[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Commits] r25818 - in /fsf/glibc-2_19-branch/libc: ./ elf/ iconv/ iconvdata/ include/ locale/ localedata/ manual/ nis/nss_nis/ nptl/sy...



Author: eglibc
Date: Sat Sep  6 00:06:03 2014
New Revision: 25818

Log:
Import glibc-2.19 for 2014-09-06

Added:
    fsf/glibc-2_19-branch/libc/elf/tst-dl-iter-static.c
    fsf/glibc-2_19-branch/libc/localedata/tst-setlocale3.c
    fsf/glibc-2_19-branch/libc/posix/bug-regex36.c
    fsf/glibc-2_19-branch/libc/sysdeps/s390/s390-32/__longjmp.c
    fsf/glibc-2_19-branch/libc/sysdeps/s390/s390-32/setjmp.S
    fsf/glibc-2_19-branch/libc/sysdeps/s390/s390-64/__longjmp.c
    fsf/glibc-2_19-branch/libc/sysdeps/s390/s390-64/setjmp.S
    fsf/glibc-2_19-branch/libc/sysdeps/unix/sysv/linux/s390/s390-32/getcontext.S
    fsf/glibc-2_19-branch/libc/sysdeps/unix/sysv/linux/s390/s390-64/getcontext.S
    fsf/glibc-2_19-branch/libc/sysdeps/unix/sysv/linux/s390/ucontext_i.sym
Removed:
    fsf/glibc-2_19-branch/libc/sysdeps/s390/Makefile
    fsf/glibc-2_19-branch/libc/sysdeps/s390/__longjmp.c
    fsf/glibc-2_19-branch/libc/sysdeps/s390/rtld-__longjmp.c
    fsf/glibc-2_19-branch/libc/sysdeps/s390/rtld-global-offsets.sym
    fsf/glibc-2_19-branch/libc/sysdeps/s390/rtld-setjmp.S
    fsf/glibc-2_19-branch/libc/sysdeps/s390/s390-32/__longjmp-common.c
    fsf/glibc-2_19-branch/libc/sysdeps/s390/s390-32/setjmp-common.S
    fsf/glibc-2_19-branch/libc/sysdeps/s390/s390-64/__longjmp-common.c
    fsf/glibc-2_19-branch/libc/sysdeps/s390/s390-64/setjmp-common.S
    fsf/glibc-2_19-branch/libc/sysdeps/s390/setjmp.S
    fsf/glibc-2_19-branch/libc/sysdeps/s390/sigjmp.c
    fsf/glibc-2_19-branch/libc/sysdeps/s390/v1-longjmp.c
    fsf/glibc-2_19-branch/libc/sysdeps/s390/v1-setjmp.h
    fsf/glibc-2_19-branch/libc/sysdeps/s390/v1-sigjmp.c
    fsf/glibc-2_19-branch/libc/sysdeps/unix/sysv/linux/s390/getcontext.S
    fsf/glibc-2_19-branch/libc/sysdeps/unix/sysv/linux/s390/rtld-getcontext.S
    fsf/glibc-2_19-branch/libc/sysdeps/unix/sysv/linux/s390/s390-32/getcontext-common.S
    fsf/glibc-2_19-branch/libc/sysdeps/unix/sysv/linux/s390/s390-32/ucontext_i.sym
    fsf/glibc-2_19-branch/libc/sysdeps/unix/sysv/linux/s390/s390-64/getcontext-common.S
    fsf/glibc-2_19-branch/libc/sysdeps/unix/sysv/linux/s390/s390-64/ucontext_i.sym
    fsf/glibc-2_19-branch/libc/sysdeps/unix/sysv/linux/s390/v1-longjmp_chk.c
Modified:
    fsf/glibc-2_19-branch/libc/ChangeLog
    fsf/glibc-2_19-branch/libc/NEWS
    fsf/glibc-2_19-branch/libc/elf/Makefile
    fsf/glibc-2_19-branch/libc/iconv/gconv_trans.c
    fsf/glibc-2_19-branch/libc/iconvdata/Makefile
    fsf/glibc-2_19-branch/libc/iconvdata/ibm1364.c
    fsf/glibc-2_19-branch/libc/iconvdata/ibm932.c
    fsf/glibc-2_19-branch/libc/iconvdata/ibm933.c
    fsf/glibc-2_19-branch/libc/iconvdata/ibm935.c
    fsf/glibc-2_19-branch/libc/iconvdata/ibm937.c
    fsf/glibc-2_19-branch/libc/iconvdata/ibm939.c
    fsf/glibc-2_19-branch/libc/iconvdata/ibm943.c
    fsf/glibc-2_19-branch/libc/iconvdata/run-iconv-test.sh
    fsf/glibc-2_19-branch/libc/include/resolv.h
    fsf/glibc-2_19-branch/libc/locale/findlocale.c
    fsf/glibc-2_19-branch/libc/locale/setlocale.c
    fsf/glibc-2_19-branch/libc/localedata/ChangeLog
    fsf/glibc-2_19-branch/libc/localedata/Makefile
    fsf/glibc-2_19-branch/libc/manual/locale.texi
    fsf/glibc-2_19-branch/libc/nis/nss_nis/nis-hosts.c
    fsf/glibc-2_19-branch/libc/nis/nss_nis/nis-initgroups.c
    fsf/glibc-2_19-branch/libc/nis/nss_nis/nis-network.c
    fsf/glibc-2_19-branch/libc/nis/nss_nis/nis-service.c
    fsf/glibc-2_19-branch/libc/nptl/sysdeps/unix/sysv/linux/s390/pt-longjmp.c
    fsf/glibc-2_19-branch/libc/nscd/netgroupcache.c
    fsf/glibc-2_19-branch/libc/nss/nss_files/files-netgrp.c
    fsf/glibc-2_19-branch/libc/posix/Makefile
    fsf/glibc-2_19-branch/libc/posix/regcomp.c
    fsf/glibc-2_19-branch/libc/posix/spawn_faction_addopen.c
    fsf/glibc-2_19-branch/libc/posix/spawn_faction_destroy.c
    fsf/glibc-2_19-branch/libc/posix/spawn_int.h
    fsf/glibc-2_19-branch/libc/posix/tst-spawn.c
    fsf/glibc-2_19-branch/libc/resolv/gethnamaddr.c
    fsf/glibc-2_19-branch/libc/resolv/nss_dns/dns-canon.c
    fsf/glibc-2_19-branch/libc/resolv/nss_dns/dns-host.c
    fsf/glibc-2_19-branch/libc/resolv/nss_dns/dns-network.c
    fsf/glibc-2_19-branch/libc/resolv/res_query.c
    fsf/glibc-2_19-branch/libc/resolv/res_send.c
    fsf/glibc-2_19-branch/libc/sysdeps/s390/Versions
    fsf/glibc-2_19-branch/libc/sysdeps/s390/bits/setjmp.h
    fsf/glibc-2_19-branch/libc/sysdeps/s390/longjmp.c
    fsf/glibc-2_19-branch/libc/sysdeps/unix/sysv/linux/s390/Makefile
    fsf/glibc-2_19-branch/libc/sysdeps/unix/sysv/linux/s390/longjmp_chk.c
    fsf/glibc-2_19-branch/libc/sysdeps/unix/sysv/linux/s390/s390-32/____longjmp_chk.c
    fsf/glibc-2_19-branch/libc/sysdeps/unix/sysv/linux/s390/s390-32/nptl/libc.abilist
    fsf/glibc-2_19-branch/libc/sysdeps/unix/sysv/linux/s390/s390-32/setcontext.S
    fsf/glibc-2_19-branch/libc/sysdeps/unix/sysv/linux/s390/s390-32/swapcontext.S
    fsf/glibc-2_19-branch/libc/sysdeps/unix/sysv/linux/s390/s390-64/____longjmp_chk.c
    fsf/glibc-2_19-branch/libc/sysdeps/unix/sysv/linux/s390/s390-64/nptl/libc.abilist
    fsf/glibc-2_19-branch/libc/sysdeps/unix/sysv/linux/s390/s390-64/swapcontext.S
    fsf/glibc-2_19-branch/libc/sysdeps/unix/sysv/linux/s390/sys/ucontext.h

Modified: fsf/glibc-2_19-branch/libc/ChangeLog
==============================================================================
--- fsf/glibc-2_19-branch/libc/ChangeLog (original)
+++ fsf/glibc-2_19-branch/libc/ChangeLog Sat Sep  6 00:06:03 2014
@@ -1,3 +1,250 @@
+2014-09-03  Florian Weimer  <fweimer@xxxxxxxxxx>
+
+	[BZ #17325]
+	* iconvdata/ibm1364.c (BODY): Fix check for sentinel.
+	* iconvdata/ibm932.c (BODY): Replace invalid sentinel check with
+	assert.
+	* iconvdata/ibm933.c (BODY): Fix check for sentinel.
+	* iconvdata/ibm935.c (BODY): Likewise.
+	* iconvdata/ibm937.c (BODY): Likewise.
+	* iconvdata/ibm939.c (BODY): Likewise.
+	* iconvdata/ibm943.c (BODY): Replace invalid sentinel check with
+	assert.
+	* iconvdata/Makefile (iconv-test.out): Pass module list to test
+	script.
+	* iconvdata/run-iconv-test.sh: New test loop for checking for
+	decoder crashers.
+
+2014-08-26  Florian Weimer  <fweimer@xxxxxxxxxx>
+
+	[BZ #17187]
+	* iconv/gconv_trans.c (struct known_trans, search_tree, lock,
+	trans_compare, open_translit, __gconv_translit_find):
+	Remove module loading code.
+
+2014-08-01  Stefan Liebler  <stli@xxxxxxxxxxxxxxxxxx>
+
+	* NEWS: Explain the s390 jmp_buf / ucontext_t ABI change
+	reversal.
+
+2014-07-31  Stefan Liebler  <stli@xxxxxxxxxxxxxxxxxx>
+
+	* sysdeps/s390/Makefile: Delete file.
+	* sysdeps/s390/Versions (GLIBC_2.19): Remove __setjmp.
+	* sysdeps/s390/__longjmp.c: Delete file.
+	* sysdeps/s390/bits/setjmp.h (__s390_jmp_buf):
+	Remove fields __flags and __reserved.
+	* sysdeps/s390/longjmp.c: Include setjmp/longjmp.c
+	and add versioning.
+	* sysdeps/s390/rtld-__longjmp.c: Delete file.
+	* sysdeps/s390/rtld-global-offsets.sym: Likewise.
+	* sysdeps/s390/rtld-setjmp.S: Likewise.
+	* sysdeps/s390/s390-32/__longjmp-common.c: Move to ...
+	* sysdeps/s390/s390-32/__longjmp.c: ... here.
+	* sysdeps/s390/s390-32/setjmp-common.S: Move to ...
+	* sysdeps/s390/s390-32/setjmp.S: ... here.
+	Add versioning.
+	(__sigsetjmp): Remove setting __flags field.
+	* sysdeps/s390/s390-64/__longjmp-common.c:Move to ...
+	* sysdeps/s390/s390-64/__longjmp.c: ... here.
+	* sysdeps/s390/s390-64/setjmp-common.S: Move to ...
+	* sysdeps/s390/s390-64/setjmp.S: ... here.
+	Add versioning.
+	(__sigsetjmp): Remove setting __flags field.
+	* sysdeps/s390/setjmp.S: Delete file.
+	* sysdeps/s390/sigjmp.c: Likewise.
+	* sysdeps/s390/v1-longjmp.c: Likewise.
+	* sysdeps/s390/v1-setjmp.h: Likewise.
+	* sysdeps/s390/v1-sigjmp.c: Likewise.
+	* sysdeps/unix/sysv/linux/s390/Makefile (sysdep_routines):
+	Remove v1-longjmp_chk.
+	* sysdeps/unix/sysv/linux/s390/getcontext.S: Delete file.
+	* sysdeps/unix/sysv/linux/s390/longjmp_chk.c:
+	Include debug/longjmp_chk.c and add versioning.
+	* nptl/sysdeps/unix/sysv/linux/s390/pt-longjmp.c:
+	Include nptl/sysdeps/pthread/pt-longjmp.c and add versioning.
+	* sysdeps/unix/sysv/linux/s390/rtld-getcontext.S: Delete file.
+	* sysdeps/unix/sysv/linux/s390/s390-32/____longjmp_chk.c:
+	Include __longjmp.c.
+	* sysdeps/unix/sysv/linux/s390/s390-32/getcontext-common.S:
+	Move to ...
+	* sysdeps/unix/sysv/linux/s390/s390-32/getcontext.S: ... here.
+	(__getcontext): Remove setting __flags field.
+	Add versioning.
+	* sysdeps/unix/sysv/linux/s390/s390-32/setcontext.S:
+	DonÃÂt restore upper high grps.
+	* sysdeps/unix/sysv/linux/s390/s390-32/swapcontext.S:
+	Likewise.
+	(__swapcontext): Remove setting uc_flags field.
+	* sysdeps/unix/sysv/linux/s390/s390-32/ucontext_i.sym:
+	Delete file.
+	* sysdeps/unix/sysv/linux/s390/s390-64/____longjmp_chk.c:
+	Include __longjmp.c.
+	* sysdeps/unix/sysv/linux/s390/s390-64/getcontext-common.S:
+	Move to ...
+	* sysdeps/unix/sysv/linux/s390/s390-64/getcontext.S: ... here.
+	(__getcontext): Remove setting __flags field.
+	Add versioning.
+	* sysdeps/unix/sysv/linux/s390/s390-64/swapcontext.S:
+	(__swapcontext): Remove setting uc_flags field.
+	* unix/sysv/linux/s390/s390-64/ucontext_i.sym: Delete file.
+	* sysdeps/unix/sysv/linux/s390/sys/ucontext.h (ucontext):
+	Remove fields uc_high_gprs and __reserved.
+	* sysdeps/unix/sysv/linux/s390/ucontext_i.sym:
+	New file with reverted content.
+	* sysdeps/unix/sysv/linux/s390/v1-longjmp_chk.c: Delete file.
+	* sysdeps/unix/sysv/linux/s390/s390-32/nptl/libc.abilist:
+	Regenerated.
+	* sysdeps/unix/sysv/linux/s390/s390-64/nptl/libc.abilist:
+	Regenerated.
+
+2014-07-02  Florian Weimer  <fweimer@xxxxxxxxxx>
+
+	* manual/locale.texi (Locale Names): New section documenting
+	locale name syntax.  Adjust menu and node chaining accordingly.
+	(Choosing Locale): Reference Locale Names, Locale Categories.
+	Mention setting LC_ALL=C.  Reflect that name syntax is now
+	documented.
+	(Locale Categories): New section title.  Reference Locale Names.
+	LC_ALL is an environment variable, but not a category.
+	(Setting the Locale): Remove "locale -a" invocation and LOCPATH
+	description, now in Locale Name.  Reference that section.  Locale
+	name syntax is now documented.
+
+2014-07-02  Florian Weimer  <fweimer@xxxxxxxxxx>
+
+	[BZ #17137]
+	* locale/findlocale.c (name_present, valid_locale_name): New
+	functions.
+	(_nl_find_locale): Use the loc_name variable to store name
+	candidates.  Call name_present and valid_locale_name to check and
+	validate locale names.  Return an error if the locale is invalid.
+
+2014-07-02  Florian Weimer  <fweimer@xxxxxxxxxx>
+
+	* locale/setlocale.c (setlocale): Use strdup for allocating
+	composite name copy.
+
+2014-05-26  Siddhesh Poyarekar  <siddhesh@xxxxxxxxxx>
+
+	[BZ #16878]
+	* nscd/netgroupcache.c (addgetnetgrentX): Look for
+	NSS_STATUS_TRYAGAIN to indicate insufficient buffer space.
+	* nscd/nss_files/files-netgrp.c (_nss_netgroup_parseline): Use
+	NSS_STATUS_TRYAGAIN to indicate insufficient buffer space.
+
+2014-03-12  Siddhesh Poyarekar  <siddhesh@xxxxxxxxxx>
+
+	[BZ #16695]
+	* nscd/netgroupcache.c (addgetnetgrentX): Factor in space for
+	key in the buffer.
+
+2014-06-20  Maciej W. Rozycki  <macro@xxxxxxxxxxxxxxxx>
+
+	[BZ #16046]
+	* elf/tst-dl-iter-static.c: New file.
+	* elf/Makefile (tests-static): Add tst-dl-iter-static.
+
+2014-06-20  Andreas Schwab  <schwab@xxxxxxxxxxxxxx>
+
+	[BZ #17069]
+	* posix/regcomp.c (parse_reg_exp): Deallocate partially
+	constructed tree before returning error.
+	* posix/bug-regexp36.c: Expand test case.
+
+2014-06-19  Andreas Schwab  <schwab@xxxxxxxxxxxxxx>
+
+	[BZ #17069]
+	* posix/regcomp.c (parse_expression): Deallocate partially
+	constructed tree before returning error.
+	* posix/Makefile.c (tests): Add bug-regex36.
+	(generated): Add bug-regex36.mtrace.
+	(tests-special): Add $(objpfx)bug-regex36-mem.out
+	(bug-regex36-ENV): New variable.
+	($(objpfx)bug-regex36-mem.out): New rule.
+	* posix/bug-regex36.c: New file.
+
+2014-06-03  Andreas Schwab  <schwab@xxxxxxx>
+
+	[BZ #15946]
+	* resolv/res_send.c (send_dg): Reload file descriptor after
+	calling reopen.
+
+2014-02-18  Andreas Schwab  <schwab@xxxxxxx>
+
+	[BZ #16574]
+	* resolv/res_send.c (send_vc): Add parameter ansp2_malloced.
+	Store non-zero if the second buffer was newly allocated.
+	(send_dg): Likewise.
+	(__libc_res_nsend): Add parameter ansp2_malloced and pass it down
+	to send_vc and send_dg.
+	(res_nsend): Pass NULL for ansp2_malloced.
+	* resolv/res_query.c (__libc_res_nquery): Add parameter
+	answerp2_malloced and pass it down to __libc_res_nsend.
+	(res_nquery): Pass additional NULL to __libc_res_nquery.
+	(__libc_res_nsearch): Add parameter answerp2_malloced and pass it
+	down to __libc_res_nquery and __libc_res_nquerydomain.  Deallocate
+	second answer buffer if answerp2_malloced was set.
+	(res_nsearch): Pass additional NULL to __libc_res_nsearch.
+	(__libc_res_nquerydomain): Add parameter
+	answerp2_malloced and pass it down to __libc_res_nquery.
+	(res_nquerydomain): Pass additional NULL to
+	__libc_res_nquerydomain.
+	* resolv/nss_dns/dns-network.c (_nss_dns_getnetbyname_r): Pass
+	additional NULL to __libc_res_nsend and __libc_res_nquery.
+	* resolv/nss_dns/dns-host.c (_nss_dns_gethostbyname3_r): Pass
+	additional NULL to __libc_res_nsearch.
+	(_nss_dns_gethostbyname4_r): Revert last change.  Use new
+	parameter of __libc_res_nsearch to check for separately allocated
+	second buffer.
+	(_nss_dns_gethostbyaddr2_r): Pass additional NULL to
+	__libc_res_nquery.
+	* resolv/nss_dns/dns-canon.c (_nss_dns_getcanonname_r): Pass
+	additional NULL to __libc_res_nquery.
+	* resolv/gethnamaddr.c (gethostbyname2): Pass additional NULL to
+	__libc_res_nsearch.
+	(gethostbyaddr): Pass additional NULL to __libc_res_nquery.
+	* include/resolv.h: Update prototypes of __libc_res_nquery,
+	__libc_res_nsearch, __libc_res_nsend.
+
+2014-02-13  Andreas Schwab  <schwab@xxxxxxx>
+
+	[BZ #16574]
+	* resolv/nss_dns/dns-host.c (_nss_dns_gethostbyname4_r): Free the
+	second answer buffer if it was separately allocated.
+
+2014-05-12  Andreas Schwab  <schwab@xxxxxxx>
+
+	[BZ #16932]
+	* nis/nss_nis/nis-hosts.c (internal_gethostbyname2_r)
+	(_nss_nis_gethostbyname4_r): Return error if item length is larger
+	than maximum RPC packet size.
+	* nis/nss_nis/nis-initgroups.c (initgroups_netid): Likewise.
+	* nis/nss_nis/nis-network.c (_nss_nis_getnetbyname_r): Likewise.
+	* nis/nss_nis/nis-service.c (_nss_nis_getservbyname_r)
+	(_nss_nis_getservbyport_r): Likewise.
+
+2014-06-21  Allan McRae  <allan@xxxxxxxxxxxxx>
+
+	* NEWS: Mention CVE-2014-4043.
+
+2014-06-12  Stefan Liebler  <stli@xxxxxxxxxxxxxxxxxx>
+
+	* posix/spawn_faction_addopen.c: Include string.h.
+
+2014-06-11  Florian Weimer  <fweimer@xxxxxxxxxx>
+
+	[BZ #17048]
+	* posix/spawn_int.h (struct __spawn_action): Make the path string
+	non-const to support deallocation.
+	* posix/spawn_faction_addopen.c
+	(posix_spawn_file_actions_addopen): Make a copy of the pathname.
+	* posix/spawn_faction_destroy.c
+	(posix_spawn_file_actions_destroy): Adjust comment.  Deallocate
+	path in all spawn_do_open actions.
+	* posix/tst-spawn.c (do_test): Exercise the copy operation in
+	posix_spawn_file_actions_addopen.
+
 2014-06-03  Guo Yixuan  <culu.gyx@xxxxxxxxx>
 
 	[BZ #16882]

Modified: fsf/glibc-2_19-branch/libc/NEWS
==============================================================================
--- fsf/glibc-2_19-branch/libc/NEWS (original)
+++ fsf/glibc-2_19-branch/libc/NEWS Sat Sep  6 00:06:03 2014
@@ -9,8 +9,46 @@
 
 * The following bugs are resolved with this release:
 
-  16545, 16623, 16882, 16885, 16916, 16943, 16958.
-
+  15946, 16545, 16574, 16623, 16695, 16878, 16882, 16885, 16916, 16932,
+  16943, 16958, 17048, 17069, 17137, 17263, 17325.
+
+* Reverted change of ABI data structures for s390 and s390x:
+  On s390 and s390x the size of struct ucontext and jmp_buf was increased in
+  2.19. This change is reverted in 2.19.1 and 2.20. The introduced 2.19 symbol
+  versions of getcontext, setjmp, _setjmp, __sigsetjmp, longjmp, _longjmp,
+  siglongjmp are preserved pointing straight to the same implementation as the
+  old ones. Given that, new callers will simply provide a too-big buffer to
+  these functions. Any applications/libraries out there that embed jmp_buf or
+  ucontext_t in an ABI-relevant data structure that have already been rebuilt
+  against 2.19 headers will have to rebuilt again. This is necessary in any
+  case to revert the breakage in their ABI caused by the glibc change.
+
+* CVE-2014-4043 The posix_spawn_file_actions_addopen implementation did not
+  copy the path argument.  This allowed programs to cause posix_spawn to
+  deference a dangling pointer, or use an unexpected pathname argument if
+  the string was modified after the posix_spawn_file_actions_addopen
+  invocation.
+
+* Locale names, including those obtained from environment variables (LANG
+  and the LC_* variables), are more tightly checked for proper syntax.
+  setlocale will now fail (with EINVAL) for locale names that are overly
+  long, contain slashes without starting with a slash, or contain ".." path
+  components. (CVE-2014-0475)  Previously, some valid locale names were
+  silently replaced with the "C" locale when running in AT_SECURE mode
+  (e.g., in a SUID program).  This is no longer necessary because of the
+  additional checks.
+
+* Support for loadable gconv transliteration modules has been removed.
+  The support for transliteration modules has been non-functional for
+  over a decade, and the removal is prompted by security defects.  The
+  normal gconv conversion modules are still supported.  Transliteration
+  with //TRANSLIT is still possible, and the //IGNORE specifier
+  continues to be  supported. (CVE-2014-5119)
+
+* Decoding a crafted input sequence in the character sets IBM933, IBM935,
+  IBM937, IBM939, IBM1364 could result in an out-of-bounds array read,
+  resulting a denial-of-service security vulnerability in applications which
+  use functions related to iconv. (CVE-2014-6040)
 
 Version 2.19
 

Modified: fsf/glibc-2_19-branch/libc/elf/Makefile
==============================================================================
--- fsf/glibc-2_19-branch/libc/elf/Makefile (original)
+++ fsf/glibc-2_19-branch/libc/elf/Makefile Sat Sep  6 00:06:03 2014
@@ -123,7 +123,7 @@
 	tst-auxv
 tests-static = tst-tls1-static tst-tls2-static tst-stackguard1-static \
 	       tst-leaks1-static tst-array1-static tst-array5-static \
-	       tst-ptrguard1-static
+	       tst-ptrguard1-static tst-dl-iter-static
 ifeq (yes,$(build-shared))
 tests-static += tst-tls9-static
 tst-tls9-static-ENV = \

Added: fsf/glibc-2_19-branch/libc/elf/tst-dl-iter-static.c
==============================================================================
--- fsf/glibc-2_19-branch/libc/elf/tst-dl-iter-static.c (added)
+++ fsf/glibc-2_19-branch/libc/elf/tst-dl-iter-static.c Sat Sep  6 00:06:03 2014
@@ -1,0 +1,47 @@
+/* BZ #16046 dl_iterate_phdr static executable test.
+   Copyright (C) 2014 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <http://www.gnu.org/licenses/>.  */
+
+#include <link.h>
+
+/* Check that the link map of the static executable itself is iterated
+   over exactly once.  */
+
+static int
+callback (struct dl_phdr_info *info, size_t size, void *data)
+{
+  int *count = data;
+
+  if (info->dlpi_name[0] == '\0')
+    (*count)++;
+
+  return 0;
+}
+
+static int
+do_test (void)
+{
+  int count = 0;
+  int status;
+
+  status = dl_iterate_phdr (callback, &count);
+
+  return status || count != 1;
+}
+
+#define TEST_FUNCTION do_test ()
+#include "../test-skeleton.c"

Modified: fsf/glibc-2_19-branch/libc/iconv/gconv_trans.c
==============================================================================
--- fsf/glibc-2_19-branch/libc/iconv/gconv_trans.c (original)
+++ fsf/glibc-2_19-branch/libc/iconv/gconv_trans.c Sat Sep  6 00:06:03 2014
@@ -238,181 +238,12 @@
   return __GCONV_ILLEGAL_INPUT;
 }
 
-
-/* Structure to represent results of found (or not) transliteration
-   modules.  */
-struct known_trans
-{
-  /* This structure must remain the first member.  */
-  struct trans_struct info;
-
-  char *fname;
-  void *handle;
-  int open_count;
-};
-
-
-/* Tree with results of previous calls to __gconv_translit_find.  */
-static void *search_tree;
-
-/* We modify global data.   */
-__libc_lock_define_initialized (static, lock);
-
-
-/* Compare two transliteration entries.  */
-static int
-trans_compare (const void *p1, const void *p2)
-{
-  const struct known_trans *s1 = (const struct known_trans *) p1;
-  const struct known_trans *s2 = (const struct known_trans *) p2;
-
-  return strcmp (s1->info.name, s2->info.name);
-}
-
-
-/* Open (maybe reopen) the module named in the struct.  Get the function
-   and data structure pointers we need.  */
-static int
-open_translit (struct known_trans *trans)
-{
-  __gconv_trans_query_fct queryfct;
-
-  trans->handle = __libc_dlopen (trans->fname);
-  if (trans->handle == NULL)
-    /* Not available.  */
-    return 1;
-
-  /* Find the required symbol.  */
-  queryfct = __libc_dlsym (trans->handle, "gconv_trans_context");
-  if (queryfct == NULL)
-    {
-      /* We cannot live with that.  */
-    close_and_out:
-      __libc_dlclose (trans->handle);
-      trans->handle = NULL;
-      return 1;
-    }
-
-  /* Get the context.  */
-  if (queryfct (trans->info.name, &trans->info.csnames, &trans->info.ncsnames)
-      != 0)
-    goto close_and_out;
-
-  /* Of course we also have to have the actual function.  */
-  trans->info.trans_fct = __libc_dlsym (trans->handle, "gconv_trans");
-  if (trans->info.trans_fct == NULL)
-    goto close_and_out;
-
-  /* Now the optional functions.  */
-  trans->info.trans_init_fct =
-    __libc_dlsym (trans->handle, "gconv_trans_init");
-  trans->info.trans_context_fct =
-    __libc_dlsym (trans->handle, "gconv_trans_context");
-  trans->info.trans_end_fct =
-    __libc_dlsym (trans->handle, "gconv_trans_end");
-
-  trans->open_count = 1;
-
-  return 0;
-}
-
-
 int
 internal_function
 __gconv_translit_find (struct trans_struct *trans)
 {
-  struct known_trans **found;
-  const struct path_elem *runp;
-  int res = 1;
-
-  /* We have to have a name.  */
-  assert (trans->name != NULL);
-
-  /* Acquire the lock.  */
-  __libc_lock_lock (lock);
-
-  /* See whether we know this module already.  */
-  found = __tfind (trans, &search_tree, trans_compare);
-  if (found != NULL)
-    {
-      /* Is this module available?  */
-      if ((*found)->handle != NULL)
-	{
-	  /* Maybe we have to reopen the file.  */
-	  if ((*found)->handle != (void *) -1)
-	    /* The object is not unloaded.  */
-	    res = 0;
-	  else if (open_translit (*found) == 0)
-	    {
-	      /* Copy the data.  */
-	      *trans = (*found)->info;
-	      (*found)->open_count++;
-	      res = 0;
-	    }
-	}
-    }
-  else
-    {
-      size_t name_len = strlen (trans->name) + 1;
-      int need_so = 0;
-      struct known_trans *newp;
-
-      /* We have to continue looking for the module.  */
-      if (__gconv_path_elem == NULL)
-	__gconv_get_path ();
-
-      /* See whether we have to append .so.  */
-      if (name_len <= 4 || memcmp (&trans->name[name_len - 4], ".so", 3) != 0)
-	need_so = 1;
-
-      /* Create a new entry.  */
-      newp = (struct known_trans *) malloc (sizeof (struct known_trans)
-					    + (__gconv_max_path_elem_len
-					       + name_len + 3)
-					    + name_len);
-      if (newp != NULL)
-	{
-	  char *cp;
-
-	  /* Clear the struct.  */
-	  memset (newp, '\0', sizeof (struct known_trans));
-
-	  /* Store a copy of the module name.  */
-	  newp->info.name = cp = (char *) (newp + 1);
-	  cp = __mempcpy (cp, trans->name, name_len);
-
-	  newp->fname = cp;
-
-	  /* Search in all the directories.  */
-	  for (runp = __gconv_path_elem; runp->name != NULL; ++runp)
-	    {
-	      cp = __mempcpy (__stpcpy ((char *) newp->fname, runp->name),
-			      trans->name, name_len);
-	      if (need_so)
-		memcpy (cp, ".so", sizeof (".so"));
-
-	      if (open_translit (newp) == 0)
-		{
-		  /* We found a module.  */
-		  res = 0;
-		  break;
-		}
-	    }
-
-	  if (res)
-	    newp->fname = NULL;
-
-	  /* In any case we'll add the entry to our search tree.  */
-	  if (__tsearch (newp, &search_tree, trans_compare) == NULL)
-	    {
-	      /* Yickes, this should not happen.  Unload the object.  */
-	      res = 1;
-	      /* XXX unload here.  */
-	    }
-	}
-    }
-
-  __libc_lock_unlock (lock);
-
-  return res;
+  /* Transliteration module loading has been removed because it never
+     worked as intended and suffered from a security vulnerability.
+     Consequently, this function always fails.  */
+  return 1;
 }

Modified: fsf/glibc-2_19-branch/libc/iconvdata/Makefile
==============================================================================
--- fsf/glibc-2_19-branch/libc/iconvdata/Makefile (original)
+++ fsf/glibc-2_19-branch/libc/iconvdata/Makefile Sat Sep  6 00:06:03 2014
@@ -299,6 +299,7 @@
 $(objpfx)iconv-test.out: run-iconv-test.sh $(objpfx)gconv-modules \
 			 $(addprefix $(objpfx),$(modules.so)) \
 			 $(common-objdir)/iconv/iconv_prog TESTS
+	iconv_modules="$(modules)" \
 	$(SHELL) $< $(common-objdir) '$(test-wrapper)' > $@
 
 $(objpfx)tst-tables.out: tst-tables.sh $(objpfx)gconv-modules \

Modified: fsf/glibc-2_19-branch/libc/iconvdata/ibm1364.c
==============================================================================
--- fsf/glibc-2_19-branch/libc/iconvdata/ibm1364.c (original)
+++ fsf/glibc-2_19-branch/libc/iconvdata/ibm1364.c Sat Sep  6 00:06:03 2014
@@ -220,7 +220,8 @@
 	  ++rp2;							      \
 									      \
 	uint32_t res;							      \
-	if (__builtin_expect (ch < rp2->start, 0)			      \
+	if (__builtin_expect (rp2->start == 0xffff, 0)			      \
+	    || __builtin_expect (ch < rp2->start, 0)			      \
 	    || (res = DB_TO_UCS4[ch + rp2->idx],			      \
 		__builtin_expect (res, L'\1') == L'\0' && ch != '\0'))	      \
 	  {								      \

Modified: fsf/glibc-2_19-branch/libc/iconvdata/ibm932.c
==============================================================================
--- fsf/glibc-2_19-branch/libc/iconvdata/ibm932.c (original)
+++ fsf/glibc-2_19-branch/libc/iconvdata/ibm932.c Sat Sep  6 00:06:03 2014
@@ -73,11 +73,12 @@
 	  }								      \
 									      \
 	ch = (ch * 0x100) + inptr[1];					      \
+	/* ch was less than 0xfd.  */					      \
+	assert (ch < 0xfd00);						      \
 	while (ch > rp2->end)						      \
 	  ++rp2;							      \
 									      \
-	if (__builtin_expect (rp2 == NULL, 0)				      \
-	    || __builtin_expect (ch < rp2->start, 0)			      \
+	if (__builtin_expect (ch < rp2->start, 0)			      \
 	    || (res = __ibm932db_to_ucs4[ch + rp2->idx],		      \
 	    __builtin_expect (res, '\1') == 0 && ch !=0))		      \
 	  {								      \

Modified: fsf/glibc-2_19-branch/libc/iconvdata/ibm933.c
==============================================================================
--- fsf/glibc-2_19-branch/libc/iconvdata/ibm933.c (original)
+++ fsf/glibc-2_19-branch/libc/iconvdata/ibm933.c Sat Sep  6 00:06:03 2014
@@ -161,7 +161,7 @@
 	while (ch > rp2->end)						      \
 	  ++rp2;							      \
 									      \
-	if (__builtin_expect (rp2 == NULL, 0)				      \
+	if (__builtin_expect (rp2->start == 0xffff, 0)			      \
 	    || __builtin_expect (ch < rp2->start, 0)			      \
 	    || (res = __ibm933db_to_ucs4[ch + rp2->idx],		      \
 		__builtin_expect (res, L'\1') == L'\0' && ch != '\0'))	      \

Modified: fsf/glibc-2_19-branch/libc/iconvdata/ibm935.c
==============================================================================
--- fsf/glibc-2_19-branch/libc/iconvdata/ibm935.c (original)
+++ fsf/glibc-2_19-branch/libc/iconvdata/ibm935.c Sat Sep  6 00:06:03 2014
@@ -161,7 +161,7 @@
 	while (ch > rp2->end)						      \
 	  ++rp2;							      \
 									      \
-	if (__builtin_expect (rp2 == NULL, 0)				      \
+	if (__builtin_expect (rp2->start == 0xffff, 0)			      \
 	    || __builtin_expect (ch < rp2->start, 0)			      \
 	    || (res = __ibm935db_to_ucs4[ch + rp2->idx],		      \
 		__builtin_expect (res, L'\1') == L'\0' && ch != '\0'))	      \

Modified: fsf/glibc-2_19-branch/libc/iconvdata/ibm937.c
==============================================================================
--- fsf/glibc-2_19-branch/libc/iconvdata/ibm937.c (original)
+++ fsf/glibc-2_19-branch/libc/iconvdata/ibm937.c Sat Sep  6 00:06:03 2014
@@ -161,7 +161,7 @@
 	while (ch > rp2->end)						      \
 	  ++rp2;							      \
 									      \
-	if (__builtin_expect (rp2 == NULL, 0)				      \
+	if (__builtin_expect (rp2->start == 0xffff, 0)			      \
 	    || __builtin_expect (ch < rp2->start, 0)			      \
 	    || (res = __ibm937db_to_ucs4[ch + rp2->idx],		      \
 		__builtin_expect (res, L'\1') == L'\0' && ch != '\0'))	      \

Modified: fsf/glibc-2_19-branch/libc/iconvdata/ibm939.c
==============================================================================
--- fsf/glibc-2_19-branch/libc/iconvdata/ibm939.c (original)
+++ fsf/glibc-2_19-branch/libc/iconvdata/ibm939.c Sat Sep  6 00:06:03 2014
@@ -161,7 +161,7 @@
 	while (ch > rp2->end)						      \
 	  ++rp2;							      \
 									      \
-	if (__builtin_expect (rp2 == NULL, 0)				      \
+	if (__builtin_expect (rp2->start == 0xffff, 0)			      \
 	    || __builtin_expect (ch < rp2->start, 0)			      \
 	    || (res = __ibm939db_to_ucs4[ch + rp2->idx],		      \
 		__builtin_expect (res, L'\1') == L'\0' && ch != '\0'))	      \

Modified: fsf/glibc-2_19-branch/libc/iconvdata/ibm943.c
==============================================================================
--- fsf/glibc-2_19-branch/libc/iconvdata/ibm943.c (original)
+++ fsf/glibc-2_19-branch/libc/iconvdata/ibm943.c Sat Sep  6 00:06:03 2014
@@ -74,11 +74,12 @@
 	  }								      \
 									      \
 	ch = (ch * 0x100) + inptr[1];					      \
+	/* ch was less than 0xfd.  */					      \
+	assert (ch < 0xfd00);						      \
 	while (ch > rp2->end)						      \
 	  ++rp2;							      \
 									      \
-	if (__builtin_expect (rp2 == NULL, 0)				      \
-	    || __builtin_expect (ch < rp2->start, 0)			      \
+	if (__builtin_expect (ch < rp2->start, 0)			      \
 	    || (res = __ibm943db_to_ucs4[ch + rp2->idx],		      \
 	    __builtin_expect (res, '\1') == 0 && ch !=0))		      \
 	  {								      \

Modified: fsf/glibc-2_19-branch/libc/iconvdata/run-iconv-test.sh
==============================================================================
--- fsf/glibc-2_19-branch/libc/iconvdata/run-iconv-test.sh (original)
+++ fsf/glibc-2_19-branch/libc/iconvdata/run-iconv-test.sh Sat Sep  6 00:06:03 2014
@@ -188,6 +188,24 @@
 
 done < TESTS2
 
+# Check for crashes in decoders.
+printf '\016\377\377\377\377\377\377\377' > $temp1
+for from in $iconv_modules ; do
+    echo $ac_n "test decoder $from $ac_c"
+    PROG=`eval echo $ICONV`
+    if $PROG < $temp1 >/dev/null 2>&1 ; then
+	: # fall through
+    else
+	status=$?
+	if test $status -gt 1 ; then
+	    echo "/FAILED"
+	    failed=1
+	    continue
+	fi
+    fi
+    echo "OK"
+done
+
 exit $failed
 # Local Variables:
 #  mode:shell-script

Modified: fsf/glibc-2_19-branch/libc/include/resolv.h
==============================================================================
--- fsf/glibc-2_19-branch/libc/include/resolv.h (original)
+++ fsf/glibc-2_19-branch/libc/include/resolv.h Sat Sep  6 00:06:03 2014
@@ -48,11 +48,11 @@
 libc_hidden_proto (__res_state)
 
 int __libc_res_nquery (res_state, const char *, int, int, u_char *, int,
-		       u_char **, u_char **, int *, int *);
+		       u_char **, u_char **, int *, int *, int *);
 int __libc_res_nsearch (res_state, const char *, int, int, u_char *, int,
-			u_char **, u_char **, int *, int *);
+			u_char **, u_char **, int *, int *, int *);
 int __libc_res_nsend (res_state, const u_char *, int, const u_char *, int,
-		      u_char *, int, u_char **, u_char **, int *, int *)
+		      u_char *, int, u_char **, u_char **, int *, int *, int *)
   attribute_hidden;
 
 libresolv_hidden_proto (_sethtent)

Modified: fsf/glibc-2_19-branch/libc/locale/findlocale.c
==============================================================================
--- fsf/glibc-2_19-branch/libc/locale/findlocale.c (original)
+++ fsf/glibc-2_19-branch/libc/locale/findlocale.c Sat Sep  6 00:06:03 2014
@@ -17,6 +17,7 @@
    <http://www.gnu.org/licenses/>.  */
 
 #include <assert.h>
+#include <errno.h>
 #include <locale.h>
 #include <stdlib.h>
 #include <string.h>
@@ -57,6 +58,45 @@
 
 const char _nl_default_locale_path[] attribute_hidden = LOCALEDIR;
 
+/* Checks if the name is actually present, that is, not NULL and not
+   empty.  */
+static inline int
+name_present (const char *name)
+{
+  return name != NULL && name[0] != '\0';
+}
+
+/* Checks that the locale name neither extremely long, nor contains a
+   ".." path component (to prevent directory traversal).  */
+static inline int
+valid_locale_name (const char *name)
+{
+  /* Not set.  */
+  size_t namelen = strlen (name);
+  /* Name too long.  The limit is arbitrary and prevents stack overflow
+     issues later.  */
+  if (__glibc_unlikely (namelen > 255))
+    return 0;
+  /* Directory traversal attempt.  */
+  static const char slashdot[4] = {'/', '.', '.', '/'};
+  if (__glibc_unlikely (memmem (name, namelen,
+				slashdot, sizeof (slashdot)) != NULL))
+    return 0;
+  if (namelen == 2 && __glibc_unlikely (name[0] == '.' && name [1] == '.'))
+    return 0;
+  if (namelen >= 3
+      && __glibc_unlikely (((name[0] == '.'
+			     && name[1] == '.'
+			     && name[2] == '/')
+			    || (name[namelen - 3] == '/'
+				&& name[namelen - 2] == '.'
+				&& name[namelen - 1] == '.'))))
+    return 0;
+  /* If there is a slash in the name, it must start with one.  */
+  if (__glibc_unlikely (memchr (name, '/', namelen) != NULL) && name[0] != '/')
+    return 0;
+  return 1;
+}
 
 struct __locale_data *
 internal_function
@@ -65,7 +105,7 @@
 {
   int mask;
   /* Name of the locale for this category.  */
-  char *loc_name;
+  char *loc_name = (char *) *name;
   const char *language;
   const char *modifier;
   const char *territory;
@@ -73,31 +113,39 @@
   const char *normalized_codeset;
   struct loaded_l10nfile *locale_file;
 
-  if ((*name)[0] == '\0')
+  if (loc_name[0] == '\0')
     {
       /* The user decides which locale to use by setting environment
 	 variables.  */
-      *name = getenv ("LC_ALL");
-      if (*name == NULL || (*name)[0] == '\0')
-	*name = getenv (_nl_category_names.str
+      loc_name = getenv ("LC_ALL");
+      if (!name_present (loc_name))
+	loc_name = getenv (_nl_category_names.str
 			+ _nl_category_name_idxs[category]);
-      if (*name == NULL || (*name)[0] == '\0')
-	*name = getenv ("LANG");
-    }
-
-  if (*name == NULL || (*name)[0] == '\0'
-      || (__builtin_expect (__libc_enable_secure, 0)
-	  && strchr (*name, '/') != NULL))
-    *name = (char *) _nl_C_name;
-
-  if (__builtin_expect (strcmp (*name, _nl_C_name), 1) == 0
-      || __builtin_expect (strcmp (*name, _nl_POSIX_name), 1) == 0)
+      if (!name_present (loc_name))
+	loc_name = getenv ("LANG");
+      if (!name_present (loc_name))
+	loc_name = (char *) _nl_C_name;
+    }
+
+  /* We used to fall back to the C locale if the name contains a slash
+     character '/', but we now check for directory traversal in
+     valid_locale_name, so this is no longer necessary.  */
+
+  if (__builtin_expect (strcmp (loc_name, _nl_C_name), 1) == 0
+      || __builtin_expect (strcmp (loc_name, _nl_POSIX_name), 1) == 0)
     {
       /* We need not load anything.  The needed data is contained in
 	 the library itself.  */
       *name = (char *) _nl_C_name;
       return _nl_C[category];
     }
+  else if (!valid_locale_name (loc_name))
+    {
+      __set_errno (EINVAL);
+      return NULL;
+    }
+
+  *name = loc_name;
 
   /* We really have to load some data.  First we try the archive,
      but only if there was no LOCPATH environment variable specified.  */

Modified: fsf/glibc-2_19-branch/libc/locale/setlocale.c
==============================================================================
--- fsf/glibc-2_19-branch/libc/locale/setlocale.c (original)
+++ fsf/glibc-2_19-branch/libc/locale/setlocale.c Sat Sep  6 00:06:03 2014
@@ -272,6 +272,8 @@
 	 of entries of the form `CATEGORY=VALUE'.  */
       const char *newnames[__LC_LAST];
       struct __locale_data *newdata[__LC_LAST];
+      /* Copy of the locale argument, for in-place splitting.  */
+      char *locale_copy = NULL;
 
       /* Set all name pointers to the argument name.  */
       for (category = 0; category < __LC_LAST; ++category)
@@ -281,7 +283,13 @@
       if (__builtin_expect (strchr (locale, ';') != NULL, 0))
 	{
 	  /* This is a composite name.  Make a copy and split it up.  */
-	  char *np = strdupa (locale);
+	  locale_copy = strdup (locale);
+	  if (__glibc_unlikely (locale_copy == NULL))
+	    {
+	      __libc_rwlock_unlock (__libc_setlocale_lock);
+	      return NULL;
+	    }
+	  char *np = locale_copy;
 	  char *cp;
 	  int cnt;
 
@@ -299,6 +307,7 @@
 		{
 		error_return:
 		  __libc_rwlock_unlock (__libc_setlocale_lock);
+		  free (locale_copy);
 
 		  /* Bogus category name.  */
 		  ERROR_RETURN;
@@ -391,8 +400,9 @@
       /* Critical section left.  */
       __libc_rwlock_unlock (__libc_setlocale_lock);
 
-      /* Free the resources (the locale path variable).  */
+      /* Free the resources.  */
       free (locale_path);
+      free (locale_copy);
 
       return composite;
     }

Modified: fsf/glibc-2_19-branch/libc/localedata/ChangeLog
==============================================================================
--- fsf/glibc-2_19-branch/libc/localedata/ChangeLog (original)
+++ fsf/glibc-2_19-branch/libc/localedata/ChangeLog Sat Sep  6 00:06:03 2014
@@ -1,3 +1,9 @@
+2014-07-02  Florian Weimer  <fweimer@xxxxxxxxxx>
+
+	* tst-setlocale3.c: New file.
+	* Makefile (tests): Add tst-setlocale3.
+	(tst-setlocale3-ENV): New variable.
+
 2013-12-26  Chris Leonard  <cjl@xxxxxxxxxxxxx>
 
 	* locales/sa_IN: Add lang_name.

Modified: fsf/glibc-2_19-branch/libc/localedata/Makefile
==============================================================================
--- fsf/glibc-2_19-branch/libc/localedata/Makefile (original)
+++ fsf/glibc-2_19-branch/libc/localedata/Makefile Sat Sep  6 00:06:03 2014
@@ -77,7 +77,7 @@
 
 tests = $(locale_test_suite) tst-digits tst-setlocale bug-iconv-trans \
 	tst-leaks tst-mbswcs6 tst-xlocale1 tst-xlocale2 bug-usesetlocale \
-	tst-strfmon1 tst-sscanf bug-setlocale1 tst-setlocale2
+	tst-strfmon1 tst-sscanf bug-setlocale1 tst-setlocale2 tst-setlocale3
 tests-static = bug-setlocale1-static
 tests += $(tests-static)
 ifeq (yes,$(build-shared))
@@ -276,7 +276,7 @@
 tst-strfmon1-ENV = $(TEST_MBWC_ENV)
 tst-strptime-ENV = $(TEST_MBWC_ENV)
 
-tst-setlocale-ENV = LOCPATH=$(common-objpfx)localedata LC_ALL=ja_JP.EUC-JP
+tst-setlocale-ENV = LOCPATH=$(common-objpfx)localedata LC_ALL=ja_JP.EUC-
 
 bug-iconv-trans-ENV = LOCPATH=$(common-objpfx)localedata
 
@@ -292,6 +292,7 @@
 bug-setlocale1-static-ENV = $(bug-setlocale1-ENV)
 bug-setlocale1-static-ARGS = $(bug-setlocale1-ARGS)
 tst-setlocale2-ENV = LOCPATH=$(common-objpfx)localedata
+tst-setlocale3-ENV = LOCPATH=$(common-objpfx)localedata
 
 $(objdir)/iconvdata/gconv-modules:
 	$(MAKE) -C ../iconvdata subdir=iconvdata $@

Added: fsf/glibc-2_19-branch/libc/localedata/tst-setlocale3.c
==============================================================================
--- fsf/glibc-2_19-branch/libc/localedata/tst-setlocale3.c (added)
+++ fsf/glibc-2_19-branch/libc/localedata/tst-setlocale3.c Sat Sep  6 00:06:03 2014
@@ -1,0 +1,203 @@
+/* Regression test for setlocale invalid environment variable handling.
+   Copyright (C) 2014 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <http://www.gnu.org/licenses/>.  */
+
+#include <locale.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+/* The result of setlocale may be overwritten by subsequent calls, so
+   this wrapper makes a copy.  */
+static char *
+setlocale_copy (int category, const char *locale)
+{
+  const char *result = setlocale (category, locale);
+  if (result == NULL)
+    return NULL;
+  return strdup (result);
+}
+
+static char *de_locale;
+
+static void
+setlocale_fail (const char *envstring)
+{
+  setenv ("LC_CTYPE", envstring, 1);
+  if (setlocale (LC_CTYPE, "") != NULL)
+    {
+      printf ("unexpected setlocale success for \"%s\" locale\n", envstring);
+      exit (1);
+    }
+  const char *newloc = setlocale (LC_CTYPE, NULL);
+  if (strcmp (newloc, de_locale) != 0)
+    {
+      printf ("failed setlocale call \"%s\" changed locale to \"%s\"\n",
+	      envstring, newloc);
+      exit (1);
+    }
+}
+
+static void
+setlocale_success (const char *envstring)
+{
+  setenv ("LC_CTYPE", envstring, 1);
+  char *newloc = setlocale_copy (LC_CTYPE, "");
+  if (newloc == NULL)
+    {
+      printf ("setlocale for \"%s\": %m\n", envstring);
+      exit (1);
+    }
+  if (strcmp (newloc, de_locale) == 0)
+    {
+      printf ("setlocale with LC_CTYPE=\"%s\" left locale at \"%s\"\n",
+	      envstring, de_locale);
+      exit (1);
+    }
+  if (setlocale (LC_CTYPE, de_locale) == NULL)
+    {
+      printf ("restoring locale \"%s\" with LC_CTYPE=\"%s\": %m\n",
+	      de_locale, envstring);
+      exit (1);
+    }
+  char *newloc2 = setlocale_copy (LC_CTYPE, newloc);
+  if (newloc2 == NULL)
+    {
+      printf ("restoring locale \"%s\" following \"%s\": %m\n",
+	      newloc, envstring);
+      exit (1);
+    }
+  if (strcmp (newloc, newloc2) != 0)
+    {
+      printf ("representation of locale \"%s\" changed from \"%s\" to \"%s\"",
+	      envstring, newloc, newloc2);
+      exit (1);
+    }
+  free (newloc);
+  free (newloc2);
+
+  if (setlocale (LC_CTYPE, de_locale) == NULL)
+    {
+      printf ("restoring locale \"%s\" with LC_CTYPE=\"%s\": %m\n",
+	      de_locale, envstring);
+      exit (1);
+    }
+}
+
+/* Checks that a known-good locale still works if LC_ALL contains a
+   value which should be ignored.  */
+static void
+setlocale_ignore (const char *to_ignore)
+{
+  const char *fr_locale = "fr_FR.UTF-8";
+  setenv ("LC_CTYPE", fr_locale, 1);
+  char *expected_locale = setlocale_copy (LC_CTYPE, "");
+  if (expected_locale == NULL)
+    {
+      printf ("setlocale with LC_CTYPE=\"%s\" failed: %m\n", fr_locale);
+      exit (1);
+    }
+  if (setlocale (LC_CTYPE, de_locale) == NULL)
+    {
+      printf ("failed to restore locale: %m\n");
+      exit (1);
+    }
+  unsetenv ("LC_CTYPE");
+
+  setenv ("LC_ALL", to_ignore, 1);
+  setenv ("LC_CTYPE", fr_locale, 1);
+  const char *actual_locale = setlocale (LC_CTYPE, "");
+  if (actual_locale == NULL)
+    {
+      printf ("setlocale with LC_ALL, LC_CTYPE=\"%s\" failed: %m\n",
+	      fr_locale);
+      exit (1);
+    }
+  if (strcmp (actual_locale, expected_locale) != 0)
+    {
+      printf ("setlocale under LC_ALL failed: got \"%s\", expected \"%s\"\n",
+	      actual_locale, expected_locale);
+      exit (1);
+    }
+  unsetenv ("LC_CTYPE");
+  setlocale_success (fr_locale);
+  unsetenv ("LC_ALL");
+  free (expected_locale);
+}
+
+static int
+do_test (void)
+{
+  /* The glibc test harness sets this environment variable
+     uncondionally.  */
+  unsetenv ("LC_ALL");
+
+  de_locale = setlocale_copy (LC_CTYPE, "de_DE.UTF-8");
+  if (de_locale == NULL)
+    {
+      printf ("setlocale (LC_CTYPE, \"de_DE.UTF-8\"): %m\n");
+      return 1;
+    }
+  setlocale_success ("C");
+  setlocale_success ("en_US.UTF-8");
+  setlocale_success ("/en_US.UTF-8");
+  setlocale_success ("//en_US.UTF-8");
+  setlocale_ignore ("");
+
+  setlocale_fail ("does-not-exist");
+  setlocale_fail ("/");
+  setlocale_fail ("/../localedata/en_US.UTF-8");
+  setlocale_fail ("en_US.UTF-8/");
+  setlocale_fail ("en_US.UTF-8/..");
+  setlocale_fail ("en_US.UTF-8/../en_US.UTF-8");
+  setlocale_fail ("../localedata/en_US.UTF-8");
+  {
+    size_t large_length = 1024;
+    char *large_name = malloc (large_length + 1);
+    if (large_name == NULL)
+      {
+	puts ("malloc failure");
+	return 1;
+      }
+    memset (large_name, '/', large_length);
+    const char *suffix = "en_US.UTF-8";
+    strcpy (large_name + large_length - strlen (suffix), suffix);
+    setlocale_fail (large_name);
+    free (large_name);
+  }
+  {
+    size_t huge_length = 64 * 1024 * 1024;
+    char *huge_name = malloc (huge_length + 1);
+    if (huge_name == NULL)
+      {
+	puts ("malloc failure");
+	return 1;
+      }
+    memset (huge_name, 'X', huge_length);
+    huge_name[huge_length] = '\0';
+    /* Construct a composite locale specification. */
+    const char *prefix = "LC_CTYPE=de_DE.UTF-8;LC_TIME=";
+    memcpy (huge_name, prefix, strlen (prefix));
+    setlocale_fail (huge_name);
+    free (huge_name);
+  }
+
+  return 0;
+}
+
+#define TEST_FUNCTION do_test ()
+#include "../test-skeleton.c"

Modified: fsf/glibc-2_19-branch/libc/manual/locale.texi
==============================================================================
--- fsf/glibc-2_19-branch/libc/manual/locale.texi (original)
+++ fsf/glibc-2_19-branch/libc/manual/locale.texi Sat Sep  6 00:06:03 2014
@@ -29,6 +29,7 @@
 * Setting the Locale::          How a program specifies the locale
                                  with library functions.
 * Standard Locales::            Locale names available on all systems.
+* Locale Names::                Format of system-specific locale names.
 * Locale Information::          How to access the information for the locale.
 * Formatting Numbers::          A dedicated function to format numbers.
 * Yes-or-No Questions::         Check a Response against the locale.
@@ -99,14 +100,16 @@
 most of Spain.
 
 The set of locales supported depends on the operating system you are
-using, and so do their names.  We can't make any promises about what
-locales will exist, except for one standard locale called @samp{C} or
-@samp{POSIX}.  Later we will describe how to construct locales.
-@comment (@pxref{Building Locale Files}).
+using, and so do their names, except that the standard locale called
+@samp{C} or @samp{POSIX} always exist.  @xref{Locale Names}.
+
+In order to force the system to always use the default locale, the
+user can set the @code{LC_ALL} environment variable to @samp{C}.
 
 @cindex combining locales
-A user also has the option of specifying different locales for different
-purposes---in effect, choosing a mixture of multiple locales.
+A user also has the option of specifying different locales for
+different purposes---in effect, choosing a mixture of multiple
+locales.  @xref{Locale Categories}.
 
 For example, the user might specify the locale @samp{espana-castellano}
 for most purposes, but specify the locale @samp{usa-english} for
@@ -120,7 +123,7 @@
 for a particular subset of those purposes.
 
 @node Locale Categories, Setting the Locale, Choosing Locale, Locales
-@section Categories of Activities that Locales Affect
+@section Locale Categories
 @cindex categories for locales
 @cindex locale categories
 
@@ -128,7 +131,11 @@
 that a user or a program can choose the locale for each category
 independently.  Here is a table of categories; each name is both an
 environment variable that a user can set, and a macro name that you can
-use as an argument to @code{setlocale}.
+use as the first argument to @code{setlocale}.
+
+The contents of the environment variable (or the string in the second
+argument to @code{setlocale}) has to be a valid locale name.
+@xref{Locale Names}.
 
 @vtable @code
 @comment locale.h
@@ -172,7 +179,7 @@
 @comment locale.h
 @comment ISO
 @item LC_ALL
-This is not an environment variable; it is only a macro that you can use
+This is not a category; it is only a macro that you can use
 with @code{setlocale} to set a single locale for all purposes.  Setting
 this environment variable overwrites all selections by the other
 @code{LC_*} variables or @code{LANG}.
@@ -355,13 +362,7 @@
 @c   strndup @ascuheap @acsmem
 @c   strcasecmp_l ok (C locale)
 The function @code{setlocale} sets the current locale for category
-@var{category} to @var{locale}.  A list of all the locales the system
-provides can be created by running
-
-@pindex locale
-@smallexample
-  locale -a
-@end smallexample
+@var{category} to @var{locale}.
 
 If @var{category} is @code{LC_ALL}, this specifies the locale for all
 purposes.  The other possible values of @var{category} specify an
@@ -386,10 +387,9 @@
 
 When you read the current locale for category @code{LC_ALL}, the value
 encodes the entire combination of selected locales for all categories.
-In this case, the value is not just a single locale name.  In fact, we
-don't make any promises about what it looks like.  But if you specify
-the same ``locale name'' with @code{LC_ALL} in a subsequent call to
-@code{setlocale}, it restores the same combination of locale selections.
+If you specify the same ``locale name'' with @code{LC_ALL} in a
+subsequent call to @code{setlocale}, it restores the same combination
+of locale selections.
 
 To be sure you can use the returned string encoding the currently selected
 locale at a later time, you must make a copy of the string.  It is not
@@ -405,19 +405,14 @@
 If a nonempty string is given for @var{locale}, then the locale of that
 name is used if possible.
 
+The effective locale name (either the second argument to
+@code{setlocale}, or if the argument is an empty string, the name
+obtained from the process environment) must be valid locale name.
+@xref{Locale Names}.
+
 If you specify an invalid locale name, @code{setlocale} returns a null
 pointer and leaves the current locale unchanged.
 @end deftypefun
-
-The path used for finding locale data can be set using the
-@code{LOCPATH} environment variable. The default path for finding
-locale data is system specific.  It is computed from the value given
-as the prefix while configuring the C library.  This value normally is
-@file{/usr} or @file{/}.  For the former the complete path is:
-
-@smallexample
-/usr/lib/locale
-@end smallexample
 
 Here is an example showing how you might use @code{setlocale} to
 temporarily switch to a new locale.
@@ -458,7 +453,7 @@
 portability, assume that any symbol beginning with @samp{LC_} might be
 defined in @file{locale.h}.
 
-@node Standard Locales, Locale Information, Setting the Locale, Locales
+@node Standard Locales, Locale Names, Setting the Locale, Locales
 @section Standard Locales
 
 The only locale names you can count on finding on all operating systems
@@ -492,7 +487,94 @@
 locale explicitly by name.  Remember, different machines might have
 different sets of locales installed.
 
-@node Locale Information, Formatting Numbers, Standard Locales, Locales
+@node Locale Names, Locale Information, Standard Locales, Locales
+@section Locale Names
+
+The following command prints a list of locales supported by the
+system:
+
+@pindex locale
+@smallexample
+  locale -a
+@end smallexample
+
+@strong{Portability Note:} With the notable exception of the standard
+locale names @samp{C} and @samp{POSIX}, locale names are
+system-specific.
+
+Most locale names follow XPG syntax and consist of up to four parts:
+
+@smallexample
+@var{language}[_@var{territory}[.@var{codeset}]][@@@var{modifier}]
+@end smallexample
+
+Beside the first part, all of them are allowed to be missing.  If the
+full specified locale is not found, less specific ones are looked for.
+The various parts will be stripped off, in the following order:
+
+@enumerate
+@item
+codeset
+@item
+normalized codeset
+@item
+territory
+@item
+modifier
+@end enumerate
+
+For example, the locale name @samp{de_AT.iso885915@@euro} denotes a
+German-language locale for use in Austria, using the ISO-8859-15
+(Latin-9) character set, and with the Euro as the currency symbol.
+
+In addition to locale names which follow XPG syntax, systems may
+provide aliases such as @samp{german}.  Both categories of names must
+not contain the slash character @samp{/}.
+
+If the locale name starts with a slash @samp{/}, it is treated as a
+path relative to the configured locale directories; see @code{LOCPATH}
+below.  The specified path must not contain a component @samp{..}, or
+the name is invalid, and @code{setlocale} will fail.
+
+@strong{Portability Note:} POSIX suggests that if a locale name starts
+with a slash @samp{/}, it is resolved as an absolute path.  However,
+@theglibc{} treats it as a relative path under the directories listed
+in @code{LOCPATH} (or the default locale directory if @code{LOCPATH}
+is unset).
+
+Locale names which are longer than an implementation-defined limit are
+invalid and cause @code{setlocale} to fail.
+
+As a special case, locale names used with @code{LC_ALL} can combine
+several locales, reflecting different locale settings for different
+categories.  For example, you might want to use a U.S. locale with ISO
+A4 paper format, so you set @code{LANG} to @samp{en_US.UTF-8}, and
+@code{LC_PAPER} to @samp{de_DE.UTF-8}.  In this case, the
+@code{LC_ALL}-style combined locale name is
+
+@smallexample
+LC_CTYPE=en_US.UTF-8;LC_TIME=en_US.UTF-8;LC_PAPER=de_DE.UTF-8;@dots{}
+@end smallexample
+
+followed by other category settings not shown here.
+
+@vindex LOCPATH
+The path used for finding locale data can be set using the
+@code{LOCPATH} environment variable.  This variable lists the
+directories in which to search for locale definitions, separated by a
+colon @samp{:}.
+
+The default path for finding locale data is system specific.  A typical
+value for the @code{LOCPATH} default is:
+
+@smallexample
+/usr/share/locale
+@end smallexample
+
+The value of @code{LOCPATH} is ignored by privileged programs for
+security reasons, and only the default directory is used.
+
+@node Locale Information, Formatting Numbers, Locale Names, Locales
 @section Accessing Locale Information
 
 There are several ways to access locale information.  The simplest

Modified: fsf/glibc-2_19-branch/libc/nis/nss_nis/nis-hosts.c
==============================================================================
--- fsf/glibc-2_19-branch/libc/nis/nss_nis/nis-hosts.c (original)
+++ fsf/glibc-2_19-branch/libc/nis/nss_nis/nis-hosts.c Sat Sep  6 00:06:03 2014
@@ -270,6 +270,13 @@
 
   /* Convert name to lowercase.  */
   size_t namlen = strlen (name);
+  /* Limit name length to the maximum size of an RPC packet.  */
+  if (namlen > UDPMSGSIZE)
+    {
+      *errnop = ERANGE;
+      return NSS_STATUS_UNAVAIL;
+    }
+
   char name2[namlen + 1];
   size_t i;
 
@@ -461,6 +468,13 @@
 
   /* Convert name to lowercase.  */
   size_t namlen = strlen (name);
+  /* Limit name length to the maximum size of an RPC packet.  */
+  if (namlen > UDPMSGSIZE)
+    {
+      *errnop = ERANGE;
+      return NSS_STATUS_UNAVAIL;
+    }
+
   char name2[namlen + 1];
   size_t i;
 

Modified: fsf/glibc-2_19-branch/libc/nis/nss_nis/nis-initgroups.c
==============================================================================
--- fsf/glibc-2_19-branch/libc/nis/nss_nis/nis-initgroups.c (original)
+++ fsf/glibc-2_19-branch/libc/nis/nss_nis/nis-initgroups.c Sat Sep  6 00:06:03 2014
@@ -150,6 +150,13 @@
 		  gid_t **groupsp, long int limit, int *errnop,
 		  const char *domainname)
 {
+  /* Limit domainname length to the maximum size of an RPC packet.  */
+  if (strlen (domainname) > UDPMSGSIZE)
+    {
+      *errnop = ERANGE;
+      return NSS_STATUS_UNAVAIL;
+    }
+
   /* Prepare the key.  The form is "unix.UID@DOMAIN" with the UID and
      DOMAIN field filled in appropriately.  */
   char key[sizeof ("unix.@") + sizeof (uid_t) * 3 + strlen (domainname)];

Modified: fsf/glibc-2_19-branch/libc/nis/nss_nis/nis-network.c
==============================================================================
--- fsf/glibc-2_19-branch/libc/nis/nss_nis/nis-network.c (original)
+++ fsf/glibc-2_19-branch/libc/nis/nss_nis/nis-network.c Sat Sep  6 00:06:03 2014
@@ -179,6 +179,13 @@
 
   /* Convert name to lowercase.  */
   size_t namlen = strlen (name);
+  /* Limit name length to the maximum size of an RPC packet.  */
+  if (namlen > UDPMSGSIZE)
+    {
+      *errnop = ERANGE;
+      return NSS_STATUS_UNAVAIL;
+    }
+
   char name2[namlen + 1];
   size_t i;
 

Modified: fsf/glibc-2_19-branch/libc/nis/nss_nis/nis-service.c
==============================================================================
--- fsf/glibc-2_19-branch/libc/nis/nss_nis/nis-service.c (original)
+++ fsf/glibc-2_19-branch/libc/nis/nss_nis/nis-service.c Sat Sep  6 00:06:03 2014
@@ -271,6 +271,13 @@
   /* If the protocol is given, we could try if our NIS server knows
      about services.byservicename map. If yes, we only need one query.  */
   size_t keylen = strlen (name) + (protocol ? 1 + strlen (protocol) : 0);
+  /* Limit key length to the maximum size of an RPC packet.  */
+  if (keylen > UDPMSGSIZE)
+    {
+      *errnop = ERANGE;
+      return NSS_STATUS_UNAVAIL;
+    }
+
   char key[keylen + 1];
 
   /* key is: "name/proto" */
@@ -355,6 +362,13 @@
      Otherwise try first port/tcp, then port/udp and then fallback
      to sequential scanning of services.byname.  */
   const char *proto = protocol != NULL ? protocol : "tcp";
+  /* Limit protocol name length to the maximum size of an RPC packet.  */
+  if (strlen (proto) > UDPMSGSIZE)
+    {
+      *errnop = ERANGE;
+      return NSS_STATUS_UNAVAIL;
+    }
+
   do
     {
       /* key is: "port/proto" */

Modified: fsf/glibc-2_19-branch/libc/nptl/sysdeps/unix/sysv/linux/s390/pt-longjmp.c
==============================================================================
--- fsf/glibc-2_19-branch/libc/nptl/sysdeps/unix/sysv/linux/s390/pt-longjmp.c (original)
+++ fsf/glibc-2_19-branch/libc/nptl/sysdeps/unix/sysv/linux/s390/pt-longjmp.c Sat Sep  6 00:06:03 2014
@@ -1,4 +1,4 @@
-/* Copyright (C) 2013 Free Software Foundation, Inc.
+/* Copyright (C) 2014 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
 
    The GNU C Library is free software; you can redistribute it and/or
@@ -15,49 +15,30 @@
    License along with the GNU C Library; if not, see
    <http://www.gnu.org/licenses/>.
 
-   This is a copy of pthread/pt-longjmp.c made for extending the
-   jmpbuf structure on System z.  */
+   Versioned copy of nptl/pt-longjmp.c modified for versioning
+   the reverted jmpbuf extension.  */
 
-#include <setjmp.h>
-#include <stdlib.h>
-#include <bits/wordsize.h>
-#include "pthreadP.h"
 #include  <shlib-compat.h>
-#if defined SHARED && SHLIB_COMPAT (libpthread, GLIBC_2_0, GLIBC_2_19)
 
-/* The __v1 version prototypes are declared in v1-setjmp.h which
-   cannot be included together with setjmp.h.  So we put the
-   prototypes here manually.  */
-extern void __v1__libc_siglongjmp (sigjmp_buf env, int val)
-     __attribute__ ((noreturn));
-extern void __v1__libc_longjmp (sigjmp_buf env, int val)
-     __attribute__ ((noreturn));
+#if defined SHARED && SHLIB_COMPAT (libpthread, GLIBC_2_19, GLIBC_2_20)
+	/* we need a unique name in case of symbol versioning.  */
+# define longjmp __v1longjmp
+#endif /* defined SHARED && SHLIB_COMPAT (libpthread, GLIBC_2_19, GLIBC_2_20))  */
 
-void __v1_siglongjmp (sigjmp_buf env, int val)
-{
-  __v1__libc_siglongjmp (env, val);
-}
+#include <nptl/sysdeps/pthread/pt-longjmp.c>
 
-void __v1_longjmp (jmp_buf env, int val)
-{
-  __v1__libc_longjmp (env, val);
-}
+#if defined SHARED && SHLIB_COMPAT (libpthread, GLIBC_2_19, GLIBC_2_20)
+/* In glibc release 2.19 new versions of longjmp-functions were introduced,
+   but were reverted before 2.20. Thus both versions are the same function.  */
 
-compat_symbol (libpthread, __v1_longjmp, longjmp, GLIBC_2_0);
-compat_symbol (libpthread, __v1_siglongjmp, siglongjmp, GLIBC_2_0);
-#endif /* defined SHARED && SHLIB_COMPAT (libpthread, GLIBC_2_0, GLIBC_2_19))  */
+# undef longjmp
 
-void
-__v2_longjmp (jmp_buf env, int val)
-{
-  __libc_longjmp (env, val);
-}
+strong_alias (__v1longjmp, __v2longjmp)
+versioned_symbol (libpthread, __v1longjmp, longjmp, GLIBC_2_0);
+compat_symbol (libpthread, __v2longjmp, longjmp, GLIBC_2_19);
 
-void
-__v2_siglongjmp (jmp_buf env, int val)
-{
-  __libc_siglongjmp (env, val);
-}
-
-versioned_symbol (libpthread, __v2_longjmp, longjmp, GLIBC_2_19);
-versioned_symbol (libpthread, __v2_siglongjmp, siglongjmp, GLIBC_2_19);
+weak_alias (siglongjmp, __v1siglongjmp)
+weak_alias (siglongjmp, __v2siglongjmp)
+versioned_symbol (libpthread, __v1siglongjmp, siglongjmp, GLIBC_2_0);
+compat_symbol (libpthread, __v2siglongjmp, siglongjmp, GLIBC_2_19);
+#endif /* defined SHARED && SHLIB_COMPAT (libpthread, GLIBC_2_19, GLIBC_2_20))  */

Modified: fsf/glibc-2_19-branch/libc/nscd/netgroupcache.c
==============================================================================
--- fsf/glibc-2_19-branch/libc/nscd/netgroupcache.c (original)
+++ fsf/glibc-2_19-branch/libc/nscd/netgroupcache.c Sat Sep  6 00:06:03 2014
@@ -202,12 +202,7 @@
 		  {
 		    int e;
 		    status = getfct.f (&data, buffer + buffilled,
-				       buflen - buffilled, &e);
-		    if (status == NSS_STATUS_RETURN
-			|| status == NSS_STATUS_NOTFOUND)
-		      /* This was either the last one for this group or the
-			 group was empty.  Look at next group if available.  */
-		      break;
+				       buflen - buffilled - req->key_len, &e);
 		    if (status == NSS_STATUS_SUCCESS)
 		      {
 			if (data.type == triple_val)
@@ -322,11 +317,18 @@
 			      }
 			  }
 		      }
-		    else if (status == NSS_STATUS_UNAVAIL && e == ERANGE)
+		    else if (status == NSS_STATUS_TRYAGAIN && e == ERANGE)
 		      {
 			buflen *= 2;
 			buffer = xrealloc (buffer, buflen);
 		      }
+		    else if (status == NSS_STATUS_RETURN
+			     || status == NSS_STATUS_NOTFOUND
+			     || status == NSS_STATUS_UNAVAIL)
+		      /* This was either the last one for this group or the
+			 group was empty or the NSS module had an internal
+			 failure.  Look at next group if available.  */
+		      break;
 		  }
 
 	      enum nss_status (*endfct) (struct __netgrent *);

Modified: fsf/glibc-2_19-branch/libc/nss/nss_files/files-netgrp.c
==============================================================================
--- fsf/glibc-2_19-branch/libc/nss/nss_files/files-netgrp.c (original)
+++ fsf/glibc-2_19-branch/libc/nss/nss_files/files-netgrp.c Sat Sep  6 00:06:03 2014
@@ -252,7 +252,7 @@
   if (cp - host > buflen)
     {
       *errnop = ERANGE;
-      status = NSS_STATUS_UNAVAIL;
+      status = NSS_STATUS_TRYAGAIN;
     }
   else
     {

Modified: fsf/glibc-2_19-branch/libc/posix/Makefile
==============================================================================
--- fsf/glibc-2_19-branch/libc/posix/Makefile (original)
+++ fsf/glibc-2_19-branch/libc/posix/Makefile Sat Sep  6 00:06:03 2014
@@ -86,7 +86,7 @@
 		   tst-getaddrinfo3 tst-fnmatch2 tst-cpucount tst-cpuset \
 		   bug-getopt1 bug-getopt2 bug-getopt3 bug-getopt4 \
 		   bug-getopt5 tst-getopt_long1 bug-regex34 bug-regex35 \
-		   tst-pathconf tst-getaddrinfo4
+		   tst-pathconf tst-getaddrinfo4 bug-regex36
 xtests		:= bug-ga2
 ifeq (yes,$(build-shared))
 test-srcs	:= globtest
@@ -110,7 +110,7 @@
 	     tst-pcre-mem tst-pcre.mtrace tst-boost-mem tst-boost.mtrace \
 	     bug-ga2.mtrace bug-ga2-mem bug-glob2.mtrace bug-glob2-mem \
 	     tst-vfork3-mem tst-vfork3.mtrace getconf.speclist \
-	     tst-fnmatch-mem tst-fnmatch.mtrace
+	     tst-fnmatch-mem tst-fnmatch.mtrace bug-regex36.mtrace
 
 include ../Rules
 
@@ -260,6 +260,12 @@
 $(objpfx)bug-regex31-mem: $(objpfx)bug-regex31.out
 	$(common-objpfx)malloc/mtrace $(objpfx)bug-regex31.mtrace > $@
 
+bug-regex36-ENV = MALLOC_TRACE=$(objpfx)bug-regex36.mtrace
+
+$(objpfx)bug-regex36-mem.out: $(objpfx)bug-regex36.out
+	$(common-objpfx)malloc/mtrace $(objpfx)bug-regex36.mtrace > $@; \
+	$(evaluate-test)
+
 tst-vfork3-ENV = MALLOC_TRACE=$(objpfx)tst-vfork3.mtrace
 
 $(objpfx)tst-vfork3-mem: $(objpfx)tst-vfork3.out

Added: fsf/glibc-2_19-branch/libc/posix/bug-regex36.c
==============================================================================
--- fsf/glibc-2_19-branch/libc/posix/bug-regex36.c (added)
+++ fsf/glibc-2_19-branch/libc/posix/bug-regex36.c Sat Sep  6 00:06:03 2014
@@ -1,0 +1,29 @@
+/* Test regcomp not leaking memory on parse errors
+   Copyright (C) 2014 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <http://www.gnu.org/licenses/>.  */
+
+#include <mcheck.h>
+#include <regex.h>
+
+int
+main (int argc, char **argv)
+{
+  regex_t r;
+  mtrace ();
+  regcomp (&r, "[a]\\|[a]\\{-2,}", 0);
+  regfree (&r);
+}

Modified: fsf/glibc-2_19-branch/libc/posix/regcomp.c
==============================================================================
--- fsf/glibc-2_19-branch/libc/posix/regcomp.c (original)
+++ fsf/glibc-2_19-branch/libc/posix/regcomp.c Sat Sep  6 00:06:03 2014
@@ -2154,7 +2154,11 @@
 	{
 	  branch = parse_branch (regexp, preg, token, syntax, nest, err);
 	  if (BE (*err != REG_NOERROR && branch == NULL, 0))
-	    return NULL;
+	    {
+	      if (tree != NULL)
+		postorder (tree, free_tree, NULL);
+	      return NULL;
+	    }
 	}
       else
 	branch = NULL;
@@ -2415,14 +2419,21 @@
   while (token->type == OP_DUP_ASTERISK || token->type == OP_DUP_PLUS
 	 || token->type == OP_DUP_QUESTION || token->type == OP_OPEN_DUP_NUM)
     {
-      tree = parse_dup_op (tree, regexp, dfa, token, syntax, err);
-      if (BE (*err != REG_NOERROR && tree == NULL, 0))
-	return NULL;
+      bin_tree_t *dup_tree = parse_dup_op (tree, regexp, dfa, token, syntax, err);
+      if (BE (*err != REG_NOERROR && dup_tree == NULL, 0))
+	{
+	  if (tree != NULL)
+	    postorder (tree, free_tree, NULL);
+	  return NULL;
+	}
+      tree = dup_tree;
       /* In BRE consecutive duplications are not allowed.  */
       if ((syntax & RE_CONTEXT_INVALID_DUP)
 	  && (token->type == OP_DUP_ASTERISK
 	      || token->type == OP_OPEN_DUP_NUM))
 	{
+	  if (tree != NULL)
+	    postorder (tree, free_tree, NULL);
 	  *err = REG_BADRPT;
 	  return NULL;
 	}

Modified: fsf/glibc-2_19-branch/libc/posix/spawn_faction_addopen.c
==============================================================================
--- fsf/glibc-2_19-branch/libc/posix/spawn_faction_addopen.c (original)
+++ fsf/glibc-2_19-branch/libc/posix/spawn_faction_addopen.c Sat Sep  6 00:06:03 2014
@@ -18,6 +18,7 @@
 #include <errno.h>
 #include <spawn.h>
 #include <unistd.h>
+#include <string.h>
 
 #include "spawn_int.h"
 
@@ -35,17 +36,24 @@
   if (fd < 0 || fd >= maxfd)
     return EBADF;
 
+  char *path_copy = strdup (path);
+  if (path_copy == NULL)
+    return ENOMEM;
+
   /* Allocate more memory if needed.  */
   if (file_actions->__used == file_actions->__allocated
       && __posix_spawn_file_actions_realloc (file_actions) != 0)
-    /* This can only mean we ran out of memory.  */
-    return ENOMEM;
+    {
+      /* This can only mean we ran out of memory.  */
+      free (path_copy);
+      return ENOMEM;
+    }
 
   /* Add the new value.  */
   rec = &file_actions->__actions[file_actions->__used];
   rec->tag = spawn_do_open;
   rec->action.open_action.fd = fd;
-  rec->action.open_action.path = path;
+  rec->action.open_action.path = path_copy;
   rec->action.open_action.oflag = oflag;
   rec->action.open_action.mode = mode;
 

Modified: fsf/glibc-2_19-branch/libc/posix/spawn_faction_destroy.c
==============================================================================
--- fsf/glibc-2_19-branch/libc/posix/spawn_faction_destroy.c (original)
+++ fsf/glibc-2_19-branch/libc/posix/spawn_faction_destroy.c Sat Sep  6 00:06:03 2014
@@ -18,11 +18,29 @@
 #include <spawn.h>
 #include <stdlib.h>
 
-/* Initialize data structure for file attribute for `spawn' call.  */
+#include "spawn_int.h"
+
+/* Deallocate the file actions.  */
 int
 posix_spawn_file_actions_destroy (posix_spawn_file_actions_t *file_actions)
 {
-  /* Free the memory allocated.  */
+  /* Free the paths in the open actions.  */
+  for (int i = 0; i < file_actions->__used; ++i)
+    {
+      struct __spawn_action *sa = &file_actions->__actions[i];
+      switch (sa->tag)
+	{
+	case spawn_do_open:
+	  free (sa->action.open_action.path);
+	  break;
+	case spawn_do_close:
+	case spawn_do_dup2:
+	  /* No cleanup required.  */
+	  break;
+	}
+    }
+
+  /* Free the array of actions.  */
   free (file_actions->__actions);
   return 0;
 }

Modified: fsf/glibc-2_19-branch/libc/posix/spawn_int.h
==============================================================================
--- fsf/glibc-2_19-branch/libc/posix/spawn_int.h (original)
+++ fsf/glibc-2_19-branch/libc/posix/spawn_int.h Sat Sep  6 00:06:03 2014
@@ -22,7 +22,7 @@
     struct
     {
       int fd;
-      const char *path;
+      char *path;
       int oflag;
       mode_t mode;
     } open_action;

Modified: fsf/glibc-2_19-branch/libc/posix/tst-spawn.c
==============================================================================
--- fsf/glibc-2_19-branch/libc/posix/tst-spawn.c (original)
+++ fsf/glibc-2_19-branch/libc/posix/tst-spawn.c Sat Sep  6 00:06:03 2014
@@ -168,6 +168,7 @@
   char fd2name[18];
   char fd3name[18];
   char fd4name[18];
+  char *name3_copy;
   char *spargv[12];
   int i;
 
@@ -222,9 +223,15 @@
    if (posix_spawn_file_actions_addclose (&actions, fd1) != 0)
      error (EXIT_FAILURE, errno, "posix_spawn_file_actions_addclose");
    /* We want to open the third file.  */
-   if (posix_spawn_file_actions_addopen (&actions, fd3, name3,
+   name3_copy = strdup (name3);
+   if (name3_copy == NULL)
+     error (EXIT_FAILURE, errno, "strdup");
+   if (posix_spawn_file_actions_addopen (&actions, fd3, name3_copy,
 					 O_RDONLY, 0666) != 0)
      error (EXIT_FAILURE, errno, "posix_spawn_file_actions_addopen");
+   /* Overwrite the name to check that a copy has been made.  */
+   memset (name3_copy, 'X', strlen (name3_copy));
+
    /* We dup the second descriptor.  */
    fd4 = MAX (2, MAX (fd1, MAX (fd2, fd3))) + 1;
    if (posix_spawn_file_actions_adddup2 (&actions, fd2, fd4) != 0)
@@ -253,6 +260,7 @@
    /* Cleanup.  */
    if (posix_spawn_file_actions_destroy (&actions) != 0)
      error (EXIT_FAILURE, errno, "posix_spawn_file_actions_destroy");
+   free (name3_copy);
 
   /* Wait for the child.  */
   if (waitpid (pid, &status, 0) != pid)

Modified: fsf/glibc-2_19-branch/libc/resolv/gethnamaddr.c
==============================================================================
--- fsf/glibc-2_19-branch/libc/resolv/gethnamaddr.c (original)
+++ fsf/glibc-2_19-branch/libc/resolv/gethnamaddr.c Sat Sep  6 00:06:03 2014
@@ -621,7 +621,7 @@
 	buf.buf = origbuf = (querybuf *) alloca (1024);
 
 	if ((n = __libc_res_nsearch(&_res, name, C_IN, type, buf.buf->buf, 1024,
-				    &buf.ptr, NULL, NULL, NULL)) < 0) {
+				    &buf.ptr, NULL, NULL, NULL, NULL)) < 0) {
 		if (buf.buf != origbuf)
 			free (buf.buf);
 		Dprintf("res_nsearch failed (%d)\n", n);
@@ -716,12 +716,12 @@
 	buf.buf = orig_buf = (querybuf *) alloca (1024);
 
 	n = __libc_res_nquery(&_res, qbuf, C_IN, T_PTR, buf.buf->buf, 1024,
-			      &buf.ptr, NULL, NULL, NULL);
+			      &buf.ptr, NULL, NULL, NULL, NULL);
 	if (n < 0 && af == AF_INET6 && (_res.options & RES_NOIP6DOTINT) == 0) {
 		strcpy(qp, "ip6.int");
 		n = __libc_res_nquery(&_res, qbuf, C_IN, T_PTR, buf.buf->buf,
 				      buf.buf != orig_buf ? MAXPACKET : 1024,
-				      &buf.ptr, NULL, NULL, NULL);
+				      &buf.ptr, NULL, NULL, NULL, NULL);
 	}
 	if (n < 0) {
 		if (buf.buf != orig_buf)

Modified: fsf/glibc-2_19-branch/libc/resolv/nss_dns/dns-canon.c
==============================================================================
--- fsf/glibc-2_19-branch/libc/resolv/nss_dns/dns-canon.c (original)
+++ fsf/glibc-2_19-branch/libc/resolv/nss_dns/dns-canon.c Sat Sep  6 00:06:03 2014
@@ -62,7 +62,7 @@
     {
       int r = __libc_res_nquery (&_res, name, ns_c_in, qtypes[i],
 				 buf, sizeof (buf), &ansp.ptr, NULL, NULL,
-				 NULL);
+				 NULL, NULL);
       if (r > 0)
 	{
 	  /* We need to decode the response.  Just one question record.

Modified: fsf/glibc-2_19-branch/libc/resolv/nss_dns/dns-host.c
==============================================================================
--- fsf/glibc-2_19-branch/libc/resolv/nss_dns/dns-host.c (original)
+++ fsf/glibc-2_19-branch/libc/resolv/nss_dns/dns-host.c Sat Sep  6 00:06:03 2014
@@ -190,7 +190,7 @@
   host_buffer.buf = orig_host_buffer = (querybuf *) alloca (1024);
 
   n = __libc_res_nsearch (&_res, name, C_IN, type, host_buffer.buf->buf,
-			  1024, &host_buffer.ptr, NULL, NULL, NULL);
+			  1024, &host_buffer.ptr, NULL, NULL, NULL, NULL);
   if (n < 0)
     {
       switch (errno)
@@ -225,7 +225,7 @@
 	n = __libc_res_nsearch (&_res, name, C_IN, T_A, host_buffer.buf->buf,
 				host_buffer.buf != orig_host_buffer
 				? MAXPACKET : 1024, &host_buffer.ptr,
-				NULL, NULL, NULL);
+				NULL, NULL, NULL, NULL);
 
       if (n < 0)
 	{
@@ -308,13 +308,20 @@
   u_char *ans2p = NULL;
   int nans2p = 0;
   int resplen2 = 0;
+  int ans2p_malloced = 0;
 
   int olderr = errno;
   enum nss_status status;
   int n = __libc_res_nsearch (&_res, name, C_IN, T_UNSPEC,
 			      host_buffer.buf->buf, 2048, &host_buffer.ptr,
-			      &ans2p, &nans2p, &resplen2);
-  if (n < 0)
+			      &ans2p, &nans2p, &resplen2, &ans2p_malloced);
+  if (n >= 0)
+    {
+      status = gaih_getanswer (host_buffer.buf, n, (const querybuf *) ans2p,
+			       resplen2, name, pat, buffer, buflen,
+			       errnop, herrnop, ttlp);
+    }
+  else
     {
       switch (errno)
 	{
@@ -341,16 +348,11 @@
 	*errnop = EAGAIN;
       else
 	__set_errno (olderr);
-
-      if (host_buffer.buf != orig_host_buffer)
-	free (host_buffer.buf);
-
-      return status;
-    }
-
-  status = gaih_getanswer(host_buffer.buf, n, (const querybuf *) ans2p,
-			  resplen2, name, pat, buffer, buflen,
-			  errnop, herrnop, ttlp);
+    }
+
+  /* Check whether ans2p was separately allocated.  */
+  if (ans2p_malloced)
+    free (ans2p);
 
   if (host_buffer.buf != orig_host_buffer)
     free (host_buffer.buf);
@@ -460,7 +462,7 @@
 	  strcpy (qp, "].ip6.arpa");
 	  n = __libc_res_nquery (&_res, qbuf, C_IN, T_PTR,
 				 host_buffer.buf->buf, 1024, &host_buffer.ptr,
-				 NULL, NULL, NULL);
+				 NULL, NULL, NULL, NULL);
 	  if (n >= 0)
 	    goto got_it_already;
 	}
@@ -481,14 +483,14 @@
     }
 
   n = __libc_res_nquery (&_res, qbuf, C_IN, T_PTR, host_buffer.buf->buf,
-			 1024, &host_buffer.ptr, NULL, NULL, NULL);
+			 1024, &host_buffer.ptr, NULL, NULL, NULL, NULL);
   if (n < 0 && af == AF_INET6 && (_res.options & RES_NOIP6DOTINT) == 0)
     {
       strcpy (qp, "ip6.int");
       n = __libc_res_nquery (&_res, qbuf, C_IN, T_PTR, host_buffer.buf->buf,
 			     host_buffer.buf != orig_host_buffer
 			     ? MAXPACKET : 1024, &host_buffer.ptr,
-			     NULL, NULL, NULL);
+			     NULL, NULL, NULL, NULL);
     }
   if (n < 0)
     {

Modified: fsf/glibc-2_19-branch/libc/resolv/nss_dns/dns-network.c
==============================================================================
--- fsf/glibc-2_19-branch/libc/resolv/nss_dns/dns-network.c (original)
+++ fsf/glibc-2_19-branch/libc/resolv/nss_dns/dns-network.c Sat Sep  6 00:06:03 2014
@@ -129,7 +129,7 @@
   net_buffer.buf = orig_net_buffer = (querybuf *) alloca (1024);
 
   anslen = __libc_res_nsearch (&_res, qbuf, C_IN, T_PTR, net_buffer.buf->buf,
-			       1024, &net_buffer.ptr, NULL, NULL, NULL);
+			       1024, &net_buffer.ptr, NULL, NULL, NULL, NULL);
   if (anslen < 0)
     {
       /* Nothing found.  */
@@ -205,7 +205,7 @@
   net_buffer.buf = orig_net_buffer = (querybuf *) alloca (1024);
 
   anslen = __libc_res_nquery (&_res, qbuf, C_IN, T_PTR, net_buffer.buf->buf,
-			      1024, &net_buffer.ptr, NULL, NULL, NULL);
+			      1024, &net_buffer.ptr, NULL, NULL, NULL, NULL);
   if (anslen < 0)
     {
       /* Nothing found.  */

Modified: fsf/glibc-2_19-branch/libc/resolv/res_query.c
==============================================================================
--- fsf/glibc-2_19-branch/libc/resolv/res_query.c (original)
+++ fsf/glibc-2_19-branch/libc/resolv/res_query.c Sat Sep  6 00:06:03 2014
@@ -98,7 +98,7 @@
 __libc_res_nquerydomain(res_state statp, const char *name, const char *domain,
 			int class, int type, u_char *answer, int anslen,
 			u_char **answerp, u_char **answerp2, int *nanswerp2,
-			int *resplen2);
+			int *resplen2, int *answerp2_malloced);
 
 /*
  * Formulate a normal query, send, and await answer.
@@ -119,7 +119,8 @@
 		  u_char **answerp,	/* if buffer needs to be enlarged */
 		  u_char **answerp2,
 		  int *nanswerp2,
-		  int *resplen2)
+		  int *resplen2,
+		  int *answerp2_malloced)
 {
 	HEADER *hp = (HEADER *) answer;
 	HEADER *hp2;
@@ -224,7 +225,8 @@
 	}
 	assert (answerp == NULL || (void *) *answerp == (void *) answer);
 	n = __libc_res_nsend(statp, query1, nquery1, query2, nquery2, answer,
-			     anslen, answerp, answerp2, nanswerp2, resplen2);
+			     anslen, answerp, answerp2, nanswerp2, resplen2,
+			     answerp2_malloced);
 	if (use_malloc)
 		free (buf);
 	if (n < 0) {
@@ -316,7 +318,7 @@
 	   int anslen)		/* size of answer buffer */
 {
 	return __libc_res_nquery(statp, name, class, type, answer, anslen,
-				 NULL, NULL, NULL, NULL);
+				 NULL, NULL, NULL, NULL, NULL);
 }
 libresolv_hidden_def (res_nquery)
 
@@ -335,7 +337,8 @@
 		   u_char **answerp,
 		   u_char **answerp2,
 		   int *nanswerp2,
-		   int *resplen2)
+		   int *resplen2,
+		   int *answerp2_malloced)
 {
 	const char *cp, * const *domain;
 	HEADER *hp = (HEADER *) answer;
@@ -360,7 +363,7 @@
 	if (!dots && (cp = res_hostalias(statp, name, tmp, sizeof tmp))!= NULL)
 		return (__libc_res_nquery(statp, cp, class, type, answer,
 					  anslen, answerp, answerp2,
-					  nanswerp2, resplen2));
+					  nanswerp2, resplen2, answerp2_malloced));
 
 #ifdef DEBUG
 	if (statp->options & RES_DEBUG)
@@ -377,7 +380,8 @@
 	if (dots >= statp->ndots || trailing_dot) {
 		ret = __libc_res_nquerydomain(statp, name, NULL, class, type,
 					      answer, anslen, answerp,
-					      answerp2, nanswerp2, resplen2);
+					      answerp2, nanswerp2, resplen2,
+					      answerp2_malloced);
 		if (ret > 0 || trailing_dot)
 			return (ret);
 		saved_herrno = h_errno;
@@ -386,11 +390,11 @@
 			answer = *answerp;
 			anslen = MAXPACKET;
 		}
-		if (answerp2
-		    && (*answerp2 < answer || *answerp2 >= answer + anslen))
+		if (answerp2 && *answerp2_malloced)
 		  {
 		    free (*answerp2);
 		    *answerp2 = NULL;
+		    *answerp2_malloced = 0;
 		  }
 	}
 
@@ -417,7 +421,7 @@
 						      class, type,
 						      answer, anslen, answerp,
 						      answerp2, nanswerp2,
-						      resplen2);
+						      resplen2, answerp2_malloced);
 			if (ret > 0)
 				return (ret);
 
@@ -425,12 +429,11 @@
 				answer = *answerp;
 				anslen = MAXPACKET;
 			}
-			if (answerp2
-			    && (*answerp2 < answer
-				|| *answerp2 >= answer + anslen))
+			if (answerp2 && *answerp2_malloced)
 			  {
 			    free (*answerp2);
 			    *answerp2 = NULL;
+			    *answerp2_malloced = 0;
 			  }
 
 			/*
@@ -486,7 +489,8 @@
 	    && !(tried_as_is || root_on_list)) {
 		ret = __libc_res_nquerydomain(statp, name, NULL, class, type,
 					      answer, anslen, answerp,
-					      answerp2, nanswerp2, resplen2);
+					      answerp2, nanswerp2, resplen2,
+					      answerp2_malloced);
 		if (ret > 0)
 			return (ret);
 	}
@@ -498,10 +502,11 @@
 	 * else send back meaningless H_ERRNO, that being the one from
 	 * the last DNSRCH we did.
 	 */
-	if (answerp2 && (*answerp2 < answer || *answerp2 >= answer + anslen))
+	if (answerp2 && *answerp2_malloced)
 	  {
 	    free (*answerp2);
 	    *answerp2 = NULL;
+	    *answerp2_malloced = 0;
 	  }
 	if (saved_herrno != -1)
 		RES_SET_H_ERRNO(statp, saved_herrno);
@@ -521,7 +526,7 @@
 	    int anslen)		/* size of answer */
 {
 	return __libc_res_nsearch(statp, name, class, type, answer,
-				  anslen, NULL, NULL, NULL, NULL);
+				  anslen, NULL, NULL, NULL, NULL, NULL);
 }
 libresolv_hidden_def (res_nsearch)
 
@@ -539,7 +544,8 @@
 			u_char **answerp,
 			u_char **answerp2,
 			int *nanswerp2,
-			int *resplen2)
+			int *resplen2,
+			int *answerp2_malloced)
 {
 	char nbuf[MAXDNAME];
 	const char *longname = nbuf;
@@ -581,7 +587,7 @@
 	}
 	return (__libc_res_nquery(statp, longname, class, type, answer,
 				  anslen, answerp, answerp2, nanswerp2,
-				  resplen2));
+				  resplen2, answerp2_malloced));
 }
 
 int
@@ -593,7 +599,8 @@
 	    int anslen)		/* size of answer */
 {
 	return __libc_res_nquerydomain(statp, name, domain, class, type,
-				       answer, anslen, NULL, NULL, NULL, NULL);
+				       answer, anslen, NULL, NULL, NULL, NULL,
+				       NULL);
 }
 libresolv_hidden_def (res_nquerydomain)
 

Modified: fsf/glibc-2_19-branch/libc/resolv/res_send.c
==============================================================================
--- fsf/glibc-2_19-branch/libc/resolv/res_send.c (original)
+++ fsf/glibc-2_19-branch/libc/resolv/res_send.c Sat Sep  6 00:06:03 2014
@@ -186,12 +186,12 @@
 static int		send_vc(res_state, const u_char *, int,
 				const u_char *, int,
 				u_char **, int *, int *, int, u_char **,
-				u_char **, int *, int *);
+				u_char **, int *, int *, int *);
 static int		send_dg(res_state, const u_char *, int,
 				const u_char *, int,
 				u_char **, int *, int *, int,
 				int *, int *, u_char **,
-				u_char **, int *, int *);
+				u_char **, int *, int *, int *);
 #ifdef DEBUG
 static void		Aerror(const res_state, FILE *, const char *, int,
 			       const struct sockaddr *);
@@ -343,7 +343,7 @@
 __libc_res_nsend(res_state statp, const u_char *buf, int buflen,
 		 const u_char *buf2, int buflen2,
 		 u_char *ans, int anssiz, u_char **ansp, u_char **ansp2,
-		 int *nansp2, int *resplen2)
+		 int *nansp2, int *resplen2, int *ansp2_malloced)
 {
   int gotsomewhere, terrno, try, v_circuit, resplen, ns, n;
 
@@ -546,7 +546,8 @@
 			try = statp->retry;
 			n = send_vc(statp, buf, buflen, buf2, buflen2,
 				    &ans, &anssiz, &terrno,
-				    ns, ansp, ansp2, nansp2, resplen2);
+				    ns, ansp, ansp2, nansp2, resplen2,
+				    ansp2_malloced);
 			if (n < 0)
 				return (-1);
 			if (n == 0 && (buf2 == NULL || *resplen2 == 0))
@@ -556,7 +557,7 @@
 			n = send_dg(statp, buf, buflen, buf2, buflen2,
 				    &ans, &anssiz, &terrno,
 				    ns, &v_circuit, &gotsomewhere, ansp,
-				    ansp2, nansp2, resplen2);
+				    ansp2, nansp2, resplen2, ansp2_malloced);
 			if (n < 0)
 				return (-1);
 			if (n == 0 && (buf2 == NULL || *resplen2 == 0))
@@ -646,7 +647,7 @@
 	  const u_char *buf, int buflen, u_char *ans, int anssiz)
 {
   return __libc_res_nsend(statp, buf, buflen, NULL, 0, ans, anssiz,
-			  NULL, NULL, NULL, NULL);
+			  NULL, NULL, NULL, NULL, NULL);
 }
 libresolv_hidden_def (res_nsend)
 
@@ -657,7 +658,7 @@
 	const u_char *buf, int buflen, const u_char *buf2, int buflen2,
 	u_char **ansp, int *anssizp,
 	int *terrno, int ns, u_char **anscp, u_char **ansp2, int *anssizp2,
-	int *resplen2)
+	int *resplen2, int *ansp2_malloced)
 {
 	const HEADER *hp = (HEADER *) buf;
 	const HEADER *hp2 = (HEADER *) buf2;
@@ -823,6 +824,8 @@
 			}
 			*thisanssizp = MAXPACKET;
 			*thisansp = newp;
+			if (thisansp == ansp2)
+			  *ansp2_malloced = 1;
 			anhp = (HEADER *) newp;
 			len = rlen;
 		} else {
@@ -992,7 +995,7 @@
 	const u_char *buf, int buflen, const u_char *buf2, int buflen2,
 	u_char **ansp, int *anssizp,
 	int *terrno, int ns, int *v_circuit, int *gotsomewhere, u_char **anscp,
-	u_char **ansp2, int *anssizp2, int *resplen2)
+	u_char **ansp2, int *anssizp2, int *resplen2, int *ansp2_malloced)
 {
 	const HEADER *hp = (HEADER *) buf;
 	const HEADER *hp2 = (HEADER *) buf2;
@@ -1238,6 +1241,8 @@
 			if (newp != NULL) {
 				*anssizp = MAXPACKET;
 				*thisansp = ans = newp;
+				if (thisansp == ansp2)
+				  *ansp2_malloced = 1;
 			}
 		}
 		HEADER *anhp = (HEADER *) *thisansp;
@@ -1405,6 +1410,7 @@
 					retval = reopen (statp, terrno, ns);
 					if (retval <= 0)
 						return retval;
+					pfd[0].fd = EXT(statp).nssocks[ns];
 				}
 			}
 			goto wait;

Removed: fsf/glibc-2_19-branch/libc/sysdeps/s390/Makefile
==============================================================================
--- fsf/glibc-2_19-branch/libc/sysdeps/s390/Makefile (original)
+++ fsf/glibc-2_19-branch/libc/sysdeps/s390/Makefile (removed)
@@ -1,9 +1,0 @@
-ifeq ($(subdir),setjmp)
-ifeq (yes,$(build-shared))
-sysdep_routines += v1-longjmp v1-sigjmp
-endif
-endif
-
-ifeq ($(subdir),csu)
-gen-as-const-headers += rtld-global-offsets.sym
-endif

Modified: fsf/glibc-2_19-branch/libc/sysdeps/s390/Versions
==============================================================================
--- fsf/glibc-2_19-branch/libc/sysdeps/s390/Versions (original)
+++ fsf/glibc-2_19-branch/libc/sysdeps/s390/Versions Sat Sep  6 00:06:03 2014
@@ -1,11 +1,7 @@
 libc {
   GLIBC_2.19 {
-    setjmp; _setjmp; __setjmp; __sigsetjmp;
+    setjmp; _setjmp; __sigsetjmp;
     longjmp; _longjmp; siglongjmp;
-  }
-  GLIBC_PRIVATE {
-    __v1__libc_longjmp; __v1__libc_siglongjmp;
-    __v2__libc_longjmp; __v2__libc_siglongjmp;
   }
 }
 

Removed: fsf/glibc-2_19-branch/libc/sysdeps/s390/__longjmp.c
==============================================================================
--- fsf/glibc-2_19-branch/libc/sysdeps/s390/__longjmp.c (original)
+++ fsf/glibc-2_19-branch/libc/sysdeps/s390/__longjmp.c (removed)
@@ -1,31 +1,0 @@
-/* Copyright (C) 2013 Free Software Foundation, Inc.
-   This file is part of the GNU C Library.
-
-   The GNU C Library is free software; you can redistribute it and/or
-   modify it under the terms of the GNU Lesser General Public
-   License as published by the Free Software Foundation; either
-   version 2.1 of the License, or (at your option) any later version.
-
-   The GNU C Library is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-   Lesser General Public License for more details.
-
-   You should have received a copy of the GNU Lesser General Public
-   License along with the GNU C Library; if not, see
-   <http://www.gnu.org/licenses/>.  */
-
-#include <libc-symbols.h>
-#include <shlib-compat.h>
-
-#define __longjmp  __v2__longjmp
-#include "__longjmp-common.c"
-#undef __longjmp
-strong_alias (__v2__longjmp, __longjmp)
-
-#if defined SHARED && SHLIB_COMPAT (libc, GLIBC_2_0, GLIBC_2_19)
-# undef __longjmp
-# define __V1_JMPBUF
-# define __longjmp  __v1__longjmp
-# include "__longjmp-common.c"
-#endif /* if defined SHARED && SHLIB_COMPAT (libc, GLIBC_2_0, GLIBC_2_19) */

Modified: fsf/glibc-2_19-branch/libc/sysdeps/s390/bits/setjmp.h
==============================================================================
--- fsf/glibc-2_19-branch/libc/sysdeps/s390/bits/setjmp.h (original)
+++ fsf/glibc-2_19-branch/libc/sysdeps/s390/bits/setjmp.h Sat Sep  6 00:06:03 2014
@@ -40,10 +40,6 @@
   /* We save fpu registers 4 and 6.  */
   long __fpregs[4];
 # endif
-#ifndef __V1_JMPBUF
-  unsigned long __flags;
-  char __reserved[128];
-#endif
 } __jmp_buf[1];
 
 #endif

Modified: fsf/glibc-2_19-branch/libc/sysdeps/s390/longjmp.c
==============================================================================
--- fsf/glibc-2_19-branch/libc/sysdeps/s390/longjmp.c (original)
+++ fsf/glibc-2_19-branch/libc/sysdeps/s390/longjmp.c Sat Sep  6 00:06:03 2014
@@ -1,4 +1,4 @@
-/* Copyright (C) 2013 Free Software Foundation, Inc.
+/* Copyright (C) 2014 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
 
    The GNU C Library is free software; you can redistribute it and/or
@@ -15,50 +15,28 @@
    License along with the GNU C Library; if not, see
    <http://www.gnu.org/licenses/>.
 
-   Versioned copy of sysdeps/generic/longjmp.c modified for extended
-   jmpbuf.  */
+   Versioned copy of setjmp/longjmp.c modified for versioning
+   the reverted jmpbuf extension.  */
 
 #include <shlib-compat.h>
-#include <stddef.h>
-#include <setjmp.h>
-#include <signal.h>
 
-extern void __v2__longjmp (__jmp_buf __env, int __val)
-     __attribute__ ((__noreturn__));
-extern void __v2__libc_longjmp (sigjmp_buf env, int val)
-     __attribute__ ((__noreturn__));
-libc_hidden_proto (__v2__libc_longjmp)
+#include <setjmp/longjmp.c>
 
-/* Set the signal mask to the one specified in ENV, and jump
-   to the position specified in ENV, causing the setjmp
-   call there to return VAL, or 1 if VAL is 0.  */
-void
-__v2__libc_siglongjmp (sigjmp_buf env, int val)
-{
-  /* Perform any cleanups needed by the frames being unwound.  */
-  _longjmp_unwind (env, val);
+#if defined SHARED && SHLIB_COMPAT (libc, GLIBC_2_19, GLIBC_2_20)
+/* In glibc release 2.19 new versions of longjmp-functions were introduced,
+   but were reverted before 2.20. Thus both versions are the same function.  */
+weak_alias (__libc_siglongjmp, __v1_longjmp)
+weak_alias (__libc_siglongjmp, __v2_longjmp)
+versioned_symbol (libc, __v1_longjmp, _longjmp, GLIBC_2_0);
+compat_symbol (libc, __v2_longjmp, _longjmp, GLIBC_2_19);
 
-  if (env[0].__mask_was_saved)
-    /* Restore the saved signal mask.  */
-    (void) __sigprocmask (SIG_SETMASK, &env[0].__saved_mask,
-			  (sigset_t *) NULL);
+weak_alias (__libc_siglongjmp, __v1longjmp)
+weak_alias (__libc_siglongjmp, __v2longjmp)
+versioned_symbol (libc, __v1longjmp, longjmp, GLIBC_2_0);
+compat_symbol (libc, __v2longjmp, longjmp, GLIBC_2_19);
 
-  /* Call the machine-dependent function to restore machine state.  */
-  __v2__longjmp (env[0].__jmpbuf, val ?: 1);
-}
-
-#ifndef __v2__longjmp
-strong_alias (__v2__libc_siglongjmp, __v2__libc_longjmp)
-libc_hidden_def (__v2__libc_longjmp)
-weak_alias (__v2__libc_siglongjmp, __v2_longjmp)
-weak_alias (__v2__libc_siglongjmp, __v2longjmp)
-weak_alias (__v2__libc_siglongjmp, __v2siglongjmp)
-
-/* These will be used by libpthread only.  */
-versioned_symbol (libc, __v2__libc_longjmp, __libc_longjmp, GLIBC_PRIVATE);
-versioned_symbol (libc, __v2__libc_siglongjmp, __libc_siglongjmp, GLIBC_PRIVATE);
-
-versioned_symbol (libc, __v2_longjmp, _longjmp, GLIBC_2_19);
-versioned_symbol (libc, __v2longjmp, longjmp, GLIBC_2_19);
-versioned_symbol (libc, __v2siglongjmp, siglongjmp, GLIBC_2_19);
-#endif /* ifndef __v2__longjmp */
+weak_alias (__libc_siglongjmp, __v1siglongjmp)
+weak_alias (__libc_siglongjmp, __v2siglongjmp)
+versioned_symbol (libc, __v1siglongjmp, siglongjmp, GLIBC_2_0);
+compat_symbol (libc, __v2siglongjmp, siglongjmp, GLIBC_2_19);
+#endif /* SHARED && SHLIB_COMPAT (libc, GLIBC_2_19, GLIBC_2_20)  */

Removed: fsf/glibc-2_19-branch/libc/sysdeps/s390/rtld-__longjmp.c
==============================================================================
--- fsf/glibc-2_19-branch/libc/sysdeps/s390/rtld-__longjmp.c (original)
+++ fsf/glibc-2_19-branch/libc/sysdeps/s390/rtld-__longjmp.c (removed)
@@ -1,19 +1,0 @@
-/* Copyright (C) 2013 Free Software Foundation, Inc.
-   This file is part of the GNU C Library.
-
-   The GNU C Library is free software; you can redistribute it and/or
-   modify it under the terms of the GNU Lesser General Public
-   License as published by the Free Software Foundation; either
-   version 2.1 of the License, or (at your option) any later version.
-
-   The GNU C Library is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-   Lesser General Public License for more details.
-
-   You should have received a copy of the GNU Lesser General Public
-   License along with the GNU C Library; if not, see
-   <http://www.gnu.org/licenses/>.  */
-
-/* Build a non-versioned object for rtld-*.  */
-# include "__longjmp-common.c"

Removed: fsf/glibc-2_19-branch/libc/sysdeps/s390/rtld-global-offsets.sym
==============================================================================
--- fsf/glibc-2_19-branch/libc/sysdeps/s390/rtld-global-offsets.sym (original)
+++ fsf/glibc-2_19-branch/libc/sysdeps/s390/rtld-global-offsets.sym (removed)
@@ -1,7 +1,0 @@
-#define SHARED 1
-
-#include <ldsodefs.h>
-
-#define rtld_global_ro_offsetof(mem) offsetof (struct rtld_global_ro, mem)
-
-RTLD_GLOBAL_RO_DL_HWCAP_OFFSET	rtld_global_ro_offsetof (_dl_hwcap)

Removed: fsf/glibc-2_19-branch/libc/sysdeps/s390/rtld-setjmp.S
==============================================================================
--- fsf/glibc-2_19-branch/libc/sysdeps/s390/rtld-setjmp.S (original)
+++ fsf/glibc-2_19-branch/libc/sysdeps/s390/rtld-setjmp.S (removed)
@@ -1,20 +1,0 @@
-/* Extendible version of setjmp for System z
-   Copyright (C) 2013 Free Software Foundation, Inc.
-   This file is part of the GNU C Library.
-
-   The GNU C Library is free software; you can redistribute it and/or
-   modify it under the terms of the GNU Lesser General Public
-   License as published by the Free Software Foundation; either
-   version 2.1 of the License, or (at your option) any later version.
-
-   The GNU C Library is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-   Lesser General Public License for more details.
-
-   You should have received a copy of the GNU Lesser General Public
-   License along with the GNU C Library; if not, see
-   <http://www.gnu.org/licenses/>.  */
-
-/* Build a non-versioned object for rtld-*.  */
-# include "setjmp-common.S"

Removed: fsf/glibc-2_19-branch/libc/sysdeps/s390/s390-32/__longjmp-common.c
==============================================================================
--- fsf/glibc-2_19-branch/libc/sysdeps/s390/s390-32/__longjmp-common.c (original)
+++ fsf/glibc-2_19-branch/libc/sysdeps/s390/s390-32/__longjmp-common.c (removed)
@@ -1,68 +1,0 @@
-/* Copyright (C) 2000-2014 Free Software Foundation, Inc.
-   This file is part of the GNU C Library.
-   Contributed by Martin Schwidefsky (schwidefsky@xxxxxxxxxx).
-
-   The GNU C Library is free software; you can redistribute it and/or
-   modify it under the terms of the GNU Lesser General Public
-   License as published by the Free Software Foundation; either
-   version 2.1 of the License, or (at your option) any later version.
-
-   The GNU C Library is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-   Lesser General Public License for more details.
-
-   You should have received a copy of the GNU Lesser General Public
-   License along with the GNU C Library; if not, see
-   <http://www.gnu.org/licenses/>.  */
-
-#include <errno.h>
-#include <sysdep.h>
-#include <setjmp.h>
-#include <bits/setjmp.h>
-#include <stdlib.h>
-#include <unistd.h>
-
-/* Jump to the position specified by ENV, causing the
-   setjmp call there to return VAL, or 1 if VAL is 0.  */
-attribute_hidden void
-__longjmp (__jmp_buf env, int val)
-{
-#ifdef PTR_DEMANGLE
-  uintptr_t guard = THREAD_GET_POINTER_GUARD ();
-# ifdef CHECK_SP
-  CHECK_SP (env, guard);
-# endif
-#elif defined CHECK_SP
-  CHECK_SP (env, 0);
-#endif
-  register int r2 __asm ("%r2") = val == 0 ? 1 : val;
-#ifdef PTR_DEMANGLE
-  register uintptr_t r3 __asm ("%r3") = guard;
-  register void *r1 __asm ("%r1") = (void *) env;
-#endif
-  /* Restore registers and jump back.  */
-  asm volatile ("ld   %%f6,48(%1)\n\t"
-		"ld   %%f4,40(%1)\n\t"
-#ifdef PTR_DEMANGLE
-		"lm   %%r6,%%r13,0(%1)\n\t"
-		"lm   %%r4,%%r5,32(%1)\n\t"
-		"xr   %%r4,%2\n\t"
-		"xr   %%r5,%2\n\t"
-		"lr   %%r15,%%r5\n\t"
-		"br   %%r4"
-#else
-		"lm   %%r6,%%r15,0(%1)\n\t"
-		"br   %%r14"
-#endif
-		: : "r" (r2),
-#ifdef PTR_DEMANGLE
-		    "r" (r1), "r" (r3)
-#else
-		    "a" (env)
-#endif
-		);
-
-  /* Avoid `volatile function does return' warnings.  */
-  for (;;);
-}

Added: fsf/glibc-2_19-branch/libc/sysdeps/s390/s390-32/__longjmp.c
==============================================================================
--- fsf/glibc-2_19-branch/libc/sysdeps/s390/s390-32/__longjmp.c (added)
+++ fsf/glibc-2_19-branch/libc/sysdeps/s390/s390-32/__longjmp.c Sat Sep  6 00:06:03 2014
@@ -1,0 +1,68 @@
+/* Copyright (C) 2000-2014 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+   Contributed by Martin Schwidefsky (schwidefsky@xxxxxxxxxx).
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <http://www.gnu.org/licenses/>.  */
+
+#include <errno.h>
+#include <sysdep.h>
+#include <setjmp.h>
+#include <bits/setjmp.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+/* Jump to the position specified by ENV, causing the
+   setjmp call there to return VAL, or 1 if VAL is 0.  */
+void
+__longjmp (__jmp_buf env, int val)
+{
+#ifdef PTR_DEMANGLE
+  uintptr_t guard = THREAD_GET_POINTER_GUARD ();
+# ifdef CHECK_SP
+  CHECK_SP (env, guard);
+# endif
+#elif defined CHECK_SP
+  CHECK_SP (env, 0);
+#endif
+  register int r2 __asm ("%r2") = val == 0 ? 1 : val;
+#ifdef PTR_DEMANGLE
+  register uintptr_t r3 __asm ("%r3") = guard;
+  register void *r1 __asm ("%r1") = (void *) env;
+#endif
+  /* Restore registers and jump back.  */
+  asm volatile ("ld   %%f6,48(%1)\n\t"
+		"ld   %%f4,40(%1)\n\t"
+#ifdef PTR_DEMANGLE
+		"lm   %%r6,%%r13,0(%1)\n\t"
+		"lm   %%r4,%%r5,32(%1)\n\t"
+		"xr   %%r4,%2\n\t"
+		"xr   %%r5,%2\n\t"
+		"lr   %%r15,%%r5\n\t"
+		"br   %%r4"
+#else
+		"lm   %%r6,%%r15,0(%1)\n\t"
+		"br   %%r14"
+#endif
+		: : "r" (r2),
+#ifdef PTR_DEMANGLE

[... 1822 lines stripped ...]
_______________________________________________
Commits mailing list
Commits@xxxxxxxxxx
http://eglibc.org/cgi-bin/mailman/listinfo/commits