|
|
@@ -30,7 +30,7 @@ Summary: The GNU libc libraries
|
|
|
Summary(ja): GNU libc ライブラリ
|
|
|
Name: glibc
|
|
|
Version: %{glibcversion}
|
|
|
-Release: 4%{?_dist_release}
|
|
|
+Release: 5%{?_dist_release}
|
|
|
# GPLv2+ is used in a bunch of programs, LGPLv2+ is used for libraries.
|
|
|
# Things that are linked directly into dynamically linked programs
|
|
|
# and shared libraries (e.g. crt files, lib*_nonshared.a) have an additional
|
|
|
@@ -62,6 +62,7 @@ Patch20001: CVE-2016-1234-2.patch
|
|
|
Patch20002: CVE-2016-3075.patch
|
|
|
Patch20003: CVE-2016-3706.patch
|
|
|
Patch20004: CVE-2016-4429.patch
|
|
|
+Patch20005: glibc-2.23_CVE-2017-1000366.patch
|
|
|
|
|
|
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
|
|
Obsoletes: glibc-profile < 2.4
|
|
|
@@ -441,6 +442,7 @@ package or when debugging this package.
|
|
|
%patch20002 -p1
|
|
|
%patch20003 -p1
|
|
|
%patch20004 -p1
|
|
|
+%patch20005 -p1 -b .CVE-2017-1000366
|
|
|
|
|
|
# A lot of programs still misuse memcpy when they have to use
|
|
|
# memmove. The memcpy implementation below is not tolerant at
|
|
|
@@ -1413,6 +1415,9 @@ rm -f *.filelist*
|
|
|
%endif
|
|
|
|
|
|
%changelog
|
|
|
+* Tue Jun 20 2017 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 2.23-5
|
|
|
+- add patch20005 for fix CVE-2017-1000366
|
|
|
+
|
|
|
* Mon Aug 1 2016 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 2.23-4
|
|
|
- added Patch20000-20004 to fix vulnerabilities.
|
|
|
- CVE-2016-1234
|
iwaim