From 366ef06a7bdc50905132b38cdfdf05ed3ba3ed2d1f35d06f97e6f96a044f53d0 Mon Sep 17 00:00:00 2001 From: Dirk Mueller Date: Mon, 18 Sep 2023 09:08:56 +0000 Subject: [PATCH] - add glibc-io-Do-not-implement-fstat-with-fstatat.diff - add glibc-getaddrinfo-fix-use-after-free-in-getcanonname.patch (bsc#1215281, CVE-2023-4806) - Regenerate it also in the %post of glibc-local-base- But to create clearly defined bootstrap projects, it's essential - Recognize ppc64p7 arch to build for power7 - add ld-linux.so.3 compat symlink also for armv6hl - Do not order nscd after syslog.target * bugfixes - Update manpages from Debian, includes new man pages for - Use _target_cpu instead of _build and _host. This makes the - check-build.sh: accept kernel 3.x - more libm optimizations - Revert last change, it caused some breakage. [bnc#715854] for vsyscall which is not anymore in 3.1 kernel - Further cleanup of ld.so.conf to remove duplicate directories - Fix warning about potential array subscript out of bounds - Work around shortest-stem feature in make 3.82+ (patch - Update to glibc-2.10.1-e38af591a8 of glibc/pb-stable.git glibc-2.10-branch - only do obsoletes for XXbit packages on ppc, not on x86 * Fix sched_getcpu error path on x86-64. - nptl/init.c (sigcancel_handler): Compare with correct PID even - Don't terminate strings twice in nis/netgroup code. - Fix invalidating of nscd caches and getaddrinfo() - Update to current CVS: - Update to current CVS version and update to - Add fixes from CVS: - forward umount to umount2 on ppc64 because umount syscall - really fix linux/percpu.h to compile in userland - Update to kernel header files from 2.6.0-test7 OBS-URL: https://build.opensuse.org/package/show/Base:System/glibc?expand=0&rev=670 --- ...o-fix-use-after-free-in-getcanonname.patch | 337 ++++++++++++++++++ ...o-Do-not-implement-fstat-with-fstatat.diff | 137 +++++++ glibc.changes | 147 ++++---- glibc.spec | 7 + 4 files changed, 558 insertions(+), 70 deletions(-) create mode 100644 glibc-getaddrinfo-fix-use-after-free-in-getcanonname.patch create mode 100644 glibc-io-Do-not-implement-fstat-with-fstatat.diff diff --git a/glibc-getaddrinfo-fix-use-after-free-in-getcanonname.patch b/glibc-getaddrinfo-fix-use-after-free-in-getcanonname.patch new file mode 100644 index 0000000..39b3254 --- /dev/null +++ b/glibc-getaddrinfo-fix-use-after-free-in-getcanonname.patch @@ -0,0 +1,337 @@ +From 973fe93a5675c42798b2161c6f29c01b0e243994 Mon Sep 17 00:00:00 2001 +From: Siddhesh Poyarekar +Date: Fri, 15 Sep 2023 13:51:12 -0400 +Subject: [PATCH] getaddrinfo: Fix use after free in getcanonname + (CVE-2023-4806) + +When an NSS plugin only implements the _gethostbyname2_r and +_getcanonname_r callbacks, getaddrinfo could use memory that was freed +during tmpbuf resizing, through h_name in a previous query response. + +The backing store for res->at->name when doing a query with +gethostbyname3_r or gethostbyname2_r is tmpbuf, which is reallocated in +gethosts during the query. For AF_INET6 lookup with AI_ALL | +AI_V4MAPPED, gethosts gets called twice, once for a v6 lookup and second +for a v4 lookup. In this case, if the first call reallocates tmpbuf +enough number of times, resulting in a malloc, th->h_name (that +res->at->name refers to) ends up on a heap allocated storage in tmpbuf. +Now if the second call to gethosts also causes the plugin callback to +return NSS_STATUS_TRYAGAIN, tmpbuf will get freed, resulting in a UAF +reference in res->at->name. This then gets dereferenced in the +getcanonname_r plugin call, resulting in the use after free. + +Fix this by copying h_name over and freeing it at the end. This +resolves BZ #30843, which is assigned CVE-2023-4806. + +Signed-off-by: Siddhesh Poyarekar +--- + nss/Makefile | 15 ++++- + nss/nss_test_gai_hv2_canonname.c | 56 +++++++++++++++++ + nss/tst-nss-gai-hv2-canonname.c | 63 +++++++++++++++++++ + nss/tst-nss-gai-hv2-canonname.h | 1 + + .../postclean.req | 0 + .../tst-nss-gai-hv2-canonname.script | 2 + + sysdeps/posix/getaddrinfo.c | 25 +++++--- + 7 files changed, 152 insertions(+), 10 deletions(-) + create mode 100644 nss/nss_test_gai_hv2_canonname.c + create mode 100644 nss/tst-nss-gai-hv2-canonname.c + create mode 100644 nss/tst-nss-gai-hv2-canonname.h + create mode 100644 nss/tst-nss-gai-hv2-canonname.root/postclean.req + create mode 100644 nss/tst-nss-gai-hv2-canonname.root/tst-nss-gai-hv2-canonname.script + +diff --git a/nss/Makefile b/nss/Makefile +index 06fcdc450f..8a5126ecf3 100644 +--- a/nss/Makefile ++++ b/nss/Makefile +@@ -82,6 +82,7 @@ tests-container := \ + tst-nss-test3 \ + tst-reload1 \ + tst-reload2 \ ++ tst-nss-gai-hv2-canonname \ + # tests-container + + # Tests which need libdl +@@ -145,7 +146,8 @@ libnss_compat-inhibit-o = $(filter-out .os,$(object-suffixes)) + ifeq ($(build-static-nss),yes) + tests-static += tst-nss-static + endif +-extra-test-objs += nss_test1.os nss_test2.os nss_test_errno.os ++extra-test-objs += nss_test1.os nss_test2.os nss_test_errno.os \ ++ nss_test_gai_hv2_canonname.os + + include ../Rules + +@@ -180,12 +182,16 @@ rtld-tests-LDFLAGS += -Wl,--dynamic-list=nss_test.ver + libof-nss_test1 = extramodules + libof-nss_test2 = extramodules + libof-nss_test_errno = extramodules ++libof-nss_test_gai_hv2_canonname = extramodules + $(objpfx)/libnss_test1.so: $(objpfx)nss_test1.os $(link-libc-deps) + $(build-module) + $(objpfx)/libnss_test2.so: $(objpfx)nss_test2.os $(link-libc-deps) + $(build-module) + $(objpfx)/libnss_test_errno.so: $(objpfx)nss_test_errno.os $(link-libc-deps) + $(build-module) ++$(objpfx)/libnss_test_gai_hv2_canonname.so: \ ++ $(objpfx)nss_test_gai_hv2_canonname.os $(link-libc-deps) ++ $(build-module) + $(objpfx)nss_test2.os : nss_test1.c + # Use the nss_files suffix for these objects as well. + $(objpfx)/libnss_test1.so$(libnss_files.so-version): $(objpfx)/libnss_test1.so +@@ -195,10 +201,14 @@ $(objpfx)/libnss_test2.so$(libnss_files.so-version): $(objpfx)/libnss_test2.so + $(objpfx)/libnss_test_errno.so$(libnss_files.so-version): \ + $(objpfx)/libnss_test_errno.so + $(make-link) ++$(objpfx)/libnss_test_gai_hv2_canonname.so$(libnss_files.so-version): \ ++ $(objpfx)/libnss_test_gai_hv2_canonname.so ++ $(make-link) + $(patsubst %,$(objpfx)%.out,$(tests) $(tests-container)) : \ + $(objpfx)/libnss_test1.so$(libnss_files.so-version) \ + $(objpfx)/libnss_test2.so$(libnss_files.so-version) \ +- $(objpfx)/libnss_test_errno.so$(libnss_files.so-version) ++ $(objpfx)/libnss_test_errno.so$(libnss_files.so-version) \ ++ $(objpfx)/libnss_test_gai_hv2_canonname.so$(libnss_files.so-version) + + ifeq (yes,$(have-thread-library)) + $(objpfx)tst-cancel-getpwuid_r: $(shared-thread-library) +@@ -215,3 +225,4 @@ LDFLAGS-tst-nss-test3 = -Wl,--disable-new-dtags + LDFLAGS-tst-nss-test4 = -Wl,--disable-new-dtags + LDFLAGS-tst-nss-test5 = -Wl,--disable-new-dtags + LDFLAGS-tst-nss-test_errno = -Wl,--disable-new-dtags ++LDFLAGS-tst-nss-test_gai_hv2_canonname = -Wl,--disable-new-dtags +diff --git a/nss/nss_test_gai_hv2_canonname.c b/nss/nss_test_gai_hv2_canonname.c +new file mode 100644 +index 0000000000..4439c83c9f +--- /dev/null ++++ b/nss/nss_test_gai_hv2_canonname.c +@@ -0,0 +1,56 @@ ++/* NSS service provider that only provides gethostbyname2_r. ++ Copyright The GNU Toolchain Authors. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++#include ++#include ++#include ++#include "nss/tst-nss-gai-hv2-canonname.h" ++ ++/* Catch misnamed and functions. */ ++#pragma GCC diagnostic error "-Wmissing-prototypes" ++NSS_DECLARE_MODULE_FUNCTIONS (test_gai_hv2_canonname) ++ ++extern enum nss_status _nss_files_gethostbyname2_r (const char *, int, ++ struct hostent *, char *, ++ size_t, int *, int *); ++ ++enum nss_status ++_nss_test_gai_hv2_canonname_gethostbyname2_r (const char *name, int af, ++ struct hostent *result, ++ char *buffer, size_t buflen, ++ int *errnop, int *herrnop) ++{ ++ return _nss_files_gethostbyname2_r (name, af, result, buffer, buflen, errnop, ++ herrnop); ++} ++ ++enum nss_status ++_nss_test_gai_hv2_canonname_getcanonname_r (const char *name, char *buffer, ++ size_t buflen, char **result, ++ int *errnop, int *h_errnop) ++{ ++ /* We expect QUERYNAME, which is a small enough string that it shouldn't fail ++ the test. */ ++ if (memcmp (QUERYNAME, name, sizeof (QUERYNAME)) ++ || buflen < sizeof (QUERYNAME)) ++ abort (); ++ ++ strncpy (buffer, name, buflen); ++ *result = buffer; ++ return NSS_STATUS_SUCCESS; ++} +diff --git a/nss/tst-nss-gai-hv2-canonname.c b/nss/tst-nss-gai-hv2-canonname.c +new file mode 100644 +index 0000000000..d5f10c07d6 +--- /dev/null ++++ b/nss/tst-nss-gai-hv2-canonname.c +@@ -0,0 +1,63 @@ ++/* Test NSS query path for plugins that only implement gethostbyname2 ++ (#30843). ++ Copyright The GNU Toolchain Authors. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include "nss/tst-nss-gai-hv2-canonname.h" ++ ++#define PREPARE do_prepare ++ ++static void do_prepare (int a, char **av) ++{ ++ FILE *hosts = xfopen ("/etc/hosts", "w"); ++ for (unsigned i = 2; i < 255; i++) ++ { ++ fprintf (hosts, "ff01::ff02:ff03:%u:2\ttest.example.com\n", i); ++ fprintf (hosts, "192.168.0.%u\ttest.example.com\n", i); ++ } ++ xfclose (hosts); ++} ++ ++static int ++do_test (void) ++{ ++ __nss_configure_lookup ("hosts", "test_gai_hv2_canonname"); ++ ++ struct addrinfo hints = {}; ++ struct addrinfo *result = NULL; ++ ++ hints.ai_family = AF_INET6; ++ hints.ai_flags = AI_ALL | AI_V4MAPPED | AI_CANONNAME; ++ ++ int ret = getaddrinfo (QUERYNAME, NULL, &hints, &result); ++ ++ if (ret != 0) ++ FAIL_EXIT1 ("getaddrinfo failed: %s\n", gai_strerror (ret)); ++ ++ TEST_COMPARE_STRING (result->ai_canonname, QUERYNAME); ++ ++ freeaddrinfo(result); ++ return 0; ++} ++ ++#include +diff --git a/nss/tst-nss-gai-hv2-canonname.h b/nss/tst-nss-gai-hv2-canonname.h +new file mode 100644 +index 0000000000..14f2a9cb08 +--- /dev/null ++++ b/nss/tst-nss-gai-hv2-canonname.h +@@ -0,0 +1 @@ ++#define QUERYNAME "test.example.com" +diff --git a/nss/tst-nss-gai-hv2-canonname.root/postclean.req b/nss/tst-nss-gai-hv2-canonname.root/postclean.req +new file mode 100644 +index 0000000000..e69de29bb2 +diff --git a/nss/tst-nss-gai-hv2-canonname.root/tst-nss-gai-hv2-canonname.script b/nss/tst-nss-gai-hv2-canonname.root/tst-nss-gai-hv2-canonname.script +new file mode 100644 +index 0000000000..31848b4a28 +--- /dev/null ++++ b/nss/tst-nss-gai-hv2-canonname.root/tst-nss-gai-hv2-canonname.script +@@ -0,0 +1,2 @@ ++cp $B/nss/libnss_test_gai_hv2_canonname.so $L/libnss_test_gai_hv2_canonname.so.2 ++su +diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c +index 6ae6744fe4..47f421fddf 100644 +--- a/sysdeps/posix/getaddrinfo.c ++++ b/sysdeps/posix/getaddrinfo.c +@@ -120,6 +120,7 @@ struct gaih_result + { + struct gaih_addrtuple *at; + char *canon; ++ char *h_name; + bool free_at; + bool got_ipv6; + }; +@@ -165,6 +166,7 @@ gaih_result_reset (struct gaih_result *res) + if (res->free_at) + free (res->at); + free (res->canon); ++ free (res->h_name); + memset (res, 0, sizeof (*res)); + } + +@@ -203,9 +205,8 @@ gaih_inet_serv (const char *servicename, const struct gaih_typeproto *tp, + return 0; + } + +-/* Convert struct hostent to a list of struct gaih_addrtuple objects. h_name +- is not copied, and the struct hostent object must not be deallocated +- prematurely. The new addresses are appended to the tuple array in RES. */ ++/* Convert struct hostent to a list of struct gaih_addrtuple objects. The new ++ addresses are appended to the tuple array in RES. */ + static bool + convert_hostent_to_gaih_addrtuple (const struct addrinfo *req, int family, + struct hostent *h, struct gaih_result *res) +@@ -238,6 +239,15 @@ convert_hostent_to_gaih_addrtuple (const struct addrinfo *req, int family, + res->at = array; + res->free_at = true; + ++ /* Duplicate h_name because it may get reclaimed when the underlying storage ++ is freed. */ ++ if (res->h_name == NULL) ++ { ++ res->h_name = __strdup (h->h_name); ++ if (res->h_name == NULL) ++ return false; ++ } ++ + /* Update the next pointers on reallocation. */ + for (size_t i = 0; i < old; i++) + array[i].next = array + i + 1; +@@ -262,7 +272,6 @@ convert_hostent_to_gaih_addrtuple (const struct addrinfo *req, int family, + } + array[i].next = array + i + 1; + } +- array[0].name = h->h_name; + array[count - 1].next = NULL; + + return true; +@@ -324,15 +333,15 @@ gethosts (nss_gethostbyname3_r fct, int family, const char *name, + memory allocation failure. The returned string is allocated on the + heap; the caller has to free it. */ + static char * +-getcanonname (nss_action_list nip, struct gaih_addrtuple *at, const char *name) ++getcanonname (nss_action_list nip, const char *hname, const char *name) + { + nss_getcanonname_r *cfct = __nss_lookup_function (nip, "getcanonname_r"); + char *s = (char *) name; + if (cfct != NULL) + { + char buf[256]; +- if (DL_CALL_FCT (cfct, (at->name ?: name, buf, sizeof (buf), +- &s, &errno, &h_errno)) != NSS_STATUS_SUCCESS) ++ if (DL_CALL_FCT (cfct, (hname ?: name, buf, sizeof (buf), &s, &errno, ++ &h_errno)) != NSS_STATUS_SUCCESS) + /* If the canonical name cannot be determined, use the passed + string. */ + s = (char *) name; +@@ -771,7 +780,7 @@ get_nss_addresses (const char *name, const struct addrinfo *req, + if ((req->ai_flags & AI_CANONNAME) != 0 + && res->canon == NULL) + { +- char *canonbuf = getcanonname (nip, res->at, name); ++ char *canonbuf = getcanonname (nip, res->h_name, name); + if (canonbuf == NULL) + { + __resolv_context_put (res_ctx); +-- +2.39.3 + diff --git a/glibc-io-Do-not-implement-fstat-with-fstatat.diff b/glibc-io-Do-not-implement-fstat-with-fstatat.diff new file mode 100644 index 0000000..449232c --- /dev/null +++ b/glibc-io-Do-not-implement-fstat-with-fstatat.diff @@ -0,0 +1,137 @@ +diff --git a/sysdeps/unix/sysv/linux/fstat64.c b/sysdeps/unix/sysv/linux/fstat64.c +index 124384e57f..a291f0825b 100644 +--- a/sysdeps/unix/sysv/linux/fstat64.c ++++ b/sysdeps/unix/sysv/linux/fstat64.c +@@ -19,20 +19,53 @@ + #define __fstat __redirect___fstat + #define fstat __redirect_fstat + #include ++#undef __fstat ++#undef fstat + #include +-#include +-#include ++#include + #include + + int + __fstat64_time64 (int fd, struct __stat64_t64 *buf) + { ++#if !FSTATAT_USE_STATX ++# if XSTAT_IS_XSTAT64 ++# ifdef __NR_fstat ++ /* 64-bit kABI, e.g. aarch64, ia64, powerpc64*, s390x, riscv64, and ++ x86_64. */ ++ return INLINE_SYSCALL_CALL (fstat, fd, buf); ++# elif defined __NR_fstat64 ++# if STAT64_IS_KERNEL_STAT64 ++ /* 64-bit kABI outlier, e.g. alpha */ ++ return INLINE_SYSCALL_CALL (fstat64, fd, buf); ++# else ++ /* 64-bit kABI outlier, e.g. sparc64. */ ++ struct kernel_stat64 kst64; ++ int r = INLINE_SYSCALL_CALL (fstat64, fd, &kst64); ++ if (r == 0) ++ __cp_stat64_kstat64 (buf, &kst64); ++ return r; ++# endif /* STAT64_IS_KERNEL_STAT64 */ ++# endif ++# else /* XSTAT_IS_XSTAT64 */ ++ /* 64-bit kabi outlier, e.g. mips64 and mips64-n32. */ ++ struct kernel_stat kst; ++ int r = INLINE_SYSCALL_CALL (fstat, fd, &kst); ++ if (r == 0) ++ __cp_kstat_stat64_t64 (&kst, buf); ++ return r; ++# endif ++#else /* !FSTATAT_USE_STATX */ ++ /* All kABIs with non-LFS support and with old 32-bit time_t support ++ e.g. arm, csky, i386, hppa, m68k, microblaze, nios2, sh, powerpc32, ++ and sparc32. */ + if (fd < 0) + { + __set_errno (EBADF); + return -1; + } + return __fstatat64_time64 (fd, "", buf, AT_EMPTY_PATH); ++#endif + } + #if __TIMESIZE != 64 + hidden_def (__fstat64_time64) +diff --git a/sysdeps/unix/sysv/linux/fstatat64.c b/sysdeps/unix/sysv/linux/fstatat64.c +index 3509d3ca6d..127c6ff601 100644 +--- a/sysdeps/unix/sysv/linux/fstatat64.c ++++ b/sysdeps/unix/sysv/linux/fstatat64.c +@@ -21,12 +21,10 @@ + #include + #include + #include +-#include + #include + #include +-#include +-#include + #include ++#include + + #if __TIMESIZE == 64 \ + && (__WORDSIZE == 32 \ +@@ -40,11 +38,7 @@ _Static_assert (sizeof (__blkcnt_t) == sizeof (__blkcnt64_t), + "__blkcnt_t and __blkcnt64_t must match"); + #endif + +-#if (__WORDSIZE == 32 \ +- && (!defined __SYSCALL_WORDSIZE || __SYSCALL_WORDSIZE == 32)) \ +- || defined STAT_HAS_TIME32 \ +- || (!defined __NR_newfstatat && !defined __NR_fstatat64) +-# define FSTATAT_USE_STATX 1 ++#if FSTATAT_USE_STATX + + static inline int + fstatat64_time64_statx (int fd, const char *file, struct __stat64_t64 *buf, +@@ -79,8 +73,6 @@ fstatat64_time64_statx (int fd, const char *file, struct __stat64_t64 *buf, + + return r; + } +-#else +-# define FSTATAT_USE_STATX 0 + #endif + + /* Only statx supports 64-bit timestamps for 32-bit architectures with +diff --git a/sysdeps/unix/sysv/linux/internal-stat.h b/sysdeps/unix/sysv/linux/internal-stat.h +new file mode 100644 +index 0000000000..e3b0569853 +--- /dev/null ++++ b/sysdeps/unix/sysv/linux/internal-stat.h +@@ -0,0 +1,31 @@ ++/* Internal stat definitions. ++ Copyright (C) 2023 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++#include ++#include ++#include ++#include ++ ++#if (__WORDSIZE == 32 \ ++ && (!defined __SYSCALL_WORDSIZE || __SYSCALL_WORDSIZE == 32)) \ ++ || defined STAT_HAS_TIME32 \ ++ || (!defined __NR_newfstatat && !defined __NR_fstatat64) ++# define FSTATAT_USE_STATX 1 ++#else ++# define FSTATAT_USE_STATX 0 ++#endif diff --git a/glibc.changes b/glibc.changes index f78d8e6..784ab69 100644 --- a/glibc.changes +++ b/glibc.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Mon Sep 18 08:50:20 UTC 2023 - Dirk Müller + +- add glibc-io-Do-not-implement-fstat-with-fstatat.diff +- add glibc-getaddrinfo-fix-use-after-free-in-getcanonname.patch + (bsc#1215281, CVE-2023-4806) + ------------------------------------------------------------------- Wed Sep 13 12:25:56 UTC 2023 - Andreas Schwab @@ -881,7 +888,7 @@ Thu Oct 10 14:39:24 UTC 2019 - Andreas Schwab Mon Sep 23 14:00:09 UTC 2019 - Andreas Schwab - Package gconv-modules.cache as %ghost -- Regenerate it also in the %post of glibc-local-base- +- Regenerate it also in the %post of glibc-local-base- ------------------------------------------------------------------- Mon Sep 23 13:01:24 UTC 2019 - Ludwig Nussel @@ -2591,7 +2598,7 @@ Wed Jan 8 12:38:29 UTC 2014 - coolo@suse.com - make pwdutils a real buildrequire Requires(pre) are used during builds, but don't trigger rebuilds. - But to create clearly defined bootstrap projects, it's essential + But to create clearly defined bootstrap projects, it's essential to know what packages are required for others. So move this requires to build to a buildrequire @@ -2766,7 +2773,7 @@ Tue Aug 6 09:20:04 UTC 2013 - schwab@suse.de aarch64-sigsetjmp.patch - Rediff all remaining patches - Reenable stackguard randomization on arm -- Recognize ppc64p7 arch to build for power7 +- Recognize ppc64p7 arch to build for power7 - Remove all ABI extensions from libcrypt - cbrtl-ldbl-96.patch: fix cbrtl for ldbl-96 @@ -2800,7 +2807,7 @@ Thu Jul 4 12:14:27 UTC 2013 - schwab@suse.de ------------------------------------------------------------------- Fri Jun 28 12:26:38 UTC 2013 - dmueller@suse.com -- add ld-linux.so.3 compat symlink also for armv6hl +- add ld-linux.so.3 compat symlink also for armv6hl - remove deprecated armv7l ------------------------------------------------------------------- @@ -2862,7 +2869,7 @@ Tue May 7 10:00:00 UTC 2013 - schwab@suse.de ------------------------------------------------------------------- Sun Apr 14 02:41:52 UTC 2013 - crrodriguez@opensuse.org -- Do not order nscd after syslog.target +- Do not order nscd after syslog.target ------------------------------------------------------------------- Mon Mar 4 14:16:43 UTC 2013 - schwab@suse.de @@ -3013,7 +3020,7 @@ Wed Nov 28 15:48:32 UTC 2012 - aj@suse.de - Update to e3c6aa3a5848: * Fix powerpc64 make abi check failure - * bugfixes + * bugfixes - Install nscd.socket to new /usr location ------------------------------------------------------------------- @@ -3156,7 +3163,7 @@ Fri Jul 20 17:00:00 UTC 2012 - aj@suse.de - Update to glibc 2.16 release. * update version numbers * Documentation updates -- Update manpages from Debian, includes new man pages for +- Update manpages from Debian, includes new man pages for locale.1, mtrace.1, gencat.1 iconvconfig.8. - Remove getent.1 man page, use the one from man-pages. @@ -3438,7 +3445,7 @@ Thu Jan 12 15:42:36 UTC 2012 - aj@suse.de ------------------------------------------------------------------- Thu Jan 12 11:01:41 UTC 2012 - aj@suse.de -- Use _target_cpu instead of _build and _host. This makes the +- Use _target_cpu instead of _build and _host. This makes the i686 library really build for i686. ------------------------------------------------------------------- @@ -3570,7 +3577,7 @@ Tue Nov 15 12:10:32 UTC 2011 - aj@suse.de ------------------------------------------------------------------- Mon Nov 14 12:02:06 CET 2011 - ro@suse.de -- check-build.sh: accept kernel 3.x +- check-build.sh: accept kernel 3.x ------------------------------------------------------------------- Tue Nov 8 22:55:40 CET 2011 - dmueller@suse.de @@ -3612,7 +3619,7 @@ Sat Oct 29 18:37:46 UTC 2011 - aj@suse.de Thu Oct 27 08:44:14 UTC 2011 - aj@suse.de - Update to 804791474dc1: - - more libm optimizations + - more libm optimizations - Remove AMD libm routines due to new upstream libm optimizations and interfaces. - Fix build on x86. @@ -3778,13 +3785,13 @@ Mon Sep 5 08:26:24 UTC 2011 - aj@suse.de ------------------------------------------------------------------- Sat Sep 3 19:39:03 UTC 2011 - aj@suse.de -- Revert last change, it caused some breakage. [bnc#715854] +- Revert last change, it caused some breakage. [bnc#715854] ------------------------------------------------------------------- Thu Sep 1 20:49:16 UTC 2011 - aj@suse.de - Add support for new vdso (3.1 kernel) and only then - for vsyscall which is not anymore in 3.1 kernel + for vsyscall which is not anymore in 3.1 kernel (patch glibc-2.15-vsyscall.patch) ------------------------------------------------------------------- @@ -3919,7 +3926,7 @@ Tue Jul 5 08:03:26 UTC 2011 - aj@suse.de ------------------------------------------------------------------- Mon Jul 4 10:00:46 UTC 2011 - aj@suse.de -- Further cleanup of ld.so.conf to remove duplicate directories +- Further cleanup of ld.so.conf to remove duplicate directories and allow override of system directories (bnc#671725) - Fix futex bug (added patch glibc-fix-rwlock-stack-imbalance.patch from sourceware bug #12403). @@ -3963,7 +3970,7 @@ Mon Jun 27 11:00:33 UTC 2011 - aj@suse.de upstream. - Add glibc-2.15-getsysstats-speedup.patch to "Fix Linux sysconf(_SC_NPROCESSORS_[CONF|ONLN]) performance problem" -- Fix warning about potential array subscript out of bounds +- Fix warning about potential array subscript out of bounds (glibc-2.13-wranings.fix). - Fix some rpmlint warnings. @@ -4192,7 +4199,7 @@ Mon Sep 13 14:36:26 UTC 2010 - aj@suse.de ------------------------------------------------------------------- Sun Sep 12 08:00:57 UTC 2010 - aj@suse.de -- Work around shortest-stem feature in make 3.82+ (patch +- Work around shortest-stem feature in make 3.82+ (patch glibc-make-3.82.patch) ------------------------------------------------------------------- @@ -4578,7 +4585,7 @@ Fri Jun 5 00:46:59 CEST 2009 - pbaudis@suse.cz ------------------------------------------------------------------- Fri May 22 22:45:10 CEST 2009 - pbaudis@suse.cz -- Update to glibc-2.10.1-e38af591a8 of glibc/pb-stable.git glibc-2.10-branch +- Update to glibc-2.10.1-e38af591a8 of glibc/pb-stable.git glibc-2.10-branch maintained by me at repo.or.cz; contains backports of various bugfixes. (Still the same source is used for glibc-ports.) - Stop using separate tarball for nptl. @@ -4778,7 +4785,7 @@ Tue Oct 28 09:45:22 CET 2008 - olh@suse.de ------------------------------------------------------------------- Thu Oct 23 22:20:28 CEST 2008 - ro@suse.de -- only do obsoletes for XXbit packages on ppc, not on x86 +- only do obsoletes for XXbit packages on ppc, not on x86 ------------------------------------------------------------------- Wed Oct 23 13:46:25 CEST 2008 - matz@suse.de @@ -5064,7 +5071,7 @@ Mon Aug 13 19:09:31 CEST 2007 - aj@suse.de - Backport: * Update kernel-features.h. - * Fix sched_getcpu error path on x86-64. + * Fix sched_getcpu error path on x86-64. * Use upstreamed version of ldconfig cache speed ups. ------------------------------------------------------------------- @@ -5372,7 +5379,7 @@ Thu Apr 13 13:34:07 CEST 2006 - kukuk@suse.de ------------------------------------------------------------------- Tue Apr 11 12:20:57 CEST 2006 - kukuk@suse.de -- nptl/init.c (sigcancel_handler): Compare with correct PID even +- nptl/init.c (sigcancel_handler): Compare with correct PID even if the thread is in the middle of a fork call. (sighandler_setxid): Likewise. @@ -5869,7 +5876,7 @@ Thu Jun 16 17:03:43 CEST 2005 - kukuk@suse.de ------------------------------------------------------------------- Mon Jun 13 14:48:53 CEST 2005 - kukuk@suse.de -- Don't terminate strings twice in nis/netgroup code. +- Don't terminate strings twice in nis/netgroup code. - netinet/if_tr.h: don't include kernel headers. ------------------------------------------------------------------- @@ -6244,7 +6251,7 @@ Wed Sep 22 15:33:10 CEST 2004 - kukuk@suse.de ------------------------------------------------------------------- Mon Sep 20 17:58:13 CEST 2004 - kukuk@suse.de -- Fix invalidating of nscd caches and getaddrinfo() +- Fix invalidating of nscd caches and getaddrinfo() ------------------------------------------------------------------- Fri Sep 17 07:13:01 CEST 2004 - kukuk@suse.de @@ -6297,7 +6304,7 @@ Wed Aug 25 16:16:32 CEST 2004 - kukuk@suse.de ------------------------------------------------------------------- Mon Aug 23 10:20:09 CEST 2004 - kukuk@suse.de -- Update to current CVS: +- Update to current CVS: - Use CVS version for last fix. - Add malloc sanity checks for double free. @@ -6336,7 +6343,7 @@ Tue Aug 17 12:13:41 CEST 2004 - kukuk@suse.de ------------------------------------------------------------------- Mon Aug 16 11:51:37 CEST 2004 - kukuk@suse.de -- Update to current CVS version and update to +- Update to current CVS version and update to kernel-headers 2.6.8.1 to fix NPTL deadlock problems - Disable linuxthreads/tst-clock1, does not work on i586 and lower @@ -6361,7 +6368,7 @@ Wed Jun 16 07:45:07 CEST 2004 - meissner@suse.de ------------------------------------------------------------------- Mon Jun 14 20:12:00 CEST 2004 - kukuk@suse.de -- Add fixes from CVS: +- Add fixes from CVS: - sysconf return value fixes - nscd host caching deadlock - backtrace for s390/s390x/ia64 static linked binaries @@ -6496,7 +6503,7 @@ Fri Apr 9 16:22:31 CEST 2004 - kukuk@suse.de ------------------------------------------------------------------- Thu Apr 8 00:24:46 CEST 2004 - meissner@suse.de -- forward umount to umount2 on ppc64 because umount syscall +- forward umount to umount2 on ppc64 because umount syscall does not exist ------------------------------------------------------------------- @@ -6785,7 +6792,7 @@ Wed Jan 21 10:23:42 CET 2004 - aj@suse.de ------------------------------------------------------------------- Mon Jan 19 15:49:51 CET 2004 - ro@suse.de -- really fix linux/percpu.h to compile in userland +- really fix linux/percpu.h to compile in userland ------------------------------------------------------------------- Fri Jan 16 11:14:49 CET 2004 - kukuk@suse.de @@ -6955,7 +6962,7 @@ Tue Oct 14 10:49:36 CEST 2003 - kukuk@suse.de ------------------------------------------------------------------- Mon Oct 13 12:11:53 CEST 2003 - kukuk@suse.de -- Update to kernel header files from 2.6.0-test7 +- Update to kernel header files from 2.6.0-test7 ------------------------------------------------------------------- Fri Oct 10 17:11:01 CEST 2003 - schwab@suse.de @@ -7431,7 +7438,7 @@ Fri Feb 14 14:51:11 CET 2003 - kukuk@suse.de ------------------------------------------------------------------- Thu Feb 13 18:34:50 CET 2003 - kukuk@suse.de -- Update to current snapshot +- Update to current snapshot ------------------------------------------------------------------- Wed Feb 12 11:50:54 CET 2003 - kukuk@suse.de @@ -7499,7 +7506,7 @@ Thu Jan 30 16:05:32 CET 2003 - aj@suse.de Wed Jan 29 12:57:23 CET 2003 - kukuk@suse.de - Update to current glibc cvs -- Fix libm-ulps for x86-64 and ia64 +- Fix libm-ulps for x86-64 and ia64 ------------------------------------------------------------------- Thu Jan 23 16:47:33 CET 2003 - schwab@suse.de @@ -7534,7 +7541,7 @@ Sun Jan 12 19:16:13 CET 2003 - kukuk@suse.de ------------------------------------------------------------------- Fri Jan 3 19:09:36 CET 2003 - bg@suse.de -- removed obsolete patch for hppa +- removed obsolete patch for hppa ------------------------------------------------------------------- Fri Dec 20 23:15:48 CET 2002 - kukuk@suse.de @@ -7549,8 +7556,8 @@ Fri Dec 20 23:15:48 CET 2002 - kukuk@suse.de ------------------------------------------------------------------- Tue Dec 17 16:01:13 CET 2002 - olh@suse.de -- remove glibc-2.2.5-ppc64-bits-socket_h.diff - add glibc-2.3-setjmp-ppc64.diff +- remove glibc-2.2.5-ppc64-bits-socket_h.diff + add glibc-2.3-setjmp-ppc64.diff add libc23-ppc64-cvshead20021210.patch dont run configure in subshell, it can fail and rpm cant catch it @@ -7575,7 +7582,7 @@ Tue Dec 3 11:16:30 CET 2002 - aj@suse.de ------------------------------------------------------------------- Fri Nov 29 11:08:03 CET 2002 - bg@suse.de -- Fix build on hppa. +- Fix build on hppa. ------------------------------------------------------------------- Thu Nov 28 21:31:09 CET 2002 - aj@suse.de @@ -7592,7 +7599,7 @@ Thu Nov 28 15:45:09 CET 2002 - aj@suse.de ------------------------------------------------------------------- Tue Nov 12 12:41:17 CET 2002 - bg@suse.de -- Updated hppa patches +- Updated hppa patches ------------------------------------------------------------------- Thu Nov 7 14:00:04 CET 2002 - kukuk@suse.de @@ -7603,14 +7610,14 @@ Thu Nov 7 14:00:04 CET 2002 - kukuk@suse.de ------------------------------------------------------------------- Thu Nov 7 12:11:29 CET 2002 - bg@suse.de -- Fix build of linuxthreads for hppa +- Fix build of linuxthreads for hppa ------------------------------------------------------------------- Tue Nov 5 16:31:11 CET 2002 - bg@suse.de - Use current kernel-headers for parisc -- Add support for hppa - +- Add support for hppa + ------------------------------------------------------------------- Tue Nov 5 15:29:32 CET 2002 - kukuk@suse.de @@ -7665,7 +7672,7 @@ Mon Sep 16 17:24:01 CEST 2002 - meissner@suse.de Thu Sep 12 15:56:07 CEST 2002 - meissner@suse.de - ppc/ppc64: added more biarch things to the SystemV IPC headers - which are needed to get 64bit ipc / IPC_STAT to work. + which are needed to get 64bit ipc / IPC_STAT to work. ------------------------------------------------------------------- Mon Sep 9 18:52:53 CEST 2002 - bk@suse.de @@ -7719,7 +7726,7 @@ Tue Aug 27 15:52:49 CEST 2002 - olh@suse.de Mon Aug 26 21:56:22 CEST 2002 - olh@suse.de - add ppc64_glibc_2.2.5_sunrpc-fix.patch - * sysdeps/unix/sysv/linux/powerpc/bits/socket.h: New file that adds + * sysdeps/unix/sysv/linux/powerpc/bits/socket.h: New file that adds __powerpc64__ specific fields and adjust size/alignment for 64-bit. ------------------------------------------------------------------- @@ -7826,7 +7833,7 @@ Fri Jul 12 18:29:17 CEST 2002 - aj@suse.de ------------------------------------------------------------------- Mon Jul 8 10:45:49 CEST 2002 - aj@suse.de -- Add some optimized x86-64 math routines and a fixed lgammal +- Add some optimized x86-64 math routines and a fixed lgammal implementation. - Testsuite on x86-64 should pass now. - Run ldconfig in postinstall. @@ -7903,7 +7910,7 @@ Tue Jun 11 10:04:55 CEST 2002 - sf@suse.de - made new kernel-header archive from kernel-source - added asm-ppc64 to kernel-headers -- removed patch9 as it is obsoleted by the new kernel-headers +- removed patch9 as it is obsoleted by the new kernel-headers ------------------------------------------------------------------- Fri Jun 7 14:29:30 CEST 2002 - olh@suse.de @@ -8101,8 +8108,8 @@ Thu Feb 28 14:53:42 CET 2002 - kukuk@suse.de ------------------------------------------------------------------- Mon Feb 18 13:22:05 CET 2002 - kukuk@suse.de -- When a dlopened module references a weak symbol from another - dlopened module (loaded with RTLD_GLOBAL) no dependency was +- When a dlopened module references a weak symbol from another + dlopened module (loaded with RTLD_GLOBAL) no dependency was generated for this fact, so the second module was unloaded even if the first one was still around. @@ -8131,7 +8138,7 @@ Wed Feb 13 16:03:20 CET 2002 - kukuk@suse.de ------------------------------------------------------------------- Tue Feb 12 02:01:42 CET 2002 - ro@suse.de -- fix owner/group for kernel headers +- fix owner/group for kernel headers ------------------------------------------------------------------- Mon Feb 11 15:17:18 CET 2002 - kukuk@suse.de @@ -8568,12 +8575,12 @@ Thu Mar 29 08:33:19 CEST 2001 - aj@suse.de ------------------------------------------------------------------- Thu Mar 29 01:18:52 CEST 2001 - ro@suse.de -- added db-splitmask fix from mls (hopefully work around bug in db1) +- added db-splitmask fix from mls (hopefully work around bug in db1) ------------------------------------------------------------------- Wed Mar 28 09:02:54 CEST 2001 - aj@suse.de -- Fix s390 to not generate wrong relocations, work around compiler +- Fix s390 to not generate wrong relocations, work around compiler error. ------------------------------------------------------------------- @@ -8615,12 +8622,12 @@ Fri Mar 9 15:33:55 CET 2001 - kukuk@suse.de ------------------------------------------------------------------- Thu Mar 8 16:02:45 CET 2001 - ro@suse.de -- update kernel-headers to 2.4.2 +- update kernel-headers to 2.4.2 ------------------------------------------------------------------- Thu Mar 8 12:53:56 CET 2001 - ro@suse.de -- kernel-header fixes to build on s390 +- kernel-header fixes to build on s390 ------------------------------------------------------------------- Thu Feb 22 11:22:08 CET 2001 - schwab@suse.de @@ -8833,7 +8840,7 @@ Fri Oct 27 15:39:17 CEST 2000 - aj@suse.de ------------------------------------------------------------------- Wed Oct 25 16:47:22 CEST 2000 - kukuk@suse.de -- Update to glibc-2.2-20001025 +- Update to glibc-2.2-20001025 ------------------------------------------------------------------- Sun Oct 22 16:31:32 CEST 2000 - kukuk@suse.de @@ -8918,7 +8925,7 @@ Mon Aug 21 19:56:06 CEST 2000 - garloff@suse.de Tue Jul 25 08:41:48 CEST 2000 - kukuk@suse.de - Add mmap fix for PowerPC - + ------------------------------------------------------------------- Tue Jul 11 10:02:41 CEST 2000 - kukuk@suse.de @@ -8964,7 +8971,7 @@ Fri May 26 11:07:39 CEST 2000 - kukuk@suse.de ------------------------------------------------------------------- Wed May 24 22:23:12 CEST 2000 - kukuk@suse.de -- Fix ldconfig.8 manual page +- Fix ldconfig.8 manual page ------------------------------------------------------------------- Thu May 18 17:53:09 CEST 2000 - bk@suse.de @@ -8999,7 +9006,7 @@ Tue May 9 22:21:23 CEST 2000 - kukuk@suse.de ------------------------------------------------------------------- Mon May 8 11:59:48 CEST 2000 - kukuk@suse.de -- Add lot of bug fixes from CVS +- Add lot of bug fixes from CVS ------------------------------------------------------------------- Tue Apr 25 14:20:43 CEST 2000 - kukuk@suse.de @@ -9059,13 +9066,13 @@ Mon Apr 3 14:42:03 MEST 2000 - bk@suse.de ------------------------------------------------------------------- Wed Mar 22 12:10:02 CET 2000 - kukuk@suse.de -- Fix last SPARC patch +- Fix last SPARC patch ------------------------------------------------------------------- Tue Mar 21 17:48:01 CET 2000 - kukuk@suse.de - Add SPARC patches -- Add IA64 patches +- Add IA64 patches ------------------------------------------------------------------- Wed Mar 15 14:35:47 CET 2000 - kukuk@suse.de @@ -9095,7 +9102,7 @@ Thu Feb 24 16:12:39 CET 2000 - kukuk@suse.de ------------------------------------------------------------------- Tue Feb 22 16:40:35 CET 2000 - kukuk@suse.de -- Update to current glibc cvs snapshot (2.1.3pre4) +- Update to current glibc cvs snapshot (2.1.3pre4) ------------------------------------------------------------------- Sat Feb 5 14:40:33 CET 2000 - kukuk@suse.de @@ -9132,7 +9139,7 @@ Wed Jan 19 15:53:18 CET 2000 - kukuk@suse.de ------------------------------------------------------------------- Sat Jan 15 01:31:16 CET 2000 - ro@suse.de --fixed ppc db2-patch +-fixed ppc db2-patch ------------------------------------------------------------------- Fri Jan 14 16:54:26 CET 2000 - kukuk@suse.de @@ -9142,22 +9149,22 @@ Fri Jan 14 16:54:26 CET 2000 - kukuk@suse.de ------------------------------------------------------------------- Fri Jan 14 00:27:03 CET 2000 - kukuk@suse.de -- Add patch for SPARC +- Add patch for SPARC ------------------------------------------------------------------- Thu Jan 13 15:23:54 CET 2000 - kukuk@suse.de -- Move info pages to /usr/share/info +- Move info pages to /usr/share/info ------------------------------------------------------------------- Mon Jan 10 14:49:14 CET 2000 - kukuk@suse.de -- Add ipv6 patches for getent +- Add ipv6 patches for getent ------------------------------------------------------------------- Mon Jan 10 11:23:57 CET 2000 - kukuk@suse.de -- Move manual pages for applications and config files into +- Move manual pages for applications and config files into shlibs package - Update to current glibc 2.1.3 snapshot @@ -9222,7 +9229,7 @@ Sat Oct 16 16:29:44 MEST 1999 - kukuk@suse.de Mon Oct 11 19:19:00 MEST 1999 - kukuk@suse.de - Add linuxthreads/signals.c fix from Andreas Schwab -- Remove dangling symlink (Bug #544) +- Remove dangling symlink (Bug #544) - Add more bug fixes ------------------------------------------------------------------- @@ -9255,7 +9262,7 @@ Mon Sep 13 17:23:57 CEST 1999 - bs@suse.de Mon Sep 6 10:25:03 MEST 1999 - kukuk@suse.de - Update to current glibc 2.1.2 cvs snapshot -- Remove use auf automake in spec file +- Remove use auf automake in spec file ------------------------------------------------------------------- Fri Sep 3 14:35:42 MEST 1999 - kukuk@suse.de @@ -9266,7 +9273,7 @@ Fri Sep 3 14:35:42 MEST 1999 - kukuk@suse.de ------------------------------------------------------------------- Wed Aug 25 17:07:09 MEST 1999 - kukuk@suse.de -- Update to current glibc 2.1.2 cvs snapshot +- Update to current glibc 2.1.2 cvs snapshot ------------------------------------------------------------------- Thu Aug 19 15:20:26 MEST 1999 - kukuk@suse.de @@ -9279,7 +9286,7 @@ Thu Aug 19 15:20:26 MEST 1999 - kukuk@suse.de Sat Aug 14 19:58:45 MEST 1999 - kukuk@suse.de - disable nscd hosts caching by default -- Apply patch from HJL for broken gethostbyname_r in libnss_dns +- Apply patch from HJL for broken gethostbyname_r in libnss_dns ------------------------------------------------------------------- Fri Jul 16 17:01:51 MEST 1999 - kukuk@suse.de @@ -9290,7 +9297,7 @@ Fri Jul 16 17:01:51 MEST 1999 - kukuk@suse.de ------------------------------------------------------------------- Wed Jul 14 16:05:14 MEST 1999 - kukuk@suse.de -- Remove /etc/localtime from filelist +- Remove /etc/localtime from filelist ------------------------------------------------------------------- Mon Jul 12 09:54:43 MEST 1999 - kukuk@suse.de @@ -9301,7 +9308,7 @@ Mon Jul 12 09:54:43 MEST 1999 - kukuk@suse.de ------------------------------------------------------------------- Thu Jul 8 17:25:43 MEST 1999 - kukuk@suse.de -- configure for i386-unknown-linux +- configure for i386-unknown-linux ------------------------------------------------------------------- Wed Jul 7 12:28:43 MEST 1999 - kukuk@suse.de @@ -9341,7 +9348,7 @@ Mon Jun 14 09:17:26 MEST 1999 - kukuk@suse.de ------------------------------------------------------------------- Thu Jun 10 10:04:11 MEST 1999 - kukuk@suse.de -- Fix daemon() for MT programs +- Fix daemon() for MT programs - Add libio fixes ------------------------------------------------------------------- @@ -9379,7 +9386,7 @@ Wed Apr 28 17:48:51 MEST 1999 - kukuk@suse.de ------------------------------------------------------------------- Tue Apr 27 11:48:46 MEST 1999 - kukuk@suse.de -- update to cvs version of Apr 26 1999 +- update to cvs version of Apr 26 1999 - fix pmap_set/pmap_unset for DHCP clients - Rename libdb1.so.2[.1] to libdb.so.2[.1] since we don't create the symbolic links. @@ -9426,7 +9433,7 @@ Sat Feb 20 19:29:32 MET 1999 - ro@suse.de ------------------------------------------------------------------- Sat Feb 20 18:41:22 MET 1999 - ro@suse.de -- fixed specfile ... +- fixed specfile ... ------------------------------------------------------------------- Sat Feb 20 18:31:30 MET 1999 - ro@suse.de @@ -9462,7 +9469,7 @@ Mon Sep 21 19:43:16 MEST 1998 - ro@suse.de ------------------------------------------------------------------- Mon Sep 14 14:28:21 MEST 1998 - ro@suse.de -- update: use today's cvs-version +- update: use today's cvs-version ------------------------------------------------------------------- Wed Sep 2 16:56:04 MEST 1998 - ro@suse.de diff --git a/glibc.spec b/glibc.spec index 1f623a6..974007e 100644 --- a/glibc.spec +++ b/glibc.spec @@ -317,12 +317,16 @@ Patch1007: call-init-proxy-objects.patch Patch1008: dtors-reverse-ctor-order.patch # PATCH-FIX-UPSTREAM Stack read overflow with large TCP responses in no-aaaa mode (CVE-2023-4527, BZ #30842) Patch1009: no-aaaa-read-overflow.patch +# PATCH-FIX-UPSTREAM use-after-free in getaddrinfo() (CVE-2023-4806, BSC#1215281) +Patch1010: glibc-getaddrinfo-fix-use-after-free-in-getcanonname.patch ### # Patches awaiting upstream approval ### # PATCH-FIX-UPSTREAM Avoid concurrency problem in ldconfig (BZ #23973) Patch2000: ldconfig-concurrency.patch +# https://patchwork.sourceware.org/project/glibc/patch/20230911132548.1981093-1-adhemerval.zanella@linaro.org/ +Patch2001: glibc-io-Do-not-implement-fstat-with-fstatat.diff # Non-glibc patches # PATCH-FIX-OPENSUSE Remove debianisms from manpages @@ -549,9 +553,11 @@ library in a cross compilation setting. %patch1007 -p1 %patch1008 -p1 %patch1009 -p1 +%patch1010 -p1 %endif %patch2000 -p1 +%patch2001 -p1 %patch3000 rm -f manpages/catchsegv.1 @@ -683,6 +689,7 @@ profile="--disable-profile" --libexecdir=%{_libexecdir} --infodir=%{_infodir} \ $profile \ --build=%{build} --host=${target} \ + --with-selinux \ %if %{build_cross} --with-headers=%{sysroot}/usr/include \ %else