Accepting request 514072 from home:Andreas_Schwab:Factory

- Update to glibc 2.26

OBS-URL: https://build.opensuse.org/request/show/514072
OBS-URL: https://build.opensuse.org/package/show/Base:System/glibc?expand=0&rev=470

_service

@@ -1,15 +0,0 @@
-<services>
-  <service name="obs_scm" mode="disabled">
-    <param name="versionformat">2.25.90.%cd.g%h</param>
-    <param name="url">git://sourceware.org/git/glibc</param>
-    <param name="scm">git</param>
-  </service>
-  <service name="tar" mode="disabled"/>
-  <service name="recompress" mode="disabled">
-    <param name="compression">xz</param>
-    <param name="file">*.tar</param>
-  </service>
-  <service name="set_version" mode="disabled">
-    <param name="basename">glibc</param>
-  </service>
-</services>

glibc-2.25.90.20170720.gc771b59a24c0.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:47b52b2267230b78e1718d700db2541e7cddc8a5367e49c8d00f132cb36063b6
-size 15648656

glibc-2.26.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:e54e0a934cd2bc94429be79da5e9385898d2306b9eaf3c92d5a77af96190f6bd
+size 14682748

glibc-2.26.tar.xz.sig

@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEcBAABAgAGBQJZgduLAAoJEHnEPfvxzyGHDesH/itf17ZUWSWNIRp2cC0RK1et
+jtR7ufFMpSHfMFJQXkli162s+iFMAxuOus52rma/h3PP8BXVbEKB7M3N0dvqPbmC
+AIC6YtAYU/I4M3V+6T1pi4ras19i2VgNY+iag0xw5o0ah4yZmZwB5eFR2xIz10ZD
+SGffJyCD/8EFwn/SPx38JS55ENwGj5PT1m2TsEnlLeHg7sCH7ksb5Pqq/ZEwIw0v
+E56a4hSliDUhurc0gUQmFxm/FhFSdTzns0vShfgou4D2tNSYaUjrf/17ebj0ehUF
+XkNH5jvwHoxiKzEVnD7dS9NLbvOPAG4AlFnWejgqvX0JB/M5TknOcmJYpzZYiGE=
+=XObH
+-----END PGP SIGNATURE-----

glibc-testsuite.changes

@@ -1,7 +1,7 @@
 -------------------------------------------------------------------
-Wed Jul 26 09:54:26 UTC 2017 - schwab@suse.de
+Wed Aug  2 14:32:58 UTC 2017 - schwab@suse.de
 
-- Update to glibc-2.25.90.20170720.gc771b59a24c0
+- Update to glibc 2.26
   * A per-thread cache has been added to malloc
   * Unicode 10.0.0 Support
   * Improvements to the DNS stub resolver
@@ -35,7 +35,15 @@ Wed Jul 26 09:54:26 UTC 2017 - schwab@suse.de
   * Linux kernel 3.2 or later is required at runtime, on all architectures
     supported by that kernel
   * The DNS stub resolver limits the advertised UDP buffer size to 1200 bytes,
-    to avoid fragmentation-based spoofing attacks
+    to avoid fragmentation-based spoofing attacks (CVE-2017-12132)
+  * LD_LIBRARY_PATH is now ignored in binaries running in privileged
+    AT_SECURE mode to guard against local privilege escalation attacks
+    (CVE-2017-1000366)
+  * Avoid printing a backtrace from the __stack_chk_fail function since it
+    is called on a corrupt stack and a backtrace is unreliable on a
+    corrupt stack (CVE-2010-3192)
+  * A use-after-free vulnerability in clntudp_call in the Sun RPC system
+    has been fixed (CVE-2017-12133)
   * fate#322258, fate#321513, fate#322453
 - fts-symbol-redirect.patch, glibc-resolv-reload.diff, glibc-2.2-sunrpc.diff,
   i686-memchr-sse.patch, ld-hwcap-mask-suid.patch, ld-library-path-suid.patch,

glibc-testsuite.spec

@@ -21,7 +21,7 @@
 %bcond_with    fast_build
 
 %define crypt_bf_version 1.3
-%define build_snapshot 1
+%define build_snapshot 0
 
 %define flavor testsuite
 
@@ -129,10 +129,10 @@ BuildArch:      i686
 %define enablekernel 3.2.18
 %endif
 
-Version:        2.25.90.20170720.gc771b59a24c0
+Version:        2.26
 Release:        0
 %if !%{build_snapshot}
-%define git_id db0242e30234
+%define git_id 1c9a5c270d8b
 %define libversion %version
 %else
 %define git_id %(echo %version | sed 's/.*\.g//')
@@ -162,6 +162,7 @@ Source50:       http://www.openwall.com/crypt/crypt_blowfish-%{crypt_bf_version}
 # The sign key uses MD5 which is no longer accepted by gpg
 #Source51:       http://www.openwall.com/crypt/crypt_blowfish-%{crypt_bf_version}.tar.gz.sign
 
+%if %{build_main}
 # ngpt was used in 8.1 and SLES8
 Obsoletes:      ngpt < 2.2.2
 Obsoletes:      ngpt-devel < 2.2.2
@@ -183,6 +184,10 @@ Provides:       ld-linux.so.3(GLIBC_2.4)
 Requires(pre):  filesystem
 Recommends:     glibc-extra
 Provides:       rtld(GNU_HASH)
+%endif
+%if %{build_utils}
+Requires:       glibc = %{version}
+%endif
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %ifarch i686
 # We need to avoid to have only the src rpm from i686 on the media,

glibc-utils.changes

@@ -1,7 +1,7 @@
 -------------------------------------------------------------------
-Wed Jul 26 09:54:26 UTC 2017 - schwab@suse.de
+Wed Aug  2 14:32:58 UTC 2017 - schwab@suse.de
 
-- Update to glibc-2.25.90.20170720.gc771b59a24c0
+- Update to glibc 2.26
   * A per-thread cache has been added to malloc
   * Unicode 10.0.0 Support
   * Improvements to the DNS stub resolver
@@ -35,7 +35,15 @@ Wed Jul 26 09:54:26 UTC 2017 - schwab@suse.de
   * Linux kernel 3.2 or later is required at runtime, on all architectures
     supported by that kernel
   * The DNS stub resolver limits the advertised UDP buffer size to 1200 bytes,
-    to avoid fragmentation-based spoofing attacks
+    to avoid fragmentation-based spoofing attacks (CVE-2017-12132)
+  * LD_LIBRARY_PATH is now ignored in binaries running in privileged
+    AT_SECURE mode to guard against local privilege escalation attacks
+    (CVE-2017-1000366)
+  * Avoid printing a backtrace from the __stack_chk_fail function since it
+    is called on a corrupt stack and a backtrace is unreliable on a
+    corrupt stack (CVE-2010-3192)
+  * A use-after-free vulnerability in clntudp_call in the Sun RPC system
+    has been fixed (CVE-2017-12133)
   * fate#322258, fate#321513, fate#322453
 - fts-symbol-redirect.patch, glibc-resolv-reload.diff, glibc-2.2-sunrpc.diff,
   i686-memchr-sse.patch, ld-hwcap-mask-suid.patch, ld-library-path-suid.patch,

glibc-utils.spec

@@ -21,7 +21,7 @@
 %bcond_with    fast_build
 
 %define crypt_bf_version 1.3
-%define build_snapshot 1
+%define build_snapshot 0
 
 %define flavor utils
 
@@ -29,7 +29,6 @@ Name:           glibc-utils
 Summary:        Development utilities from the GNU C Library
 License:        LGPL-2.1+
 Group:          Development/Libraries/C and C++
-Requires:       glibc = %{version}
 
 %bcond_with all
 %define build_main 1
@@ -130,10 +129,10 @@ BuildArch:      i686
 %define enablekernel 3.2.18
 %endif
 
-Version:        2.25.90.20170720.gc771b59a24c0
+Version:        2.26
 Release:        0
 %if !%{build_snapshot}
-%define git_id db0242e30234
+%define git_id 1c9a5c270d8b
 %define libversion %version
 %else
 %define git_id %(echo %version | sed 's/.*\.g//')
@@ -163,6 +162,7 @@ Source50:       http://www.openwall.com/crypt/crypt_blowfish-%{crypt_bf_version}
 # The sign key uses MD5 which is no longer accepted by gpg
 #Source51:       http://www.openwall.com/crypt/crypt_blowfish-%{crypt_bf_version}.tar.gz.sign
 
+%if %{build_main}
 # ngpt was used in 8.1 and SLES8
 Obsoletes:      ngpt < 2.2.2
 Obsoletes:      ngpt-devel < 2.2.2
@@ -184,6 +184,10 @@ Provides:       ld-linux.so.3(GLIBC_2.4)
 Requires(pre):  filesystem
 Recommends:     glibc-extra
 Provides:       rtld(GNU_HASH)
+%endif
+%if %{build_utils}
+Requires:       glibc = %{version}
+%endif
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %ifarch i686
 # We need to avoid to have only the src rpm from i686 on the media,

glibc-utils.spec.in

@@ -4,4 +4,3 @@ Name:           glibc-utils
 Summary:        Development utilities from the GNU C Library
 License:        LGPL-2.1+
 Group:          Development/Libraries/C and C++
-Requires:       glibc = %{version}

glibc.changes

@@ -1,7 +1,7 @@
 -------------------------------------------------------------------
-Wed Jul 26 09:54:26 UTC 2017 - schwab@suse.de
+Wed Aug  2 14:32:58 UTC 2017 - schwab@suse.de
 
-- Update to glibc-2.25.90.20170720.gc771b59a24c0
+- Update to glibc 2.26
   * A per-thread cache has been added to malloc
   * Unicode 10.0.0 Support
   * Improvements to the DNS stub resolver
@@ -35,7 +35,15 @@ Wed Jul 26 09:54:26 UTC 2017 - schwab@suse.de
   * Linux kernel 3.2 or later is required at runtime, on all architectures
     supported by that kernel
   * The DNS stub resolver limits the advertised UDP buffer size to 1200 bytes,
-    to avoid fragmentation-based spoofing attacks
+    to avoid fragmentation-based spoofing attacks (CVE-2017-12132)
+  * LD_LIBRARY_PATH is now ignored in binaries running in privileged
+    AT_SECURE mode to guard against local privilege escalation attacks
+    (CVE-2017-1000366)
+  * Avoid printing a backtrace from the __stack_chk_fail function since it
+    is called on a corrupt stack and a backtrace is unreliable on a
+    corrupt stack (CVE-2010-3192)
+  * A use-after-free vulnerability in clntudp_call in the Sun RPC system
+    has been fixed (CVE-2017-12133)
   * fate#322258, fate#321513, fate#322453
 - fts-symbol-redirect.patch, glibc-resolv-reload.diff, glibc-2.2-sunrpc.diff,
   i686-memchr-sse.patch, ld-hwcap-mask-suid.patch, ld-library-path-suid.patch,

glibc.spec

@@ -21,7 +21,7 @@
 %bcond_with    fast_build
 
 %define crypt_bf_version 1.3
-%define build_snapshot 1
+%define build_snapshot 0
 
 # INCLUDE glibc$flavor.spec.in
 %ifarch i686
@@ -135,10 +135,10 @@ BuildArch:      i686
 %define enablekernel 3.2.18
 %endif
 
-Version:        2.25.90.20170720.gc771b59a24c0
+Version:        2.26
 Release:        0
 %if !%{build_snapshot}
-%define git_id db0242e30234
+%define git_id 1c9a5c270d8b
 %define libversion %version
 %else
 %define git_id %(echo %version | sed 's/.*\.g//')
@@ -168,6 +168,7 @@ Source50:       http://www.openwall.com/crypt/crypt_blowfish-%{crypt_bf_version}
 # The sign key uses MD5 which is no longer accepted by gpg
 #Source51:       http://www.openwall.com/crypt/crypt_blowfish-%{crypt_bf_version}.tar.gz.sign
 
+%if %{build_main}
 # ngpt was used in 8.1 and SLES8
 Obsoletes:      ngpt < 2.2.2
 Obsoletes:      ngpt-devel < 2.2.2
@@ -189,6 +190,10 @@ Provides:       ld-linux.so.3(GLIBC_2.4)
 Requires(pre):  filesystem
 Recommends:     glibc-extra
 Provides:       rtld(GNU_HASH)
+%endif
+%if %{build_utils}
+Requires:       glibc = %{version}
+%endif
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %ifarch i686
 # We need to avoid to have only the src rpm from i686 on the media,