diff --git a/_service b/_service deleted file mode 100644 index 3f7f18c..0000000 --- a/_service +++ /dev/null @@ -1,15 +0,0 @@ - - - 2.25.90.%cd.g%h - git://sourceware.org/git/glibc - git - - - - xz - *.tar - - - glibc - - diff --git a/glibc-2.25.90.20170720.gc771b59a24c0.tar.xz b/glibc-2.25.90.20170720.gc771b59a24c0.tar.xz deleted file mode 100644 index 04a9b4c..0000000 --- a/glibc-2.25.90.20170720.gc771b59a24c0.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:47b52b2267230b78e1718d700db2541e7cddc8a5367e49c8d00f132cb36063b6 -size 15648656 diff --git a/glibc-2.26.tar.xz b/glibc-2.26.tar.xz new file mode 100644 index 0000000..3a2b030 --- /dev/null +++ b/glibc-2.26.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e54e0a934cd2bc94429be79da5e9385898d2306b9eaf3c92d5a77af96190f6bd +size 14682748 diff --git a/glibc-2.26.tar.xz.sig b/glibc-2.26.tar.xz.sig new file mode 100644 index 0000000..21adc1c --- /dev/null +++ b/glibc-2.26.tar.xz.sig @@ -0,0 +1,10 @@ +-----BEGIN PGP SIGNATURE----- + +iQEcBAABAgAGBQJZgduLAAoJEHnEPfvxzyGHDesH/itf17ZUWSWNIRp2cC0RK1et +jtR7ufFMpSHfMFJQXkli162s+iFMAxuOus52rma/h3PP8BXVbEKB7M3N0dvqPbmC +AIC6YtAYU/I4M3V+6T1pi4ras19i2VgNY+iag0xw5o0ah4yZmZwB5eFR2xIz10ZD +SGffJyCD/8EFwn/SPx38JS55ENwGj5PT1m2TsEnlLeHg7sCH7ksb5Pqq/ZEwIw0v +E56a4hSliDUhurc0gUQmFxm/FhFSdTzns0vShfgou4D2tNSYaUjrf/17ebj0ehUF +XkNH5jvwHoxiKzEVnD7dS9NLbvOPAG4AlFnWejgqvX0JB/M5TknOcmJYpzZYiGE= +=XObH +-----END PGP SIGNATURE----- diff --git a/glibc-testsuite.changes b/glibc-testsuite.changes index 9827aee..0a38171 100644 --- a/glibc-testsuite.changes +++ b/glibc-testsuite.changes @@ -1,7 +1,7 @@ ------------------------------------------------------------------- -Wed Jul 26 09:54:26 UTC 2017 - schwab@suse.de +Wed Aug 2 14:32:58 UTC 2017 - schwab@suse.de -- Update to glibc-2.25.90.20170720.gc771b59a24c0 +- Update to glibc 2.26 * A per-thread cache has been added to malloc * Unicode 10.0.0 Support * Improvements to the DNS stub resolver @@ -35,7 +35,15 @@ Wed Jul 26 09:54:26 UTC 2017 - schwab@suse.de * Linux kernel 3.2 or later is required at runtime, on all architectures supported by that kernel * The DNS stub resolver limits the advertised UDP buffer size to 1200 bytes, - to avoid fragmentation-based spoofing attacks + to avoid fragmentation-based spoofing attacks (CVE-2017-12132) + * LD_LIBRARY_PATH is now ignored in binaries running in privileged + AT_SECURE mode to guard against local privilege escalation attacks + (CVE-2017-1000366) + * Avoid printing a backtrace from the __stack_chk_fail function since it + is called on a corrupt stack and a backtrace is unreliable on a + corrupt stack (CVE-2010-3192) + * A use-after-free vulnerability in clntudp_call in the Sun RPC system + has been fixed (CVE-2017-12133) * fate#322258, fate#321513, fate#322453 - fts-symbol-redirect.patch, glibc-resolv-reload.diff, glibc-2.2-sunrpc.diff, i686-memchr-sse.patch, ld-hwcap-mask-suid.patch, ld-library-path-suid.patch, diff --git a/glibc-testsuite.spec b/glibc-testsuite.spec index 6724ec2..fe38b5a 100644 --- a/glibc-testsuite.spec +++ b/glibc-testsuite.spec @@ -21,7 +21,7 @@ %bcond_with fast_build %define crypt_bf_version 1.3 -%define build_snapshot 1 +%define build_snapshot 0 %define flavor testsuite @@ -129,10 +129,10 @@ BuildArch: i686 %define enablekernel 3.2.18 %endif -Version: 2.25.90.20170720.gc771b59a24c0 +Version: 2.26 Release: 0 %if !%{build_snapshot} -%define git_id db0242e30234 +%define git_id 1c9a5c270d8b %define libversion %version %else %define git_id %(echo %version | sed 's/.*\.g//') @@ -162,6 +162,7 @@ Source50: http://www.openwall.com/crypt/crypt_blowfish-%{crypt_bf_version} # The sign key uses MD5 which is no longer accepted by gpg #Source51: http://www.openwall.com/crypt/crypt_blowfish-%{crypt_bf_version}.tar.gz.sign +%if %{build_main} # ngpt was used in 8.1 and SLES8 Obsoletes: ngpt < 2.2.2 Obsoletes: ngpt-devel < 2.2.2 @@ -183,6 +184,10 @@ Provides: ld-linux.so.3(GLIBC_2.4) Requires(pre): filesystem Recommends: glibc-extra Provides: rtld(GNU_HASH) +%endif +%if %{build_utils} +Requires: glibc = %{version} +%endif BuildRoot: %{_tmppath}/%{name}-%{version}-build %ifarch i686 # We need to avoid to have only the src rpm from i686 on the media, diff --git a/glibc-utils.changes b/glibc-utils.changes index 9827aee..0a38171 100644 --- a/glibc-utils.changes +++ b/glibc-utils.changes @@ -1,7 +1,7 @@ ------------------------------------------------------------------- -Wed Jul 26 09:54:26 UTC 2017 - schwab@suse.de +Wed Aug 2 14:32:58 UTC 2017 - schwab@suse.de -- Update to glibc-2.25.90.20170720.gc771b59a24c0 +- Update to glibc 2.26 * A per-thread cache has been added to malloc * Unicode 10.0.0 Support * Improvements to the DNS stub resolver @@ -35,7 +35,15 @@ Wed Jul 26 09:54:26 UTC 2017 - schwab@suse.de * Linux kernel 3.2 or later is required at runtime, on all architectures supported by that kernel * The DNS stub resolver limits the advertised UDP buffer size to 1200 bytes, - to avoid fragmentation-based spoofing attacks + to avoid fragmentation-based spoofing attacks (CVE-2017-12132) + * LD_LIBRARY_PATH is now ignored in binaries running in privileged + AT_SECURE mode to guard against local privilege escalation attacks + (CVE-2017-1000366) + * Avoid printing a backtrace from the __stack_chk_fail function since it + is called on a corrupt stack and a backtrace is unreliable on a + corrupt stack (CVE-2010-3192) + * A use-after-free vulnerability in clntudp_call in the Sun RPC system + has been fixed (CVE-2017-12133) * fate#322258, fate#321513, fate#322453 - fts-symbol-redirect.patch, glibc-resolv-reload.diff, glibc-2.2-sunrpc.diff, i686-memchr-sse.patch, ld-hwcap-mask-suid.patch, ld-library-path-suid.patch, diff --git a/glibc-utils.spec b/glibc-utils.spec index a85f232..cc72262 100644 --- a/glibc-utils.spec +++ b/glibc-utils.spec @@ -21,7 +21,7 @@ %bcond_with fast_build %define crypt_bf_version 1.3 -%define build_snapshot 1 +%define build_snapshot 0 %define flavor utils @@ -29,7 +29,6 @@ Name: glibc-utils Summary: Development utilities from the GNU C Library License: LGPL-2.1+ Group: Development/Libraries/C and C++ -Requires: glibc = %{version} %bcond_with all %define build_main 1 @@ -130,10 +129,10 @@ BuildArch: i686 %define enablekernel 3.2.18 %endif -Version: 2.25.90.20170720.gc771b59a24c0 +Version: 2.26 Release: 0 %if !%{build_snapshot} -%define git_id db0242e30234 +%define git_id 1c9a5c270d8b %define libversion %version %else %define git_id %(echo %version | sed 's/.*\.g//') @@ -163,6 +162,7 @@ Source50: http://www.openwall.com/crypt/crypt_blowfish-%{crypt_bf_version} # The sign key uses MD5 which is no longer accepted by gpg #Source51: http://www.openwall.com/crypt/crypt_blowfish-%{crypt_bf_version}.tar.gz.sign +%if %{build_main} # ngpt was used in 8.1 and SLES8 Obsoletes: ngpt < 2.2.2 Obsoletes: ngpt-devel < 2.2.2 @@ -184,6 +184,10 @@ Provides: ld-linux.so.3(GLIBC_2.4) Requires(pre): filesystem Recommends: glibc-extra Provides: rtld(GNU_HASH) +%endif +%if %{build_utils} +Requires: glibc = %{version} +%endif BuildRoot: %{_tmppath}/%{name}-%{version}-build %ifarch i686 # We need to avoid to have only the src rpm from i686 on the media, diff --git a/glibc-utils.spec.in b/glibc-utils.spec.in index 6057c77..7dd5b57 100644 --- a/glibc-utils.spec.in +++ b/glibc-utils.spec.in @@ -4,4 +4,3 @@ Name: glibc-utils Summary: Development utilities from the GNU C Library License: LGPL-2.1+ Group: Development/Libraries/C and C++ -Requires: glibc = %{version} diff --git a/glibc.changes b/glibc.changes index 9827aee..0a38171 100644 --- a/glibc.changes +++ b/glibc.changes @@ -1,7 +1,7 @@ ------------------------------------------------------------------- -Wed Jul 26 09:54:26 UTC 2017 - schwab@suse.de +Wed Aug 2 14:32:58 UTC 2017 - schwab@suse.de -- Update to glibc-2.25.90.20170720.gc771b59a24c0 +- Update to glibc 2.26 * A per-thread cache has been added to malloc * Unicode 10.0.0 Support * Improvements to the DNS stub resolver @@ -35,7 +35,15 @@ Wed Jul 26 09:54:26 UTC 2017 - schwab@suse.de * Linux kernel 3.2 or later is required at runtime, on all architectures supported by that kernel * The DNS stub resolver limits the advertised UDP buffer size to 1200 bytes, - to avoid fragmentation-based spoofing attacks + to avoid fragmentation-based spoofing attacks (CVE-2017-12132) + * LD_LIBRARY_PATH is now ignored in binaries running in privileged + AT_SECURE mode to guard against local privilege escalation attacks + (CVE-2017-1000366) + * Avoid printing a backtrace from the __stack_chk_fail function since it + is called on a corrupt stack and a backtrace is unreliable on a + corrupt stack (CVE-2010-3192) + * A use-after-free vulnerability in clntudp_call in the Sun RPC system + has been fixed (CVE-2017-12133) * fate#322258, fate#321513, fate#322453 - fts-symbol-redirect.patch, glibc-resolv-reload.diff, glibc-2.2-sunrpc.diff, i686-memchr-sse.patch, ld-hwcap-mask-suid.patch, ld-library-path-suid.patch, diff --git a/glibc.keyring b/glibc.keyring index 3f66b81..f1e08d5 100644 Binary files a/glibc.keyring and b/glibc.keyring differ diff --git a/glibc.spec b/glibc.spec index bfe7561..4421561 100644 --- a/glibc.spec +++ b/glibc.spec @@ -21,7 +21,7 @@ %bcond_with fast_build %define crypt_bf_version 1.3 -%define build_snapshot 1 +%define build_snapshot 0 # INCLUDE glibc$flavor.spec.in %ifarch i686 @@ -135,10 +135,10 @@ BuildArch: i686 %define enablekernel 3.2.18 %endif -Version: 2.25.90.20170720.gc771b59a24c0 +Version: 2.26 Release: 0 %if !%{build_snapshot} -%define git_id db0242e30234 +%define git_id 1c9a5c270d8b %define libversion %version %else %define git_id %(echo %version | sed 's/.*\.g//') @@ -168,6 +168,7 @@ Source50: http://www.openwall.com/crypt/crypt_blowfish-%{crypt_bf_version} # The sign key uses MD5 which is no longer accepted by gpg #Source51: http://www.openwall.com/crypt/crypt_blowfish-%{crypt_bf_version}.tar.gz.sign +%if %{build_main} # ngpt was used in 8.1 and SLES8 Obsoletes: ngpt < 2.2.2 Obsoletes: ngpt-devel < 2.2.2 @@ -189,6 +190,10 @@ Provides: ld-linux.so.3(GLIBC_2.4) Requires(pre): filesystem Recommends: glibc-extra Provides: rtld(GNU_HASH) +%endif +%if %{build_utils} +Requires: glibc = %{version} +%endif BuildRoot: %{_tmppath}/%{name}-%{version}-build %ifarch i686 # We need to avoid to have only the src rpm from i686 on the media,