diff --git a/_multibuild b/_multibuild
index e14556e..1c1b656 100644
--- a/_multibuild
+++ b/_multibuild
@@ -2,4 +2,6 @@
i686
utils
testsuite
+ cross-aarch64
+ cross-riscv64
diff --git a/copy-and-spawn-sgid-double-close.patch b/copy-and-spawn-sgid-double-close.patch
new file mode 100644
index 0000000..bda199e
--- /dev/null
+++ b/copy-and-spawn-sgid-double-close.patch
@@ -0,0 +1,28 @@
+From 45caed9d67a00af917d8b5b88d4b5eb1225b7aef Mon Sep 17 00:00:00 2001
+From: Siddhesh Poyarekar
+Date: Tue, 3 Aug 2021 21:10:53 +0530
+Subject: [PATCH] copy_and_spawn_sgid: Avoid double calls to close()
+
+If close() on infd and outfd succeeded, reset the fd numbers so that
+we don't attempt to close them again.
+
+Reviewed-by: Arjun Shankar
+---
+ support/support_capture_subprocess.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/support/support_capture_subprocess.c b/support/support_capture_subprocess.c
+index 27bfd19c93..0bacf6dbc2 100644
+--- a/support/support_capture_subprocess.c
++++ b/support/support_capture_subprocess.c
+@@ -170,6 +170,7 @@ copy_and_spawn_sgid (char *child_id, gid_t gid)
+ support_subprogram because we only want the program exit status, not the
+ contents. */
+ ret = 0;
++ infd = outfd = -1;
+
+ char * const args[] = {execname, child_id, NULL};
+
+--
+2.32.0
+
diff --git a/fcntl-time-bits-64-redirect.patch b/fcntl-time-bits-64-redirect.patch
new file mode 100644
index 0000000..a752393
--- /dev/null
+++ b/fcntl-time-bits-64-redirect.patch
@@ -0,0 +1,72 @@
+From c87fcacc50505d550f1bb038382bcc7ea73a5926 Mon Sep 17 00:00:00 2001
+From: Florian Weimer
+Date: Fri, 6 Aug 2021 09:51:38 +0200
+Subject: [PATCH] Linux: Fix fcntl, ioctl, prctl redirects for _TIME_BITS=64
+ (bug 28182)
+
+__REDIRECT and __THROW are not compatible with C++ due to the ordering of the
+__asm__ alias and the throw specifier. __REDIRECT_NTH has to be used
+instead.
+
+Fixes commit 8a40aff86ba5f64a3a84883e539cb67b ("io: Add time64 alias
+for fcntl"), commit 82c395d91ea4f69120d453aeec398e30 ("misc: Add
+time64 alias for ioctl"), commit b39ffab860cd743a82c91946619f1b8158
+("Linux: Add time64 alias for prctl").
+
+Reviewed-by: Carlos O'Donell
+---
+ io/fcntl.h | 8 ++++----
+ misc/sys/ioctl.h | 4 ++--
+ sysdeps/unix/sysv/linux/sys/prctl.h | 2 +-
+ 3 files changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/io/fcntl.h b/io/fcntl.h
+index 8917a73b42..1c96f98f4d 100644
+--- a/io/fcntl.h
++++ b/io/fcntl.h
+@@ -187,10 +187,10 @@ extern int fcntl64 (int __fd, int __cmd, ...);
+ # endif
+ #else /* __USE_TIME_BITS64 */
+ # ifdef __REDIRECT
+-extern int __REDIRECT (fcntl, (int __fd, int __request, ...),
+- __fcntl_time64) __THROW;
+-extern int __REDIRECT (fcntl64, (int __fd, int __request, ...),
+- __fcntl_time64) __THROW;
++extern int __REDIRECT_NTH (fcntl, (int __fd, int __request, ...),
++ __fcntl_time64);
++extern int __REDIRECT_NTH (fcntl64, (int __fd, int __request, ...),
++ __fcntl_time64);
+ # else
+ extern int __fcntl_time64 (int __fd, int __request, ...) __THROW;
+ # define fcntl64 __fcntl_time64
+diff --git a/misc/sys/ioctl.h b/misc/sys/ioctl.h
+index 6884d9925f..9945c1e918 100644
+--- a/misc/sys/ioctl.h
++++ b/misc/sys/ioctl.h
+@@ -42,8 +42,8 @@ __BEGIN_DECLS
+ extern int ioctl (int __fd, unsigned long int __request, ...) __THROW;
+ #else
+ # ifdef __REDIRECT
+-extern int __REDIRECT (ioctl, (int __fd, unsigned long int __request, ...),
+- __ioctl_time64) __THROW;
++extern int __REDIRECT_NTH (ioctl, (int __fd, unsigned long int __request, ...),
++ __ioctl_time64);
+ # else
+ extern int __ioctl_time64 (int __fd, unsigned long int __request, ...) __THROW;
+ # define ioctl __ioctl_time64
+diff --git a/sysdeps/unix/sysv/linux/sys/prctl.h b/sysdeps/unix/sysv/linux/sys/prctl.h
+index db88938b3a..f0e0d2f27f 100644
+--- a/sysdeps/unix/sysv/linux/sys/prctl.h
++++ b/sysdeps/unix/sysv/linux/sys/prctl.h
+@@ -42,7 +42,7 @@ __BEGIN_DECLS
+ extern int prctl (int __option, ...) __THROW;
+ #else
+ # ifdef __REDIRECT
+-extern int __REDIRECT (prctl, (int __option, ...), __prctl_time64) __THROW;
++extern int __REDIRECT_NTH (prctl, (int __option, ...), __prctl_time64);
+ # else
+ extern int __prctl_time64 (int __option,d ...) __THROW;
+ # define ioctl __prctl_time64
+--
+2.32.0
+
diff --git a/gaiconf-init-double-free.patch b/gaiconf-init-double-free.patch
new file mode 100644
index 0000000..71c8ad3
--- /dev/null
+++ b/gaiconf-init-double-free.patch
@@ -0,0 +1,36 @@
+From 77a34079d8f3d63b61543bf3af93043f8674e4c4 Mon Sep 17 00:00:00 2001
+From: Siddhesh Poyarekar
+Date: Tue, 3 Aug 2021 21:11:03 +0530
+Subject: [PATCH] gaiconf_init: Avoid double-free in label and precedence lists
+
+labellist and precedencelist could get freed a second time if there
+are allocation failures, so set them to NULL to avoid a double-free.
+
+Reviewed-by: Arjun Shankar
+---
+ sysdeps/posix/getaddrinfo.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c
+index 838a68f022..43dfc6739e 100644
+--- a/sysdeps/posix/getaddrinfo.c
++++ b/sysdeps/posix/getaddrinfo.c
+@@ -2008,6 +2008,7 @@ gaiconf_init (void)
+ l = l->next;
+ }
+ free_prefixlist (labellist);
++ labellist = NULL;
+
+ /* Sort the entries so that the most specific ones are at
+ the beginning. */
+@@ -2046,6 +2047,7 @@ gaiconf_init (void)
+ l = l->next;
+ }
+ free_prefixlist (precedencelist);
++ precedencelist = NULL;
+
+ /* Sort the entries so that the most specific ones are at
+ the beginning. */
+--
+2.32.0
+
diff --git a/gconv-parseconfdir-memory-leak.patch b/gconv-parseconfdir-memory-leak.patch
new file mode 100644
index 0000000..b52f166
--- /dev/null
+++ b/gconv-parseconfdir-memory-leak.patch
@@ -0,0 +1,37 @@
+From 5f9b78fe35d08739b6da1e5b356786d41116c108 Mon Sep 17 00:00:00 2001
+From: Siddhesh Poyarekar
+Date: Tue, 3 Aug 2021 21:10:20 +0530
+Subject: [PATCH] gconv_parseconfdir: Fix memory leak
+
+The allocated `conf` would leak if we have to skip over the file due
+to the underlying filesystem not supporting dt_type.
+
+Reviewed-by: Arjun Shankar
+---
+ iconv/gconv_parseconfdir.h | 9 ++++-----
+ 1 file changed, 4 insertions(+), 5 deletions(-)
+
+diff --git a/iconv/gconv_parseconfdir.h b/iconv/gconv_parseconfdir.h
+index a4153e54c6..2f062689ec 100644
+--- a/iconv/gconv_parseconfdir.h
++++ b/iconv/gconv_parseconfdir.h
+@@ -153,12 +153,11 @@ gconv_parseconfdir (const char *dir, size_t dir_len)
+ struct stat64 st;
+ if (asprintf (&conf, "%s/%s", buf, ent->d_name) < 0)
+ continue;
+- if (ent->d_type == DT_UNKNOWN
+- && (lstat64 (conf, &st) == -1
+- || !S_ISREG (st.st_mode)))
+- continue;
+
+- found |= read_conf_file (conf, dir, dir_len);
++ if (ent->d_type != DT_UNKNOWN
++ || (lstat64 (conf, &st) != -1 && S_ISREG (st.st_mode)))
++ found |= read_conf_file (conf, dir, dir_len);
++
+ free (conf);
+ }
+ }
+--
+2.32.0
+
diff --git a/glibc-2.33.tar.xz b/glibc-2.33.tar.xz
deleted file mode 100644
index 3aa75aa..0000000
--- a/glibc-2.33.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:2e2556000e105dbd57f0b6b2a32ff2cf173bde4f0d85dffccfd8b7e51a0677ff
-size 17031280
diff --git a/glibc-2.33.tar.xz.sig b/glibc-2.33.tar.xz.sig
deleted file mode 100644
index acff9ab..0000000
--- a/glibc-2.33.tar.xz.sig
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEEcnNUKzmWLfeymZMUFnkrTqJTQPgFAmAYVMMACgkQFnkrTqJT
-QPhWfg//VIXR1NrrEU0ekkojS0C+yFpxElmNa3yQ2mGiDLYHyOW8tEbuHLIbmDvx
-psOIKudL86+JzVX9PmO6dZ1AteG2S3wHzv8dw4w5BC3EtvQJBZz7pXwEV+1t3CYR
-SQZ6o1HuN/zcPZ0hvUSsmIBcCrGCg8tCcgc6A5VzIZdXno+WrvnnGioXwLp8BT/q
-ZtWPQCGNidyzIOg9RjXyXkVzElW3Ym6/4kM4VttOT0D2zJ1w3b5Cj07P8GkQY0i9
-iqkMGFHiDlPczHiVzQ85qKiVB9mCM/HNPkAIZaoM4ZzceFvde3BAFsIOzFSPpLjz
-bodG2Sk7C3hoF8d1I8MtcmKhZbw8L1J5pl9qXS1tTpJO5DVupkIxc1pE3kvm5SkS
-WjSti2xIXwGtC7nPkJVXNt8oRGfF6dJXoFgGEIkiEUShVmjO5AZxXq0Vt+GQw69i
-I8QkFJ1PRcNToP1ephBaUS2jLg2OjpO7iITPOhwxKY9C8d59I50p0Zg52RC2t23c
-ZAm2p96kf4O1RfpcBvAkdgyytoAu/hUvsZT+A6sbSej5WbJEInKavDllHQsBz/sm
-LgdiA4KeEaiuoKu+NzLY378ZmQ5Sr9vZ/FAprS3xcAJ7k/kr2/Fb43V3AFV8zI0H
-1khHp7g5yyMZqNCSAT8MxHMHknRVb5wJ3dtp/nXH1TbsWZeUp4M=
-=FTNO
------END PGP SIGNATURE-----
diff --git a/glibc-2.34.tar.xz b/glibc-2.34.tar.xz
new file mode 100644
index 0000000..6d91424
--- /dev/null
+++ b/glibc-2.34.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:44d26a1fe20b8853a48f470ead01e4279e869ac149b195dda4e44a195d981ab2
+size 17301232
diff --git a/glibc-2.34.tar.xz.sig b/glibc-2.34.tar.xz.sig
new file mode 100644
index 0000000..cf91bb4
--- /dev/null
+++ b/glibc-2.34.tar.xz.sig
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEcnNUKzmWLfeymZMUFnkrTqJTQPgFAmEHYusACgkQFnkrTqJT
+QPjoWA//RsX2/6ZMZYfLgE9qFeDqhYZUMQje5L3/5BRHmWKSug5JOAodQv/6/r/a
+SEA9vBwjJXcciE7ZspP8iNtuNpOu0OAvPemnCuUbw77q57h8LX+dDHs5BS9Km4CL
+NWI0vUuI8P1ulXX5BELXWx5uUTz6SSmWh+VmpQ+/CZ4VXkrVp1YIaD6ZrzIUbvVC
+yGOY1cRiT2kjc/E+FEI0YCSqmUqvf/dqPZaeM4H9z2RJW5eddOr0ruHJeEhjschV
+XVqcMJ75UzuWQJjm/nrq3dWRm+ZAkMhXnm695zv9OD+BzXUvNrGxtM3838bFPFQw
+WYXFnrNXSoHV5SCn8xTvJvhjw4uTo7HrA8QJOOvE9lKgyon3NdBgo6graZEWQYiF
+dn2OYX0zj+bArj16+XlJ2jk1e+IkwDZdenQDuJjucR4e6uwnKUcuaAwtqKxL6MBq
+1PYjINL7XFNsDwk9OZLjTCYIQsB3tHS9g3GsVhsX5fZGxa5ZzzyP69kaBMGjsQ4m
+s/aYn0NWpv8MdUe/Nq0lUbMiChp3IIyIG0Zy14NihUH1tirj7odCxmG3qjR5DgUE
+kCWJ5oSNJdrOE1vf3T2mIoN32epYGMedkNbWUtCqJc3LHe21dvPc7sdBUXgl0oJX
+1X2axqrehtrhsfTyzvEfaoMNJfgtQoXEgkJyS3b1zdee3S/O5fA=
+=/JWM
+-----END PGP SIGNATURE-----
diff --git a/glibc.changes b/glibc.changes
index 2f6cd56..479b193 100644
--- a/glibc.changes
+++ b/glibc.changes
@@ -1,3 +1,102 @@
+-------------------------------------------------------------------
+Wed Aug 11 12:56:09 UTC 2021 - Andreas Schwab
+
+- Don't create separate debuginfo packages for cross packages
+
+-------------------------------------------------------------------
+Wed Aug 11 12:23:10 UTC 2021 - Andreas Schwab
+
+- ldconfig-leak-empty-paths.patch: ldconfig: avoid leak on empty paths in
+ config file
+- gconv-parseconfdir-memory-leak.patch: gconv_parseconfdir: Fix memory leak
+- gaiconf-init-double-free.patch: gaiconf_init: Avoid double-free in label
+ and precedence lists
+- copy-and-spawn-sgid-double-close.patch: copy_and_spawn_sgid: Avoid
+ double calls to close()
+- icon-charmap-close-output.patch: iconv_charmap: Close output file when
+ done
+- fcntl-time-bits-64-redirect.patch: Linux: Fix fcntl, ioctl, prctl
+ redirects for _TIME_BITS=64 (BZ #28182)
+- librt-null-pointer.patch: librt: fix NULL pointer dereference (BZ
+ #28213)
+
+-------------------------------------------------------------------
+Tue Aug 10 13:18:54 UTC 2021 - Michael Matz
+
+- Add cross development packages for aarch64 and riscv64.
+
+-------------------------------------------------------------------
+Mon Aug 2 09:38:46 UTC 2021 - Andreas Schwab
+
+- Update to glibc 2.34
+ Major new features:
+ * When _DYNAMIC_STACK_SIZE_SOURCE or _GNU_SOURCE are defined,
+ PTHREAD_STACK_MIN is no longer constant and is redefined to
+ sysconf(_SC_THREAD_STACK_MIN)
+ * Add _SC_MINSIGSTKSZ and _SC_SIGSTKSZ
+ * The dynamic linker implements the --list-diagnostics option, printing
+ a dump of information related to IFUNC resolver operation and
+ glibc-hwcaps subdirectory selection
+ * On Linux, the function execveat has been added
+ * The ISO C2X function timespec_getres has been added
+ * The feature test macro __STDC_WANT_IEC_60559_EXT__, from draft ISO
+ C2X, is supported to enable declarations of functions defined in Annex F
+ of C2X
+ * Add support for 64-bit time_t on configurations like x86 where time_t
+ is traditionally 32-bit
+ * The main gconv-modules file in glibc now contains only a small set of
+ essential converter modules and the rest have been moved into a supplementary
+ configuration file gconv-modules-extra.conf in the gconv-modules.d directory
+ in the same GCONV_PATH
+ * On Linux, a new tunable, glibc.pthread.stack_cache_size, can be used
+ to configure the size of the thread stack cache
+ * The function _Fork has been added as an async-signal-safe fork replacement
+ since Austin Group issue 62 droped the async-signal-safe requirement for
+ fork (and it will be included in the future POSIX standard)
+ * On Linux, the close_range function has been added
+ * The function closefrom has been added
+ * The posix_spawn_file_actions_closefrom_np function has been added, enabling
+ posix_spawn and posix_spawnp to close all file descriptors great than or
+ equal to a giver integer
+ Deprecated and removed features, and other changes affecting compatibility:
+ * The function pthread_mutex_consistent_np has been deprecated
+ * The function pthread_mutexattr_getrobust_np has been deprecated
+ * The function pthread_mutexattr_setrobust_np has been deprecated
+ * The function pthread_yield has been deprecated
+ * The function inet_neta declared in has been deprecated
+ * Various rarely-used functions declared in and
+ have been deprecated
+ * The pthread cancellation handler is now installed with SA_RESTART and
+ pthread_cancel will always send the internal SIGCANCEL on a cancellation
+ request
+ * The symbols mallwatch and tr_break are now deprecated and no longer used in
+ mtrace
+ * The __morecore and __after_morecore_hook malloc hooks and the default
+ implementation __default_morecore have been removed from the API
+ * Debugging features in malloc such as the MALLOC_CHECK_ environment variable
+ (or the glibc.malloc.check tunable), mtrace() and mcheck() have now been
+ disabled by default in the main C library
+ * The deprecated functions malloc_get_state and malloc_set_state have been
+ moved from the core C library into libc_malloc_debug.so
+ * The deprecated memory allocation hooks __malloc_hook, __realloc_hook,
+ __memalign_hook and __free_hook are now removed from the API
+ Changes to build and runtime requirements:
+ * On Linux, the shm_open, sem_open, and related functions now expect the
+ file shared memory file system to be mounted at /dev/shm
+ Security related changes:
+ CVE-2021-27645: The nameserver caching daemon (nscd), when processing
+ a request for netgroup lookup, may crash due to a double-free,
+ potentially resulting in degraded service or Denial of Service on the
+ local system
+ CVE-2021-33574: The mq_notify function has a potential use-after-free
+ issue when using a notification type of SIGEV_THREAD and a thread
+ attribute with a non-default affinity mask
+- nss-database-check-reload.patch, nss-load-chroot.patch,
+ x86-isa-level.patch, nscd-netgroupcache.patch,
+ nss-database-lookup.patch, select-modify-timeout.patch,
+ nptl-db-libpthread-load-order.patch, rawmemchr-warning.patch,
+ tst-cpu-features-amx.patch, mq-notify-use-after-free.patch: Removed
+
-------------------------------------------------------------------
Fri Jun 11 11:42:10 UTC 2021 - Ludwig Nussel
diff --git a/glibc.keyring b/glibc.keyring
index 4defade..01ba63f 100644
--- a/glibc.keyring
+++ b/glibc.keyring
@@ -1,3 +1,8 @@
+Member GPG keyring of libc group.
+
+Note that this keyring is not intended for checking releases of that group.
+Use Group Release Keyring instead.
+
GPG keys of Andreas Schwab
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2
diff --git a/glibc.rpmlintrc b/glibc.rpmlintrc
index daca217..c6ca5a1 100644
--- a/glibc.rpmlintrc
+++ b/glibc.rpmlintrc
@@ -18,3 +18,9 @@ addFilter("shared-lib-calls-exit")
# with glibc, therefore do not warn about them
addFilter("glibc.*no-manual-page-for-binary (getent|iconv|ldd|ldconfig|locale)")
addFilter("nscd.*no-manual-page-for-binary nscd")
+# the cross..-devel packages contain everything, in non-std paths, so no
+# ldconfig is wanted or needed (for sle-15 based trees), and we accept
+# the *.so symlinks, and deliver (target) binaries
+addFilter("cross.*library-without-ldconfig-post.*")
+addFilter("cross.*non-devel-file-in-devel-package.*")
+addFilter("cross.*arch-independent-package-contains-binary-or-object.*")
diff --git a/glibc.spec b/glibc.spec
index 5bda0ed..823615f 100644
--- a/glibc.spec
+++ b/glibc.spec
@@ -1,5 +1,5 @@
#
-# spec file for package glibc%{name_suffix}
+# spec file
#
# Copyright (c) 2021 SUSE LLC
#
@@ -25,6 +25,24 @@
%define flavor @BUILD_FLAVOR@%{nil}
+# We need to map from flavor to cross-arch, but as we need the
+# result in BuildRequires where the build service evaluates, we
+# can use only simple RPM expressions, no lua, no shell, no '{expand:'
+# expression :-/ Ideally we'd like to just strip the 'cross_' prefix,
+# but we can't. So enumerate the possibilities for now.
+%if "%flavor" == "cross-aarch64"
+%define cross_arch aarch64
+%endif
+%if "%flavor" == "cross-riscv64"
+%define cross_arch riscv64
+%endif
+
+%if 0%{?cross_arch:1}
+%define binutils_os %{cross_arch}-suse-linux
+# use same sysroot as in binutils.spec
+%define sysroot %{_prefix}/%{binutils_os}/sys-root
+%endif
+
%if 0%{?usrmerged} || 0%{?suse_version} >= 1550
%bcond_without usrmerged
%else
@@ -35,6 +53,7 @@
%define build_main 1
%define build_utils %{with build_all}
%define build_testsuite %{with build_all}
+%define build_cross 0
%if "%flavor" == "utils"
%if %{with ringdisabled}
ExclusiveArch: do_not_build
@@ -51,6 +70,18 @@ ExclusiveArch: do_not_build
%define build_utils 0
%define build_testsuite 1
%endif
+%if 0%{?cross_arch:1}
+%define build_main 0
+%define build_utils 0
+%define build_testsuite 0
+%define build_cross 1
+%undefine _build_create_debug
+ExcludeArch: %{cross_arch}
+%if %{with ringdisabled}
+ExclusiveArch: do_not_build
+%endif
+%endif
+%define host_arch %{?cross_arch}%{!?cross_arch:%{_target_cpu}}
%if %{build_main}
%define name_suffix %{nil}
@@ -86,6 +117,10 @@ BuildRequires: gd-devel
BuildRequires: libpng-devel
BuildRequires: zlib-devel
%endif
+%if %{build_cross}
+BuildRequires: cross-%{cross_arch}-gcc11-bootstrap
+BuildRequires: cross-%{cross_arch}-linux-glibc-devel
+%endif
%if "%flavor" == "i686"
ExclusiveArch: i586 i686
BuildArch: i686
@@ -99,7 +134,7 @@ BuildArch: i686
%define build_locales 1
%define build_html 0
%else
-%if %{with fast_build} || %{build_utils} && %{without build_all}
+%if %{with fast_build} || %{build_cross} || %{build_utils} && %{without build_all}
%define build_profile 0
%define build_locales 0
%define build_html 0
@@ -131,10 +166,10 @@ BuildArch: i686
%define enablekernel 4.15
%endif
-Version: 2.33
+Version: 2.34
Release: 0
%if !%{build_snapshot}
-%define git_id 9826b03b74
+%define git_id ae37d06c7d
%define libversion %version
%else
%define git_id %(echo %version | sed 's/.*\.g//')
@@ -246,26 +281,20 @@ Patch306: glibc-fix-double-loopback.diff
###
# Patches from upstream
###
-# PATCH-FIX-UPSTREAM nsswitch: return result when nss database is locked (BZ #27343)
-Patch1000: nss-database-check-reload.patch
-# PATCH-FIX-UPSTREAM nss: Re-enable NSS module loading after chroot (BZ #27389)
-Patch1001: nss-load-chroot.patch
-# PATCH-FIX-UPSTREAM x86: Set minimum x86-64 level marker (BZ #27318)
-Patch1002: x86-isa-level.patch
-# PATCH-FIX-UPSTREAM nscd: Fix double free in netgroupcache (CVE-2021-27645, BZ #27462)
-Patch1003: nscd-netgroupcache.patch
-# PATCH-FIX-UPSTREAM nss: fix nss_database_lookup2's alternate handling (BZ #27416)
-Patch1004: nss-database-lookup.patch
-# PATCH-FIX-UPSTREAM linux: always update select timeout (BZ #27706)
-Patch1005: select-modify-timeout.patch
-# PATCH-FIX-UPSTREAM: nptl_db: Support different libpthread/ld.so load orders (BZ #27744)
-Patch1006: nptl-db-libpthread-load-order.patch
-# PATCH-FIX-UPSTREAM: string: Work around GCC PR 98512 in rawmemchr
-Patch1007: rawmemchr-warning.patch
-# PATCH-FIX-UPSTREAM: x86: tst-cpu-features-supports.c: Update AMX check
-Patch1008: tst-cpu-features-amx.patch
-# PATCH-FIX-UPSTREAM: Use __pthread_attr_copy in mq_notify (CVE-2021-33574, BZ #27896)
-Patch1009: mq-notify-use-after-free.patch
+# PATCH-FIX-UPSTREAM ldconfig: avoid leak on empty paths in config file
+Patch1000: ldconfig-leak-empty-paths.patch
+# PATCH-FIX-UPSTREAM gconv_parseconfdir: Fix memory leak
+Patch1001: gconv-parseconfdir-memory-leak.patch
+# PATCH-FIX-UPSTREAM gaiconf_init: Avoid double-free in label and precedence lists
+Patch1002: gaiconf-init-double-free.patch
+# PATCH-FIX-UPSTREAM copy_and_spawn_sgid: Avoid double calls to close()
+Patch1003: copy-and-spawn-sgid-double-close.patch
+# PATCH-FIX-UPSTREAM iconv_charmap: Close output file when done
+Patch1004: icon-charmap-close-output.patch
+# PATCH-FIX-UPSTREAM Linux: Fix fcntl, ioctl, prctl redirects for _TIME_BITS=64 (BZ #28182)
+Patch1005: fcntl-time-bits-64-redirect.patch
+# PATCH-FIX-UPSTREAM librt: fix NULL pointer dereference (BZ #28213)
+Patch1006: librt-null-pointer.patch
###
# Patches awaiting upstream approval
@@ -453,6 +482,18 @@ makedb: A program to create a database for nss
%lang_package
%endif
+%package -n cross-%{cross_arch}-glibc-devel
+Summary: Include Files and Libraries Mandatory for Development
+License: BSD-3-Clause AND LGPL-2.1-or-later AND LGPL-2.1-or-later WITH GCC-exception-2.0 AND GPL-2.0-or-later
+Group: Development/Libraries/C and C++
+Requires: cross-%{cross_arch}-linux-glibc-devel
+BuildArch: noarch
+AutoReqProv: off
+
+%description -n cross-%{cross_arch}-glibc-devel
+These libraries are needed to develop programs which use the standard C
+library in a cross compilation setting.
+
%prep
%setup -n glibc-%{version} -q -a 4
%patch6 -p1
@@ -474,6 +515,9 @@ makedb: A program to create a database for nss
%patch304 -p1
%patch306 -p1
+%patch2000 -p1
+%patch2001 -p1
+
%patch1000 -p1
%patch1001 -p1
%patch1002 -p1
@@ -481,12 +525,6 @@ makedb: A program to create a database for nss
%patch1004 -p1
%patch1005 -p1
%patch1006 -p1
-%patch1007 -p1
-%patch1008 -p1
-%patch1009 -p1
-
-%patch2000 -p1
-%patch2001 -p1
%patch3000
@@ -503,19 +541,22 @@ uptime || :
ulimit -a
nice
# We do not want configure to figure out the system its building one
-# to support a common ground and thus set build and host to the
-# target_cpu.
+# to support a common ground and thus set build and host ourself.
+target="%{host_arch}-suse-linux"
+case " %arm " in
+ *" %{host_arch} "*) target="%{host_arch}-suse-linux-gnueabi" ;;
+esac
%ifarch %arm
-%define target %{_target_cpu}-suse-linux-gnueabi
+%define build %{_target_cpu}-suse-linux-gnueabi
%else
-%define target %{_target_cpu}-suse-linux
+%define build %{_target_cpu}-suse-linux
%endif
# Don't use as-needed, it breaks glibc assumptions
# Before enabling it, run the testsuite and verify that it
# passes completely
export SUSE_ASNEEDED=0
# Adjust glibc version.h
-echo "#define CONFHOST \"%{target}\"" >> version.h
+echo "#define CONFHOST \"${target}\"" >> version.h
echo "#define GITID \"%{git_id}\"" >> version.h
#
# Default CFLAGS and Compiler
@@ -530,6 +571,9 @@ for opt in $tmp; do
-ffortify=* | *_FORTIFY_SOURCE*) ;;
%if "%flavor" == "i686"
*i586*) BuildFlags+=" ${opt/i586/i686}" ;;
+%endif
+%if %{build_cross}
+ -m*) ;; # remove all machine specific options for crosses
%endif
*) BuildFlags+=" $opt" ;;
esac
@@ -542,6 +586,10 @@ BuildCCplus="%__cxx"
#
#now overwrite for some architectures
#
+%if %{build_cross}
+BuildCC=%{cross_arch}-suse-linux-gcc
+BuildCCplus=%{cross_arch}-suse-linux-g++
+%else
%ifarch sparc64
BuildFlags="-O2 -mcpu=ultrasparc -mvis -fcall-used-g6"
BuildCC="gcc -m64"
@@ -578,6 +626,7 @@ BuildCCplus="%__cxx"
# fails to build otherwise - need to recheck and fix
%define enable_stackguard_randomization 0
%endif
+%endif
#
# Build base glibc
@@ -589,13 +638,22 @@ profile="--enable-profile"
%else
profile="--disable-profile"
%endif
+
+CONFARGS=
+case " %{ix86} x86_64 aarch64 " in
+ *" %{host_arch} "*) CONFARGS="$CONFARGS --enable-static-pie" ;;
+esac
+
../configure \
CFLAGS="$BuildFlags" BUILD_CFLAGS="$BuildFlags" \
CC="$BuildCC" CXX="$BuildCCplus" \
--prefix=%{_prefix} \
--libexecdir=%{_libexecdir} --infodir=%{_infodir} \
$profile \
- --build=%{target} --host=%{target} \
+ --build=%{build} --host=${target} \
+%if %{build_cross}
+ --with-headers=%{sysroot}/usr/include \
+%else
%ifarch armv7hl ppc ppc64 ppc64le i686 x86_64 sparc sparc64 s390 s390x
--enable-multi-arch \
%endif
@@ -616,20 +674,27 @@ profile="--disable-profile"
--enable-cet \
%endif
%endif
+ --enable-systemtap \
+%endif
+ $CONFARGS \
%if %{enable_stackguard_randomization}
--enable-stackguard-randomization \
%endif
${enable_stack_protector:+--enable-stack-protector=$enable_stack_protector} \
-%ifarch %{ix86} x86_64 aarch64
- --enable-static-pie \
-%endif
--enable-tunables \
--enable-kernel=%{enablekernel} \
--with-bugurl=http://bugs.opensuse.org \
--enable-bind-now \
- --enable-systemtap \
--disable-timezone-tools \
- --disable-crypt
+ --disable-crypt || \
+ {
+ rc=$?;
+ echo "------- BEGIN config.log ------";
+ %{__cat} config.log;
+ echo "------- END config.log ------";
+ exit $rc;
+ }
+
make %{?_smp_mflags}
cd ..
@@ -742,6 +807,7 @@ mkdir -p %{buildroot}%{_sbindir}
ln -s %{buildroot}%{_sbindir} %{buildroot}/sbin
%endif
+%if !%{build_cross}
%ifarch riscv64
mkdir -p %{buildroot}%{_libdir}
ln -s . %{buildroot}%{_libdir}/lp64d
@@ -750,10 +816,11 @@ mkdir -p %{buildroot}%{slibdir}
ln -s . %{buildroot}%{slibdir}/lp64d
%endif
%endif
+%endif
%if %{build_main}
# We don't want to strip the .symtab from our libraries in find-debuginfo.sh,
-# certainly not from libpthread.so.* because it is used by libthread_db to find
+# certainly not from libc.so.* because it is used by libthread_db to find
# some non-exported symbols in order to detect if threading support
# should be enabled. These symbols are _not_ exported, and we can't easily
# export them retroactively without changing the ABI. So we have to
@@ -857,7 +924,7 @@ install -m 644 %{SOURCE21} %{buildroot}/usr/lib/systemd/system
%if 0%{?rtld_oldname:1}
# Provide compatibility link
-ln -s %{slibdir}/ld-%{libversion}.so %{buildroot}%{rtlddir}/%{rtld_oldname}
+ln -s %{rtlddir}/%{rtld_name} %{buildroot}%{rtlddir}/%{rtld_oldname}
%endif
# Move getconf to %{_libexecdir}/getconf/ to avoid cross device link
@@ -894,22 +961,22 @@ ln -s %{_prefix}/share/misc/Makefile.makedb %{buildroot}/var/lib/misc/Makefile
# LSB
%ifarch %ix86
-ln -sf %{slibdir}/%{rtld_name} $RPM_BUILD_ROOT%{slibdir}/ld-lsb.so.3
+ln -sf %{rtlddir}/%{rtld_name} $RPM_BUILD_ROOT%{slibdir}/ld-lsb.so.3
%endif
%ifarch x86_64
-ln -sf %{slibdir}/%{rtld_name} $RPM_BUILD_ROOT%{slibdir}/ld-lsb-x86-64.so.3
+ln -sf %{rtlddir}/%{rtld_name} $RPM_BUILD_ROOT%{slibdir}/ld-lsb-x86-64.so.3
%endif
%ifarch ppc
-ln -sf %{slibdir}/%{rtld_name} $RPM_BUILD_ROOT%{slibdir}/ld-lsb-ppc32.so.3
+ln -sf %{rtlddir}/%{rtld_name} $RPM_BUILD_ROOT%{slibdir}/ld-lsb-ppc32.so.3
%endif
%ifarch ppc64
-ln -sf %{slibdir}/%{rtld_name} $RPM_BUILD_ROOT%{slibdir}/ld-lsb-ppc64.so.3
+ln -sf %{rtlddir}/%{rtld_name} $RPM_BUILD_ROOT%{slibdir}/ld-lsb-ppc64.so.3
%endif
%ifarch s390
-ln -sf %{slibdir}/%{rtld_name} $RPM_BUILD_ROOT%{slibdir}/ld-lsb-s390.so.3
+ln -sf %{rtlddir}/%{rtld_name} $RPM_BUILD_ROOT%{slibdir}/ld-lsb-s390.so.3
%endif
%ifarch s390x
-ln -sf %{slibdir}/%{rtld_name} $RPM_BUILD_ROOT%{slibdir}/ld-lsb-s390x.so.3
+ln -sf %{rtlddir}/%{rtld_name} $RPM_BUILD_ROOT%{slibdir}/ld-lsb-s390x.so.3
%endif
%else
@@ -920,10 +987,7 @@ make %{?_smp_mflags} install_root=%{buildroot} install -C cc-base \
subdirs='malloc debug elf'
cd manpages; make install_root=%{buildroot} install; cd ..
# Remove unwanted files
-rm -f %{buildroot}%{slibdir}/ld*.so* %{buildroot}%{slibdir}/lib[!mp]*
-%if "%{rtlddir}" != "%{slibdir}"
-rm -f %{buildroot}%{rtlddir}/ld*.so*
-%endif
+rm -f %{buildroot}%{rtlddir}/ld*.so* %{buildroot}%{slibdir}/lib[!mp]*
%if "%{_libdir}" != "%{slibdir}"
rm -f %{buildroot}%{_libdir}/lib*
%else
@@ -941,6 +1005,28 @@ rm %{buildroot}%{slibdir}/lp64d
%endif
+%if %{build_cross}
+# See above
+export STRIP_KEEP_SYMTAB=*.so*
+export NO_BRP_STRIP_DEBUG=true
+make %{?_smp_mflags} install_root=%{buildroot}/%{sysroot} install -C cc-base
+rm -rf %{buildroot}/%{sysroot}/%{_libdir}/audit
+rm -rf %{buildroot}/%{sysroot}/%{_libdir}/gconv
+rm -rf %{buildroot}/%{sysroot}/%{_infodir}
+rm -rf %{buildroot}/%{sysroot}/%{_prefix}/share/i18n
+rm -rf %{buildroot}/%{sysroot}/%{_datadir}/locale/*/
+rm -f %{buildroot}/%{sysroot}/%{_bindir}/makedb
+rm -rf %{buildroot}/%{sysroot}/var/lib
+rm -f %{buildroot}/%{sysroot}/%{_sbindir}/nscd
+
+# Some programs look for /lib/../$subdir where subdir is
+# for instance "lib64". For this path lookup to succeed we need the
+# ../lib subdir, even if it's empty, so enforce its existence.
+mkdir -p %{buildroot}/%{sysroot}/lib
+mkdir -p %{buildroot}/%{sysroot}/%{_prefix}/lib
+
+%endif
+
%endif
%if %{with usrmerged}
@@ -1063,11 +1149,7 @@ exit 0
%doc %{_mandir}/man1/getconf.1.gz
%doc %{_mandir}/man5/*
-%{slibdir}/ld-%{libversion}.so
-%{slibdir}/%{rtld_name}
-%if "%{rtlddir}" != "%{slibdir}"
%{rtlddir}/%{rtld_name}
-%endif
%if 0%{?rtld_oldname:1}
%{rtlddir}/%{rtld_oldname}
%endif
@@ -1083,42 +1165,26 @@ exit 0
%endif
%endif
-%{slibdir}/libBrokenLocale-%{libversion}.so
%{slibdir}/libBrokenLocale.so.1
%{slibdir}/libSegFault.so
-%{slibdir}/libanl-%{libversion}.so
%{slibdir}/libanl.so.1
-%{slibdir}/libc-%{libversion}.so
%{slibdir}/libc.so.6*
-%{slibdir}/libdl-%{libversion}.so
+%{slibdir}/libc_malloc_debug.so.0
%{slibdir}/libdl.so.2*
-%{slibdir}/libm-%{libversion}.so
%{slibdir}/libm.so.6*
%ifarch x86_64
-%{slibdir}/libmvec-%{libversion}.so
%{slibdir}/libmvec.so.1
%endif
-%{slibdir}/libnsl-%{libversion}.so
%{slibdir}/libnsl.so.1
-%{slibdir}/libnss_compat-%{libversion}.so
%{slibdir}/libnss_compat.so.2
-%{slibdir}/libnss_db-%{libversion}.so
%{slibdir}/libnss_db.so.2
-%{slibdir}/libnss_dns-%{libversion}.so
%{slibdir}/libnss_dns.so.2
-%{slibdir}/libnss_files-%{libversion}.so
%{slibdir}/libnss_files.so.2
-%{slibdir}/libnss_hesiod-%{libversion}.so
%{slibdir}/libnss_hesiod.so.2
-%{slibdir}/libpthread-%{libversion}.so
%{slibdir}/libpthread.so.0
-%{slibdir}/libresolv-%{libversion}.so
%{slibdir}/libresolv.so.2
-%{slibdir}/librt-%{libversion}.so
%{slibdir}/librt.so.1
-%{slibdir}/libthread_db-1.0.so
%{slibdir}/libthread_db.so.1
-%{slibdir}/libutil-%{libversion}.so
%{slibdir}/libutil.so.1
%dir %attr(0700,root,root) /var/cache/ldconfig
%{rootsbindir}/ldconfig
@@ -1147,6 +1213,7 @@ exit 0
%dir %{_libdir}/gconv
%{_libdir}/gconv/*.so
%{_libdir}/gconv/gconv-modules
+%{_libdir}/gconv/gconv-modules.d
%attr(0644,root,root) %verify(not md5 size mtime) %ghost %{_libdir}/gconv/gconv-modules.cache
%files locale
@@ -1170,45 +1237,40 @@ exit 0
%{_libdir}/libBrokenLocale.so
%{_libdir}/libanl.so
%{_libdir}/libc.so
-%{_libdir}/libdl.so
+%{_libdir}/libc_malloc_debug.so
%{_libdir}/libm.so
%ifarch x86_64
%{_libdir}/libmvec.so
%endif
%{_libdir}/libnss_compat.so
%{_libdir}/libnss_db.so
-%{_libdir}/libnss_dns.so
-%{_libdir}/libnss_files.so
%{_libdir}/libnss_hesiod.so
-%{_libdir}/libpthread.so
%{_libdir}/libresolv.so
-%{_libdir}/librt.so
%{_libdir}/libthread_db.so
-%{_libdir}/libutil.so
# These static libraries are needed even for shared builds
%{_libdir}/libc_nonshared.a
+%{_libdir}/libdl.a
%{_libdir}/libg.a
%ifarch ppc ppc64 ppc64le s390 s390x sparc sparcv8 sparcv9 sparcv9v
# This is not built on sparc64.
%{_libdir}/libnldbl_nonshared.a
%endif
%{_libdir}/libmcheck.a
+%{_libdir}/libpthread.a
+%{_libdir}/librt.a
+%{_libdir}/libutil.a
%files devel-static
%defattr(-,root,root)
%{_libdir}/libBrokenLocale.a
%{_libdir}/libanl.a
%{_libdir}/libc.a
-%{_libdir}/libdl.a
%{_libdir}/libm.a
%ifarch x86_64
%{_libdir}/libm-%{libversion}.a
%{_libdir}/libmvec.a
%endif
-%{_libdir}/libpthread.a
%{_libdir}/libresolv.a
-%{_libdir}/librt.a
-%{_libdir}/libutil.a
%ifnarch i686
%files info
@@ -1275,6 +1337,13 @@ exit 0
%endif
+%if %{build_cross}
+%files -n cross-%{cross_arch}-glibc-devel
+%defattr(-,root,root)
+%license COPYING COPYING.LIB
+%{sysroot}
+%endif
+
%if %{build_utils}
%files -n glibc-utils
%defattr(-,root,root)
diff --git a/icon-charmap-close-output.patch b/icon-charmap-close-output.patch
new file mode 100644
index 0000000..baf6775
--- /dev/null
+++ b/icon-charmap-close-output.patch
@@ -0,0 +1,26 @@
+From 1e0e6d656db9dfa12ef7eb67976385d3deb0d4ff Mon Sep 17 00:00:00 2001
+From: Siddhesh Poyarekar
+Date: Tue, 3 Aug 2021 21:10:29 +0530
+Subject: [PATCH] iconv_charmap: Close output file when done
+
+Reviewed-by: Arjun Shankar
+---
+ iconv/iconv_charmap.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/iconv/iconv_charmap.c b/iconv/iconv_charmap.c
+index e2d53fee3c..a8b6b56124 100644
+--- a/iconv/iconv_charmap.c
++++ b/iconv/iconv_charmap.c
+@@ -234,6 +234,8 @@ charmap_conversion (const char *from_code, struct charmap_t *from_charmap,
+ while (++remaining < argc);
+
+ /* All done. */
++ if (output != stdout)
++ fclose (output);
+ free_table (cvtbl);
+ return status;
+ }
+--
+2.32.0
+
diff --git a/ldconfig-concurrency.patch b/ldconfig-concurrency.patch
index 87790c6..214a6ca 100644
--- a/ldconfig-concurrency.patch
+++ b/ldconfig-concurrency.patch
@@ -1,11 +1,11 @@
* elf/cache.c (save_cache): Use unique temporary name.
(save_aux_cache): Likewise.
-Index: glibc-2.29/elf/cache.c
+Index: glibc-2.34/elf/cache.c
===================================================================
---- glibc-2.29.orig/elf/cache.c
-+++ glibc-2.29/elf/cache.c
-@@ -427,12 +427,12 @@ save_cache (const char *cache_name)
+--- glibc-2.34.orig/elf/cache.c
++++ glibc-2.34/elf/cache.c
+@@ -716,12 +716,12 @@ save_cache (const char *cache_name)
/* Write out the cache. */
/* Write cache first to a temporary file and rename it later. */
@@ -22,15 +22,7 @@ Index: glibc-2.29/elf/cache.c
if (fd < 0)
error (EXIT_FAILURE, errno, _("Can't create temporary cache file %s"),
temp_name);
-@@ -481,6 +481,7 @@ save_cache (const char *cache_name)
- free (file_entries_new);
- free (file_entries);
- free (strings_finalized.strings);
-+ free (temp_name);
-
- while (entries)
- {
-@@ -804,8 +805,9 @@ save_aux_cache (const char *aux_cache_na
+@@ -1128,8 +1128,9 @@ save_aux_cache (const char *aux_cache_na
/* Write out auxiliary cache file. */
/* Write auxiliary cache first to a temporary file and rename it later. */
@@ -42,7 +34,7 @@ Index: glibc-2.29/elf/cache.c
/* Check that directory exists and create if needed. */
char *dir = strdupa (aux_cache_name);
-@@ -819,8 +821,7 @@ save_aux_cache (const char *aux_cache_na
+@@ -1143,8 +1144,7 @@ save_aux_cache (const char *aux_cache_na
}
/* Create file. */
@@ -52,7 +44,7 @@ Index: glibc-2.29/elf/cache.c
if (fd < 0)
goto out_fail;
-@@ -840,5 +841,6 @@ save_aux_cache (const char *aux_cache_na
+@@ -1167,5 +1167,6 @@ save_aux_cache (const char *aux_cache_na
out_fail:
/* Free allocated memory. */
free (temp_name);
diff --git a/ldconfig-leak-empty-paths.patch b/ldconfig-leak-empty-paths.patch
new file mode 100644
index 0000000..dfe07df
--- /dev/null
+++ b/ldconfig-leak-empty-paths.patch
@@ -0,0 +1,30 @@
+From b0234d79e7d82475d1666f25326ec045c045b3ed Mon Sep 17 00:00:00 2001
+From: Siddhesh Poyarekar
+Date: Tue, 3 Aug 2021 21:10:10 +0530
+Subject: [PATCH] ldconfig: avoid leak on empty paths in config file
+
+Reviewed-by: Arjun Shankar
+---
+ elf/ldconfig.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/elf/ldconfig.c b/elf/ldconfig.c
+index 1037e8d0cf..b8893637f8 100644
+--- a/elf/ldconfig.c
++++ b/elf/ldconfig.c
+@@ -503,7 +503,11 @@ add_dir_1 (const char *line, const char *from_file, int from_line)
+ entry->path[--i] = '\0';
+
+ if (i == 0)
+- return;
++ {
++ free (entry->path);
++ free (entry);
++ return;
++ }
+
+ char *path = entry->path;
+ if (opt_chroot != NULL)
+--
+2.32.0
+
diff --git a/librt-null-pointer.patch b/librt-null-pointer.patch
new file mode 100644
index 0000000..33eea3f
--- /dev/null
+++ b/librt-null-pointer.patch
@@ -0,0 +1,39 @@
+From b805aebd42364fe696e417808a700fdb9800c9e8 Mon Sep 17 00:00:00 2001
+From: Nikita Popov
+Date: Mon, 9 Aug 2021 20:17:34 +0530
+Subject: [PATCH] librt: fix NULL pointer dereference (bug 28213)
+
+Helper thread frees copied attribute on NOTIFY_REMOVED message
+received from the OS kernel. Unfortunately, it fails to check whether
+copied attribute actually exists (data.attr != NULL). This worked
+earlier because free() checks passed pointer before actually
+attempting to release corresponding memory. But
+__pthread_attr_destroy assumes pointer is not NULL.
+
+So passing NULL pointer to __pthread_attr_destroy will result in
+segmentation fault. This scenario is possible if
+notification->sigev_notify_attributes == NULL (which means default
+thread attributes should be used).
+
+Signed-off-by: Nikita Popov
+Reviewed-by: Siddhesh Poyarekar
+---
+ sysdeps/unix/sysv/linux/mq_notify.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/sysdeps/unix/sysv/linux/mq_notify.c b/sysdeps/unix/sysv/linux/mq_notify.c
+index 9799dcdaa4..eccae2e4c6 100644
+--- a/sysdeps/unix/sysv/linux/mq_notify.c
++++ b/sysdeps/unix/sysv/linux/mq_notify.c
+@@ -131,7 +131,7 @@ helper_thread (void *arg)
+ to wait until it is done with it. */
+ (void) __pthread_barrier_wait (¬ify_barrier);
+ }
+- else if (data.raw[NOTIFY_COOKIE_LEN - 1] == NOTIFY_REMOVED)
++ else if (data.raw[NOTIFY_COOKIE_LEN - 1] == NOTIFY_REMOVED && data.attr != NULL)
+ {
+ /* The only state we keep is the copy of the thread attributes. */
+ __pthread_attr_destroy (data.attr);
+--
+2.32.0
+
diff --git a/mq-notify-use-after-free.patch b/mq-notify-use-after-free.patch
deleted file mode 100644
index f3df683..0000000
--- a/mq-notify-use-after-free.patch
+++ /dev/null
@@ -1,109 +0,0 @@
-From 42d359350510506b87101cf77202fefcbfc790cb Mon Sep 17 00:00:00 2001
-From: Andreas Schwab
-Date: Thu, 27 May 2021 12:49:47 +0200
-Subject: [PATCH 1/2] Use __pthread_attr_copy in mq_notify (bug 27896)
-
-Make a deep copy of the pthread attribute object to remove a potential
-use-after-free issue.
-
- CVE-2021-33574: The mq_notify function has a potential use-after-free
- issue when using a notification type of SIGEV_THREAD and a thread
- attribute with a non-default affinity mask.
-
-
-diff --git a/sysdeps/unix/sysv/linux/mq_notify.c b/sysdeps/unix/sysv/linux/mq_notify.c
-index cc575a0cdd..f7ddfe5a6c 100644
---- a/sysdeps/unix/sysv/linux/mq_notify.c
-+++ b/sysdeps/unix/sysv/linux/mq_notify.c
-@@ -133,8 +133,11 @@ helper_thread (void *arg)
- (void) __pthread_barrier_wait (¬ify_barrier);
- }
- else if (data.raw[NOTIFY_COOKIE_LEN - 1] == NOTIFY_REMOVED)
-- /* The only state we keep is the copy of the thread attributes. */
-- free (data.attr);
-+ {
-+ /* The only state we keep is the copy of the thread attributes. */
-+ pthread_attr_destroy (data.attr);
-+ free (data.attr);
-+ }
- }
- return NULL;
- }
-@@ -255,8 +258,7 @@ mq_notify (mqd_t mqdes, const struct sigevent *notification)
- if (data.attr == NULL)
- return -1;
-
-- memcpy (data.attr, notification->sigev_notify_attributes,
-- sizeof (pthread_attr_t));
-+ __pthread_attr_copy (data.attr, notification->sigev_notify_attributes);
- }
-
- /* Construct the new request. */
-@@ -270,7 +272,10 @@ mq_notify (mqd_t mqdes, const struct sigevent *notification)
-
- /* If it failed, free the allocated memory. */
- if (__glibc_unlikely (retval != 0))
-- free (data.attr);
-+ {
-+ pthread_attr_destroy (data.attr);
-+ free (data.attr);
-+ }
-
- return retval;
- }
---
-2.31.1
-
-
-From 217b6dc298156bdb0d6aea9ea93e7e394a5ff091 Mon Sep 17 00:00:00 2001
-From: Florian Weimer
-Date: Tue, 1 Jun 2021 17:51:41 +0200
-Subject: [PATCH 2/2] Fix use of __pthread_attr_copy in mq_notify (bug 27896)
-
-__pthread_attr_copy can fail and does not initialize the attribute
-structure in that case.
-
-If __pthread_attr_copy is never called and there is no allocated
-attribute, pthread_attr_destroy should not be called, otherwise
-there is a null pointer dereference in rt/tst-mqueue6.
-
-Fixes commit 42d359350510506b87101cf77202fefcbfc790cb
-("Use __pthread_attr_copy in mq_notify (bug 27896)").
-
-Reviewed-by: Siddhesh Poyarekar
----
- sysdeps/unix/sysv/linux/mq_notify.c | 11 +++++++++--
- 1 file changed, 9 insertions(+), 2 deletions(-)
-
-diff --git a/sysdeps/unix/sysv/linux/mq_notify.c b/sysdeps/unix/sysv/linux/mq_notify.c
-index f7ddfe5a6c..6f46d29d1d 100644
---- a/sysdeps/unix/sysv/linux/mq_notify.c
-+++ b/sysdeps/unix/sysv/linux/mq_notify.c
-@@ -258,7 +258,14 @@ mq_notify (mqd_t mqdes, const struct sigevent *notification)
- if (data.attr == NULL)
- return -1;
-
-- __pthread_attr_copy (data.attr, notification->sigev_notify_attributes);
-+ int ret = __pthread_attr_copy (data.attr,
-+ notification->sigev_notify_attributes);
-+ if (ret != 0)
-+ {
-+ free (data.attr);
-+ __set_errno (ret);
-+ return -1;
-+ }
- }
-
- /* Construct the new request. */
-@@ -271,7 +278,7 @@ mq_notify (mqd_t mqdes, const struct sigevent *notification)
- int retval = INLINE_SYSCALL (mq_notify, 2, mqdes, &se);
-
- /* If it failed, free the allocated memory. */
-- if (__glibc_unlikely (retval != 0))
-+ if (retval != 0 && data.attr != NULL)
- {
- pthread_attr_destroy (data.attr);
- free (data.attr);
---
-2.31.1
-
diff --git a/nptl-db-libpthread-load-order.patch b/nptl-db-libpthread-load-order.patch
deleted file mode 100644
index 3b644e8..0000000
--- a/nptl-db-libpthread-load-order.patch
+++ /dev/null
@@ -1,380 +0,0 @@
-From a64afc225240b2b27129ccfb0516d7c958b98040 Mon Sep 17 00:00:00 2001
-From: Florian Weimer
-Date: Wed, 21 Apr 2021 11:50:43 +0200
-Subject: [PATCH] nptl_db: Support different libpthread/ld.so load orders (bug
- 27744)
-
-libthread_db is loaded once GDB encounters libpthread, and at this
-point, ld.so may not have been processed by GDB yet. As a result,
-_rtld_global cannot be accessed by regular means from libthread_db.
-To make this work until GDB can be fixed, acess _rtld_global through
-a pointer stored in libpthread.
-
-The new test does not reproduce bug 27744 with
---disable-hardcoded-path-in-tests, but is still a valid smoke test.
-With --enable-hardcoded-path-in-tests, it is necessary to avoid
-add-symbol-file because this can tickle a GDB bug.
-
-Fixes commit 1daccf403b1bd86370eb94edca794dc106d02039 ("nptl: Move
-stack list variables into _rtld_global").
-
-Tested-by: Emil Velikov
----
- nptl/Makefile | 19 +++-
- nptl/pthread_create.c | 8 ++
- nptl/tst-pthread-gdb-attach-static.c | 1 +
- nptl/tst-pthread-gdb-attach.c | 143 +++++++++++++++++++++++++++
- nptl_db/structs.def | 3 +-
- nptl_db/td_init.c | 15 +--
- nptl_db/thread_dbP.h | 2 +
- 7 files changed, 180 insertions(+), 11 deletions(-)
- create mode 100644 nptl/tst-pthread-gdb-attach-static.c
- create mode 100644 nptl/tst-pthread-gdb-attach.c
-
-Index: glibc-2.33/nptl/Makefile
-===================================================================
---- glibc-2.33.orig/nptl/Makefile
-+++ glibc-2.33/nptl/Makefile
-@@ -294,7 +294,8 @@ tests = tst-attr2 tst-attr3 tst-default-
- tst-thread-affinity-sched \
- tst-pthread-defaultattr-free \
- tst-pthread-attr-sigmask \
-- tst-pthread-timedlock-lockloop
-+ tst-pthread-timedlock-lockloop \
-+ tst-pthread-gdb-attach tst-pthread-gdb-attach-static
-
- tests-container = tst-pthread-getattr
-
-@@ -344,6 +345,22 @@ CPPFLAGS-test-cond-printers.c := $(CFLAG
- CPPFLAGS-test-rwlockattr-printers.c := $(CFLAGS-printers-tests)
- CPPFLAGS-test-rwlock-printers.c := $(CFLAGS-printers-tests)
-
-+# Reuse the CFLAGS setting for the GDB attaching test. It needs
-+# debugging information.
-+CFLAGS-tst-pthread-gdb-attach.c := $(CFLAGS-printers-tests)
-+CPPFLAGS-tst-pthread-gdb-attach.c := $(CFLAGS-printers-tests)
-+ifeq ($(build-shared)$(build-hardcoded-path-in-tests),yesno)
-+CPPFLAGS-tst-pthread-gdb-attach.c += -DDO_ADD_SYMBOL_FILE=1
-+else
-+CPPFLAGS-tst-pthread-gdb-attach.c += -DDO_ADD_SYMBOL_FILE=0
-+endif
-+CFLAGS-tst-pthread-gdb-attach-static.c := $(CFLAGS-printers-tests)
-+CPPFLAGS-tst-pthread-gdb-attach-static.c := \
-+ $(CFLAGS-printers-tests) -DDO_ADD_SYMBOL_FILE=0
-+# As of version 9.2, GDB cannot attach properly to PIE programs that
-+# were launched with an explicit ld.so invocation.
-+tst-pthread-gdb-attach-no-pie = yes
-+
- ifeq ($(build-shared),yes)
- tests-printers-libs := $(shared-thread-library)
- else
-@@ -415,7 +432,8 @@ link-libc-static := $(common-objpfx)libc
- tests-static += tst-stackguard1-static \
- tst-cancel24-static \
- tst-mutex8-static tst-mutexpi8-static tst-sem11-static \
-- tst-sem12-static tst-cond11-static
-+ tst-sem12-static tst-cond11-static \
-+ tst-pthread-gdb-attach-static
-
- tests += tst-cancel24-static
-
-Index: glibc-2.33/nptl/pthread_create.c
-===================================================================
---- glibc-2.33.orig/nptl/pthread_create.c
-+++ glibc-2.33/nptl/pthread_create.c
-@@ -51,6 +51,14 @@ static td_thr_events_t __nptl_threads_ev
- /* Pointer to descriptor with the last event. */
- static struct pthread *__nptl_last_event __attribute_used__;
-
-+#ifdef SHARED
-+/* This variable is used to access _rtld_global from libthread_db. If
-+ GDB loads libpthread before ld.so, it is not possible to resolve
-+ _rtld_global directly during libpthread initialization. */
-+static struct rtld_global *__nptl_rtld_global __attribute_used__
-+ = &_rtld_global;
-+#endif
-+
- /* Number of threads running. */
- unsigned int __nptl_nthreads = 1;
-
-Index: glibc-2.33/nptl/tst-pthread-gdb-attach-static.c
-===================================================================
---- /dev/null
-+++ glibc-2.33/nptl/tst-pthread-gdb-attach-static.c
-@@ -0,0 +1 @@
-+#include "tst-pthread-gdb-attach.c"
-Index: glibc-2.33/nptl/tst-pthread-gdb-attach.c
-===================================================================
---- /dev/null
-+++ glibc-2.33/nptl/tst-pthread-gdb-attach.c
-@@ -0,0 +1,217 @@
-+/* Smoke testing GDB process attach with thread-local variable access.
-+ Copyright (C) 2021 Free Software Foundation, Inc.
-+ This file is part of the GNU C Library.
-+
-+ The GNU C Library is free software; you can redistribute it and/or
-+ modify it under the terms of the GNU Lesser General Public
-+ License as published by the Free Software Foundation; either
-+ version 2.1 of the License, or (at your option) any later version.
-+
-+ The GNU C Library is distributed in the hope that it will be useful,
-+ but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-+ Lesser General Public License for more details.
-+
-+ You should have received a copy of the GNU Lesser General Public
-+ License along with the GNU C Library; if not, see
-+ . */
-+
-+/* This test runs GDB against a forked copy of itself, to check
-+ whether libthread_db can be loaded, and that access to thread-local
-+ variables works. */
-+
-+#include
-+#include
-+#include
-+#include
-+#include
-+#include
-+#include
-+#include
-+#include
-+#include
-+#include
-+#include
-+#include
-+#include
-+
-+/* Starts out as zero, changed to 1 or 2 by the debugger, depending on
-+ the thread. */
-+__thread volatile int altered_by_debugger;
-+
-+/* Common prefix between 32-bit and 64-bit ELF. */
-+struct elf_prefix
-+{
-+ unsigned char e_ident[EI_NIDENT];
-+ uint16_t e_type;
-+ uint16_t e_machine;
-+ uint32_t e_version;
-+};
-+_Static_assert (sizeof (struct elf_prefix) == EI_NIDENT + 8,
-+ "padding in struct elf_prefix");
-+
-+/* Reads the ELF header from PATH. Returns true if the header can be
-+ read, false if the file is too short. */
-+static bool
-+read_elf_header (const char *path, struct elf_prefix *elf)
-+{
-+ int fd = xopen (path, O_RDONLY, 0);
-+ bool result = read (fd, elf, sizeof (*elf)) == sizeof (*elf);
-+ xclose (fd);
-+ return result;
-+}
-+
-+/* Searches for "gdb" alongside the path variable. See execvpe. */
-+static char *
-+find_gdb (void)
-+{
-+ const char *path = getenv ("PATH");
-+ if (path == NULL)
-+ return NULL;
-+ while (true)
-+ {
-+ const char *colon = strchrnul (path, ':');
-+ char *candidate = xasprintf ("%.*s/gdb", (int) (colon - path), path);
-+ if (access (candidate, X_OK) == 0)
-+ return candidate;
-+ free (candidate);
-+ if (*colon == '\0')
-+ break;
-+ path = colon + 1;
-+ }
-+ return NULL;
-+}
-+
-+/* Writes the GDB script to run the test to PATH. */
-+static void
-+write_gdbscript (const char *path, int tested_pid)
-+{
-+ FILE *fp = xfopen (path, "w");
-+ fprintf (fp,
-+ "set trace-commands on\n"
-+ "set debug libthread-db 1\n"
-+#if DO_ADD_SYMBOL_FILE
-+ /* Do not do this unconditionally to work around a GDB
-+ assertion failure: ../../gdb/symtab.c:6404:
-+ internal-error: CORE_ADDR get_msymbol_address(objfile*,
-+ const minimal_symbol*): Assertion `(objf->flags &
-+ OBJF_MAINLINE) == 0' failed. */
-+ "add-symbol-file %1$s/nptl/tst-pthread-gdb-attach\n"
-+#endif
-+ "set auto-load safe-path %1$s/nptl_db\n"
-+ "set libthread-db-search-path %1$s/nptl_db\n"
-+ "attach %2$d\n",
-+ support_objdir_root, tested_pid);
-+ fputs ("break debugger_inspection_point\n"
-+ "continue\n"
-+ "thread 1\n"
-+ "print altered_by_debugger\n"
-+ "print altered_by_debugger = 1\n"
-+ "thread 2\n"
-+ "print altered_by_debugger\n"
-+ "print altered_by_debugger = 2\n"
-+ "continue\n",
-+ fp);
-+ xfclose (fp);
-+}
-+
-+/* The test sets a breakpoint on this function and alters the
-+ altered_by_debugger thread-local variable. */
-+void __attribute__ ((weak))
-+debugger_inspection_point (void)
-+{
-+}
-+
-+/* Thread function for the test thread in the subprocess. */
-+static void *
-+subprocess_thread (void *closure)
-+{
-+ /* Wait until altered_by_debugger changes the value away from 0. */
-+ while (altered_by_debugger == 0)
-+ {
-+ usleep (100 * 1000);
-+ debugger_inspection_point ();
-+ }
-+
-+ TEST_COMPARE (altered_by_debugger, 2);
-+ return NULL;
-+}
-+
-+/* This function implements the subprocess under test. It creates a
-+ second thread, waiting for its value to change to 2, and checks
-+ that the main thread also changed its value to 1. */
-+static void
-+in_subprocess (void)
-+{
-+ pthread_t thr = xpthread_create (NULL, subprocess_thread, NULL);
-+ TEST_VERIFY (xpthread_join (thr) == NULL);
-+ TEST_COMPARE (altered_by_debugger, 1);
-+ _exit (0);
-+}
-+
-+static int
-+do_test (void)
-+{
-+ char *gdb_path = find_gdb ();
-+ if (gdb_path == NULL)
-+ FAIL_UNSUPPORTED ("gdb command not found in PATH: %s", getenv ("PATH"));
-+
-+ /* Check that libthread_db is compatible with the gdb architecture
-+ because gdb loads it via dlopen. */
-+ {
-+ char *threaddb_path = xasprintf ("%s/nptl_db/libthread_db.so",
-+ support_objdir_root);
-+ struct elf_prefix elf_threaddb;
-+ TEST_VERIFY_EXIT (read_elf_header (threaddb_path, &elf_threaddb));
-+ struct elf_prefix elf_gdb;
-+ /* If the ELF header cannot be read or "gdb" is not an ELF file,
-+ assume this is a wrapper script that can run. */
-+ if (read_elf_header (gdb_path, &elf_gdb)
-+ && memcmp (&elf_gdb, ELFMAG, SELFMAG) == 0)
-+ {
-+ if (elf_gdb.e_ident[EI_CLASS] != elf_threaddb.e_ident[EI_CLASS])
-+ FAIL_UNSUPPORTED ("GDB at %s has wrong class", gdb_path);
-+ if (elf_gdb.e_ident[EI_DATA] != elf_threaddb.e_ident[EI_DATA])
-+ FAIL_UNSUPPORTED ("GDB at %s has wrong data", gdb_path);
-+ if (elf_gdb.e_machine != elf_threaddb.e_machine)
-+ FAIL_UNSUPPORTED ("GDB at %s has wrong machine", gdb_path);
-+ }
-+ free (threaddb_path);
-+ }
-+
-+ pid_t tested_pid = xfork ();
-+ if (tested_pid == 0)
-+ in_subprocess ();
-+ char *tested_pid_string = xasprintf ("%d", tested_pid);
-+
-+ char *gdbscript;
-+ xclose (create_temp_file ("tst-pthread-gdb-attach-", &gdbscript));
-+ write_gdbscript (gdbscript, tested_pid);
-+
-+ pid_t gdb_pid = xfork ();
-+ if (gdb_pid == 0)
-+ {
-+ xdup2 (STDOUT_FILENO, STDERR_FILENO);
-+ execl (gdb_path, "gdb", "-nx", "-batch", "-x", gdbscript, NULL);
-+ if (errno == ENOENT)
-+ _exit (EXIT_UNSUPPORTED);
-+ else
-+ _exit (1);
-+ }
-+
-+ int status;
-+ TEST_COMPARE (xwaitpid (gdb_pid, &status, 0), gdb_pid);
-+ if (WIFEXITED (status) && WEXITSTATUS (status) == EXIT_UNSUPPORTED)
-+ /* gdb is not installed. */
-+ return EXIT_UNSUPPORTED;
-+ TEST_COMPARE (status, 0);
-+ TEST_COMPARE (xwaitpid (tested_pid, &status, 0), tested_pid);
-+ TEST_COMPARE (status, 0);
-+
-+ free (tested_pid_string);
-+ free (gdbscript);
-+ free (gdb_path);
-+ return 0;
-+}
-+
-+#include
-Index: glibc-2.33/nptl_db/structs.def
-===================================================================
---- glibc-2.33.orig/nptl_db/structs.def
-+++ glibc-2.33/nptl_db/structs.def
-@@ -100,8 +100,7 @@ DB_STRUCT_FIELD (pthread, dtvp)
- #endif
-
- #if !(IS_IN (libpthread) && !defined SHARED)
--DB_STRUCT (rtld_global)
--DB_RTLD_VARIABLE (_rtld_global)
-+DB_VARIABLE (__nptl_rtld_global)
- #endif
- DB_RTLD_GLOBAL_FIELD (dl_tls_dtv_slotinfo_list)
- DB_RTLD_GLOBAL_FIELD (dl_stack_user)
-Index: glibc-2.33/nptl_db/td_init.c
-===================================================================
---- glibc-2.33.orig/nptl_db/td_init.c
-+++ glibc-2.33/nptl_db/td_init.c
-@@ -33,13 +33,14 @@ td_init (void)
- bool
- __td_ta_rtld_global (td_thragent_t *ta)
- {
-- if (ta->ta_addr__rtld_global == 0
-- && td_mod_lookup (ta->ph, LD_SO, SYM__rtld_global,
-- &ta->ta_addr__rtld_global) != PS_OK)
-+ if (ta->ta_addr__rtld_global == 0)
- {
-- ta->ta_addr__rtld_global = (void*)-1;
-- return false;
-+ psaddr_t rtldglobalp;
-+ if (DB_GET_VALUE (rtldglobalp, ta, __nptl_rtld_global, 0) == TD_OK)
-+ ta->ta_addr__rtld_global = rtldglobalp;
-+ else
-+ ta->ta_addr__rtld_global = (void *) -1;
- }
-- else
-- return ta->ta_addr__rtld_global != (void*)-1;
-+
-+ return ta->ta_addr__rtld_global != (void *)-1;
- }
-Index: glibc-2.33/nptl_db/thread_dbP.h
-===================================================================
---- glibc-2.33.orig/nptl_db/thread_dbP.h
-+++ glibc-2.33/nptl_db/thread_dbP.h
-@@ -108,6 +108,8 @@ struct td_thragent
- # undef DB_SYMBOL
- # undef DB_VARIABLE
-
-+ psaddr_t ta_addr__rtld_global;
-+
- /* The method of locating a thread's th_unique value. */
- enum
- {
diff --git a/nscd-netgroupcache.patch b/nscd-netgroupcache.patch
deleted file mode 100644
index dbb29e0..0000000
--- a/nscd-netgroupcache.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From a151f2e05a64727c552a297d129b8ef242ffb3b6 Mon Sep 17 00:00:00 2001
-From: DJ Delorie
-Date: Thu, 25 Feb 2021 16:08:21 -0500
-Subject: [PATCH] nscd: Fix double free in netgroupcache [BZ #27462]
-
-In commit 745664bd798ec8fd50438605948eea594179fba1 a use-after-free
-was fixed, but this led to an occasional double-free. This patch
-tracks the "live" allocation better.
-
-Tested manually by a third party.
-
-Related: RHBZ 1927877
-
-Reviewed-by: Siddhesh Poyarekar
-Reviewed-by: Carlos O'Donell
-(cherry picked from commit dca565886b5e8bd7966e15f0ca42ee5cff686673)
----
- nscd/netgroupcache.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-Index: glibc-2.33/nscd/netgroupcache.c
-===================================================================
---- glibc-2.33.orig/nscd/netgroupcache.c
-+++ glibc-2.33/nscd/netgroupcache.c
-@@ -248,7 +248,7 @@ addgetnetgrentX (struct database_dyn *db
- : NULL);
- ndomain = (ndomain ? newbuf + ndomaindiff
- : NULL);
-- buffer = newbuf;
-+ *tofreep = buffer = newbuf;
- }
-
- nhost = memcpy (buffer + bufused,
-@@ -319,7 +319,7 @@ addgetnetgrentX (struct database_dyn *db
- else if (status == NSS_STATUS_TRYAGAIN && e == ERANGE)
- {
- buflen *= 2;
-- buffer = xrealloc (buffer, buflen);
-+ *tofreep = buffer = xrealloc (buffer, buflen);
- }
- else if (status == NSS_STATUS_RETURN
- || status == NSS_STATUS_NOTFOUND
diff --git a/nss-database-check-reload.patch b/nss-database-check-reload.patch
deleted file mode 100644
index 4610613..0000000
--- a/nss-database-check-reload.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From 17f0ff097887008b2d3dca270c8ffbb4b43a8749 Mon Sep 17 00:00:00 2001
-From: Sergei Trofimovich
-Date: Fri, 5 Feb 2021 07:32:18 +0000
-Subject: [PATCH] nsswitch: return result when nss database is locked [BZ
- #27343]
-
-Before the change nss_database_check_reload_and_get() did not populate
-the '*result' value when it returned success in a case of chroot
-detection. This caused initgroups() to use garage pointer in the
-following test (extracted from unbound):
-
-```
-
-int main() {
- // load some NSS modules
- struct passwd * pw = getpwnam("root");
-
- chdir("/tmp");
- chroot("/tmp");
- chdir("/");
- // access nsswitch.conf in a chroot
- initgroups("root", 0);
-}
-```
-
-Reviewed-by: DJ Delorie
----
- nss/nss_database.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-Index: glibc-2.33/nss/nss_database.c
-===================================================================
---- glibc-2.33.orig/nss/nss_database.c
-+++ glibc-2.33/nss/nss_database.c
-@@ -400,8 +400,9 @@ nss_database_check_reload_and_get (struc
- && (str.st_ino != local->root_ino
- || str.st_dev != local->root_dev)))
- {
-- /* Change detected; disable reloading. */
-+ /* Change detected; disable reloading and return current state. */
- atomic_store_release (&local->data.reload_disabled, 1);
-+ *result = local->data.services[database_index];
- __libc_lock_unlock (local->lock);
- __nss_module_disable_loading ();
- return true;
diff --git a/nss-database-lookup.patch b/nss-database-lookup.patch
deleted file mode 100644
index b34e1f6..0000000
--- a/nss-database-lookup.patch
+++ /dev/null
@@ -1,854 +0,0 @@
-From 9b456c5da968ee832ea4b2b73a18a5bf6d2118a6 Mon Sep 17 00:00:00 2001
-From: DJ Delorie
-Date: Mon, 15 Feb 2021 21:34:23 -0500
-Subject: [PATCH] nss: fix nss_database_lookup2's alternate handling [BZ
- #27416]
-
-__nss_database_lookup2's extra arguments were left unused in the
-nsswitch reloading patch set; this broke compat (default config
-ignored) and shadow files (secondary name ignored) which relies on
-these fallbacks.
-
-This patch adds in the previous behavior by correcting the
-initialization of the database list to reflect the fallbacks. This
-means that the nss_database_lookup2 interface no longer needs to be
-passed the fallback info, so API and callers were adjusted.
-
-Since all callers needed to be edited anyway, the calls were changed
-from __nss_database_lookup2 to the faster __nss_database_get. This
-was an intended optimization which was deferred during the initial
-lookup changes to avoid touching so many files.
-
-The test case verifies that compat targets work (passwd) and that the
-default configuration works (group). Tested on x86-64.
----
- nscd/aicache.c | 4 +-
- nscd/initgrcache.c | 3 +-
- nscd/netgroupcache.c | 2 +-
- nss/Makefile | 1 +
- nss/Versions | 2 +-
- nss/XXX-lookup.c | 17 +---
- nss/databases.def | 3 +
- nss/grp-lookup.c | 1 -
- nss/hosts-lookup.c | 1 -
- nss/key-lookup.c | 1 -
- nss/network-lookup.c | 1 -
- nss/nss_compat/compat-grp.c | 2 +-
- nss/nss_compat/compat-initgroups.c | 2 +-
- nss/nss_compat/compat-pwd.c | 2 +-
- nss/nss_compat/compat-spwd.c | 3 +-
- nss/nss_database.c | 38 +++++++-
- nss/nss_database.h | 5 +-
- nss/nss_module.c | 20 ++--
- nss/nss_test.h | 7 ++
- nss/nss_test1.c | 93 +++++++++++++++++++
- nss/nsswitch.c | 40 --------
- nss/nsswitch.h | 9 --
- nss/pwd-lookup.c | 1 -
- nss/sgrp-lookup.c | 2 -
- nss/spwd-lookup.c | 2 -
- nss/tst-nss-compat1.c | 81 ++++++++++++++++
- nss/tst-nss-compat1.root/etc/group | 1 +
- nss/tst-nss-compat1.root/etc/nsswitch.conf | 3 +
- nss/tst-nss-compat1.root/etc/passwd | 3 +
- nss/tst-nss-compat1.root/etc/shadow | 2 +
- .../tst-nss-compat1.script | 1 +
- sysdeps/posix/getaddrinfo.c | 4 +-
- 32 files changed, 252 insertions(+), 105 deletions(-)
- create mode 100644 nss/tst-nss-compat1.c
- create mode 100644 nss/tst-nss-compat1.root/etc/group
- create mode 100644 nss/tst-nss-compat1.root/etc/nsswitch.conf
- create mode 100644 nss/tst-nss-compat1.root/etc/passwd
- create mode 100644 nss/tst-nss-compat1.root/etc/shadow
- create mode 100644 nss/tst-nss-compat1.root/tst-nss-compat1.script
-
-Index: glibc-2.33/nscd/aicache.c
-===================================================================
---- glibc-2.33.orig/nscd/aicache.c
-+++ glibc-2.33/nscd/aicache.c
-@@ -77,9 +77,7 @@ addhstaiX (struct database_dyn *db, int
- int rc4 = 0;
- int herrno = 0;
-
-- no_more = __nss_database_lookup2 ("hosts", NULL,
-- "dns [!UNAVAIL=return] files",
-- &nip);
-+ no_more = !__nss_database_get (nss_database_hosts, &nip);
-
- /* Initialize configurations. */
- struct resolv_context *ctx = __resolv_context_get ();
-Index: glibc-2.33/nscd/initgrcache.c
-===================================================================
---- glibc-2.33.orig/nscd/initgrcache.c
-+++ glibc-2.33/nscd/initgrcache.c
-@@ -82,8 +82,7 @@ addinitgroupsX (struct database_dyn *db,
- int no_more;
-
- if (group_database == NULL)
-- no_more = __nss_database_lookup2 ("group", NULL, "files",
-- &group_database);
-+ no_more = !__nss_database_get (nss_database_group, &group_database);
- else
- no_more = 0;
- nip = group_database;
-Index: glibc-2.33/nscd/netgroupcache.c
-===================================================================
---- glibc-2.33.orig/nscd/netgroupcache.c
-+++ glibc-2.33/nscd/netgroupcache.c
-@@ -143,7 +143,7 @@ addgetnetgrentX (struct database_dyn *db
- *tofreep = NULL;
-
- if (netgroup_database == NULL
-- && __nss_database_lookup2 ("netgroup", NULL, NULL, &netgroup_database))
-+ && !__nss_database_get (nss_database_netgroup, &netgroup_database))
- {
- /* No such service. */
- cacheable = do_notfound (db, fd, req, key, &dataset, &total, &timeout,
-Index: glibc-2.33/nss/Makefile
-===================================================================
---- glibc-2.33.orig/nss/Makefile
-+++ glibc-2.33/nss/Makefile
-@@ -63,6 +63,7 @@ tests = test-netdb test-digits-dots ts
- xtests = bug-erange
-
- tests-container = \
-+ tst-nss-compat1 \
- tst-nss-test3 \
- tst-nss-files-hosts-long \
- tst-nss-db-endpwent \
-Index: glibc-2.33/nss/Versions
-===================================================================
---- glibc-2.33.orig/nss/Versions
-+++ glibc-2.33/nss/Versions
-@@ -17,7 +17,7 @@ libc {
-
- __nss_passwd_lookup2; __nss_group_lookup2; __nss_hosts_lookup2;
- __nss_services_lookup2; __nss_next2; __nss_lookup;
-- __nss_hash; __nss_database_lookup2;
-+ __nss_hash; __nss_database_get;
- __nss_files_fopen; __nss_readline; __nss_parse_line_result;
- }
- }
-Index: glibc-2.33/nss/XXX-lookup.c
-===================================================================
---- glibc-2.33.orig/nss/XXX-lookup.c
-+++ glibc-2.33/nss/XXX-lookup.c
-@@ -37,27 +37,20 @@
- #define CONCAT3_1(Pre, Name, Post) CONCAT3_2 (Pre, Name, Post)
- #define CONCAT3_2(Pre, Name, Post) Pre##Name##Post
-
-+#define DATABASE_NAME_ID CONCAT2_1 (nss_database_, DATABASE_NAME)
-+#define CONCAT2_1(Pre, Name) CONCAT2_2 (Pre, Name)
-+#define CONCAT2_2(Pre, Name) Pre##Name
-+
- #define DATABASE_NAME_SYMBOL CONCAT3_1 (__nss_, DATABASE_NAME, _database)
- #define DATABASE_NAME_STRING STRINGIFY1 (DATABASE_NAME)
- #define STRINGIFY1(Name) STRINGIFY2 (Name)
- #define STRINGIFY2(Name) #Name
-
--#ifdef ALTERNATE_NAME
--#define ALTERNATE_NAME_STRING STRINGIFY1 (ALTERNATE_NAME)
--#else
--#define ALTERNATE_NAME_STRING NULL
--#endif
--
--#ifndef DEFAULT_CONFIG
--#define DEFAULT_CONFIG NULL
--#endif
--
- int
- DB_LOOKUP_FCT (nss_action_list *ni, const char *fct_name, const char *fct2_name,
- void **fctp)
- {
-- if (__nss_database_lookup2 (DATABASE_NAME_STRING, ALTERNATE_NAME_STRING,
-- DEFAULT_CONFIG, &DATABASE_NAME_SYMBOL) < 0)
-+ if (! __nss_database_get (DATABASE_NAME_ID, &DATABASE_NAME_SYMBOL))
- return -1;
-
- *ni = DATABASE_NAME_SYMBOL;
-Index: glibc-2.33/nss/databases.def
-===================================================================
---- glibc-2.33.orig/nss/databases.def
-+++ glibc-2.33/nss/databases.def
-@@ -23,17 +23,20 @@
- DEFINE_DATABASE (aliases)
- DEFINE_DATABASE (ethers)
- DEFINE_DATABASE (group)
-+DEFINE_DATABASE (group_compat)
- DEFINE_DATABASE (gshadow)
- DEFINE_DATABASE (hosts)
- DEFINE_DATABASE (initgroups)
- DEFINE_DATABASE (netgroup)
- DEFINE_DATABASE (networks)
- DEFINE_DATABASE (passwd)
-+DEFINE_DATABASE (passwd_compat)
- DEFINE_DATABASE (protocols)
- DEFINE_DATABASE (publickey)
- DEFINE_DATABASE (rpc)
- DEFINE_DATABASE (services)
- DEFINE_DATABASE (shadow)
-+DEFINE_DATABASE (shadow_compat)
-
- /*
- Local Variables:
-Index: glibc-2.33/nss/grp-lookup.c
-===================================================================
---- glibc-2.33.orig/nss/grp-lookup.c
-+++ glibc-2.33/nss/grp-lookup.c
-@@ -19,6 +19,5 @@
- #include
-
- #define DATABASE_NAME group
--#define DEFAULT_CONFIG "files"
-
- #include "XXX-lookup.c"
-Index: glibc-2.33/nss/hosts-lookup.c
-===================================================================
---- glibc-2.33.orig/nss/hosts-lookup.c
-+++ glibc-2.33/nss/hosts-lookup.c
-@@ -17,6 +17,5 @@
- . */
-
- #define DATABASE_NAME hosts
--#define DEFAULT_CONFIG "dns [!UNAVAIL=return] files"
-
- #include "XXX-lookup.c"
-Index: glibc-2.33/nss/key-lookup.c
-===================================================================
---- glibc-2.33.orig/nss/key-lookup.c
-+++ glibc-2.33/nss/key-lookup.c
-@@ -17,6 +17,5 @@
- . */
-
- #define DATABASE_NAME publickey
--#define DEFAULT_CONFIG "nis nisplus"
-
- #include "XXX-lookup.c"
-Index: glibc-2.33/nss/network-lookup.c
-===================================================================
---- glibc-2.33.orig/nss/network-lookup.c
-+++ glibc-2.33/nss/network-lookup.c
-@@ -17,6 +17,5 @@
- . */
-
- #define DATABASE_NAME networks
--#define DEFAULT_CONFIG "dns [!UNAVAIL=return] files"
-
- #include "XXX-lookup.c"
-Index: glibc-2.33/nss/nss_compat/compat-grp.c
-===================================================================
---- glibc-2.33.orig/nss/nss_compat/compat-grp.c
-+++ glibc-2.33/nss/nss_compat/compat-grp.c
-@@ -81,7 +81,7 @@ static bool in_blacklist (const char *,
- static void
- init_nss_interface (void)
- {
-- if (__nss_database_lookup2 ("group_compat", NULL, "nis", &ni) >= 0)
-+ if (__nss_database_get (nss_database_group_compat, &ni))
- {
- setgrent_impl = __nss_lookup_function (ni, "setgrent");
- getgrnam_r_impl = __nss_lookup_function (ni, "getgrnam_r");
-Index: glibc-2.33/nss/nss_compat/compat-initgroups.c
-===================================================================
---- glibc-2.33.orig/nss/nss_compat/compat-initgroups.c
-+++ glibc-2.33/nss/nss_compat/compat-initgroups.c
-@@ -91,7 +91,7 @@ init_nss_interface (void)
-
- /* Retest. */
- if (ni == NULL
-- && __nss_database_lookup2 ("group_compat", NULL, "nis", &ni) >= 0)
-+ && __nss_database_get (nss_database_group_compat, &ni))
- {
- initgroups_dyn_impl = __nss_lookup_function (ni, "initgroups_dyn");
- getgrnam_r_impl = __nss_lookup_function (ni, "getgrnam_r");
-Index: glibc-2.33/nss/nss_compat/compat-pwd.c
-===================================================================
---- glibc-2.33.orig/nss/nss_compat/compat-pwd.c
-+++ glibc-2.33/nss/nss_compat/compat-pwd.c
-@@ -91,7 +91,7 @@ static bool in_blacklist (const char *,
- static void
- init_nss_interface (void)
- {
-- if (__nss_database_lookup2 ("passwd_compat", NULL, "nis", &ni) >= 0)
-+ if (__nss_database_get (nss_database_passwd_compat, &ni))
- {
- setpwent_impl = __nss_lookup_function (ni, "setpwent");
- getpwnam_r_impl = __nss_lookup_function (ni, "getpwnam_r");
-Index: glibc-2.33/nss/nss_compat/compat-spwd.c
-===================================================================
---- glibc-2.33.orig/nss/nss_compat/compat-spwd.c
-+++ glibc-2.33/nss/nss_compat/compat-spwd.c
-@@ -88,8 +88,7 @@ static bool in_blacklist (const char *,
- static void
- init_nss_interface (void)
- {
-- if (__nss_database_lookup2 ("shadow_compat", "passwd_compat",
-- "nis", &ni) >= 0)
-+ if (__nss_database_get (nss_database_shadow_compat, &ni))
- {
- setspent_impl = __nss_lookup_function (ni, "setspent");
- getspnam_r_impl = __nss_lookup_function (ni, "getspnam_r");
-Index: glibc-2.33/nss/nss_database.c
-===================================================================
---- glibc-2.33.orig/nss/nss_database.c
-+++ glibc-2.33/nss/nss_database.c
-@@ -93,13 +93,16 @@ enum nss_database_default
- static const char per_database_defaults[NSS_DATABASE_COUNT] =
- {
- [nss_database_group] = nss_database_default_compat,
-+ [nss_database_group_compat] = nss_database_default_nis,
- [nss_database_gshadow] = nss_database_default_files,
- [nss_database_hosts] = nss_database_default_dns,
- [nss_database_initgroups] = nss_database_default_none,
- [nss_database_networks] = nss_database_default_dns,
- [nss_database_passwd] = nss_database_default_compat,
-+ [nss_database_passwd_compat] = nss_database_default_nis,
- [nss_database_publickey] = nss_database_default_nis_nisplus,
- [nss_database_shadow] = nss_database_default_compat,
-+ [nss_database_shadow_compat] = nss_database_default_nis,
- };
-
- struct nss_database_default_cache
-@@ -166,13 +169,12 @@ nss_database_select_default (struct nss_
- assert (errno == ENOMEM);
- return false;
- }
-- else
-- return true;
-+ return true;
- }
-
- /* database_name must be large enough for each individual name plus a
- null terminator. */
--typedef char database_name[11];
-+typedef char database_name[14];
- #define DEFINE_DATABASE(name) \
- _Static_assert (sizeof (#name) <= sizeof (database_name), #name);
- #include "databases.def"
-@@ -325,14 +327,43 @@ nss_database_reload (struct nss_database
- /* No other threads have access to fp. */
- __fsetlocking (fp, FSETLOCKING_BYCALLER);
-
-+ /* We start with all of *staging pointing to NULL. */
-+
- bool ok = true;
- if (fp != NULL)
- ok = nss_database_reload_1 (staging, fp);
-
-+ /* Now we have non-NULL entries where the user explictly listed the
-+ service in nsswitch.conf. */
-+
- /* Apply defaults. */
- if (ok)
- {
- struct nss_database_default_cache cache = { };
-+
-+ /* These three default to other services if the user listed the
-+ other service. */
-+
-+ /* "shadow_compat" defaults to "passwd_compat" if only the
-+ latter is given. */
-+ if (staging->services[nss_database_shadow_compat] == NULL)
-+ staging->services[nss_database_shadow_compat] =
-+ staging->services[nss_database_passwd_compat];
-+
-+ /* "shadow" defaults to "passwd" if only the latter is
-+ given. */
-+ if (staging->services[nss_database_shadow] == NULL)
-+ staging->services[nss_database_shadow] =
-+ staging->services[nss_database_passwd];
-+
-+ /* "gshadow" defaults to "group" if only the latter is
-+ given. */
-+ if (staging->services[nss_database_gshadow] == NULL)
-+ staging->services[nss_database_gshadow] =
-+ staging->services[nss_database_group];
-+
-+ /* For anything still unspecified, load the default configs. */
-+
- for (int i = 0; i < NSS_DATABASE_COUNT; ++i)
- if (staging->services[i] == NULL)
- {
-@@ -442,6 +473,7 @@ __nss_database_get (enum nss_database db
- struct nss_database_state *local = nss_database_state_get ();
- return nss_database_check_reload_and_get (local, actions, db);
- }
-+libc_hidden_def (__nss_database_get)
-
- nss_action_list
- __nss_database_get_noreload (enum nss_database db)
-Index: glibc-2.33/nss/nss_database.h
-===================================================================
---- glibc-2.33.orig/nss/nss_database.h
-+++ glibc-2.33/nss/nss_database.h
-@@ -52,12 +52,11 @@ enum nss_database
- NSS_DATABASE_COUNT
- };
-
--
- /* Looks up the action list for DB and stores it in *ACTIONS. Returns
- true on success or false on failure. Success can mean that
- *ACTIONS is NULL. */
--bool __nss_database_get (enum nss_database db, nss_action_list *actions)
-- attribute_hidden;
-+bool __nss_database_get (enum nss_database db, nss_action_list *actions);
-+libc_hidden_proto (__nss_database_get)
-
- /* Like __nss_database_get, but does not reload /etc/nsswitch.conf
- from disk. This assumes that there has been a previous successful
-Index: glibc-2.33/nss/nss_module.c
-===================================================================
---- glibc-2.33.orig/nss/nss_module.c
-+++ glibc-2.33/nss/nss_module.c
-@@ -31,14 +31,6 @@
- #include
- #include
-
--#ifdef LINK_OBSOLETE_NSL
--# define DEFAULT_CONFIG "compat [NOTFOUND=return] files"
--# define DEFAULT_DEFCONFIG "nis [NOTFOUND=return] files"
--#else
--# define DEFAULT_CONFIG "files"
--# define DEFAULT_DEFCONFIG "files"
--#endif
--
- /* Suffix after .so of NSS service modules. This is a bit of magic,
- but we assume LIBNSS_FILES_SO looks like "libnss_files.so.2" and we
- want a pointer to the ".2" part. We have no API to extract this
-@@ -292,11 +284,11 @@ __nss_module_get_function (struct nss_mo
- #if defined SHARED && defined USE_NSCD
- /* Load all libraries for the service. */
- static void
--nss_load_all_libraries (const char *service, const char *def)
-+nss_load_all_libraries (enum nss_database service)
- {
- nss_action_list ni = NULL;
-
-- if (__nss_database_lookup2 (service, NULL, def, &ni) == 0)
-+ if (__nss_database_get (service, &ni))
- while (ni->module != NULL)
- {
- __nss_module_load (ni->module);
-@@ -323,10 +315,10 @@ __nss_disable_nscd (void (*cb) (size_t,
- is_nscd = true;
-
- /* Find all the relevant modules so that the init functions are called. */
-- nss_load_all_libraries ("passwd", DEFAULT_CONFIG);
-- nss_load_all_libraries ("group", DEFAULT_CONFIG);
-- nss_load_all_libraries ("hosts", "dns [!UNAVAIL=return] files");
-- nss_load_all_libraries ("services", NULL);
-+ nss_load_all_libraries (nss_database_passwd);
-+ nss_load_all_libraries (nss_database_group);
-+ nss_load_all_libraries (nss_database_hosts);
-+ nss_load_all_libraries (nss_database_services);
-
- /* Make sure NSCD purges its cache if nsswitch.conf changes. */
- init_traced_file (&pwd_traced_file.file, _PATH_NSSWITCH_CONF, 0);
-Index: glibc-2.33/nss/nss_test.h
-===================================================================
---- glibc-2.33.orig/nss/nss_test.h
-+++ glibc-2.33/nss/nss_test.h
-@@ -33,11 +33,13 @@
-
- #include
- #include
-+#include
- #include
-
- typedef struct test_tables {
- struct passwd *pwd_table;
- struct group *grp_table;
-+ struct spwd *spwd_table;
- struct hostent *host_table;
- } test_tables;
-
-@@ -46,10 +48,12 @@ extern void _nss_test2_init_hook (test_t
-
- #define PWD_LAST() { .pw_name = NULL, .pw_uid = 0 }
- #define GRP_LAST() { .gr_name = NULL, .gr_gid = 0 }
-+#define SPWD_LAST() { .sp_namp = NULL, .sp_pwdp = NULL }
- #define HOST_LAST() { .h_name = NULL, .h_aliases = NULL, .h_length = 0, .h_addr_list = NULL }
-
- #define PWD_ISLAST(p) ((p)->pw_name == NULL && (p)->pw_uid == 0)
- #define GRP_ISLAST(g) ((g)->gr_name == NULL && (g)->gr_gid == 0)
-+#define SPWD_ISLAST(s) ((s)->sp_namp == NULL && (s)->sp_pwdp == 0)
- #define HOST_ISLAST(h) ((h)->h_name == NULL && (h)->h_length == 0)
-
- /* Macros to fill in the tables easily. */
-@@ -76,6 +80,9 @@ extern void _nss_test2_init_hook (test_t
- { .gr_name = (char *) n, .gr_passwd = (char *) "*", .gr_gid = u, \
- .gr_mem = (char **) m }
-
-+#define SPWD(u) \
-+ { .sp_namp = (char *) "name" #u, .sp_pwdp = (char *) "passwd" #u }
-+
- #define HOST(u) \
- { .h_name = (char *) "name" #u, .h_aliases = NULL, .h_addrtype = u, \
- .h_length = 4, \
-Index: glibc-2.33/nss/nss_test1.c
-===================================================================
---- glibc-2.33.orig/nss/nss_test1.c
-+++ glibc-2.33/nss/nss_test1.c
-@@ -66,6 +66,9 @@ static int npwd_data = default_npwd_data
- static struct group *grp_data = NULL;
- static int ngrp_data = 0;
-
-+static struct spwd *spwd_data = NULL;
-+static int nspwd_data = 0;
-+
- static struct hostent *host_data = NULL;
- static int nhost_data = 0;
-
-@@ -102,6 +105,13 @@ init(void)
- ;
- ngrp_data = i;
- }
-+ if (t.spwd_table)
-+ {
-+ spwd_data = t.spwd_table;
-+ for (i=0; ! SPWD_ISLAST(& spwd_data[i]); i++)
-+ ;
-+ nspwd_data = i;
-+ }
- if (t.host_table)
- {
- host_data = t.host_table;
-@@ -322,6 +332,89 @@ NAME(getgrnam_r) (const char *name, stru
-
- return NSS_STATUS_NOTFOUND;
- }
-+
-+/* -------------------------------------------------- */
-+/* Shadow password handling. */
-+
-+static size_t spwd_iter;
-+#define CURSPWD spwd_data[spwd_iter]
-+
-+static pthread_mutex_t spwd_lock = PTHREAD_MUTEX_INITIALIZER;
-+
-+enum nss_status
-+NAME(setspent) (int stayopen)
-+{
-+ init();
-+ spwd_iter = 0;
-+ return NSS_STATUS_SUCCESS;
-+}
-+
-+
-+enum nss_status
-+NAME(endspwent) (void)
-+{
-+ init();
-+ return NSS_STATUS_SUCCESS;
-+}
-+
-+static enum nss_status
-+copy_shadow (struct spwd *result, struct spwd *local,
-+ char *buffer, size_t buflen, int *errnop)
-+{
-+ struct alloc_buffer buf = alloc_buffer_create (buffer, buflen);
-+
-+ result->sp_namp = alloc_buffer_maybe_copy_string (&buf, local->sp_namp);
-+ result->sp_pwdp = alloc_buffer_maybe_copy_string (&buf, local->sp_pwdp);
-+ result->sp_lstchg = local->sp_lstchg;
-+ result->sp_min = local->sp_min;
-+ result->sp_max = local->sp_max;
-+ result->sp_warn = local->sp_warn;
-+ result->sp_inact = local->sp_inact;
-+ result->sp_expire = local->sp_expire;
-+ result->sp_flag = local->sp_flag;
-+
-+ if (alloc_buffer_has_failed (&buf))
-+ {
-+ *errnop = ERANGE;
-+ return NSS_STATUS_TRYAGAIN;
-+ }
-+
-+ return NSS_STATUS_SUCCESS;
-+}
-+
-+enum nss_status
-+NAME(getspent_r) (struct spwd *result, char *buffer, size_t buflen,
-+ int *errnop)
-+{
-+ int res = NSS_STATUS_SUCCESS;
-+
-+ init();
-+ pthread_mutex_lock (&spwd_lock);
-+
-+ if (spwd_iter >= nspwd_data)
-+ res = NSS_STATUS_NOTFOUND;
-+ else
-+ {
-+ res = copy_shadow (result, &CURSPWD, buffer, buflen, errnop);
-+ ++spwd_iter;
-+ }
-+
-+ pthread_mutex_unlock (&spwd_lock);
-+
-+ return res;
-+}
-+
-+enum nss_status
-+NAME(getspnam_r) (const char *name, struct spwd *result, char *buffer,
-+ size_t buflen, int *errnop)
-+{
-+ init();
-+ for (size_t idx = 0; idx < nspwd_data; ++idx)
-+ if (strcmp (spwd_data[idx].sp_namp, name) == 0)
-+ return copy_shadow (result, &spwd_data[idx], buffer, buflen, errnop);
-+
-+ return NSS_STATUS_NOTFOUND;
-+}
-
- /* -------------------------------------------------- */
- /* Host handling. */
-Index: glibc-2.33/nss/nsswitch.c
-===================================================================
---- glibc-2.33.orig/nss/nsswitch.c
-+++ glibc-2.33/nss/nsswitch.c
-@@ -51,53 +51,13 @@
- #undef DEFINE_DATABASE
-
-
--#undef DEFINE_DATABASE
--#define DEFINE_DATABASE(name) #name,
--static const char * database_names[] = {
--#include "databases.def"
-- NULL
--};
--
- #ifdef USE_NSCD
- /* Flags whether custom rules for database is set. */
- bool __nss_database_custom[NSS_DBSIDX_max];
- #endif
-
--
- /*__libc_lock_define_initialized (static, lock)*/
-
--/* -1 == database not found
-- 0 == database entry pointer stored */
--int
--__nss_database_lookup2 (const char *database, const char *alternate_name,
-- const char *defconfig, nss_action_list *ni)
--{
-- int database_id;
--
-- for (database_id = 0; database_names[database_id]; database_id++)
-- if (strcmp (database_names[database_id], database) == 0)
-- break;
--
-- if (database_names[database_id] == NULL)
-- return -1;
--
-- /* If *NI is NULL, the database was not mentioned in nsswitch.conf.
-- If *NI is not NULL, but *NI->module is NULL, the database was in
-- nsswitch.conf but listed no actions. We test for the former. */
-- if (__nss_database_get (database_id, ni) && *ni != NULL)
-- {
-- /* Success. */
-- return 0;
-- }
-- else
-- {
-- /* Failure. */
-- return -1;
-- }
--}
--libc_hidden_def (__nss_database_lookup2)
--
--
- /* -1 == not found
- 0 == function found
- 1 == finished */
-Index: glibc-2.33/nss/nsswitch.h
-===================================================================
---- glibc-2.33.orig/nss/nsswitch.h
-+++ glibc-2.33/nss/nsswitch.h
-@@ -88,15 +88,6 @@ extern bool __nss_database_custom[NSS_DB
-
- /* Interface functions for NSS. */
-
--/* Get the data structure representing the specified database.
-- If there is no configuration for this database in the file,
-- parse a service list from DEFCONFIG and use that. More
-- than one function can use the database. */
--extern int __nss_database_lookup2 (const char *database,
-- const char *alternative_name,
-- const char *defconfig, struct nss_action **ni);
--libc_hidden_proto (__nss_database_lookup2)
--
- /* Put first function with name FCT_NAME for SERVICE in FCTP. The
- position is remembered in NI. The function returns a value < 0 if
- an error occurred or no such function exists. */
-Index: glibc-2.33/nss/pwd-lookup.c
-===================================================================
---- glibc-2.33.orig/nss/pwd-lookup.c
-+++ glibc-2.33/nss/pwd-lookup.c
-@@ -19,6 +19,5 @@
- #include
-
- #define DATABASE_NAME passwd
--#define DEFAULT_CONFIG "files"
-
- #include "XXX-lookup.c"
-Index: glibc-2.33/nss/sgrp-lookup.c
-===================================================================
---- glibc-2.33.orig/nss/sgrp-lookup.c
-+++ glibc-2.33/nss/sgrp-lookup.c
-@@ -17,7 +17,5 @@
- . */
-
- #define DATABASE_NAME gshadow
--#define ALTERNATE_NAME group
--#define DEFAULT_CONFIG "files"
-
- #include "XXX-lookup.c"
-Index: glibc-2.33/nss/spwd-lookup.c
-===================================================================
---- glibc-2.33.orig/nss/spwd-lookup.c
-+++ glibc-2.33/nss/spwd-lookup.c
-@@ -19,7 +19,5 @@
- #include
-
- #define DATABASE_NAME shadow
--#define ALTERNATE_NAME passwd
--#define DEFAULT_CONFIG "files"
-
- #include "XXX-lookup.c"
-Index: glibc-2.33/nss/tst-nss-compat1.c
-===================================================================
---- /dev/null
-+++ glibc-2.33/nss/tst-nss-compat1.c
-@@ -0,0 +1,81 @@
-+/* Test error checking for group entries.
-+ Copyright (C) 2021 Free Software Foundation, Inc.
-+ This file is part of the GNU C Library.
-+
-+ The GNU C Library is free software; you can redistribute it and/or
-+ modify it under the terms of the GNU Lesser General Public
-+ License as published by the Free Software Foundation; either
-+ version 2.1 of the License, or (at your option) any later version.
-+
-+ The GNU C Library is distributed in the hope that it will be useful,
-+ but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-+ Lesser General Public License for more details.
-+
-+ You should have received a copy of the GNU Lesser General Public
-+ License along with the GNU C Library; if not, see
-+ . */
-+
-+#include
-+#include
-+#include
-+#include
-+
-+#include
-+
-+#include
-+#include
-+
-+#include "nss_test.h"
-+
-+static struct passwd pwd_table[] = {
-+ PWD (100),
-+ PWD (30),
-+ PWD_LAST ()
-+ };
-+
-+static struct spwd spwd_table[] = {
-+ SPWD (100),
-+ SPWD (30),
-+ SPWD_LAST ()
-+ };
-+
-+void
-+_nss_test1_init_hook(test_tables *t)
-+{
-+ t->pwd_table = pwd_table;
-+ t->spwd_table = spwd_table;
-+}
-+
-+static int
-+do_test (void)
-+{
-+ struct passwd *p = NULL;
-+ struct spwd *s = NULL;
-+ struct group *g = NULL;
-+
-+ /* Test that compat-to-test works. */
-+ p = getpwuid (100);
-+ if (p == NULL)
-+ FAIL_EXIT1("getpwuid-compat-test1 p");
-+ else if (strcmp (p->pw_name, "name100") != 0)
-+ FAIL_EXIT1("getpwuid-compat-test1 name100");
-+
-+ /* Shadow compat should use passwd via the alternate name. */
-+ s = getspnam ("name30");
-+ if (s == NULL)
-+ FAIL_EXIT1("getspnam-compat-test1 s");
-+ else if (strcmp (s->sp_namp, "name30") != 0)
-+ FAIL_EXIT1("getpwuid-compat-test1 name30");
-+
-+ /* Test that internal defconfig works. */
-+ g = getgrgid (100);
-+ if (g == NULL)
-+ FAIL_EXIT1("getgrgid-compat-null");
-+ if (strcmp (g->gr_name, "wilma") != 0)
-+ FAIL_EXIT1("getgrgid-compat-name");
-+
-+ return 0;
-+}
-+
-+#include
-Index: glibc-2.33/nss/tst-nss-compat1.root/etc/group
-===================================================================
---- /dev/null
-+++ glibc-2.33/nss/tst-nss-compat1.root/etc/group
-@@ -0,0 +1 @@
-+wilma:x:100:
-Index: glibc-2.33/nss/tst-nss-compat1.root/etc/nsswitch.conf
-===================================================================
---- /dev/null
-+++ glibc-2.33/nss/tst-nss-compat1.root/etc/nsswitch.conf
-@@ -0,0 +1,3 @@
-+passwd : compat
-+passwd_compat : test1
-+
-Index: glibc-2.33/nss/tst-nss-compat1.root/etc/passwd
-===================================================================
---- /dev/null
-+++ glibc-2.33/nss/tst-nss-compat1.root/etc/passwd
-@@ -0,0 +1,3 @@
-+name5:x:5:555:name5 for testing:/home/name5:/bin/nologin
-++name100
-++name30
-Index: glibc-2.33/nss/tst-nss-compat1.root/etc/shadow
-===================================================================
---- /dev/null
-+++ glibc-2.33/nss/tst-nss-compat1.root/etc/shadow
-@@ -0,0 +1,2 @@
-++name100
-++name30
-Index: glibc-2.33/nss/tst-nss-compat1.root/tst-nss-compat1.script
-===================================================================
---- /dev/null
-+++ glibc-2.33/nss/tst-nss-compat1.root/tst-nss-compat1.script
-@@ -0,0 +1 @@
-+cp $B/nss/libnss_test1.so $L/libnss_test1.so.2
-Index: glibc-2.33/sysdeps/posix/getaddrinfo.c
-===================================================================
---- glibc-2.33.orig/sysdeps/posix/getaddrinfo.c
-+++ glibc-2.33/sysdeps/posix/getaddrinfo.c
-@@ -720,9 +720,7 @@ gaih_inet (const char *name, const struc
- }
- #endif
-
-- no_more = __nss_database_lookup2 ("hosts", NULL,
-- "dns [!UNAVAIL=return] files",
-- &nip);
-+ no_more = !__nss_database_get (nss_database_hosts, &nip);
-
- /* If we are looking for both IPv4 and IPv6 address we don't
- want the lookup functions to automatically promote IPv4
diff --git a/nss-load-chroot.patch b/nss-load-chroot.patch
deleted file mode 100644
index e9a5d3e..0000000
--- a/nss-load-chroot.patch
+++ /dev/null
@@ -1,172 +0,0 @@
-From 3e880d733753183696d1a81c34caef3a9add2b0c Mon Sep 17 00:00:00 2001
-From: DJ Delorie
-Date: Thu, 18 Feb 2021 15:26:30 -0500
-Subject: [PATCH] nss: Re-enable NSS module loading after chroot [BZ #27389]
-
-The glibc 2.33 release enabled /etc/nsswitch.conf reloading,
-and to prevent potential security issues like CVE-2019-14271
-the re-loading of nsswitch.conf and all mdoules was disabled
-when the root filesystem changes (see bug 27077).
-
-Unfortunately php-lpfm and openldap both require the ability
-to continue to load NSS modules after chroot. The packages
-do not exec after the chroot, and so do not cause the
-protections to be reset. The only solution is to re-enable
-only NSS module loading (not nsswitch.conf reloading) and so
-get back the previous glibc behaviour.
-
-In the future we may introduce a way to harden applications
-so they do not reload NSS modules once the root filesystem
-changes, or that only files/dns are available pre-loaded
-(or builtin).
-
-Reviewed-by: Carlos O'Donell
-(cherry picked from commit 58673149f37389495c098421085ffdb468b3f7ad)
----
- nss/nss_database.c | 1 -
- nss/tst-reload2.c | 35 +++++++++++++++----
- nss/tst-reload2.root/etc/hosts | 1 +
- nss/tst-reload2.root/etc/nsswitch.conf | 1 +
- nss/tst-reload2.root/subdir/etc/hosts | 1 +
- nss/tst-reload2.root/subdir/etc/nsswitch.conf | 1 +
- 6 files changed, 32 insertions(+), 8 deletions(-)
- create mode 100644 nss/tst-reload2.root/etc/hosts
- create mode 100644 nss/tst-reload2.root/subdir/etc/hosts
-
-Index: glibc-2.33/nss/nss_database.c
-===================================================================
---- glibc-2.33.orig/nss/nss_database.c
-+++ glibc-2.33/nss/nss_database.c
-@@ -404,7 +404,6 @@ nss_database_check_reload_and_get (struc
- atomic_store_release (&local->data.reload_disabled, 1);
- *result = local->data.services[database_index];
- __libc_lock_unlock (local->lock);
-- __nss_module_disable_loading ();
- return true;
- }
- local->root_ino = str.st_ino;
-Index: glibc-2.33/nss/tst-reload2.c
-===================================================================
---- glibc-2.33.orig/nss/tst-reload2.c
-+++ glibc-2.33/nss/tst-reload2.c
-@@ -26,6 +26,7 @@
- #include
- #include
- #include
-+#include
-
- #include
- #include
-@@ -48,7 +49,7 @@ static const char *group_4[] = {
- "alpha", "beta", "gamma", "fred", NULL
- };
-
--static struct group group_table_data[] =
-+static struct group group_table_data1[] =
- {
- GRP (4),
- GRP_LAST ()
-@@ -58,7 +59,7 @@ void
- _nss_test1_init_hook (test_tables *t)
- {
- t->pwd_table = pwd_table1;
-- t->grp_table = group_table_data;
-+ t->grp_table = group_table_data1;
- }
-
- static struct passwd pwd_table2[] =
-@@ -68,10 +69,21 @@ static struct passwd pwd_table2[] =
- PWD_LAST ()
- };
-
-+static const char *group_5[] = {
-+ "fred", NULL
-+};
-+
-+static struct group group_table_data2[] =
-+ {
-+ GRP (5),
-+ GRP_LAST ()
-+ };
-+
- void
- _nss_test2_init_hook (test_tables *t)
- {
- t->pwd_table = pwd_table2;
-+ t->grp_table = group_table_data2;
- }
-
- static int
-@@ -79,6 +91,7 @@ do_test (void)
- {
- struct passwd *pw;
- struct group *gr;
-+ struct hostent *he;
- char buf1[PATH_MAX];
- char buf2[PATH_MAX];
-
-@@ -99,7 +112,9 @@ do_test (void)
- TEST_COMPARE (pw->pw_uid, 1234);
-
- /* This just loads the test2 DSO. */
-- gr = getgrnam ("name4");
-+ gr = getgrgid (5);
-+ TEST_VERIFY (gr != NULL);
-+
-
- /* Change the root dir. */
-
-@@ -114,15 +129,21 @@ do_test (void)
- if (pw)
- TEST_VERIFY (pw->pw_uid != 2468);
-
-- /* The "files" DSO should not be loaded. */
-- gr = getgrnam ("test3");
-- TEST_VERIFY (gr == NULL);
--
- /* We should still be using the old configuration. */
- pw = getpwnam ("test1");
- TEST_VERIFY (pw != NULL);
- if (pw)
- TEST_COMPARE (pw->pw_uid, 1234);
-+ gr = getgrgid (5);
-+ TEST_VERIFY (gr != NULL);
-+ gr = getgrnam ("name4");
-+ TEST_VERIFY (gr == NULL);
-+
-+ /* hosts in the outer nsswitch is files; the inner one is test1.
-+ Verify that we're still using the outer nsswitch *and* that we
-+ can load the files DSO. */
-+ he = gethostbyname ("test2");
-+ TEST_VERIFY (he != NULL);
-
- return 0;
- }
-Index: glibc-2.33/nss/tst-reload2.root/etc/hosts
-===================================================================
---- /dev/null
-+++ glibc-2.33/nss/tst-reload2.root/etc/hosts
-@@ -0,0 +1 @@
-+1.2.3.4 test1
-Index: glibc-2.33/nss/tst-reload2.root/etc/nsswitch.conf
-===================================================================
---- glibc-2.33.orig/nss/tst-reload2.root/etc/nsswitch.conf
-+++ glibc-2.33/nss/tst-reload2.root/etc/nsswitch.conf
-@@ -1,2 +1,3 @@
- passwd: test1
- group: test2
-+hosts: files
-Index: glibc-2.33/nss/tst-reload2.root/subdir/etc/hosts
-===================================================================
---- /dev/null
-+++ glibc-2.33/nss/tst-reload2.root/subdir/etc/hosts
-@@ -0,0 +1 @@
-+1.2.3.4 test2
-Index: glibc-2.33/nss/tst-reload2.root/subdir/etc/nsswitch.conf
-===================================================================
---- glibc-2.33.orig/nss/tst-reload2.root/subdir/etc/nsswitch.conf
-+++ glibc-2.33/nss/tst-reload2.root/subdir/etc/nsswitch.conf
-@@ -1,2 +1,3 @@
- passwd: test2
- group: files
-+hosts: test1
diff --git a/rawmemchr-warning.patch b/rawmemchr-warning.patch
deleted file mode 100644
index c57bd28..0000000
--- a/rawmemchr-warning.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-From 044e603b698093cf48f6e6229e0b66acf05227e4 Mon Sep 17 00:00:00 2001
-From: Florian Weimer
-Date: Fri, 19 Feb 2021 13:29:00 +0100
-Subject: [PATCH] string: Work around GCC PR 98512 in rawmemchr
-
----
- string/rawmemchr.c | 26 +++++++++++++++-----------
- 1 file changed, 15 insertions(+), 11 deletions(-)
-
-diff --git a/string/rawmemchr.c b/string/rawmemchr.c
-index 59bbeeaa42..b8523118e5 100644
---- a/string/rawmemchr.c
-+++ b/string/rawmemchr.c
-@@ -22,24 +22,28 @@
- # define RAWMEMCHR __rawmemchr
- #endif
-
--/* Find the first occurrence of C in S. */
--void *
--RAWMEMCHR (const void *s, int c)
--{
-- DIAG_PUSH_NEEDS_COMMENT;
-+/* The pragmata should be nested inside RAWMEMCHR below, but that
-+ triggers GCC PR 98512. */
-+DIAG_PUSH_NEEDS_COMMENT;
- #if __GNUC_PREREQ (7, 0)
-- /* GCC 8 warns about the size passed to memchr being larger than
-- PTRDIFF_MAX; the use of SIZE_MAX is deliberate here. */
-- DIAG_IGNORE_NEEDS_COMMENT (8, "-Wstringop-overflow=");
-+/* GCC 8 warns about the size passed to memchr being larger than
-+ PTRDIFF_MAX; the use of SIZE_MAX is deliberate here. */
-+DIAG_IGNORE_NEEDS_COMMENT (8, "-Wstringop-overflow=");
- #endif
- #if __GNUC_PREREQ (11, 0)
-- /* Likewise GCC 11, with a different warning option. */
-- DIAG_IGNORE_NEEDS_COMMENT (11, "-Wstringop-overread");
-+/* Likewise GCC 11, with a different warning option. */
-+DIAG_IGNORE_NEEDS_COMMENT (11, "-Wstringop-overread");
- #endif
-+
-+/* Find the first occurrence of C in S. */
-+void *
-+RAWMEMCHR (const void *s, int c)
-+{
- if (c != '\0')
- return memchr (s, c, (size_t)-1);
-- DIAG_POP_NEEDS_COMMENT;
- return (char *)s + strlen (s);
- }
- libc_hidden_def (__rawmemchr)
- weak_alias (__rawmemchr, rawmemchr)
-+
-+DIAG_POP_NEEDS_COMMENT;
---
-2.31.1
-
diff --git a/select-modify-timeout.patch b/select-modify-timeout.patch
deleted file mode 100644
index 731d7df..0000000
--- a/select-modify-timeout.patch
+++ /dev/null
@@ -1,154 +0,0 @@
-From cedbf6d5f3f70ca911176de87d6e453eeab4b7a1 Mon Sep 17 00:00:00 2001
-From: Adhemerval Zanella
-Date: Thu, 8 Apr 2021 07:39:32 -0300
-Subject: [PATCH] linux: always update select timeout (BZ #27706)
-
-The timeout should be updated even on failure for time64 support.
-
-Checked on i686-linux-gnu.
-
-From 9d7c5cc38e58fb0923e88901f87174a511b61552 Mon Sep 17 00:00:00 2001
-From: Adhemerval Zanella
-Date: Wed, 31 Mar 2021 13:53:34 -0300
-Subject: [PATCH] linux: Normalize and return timeout on select (BZ #27651)
-
-The commit 2433d39b697, which added time64 support to select, changed
-the function to use __NR_pselect6 (or __NR_pelect6_time64) on all
-architectures. However, on architectures where the symbol was
-implemented with __NR_select the kernel normalizes the passed timeout
-instead of return EINVAL. For instance, the input timeval
-{ 0, 5000000 } is interpreted as { 5, 0 }.
-
-And as indicated by BZ #27651, this semantic seems to be expected
-and changing it results in some performance issues (most likely
-the program does not check the return code and keeps issuing
-select with unormalized tv_usec argument).
-
-To avoid a different semantic depending whether which syscall the
-architecture used to issue, select now always normalize the timeout
-input. This is a slight change for some ABIs (for instance aarch64).
-
-Checked on x86_64-linux-gnu and i686-linux-gnu.
-
-Index: glibc-2.33/include/time.h
-===================================================================
---- glibc-2.33.orig/include/time.h
-+++ glibc-2.33/include/time.h
-@@ -502,6 +502,11 @@ time_now (void)
- __clock_gettime (TIME_CLOCK_GETTIME_CLOCKID, &ts);
- return ts.tv_sec;
- }
-+
-+#define NSEC_PER_SEC 1000000000L /* Nanoseconds per second. */
-+#define USEC_PER_SEC 1000000L /* Microseconds per second. */
-+#define NSEC_PER_USEC 1000L /* Nanoseconds per microsecond. */
-+
- #endif
-
- #endif
-Index: glibc-2.33/sunrpc/svcauth_des.c
-===================================================================
---- glibc-2.33.orig/sunrpc/svcauth_des.c
-+++ glibc-2.33/sunrpc/svcauth_des.c
-@@ -58,7 +58,6 @@
-
- #define debug(msg) /*printf("svcauth_des: %s\n", msg) */
-
--#define USEC_PER_SEC ((uint32_t) 1000000L)
- #define BEFORE(t1, t2) timercmp(t1, t2, <)
-
- /*
-Index: glibc-2.33/sysdeps/unix/sysv/linux/select.c
-===================================================================
---- glibc-2.33.orig/sysdeps/unix/sysv/linux/select.c
-+++ glibc-2.33/sysdeps/unix/sysv/linux/select.c
-@@ -33,13 +33,35 @@ int
- __select64 (int nfds, fd_set *readfds, fd_set *writefds, fd_set *exceptfds,
- struct __timeval64 *timeout)
- {
-- struct __timespec64 ts64, *pts64 = NULL;
-- if (timeout != NULL)
-+ __time64_t s = timeout != NULL ? timeout->tv_sec : 0;
-+ int32_t us = timeout != NULL ? timeout->tv_usec : 0;
-+ int32_t ns;
-+
-+ if (s < 0 || us < 0)
-+ return INLINE_SYSCALL_ERROR_RETURN_VALUE (EINVAL);
-+
-+ /* Normalize the timeout, as legacy Linux __NR_select and __NR__newselect.
-+ Different than syscall, it also handle possible overflow. */
-+ if (us / USEC_PER_SEC > INT64_MAX - s)
- {
-- ts64 = timeval64_to_timespec64 (*timeout);
-- pts64 = &ts64;
-+ s = INT64_MAX;
-+ ns = NSEC_PER_SEC - 1;
-+ }
-+ else
-+ {
-+ s += us / USEC_PER_SEC;
-+ us = us % USEC_PER_SEC;
-+ ns = us * NSEC_PER_USEC;
- }
-
-+ struct __timespec64 ts64, *pts64 = NULL;
-+ if (timeout != NULL)
-+ {
-+ ts64.tv_sec = s;
-+ ts64.tv_nsec = ns;
-+ pts64 = &ts64;
-+ }
-+
- #ifndef __NR_pselect6_time64
- # define __NR_pselect6_time64 __NR_pselect6
- #endif
-@@ -52,10 +74,10 @@ __select64 (int nfds, fd_set *readfds, f
- (though the pselect() glibc call suppresses this behavior).
- Since select() on Linux has the same behavior as the pselect6
- syscall, we update the timeout here. */
-- if (r == 0 || errno != ENOSYS)
-+ if (r >= 0 || errno != ENOSYS)
- {
- if (timeout != NULL)
-- TIMEVAL_TO_TIMESPEC (timeout, &ts64);
-+ TIMESPEC_TO_TIMEVAL (timeout, &ts64);
- return r;
- }
-
-@@ -64,14 +86,15 @@ __select64 (int nfds, fd_set *readfds, f
-
- #ifndef __ASSUME_TIME64_SYSCALLS
- struct timespec ts32, *pts32 = NULL;
-- if (timeout != NULL)
-+ if (pts64 != NULL)
- {
-- if (! in_time_t_range (timeout->tv_sec))
-+ if (! in_time_t_range (pts64->tv_sec))
- {
- __set_errno (EINVAL);
- return -1;
- }
-- ts32 = valid_timespec64_to_timespec (ts64);
-+ ts32.tv_sec = s;
-+ ts32.tv_nsec = ns;
- pts32 = &ts32;
- }
- # ifndef __ASSUME_PSELECT
-@@ -84,7 +107,7 @@ __select64 (int nfds, fd_set *readfds, f
- r = SYSCALL_CANCEL (pselect6, nfds, readfds, writefds, exceptfds, pts32,
- NULL);
- # endif
-- if (r >= 0 && timeout != NULL)
-+ if (timeout != NULL)
- *timeout = valid_timespec_to_timeval64 (ts32);
- #endif
-
-@@ -105,7 +128,7 @@ __select (int nfds, fd_set *readfds, fd_
- ptv64 = &tv64;
- }
- int r = __select64 (nfds, readfds, writefds, exceptfds, ptv64);
-- if (r >= 0 && timeout != NULL)
-+ if (timeout != NULL)
- /* The remanining timeout will be always less the input TIMEOUT. */
- *timeout = valid_timeval64_to_timeval (tv64);
- return r;
diff --git a/tst-cpu-features-amx.patch b/tst-cpu-features-amx.patch
deleted file mode 100644
index 3a8eab6..0000000
--- a/tst-cpu-features-amx.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 7fc9152e831fb24091c0ceabdcecb9b07dd29dd6 Mon Sep 17 00:00:00 2001
-From: "H.J. Lu"
-Date: Wed, 21 Apr 2021 18:40:08 -0700
-Subject: [PATCH] x86: tst-cpu-features-supports.c: Update AMX check
-
-Pass "amx-bf16", "amx-int8" and "amx-tile", instead of "amx_bf16",
-"amx_int8" and "amx_tile", to __builtin_cpu_supports for GCC 11.
----
- sysdeps/x86/tst-cpu-features-supports.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/sysdeps/x86/tst-cpu-features-supports.c b/sysdeps/x86/tst-cpu-features-supports.c
-index ce78a7d8bc..a2cabc90be 100644
---- a/sysdeps/x86/tst-cpu-features-supports.c
-+++ b/sysdeps/x86/tst-cpu-features-supports.c
-@@ -59,9 +59,9 @@ do_test (int argc, char **argv)
- fails += CHECK_SUPPORTS (aes, AES);
- #endif
- #if __GNUC_PREREQ (11, 1)
-- fails += CHECK_SUPPORTS (amx_bf16, AMX_BF16);
-- fails += CHECK_SUPPORTS (amx_int8, AMX_INT8);
-- fails += CHECK_SUPPORTS (amx_tile, AMX_TILE);
-+ fails += CHECK_SUPPORTS (amx-bf16, AMX_BF16);
-+ fails += CHECK_SUPPORTS (amx-int8, AMX_INT8);
-+ fails += CHECK_SUPPORTS (amx-tile, AMX_TILE);
- #endif
- fails += CHECK_SUPPORTS (avx, AVX);
- fails += CHECK_SUPPORTS (avx2, AVX2);
---
-2.31.1
-
diff --git a/x86-isa-level.patch b/x86-isa-level.patch
deleted file mode 100644
index 28eb9cb..0000000
--- a/x86-isa-level.patch
+++ /dev/null
@@ -1,183 +0,0 @@
-From ee9f98d9cac12e843ca59c6e4d4b225f58a66727 Mon Sep 17 00:00:00 2001
-From: "H.J. Lu"
-Date: Tue, 2 Feb 2021 13:45:58 -0800
-Subject: [PATCH] x86: Set minimum x86-64 level marker [BZ #27318]
-
-Since the full ISA set used in an ELF binary is unknown to compiler,
-an x86-64 ISA level marker indicates the minimum, not maximum, ISA set
-required to run such an ELF binary. We never guarantee a library with
-an x86-64 ISA level v3 marker doesn't contain other ISAs beyond x86-64
-ISA level v3, like AVX VNNI. We check the x86-64 ISA level marker for
-the minimum ISA set. Since -march=sandybridge enables only some ISAs
-in x86-64 ISA level v3, we should set the needed ISA marker to v2.
-Otherwise, libc is compiled with -march=sandybridge will fail to run on
-Sandy Bridge:
-
-$ ./elf/ld.so ./libc.so
-./libc.so: (p) CPU ISA level is lower than required: needed: 7; got: 3
-
-Set the minimum, instead of maximum, x86-64 ISA level marker should have
-no impact on the glibc-hwcaps directory assignment logic in ldconfig nor
-ld.so.
-
-(cherry picked from commit 339bf918ea4830fb35614632e96f3aab3237adce)
----
- config.h.in | 6 ++++++
- sysdeps/x86/configure | 28 ++++++++++++++++++++++++++++
- sysdeps/x86/configure.ac | 16 ++++++++++++++++
- sysdeps/x86/isa-level.c | 25 ++++++++++++++-----------
- 4 files changed, 64 insertions(+), 11 deletions(-)
-
-Index: glibc-2.33/config.h.in
-===================================================================
---- glibc-2.33.orig/config.h.in
-+++ glibc-2.33/config.h.in
-@@ -275,4 +275,10 @@
- /* Define if x86 ISA level should be included in shared libraries. */
- #undef INCLUDE_X86_ISA_LEVEL
-
-+/* Define if -msahf is enabled by default on x86. */
-+#undef HAVE_X86_LAHF_SAHF
-+
-+/* Define if -mmovbe is enabled by default on x86. */
-+#undef HAVE_X86_MOVBE
-+
- #endif
-Index: glibc-2.33/sysdeps/x86/configure
-===================================================================
---- glibc-2.33.orig/sysdeps/x86/configure
-+++ glibc-2.33/sysdeps/x86/configure
-@@ -126,6 +126,8 @@ cat > conftest2.S <&5
- (eval $ac_try) 2>&5
-@@ -135,6 +137,24 @@ if { ac_try='${CC-cc} $CFLAGS $CPPFLAGS
- count=`LC_ALL=C $READELF -n conftest | grep NT_GNU_PROPERTY_TYPE_0 | wc -l`
- if test "$count" = 1; then
- libc_cv_include_x86_isa_level=yes
-+ cat > conftest.c <&5
-+ (eval $ac_try) 2>&5
-+ ac_status=$?
-+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
-+ test $ac_status = 0; }; } | grep -q "\-msahf"; then
-+ libc_cv_have_x86_lahf_sahf=yes
-+ fi
-+ if { ac_try='${CC-cc} $CFLAGS $CPPFLAGS -fverbose-asm -S -o - conftest.c'
-+ { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5
-+ (eval $ac_try) 2>&5
-+ ac_status=$?
-+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
-+ test $ac_status = 0; }; } | grep -q "\-mmovbe"; then
-+ libc_cv_have_x86_movbe=yes
-+ fi
- fi
- fi
- rm -f conftest*
-@@ -145,5 +165,13 @@ if test $libc_cv_include_x86_isa_level =
- $as_echo "#define INCLUDE_X86_ISA_LEVEL 1" >>confdefs.h
-
- fi
-+if test $libc_cv_have_x86_lahf_sahf = yes; then
-+ $as_echo "#define HAVE_X86_LAHF_SAHF 1" >>confdefs.h
-+
-+fi
-+if test $libc_cv_have_x86_movbe = yes; then
-+ $as_echo "#define HAVE_X86_MOVBE 1" >>confdefs.h
-+
-+fi
- config_vars="$config_vars
- enable-x86-isa-level = $libc_cv_include_x86_isa_level"
-Index: glibc-2.33/sysdeps/x86/configure.ac
-===================================================================
---- glibc-2.33.orig/sysdeps/x86/configure.ac
-+++ glibc-2.33/sysdeps/x86/configure.ac
-@@ -98,14 +98,30 @@ cat > conftest2.S < conftest.c <