Accepting request 373692 from home:Andreas_Schwab:Factory

OBS-URL: https://build.opensuse.org/request/show/373692 OBS-URL: https://build.opensuse.org/package/show/Base:System/glibc?expand=0&rev=428
2016-03-16 12:04:18 +00:00 · 2016-03-16 12:04:18 +00:00 · 13c9b7363d
commit 13c9b7363d
parent 353d9cc41d
4 changed files with 54 additions and 31 deletions
--- a/glibc-testsuite.changes
+++ b/glibc-testsuite.changes
@ -1,3 +1,9 @@
 -------------------------------------------------------------------
 Tue Mar 15 10:44:46 UTC 2016 - schwab@suse.de
 - ldd-system-interp.patch: Restore warning about execution permission, it
  is still needed for noexec mounts (bsc#915985)
 -------------------------------------------------------------------
 Tue Mar  8 15:28:16 UTC 2016 - idonmez@suse.com
@ -104,12 +110,12 @@ Mon Feb 15 15:43:02 UTC 2016 - schwab@suse.de
 Thu Nov 26 14:46:21 UTC 2015 - schwab@suse.de
 - reinitialize-dl_load_write_lock.patch: Reinitialize dl_load_write_lock
-  on fork (BZ #19282)
+  on fork (bsc#958315, BZ #19282)
 -------------------------------------------------------------------
 Wed Nov 18 15:09:30 UTC 2015 - schwab@suse.de
- resolv-mem-leak.patch: Fix resource leak in resolver (BZ #19257)
+- resolv-mem-leak.patch: Fix resource leak in resolver (bsc#955647, BZ #19257)
 - tzset-tzname.patch: Force rereading TZDEFRULES after it was used to set
  DST rules only (BZ #19253)
@ -121,8 +127,8 @@ Mon Oct 26 15:22:53 UTC 2015 - schwab@suse.de
 -------------------------------------------------------------------
 Mon Oct 19 12:28:58 UTC 2015 - schwab@suse.de
- ld-pointer-guard.patch: Always enable pointer guard (bsc#950944, BZ
+- ld-pointer-guard.patch: Always enable pointer guard (CVE-2015-8777,
-  #18928)
+  bsc#950944, BZ #18928)
 -------------------------------------------------------------------
 Mon Oct 12 08:12:10 UTC 2015 - schwab@suse.de
@ -180,7 +186,7 @@ Wed Aug  5 09:35:41 UTC 2015 - schwab@suse.de
 - Update to glibc 2.22 release.
  * Cache information can be queried via sysconf() function on s390
  * A buffer overflow in gethostbyname_r and related functions performing DNS
-    requests has been fixed.
+    requests has been fixed.  (CVE-2015-1781)
  * The time zone file parser has been made more robust against crafted time
    zone files
  * A powerpc and powerpc64 optimization for TLS, similar to TLS descriptors
@ -191,6 +197,8 @@ Wed Aug  5 09:35:41 UTC 2015 - schwab@suse.de
    compliance.
  * The header <regexp.h> is deprecated, and will be removed in a future
    release.
  * bsc#905313 bsc#920338 bsc#927080 bsc#928723 bsc#931480 bsc#939211
    bsc#940195 bsc#940332
 - Patches from upstream removed
  * htm-tabort.patch
  * o-tmpfile.patch
@ -254,7 +262,7 @@ Mon Mar 30 09:04:49 UTC 2015 - schwab@suse.de
 - powerpc-software-sqrt.patch: Fix powerpc software sqrt (BZ #17964, BZ
  #17967)
 - nss-separate-state-getXXent.patch: Separate internal state between
-  getXXent and getXXbyYY NSS calls (bsc#918187, BZ #18007)
+  getXXent and getXXbyYY NSS calls (CVE-2014-8121, bsc#918187, BZ #18007)
 - static-tls-dtv-limit.patch: Fix DTV race, assert, DTV_SURPLUS Static TLS
  limit, and nptl_db garbage (bsc#919678, BZ #17090, BZ #17620, BZ #17621,
  BZ #17628)
@ -295,6 +303,8 @@ Mon Feb  9 09:26:01 UTC 2015 - schwab@suse.de
  * i386 memcpy functions optimized with SSE2 unaligned load/store
  * New locales: tu_IN, bh_IN, raj_IN, ce_RU
  * The obsolete sigvec function has been removed
  * CVE-2015-1472 CVE-2015-1473 CVE-2104-7817 CVE-2012-3406 CVE-2014-9402
    CVE-2014-7817 bsc#864081 bsc#906371 bsc#909053 bsc#910599 bsc#916222
 - Patches from upstream removed
  * ifunc-x86-slow-sse4.patch
  * pthread-mutex-trylock-elision.patch
@ -334,6 +344,7 @@ Mon Sep  8 09:48:26 UTC 2014 - schwab@suse.de
    and the LC_* variables), are more tightly checked for proper syntax
  * On x86-64, the dynamic linker's lazy-binding support is now compatible
    with application code using Intel MPX instructions
  * CVE-2013-7423 bsc#915526 bsc#934084
 - Patches from upstream removed
  * nss-dns-memleak.patch
  * sin-sign.patch
--- a/glibc-utils.changes
+++ b/glibc-utils.changes
@ -1,3 +1,9 @@
 -------------------------------------------------------------------
 Tue Mar 15 10:44:46 UTC 2016 - schwab@suse.de
 - ldd-system-interp.patch: Restore warning about execution permission, it
  is still needed for noexec mounts (bsc#915985)
 -------------------------------------------------------------------
 Tue Mar  8 15:28:16 UTC 2016 - idonmez@suse.com
@ -104,12 +110,12 @@ Mon Feb 15 15:43:02 UTC 2016 - schwab@suse.de
 Thu Nov 26 14:46:21 UTC 2015 - schwab@suse.de
 - reinitialize-dl_load_write_lock.patch: Reinitialize dl_load_write_lock
-  on fork (BZ #19282)
+  on fork (bsc#958315, BZ #19282)
 -------------------------------------------------------------------
 Wed Nov 18 15:09:30 UTC 2015 - schwab@suse.de
- resolv-mem-leak.patch: Fix resource leak in resolver (BZ #19257)
+- resolv-mem-leak.patch: Fix resource leak in resolver (bsc#955647, BZ #19257)
 - tzset-tzname.patch: Force rereading TZDEFRULES after it was used to set
  DST rules only (BZ #19253)
@ -121,8 +127,8 @@ Mon Oct 26 15:22:53 UTC 2015 - schwab@suse.de
 -------------------------------------------------------------------
 Mon Oct 19 12:28:58 UTC 2015 - schwab@suse.de
- ld-pointer-guard.patch: Always enable pointer guard (bsc#950944, BZ
+- ld-pointer-guard.patch: Always enable pointer guard (CVE-2015-8777,
-  #18928)
+  bsc#950944, BZ #18928)
 -------------------------------------------------------------------
 Mon Oct 12 08:12:10 UTC 2015 - schwab@suse.de
@ -180,7 +186,7 @@ Wed Aug  5 09:35:41 UTC 2015 - schwab@suse.de
 - Update to glibc 2.22 release.
  * Cache information can be queried via sysconf() function on s390
  * A buffer overflow in gethostbyname_r and related functions performing DNS
-    requests has been fixed.
+    requests has been fixed.  (CVE-2015-1781)
  * The time zone file parser has been made more robust against crafted time
    zone files
  * A powerpc and powerpc64 optimization for TLS, similar to TLS descriptors
@ -191,6 +197,8 @@ Wed Aug  5 09:35:41 UTC 2015 - schwab@suse.de
    compliance.
  * The header <regexp.h> is deprecated, and will be removed in a future
    release.
  * bsc#905313 bsc#920338 bsc#927080 bsc#928723 bsc#931480 bsc#939211
    bsc#940195 bsc#940332
 - Patches from upstream removed
  * htm-tabort.patch
  * o-tmpfile.patch
@ -254,7 +262,7 @@ Mon Mar 30 09:04:49 UTC 2015 - schwab@suse.de
 - powerpc-software-sqrt.patch: Fix powerpc software sqrt (BZ #17964, BZ
  #17967)
 - nss-separate-state-getXXent.patch: Separate internal state between
-  getXXent and getXXbyYY NSS calls (bsc#918187, BZ #18007)
+  getXXent and getXXbyYY NSS calls (CVE-2014-8121, bsc#918187, BZ #18007)
 - static-tls-dtv-limit.patch: Fix DTV race, assert, DTV_SURPLUS Static TLS
  limit, and nptl_db garbage (bsc#919678, BZ #17090, BZ #17620, BZ #17621,
  BZ #17628)
@ -295,6 +303,8 @@ Mon Feb  9 09:26:01 UTC 2015 - schwab@suse.de
  * i386 memcpy functions optimized with SSE2 unaligned load/store
  * New locales: tu_IN, bh_IN, raj_IN, ce_RU
  * The obsolete sigvec function has been removed
  * CVE-2015-1472 CVE-2015-1473 CVE-2104-7817 CVE-2012-3406 CVE-2014-9402
    CVE-2014-7817 bsc#864081 bsc#906371 bsc#909053 bsc#910599 bsc#916222
 - Patches from upstream removed
  * ifunc-x86-slow-sse4.patch
  * pthread-mutex-trylock-elision.patch
@ -334,6 +344,7 @@ Mon Sep  8 09:48:26 UTC 2014 - schwab@suse.de
    and the LC_* variables), are more tightly checked for proper syntax
  * On x86-64, the dynamic linker's lazy-binding support is now compatible
    with application code using Intel MPX instructions
  * CVE-2013-7423 bsc#915526 bsc#934084
 - Patches from upstream removed
  * nss-dns-memleak.patch
  * sin-sign.patch
--- a/glibc.changes
+++ b/glibc.changes
@ -1,3 +1,9 @@
 -------------------------------------------------------------------
 Tue Mar 15 10:44:46 UTC 2016 - schwab@suse.de
 - ldd-system-interp.patch: Restore warning about execution permission, it
  is still needed for noexec mounts (bsc#915985)
 -------------------------------------------------------------------
 Tue Mar  8 15:28:16 UTC 2016 - idonmez@suse.com
@ -104,12 +110,12 @@ Mon Feb 15 15:43:02 UTC 2016 - schwab@suse.de
 Thu Nov 26 14:46:21 UTC 2015 - schwab@suse.de
 - reinitialize-dl_load_write_lock.patch: Reinitialize dl_load_write_lock
-  on fork (BZ #19282)
+  on fork (bsc#958315, BZ #19282)
 -------------------------------------------------------------------
 Wed Nov 18 15:09:30 UTC 2015 - schwab@suse.de
- resolv-mem-leak.patch: Fix resource leak in resolver (BZ #19257)
+- resolv-mem-leak.patch: Fix resource leak in resolver (bsc#955647, BZ #19257)
 - tzset-tzname.patch: Force rereading TZDEFRULES after it was used to set
  DST rules only (BZ #19253)
@ -121,8 +127,8 @@ Mon Oct 26 15:22:53 UTC 2015 - schwab@suse.de
 -------------------------------------------------------------------
 Mon Oct 19 12:28:58 UTC 2015 - schwab@suse.de
- ld-pointer-guard.patch: Always enable pointer guard (bsc#950944, BZ
+- ld-pointer-guard.patch: Always enable pointer guard (CVE-2015-8777,
-  #18928)
+  bsc#950944, BZ #18928)
 -------------------------------------------------------------------
 Mon Oct 12 08:12:10 UTC 2015 - schwab@suse.de
@ -180,7 +186,7 @@ Wed Aug  5 09:35:41 UTC 2015 - schwab@suse.de
 - Update to glibc 2.22 release.
  * Cache information can be queried via sysconf() function on s390
  * A buffer overflow in gethostbyname_r and related functions performing DNS
-    requests has been fixed.
+    requests has been fixed.  (CVE-2015-1781)
  * The time zone file parser has been made more robust against crafted time
    zone files
  * A powerpc and powerpc64 optimization for TLS, similar to TLS descriptors
@ -191,6 +197,8 @@ Wed Aug  5 09:35:41 UTC 2015 - schwab@suse.de
    compliance.
  * The header <regexp.h> is deprecated, and will be removed in a future
    release.
  * bsc#905313 bsc#920338 bsc#927080 bsc#928723 bsc#931480 bsc#939211
    bsc#940195 bsc#940332
 - Patches from upstream removed
  * htm-tabort.patch
  * o-tmpfile.patch
@ -254,7 +262,7 @@ Mon Mar 30 09:04:49 UTC 2015 - schwab@suse.de
 - powerpc-software-sqrt.patch: Fix powerpc software sqrt (BZ #17964, BZ
  #17967)
 - nss-separate-state-getXXent.patch: Separate internal state between
-  getXXent and getXXbyYY NSS calls (bsc#918187, BZ #18007)
+  getXXent and getXXbyYY NSS calls (CVE-2014-8121, bsc#918187, BZ #18007)
 - static-tls-dtv-limit.patch: Fix DTV race, assert, DTV_SURPLUS Static TLS
  limit, and nptl_db garbage (bsc#919678, BZ #17090, BZ #17620, BZ #17621,
  BZ #17628)
@ -295,6 +303,8 @@ Mon Feb  9 09:26:01 UTC 2015 - schwab@suse.de
  * i386 memcpy functions optimized with SSE2 unaligned load/store
  * New locales: tu_IN, bh_IN, raj_IN, ce_RU
  * The obsolete sigvec function has been removed
  * CVE-2015-1472 CVE-2015-1473 CVE-2104-7817 CVE-2012-3406 CVE-2014-9402
    CVE-2014-7817 bsc#864081 bsc#906371 bsc#909053 bsc#910599 bsc#916222
 - Patches from upstream removed
  * ifunc-x86-slow-sse4.patch
  * pthread-mutex-trylock-elision.patch
@ -334,6 +344,7 @@ Mon Sep  8 09:48:26 UTC 2014 - schwab@suse.de
    and the LC_* variables), are more tightly checked for proper syntax
  * On x86-64, the dynamic linker's lazy-binding support is now compatible
    with application code using Intel MPX instructions
  * CVE-2013-7423 bsc#915526 bsc#934084
 - Patches from upstream removed
  * nss-dns-memleak.patch
  * sin-sign.patch
--- a/ldd-system-interp.patch
+++ b/ldd-system-interp.patch
@ -5,23 +5,13 @@ they are invoked with __libc_enable_secure, and run them through the known
 good dynamic linker.
 	* elf/ldd.bash.in: Always run through the dynamic linker, even if
-	the file has its own interpreter.  Remove unneeded executable
+	the file has its own interpreter.
 	check.
 Index: glibc-2.19/elf/ldd.bash.in
 ===================================================================
 --- glibc-2.19.orig/elf/ldd.bash.in
 +++ glibc-2.19/elf/ldd.bash.in
-@@ -150,8 +150,6 @@ for file do
+@@ -164,18 +164,6 @@ warning: you do not have execution permi
     echo "ldd: ${file}:" $"not regular file" >&2
     result=1
   elif test -r "$file"; then
 -    test -x "$file" || echo 'ldd:' $"\
 -warning: you do not have execution permission for" "\`$file'" >&2
     RTLD=
     ret=1
     for rtld in ${RTLDLIST}; do
@@ -164,18 +162,6 @@ warning: you do not have execution permi
       fi
     done
     case $ret in
@ -40,7 +30,7 @@ Index: glibc-2.19/elf/ldd.bash.in
     1)
       # This can be a non-ELF binary or no binary at all.
       nonelf "$file" || {
-@@ -183,7 +169,7 @@ warning: you do not have execution permi
+@@ -183,7 +171,7 @@ warning: you do not have execution permi
 	result=1
       }
       ;;