From f541c23d45e136bcfc495f3eba5bfa6b39199b92 Mon Sep 17 00:00:00 2001 From: liqingqing_1229 Date: Sat, 16 Sep 2023 16:06:21 +0800 Subject: [PATCH] backport patches from glibc upstream 2.38 branch and revert some customization modification --- ...random-for-single-threaded-scenarios.patch | 44 --- ...use-after-free-in-getcanonname-CVE-2.patch | 338 ++++++++++++++++++ ...rbosity-with-unrecognized-encoding-n.patch | 32 ++ ...r-build-with-fortify-enable-with-gcc.patch | 50 +++ ...i-Add-missing-item-EPERM-for-getpgid.patch | 30 ++ glibc.spec | 17 +- 6 files changed, 462 insertions(+), 49 deletions(-) delete mode 100644 0001-Optimizing-__random-for-single-threaded-scenarios.patch create mode 100644 0001-getaddrinfo-Fix-use-after-free-in-getcanonname-CVE-2.patch create mode 100644 0002-iconv-restore-verbosity-with-unrecognized-encoding-n.patch create mode 100644 0003-string-Fix-tester-build-with-fortify-enable-with-gcc.patch create mode 100644 0004-manual-jobs.texi-Add-missing-item-EPERM-for-getpgid.patch diff --git a/0001-Optimizing-__random-for-single-threaded-scenarios.patch b/0001-Optimizing-__random-for-single-threaded-scenarios.patch deleted file mode 100644 index cbc113e..0000000 --- a/0001-Optimizing-__random-for-single-threaded-scenarios.patch +++ /dev/null @@ -1,44 +0,0 @@ -From f54e1ddea12343991b402abf28be2b94ffbac2c5 Mon Sep 17 00:00:00 2001 -From: Tian Tao -Date: Tue, 11 Jul 2023 08:42:56 +0800 -Subject: [PATCH] Optimizing __random for single-threaded scenarios - -The __random function does not need to be locked by __libc_lock_lock and -unlocked by __libc_lock_unlock in a single-threaded scenario, so we can -remove these locks in a single-threaded scenario to improve performance. - -Signed-off-by: Tian Tao ---- - stdlib/random.c | 14 +++++++++++--- - 1 file changed, 11 insertions(+), 3 deletions(-) - -diff --git a/stdlib/random.c b/stdlib/random.c -index 62f22fac8d..9035df8d18 100644 ---- a/stdlib/random.c -+++ b/stdlib/random.c -@@ -288,11 +288,19 @@ __random (void) - { - int32_t retval; - -- __libc_lock_lock (lock); -+ if (__libc_single_threaded) { - -- (void) __random_r (&unsafe_state, &retval); -+ (void) __random_r (&unsafe_state, &retval); - -- __libc_lock_unlock (lock); -+ } else { -+ -+ __libc_lock_lock (lock); -+ -+ (void) __random_r (&unsafe_state, &retval); -+ -+ __libc_lock_unlock (lock); -+ -+ } - - return retval; - } --- -2.33.0 - diff --git a/0001-getaddrinfo-Fix-use-after-free-in-getcanonname-CVE-2.patch b/0001-getaddrinfo-Fix-use-after-free-in-getcanonname-CVE-2.patch new file mode 100644 index 0000000..307b1eb --- /dev/null +++ b/0001-getaddrinfo-Fix-use-after-free-in-getcanonname-CVE-2.patch @@ -0,0 +1,338 @@ +From 00ae4f10b504bc4564e9f22f00907093f1ab9338 Mon Sep 17 00:00:00 2001 +From: Siddhesh Poyarekar +Date: Fri, 15 Sep 2023 13:51:12 -0400 +Subject: [PATCH 1/4] getaddrinfo: Fix use after free in getcanonname + (CVE-2023-4806) + +When an NSS plugin only implements the _gethostbyname2_r and +_getcanonname_r callbacks, getaddrinfo could use memory that was freed +during tmpbuf resizing, through h_name in a previous query response. + +The backing store for res->at->name when doing a query with +gethostbyname3_r or gethostbyname2_r is tmpbuf, which is reallocated in +gethosts during the query. For AF_INET6 lookup with AI_ALL | +AI_V4MAPPED, gethosts gets called twice, once for a v6 lookup and second +for a v4 lookup. In this case, if the first call reallocates tmpbuf +enough number of times, resulting in a malloc, th->h_name (that +res->at->name refers to) ends up on a heap allocated storage in tmpbuf. +Now if the second call to gethosts also causes the plugin callback to +return NSS_STATUS_TRYAGAIN, tmpbuf will get freed, resulting in a UAF +reference in res->at->name. This then gets dereferenced in the +getcanonname_r plugin call, resulting in the use after free. + +Fix this by copying h_name over and freeing it at the end. This +resolves BZ #30843, which is assigned CVE-2023-4806. + +Signed-off-by: Siddhesh Poyarekar +(cherry picked from commit 973fe93a5675c42798b2161c6f29c01b0e243994) +--- + nss/Makefile | 15 ++++- + nss/nss_test_gai_hv2_canonname.c | 56 +++++++++++++++++ + nss/tst-nss-gai-hv2-canonname.c | 63 +++++++++++++++++++ + nss/tst-nss-gai-hv2-canonname.h | 1 + + .../postclean.req | 0 + .../tst-nss-gai-hv2-canonname.script | 2 + + sysdeps/posix/getaddrinfo.c | 25 +++++--- + 7 files changed, 152 insertions(+), 10 deletions(-) + create mode 100644 nss/nss_test_gai_hv2_canonname.c + create mode 100644 nss/tst-nss-gai-hv2-canonname.c + create mode 100644 nss/tst-nss-gai-hv2-canonname.h + create mode 100644 nss/tst-nss-gai-hv2-canonname.root/postclean.req + create mode 100644 nss/tst-nss-gai-hv2-canonname.root/tst-nss-gai-hv2-canonname.script + +diff --git a/nss/Makefile b/nss/Makefile +index 06fcdc450f..8a5126ecf3 100644 +--- a/nss/Makefile ++++ b/nss/Makefile +@@ -82,6 +82,7 @@ tests-container := \ + tst-nss-test3 \ + tst-reload1 \ + tst-reload2 \ ++ tst-nss-gai-hv2-canonname \ + # tests-container + + # Tests which need libdl +@@ -145,7 +146,8 @@ libnss_compat-inhibit-o = $(filter-out .os,$(object-suffixes)) + ifeq ($(build-static-nss),yes) + tests-static += tst-nss-static + endif +-extra-test-objs += nss_test1.os nss_test2.os nss_test_errno.os ++extra-test-objs += nss_test1.os nss_test2.os nss_test_errno.os \ ++ nss_test_gai_hv2_canonname.os + + include ../Rules + +@@ -180,12 +182,16 @@ rtld-tests-LDFLAGS += -Wl,--dynamic-list=nss_test.ver + libof-nss_test1 = extramodules + libof-nss_test2 = extramodules + libof-nss_test_errno = extramodules ++libof-nss_test_gai_hv2_canonname = extramodules + $(objpfx)/libnss_test1.so: $(objpfx)nss_test1.os $(link-libc-deps) + $(build-module) + $(objpfx)/libnss_test2.so: $(objpfx)nss_test2.os $(link-libc-deps) + $(build-module) + $(objpfx)/libnss_test_errno.so: $(objpfx)nss_test_errno.os $(link-libc-deps) + $(build-module) ++$(objpfx)/libnss_test_gai_hv2_canonname.so: \ ++ $(objpfx)nss_test_gai_hv2_canonname.os $(link-libc-deps) ++ $(build-module) + $(objpfx)nss_test2.os : nss_test1.c + # Use the nss_files suffix for these objects as well. + $(objpfx)/libnss_test1.so$(libnss_files.so-version): $(objpfx)/libnss_test1.so +@@ -195,10 +201,14 @@ $(objpfx)/libnss_test2.so$(libnss_files.so-version): $(objpfx)/libnss_test2.so + $(objpfx)/libnss_test_errno.so$(libnss_files.so-version): \ + $(objpfx)/libnss_test_errno.so + $(make-link) ++$(objpfx)/libnss_test_gai_hv2_canonname.so$(libnss_files.so-version): \ ++ $(objpfx)/libnss_test_gai_hv2_canonname.so ++ $(make-link) + $(patsubst %,$(objpfx)%.out,$(tests) $(tests-container)) : \ + $(objpfx)/libnss_test1.so$(libnss_files.so-version) \ + $(objpfx)/libnss_test2.so$(libnss_files.so-version) \ +- $(objpfx)/libnss_test_errno.so$(libnss_files.so-version) ++ $(objpfx)/libnss_test_errno.so$(libnss_files.so-version) \ ++ $(objpfx)/libnss_test_gai_hv2_canonname.so$(libnss_files.so-version) + + ifeq (yes,$(have-thread-library)) + $(objpfx)tst-cancel-getpwuid_r: $(shared-thread-library) +@@ -215,3 +225,4 @@ LDFLAGS-tst-nss-test3 = -Wl,--disable-new-dtags + LDFLAGS-tst-nss-test4 = -Wl,--disable-new-dtags + LDFLAGS-tst-nss-test5 = -Wl,--disable-new-dtags + LDFLAGS-tst-nss-test_errno = -Wl,--disable-new-dtags ++LDFLAGS-tst-nss-test_gai_hv2_canonname = -Wl,--disable-new-dtags +diff --git a/nss/nss_test_gai_hv2_canonname.c b/nss/nss_test_gai_hv2_canonname.c +new file mode 100644 +index 0000000000..4439c83c9f +--- /dev/null ++++ b/nss/nss_test_gai_hv2_canonname.c +@@ -0,0 +1,56 @@ ++/* NSS service provider that only provides gethostbyname2_r. ++ Copyright The GNU Toolchain Authors. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++#include ++#include ++#include ++#include "nss/tst-nss-gai-hv2-canonname.h" ++ ++/* Catch misnamed and functions. */ ++#pragma GCC diagnostic error "-Wmissing-prototypes" ++NSS_DECLARE_MODULE_FUNCTIONS (test_gai_hv2_canonname) ++ ++extern enum nss_status _nss_files_gethostbyname2_r (const char *, int, ++ struct hostent *, char *, ++ size_t, int *, int *); ++ ++enum nss_status ++_nss_test_gai_hv2_canonname_gethostbyname2_r (const char *name, int af, ++ struct hostent *result, ++ char *buffer, size_t buflen, ++ int *errnop, int *herrnop) ++{ ++ return _nss_files_gethostbyname2_r (name, af, result, buffer, buflen, errnop, ++ herrnop); ++} ++ ++enum nss_status ++_nss_test_gai_hv2_canonname_getcanonname_r (const char *name, char *buffer, ++ size_t buflen, char **result, ++ int *errnop, int *h_errnop) ++{ ++ /* We expect QUERYNAME, which is a small enough string that it shouldn't fail ++ the test. */ ++ if (memcmp (QUERYNAME, name, sizeof (QUERYNAME)) ++ || buflen < sizeof (QUERYNAME)) ++ abort (); ++ ++ strncpy (buffer, name, buflen); ++ *result = buffer; ++ return NSS_STATUS_SUCCESS; ++} +diff --git a/nss/tst-nss-gai-hv2-canonname.c b/nss/tst-nss-gai-hv2-canonname.c +new file mode 100644 +index 0000000000..d5f10c07d6 +--- /dev/null ++++ b/nss/tst-nss-gai-hv2-canonname.c +@@ -0,0 +1,63 @@ ++/* Test NSS query path for plugins that only implement gethostbyname2 ++ (#30843). ++ Copyright The GNU Toolchain Authors. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include "nss/tst-nss-gai-hv2-canonname.h" ++ ++#define PREPARE do_prepare ++ ++static void do_prepare (int a, char **av) ++{ ++ FILE *hosts = xfopen ("/etc/hosts", "w"); ++ for (unsigned i = 2; i < 255; i++) ++ { ++ fprintf (hosts, "ff01::ff02:ff03:%u:2\ttest.example.com\n", i); ++ fprintf (hosts, "192.168.0.%u\ttest.example.com\n", i); ++ } ++ xfclose (hosts); ++} ++ ++static int ++do_test (void) ++{ ++ __nss_configure_lookup ("hosts", "test_gai_hv2_canonname"); ++ ++ struct addrinfo hints = {}; ++ struct addrinfo *result = NULL; ++ ++ hints.ai_family = AF_INET6; ++ hints.ai_flags = AI_ALL | AI_V4MAPPED | AI_CANONNAME; ++ ++ int ret = getaddrinfo (QUERYNAME, NULL, &hints, &result); ++ ++ if (ret != 0) ++ FAIL_EXIT1 ("getaddrinfo failed: %s\n", gai_strerror (ret)); ++ ++ TEST_COMPARE_STRING (result->ai_canonname, QUERYNAME); ++ ++ freeaddrinfo(result); ++ return 0; ++} ++ ++#include +diff --git a/nss/tst-nss-gai-hv2-canonname.h b/nss/tst-nss-gai-hv2-canonname.h +new file mode 100644 +index 0000000000..14f2a9cb08 +--- /dev/null ++++ b/nss/tst-nss-gai-hv2-canonname.h +@@ -0,0 +1 @@ ++#define QUERYNAME "test.example.com" +diff --git a/nss/tst-nss-gai-hv2-canonname.root/postclean.req b/nss/tst-nss-gai-hv2-canonname.root/postclean.req +new file mode 100644 +index 0000000000..e69de29bb2 +diff --git a/nss/tst-nss-gai-hv2-canonname.root/tst-nss-gai-hv2-canonname.script b/nss/tst-nss-gai-hv2-canonname.root/tst-nss-gai-hv2-canonname.script +new file mode 100644 +index 0000000000..31848b4a28 +--- /dev/null ++++ b/nss/tst-nss-gai-hv2-canonname.root/tst-nss-gai-hv2-canonname.script +@@ -0,0 +1,2 @@ ++cp $B/nss/libnss_test_gai_hv2_canonname.so $L/libnss_test_gai_hv2_canonname.so.2 ++su +diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c +index 0356b622be..b2236b105c 100644 +--- a/sysdeps/posix/getaddrinfo.c ++++ b/sysdeps/posix/getaddrinfo.c +@@ -120,6 +120,7 @@ struct gaih_result + { + struct gaih_addrtuple *at; + char *canon; ++ char *h_name; + bool free_at; + bool got_ipv6; + }; +@@ -165,6 +166,7 @@ gaih_result_reset (struct gaih_result *res) + if (res->free_at) + free (res->at); + free (res->canon); ++ free (res->h_name); + memset (res, 0, sizeof (*res)); + } + +@@ -203,9 +205,8 @@ gaih_inet_serv (const char *servicename, const struct gaih_typeproto *tp, + return 0; + } + +-/* Convert struct hostent to a list of struct gaih_addrtuple objects. h_name +- is not copied, and the struct hostent object must not be deallocated +- prematurely. The new addresses are appended to the tuple array in RES. */ ++/* Convert struct hostent to a list of struct gaih_addrtuple objects. The new ++ addresses are appended to the tuple array in RES. */ + static bool + convert_hostent_to_gaih_addrtuple (const struct addrinfo *req, int family, + struct hostent *h, struct gaih_result *res) +@@ -238,6 +239,15 @@ convert_hostent_to_gaih_addrtuple (const struct addrinfo *req, int family, + res->at = array; + res->free_at = true; + ++ /* Duplicate h_name because it may get reclaimed when the underlying storage ++ is freed. */ ++ if (res->h_name == NULL) ++ { ++ res->h_name = __strdup (h->h_name); ++ if (res->h_name == NULL) ++ return false; ++ } ++ + /* Update the next pointers on reallocation. */ + for (size_t i = 0; i < old; i++) + array[i].next = array + i + 1; +@@ -262,7 +272,6 @@ convert_hostent_to_gaih_addrtuple (const struct addrinfo *req, int family, + } + array[i].next = array + i + 1; + } +- array[0].name = h->h_name; + array[count - 1].next = NULL; + + return true; +@@ -324,15 +333,15 @@ gethosts (nss_gethostbyname3_r fct, int family, const char *name, + memory allocation failure. The returned string is allocated on the + heap; the caller has to free it. */ + static char * +-getcanonname (nss_action_list nip, struct gaih_addrtuple *at, const char *name) ++getcanonname (nss_action_list nip, const char *hname, const char *name) + { + nss_getcanonname_r *cfct = __nss_lookup_function (nip, "getcanonname_r"); + char *s = (char *) name; + if (cfct != NULL) + { + char buf[256]; +- if (DL_CALL_FCT (cfct, (at->name ?: name, buf, sizeof (buf), +- &s, &errno, &h_errno)) != NSS_STATUS_SUCCESS) ++ if (DL_CALL_FCT (cfct, (hname ?: name, buf, sizeof (buf), &s, &errno, ++ &h_errno)) != NSS_STATUS_SUCCESS) + /* If the canonical name cannot be determined, use the passed + string. */ + s = (char *) name; +@@ -771,7 +780,7 @@ get_nss_addresses (const char *name, const struct addrinfo *req, + if ((req->ai_flags & AI_CANONNAME) != 0 + && res->canon == NULL) + { +- char *canonbuf = getcanonname (nip, res->at, name); ++ char *canonbuf = getcanonname (nip, res->h_name, name); + if (canonbuf == NULL) + { + __resolv_context_put (res_ctx); +-- +2.33.0 + diff --git a/0002-iconv-restore-verbosity-with-unrecognized-encoding-n.patch b/0002-iconv-restore-verbosity-with-unrecognized-encoding-n.patch new file mode 100644 index 0000000..eb18910 --- /dev/null +++ b/0002-iconv-restore-verbosity-with-unrecognized-encoding-n.patch @@ -0,0 +1,32 @@ +From 63250e9c571314b6daa2c949ea0af335ee766751 Mon Sep 17 00:00:00 2001 +From: Andreas Schwab +Date: Tue, 1 Aug 2023 17:01:37 +0200 +Subject: [PATCH 2/4] iconv: restore verbosity with unrecognized encoding names + (bug 30694) + +Commit 91927b7c76 ("Rewrite iconv option parsing [BZ #19519]") changed the +iconv program to call __gconv_open directly instead of the iconv_open +wrapper, but the former does not set errno. Update the caller to +interpret the return codes like iconv_open does. + +(cherry picked from commit fc72b6d7d818ab2868920af956d1542d03342a4d) +--- + iconv/iconv_prog.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/iconv/iconv_prog.c b/iconv/iconv_prog.c +index bee898c63c..cf32cf9b44 100644 +--- a/iconv/iconv_prog.c ++++ b/iconv/iconv_prog.c +@@ -187,7 +187,7 @@ main (int argc, char *argv[]) + + if (res != __GCONV_OK) + { +- if (errno == EINVAL) ++ if (res == __GCONV_NOCONV || res == __GCONV_NODB) + { + /* Try to be nice with the user and tell her which of the + two encoding names is wrong. This is possible because +-- +2.33.0 + diff --git a/0003-string-Fix-tester-build-with-fortify-enable-with-gcc.patch b/0003-string-Fix-tester-build-with-fortify-enable-with-gcc.patch new file mode 100644 index 0000000..b467daa --- /dev/null +++ b/0003-string-Fix-tester-build-with-fortify-enable-with-gcc.patch @@ -0,0 +1,50 @@ +From d94461bb86ba176b9390c0015bb612a528e22d95 Mon Sep 17 00:00:00 2001 +From: Mahesh Bodapati +Date: Fri, 11 Aug 2023 10:38:25 -0500 +Subject: [PATCH 3/4] string: Fix tester build with fortify enable with gcc < + 12 + +When building with fortify enabled, GCC < 12 issues a warning on the +fortify strncat wrapper might overflow the destination buffer (the +failure is tied to -Werror). + +Checked on ppc64 and x86_64. +Reviewed-by: Adhemerval Zanella + +(cherry picked from commit f1c7ed0859a45929136836341741c7cd70f428cb) +--- + string/tester.c | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/string/tester.c b/string/tester.c +index f7d4bac5a8..824cf315ff 100644 +--- a/string/tester.c ++++ b/string/tester.c +@@ -34,6 +34,14 @@ + DIAG_IGNORE_NEEDS_COMMENT (8, "-Wstringop-truncation"); + #endif + ++/* When building with fortify enabled, GCC < 12 issues a warning on the ++ fortify strncat wrapper might overflow the destination buffer (the ++ failure is tied to -Werror). ++ Triggered by strncat fortify wrapper when it is enabled. */ ++#if __GNUC_PREREQ (11, 0) ++DIAG_IGNORE_NEEDS_COMMENT (11, "-Wstringop-overread"); ++#endif ++ + #include + #include + #include +@@ -52,9 +60,6 @@ DIAG_IGNORE_NEEDS_COMMENT (5.0, "-Wmemset-transposed-args"); + DIAG_IGNORE_NEEDS_COMMENT (9, "-Wrestrict"); + DIAG_IGNORE_NEEDS_COMMENT (7, "-Wstringop-overflow="); + #endif +-#if __GNUC_PREREQ (11, 0) +-DIAG_IGNORE_NEEDS_COMMENT (11, "-Wstringop-overread"); +-#endif + + + #define STREQ(a, b) (strcmp((a), (b)) == 0) +-- +2.33.0 + diff --git a/0004-manual-jobs.texi-Add-missing-item-EPERM-for-getpgid.patch b/0004-manual-jobs.texi-Add-missing-item-EPERM-for-getpgid.patch new file mode 100644 index 0000000..a60c664 --- /dev/null +++ b/0004-manual-jobs.texi-Add-missing-item-EPERM-for-getpgid.patch @@ -0,0 +1,30 @@ +From 0e1ef6779a90bc0f8a05bc367796df2793deecaa Mon Sep 17 00:00:00 2001 +From: Mark Wielaard +Date: Thu, 24 Aug 2023 21:36:34 +0200 +Subject: [PATCH 4/4] manual/jobs.texi: Add missing @item EPERM for getpgid + +The missing @item makes it look like errno will be set to ESRCH +if a cross-session getpgid is not permitted. + +Found by ulfvonbelow on irc. + +(cherry picked from commit 5a21cefd5abab1b99eda1fbf84204a9bf41662ab) +--- + manual/job.texi | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/manual/job.texi b/manual/job.texi +index 42cb9fb26d..8157f13a1c 100644 +--- a/manual/job.texi ++++ b/manual/job.texi +@@ -1133,6 +1133,7 @@ following @code{errno} error conditions are defined for this function: + @table @code + @item ESRCH + There is no process with the given process ID @var{pid}. ++@item EPERM + The calling process and the process specified by @var{pid} are in + different sessions, and the implementation doesn't allow to access the + process group ID of the process with ID @var{pid} from the calling +-- +2.33.0 + diff --git a/glibc.spec b/glibc.spec index 250c4ba..ceef911 100644 --- a/glibc.spec +++ b/glibc.spec @@ -67,7 +67,7 @@ ############################################################################## Name: glibc Version: 2.38 -Release: 9 +Release: 10 Summary: The GNU libc libraries License: %{all_license} URL: http://www.gnu.org/software/glibc/ @@ -106,6 +106,10 @@ Patch17: 0003-elf-Remove-unused-l_text_end-field-from-struct-link_.patch Patch18: 0004-elf-Move-l_init_called_next-to-old-place-of-l_text_e.patch Patch19: 0005-NEWS-Add-the-2.38.1-bug-list.patch Patch20: CVE-2023-4527-Stack-read-overflow-with-large-TCP-res.patch +Patch21: 0001-getaddrinfo-Fix-use-after-free-in-getcanonname-CVE-2.patch +Patch22: 0002-iconv-restore-verbosity-with-unrecognized-encoding-n.patch +Patch23: 0003-string-Fix-tester-build-with-fortify-enable-with-gcc.patch +Patch24: 0004-manual-jobs.texi-Add-missing-item-EPERM-for-getpgid.patch Patch9000: turn-default-value-of-x86_rep_stosb_threshold_form_2K_to_1M.patch Patch9001: locale-delete-no-hard-link-to-avoid-all_language-pac.patch @@ -124,10 +128,9 @@ Patch9013: x86-use-total-l3cache-for-non_temporal_threshold.patch Patch9014: strcmp-delete-align-for-loop_aligned.patch Patch9015: add-pthread_cond_clockwait-GLIBC_2_28.patch Patch9016: add-GB18030-2022-charmap-BZ-30243.patch -Patch9017: 0001-Optimizing-__random-for-single-threaded-scenarios.patch -Patch9018: fix-Segmentation-fault-in-nss-module.patch -Patch9019: fix_nss_database_check_reload_and_get_memleak.patch -Patch9020: 0001-fix-glibc-build-error-on-x86.patch +Patch9017: fix-Segmentation-fault-in-nss-module.patch +Patch9018: fix_nss_database_check_reload_and_get_memleak.patch +Patch9019: 0001-fix-glibc-build-error-on-x86.patch %if %{ENABLE_RELOC} Patch9021: reserve-relocation-information-for-sysboost.patch @@ -1320,6 +1323,10 @@ fi %endif %changelog +* Sat Sep 16 2023 Qingqing Li - 2.38-10 +- backport patches from glibc upstream 2.38 branch +- revert some customization modification + * Fri Sep 15 2023 Qingqing Li - 2.38-9 - fix CVE-2023-4527 -- Gitee