From 8a03ea03b9301fd2933bbd7808427a606eb69825 Mon Sep 17 00:00:00 2001 From: Toshaan Bharvani Date: Sun, 16 Jun 2024 14:09:48 +0200 Subject: [PATCH] update to release 100 Signed-off-by: Toshaan Bharvani --- SPECS/glibc.spec | 336 ++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 321 insertions(+), 15 deletions(-) diff --git a/SPECS/glibc.spec b/SPECS/glibc.spec index b97e3e4..5e61323 100644 --- a/SPECS/glibc.spec +++ b/SPECS/glibc.spec @@ -69,6 +69,13 @@ %undefine with_valgrind %endif +# Build the POWER10 runtime on POWER, but only for downstream. +%if %{cpuarch} == "power10" +%define buildpower10 1 +%else +%define buildpower10 0 +%endif + # The annobin annotations cause binutils to produce broken ARM EABI # unwinding information. Symptom is a hang/test failure for # malloc/tst-malloc-stats-cancellation. See @@ -148,7 +155,7 @@ end \ Summary: The GNU libc libraries Name: glibc Version: %{glibcversion} -Release: 60%{?dist} +Release: 100%{?dist} # In general, GPLv2+ is used by programs, LGPLv2+ is used for # libraries. @@ -188,6 +195,7 @@ Source10: wrap-find-debuginfo.sh Source11: parse-SUPPORTED.py # Include in the source RPM for reference. Source12: ChangeLog.old +Source13: nscd-sysusers.conf ###################################################################### # Activate the wrapper script for debuginfo generation, by rewriting @@ -693,6 +701,118 @@ Patch468: glibc-upstream-2.34-386.patch # glibc-upstream-2.34-387.patch is a NEWS-only update. Skipped downstream. Patch469: glibc-upstream-2.34-388.patch Patch470: glibc-upstream-2.34-389.patch +Patch471: glibc-rh2172953.patch +Patch472: glibc-rh2149615-1.patch +Patch473: glibc-rh2149615-2.patch +Patch474: glibc-rh2169978-1.patch +Patch475: glibc-rh2169978-2.patch +Patch476: glibc-rh2149615-3.patch +Patch477: glibc-rh2166710.patch +# glibc-upstream-2.34-390.patch backported above as glibc-rh2172953.patch. +Patch478: glibc-upstream-2.34-391.patch +Patch479: glibc-upstream-2.34-392.patch +Patch480: glibc-upstream-2.34-393.patch +Patch481: glibc-upstream-2.34-394.patch +Patch482: glibc-upstream-2.34-395.patch +Patch483: glibc-upstream-2.34-396.patch +Patch484: glibc-upstream-2.34-397.patch +# glibc-upstream-2.34-398.patch not backported because we can avoid the +# ABI tunable issue downstream, using @order directives. + +# This marks the end of backports via upstream release/2.34/master. +# All future backports need maintain CentOS 9 Stream and RHEL 9 only. + +Patch485: glibc-rh2215368.patch +Patch486: glibc-rh2213908.patch +Patch487: glibc-rh2189923.patch +Patch488: glibc-RHEL-729.patch +Patch489: glibc-rh2222188-1.patch +Patch490: glibc-rh2222188-2.patch +Patch491: glibc-rh2222188-3.patch +Patch492: glibc-rh2222188-4.patch +Patch493: glibc-rh2222188-5.patch +Patch494: glibc-rh2224289-1.patch +Patch495: glibc-rh2224289-2.patch +Patch496: glibc-rh2224349.patch +Patch497: glibc-rh2224289-3.patch +Patch498: glibc-rh2224504-1.patch +Patch499: glibc-rh2224504-2.patch +Patch500: glibc-rh2213907-1.patch +Patch501: glibc-rh2213907-2.patch +Patch502: glibc-rh2213907-3.patch +Patch503: glibc-rh2213907-4.patch +Patch504: glibc-rh2213907-5.patch +Patch505: glibc-rh2213907-6.patch +Patch506: glibc-rh2166710-2.patch +Patch507: glibc-rh2166710-3.patch +Patch508: glibc-rh2222188-6.patch +Patch509: glibc-rh2213907-7.patch +Patch510: glibc-RHEL-1017-1.patch +Patch511: glibc-RHEL-1017-2.patch +Patch512: glibc-RHEL-1017-3.patch +Patch513: glibc-RHEL-1017-4.patch +# (Reverted fixes for RHEL-2491 were here.) +Patch519: glibc-rh2234716.patch +Patch520: glibc-RHEL-2438.patch +Patch521: glibc-RHEL-2426-1.patch +Patch522: glibc-RHEL-2426-2.patch +Patch523: glibc-RHEL-2426-3.patch +Patch524: glibc-RHEL-2426-4.patch +Patch525: glibc-RHEL-2426-5.patch +Patch526: glibc-RHEL-2426-6.patch +Patch527: glibc-RHEL-2426-7.patch +Patch528: glibc-RHEL-2426-8.patch +Patch529: glibc-RHEL-2426-9.patch +Patch530: glibc-RHEL-2426-10.patch +Patch531: glibc-RHEL-2426-11.patch +Patch532: glibc-RHEL-2426-12.patch +Patch533: glibc-RHEL-2426-13.patch +Patch534: glibc-RHEL-3000.patch +Patch535: glibc-RHEL-2426-14.patch +Patch536: glibc-RHEL-2426-15.patch +Patch537: glibc-RHEL-1191.patch +Patch538: glibc-RHEL-3397.patch +Patch539: glibc-RHEL-2123.patch +Patch540: glibc-RHEL-16275.patch +Patch541: glibc-RHEL-2491.patch +Patch542: glibc-RHEL-14383-1.patch +Patch543: glibc-RHEL-14383-2.patch +Patch544: glibc-RHEL-2338-1.patch +Patch545: glibc-RHEL-2338-2.patch +Patch546: glibc-RHEL-2338-3.patch +Patch547: glibc-RHEL-2338-4.patch +Patch548: glibc-RHEL-15343-1.patch +Patch549: glibc-RHEL-15343-2.patch +Patch550: glibc-RHEL-15343-3.patch +Patch551: glibc-RHEL-15343-4.patch +Patch552: glibc-rhel-17157.patch +Patch553: glibc-RHEL-16016-1.patch +Patch554: glibc-RHEL-16016-2.patch +Patch555: glibc-RHEL-16016-3.patch +Patch556: glibc-RHEL-16016-4.patch +Patch557: glibc-RHEL-16016-5.patch +Patch558: glibc-RHEL-16016-6.patch +Patch559: glibc-RHEL-16016-7.patch +Patch560: glibc-RHEL-17319-1.patch +Patch561: glibc-RHEL-17319-2.patch +Patch562: glibc-RHEL-17319-3.patch +Patch563: glibc-RHEL-17319-4.patch +Patch564: glibc-RHEL-17465-1.patch +Patch565: glibc-RHEL-17465-2.patch +Patch566: glibc-RHEL-19862.patch +Patch567: glibc-RHEL-16643-1.patch +Patch568: glibc-RHEL-16643-2.patch +Patch569: glibc-RHEL-16643-3.patch +Patch570: glibc-RHEL-16643-4.patch +Patch571: glibc-RHEL-16643-5.patch +Patch572: glibc-RHEL-16643-6.patch +Patch573: glibc-RHEL-19444.patch +Patch574: glibc-RHEL-21556.patch +Patch575: glibc-RHEL-32480.patch +Patch576: glibc-RHEL-34318-1.patch +Patch577: glibc-RHEL-34318-2.patch +Patch578: glibc-RHEL-34318-3.patch +Patch579: glibc-RHEL-34318-4.patch ############################################################################## # Continued list of core "glibc" package information: @@ -749,7 +869,7 @@ BuildRequires: valgrind %endif # We use systemd rpm macros for nscd -BuildRequires: systemd +BuildRequires: systemd systemd-rpm-macros # We use python for the microbenchmarks and locale data regeneration # from unicode sources (carried out manually). We choose python3 @@ -821,7 +941,7 @@ Suggests: glibc-minimal-langpack = %{version}-%{release} # Suggest extra gconv modules so that they are installed by default but can be # removed if needed to build a minimal OS image. Recommends: glibc-gconv-extra%{_isa} = %{version}-%{release} -# Use redhat-rpm-config as a marker for a buildroot configuration, and +# Use powerel-rpm-config as a marker for a buildroot configuration, and # unconditionally pull in glibc-gconv-extra in that case. Requires: (glibc-gconv-extra%{_isa} = %{version}-%{release} if powerel-rpm-config) @@ -1392,10 +1512,10 @@ Requires: %{name} = %{version}-%{release} Requires: libselinux >= 1.17.10-1 %endif Requires: audit-libs >= 1.1.3 -Requires(pre): /usr/sbin/useradd, coreutils +Requires(pre): systemd, coreutils Requires(post): systemd Requires(preun): systemd -Requires(postun): systemd, /usr/sbin/userdel +Requires(postun): systemd %description -n nscd The nscd daemon caches name service lookups and can improve @@ -1711,6 +1831,15 @@ build() # Default set of compiler options. build +%if %{buildpower10} +( + GCC="$GCC -mcpu=power10 -mtune=power10" + GXX="$GXX -mcpu=power10 -mtune=power10" + core_with_options="--with-cpu=power10" + build power10 +) +%endif + ############################################################################## # Install glibc... ############################################################################## @@ -1793,6 +1922,14 @@ install_different() done } +%if %{buildpower10} +pushd build-%{target}-power10 +install_different "$RPM_BUILD_ROOT/%{_libdir}/glibc-hwcaps" power10 .. +popd +%endif + +install -p -D -m 0644 %{SOURCE13} ${RPM_BUILD_ROOT}%{_sysusersdir}/nscd.conf + ############################################################################## # Remove the files we don't want to distribute ############################################################################## @@ -1843,6 +1980,7 @@ gzip -9nvf %{glibc_sysroot}%{_infodir}/libc* # Copy the debugger interface documentation over to the right location mkdir -p %{glibc_sysroot}%{_docdir}/glibc cp elf/rtld-debugger-interface.txt %{glibc_sysroot}%{_docdir}/glibc +cp posix/gai.conf %{glibc_sysroot}%{_docdir}/glibc %else rm -f %{glibc_sysroot}%{_infodir}/dir rm -f %{glibc_sysroot}%{_infodir}/libc.info* @@ -2059,8 +2197,8 @@ done find -type f | xargs chmod a-x # Use sysroot-relative paths in linker script. Ignore symbolic links. -sed -e 's,\([^0-9a-zA-Z=*]/lib\),=/usr/lib,g' \ - -e 's,\([^0-9a-zA-Z=*]\)/,\1=/,g' \ +sed -e 's,\([^0-9a-zA-Z=*]/lib\),/usr/lib,g' \ + -e 's,\([^0-9a-zA-Z=*]\)/,\1/,g' \ -i $(find -type f -name 'lib[cm].so') popd @@ -2487,6 +2625,16 @@ pushd build-%{target} run_tests popd +%if %{buildpower10} +# Run this test only if the server supports Power10 instructions. +if LD_SHOW_AUXV=1 /bin/true | grep -E "AT_HWCAP2:[^$]*arch_3_1" > /dev/null; then + echo ====================TESTING -mcpu=power10============= + pushd build-%{target}-power10 + run_tests + popd +fi +%endif + echo ====================TESTING END===================== PLTCMD='/^Relocation section .*\(\.rela\?\.plt\|\.rela\.IA_64\.pltoff\)/,/^$/p' echo ====================PLT RELOCS LD.SO================ @@ -2714,10 +2862,8 @@ update_gconv_modules_cache () update_gconv_modules_cache () %pre -n nscd -getent group nscd >/dev/null || /usr/sbin/groupadd -g 28 -r nscd -getent passwd nscd >/dev/null || - /usr/sbin/useradd -M -o -r -d / -s /sbin/nologin \ - -c "NSCD Daemon" -u 28 -g nscd nscd +# install user nscd(28) and group nscd(28) +%sysusers_create_compat %{SOURCE13} %post -n nscd %systemd_post nscd.service @@ -2726,14 +2872,14 @@ getent passwd nscd >/dev/null || %systemd_preun nscd.service %postun -n nscd -if test $1 = 0; then - /usr/sbin/userdel nscd > /dev/null 2>&1 || : -fi %systemd_postun_with_restart nscd.service %files -f glibc.filelist %dir %{_prefix}/%{_lib}/audit -%verify(not md5 size mtime) %config(noreplace) /etc/nsswitch.conf +%if %{buildpower10} +%dir /%{_libdir}/glibc-hwcaps/power10 +%endif +%verify(not md5 size mtime link) %config(noreplace) /etc/nsswitch.conf %verify(not md5 size mtime) %config(noreplace) /etc/ld.so.conf %verify(not md5 size mtime) %config(noreplace) /etc/rpc %dir /etc/ld.so.conf.d @@ -2802,6 +2948,7 @@ fi %attr(0600,root,root) %verify(not md5 size mtime) %ghost %config(missingok,noreplace) /var/db/nscd/hosts %attr(0600,root,root) %verify(not md5 size mtime) %ghost %config(missingok,noreplace) /var/db/nscd/services %ghost %config(missingok,noreplace) /etc/sysconfig/nscd +%{_sysusersdir}/nscd.conf %files -f nss_db.filelist -n nss_db /var/db/Makefile @@ -2824,6 +2971,165 @@ fi %endif %changelog +* Mon Apr 29 2024 Florian Weimer - 2.34-100.2 +- CVE-2024-33599: nscd: buffer overflow in netgroup cache (RHEL-34318) +- CVE-2024-33600: nscd: null pointer dereferences in netgroup cache +- CVE-2024-33601: nscd: crash on out-of-memory condition +- CVE-2024-33602: nscd: memory corruption with NSS netgroup modules + +* Tue Apr 16 2024 Florian Weimer - 2.34-100.1 +- CVE-2024-2961: Out of bounds write in iconv conversion to ISO-2022-CN-EXT (RHEL-32480) + +* Wed Jan 24 2024 Patsy Griffin - 2.34-100 +- manual: fix order of arguments of memalign and aligned_alloc (RHEL-21556) + +* Tue Jan 09 2024 Arjun Shankar - 2.34-99 +- getaddrinfo: Return correct error EAI_MEMORY when out-of-memory (RHEL-19444) + +* Mon Jan 8 2024 Arjun Shankar - 2.34-98 +- getaddrinfo: Fix occasionally empty result due to nscd cache order (RHEL-16643) + +* Tue Jan 2 2024 Florian Weimer - 2.34-97 +- Re-enable output buffering for wide stdio streams (RHEL-19862) + +* Thu Dec 21 2023 Carlos O'Donell - 2.34-96 +- Fix TLS corruption during dlopen()/dlclose() sequences (RHEL-17465) + +* Fri Dec 8 2023 Florian Weimer - 2.34-95 +- Improve compatibility between underlinking and IFUNC resolvers (RHEL-17319) + +* Thu Dec 7 2023 Patsy Griffin - 2.34-94 +- Update syscall-names.list for Linux 6.6. (RHEL-16016) + +* Wed Dec 6 2023 Patsy Griffin - 2.34-93 +- malloc: Use __get_nprocs on arena_get2. (RHEL-17157) + +* Fri Dec 1 2023 Patsy Griffin - 2.34-92 +- Improve test coverage for wcsdup, strdup and strndup. (RHEL-15343) + +* Fri Nov 24 2023 Florian Weimer - 2.34-91 +- fstat performance enhancement (RHEL-2338) + +* Tue Nov 21 2023 Florian Weimer - 2.34-90 +- ldconfig should skip temporary files created by RPM (RHEL-14383) + +* Mon Nov 20 2023 Florian Weimer - 2.34-89 +- Fix force-first handling in dlclose (RHEL-2491) + +* Wed Nov 15 2023 Arjun Shankar - 2.34-88 +- nscd: Refer to /run instead of /var/run in systemd socket file + (RHEL-16275) + +* Fri Nov 10 2023 Florian Weimer - 2.34-87 +- Fix slow tls access after dlopen (RHEL-2123) + +* Tue Oct 24 2023 Arjun Shankar - 2.34-86 +- Add /usr/share/doc/glibc/gai.conf to glibc-doc (RHEL-14545) + +* Fri Oct 20 2023 Florian Weimer - 2.34-85 +- nscd: Skip unusable entries in first pass in prune_cache (RHEL-3397) + +* Mon Oct 9 2023 Florian Weimer - 2.34-84 +- x86-64: Report non-zero cache sizes under TDX hypervisors (RHEL-1191) + +* Mon Sep 25 2023 Florian Weimer - 2.34-83.7 +- Fix memory leak regression in getaddrinfo (RHEL-2426) + +* Tue Sep 19 2023 Carlos O'Donell - 2.34-83.6 +- CVE-2023-4911 glibc: buffer overflow in ld.so leading to privilege escalation (RHEL-3000) + +* Tue Sep 19 2023 Florian Weimer - 2.34-83.5 +- Revert: Always call destructors in reverse constructor order (RHEL-2491) + +* Mon Sep 18 2023 Siddhesh Poyarekar - 2.34-83.4 +- CVE-2023-4806 glibc: potential use-after-free in getaddrinfo (RHEL-2426) + +* Fri Sep 15 2023 Siddhesh Poyarekar - 2.34-83.3 +- CVE-2023-4813: potential use-after-free in gaih_inet (RHEL-2438) + +* Fri Sep 15 2023 Carlos O'Donell - 2.34-83.2 +- CVE-2023-4527: Stack read overflow in getaddrinfo in no-aaaa mode (#2234716) + +* Thu Sep 14 2023 Carlos O'Donell - 2.34-83.1 +- Always call destructors in reverse constructor order (RHEL-2491) + +* Wed Sep 13 2023 DJ Delorie - 2.34-83 +- Add support for ppc64le hwcaps tunables (RHEL-1017) + +* Tue Aug 15 2023 Carlos O'Donell - 2.34-82 +- Fix string and memory function tuning on small systems (#2213907) + +* Mon Aug 14 2023 Florian Weimer - 2.34-81 +- Fix additional GCC 13 build issue (#2222188) + +* Fri Aug 11 2023 Florian Weimer - 2.34-80 +- Fix AMD cache size computation for hypervisors, old CPUs (#2166710) + +* Tue Aug 8 2023 DJ Delorie - 2.34-79 +- Fix temporal threshold calculations (#2213907) + +* Fri Aug 4 2023 Florian Weimer - 2.34-78 +- Ignore symbolic link change on /etc/nsswitch.conf (#2229156) + +* Fri Jul 28 2023 Florian Weimer - 2.34-77 +- Fix regression with IPv4 mapped addresses in /etc/hosts (#2224504) + +* Tue Jul 25 2023 Florian Weimer - 2.34-76 +- Fix accidentally disabled rseq test (#2224289) + +* Fri Jul 21 2023 Florian Weimer - 2.34-75 +- Make libSegFault.so NODELETE (#2224349) + +* Fri Jul 21 2023 Florian Weimer - 2.34-74 +- rseq_area should always be 32 bytes large (#2224289) + +* Thu Jul 20 2023 Florian Weimer - 2.34-73 +- GCC Toolset 13 C++ compatibility for iseqsig (#2222188) + +* Fri Jul 07 2023 Carlos O'Donell - 2.34-72 +- Update ESTALE error message translations (RHEL-729) + +* Fri Jul 07 2023 Carlos O'Donell - 2.34-71 +- Avoid lazy binding failures during dlclose (#2189923) + +* Mon Jun 26 2023 Arjun Shankar - 2.34-70 +- resolv_conf: release lock on allocation failure (#2213908) + +* Mon Jun 26 2023 Arjun Shankar - 2.34-69 +- strerror must not return NULL (#2215368) + +* Mon May 08 2023 DJ Delorie - 2.34-68 +- Switch to sysusers_ctl instead of useradd (#2095417) + +* Fri Apr 28 2023 Florian Weimer - 2.34-67 +- Sync with upstream branch release/2.34/master, + commit 0ea8174d62263c2679c95c0d215d2627e560f7aa: +- gmon: fix memory corruption issues [BZ# 30101] +- gmon: improve mcount overflow handling [BZ# 27576] +- gmon: Fix allocated buffer overflow (bug 29444) +- posix: Fix system blocks SIGCHLD erroneously [BZ #30163] +- x86_64: Fix asm constraints in feraiseexcept (bug 30305) +- gshadow: Matching sgetsgent, sgetsgent_r ERANGE handling (bug 30151) +- x86: Check minimum/maximum of non_temporal_threshold [BZ #29953] + +* Thu Apr 20 2023 Patsy Griffin - 2.34-66 +- x86: Cache computation for AMD architecture. (#2166710) + +* Fri Apr 14 2023 Florian Weimer - 2.34-65 +- Do not add = to linker scripts in sysroot (#2153855) + +* Thu Apr 06 2023 DJ Delorie - 2.34-64 +- x86: Use CHECK_FEATURE_PRESENT on PCONFIG (#2149615) + +* Thu Mar 30 2023 Arjun Shankar - 2.34-63 +- s390x: Influence hwcaps/stfle via glibc.cpu.hwcaps tunable (#2169978) + +* Wed Mar 29 2023 DJ Delorie - 2.34-62 +- x86: Don't check PREFETCHWT1 in tst-cpu-features-cpuinfo.c (#2149615) + +* Mon Mar 6 2023 Carlos O'Donell - 2.34-61 +- Fix nested atexit calls from atexit handlers (#2172953) + * Wed Feb 8 2023 Florian Weimer - 2.34-60 - Upstream test for ldconfig -p (#2167811)