Mon Oct 9 18:10:01 UTC 202320231009181001

a/aaa_glibc-solibs-2.38-x86_64-2.txz:  Rebuilt.
ap/qpdf-11.6.2-x86_64-1.txz:  Upgraded.
ap/vim-9.0.2009-x86_64-1.txz:  Upgraded.
l/desktop-file-utils-0.27-x86_64-1.txz:  Upgraded.
l/glibc-2.38-x86_64-2.txz:  Rebuilt.
  These glibc packages are the exact ones that were previously in /testing.
  A test mass rebuild was done here finding no new FTBFS, so I think these
  are good to go. :)
l/glibc-i18n-2.38-x86_64-2.txz:  Rebuilt.
l/glibc-profile-2.38-x86_64-2.txz:  Rebuilt.
l/imagemagick-7.1.1_20-x86_64-1.txz:  Upgraded.
l/libxkbcommon-1.6.0-x86_64-1.txz:  Upgraded.
l/shared-mime-info-2.3-x86_64-1.txz:  Upgraded.
n/c-ares-1.20.0-x86_64-1.txz:  Upgraded.
n/libtirpc-1.3.4-x86_64-1.txz:  Upgraded.
n/proftpd-1.3.8a-x86_64-1.txz:  Upgraded.
n/whois-5.5.19-x86_64-1.txz:  Upgraded.
  Fixed english support for Japanese queries to not add again the /e argument
  if it had already been provided by the user. (Closes: #1050171)
  Added the .ye and .*************** (.xn--54b7fta0cc, Bangladesh) TLD servers.
  Updated the .ba, .bb, .dk, .es, .gt, .jo, .ml, .mo, .pa, .pn, .sv, .uy,
  .a+-la-r+-d+.n+, (.xn--mgbayh7gpa, Jordan) and .****** (.xn--mix891f, Macao)
  TLD servers.
  Upgraded the TLD URLs to HTTPS whenever possible.
  Updated the charset for whois.jprs.jp.
  Removed 3 new gTLDs which are no longer active.
  Removed support for the obsolete as32 dot notation.
x/xterm-386-x86_64-1.txz:  Upgraded.
xap/vim-gvim-9.0.2009-x86_64-1.txz:  Upgraded.

1 files changed, 0 insertions, 70 deletions

diff --git a/source/l/glibc/patches/glibc-2.37.CVE-2023-4911.patch b/source/l/glibc/patches/glibc-2.37.CVE-2023-4911.patch
deleted file mode 100644
index 074317990..000000000
--- a/source/l/glibc/patches/glibc-2.37.CVE-2023-4911.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-From 1056e5b4c3f2d90ed2b4a55f96add28da2f4c8fa Mon Sep 17 00:00:00 2001
-From: Siddhesh Poyarekar <siddhesh@sourceware.org>
-Date: Tue, 19 Sep 2023 18:39:32 -0400
-Subject: [PATCH] tunables: Terminate if end of input is reached
- (CVE-2023-4911)
-
-The string parsing routine may end up writing beyond bounds of tunestr
-if the input tunable string is malformed, of the form name=name=val.
-This gets processed twice, first as name=name=val and next as name=val,
-resulting in tunestr being name=name=val:name=val, thus overflowing
-tunestr.
-
-Terminate the parsing loop at the first instance itself so that tunestr
-does not overflow.
-
-Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
-Reviewed-by: Carlos O'Donell <carlos@redhat.com>
----
- NEWS                          |  5 +++++
- elf/dl-tunables.c             | 17 +++++++++-------
-
-
---- ./NEWS.orig	2023-01-31 21:27:45.000000000 -0600
-+++ ./NEWS	2023-10-03 15:47:54.560781260 -0500
-@@ -28,6 +28,11 @@
-   heap and prints it to the target log file, potentially revealing a
-   portion of the contents of the heap.
- 
-+  CVE-2023-4911: If a tunable of the form NAME=NAME=VAL is passed in the
-+  environment of a setuid program and NAME is valid, it may result in a
-+  buffer overflow, which could be exploited to achieve escalated
-+  privileges.  This flaw was introduced in glibc 2.34.
-+
- The following bugs are resolved with this release:
- 
-   [12154] network: Cannot resolve hosts which have wildcard aliases
---- ./elf/dl-tunables.c.orig	2023-01-31 21:27:45.000000000 -0600
-+++ ./elf/dl-tunables.c	2023-10-03 15:47:54.560781260 -0500
-@@ -187,11 +187,7 @@
-       /* If we reach the end of the string before getting a valid name-value
- 	 pair, bail out.  */
-       if (p[len] == '\0')
--	{
--	  if (__libc_enable_secure)
--	    tunestr[off] = '\0';
--	  return;
--	}
-+	break;
- 
-       /* We did not find a valid name-value pair before encountering the
- 	 colon.  */
-@@ -251,9 +247,16 @@
- 	    }
- 	}
- 
--      if (p[len] != '\0')
--	p += len + 1;
-+      /* We reached the end while processing the tunable string.  */
-+      if (p[len] == '\0')
-+	break;
-+
-+      p += len + 1;
-     }
-+
-+  /* Terminate tunestr before we leave.  */
-+  if (__libc_enable_secure)
-+    tunestr[off] = '\0';
- }
- #endif
-