From 79a3dc68ab8a973980422359252f0a767db7c26e Mon Sep 17 00:00:00 2001 From: Carlos O'Donell Date: May 01 2024 16:48:47 +0000 Subject: Auto-sync with upstream master Upstream commit: 91695ee4598b39d181ab8df579b888a8863c4cab - Update License tag to match upstream. - time: Allow later version licensing. - hurd: Stop mapping AT_NO_AUTOMOUNT to O_NOTRANS - libio: Sort test variables in Makefile - AArch64: Remove unused defines of CPU names - Make sure INSTALL is ASCII plaintext again - x86: In ld.so, diagnose missing APX support in APX-only builds - elf: Also compile dl-misc.os with $(rtld-early-cflags) - CVE-2024-33601, CVE-2024-33602: nscd: netgroup: Use two buffers in addgetnetgrentX (bug 31680) - CVE-2024-33600: nscd: Avoid null pointer crashes after notfound response (bug 31678) - CVE-2024-33600: nscd: Do not send missing not-found response in addgetnetgrentX (bug 31678) - CVE-2024-33599: nscd: Stack-based buffer overflow in netgroup cache (bug 31677) - i386: ulp update for SSE2 --disable-multi-arch configurations --- diff --git a/glibc.spec b/glibc.spec index 88bdf32..7f658a6 100644 --- a/glibc.spec +++ b/glibc.spec @@ -1,4 +1,4 @@ -%global glibcsrcdir glibc-2.39.9000-185-g41903cb6f4 +%global glibcsrcdir glibc-2.39.9000-197-g91695ee459 %global glibcversion 2.39.9000 # Pre-release tarballs are pulled in from git using a command that is # effectively: @@ -170,7 +170,7 @@ Version: %{glibcversion} # - It allows using the Release number without the %%dist tag in the dependency # generator to make the generated requires interchangeable between Rawhide # and ELN (.elnYY < .fcXX). -%global baserelease 16 +%global baserelease 17 Release: %{baserelease}%{?dist} # Licenses: @@ -185,13 +185,12 @@ Release: %{baserelease}%{?dist} # files, lib*_nonshared.a). Historically, this exception also applies # to parts of libio. # -# * LGPLv2 is used in a couple of places (e.g. time/timespec_get.c, by -# mistake). -# # * GPLv2+ with exceptions is used for parts of the Arm unwinder. # # * GFDL is used for the documentation. # +# * UNICODE v3 is used for the Unicode data files. +# # * Some other licenses are used in various places (BSD, Inner-Net, # ISC, Public Domain, etc.). # @@ -224,7 +223,7 @@ Release: %{baserelease}%{?dist} # SPDX license string based on evaluation of glibc-2.39 sources by # ScanCode toolkit (https://github.com/nexB/scancode-toolkit), # and accounting for exceptions listed above: -License: LGPL-2.1-or-later AND SunPro AND LGPL-2.1-or-later WITH GCC-exception-2.0 AND BSD-3-Clause AND GPL-2.0-or-later AND LGPL-2.1-or-later WITH GNU-compiler-exception AND GPL-2.0-only AND ISC AND LicenseRef-Fedora-Public-Domain AND HPND AND CMU-Mach AND LGPL-2.1-only AND LGPL-2.0-or-later AND Unicode-DFS-2015 AND GFDL-1.1-or-later AND GPL-1.0-or-later AND FSFUL AND MIT AND Inner-Net-2.0 AND X11 AND GPL-2.0-or-later WITH GCC-exception-2.0 AND GFDL-1.3-only AND GFDL-1.1-only +License: LGPL-2.1-or-later AND SunPro AND LGPL-2.1-or-later WITH GCC-exception-2.0 AND BSD-3-Clause AND GPL-2.0-or-later AND LGPL-2.1-or-later WITH GNU-compiler-exception AND GPL-2.0-only AND ISC AND LicenseRef-Fedora-Public-Domain AND HPND AND CMU-Mach AND LGPL-2.0-or-later AND Unicode-3.0 AND GFDL-1.1-or-later AND GPL-1.0-or-later AND FSFUL AND MIT AND Inner-Net-2.0 AND X11 AND GPL-2.0-or-later WITH GCC-exception-2.0 AND GFDL-1.3-only AND GFDL-1.1-only URL: http://www.gnu.org/software/glibc/ Source0: %{?glibc_release_url}%{glibcsrcdir}.tar.xz @@ -2526,6 +2525,23 @@ update_gconv_modules_cache () %endif %changelog +* Wed May 01 2024 Carlos O'Donell - 2.39.9000-17 +- Update License tag to match upstream. +- Auto-sync with upstream branch master, + commit 91695ee4598b39d181ab8df579b888a8863c4cab: +- time: Allow later version licensing. +- hurd: Stop mapping AT_NO_AUTOMOUNT to O_NOTRANS +- libio: Sort test variables in Makefile +- AArch64: Remove unused defines of CPU names +- Make sure INSTALL is ASCII plaintext again +- x86: In ld.so, diagnose missing APX support in APX-only builds +- elf: Also compile dl-misc.os with $(rtld-early-cflags) +- CVE-2024-33601, CVE-2024-33602: nscd: netgroup: Use two buffers in addgetnetgrentX (bug 31680) +- CVE-2024-33600: nscd: Avoid null pointer crashes after notfound response (bug 31678) +- CVE-2024-33600: nscd: Do not send missing not-found response in addgetnetgrentX (bug 31678) +- CVE-2024-33599: nscd: Stack-based buffer overflow in netgroup cache (bug 31677) +- i386: ulp update for SSE2 --disable-multi-arch configurations + * Thu Apr 25 2024 Florian Weimer - 2.39.9000-16 - Enable CPU compatibility diagnostics in ld.so (RHEL-31738) diff --git a/sources b/sources index a605cd7..0f08b02 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (glibc-2.39.9000-185-g41903cb6f4.tar.xz) = 68d9ba6060cc2e1f145969824b69b5d64331c1f1b5c9f660ee14f679abae2b8baffb48a413e36e14069ce67704ba461179e0b6f80f5229c39f5db5da0b323c95 +SHA512 (glibc-2.39.9000-197-g91695ee459.tar.xz) = afd7f4229f48851afc93bc2f959e21f997929b61758914ea2dd877eacb5ae96998ca6e7b9e0733641111c78bb50bec0b9f1678e0576ef8a4e3e5e90287145775