From 5176c4e7b561acd45f98d820e4d044b2eea3546e Mon Sep 17 00:00:00 2001
From: Jeff Law <law@redhat.com>
Date: Thu, 21 Jun 2012 17:28:16 -0600
Subject: [PATCH]   - Resync with upstream sources (#834447).   - Fix
 use-after-free in dcigettext.c (#816647).

---
 .gitignore            |  3 +++
 glibc-rh729661.patch  | 56 -------------------------------------------
 glibc-rh816647.patch  | 25 -------------------
 glibc-sw13618-2.patch | 28 ----------------------
 glibc.spec            | 16 +++----------
 sources               |  6 ++---
 6 files changed, 9 insertions(+), 125 deletions(-)
 delete mode 100644 glibc-rh729661.patch
 delete mode 100644 glibc-rh816647.patch
 delete mode 100644 glibc-sw13618-2.patch

diff --git a/.gitignore b/.gitignore
index 288a94e..c6294e8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -26,3 +26,6 @@ glibc-2.14-394-g8f3b1ff
 /glibc-2.15.90-6043738b.tar.gz
 /glibc-2.15.90-f8308a72-fedora.tar.gz
 /glibc-2.15.90-f8308a72.tar.gz
+/glibc-2.15.90-116a106a-fedora.tar.gz
+/glibc-2.15.90-116a106a.tar.gz
+/glibc-ports-2.15.90-a20c2b3c.tar.gz
diff --git a/glibc-rh729661.patch b/glibc-rh729661.patch
deleted file mode 100644
index 5d4ba8d..0000000
--- a/glibc-rh729661.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-diff -rup a/elf/dl-deps.c b/elf/dl-deps.c
---- a/elf/dl-deps.c	2012-01-23 14:28:15.888185967 -0700
-+++ b/elf/dl-deps.c	2012-01-23 14:29:11.620197431 -0700
-@@ -634,7 +634,7 @@ Filters not supported with LD_TRACE_PREL
-       /* We can skip looking for the binary itself which is at the front
- 	 of the search list.  */
-       i = 1;
--      char seen[nlist];
-+      uint16_t seen[nlist];
-       memset (seen, 0, nlist * sizeof (seen[0]));
-       while (1)
- 	{
-@@ -660,13 +660,13 @@ Filters not supported with LD_TRACE_PREL
- 			       (k - i) * sizeof (l_initfini[0]));
- 		      l_initfini[k] = thisp;
- 
--		      if (seen[i + 1] > 1)
-+		      if (seen[i + 1] > nlist - i)
- 			{
- 			  ++i;
- 			  goto next_clear;
- 			}
- 
--		      char this_seen = seen[i];
-+		      uint16_t this_seen = seen[i];
- 		      memmove (&seen[i], &seen[i + 1],
- 			       (k - i) * sizeof (seen[0]));
- 		      seen[k] = this_seen;
-diff -rup a/elf/dl-fini.c b/elf/dl-fini.c
---- a/elf/dl-fini.c	2012-01-01 05:16:32.000000000 -0700
-+++ b/elf/dl-fini.c	2012-01-23 14:29:39.661203226 -0700
-@@ -39,7 +39,7 @@ _dl_sort_fini (struct link_map **maps, s
-   /* We can skip looking for the binary itself which is at the front
-      of the search list for the main namespace.  */
-   unsigned int i = ns == LM_ID_BASE;
--  char seen[nmaps];
-+  uint16_t seen[nmaps];
-   memset (seen, 0, nmaps * sizeof (seen[0]));
-   while (1)
-     {
-@@ -79,13 +79,13 @@ _dl_sort_fini (struct link_map **maps, s
- 		      used[k] = here_used;
- 		    }
- 
--		  if (seen[i + 1] > 1)
-+		  if (seen[i + 1] > nmaps - i)
- 		    {
- 		      ++i;
- 		      goto next_clear;
- 		    }
- 
--		  char this_seen = seen[i];
-+		  uint16_t this_seen = seen[i];
- 		  memmove (&seen[i], &seen[i + 1], (k - i) * sizeof (seen[0]));
- 		  seen[k] = this_seen;
- 
diff --git a/glibc-rh816647.patch b/glibc-rh816647.patch
deleted file mode 100644
index 1880121..0000000
--- a/glibc-rh816647.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-2012-06-21  Jeff Law  <law@redhat.com>
-
-	* intl/dcigettext.c (_nl_find_msg): Do not dereference memory
-	that may have just been free'd.
-
-diff --git a/intl/dcigettext.c b/intl/dcigettext.c
-index f6b7573..9c673d4 100644
---- a/intl/dcigettext.c
-+++ b/intl/dcigettext.c
-@@ -1149,13 +1149,14 @@ _nl_find_msg (domain_file, domainbinding, msgid, convert, lengthp)
- 		  /* We must allocate a new buffer or resize the old one.  */
- 		  if (malloc_count > 0)
- 		    {
-+		      struct transmem_list *next = transmem_list->next;
- 		      ++malloc_count;
- 		      freemem_size = malloc_count * INITIAL_BLOCK_SIZE;
- 		      newmem = (transmem_block_t *) realloc (transmem_list,
- 							     freemem_size);
- # ifdef _LIBC
- 		      if (newmem != NULL)
--			transmem_list = transmem_list->next;
-+			transmem_list = next;
- 		      else
- 			{
- 			  struct transmem_list *old = transmem_list;
diff --git a/glibc-sw13618-2.patch b/glibc-sw13618-2.patch
deleted file mode 100644
index bb4b06e..0000000
--- a/glibc-sw13618-2.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-diff -Nrup a/elf/dl-open.c b/elf/dl-open.c
---- a/elf/dl-open.c	2012-01-29 21:57:36.251660367 -0700
-+++ b/elf/dl-open.c	2012-01-29 21:58:55.762694069 -0700
-@@ -328,7 +328,7 @@ dl_open_worker (void *a)
-   while (l != NULL);
-   if (nmaps > 1)
-     {
--      char seen[nmaps];
-+      uint16_t seen[nmaps];
-       memset (seen, '\0', nmaps);
-       size_t i = 0;
-       while (1)
-@@ -354,13 +354,13 @@ dl_open_worker (void *a)
- 			       (k - i) * sizeof (maps[0]));
- 		      maps[k] = thisp;
- 
--		      if (seen[i + 1] > 1)
-+		      if (seen[i + 1] > nmaps - i)
- 			{
- 			  ++i;
- 			  goto next_clear;
- 			}
- 
--		      char this_seen = seen[i];
-+		      uint16_t this_seen = seen[i];
- 		      memmove (&seen[i], &seen[i + 1],
- 			       (k - i) * sizeof (seen[0]));
- 		      seen[k] = this_seen;
diff --git a/glibc.spec b/glibc.spec
index af26340..647a8d6 100644
--- a/glibc.spec
+++ b/glibc.spec
@@ -1,6 +1,6 @@
-%define glibcsrcdir glibc-2.15.90-f8308a72
+%define glibcsrcdir glibc-2.15.90-116a106a
 %define glibcversion 2.15.90
-%define glibcportsdir glibc-ports-2.15.90-36d173fb
+%define glibcportsdir glibc-ports-2.15.90-a20c2b3c
 ### glibc.spec.in follows:
 %define run_glibc_tests 1
 %define auxarches athlon alphaev6
@@ -121,11 +121,6 @@ Patch2003: %{name}-rh757881.patch
 # Upstream BZ 13013
 Patch2004: %{name}-rh730856.patch
 
-Patch2006: %{name}-rh729661.patch
-
-# Upstream BZ 13618
-Patch2010: %{name}-sw13618-2.patch
-
 Patch2013: %{name}-rh741105.patch
 Patch2014: %{name}-rh770869.patch
 Patch2015: %{name}-rh691912.patch
@@ -174,9 +169,6 @@ Patch2034: %{name}-rh767693-2.patch
 # Upstream BZ 14247
 Patch2036: %{name}-rh827510.patch
 
-# Upstream BZ 14277
-Patch2037: %{name}-rh816647.patch
-
 Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 Obsoletes: glibc-profile < 2.4
 Obsoletes: nss_db
@@ -404,11 +396,9 @@ rm -rf %{glibcportsdir}
 %patch2003 -p1
 %patch2004 -p1
 %patch0005 -p1
-%patch2006 -p1
 %patch0007 -p1
 %patch0008 -p1
 %patch0009 -p1
-%patch2010 -p1
 %patch0011 -p1
 %patch0012 -p1
 %patch2013 -p1
@@ -435,7 +425,6 @@ rm -rf %{glibcportsdir}
 %patch2034 -p1
 %patch0035 -p1
 %patch2036 -p1
-%patch2037 -p1
 
 # On powerpc32, hp timing is only available in power4/power6
 # libs, not in base, so pre-power4 dynamic linker is incompatible
@@ -1319,6 +1308,7 @@ rm -f *.filelist*
 
 %changelog
 * Thu Jun 21 2012 Jeff Law <law@redhat.com> - 2.15.90-15
+  - Resync with upstream sources (#834447).
   - Fix use-after-free in dcigettext.c (#816647).
 
 * Fri Jun 15 2012 Jeff Law <law@redhat.com> - 2.15.90-14
diff --git a/sources b/sources
index 6304cd4..7e42a78 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
-1a684f60874718dbfb3dd5556fd9bc77  glibc-2.15.90-f8308a72-fedora.tar.gz
-9d03c29eacc9a7b842825bc220b4ec36  glibc-2.15.90-f8308a72.tar.gz
-8502eb8b2c3abccaabaa45ce45808d48  glibc-ports-2.15.90-36d173fb.tar.gz
+281f4fd07d6f28c3463ceb3178bff664  glibc-2.15.90-116a106a-fedora.tar.gz
+4057fc6c44b80ac29a709d839ddb9b89  glibc-2.15.90-116a106a.tar.gz
+f29d9ebfdc591ebfbfbb14e24855b9c0  glibc-ports-2.15.90-a20c2b3c.tar.gz