import glibc-2.28-204.el8

2022-06-08 10:10:59 +00:00 · 2022-06-08 10:10:59 +00:00 · ec6a921b4e
parent ffde97cfb7
commit ec6a921b4e
7 changed files with 734 additions and 1 deletions
--- a/SOURCES/glibc-rh2089247-1.patch
+++ b/SOURCES/glibc-rh2089247-1.patch
@ -0,0 +1,47 @@
+commit e1df30fbc2e2167a982c0e77a7ebee28f4dd0800
+Author: Adhemerval Zanella <adhemerval.zanella@linaro.org>
+Date:   Thu Jul 25 11:22:17 2019 -0300
+
+    Get new entropy on each attempt __gen_tempname (BZ #15813)
+    
+    This is missing bit for fully fix BZ#15813 (the other two were fixed
+    by 359653aaacad463).
+    
+    Checked on x86_64-linux-gnu.
+    
+            [BZ #15813]
+            sysdeps/posix/tempname.c (__gen_tempname): get entrypy on each
+            attempt.
+
+diff --git a/sysdeps/posix/tempname.c b/sysdeps/posix/tempname.c
+index 3d26f378021680ae..61d7a9f36d37abae 100644
+--- a/sysdeps/posix/tempname.c
+++ b/sysdeps/posix/tempname.c
+@@ -186,7 +186,6 @@ __gen_tempname (char *tmpl, int suffixlen, int flags, int kind)
+ {
+   int len;
+   char *XXXXXX;
+-  uint64_t value;
+   unsigned int count;
+   int fd = -1;
+   int save_errno = errno;
+@@ -218,13 +217,13 @@ __gen_tempname (char *tmpl, int suffixlen, int flags, int kind)
+   /* This is where the Xs start.  */
+   XXXXXX = &tmpl[len - 6 - suffixlen];
+ 
+-  /* Get some more or less random data.  */
+-  RANDOM_BITS (value);
+-  value ^= (uint64_t)__getpid () << 32;
+-
+-  for (count = 0; count < attempts; value += 7777, ++count)
+  uint64_t pid = (uint64_t) __getpid () << 32;
+  for (count = 0; count < attempts; ++count)
+     {
+-      uint64_t v = value;
+      uint64_t v;
+      /* Get some more or less random data.  */
+      RANDOM_BITS (v);
+      v ^= pid;
+ 
+       /* Fill in the random bits.  */
+       XXXXXX[0] = letters[v % 62];
--- a/SOURCES/glibc-rh2089247-2.patch
+++ b/SOURCES/glibc-rh2089247-2.patch
@ -0,0 +1,87 @@
+commit 8eaf34eda256ba3647ed6e7ed5c7c9aa19955d17
+Author: Samuel Thibault <samuel.thibault@ens-lyon.org>
+Date:   Fri Dec 13 10:10:59 2019 +0100
+
+    hurd: Fix local PLT
+
+    * include/sys/random.h (__getrandom): Add hidden prototype.
+    * stdlib/getrandom.c (getrandom): Rename to hidden definition __getrandom.
+    Add weak alias.
+    * sysdeps/mach/hurd/getrandom.c (getrandom): Likewise.
+    * sysdeps/unix/sysv/linux/getrandom.c (getrandom): Likewise.
+    * sysdeps/mach/hurd/getentropy.c (getentropy): Use __getrandom instead of
+    getrandom.
+
+Conflicts:
+	include/sys/random.h
+	  (Missing backport of include/ consistency patch,
+	  commit ebd32784ce2029d0461a90a79bc4e37f8d051765 upstream.)
+	sysdeps/mach/hurd/getentropy.c
+	  (Hurd change has been dropped.)
+	sysdeps/unix/sysv/linux/dl-write.c
+	  (Mismerge of sysdeps/mach/hurd/getrandom.c.)
+
+diff --git a/include/sys/random.h b/include/sys/random.h
+new file mode 100644
+index 0000000000000000..6aa313d35dbdce8a
+--- /dev/null
+++ b/include/sys/random.h
+@@ -0,0 +1,11 @@
+#ifndef _SYS_RANDOM_H
+#include <stdlib/sys/random.h>
+
+# ifndef _ISOMAC
+
+extern ssize_t __getrandom (void *__buffer, size_t __length,
+                            unsigned int __flags) __wur;
+libc_hidden_proto (__getrandom)
+
+# endif /* !_ISOMAC */
+#endif
+diff --git a/stdlib/getrandom.c b/stdlib/getrandom.c
+index 45234bea17c5c86c..f8056688e40a0215 100644
+--- a/stdlib/getrandom.c
+++ b/stdlib/getrandom.c
+@@ -22,10 +22,12 @@
+ /* Write up to LENGTH bytes of randomness starting at BUFFER.
+    Return the number of bytes written, or -1 on error.  */
+ ssize_t
+-getrandom (void *buffer, size_t length, unsigned int flags)
+__getrandom (void *buffer, size_t length, unsigned int flags)
+ {
+   __set_errno (ENOSYS);
+   return -1;
+ }
+-
+ stub_warning (getrandom)
+
+libc_hidden_def (__getrandom)
+weak_alias (__getrandom, getrandom)
+diff --git a/sysdeps/unix/sysv/linux/getrandom.c b/sysdeps/unix/sysv/linux/getrandom.c
+index 435b037399665654..e34d7fdcd89d9b06 100644
+--- a/sysdeps/unix/sysv/linux/getrandom.c
+++ b/sysdeps/unix/sysv/linux/getrandom.c
+@@ -25,7 +25,7 @@
+ /* Write up to LENGTH bytes of randomness starting at BUFFER.
+    Return the number of bytes written, or -1 on error.  */
+ ssize_t
+-getrandom (void *buffer, size_t length, unsigned int flags)
+__getrandom (void *buffer, size_t length, unsigned int flags)
+ {
+   return SYSCALL_CANCEL (getrandom, buffer, length, flags);
+ }
+@@ -33,7 +33,7 @@ getrandom (void *buffer, size_t length, unsigned int flags)
+ /* Always provide a definition, even if the kernel headers lack the
+    system call number. */
+ ssize_t
+-getrandom (void *buffer, size_t length, unsigned int flags)
+__getrandom (void *buffer, size_t length, unsigned int flags)
+ {
+   /* Ideally, we would add a cancellation point here, but we currently
+      cannot do so inside libc.  */
+@@ -41,3 +41,5 @@ getrandom (void *buffer, size_t length, unsigned int flags)
+   return -1;
+ }
+ #endif
+libc_hidden_def (__getrandom)
+weak_alias (__getrandom, getrandom)
--- a/SOURCES/glibc-rh2089247-3.patch
+++ b/SOURCES/glibc-rh2089247-3.patch
@ -0,0 +1,67 @@
+Partial backport of:
+
+commit 04986243d1af37ac0177ed2f9db0a066ebd2b212
+Author: Adhemerval Zanella <adhemerval.zanella@linaro.org>
+Date:   Wed Jul 15 19:35:58 2020 +0000
+
+    Remove internal usage of extensible stat functions
+
+    It replaces the internal usage of __{f,l}xstat{at}{64} with the
+    __{f,l}stat{at}{64}.  It should not change the generate code since
+    sys/stat.h explicit defines redirections to internal calls back to
+    xstat* symbols.
+
+    Checked with a build for all affected ABIs.  I also check on
+    x86_64-linux-gnu and i686-linux-gnu.
+
+    Reviewed-by: Lukasz Majewski <lukma@denx.de>
+
+Only the changes to include/sys/stat.h and sysdeps/posix/tempname.c
+are included here.
+
+diff --git a/include/sys/stat.h b/include/sys/stat.h
+index b82d4527801d4797..c5b1938b87c9c5c3 100644
+--- a/include/sys/stat.h
+++ b/include/sys/stat.h
+@@ -52,6 +52,7 @@ extern __typeof (__fxstatat64) __fxstatat64 attribute_hidden;
+ #define lstat64(fname, buf)  __lxstat64 (_STAT_VER, fname, buf)
+ #define __lstat64(fname, buf)  __lxstat64 (_STAT_VER, fname, buf)
+ #define stat64(fname, buf) __xstat64 (_STAT_VER, fname, buf)
+#define __stat64(fname, buf) __xstat64 (_STAT_VER, fname, buf)
+ #define fstat64(fd, buf) __fxstat64 (_STAT_VER, fd, buf)
+ #define __fstat64(fd, buf) __fxstat64 (_STAT_VER, fd, buf)
+ #define fstat(fd, buf) __fxstat (_STAT_VER, fd, buf)
+diff --git a/sysdeps/posix/tempname.c b/sysdeps/posix/tempname.c
+index 61d7a9f36d37abae..a7b404cf4410cb00 100644
+--- a/sysdeps/posix/tempname.c
+++ b/sysdeps/posix/tempname.c
+@@ -66,7 +66,6 @@
+ # define __gettimeofday gettimeofday
+ # define __mkdir mkdir
+ # define __open open
+-# define __lxstat64(version, file, buf) lstat (file, buf)
+ # define __secure_getenv secure_getenv
+ #endif
+ 
+@@ -97,7 +96,7 @@ static int
+ direxists (const char *dir)
+ {
+   struct_stat64 buf;
+-  return __xstat64 (_STAT_VER, dir, &buf) == 0 && S_ISDIR (buf.st_mode);
+  return __stat64 (dir, &buf) == 0 && S_ISDIR (buf.st_mode);
+ }
+ 
+ /* Path search algorithm, for tmpnam, tmpfile, etc.  If DIR is
+@@ -252,10 +251,10 @@ __gen_tempname (char *tmpl, int suffixlen, int flags, int kind)
+ 
+ 	case __GT_NOCREATE:
+ 	  /* This case is backward from the other three.  __gen_tempname
+-	     succeeds if __xstat fails because the name does not exist.
+	     succeeds if lstat fails because the name does not exist.
+ 	     Note the continue to bypass the common logic at the bottom
+ 	     of the loop.  */
+-	  if (__lxstat64 (_STAT_VER, tmpl, &st) < 0)
+	  if (__lstat64 (tmpl, &st) < 0)
+ 	    {
+ 	      if (errno == ENOENT)
+ 		{
--- a/SOURCES/glibc-rh2089247-4.patch
+++ b/SOURCES/glibc-rh2089247-4.patch
@ -0,0 +1,440 @@
+commit 4dddd7e9cbecad4aa03ee5a9b9edb596e3d4e909
+Author: Adhemerval Zanella <adhemerval.zanella@linaro.org>
+Date:   Tue Sep 29 08:56:07 2020 -0300
+
+    posix: Sync tempname with gnulib [BZ #26648]
+
+    It syncs with gnulib commit b1268f22f443e8e4b9e.  The try_tempname_len
+    now uses getrandom on each iteration to get entropy and only uses the
+    clock plus ASLR as source of entropy if getrandom fails.
+
+    Checked on x86_64-linux-gnu and i686-linux-gnu.
+
+Conflicts:
+	sysdeps/posix/tempname.c
+	  (Missing tree-wide __gettimeofday to clock_gettime change,
+	  commit 4a39c34c4f85de57fb4e648cfa1e774437d69680 upstream.
+	  File was rebased to the upstream version.)
+
+diff --git a/sysdeps/posix/tempname.c b/sysdeps/posix/tempname.c
+index a7b404cf4410cb00..f199b25a7a227751 100644
+--- a/sysdeps/posix/tempname.c
+++ b/sysdeps/posix/tempname.c
+@@ -1,4 +1,4 @@
+-/* Copyright (C) 1991-2018 Free Software Foundation, Inc.
+/* Copyright (C) 1991-2021 Free Software Foundation, Inc.
+    This file is part of the GNU C Library.
+ 
+    The GNU C Library is free software; you can redistribute it and/or
+@@ -13,10 +13,10 @@
+ 
+    You should have received a copy of the GNU Lesser General Public
+    License along with the GNU C Library; if not, see
+-   <http://www.gnu.org/licenses/>.  */
+   <https://www.gnu.org/licenses/>.  */
+ 
+ #if !_LIBC
+-# include <config.h>
+# include <libc-config.h>
+ # include "tempname.h"
+ #endif
+ 
+@@ -24,9 +24,6 @@
+ #include <assert.h>
+ 
+ #include <errno.h>
+-#ifndef __set_errno
+-# define __set_errno(Val) errno = (Val)
+-#endif
+ 
+ #include <stdio.h>
+ #ifndef P_tmpdir
+@@ -36,12 +33,12 @@
+ # define TMP_MAX 238328
+ #endif
+ #ifndef __GT_FILE
+-# define __GT_FILE	0
+-# define __GT_DIR	1
+-# define __GT_NOCREATE	2
+# define __GT_FILE      0
+# define __GT_DIR       1
+# define __GT_NOCREATE  2
+ #endif
+-#if !_LIBC && (GT_FILE != __GT_FILE || GT_DIR != __GT_DIR	\
+-	       || GT_NOCREATE != __GT_NOCREATE)
+#if !_LIBC && (GT_FILE != __GT_FILE || GT_DIR != __GT_DIR       \
+               || GT_NOCREATE != __GT_NOCREATE)
+ # error report this to bug-gnulib@gnu.org
+ #endif
+ 
+@@ -50,11 +47,11 @@
+ #include <string.h>
+ 
+ #include <fcntl.h>
+-#include <sys/time.h>
+#include <stdalign.h>
+ #include <stdint.h>
+-#include <unistd.h>
+-
+#include <sys/random.h>
+ #include <sys/stat.h>
+#include <time.h>
+ 
+ #if _LIBC
+ # define struct_stat64 struct stat64
+@@ -62,33 +59,38 @@
+ #else
+ # define struct_stat64 struct stat
+ # define __gen_tempname gen_tempname
+-# define __getpid getpid
+-# define __gettimeofday gettimeofday
+ # define __mkdir mkdir
+ # define __open open
+-# define __secure_getenv secure_getenv
+# define __lstat64(file, buf) lstat (file, buf)
+# define __stat64(file, buf) stat (file, buf)
+# define __getrandom getrandom
+# define __clock_gettime64 clock_gettime
+# define __timespec64 timespec
+ #endif
+ 
+-#ifdef _LIBC
+-# include <random-bits.h>
+-# define RANDOM_BITS(Var) ((Var) = random_bits ())
+-# else
+-# define RANDOM_BITS(Var) \
+-    {                                                                         \
+-      struct timeval tv;                                                      \
+-      __gettimeofday (&tv, NULL);                                             \
+-      (Var) = ((uint64_t) tv.tv_usec << 16) ^ tv.tv_sec;                      \
+-    }
+-#endif
+/* Use getrandom if it works, falling back on a 64-bit linear
+   congruential generator that starts with Var's value
+   mixed in with a clock's low-order bits if available.  */
+typedef uint_fast64_t random_value;
+#define RANDOM_VALUE_MAX UINT_FAST64_MAX
+#define BASE_62_DIGITS 10 /* 62**10 < UINT_FAST64_MAX */
+#define BASE_62_POWER (62LL * 62 * 62 * 62 * 62 * 62 * 62 * 62 * 62 * 62)
+ 
+-/* Use the widest available unsigned type if uint64_t is not
+-   available.  The algorithm below extracts a number less than 62**6
+-   (approximately 2**35.725) from uint64_t, so ancient hosts where
+-   uintmax_t is only 32 bits lose about 3.725 bits of randomness,
+-   which is better than not having mkstemp at all.  */
+-#if !defined UINT64_MAX && !defined uint64_t
+-# define uint64_t uintmax_t
+static random_value
+random_bits (random_value var)
+{
+  random_value r;
+  /* Without GRND_NONBLOCK it can be blocked for minutes on some systems.  */
+  if (__getrandom (&r, sizeof r, GRND_NONBLOCK) == sizeof r)
+    return r;
+#if _LIBC || (defined CLOCK_MONOTONIC && HAVE_CLOCK_GETTIME)
+  /* Add entropy if getrandom did not work.  */
+  struct __timespec64 tv;
+  __clock_gettime64 (CLOCK_MONOTONIC, &tv);
+  var ^= tv.tv_nsec;
+ #endif
+  return 2862933555777941757 * var + 3037000493;
+}
+ 
+ #if _LIBC
+ /* Return nonzero if DIR is an existent directory.  */
+@@ -107,7 +109,7 @@ direxists (const char *dir)
+    enough space in TMPL. */
+ int
+ __path_search (char *tmpl, size_t tmpl_len, const char *dir, const char *pfx,
+-	       int try_tmpdir)
+               int try_tmpdir)
+ {
+   const char *d;
+   size_t dlen, plen;
+@@ -121,35 +123,35 @@ __path_search (char *tmpl, size_t tmpl_len, const char *dir, const char *pfx,
+     {
+       plen = strlen (pfx);
+       if (plen > 5)
+-	plen = 5;
+        plen = 5;
+     }
+ 
+   if (try_tmpdir)
+     {
+       d = __secure_getenv ("TMPDIR");
+       if (d != NULL && direxists (d))
+-	dir = d;
+        dir = d;
+       else if (dir != NULL && direxists (dir))
+-	/* nothing */ ;
+        /* nothing */ ;
+       else
+-	dir = NULL;
+        dir = NULL;
+     }
+   if (dir == NULL)
+     {
+       if (direxists (P_tmpdir))
+-	dir = P_tmpdir;
+        dir = P_tmpdir;
+       else if (strcmp (P_tmpdir, "/tmp") != 0 && direxists ("/tmp"))
+-	dir = "/tmp";
+        dir = "/tmp";
+       else
+-	{
+-	  __set_errno (ENOENT);
+-	  return -1;
+-	}
+        {
+          __set_errno (ENOENT);
+          return -1;
+        }
+     }
+ 
+   dlen = strlen (dir);
+   while (dlen > 1 && dir[dlen - 1] == '/')
+-    dlen--;			/* remove trailing slashes */
+    dlen--;                     /* remove trailing slashes */
+ 
+   /* check we have room for "${dir}/${pfx}XXXXXX\0" */
+   if (tmpl_len < dlen + 1 + plen + 6 + 1)
+@@ -163,39 +165,91 @@ __path_search (char *tmpl, size_t tmpl_len, const char *dir, const char *pfx,
+ }
+ #endif /* _LIBC */
+ 
+#if _LIBC
+static int try_tempname_len (char *, int, void *, int (*) (char *, void *),
+                             size_t);
+#endif
+
+static int
+try_file (char *tmpl, void *flags)
+{
+  int *openflags = flags;
+  return __open (tmpl,
+                 (*openflags & ~O_ACCMODE)
+                 | O_RDWR | O_CREAT | O_EXCL, S_IRUSR | S_IWUSR);
+}
+
+static int
+try_dir (char *tmpl, void *flags _GL_UNUSED)
+{
+  return __mkdir (tmpl, S_IRUSR | S_IWUSR | S_IXUSR);
+}
+
+static int
+try_nocreate (char *tmpl, void *flags _GL_UNUSED)
+{
+  struct_stat64 st;
+
+  if (__lstat64 (tmpl, &st) == 0 || errno == EOVERFLOW)
+    __set_errno (EEXIST);
+  return errno == ENOENT ? 0 : -1;
+}
+
+ /* These are the characters used in temporary file names.  */
+ static const char letters[] =
+ "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
+ 
+ /* Generate a temporary file name based on TMPL.  TMPL must match the
+-   rules for mk[s]temp (i.e. end in "XXXXXX", possibly with a suffix).
+   rules for mk[s]temp (i.e., end in at least X_SUFFIX_LEN "X"s,
+   possibly with a suffix).
+    The name constructed does not exist at the time of the call to
+-   __gen_tempname.  TMPL is overwritten with the result.
+   this function.  TMPL is overwritten with the result.
+ 
+    KIND may be one of:
+-   __GT_NOCREATE:	simply verify that the name does not exist
+-			at the time of the call.
+-   __GT_FILE:		create the file using open(O_CREAT|O_EXCL)
+-			and return a read-write fd.  The file is mode 0600.
+-   __GT_DIR:		create a directory, which will be mode 0700.
+   __GT_NOCREATE:       simply verify that the name does not exist
+                        at the time of the call.
+   __GT_FILE:           create the file using open(O_CREAT|O_EXCL)
+                        and return a read-write fd.  The file is mode 0600.
+   __GT_DIR:            create a directory, which will be mode 0700.
+ 
+    We use a clever algorithm to get hard-to-predict names. */
+#ifdef _LIBC
+static
+#endif
+ int
+-__gen_tempname (char *tmpl, int suffixlen, int flags, int kind)
+gen_tempname_len (char *tmpl, int suffixlen, int flags, int kind,
+                  size_t x_suffix_len)
+ {
+-  int len;
+  static int (*const tryfunc[]) (char *, void *) =
+    {
+      [__GT_FILE] = try_file,
+      [__GT_DIR] = try_dir,
+      [__GT_NOCREATE] = try_nocreate
+    };
+  return try_tempname_len (tmpl, suffixlen, &flags, tryfunc[kind],
+                           x_suffix_len);
+}
+
+#ifdef _LIBC
+static
+#endif
+int
+try_tempname_len (char *tmpl, int suffixlen, void *args,
+                  int (*tryfunc) (char *, void *), size_t x_suffix_len)
+{
+  size_t len;
+   char *XXXXXX;
+   unsigned int count;
+   int fd = -1;
+   int save_errno = errno;
+-  struct_stat64 st;
+ 
+   /* A lower bound on the number of temporary files to attempt to
+      generate.  The maximum total number of temporary file names that
+      can exist for a given template is 62**6.  It should never be
+      necessary to try all of these combinations.  Instead if a reasonable
+      number of names is tried (we define reasonable as 62**3) fail to
+-     give the system administrator the chance to remove the problems.  */
+     give the system administrator the chance to remove the problems.
+     This value requires that X_SUFFIX_LEN be at least 3.  */
+ #define ATTEMPTS_MIN (62 * 62 * 62)
+ 
+   /* The number of times to attempt to generate a temporary file.  To
+@@ -206,82 +260,75 @@ __gen_tempname (char *tmpl, int suffixlen, int flags, int kind)
+   unsigned int attempts = ATTEMPTS_MIN;
+ #endif
+ 
+  /* A random variable.  The initial value is used only the for fallback path
+     on 'random_bits' on 'getrandom' failure.  Its initial value tries to use
+     some entropy from the ASLR and ignore possible bits from the stack
+     alignment.  */
+  random_value v = ((uintptr_t) &v) / alignof (max_align_t);
+
+  /* How many random base-62 digits can currently be extracted from V.  */
+  int vdigits = 0;
+
+  /* Least unfair value for V.  If V is less than this, V can generate
+     BASE_62_DIGITS digits fairly.  Otherwise it might be biased.  */
+  random_value const unfair_min
+    = RANDOM_VALUE_MAX - RANDOM_VALUE_MAX % BASE_62_POWER;
+
+   len = strlen (tmpl);
+-  if (len < 6 + suffixlen || memcmp (&tmpl[len - 6 - suffixlen], "XXXXXX", 6))
+  if (len < x_suffix_len + suffixlen
+      || strspn (&tmpl[len - x_suffix_len - suffixlen], "X") < x_suffix_len)
+     {
+       __set_errno (EINVAL);
+       return -1;
+     }
+ 
+   /* This is where the Xs start.  */
+-  XXXXXX = &tmpl[len - 6 - suffixlen];
+  XXXXXX = &tmpl[len - x_suffix_len - suffixlen];
+ 
+-  uint64_t pid = (uint64_t) __getpid () << 32;
+   for (count = 0; count < attempts; ++count)
+     {
+-      uint64_t v;
+-      /* Get some more or less random data.  */
+-      RANDOM_BITS (v);
+-      v ^= pid;
+-
+-      /* Fill in the random bits.  */
+-      XXXXXX[0] = letters[v % 62];
+-      v /= 62;
+-      XXXXXX[1] = letters[v % 62];
+-      v /= 62;
+-      XXXXXX[2] = letters[v % 62];
+-      v /= 62;
+-      XXXXXX[3] = letters[v % 62];
+-      v /= 62;
+-      XXXXXX[4] = letters[v % 62];
+-      v /= 62;
+-      XXXXXX[5] = letters[v % 62];
+-
+-      switch (kind)
+-	{
+-	case __GT_FILE:
+-	  fd = __open (tmpl,
+-		       (flags & ~O_ACCMODE)
+-		       | O_RDWR | O_CREAT | O_EXCL, S_IRUSR | S_IWUSR);
+-	  break;
+-
+-	case __GT_DIR:
+-	  fd = __mkdir (tmpl, S_IRUSR | S_IWUSR | S_IXUSR);
+-	  break;
+-
+-	case __GT_NOCREATE:
+-	  /* This case is backward from the other three.  __gen_tempname
+-	     succeeds if lstat fails because the name does not exist.
+-	     Note the continue to bypass the common logic at the bottom
+-	     of the loop.  */
+-	  if (__lstat64 (tmpl, &st) < 0)
+-	    {
+-	      if (errno == ENOENT)
+-		{
+-		  __set_errno (save_errno);
+-		  return 0;
+-		}
+-	      else
+-		/* Give up now. */
+-		return -1;
+-	    }
+-	  continue;
+-
+-	default:
+-	  assert (! "invalid KIND in __gen_tempname");
+-	  abort ();
+-	}
+-
+      for (size_t i = 0; i < x_suffix_len; i++)
+        {
+          if (vdigits == 0)
+            {
+              do
+                v = random_bits (v);
+              while (unfair_min <= v);
+
+              vdigits = BASE_62_DIGITS;
+            }
+
+          XXXXXX[i] = letters[v % 62];
+          v /= 62;
+          vdigits--;
+        }
+
+      fd = tryfunc (tmpl, args);
+       if (fd >= 0)
+-	{
+-	  __set_errno (save_errno);
+-	  return fd;
+-	}
+        {
+          __set_errno (save_errno);
+          return fd;
+        }
+       else if (errno != EEXIST)
+-	return -1;
+        return -1;
+     }
+ 
+   /* We got out of the loop because we ran out of combinations to try.  */
+   __set_errno (EEXIST);
+   return -1;
+ }
+
+int
+__gen_tempname (char *tmpl, int suffixlen, int flags, int kind)
+{
+  return gen_tempname_len (tmpl, suffixlen, flags, kind, 6);
+}
+
+#if !_LIBC
+int
+try_tempname (char *tmpl, int suffixlen, void *args,
+              int (*tryfunc) (char *, void *))
+{
+  return try_tempname_len (tmpl, suffixlen, args, tryfunc, 6);
+}
+#endif
--- a/SOURCES/glibc-rh2089247-5.patch
+++ b/SOURCES/glibc-rh2089247-5.patch
@ -0,0 +1,17 @@
+Downstream-only patch to use non-time64 identifiers in
+sysdeps/posix/tempname.c.  Upstream has switched to the time64
+symbols.
+
+diff --git a/sysdeps/posix/tempname.c b/sysdeps/posix/tempname.c
+index f199b25a7a227751..fcab9b26364021e4 100644
+--- a/sysdeps/posix/tempname.c
+++ b/sysdeps/posix/tempname.c
+@@ -56,6 +56,8 @@
+ #if _LIBC
+ # define struct_stat64 struct stat64
+ # define __secure_getenv __libc_secure_getenv
+# define __clock_gettime64 __clock_gettime
+# define __timespec64 timespec
+ #else
+ # define struct_stat64 struct stat
+ # define __gen_tempname gen_tempname
--- a/SOURCES/glibc-rh2089247-6.patch
+++ b/SOURCES/glibc-rh2089247-6.patch
@ -0,0 +1,66 @@
+commit f430293d842031f2afc3013f156e1018065e480e
+Author: Adhemerval Zanella <adhemerval.zanella@linaro.org>
+Date:   Tue Jan 12 09:17:09 2021 -0300
+
+    posix: consume less entropy on tempname
+    
+    The first getrandom is used only for __GT_NOCREATE, which is inherently
+    insecure and can use the entropy as a small improvement.  On the
+    second and later attempts it might help against DoS attacks.
+    
+    It sync with gnulib commit 854fbb81d91f7a0f2b463e7ace2499dee2f380f2.
+    
+    Checked on x86_64-linux-gnu.
+
+diff --git a/sysdeps/posix/tempname.c b/sysdeps/posix/tempname.c
+index fcab9b26364021e4..3435c4bf75a01f42 100644
+--- a/sysdeps/posix/tempname.c
+++ b/sysdeps/posix/tempname.c
+@@ -22,6 +22,7 @@
+ 
+ #include <sys/types.h>
+ #include <assert.h>
+#include <stdbool.h>
+ 
+ #include <errno.h>
+ 
+@@ -79,11 +80,11 @@ typedef uint_fast64_t random_value;
+ #define BASE_62_POWER (62LL * 62 * 62 * 62 * 62 * 62 * 62 * 62 * 62 * 62)
+ 
+ static random_value
+-random_bits (random_value var)
+random_bits (random_value var, bool use_getrandom)
+ {
+   random_value r;
+   /* Without GRND_NONBLOCK it can be blocked for minutes on some systems.  */
+-  if (__getrandom (&r, sizeof r, GRND_NONBLOCK) == sizeof r)
+  if (use_getrandom && __getrandom (&r, sizeof r, GRND_NONBLOCK) == sizeof r)
+     return r;
+ #if _LIBC || (defined CLOCK_MONOTONIC && HAVE_CLOCK_GETTIME)
+   /* Add entropy if getrandom did not work.  */
+@@ -271,6 +272,13 @@ try_tempname_len (char *tmpl, int suffixlen, void *args,
+   /* How many random base-62 digits can currently be extracted from V.  */
+   int vdigits = 0;
+ 
+  /* Whether to consume entropy when acquiring random bits.  On the
+     first try it's worth the entropy cost with __GT_NOCREATE, which
+     is inherently insecure and can use the entropy to make it a bit
+     less secure.  On the (rare) second and later attempts it might
+     help against DoS attacks.  */
+  bool use_getrandom = tryfunc == try_nocreate;
+
+   /* Least unfair value for V.  If V is less than this, V can generate
+      BASE_62_DIGITS digits fairly.  Otherwise it might be biased.  */
+   random_value const unfair_min
+@@ -294,7 +302,10 @@ try_tempname_len (char *tmpl, int suffixlen, void *args,
+           if (vdigits == 0)
+             {
+               do
+-                v = random_bits (v);
+                {
+                  v = random_bits (v, use_getrandom);
+                  use_getrandom = true;
+                }
+               while (unfair_min <= v);
+ 
+               vdigits = BASE_62_DIGITS;
--- a/SPECS/glibc.spec
+++ b/SPECS/glibc.spec
@ -1,6 +1,6 @@
 %define glibcsrcdir glibc-2.28
 %define glibcversion 2.28
-%define glibcrelease 203%{?dist}
+%define glibcrelease 204%{?dist}
 # Pre-release tarballs are pulled in from git using a command that is
 # effectively:
 #
@ -897,6 +897,12 @@ Patch702: glibc-rh1982608.patch
 Patch703: glibc-rh1961109.patch
 Patch704: glibc-rh2086853.patch
 Patch705: glibc-rh2077835.patch
+Patch706: glibc-rh2089247-1.patch
+Patch707: glibc-rh2089247-2.patch
+Patch708: glibc-rh2089247-3.patch
+Patch709: glibc-rh2089247-4.patch
+Patch710: glibc-rh2089247-5.patch
+Patch711: glibc-rh2089247-6.patch

 ##############################################################################
 # Continued list of core "glibc" package information:
@ -2727,6 +2733,9 @@ fi
 %files -f compat-libpthread-nonshared.filelist -n compat-libpthread-nonshared

 %changelog
+* Mon May 23 2022 Florian Weimer <fweimer@redhat.com> - 2.28-204
+- Increase tempnam randomness (#2089247)
+
 * Tue May 17 2022 Patsy Griffin <patsy@redhat.com> - 2.28-203
 - 390x: Add support for IBM z16. (#2077835)