From e96e9a5db848c4f75c2c77ab07cffef0268e41fd Mon Sep 17 00:00:00 2001
From: DJ Delorie <dj@redhat.com>
Date: Fri, 3 Oct 2025 14:40:27 -0400
Subject: [PATCH] nss: Group merge does not react to ERANGE during merge
 (RHEL-114260)

Resolves: RHEL-114260
---
 glibc-RHEL-114260.patch | 45 +++++++++++++++++++++++++++++++++++++++++
 glibc.spec              |  6 +++++-
 2 files changed, 50 insertions(+), 1 deletion(-)
 create mode 100644 glibc-RHEL-114260.patch

diff --git a/glibc-RHEL-114260.patch b/glibc-RHEL-114260.patch
new file mode 100644
index 0000000..15cf58d
--- /dev/null
+++ b/glibc-RHEL-114260.patch
@@ -0,0 +1,45 @@
+commit 0fceed254559836b57ee05188deac649bc505d05
+Author: Florian Weimer <fweimer@redhat.com>
+Date:   Fri Sep 12 21:33:34 2025 +0200
+
+    nss: Group merge does not react to ERANGE during merge (bug 33361)
+    
+    The break statement in CHECK_MERGE is expected to exit the surrounding
+    while loop, not the do-while loop with in the macro.  Remove the
+    do-while loop from the macro.  It is not needed to turn the macro
+    expansion into a single statement due to the way CHECK_MERGE is used
+    (and the statement expression would cover this anyway).
+    
+    Reviewed-by: Collin Funk <collin.funk1@gmail.com>
+
+diff --git a/nss/getXXbyYY_r.c b/nss/getXXbyYY_r.c
+index eae6c3480e..2b0735fb6a 100644
+--- a/nss/getXXbyYY_r.c
++++ b/nss/getXXbyYY_r.c
+@@ -157,19 +157,15 @@ __merge_einval (LOOKUP_TYPE *a,
+ 
+ #define CHECK_MERGE(err, status)		\
+   ({						\
+-    do						\
++    if (err)					\
+       {						\
+-	if (err)				\
+-	  {					\
+-	    __set_errno (err);			\
+-	    if (err == ERANGE)			\
+-	      status = NSS_STATUS_TRYAGAIN;	\
+-	    else				\
+-	      status = NSS_STATUS_UNAVAIL;	\
+-	    break;				\
+-	  }					\
++	__set_errno (err);			\
++	if (err == ERANGE)			\
++	  status = NSS_STATUS_TRYAGAIN;		\
++	else					\
++	  status = NSS_STATUS_UNAVAIL;		\
++	break;					\
+       }						\
+-    while (0);					\
+   })
+ 
+ /* Type of the lookup function we need here.  */
diff --git a/glibc.spec b/glibc.spec
index d4d0202..99ecc17 100644
--- a/glibc.spec
+++ b/glibc.spec
@@ -115,7 +115,7 @@ end \
 Summary: The GNU libc libraries
 Name: glibc
 Version: %{glibcversion}
-Release: %{glibcrelease}.25
+Release: %{glibcrelease}.26
 
 # In general, GPLv2+ is used by programs, LGPLv2+ is used for
 # libraries.
@@ -1286,6 +1286,7 @@ Patch1051: glibc-RHEL-18039-4.patch
 Patch1052: glibc-RHEL-18039-5.patch
 Patch1053: glibc-RHEL-18039-6.patch
 Patch1054: glibc-RHEL-105326.patch
+Patch1055: glibc-RHEL-114260.patch
 
 ##############################################################################
 # Continued list of core "glibc" package information:
@@ -2947,6 +2948,9 @@ fi
 %{_libdir}/libpthread_nonshared.a
 
 %changelog
+* Fri Oct 03 2025 DJ Delorie <dj@redhat.com> - 2.28-251.26
+- nss: Group merge does not react to ERANGE during merge (RHEL-114260)
+
 * Thu Jul 24 2025 Florian Weimer  <fweimer@redhat.com> - 2.28-251.25
 - CVE-2025-8058: Double free in regcomp (RHEL-105326)