%define debug_package %{nil}
%define __os_install_post %{nil}
%global security_hardening nonow
%define glibc_target_cpu %{_build}
Summary: Main C library
Name: glibc
Version: 2.22
Release: 22%{?dist}
License: LGPLv2+
URL: http://www.gnu.org/software/libc
Group: Applications/System
Vendor: VMware, Inc.
Distribution: Photon
Source0: http://ftp.gnu.org/gnu/glibc/%{name}-%{version}.tar.xz
%define sha1 glibc=5be95334f197121d8b351059a1c6518305d88e2a
Source1: locale-gen.sh
Source2: locale-gen.conf
Patch0: http://www.linuxfromscratch.org/patches/downloads/glibc/glibc-2.22-upstream_i386_fix-1.patch
Patch1: http://www.linuxfromscratch.org/patches/downloads/glibc/glibc-2.22-largefile-1.patch
Patch2: http://www.linuxfromscratch.org/patches/downloads/glibc/glibc-2.22-fhs-1.patch
Patch3: glibc-2.22-bindrsvport-blacklist.patch
Patch4: http://www.linuxfromscratch.org/patches/downloads/glibc/glibc-2.22-upstream_fixes-1.patch
Patch5: glibc-fix-CVE-2014-9761-1.patch
Patch6: glibc-fix-CVE-2014-9761-2.patch
Patch7: glibc-fix-CVE-2014-9761-3.patch
Patch8: glibc-fix-CVE-2014-9761-4.patch
Patch9: pthread_create-fix-use-after-free.patch
# Fixes CVE-2016-3075
Patch10: CVE-2016-3075-Stack-overflow-in-_nss_dns_getnetbynam.patch
# Fixes CVE-2016-3706
Patch11: CVE-2016-3706-getaddrinfo-stack-overflow-in-hostent-.patch
# It allows to apply CVE-2016-1234 patch
Patch12: glob-Simplify-the-interface-for-the-GLOB_ALTDIRFUNC-.patch
# Fixes CVE-2016-1234
Patch13: CVE-2016-1234-glob-Do-not-copy-d_name-field-of-struc.patch
# Fixed CVE-2016-4429
Patch14: CVE-2016-4429-sunrpc-Do-not-use-alloca-in-clntudp_ca.patch
Patch15: glibc-fix-CVE-2017-1000366.patch
#https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d42eed4a044e5e10dfb885cf9891c2518a72a491
Patch16: glibc-fix-CVE-2017-12133.patch
Patch17: glibc-fix-CVE-2017-15670.patch
Patch18: glibc-fix-CVE-2017-15804.patch
#https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=patch;h=20f534e0abd81149c71cef082c8c058bb9d953af
Patch19: glibc-fix-CVE-2015-5180.patch
#https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=patch;h=5e7fdabd7df1fc6c56d104e61390bf5a6b526c38
Patch20: glibc-2.22-CVE-2016-5417.patch
Patch21: glibc-fix-CVE-2017-16997.patch
Patch22: glibc-fix-CVE-2018-1000001.patch
Patch23: glibc-fix-CVE-2018-6485.patch
Patch24: glibc-fix-CVE-2017-18269.patch
Patch25: glibc-fix-CVE-2018-11236.patch
Patch26: glibc-fix-CVE-2017-15671.patch
Provides: rtld(GNU_HASH)
Requires: filesystem
%description
This library provides the basic routines for allocating memory,
searching directories, opening and closing files, reading and
writing files, string handling, pattern matching, arithmetic,
and so on.
%package devel
Summary: Header files for glibc
Group: Applications/System
Requires: glibc >= 2.22
%description devel
These are the header files of glibc.
%package lang
Summary: Additional language files for glibc
Group: Applications/System
Requires: glibc >= 2.22
%description lang
These are the additional language files of glibc.
%prep
%setup -q
sed -i 's/\\$$(pwd)/`pwd`/' timezone/Makefile
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1
%patch18 -p1
%patch19 -p1
%patch20 -p1
%patch21 -p1
%patch22 -p1
%patch23 -p1
%patch24 -p1
%patch25 -p1
%patch26 -p1
install -vdm 755 %{_builddir}/%{name}-build
# do not try to explicitly provide GLIBC_PRIVATE versioned libraries
%define __find_provides %{_builddir}/%{name}-%{version}/find_provides.sh
%define __find_requires %{_builddir}/%{name}-%{version}/find_requires.sh
# create find-provides and find-requires script in order to ignore GLIBC_PRIVATE errors
cat > find_provides.sh << _EOF
#! /bin/sh
if [ -d /tools ]; then
/tools/lib/rpm/find-provides | grep -v GLIBC_PRIVATE
else
%{_prefix}/lib/rpm/find-provides | grep -v GLIBC_PRIVATE
fi
exit 0
_EOF
chmod +x find_provides.sh
cat > find_requires.sh << _EOF
#! /bin/sh
if [ -d /tools ]; then
/tools/lib/rpm/find-requires %{buildroot} %{glibc_target_cpu} | grep -v GLIBC_PRIVATE
else
%{_prefix}/lib/rpm/find-requires %{buildroot} %{glibc_target_cpu} | grep -v GLIBC_PRIVATE
fi
_EOF
chmod +x find_requires.sh
#___EOF
%build
cd %{_builddir}/%{name}-build
../%{name}-%{version}/configure \
--prefix=%{_prefix} \
--disable-profile \
--enable-kernel=2.6.32 \
--enable-obsolete-rpc \
--disable-silent-rules
make %{?_smp_mflags}
%check
cd %{_builddir}/glibc-build
make -k check > %{_topdir}/LOGS/%{name}-check.log 2>&1 || true
%install
# Do not remove static libs
pushd %{_builddir}/glibc-build
# Create directories
make install_root=%{buildroot} install
install -vdm 755 %{buildroot}%{_sysconfdir}/ld.so.conf.d
install -vdm 755 %{buildroot}/var/cache/nscd
install -vdm 755 %{buildroot}%{_libdir}/locale
cp -v ../%{name}-%{version}/nscd/nscd.conf %{buildroot}%{_sysconfdir}/nscd.conf
# Install locale generation script and config file
cp -v %{SOURCE2} %{buildroot}%{_sysconfdir}
cp -v %{SOURCE1} %{buildroot}/sbin
# Remove unwanted cruft
rm -rf %{buildroot}%{_infodir}
# Install configuration files
cat > %{buildroot}%{_sysconfdir}/nsswitch.conf <<- "EOF"
# Begin /etc/nsswitch.conf
passwd: files
group: files
shadow: files
hosts: files dns
networks: files
protocols: files
services: files
ethers: files
rpc: files
# End /etc/nsswitch.conf
EOF
cat > %{buildroot}%{_sysconfdir}/ld.so.conf <<- "EOF"
# Begin /etc/ld.so.conf
/usr/local/lib
/opt/lib
include /etc/ld.so.conf.d/*.conf
EOF
popd
%find_lang %{name} --all-name
%post -p /sbin/ldconfig
%postun -p /sbin/ldconfig
%files
%defattr(-,root,root)
%dir %{_localstatedir}/cache/nscd
%dir %{_libdir}/locale
%dir %{_sysconfdir}/ld.so.conf.d
%config(noreplace) %{_sysconfdir}/nsswitch.conf
%config(noreplace) %{_sysconfdir}/ld.so.conf
%config(noreplace) %{_sysconfdir}/rpc
%config(missingok,noreplace) %{_sysconfdir}/ld.so.cache
%config %{_sysconfdir}/locale-gen.conf
%config(noreplace) %{_sysconfdir}/nscd.conf
%ifarch x86_64
/lib64/*
%{_lib64dir}/gconv/*
%{_lib64dir}/audit/*
%{_lib64dir}/*.so
%else
%{_lib}/*
%endif
/sbin/*
%{_bindir}/*
%{_libexecdir}/*
%{_sbindir}/*
%{_datadir}/i18n/charmaps/*.gz
%{_datadir}/i18n/locales/*
%{_localstatedir}/lib/nss_db/Makefile
%exclude /usr/bin/mtrace
%files devel
%defattr(-,root,root)
# TODO: Excluding for now to remove dependency on PERL
# /usr/bin/mtrace
%ifarch x86_64
%{_lib64dir}/*.a
%{_lib64dir}/*.o
%endif
%{_includedir}/*
%files -f %{name}.lang lang
%defattr(-,root,root)
%{_datarootdir}/locale/locale.alias
%changelog
* Thu Aug 09 2018 Keerthana K <keerthanak@vmware.com> 2.22-22
- Fix for CVE-2017-15761.
* Tue Jun 26 2018 Keerthana K <keerthnanak@vmware.com> 2.22-21
- Fix for CVE-2018-11236.
* Mon Jun 25 2018 Keerthana K <keerthanak@vmware.com> 2.22-20
- Fix for CVE-2017-18269.
* Tue Jan 20 2018 Xiaolin Li <xiaolinl@vmware.com> 2.22-19
- Fix CVE-2018-1000001 and CVE-2018-6485
* Mon Jan 08 2018 Xiaolin Li <xiaolinl@vmware.com> 2.22-18
- Fix CVE-2017-16997
* Tue Dec 5 2017 Anish Swaminathan <anishs@vmware.com> 2.22-17
- Fix CVE-2016-5417
* Tue Nov 14 2017 Xiaolin Li <xiaolinl@vmware.com> 2.22-16
- Fix CVE-2015-5180
* Wed Oct 25 2017 Xiaolin Li <xiaolinl@vmware.com> 2.22-15
- Fix CVE-2017-15670, CVE-2017-15804
* Thu Oct 19 2017 Xiaolin Li <xiaolinl@vmware.com> 2.22-14
- Fix CVE-2017-12133
* Thu Jun 29 2017 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 2.22-13
- Apply related patches for CVE-2017-1000366
* Thu Jun 29 2017 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 2.22-12
- Fix CVE-2017-1000366
* Wed Jun 07 2017 Bo Gan <ganb@vmware.com> 2.22-11
- Fix post/postun
* Tue Apr 18 2017 Alexey Makhalov <amakhalov@vmware.com> 2.22-10
- Fix CVE-2016-3075, CVE-2016-3706, CVE-2016-1234 and CVE-2016-4429
* Wed Sep 28 2016 Alexey Makhalov <amakhalov@vmware.com> 2.22-9
- Added pthread_create-fix-use-after-free.patch
* Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 2.22-8
- GA - Bump release of all rpms
* Mon May 23 2016 Divya Thaluru <dthaluru@vmware.com> 2.22-7
- Added patch for CVE-2014-9761
* Mon Mar 21 2016 Alexey Makhalov <amakhalov@vmware.com> 2.22-6
- Security hardening: nonow
* Fri Mar 18 2016 Anish Swaminathan <anishs@vmware.com> 2.22-5
- Change conf file qualifiers
* Fri Mar 11 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 2.22-4
- Added patch for res_qeury assertion with bad dns config
- Details: https://sourceware.org/bugzilla/show_bug.cgi?id=19791
* Tue Feb 16 2016 Anish Swaminathan <anishs@vmware.com> 2.22-3
- Added patch for CVE-2015-7547
* Mon Feb 08 2016 Anish Swaminathan <anishs@vmware.com> 2.22-2
- Added patch for bindresvport blacklist
* Tue Jan 12 2016 Xiaolin Li <xiaolinl@vmware.com> 2.22-1
- Updated to version 2.22
* Tue Dec 1 2015 Divya Thaluru <dthaluru@vmware.com> 2.19-8
- Disabling rpm debug package and stripping the libraries
* Wed Nov 18 2015 Divya Thaluru <dthaluru@vmware.com> 2.19-7
- Adding patch to close nss files database
* Tue Nov 10 2015 Xiaolin Li <xiaolinl@vmware.com> 2.19-6
- Handled locale files with macro find_lang
* Wed Aug 05 2015 Kumar Kaushik <kaushikk@vmware.com> 2.19-5
- Adding postun section for ldconfig.
* Tue Jul 28 2015 Alexey Makhalov <amakhalov@vmware.com> 2.19-4
- Support glibc building against current rpm version.
* Thu Jul 23 2015 Divya Thaluru <dthaluru@vmware.com> 2.19-3
- Packing locale-gen scripts
* Mon May 18 2015 Touseef Liaqat <tliaqat@vmware.com> 2.19-2
- Update according to UsrMove.
* Wed Nov 5 2014 Divya Thaluru <dthaluru@vmware.com> 2.19-1
- Initial build. First version