@@ -2,7 +2,7 @@

 Summary:        Contains the GNU compiler collection

 Name:           gcc

 Version:        6.3.0

-Release:        2%{?dist}

+Release:        3%{?dist}

 License:        GPLv2+

 URL:            http://gcc.gnu.org

 Group:          Development/Tools

@@ -93,6 +93,22 @@ sed -i '/^NO_PIE_CFLAGS = /s/@NO_PIE_CFLAGS@//' gcc/Makefile.in

 install -vdm 755 ../gcc-build

 %build

+

+# Fix compilation issue for glibc-2.26.

+# TODO: remove these lines after gcc update to 7.2+

+#

+# 1. "typedef struct ucontext ucontext_t" was renamed to

+#    "typedef struct ucontext_t ucontext_t"

+sed -i 's/struct ucontext/ucontext_t/g' libgcc/config/i386/linux-unwind.h

+# 2. struct sigaltstack removed

+sed -i 's/struct sigaltstack/void/g' libsanitizer/sanitizer_common/sanitizer_linux.cc

+sed -i '/struct sigaltstack;/d' libsanitizer/sanitizer_common/sanitizer_linux.h

+sed -i 's/struct sigaltstack/void/g' libsanitizer/sanitizer_common/sanitizer_linux.h

+sed -i 's/struct sigaltstack/stack_t/g' libsanitizer/sanitizer_common/sanitizer_stoptheworld_linux_libcdep.cc

+sed -i 's/__res_state/struct __res_state/g' libsanitizer/tsan/tsan_platform_linux.cc

+

+export glibcxx_cv_c99_math_cxx98=yes glibcxx_cv_c99_math_cxx11=yes

+

 cd ../gcc-build

 SED=sed \

 ../%{name}-%{version}/configure \

@@ -244,6 +260,8 @@ make %{?_smp_mflags} check-gcc

 %endif

 %changelog

+*   Tue Aug 15 2017 Alexey Makhalov <amakhalov@vmware.com> 6.3.0-3

+-   Fix compilation issue for glibc-2.26

 *   Tue Aug 15 2017 Alexey Makhalov <amakhalov@vmware.com> 6.3.0-2

 -   Improve make check

 *   Thu Mar 9 2017 Alexey Makhalov <amakhalov@vmware.com> 6.3.0-1

deleted file mode 100644

@@ -1,344 +0,0 @@

-From f6110a8fee2ca36f8e2d2abecf3cba9fa7b8ea7d Mon Sep 17 00:00:00 2001

-From: Florian Weimer <fweimer@redhat.com>

-Date: Mon, 19 Jun 2017 17:09:55 +0200

-Subject: [PATCH 1/1] CVE-2017-1000366: Ignore LD_LIBRARY_PATH for AT_SECURE=1

- programs [BZ #21624]

-

-LD_LIBRARY_PATH can only be used to reorder system search paths, which

-is not useful functionality.

-

-This makes an exploitable unbounded alloca in _dl_init_paths unreachable

-for AT_SECURE=1 programs.

- elf/rtld.c | 3 ++-

- 1 files changed, 2 insertions(+), 1 deletion(-)

-

-diff --git a/elf/rtld.c b/elf/rtld.c

-index 2446a87..2269dbe 100644

-+++ b/elf/rtld.c

-@@ -2422,7 +2422,8 @@ process_envvars (enum mode *modep)

- 

- 	case 12:

- 	  /* The library search path.  */

--	  if (memcmp (envline, "LIBRARY_PATH", 12) == 0)

-+	  if (!__libc_enable_secure

-+	      && memcmp (envline, "LIBRARY_PATH", 12) == 0)

- 	    {

- 	      library_path = &envline[13];

- 	      break;

-From 6d0ba622891bed9d8394eef1935add53003b12e8 Mon Sep 17 00:00:00 2001

-From: Florian Weimer <fweimer@redhat.com>

-Date: Mon, 19 Jun 2017 22:31:04 +0200

-Subject: [PATCH] ld.so: Reject overly long LD_PRELOAD path elements

-

- elf/rtld.c | 82 ++++++++++++++++++++++++++++++++++++++++++++++++++------------

- 1 files changed, 73 insertions(+), 16 deletions(-)

-

-diff --git a/elf/rtld.c b/elf/rtld.c

-index 2269dbe..86ae20c 100644

-+++ b/elf/rtld.c

-@@ -99,6 +99,35 @@ uintptr_t __pointer_chk_guard_local

- strong_alias (__pointer_chk_guard_local, __pointer_chk_guard)

- #endif

- 

-+/* Length limits for names and paths, to protect the dynamic linker,

-+   particularly when __libc_enable_secure is active.  */

-+#ifdef NAME_MAX

-+# define SECURE_NAME_LIMIT NAME_MAX

-+#else

-+# define SECURE_NAME_LIMIT 255

-+#endif

-+#ifdef PATH_MAX

-+# define SECURE_PATH_LIMIT PATH_MAX

-+#else

-+# define SECURE_PATH_LIMIT 1024

-+#endif

-+

-+/* Check that AT_SECURE=0, or that the passed name does not contain

-+   directories and is not overly long.  Reject empty names

-+   unconditionally.  */

-+static bool

-+dso_name_valid_for_suid (const char *p)

-+{

-+  if (__glibc_unlikely (__libc_enable_secure))

-+    {

-+      /* Ignore pathnames with directories for AT_SECURE=1

-+	 programs, and also skip overlong names.  */

-+      size_t len = strlen (p);

-+      if (len >= SECURE_NAME_LIMIT || memchr (p, '/', len) != NULL)

-+	return false;

-+    }

-+  return *p != '\0';

-+}

- 

- /* List of auditing DSOs.  */

- static struct audit_list

-@@ -718,6 +747,42 @@ static const char *preloadlist attribute_relro;

- /* Nonzero if information about versions has to be printed.  */

- static int version_info attribute_relro;

- 

-+/* The LD_PRELOAD environment variable gives list of libraries

-+   separated by white space or colons that are loaded before the

-+   executable's dependencies and prepended to the global scope list.

-+   (If the binary is running setuid all elements containing a '/' are

-+   ignored since it is insecure.)  Return the number of preloads

-+   performed.  */

-+unsigned int

-+handle_ld_preload (const char *preloadlist, struct link_map *main_map)

-+{

-+  unsigned int npreloads = 0;

-+  const char *p = preloadlist;

-+  char fname[SECURE_PATH_LIMIT];

-+

-+  while (*p != '\0')

-+    {

-+      /* Split preload list at space/colon.  */

-+      size_t len = strcspn (p, " :");

-+      if (len > 0 && len < sizeof (fname))

-+	{

-+	  memcpy (fname, p, len);

-+	  fname[len] = '\0';

-+	}

-+      else

-+	fname[0] = '\0';

-+

-+      /* Skip over the substring and the following delimiter.  */

-+      p += len;

-+      if (*p != '\0')

-+	++p;

-+

-+      if (dso_name_valid_for_suid (fname))

-+	npreloads += do_preload (fname, main_map, "LD_PRELOAD");

-+    }

-+  return npreloads;

-+}

-+

- static void

- dl_main (const ElfW(Phdr) *phdr,

- 	 ElfW(Word) phnum,

-@@ -1464,23 +1529,8 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",

- 

-   if (__glibc_unlikely (preloadlist != NULL))

-     {

--      /* The LD_PRELOAD environment variable gives list of libraries

--	 separated by white space or colons that are loaded before the

--	 executable's dependencies and prepended to the global scope

--	 list.  If the binary is running setuid all elements

--	 containing a '/' are ignored since it is insecure.  */

--      char *list = strdupa (preloadlist);

--      char *p;

--

-       HP_TIMING_NOW (start);

--

--      /* Prevent optimizing strsep.  Speed is not important here.  */

--      while ((p = (strsep) (&list, " :")) != NULL)

--	if (p[0] != '\0'

--	    && (__builtin_expect (! __libc_enable_secure, 1)

--		|| strchr (p, '/') == NULL))

--	  npreloads += do_preload (p, main_map, "LD_PRELOAD");

--

-+      npreloads += handle_ld_preload (preloadlist, main_map);

-       HP_TIMING_NOW (stop);

-       HP_TIMING_DIFF (diff, start, stop);

-       HP_TIMING_ACCUM_NT (load_time, diff);

-From 81b82fb966ffbd94353f793ad17116c6088dedd9 Mon Sep 17 00:00:00 2001

-From: Florian Weimer <fweimer@redhat.com>

-Date: Mon, 19 Jun 2017 22:32:12 +0200

-Subject: [PATCH] ld.so: Reject overly long LD_AUDIT path elements

-

-Also only process the last LD_AUDIT entry.

- elf/rtld.c | 110 ++++++++++++++++++++++++++++++++++++++++++++++++++++---------

- 1 files changed, 106 insertions(+), 15 deletions(-)

-

-diff --git a/elf/rtld.c b/elf/rtld.c

-index 86ae20c..65647fb 100644

-+++ b/elf/rtld.c

-@@ -129,13 +129,91 @@ dso_name_valid_for_suid (const char *p)

-   return *p != '\0';

- }

- 

--/* List of auditing DSOs.  */

-+/* LD_AUDIT variable contents.  Must be processed before the

-+   audit_list below.  */

-+const char *audit_list_string;

-+

-+/* Cyclic list of auditing DSOs.  audit_list->next is the first

-+   element.  */

- static struct audit_list

- {

-   const char *name;

-   struct audit_list *next;

- } *audit_list;

- 

-+/* Iterator for audit_list_string followed by audit_list.  */

-+struct audit_list_iter

-+{

-+  /* Tail of audit_list_string still needing processing, or NULL.  */

-+  const char *audit_list_tail;

-+

-+  /* The list element returned in the previous iteration.  NULL before

-+     the first element.  */

-+  struct audit_list *previous;

-+

-+  /* Scratch buffer for returning a name which is part of

-+     audit_list_string.  */

-+  char fname[SECURE_NAME_LIMIT];

-+};

-+

-+/* Initialize an audit list iterator.  */

-+static void

-+audit_list_iter_init (struct audit_list_iter *iter)

-+{

-+  iter->audit_list_tail = audit_list_string;

-+  iter->previous = NULL;

-+}

-+

-+/* Iterate through both audit_list_string and audit_list.  */

-+static const char *

-+audit_list_iter_next (struct audit_list_iter *iter)

-+{

-+  if (iter->audit_list_tail != NULL)

-+    {

-+      /* First iterate over audit_list_string.  */

-+      while (*iter->audit_list_tail != '\0')

-+	{

-+	  /* Split audit list at colon.  */

-+	  size_t len = strcspn (iter->audit_list_tail, ":");

-+	  if (len > 0 && len < sizeof (iter->fname))

-+	    {

-+	      memcpy (iter->fname, iter->audit_list_tail, len);

-+	      iter->fname[len] = '\0';

-+	    }

-+	  else

-+	    /* Do not return this name to the caller.  */

-+	    iter->fname[0] = '\0';

-+

-+	  /* Skip over the substring and the following delimiter.  */

-+	  iter->audit_list_tail += len;

-+	  if (*iter->audit_list_tail == ':')

-+	    ++iter->audit_list_tail;

-+

-+	  /* If the name is valid, return it.  */

-+	  if (dso_name_valid_for_suid (iter->fname))

-+	    return iter->fname;

-+	  /* Otherwise, wrap around and try the next name.  */

-+	}

-+      /* Fall through to the procesing of audit_list.  */

-+    }

-+

-+  if (iter->previous == NULL)

-+    {

-+      if (audit_list == NULL)

-+	/* No pre-parsed audit list.  */

-+	return NULL;

-+      /* Start of audit list.  The first list element is at

-+	 audit_list->next (cyclic list).  */

-+      iter->previous = audit_list->next;

-+      return iter->previous->name;

-+    }

-+  if (iter->previous == audit_list)

-+    /* Cyclic list wrap-around.  */

-+    return NULL;

-+  iter->previous = iter->previous->next;

-+  return iter->previous->name;

-+}

-+

- #ifndef HAVE_INLINED_SYSCALLS

- /* Set nonzero during loading and initialization of executable and

-    libraries, cleared before the executable's entry point runs.  This

-@@ -1305,11 +1383,13 @@ of this helper program; chances are you did not intend to run this program.\n\

-     GL(dl_rtld_map).l_tls_modid = _dl_next_tls_modid ();

- 

-   /* If we have auditing DSOs to load, do it now.  */

--  if (__glibc_unlikely (audit_list != NULL))

-+  bool need_security_init = true;

-+  if (__glibc_unlikely (audit_list != NULL)

-+      || __glibc_unlikely (audit_list_string != NULL))

-     {

--      /* Iterate over all entries in the list.  The order is important.  */

-       struct audit_ifaces *last_audit = NULL;

--      struct audit_list *al = audit_list->next;

-+      struct audit_list_iter al_iter;

-+      audit_list_iter_init (&al_iter);

- 

-       /* Since we start using the auditing DSOs right away we need to

- 	 initialize the data structures now.  */

-@@ -1320,9 +1400,14 @@ of this helper program; chances are you did not intend to run this program.\n\

- 	 use different values (especially the pointer guard) and will

- 	 fail later on.  */

-       security_init ();

-+      need_security_init = false;

- 

--      do

-+      while (true)

- 	{

-+	  const char *name = audit_list_iter_next (&al_iter);

-+	  if (name == NULL)

-+	    break;

-+

- 	  int tls_idx = GL(dl_tls_max_dtv_idx);

- 

- 	  /* Now it is time to determine the layout of the static TLS

-@@ -1331,7 +1416,7 @@ of this helper program; chances are you did not intend to run this program.\n\

- 	     no DF_STATIC_TLS bit is set.  The reason is that we know

- 	     glibc will use the static model.  */

- 	  struct dlmopen_args dlmargs;

--	  dlmargs.fname = al->name;

-+	  dlmargs.fname = name;

- 	  dlmargs.map = NULL;

- 

- 	  const char *objname;

-@@ -1344,7 +1429,7 @@ of this helper program; chances are you did not intend to run this program.\n\

- 	    not_loaded:

- 	      _dl_error_printf ("\

- ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",

--				al->name, err_str);

-+				name, err_str);

- 	      if (malloced)

- 		free ((char *) err_str);

- 	    }

-@@ -1448,10 +1533,7 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",

- 		  goto not_loaded;

- 		}

- 	    }

--

--	  al = al->next;

- 	}

--      while (al != audit_list->next);

- 

-       /* If we have any auditing modules, announce that we already

- 	 have two objects loaded.  */

-@@ -1715,7 +1797,7 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",

-   if (tcbp == NULL)

-     tcbp = init_tls ();

- 

--  if (__glibc_likely (audit_list == NULL))

-+  if (__glibc_likely (need_security_init))

-     /* Initialize security features.  But only if we have not done it

-        earlier.  */

-     security_init ();

-@@ -2346,9 +2428,7 @@ process_dl_audit (char *str)

-   char *p;

- 

-   while ((p = (strsep) (&str, ":")) != NULL)

--    if (p[0] != '\0'

--	&& (__builtin_expect (! __libc_enable_secure, 1)

--	    || strchr (p, '/') == NULL))

-+    if (dso_name_valid_for_suid (p))

-       {

- 	/* This is using the local malloc, not the system malloc.  The

- 	   memory can never be freed.  */

-@@ -2412,7 +2492,7 @@ process_envvars (enum mode *modep)

- 	      break;

- 	    }

- 	  if (memcmp (envline, "AUDIT", 5) == 0)

--	    process_dl_audit (&envline[6]);

-+	    audit_list_string = &envline[6];

- 	  break;

- 

- 	case 7:

@@ -3,20 +3,19 @@

 Summary:	Main C library

 Name:		glibc

-Version:	2.25

-Release:	4%{?dist}

+Version:	2.26

+Release:	1%{?dist}

 License:	LGPLv2+

 URL:		http://www.gnu.org/software/libc

 Group:		Applications/System

 Vendor:		VMware, Inc.

 Distribution: 	Photon

 Source0:	http://ftp.gnu.org/gnu/glibc/%{name}-%{version}.tar.xz

-%define sha1 glibc=5fff5a94ef4470bf48fe1b79093185f19f5c827a

+%define sha1 glibc=7cf7d521f5ebece5dd27cfb3ca5e5f6b84da4bfd

 Source1:	locale-gen.sh

 Source2:	locale-gen.conf

 Patch0:   	http://www.linuxfromscratch.org/patches/downloads/glibc/glibc-2.25-fhs-1.patch

 Patch1:		glibc-2.24-bindrsvport-blacklist.patch

-Patch2:         glibc-fix-CVE-2017-1000366.patch

 Provides:	rtld(GNU_HASH)

 Requires:       filesystem

 %description

@@ -72,7 +71,6 @@ Name Service Cache Daemon

 sed -i 's/\\$$(pwd)/`pwd`/' timezone/Makefile

 %patch0 -p1

 %patch1 -p1

-%patch2 -p1

 install -vdm 755 %{_builddir}/%{name}-build

 # do not try to explicitly provide GLIBC_PRIVATE versioned libraries

 %define __find_provides %{_builddir}/%{name}-%{version}/find_provides.sh

@@ -108,6 +106,8 @@ cd %{_builddir}/%{name}-build

 	--disable-profile \

 	--enable-kernel=2.6.32 \

 	--enable-obsolete-rpc \

+	--enable-obsolete-nsl \

+	--enable-bind-now \

 	--disable-silent-rules

 # Sometimes we have false "out of memory" make error

@@ -115,6 +115,8 @@ cd %{_builddir}/%{name}-build

 make %{?_smp_mflags} || make %{?_smp_mflags} || make %{?_smp_mflags}

 %check

+# disable security hardening for tests

+rm -f $(dirname $(gcc -print-libgcc-file-name))/../specs

 cd %{_builddir}/glibc-build

 make %{?_smp_mflags} check

@@ -255,6 +257,8 @@ sed -i 's@#!/bin/bash@#!/bin/sh@' %{buildroot}/usr/bin/tzselect

 %changelog

+*   Tue Aug 15 2017 Alexey Makhalov <amakhalov@vmware.com> 2.26-1

+-   Version update

 *   Tue Aug 08 2017 Anish Swaminathan <anishs@vmware.com> 2.25-4

 -   Apply fix for CVE-2017-1000366

 *   Thu May 4  2017 Bo Gan <ganb@vmware.com> 2.25-3

new file mode 100644

@@ -0,0 +1,32 @@

+From 3c885d87befc706bb923933b9819de6fe2de897e Mon Sep 17 00:00:00 2001

+From: Khem Raj <raj.khem@gmail.com>

+Date: Sat, 20 May 2017 14:03:19 -0700

+Subject: [PATCH] include stdint.h explicitly for UINT16_MAX)

+

+Fixes

+| tc_core.c:190:29: error: 'UINT16_MAX' undeclared (first use in this function); did you mean '__INT16_MAX__'?

+|    if ((sz >> s->size_log) > UINT16_MAX) {

+|                              ^~~~~~~~~~

+

+Signed-off-by: Khem Raj <raj.khem@gmail.com>

+---

+Upstream-Status: Pending

+

+ tc/tc_core.c | 1 +

+ 1 file changed, 1 insertion(+)

+

+diff --git a/tc/tc_core.c b/tc/tc_core.c

+index 7bbe0d7..821b741 100644

+--- a/tc/tc_core.c

+@@ -12,6 +12,7 @@

+ 

+ #include <stdio.h>

+ #include <stdlib.h>

++#include <stdint.h>

+ #include <unistd.h>

+ #include <syslog.h>

+ #include <fcntl.h>

+-- 

+2.13.0

+

@@ -1,7 +1,7 @@

 Summary:        Basic and advanced IPV4-based networking

 Name:           iproute2

 Version:        4.10.0

-Release:        2%{?dist}

+Release:        3%{?dist}

 License:        GPLv2+

 URL:            http://www.kernel.org/pub/linux/utils/net/iproute2

 Group:          Applications/System

@@ -10,6 +10,7 @@ Distribution:   Photon

 Source0:        http://www.kernel.org/pub/linux/utils/net/iproute2/%{name}-%{version}.tar.xz

 %define sha1    iproute2=9e578675f6938359a3036d7886b91d48c0403a40

 Patch0:         replace_killall_by_pkill.patch

+Patch1:         0001-include-stdint.h-explicitly-for-UINT16_MAX.patch

 %description

 The IPRoute2 package contains programs for basic and advanced

@@ -31,6 +32,7 @@ sed -i 's/arpd.8//' man/man8/Makefile

 rm -v doc/arpd.sgml

 sed -i 's/m_ipt.o//' tc/Makefile

 %patch0 -p1

+%patch1 -p1

 %build

 make VERBOSE=1 %{?_smp_mflags} DESTDIR= LIBDIR=%{_libdir}

@@ -57,6 +59,8 @@ make    DESTDIR=%{buildroot} \

 %{_mandir}/man3/*

 %changelog

+*   Tue Aug 15 2017 Alexey Makhalov <amakhalov@vmware.com> 4.10.0-3

+-   Fix compilation issue for glibc-2.26

 *   Fri Jun 23 2017 Xiaolin Li <xiaolinl@vmware.com> 4.10.0-2

 -   Move man3 to devel package.

 *   Tue Mar 28 2017 Dheeraj Shetty <dheerajs@vmware.com> 4.10.0-1

@@ -3,7 +3,7 @@

 Summary:        SELinux library and simple utilities

 Name:           libselinux

 Version:        2.6

-Release:        3%{?dist}

+Release:        4%{?dist}

 License:        Public Domain

 Group:          System Environment/Libraries

 Source0:        https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20160107/%{name}-%{version}.tar.gz

@@ -78,6 +78,7 @@ SELinux applications.

 %setup -qn %{name}-%{version}

 %build

+sed '/unistd.h/a#include <sys/uio.h>' -i src/setrans_client.c

 make clean

 make %{?_smp_mflags} swigify

 make LIBDIR="%{_libdir}" %{?_smp_mflags} PYTHON=/usr/bin/python2 pywrap

@@ -129,9 +130,11 @@ rm -rf %{buildroot}

 %{python3_sitelib}/*

 %changelog

+*   Thu Aug 24 2017 Alexey Makhalov <amakhalov@vmware.com> 2.6-4

+-   Fix compilation issue for glibc-2.26

 *   Wed May 31 2017 Xiaolin Li <xiaolinl@vmware.com> 2.6-3

 -   Include pytho3 packages.

-*   Wed May 22 2017 Harish Udaiya Kumar <hudaiyakumar@vmware.com> 2.6-2

+*   Mon May 22 2017 Harish Udaiya Kumar <hudaiyakumar@vmware.com> 2.6-2

 -   Include python subpackage.

 *   Wed May 03 2017 Harish Udaiya Kumar <hudaiyakumar@vmware.com> 2.6-1

 -   Upgraded to version 2.6

@@ -1,7 +1,7 @@

 Summary:        Libraries for Transport Independent RPC

 Name:           libtirpc

 Version:        1.0.1

-Release:        6%{?dist}

+Release:        7%{?dist}

 Source0:        http://downloads.sourceforge.net/project/libtirpc/libtirpc/0.3.2/%{name}-%{version}.tar.bz2

 %define sha1    libtirpc=8da1636f98b5909c0d587e7534bc1e91f5c1a970

 Patch0:         libtirpc-1.0.1-bindrsvport-blacklist.patch

@@ -43,6 +43,7 @@ This package includes header files and libraries necessary for developing progra

 %build

 ./configure --prefix=%{_prefix} --sysconfdir=%{_sysconfdir}

+sed '/stdlib.h/a#include <stdint.h>' -i src/xdr_sizeof.c

 make %{?_smp_mflags}

@@ -69,6 +70,8 @@ make install DESTDIR=%{buildroot}

 %{_libdir}/*.la

 %changelog

+*   Thu Aug 24 2017 Alexey Makhalov <amakhalov@vmware.com> 1.0.1-7

+-   Fix compilation issue for glibc-2.26

 *   Thu May 18 2017 Vinay Kulkarni <kulkarniv@vmware.com> 1.0.1-6

 -   Fix CVE-2017-8779

 *   Wed Dec 07 2016 Xiaolin Li <xiaolinl@vmware.com> 1.0.1-5

@@ -1,7 +1,7 @@

 Name: 		likewise-open

 Summary: 	Likewise Open

 Version: 	6.2.11.4

-Release:        1%{?dist}

+Release:        2%{?dist}

 Group: 		Development/Libraries

 Vendor:         VMware, Inc.

 License: 	GPL 2.0,LGPL 2.1

@@ -47,6 +47,8 @@ This package provides files for developing against the Likewise APIs

 %setup -q

 %build

+# hack against glibc-2.26 to avoid getopt declaration mismatch

+sed -i '/stdio.h/a#define _GETOPT_CORE_H 1' dcerpc/demos/echo_server/echo_server.c

 cd release

 export CWD=`pwd`

@@ -286,6 +288,8 @@ rm -rf %{buildroot}/*

 /opt/likewise/lib64/pkgconfig/libedit.pc

 %changelog

+*   Thu Aug 24 2017 Alexey Makhalov <amakhalov@vmware.com> 6.2.11.4-2

+-   Fix compilation issue for glibc-2.26

 *   Wed Aug 09 2017 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 6.2.11.4-1

 -   Update to 6.2.11.4.

 *   Wed Mar 29 2017 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 6.2.11-1

@@ -3,7 +3,7 @@

 Summary:        Mesos

 Name:           mesos

 Version:        1.2.0

-Release:        4%{?dist}

+Release:        5%{?dist}

 License:        Apache

 URL:            http://mesos.apache.org

 Group:          Applications/System

@@ -56,6 +56,8 @@ Requires:   %{name} = %{version}

 %build

 sed -i 's/gzip -d -c $^ | tar xf -/tar --no-same-owner -xf $^/' 3rdparty/Makefile.am

 sed -i 's/gzip -d -c $^ | tar xf -/tar --no-same-owner -xf $^/' 3rdparty/libprocess/3rdparty/Makefile.am

+sed -i "/xlocale.h/d" 3rdparty/stout/include/stout/jsonify.hpp

+

 ./configure \

     CFLAGS="%{optflags} -Wno-deprecated-declarations"  \

     CXXFLAGS="%{optflags} -Wno-deprecated-declarations -Wno-strict-aliasing" \

@@ -103,6 +105,8 @@ find %{buildroot}%{_libdir} -name '*.la' -delete

 %exclude %{_libdir}/debug/

 %changelog

+*   Tue Aug 15 2017 Alexey Makhalov <amakhalov@vmware.com> 1.2.0-5

+-   Fix compilation issue for glibc-2.26

 *   Thu Aug 10 2017 Xiaolin Li <xiaolinl@vmware.com> 1.2.0-4

 -   Disable make check because Segfault in ProcessTest.Spawn with GCC 6+.

 -   For more details, please refer to https://issues.apache.org/jira/browse/MESOS-4983.

@@ -1,7 +1,7 @@

 Summary:        NFS client utils

 Name:           nfs-utils

 Version:        2.1.1

-Release:        4%{?dist}

+Release:        5%{?dist}

 License:        GPLv2+

 URL:            http://sourceforge.net/projects/nfs

 Group:          Applications/Nfs-utils-client

@@ -31,6 +31,7 @@ The nfs-utils package contains simple nfs client service

 %setup -q -n %{name}-%{version}

 #not prevent statd to start

 sed -i "/daemon_init/s:\!::" utils/statd/statd.c

+sed '/unistd.h/a#include <stdint.h>' -i support/nsm/rpc.c

 find . -iname "*.py" | xargs -I file sed -i '1s/python/python3/g' file

 %build

@@ -79,6 +80,8 @@ make check

 /lib/systemd/system/*

 %changelog

+*   Thu Aug 24 2017 Alexey Makhalov <amakhalov@vmware.com> 2.1.1-5

+-   Fix compilation issue for glibc-2.26

 *   Wed Aug 16 2017 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 2.1.1-4

 -   Add check and ignore test that fails.

 *   Tue Aug 8 2017 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 2.1.1-3

@@ -4,7 +4,7 @@

 Summary:        Array processing for numbers, strings, records, and objects

 Name:           python-numpy

 Version:        1.12.1

-Release:        4%{?dist}

+Release:        5%{?dist}

 License:        BSD

 Group:          Development/Languages/Python

 Vendor:         VMware, Inc.

@@ -42,6 +42,10 @@ Python 3 version.

 %setup -q -n numpy-%{version}

 %build

+# xlocale.h has been removed from glibc 2.26

+# The above include of locale.h is sufficient

+# Further details: https://sourceware.org/git/?p=glibc.git;a=commit;h=f0be25b6336db7492e47d2e8e72eb8af53b5506d */

+sed -i "/xlocale.h/d" numpy/core/src/multiarray/numpyos.c

 python2 setup.py build

 python3 setup.py build

@@ -76,6 +80,8 @@ rm -rf test

 %{_bindir}/f2py3

 %changelog

+*   Fri Aug 25 2017 Alexey Makhalov <amakhalov@vmware.com> 1.12.1-5

+-   Fix compilation issue for glibc-2.26

 *   Wed Jul 26 2017 Divya Thaluru <dthaluru@vmware.com> 1.12.1-4

 -   Fixed rpm check errors

 *   Wed Jun 07 2017 Xiaolin Li <xiaolinl@vmware.com> 1.12.1-3

@@ -1,7 +1,7 @@

 Summary:	Tracks system calls that are made by a running process

 Name:		strace

 Version:	4.16

-Release:	1%{?dist}

+Release:	2%{?dist}

 License:	BSD

 URL:		http://sourceforge.net/p/strace/code/ci/master/tree/

 Group:		Development/Debuggers

@@ -23,6 +23,9 @@ all the arugments and return values from the system calls. This is useful in deb

 ./configure \

 	--prefix=%{_prefix} \

+# to resolve build issue with glibc-2.26

+sed -i 's/struct ucontext/ucontext_t/g' linux/x86_64/arch_sigreturn.c

+

 make %{?_smp_mflags}

 %install

@@ -41,13 +44,15 @@ rm -rf %{buildroot}/*

 %{_mandir}/man1/*

 %changelog

-*	Wed Apr 12 2017 Vinay Kulkarni <kulkarniv@vmware.com> 4.16-1

--	Update to version 4.16

-*	Thu Oct 20 2016 Alexey Makhalov <amakhalov@vmware.com> 4.11-3

--	Exclude perl dependency

-*	Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 4.11-2

--	GA - Bump release of all rpms

-*   	Wed Jan 20 2016 Anish Swaminathan <anishs@vmware.com> 4.11-1

--   	Upgrade version.

-*	Thu Oct 09 2014 Divya Thaluru <dthaluru@vmware.com> 4.10-1

--	Initial build.	First version

+*   Wed Aug 23 2017 Alexey Makhalov <amakhalov@vmware.com> 4.16-2

+-   Fix compilation issue for glibc-2.26

+*   Wed Apr 12 2017 Vinay Kulkarni <kulkarniv@vmware.com> 4.16-1

+-   Update to version 4.16

+*   Thu Oct 20 2016 Alexey Makhalov <amakhalov@vmware.com> 4.11-3

+-   Exclude perl dependency

+*   Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 4.11-2

+-   GA - Bump release of all rpms

+*   Wed Jan 20 2016 Anish Swaminathan <anishs@vmware.com> 4.11-1

+-   Upgrade version.

+*   Thu Oct 09 2014 Divya Thaluru <dthaluru@vmware.com> 4.10-1

+-   Initial build. First version

@@ -1,7 +1,7 @@

 Summary:          The OpenSource IPsec-based VPN Solution

 Name:             strongswan

 Version:          5.5.2

-Release:          1%{?dist}

+Release:          2%{?dist}

 License:          GPLv2+

 URL:              https://www.strongswan.org/

 Group:            System Environment/Security

@@ -20,6 +20,7 @@ strongSwan is a complete IPsec implementation for Linux 2.6, 3.x, and 4.x kernel

 %build

 ./configure --prefix=%{_prefix} --sysconfdir=%{_sysconfdir}

+sed -i '/stdlib.h/a #include <stdint.h>' src/libstrongswan/utils/utils.h &&

 make %{?_smp_mflags}

 %install

@@ -45,6 +46,8 @@ rm -rf %{buildroot}/*

 %{_datadir}/strongswan/*

 %changelog

+*   Thu Aug 24 2017 Alexey Makhalov <amakhalov@vmware.com> 5.5.2-2

+-   Fix compilation issue for glibc-2.26

 *   Wed Apr 12 2017 Vinay Kulkarni <kulkarniv@vmware.com> 5.5.2-1

 -   Update to version 5.5.2

 *   Wed Dec 21 2016 Xiaolin Li <xiaolinl@vmware.com>  5.5.1-1

@@ -1,7 +1,7 @@

 Summary:          Systemd-233

 Name:             systemd

 Version:          233

-Release:          6%{?dist}

+Release:          7%{?dist}

 License:          LGPLv2+ and GPLv2+ and MIT

 URL:              http://www.freedesktop.org/wiki/Software/systemd/

 Group:            System Environment/Security

@@ -71,6 +71,10 @@ BLKID_CFLAGS="-I/usr/include/blkid"

 cc_cv_CFLAGS__flto=no

 EOF

 sed -i "s:blkid/::" $(grep -rl "blkid/blkid.h")

+# xlocale.h has been removed from glibc 2.26

+# The above include of locale.h is sufficient

+# Further details: https://sourceware.org/git/?p=glibc.git;a=commit;h=f0be25b6336db7492e47d2e8e72eb8af53b5506d */

+sed -i "/xlocale.h/d" src/basic/parse-util.c

 %patch0 -p1

 %patch1 -p1

@@ -230,6 +234,8 @@ rm -rf %{buildroot}/*

 %files lang -f %{name}.lang

 %changelog

+*    Tue Aug 15 2017 Alexey Makhalov <amakhalov@vmware.com> 233-7

+-    Fix compilation issue for glibc-2.26

 *    Fri Jul 20 2017 Vinay Kulkarni <kulkarniv@vmware.com>  233-6

 -    Fix for CVE-2017-1000082.

 *    Fri Jul 07 2017 Vinay Kulkarni <kulkarniv@vmware.com>  233-5

@@ -1,7 +1,7 @@

 Summary:	TCP/IP daemon wrapper package

 Name:		tcp_wrappers

 Version:	7.6

-Release:	2%{?dist}

+Release:	3%{?dist}

 License: 	BSD

 Group: 		System Environment/Networking

 URL: 		ftp://ftp.porcupine.org/pub/security/index.html

@@ -25,7 +25,8 @@ The libraries and header files needed for tcp_wrappers development.

 %build

 sed -i -e "s,^extern char \*malloc();,/* & */," scaffold.c &&

-make REAL_DAEMON_DIR=%{_sbindir}STYLE=-DPROCESS_OPTIONS linux

+sed -i 's/-O2/-O2 -DUSE_GETDOMAIN/g' Makefile &&

+make REAL_DAEMON_DIR=%{_sbindir} STYLE=-DPROCESS_OPTIONS linux

 %install

 mkdir -p %{buildroot}%{_libdir}

@@ -52,8 +53,10 @@ make DESTDIR=%{buildroot} install

 %{_includedir}/*.h

 %changelog

-*	Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 7.6-2

--	GA - Bump release of all rpms

+* Wed Aug 23 2017 Alexey Makhalov <amakhalov@vmware.com> 7.6-3

+- Fix compilation issue for glibc-2.26

+* Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 7.6-2

+- GA - Bump release of all rpms

 * Fri Aug 28 2015 Divya Thaluru <dthaluru@vmware.com> 7.6-1

 - Initial version

new file mode 100644

@@ -0,0 +1,39 @@

+--- a/scripts/config2help.c	2017-08-24 17:14:30.000000000 -0700

+@@ -248,7 +248,7 @@

+   // entry until we run out of matching pairs.

+   for (;;) {

+     struct symbol *throw = 0, *catch;

+-    char *this, *that, *cusage, *tusage, *name;

++    char *this, *that, *cusage, *tusage, *name = NULL, *that_start;

+     int len;

+ 

+     // find a usage: name and collate all enabled entries with that name

+@@ -261,11 +261,16 @@

+ 

+         // Align usage: lines, finding a matching pair so we can suck help

+         // text out of throw into catch, copying from this to that

+-        if (!throw) name = that;

++        if (!throw) {

++          if (name)

++            free(name);

++          name = strdup(that);

++          that_start = that;

++        }

+         else if (strncmp(name, that, len) || !isspace(that[len])) continue;

+         catch->enabled++;

+         while (!isspace(*that) && *that) that++;

+-        if (!throw) len = that-name;

++        if (!throw) len = that-that_start;

+         that = trim(that);

+         if (!throw) {

+           throw = catch;

+@@ -370,6 +375,8 @@

+       }

+     }

+ 

++    if (name)

++      free(name);

+     // Did we find one?

+ 

+     if (!throw) break;

@@ -1,6 +1,6 @@

 Name:           toybox

 Version:        0.7.3

-Release:        3%{?dist}

+Release:        4%{?dist}

 License:        BSD

 Summary:        Common Linux command line utilities in a single executable

 Url:            http://landley.net/toybox/

@@ -10,6 +10,7 @@ Distribution:   Photon

 Source0:        http://landley.net/toybox/downloads/%{name}-%{version}.tar.gz

 %define sha1 toybox=f3d9f5396a210fb2ad7d6309acb237751c50812f

 Source1:	config-%{version}

+Patch0:         config2help_use_after_free_fix.patch

 %description

 Toybox combines common Linux command line utilities together into a single

 BSD-licensed executable that's simple, small, fast, reasonably

@@ -18,6 +19,7 @@ environment.

 %prep

 %setup -q -n toybox-%{version}

+%patch0 -p1

 %build

 cp %{SOURCE1} .config

@@ -46,6 +48,8 @@ tests_to_run=`echo  $tests_to_run | sed -e 's/pkill//g'`

 %{_sbindir}/*

 %changelog