diff --git a/SOURCES/glibc-RHEL-105326.patch b/SOURCES/glibc-RHEL-105326.patch new file mode 100644 index 0000000..7c5bd6d --- /dev/null +++ b/SOURCES/glibc-RHEL-105326.patch @@ -0,0 +1,236 @@ +commit 7ea06e994093fa0bcca0d0ee2c1db271d8d7885d +Author: Florian Weimer +Date: Mon Jul 21 21:43:49 2025 +0200 + + posix: Fix double-free after allocation failure in regcomp (bug 33185) + + If a memory allocation failure occurs during bracket expression + parsing in regcomp, a double-free error may result. + + Reported-by: Anastasia Belova + Co-authored-by: Paul Eggert + Reviewed-by: Andreas K. Huettel + +Conflicts: + posix/Makefile + (tests list not reformatted/sorted downstream) + posix/tst-regcomp-bracket-free.c + (missing strerrorname_np downstream) + +diff --git a/posix/Makefile b/posix/Makefile +index 83162123f9c927a0..42a0290370b40fd9 100644 +--- a/posix/Makefile ++++ b/posix/Makefile +@@ -96,7 +96,7 @@ tests := test-errno tstgetopt testfnm runtests runptests \ + tst-posix_fadvise tst-posix_fadvise64 \ + tst-sysconf-empty-chroot tst-glob_symlinks tst-fexecve \ + tst-glob-tilde test-ssize-max tst-spawn4 bug-regex37 \ +- bug-regex38 tst-regcomp-truncated ++ bug-regex38 tst-regcomp-truncated tst-regcomp-bracket-free + tests-internal := bug-regex5 bug-regex20 bug-regex33 \ + tst-rfc3484 tst-rfc3484-2 tst-rfc3484-3 \ + tst-glob_lstat_compat tst-spawn4-compat +diff --git a/posix/regcomp.c b/posix/regcomp.c +index 545d188468c376e7..b737b22da8703d6c 100644 +--- a/posix/regcomp.c ++++ b/posix/regcomp.c +@@ -3375,6 +3375,7 @@ parse_bracket_exp (re_string_t *regexp, re_dfa_t *dfa, re_token_t *token, + { + #ifdef RE_ENABLE_I18N + free_charset (mbcset); ++ mbcset = NULL; + #endif + /* Build a tree for simple bracket. */ + br_token.type = SIMPLE_BRACKET; +@@ -3390,7 +3391,8 @@ parse_bracket_exp (re_string_t *regexp, re_dfa_t *dfa, re_token_t *token, + parse_bracket_exp_free_return: + re_free (sbcset); + #ifdef RE_ENABLE_I18N +- free_charset (mbcset); ++ if (__glibc_likely (mbcset != NULL)) ++ free_charset (mbcset); + #endif /* RE_ENABLE_I18N */ + return NULL; + } +diff --git a/posix/tst-regcomp-bracket-free.c b/posix/tst-regcomp-bracket-free.c +new file mode 100644 +index 0000000000000000..e6041ddaeba3045c +--- /dev/null ++++ b/posix/tst-regcomp-bracket-free.c +@@ -0,0 +1,176 @@ ++/* Test regcomp bracket parsing with injected allocation failures (bug 33185). ++ Copyright (C) 2025 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++/* This test invokes regcomp multiple times, failing one memory ++ allocation in each call. The function call should fail with ++ REG_ESPACE (or succeed if it can recover from the allocation ++ failure). Previously, there was double-free bug. */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++/* Data structure allocated via MAP_SHARED, so that writes from the ++ subprocess are visible. */ ++struct shared_data ++{ ++ /* Number of tracked allocations performed so far. */ ++ volatile unsigned int allocation_count; ++ ++ /* If this number is reached, one allocation fails. */ ++ volatile unsigned int failing_allocation; ++ ++ /* The subprocess stores the expected name here. */ ++ char name[100]; ++}; ++ ++/* Allocation count in shared mapping. */ ++static struct shared_data *shared; ++ ++/* Returns true if a failure should be injected for this allocation. */ ++static bool ++fail_this_allocation (void) ++{ ++ if (shared != NULL) ++ { ++ unsigned int count = shared->allocation_count; ++ shared->allocation_count = count + 1; ++ return count == shared->failing_allocation; ++ } ++ else ++ return false; ++} ++ ++/* Failure-injecting wrappers for allocation functions used by glibc. */ ++ ++void * ++malloc (size_t size) ++{ ++ if (fail_this_allocation ()) ++ { ++ errno = ENOMEM; ++ return NULL; ++ } ++ extern __typeof (malloc) __libc_malloc; ++ return __libc_malloc (size); ++} ++ ++void * ++calloc (size_t a, size_t b) ++{ ++ if (fail_this_allocation ()) ++ { ++ errno = ENOMEM; ++ return NULL; ++ } ++ extern __typeof (calloc) __libc_calloc; ++ return __libc_calloc (a, b); ++} ++ ++void * ++realloc (void *ptr, size_t size) ++{ ++ if (fail_this_allocation ()) ++ { ++ errno = ENOMEM; ++ return NULL; ++ } ++ extern __typeof (realloc) __libc_realloc; ++ return __libc_realloc (ptr, size); ++} ++ ++/* No-op subprocess to verify that support_isolate_in_subprocess does ++ not perform any heap allocations. */ ++static void ++no_op (void *ignored) ++{ ++} ++ ++/* Perform a regcomp call in a subprocess. Used to count its ++ allocations. */ ++static void ++initialize (void *regexp1) ++{ ++ const char *regexp = regexp1; ++ ++ shared->allocation_count = 0; ++ ++ regex_t reg; ++ TEST_COMPARE (regcomp (®, regexp, 0), 0); ++} ++ ++/* Perform regcomp in a subprocess with fault injection. */ ++static void ++test_in_subprocess (void *regexp1) ++{ ++ const char *regexp = regexp1; ++ unsigned int inject_at = shared->failing_allocation; ++ ++ regex_t reg; ++ int ret = regcomp (®, regexp, 0); ++ ++ if (ret != 0) ++ { ++ TEST_COMPARE (ret, REG_ESPACE); ++ printf ("info: allocation %u failure results in return value %d," ++ " error %s (%d)\n", ++ inject_at, ret, strerror (errno), errno); ++ } ++} ++ ++static int ++do_test (void) ++{ ++ char regexp[] = "[:alpha:]"; ++ ++ shared = support_shared_allocate (sizeof (*shared)); ++ ++ /* Disable fault injection. */ ++ shared->failing_allocation = ~0U; ++ ++ support_isolate_in_subprocess (no_op, NULL); ++ TEST_COMPARE (shared->allocation_count, 0); ++ ++ support_isolate_in_subprocess (initialize, regexp); ++ ++ /* The number of allocations in the successful case, plus some ++ slack. Once the number of expected allocations is exceeded, ++ injecting further failures does not make a difference. */ ++ unsigned int maximum_allocation_count = shared->allocation_count; ++ printf ("info: successful call performs %u allocations\n", ++ maximum_allocation_count); ++ maximum_allocation_count += 10; ++ ++ for (unsigned int inject_at = 0; inject_at <= maximum_allocation_count; ++ ++inject_at) ++ { ++ shared->allocation_count = 0; ++ shared->failing_allocation = inject_at; ++ support_isolate_in_subprocess (test_in_subprocess, regexp); ++ } ++ ++ support_shared_free (shared); ++ ++ return 0; ++} ++ ++#include diff --git a/SOURCES/glibc-RHEL-18039-1.patch b/SOURCES/glibc-RHEL-18039-1.patch new file mode 100644 index 0000000..237d979 --- /dev/null +++ b/SOURCES/glibc-RHEL-18039-1.patch @@ -0,0 +1,59 @@ +commit 868ab8923a2ec977faafec97ecafac0c3159c1b2 +Author: Florian Weimer +Date: Thu Jun 13 18:56:30 2024 +0200 + + resolv: Track single-request fallback via _res._flags (bug 31476) + + This avoids changing _res.options, which inteferes with change + detection as part of automatic reloading of /etc/resolv.conf. + + Reviewed-by: DJ Delorie + +diff -Nrup a/resolv/res_send.c b/resolv/res_send.c +--- a/resolv/res_send.c 2025-02-19 21:54:08.104421209 -0500 ++++ b/resolv/res_send.c 2025-02-19 21:54:51.202625194 -0500 +@@ -1065,9 +1065,11 @@ send_dg(res_state statp, + seconds /= statp->nscount; + if (seconds <= 0) + seconds = 1; +- bool single_request_reopen = (statp->options & RES_SNGLKUPREOP) != 0; +- bool single_request = (((statp->options & RES_SNGLKUP) != 0) +- | single_request_reopen); ++ bool single_request_reopen = ((statp->options & RES_SNGLKUPREOP) ++ || (statp->_flags & RES_F_SNGLKUPREOP)); ++ bool single_request = ((statp->options & RES_SNGLKUP) ++ || (statp->_flags & RES_F_SNGLKUP) ++ || single_request_reopen); + int save_gotsomewhere = *gotsomewhere; + + int retval; +@@ -1124,14 +1126,14 @@ send_dg(res_state statp, + have received the first answer. */ + if (!single_request) + { +- statp->options |= RES_SNGLKUP; ++ statp->_flags |= RES_F_SNGLKUP; + single_request = true; + *gotsomewhere = save_gotsomewhere; + goto retry; + } + else if (!single_request_reopen) + { +- statp->options |= RES_SNGLKUPREOP; ++ statp->_flags |= RES_F_SNGLKUPREOP; + single_request_reopen = true; + *gotsomewhere = save_gotsomewhere; + __res_iclose (statp, false); +diff -Nrup a/resolv/resolv-internal.h b/resolv/resolv-internal.h +--- a/resolv/resolv-internal.h 2025-02-19 21:54:08.104421209 -0500 ++++ b/resolv/resolv-internal.h 2025-02-19 21:56:25.771072777 -0500 +@@ -26,7 +26,8 @@ + #define RES_F_VC 0x00000001 /* Socket is TCP. */ + #define RES_F_CONN 0x00000002 /* Socket is connected. */ + #define RES_F_EDNS0ERR 0x00000004 /* EDNS0 caused errors. */ +- ++#define RES_F_SNGLKUP 0x00200000 /* Private version of RES_SNGLKUP. */ ++#define RES_F_SNGLKUPREOP 0x00400000 /* Private version of RES_SNGLKUPREOP. */ + + /* Internal version of RES_USE_INET6 which does not trigger a + deprecation warning. */ diff --git a/SOURCES/glibc-RHEL-18039-2.patch b/SOURCES/glibc-RHEL-18039-2.patch new file mode 100644 index 0000000..5baab0e --- /dev/null +++ b/SOURCES/glibc-RHEL-18039-2.patch @@ -0,0 +1,197 @@ +commit 691a3b2e9bfaba842e46a5ccb7f5e6ea144c3ade +Author: Florian Weimer +Date: Wed Jul 24 12:06:47 2024 +0200 + + resolv: Allow short error responses to match any query (bug 31890) + + Reviewed-by: DJ Delorie + +Conflicts: + resolv/res_send.c: res_queriesmatch/__libc_res_queriesmatch + +diff -Nrup a/resolv/Makefile b/resolv/Makefile +--- a/resolv/Makefile 2025-06-06 08:53:20.890276516 -0400 ++++ b/resolv/Makefile 2025-06-06 08:57:09.981844872 -0400 +@@ -62,6 +62,7 @@ tests += \ + tst-resolv-nondecimal \ + tst-resolv-res_init-multi \ + tst-resolv-search \ ++ tst-resolv-short-response \ + tst-resolv-trailing \ + + # This test calls __res_context_send directly, which is not exported +@@ -208,6 +209,8 @@ $(objpfx)tst-resolv-nondecimal: $(objpfx + $(objpfx)tst-resolv-qtypes: $(objpfx)libresolv.so $(shared-thread-library) + $(objpfx)tst-resolv-rotate: $(objpfx)libresolv.so $(shared-thread-library) + $(objpfx)tst-resolv-search: $(objpfx)libresolv.so $(shared-thread-library) ++$(objpfx)tst-resolv-short-response: $(objpfx)libresolv.so \ ++ $(shared-thread-library) + $(objpfx)tst-resolv-trailing: $(objpfx)libresolv.so $(shared-thread-library) + $(objpfx)tst-resolv-threads: \ + $(libdl) $(objpfx)libresolv.so $(shared-thread-library) +diff -Nrup a/resolv/res_send.c b/resolv/res_send.c +--- a/resolv/res_send.c 2025-06-06 08:53:30.892216323 -0400 ++++ b/resolv/res_send.c 2025-06-06 08:59:35.588914830 -0400 +@@ -1322,17 +1322,30 @@ send_dg(res_state statp, + goto wait; + + /* Check for the correct header layout and a matching +- question. */ ++ question. Some recursive resolvers send REFUSED ++ without copying back the question section ++ (producing a response that is only HFIXEDSZ bytes ++ long). Skip query matching in this case. */ ++ bool thisansp_error = (anhp->rcode == SERVFAIL || ++ anhp->rcode == NOTIMP || ++ anhp->rcode == REFUSED); ++ bool skip_query_match = (*thisresplenp == HFIXEDSZ ++ && ntohs (anhp->qdcount) == 0 ++ && thisansp_error); + int matching_query = 0; /* Default to no matching query. */ + if (!recvresp1 + && anhp->id == hp->id +- && res_queriesmatch (buf, buf + buflen, +- *thisansp, *thisansp + *thisanssizp)) ++ && (skip_query_match ++ || res_queriesmatch (buf, buf + buflen, ++ *thisansp, ++ *thisansp + *thisanssizp))) + matching_query = 1; + if (!recvresp2 + && anhp->id == hp2->id +- && res_queriesmatch (buf2, buf2 + buflen2, +- *thisansp, *thisansp + *thisanssizp)) ++ && (skip_query_match ++ || res_queriesmatch (buf2, buf2 + buflen2, ++ *thisansp, ++ *thisansp + *thisanssizp))) + matching_query = 2; + if (matching_query == 0) + /* Spurious UDP packet. Drop it and continue +@@ -1342,9 +1355,7 @@ send_dg(res_state statp, + goto wait; + } + +- if (anhp->rcode == SERVFAIL || +- anhp->rcode == NOTIMP || +- anhp->rcode == REFUSED) { ++ if (thisansp_error) { + next_ns: + if (recvresp1 || (buf2 != NULL && recvresp2)) { + *resplen2 = 0; +diff -Nrup a/resolv/tst-resolv-short-response.c b/resolv/tst-resolv-short-response.c +--- a/resolv/tst-resolv-short-response.c 1969-12-31 19:00:00.000000000 -0500 ++++ b/resolv/tst-resolv-short-response.c 2025-06-06 08:57:09.987844834 -0400 +@@ -0,0 +1,112 @@ ++/* Test for spurious timeouts with short 12-byte responses (bug 31890). ++ Copyright (C) 2024 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++#include ++#include ++#include ++#include ++ ++/* The rcode in the initial response. */ ++static volatile int rcode; ++ ++static void ++response (const struct resolv_response_context *ctx, ++ struct resolv_response_builder *b, ++ const char *qname, uint16_t qclass, uint16_t qtype) ++{ ++ switch (ctx->server_index) ++ { ++ case 0: ++ /* First server times out. */ ++ struct resolv_response_flags flags = {.rcode = rcode}; ++ resolv_response_init (b, flags); ++ break; ++ case 1: ++ /* Second server sends reply. */ ++ resolv_response_init (b, (struct resolv_response_flags) {}); ++ resolv_response_add_question (b, qname, qclass, qtype); ++ resolv_response_section (b, ns_s_an); ++ resolv_response_open_record (b, qname, qclass, qtype, 0); ++ switch (qtype) ++ { ++ case T_A: ++ { ++ char ipv4[4] = {192, 0, 2, 17}; ++ resolv_response_add_data (b, &ipv4, sizeof (ipv4)); ++ } ++ break; ++ case T_AAAA: ++ { ++ char ipv6[16] ++ = {0x20, 0x01, 0xd, 0xb8, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1}; ++ resolv_response_add_data (b, &ipv6, sizeof (ipv6)); ++ } ++ break; ++ default: ++ FAIL_EXIT1 ("unexpected TYPE%d query", qtype); ++ } ++ resolv_response_close_record (b); ++ break; ++ default: ++ FAIL_EXIT1 ("unexpected query to server %d", ctx->server_index); ++ } ++} ++ ++static void ++check_one (void) ++{ ++ ++ /* The buggy 1-second query timeout results in 30 seconds of delay, ++ which triggers a test timeout failure. */ ++ for (int i = 0; i < 10; ++i) ++ { ++ check_hostent ("www.example", gethostbyname ("www.example"), ++ "name: www.example\n" ++ "address: 192.0.2.17\n"); ++ check_hostent ("www.example", gethostbyname2 ("www.example", AF_INET6), ++ "name: www.example\n" ++ "address: 2001:db8::1\n"); ++ } ++} ++ ++static int ++do_test (void) ++{ ++ struct resolv_test *aux = resolv_test_start ++ ((struct resolv_redirect_config) ++ { ++ .response_callback = response, ++ }); ++ ++ _res.options |= RES_SNGLKUP; ++ ++ rcode = 2; /* SERVFAIL. */ ++ check_one (); ++ ++ rcode = 4; /* NOTIMP. */ ++ check_one (); ++ ++ rcode = 5; /* REFUSED. */ ++ check_one (); ++ ++ resolv_test_end (aux); ++ ++ return 0; ++} ++ ++#include diff --git a/SOURCES/glibc-RHEL-18039-3.patch b/SOURCES/glibc-RHEL-18039-3.patch new file mode 100644 index 0000000..68c505b --- /dev/null +++ b/SOURCES/glibc-RHEL-18039-3.patch @@ -0,0 +1,203 @@ +commit af625987d619388a100b153520d3ee308bda9889 +Author: Florian Weimer +Date: Wed Jul 24 12:06:47 2024 +0200 + + resolv: Do not wait for non-existing second DNS response after error (bug 30081) + + In single-request mode, there is no second response after an error + because the second query has not been sent yet. Waiting for it + introduces an unnecessary timeout. + + Reviewed-by: DJ Delorie + +diff -Nrup a/resolv/Makefile b/resolv/Makefile +--- a/resolv/Makefile 2025-02-19 22:32:03.567568899 -0500 ++++ b/resolv/Makefile 2025-02-19 22:36:58.647149025 -0500 +@@ -62,6 +62,7 @@ tests += \ + tst-resolv-nondecimal \ + tst-resolv-res_init-multi \ + tst-resolv-search \ ++ tst-resolv-semi-failure \ + tst-resolv-short-response \ + tst-resolv-trailing \ + +@@ -209,6 +210,8 @@ $(objpfx)tst-resolv-nondecimal: $(objpfx + $(objpfx)tst-resolv-qtypes: $(objpfx)libresolv.so $(shared-thread-library) + $(objpfx)tst-resolv-rotate: $(objpfx)libresolv.so $(shared-thread-library) + $(objpfx)tst-resolv-search: $(objpfx)libresolv.so $(shared-thread-library) ++$(objpfx)tst-resolv-semi-failure: $(objpfx)libresolv.so \ ++ $(shared-thread-library) + $(objpfx)tst-resolv-short-response: $(objpfx)libresolv.so \ + $(shared-thread-library) + $(objpfx)tst-resolv-trailing: $(objpfx)libresolv.so $(shared-thread-library) +diff -Nrup a/resolv/res_send.c b/resolv/res_send.c +--- a/resolv/res_send.c 2025-02-19 22:32:03.567568899 -0500 ++++ b/resolv/res_send.c 2025-02-19 22:34:59.213509475 -0500 +@@ -1361,7 +1361,7 @@ send_dg(res_state statp, + *resplen2 = 0; + return resplen; + } +- if (buf2 != NULL) ++ if (buf2 != NULL && !single_request) + { + /* No data from the first reply. */ + resplen = 0; +diff -Nrup a/resolv/tst-resolv-semi-failure.c b/resolv/tst-resolv-semi-failure.c +--- a/resolv/tst-resolv-semi-failure.c 1969-12-31 19:00:00.000000000 -0500 ++++ b/resolv/tst-resolv-semi-failure.c 2025-02-19 22:34:59.213509475 -0500 +@@ -0,0 +1,133 @@ ++/* Test parallel failure/success responses (bug 30081). ++ Copyright (C) 2024 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++#include ++#include ++#include ++#include ++ ++/* The rcode in the initial response. */ ++static volatile int rcode; ++ ++/* Whether to fail the initial A query (!fail_aaaa) or the initial ++ AAAA query (fail_aaaa). */ ++static volatile bool fail_aaaa; ++ ++static void ++response (const struct resolv_response_context *ctx, ++ struct resolv_response_builder *b, ++ const char *qname, uint16_t qclass, uint16_t qtype) ++{ ++ /* Handle the failing query. */ ++ if ((fail_aaaa && qtype == T_AAAA) && ctx->server_index == 0) ++ { ++ struct resolv_response_flags flags = {.rcode = rcode}; ++ resolv_response_init (b, flags); ++ return; ++ } ++ ++ /* Otherwise produce a response. */ ++ resolv_response_init (b, (struct resolv_response_flags) {}); ++ resolv_response_add_question (b, qname, qclass, qtype); ++ resolv_response_section (b, ns_s_an); ++ resolv_response_open_record (b, qname, qclass, qtype, 0); ++ switch (qtype) ++ { ++ case T_A: ++ { ++ char ipv4[4] = {192, 0, 2, 17}; ++ resolv_response_add_data (b, &ipv4, sizeof (ipv4)); ++ } ++ break; ++ case T_AAAA: ++ { ++ char ipv6[16] ++ = {0x20, 0x01, 0xd, 0xb8, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1}; ++ resolv_response_add_data (b, &ipv6, sizeof (ipv6)); ++ } ++ break; ++ default: ++ FAIL_EXIT1 ("unexpected TYPE%d query", qtype); ++ } ++ resolv_response_close_record (b); ++} ++ ++static void ++check_one (void) ++{ ++ ++ /* The buggy 1-second query timeout results in 30 seconds of delay, ++ which triggers are test timeout failure. */ ++ for (int i = 0; i < 30; ++i) ++ { ++ static const struct addrinfo hints = ++ { ++ .ai_family = AF_UNSPEC, ++ .ai_socktype = SOCK_STREAM, ++ }; ++ struct addrinfo *ai; ++ int ret = getaddrinfo ("www.example", "80", &hints, &ai); ++ const char *expected; ++ if (ret == 0 && ai->ai_next != NULL) ++ expected = ("address: STREAM/TCP 192.0.2.17 80\n" ++ "address: STREAM/TCP 2001:db8::1 80\n"); ++ else ++ /* Only one response because the AAAA lookup failure is ++ treated as an ignoreable error. */ ++ expected = "address: STREAM/TCP 192.0.2.17 80\n"; ++ check_addrinfo ("www.example", ai, ret, expected); ++ if (ret == 0) ++ freeaddrinfo (ai); ++ } ++} ++ ++static int ++do_test (void) ++{ ++ for (int do_single_lookup = 0; do_single_lookup < 2; ++do_single_lookup) ++ { ++ struct resolv_test *aux = resolv_test_start ++ ((struct resolv_redirect_config) ++ { ++ .response_callback = response, ++ }); ++ ++ if (do_single_lookup) ++ _res.options |= RES_SNGLKUP; ++ ++ for (int do_fail_aaaa = 0; do_fail_aaaa < 2; ++do_fail_aaaa) ++ { ++ fail_aaaa = do_fail_aaaa; ++ ++ rcode = 2; /* SERVFAIL. */ ++ check_one (); ++ ++ rcode = 4; /* NOTIMP. */ ++ check_one (); ++ ++ rcode = 5; /* REFUSED. */ ++ check_one (); ++ } ++ ++ resolv_test_end (aux); ++ } ++ ++ return 0; ++} ++ ++#include +diff -Nrup a/resolv/tst-resolv-short-response.c b/resolv/tst-resolv-short-response.c +--- a/resolv/tst-resolv-short-response.c 2025-02-19 22:32:03.567568899 -0500 ++++ b/resolv/tst-resolv-short-response.c 2025-02-19 22:34:59.213509475 -0500 +@@ -81,6 +81,18 @@ check_one (void) + check_hostent ("www.example", gethostbyname2 ("www.example", AF_INET6), + "name: www.example\n" + "address: 2001:db8::1\n"); ++ static const struct addrinfo hints = ++ { ++ .ai_family = AF_UNSPEC, ++ .ai_socktype = SOCK_STREAM, ++ }; ++ struct addrinfo *ai; ++ int ret = getaddrinfo ("www.example", "80", &hints, &ai); ++ check_addrinfo ("www.example", ai, ret, ++ "address: STREAM/TCP 192.0.2.17 80\n" ++ "address: STREAM/TCP 2001:db8::1 80\n"); ++ if (ret == 0) ++ freeaddrinfo (ai); + } + } + diff --git a/SOURCES/glibc-RHEL-18039-4.patch b/SOURCES/glibc-RHEL-18039-4.patch new file mode 100644 index 0000000..8313e68 --- /dev/null +++ b/SOURCES/glibc-RHEL-18039-4.patch @@ -0,0 +1,81 @@ +commit 95f61610f3e481d191b6184432342236fd59186d +Author: Florian Weimer +Date: Wed Jul 24 12:06:47 2024 +0200 + + resolv: Support clearing option flags with a “-” prefix (bug 14799) + + I think using a “-” prefix is less confusing than introducing + double-negation construct (“no-no-tld-query”). + + Reviewed-by: DJ Delorie + +Conflicts: + NEWS: Dropped + resolv/res_init.c: DEPRECATED_RES_USE_INET6 and RES_TRUSTAD + +diff -Nrup a/resolv/res_init.c b/resolv/res_init.c +--- a/resolv/res_init.c 2025-05-21 08:57:39.108958310 -0400 ++++ b/resolv/res_init.c 2025-05-21 08:59:11.528419481 -0400 +@@ -682,27 +682,29 @@ res_setoptions (struct resolv_conf_parse + { + char str[22]; + uint8_t len; +- uint8_t clear; + unsigned long int flag; + } options[] = { + #define STRnLEN(str) str, sizeof (str) - 1 +- { STRnLEN ("inet6"), 0, DEPRECATED_RES_USE_INET6 }, +- { STRnLEN ("rotate"), 0, RES_ROTATE }, +- { STRnLEN ("edns0"), 0, RES_USE_EDNS0 }, +- { STRnLEN ("single-request-reopen"), 0, RES_SNGLKUPREOP }, +- { STRnLEN ("single-request"), 0, RES_SNGLKUP }, +- { STRnLEN ("no_tld_query"), 0, RES_NOTLDQUERY }, +- { STRnLEN ("no-tld-query"), 0, RES_NOTLDQUERY }, +- { STRnLEN ("no-reload"), 0, RES_NORELOAD }, +- { STRnLEN ("use-vc"), 0, RES_USEVC }, +- { STRnLEN ("no-aaaa"), 0, RES_NOAAAA }, ++ { STRnLEN ("inet6"), DEPRECATED_RES_USE_INET6 }, ++ { STRnLEN ("rotate"), RES_ROTATE }, ++ { STRnLEN ("edns0"), RES_USE_EDNS0 }, ++ { STRnLEN ("single-request-reopen"), RES_SNGLKUPREOP }, ++ { STRnLEN ("single-request"), RES_SNGLKUP }, ++ { STRnLEN ("no_tld_query"), RES_NOTLDQUERY }, ++ { STRnLEN ("no-tld-query"), RES_NOTLDQUERY }, ++ { STRnLEN ("no-reload"), RES_NORELOAD }, ++ { STRnLEN ("use-vc"), RES_USEVC }, ++ { STRnLEN ("no-aaaa"), RES_NOAAAA }, + }; + #define noptions (sizeof (options) / sizeof (options[0])) ++ bool negate_option = *cp == '-'; ++ if (negate_option) ++ ++cp; + for (int i = 0; i < noptions; ++i) + if (strncmp (cp, options[i].str, options[i].len) == 0) + { +- if (options[i].clear) +- parser->template.options &= options[i].flag; ++ if (negate_option) ++ parser->template.options &= ~options[i].flag; + else + parser->template.options |= options[i].flag; + break; +diff -Nrup a/resolv/tst-resolv-res_init-skeleton.c b/resolv/tst-resolv-res_init-skeleton.c +--- a/resolv/tst-resolv-res_init-skeleton.c 2025-05-21 08:57:39.109958315 -0400 ++++ b/resolv/tst-resolv-res_init-skeleton.c 2025-05-21 08:58:09.541110166 -0400 +@@ -680,6 +680,16 @@ struct test_case test_cases[] = + "; nameserver[0]: [192.0.2.1]:53\n", + .res_options = "attempts:5 ndots:3 edns0 ", + }, ++ {.name = "RES_OPTIONS can clear flags", ++ .conf = "options ndots:2 use-vc no-aaaa edns0\n" ++ "nameserver 192.0.2.1\n", ++ .expected = "options ndots:3 use-vc\n" ++ "search example.com\n" ++ "; search[0]: example.com\n" ++ "nameserver 192.0.2.1\n" ++ "; nameserver[0]: [192.0.2.1]:53\n", ++ .res_options = "ndots:3 -edns0 -no-aaaa", ++ }, + {.name = "many search list entries (bug 19569)", + .conf = "nameserver 192.0.2.1\n" + "search corp.example.com support.example.com" diff --git a/SOURCES/glibc-RHEL-18039-5.patch b/SOURCES/glibc-RHEL-18039-5.patch new file mode 100644 index 0000000..41d36fd --- /dev/null +++ b/SOURCES/glibc-RHEL-18039-5.patch @@ -0,0 +1,207 @@ +commit 765325951ac5c7d072278c9424930b29657e9758 +Author: Florian Weimer +Date: Wed Jul 24 12:06:47 2024 +0200 + + resolv: Implement strict-error stub resolver option (bug 27929) + + For now, do not enable this mode by default due to the potential + impact on compatibility with existing deployments. + + Reviewed-by: DJ Delorie + +Conflicts: + NEWS + (Dropped) + +diff -Nrup a/resolv/res_init.c b/resolv/res_init.c +--- a/resolv/res_init.c 2025-06-06 07:00:12.496548260 -0400 ++++ b/resolv/res_init.c 2025-06-06 07:02:49.092632696 -0400 +@@ -695,6 +695,7 @@ res_setoptions (struct resolv_conf_parse + { STRnLEN ("no-reload"), RES_NORELOAD }, + { STRnLEN ("use-vc"), RES_USEVC }, + { STRnLEN ("no-aaaa"), RES_NOAAAA }, ++ { STRnLEN ("strict-error"), RES_STRICTERR }, + }; + #define noptions (sizeof (options) / sizeof (options[0])) + bool negate_option = *cp == '-'; +diff -Nrup a/resolv/res_send.c b/resolv/res_send.c +--- a/resolv/res_send.c 2025-06-06 07:00:12.434548622 -0400 ++++ b/resolv/res_send.c 2025-06-06 07:02:49.095632678 -0400 +@@ -1357,21 +1357,38 @@ send_dg(res_state statp, + + if (thisansp_error) { + next_ns: +- if (recvresp1 || (buf2 != NULL && recvresp2)) { +- *resplen2 = 0; +- return resplen; +- } +- if (buf2 != NULL && !single_request) ++ /* Outside of strict-error mode, use the first ++ response even if the second response is an ++ error. This allows parallel resolution to ++ succeed even if the recursive resolver ++ always answers with SERVFAIL for AAAA ++ queries (which still happens in practice ++ unfortunately). ++ ++ In strict-error mode, always switch to the ++ next server and try to get a response from ++ there. */ ++ if ((statp->options & RES_STRICTERR) == 0) + { +- /* No data from the first reply. */ +- resplen = 0; +- /* We are waiting for a possible second reply. */ +- if (matching_query == 1) +- recvresp1 = 1; +- else +- recvresp2 = 1; ++ if (recvresp1 || (buf2 != NULL && recvresp2)) ++ { ++ *resplen2 = 0; ++ return resplen; ++ } ++ ++ if (buf2 != NULL && !single_request) ++ { ++ /* No data from the first reply. */ ++ resplen = 0; ++ /* We are waiting for a possible ++ second reply. */ ++ if (matching_query == 1) ++ recvresp1 = 1; ++ else ++ recvresp2 = 1; + +- goto wait; ++ goto wait; ++ } + } + + /* don't retry if called from dig */ +diff -Nrup a/resolv/resolv.h b/resolv/resolv.h +--- a/resolv/resolv.h 2025-06-06 06:59:53.530659146 -0400 ++++ b/resolv/resolv.h 2025-06-06 07:09:57.754126400 -0400 +@@ -136,6 +136,7 @@ struct res_sym { + as a TLD. */ + #define RES_NORELOAD 0x02000000 /* No automatic configuration reload. */ + #define RES_NOAAAA 0x08000000 /* Suppress AAAA queries. */ ++#define RES_STRICTERR 0x10000000 /* Report more DNS errors as errors. */ + + #define RES_DEFAULT (RES_RECURSE|RES_DEFNAMES|RES_DNSRCH) + +diff -Nrup a/resolv/tst-resolv-res_init-skeleton.c b/resolv/tst-resolv-res_init-skeleton.c +--- a/resolv/tst-resolv-res_init-skeleton.c 2025-06-06 07:00:12.499548242 -0400 ++++ b/resolv/tst-resolv-res_init-skeleton.c 2025-06-06 07:11:46.131274310 -0400 +@@ -130,6 +130,7 @@ print_resp (FILE *fp, res_state resp) + print_option_flag (fp, &options, RES_NOTLDQUERY, "no-tld-query"); + print_option_flag (fp, &options, RES_NORELOAD, "no-reload"); + print_option_flag (fp, &options, RES_NOAAAA, "no-aaaa"); ++ print_option_flag (fp, &options, RES_STRICTERR, "strict-error"); + fputc ('\n', fp); + if (options != 0) + fprintf (fp, "; error: unresolved option bits: 0x%x\n", options); +@@ -731,6 +732,15 @@ struct test_case test_cases[] = + "search example.com\n" + "; search[0]: example.com\n" + "nameserver 192.0.2.1\n" ++ "; nameserver[0]: [192.0.2.1]:53\n" ++ }, ++ {.name = "strict-error flag", ++ .conf = "options strict-error\n" ++ "nameserver 192.0.2.1\n", ++ .expected = "options strict-error\n" ++ "search example.com\n" ++ "; search[0]: example.com\n" ++ "nameserver 192.0.2.1\n" + "; nameserver[0]: [192.0.2.1]:53\n" + }, + { NULL } +diff -Nrup a/resolv/tst-resolv-semi-failure.c b/resolv/tst-resolv-semi-failure.c +--- a/resolv/tst-resolv-semi-failure.c 2025-06-06 07:00:12.438548599 -0400 ++++ b/resolv/tst-resolv-semi-failure.c 2025-06-06 07:02:49.099632654 -0400 +@@ -67,6 +67,9 @@ response (const struct resolv_response_c + resolv_response_close_record (b); + } + ++/* Set to 1 if strict error checking is enabled. */ ++static int do_strict_error; ++ + static void + check_one (void) + { +@@ -83,7 +86,10 @@ check_one (void) + struct addrinfo *ai; + int ret = getaddrinfo ("www.example", "80", &hints, &ai); + const char *expected; +- if (ret == 0 && ai->ai_next != NULL) ++ /* In strict-error mode, a switch to the second name server ++ happens, and both responses are received, so a single ++ response is a bug. */ ++ if (do_strict_error || (ret == 0 && ai->ai_next != NULL)) + expected = ("address: STREAM/TCP 192.0.2.17 80\n" + "address: STREAM/TCP 2001:db8::1 80\n"); + else +@@ -99,33 +105,36 @@ check_one (void) + static int + do_test (void) + { +- for (int do_single_lookup = 0; do_single_lookup < 2; ++do_single_lookup) +- { +- struct resolv_test *aux = resolv_test_start +- ((struct resolv_redirect_config) +- { +- .response_callback = response, +- }); +- +- if (do_single_lookup) +- _res.options |= RES_SNGLKUP; +- +- for (int do_fail_aaaa = 0; do_fail_aaaa < 2; ++do_fail_aaaa) +- { +- fail_aaaa = do_fail_aaaa; ++ for (do_strict_error = 0; do_strict_error < 2; ++do_strict_error) ++ for (int do_single_lookup = 0; do_single_lookup < 2; ++do_single_lookup) ++ { ++ struct resolv_test *aux = resolv_test_start ++ ((struct resolv_redirect_config) ++ { ++ .response_callback = response, ++ }); ++ ++ if (do_strict_error) ++ _res.options |= RES_STRICTERR; ++ if (do_single_lookup) ++ _res.options |= RES_SNGLKUP; ++ ++ for (int do_fail_aaaa = 0; do_fail_aaaa < 2; ++do_fail_aaaa) ++ { ++ fail_aaaa = do_fail_aaaa; ++ ++ rcode = 2; /* SERVFAIL. */ ++ check_one (); ++ ++ rcode = 4; /* NOTIMP. */ ++ check_one (); ++ ++ rcode = 5; /* REFUSED. */ ++ check_one (); ++ } + +- rcode = 2; /* SERVFAIL. */ +- check_one (); +- +- rcode = 4; /* NOTIMP. */ +- check_one (); +- +- rcode = 5; /* REFUSED. */ +- check_one (); +- } +- +- resolv_test_end (aux); +- } ++ resolv_test_end (aux); ++ } + + return 0; + } diff --git a/SOURCES/glibc-RHEL-18039-6.patch b/SOURCES/glibc-RHEL-18039-6.patch new file mode 100644 index 0000000..d14093c --- /dev/null +++ b/SOURCES/glibc-RHEL-18039-6.patch @@ -0,0 +1,28 @@ +commit ec119972cb2598c04ec7d4219e20506006836f64 +Author: Florian Weimer +Date: Thu Aug 1 10:46:10 2024 +0200 + + resolv: Fix tst-resolv-short-response for older GCC (bug 32042) + + Previous GCC versions do not support the C23 change that + allows labels on declarations. + + Reviewed-by: Adhemerval Zanella + +diff --git a/resolv/tst-resolv-short-response.c b/resolv/tst-resolv-short-response.c +index be354ae1c7..9b06b0c176 100644 +--- a/resolv/tst-resolv-short-response.c ++++ b/resolv/tst-resolv-short-response.c +@@ -33,8 +33,10 @@ response (const struct resolv_response_context *ctx, + { + case 0: + /* First server times out. */ +- struct resolv_response_flags flags = {.rcode = rcode}; +- resolv_response_init (b, flags); ++ { ++ struct resolv_response_flags flags = {.rcode = rcode}; ++ resolv_response_init (b, flags); ++ } + break; + case 1: + /* Second server sends reply. */ diff --git a/SOURCES/glibc-RHEL-93937-1.patch b/SOURCES/glibc-RHEL-93937-1.patch new file mode 100644 index 0000000..173bd3c --- /dev/null +++ b/SOURCES/glibc-RHEL-93937-1.patch @@ -0,0 +1,25 @@ +commit 81a1fa6cbfef5ca33e7eeb11f8f9a528f4dc0117 +Author: Arjun Shankar +Date: Tue Nov 5 16:41:25 2019 +0100 + + Fix run-one-test so that it runs elf tests + + The `test' make target passes a trailing slash in the subdir argument. This + does not play well with elf/rtld-Rules which looks for `elf' without any + trailing slash, and therefore doesn't find a match when running an elf test + individually. This commit removes the trailing slash from the invocation. + + Reviewed-by: DJ Delorie + +diff --git a/Makefile b/Makefile +index 6518f62ee0676b0d..40066189f3f49441 100644 +--- a/Makefile ++++ b/Makefile +@@ -518,6 +518,6 @@ iconvdata/% localedata/% po/%: FORCE + .PHONY: test + test : + @-rm -f $(objpfx)$t.out +- $(MAKE) subdir=$(dir $t) -C $(dir $t) ..=../ $(objpfx)$t.out ++ $(MAKE) subdir=$(patsubst %/,%,$(dir $t)) -C $(dir $t) ..=../ $(objpfx)$t.out + @cat $(objpfx)$t.test-result + @cat $(objpfx)$t.out diff --git a/SOURCES/glibc-RHEL-93937-2.patch b/SOURCES/glibc-RHEL-93937-2.patch new file mode 100644 index 0000000..444c498 --- /dev/null +++ b/SOURCES/glibc-RHEL-93937-2.patch @@ -0,0 +1,100 @@ +commit 2fca4b624bd3ceb8c756b4145c7e96aa032b2b98 +Author: Florian Weimer +Date: Wed Jun 4 17:44:19 2025 +0200 + + Makefile: Avoid $(objpfx)/ in makefiles + + If paths with both $(objpfx)/ and $(objpfx) (which already includes + a trailing slash) appear during the build, this can trigger unexpected + rebuilds, or incorrect concurrent rebuilds. + +Conflicts: + elf/Makefile: Test differences. + nss/Makefile: Test differences. + +diff --git a/elf/Makefile b/elf/Makefile +index 38976f195a398abf..d09f5482c089f18c 100644 +--- a/elf/Makefile ++++ b/elf/Makefile +@@ -1055,8 +1055,8 @@ $(objpfx)$(1).generated-makefile: $(1) + endef + endif + +-postclean-generated += $(objpfx)/dso-sort-tests-2.generated-makefile \ +- $(objpfx)/dso-sort-tests-2.generated-makefile ++postclean-generated += $(objpfx)dso-sort-tests-2.generated-makefile \ ++ $(objpfx)dso-sort-tests-2.generated-makefile + + # Generate from each testcase description file + ifeq (yes,$(have-tunables)) +@@ -2674,7 +2674,7 @@ $(objpfx)tst-tls21: $(libdl) $(shared-thread-library) + $(objpfx)tst-tls21.out: $(objpfx)tst-tls21mod.so + $(objpfx)tst-tls21mod.so: $(tst-tls-many-dynamic-modules:%=$(objpfx)%.so) + +-$(objpfx)tst-rtld-run-static.out: $(objpfx)/ldconfig ++$(objpfx)tst-rtld-run-static.out: $(objpfx)ldconfig + + $(objpfx)tst-dlmopen-gethostbyname: $(libdl) + $(objpfx)tst-dlmopen-gethostbyname.out: $(objpfx)tst-dlmopen-gethostbyname-mod.so +diff --git a/nss/Makefile b/nss/Makefile +index 4ee8b1eefd792062..05fcadf60fd0d771 100644 +--- a/nss/Makefile ++++ b/nss/Makefile +@@ -172,36 +172,36 @@ libof-nss_test1 = extramodules + libof-nss_test2 = extramodules + libof-nss_test_errno = extramodules + libof-nss_test_gai_hv2_canonname = extramodules +-$(objpfx)/libnss_test1.so: $(objpfx)nss_test1.os $(link-libc-deps) ++$(objpfx)libnss_test1.so: $(objpfx)nss_test1.os $(link-libc-deps) + $(build-module) +-$(objpfx)/libnss_test2.so: $(objpfx)nss_test2.os $(link-libc-deps) ++$(objpfx)libnss_test2.so: $(objpfx)nss_test2.os $(link-libc-deps) + $(build-module) +-$(objpfx)/libnss_test_errno.so: $(objpfx)nss_test_errno.os $(link-libc-deps) ++$(objpfx)libnss_test_errno.so: $(objpfx)nss_test_errno.os $(link-libc-deps) + $(build-module) +-$(objpfx)/libnss_test_gai_hv2_canonname.so: \ ++$(objpfx)libnss_test_gai_hv2_canonname.so: \ + $(objpfx)nss_test_gai_hv2_canonname.os $(link-libc-deps) \ +- $(objpfx)/libnss_files.so ++ $(objpfx)libnss_files.so + $(build-module) + $(objpfx)nss_test2.os : nss_test1.c + ifdef libnss_test1.so-version +-$(objpfx)/libnss_test1.so$(libnss_test1.so-version): $(objpfx)/libnss_test1.so ++$(objpfx)libnss_test1.so$(libnss_test1.so-version): $(objpfx)libnss_test1.so + $(make-link) + endif + ifdef libnss_test2.so-version +-$(objpfx)/libnss_test2.so$(libnss_test2.so-version): $(objpfx)/libnss_test2.so ++$(objpfx)libnss_test2.so$(libnss_test2.so-version): $(objpfx)libnss_test2.so + $(make-link) + endif +-$(objpfx)/libnss_test_errno.so$(libnss_files.so-version): \ +- $(objpfx)/libnss_test_errno.so ++$(objpfx)libnss_test_errno.so$(libnss_files.so-version): \ ++ $(objpfx)libnss_test_errno.so + $(make-link) +-$(objpfx)/libnss_test_gai_hv2_canonname.so$(libnss_files.so-version): \ +- $(objpfx)/libnss_test_gai_hv2_canonname.so ++$(objpfx)libnss_test_gai_hv2_canonname.so$(libnss_files.so-version): \ ++ $(objpfx)libnss_test_gai_hv2_canonname.so + $(make-link) + $(patsubst %,$(objpfx)%.out,$(tests) $(tests-container)) : \ +- $(objpfx)/libnss_test1.so$(libnss_test1.so-version) \ +- $(objpfx)/libnss_test2.so$(libnss_test2.so-version) \ +- $(objpfx)/libnss_test_errno.so$(libnss_files.so-version) \ +- $(objpfx)/libnss_test_gai_hv2_canonname.so$(libnss_files.so-version) ++ $(objpfx)libnss_test1.so$(libnss_test1.so-version) \ ++ $(objpfx)libnss_test2.so$(libnss_test2.so-version) \ ++ $(objpfx)libnss_test_errno.so$(libnss_files.so-version) \ ++ $(objpfx)libnss_test_gai_hv2_canonname.so$(libnss_files.so-version) + + ifeq (yes,$(have-thread-library)) + $(objpfx)tst-cancel-getpwuid_r: $(shared-thread-library) +@@ -211,4 +211,4 @@ $(objpfx)tst-nss-files-hosts-erange: $(libdl) + $(objpfx)tst-nss-files-hosts-multi: $(libdl) + $(objpfx)tst-nss-files-hosts-getent: $(libdl) + $(objpfx)tst-nss-files-alias-leak: $(libdl) +-$(objpfx)tst-nss-files-alias-leak.out: $(objpfx)/libnss_files.so ++$(objpfx)tst-nss-files-alias-leak.out: $(objpfx)libnss_files.so diff --git a/SPECS/glibc.spec b/SPECS/glibc.spec index d0e221e..d4d0202 100644 --- a/SPECS/glibc.spec +++ b/SPECS/glibc.spec @@ -115,7 +115,7 @@ end \ Summary: The GNU libc libraries Name: glibc Version: %{glibcversion} -Release: %{glibcrelease}.22 +Release: %{glibcrelease}.25 # In general, GPLv2+ is used by programs, LGPLv2+ is used for # libraries. @@ -1277,6 +1277,15 @@ Patch1042: glibc-RHEL-92685-6.patch Patch1043: glibc-RHEL-92685-7.patch Patch1044: glibc-RHEL-92685-8.patch Patch1045: glibc-RHEL-92685-9.patch +Patch1046: glibc-RHEL-93937-1.patch +Patch1047: glibc-RHEL-93937-2.patch +Patch1048: glibc-RHEL-18039-1.patch +Patch1049: glibc-RHEL-18039-2.patch +Patch1050: glibc-RHEL-18039-3.patch +Patch1051: glibc-RHEL-18039-4.patch +Patch1052: glibc-RHEL-18039-5.patch +Patch1053: glibc-RHEL-18039-6.patch +Patch1054: glibc-RHEL-105326.patch ############################################################################## # Continued list of core "glibc" package information: @@ -2938,6 +2947,18 @@ fi %{_libdir}/libpthread_nonshared.a %changelog +* Thu Jul 24 2025 Florian Weimer - 2.28-251.25 +- CVE-2025-8058: Double free in regcomp (RHEL-105326) + +* Thu Jun 05 2025 Patsy Griffin - 2.28-251.24 +- Keep reloading /etc/resolv.conf after timeouts with getaddrinfo + and AF_UNSPEC. +- Avoid timeouts with getaddrinfo, AF_UNSPEC, and certain DNS error + responses. (RHEL-18039) + +* Thu Jun 05 2025 Arjun Shankar - 2.28-251.23 +- Reduce spurious rebuilds while running tests (RHEL-93937) + * Mon May 26 2025 Florian Weimer - 2.28-251.22 - CVE-2025-4802: static setuid dlopen may search LD_LIBRARY_PATH (RHEL-92685)