CVE-2023-4813: Work around RHEL-8 limitation in test

Resolves: RHEL-2435

glibc-RHEL-2435-2.patch

@@ -0,0 +1,22 @@
+Work around in the test case, the fact that RHEL-8 NSS modules
+infrastructure incorrectly allows merging in the hosts database.  This
+is a RHEL-8 only fix.
+
+diff --git a/nss/tst-nss-gai-actions.c b/nss/tst-nss-gai-actions.c
+index efca6cd1837a172a..c35e752896eceb2a 100644
+--- a/nss/tst-nss-gai-actions.c
++++ b/nss/tst-nss-gai-actions.c
+@@ -87,6 +87,13 @@ do_one_test (int action, int family, bool canon)
+     case ACTION_MERGE:
+       if (ret == 0)
+ 	{
++	  if (hints.ai_flags == 0 && hints.ai_family == AF_INET)
++	    {
++	      printf ("*****      RHEL-8 limitation: "
++		      "NSS modules infrastructure incorrectly allows MERGE\n");
++	      return;
++	    }
++
+ 	  char *formatted = support_format_addrinfo (ai, ret);
+ 
+ 	  printf ("merge unexpectedly succeeded:\n %s\n", formatted);

glibc.spec

@@ -132,7 +132,7 @@ end \
 Summary: The GNU libc libraries
 Name: glibc
 Version: %{glibcversion}
-Release: %{glibcrelease}.3
+Release: %{glibcrelease}.4
 
 # In general, GPLv2+ is used by programs, LGPLv2+ is used for
 # libraries.
@@ -1055,6 +1055,7 @@ Patch862: glibc-rh2233338-5.patch
 Patch863: glibc-rh2233338-6.patch
 Patch864: glibc-rh2234714.patch
 Patch865: glibc-RHEL-2435.patch
+Patch866: glibc-RHEL-2435-2.patch
 
 ##############################################################################
 # Continued list of core "glibc" package information:
@@ -2885,6 +2886,9 @@ fi
 %files -f compat-libpthread-nonshared.filelist -n compat-libpthread-nonshared
 
 %changelog
+* Tue Sep 19 2023 Siddhesh Poyarekar <siddhesh@redhat.com> - 2.28-236.4
+- CVE-2023-4813: Work around RHEL-8 limitation in test (RHEL-2435)
+
 * Fri Sep 15 2023 Siddhesh Poyarekar <siddhesh@redhat.com> - 2.28-236.3
 - CVE-2023-4813: potential use-after-free in gaih_inet (RHEL-2435)