%global security_hardening nonow
%define glibc_target_cpu %{_build}

Summary:        Main C library
Name:           glibc
Version:        2.26
Release:        9%{?dist}
License:        LGPLv2+
URL:            http://www.gnu.org/software/libc
Group:          Applications/System
Vendor:         VMware, Inc.
Distribution:   Photon
Source0:        http://ftp.gnu.org/gnu/glibc/%{name}-%{version}.tar.xz
%define sha1    glibc=7cf7d521f5ebece5dd27cfb3ca5e5f6b84da4bfd
Source1:        locale-gen.sh
Source2:        locale-gen.conf
Patch0:         http://www.linuxfromscratch.org/patches/downloads/glibc/glibc-2.25-fhs-1.patch
Patch1:         glibc-2.24-bindrsvport-blacklist.patch
Patch2:         0001-Fix-range-check-in-do_tunable_update_val.patch
Patch3:         0002-malloc-arena-fix.patch
Patch4:         glibc-fix-CVE-2017-15670.patch
Patch5:         glibc-fix-CVE-2017-15804.patch
Patch6:         glibc-fix-CVE-2017-17426.patch
Patch7:         glibc-fix-CVE-2017-16997.patch
Provides:       rtld(GNU_HASH)
Requires:       filesystem
%description
This library provides the basic routines for allocating memory,
searching directories, opening and closing files, reading and
writing files, string handling, pattern matching, arithmetic,
and so on.

%package devel
Summary: Header files for glibc
Group: Applications/System
Requires: %{name} = %{version}-%{release}
%description devel
These are the header files of glibc.

%package lang
Summary: Additional language files for glibc
Group: Applications/System
Requires: %{name} = %{version}-%{release}
%description lang
These are the additional language files of glibc.

%package i18n
Summary: Additional internationalization files for glibc
Group: Applications/System
Requires: %{name} = %{version}-%{release}
%description i18n
These are the additional internationalization files of glibc.

%package iconv
Summary: gconv modules for glibc
Group: Applications/System
Requires: %{name} = %{version}-%{release}
%description iconv
These is gconv modules for iconv() and iconv tools.

%package tools
Summary: tools for glibc
Group: Applications/System
Requires: %{name} = %{version}-%{release}
%description tools
Extra tools for glibc.

%package nscd
Summary: Name Service Cache Daemon
Group: Applications/System
Requires: %{name} = %{version}-%{release}
%description nscd
Name Service Cache Daemon

%prep
%setup -q
sed -i 's/\\$$(pwd)/`pwd`/' timezone/Makefile
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
install -vdm 755 %{_builddir}/%{name}-build
# do not try to explicitly provide GLIBC_PRIVATE versioned libraries
%define __find_provides %{_builddir}/%{name}-%{version}/find_provides.sh
%define __find_requires %{_builddir}/%{name}-%{version}/find_requires.sh

# create find-provides and find-requires script in order to ignore GLIBC_PRIVATE errors
cat > find_provides.sh << _EOF
#! /bin/sh
if [ -d /tools ]; then
/tools/lib/rpm/find-provides | grep -v GLIBC_PRIVATE
else
%{_prefix}/lib/rpm/find-provides | grep -v GLIBC_PRIVATE
fi
exit 0
_EOF
chmod +x find_provides.sh

cat > find_requires.sh << _EOF
#! /bin/sh
if [ -d /tools ]; then
/tools/lib/rpm/find-requires %{buildroot} %{glibc_target_cpu} | grep -v GLIBC_PRIVATE
else
%{_prefix}/lib/rpm/find-requires %{buildroot} %{glibc_target_cpu} | grep -v GLIBC_PRIVATE
fi
_EOF
chmod +x find_requires.sh
#___EOF

%build
cd %{_builddir}/%{name}-build
../%{name}-%{version}/configure \
        --prefix=%{_prefix} \
        --disable-profile \
        --enable-kernel=2.6.32 \
        --enable-obsolete-rpc \
        --enable-obsolete-nsl \
        --enable-bind-now \
        --disable-experimental-malloc \
        --disable-silent-rules

# Sometimes we have false "out of memory" make error
# just rerun/continue make to workaroung it.
make %{?_smp_mflags} || make %{?_smp_mflags} || make %{?_smp_mflags}

%install
#       Do not remove static libs
pushd %{_builddir}/glibc-build
#       Create directories
make install_root=%{buildroot} install
install -vdm 755 %{buildroot}%{_sysconfdir}/ld.so.conf.d
install -vdm 755 %{buildroot}/var/cache/nscd
install -vdm 755 %{buildroot}%{_libdir}/locale
cp -v ../%{name}-%{version}/nscd/nscd.conf %{buildroot}%{_sysconfdir}/nscd.conf
#       Install locale generation script and config file
cp -v %{SOURCE2} %{buildroot}%{_sysconfdir}
cp -v %{SOURCE1} %{buildroot}/sbin
#       Remove unwanted cruft
rm -rf %{buildroot}%{_infodir}
#       Install configuration files
cat > %{buildroot}%{_sysconfdir}/nsswitch.conf <<- "EOF"
#       Begin /etc/nsswitch.conf

        passwd: files
        group: files
        shadow: files

        hosts: files dns
        networks: files

        protocols: files
        services: files
        ethers: files
        rpc: files
#       End /etc/nsswitch.conf
EOF
cat > %{buildroot}%{_sysconfdir}/ld.so.conf <<- "EOF"
#       Begin /etc/ld.so.conf
        /usr/local/lib
        /opt/lib
        include /etc/ld.so.conf.d/*.conf
EOF
popd
%find_lang %{name} --all-name
pushd localedata
# Generate out of locale-archive an (en_US.) UTF-8 locale
mkdir -p %{buildroot}/usr/lib/locale
I18NPATH=. GCONV_PATH=../../glibc-build/iconvdata LC_ALL=C ../../glibc-build/locale/localedef --no-archive --prefix=%{buildroot} -A ../intl/locale.alias -i locales/en_US -c -f charmaps/UTF-8 en_US.UTF-8
mv %{buildroot}/usr/lib/locale/en_US.utf8 %{buildroot}/usr/lib/locale/en_US.UTF-8
popd
# to do not depend on /bin/bash
sed -i 's@#! /bin/bash@#! /bin/sh@' %{buildroot}/usr/bin/ldd
sed -i 's@#!/bin/bash@#!/bin/sh@' %{buildroot}/usr/bin/tzselect

%check
cd %{_builddir}/glibc-build
make %{?_smp_mflags} check ||:
# These 2 persistant false positives are OK
# XPASS for: elf/tst-protected1a and elf/tst-protected1b
[ `grep ^XPASS tests.sum | wc -l` -ne 2 -a `grep "^XPASS: elf/tst-protected1[ab]" tests.sum | wc -l` -ne 2 ] && exit 1 ||:

# FAIL (intermittent) in chroot but PASS in container:
# posix/tst-spawn3 and stdio-common/test-vfprintf
n=0
grep "^FAIL: posix/tst-spawn3" tests.sum >/dev/null && n=$((n+1)) ||:
grep "^FAIL: stdio-common/test-vfprintf" tests.sum >/dev/null && n=$((n+1)) ||:
# FAIL always on overlayfs/aufs (in container)
grep "^FAIL: posix/tst-dir" tests.sum >/dev/null && n=$((n+1)) ||:

#https://sourceware.org/glibc/wiki/Testing/Testsuite
grep "^FAIL: nptl/tst-eintr1" tests.sum >/dev/null && n=$((n+1)) ||:
#This happens because the kernel fails to reap exiting threads fast enough,
#eventually resulting an EAGAIN when pthread_create is called within the test.

# check for exact 'n' failures
[ `grep ^FAIL tests.sum | wc -l` -ne $n ] && exit 1 ||:

%post -p /sbin/ldconfig

%postun -p /sbin/ldconfig

%files
%defattr(-,root,root)
%{_libdir}/locale/*
%dir %{_sysconfdir}/ld.so.conf.d
%config(noreplace) %{_sysconfdir}/nsswitch.conf
%config(noreplace) %{_sysconfdir}/ld.so.conf
%config(noreplace) %{_sysconfdir}/rpc
%config(missingok,noreplace) %{_sysconfdir}/ld.so.cache
%config %{_sysconfdir}/locale-gen.conf
/lib64/*
%ifarch aarch64
%exclude /lib
%endif
%exclude /lib64/libpcprofile.so
%{_lib64dir}/*.so
/sbin/ldconfig
/sbin/locale-gen.sh
%{_bindir}/*
%{_libexecdir}/*
%{_datadir}/i18n/charmaps/UTF-8.gz
%{_datadir}/i18n/charmaps/ISO-8859-1.gz
%{_datadir}/i18n/locales/en_US
%{_datarootdir}/locale/locale.alias
%exclude %{_localstatedir}/lib/nss_db/Makefile
%exclude /usr/bin/catchsegv
%exclude /usr/bin/iconv
%exclude /usr/bin/mtrace
%exclude /usr/bin/pcprofiledump
%exclude /usr/bin/pldd
%exclude /usr/bin/rpcgen
%exclude /usr/bin/sotruss
%exclude /usr/bin/sprof
%exclude /usr/bin/xtrace

%files iconv
%defattr(-,root,root)
%{_lib64dir}/gconv/*
/usr/bin/iconv
/usr/sbin/iconvconfig

%files tools
%defattr(-,root,root)
/usr/bin/catchsegv
/usr/bin/mtrace
/usr/bin/pcprofiledump
/usr/bin/pldd
/usr/bin/rpcgen
/usr/bin/sotruss
/usr/bin/sprof
/usr/bin/xtrace
/usr/sbin/zdump
/usr/sbin/zic
/sbin/sln
%{_lib64dir}/audit/*
/lib64/libpcprofile.so

%files nscd
%defattr(-,root,root)
%config(noreplace) %{_sysconfdir}/nscd.conf
/usr/sbin/nscd
%dir %{_localstatedir}/cache/nscd

%files i18n
%defattr(-,root,root)
%{_datadir}/i18n/charmaps/*.gz
%{_datadir}/i18n/locales/*
%exclude %{_datadir}/i18n/charmaps/UTF-8.gz
%exclude %{_datadir}/i18n/charmaps/ISO-8859-1.gz
%exclude %{_datadir}/i18n/locales/en_US


%files devel
%defattr(-,root,root)
# TODO: Excluding for now to remove dependency on PERL
# /usr/bin/mtrace
%{_lib64dir}/*.a
%{_lib64dir}/*.o
%{_includedir}/*

%files -f %{name}.lang lang
%defattr(-,root,root)


%changelog
*   Mon Jan 08 2018 Xiaolin Li <xiaolinl@vmware.com> 2.26-9
-   Fix CVE-2017-16997
*   Thu Dec 21 2017 Xiaolin Li <xiaolinl@vmware.com> 2.26-8
-   Fix CVE-2017-17426
*   Tue Nov 14 2017 Alexey Makhalov <amakhalov@vmware.com> 2.26-7
-   Aarch64 support
*   Wed Oct 25 2017 Xiaolin Li <xiaolinl@vmware.com> 2.26-6
-   Fix CVE-2017-15670 and CVE-2017-15804
*   Tue Oct 10 2017 Alexey Makhalov <amakhalov@vmware.com> 2.26-5
-   Compile out tcache.
*   Fri Sep 15 2017 Bo Gan <ganb@vmware.com> 2.26-4
-   exclude tst-eintr1 per official wiki recommendation.
*   Tue Sep 12 2017 Alexey Makhalov <amakhalov@vmware.com> 2.26-3
-   Fix makecheck for run in docker.
*   Tue Aug 29 2017 Alexey Makhalov <amakhalov@vmware.com> 2.26-2
-   Fix tunables setter.
-   Add malloc arena fix.
-   Fix makecheck.
*   Tue Aug 15 2017 Alexey Makhalov <amakhalov@vmware.com> 2.26-1
-   Version update
*   Tue Aug 08 2017 Anish Swaminathan <anishs@vmware.com> 2.25-4
-   Apply fix for CVE-2017-1000366
*   Thu May 4  2017 Bo Gan <ganb@vmware.com> 2.25-3
-   Remove bash dependency in post/postun script
*   Fri Apr 21 2017 Alexey Makhalov <amakhalov@vmware.com> 2.25-2
-   Added -iconv -tools and -nscd subpackages
*   Wed Mar 22 2017 Alexey Makhalov <amakhalov@vmware.com> 2.25-1
-   Version update
*   Wed Dec 14 2016 Alexey Makhalov <amakhalov@vmware.com> 2.24-1
-   Version update
*   Wed Nov 23 2016 Alexey Makhalov <amakhalov@vmware.com> 2.22-13
-   Install en_US.UTF-8 locale by default
*   Wed Nov 16 2016 Alexey Makhalov <amakhalov@vmware.com> 2.22-12
-   Added i18n subpackage
*   Tue Oct 25 2016 Alexey Makhalov <amakhalov@vmware.com> 2.22-11
-   Workaround for build failure with "out of memory" message
*   Wed Sep 28 2016 Alexey Makhalov <amakhalov@vmware.com> 2.22-10
-   Added pthread_create-fix-use-after-free.patch
*   Tue Jun 14 2016 Divya Thaluru <dthaluru@vmware.com> 2.22-9
-   Enabling rpm debug package and stripping the libraries
*   Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 2.22-8
-   GA - Bump release of all rpms
*   Mon May 23 2016 Divya Thaluru <dthaluru@vmware.com> 2.22-7
-   Added patch for CVE-2014-9761
*   Mon Mar 21 2016 Alexey Makhalov <amakhalov@vmware.com>  2.22-6
-   Security hardening: nonow
*   Fri Mar 18 2016 Anish Swaminathan <anishs@vmware.com>  2.22-5
-   Change conf file qualifiers
*   Fri Mar 11 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com>  2.22-4
-   Added patch for res_qeury assertion with bad dns config
-   Details: https://sourceware.org/bugzilla/show_bug.cgi?id=19791
*   Tue Feb 16 2016 Anish Swaminathan <anishs@vmware.com>  2.22-3
-   Added patch for CVE-2015-7547
*   Mon Feb 08 2016 Anish Swaminathan <anishs@vmware.com>  2.22-2
-   Added patch for bindresvport blacklist
*   Tue Jan 12 2016 Xiaolin Li <xiaolinl@vmware.com> 2.22-1
-   Updated to version 2.22
*   Tue Dec 1 2015 Divya Thaluru <dthaluru@vmware.com> 2.19-8
-   Disabling rpm debug package and stripping the libraries
*   Wed Nov 18 2015 Divya Thaluru <dthaluru@vmware.com> 2.19-7
-   Adding patch to close nss files database
*   Tue Nov 10 2015 Xiaolin Li <xiaolinl@vmware.com> 2.19-6
-   Handled locale files with macro find_lang
*   Wed Aug 05 2015 Kumar Kaushik <kaushikk@vmware.com> 2.19-5
-   Adding postun section for ldconfig.
*   Tue Jul 28 2015 Alexey Makhalov <amakhalov@vmware.com> 2.19-4
-   Support glibc building against current rpm version.
*   Thu Jul 23 2015 Divya Thaluru <dthaluru@vmware.com> 2.19-3
-   Packing locale-gen scripts
*   Mon May 18 2015 Touseef Liaqat <tliaqat@vmware.com> 2.19-2
-   Update according to UsrMove.
*   Wed Nov 5 2014 Divya Thaluru <dthaluru@vmware.com> 2.19-1
-   Initial build. First version