packages/glibc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!693 backport patches from glibc upstream 2.38 branch and revert some customization modification

Browse Source 
From: @liqingqing_1229 
Reviewed-by: @yang_yanchao 
Signed-off-by: @yang_yanchao
This commit is contained in:
openeuler-ci-bot 2023-09-18 01:28:26 +00:00 committed by Gitee
commit b8e298e51c
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
6 changed files with 462 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
0001-Optimizing-__random-for-single-threaded-scenarios.patch
View File

@ -1,44 +0,0 @@
From f54e1ddea12343991b402abf28be2b94ffbac2c5 Mon Sep 17 00:00:00 2001
From: Tian Tao <tiantao6@hisilicon.com>
Date: Tue, 11 Jul 2023 08:42:56 +0800
Subject: [PATCH] Optimizing __random for single-threaded scenarios
The __random function does not need to be locked by __libc_lock_lock and
unlocked by __libc_lock_unlock in a single-threaded scenario, so we can
remove these locks in a single-threaded scenario to improve performance.
Signed-off-by: Tian Tao <tiantao6@hisilicon.com>
---
stdlib/random.c | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/stdlib/random.c b/stdlib/random.c
index 62f22fac8d..9035df8d18 100644
--- a/stdlib/random.c
+++ b/stdlib/random.c
@@ -288,11 +288,19 @@ __random (void)
{
int32_t retval;
- __libc_lock_lock (lock);
+ if (__libc_single_threaded) {
- (void) __random_r (&unsafe_state, &retval);
+ (void) __random_r (&unsafe_state, &retval);
- __libc_lock_unlock (lock);
+ } else {
+
+ __libc_lock_lock (lock);
+
+ (void) __random_r (&unsafe_state, &retval);
+
+ __libc_lock_unlock (lock);
+
+ }
return retval;
}
--
2.33.0

338
0001-getaddrinfo-Fix-use-after-free-in-getcanonname-CVE-2.patch Normal file
View File

@ -0,0 +1,338 @@
From 00ae4f10b504bc4564e9f22f00907093f1ab9338 Mon Sep 17 00:00:00 2001
From: Siddhesh Poyarekar <siddhesh@sourceware.org>
Date: Fri, 15 Sep 2023 13:51:12 -0400
Subject: [PATCH 1/4] getaddrinfo: Fix use after free in getcanonname
(CVE-2023-4806)
When an NSS plugin only implements the _gethostbyname2_r and
_getcanonname_r callbacks, getaddrinfo could use memory that was freed
during tmpbuf resizing, through h_name in a previous query response.
The backing store for res->at->name when doing a query with
gethostbyname3_r or gethostbyname2_r is tmpbuf, which is reallocated in
gethosts during the query. For AF_INET6 lookup with AI_ALL |
AI_V4MAPPED, gethosts gets called twice, once for a v6 lookup and second
for a v4 lookup. In this case, if the first call reallocates tmpbuf
enough number of times, resulting in a malloc, th->h_name (that
res->at->name refers to) ends up on a heap allocated storage in tmpbuf.
Now if the second call to gethosts also causes the plugin callback to
return NSS_STATUS_TRYAGAIN, tmpbuf will get freed, resulting in a UAF
reference in res->at->name. This then gets dereferenced in the
getcanonname_r plugin call, resulting in the use after free.
Fix this by copying h_name over and freeing it at the end. This
resolves BZ #30843, which is assigned CVE-2023-4806.
Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
(cherry picked from commit 973fe93a5675c42798b2161c6f29c01b0e243994)
---
nss/Makefile | 15 ++++-
nss/nss_test_gai_hv2_canonname.c | 56 +++++++++++++++++
nss/tst-nss-gai-hv2-canonname.c | 63 +++++++++++++++++++
nss/tst-nss-gai-hv2-canonname.h | 1 +
.../postclean.req | 0
.../tst-nss-gai-hv2-canonname.script | 2 +
sysdeps/posix/getaddrinfo.c | 25 +++++---
7 files changed, 152 insertions(+), 10 deletions(-)
create mode 100644 nss/nss_test_gai_hv2_canonname.c
create mode 100644 nss/tst-nss-gai-hv2-canonname.c
create mode 100644 nss/tst-nss-gai-hv2-canonname.h
create mode 100644 nss/tst-nss-gai-hv2-canonname.root/postclean.req
create mode 100644 nss/tst-nss-gai-hv2-canonname.root/tst-nss-gai-hv2-canonname.script
diff --git a/nss/Makefile b/nss/Makefile
index 06fcdc450f..8a5126ecf3 100644
--- a/nss/Makefile
+++ b/nss/Makefile
@@ -82,6 +82,7 @@ tests-container := \
tst-nss-test3 \
tst-reload1 \
tst-reload2 \
+ tst-nss-gai-hv2-canonname \
# tests-container
# Tests which need libdl
@@ -145,7 +146,8 @@ libnss_compat-inhibit-o = $(filter-out .os,$(object-suffixes))
ifeq ($(build-static-nss),yes)
tests-static += tst-nss-static
endif
-extra-test-objs += nss_test1.os nss_test2.os nss_test_errno.os
+extra-test-objs += nss_test1.os nss_test2.os nss_test_errno.os \
+ nss_test_gai_hv2_canonname.os
include ../Rules
@@ -180,12 +182,16 @@ rtld-tests-LDFLAGS += -Wl,--dynamic-list=nss_test.ver
libof-nss_test1 = extramodules
libof-nss_test2 = extramodules
libof-nss_test_errno = extramodules
+libof-nss_test_gai_hv2_canonname = extramodules
$(objpfx)/libnss_test1.so: $(objpfx)nss_test1.os $(link-libc-deps)
$(build-module)
$(objpfx)/libnss_test2.so: $(objpfx)nss_test2.os $(link-libc-deps)
$(build-module)
$(objpfx)/libnss_test_errno.so: $(objpfx)nss_test_errno.os $(link-libc-deps)
$(build-module)
+$(objpfx)/libnss_test_gai_hv2_canonname.so: \
+ $(objpfx)nss_test_gai_hv2_canonname.os $(link-libc-deps)
+ $(build-module)
$(objpfx)nss_test2.os : nss_test1.c
# Use the nss_files suffix for these objects as well.
$(objpfx)/libnss_test1.so$(libnss_files.so-version): $(objpfx)/libnss_test1.so
@@ -195,10 +201,14 @@ $(objpfx)/libnss_test2.so$(libnss_files.so-version): $(objpfx)/libnss_test2.so
$(objpfx)/libnss_test_errno.so$(libnss_files.so-version): \
$(objpfx)/libnss_test_errno.so
$(make-link)
+$(objpfx)/libnss_test_gai_hv2_canonname.so$(libnss_files.so-version): \
+ $(objpfx)/libnss_test_gai_hv2_canonname.so
+ $(make-link)
$(patsubst %,$(objpfx)%.out,$(tests) $(tests-container)) : \
$(objpfx)/libnss_test1.so$(libnss_files.so-version) \
$(objpfx)/libnss_test2.so$(libnss_files.so-version) \
- $(objpfx)/libnss_test_errno.so$(libnss_files.so-version)
+ $(objpfx)/libnss_test_errno.so$(libnss_files.so-version) \
+ $(objpfx)/libnss_test_gai_hv2_canonname.so$(libnss_files.so-version)
ifeq (yes,$(have-thread-library))
$(objpfx)tst-cancel-getpwuid_r: $(shared-thread-library)
@@ -215,3 +225,4 @@ LDFLAGS-tst-nss-test3 = -Wl,--disable-new-dtags
LDFLAGS-tst-nss-test4 = -Wl,--disable-new-dtags
LDFLAGS-tst-nss-test5 = -Wl,--disable-new-dtags
LDFLAGS-tst-nss-test_errno = -Wl,--disable-new-dtags
+LDFLAGS-tst-nss-test_gai_hv2_canonname = -Wl,--disable-new-dtags
diff --git a/nss/nss_test_gai_hv2_canonname.c b/nss/nss_test_gai_hv2_canonname.c
new file mode 100644
index 0000000000..4439c83c9f
--- /dev/null
+++ b/nss/nss_test_gai_hv2_canonname.c
@@ -0,0 +1,56 @@
+/* NSS service provider that only provides gethostbyname2_r.
+ Copyright The GNU Toolchain Authors.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <https://www.gnu.org/licenses/>. */
+
+#include <nss.h>
+#include <stdlib.h>
+#include <string.h>
+#include "nss/tst-nss-gai-hv2-canonname.h"
+
+/* Catch misnamed and functions. */
+#pragma GCC diagnostic error "-Wmissing-prototypes"
+NSS_DECLARE_MODULE_FUNCTIONS (test_gai_hv2_canonname)
+
+extern enum nss_status _nss_files_gethostbyname2_r (const char *, int,
+ struct hostent *, char *,
+ size_t, int *, int *);
+
+enum nss_status
+_nss_test_gai_hv2_canonname_gethostbyname2_r (const char *name, int af,
+ struct hostent *result,
+ char *buffer, size_t buflen,
+ int *errnop, int *herrnop)
+{
+ return _nss_files_gethostbyname2_r (name, af, result, buffer, buflen, errnop,
+ herrnop);
+}
+
+enum nss_status
+_nss_test_gai_hv2_canonname_getcanonname_r (const char *name, char *buffer,
+ size_t buflen, char **result,
+ int *errnop, int *h_errnop)
+{
+ /* We expect QUERYNAME, which is a small enough string that it shouldn't fail
+ the test. */
+ if (memcmp (QUERYNAME, name, sizeof (QUERYNAME))
+ || buflen < sizeof (QUERYNAME))
+ abort ();
+
+ strncpy (buffer, name, buflen);
+ *result = buffer;
+ return NSS_STATUS_SUCCESS;
+}
diff --git a/nss/tst-nss-gai-hv2-canonname.c b/nss/tst-nss-gai-hv2-canonname.c
new file mode 100644
index 0000000000..d5f10c07d6
--- /dev/null
+++ b/nss/tst-nss-gai-hv2-canonname.c
@@ -0,0 +1,63 @@
+/* Test NSS query path for plugins that only implement gethostbyname2
+ (#30843).
+ Copyright The GNU Toolchain Authors.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <https://www.gnu.org/licenses/>. */
+
+#include <nss.h>
+#include <netdb.h>
+#include <stdlib.h>
+#include <string.h>
+#include <support/check.h>
+#include <support/xstdio.h>
+#include "nss/tst-nss-gai-hv2-canonname.h"
+
+#define PREPARE do_prepare
+
+static void do_prepare (int a, char **av)
+{
+ FILE *hosts = xfopen ("/etc/hosts", "w");
+ for (unsigned i = 2; i < 255; i++)
+ {
+ fprintf (hosts, "ff01::ff02:ff03:%u:2\ttest.example.com\n", i);
+ fprintf (hosts, "192.168.0.%u\ttest.example.com\n", i);
+ }
+ xfclose (hosts);
+}
+
+static int
+do_test (void)
+{
+ __nss_configure_lookup ("hosts", "test_gai_hv2_canonname");
+
+ struct addrinfo hints = {};
+ struct addrinfo *result = NULL;
+
+ hints.ai_family = AF_INET6;
+ hints.ai_flags = AI_ALL | AI_V4MAPPED | AI_CANONNAME;
+
+ int ret = getaddrinfo (QUERYNAME, NULL, &hints, &result);
+
+ if (ret != 0)
+ FAIL_EXIT1 ("getaddrinfo failed: %s\n", gai_strerror (ret));
+
+ TEST_COMPARE_STRING (result->ai_canonname, QUERYNAME);
+
+ freeaddrinfo(result);
+ return 0;
+}
+
+#include <support/test-driver.c>
diff --git a/nss/tst-nss-gai-hv2-canonname.h b/nss/tst-nss-gai-hv2-canonname.h
new file mode 100644
index 0000000000..14f2a9cb08
--- /dev/null
+++ b/nss/tst-nss-gai-hv2-canonname.h
@@ -0,0 +1 @@
+#define QUERYNAME "test.example.com"
diff --git a/nss/tst-nss-gai-hv2-canonname.root/postclean.req b/nss/tst-nss-gai-hv2-canonname.root/postclean.req
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/nss/tst-nss-gai-hv2-canonname.root/tst-nss-gai-hv2-canonname.script b/nss/tst-nss-gai-hv2-canonname.root/tst-nss-gai-hv2-canonname.script
new file mode 100644
index 0000000000..31848b4a28
--- /dev/null
+++ b/nss/tst-nss-gai-hv2-canonname.root/tst-nss-gai-hv2-canonname.script
@@ -0,0 +1,2 @@
+cp $B/nss/libnss_test_gai_hv2_canonname.so $L/libnss_test_gai_hv2_canonname.so.2
+su
diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c
index 0356b622be..b2236b105c 100644
--- a/sysdeps/posix/getaddrinfo.c
+++ b/sysdeps/posix/getaddrinfo.c
@@ -120,6 +120,7 @@ struct gaih_result
{
struct gaih_addrtuple *at;
char *canon;
+ char *h_name;
bool free_at;
bool got_ipv6;
};
@@ -165,6 +166,7 @@ gaih_result_reset (struct gaih_result *res)
if (res->free_at)
free (res->at);
free (res->canon);
+ free (res->h_name);
memset (res, 0, sizeof (*res));
}
@@ -203,9 +205,8 @@ gaih_inet_serv (const char *servicename, const struct gaih_typeproto *tp,
return 0;
}
-/* Convert struct hostent to a list of struct gaih_addrtuple objects. h_name
- is not copied, and the struct hostent object must not be deallocated
- prematurely. The new addresses are appended to the tuple array in RES. */
+/* Convert struct hostent to a list of struct gaih_addrtuple objects. The new
+ addresses are appended to the tuple array in RES. */
static bool
convert_hostent_to_gaih_addrtuple (const struct addrinfo *req, int family,
struct hostent *h, struct gaih_result *res)
@@ -238,6 +239,15 @@ convert_hostent_to_gaih_addrtuple (const struct addrinfo *req, int family,
res->at = array;
res->free_at = true;
+ /* Duplicate h_name because it may get reclaimed when the underlying storage
+ is freed. */
+ if (res->h_name == NULL)
+ {
+ res->h_name = __strdup (h->h_name);
+ if (res->h_name == NULL)
+ return false;
+ }
+
/* Update the next pointers on reallocation. */
for (size_t i = 0; i < old; i++)
array[i].next = array + i + 1;
@@ -262,7 +272,6 @@ convert_hostent_to_gaih_addrtuple (const struct addrinfo *req, int family,
}
array[i].next = array + i + 1;
}
- array[0].name = h->h_name;
array[count - 1].next = NULL;
return true;
@@ -324,15 +333,15 @@ gethosts (nss_gethostbyname3_r fct, int family, const char *name,
memory allocation failure. The returned string is allocated on the
heap; the caller has to free it. */
static char *
-getcanonname (nss_action_list nip, struct gaih_addrtuple *at, const char *name)
+getcanonname (nss_action_list nip, const char *hname, const char *name)
{
nss_getcanonname_r *cfct = __nss_lookup_function (nip, "getcanonname_r");
char *s = (char *) name;
if (cfct != NULL)
{
char buf[256];
- if (DL_CALL_FCT (cfct, (at->name ?: name, buf, sizeof (buf),
- &s, &errno, &h_errno)) != NSS_STATUS_SUCCESS)
+ if (DL_CALL_FCT (cfct, (hname ?: name, buf, sizeof (buf), &s, &errno,
+ &h_errno)) != NSS_STATUS_SUCCESS)
/* If the canonical name cannot be determined, use the passed
string. */
s = (char *) name;
@@ -771,7 +780,7 @@ get_nss_addresses (const char *name, const struct addrinfo *req,
if ((req->ai_flags & AI_CANONNAME) != 0
&& res->canon == NULL)
{
- char *canonbuf = getcanonname (nip, res->at, name);
+ char *canonbuf = getcanonname (nip, res->h_name, name);
if (canonbuf == NULL)
{
__resolv_context_put (res_ctx);
--
2.33.0

32
0002-iconv-restore-verbosity-with-unrecognized-encoding-n.patch Normal file
View File

@ -0,0 +1,32 @@
From 63250e9c571314b6daa2c949ea0af335ee766751 Mon Sep 17 00:00:00 2001
From: Andreas Schwab <schwab@suse.de>
Date: Tue, 1 Aug 2023 17:01:37 +0200
Subject: [PATCH 2/4] iconv: restore verbosity with unrecognized encoding names
(bug 30694)
Commit 91927b7c76 ("Rewrite iconv option parsing [BZ #19519]") changed the
iconv program to call __gconv_open directly instead of the iconv_open
wrapper, but the former does not set errno. Update the caller to
interpret the return codes like iconv_open does.
(cherry picked from commit fc72b6d7d818ab2868920af956d1542d03342a4d)
---
iconv/iconv_prog.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/iconv/iconv_prog.c b/iconv/iconv_prog.c
index bee898c63c..cf32cf9b44 100644
--- a/iconv/iconv_prog.c
+++ b/iconv/iconv_prog.c
@@ -187,7 +187,7 @@ main (int argc, char *argv[])
if (res != __GCONV_OK)
{
- if (errno == EINVAL)
+ if (res == __GCONV_NOCONV || res == __GCONV_NODB)
{
/* Try to be nice with the user and tell her which of the
two encoding names is wrong. This is possible because
--
2.33.0

50
0003-string-Fix-tester-build-with-fortify-enable-with-gcc.patch Normal file
View File

@ -0,0 +1,50 @@
From d94461bb86ba176b9390c0015bb612a528e22d95 Mon Sep 17 00:00:00 2001
From: Mahesh Bodapati <bmahi496@linux.ibm.com>
Date: Fri, 11 Aug 2023 10:38:25 -0500
Subject: [PATCH 3/4] string: Fix tester build with fortify enable with gcc <
12
When building with fortify enabled, GCC < 12 issues a warning on the
fortify strncat wrapper might overflow the destination buffer (the
failure is tied to -Werror).
Checked on ppc64 and x86_64.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
(cherry picked from commit f1c7ed0859a45929136836341741c7cd70f428cb)
---
string/tester.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/string/tester.c b/string/tester.c
index f7d4bac5a8..824cf315ff 100644
--- a/string/tester.c
+++ b/string/tester.c
@@ -34,6 +34,14 @@
DIAG_IGNORE_NEEDS_COMMENT (8, "-Wstringop-truncation");
#endif
+/* When building with fortify enabled, GCC < 12 issues a warning on the
+ fortify strncat wrapper might overflow the destination buffer (the
+ failure is tied to -Werror).
+ Triggered by strncat fortify wrapper when it is enabled. */
+#if __GNUC_PREREQ (11, 0)
+DIAG_IGNORE_NEEDS_COMMENT (11, "-Wstringop-overread");
+#endif
+
#include <errno.h>
#include <stdint.h>
#include <stdio.h>
@@ -52,9 +60,6 @@ DIAG_IGNORE_NEEDS_COMMENT (5.0, "-Wmemset-transposed-args");
DIAG_IGNORE_NEEDS_COMMENT (9, "-Wrestrict");
DIAG_IGNORE_NEEDS_COMMENT (7, "-Wstringop-overflow=");
#endif
-#if __GNUC_PREREQ (11, 0)
-DIAG_IGNORE_NEEDS_COMMENT (11, "-Wstringop-overread");
-#endif
#define STREQ(a, b) (strcmp((a), (b)) == 0)
--
2.33.0

30
0004-manual-jobs.texi-Add-missing-item-EPERM-for-getpgid.patch Normal file
View File

@ -0,0 +1,30 @@
From 0e1ef6779a90bc0f8a05bc367796df2793deecaa Mon Sep 17 00:00:00 2001
From: Mark Wielaard <mark@klomp.org>
Date: Thu, 24 Aug 2023 21:36:34 +0200
Subject: [PATCH 4/4] manual/jobs.texi: Add missing @item EPERM for getpgid
The missing @item makes it look like errno will be set to ESRCH
if a cross-session getpgid is not permitted.
Found by ulfvonbelow on irc.
(cherry picked from commit 5a21cefd5abab1b99eda1fbf84204a9bf41662ab)
---
manual/job.texi | 1 +
1 file changed, 1 insertion(+)
diff --git a/manual/job.texi b/manual/job.texi
index 42cb9fb26d..8157f13a1c 100644
--- a/manual/job.texi
+++ b/manual/job.texi
@@ -1133,6 +1133,7 @@ following @code{errno} error conditions are defined for this function:
@table @code
@item ESRCH
There is no process with the given process ID @var{pid}.
+@item EPERM
The calling process and the process specified by @var{pid} are in
different sessions, and the implementation doesn't allow to access the
process group ID of the process with ID @var{pid} from the calling
--
2.33.0

17
glibc.spec
View File

@ -67,7 +67,7 @@
##############################################################################
Name: glibc
Version: 2.38
Release: 9
Release: 10
Summary: The GNU libc libraries
License: %{all_license}
URL: http://www.gnu.org/software/glibc/
@ -106,6 +106,10 @@ Patch17: 0003-elf-Remove-unused-l_text_end-field-from-struct-link_.patch
Patch18: 0004-elf-Move-l_init_called_next-to-old-place-of-l_text_e.patch
Patch19: 0005-NEWS-Add-the-2.38.1-bug-list.patch
Patch20: CVE-2023-4527-Stack-read-overflow-with-large-TCP-res.patch
Patch21: 0001-getaddrinfo-Fix-use-after-free-in-getcanonname-CVE-2.patch
Patch22: 0002-iconv-restore-verbosity-with-unrecognized-encoding-n.patch
Patch23: 0003-string-Fix-tester-build-with-fortify-enable-with-gcc.patch
Patch24: 0004-manual-jobs.texi-Add-missing-item-EPERM-for-getpgid.patch
Patch9000: turn-default-value-of-x86_rep_stosb_threshold_form_2K_to_1M.patch
Patch9001: locale-delete-no-hard-link-to-avoid-all_language-pac.patch
@ -124,10 +128,9 @@ Patch9013: x86-use-total-l3cache-for-non_temporal_threshold.patch
Patch9014: strcmp-delete-align-for-loop_aligned.patch
Patch9015: add-pthread_cond_clockwait-GLIBC_2_28.patch
Patch9016: add-GB18030-2022-charmap-BZ-30243.patch
Patch9017: 0001-Optimizing-__random-for-single-threaded-scenarios.patch
Patch9018: fix-Segmentation-fault-in-nss-module.patch
Patch9019: fix_nss_database_check_reload_and_get_memleak.patch
Patch9020: 0001-fix-glibc-build-error-on-x86.patch
Patch9017: fix-Segmentation-fault-in-nss-module.patch
Patch9018: fix_nss_database_check_reload_and_get_memleak.patch
Patch9019: 0001-fix-glibc-build-error-on-x86.patch
%if %{ENABLE_RELOC}
Patch9021: reserve-relocation-information-for-sysboost.patch
@ -1320,6 +1323,10 @@ fi
%endif
%changelog
* Sat Sep 16 2023 Qingqing Li <liqingqing3@huawei.com> - 2.38-10
- backport patches from glibc upstream 2.38 branch
- revert some customization modification
* Fri Sep 15 2023 Qingqing Li <liqingqing3@huawei.com> - 2.38-9
- fix CVE-2023-4527