The gnulib version contains an important change (9ce573cde), which
fixes some problems with multithreading, entropy loss, and ASLR leak
nfo. It also fixes an issue where getrandom is not being used
on some new files generation (only for __GT_NOCREATE on first try).
The 044bf893ac removed __path_search, which is now moved to another
gnulib shared files (stdio-common/tmpdir.{c,h}). Tthis patch
also fixes direxists to use __stat64_time64 instead of __xstat64,
and move the include of pathmax.h for !_LIBC (since it is not used
by glibc). The license is also changed from GPL 3.0 to 2.1, with
permission from the authors (Bruno Haible and Paul Eggert).
The sync also removed the clock fallback, since clock_gettime
with CLOCK_REALTIME is expected to always succeed.
It syncs with gnulib commit 323834962817af7b115187e8c9a833437f8d20ec.
Checked on x86_64-linux-gnu.
Co-authored-by: Bruno Haible <bruno@clisp.org>
Co-authored-by: Paul Eggert <eggert@cs.ucla.edu>
Reviewed-by: Bruno Haible <bruno@clisp.org>
* posix/getopt.c (_getopt_initialize):
* sysdeps/posix/tempname.c (try_dir, try_nocreate):
Put _GL_UNUSED before args instead of after.
This makes no difference for glibc.
It is needed for Gnulib when being compiled on
non-GCC C23 compilers.
I used these shell commands:
../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright
(cd ../glibc && git commit -am"[this commit message]")
and then ignored the output, which consisted lines saying "FOO: warning:
copyright statement not found" for each of 7061 files FOO.
I then removed trailing white space from math/tgmath.h,
support/tst-support-open-dev-null-range.c, and
sysdeps/x86_64/multiarch/strlen-vec.S, to work around the following
obscure pre-commit check failure diagnostics from Savannah. I don't
know why I run into these diagnostics whereas others evidently do not.
remote: *** 912-#endif
remote: *** 913:
remote: *** 914-
remote: *** error: lines with trailing whitespace found
...
remote: *** error: sysdeps/unix/sysv/linux/statx_cp.c: trailing lines
For the legacy ABI with supports 32-bit time_t it calls the 64-bit
time directly, since the LFS symbols calls the 64-bit time_t ones
internally.
Checked on i686-linux-gnu and x86_64-linux-gnu.
Reviewed-by: Lukasz Majewski <lukma@denx.de>
The first getrandom is used only for __GT_NOCREATE, which is inherently
insecure and can use the entropy as a small improvement. On the
second and later attempts it might help against DoS attacks.
It sync with gnulib commit 854fbb81d91f7a0f2b463e7ace2499dee2f380f2.
Checked on x86_64-linux-gnu.
It syncs with gnulib commit b1268f22f443e8e4b9e. The try_tempname_len
now uses getrandom on each iteration to get entropy and only uses the
clock plus ASLR as source of entropy if getrandom fails.
Checked on x86_64-linux-gnu and i686-linux-gnu.
I used these shell commands:
../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright
(cd ../glibc && git commit -am"[this commit message]")
and then ignored the output, which consisted lines saying "FOO: warning:
copyright statement not found" for each of 6694 files FOO.
I then removed trailing white space from benchtests/bench-pthread-locks.c
and iconvdata/tst-iconv-big5-hkscs-to-2ucs4.c, to work around this
diagnostic from Savannah:
remote: *** pre-commit check failed ...
remote: *** error: lines with trailing whitespace found
remote: error: hook declined to update refs/heads/master
It replaces the internal usage of __{f,l}xstat{at}{64} with the
__{f,l}stat{at}{64}. It should not change the generate code since
sys/stat.h explicit defines redirections to internal calls back to
xstat* symbols.
Checked with a build for all affected ABIs. I also check on
x86_64-linux-gnu and i686-linux-gnu.
Reviewed-by: Lukasz Majewski <lukma@denx.de>
Since gettimeofday will shortly be implemented in terms of
clock_gettime on all platforms, internal code should use clock_gettime
directly; in addition to removing a layer of indirection, this will
allow us to remove the PLT-bypass gunk for gettimeofday. (We can't
quite do that yet, but it'll be coming later in this patch series.)
In many cases, the changed code does fewer conversions.
The changed code always assumes __clock_gettime (CLOCK_REALTIME)
cannot fail. Most of the call sites were assuming gettimeofday could
not fail, but a few places were checking for errors. POSIX says
clock_gettime can only fail if the clock constant is invalid or
unsupported, and CLOCK_REALTIME is the one and only clock constant
that's required to be supported. For consistency I grepped the entire
source tree for any other places that checked for errors from
__clock_gettime (CLOCK_REALTIME), found one, and changed it too.
(For the record, POSIX also says gettimeofday can never fail.)
(It would be nice if we could declare that GNU systems will always
support CLOCK_MONOTONIC as well as CLOCK_REALTIME; there are several
places where we are using CLOCK_REALTIME where _MONOTONIC would be
more appropriate, and/or trying to use _MONOTONIC and then falling
back to _REALTIME. But the Hurd doesn't support CLOCK_MONOTONIC yet,
and it looks like adding it would involve substantial changes to
gnumach's internals and API. Oh well.)
A few Hurd-specific files were changed to use __host_get_time instead
of __clock_gettime, as this seemed tidier. We also assume this cannot
fail. Skimming the code in gnumach leads me to believe the only way
it could fail is if __mach_host_self also failed, and our
Hurd-specific code consistently assumes that can't happen, so I'm
going with that.
With the exception of support/support_test_main.c, test cases are not
modified, mainly because I didn't want to have to figure out which
test cases were testing gettimeofday specifically.
The definition of GETTIME in sysdeps/generic/memusage.h had a typo and
was not reading tv_sec at all. I fixed this. It appears nobody has been
generating malloc traces on a machine that doesn't have a superseding
definition.
There are a whole bunch of places where the code could be simplified
by factoring out timespec subtraction and/or comparison logic, but I
want to keep this patch as mechanical as possible.
Checked on x86_64-linux-gnu, i686-linux-gnu, powerpc64le-linux-gnu,
powerpc64-linux-gnu, powerpc-linux-gnu, and aarch64-linux-gnu.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Reviewed-by: Lukasz Majewski <lukma@denx.de>
This is missing bit for fully fix BZ#15813 (the other two were fixed
by 359653aaac).
Checked on x86_64-linux-gnu.
[BZ #15813]
sysdeps/posix/tempname.c (__gen_tempname): get entrypy on each
attempt.
This patch removes the HP_TIMING_BITS usage for fast random bits and replace
with clock_gettime (CLOCK_MONOTONIC). It has unspecified starting time and
nano-second accuracy, so its randomness is significantly better than
gettimeofday.
Althoug it should incur in more overhead (specially for architecture that
support hp-timing), the symbol is also common implemented as a vDSO.
Checked on aarch64-linux-gnu, x86_64-linux-gnu, and i686-linux-gnu. I also
checked on a i686-gnu build.
* include/random-bits.h: New file.
* resolv/res_mkquery.c [HP_TIMING_AVAIL] (RANDOM_BITS,
(__res_context_mkquery): Remove usage hp-timing usage and replace with
random_bits.
* resolv/res_send.c [HP_TIMING_AVAIL] (nameserver_offset): Likewise.
* sysdeps/posix/tempname.c [HP_TIMING_AVAIL] (__gen_tempname):
Likewise.
Partial merge from gnulib which fixes a number of -Wundef warnings.
The parts that differ from gnulib are the header comment, use of
__glibc_unlikely, a #define of __secure_getenv and the use of tabs.
The majority of the patch is cosmetic comment changes, the only runtime
change is an abort if an unknown kind is passed to __gen_tempname.
ChangeLog:
2014-06-25 Will Newton <will.newton@linaro.org>
* sysdeps/posix/tempname.c: Merge from gnulib, cosmetic
comment changes throughout the file. Remove checks
for HAVE_*_H definitions that are not required.
(__gen_tempname): Call abort if an unknown kind value is
passed.
into a macro. Use preprocessor to decide how to initialize
attempts [Coverity CID 67].
* io/fts.c (fts_build): Comment out dead code [Coverity CID 68].
* sunrpc/rpc_parse.c (def_union): Comment out dead code
[Coverity CID 70].
* locale/programs/linereader.c (lr_token): Remove duplicate
handling of EOF [Coverity CID 71].
* locale/programs/ld-numeric.c (numeric_read) [case tok_grouping]:
We bail out early if ignore_content is set, so there is no need to
check it later again [Coverity CID 72].
* inet/inet6_option.c (inet6_option_find): Check *tptrp for NULL,
not tptrp [Coverity CID 73].
* inet/inet6_option.c (inet6_option_next): Check *tptrp for NULL,
not tptrp [Coverity CID 74].
* misc/tsearch.c (__tsearch): Don't rotate tree if memory
allocation failed [Coverity CID 78].
2001-07-06 Paul Eggert <eggert@twinsun.com>
* manual/argp.texi: Remove ignored LGPL copyright notice; it's
not appropriate for documentation anyway.
* manual/libc-texinfo.sh: "Library General Public License" ->
"Lesser General Public License".
2001-07-06 Andreas Jaeger <aj@suse.de>
* All files under GPL/LGPL version 2: Place under LGPL version
2.1.
* sysdeps/unix/i386/i686/tempname.c: New file.
* sysdeps/posix/tempname.c (__gen_tempname): If RANDOM_BITS is
defined use this macro to get some bits of randomness instead of
the usual gettimeofday or time calls.
2001-03-16 Paul Eggert <eggert@twinsun.com>
* sysdeps/posix/tempname.c (uint64_t): Define to uintmax_t if
not defined, and if UINT64_MAX is not defined.
2001-03-19 Ulrich Drepper <drepper@redhat.com>
2001-02-26 Paul Eggert <eggert@twinsun.com>
Modify mkstemp.c and tempname.c so that they can be used by
GNU applications on non-glibc platforms.
* misc/mkstemp.c (__GT_FILE): Define to zero if not defined.
* sysdeps/posix/tempname.c: Include <config.h> if HAVE_CONFIG_H.
Include <stddef.h>, <stdint.h>, <string.h> only if
STDC_HEADERS || _LIBC.
Include <fcntl.h> only if HAVE_FCNTL_H || _LIBC.
Include <unistd.h> only if HAVE_UNISTD_H || _LIBC.
Include <sys/time.h> only if HAVE_SYS_TIME_H || _LIBC.
(__set_errno): Define this macro if <errno.h> doesn't.
(P_tmpdir, TMP_MAX, __GT_FILE, __GT_BIGFILE, __GT_DIR, __GT_NOCREATE):
Define these macros if <stdio.h> doesn't.
(S_ISDIR, S_IRUSR, S_IWUSR, S_IXUSR):
Define these macros if <sys/stat.h> doesn't.
Ignore <sys/stat.h> S_ISDIR if STAT_MACROS_BROKEN.
(stat64, __getpid, __gettimeofday, __mkdir, __open, __open64,
lxstat64, __xstat64): Define if not _LIBC.
(struct_stat64): New macro.
(direxists, __gen_tempname): Use it, to avoid a
portability problem with Solaris 8.
(__secure_getenv): Define if ! (HAVE___SECURE_GETENV || _LIBC).
(__gen_tempname): Invoke gettimeofday only if
HAVE_GETTIMEOFDAY || _LIBC; otherwise, fall back on plain "time".
Use portable macros like S_IRUSR | S_IWUSR rather than nonportable
octal values like 0600.
1999-07-06 Ulrich Drepper <drepper@cygnus.com>
* sysdeps/unix/sysv/linux/alpha/ioperm.c: Update for some more
motherboards.
Patch by Jay Estabrook.
* sysdeps/unix/sysv/linux/configure.in: Don't test for libc4 in
ldd for SPARC.
* /sysdeps/unix/sysv/linux/sparc/ldd-rewrite.sed: New file.
Patch by Cristian Gafton.
1999-07-02 Cristian Gafton <gafton@redhat.com>
* sysdeps/unix/sysv/linux/bits/socket.h (__cmsg_nxthdr): "return 0"
instead of "return NULL" to make C++ happy.
1999-07-04 Mark Kettenis <kettenis@gnu.org>
* libio/iofdopen.c (_IO_new_fdopen): Set EINVAL if MODE is not
allowed by the file access mode of the open file.
1999-07-06 Ulrich Drepper <drepper@cygnus.com>
* sysdeps/generic/setfpucw.c: Include math.h to get all needed
macros defined.
1999-07-03 Jakub Jelinek <jj@ultra.linux.cz>
* sysdeps/sparc/sparc64/submul_1.S: Fix carry handling. Optimize.
* sysdeps/sparc/sparc64/lshift.S: Make a leaf subroutine. Optimize.
* sysdeps/sparc/sparc64/rshift.S: Likewise.
* sysdeps/sparc/sparc64/mul_1.S: Optimize.
1999-07-04 Wolfram Gloger <wmglo@dent.med.uni-muenchen.de>
* malloc/malloc.c (request2size): Check for overflow and return
NULL whenever it is encountered.
1999-07-04 Zack Weinberg <zack@rabi.columbia.edu>
* sysdeps/posix/tempname.c (__gen_tempname): Add
ability to create directories. Replace OPENIT and LARGEFILE
args with a single flags parameter.
* sysdeps/generic/tempname.c: Likewise.
* include/stdio.h: Adjust prototype of __gen_tempname to
match. Define symbolic constants for second argument.
* misc/mkdtemp.c: New file, provides new function mkdtemp().
* stdlib/stdlib.h: Prototype it.
* misc/Versions: Export it.
* misc/Makefile (routines): Add mktemp.
* manual/filesys.texi: Document it.
* misc/mktemp.c: Adjust call of __gen_tempname to match new
convention.
* misc/mkstemp.c: Likewise.
* stdio-common/tempnam.c: Likewise.
* stdio-common/tmpfile.c: Likewise.
* stdio-common/tmpfile64.c: Likewise.
* stdio-common/tmpnam.c: Likewise.
* stdio-common/tmpnam_r.c: Likewise.
1999-07-05 Jakub Jelinek <jj@ultra.linux.cz>
* sysdeps/sparc/sparc64/dl-machine.h (elf_machine_rela): Support
R_SPARC_OLO10 relocations.
* elf/elf.h (R_SPARC_OLO10): Fix comment.
1998-12-15 Ulrich Drepper <drepper@cygnus.com>
* sysdeps/posix/tempname.c (__path_search): Add second part of the
patch by Andreas Jaeger.
1998-12-15 Andreas Jaeger <aj@arthur.rhein-neckar.de>
* stdio-common/tst-tmpnam.c (main): Use void as parameter to avoid
warnings about unused args. Fix comment.
1998-12-15 Andreas Jaeger <aj@arthur.rhein-neckar.de>
* sysdeps/posix/tempname.c (__path_search): Correct last patch.
1998-12-08 H.J. Lu <hjl@gnu.org>
* sysdeps/unix/sysv/linux/speed.c (cfsetospeed): Don't clear
the IBAUD0 bit in c_iflag.
* sysdeps/unix/sysv/linux/tcsetattr.c (tcsetattr): Clear the
the IBAUD0 bit in c_iflag.
1998-12-15 Andreas Jaeger <aj@arthur.rhein-neckar.de>
* stdio-common/tst-tmpnam.c (main): Use void as parameter to avoid
warnings about unused args. Fix comment.
1998-12-15 Andreas Jaeger <aj@arthur.rhein-neckar.de>
* sysdeps/posix/tempname.c (__path_search): Correct last patch.
* include/stdio.h: Add new parameter to __path_search.
* libio/oldtmpfile.c: Add 0 as new parameter to __path_search.
* stdio-common/tmpfile.c: Likewise.
* stdio-common/tmpfile64.c: Likewise.
* stdio-common/tmpnam.c: Likewise.
* stdio-common/tmpnam_r.c: Likewise.
* stdio-common/tempnam.c: Add 1 as new parameter to __path_search.
* sysdeps/posix/tempname.c: Add new parameter. If value is nonzero
consider TMPDIR environment variable and dir parameter. Otherwise not.
* stdio-common/Makefile (tests): Add tst-tmpnam.
* stdio-common/tst-tmpnam.c: New file.
