|
|
@@ -30,7 +30,7 @@ Summary: The GNU libc libraries
|
|
|
Summary(ja): GNU libc ライブラリ
|
|
|
Name: glibc
|
|
|
Version: %{glibcversion}
|
|
|
-Release: 3%{?_dist_release}
|
|
|
+Release: 4%{?_dist_release}
|
|
|
# GPLv2+ is used in a bunch of programs, LGPLv2+ is used for libraries.
|
|
|
# Things that are linked directly into dynamically linked programs
|
|
|
# and shared libraries (e.g. crt files, lib*_nonshared.a) have an additional
|
|
|
@@ -56,6 +56,12 @@ Patch13: %{name}-2.18-locarchive.patch
|
|
|
# patch for Vine
|
|
|
Patch10001: glibc-2.18-vine-build-env.patch
|
|
|
|
|
|
+# security
|
|
|
+Patch20000: CVE-2016-1234-1.patch
|
|
|
+Patch20001: CVE-2016-1234-2.patch
|
|
|
+Patch20002: CVE-2016-3075.patch
|
|
|
+Patch20003: CVE-2016-3706.patch
|
|
|
+Patch20004: CVE-2016-4429.patch
|
|
|
|
|
|
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
|
|
Obsoletes: glibc-profile < 2.4
|
|
|
@@ -430,6 +436,11 @@ package or when debugging this package.
|
|
|
|
|
|
%patch10001 -p1
|
|
|
|
|
|
+%patch20000 -p1
|
|
|
+%patch20001 -p1
|
|
|
+%patch20002 -p1
|
|
|
+%patch20003 -p1
|
|
|
+%patch20004 -p1
|
|
|
|
|
|
# A lot of programs still misuse memcpy when they have to use
|
|
|
# memmove. The memcpy implementation below is not tolerant at
|
|
|
@@ -1402,6 +1413,13 @@ rm -f *.filelist*
|
|
|
%endif
|
|
|
|
|
|
%changelog
|
|
|
+* Mon Aug 1 2016 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 2.23-4
|
|
|
+- added Patch20000-20004 to fix vulnerabilities.
|
|
|
+ - CVE-2016-1234
|
|
|
+ - CVE-2016-3075
|
|
|
+ - CVE-2016-3706
|
|
|
+ - CVE-2016-4429
|
|
|
+
|
|
|
* Sun Jun 26 2016 Yoji TOYODA <bsyamato@sea.plala.or.jp> 2.23-3
|
|
|
- rebuilt with gcc-5.4.0
|
|
|
|
tomop