From: Armin Kuster <akuster808@gmail.com>
To: openembedded-core@lists.openembedded.org
Subject: [PATCH 3/4] glibc: CVE-2015-9761
Date: Mon, 25 Jan 2016 11:34:51 -0800 [thread overview]
Message-ID: <ee0e51ae318eb307a9ffb95101c87e506da948c5.1453750404.git.akuster808@gmail.com> (raw)
In-Reply-To: <cover.1453750404.git.akuster808@gmail.com>
In-Reply-To: <cover.1453750404.git.akuster808@gmail.com>
From: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
---
meta/recipes-core/glibc/glibc/CVE-2015-9761.patch | 1452 +++++++++++++++++++++
meta/recipes-core/glibc/glibc_2.21.bb | 1 +
2 files changed, 1453 insertions(+)
create mode 100644 meta/recipes-core/glibc/glibc/CVE-2015-9761.patch
diff --git a/meta/recipes-core/glibc/glibc/CVE-2015-9761.patch b/meta/recipes-core/glibc/glibc/CVE-2015-9761.patch
new file mode 100644
index 0000000..262820e
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2015-9761.patch
@@ -0,0 +1,1452 @@
+From 9b9738e57a358e30ca4d7731f99928715482737c Mon Sep 17 00:00:00 2001
+From: Armin Kuster <akuster@mvista.com>
+Date: Fri, 22 Jan 2016 20:23:04 -0800
+Subject: [PATCH 3/4] glibc: CVE-2015-9761
+
+A stack overflow vulnerability was found in nan* functions that could cause
+applications which process long strings with the nan function to crash or,
+potentially, execute arbitrary code.
+
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+---
+ .../recipes-core/glibc/glibc/CVE-2015-9761_1.patch | 1039 ++++++++++++++++++++
+ .../recipes-core/glibc/glibc/CVE-2015-9761_2.patch | 385 ++++++++
+ meta/recipes-core/glibc/glibc_2.22.bb | 2 +
+ 3 files changed, 1426 insertions(+)
+ create mode 100644 meta/recipes-core/glibc/glibc/CVE-2015-9761_1.patch
+ create mode 100644 meta/recipes-core/glibc/glibc/CVE-2015-9761_2.patch
+
+Index: git/meta/recipes-core/glibc/glibc/CVE-2015-9761_1.patch
+===================================================================
+--- /dev/null
++++ git/meta/recipes-core/glibc/glibc/CVE-2015-9761_1.patch
+@@ -0,0 +1,1039 @@
++From e02cabecf0d025ec4f4ddee290bdf7aadb873bb3 Mon Sep 17 00:00:00 2001
++From: Joseph Myers <joseph@codesourcery.com>
++Date: Tue, 24 Nov 2015 22:24:52 +0000
++Subject: [PATCH] Refactor strtod parsing of NaN payloads.
++
++The nan* functions handle their string argument by constructing a
++NAN(...) string on the stack as a VLA and passing it to strtod
++functions.
++
++This approach has problems discussed in bug 16961 and bug 16962: the
++stack usage is unbounded, and it gives incorrect results in certain
++cases where the argument is not a valid n-char-sequence.
++
++The natural fix for both issues is to refactor the NaN payload parsing
++out of strtod into a separate function that the nan* functions can
++call directly, so that no temporary string needs constructing on the
++stack at all. This patch does that refactoring in preparation for
++fixing those bugs (but without actually using the new functions from
++nan* - which will also require exporting them from libc at version
++GLIBC_PRIVATE). This patch is not intended to change any user-visible
++behavior, so no tests are added (fixes for the above bugs will of
++course add tests for them).
++
++This patch builds on my recent fixes for strtol and strtod issues in
++Turkish locales. Given those fixes, the parsing of NaN payloads is
++locale-independent; thus, the new functions do not need to take a
++locale_t argument.
++
++Tested for x86_64, x86, mips64 and powerpc.
++
++ * stdlib/strtod_nan.c: New file.
++ * stdlib/strtod_nan_double.h: Likewise.
++ * stdlib/strtod_nan_float.h: Likewise.
++ * stdlib/strtod_nan_main.c: Likewise.
++ * stdlib/strtod_nan_narrow.h: Likewise.
++ * stdlib/strtod_nan_wide.h: Likewise.
++ * stdlib/strtof_nan.c: Likewise.
++ * stdlib/strtold_nan.c: Likewise.
++ * sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h: Likewise.
++ * sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h: Likewise.
++ * sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h: Likewise.
++ * wcsmbs/wcstod_nan.c: Likewise.
++ * wcsmbs/wcstof_nan.c: Likewise.
++ * wcsmbs/wcstold_nan.c: Likewise.
++ * stdlib/Makefile (routines): Add strtof_nan, strtod_nan and
++ strtold_nan.
++ * wcsmbs/Makefile (routines): Add wcstod_nan, wcstold_nan and
++ wcstof_nan.
++ * include/stdlib.h (__strtof_nan): Declare and use
++ libc_hidden_proto.
++ (__strtod_nan): Likewise.
++ (__strtold_nan): Likewise.
++ (__wcstof_nan): Likewise.
++ (__wcstod_nan): Likewise.
++ (__wcstold_nan): Likewise.
++ * include/wchar.h (____wcstoull_l_internal): Declare.
++ * stdlib/strtod_l.c: Do not include <ieee754.h>.
++ (____strtoull_l_internal): Remove declaration.
++ (STRTOF_NAN): Define macro.
++ (SET_MANTISSA): Remove macro.
++ (STRTOULL): Likewise.
++ (____STRTOF_INTERNAL): Use STRTOF_NAN to parse NaN payload.
++ * stdlib/strtof_l.c (____strtoull_l_internal): Remove declaration.
++ (STRTOF_NAN): Define macro.
++ (SET_MANTISSA): Remove macro.
++ * sysdeps/ieee754/ldbl-128/strtold_l.c (STRTOF_NAN): Define macro.
++ (SET_MANTISSA): Remove macro.
++ * sysdeps/ieee754/ldbl-128ibm/strtold_l.c (STRTOF_NAN): Define
++ macro.
++ (SET_MANTISSA): Remove macro.
++ * sysdeps/ieee754/ldbl-64-128/strtold_l.c (STRTOF_NAN): Define
++ macro.
++ (SET_MANTISSA): Remove macro.
++ * sysdeps/ieee754/ldbl-96/strtold_l.c (STRTOF_NAN): Define macro.
++ (SET_MANTISSA): Remove macro.
++ * wcsmbs/wcstod_l.c (____wcstoull_l_internal): Remove declaration.
++ * wcsmbs/wcstof_l.c (____wcstoull_l_internal): Likewise.
++ * wcsmbs/wcstold_l.c (____wcstoull_l_internal): Likewise.
++
++Upstream-Status: Backport
++CVE: CVE-2015-9761 patch #1
++[Yocto # 8980]
++
++https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e02cabecf0d025ec4f4ddee290bdf7aadb873bb3
++
++Signed-off-by: Armin Kuster <akuster@mvista.com>
++
++---
++ ChangeLog | 49 ++++++++++++++++++
++ include/stdlib.h | 18 +++++++
++ include/wchar.h | 3 ++
++ stdlib/Makefile | 1 +
++ stdlib/strtod_l.c | 48 ++++--------------
++ stdlib/strtod_nan.c | 24 +++++++++
++ stdlib/strtod_nan_double.h | 30 +++++++++++
++ stdlib/strtod_nan_float.h | 29 +++++++++++
++ stdlib/strtod_nan_main.c | 63 ++++++++++++++++++++++++
++ stdlib/strtod_nan_narrow.h | 22 +++++++++
++ stdlib/strtod_nan_wide.h | 22 +++++++++
++ stdlib/strtof_l.c | 11 +----
++ stdlib/strtof_nan.c | 24 +++++++++
++ stdlib/strtold_nan.c | 30 +++++++++++
++ sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h | 33 +++++++++++++
++ sysdeps/ieee754/ldbl-128/strtold_l.c | 13 +----
++ sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h | 30 +++++++++++
++ sysdeps/ieee754/ldbl-128ibm/strtold_l.c | 10 +---
++ sysdeps/ieee754/ldbl-64-128/strtold_l.c | 13 +----
++ sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h | 30 +++++++++++
++ sysdeps/ieee754/ldbl-96/strtold_l.c | 10 +---
++ wcsmbs/Makefile | 1 +
++ wcsmbs/wcstod_l.c | 3 --
++ wcsmbs/wcstod_nan.c | 23 +++++++++
++ wcsmbs/wcstof_l.c | 3 --
++ wcsmbs/wcstof_nan.c | 23 +++++++++
++ wcsmbs/wcstold_l.c | 3 --
++ wcsmbs/wcstold_nan.c | 30 +++++++++++
++ 28 files changed, 504 insertions(+), 95 deletions(-)
++ create mode 100644 stdlib/strtod_nan.c
++ create mode 100644 stdlib/strtod_nan_double.h
++ create mode 100644 stdlib/strtod_nan_float.h
++ create mode 100644 stdlib/strtod_nan_main.c
++ create mode 100644 stdlib/strtod_nan_narrow.h
++ create mode 100644 stdlib/strtod_nan_wide.h
++ create mode 100644 stdlib/strtof_nan.c
++ create mode 100644 stdlib/strtold_nan.c
++ create mode 100644 sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h
++ create mode 100644 sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h
++ create mode 100644 sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h
++ create mode 100644 wcsmbs/wcstod_nan.c
++ create mode 100644 wcsmbs/wcstof_nan.c
++ create mode 100644 wcsmbs/wcstold_nan.c
++
++Index: git/include/stdlib.h
++===================================================================
++--- git.orig/include/stdlib.h
+++++ git/include/stdlib.h
++@@ -203,6 +203,24 @@ libc_hidden_proto (strtoll)
++ libc_hidden_proto (strtoul)
++ libc_hidden_proto (strtoull)
++
+++extern float __strtof_nan (const char *, char **, char) internal_function;
+++extern double __strtod_nan (const char *, char **, char) internal_function;
+++extern long double __strtold_nan (const char *, char **, char)
+++ internal_function;
+++extern float __wcstof_nan (const wchar_t *, wchar_t **, wchar_t)
+++ internal_function;
+++extern double __wcstod_nan (const wchar_t *, wchar_t **, wchar_t)
+++ internal_function;
+++extern long double __wcstold_nan (const wchar_t *, wchar_t **, wchar_t)
+++ internal_function;
+++
+++libc_hidden_proto (__strtof_nan)
+++libc_hidden_proto (__strtod_nan)
+++libc_hidden_proto (__strtold_nan)
+++libc_hidden_proto (__wcstof_nan)
+++libc_hidden_proto (__wcstod_nan)
+++libc_hidden_proto (__wcstold_nan)
+++
++ extern char *__ecvt (double __value, int __ndigit, int *__restrict __decpt,
++ int *__restrict __sign);
++ extern char *__fcvt (double __value, int __ndigit, int *__restrict __decpt,
++Index: git/include/wchar.h
++===================================================================
++--- git.orig/include/wchar.h
+++++ git/include/wchar.h
++@@ -52,6 +52,9 @@ extern unsigned long long int __wcstoull
++ __restrict __endptr,
++ int __base,
++ int __group) __THROW;
+++extern unsigned long long int ____wcstoull_l_internal (const wchar_t *,
+++ wchar_t **, int, int,
+++ __locale_t);
++ libc_hidden_proto (__wcstof_internal)
++ libc_hidden_proto (__wcstod_internal)
++ libc_hidden_proto (__wcstold_internal)
++Index: git/stdlib/Makefile
++===================================================================
++--- git.orig/stdlib/Makefile
+++++ git/stdlib/Makefile
++@@ -51,6 +51,7 @@ routines-y := \
++ strtol_l strtoul_l strtoll_l strtoull_l \
++ strtof strtod strtold \
++ strtof_l strtod_l strtold_l \
+++ strtof_nan strtod_nan strtold_nan \
++ system canonicalize \
++ a64l l64a \
++ getsubopt xpg_basename \
++Index: git/stdlib/strtod_l.c
++===================================================================
++--- git.orig/stdlib/strtod_l.c
+++++ git/stdlib/strtod_l.c
++@@ -21,8 +21,6 @@
++ #include <xlocale.h>
++
++ extern double ____strtod_l_internal (const char *, char **, int, __locale_t);
++-extern unsigned long long int ____strtoull_l_internal (const char *, char **,
++- int, int, __locale_t);
++
++ /* Configuration part. These macros are defined by `strtold.c',
++ `strtof.c', `wcstod.c', `wcstold.c', and `wcstof.c' to produce the
++@@ -34,27 +32,20 @@ extern unsigned long long int ____strtou
++ # ifdef USE_WIDE_CHAR
++ # define STRTOF wcstod_l
++ # define __STRTOF __wcstod_l
+++# define STRTOF_NAN __wcstod_nan
++ # else
++ # define STRTOF strtod_l
++ # define __STRTOF __strtod_l
+++# define STRTOF_NAN __strtod_nan
++ # endif
++ # define MPN2FLOAT __mpn_construct_double
++ # define FLOAT_HUGE_VAL HUGE_VAL
++-# define SET_MANTISSA(flt, mant) \
++- do { union ieee754_double u; \
++- u.d = (flt); \
++- u.ieee_nan.mantissa0 = (mant) >> 32; \
++- u.ieee_nan.mantissa1 = (mant); \
++- if ((u.ieee.mantissa0 | u.ieee.mantissa1) != 0) \
++- (flt) = u.d; \
++- } while (0)
++ #endif
++ /* End of configuration part. */
++ \f
++ #include <ctype.h>
++ #include <errno.h>
++ #include <float.h>
++-#include <ieee754.h>
++ #include "../locale/localeinfo.h"
++ #include <locale.h>
++ #include <math.h>
++@@ -105,7 +96,6 @@ extern unsigned long long int ____strtou
++ # define TOLOWER_C(Ch) __towlower_l ((Ch), _nl_C_locobj_ptr)
++ # define STRNCASECMP(S1, S2, N) \
++ __wcsncasecmp_l ((S1), (S2), (N), _nl_C_locobj_ptr)
++-# define STRTOULL(S, E, B) ____wcstoull_l_internal ((S), (E), (B), 0, loc)
++ #else
++ # define STRING_TYPE char
++ # define CHAR_TYPE char
++@@ -117,7 +107,6 @@ extern unsigned long long int ____strtou
++ # define TOLOWER_C(Ch) __tolower_l ((Ch), _nl_C_locobj_ptr)
++ # define STRNCASECMP(S1, S2, N) \
++ __strncasecmp_l ((S1), (S2), (N), _nl_C_locobj_ptr)
++-# define STRTOULL(S, E, B) ____strtoull_l_internal ((S), (E), (B), 0, loc)
++ #endif
++
++
++@@ -668,33 +657,14 @@ ____STRTOF_INTERNAL (nptr, endptr, group
++ if (*cp == L_('('))
++ {
++ const STRING_TYPE *startp = cp;
++- do
++- ++cp;
++- while ((*cp >= L_('0') && *cp <= L_('9'))
++- || ({ CHAR_TYPE lo = TOLOWER (*cp);
++- lo >= L_('a') && lo <= L_('z'); })
++- || *cp == L_('_'));
++-
++- if (*cp != L_(')'))
++- /* The closing brace is missing. Only match the NAN
++- part. */
++- cp = startp;
+++ STRING_TYPE *endp;
+++ retval = STRTOF_NAN (cp + 1, &endp, L_(')'));
+++ if (*endp == L_(')'))
+++ /* Consume the closing parenthesis. */
+++ cp = endp + 1;
++ else
++- {
++- /* This is a system-dependent way to specify the
++- bitmask used for the NaN. We expect it to be
++- a number which is put in the mantissa of the
++- number. */
++- STRING_TYPE *endp;
++- unsigned long long int mant;
++-
++- mant = STRTOULL (startp + 1, &endp, 0);
++- if (endp == cp)
++- SET_MANTISSA (retval, mant);
++-
++- /* Consume the closing brace. */
++- ++cp;
++- }
+++ /* Only match the NAN part. */
+++ cp = startp;
++ }
++
++ if (endptr != NULL)
++Index: git/stdlib/strtod_nan.c
++===================================================================
++--- /dev/null
+++++ git/stdlib/strtod_nan.c
++@@ -0,0 +1,24 @@
+++/* Convert string for NaN payload to corresponding NaN. Narrow
+++ strings, double.
+++ Copyright (C) 2015 Free Software Foundation, Inc.
+++ This file is part of the GNU C Library.
+++
+++ The GNU C Library is free software; you can redistribute it and/or
+++ modify it under the terms of the GNU Lesser General Public
+++ License as published by the Free Software Foundation; either
+++ version 2.1 of the License, or (at your option) any later version.
+++
+++ The GNU C Library is distributed in the hope that it will be useful,
+++ but WITHOUT ANY WARRANTY; without even the implied warranty of
+++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+++ Lesser General Public License for more details.
+++
+++ You should have received a copy of the GNU Lesser General Public
+++ License along with the GNU C Library; if not, see
+++ <http://www.gnu.org/licenses/>. */
+++
+++#include <strtod_nan_narrow.h>
+++#include <strtod_nan_double.h>
+++
+++#define STRTOD_NAN __strtod_nan
+++#include <strtod_nan_main.c>
++Index: git/stdlib/strtod_nan_double.h
++===================================================================
++--- /dev/null
+++++ git/stdlib/strtod_nan_double.h
++@@ -0,0 +1,30 @@
+++/* Convert string for NaN payload to corresponding NaN. For double.
+++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
+++ This file is part of the GNU C Library.
+++
+++ The GNU C Library is free software; you can redistribute it and/or
+++ modify it under the terms of the GNU Lesser General Public
+++ License as published by the Free Software Foundation; either
+++ version 2.1 of the License, or (at your option) any later version.
+++
+++ The GNU C Library is distributed in the hope that it will be useful,
+++ but WITHOUT ANY WARRANTY; without even the implied warranty of
+++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+++ Lesser General Public License for more details.
+++
+++ You should have received a copy of the GNU Lesser General Public
+++ License along with the GNU C Library; if not, see
+++ <http://www.gnu.org/licenses/>. */
+++
+++#define FLOAT double
+++#define SET_MANTISSA(flt, mant) \
+++ do \
+++ { \
+++ union ieee754_double u; \
+++ u.d = (flt); \
+++ u.ieee_nan.mantissa0 = (mant) >> 32; \
+++ u.ieee_nan.mantissa1 = (mant); \
+++ if ((u.ieee.mantissa0 | u.ieee.mantissa1) != 0) \
+++ (flt) = u.d; \
+++ } \
+++ while (0)
++Index: git/stdlib/strtod_nan_float.h
++===================================================================
++--- /dev/null
+++++ git/stdlib/strtod_nan_float.h
++@@ -0,0 +1,29 @@
+++/* Convert string for NaN payload to corresponding NaN. For float.
+++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
+++ This file is part of the GNU C Library.
+++
+++ The GNU C Library is free software; you can redistribute it and/or
+++ modify it under the terms of the GNU Lesser General Public
+++ License as published by the Free Software Foundation; either
+++ version 2.1 of the License, or (at your option) any later version.
+++
+++ The GNU C Library is distributed in the hope that it will be useful,
+++ but WITHOUT ANY WARRANTY; without even the implied warranty of
+++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+++ Lesser General Public License for more details.
+++
+++ You should have received a copy of the GNU Lesser General Public
+++ License along with the GNU C Library; if not, see
+++ <http://www.gnu.org/licenses/>. */
+++
+++#define FLOAT float
+++#define SET_MANTISSA(flt, mant) \
+++ do \
+++ { \
+++ union ieee754_float u; \
+++ u.f = (flt); \
+++ u.ieee_nan.mantissa = (mant); \
+++ if (u.ieee.mantissa != 0) \
+++ (flt) = u.f; \
+++ } \
+++ while (0)
++Index: git/stdlib/strtod_nan_main.c
++===================================================================
++--- /dev/null
+++++ git/stdlib/strtod_nan_main.c
++@@ -0,0 +1,63 @@
+++/* Convert string for NaN payload to corresponding NaN.
+++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
+++ This file is part of the GNU C Library.
+++
+++ The GNU C Library is free software; you can redistribute it and/or
+++ modify it under the terms of the GNU Lesser General Public
+++ License as published by the Free Software Foundation; either
+++ version 2.1 of the License, or (at your option) any later version.
+++
+++ The GNU C Library is distributed in the hope that it will be useful,
+++ but WITHOUT ANY WARRANTY; without even the implied warranty of
+++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+++ Lesser General Public License for more details.
+++
+++ You should have received a copy of the GNU Lesser General Public
+++ License along with the GNU C Library; if not, see
+++ <http://www.gnu.org/licenses/>. */
+++
+++#include <ieee754.h>
+++#include <locale.h>
+++#include <math.h>
+++#include <stdlib.h>
+++#include <wchar.h>
+++
+++
+++/* If STR starts with an optional n-char-sequence as defined by ISO C
+++ (a sequence of ASCII letters, digits and underscores), followed by
+++ ENDC, return a NaN whose payload is set based on STR. Otherwise,
+++ return a default NAN. If ENDPTR is not NULL, set *ENDPTR to point
+++ to the character after the initial n-char-sequence. */
+++
+++internal_function
+++FLOAT
+++STRTOD_NAN (const STRING_TYPE *str, STRING_TYPE **endptr, STRING_TYPE endc)
+++{
+++ const STRING_TYPE *cp = str;
+++
+++ while ((*cp >= L_('0') && *cp <= L_('9'))
+++ || (*cp >= L_('A') && *cp <= L_('Z'))
+++ || (*cp >= L_('a') && *cp <= L_('z'))
+++ || *cp == L_('_'))
+++ ++cp;
+++
+++ FLOAT retval = NAN;
+++ if (*cp != endc)
+++ goto out;
+++
+++ /* This is a system-dependent way to specify the bitmask used for
+++ the NaN. We expect it to be a number which is put in the
+++ mantissa of the number. */
+++ STRING_TYPE *endp;
+++ unsigned long long int mant;
+++
+++ mant = STRTOULL (str, &endp, 0);
+++ if (endp == cp)
+++ SET_MANTISSA (retval, mant);
+++
+++ out:
+++ if (endptr != NULL)
+++ *endptr = (STRING_TYPE *) cp;
+++ return retval;
+++}
+++libc_hidden_def (STRTOD_NAN)
++Index: git/stdlib/strtod_nan_narrow.h
++===================================================================
++--- /dev/null
+++++ git/stdlib/strtod_nan_narrow.h
++@@ -0,0 +1,22 @@
+++/* Convert string for NaN payload to corresponding NaN. Narrow strings.
+++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
+++ This file is part of the GNU C Library.
+++
+++ The GNU C Library is free software; you can redistribute it and/or
+++ modify it under the terms of the GNU Lesser General Public
+++ License as published by the Free Software Foundation; either
+++ version 2.1 of the License, or (at your option) any later version.
+++
+++ The GNU C Library is distributed in the hope that it will be useful,
+++ but WITHOUT ANY WARRANTY; without even the implied warranty of
+++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+++ Lesser General Public License for more details.
+++
+++ You should have received a copy of the GNU Lesser General Public
+++ License along with the GNU C Library; if not, see
+++ <http://www.gnu.org/licenses/>. */
+++
+++#define STRING_TYPE char
+++#define L_(Ch) Ch
+++#define STRTOULL(S, E, B) ____strtoull_l_internal ((S), (E), (B), 0, \
+++ _nl_C_locobj_ptr)
++Index: git/stdlib/strtod_nan_wide.h
++===================================================================
++--- /dev/null
+++++ git/stdlib/strtod_nan_wide.h
++@@ -0,0 +1,22 @@
+++/* Convert string for NaN payload to corresponding NaN. Wide strings.
+++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
+++ This file is part of the GNU C Library.
+++
+++ The GNU C Library is free software; you can redistribute it and/or
+++ modify it under the terms of the GNU Lesser General Public
+++ License as published by the Free Software Foundation; either
+++ version 2.1 of the License, or (at your option) any later version.
+++
+++ The GNU C Library is distributed in the hope that it will be useful,
+++ but WITHOUT ANY WARRANTY; without even the implied warranty of
+++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+++ Lesser General Public License for more details.
+++
+++ You should have received a copy of the GNU Lesser General Public
+++ License along with the GNU C Library; if not, see
+++ <http://www.gnu.org/licenses/>. */
+++
+++#define STRING_TYPE wchar_t
+++#define L_(Ch) L##Ch
+++#define STRTOULL(S, E, B) ____wcstoull_l_internal ((S), (E), (B), 0, \
+++ _nl_C_locobj_ptr)
++Index: git/stdlib/strtof_l.c
++===================================================================
++--- git.orig/stdlib/strtof_l.c
+++++ git/stdlib/strtof_l.c
++@@ -20,26 +20,19 @@
++ #include <xlocale.h>
++
++ extern float ____strtof_l_internal (const char *, char **, int, __locale_t);
++-extern unsigned long long int ____strtoull_l_internal (const char *, char **,
++- int, int, __locale_t);
++
++ #define FLOAT float
++ #define FLT FLT
++ #ifdef USE_WIDE_CHAR
++ # define STRTOF wcstof_l
++ # define __STRTOF __wcstof_l
+++# define STRTOF_NAN __wcstof_nan
++ #else
++ # define STRTOF strtof_l
++ # define __STRTOF __strtof_l
+++# define STRTOF_NAN __strtof_nan
++ #endif
++ #define MPN2FLOAT __mpn_construct_float
++ #define FLOAT_HUGE_VAL HUGE_VALF
++-#define SET_MANTISSA(flt, mant) \
++- do { union ieee754_float u; \
++- u.f = (flt); \
++- u.ieee_nan.mantissa = (mant); \
++- if (u.ieee.mantissa != 0) \
++- (flt) = u.f; \
++- } while (0)
++
++ #include "strtod_l.c"
++Index: git/stdlib/strtof_nan.c
++===================================================================
++--- /dev/null
+++++ git/stdlib/strtof_nan.c
++@@ -0,0 +1,24 @@
+++/* Convert string for NaN payload to corresponding NaN. Narrow
+++ strings, float.
+++ Copyright (C) 2015 Free Software Foundation, Inc.
+++ This file is part of the GNU C Library.
+++
+++ The GNU C Library is free software; you can redistribute it and/or
+++ modify it under the terms of the GNU Lesser General Public
+++ License as published by the Free Software Foundation; either
+++ version 2.1 of the License, or (at your option) any later version.
+++
+++ The GNU C Library is distributed in the hope that it will be useful,
+++ but WITHOUT ANY WARRANTY; without even the implied warranty of
+++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+++ Lesser General Public License for more details.
+++
+++ You should have received a copy of the GNU Lesser General Public
+++ License along with the GNU C Library; if not, see
+++ <http://www.gnu.org/licenses/>. */
+++
+++#include <strtod_nan_narrow.h>
+++#include <strtod_nan_float.h>
+++
+++#define STRTOD_NAN __strtof_nan
+++#include <strtod_nan_main.c>
++Index: git/stdlib/strtold_nan.c
++===================================================================
++--- /dev/null
+++++ git/stdlib/strtold_nan.c
++@@ -0,0 +1,30 @@
+++/* Convert string for NaN payload to corresponding NaN. Narrow
+++ strings, long double.
+++ Copyright (C) 2015 Free Software Foundation, Inc.
+++ This file is part of the GNU C Library.
+++
+++ The GNU C Library is free software; you can redistribute it and/or
+++ modify it under the terms of the GNU Lesser General Public
+++ License as published by the Free Software Foundation; either
+++ version 2.1 of the License, or (at your option) any later version.
+++
+++ The GNU C Library is distributed in the hope that it will be useful,
+++ but WITHOUT ANY WARRANTY; without even the implied warranty of
+++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+++ Lesser General Public License for more details.
+++
+++ You should have received a copy of the GNU Lesser General Public
+++ License along with the GNU C Library; if not, see
+++ <http://www.gnu.org/licenses/>. */
+++
+++#include <math.h>
+++
+++/* This function is unused if long double and double have the same
+++ representation. */
+++#ifndef __NO_LONG_DOUBLE_MATH
+++# include <strtod_nan_narrow.h>
+++# include <strtod_nan_ldouble.h>
+++
+++# define STRTOD_NAN __strtold_nan
+++# include <strtod_nan_main.c>
+++#endif
++Index: git/sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h
++===================================================================
++--- /dev/null
+++++ git/sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h
++@@ -0,0 +1,33 @@
+++/* Convert string for NaN payload to corresponding NaN. For ldbl-128.
+++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
+++ This file is part of the GNU C Library.
+++
+++ The GNU C Library is free software; you can redistribute it and/or
+++ modify it under the terms of the GNU Lesser General Public
+++ License as published by the Free Software Foundation; either
+++ version 2.1 of the License, or (at your option) any later version.
+++
+++ The GNU C Library is distributed in the hope that it will be useful,
+++ but WITHOUT ANY WARRANTY; without even the implied warranty of
+++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+++ Lesser General Public License for more details.
+++
+++ You should have received a copy of the GNU Lesser General Public
+++ License along with the GNU C Library; if not, see
+++ <http://www.gnu.org/licenses/>. */
+++
+++#define FLOAT long double
+++#define SET_MANTISSA(flt, mant) \
+++ do \
+++ { \
+++ union ieee854_long_double u; \
+++ u.d = (flt); \
+++ u.ieee_nan.mantissa0 = 0; \
+++ u.ieee_nan.mantissa1 = 0; \
+++ u.ieee_nan.mantissa2 = (mant) >> 32; \
+++ u.ieee_nan.mantissa3 = (mant); \
+++ if ((u.ieee.mantissa0 | u.ieee.mantissa1 \
+++ | u.ieee.mantissa2 | u.ieee.mantissa3) != 0) \
+++ (flt) = u.d; \
+++ } \
+++ while (0)
++Index: git/sysdeps/ieee754/ldbl-128/strtold_l.c
++===================================================================
++--- git.orig/sysdeps/ieee754/ldbl-128/strtold_l.c
+++++ git/sysdeps/ieee754/ldbl-128/strtold_l.c
++@@ -25,22 +25,13 @@
++ #ifdef USE_WIDE_CHAR
++ # define STRTOF wcstold_l
++ # define __STRTOF __wcstold_l
+++# define STRTOF_NAN __wcstold_nan
++ #else
++ # define STRTOF strtold_l
++ # define __STRTOF __strtold_l
+++# define STRTOF_NAN __strtold_nan
++ #endif
++ #define MPN2FLOAT __mpn_construct_long_double
++ #define FLOAT_HUGE_VAL HUGE_VALL
++-#define SET_MANTISSA(flt, mant) \
++- do { union ieee854_long_double u; \
++- u.d = (flt); \
++- u.ieee_nan.mantissa0 = 0; \
++- u.ieee_nan.mantissa1 = 0; \
++- u.ieee_nan.mantissa2 = (mant) >> 32; \
++- u.ieee_nan.mantissa3 = (mant); \
++- if ((u.ieee.mantissa0 | u.ieee.mantissa1 \
++- | u.ieee.mantissa2 | u.ieee.mantissa3) != 0) \
++- (flt) = u.d; \
++- } while (0)
++
++ #include <strtod_l.c>
++Index: git/sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h
++===================================================================
++--- /dev/null
+++++ git/sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h
++@@ -0,0 +1,30 @@
+++/* Convert string for NaN payload to corresponding NaN. For ldbl-128ibm.
+++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
+++ This file is part of the GNU C Library.
+++
+++ The GNU C Library is free software; you can redistribute it and/or
+++ modify it under the terms of the GNU Lesser General Public
+++ License as published by the Free Software Foundation; either
+++ version 2.1 of the License, or (at your option) any later version.
+++
+++ The GNU C Library is distributed in the hope that it will be useful,
+++ but WITHOUT ANY WARRANTY; without even the implied warranty of
+++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+++ Lesser General Public License for more details.
+++
+++ You should have received a copy of the GNU Lesser General Public
+++ License along with the GNU C Library; if not, see
+++ <http://www.gnu.org/licenses/>. */
+++
+++#define FLOAT long double
+++#define SET_MANTISSA(flt, mant) \
+++ do \
+++ { \
+++ union ibm_extended_long_double u; \
+++ u.ld = (flt); \
+++ u.d[0].ieee_nan.mantissa0 = (mant) >> 32; \
+++ u.d[0].ieee_nan.mantissa1 = (mant); \
+++ if ((u.d[0].ieee.mantissa0 | u.d[0].ieee.mantissa1) != 0) \
+++ (flt) = u.ld; \
+++ } \
+++ while (0)
++Index: git/sysdeps/ieee754/ldbl-128ibm/strtold_l.c
++===================================================================
++--- git.orig/sysdeps/ieee754/ldbl-128ibm/strtold_l.c
+++++ git/sysdeps/ieee754/ldbl-128ibm/strtold_l.c
++@@ -30,25 +30,19 @@ extern long double ____new_wcstold_l (co
++ # define STRTOF __new_wcstold_l
++ # define __STRTOF ____new_wcstold_l
++ # define ____STRTOF_INTERNAL ____wcstold_l_internal
+++# define STRTOF_NAN __wcstold_nan
++ #else
++ extern long double ____new_strtold_l (const char *, char **, __locale_t);
++ # define STRTOF __new_strtold_l
++ # define __STRTOF ____new_strtold_l
++ # define ____STRTOF_INTERNAL ____strtold_l_internal
+++# define STRTOF_NAN __strtold_nan
++ #endif
++ extern __typeof (__STRTOF) STRTOF;
++ libc_hidden_proto (__STRTOF)
++ libc_hidden_proto (STRTOF)
++ #define MPN2FLOAT __mpn_construct_long_double
++ #define FLOAT_HUGE_VAL HUGE_VALL
++-# define SET_MANTISSA(flt, mant) \
++- do { union ibm_extended_long_double u; \
++- u.ld = (flt); \
++- u.d[0].ieee_nan.mantissa0 = (mant) >> 32; \
++- u.d[0].ieee_nan.mantissa1 = (mant); \
++- if ((u.d[0].ieee.mantissa0 | u.d[0].ieee.mantissa1) != 0) \
++- (flt) = u.ld; \
++- } while (0)
++
++ #include <strtod_l.c>
++
++Index: git/sysdeps/ieee754/ldbl-64-128/strtold_l.c
++===================================================================
++--- git.orig/sysdeps/ieee754/ldbl-64-128/strtold_l.c
+++++ git/sysdeps/ieee754/ldbl-64-128/strtold_l.c
++@@ -30,28 +30,19 @@ extern long double ____new_wcstold_l (co
++ # define STRTOF __new_wcstold_l
++ # define __STRTOF ____new_wcstold_l
++ # define ____STRTOF_INTERNAL ____wcstold_l_internal
+++# define STRTOF_NAN __wcstold_nan
++ #else
++ extern long double ____new_strtold_l (const char *, char **, __locale_t);
++ # define STRTOF __new_strtold_l
++ # define __STRTOF ____new_strtold_l
++ # define ____STRTOF_INTERNAL ____strtold_l_internal
+++# define STRTOF_NAN __strtold_nan
++ #endif
++ extern __typeof (__STRTOF) STRTOF;
++ libc_hidden_proto (__STRTOF)
++ libc_hidden_proto (STRTOF)
++ #define MPN2FLOAT __mpn_construct_long_double
++ #define FLOAT_HUGE_VAL HUGE_VALL
++-#define SET_MANTISSA(flt, mant) \
++- do { union ieee854_long_double u; \
++- u.d = (flt); \
++- u.ieee_nan.mantissa0 = 0; \
++- u.ieee_nan.mantissa1 = 0; \
++- u.ieee_nan.mantissa2 = (mant) >> 32; \
++- u.ieee_nan.mantissa3 = (mant); \
++- if ((u.ieee.mantissa0 | u.ieee.mantissa1 \
++- | u.ieee.mantissa2 | u.ieee.mantissa3) != 0) \
++- (flt) = u.d; \
++- } while (0)
++
++ #include <strtod_l.c>
++
++Index: git/sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h
++===================================================================
++--- /dev/null
+++++ git/sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h
++@@ -0,0 +1,30 @@
+++/* Convert string for NaN payload to corresponding NaN. For ldbl-96.
+++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
+++ This file is part of the GNU C Library.
+++
+++ The GNU C Library is free software; you can redistribute it and/or
+++ modify it under the terms of the GNU Lesser General Public
+++ License as published by the Free Software Foundation; either
+++ version 2.1 of the License, or (at your option) any later version.
+++
+++ The GNU C Library is distributed in the hope that it will be useful,
+++ but WITHOUT ANY WARRANTY; without even the implied warranty of
+++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+++ Lesser General Public License for more details.
+++
+++ You should have received a copy of the GNU Lesser General Public
+++ License along with the GNU C Library; if not, see
+++ <http://www.gnu.org/licenses/>. */
+++
+++#define FLOAT long double
+++#define SET_MANTISSA(flt, mant) \
+++ do \
+++ { \
+++ union ieee854_long_double u; \
+++ u.d = (flt); \
+++ u.ieee_nan.mantissa0 = (mant) >> 32; \
+++ u.ieee_nan.mantissa1 = (mant); \
+++ if ((u.ieee.mantissa0 | u.ieee.mantissa1) != 0) \
+++ (flt) = u.d; \
+++ } \
+++ while (0)
++Index: git/sysdeps/ieee754/ldbl-96/strtold_l.c
++===================================================================
++--- git.orig/sysdeps/ieee754/ldbl-96/strtold_l.c
+++++ git/sysdeps/ieee754/ldbl-96/strtold_l.c
++@@ -25,19 +25,13 @@
++ #ifdef USE_WIDE_CHAR
++ # define STRTOF wcstold_l
++ # define __STRTOF __wcstold_l
+++# define STRTOF_NAN __wcstold_nan
++ #else
++ # define STRTOF strtold_l
++ # define __STRTOF __strtold_l
+++# define STRTOF_NAN __strtold_nan
++ #endif
++ #define MPN2FLOAT __mpn_construct_long_double
++ #define FLOAT_HUGE_VAL HUGE_VALL
++-#define SET_MANTISSA(flt, mant) \
++- do { union ieee854_long_double u; \
++- u.d = (flt); \
++- u.ieee_nan.mantissa0 = (mant) >> 32; \
++- u.ieee_nan.mantissa1 = (mant); \
++- if ((u.ieee.mantissa0 | u.ieee.mantissa1) != 0) \
++- (flt) = u.d; \
++- } while (0)
++
++ #include <stdlib/strtod_l.c>
++Index: git/wcsmbs/Makefile
++===================================================================
++--- git.orig/wcsmbs/Makefile
+++++ git/wcsmbs/Makefile
++@@ -39,6 +39,7 @@ routines-$(OPTION_POSIX_C_LANG_WIDE_CHAR
++ wcstol wcstoul wcstoll wcstoull wcstod wcstold wcstof \
++ wcstol_l wcstoul_l wcstoll_l wcstoull_l \
++ wcstod_l wcstold_l wcstof_l \
+++ wcstod_nan wcstold_nan wcstof_nan \
++ wcscoll wcsxfrm \
++ wcwidth wcswidth \
++ wcscoll_l wcsxfrm_l \
++Index: git/wcsmbs/wcstod_l.c
++===================================================================
++--- git.orig/wcsmbs/wcstod_l.c
+++++ git/wcsmbs/wcstod_l.c
++@@ -23,9 +23,6 @@
++
++ extern double ____wcstod_l_internal (const wchar_t *, wchar_t **, int,
++ __locale_t);
++-extern unsigned long long int ____wcstoull_l_internal (const wchar_t *,
++- wchar_t **, int, int,
++- __locale_t);
++
++ #define USE_WIDE_CHAR 1
++
++Index: git/wcsmbs/wcstod_nan.c
++===================================================================
++--- /dev/null
+++++ git/wcsmbs/wcstod_nan.c
++@@ -0,0 +1,23 @@
+++/* Convert string for NaN payload to corresponding NaN. Wide strings, double.
+++ Copyright (C) 2015 Free Software Foundation, Inc.
+++ This file is part of the GNU C Library.
+++
+++ The GNU C Library is free software; you can redistribute it and/or
+++ modify it under the terms of the GNU Lesser General Public
+++ License as published by the Free Software Foundation; either
+++ version 2.1 of the License, or (at your option) any later version.
+++
+++ The GNU C Library is distributed in the hope that it will be useful,
+++ but WITHOUT ANY WARRANTY; without even the implied warranty of
+++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+++ Lesser General Public License for more details.
+++
+++ You should have received a copy of the GNU Lesser General Public
+++ License along with the GNU C Library; if not, see
+++ <http://www.gnu.org/licenses/>. */
+++
+++#include "../stdlib/strtod_nan_wide.h"
+++#include "../stdlib/strtod_nan_double.h"
+++
+++#define STRTOD_NAN __wcstod_nan
+++#include "../stdlib/strtod_nan_main.c"
++Index: git/wcsmbs/wcstof_l.c
++===================================================================
++--- git.orig/wcsmbs/wcstof_l.c
+++++ git/wcsmbs/wcstof_l.c
++@@ -25,8 +25,5 @@
++
++ extern float ____wcstof_l_internal (const wchar_t *, wchar_t **, int,
++ __locale_t);
++-extern unsigned long long int ____wcstoull_l_internal (const wchar_t *,
++- wchar_t **, int, int,
++- __locale_t);
++
++ #include <stdlib/strtof_l.c>
++Index: git/wcsmbs/wcstof_nan.c
++===================================================================
++--- /dev/null
+++++ git/wcsmbs/wcstof_nan.c
++@@ -0,0 +1,23 @@
+++/* Convert string for NaN payload to corresponding NaN. Wide strings, float.
+++ Copyright (C) 2015 Free Software Foundation, Inc.
+++ This file is part of the GNU C Library.
+++
+++ The GNU C Library is free software; you can redistribute it and/or
+++ modify it under the terms of the GNU Lesser General Public
+++ License as published by the Free Software Foundation; either
+++ version 2.1 of the License, or (at your option) any later version.
+++
+++ The GNU C Library is distributed in the hope that it will be useful,
+++ but WITHOUT ANY WARRANTY; without even the implied warranty of
+++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+++ Lesser General Public License for more details.
+++
+++ You should have received a copy of the GNU Lesser General Public
+++ License along with the GNU C Library; if not, see
+++ <http://www.gnu.org/licenses/>. */
+++
+++#include "../stdlib/strtod_nan_wide.h"
+++#include "../stdlib/strtod_nan_float.h"
+++
+++#define STRTOD_NAN __wcstof_nan
+++#include "../stdlib/strtod_nan_main.c"
++Index: git/wcsmbs/wcstold_l.c
++===================================================================
++--- git.orig/wcsmbs/wcstold_l.c
+++++ git/wcsmbs/wcstold_l.c
++@@ -24,8 +24,5 @@
++
++ extern long double ____wcstold_l_internal (const wchar_t *, wchar_t **, int,
++ __locale_t);
++-extern unsigned long long int ____wcstoull_l_internal (const wchar_t *,
++- wchar_t **, int, int,
++- __locale_t);
++
++ #include <strtold_l.c>
++Index: git/wcsmbs/wcstold_nan.c
++===================================================================
++--- /dev/null
+++++ git/wcsmbs/wcstold_nan.c
++@@ -0,0 +1,30 @@
+++/* Convert string for NaN payload to corresponding NaN. Wide strings,
+++ long double.
+++ Copyright (C) 2015 Free Software Foundation, Inc.
+++ This file is part of the GNU C Library.
+++
+++ The GNU C Library is free software; you can redistribute it and/or
+++ modify it under the terms of the GNU Lesser General Public
+++ License as published by the Free Software Foundation; either
+++ version 2.1 of the License, or (at your option) any later version.
+++
+++ The GNU C Library is distributed in the hope that it will be useful,
+++ but WITHOUT ANY WARRANTY; without even the implied warranty of
+++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+++ Lesser General Public License for more details.
+++
+++ You should have received a copy of the GNU Lesser General Public
+++ License along with the GNU C Library; if not, see
+++ <http://www.gnu.org/licenses/>. */
+++
+++#include <math.h>
+++
+++/* This function is unused if long double and double have the same
+++ representation. */
+++#ifndef __NO_LONG_DOUBLE_MATH
+++# include "../stdlib/strtod_nan_wide.h"
+++# include <strtod_nan_ldouble.h>
+++
+++# define STRTOD_NAN __wcstold_nan
+++# include "../stdlib/strtod_nan_main.c"
+++#endif
++Index: git/ChangeLog
++===================================================================
++--- git.orig/ChangeLog
+++++ git/ChangeLog
++@@ -1,3 +1,57 @@
+++2015-11-24 Joseph Myers <joseph@codesourcery.com>
+++
+++ * stdlib/strtod_nan.c: New file.
+++ * stdlib/strtod_nan_double.h: Likewise.
+++ * stdlib/strtod_nan_float.h: Likewise.
+++ * stdlib/strtod_nan_main.c: Likewise.
+++ * stdlib/strtod_nan_narrow.h: Likewise.
+++ * stdlib/strtod_nan_wide.h: Likewise.
+++ * stdlib/strtof_nan.c: Likewise.
+++ * stdlib/strtold_nan.c: Likewise.
+++ * sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h: Likewise.
+++ * sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h: Likewise.
+++ * sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h: Likewise.
+++ * wcsmbs/wcstod_nan.c: Likewise.
+++ * wcsmbs/wcstof_nan.c: Likewise.
+++ * wcsmbs/wcstold_nan.c: Likewise.
+++ * stdlib/Makefile (routines): Add strtof_nan, strtod_nan and
+++ strtold_nan.
+++ * wcsmbs/Makefile (routines): Add wcstod_nan, wcstold_nan and
+++ wcstof_nan.
+++ * include/stdlib.h (__strtof_nan): Declare and use
+++ libc_hidden_proto.
+++ (__strtod_nan): Likewise.
+++ (__strtold_nan): Likewise.
+++ (__wcstof_nan): Likewise.
+++ (__wcstod_nan): Likewise.
+++ (__wcstold_nan): Likewise.
+++ * include/wchar.h (____wcstoull_l_internal): Declare.
+++ * stdlib/strtod_l.c: Do not include <ieee754.h>.
+++ (____strtoull_l_internal): Remove declaration.
+++ (STRTOF_NAN): Define macro.
+++ (SET_MANTISSA): Remove macro.
+++ (STRTOULL): Likewise.
+++ (____STRTOF_INTERNAL): Use STRTOF_NAN to parse NaN payload.
+++ * stdlib/strtof_l.c (____strtoull_l_internal): Remove declaration.
+++ (STRTOF_NAN): Define macro.
+++ (SET_MANTISSA): Remove macro.
+++ * sysdeps/ieee754/ldbl-128/strtold_l.c (STRTOF_NAN): Define macro.
+++ (SET_MANTISSA): Remove macro.
+++ * sysdeps/ieee754/ldbl-128ibm/strtold_l.c (STRTOF_NAN): Define
+++ macro.
+++ (SET_MANTISSA): Remove macro.
+++ * sysdeps/ieee754/ldbl-64-128/strtold_l.c (STRTOF_NAN): Define
+++ macro.
+++ (SET_MANTISSA): Remove macro.
+++ * sysdeps/ieee754/ldbl-96/strtold_l.c (STRTOF_NAN): Define macro.
+++ (SET_MANTISSA): Remove macro.
+++ * wcsmbs/wcstod_l.c (____wcstoull_l_internal): Remove declaration.
+++ * wcsmbs/wcstof_l.c (____wcstoull_l_internal): Likewise.
+++ * wcsmbs/wcstold_l.c (____wcstoull_l_internal): Likewise.
+++
+++ [BZ #19266]
+++ * stdlib/strtod_l.c (____STRTOF_INTERNAL): Check directly for
+++ upper case and lower case letters inside NAN(), not using TOLOWER.
++ 2015-08-08 Paul Pluzhnikov <ppluzhnikov@google.com>
++
++ [BZ #17905]
+Index: git/meta/recipes-core/glibc/glibc/CVE-2015-9761_2.patch
+===================================================================
+--- /dev/null
++++ git/meta/recipes-core/glibc/glibc/CVE-2015-9761_2.patch
+@@ -0,0 +1,385 @@
++From 8f5e8b01a1da2a207228f2072c934fa5918554b8 Mon Sep 17 00:00:00 2001
++From: Joseph Myers <joseph@codesourcery.com>
++Date: Fri, 4 Dec 2015 20:36:28 +0000
++Subject: [PATCH] Fix nan functions handling of payload strings (bug 16961, bug
++ 16962).
++
++The nan, nanf and nanl functions handle payload strings by doing e.g.:
++
++ if (tagp[0] != '\0')
++ {
++ char buf[6 + strlen (tagp)];
++ sprintf (buf, "NAN(%s)", tagp);
++ return strtod (buf, NULL);
++ }
++
++This is an unbounded stack allocation based on the length of the
++argument. Furthermore, if the argument starts with an n-char-sequence
++followed by ')', that n-char-sequence is wrongly treated as
++significant for determining the payload of the resulting NaN, when ISO
++C says the call should be equivalent to strtod ("NAN", NULL), without
++being affected by that initial n-char-sequence. This patch fixes both
++those problems by using the __strtod_nan etc. functions recently
++factored out of strtod etc. for that purpose, with those functions
++being exported from libc at version GLIBC_PRIVATE.
++
++Tested for x86_64, x86, mips64 and powerpc.
++
++ [BZ #16961]
++ [BZ #16962]
++ * math/s_nan.c (__nan): Use __strtod_nan instead of constructing a
++ string on the stack for strtod.
++ * math/s_nanf.c (__nanf): Use __strtof_nan instead of constructing
++ a string on the stack for strtof.
++ * math/s_nanl.c (__nanl): Use __strtold_nan instead of
++ constructing a string on the stack for strtold.
++ * stdlib/Versions (libc): Add __strtof_nan, __strtod_nan and
++ __strtold_nan to GLIBC_PRIVATE.
++ * math/test-nan-overflow.c: New file.
++ * math/test-nan-payload.c: Likewise.
++ * math/Makefile (tests): Add test-nan-overflow and
++ test-nan-payload.
++
++Upstream-Status: Backport
++CVE: CVE-2015-9761 patch #2
++[Yocto # 8980]
++
++https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8f5e8b01a1da2a207228f2072c934fa5918554b8
++
++Signed-off-by: Armin Kuster <akuster@mvista.com>
++
++---
++ ChangeLog | 17 +++++++
++ NEWS | 6 +++
++ math/Makefile | 3 +-
++ math/s_nan.c | 9 +---
++ math/s_nanf.c | 9 +---
++ math/s_nanl.c | 9 +---
++ math/test-nan-overflow.c | 66 +++++++++++++++++++++++++
++ math/test-nan-payload.c | 122 +++++++++++++++++++++++++++++++++++++++++++++++
++ stdlib/Versions | 1 +
++ 9 files changed, 217 insertions(+), 25 deletions(-)
++ create mode 100644 math/test-nan-overflow.c
++ create mode 100644 math/test-nan-payload.c
++
++Index: git/ChangeLog
++===================================================================
++--- git.orig/ChangeLog
+++++ git/ChangeLog
++@@ -1,3 +1,20 @@
+++2015-12-04 Joseph Myers <joseph@codesourcery.com>
+++
+++ [BZ #16961]
+++ [BZ #16962]
+++ * math/s_nan.c (__nan): Use __strtod_nan instead of constructing a
+++ string on the stack for strtod.
+++ * math/s_nanf.c (__nanf): Use __strtof_nan instead of constructing
+++ a string on the stack for strtof.
+++ * math/s_nanl.c (__nanl): Use __strtold_nan instead of
+++ constructing a string on the stack for strtold.
+++ * stdlib/Versions (libc): Add __strtof_nan, __strtod_nan and
+++ __strtold_nan to GLIBC_PRIVATE.
+++ * math/test-nan-overflow.c: New file.
+++ * math/test-nan-payload.c: Likewise.
+++ * math/Makefile (tests): Add test-nan-overflow and
+++ test-nan-payload.
+++
++ 2015-11-24 Joseph Myers <joseph@codesourcery.com>
++
++ * stdlib/strtod_nan.c: New file.
++Index: git/NEWS
++===================================================================
++--- git.orig/NEWS
+++++ git/NEWS
++@@ -99,6 +99,12 @@ Version 2.22
++ \f
++ Version 2.21
++
+++Security related changes:
+++
+++* The nan, nanf and nanl functions no longer have unbounded stack usage
+++ depending on the length of the string passed as an argument to the
+++ functions. Reported by Joseph Myers.
+++
++ * The following bugs are resolved with this release:
++
++ 6652, 10672, 12674, 12847, 12926, 13862, 14132, 14138, 14171, 14498,
++Index: git/math/Makefile
++===================================================================
++--- git.orig/math/Makefile
+++++ git/math/Makefile
++@@ -110,6 +110,7 @@ tests = test-matherr test-fenv atest-exp
++ test-tgmath-ret bug-nextafter bug-nexttoward bug-tgmath1 \
++ test-tgmath-int test-tgmath2 test-powl tst-CMPLX tst-CMPLX2 test-snan \
++ test-fenv-tls test-fenv-preserve test-fenv-return test-fenvinline \
+++ test-nan-overflow test-nan-payload \
++ $(tests-static)
++ tests-static = test-fpucw-static test-fpucw-ieee-static
++ # We do the `long double' tests only if this data type is available and
++Index: git/math/s_nan.c
++===================================================================
++--- git.orig/math/s_nan.c
+++++ git/math/s_nan.c
++@@ -28,14 +28,7 @@
++ double
++ __nan (const char *tagp)
++ {
++- if (tagp[0] != '\0')
++- {
++- char buf[6 + strlen (tagp)];
++- sprintf (buf, "NAN(%s)", tagp);
++- return strtod (buf, NULL);
++- }
++-
++- return NAN;
+++ return __strtod_nan (tagp, NULL, 0);
++ }
++ weak_alias (__nan, nan)
++ #ifdef NO_LONG_DOUBLE
++Index: git/math/s_nanf.c
++===================================================================
++--- git.orig/math/s_nanf.c
+++++ git/math/s_nanf.c
++@@ -28,13 +28,6 @@
++ float
++ __nanf (const char *tagp)
++ {
++- if (tagp[0] != '\0')
++- {
++- char buf[6 + strlen (tagp)];
++- sprintf (buf, "NAN(%s)", tagp);
++- return strtof (buf, NULL);
++- }
++-
++- return NAN;
+++ return __strtof_nan (tagp, NULL, 0);
++ }
++ weak_alias (__nanf, nanf)
++Index: git/math/s_nanl.c
++===================================================================
++--- git.orig/math/s_nanl.c
+++++ git/math/s_nanl.c
++@@ -28,13 +28,6 @@
++ long double
++ __nanl (const char *tagp)
++ {
++- if (tagp[0] != '\0')
++- {
++- char buf[6 + strlen (tagp)];
++- sprintf (buf, "NAN(%s)", tagp);
++- return strtold (buf, NULL);
++- }
++-
++- return NAN;
+++ return __strtold_nan (tagp, NULL, 0);
++ }
++ weak_alias (__nanl, nanl)
++Index: git/math/test-nan-overflow.c
++===================================================================
++--- /dev/null
+++++ git/math/test-nan-overflow.c
++@@ -0,0 +1,66 @@
+++/* Test nan functions stack overflow (bug 16962).
+++ Copyright (C) 2015 Free Software Foundation, Inc.
+++ This file is part of the GNU C Library.
+++
+++ The GNU C Library is free software; you can redistribute it and/or
+++ modify it under the terms of the GNU Lesser General Public
+++ License as published by the Free Software Foundation; either
+++ version 2.1 of the License, or (at your option) any later version.
+++
+++ The GNU C Library is distributed in the hope that it will be useful,
+++ but WITHOUT ANY WARRANTY; without even the implied warranty of
+++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+++ Lesser General Public License for more details.
+++
+++ You should have received a copy of the GNU Lesser General Public
+++ License along with the GNU C Library; if not, see
+++ <http://www.gnu.org/licenses/>. */
+++
+++#include <math.h>
+++#include <stdio.h>
+++#include <string.h>
+++#include <sys/resource.h>
+++
+++#define STACK_LIM 1048576
+++#define STRING_SIZE (2 * STACK_LIM)
+++
+++static int
+++do_test (void)
+++{
+++ int result = 0;
+++ struct rlimit lim;
+++ getrlimit (RLIMIT_STACK, &lim);
+++ lim.rlim_cur = STACK_LIM;
+++ setrlimit (RLIMIT_STACK, &lim);
+++ char *nanstr = malloc (STRING_SIZE);
+++ if (nanstr == NULL)
+++ {
+++ puts ("malloc failed, cannot test");
+++ return 77;
+++ }
+++ memset (nanstr, '0', STRING_SIZE - 1);
+++ nanstr[STRING_SIZE - 1] = 0;
+++#define NAN_TEST(TYPE, FUNC) \
+++ do \
+++ { \
+++ char *volatile p = nanstr; \
+++ volatile TYPE v = FUNC (p); \
+++ if (isnan (v)) \
+++ puts ("PASS: " #FUNC); \
+++ else \
+++ { \
+++ puts ("FAIL: " #FUNC); \
+++ result = 1; \
+++ } \
+++ } \
+++ while (0)
+++ NAN_TEST (float, nanf);
+++ NAN_TEST (double, nan);
+++#ifndef NO_LONG_DOUBLE
+++ NAN_TEST (long double, nanl);
+++#endif
+++ return result;
+++}
+++
+++#define TEST_FUNCTION do_test ()
+++#include "../test-skeleton.c"
++Index: git/math/test-nan-payload.c
++===================================================================
++--- /dev/null
+++++ git/math/test-nan-payload.c
++@@ -0,0 +1,122 @@
+++/* Test nan functions payload handling (bug 16961).
+++ Copyright (C) 2015 Free Software Foundation, Inc.
+++ This file is part of the GNU C Library.
+++
+++ The GNU C Library is free software; you can redistribute it and/or
+++ modify it under the terms of the GNU Lesser General Public
+++ License as published by the Free Software Foundation; either
+++ version 2.1 of the License, or (at your option) any later version.
+++
+++ The GNU C Library is distributed in the hope that it will be useful,
+++ but WITHOUT ANY WARRANTY; without even the implied warranty of
+++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+++ Lesser General Public License for more details.
+++
+++ You should have received a copy of the GNU Lesser General Public
+++ License along with the GNU C Library; if not, see
+++ <http://www.gnu.org/licenses/>. */
+++
+++#include <float.h>
+++#include <math.h>
+++#include <stdio.h>
+++#include <stdlib.h>
+++#include <string.h>
+++
+++/* Avoid built-in functions. */
+++#define WRAP_NAN(FUNC, STR) \
+++ ({ const char *volatile wns = (STR); FUNC (wns); })
+++#define WRAP_STRTO(FUNC, STR) \
+++ ({ const char *volatile wss = (STR); FUNC (wss, NULL); })
+++
+++#define CHECK_IS_NAN(TYPE, A) \
+++ do \
+++ { \
+++ if (isnan (A)) \
+++ puts ("PASS: " #TYPE " " #A); \
+++ else \
+++ { \
+++ puts ("FAIL: " #TYPE " " #A); \
+++ result = 1; \
+++ } \
+++ } \
+++ while (0)
+++
+++#define CHECK_SAME_NAN(TYPE, A, B) \
+++ do \
+++ { \
+++ if (memcmp (&(A), &(B), sizeof (A)) == 0) \
+++ puts ("PASS: " #TYPE " " #A " = " #B); \
+++ else \
+++ { \
+++ puts ("FAIL: " #TYPE " " #A " = " #B); \
+++ result = 1; \
+++ } \
+++ } \
+++ while (0)
+++
+++#define CHECK_DIFF_NAN(TYPE, A, B) \
+++ do \
+++ { \
+++ if (memcmp (&(A), &(B), sizeof (A)) != 0) \
+++ puts ("PASS: " #TYPE " " #A " != " #B); \
+++ else \
+++ { \
+++ puts ("FAIL: " #TYPE " " #A " != " #B); \
+++ result = 1; \
+++ } \
+++ } \
+++ while (0)
+++
+++/* Cannot test payloads by memcmp for formats where NaNs have padding
+++ bits. */
+++#define CAN_TEST_EQ(MANT_DIG) ((MANT_DIG) != 64 && (MANT_DIG) != 106)
+++
+++#define RUN_TESTS(TYPE, SFUNC, FUNC, MANT_DIG) \
+++ do \
+++ { \
+++ TYPE n123 = WRAP_NAN (FUNC, "123"); \
+++ CHECK_IS_NAN (TYPE, n123); \
+++ TYPE s123 = WRAP_STRTO (SFUNC, "NAN(123)"); \
+++ CHECK_IS_NAN (TYPE, s123); \
+++ TYPE n456 = WRAP_NAN (FUNC, "456"); \
+++ CHECK_IS_NAN (TYPE, n456); \
+++ TYPE s456 = WRAP_STRTO (SFUNC, "NAN(456)"); \
+++ CHECK_IS_NAN (TYPE, s456); \
+++ TYPE n123x = WRAP_NAN (FUNC, "123)"); \
+++ CHECK_IS_NAN (TYPE, n123x); \
+++ TYPE nemp = WRAP_NAN (FUNC, ""); \
+++ CHECK_IS_NAN (TYPE, nemp); \
+++ TYPE semp = WRAP_STRTO (SFUNC, "NAN()"); \
+++ CHECK_IS_NAN (TYPE, semp); \
+++ TYPE sx = WRAP_STRTO (SFUNC, "NAN"); \
+++ CHECK_IS_NAN (TYPE, sx); \
+++ if (CAN_TEST_EQ (MANT_DIG)) \
+++ CHECK_SAME_NAN (TYPE, n123, s123); \
+++ if (CAN_TEST_EQ (MANT_DIG)) \
+++ CHECK_SAME_NAN (TYPE, n456, s456); \
+++ if (CAN_TEST_EQ (MANT_DIG)) \
+++ CHECK_SAME_NAN (TYPE, nemp, semp); \
+++ if (CAN_TEST_EQ (MANT_DIG)) \
+++ CHECK_SAME_NAN (TYPE, n123x, sx); \
+++ CHECK_DIFF_NAN (TYPE, n123, n456); \
+++ CHECK_DIFF_NAN (TYPE, n123, nemp); \
+++ CHECK_DIFF_NAN (TYPE, n123, n123x); \
+++ CHECK_DIFF_NAN (TYPE, n456, nemp); \
+++ CHECK_DIFF_NAN (TYPE, n456, n123x); \
+++ } \
+++ while (0)
+++
+++static int
+++do_test (void)
+++{
+++ int result = 0;
+++ RUN_TESTS (float, strtof, nanf, FLT_MANT_DIG);
+++ RUN_TESTS (double, strtod, nan, DBL_MANT_DIG);
+++#ifndef NO_LONG_DOUBLE
+++ RUN_TESTS (long double, strtold, nanl, LDBL_MANT_DIG);
+++#endif
+++ return result;
+++}
+++
+++#define TEST_FUNCTION do_test ()
+++#include "../test-skeleton.c"
++Index: git/stdlib/Versions
++===================================================================
++--- git.orig/stdlib/Versions
+++++ git/stdlib/Versions
++@@ -118,5 +118,6 @@ libc {
++ # Used from other libraries
++ __libc_secure_getenv;
++ __call_tls_dtors;
+++ __strtof_nan; __strtod_nan; __strtold_nan;
++ }
++ }
diff --git a/meta/recipes-core/glibc/glibc_2.21.bb b/meta/recipes-core/glibc/glibc_2.21.bb
index afe32d5..5d05f0c 100644
--- a/meta/recipes-core/glibc/glibc_2.21.bb
+++ b/meta/recipes-core/glibc/glibc_2.21.bb
@@ -50,6 +50,7 @@ CVEPATCHES = "\
file://CVE-2015-1781-resolv-nss_dns-dns-host.c-buffer-overf.patch \
file://CVE-2015-8777.patch \
file://CVE-2015-8779.patch \
+ file://CVE-2015-9761.patch \
"
LIC_FILES_CHKSUM = "file://LICENSES;md5=e9a558e243b36d3209f380deb394b213 \
--
2.3.5
next prev parent reply other threads:[~2016-01-25 19:35 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-25 19:34 [PATCH 0/4][fido] Glibc security fixes Armin Kuster
2016-01-25 19:34 ` [PATCH 1/4] glibc: CVE-2015-8777 Armin Kuster
2016-01-25 19:34 ` [PATCH 2/4] glibc: CVE-2015-8779 Armin Kuster
2016-01-25 19:34 ` Armin Kuster [this message]
2016-01-25 19:34 ` [PATCH 4/4] glibc: CVE_2015-8776 Armin Kuster
2016-01-25 20:00 ` [PATCH 0/4][fido] Glibc security fixes Khem Raj
-- strict thread matches above, loose matches on Subject: below --
2016-01-25 19:25 [PATCH 0/4][jethro] " Armin Kuster
2016-01-25 19:25 ` [PATCH 3/4] glibc: CVE-2015-9761 Armin Kuster
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ee0e51ae318eb307a9ffb95101c87e506da948c5.1453750404.git.akuster808@gmail.com \
--to=akuster808@gmail.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.