Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

sys-libs/glibc: update to patchlevel 2.37-rc5 #1171

Merged
merged 3 commits into from
Sep 22, 2023
Merged

sys-libs/glibc: update to patchlevel 2.37-rc5 #1171

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
9ae20fd
sys-libs/glibc: import upstream 2.37-r5
t-lo Sep 22, 2023
b7e7da1
sys-libs/glibc: Apply Flatcar modifications
t-lo Sep 22, 2023
a6c9180
glibc: changelog for CVE-2023-4527, CVE-2023-4806
t-lo Sep 22, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions changelog/security/2023-09-22-glibc-2.37-r5.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
- glibc ([CVE-2023-4527](https://nvd.nist.gov/vuln/detail/CVE-2023-4527), [CVE-2023-4806](https://nvd.nist.gov/vuln/detail/CVE-2023-4806))
36 changes: 34 additions & 2 deletions ...erlay/sys-libs/glibc/glibc-2.37-r3.ebuild → ...erlay/sys-libs/glibc/glibc-2.37-r5.ebuild
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ SLOT="2.2"
EMULTILIB_PKG="true"

# Gentoo patchset (ignored for live ebuilds)
PATCH_VER=5
PATCH_VER=7
PATCH_DEV=dilfridge

# gcc mulitilib bootstrap files version
Expand All @@ -39,7 +39,7 @@ MIN_PAX_UTILS_VER="1.3.3"
if [[ ${PV} == 9999* ]]; then
inherit git-r3
else
KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86"
KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
SRC_URI="mirror://gnu/glibc/${P}.tar.xz"
SRC_URI+=" https://dev.gentoo.org/~${PATCH_DEV}/distfiles/${P}-patches-${PATCH_VER}.tar.xz"
fi
Expand Down Expand Up @@ -170,6 +170,30 @@ XFAIL_TEST_LIST=(
tst-strsignal
)

XFAIL_NSPAWN_TEST_LIST=(
# These tests need to be adapted to handle EPERM/ENOSYS(?) properly
# upstream, as systemd-nspawn's default seccomp whitelist is too strict.
# https://sourceware.org/PR30603
test-errno-linux
tst-bz21269
tst-mlock2
tst-ntp_gettime
tst-ntp_gettime-time64
tst-ntp_gettimex
tst-ntp_gettimex-time64
tst-pkey
tst-process_mrelease
tst-adjtime
tst-adjtime-time64
tst-clock2
tst-clock2-time64

# These fail if --suppress-sync and/or low priority is set
tst-sync_file_range
tst-sched1
test-errno
)

#
# Small helper functions
#
Expand Down Expand Up @@ -840,6 +864,8 @@ sanity_prechecks() {
}

upgrade_warning() {
is_crosscompile && return

if [[ ${MERGE_TYPE} != buildonly && -n ${REPLACING_VERSIONS} && -z ${ROOT} ]]; then
local oldv newv=$(ver_cut 1-2 ${PV})
for oldv in ${REPLACING_VERSIONS}; do
Expand Down Expand Up @@ -1225,6 +1251,12 @@ glibc_src_test() {

local myxfailparams=""
if [[ "${GENTOO_GLIBC_XFAIL_TESTS}" == "yes" ]] ; then
local virt=$(systemd-detect-virt 2>/dev/null)
if [[ ${virt} == systemd-nspawn ]] ; then
ewarn "Skipping extra tests because in systemd-nspawn container"
XFAIL_TEST_LIST+=( "${XFAIL_NSPAWN_TEST_LIST[@]}" )
fi

for myt in ${XFAIL_TEST_LIST[@]} ; do
myxfailparams+="test-xfail-${myt}=yes "
done
Expand Down
Loading