _dl_runtime_resolve_avx512_opt
++#define USE_FXSAVE
++#define STATE_SAVE_ALIGNMENT 16
++#define _dl_runtime_resolve _dl_runtime_resolve_fxsave
++#include "dl-trampoline.h"
++#undef _dl_runtime_resolve
++#undef USE_FXSAVE
++#undef STATE_SAVE_ALIGNMENT
++
++#define USE_XSAVE
++#define STATE_SAVE_ALIGNMENT 64
++#define _dl_runtime_resolve _dl_runtime_resolve_xsave
++#include "dl-trampoline.h"
++#undef _dl_runtime_resolve
++#undef USE_XSAVE
++#undef STATE_SAVE_ALIGNMENT
++
++#define USE_XSAVEC
++#define STATE_SAVE_ALIGNMENT 64
++#define _dl_runtime_resolve _dl_runtime_resolve_xsavec
+#include "dl-trampoline.h"
++#undef _dl_runtime_resolve
++#undef USE_XSAVEC
++#undef STATE_SAVE_ALIGNMENT
diff --git a/sysdeps/x86_64/dl-trampoline.h b/sysdeps/x86_64/dl-trampoline.h
-index b90836ab13..d21c5a987a 100644
+index b90836ab13..b9c2f1796f 100644
--- a/sysdeps/x86_64/dl-trampoline.h
+++ b/sysdeps/x86_64/dl-trampoline.h
-@@ -50,6 +50,106 @@
- #endif
+@@ -16,40 +16,47 @@
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
- .text
-+#ifdef _dl_runtime_resolve_opt
-+/* Use the smallest vector registers to preserve the full YMM/ZMM
-+ registers to avoid SSE transition penalty. */
-+
-+# if VEC_SIZE == 32
-+/* Check if the upper 128 bits in %ymm0 - %ymm7 registers are non-zero
-+ and preserve %xmm0 - %xmm7 registers with the zero upper bits. Since
-+ there is no SSE transition penalty on AVX512 processors which don't
-+ support XGETBV with ECX == 1, _dl_runtime_resolve_avx512_slow isn't
-+ provided. */
-+ .globl _dl_runtime_resolve_avx_slow
-+ .hidden _dl_runtime_resolve_avx_slow
-+ .type _dl_runtime_resolve_avx_slow, @function
-+ .align 16
-+_dl_runtime_resolve_avx_slow:
-+ cfi_startproc
-+ cfi_adjust_cfa_offset(16) # Incorporate PLT
-+ vorpd %ymm0, %ymm1, %ymm8
-+ vorpd %ymm2, %ymm3, %ymm9
-+ vorpd %ymm4, %ymm5, %ymm10
-+ vorpd %ymm6, %ymm7, %ymm11
-+ vorpd %ymm8, %ymm9, %ymm9
-+ vorpd %ymm10, %ymm11, %ymm10
-+ vpcmpeqd %xmm8, %xmm8, %xmm8
-+ vorpd %ymm9, %ymm10, %ymm10
-+ vptest %ymm10, %ymm8
-+ # Preserve %ymm0 - %ymm7 registers if the upper 128 bits of any
-+ # %ymm0 - %ymm7 registers aren't zero.
-+ PRESERVE_BND_REGS_PREFIX
-+ jnc _dl_runtime_resolve_avx
-+ # Use vzeroupper to avoid SSE transition penalty.
-+ vzeroupper
-+ # Preserve %xmm0 - %xmm7 registers with the zero upper 128 bits
-+ # when the upper 128 bits of %ymm0 - %ymm7 registers are zero.
-+ PRESERVE_BND_REGS_PREFIX
-+ jmp _dl_runtime_resolve_sse_vex
-+ cfi_adjust_cfa_offset(-16) # Restore PLT adjustment
-+ cfi_endproc
-+ .size _dl_runtime_resolve_avx_slow, .-_dl_runtime_resolve_avx_slow
+-#undef REGISTER_SAVE_AREA_RAW
+-#ifdef __ILP32__
+-/* X32 saves RCX, RDX, RSI, RDI, R8 and R9 plus RAX as well as VEC0 to
+- VEC7. */
+-# define REGISTER_SAVE_AREA_RAW (8 * 7 + VEC_SIZE * 8)
+-#else
+-/* X86-64 saves RCX, RDX, RSI, RDI, R8 and R9 plus RAX as well as
+- BND0, BND1, BND2, BND3 and VEC0 to VEC7. */
+-# define REGISTER_SAVE_AREA_RAW (8 * 7 + 16 * 4 + VEC_SIZE * 8)
+-#endif
++ .text
++#ifdef _dl_runtime_resolve
+
+-#undef REGISTER_SAVE_AREA
+-#undef LOCAL_STORAGE_AREA
+-#undef BASE
+-#if DL_RUNTIME_RESOLVE_REALIGN_STACK
+-# define REGISTER_SAVE_AREA (REGISTER_SAVE_AREA_RAW + 8)
+-/* Local stack area before jumping to function address: RBX. */
+-# define LOCAL_STORAGE_AREA 8
+-# define BASE rbx
+-# if (REGISTER_SAVE_AREA % VEC_SIZE) != 0
+-# error REGISTER_SAVE_AREA must be multples of VEC_SIZE
++# undef REGISTER_SAVE_AREA
++# undef LOCAL_STORAGE_AREA
++# undef BASE
++
++# if (STATE_SAVE_ALIGNMENT % 16) != 0
++# error STATE_SAVE_ALIGNMENT must be multples of 16
+ # endif
+-#else
+-# define REGISTER_SAVE_AREA REGISTER_SAVE_AREA_RAW
++
++# if (STATE_SAVE_OFFSET % STATE_SAVE_ALIGNMENT) != 0
++# error STATE_SAVE_OFFSET must be multples of STATE_SAVE_ALIGNMENT
+# endif
+
-+/* Use XGETBV with ECX == 1 to check which bits in vector registers are
-+ non-zero and only preserve the non-zero lower bits with zero upper
-+ bits. */
-+ .globl _dl_runtime_resolve_opt
-+ .hidden _dl_runtime_resolve_opt
-+ .type _dl_runtime_resolve_opt, @function
-+ .align 16
-+_dl_runtime_resolve_opt:
-+ cfi_startproc
-+ cfi_adjust_cfa_offset(16) # Incorporate PLT
-+ pushq %rax
-+ cfi_adjust_cfa_offset(8)
-+ cfi_rel_offset(%rax, 0)
-+ pushq %rcx
-+ cfi_adjust_cfa_offset(8)
-+ cfi_rel_offset(%rcx, 0)
-+ pushq %rdx
-+ cfi_adjust_cfa_offset(8)
-+ cfi_rel_offset(%rdx, 0)
-+ movl $1, %ecx
-+ xgetbv
-+ movl %eax, %r11d
-+ popq %rdx
-+ cfi_adjust_cfa_offset(-8)
-+ cfi_restore (%rdx)
-+ popq %rcx
-+ cfi_adjust_cfa_offset(-8)
-+ cfi_restore (%rcx)
-+ popq %rax
-+ cfi_adjust_cfa_offset(-8)
-+ cfi_restore (%rax)
-+# if VEC_SIZE == 32
-+ # For YMM registers, check if YMM state is in use.
-+ andl $bit_YMM_state, %r11d
-+ # Preserve %xmm0 - %xmm7 registers with the zero upper 128 bits if
-+ # YMM state isn't in use.
-+ PRESERVE_BND_REGS_PREFIX
-+ jz _dl_runtime_resolve_sse_vex
-+# elif VEC_SIZE == 16
-+ # For ZMM registers, check if YMM state and ZMM state are in
-+ # use.
-+ andl $(bit_YMM_state | bit_ZMM0_15_state), %r11d
-+ cmpl $bit_YMM_state, %r11d
-+ # Preserve %zmm0 - %zmm7 registers if ZMM state is in use.
-+ PRESERVE_BND_REGS_PREFIX
-+ jg _dl_runtime_resolve_avx512
-+ # Preserve %ymm0 - %ymm7 registers with the zero upper 256 bits if
-+ # ZMM state isn't in use.
-+ PRESERVE_BND_REGS_PREFIX
-+ je _dl_runtime_resolve_avx
-+ # Preserve %xmm0 - %xmm7 registers with the zero upper 384 bits if
-+ # neither YMM state nor ZMM state are in use.
++# if DL_RUNTIME_RESOLVE_REALIGN_STACK
++/* Local stack area before jumping to function address: RBX. */
++# define LOCAL_STORAGE_AREA 8
++# define BASE rbx
++# ifdef USE_FXSAVE
++/* Use fxsave to save XMM registers. */
++# define REGISTER_SAVE_AREA (512 + STATE_SAVE_OFFSET)
++# if (REGISTER_SAVE_AREA % 16) != 0
++# error REGISTER_SAVE_AREA must be multples of 16
++# endif
++# endif
+# else
-+# error Unsupported VEC_SIZE!
-+# endif
-+ cfi_adjust_cfa_offset(-16) # Restore PLT adjustment
-+ cfi_endproc
-+ .size _dl_runtime_resolve_opt, .-_dl_runtime_resolve_opt
-+#endif
++# ifndef USE_FXSAVE
++# error USE_FXSAVE must be defined
++# endif
++/* Use fxsave to save XMM registers. */
++# define REGISTER_SAVE_AREA (512 + STATE_SAVE_OFFSET + 8)
+ /* Local stack area before jumping to function address: All saved
+ registers. */
+-# define LOCAL_STORAGE_AREA REGISTER_SAVE_AREA
+-# define BASE rsp
+-# if (REGISTER_SAVE_AREA % 16) != 8
+-# error REGISTER_SAVE_AREA must be odd multples of 8
++# define LOCAL_STORAGE_AREA REGISTER_SAVE_AREA
++# define BASE rsp
++# if (REGISTER_SAVE_AREA % 16) != 8
++# error REGISTER_SAVE_AREA must be odd multples of 8
++# endif
+ # endif
+-#endif
+
+- .text
.globl _dl_runtime_resolve
.hidden _dl_runtime_resolve
.type _dl_runtime_resolve, @function
-@@ -69,7 +169,9 @@ _dl_runtime_resolve:
- and $-VEC_SIZE, %RSP_LP
- #endif
+@@ -57,19 +64,30 @@
+ cfi_startproc
+ _dl_runtime_resolve:
+ cfi_adjust_cfa_offset(16) # Incorporate PLT
+-#if DL_RUNTIME_RESOLVE_REALIGN_STACK
+-# if LOCAL_STORAGE_AREA != 8
+-# error LOCAL_STORAGE_AREA must be 8
+-# endif
++# if DL_RUNTIME_RESOLVE_REALIGN_STACK
++# if LOCAL_STORAGE_AREA != 8
++# error LOCAL_STORAGE_AREA must be 8
++# endif
+ pushq %rbx # push subtracts stack by 8.
+ cfi_adjust_cfa_offset(8)
+ cfi_rel_offset(%rbx, 0)
+ mov %RSP_LP, %RBX_LP
+ cfi_def_cfa_register(%rbx)
+- and $-VEC_SIZE, %RSP_LP
+-#endif
++ and $-STATE_SAVE_ALIGNMENT, %RSP_LP
++# endif
++# ifdef REGISTER_SAVE_AREA
sub $REGISTER_SAVE_AREA, %RSP_LP
-+#if !DL_RUNTIME_RESOLVE_REALIGN_STACK
++# if !DL_RUNTIME_RESOLVE_REALIGN_STACK
cfi_adjust_cfa_offset(REGISTER_SAVE_AREA)
-+#endif
++# endif
++# else
++ # Allocate stack space of the required size to save the state.
++# if IS_IN (rtld)
++ sub _rtld_local_ro+RTLD_GLOBAL_RO_DL_X86_CPU_FEATURES_OFFSET+XSAVE_STATE_SIZE_OFFSET(%rip), %RSP_LP
++# else
++ sub _dl_x86_cpu_features+XSAVE_STATE_SIZE_OFFSET(%rip), %RSP_LP
++# endif
++# endif
# Preserve registers otherwise clobbered.
movq %rax, REGISTER_SAVE_RAX(%rsp)
movq %rcx, REGISTER_SAVE_RCX(%rsp)
-@@ -162,7 +264,10 @@ _dl_runtime_resolve:
+@@ -78,59 +96,42 @@ _dl_runtime_resolve:
+ movq %rdi, REGISTER_SAVE_RDI(%rsp)
+ movq %r8, REGISTER_SAVE_R8(%rsp)
+ movq %r9, REGISTER_SAVE_R9(%rsp)
+- VMOV %VEC(0), (REGISTER_SAVE_VEC_OFF)(%rsp)
+- VMOV %VEC(1), (REGISTER_SAVE_VEC_OFF + VEC_SIZE)(%rsp)
+- VMOV %VEC(2), (REGISTER_SAVE_VEC_OFF + VEC_SIZE * 2)(%rsp)
+- VMOV %VEC(3), (REGISTER_SAVE_VEC_OFF + VEC_SIZE * 3)(%rsp)
+- VMOV %VEC(4), (REGISTER_SAVE_VEC_OFF + VEC_SIZE * 4)(%rsp)
+- VMOV %VEC(5), (REGISTER_SAVE_VEC_OFF + VEC_SIZE * 5)(%rsp)
+- VMOV %VEC(6), (REGISTER_SAVE_VEC_OFF + VEC_SIZE * 6)(%rsp)
+- VMOV %VEC(7), (REGISTER_SAVE_VEC_OFF + VEC_SIZE * 7)(%rsp)
+-#ifndef __ILP32__
+- # We also have to preserve bound registers. These are nops if
+- # Intel MPX isn't available or disabled.
+-# ifdef HAVE_MPX_SUPPORT
+- bndmov %bnd0, REGISTER_SAVE_BND0(%rsp)
+- bndmov %bnd1, REGISTER_SAVE_BND1(%rsp)
+- bndmov %bnd2, REGISTER_SAVE_BND2(%rsp)
+- bndmov %bnd3, REGISTER_SAVE_BND3(%rsp)
++# ifdef USE_FXSAVE
++ fxsave STATE_SAVE_OFFSET(%rsp)
+ # else
+-# if REGISTER_SAVE_BND0 == 0
+- .byte 0x66,0x0f,0x1b,0x04,0x24
++ movl $STATE_SAVE_MASK, %eax
++ xorl %edx, %edx
++ # Clear the XSAVE Header.
++# ifdef USE_XSAVE
++ movq %rdx, (STATE_SAVE_OFFSET + 512)(%rsp)
++ movq %rdx, (STATE_SAVE_OFFSET + 512 + 8)(%rsp)
++# endif
++ movq %rdx, (STATE_SAVE_OFFSET + 512 + 8 * 2)(%rsp)
++ movq %rdx, (STATE_SAVE_OFFSET + 512 + 8 * 3)(%rsp)
++ movq %rdx, (STATE_SAVE_OFFSET + 512 + 8 * 4)(%rsp)
++ movq %rdx, (STATE_SAVE_OFFSET + 512 + 8 * 5)(%rsp)
++ movq %rdx, (STATE_SAVE_OFFSET + 512 + 8 * 6)(%rsp)
++ movq %rdx, (STATE_SAVE_OFFSET + 512 + 8 * 7)(%rsp)
++# ifdef USE_XSAVE
++ xsave STATE_SAVE_OFFSET(%rsp)
+ # else
+- .byte 0x66,0x0f,0x1b,0x44,0x24,REGISTER_SAVE_BND0
++ xsavec STATE_SAVE_OFFSET(%rsp)
+ # endif
+- .byte 0x66,0x0f,0x1b,0x4c,0x24,REGISTER_SAVE_BND1
+- .byte 0x66,0x0f,0x1b,0x54,0x24,REGISTER_SAVE_BND2
+- .byte 0x66,0x0f,0x1b,0x5c,0x24,REGISTER_SAVE_BND3
+ # endif
+-#endif
+ # Copy args pushed by PLT in register.
+ # %rdi: link_map, %rsi: reloc_index
+ mov (LOCAL_STORAGE_AREA + 8)(%BASE), %RSI_LP
+ mov LOCAL_STORAGE_AREA(%BASE), %RDI_LP
+ call _dl_fixup # Call resolver.
+ mov %RAX_LP, %R11_LP # Save return value
+-#ifndef __ILP32__
+- # Restore bound registers. These are nops if Intel MPX isn't
+- # avaiable or disabled.
+-# ifdef HAVE_MPX_SUPPORT
+- bndmov REGISTER_SAVE_BND3(%rsp), %bnd3
+- bndmov REGISTER_SAVE_BND2(%rsp), %bnd2
+- bndmov REGISTER_SAVE_BND1(%rsp), %bnd1
+- bndmov REGISTER_SAVE_BND0(%rsp), %bnd0
++ # Get register content back.
++# ifdef USE_FXSAVE
++ fxrstor STATE_SAVE_OFFSET(%rsp)
+ # else
+- .byte 0x66,0x0f,0x1a,0x5c,0x24,REGISTER_SAVE_BND3
+- .byte 0x66,0x0f,0x1a,0x54,0x24,REGISTER_SAVE_BND2
+- .byte 0x66,0x0f,0x1a,0x4c,0x24,REGISTER_SAVE_BND1
+-# if REGISTER_SAVE_BND0 == 0
+- .byte 0x66,0x0f,0x1a,0x04,0x24
+-# else
+- .byte 0x66,0x0f,0x1a,0x44,0x24,REGISTER_SAVE_BND0
+-# endif
++ movl $STATE_SAVE_MASK, %eax
++ xorl %edx, %edx
++ xrstor STATE_SAVE_OFFSET(%rsp)
+ # endif
+-#endif
+- # Get register content back.
+ movq REGISTER_SAVE_R9(%rsp), %r9
+ movq REGISTER_SAVE_R8(%rsp), %r8
+ movq REGISTER_SAVE_RDI(%rsp), %rdi
+@@ -138,20 +139,12 @@ _dl_runtime_resolve:
+ movq REGISTER_SAVE_RDX(%rsp), %rdx
+ movq REGISTER_SAVE_RCX(%rsp), %rcx
+ movq REGISTER_SAVE_RAX(%rsp), %rax
+- VMOV (REGISTER_SAVE_VEC_OFF)(%rsp), %VEC(0)
+- VMOV (REGISTER_SAVE_VEC_OFF + VEC_SIZE)(%rsp), %VEC(1)
+- VMOV (REGISTER_SAVE_VEC_OFF + VEC_SIZE * 2)(%rsp), %VEC(2)
+- VMOV (REGISTER_SAVE_VEC_OFF + VEC_SIZE * 3)(%rsp), %VEC(3)
+- VMOV (REGISTER_SAVE_VEC_OFF + VEC_SIZE * 4)(%rsp), %VEC(4)
+- VMOV (REGISTER_SAVE_VEC_OFF + VEC_SIZE * 5)(%rsp), %VEC(5)
+- VMOV (REGISTER_SAVE_VEC_OFF + VEC_SIZE * 6)(%rsp), %VEC(6)
+- VMOV (REGISTER_SAVE_VEC_OFF + VEC_SIZE * 7)(%rsp), %VEC(7)
+-#if DL_RUNTIME_RESOLVE_REALIGN_STACK
++# if DL_RUNTIME_RESOLVE_REALIGN_STACK
+ mov %RBX_LP, %RSP_LP
+ cfi_def_cfa_register(%rsp)
+ movq (%rsp), %rbx
+ cfi_restore(%rbx)
+-#endif
++# endif
+ # Adjust stack(PLT did 2 pushes)
+ add $(LOCAL_STORAGE_AREA + 16), %RSP_LP
+ cfi_adjust_cfa_offset(-(LOCAL_STORAGE_AREA + 16))
+@@ -160,9 +153,10 @@ _dl_runtime_resolve:
+ jmp *%r11 # Jump to function address.
+ cfi_endproc
.size _dl_runtime_resolve, .-_dl_runtime_resolve
++#endif
-#ifndef PROF
-+/* To preserve %xmm0 - %xmm7 registers, dl-trampoline.h is included
-+ twice, for _dl_runtime_resolve_sse and _dl_runtime_resolve_sse_vex.
-+ But we don't need another _dl_runtime_profile for XMM registers. */
+#if !defined PROF && defined _dl_runtime_profile
# if (LR_VECTOR_OFFSET % VEC_SIZE) != 0
# error LR_VECTOR_OFFSET must be multples of VEC_SIZE
1
0
commit 28b12e42fb6d64bd8deb0002003b76bb128852c9
Author: Juergen Daubert <jue(a)jue.li>
Date: Fri Jan 19 12:40:08 2018 +0100
[notify] unbound: update to 1.6.8
security fix for CVE-2017-15105, see
https://unbound.net/downloads/CVE-2017-15105.txt
diff --git a/unbound/.md5sum b/unbound/.md5sum
index c1dfc2ffc..81782f819 100644
--- a/unbound/.md5sum
+++ b/unbound/.md5sum
@@ -1,2 +1,2 @@
5bf1cabac23d0c2d89d2696039064d0a unbound
-67ed382add11134d689f5e88f8efc43e unbound-1.6.7.tar.gz
+c9d26cef224b10705229d5072142636c unbound-1.6.8.tar.gz
diff --git a/unbound/.signature b/unbound/.signature
index ae21710ed..fae3f5364 100644
--- a/unbound/.signature
+++ b/unbound/.signature
@@ -1,6 +1,6 @@
untrusted comment: verify with /etc/ports/opt.pub
-RWSE3ohX2g5d/bBm3JiOVd9y3gHmgLtBnUz6A9FK/n7sFJGuz5OTkKFPjhXNhdRjZ89GJwQVxrYUS3HhDX9PpBzEfyzwIZHHlg8=
-SHA256 (Pkgfile) = c0a662347b4c8f9b50dacaa3ac896edd24c00f162545fb69238b199ffb0429cd
+RWSE3ohX2g5d/eBfnyfVQUU30ehlBBf3FMNZMbgad87LosLrhf8IXu2y4aU2OqLXxCoVUfyoi8wTaqyB1SJRknnZV4f8y07BcQA=
+SHA256 (Pkgfile) = ee02ef3c3457ffbae75d41e3723e4fd130be9246dc1458c2b03e87fa8c91156c
SHA256 (.footprint) = 55dae6262dda05e002b80b843c0e57553a93a9e770d86630d104c04e3efaced7
-SHA256 (unbound-1.6.7.tar.gz) = 4e7bd43d827004c6d51bef73adf941798e4588bdb40de5e79d89034d69751c9f
+SHA256 (unbound-1.6.8.tar.gz) = e3b428e33f56a45417107448418865fe08d58e0e7fea199b855515f60884dd49
SHA256 (unbound) = 54c94f1813c00c7faac51bde904b879b73d043e87c49cf8aff63de565368a095
diff --git a/unbound/Pkgfile b/unbound/Pkgfile
index fe1307ede..7b25c8b91 100644
--- a/unbound/Pkgfile
+++ b/unbound/Pkgfile
@@ -4,7 +4,7 @@
# Depends on: openssl expat
name=unbound
-version=1.6.7
+version=1.6.8
release=1
source=(https://unbound.net/downloads/$name-$version.tar.gz
unbound)
1
0
17 Jan '18
commit 845fdf2bb18f120b6839b34e8c125b68fc338b2c
Author: Juergen Daubert <jue(a)jue.li>
Date: Wed Jan 17 14:04:04 2018 +0100
[notify] rsync: update to 3.1.3pre1, closes FS#1558
includes security fixes for CVE-2017-{16548,17433,17434}, see
- https://download.samba.org/pub/rsync/src-previews/rsync-3.1.3pre1-NEWS
- https://www.cvedetails.com/vulnerability-list/vendor_id-102/product_id-1378…
diff --git a/rsync/.md5sum b/rsync/.md5sum
index e648e66d..5453a749 100644
--- a/rsync/.md5sum
+++ b/rsync/.md5sum
@@ -1,4 +1,4 @@
-0f758d7e000c0f7f7d3792610fad70cb rsync-3.1.2.tar.gz
+e116473719712d312d4db7e877e7b0df rsync-3.1.3pre1.tar.gz
bd6cc8e2c83d5e845af20a30e105fb5f rsync.driver
d20f1ca0fb415a6788808c75170d951a rsyncd
b4e95fa8c8f3ae13cfdf616abd6a3960 rsyncd.conf
diff --git a/rsync/.signature b/rsync/.signature
index 9a6dadda..1d425afe 100644
--- a/rsync/.signature
+++ b/rsync/.signature
@@ -1,8 +1,8 @@
untrusted comment: verify with /etc/ports/core.pub
-RWRJc1FUaeVeqo/eo6PI41PWGO6F7OSVUW71UxJF1cg80Q3xrm+6G8dxClUtLeyfZE0ZtoZcpmT05tkxQ4dHyWB35EkrTc6JyQY=
-SHA256 (Pkgfile) = 14f7d621c44d11d246a7b2f77ec238bcdd687c16e78952a9b87c321392f0b47d
+RWRJc1FUaeVeqi9UpxXd1+wORN1GuNbXWnl+3vYO9uZ2WKA9BnptI6VivnqBcG8qfIG65hXXRJuDJkoI7sEyU0yzcj56B6RWXQ8=
+SHA256 (Pkgfile) = de1cbfee92e8a29d34d0afeb9b30ccf03625e21bc08f059c331536624aa4efad
SHA256 (.footprint) = 66208e83d257797b507df7559291a4059dba7f26019d5832ef535e6f3bd4c71a
-SHA256 (rsync-3.1.2.tar.gz) = ecfa62a7fa3c4c18b9eccd8c16eaddee4bd308a76ea50b5c02a5840f09c0a1c2
+SHA256 (rsync-3.1.3pre1.tar.gz) = 6337962632006f9e8664d759cd2bbe5958e4e20a12a72a05c9dbcad0b955faf5
SHA256 (rsyncd.conf) = 095447801d8ba0101809c18acfb5a492c65323bed9ef5dd3739b3af5e9f7c56d
SHA256 (rsyncd) = e8dc013ff31ee7b1f249fcfbde579ec76fe3103f61d26d098d45290727060c85
SHA256 (rsync.driver) = 5e0f94a972cf7e47f153ccd0ac454ec2bd3056a834b69e82d3f3984d44308ef7
diff --git a/rsync/Pkgfile b/rsync/Pkgfile
index ec410a0d..0dee14ff 100644
--- a/rsync/Pkgfile
+++ b/rsync/Pkgfile
@@ -4,9 +4,9 @@
# Depends on: acl
name=rsync
-version=3.1.2
+version=3.1.3pre1
release=1
-source=(https://rsync.samba.org/ftp/$name/src/$name-$version.tar.gz \
+source=(https://download.samba.org/pub/rsync/src-previews/$name-$version.tar.gz \
rsyncd.conf rsyncd rsync.driver)
build () {
1
0
ports/opt (3.3): [notify] transmisson: security fix for CVE-2018-5702, closes FS#1557
by crux@crux.nu 17 Jan '18
by crux@crux.nu 17 Jan '18
17 Jan '18
commit 0a5c69a14c7be9045a8eb57e1ac1a369eba4dd34
Author: Juergen Daubert <jue(a)jue.li>
Date: Wed Jan 17 14:22:54 2018 +0100
[notify] transmisson: security fix for CVE-2018-5702, closes FS#1557
see
- https://github.com/transmission/transmission/pull/468
- https://www.cvedetails.com/cve/CVE-2018-5702/
diff --git a/transmission/.md5sum b/transmission/.md5sum
index abd556831..35b9598b9 100644
--- a/transmission/.md5sum
+++ b/transmission/.md5sum
@@ -1 +1,2 @@
+7d60fa6b8ec69d27503c4f61922b3aba CVE-2018-5702.patch
3fce404a436e3cd7fde80fb6ed61c264 transmission-2.92.tar.xz
diff --git a/transmission/.signature b/transmission/.signature
index 6ee834ff1..56b77e940 100644
--- a/transmission/.signature
+++ b/transmission/.signature
@@ -1,5 +1,6 @@
untrusted comment: verify with /etc/ports/opt.pub
-RWSE3ohX2g5d/c8mQL0Y04sEkYmLR4URgp97+a8nqLLvaqrU9BkXRSPlzo3cKLD07HO3rms0QmqNrmmxBpqD6/fEZRaSYX9TVAs=
-SHA256 (Pkgfile) = 726d88f3c22e6e4407d53a552407ac176373ccd416a7fc5f8146038c16dfbce2
+RWSE3ohX2g5d/T7ZPrdrfFR6Tg7QKJwzvE8lyuVRtomlS4r7krZfhj9X0JDKsxaE/nmwWKV1PCqax72aVFr9zn8OqCFNR2EJqgU=
+SHA256 (Pkgfile) = 9e160f363f1dd403c633094632c2b99d94fd25c0f8abbb60129e0941064407e9
SHA256 (.footprint) = e366ff7971b7fce0a0e6b44521fecdeb5b7baa20d56f25250ae8edc3ac88b1bf
SHA256 (transmission-2.92.tar.xz) = 3a8d045c306ad9acb7bf81126939b9594553a388482efa0ec1bfb67b22acd35f
+SHA256 (CVE-2018-5702.patch) = eae7fc4b93b4be760c4d3277ff75b39573cc9e0e4eb851d12269ea004f46c54a
diff --git a/transmission/CVE-2018-5702.patch b/transmission/CVE-2018-5702.patch
new file mode 100644
index 000000000..a3a0cf160
--- /dev/null
+++ b/transmission/CVE-2018-5702.patch
@@ -0,0 +1,302 @@
+Fix a weakness that allows remote code execution via the Transmission
+RPC server using DNS rebinding:
+
+https://bugs.chromium.org/p/project-zero/issues/detail?id=1447
+
+Patch adapted from Tavis Ormandy's patch on the Transmission master
+branch to the Transmission 2.92 release by Leo Famulari
+<leo(a)famulari.name>:
+
+https://github.com/transmission/transmission/pull/468/commits
+
+From fe2d3c6e75088f3d9b6040ce06da3d530358bc2f Mon Sep 17 00:00:00 2001
+From: Tavis Ormandy <taviso(a)google.com>
+Date: Thu, 11 Jan 2018 10:00:41 -0800
+Subject: [PATCH] mitigate dns rebinding attacks against daemon
+
+---
+ libtransmission/quark.c | 2 +
+ libtransmission/quark.h | 2 +
+ libtransmission/rpc-server.c | 116 +++++++++++++++++++++++++++++++++++++----
+ libtransmission/rpc-server.h | 4 ++
+ libtransmission/session.c | 2 +
+ libtransmission/transmission.h | 1 +
+ libtransmission/web.c | 3 ++
+ 7 files changed, 121 insertions(+), 9 deletions(-)
+
+diff --git a/libtransmission/quark.c b/libtransmission/quark.c
+index 30cc2bca4..b4fd7aabd 100644
+--- a/libtransmission/quark.c
++++ b/libtransmission/quark.c
+@@ -289,6 +289,8 @@ static const struct tr_key_struct my_static[] =
+ { "rpc-authentication-required", 27 },
+ { "rpc-bind-address", 16 },
+ { "rpc-enabled", 11 },
++ { "rpc-host-whitelist", 18 },
++ { "rpc-host-whitelist-enabled", 26 },
+ { "rpc-password", 12 },
+ { "rpc-port", 8 },
+ { "rpc-url", 7 },
+diff --git a/libtransmission/quark.h b/libtransmission/quark.h
+index 7f5212733..17464be8f 100644
+--- a/libtransmission/quark.h
++++ b/libtransmission/quark.h
+@@ -291,6 +291,8 @@ enum
+ TR_KEY_rpc_authentication_required,
+ TR_KEY_rpc_bind_address,
+ TR_KEY_rpc_enabled,
++ TR_KEY_rpc_host_whitelist,
++ TR_KEY_rpc_host_whitelist_enabled,
+ TR_KEY_rpc_password,
+ TR_KEY_rpc_port,
+ TR_KEY_rpc_url,
+diff --git a/libtransmission/rpc-server.c b/libtransmission/rpc-server.c
+index a3485f3fa..292cd5fce 100644
+--- a/libtransmission/rpc-server.c
++++ b/libtransmission/rpc-server.c
+@@ -52,6 +52,7 @@ struct tr_rpc_server
+ bool isEnabled;
+ bool isPasswordEnabled;
+ bool isWhitelistEnabled;
++ bool isHostWhitelistEnabled;
+ tr_port port;
+ char * url;
+ struct in_addr bindAddress;
+@@ -63,6 +64,7 @@ struct tr_rpc_server
+ char * password;
+ char * whitelistStr;
+ tr_list * whitelist;
++ tr_list * hostWhitelist;
+
+ char * sessionId;
+ time_t sessionIdExpiresAt;
+@@ -588,6 +590,49 @@ isAddressAllowed (const tr_rpc_server * server, const char * address)
+ return false;
+ }
+
++static bool isHostnameAllowed(tr_rpc_server const* server, struct evhttp_request* req)
++{
++ /* If password auth is enabled, any hostname is permitted. */
++ if (server->isPasswordEnabled)
++ {
++ return true;
++ }
++
++ char const* const host = evhttp_find_header(req->input_headers, "Host");
++
++ // If whitelist is disabled, no restrictions.
++ if (!server->isHostWhitelistEnabled)
++ return true;
++
++ /* No host header, invalid request. */
++ if (host == NULL)
++ {
++ return false;
++ }
++
++ /* Host header might include the port. */
++ char* const hostname = tr_strndup(host, strcspn(host, ":"));
++
++ /* localhost or ipaddress is always acceptable. */
++ if (strcmp(hostname, "localhost") == 0 || strcmp(hostname, "localhost.") == 0 || tr_addressIsIP(hostname))
++ {
++ tr_free(hostname);
++ return true;
++ }
++
++ /* Otherwise, hostname must be whitelisted. */
++ for (tr_list* l = server->hostWhitelist; l != NULL; l = l->next) {
++ if (tr_wildmat(hostname, l->data))
++ {
++ tr_free(hostname);
++ return true;
++ }
++ }
++
++ tr_free(hostname);
++ return false;
++}
++
+ static bool
+ test_session_id (struct tr_rpc_server * server, struct evhttp_request * req)
+ {
+@@ -663,6 +708,23 @@ handle_request (struct evhttp_request * req, void * arg)
+ handle_upload (req, server);
+ }
+ #ifdef REQUIRE_SESSION_ID
++ else if (!isHostnameAllowed(server, req))
++ {
++ char* tmp = tr_strdup_printf(
++ "<p>Transmission received your request, but the hostname was unrecognized.</p>"
++ "<p>To fix this, choose one of the following options:"
++ "<ul>"
++ "<li>Enable password authentication, then any hostname is allowed.</li>"
++ "<li>Add the hostname you want to use to the whitelist in settings.</li>"
++ "</ul></p>"
++ "<p>If you're editing settings.json, see the 'rpc-host-whitelist' and 'rpc-host-whitelist-enabled' entries.</p>"
++ "<p>This requirement has been added to help prevent "
++ "<a href=\"https://en.wikipedia.org/wiki/DNS_rebinding\">DNS Rebinding</a> "
++ "attacks.</p>");
++ send_simple_response(req, 421, tmp);
++ tr_free(tmp);
++ }
++
+ else if (!test_session_id (server, req))
+ {
+ const char * sessionId = get_current_session_id (server);
+@@ -674,7 +736,7 @@ handle_request (struct evhttp_request * req, void * arg)
+ "<li> When you get this 409 error message, resend your request with the updated header"
+ "</ol></p>"
+ "<p>This requirement has been added to help prevent "
+- "<a href=\"http://en.wikipedia.org/wiki/Cross-site_request_forgery\">CSRF</a> "
++ "<a href=\"https://en.wikipedia.org/wiki/Cross-site_request_forgery\">CSRF</a> "
+ "attacks.</p>"
+ "<p><code>%s: %s</code></p>",
+ TR_RPC_SESSION_ID_HEADER, sessionId);
+@@ -875,19 +937,14 @@ tr_rpcGetUrl (const tr_rpc_server * server)
+ return server->url ? server->url : "";
+ }
+
+-void
+-tr_rpcSetWhitelist (tr_rpc_server * server, const char * whitelistStr)
++static void
++tr_rpcSetList (char const* whitelistStr, tr_list** list)
+ {
+ void * tmp;
+ const char * walk;
+
+- /* keep the string */
+- tmp = server->whitelistStr;
+- server->whitelistStr = tr_strdup (whitelistStr);
+- tr_free (tmp);
+-
+ /* clear out the old whitelist entries */
+- while ((tmp = tr_list_pop_front (&server->whitelist)))
++ while ((tmp = tr_list_pop_front (list)) != NULL)
+ tr_free (tmp);
+
+ /* build the new whitelist entries */
+@@ -896,7 +953,7 @@ tr_rpcSetWhitelist (tr_rpc_server * server, const char * whitelistStr)
+ const char * delimiters = " ,;";
+ const size_t len = strcspn (walk, delimiters);
+ char * token = tr_strndup (walk, len);
+- tr_list_append (&server->whitelist, token);
++ tr_list_append (list, token);
+ if (strcspn (token, "+-") < len)
+ tr_logAddNamedInfo (MY_NAME, "Adding address to whitelist: %s (And it has a '+' or '-'! Are you using an old ACL by mistake?)", token);
+ else
+@@ -909,6 +966,21 @@ tr_rpcSetWhitelist (tr_rpc_server * server, const char * whitelistStr)
+ }
+ }
+
++void tr_rpcSetHostWhitelist(tr_rpc_server* server, char const* whitelistStr)
++{
++ tr_rpcSetList(whitelistStr, &server->hostWhitelist);
++}
++
++void tr_rpcSetWhitelist(tr_rpc_server* server, char const* whitelistStr)
++{
++ /* keep the string */
++ char* const tmp = server->whitelistStr;
++ server->whitelistStr = tr_strdup(whitelistStr);
++ tr_free(tmp);
++
++ tr_rpcSetList(whitelistStr, &server->whitelist);
++}
++
+ const char*
+ tr_rpcGetWhitelist (const tr_rpc_server * server)
+ {
+@@ -930,6 +1002,11 @@ tr_rpcGetWhitelistEnabled (const tr_rpc_server * server)
+ return server->isWhitelistEnabled;
+ }
+
++void tr_rpcSetHostWhitelistEnabled(tr_rpc_server* server, bool isEnabled)
++{
++ server->isHostWhitelistEnabled = isEnabled;
++}
++
+ /****
+ ***** PASSWORD
+ ****/
+@@ -1063,6 +1140,28 @@ tr_rpcInit (tr_session * session, tr_variant * settings)
+ else
+ tr_rpcSetWhitelistEnabled (s, boolVal);
+
++ key = TR_KEY_rpc_host_whitelist_enabled;
++
++ if (!tr_variantDictFindBool(settings, key, &boolVal))
++ {
++ missing_settings_key(key);
++ }
++ else
++ {
++ tr_rpcSetHostWhitelistEnabled(s, boolVal);
++ }
++
++ key = TR_KEY_rpc_host_whitelist;
++
++ if (!tr_variantDictFindStr(settings, key, &str, NULL) && str != NULL)
++ {
++ missing_settings_key(key);
++ }
++ else
++ {
++ tr_rpcSetHostWhitelist(s, str);
++ }
++
+ key = TR_KEY_rpc_authentication_required;
+ if (!tr_variantDictFindBool (settings, key, &boolVal))
+ missing_settings_key (key);
+diff --git a/libtransmission/rpc-server.h b/libtransmission/rpc-server.h
+index e0302c5ea..8c9e6b24e 100644
+--- a/libtransmission/rpc-server.h
++++ b/libtransmission/rpc-server.h
+@@ -49,6 +49,10 @@ void tr_rpcSetWhitelist (tr_rpc_server * server,
+
+ const char* tr_rpcGetWhitelist (const tr_rpc_server * server);
+
++void tr_rpcSetHostWhitelistEnabled(tr_rpc_server* server, bool isEnabled);
++
++void tr_rpcSetHostWhitelist(tr_rpc_server* server, char const* whitelist);
++
+ void tr_rpcSetPassword (tr_rpc_server * server,
+ const char * password);
+
+diff --git a/libtransmission/session.c b/libtransmission/session.c
+index 844cadba8..58b717913 100644
+--- a/libtransmission/session.c
++++ b/libtransmission/session.c
+@@ -359,6 +359,8 @@ tr_sessionGetDefaultSettings (tr_variant * d)
+ tr_variantDictAddStr (d, TR_KEY_rpc_username, "");
+ tr_variantDictAddStr (d, TR_KEY_rpc_whitelist, TR_DEFAULT_RPC_WHITELIST);
+ tr_variantDictAddBool (d, TR_KEY_rpc_whitelist_enabled, true);
++ tr_variantDictAddStr(d, TR_KEY_rpc_host_whitelist, TR_DEFAULT_RPC_HOST_WHITELIST);
++ tr_variantDictAddBool(d, TR_KEY_rpc_host_whitelist_enabled, true);
+ tr_variantDictAddInt (d, TR_KEY_rpc_port, atoi (TR_DEFAULT_RPC_PORT_STR));
+ tr_variantDictAddStr (d, TR_KEY_rpc_url, TR_DEFAULT_RPC_URL_STR);
+ tr_variantDictAddBool (d, TR_KEY_scrape_paused_torrents_enabled, true);
+diff --git a/libtransmission/transmission.h b/libtransmission/transmission.h
+index 4f76adfd6..e213a8f4e 100644
+--- a/libtransmission/transmission.h
++++ b/libtransmission/transmission.h
+@@ -123,6 +123,7 @@ const char* tr_getDefaultDownloadDir (void);
+ #define TR_DEFAULT_BIND_ADDRESS_IPV4 "0.0.0.0"
+ #define TR_DEFAULT_BIND_ADDRESS_IPV6 "::"
+ #define TR_DEFAULT_RPC_WHITELIST "127.0.0.1"
++#define TR_DEFAULT_RPC_HOST_WHITELIST ""
+ #define TR_DEFAULT_RPC_PORT_STR "9091"
+ #define TR_DEFAULT_RPC_URL_STR "/transmission/"
+ #define TR_DEFAULT_PEER_PORT_STR "51413"
+diff --git a/libtransmission/web.c b/libtransmission/web.c
+index ee495e9fc..c7f062730 100644
+--- a/libtransmission/web.c
++++ b/libtransmission/web.c
+@@ -594,6 +594,7 @@ tr_webGetResponseStr (long code)
+ case 415: return "Unsupported Media Type";
+ case 416: return "Requested Range Not Satisfiable";
+ case 417: return "Expectation Failed";
++ case 421: return "Misdirected Request";
+ case 500: return "Internal Server Error";
+ case 501: return "Not Implemented";
+ case 502: return "Bad Gateway";
diff --git a/transmission/Pkgfile b/transmission/Pkgfile
index 27279f963..5b6566ded 100644
--- a/transmission/Pkgfile
+++ b/transmission/Pkgfile
@@ -5,12 +5,15 @@
name=transmission
version=2.92
-release=1
-source=(https://github.com/transmission/transmission-releases/raw/master/transmission-$version.tar.xz)
+release=2
+source=(https://github.com/transmission/transmission-releases/raw/master/transmission-$version.tar.xz
+ CVE-2018-5702.patch)
build() {
cd $name-$version
+ patch -p1 -i $SRC/CVE-2018-5702.patch
+
./configure --prefix=/usr \
--disable-nls \
--enable-cli \
1
0
ports/opt (3.3): [notify] libidn: Secutiry fix for CVE-2017-14062. closes FS#1554
by crux@crux.nu 16 Jan '18
by crux@crux.nu 16 Jan '18
16 Jan '18
commit c9ed075b254032302e36eefe14eeac7565cb51e4
Author: Fredrik Rinnestam <fredrik(a)crux.nu>
Date: Tue Jan 16 17:55:52 2018 +0100
[notify] libidn: Secutiry fix for CVE-2017-14062. closes FS#1554
diff --git a/libidn/.md5sum b/libidn/.md5sum
index 7f3221526..7313e94c9 100644
--- a/libidn/.md5sum
+++ b/libidn/.md5sum
@@ -1 +1,2 @@
+cd02b28cd6b74d7e55055651003dfcf4 CVE-2017-14062.patch
a9aa7e003665de9c82bd3f9fc6ccf308 libidn-1.33.tar.gz
diff --git a/libidn/.md5sum.orig b/libidn/.md5sum.orig
new file mode 100644
index 000000000..9132f3c89
--- /dev/null
+++ b/libidn/.md5sum.orig
@@ -0,0 +1,2 @@
+e4b03c6bcff3e11ea54adc6540fb7d07 CVE-2017-14062.patch
+a9aa7e003665de9c82bd3f9fc6ccf308 libidn-1.33.tar.gz
diff --git a/libidn/.signature b/libidn/.signature
index a748a76f1..50c0763ef 100644
--- a/libidn/.signature
+++ b/libidn/.signature
@@ -1,5 +1,6 @@
untrusted comment: verify with /etc/ports/opt.pub
-RWSE3ohX2g5d/av7D78bcxVpHFwVnVvsVbntH7q1tpLUcuW3hTn3rajwbAMu7aCDa5jJTJKeUZ+bNVmNaMcQS9s0TZJeQDMU5As=
-SHA256 (Pkgfile) = e83f48874e414a81a255ce4ad151bd737bc12e30af115f0894a14ff272205ecd
+RWSE3ohX2g5d/XzfkvpoUogWAcNTzXOg8hIykW9+oa298BOCD/60VV/zBtCGx/1AC/ulsdgOM4qV46JvoWtWNKviPjm7dkAPdA4=
+SHA256 (Pkgfile) = 3b2004727e755c55320c76255d6b8b1c2260c08244832e8cc4b9c59e3fbc004b
SHA256 (.footprint) = 8b7ff628d35d714b967f076a8e848cc7c6963129dc2ef9064b13e64e4a9ecf1d
SHA256 (libidn-1.33.tar.gz) = 44a7aab635bb721ceef6beecc4d49dfd19478325e1b47f3196f7d2acc4930e19
+SHA256 (CVE-2017-14062.patch) = 9dd36fddcfe60b8feb958bab4538054134187a52c98c15ec43362b63eaf69ac4
diff --git a/libidn/CVE-2017-14062.patch b/libidn/CVE-2017-14062.patch
new file mode 100644
index 000000000..2a2c2b7ee
--- /dev/null
+++ b/libidn/CVE-2017-14062.patch
@@ -0,0 +1,29 @@
+--- a/lib/punycode.c 2016-01-14 21:42:33.000000000 +0800
++++ b/lib/punycode.c 2018-01-12 11:36:58.027226633 +0800
+@@ -88,11 +88,11 @@ enum
+ /* point (for use in representing integers) in the range 0 to */
+ /* base-1, or base if cp does not represent a value. */
+
+-static punycode_uint
+-decode_digit (punycode_uint cp)
++static unsigned
++decode_digit (int cp)
+ {
+- return cp - 48 < 10 ? cp - 22 : cp - 65 < 26 ? cp - 65 :
+- cp - 97 < 26 ? cp - 97 : base;
++ return (unsigned) (cp - 48 < 10 ? cp - 22 : cp - 65 < 26 ? cp - 65 :
++ cp - 97 < 26 ? cp - 97 : base);
+ }
+
+ /* encode_digit(d,flag) returns the basic code point whose value */
+--- a/tests/tst_idna.c 2016-01-14 21:42:33.000000000 +0800
++++ b/tests/tst_idna.c 2018-01-12 11:36:58.027226633 +0800
+@@ -211,7 +211,7 @@ static const struct idna idna[] = {
+ 'x', 'n', '-', '-', 'f', 'o', 0x3067},
+ IDNA_ACE_PREFIX "too long too long too long too long too long too "
+ "long too long too long too long too long ", 0,
+- IDNA_CONTAINS_ACE_PREFIX, IDNA_PUNYCODE_ERROR}
++ IDNA_CONTAINS_ACE_PREFIX, IDNA_INVALID_LENGTH}
+ };
+
+ void
diff --git a/libidn/Pkgfile b/libidn/Pkgfile
index 25ee04769..f6bef3a9b 100644
--- a/libidn/Pkgfile
+++ b/libidn/Pkgfile
@@ -5,12 +5,17 @@
name=libidn
version=1.33
-release=1
-source=(http://ftp.gnu.org/gnu/$name/$name-$version.tar.gz)
+release=2
+source=(http://ftp.gnu.org/gnu/$name/$name-$version.tar.gz
+ CVE-2017-14062.patch)
build() {
cd $name-$version
+ patch -p1 -i $SRC/CVE-2017-14062.patch
+ sed -i '/^SUBDIRS/s/doc//' Makefile.am
+
+ autoreconf
./configure \
--prefix=/usr \
--disable-nls \
@@ -18,5 +23,9 @@ build() {
make
make DESTDIR=$PKG install
- rm -r $PKG/usr/share/info
+
+ install -d $PKG/usr/share/man/man{1,3}
+ install -m 0644 doc/*.1 $PKG/usr/share/man/man1
+ install -m 0644 doc/man/*.3 $PKG/usr/share/man/man3
+
}
1
0
10 Jan '18
commit 2ef42011328fcd050360518bab13765695693c28
Author: Matt Housh <jaeger(a)crux.ninja>
Date: Wed Jan 10 16:28:26 2018 -0600
[notify] openexr: updated to version 2.2.1
From openexr.com:
This maintenance release addresses the reported OpenEXR security vulnerabilities, specifically CVE-2017-9110, CVE-2017-9111, CVE-2017-9112, CVE-2017-9113, CVE-2017-9114, CVE-2017-9115, CVE-2017-9116.
diff --git a/openexr/.footprint b/openexr/.footprint
index 3a18a224..9669409c 100644
--- a/openexr/.footprint
+++ b/openexr/.footprint
@@ -97,14 +97,14 @@ drwxr-xr-x root/root usr/include/OpenEXR/
-rw-r--r-- root/root usr/include/OpenEXR/ImfXdr.h
-rw-r--r-- root/root usr/include/OpenEXR/OpenEXRConfig.h
drwxr-xr-x root/root usr/lib/
-lrwxrwxrwx root/root usr/lib/libIlmImf-2_2.so.22 -> libIlmImf-2_2.so.22.0.0
--rwxr-xr-x root/root usr/lib/libIlmImf-2_2.so.22.0.0
+lrwxrwxrwx root/root usr/lib/libIlmImf-2_2.so.23 -> libIlmImf-2_2.so.23.0.0
+-rwxr-xr-x root/root usr/lib/libIlmImf-2_2.so.23.0.0
-rwxr-xr-x root/root usr/lib/libIlmImf.la
-lrwxrwxrwx root/root usr/lib/libIlmImf.so -> libIlmImf-2_2.so.22.0.0
-lrwxrwxrwx root/root usr/lib/libIlmImfUtil-2_2.so.22 -> libIlmImfUtil-2_2.so.22.0.0
--rwxr-xr-x root/root usr/lib/libIlmImfUtil-2_2.so.22.0.0
+lrwxrwxrwx root/root usr/lib/libIlmImf.so -> libIlmImf-2_2.so.23.0.0
+lrwxrwxrwx root/root usr/lib/libIlmImfUtil-2_2.so.23 -> libIlmImfUtil-2_2.so.23.0.0
+-rwxr-xr-x root/root usr/lib/libIlmImfUtil-2_2.so.23.0.0
-rwxr-xr-x root/root usr/lib/libIlmImfUtil.la
-lrwxrwxrwx root/root usr/lib/libIlmImfUtil.so -> libIlmImfUtil-2_2.so.22.0.0
+lrwxrwxrwx root/root usr/lib/libIlmImfUtil.so -> libIlmImfUtil-2_2.so.23.0.0
drwxr-xr-x root/root usr/lib/pkgconfig/
-rw-r--r-- root/root usr/lib/pkgconfig/OpenEXR.pc
drwxr-xr-x root/root usr/share/
diff --git a/openexr/.md5sum b/openexr/.md5sum
index 16a3cbbb..aaba82f1 100644
--- a/openexr/.md5sum
+++ b/openexr/.md5sum
@@ -1 +1 @@
-b64e931c82aa3790329c21418373db4e openexr-2.2.0.tar.gz
+421815c32989e1b98fc4798ee754c433 openexr-2.2.1.tar.gz
diff --git a/openexr/.signature b/openexr/.signature
index 5f5936c1..2937fc27 100644
--- a/openexr/.signature
+++ b/openexr/.signature
@@ -1,5 +1,5 @@
untrusted comment: verify with /etc/ports/contrib.pub
-RWSagIOpLGJF38iMaz4f425JdY3leWPPypnAYXz8P8U36ij3Ie/dy/GihPaE9KM7Q9U+Y6TUTBhF9/NdxDfsvbblh8UpyRq6/Q4=
-SHA256 (Pkgfile) = b2702efc25f77ac12fe178f85c13b132acaaf66bccc3eee367903e601c340e45
-SHA256 (.footprint) = 6f02f0c4f5913d3b993d36be029848e361cfa7a0b387b8fbf60a8278cb50c9d8
-SHA256 (openexr-2.2.0.tar.gz) = 36a012f6c43213f840ce29a8b182700f6cf6b214bea0d5735594136b44914231
+RWSagIOpLGJF37m4yWkwqppg17OwAppcZ575r6OPQfzByqGbq7hkivleNxLiNJEoIvUdI+XH+vH1wBmyP2C9O1hkxz4V1Zan7g0=
+SHA256 (Pkgfile) = 307d8d0c7b760d7fc496fd46dd27fd4c78ab6099f7ee05d60cdfb6b50d3d2c33
+SHA256 (.footprint) = 94579c2be9f2f3c0fdc59037a14d5bfd04378da6c21d38d13ae0414b0a8bd1cc
+SHA256 (openexr-2.2.1.tar.gz) = 8f9a5af6131583404261931d9a5c83de0a425cb4b8b25ddab2b169fbf113aecd
diff --git a/openexr/Pkgfile b/openexr/Pkgfile
index 1d3f0748..f344fbf9 100644
--- a/openexr/Pkgfile
+++ b/openexr/Pkgfile
@@ -1,11 +1,10 @@
# Description: A high dynamic-range (HDR) image file format developed by Industrial Light & Magic for use in computer imaging applications.
# URL: http://www.openexr.com/
-# Maintainer: Matt Housh, jaeger at morpheus dot net
-# Packager: Jose V Beneyto, sepen at users dot sourceforge dot net
+# Maintainer: Matt Housh, jaeger at crux dot ninja
# Depends on: ilmbase
name=openexr
-version=2.2.0
+version=2.2.1
release=1
source=(http://download.savannah.nongnu.org/releases/$name/$name-$version.t…
1
0
ports/opt (3.3): [notify] irssi: updated to 1.0.6. Fix for CVE-2018-5206,
by crux@crux.nu 06 Jan '18
by crux@crux.nu 06 Jan '18
06 Jan '18
commit eb8c9192cbeeffdadabb47ebbedeb619cdab8e14
Author: Fredrik Rinnestam <fredrik(a)crux.nu>
Date: Sat Jan 6 17:13:42 2018 +0100
[notify] irssi: updated to 1.0.6. Fix for CVE-2018-5206,
CVE-2018-5205, CVE-2018-5208 and CVE-2018-5207. Advisory:
https://irssi.org/security/irssi_sa_2018_01.txt
diff --git a/irssi/.md5sum b/irssi/.md5sum
index 1eab4fb48..ff18e093d 100644
--- a/irssi/.md5sum
+++ b/irssi/.md5sum
@@ -1 +1 @@
-21357ac5e9970fa0c79ca971a9a01270 irssi-1.0.5.tar.xz
+b7e842c50254b780311cd02e97a3e9b5 irssi-1.0.6.tar.xz
diff --git a/irssi/.signature b/irssi/.signature
index b9751bb67..a6cea6bc5 100644
--- a/irssi/.signature
+++ b/irssi/.signature
@@ -1,5 +1,5 @@
untrusted comment: verify with /etc/ports/opt.pub
-RWSE3ohX2g5d/fVTqRM46ov1wGceWoljv5b7BE/x2gA+nqmYGzhhjLAKOTrb+8FKsP/5Sr5Snwkv+luLVBGOs5+3x3P+2kU4xg0=
-SHA256 (Pkgfile) = 57be1ee0f2f1c0f6b30af170f609f18c8ba2a7e889a227ee456fa5604f8259a3
+RWSE3ohX2g5d/ZJ/+ZfG6sK/fOvN+lxnuiZv/kGhUyHF+2cy3pMxOTpjXnntyma4AqbDbuH9HFEpTP0s90ATrzr4kjzZnRp9zQ4=
+SHA256 (Pkgfile) = 11bfb0cd12bf412ec3ff434aa5c3e63d630f569af663ea46938fe86a55248f3f
SHA256 (.footprint) = f199f0d812fef6ae7789ed0d4333fb3a4e34a8c37c762ee8cc31387c13b6b187
-SHA256 (irssi-1.0.5.tar.xz) = c2556427e12eb06cabfed40839ac6f57eb8b1aa6365fab6dfcd331b7a04bb914
+SHA256 (irssi-1.0.6.tar.xz) = 029e884f3ebf337f7266d8ed4e1a035ca56d9f85015d74c868b488f279de8585
diff --git a/irssi/Pkgfile b/irssi/Pkgfile
index 66a2cafcf..c53947630 100644
--- a/irssi/Pkgfile
+++ b/irssi/Pkgfile
@@ -1,11 +1,10 @@
# Description: Terminal based IRC client for UNIX systems
# URL: http://www.irssi.org/
# Maintainer: Thomas Penteker, tek at serverop dot de
-# Packager: Daniel K. Gebhart, dkg at con-fuse dot org
# Depends on: glib
name=irssi
-version=1.0.5
+version=1.0.6
release=1
source=(https://github.com/irssi-import/irssi/releases/download/$version/$n…
1
0
05 Jan '18
commit d76927f3e0ce0b1bc1cd0e273997a8e5bdf8ebc2
Author: Juergen Daubert <jue(a)jue.li>
Date: Fri Jan 5 13:10:00 2018 +0100
[notify] php: update to 5.6.33 (security fixes)
diff --git a/php/.md5sum b/php/.md5sum
index e435256b2..8d427149c 100644
--- a/php/.md5sum
+++ b/php/.md5sum
@@ -1 +1 @@
-660cd5bc0f16eaad655b7815c757aadc php-5.6.32.tar.xz
+ca5d8f4b2b8c19519e495ecfed625ffa php-5.6.33.tar.xz
diff --git a/php/.signature b/php/.signature
index 615fa020d..37b0c03ba 100644
--- a/php/.signature
+++ b/php/.signature
@@ -1,5 +1,5 @@
untrusted comment: verify with /etc/ports/opt.pub
-RWSE3ohX2g5d/QySuogNVhVfihuRHr5CoDYWacohr25biMFhSQnJaN5tNd/OYlcgq3JFbxUOf9VyaVwH7BFyIKQNPCfeBApcAAg=
-SHA256 (Pkgfile) = ce35c7231d12cb2e0b5ed2d971216dac8a8c06a2e44244c3722b5ac6c30f61ff
+RWSE3ohX2g5d/eIueJTTRNuDkMAVWA+V/LHERMd59QtPQDGfa3Oq/khknkrprkUUKxKfgWdhEIjUXVfIl1ShH2N+gZUZwuD7kgI=
+SHA256 (Pkgfile) = da8ee59f68dbb1bc266abd0521024784572633f98215336a7f3c08b95cb422b3
SHA256 (.footprint) = 65e725950334ab8815dc34d555a1a963d49b0af8df57aabe4efba07854a69adc
-SHA256 (php-5.6.32.tar.xz) = 8c2b4f721c7475fb9eabda2495209e91ea933082e6f34299d11cba88cd76e64b
+SHA256 (php-5.6.33.tar.xz) = 9004995fdf55f111cd9020e8b8aff975df3d8d4191776c601a46988c375f3553
diff --git a/php/Pkgfile b/php/Pkgfile
index 4fb4fcba0..4783ed2d7 100644
--- a/php/Pkgfile
+++ b/php/Pkgfile
@@ -4,7 +4,7 @@
# Depends on: libpcre libxml2 curl db gdbm
name=php
-version=5.6.32
+version=5.6.33
release=1
source=(http://php.net/distributions/php-$version.tar.xz)
1
0