Mon Feb 21 20:21:38 UTC 202220220221202138

a/aaa_glibc-solibs-2.35-x86_64-1.txz:  Upgraded.
a/kernel-firmware-20220218_c53073d-noarch-1.txz:  Upgraded.
ap/flac-1.3.4-x86_64-1.txz:  Upgraded.
  This update fixes overflow issues with encoding and decoding.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0499
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0561
  (* Security fix *)
ap/ksh93-1.0_20220219_bc6c5dbd-x86_64-1.txz:  Upgraded.
ap/mariadb-10.6.7-x86_64-2.txz:  Rebuilt.
  Removed dangling symlink.
ap/vim-8.2.4428-x86_64-1.txz:  Upgraded.
  Patched ctags for glibc-2.35. Thanks to nobodino.
d/autoconf-2.71-noarch-1.txz:  Upgraded.
d/automake-1.16.5-noarch-1.txz:  Upgraded.
d/binutils-2.38-x86_64-2.txz:  Rebuilt.
  Fixed the SlackBuild to not run autoconf in the libiberty and intl
  subdirectories. It doesn't work with the latest autoconf, and there
  doesn't seem to be any need for it anyway.
d/cmake-3.22.2-x86_64-1.txz:  Upgraded.
d/meson-0.61.2-x86_64-1.txz:  Upgraded.
d/rcs-5.10.0-x86_64-4.txz:  Rebuilt.
  Patched for glibc-2.35. Thanks to nobodino.
d/scons-4.3.0-x86_64-1.txz:  Upgraded.
e/emacs-27.2-x86_64-2.txz:  Rebuilt.
  Patched for glibc-2.35. Thanks to nobodino.
kde/digikam-7.5.0-x86_64-2.txz:  Rebuilt.
  Recompiled against jasper-3.0.2.
kde/wacomtablet-20220124_dd28b27-x86_64-1.txz:  Upgraded.
l/LibRaw-0.20.2-x86_64-4.txz:  Rebuilt.
  Recompiled against jasper-3.0.2.
l/accountsservice-22.07.5-x86_64-1.txz:  Upgraded.
l/dconf-editor-3.38.3-x86_64-2.txz:  Rebuilt.
  Fixed build errors with meson.
l/expat-2.4.6-x86_64-1.txz:  Upgraded.
l/fuse-2.9.9-x86_64-4.txz:  Rebuilt.
  Patched for glibc-2.35. Thanks to nobodino.
l/gcr-3.40.0-x86_64-2.txz:  Rebuilt.
  Fixed build errors with meson.
l/gdk-pixbuf2-2.42.6-x86_64-2.txz:  Rebuilt.
  Fixed meson options.
l/gdk-pixbuf2-xlib-2.40.2-x86_64-4.txz:  Rebuilt.
  Fixed meson options.
l/gegl-0.4.34-x86_64-3.txz:  Rebuilt.
  Recompiled against jasper-3.0.2.
l/glade-3.38.2-x86_64-6.txz:  Rebuilt.
  Fixed build errors with meson.
  Removed duplicated 'da' from help/LINGUAS.
l/glibc-2.35-x86_64-1.txz:  Upgraded.
l/glibc-i18n-2.35-x86_64-1.txz:  Upgraded.
l/glibc-profile-2.35-x86_64-1.txz:  Upgraded.
l/gobject-introspection-1.71.0-x86_64-1.txz:  Upgraded.
  This update was needed to solve failing tests with the new meson.
l/gtk+2-2.24.33-x86_64-3.txz:  Rebuilt.
  Changed build/host to $ARCH-slackware-linux-gnu.
l/gtk4-4.4.1-x86_64-2.txz:  Rebuilt.
  Fixed meson options.
l/gvfs-1.48.1-x86_64-2.txz:  Rebuilt.
  Fixed build errors with meson.
l/imagemagick-7.1.0_26-x86_64-1.txz:  Upgraded.
l/jasper-3.0.2-x86_64-1.txz:  Upgraded.
  Shared library .so-version bump.
l/json-glib-1.6.6-x86_64-2.txz:  Rebuilt.
  Fixed meson options.
l/libsecret-0.20.5-x86_64-1.txz:  Upgraded.
l/netpbm-10.97.04-x86_64-1.txz:  Upgraded.
l/qt5-5.15.3_20211130_014c375b-x86_64-3.txz:  Rebuilt.
  Patched for glibc-2.35. Thanks to nobodino.
  Recompiled against jasper-3.0.2.
l/shared-mime-info-2.1-x86_64-4.txz:  Rebuilt.
  Fixed build errors with meson.
n/gpgme-1.17.0-x86_64-1.txz:  Upgraded.
n/ntp-4.2.8p15-x86_64-9.txz:  Rebuilt.
  Patched for glibc-2.35. Thanks to nobodino.
x/libinput-1.19.3-x86_64-2.txz:  Rebuilt.
  Recompiled against libwacom-2.1.0.
x/libva-2.14.0-x86_64-1.txz:  Upgraded.
x/libva-utils-2.14.0-x86_64-1.txz:  Upgraded.
x/libwacom-2.1.0-x86_64-1.txz:  Upgraded.
  Shared library .so-version bump.
x/motif-2.3.8-x86_64-6.txz:  Rebuilt.
  Fixed build with LEXLIB="-lfl".
x/vulkan-sdk-1.2.176.1-x86_64-3.txz:  Rebuilt.
  Patched for glibc-2.35. Thanks to nobodino.
x/xf86-input-wacom-1.0.0-x86_64-1.txz:  Upgraded.
xap/network-manager-applet-1.24.0-x86_64-3.txz:  Rebuilt.
  Fixed build errors with meson.
xap/vim-gvim-8.2.4428-x86_64-1.txz:  Upgraded.
isolinux/initrd.img:  Rebuilt.
usb-and-pxe-installers/usbboot.img:  Rebuilt.

11 files changed, 38 insertions, 1264 deletions

diff --git a/source/l/glibc/glibc-c-utf8-locale.patch b/source/l/glibc/glibc-c-utf8-locale.patch
deleted file mode 100644
index 7fabf303f..000000000
--- a/source/l/glibc/glibc-c-utf8-locale.patch
+++ /dev/null
@@ -1,270 +0,0 @@
-From 2eda7b462b415105f5a05c1323372d4e39d46439 Mon Sep 17 00:00:00 2001
-From: Mike FABIAN <mfabian@redhat.com>
-Date: Mon, 10 Aug 2015 15:58:12 +0200
-Subject: [PATCH] Add a C.UTF-8 locale
-
----
- localedata/SUPPORTED |   1 +
- localedata/locales/C | 238 +++++++++++++++++++++++++++++++++++++++++++++++++++
- 2 files changed, 239 insertions(+)
- create mode 100644 localedata/locales/C
-
-diff --git a/localedata/SUPPORTED b/localedata/SUPPORTED
-index 8ca023e..2a78391 100644
---- a/localedata/SUPPORTED
-+++ b/localedata/SUPPORTED
-@@ -1,6 +1,7 @@
- # This file names the currently supported and somewhat tested locales.
- # If you have any additions please file a glibc bug report.
- SUPPORTED-LOCALES=\
-+C.UTF-8/UTF-8 \
- aa_DJ.UTF-8/UTF-8 \
- aa_DJ/ISO-8859-1 \
- aa_ER/UTF-8 \
-diff --git a/localedata/locales/C b/localedata/locales/C
-new file mode 100644
-index 0000000..fdf460e
---- /dev/null
-+++ b/localedata/locales/C
-@@ -0,0 +1,238 @@
-+escape_char /
-+comment_char %
-+% Locale for C locale in UTF-8
-+
-+LC_IDENTIFICATION
-+title      "C locale"
-+source     ""
-+address    ""
-+contact    ""
-+email      "mfabian@redhat.com"
-+tel        ""
-+fax        ""
-+language   "C"
-+territory  ""
-+revision   "1.0"
-+date       "2015-08-10"
-+%
-+category  "i18n:2012";LC_IDENTIFICATION
-+category  "i18n:2012";LC_CTYPE
-+category  "i18n:2012";LC_COLLATE
-+category  "i18n:2012";LC_TIME
-+category  "i18n:2012";LC_NUMERIC
-+category  "i18n:2012";LC_MONETARY
-+category  "i18n:2012";LC_MESSAGES
-+category  "i18n:2012";LC_PAPER
-+category  "i18n:2012";LC_NAME
-+category  "i18n:2012";LC_ADDRESS
-+category  "i18n:2012";LC_TELEPHONE
-+category  "i18n:2012";LC_MEASUREMENT
-+END LC_IDENTIFICATION
-+
-+LC_CTYPE
-+copy "i18n"
-+
-+translit_start
-+include "translit_combining";""
-+translit_end
-+
-+END LC_CTYPE
-+
-+LC_COLLATE
-+order_start forward
-+<U0000>
-+..
-+<UFFFF>
-+<U10000>
-+..
-+<U1FFFF>
-+<U20000>
-+..
-+<U2FFFF>
-+<UE0000>
-+..
-+<UEFFFF>
-+<UF0000>
-+..
-+<UFFFFF>
-+<U100000>
-+..
-+<U10FFFF>
-+UNDEFINED
-+order_end
-+END LC_COLLATE
-+
-+LC_MONETARY
-+% This is the 14652 i18n fdcc-set definition for
-+% the LC_MONETARY category
-+% (except for the int_curr_symbol and currency_symbol, they are empty in
-+% the 14652 i18n fdcc-set definition and also empty in
-+% glibc/locale/C-monetary.c. But localedef complains in that case).
-+%
-+% Using "USD" for int_curr_symbol. But maybe "XXX" would be better?
-+% XXX is "No currency" (https://en.wikipedia.org/wiki/ISO_4217)
-+int_curr_symbol     "<U0055><U0053><U0044><U0020>"
-+% Using "$" for currency_symbol. But maybe <U00A4> would be better?
-+% U+00A4 is the "generic currency symbol"
-+% (https://en.wikipedia.org/wiki/Currency_sign_%28typography%29)
-+currency_symbol     "<U0024>"
-+mon_decimal_point   "<U002E>"
-+mon_thousands_sep   ""
-+mon_grouping        -1
-+positive_sign       ""
-+negative_sign       "<U002D>"
-+int_frac_digits     -1
-+frac_digits         -1
-+p_cs_precedes       -1
-+int_p_sep_by_space  -1
-+p_sep_by_space      -1
-+n_cs_precedes       -1
-+int_n_sep_by_space  -1
-+n_sep_by_space      -1
-+p_sign_posn         -1
-+n_sign_posn         -1
-+%
-+END LC_MONETARY
-+
-+LC_NUMERIC
-+% This is the POSIX Locale definition for
-+% the LC_NUMERIC category.
-+%
-+decimal_point   "<U002E>"
-+thousands_sep   ""
-+grouping        -1
-+END LC_NUMERIC
-+
-+LC_TIME
-+% This is the POSIX Locale definition for
-+% the LC_TIME category.
-+%
-+% Abbreviated weekday names (%a)
-+abday       "<U0053><U0075><U006E>";"<U004D><U006F><U006E>";/
-+            "<U0054><U0075><U0065>";"<U0057><U0065><U0064>";/
-+            "<U0054><U0068><U0075>";"<U0046><U0072><U0069>";/
-+            "<U0053><U0061><U0074>"
-+
-+% Full weekday names (%A)
-+day         "<U0053><U0075><U006E><U0064><U0061><U0079>";/
-+            "<U004D><U006F><U006E><U0064><U0061><U0079>";/
-+            "<U0054><U0075><U0065><U0073><U0064><U0061><U0079>";/
-+            "<U0057><U0065><U0064><U006E><U0065><U0073><U0064><U0061><U0079>";/
-+            "<U0054><U0068><U0075><U0072><U0073><U0064><U0061><U0079>";/
-+            "<U0046><U0072><U0069><U0064><U0061><U0079>";/
-+            "<U0053><U0061><U0074><U0075><U0072><U0064><U0061><U0079>"
-+
-+% Abbreviated month names (%b)
-+abmon       "<U004A><U0061><U006E>";"<U0046><U0065><U0062>";/
-+            "<U004D><U0061><U0072>";"<U0041><U0070><U0072>";/
-+            "<U004D><U0061><U0079>";"<U004A><U0075><U006E>";/
-+            "<U004A><U0075><U006C>";"<U0041><U0075><U0067>";/
-+            "<U0053><U0065><U0070>";"<U004F><U0063><U0074>";/
-+            "<U004E><U006F><U0076>";"<U0044><U0065><U0063>"
-+
-+% Full month names (%B)
-+mon         "<U004A><U0061><U006E><U0075><U0061><U0072><U0079>";/
-+            "<U0046><U0065><U0062><U0072><U0075><U0061><U0072><U0079>";/
-+            "<U004D><U0061><U0072><U0063><U0068>";/
-+            "<U0041><U0070><U0072><U0069><U006C>";/
-+            "<U004D><U0061><U0079>";/
-+            "<U004A><U0075><U006E><U0065>";/
-+            "<U004A><U0075><U006C><U0079>";/
-+            "<U0041><U0075><U0067><U0075><U0073><U0074>";/
-+            "<U0053><U0065><U0070><U0074><U0065><U006D><U0062><U0065><U0072>";/
-+            "<U004F><U0063><U0074><U006F><U0062><U0065><U0072>";/
-+            "<U004E><U006F><U0076><U0065><U006D><U0062><U0065><U0072>";/
-+            "<U0044><U0065><U0063><U0065><U006D><U0062><U0065><U0072>"
-+
-+% Week description, consists of three fields:
-+% 1. Number of days in a week.
-+% 2. Gregorian date that is a first weekday (19971130 for Sunday, 19971201 for Monday).
-+% 3. The weekday number to be contained in the first week of the year.
-+%
-+% ISO 8601 conforming applications should use the values 7, 19971201 (a
-+% Monday), and 4 (Thursday), respectively.
-+week    7;19971201;4
-+first_weekday	1
-+first_workday	1
-+
-+% Appropriate date and time representation (%c)
-+%	"%a %b %e %H:%M:%S %Y"
-+d_t_fmt "<U0025><U0061><U0020><U0025><U0062><U0020><U0025><U0065><U0020><U0025><U0048><U003A><U0025><U004D><U003A><U0025><U0053><U0020><U0025><U0059>"
-+
-+% Appropriate date representation (%x)
-+%	"%m/%d/%y"
-+d_fmt   "<U0025><U006D><U002F><U0025><U0064><U002F><U0025><U0079>"
-+
-+% Appropriate time representation (%X)
-+%	"%H:%M:%S"
-+t_fmt   "<U0025><U0048><U003A><U0025><U004D><U003A><U0025><U0053>"
-+
-+% Appropriate AM/PM time representation (%r)
-+%	"%I:%M:%S %p"
-+t_fmt_ampm "<U0025><U0049><U003A><U0025><U004D><U003A><U0025><U0053><U0020><U0025><U0070>"
-+
-+% Equivalent of AM/PM (%p)      "AM"/"PM"
-+%
-+am_pm	"<U0041><U004D>";"<U0050><U004D>"
-+
-+% Appropriate date representation (date(1))   "%a %b %e %H:%M:%S %Z %Y"
-+date_fmt	"<U0025><U0061><U0020><U0025><U0062><U0020><U0025><U0065><U0020><U0025><U0048><U003A><U0025><U004D><U003A><U0025><U0053><U0020><U0025><U005A><U0020><U0025><U0059>"
-+END LC_TIME
-+
-+LC_MESSAGES
-+% This is the POSIX Locale definition for
-+% the LC_NUMERIC category.
-+%
-+yesexpr "<U005E><U005B><U0079><U0059><U005D>"
-+noexpr  "<U005E><U005B><U006E><U004E><U005D>"
-+yesstr  "<U0059><U0065><U0073>"
-+nostr   "<U004E><U006F>"
-+END LC_MESSAGES
-+
-+LC_PAPER
-+% This is the ISO/IEC 14652 "i18n" definition for
-+% the LC_PAPER category.
-+% (A4 paper, this is also used in the built in C/POSIX
-+% locale in glibc/locale/C-paper.c)
-+height   297
-+width    210
-+END LC_PAPER
-+
-+LC_NAME
-+% This is the ISO/IEC 14652 "i18n" definition for
-+% the LC_NAME category.
-+% "%p%t%g%t%m%t%f"
-+% (also used in the built in C/POSIX locale in glibc/locale/C-name.c)
-+name_fmt    "<U0025><U0070><U0025><U0074><U0025><U0067><U0025><U0074>/
-+<U0025><U006D><U0025><U0074><U0025><U0066>"
-+END LC_NAME
-+
-+LC_ADDRESS
-+% This is the ISO/IEC 14652 "i18n" definition for
-+% the LC_ADDRESS category.
-+% "%a%N%f%N%d%N%b%N%s %h %e %r%N%C-%z %T%N%c%N"
-+% (also used in the built in C/POSIX locale in glibc/locale/C-address.c)
-+postal_fmt    "<U0025><U0061><U0025><U004E><U0025><U0066><U0025><U004E>/
-+<U0025><U0064><U0025><U004E><U0025><U0062><U0025><U004E><U0025><U0073>/
-+<U0020><U0025><U0068><U0020><U0025><U0065><U0020><U0025><U0072><U0025>/
-+<U004E><U0025><U0043><U002D><U0025><U007A><U0020><U0025><U0054><U0025>/
-+<U004E><U0025><U0063><U0025><U004E>"
-+END LC_ADDRESS
-+
-+LC_TELEPHONE
-+% This is the ISO/IEC 14652 "i18n" definition for
-+% the LC_TELEPHONE category.
-+% "+%c %a %l"
-+tel_int_fmt    "<U002B><U0025><U0063><U0020><U0025><U0061><U0020><U0025>/
-+<U006C>"
-+% (also used in the built in C/POSIX locale in glibc/locale/C-telephone.c)
-+END LC_TELEPHONE
-+
-+LC_MEASUREMENT
-+% This is the ISO/IEC 14652 "i18n" definition for
-+% the LC_MEASUREMENT category.
-+% (same as in the built in C/POSIX locale in glibc/locale/C-measurement.c)
-+%metric
-+measurement    1
-+END LC_MEASUREMENT
-+
--- 
-2.4.3
-
diff --git a/source/l/glibc/glibc.SlackBuild b/source/l/glibc/glibc.SlackBuild
index 7a1a5d5d5..f1eb962f8 100755
--- a/source/l/glibc/glibc.SlackBuild
+++ b/source/l/glibc/glibc.SlackBuild
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright 2006, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021  Patrick J. Volkerding, Sebeka, MN, USA
+# Copyright 2006, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021, 2022  Patrick J. Volkerding, Sebeka, MN, USA
 # All rights reserved.
 #
 # Redistribution and use of this script, with or without modification, is
@@ -25,7 +25,7 @@ cd $(dirname $0) ; CWD=$(pwd)
 PKGNAM=glibc
 VERSION=${VERSION:-$(echo glibc-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
 CHECKOUT=${CHECKOUT:-""}
-BUILD=${BUILD:-5}
+BUILD=${BUILD:-1}
 
 # I was considering disabling NSCD, but MoZes talked me out of it.  :)
 #DISABLE_NSCD=" --disable-nscd "
@@ -151,8 +151,6 @@ apply_patches() {
   zcat $CWD/glibc.locale.no-archive.diff.gz | patch -p1 --verbose || exit 1
   # Support ru_RU.CP1251 locale:
   zcat $CWD/glibc.ru_RU.CP1251.diff.gz | patch -p1 --verbose || exit 1
-  # Add a C.UTF-8 locale:
-  zcat $CWD/glibc-c-utf8-locale.patch.gz | patch -p1 --verbose || exit 1
   # Don't use AM/PM format for date(1). That's just plain crazy.
   zcat $CWD/glibc-2.32.en_US.no.am.pm.date.format.diff.gz | patch -p1 --verbose || exit 1
   # Other regression fixes from git:
@@ -404,7 +402,24 @@ cp -a $PKG/lib${LIBDIRSUFFIX}/* lib${LIBDIRSUFFIX}
 ( cd lib${LIBDIRSUFFIX}
   mkdir incoming
   mv *so* incoming
-  mv incoming/libSegFault.so .
+  mv incoming/libmemusage.so .
+  # Beginning with glibc-2.34, shared objects are using their ABI sonames
+  # directly, which is frankly, a terrible idea. It might help other package
+  # managers, but doesn't do us any favors where we already had a system for
+  # dealing with upgrades (and downgrades!). We'll change these libraries to
+  # use the versioned naming system of glibc-2.33 and earlier so that we don't
+  # have to handle these files differently and so that it's easy to see what
+  # version of glibc is in use at a glance.
+  cd incoming
+  for library in *.so.* ; do
+    mv $library $(echo $library | cut -f 1 -d .)-${VERSION}.so
+  done
+  # This one is a special case. We don't want an $ARCH embedded in the
+  # filename. It prevents using the same install scripts on all $ARCH
+  # and does no good since we'll never have multiple $ARCH libraries
+  # installed in the same directory anyway. So give it the previous name
+  # format:
+  mv ld-linux*-${VERSION}.so ld-${VERSION}.so
 )
 mkdir -p usr
 cp -a $PKG/usr/bin usr
@@ -460,7 +475,24 @@ fix_doinst
 ( cd lib${LIBDIRSUFFIX}
   mkdir incoming
   mv *so* incoming
-  mv incoming/libSegFault.so .
+  mv incoming/libmemusage.so .
+  # Beginning with glibc-2.34, shared objects are using their ABI sonames
+  # directly, which is frankly, a terrible idea. It might help other package
+  # managers, but doesn't do us any favors where we already had a system for
+  # dealing with upgrades (and downgrades!). We'll change these libraries to
+  # use the versioned naming system of glibc-2.33 and earlier so that we don't
+  # have to handle these files differently and so that it's easy to see what
+  # version of glibc is in use at a glance.
+  cd incoming
+  for library in *.so.* ; do
+    mv $library $(echo $library | cut -f 1 -d .)-${VERSION}.so
+  done
+  # This one is a special case. We don't want an $ARCH embedded in the
+  # filename. It prevents using the same install scripts on all $ARCH
+  # and does no good since we'll never have multiple $ARCH libraries
+  # installed in the same directory anyway. So give it the previous name
+  # format:
+  mv ld-linux*-${VERSION}.so ld-${VERSION}.so
 )
 # Build the package:
 /sbin/makepkg -l y -c n $TMP/glibc-$VERSION-$SLACKWARE_ARCH-$BUILD.txz
diff --git a/source/l/glibc/patches/0001-nsswitch-return-result-when-nss-database-is-locked.patch b/source/l/glibc/patches/0001-nsswitch-return-result-when-nss-database-is-locked.patch
deleted file mode 100644
index 458369251..000000000
--- a/source/l/glibc/patches/0001-nsswitch-return-result-when-nss-database-is-locked.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From c3479fb7939898ec22c655c383454d6e8b982a67 Mon Sep 17 00:00:00 2001
-From: Sergei Trofimovich <slyfox@gentoo.org>
-Date: Fri, 5 Feb 2021 07:32:18 +0000
-Subject: [PATCH] nsswitch: return result when nss database is locked [BZ
- #27343]
-
-Before the change nss_database_check_reload_and_get() did not populate
-the '*result' value when it returned success in a case of chroot
-detection. This caused initgroups() to use garage pointer in the
-following test (extracted from unbound):
-
-```
-
-int main() {
-    // load some NSS modules
-    struct passwd * pw = getpwnam("root");
-
-    chdir("/tmp");
-    chroot("/tmp");
-    chdir("/");
-    // access nsswitch.conf in a chroot
-    initgroups("root", 0);
-}
-```
-
-Reviewed-by: DJ Delorie <dj@redhat.com>
----
- nss/nss_database.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/nss/nss_database.c b/nss/nss_database.c
-index cf0306adc4..e1bef6bd75 100644
---- a/nss/nss_database.c
-+++ b/nss/nss_database.c
-@@ -398,8 +398,9 @@ nss_database_check_reload_and_get (struct nss_database_state *local,
- 	  && (str.st_ino != local->root_ino
- 	      ||  str.st_dev != local->root_dev)))
-     {
--      /* Change detected; disable reloading.  */
-+      /* Change detected; disable reloading and return current state.  */
-       atomic_store_release (&local->data.reload_disabled, 1);
-+      *result = local->data.services[database_index];
-       __libc_lock_unlock (local->lock);
-       __nss_module_disable_loading ();
-       return true;
--- 
-2.27.0
diff --git a/source/l/glibc/patches/CVE-2021-27645.patch b/source/l/glibc/patches/CVE-2021-27645.patch
deleted file mode 100644
index c568dd16b..000000000
--- a/source/l/glibc/patches/CVE-2021-27645.patch
+++ /dev/null
@@ -1,20 +0,0 @@
---- ./nscd/netgroupcache.c.orig	2021-08-07 13:20:02.459057859 -0500
-+++ ./nscd/netgroupcache.c	2021-08-07 13:22:08.983060689 -0500
-@@ -248,7 +248,7 @@
- 					     : NULL);
- 				    ndomain = (ndomain ? newbuf + ndomaindiff
- 					       : NULL);
--				    buffer = newbuf;
-+				    *tofreep = buffer = newbuf;
- 				  }
- 
- 				nhost = memcpy (buffer + bufused,
-@@ -319,7 +319,7 @@
- 		    else if (status == NSS_STATUS_TRYAGAIN && e == ERANGE)
- 		      {
- 			buflen *= 2;
--			buffer = xrealloc (buffer, buflen);
-+			*tofreep = buffer = xrealloc (buffer, buflen);
- 		      }
- 		    else if (status == NSS_STATUS_RETURN
- 			     || status == NSS_STATUS_NOTFOUND
diff --git a/source/l/glibc/patches/CVE-2021-33574_1.patch b/source/l/glibc/patches/CVE-2021-33574_1.patch
deleted file mode 100644
index 20f1889ce..000000000
--- a/source/l/glibc/patches/CVE-2021-33574_1.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-From 42d359350510506b87101cf77202fefcbfc790cb Mon Sep 17 00:00:00 2001
-From: Andreas Schwab <schwab@linux-m68k.org>
-Date: Thu, 27 May 2021 12:49:47 +0200
-Subject: [PATCH] Use __pthread_attr_copy in mq_notify (bug 27896)
-
-Make a deep copy of the pthread attribute object to remove a potential
-use-after-free issue.
----
- NEWS                                |  4 ++++
- sysdeps/unix/sysv/linux/mq_notify.c | 15 ++++++++++-----
- 2 files changed, 14 insertions(+), 5 deletions(-)
-
-diff --git a/NEWS b/NEWS
-index 6f4d325d55..1bf3daa502 100644
---- a/NEWS
-+++ b/NEWS
-@@ -62,6 +62,10 @@ Security related changes:
-   potentially resulting in degraded service or Denial of Service on the
-   local system.  Reported by Chris Schanzle.
- 
-+  CVE-2021-33574: The mq_notify function has a potential use-after-free
-+  issue when using a notification type of SIGEV_THREAD and a thread
-+  attribute with a non-default affinity mask.
-+
- The following bugs are resolved with this release:
- 
-   [The release manager will add the list generated by
-diff --git a/sysdeps/unix/sysv/linux/mq_notify.c b/sysdeps/unix/sysv/linux/mq_notify.c
-index cc575a0cdd..f7ddfe5a6c 100644
---- a/sysdeps/unix/sysv/linux/mq_notify.c
-+++ b/sysdeps/unix/sysv/linux/mq_notify.c
-@@ -133,8 +133,11 @@ helper_thread (void *arg)
- 	    (void) __pthread_barrier_wait (&notify_barrier);
- 	}
-       else if (data.raw[NOTIFY_COOKIE_LEN - 1] == NOTIFY_REMOVED)
--	/* The only state we keep is the copy of the thread attributes.  */
--	free (data.attr);
-+	{
-+	  /* The only state we keep is the copy of the thread attributes.  */
-+	  pthread_attr_destroy (data.attr);
-+	  free (data.attr);
-+	}
-     }
-   return NULL;
- }
-@@ -255,8 +258,7 @@ mq_notify (mqd_t mqdes, const struct sigevent *notification)
-       if (data.attr == NULL)
- 	return -1;
- 
--      memcpy (data.attr, notification->sigev_notify_attributes,
--	      sizeof (pthread_attr_t));
-+      __pthread_attr_copy (data.attr, notification->sigev_notify_attributes);
-     }
- 
-   /* Construct the new request.  */
-@@ -270,7 +272,10 @@ mq_notify (mqd_t mqdes, const struct sigevent *notification)
- 
-   /* If it failed, free the allocated memory.  */
-   if (__glibc_unlikely (retval != 0))
--    free (data.attr);
-+    {
-+      pthread_attr_destroy (data.attr);
-+      free (data.attr);
-+    }
- 
-   return retval;
- }
--- 
-2.27.0
-
-
diff --git a/source/l/glibc/patches/CVE-2021-33574_2.patch b/source/l/glibc/patches/CVE-2021-33574_2.patch
deleted file mode 100644
index 608dbfdc5..000000000
--- a/source/l/glibc/patches/CVE-2021-33574_2.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From 217b6dc298156bdb0d6aea9ea93e7e394a5ff091 Mon Sep 17 00:00:00 2001
-From: Florian Weimer <fweimer@redhat.com>
-Date: Tue, 1 Jun 2021 17:51:41 +0200
-Subject: [PATCH] Fix use of __pthread_attr_copy in mq_notify (bug 27896)
-
-__pthread_attr_copy can fail and does not initialize the attribute
-structure in that case.
-
-If __pthread_attr_copy is never called and there is no allocated
-attribute, pthread_attr_destroy should not be called, otherwise
-there is a null pointer dereference in rt/tst-mqueue6.
-
-Fixes commit 42d359350510506b87101cf77202fefcbfc790cb
-("Use __pthread_attr_copy in mq_notify (bug 27896)").
-
-Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
----
- sysdeps/unix/sysv/linux/mq_notify.c | 11 +++++++++--
- 1 file changed, 9 insertions(+), 2 deletions(-)
-
-diff --git a/sysdeps/unix/sysv/linux/mq_notify.c b/sysdeps/unix/sysv/linux/mq_notify.c
-index f7ddfe5a6c..6f46d29d1d 100644
---- a/sysdeps/unix/sysv/linux/mq_notify.c
-+++ b/sysdeps/unix/sysv/linux/mq_notify.c
-@@ -258,7 +258,14 @@ mq_notify (mqd_t mqdes, const struct sigevent *notification)
-       if (data.attr == NULL)
- 	return -1;
- 
--      __pthread_attr_copy (data.attr, notification->sigev_notify_attributes);
-+      int ret = __pthread_attr_copy (data.attr,
-+				     notification->sigev_notify_attributes);
-+      if (ret != 0)
-+	{
-+	  free (data.attr);
-+	  __set_errno (ret);
-+	  return -1;
-+	}
-     }
- 
-   /* Construct the new request.  */
-@@ -271,7 +278,7 @@ mq_notify (mqd_t mqdes, const struct sigevent *notification)
-   int retval = INLINE_SYSCALL (mq_notify, 2, mqdes, &se);
- 
-   /* If it failed, free the allocated memory.  */
--  if (__glibc_unlikely (retval != 0))
-+  if (retval != 0 && data.attr != NULL)
-     {
-       pthread_attr_destroy (data.attr);
-       free (data.attr);
--- 
-2.27.0
-
-
diff --git a/source/l/glibc/patches/CVE-2021-35942.patch b/source/l/glibc/patches/CVE-2021-35942.patch
deleted file mode 100644
index fde0fbdb3..000000000
--- a/source/l/glibc/patches/CVE-2021-35942.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 5adda61f62b77384718b4c0d8336ade8f2b4b35c Mon Sep 17 00:00:00 2001
-From: Andreas Schwab <schwab@linux-m68k.org>
-Date: Fri, 25 Jun 2021 15:02:47 +0200
-Subject: [PATCH] wordexp: handle overflow in positional parameter number (bug
- 28011)
-
-Use strtoul instead of atoi so that overflow can be detected.
----
- posix/wordexp-test.c | 1 +
- posix/wordexp.c      | 2 +-
- 2 files changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/posix/wordexp-test.c b/posix/wordexp-test.c
-index f93a546d7e..9df02dbbb3 100644
---- a/posix/wordexp-test.c
-+++ b/posix/wordexp-test.c
-@@ -183,6 +183,7 @@ struct test_case_struct
-     { 0, NULL, "$var", 0, 0, { NULL, }, IFS },
-     { 0, NULL, "\"\\n\"", 0, 1, { "\\n", }, IFS },
-     { 0, NULL, "", 0, 0, { NULL, }, IFS },
-+    { 0, NULL, "${1234567890123456789012}", 0, 0, { NULL, }, IFS },
- 
-     /* Flags not already covered (testit() has special handling for these) */
-     { 0, NULL, "one two", WRDE_DOOFFS, 2, { "one", "two", }, IFS },
-diff --git a/posix/wordexp.c b/posix/wordexp.c
-index bcbe96e48d..1f3b09f721 100644
---- a/posix/wordexp.c
-+++ b/posix/wordexp.c
-@@ -1399,7 +1399,7 @@ envsubst:
-   /* Is it a numeric parameter? */
-   else if (isdigit (env[0]))
-     {
--      int n = atoi (env);
-+      unsigned long n = strtoul (env, NULL, 10);
- 
-       if (n >= __libc_argc)
- 	/* Substitute NULL. */
--- 
-2.27.0
-
-
diff --git a/source/l/glibc/patches/CVE-2021-38604.patch b/source/l/glibc/patches/CVE-2021-38604.patch
deleted file mode 100644
index ad0a81588..000000000
--- a/source/l/glibc/patches/CVE-2021-38604.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From b805aebd42364fe696e417808a700fdb9800c9e8 Mon Sep 17 00:00:00 2001
-From: Nikita Popov <npv1310@gmail.com>
-Date: Mon, 9 Aug 2021 20:17:34 +0530
-Subject: [PATCH] librt: fix NULL pointer dereference (bug 28213)
-
-Helper thread frees copied attribute on NOTIFY_REMOVED message
-received from the OS kernel.  Unfortunately, it fails to check whether
-copied attribute actually exists (data.attr != NULL).  This worked
-earlier because free() checks passed pointer before actually
-attempting to release corresponding memory.  But
-__pthread_attr_destroy assumes pointer is not NULL.
-
-So passing NULL pointer to __pthread_attr_destroy will result in
-segmentation fault.  This scenario is possible if
-notification->sigev_notify_attributes == NULL (which means default
-thread attributes should be used).
-
-Signed-off-by: Nikita Popov <npv1310@gmail.com>
-Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
----
- sysdeps/unix/sysv/linux/mq_notify.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/sysdeps/unix/sysv/linux/mq_notify.c b/sysdeps/unix/sysv/linux/mq_notify.c
-index 9799dcdaa4..eccae2e4c6 100644
---- a/sysdeps/unix/sysv/linux/mq_notify.c
-+++ b/sysdeps/unix/sysv/linux/mq_notify.c
-@@ -131,7 +131,7 @@ helper_thread (void *arg)
- 	       to wait until it is done with it.  */
- 	    (void) __pthread_barrier_wait (&notify_barrier);
- 	}
--      else if (data.raw[NOTIFY_COOKIE_LEN - 1] == NOTIFY_REMOVED)
-+      else if (data.raw[NOTIFY_COOKIE_LEN - 1] == NOTIFY_REMOVED && data.attr != NULL)
- 	{
- 	  /* The only state we keep is the copy of the thread attributes.  */
- 	  __pthread_attr_destroy (data.attr);
--- 
-2.27.0
-
-
diff --git a/source/l/glibc/patches/cdc31409bd4f878577059e70dbd52a28643ec609.patch b/source/l/glibc/patches/cdc31409bd4f878577059e70dbd52a28643ec609.patch
deleted file mode 100644
index 96f56ce73..000000000
--- a/source/l/glibc/patches/cdc31409bd4f878577059e70dbd52a28643ec609.patch
+++ /dev/null
@@ -1,237 +0,0 @@
-From cdc31409bd4f878577059e70dbd52a28643ec609 Mon Sep 17 00:00:00 2001
-From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
-Date: Wed, 31 Mar 2021 13:53:34 -0300
-Subject: [PATCH] linux: Normalize and return timeout on select (BZ #27651)
-
-The commit 2433d39b697, which added time64 support to select, changed
-the function to use __NR_pselect6 (or __NR_pelect6_time64) on all
-architectures.  However, on architectures where the symbol was
-implemented with __NR_select the kernel normalizes the passed timeout
-instead of return EINVAL.  For instance, the input timeval
-{ 0, 5000000 } is interpreted as { 5, 0 }.
-
-And as indicated by BZ #27651, this semantic seems to be expected
-and changing it results in some performance issues (most likely
-the program does not check the return code and keeps issuing
-select with unormalized tv_usec argument).
-
-To avoid a different semantic depending whether which syscall the
-architecture used to issue, select now always normalize the timeout
-input.  This is a slight change for some ABIs (for instance aarch64).
-
-Checked on x86_64-linux-gnu and i686-linux-gnu.
----
- include/time.h                             |  5 +++
- sunrpc/svcauth_des.c                       |  1 -
- support/Makefile                           |  2 ++
- support/support.h                          |  8 +++++
- support/support_select_modify_timeout.c    | 29 ++++++++++++++++
- support/support_select_normalize_timeout.c | 29 ++++++++++++++++
- sysdeps/unix/sysv/linux/select.c           | 40 ++++++++++++++++++----
- 8 files changed, 123 insertions(+), 8 deletions(-)
- create mode 100644 support/support_select_modify_timeout.c
- create mode 100644 support/support_select_normalize_timeout.c
-
-diff --git a/include/time.h b/include/time.h
-index caf2af5e74..e0636132a6 100644
---- a/include/time.h
-+++ b/include/time.h
-@@ -502,6 +502,11 @@ time_now (void)
-   __clock_gettime (TIME_CLOCK_GETTIME_CLOCKID, &ts);
-   return ts.tv_sec;
- }
-+
-+#define NSEC_PER_SEC    1000000000L  /* Nanoseconds per second.  */
-+#define USEC_PER_SEC    1000000L     /* Microseconds per second.  */
-+#define NSEC_PER_USEC   1000L        /* Nanoseconds per microsecond.  */
-+
- #endif
- 
- #endif
-diff --git a/sunrpc/svcauth_des.c b/sunrpc/svcauth_des.c
-index 7607abc818..25a85c9097 100644
---- a/sunrpc/svcauth_des.c
-+++ b/sunrpc/svcauth_des.c
-@@ -58,7 +58,6 @@
- 
- #define debug(msg)		/*printf("svcauth_des: %s\n", msg) */
- 
--#define USEC_PER_SEC ((uint32_t) 1000000L)
- #define BEFORE(t1, t2) timercmp(t1, t2, <)
- 
- /*
-diff --git a/support/Makefile b/support/Makefile
-index 900e17f94f..1e2fc97ee6 100644
---- a/support/Makefile
-+++ b/support/Makefile
-@@ -68,6 +68,8 @@ libsupport-routines = \
-   support_quote_string \
-   support_record_failure \
-   support_run_diff \
-+  support_select_modify_timeout \
-+  support_select_normalize_timeout \
-   support_set_small_thread_stack_size \
-   support_shared_allocate \
-   support_small_stack_thread_attribute \
-diff --git a/support/support.h b/support/support.h
-index e023d00857..f983783d64 100644
---- a/support/support.h
-+++ b/support/support.h
-@@ -144,6 +144,14 @@ static __inline bool support_path_support_time64 (const char *path)
- /* Return true if stat supports nanoseconds resolution.  */
- extern bool support_stat_nanoseconds (const char *path);
- 
-+/* Return true if select modify the timeout to reflect the amount of time
-+   no slept.  */
-+extern bool support_select_modify_timeout (void);
-+
-+/* Return true if select normalize the timeout input by taking in account
-+   tv_usec larger than 1000000.  */
-+extern bool support_select_normalize_timeout (void);
-+
- __END_DECLS
- 
- #endif /* SUPPORT_H */
-diff --git a/support/support_select_modify_timeout.c b/support/support_select_modify_timeout.c
-new file mode 100644
-index 0000000000..d70a5a5068
---- /dev/null
-+++ b/support/support_select_modify_timeout.c
-@@ -0,0 +1,29 @@
-+/* Return whether select modify the timeout.
-+   Copyright (C) 2021 Free Software Foundation, Inc.
-+   This file is part of the GNU C Library.
-+
-+   The GNU C Library is free software; you can redistribute it and/or
-+   modify it under the terms of the GNU Lesser General Public
-+   License as published by the Free Software Foundation; either
-+   version 2.1 of the License, or (at your option) any later version.
-+
-+   The GNU C Library is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   Lesser General Public License for more details.
-+
-+   You should have received a copy of the GNU Lesser General Public
-+   License along with the GNU C Library; if not, see
-+   <https://www.gnu.org/licenses/>.  */
-+
-+#include <stdbool.h>
-+
-+bool
-+support_select_modify_timeout (void)
-+{
-+#ifdef __linux__
-+  return true;
-+#else
-+  return false;
-+#endif
-+}
-diff --git a/support/support_select_normalize_timeout.c b/support/support_select_normalize_timeout.c
-new file mode 100644
-index 0000000000..447e3ec3e3
---- /dev/null
-+++ b/support/support_select_normalize_timeout.c
-@@ -0,0 +1,29 @@
-+/* Return whether select normalize the timeout.
-+   Copyright (C) 2021 Free Software Foundation, Inc.
-+   This file is part of the GNU C Library.
-+
-+   The GNU C Library is free software; you can redistribute it and/or
-+   modify it under the terms of the GNU Lesser General Public
-+   License as published by the Free Software Foundation; either
-+   version 2.1 of the License, or (at your option) any later version.
-+
-+   The GNU C Library is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   Lesser General Public License for more details.
-+
-+   You should have received a copy of the GNU Lesser General Public
-+   License along with the GNU C Library; if not, see
-+   <https://www.gnu.org/licenses/>.  */
-+
-+#include <stdbool.h>
-+
-+bool
-+support_select_normalize_timeout (void)
-+{
-+#ifdef __linux__
-+  return true;
-+#else
-+  return false;
-+#endif
-+}
-diff --git a/sysdeps/unix/sysv/linux/select.c b/sysdeps/unix/sysv/linux/select.c
-index 415aa87d3c..d075270ff4 100644
---- a/sysdeps/unix/sysv/linux/select.c
-+++ b/sysdeps/unix/sysv/linux/select.c
-@@ -33,12 +33,34 @@ int
- __select64 (int nfds, fd_set *readfds, fd_set *writefds, fd_set *exceptfds,
- 	    struct __timeval64 *timeout)
- {
--  struct __timespec64 ts64, *pts64 = NULL;
--  if (timeout != NULL)
-+  __time64_t s = timeout != NULL ? timeout->tv_sec : 0;
-+  int32_t us = timeout != NULL ? timeout->tv_usec : 0;
-+  int32_t ns;
-+
-+  if (s < 0 || us < 0)
-+    return INLINE_SYSCALL_ERROR_RETURN_VALUE (EINVAL);
-+
-+  /* Normalize the timeout, as legacy Linux __NR_select and __NR__newselect.
-+     Different than syscall, it also handle possible overflow.  */
-+  if (us / USEC_PER_SEC > INT64_MAX - s)
-     {
--      ts64 = timeval64_to_timespec64 (*timeout);
--      pts64 = &ts64;
-+      s = INT64_MAX;
-+      ns = NSEC_PER_SEC - 1;
-     }
-+  else
-+    {
-+      s += us / USEC_PER_SEC;
-+      us = us % USEC_PER_SEC;
-+      ns = us * NSEC_PER_USEC;
-+    }
-+
-+  struct __timespec64 ts64, *pts64 = NULL;
-+   if (timeout != NULL)
-+     {
-+       ts64.tv_sec = s;
-+       ts64.tv_nsec = ns;
-+       pts64 = &ts64;
-+     }
- 
- #ifndef __NR_pselect6_time64
- # define __NR_pselect6_time64 __NR_pselect6
-@@ -52,10 +74,13 @@ __select64 (int nfds, fd_set *readfds, fd_set *writefds, fd_set *exceptfds,
-          (though the pselect() glibc call suppresses this behavior).
-          Since select() on Linux has the same behavior as the pselect6
-          syscall, we update the timeout here.  */
--      if (r == 0 || errno != ENOSYS)
-+      if (r >= 0 || errno != ENOSYS)
- 	{
- 	  if (timeout != NULL)
--	    TIMEVAL_TO_TIMESPEC (timeout, &ts64);
-+	    {
-+	      timeout->tv_sec = ts64.tv_sec;
-+	      timeout->tv_usec = ts64.tv_nsec / NSEC_PER_USEC;
-+	    }
- 	  return r;
- 	}
- 
-@@ -71,7 +96,8 @@ __select64 (int nfds, fd_set *readfds, fd_set *writefds, fd_set *exceptfds,
- 	  __set_errno (EINVAL);
- 	  return -1;
- 	}
--      ts32 = valid_timespec64_to_timespec (ts64);
-+      ts32.tv_sec = s;
-+      ts32.tv_nsec = ns;
-       pts32 = &ts32;
-     }
- # ifndef __ASSUME_PSELECT
--- 
-2.27.0
-
-
diff --git a/source/l/glibc/patches/glibc.CVE-2021-3998.patch b/source/l/glibc/patches/glibc.CVE-2021-3998.patch
deleted file mode 100644
index 45602d050..000000000
--- a/source/l/glibc/patches/glibc.CVE-2021-3998.patch
+++ /dev/null
@@ -1,123 +0,0 @@
-From f7a79879c0b2bef0dadd6caaaeeb0d26423e04e5 Mon Sep 17 00:00:00 2001
-From: Siddhesh Poyarekar <siddhesh@sourceware.org>
-Date: Thu, 13 Jan 2022 11:28:36 +0530
-Subject: [PATCH] realpath: Set errno to ENAMETOOLONG for result larger than
- PATH_MAX [BZ #28770]
-
-realpath returns an allocated string when the result exceeds PATH_MAX,
-which is unexpected when its second argument is not NULL.  This results
-in the second argument (resolved) being uninitialized and also results
-in a memory leak since the caller expects resolved to be the same as the
-returned value.
-
-Return NULL and set errno to ENAMETOOLONG if the result exceeds
-PATH_MAX.  This fixes [BZ #28770], which is CVE-2021-3998.
-
-Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
-Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
-(cherry picked from commit ee8d5e33adb284601c00c94687bc907e10aec9bb)
----
- NEWS                          |  4 +++
- stdlib/Makefile               |  1 +
- stdlib/canonicalize.c         | 12 +++++++--
- stdlib/tst-realpath-toolong.c | 49 +++++++++++++++++++++++++++++++++++
- 4 files changed, 64 insertions(+), 2 deletions(-)
- create mode 100644 stdlib/tst-realpath-toolong.c
-
---- ./NEWS.orig	2021-02-01 11:15:33.000000000 -0600
-+++ ./NEWS	2022-01-24 13:32:24.268678228 -0600
-@@ -118,6 +118,10 @@
-   CVE-2019-25013: A buffer overflow has been fixed in the iconv function when
-   invoked with EUC-KR input containing invalid multibyte input sequences.
- 
-+  CVE-2021-3998: Passing a path longer than PATH_MAX to the realpath
-+  function could result in a memory leak and potential access of
-+  uninitialized memory.  Reported by Qualys.
-+
- The following bugs are resolved with this release:
- 
-   [10635] libc: realpath portability patches
---- ./stdlib/canonicalize.c.orig	2021-02-01 11:15:33.000000000 -0600
-+++ ./stdlib/canonicalize.c	2022-01-24 13:32:24.268678228 -0600
-@@ -400,8 +400,16 @@
- 
- error:
-   *dest++ = '\0';
--  if (resolved != NULL && dest - rname <= get_path_max ())
--    rname = strcpy (resolved, rname);
-+  if (resolved != NULL)
-+    {
-+      if (dest - rname <= get_path_max ())
-+	rname = strcpy (resolved, rname);
-+      else
-+	{
-+	  failed = true;
-+	  __set_errno (ENAMETOOLONG);
-+	}
-+    }
- 
- error_nomem:
-   scratch_buffer_free (&extra_buffer);
---- ./stdlib/Makefile.orig	2022-01-24 13:32:24.268678228 -0600
-+++ ./stdlib/Makefile	2022-01-24 13:32:59.968676254 -0600
-@@ -86,7 +86,7 @@
- 		   tst-makecontext-align test-bz22786 tst-strtod-nan-sign \
- 		   tst-swapcontext1 tst-setcontext4 tst-setcontext5 \
- 		   tst-setcontext6 tst-setcontext7 tst-setcontext8 \
--		   tst-setcontext9 tst-bz20544 tst-canon-bz26341
-+		   tst-setcontext9 tst-bz20544 tst-canon-bz26341 tst-realpath-toolong
- 
- tests-internal	:= tst-strtod1i tst-strtod3 tst-strtod4 tst-strtod5i \
- 		   tst-tls-atexit tst-tls-atexit-nodelete
---- ./stdlib/tst-realpath-toolong.c.orig	2022-01-24 13:32:24.268678228 -0600
-+++ ./stdlib/tst-realpath-toolong.c	2022-01-24 13:32:24.268678228 -0600
-@@ -0,0 +1,49 @@
-+/* Verify that realpath returns NULL with ENAMETOOLONG if the result exceeds
-+   NAME_MAX.
-+   Copyright The GNU Toolchain Authors.
-+   This file is part of the GNU C Library.
-+
-+   The GNU C Library is free software; you can redistribute it and/or
-+   modify it under the terms of the GNU Lesser General Public
-+   License as published by the Free Software Foundation; either
-+   version 2.1 of the License, or (at your option) any later version.
-+
-+   The GNU C Library is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   Lesser General Public License for more details.
-+
-+   You should have received a copy of the GNU Lesser General Public
-+   License along with the GNU C Library; if not, see
-+   <https://www.gnu.org/licenses/>.  */
-+
-+#include <errno.h>
-+#include <limits.h>
-+#include <stdlib.h>
-+#include <string.h>
-+#include <unistd.h>
-+#include <support/check.h>
-+#include <support/temp_file.h>
-+#include <sys/types.h>
-+#include <sys/stat.h>
-+
-+#define BASENAME "tst-realpath-toolong."
-+
-+int
-+do_test (void)
-+{
-+  char *base = support_create_and_chdir_toolong_temp_directory (BASENAME);
-+
-+  char buf[PATH_MAX + 1];
-+  const char *res = realpath (".", buf);
-+
-+  /* canonicalize.c states that if the real path is >= PATH_MAX, then
-+     realpath returns NULL and sets ENAMETOOLONG.  */
-+  TEST_VERIFY (res == NULL);
-+  TEST_VERIFY (errno == ENAMETOOLONG);
-+
-+  free (base);
-+  return 0;
-+}
-+
-+#include <support/test-driver.c>
diff --git a/source/l/glibc/patches/glibc.CVE-2021-3999.patch b/source/l/glibc/patches/glibc.CVE-2021-3999.patch
deleted file mode 100644
index 0644f798a..000000000
--- a/source/l/glibc/patches/glibc.CVE-2021-3999.patch
+++ /dev/null
@@ -1,356 +0,0 @@
-From 472e799a5f2102bc0c3206dbd5a801765fceb39c Mon Sep 17 00:00:00 2001
-From: Siddhesh Poyarekar <siddhesh@sourceware.org>
-Date: Fri, 21 Jan 2022 23:32:56 +0530
-Subject: [PATCH] getcwd: Set errno to ERANGE for size == 1 (CVE-2021-3999)
-
-No valid path returned by getcwd would fit into 1 byte, so reject the
-size early and return NULL with errno set to ERANGE.  This change is
-prompted by CVE-2021-3999, which describes a single byte buffer
-underflow and overflow when all of the following conditions are met:
-
-- The buffer size (i.e. the second argument of getcwd) is 1 byte
-- The current working directory is too long
-- '/' is also mounted on the current working directory
-
-Sequence of events:
-
-- In sysdeps/unix/sysv/linux/getcwd.c, the syscall returns ENAMETOOLONG
-  because the linux kernel checks for name length before it checks
-  buffer size
-
-- The code falls back to the generic getcwd in sysdeps/posix
-
-- In the generic func, the buf[0] is set to '\0' on line 250
-
-- this while loop on line 262 is bypassed:
-
-    while (!(thisdev == rootdev && thisino == rootino))
-
-  since the rootfs (/) is bind mounted onto the directory and the flow
-  goes on to line 449, where it puts a '/' in the byte before the
-  buffer.
-
-- Finally on line 458, it moves 2 bytes (the underflowed byte and the
-  '\0') to the buf[0] and buf[1], resulting in a 1 byte buffer overflow.
-
-- buf is returned on line 469 and errno is not set.
-
-This resolves BZ #28769.
-
-Reviewed-by: Andreas Schwab <schwab@linux-m68k.org>
-Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
-Signed-off-by: Qualys Security Advisory <qsa@qualys.com>
-Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
-(cherry picked from commit 23e0e8f5f1fb5ed150253d986ecccdc90c2dcd5e)
----
- NEWS                                          |   6 +
- sysdeps/posix/getcwd.c                        |   7 +
- sysdeps/unix/sysv/linux/Makefile              |   7 +-
- .../unix/sysv/linux/tst-getcwd-smallbuff.c    | 241 ++++++++++++++++++
- 4 files changed, 260 insertions(+), 1 deletion(-)
- create mode 100644 sysdeps/unix/sysv/linux/tst-getcwd-smallbuff.c
-
-diff --git a/NEWS b/NEWS
-index b4f81c2668..8d7467d2c1 100644
---- a/NEWS
-+++ b/NEWS
-@@ -20,6 +20,12 @@ Security related changes:
-   function could result in a memory leak and potential access of
-   uninitialized memory.  Reported by Qualys.
- 
-+  CVE-2021-3999: Passing a buffer of size exactly 1 byte to the getcwd
-+  function may result in an off-by-one buffer underflow and overflow
-+  when the current working directory is longer than PATH_MAX and also
-+  corresponds to the / directory through an unprivileged mount
-+  namespace.  Reported by Qualys.
-+
- The following bugs are resolved with this release:
- 
-   [12889] nptl: Fix race between pthread_kill and thread exit
-diff --git a/sysdeps/posix/getcwd.c b/sysdeps/posix/getcwd.c
-index 13680026ff..b6984a382c 100644
---- a/sysdeps/posix/getcwd.c
-+++ b/sysdeps/posix/getcwd.c
-@@ -187,6 +187,13 @@ __getcwd_generic (char *buf, size_t size)
-   size_t allocated = size;
-   size_t used;
- 
-+  /* A size of 1 byte is never useful.  */
-+  if (allocated == 1)
-+    {
-+      __set_errno (ERANGE);
-+      return NULL;
-+    }
-+
- #if HAVE_MINIMALLY_WORKING_GETCWD
-   /* If AT_FDCWD is not defined, the algorithm below is O(N**2) and
-      this is much slower than the system getcwd (at least on
-diff --git a/sysdeps/unix/sysv/linux/Makefile b/sysdeps/unix/sysv/linux/Makefile
-index 76ad06361c..9380d3848d 100644
---- a/sysdeps/unix/sysv/linux/Makefile
-+++ b/sysdeps/unix/sysv/linux/Makefile
-@@ -331,7 +331,12 @@ sysdep_routines += xstatconv internal_statvfs \
- 
- sysdep_headers += bits/fcntl-linux.h
- 
--tests += tst-fallocate tst-fallocate64 tst-o_path-locks
-+tests += \
-+  tst-fallocate \
-+  tst-fallocate64 \
-+  tst-getcwd-smallbuff \
-+  tst-o_path-locks \
-+# tests
- endif
- 
- ifeq ($(subdir),elf)
-diff --git a/sysdeps/unix/sysv/linux/tst-getcwd-smallbuff.c b/sysdeps/unix/sysv/linux/tst-getcwd-smallbuff.c
-new file mode 100644
-index 0000000000..d460d6e766
---- /dev/null
-+++ b/sysdeps/unix/sysv/linux/tst-getcwd-smallbuff.c
-@@ -0,0 +1,241 @@
-+/* Verify that getcwd returns ERANGE for size 1 byte and does not underflow
-+   buffer when the CWD is too long and is also a mount target of /.  See bug
-+   #28769 or CVE-2021-3999 for more context.
-+   Copyright The GNU Toolchain Authors.
-+   This file is part of the GNU C Library.
-+
-+   The GNU C Library is free software; you can redistribute it and/or
-+   modify it under the terms of the GNU Lesser General Public
-+   License as published by the Free Software Foundation; either
-+   version 2.1 of the License, or (at your option) any later version.
-+
-+   The GNU C Library is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   Lesser General Public License for more details.
-+
-+   You should have received a copy of the GNU Lesser General Public
-+   License along with the GNU C Library; if not, see
-+   <https://www.gnu.org/licenses/>.  */
-+
-+#include <errno.h>
-+#include <fcntl.h>
-+#include <intprops.h>
-+#include <limits.h>
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <string.h>
-+#include <sys/mount.h>
-+#include <sys/stat.h>
-+#include <sys/types.h>
-+#include <sys/wait.h>
-+
-+#include <sys/socket.h>
-+#include <sys/un.h>
-+#include <support/check.h>
-+#include <support/temp_file.h>
-+#include <support/xsched.h>
-+#include <support/xunistd.h>
-+
-+static char *base;
-+#define BASENAME "tst-getcwd-smallbuff"
-+#define MOUNT_NAME "mpoint"
-+static int sockfd[2];
-+
-+static void
-+do_cleanup (void)
-+{
-+  support_chdir_toolong_temp_directory (base);
-+  TEST_VERIFY_EXIT (rmdir (MOUNT_NAME) == 0);
-+  free (base);
-+}
-+
-+static void
-+send_fd (const int sock, const int fd)
-+{
-+  struct msghdr msg = {0};
-+  union
-+    {
-+      struct cmsghdr hdr;
-+      char buf[CMSG_SPACE (sizeof (int))];
-+    } cmsgbuf = {0};
-+  struct cmsghdr *cmsg;
-+  struct iovec vec;
-+  char ch = 'A';
-+  ssize_t n;
-+
-+  msg.msg_control = &cmsgbuf.buf;
-+  msg.msg_controllen = sizeof (cmsgbuf.buf);
-+
-+  cmsg = CMSG_FIRSTHDR (&msg);
-+  cmsg->cmsg_len = CMSG_LEN (sizeof (int));
-+  cmsg->cmsg_level = SOL_SOCKET;
-+  cmsg->cmsg_type = SCM_RIGHTS;
-+  memcpy (CMSG_DATA (cmsg), &fd, sizeof (fd));
-+
-+  vec.iov_base = &ch;
-+  vec.iov_len = 1;
-+  msg.msg_iov = &vec;
-+  msg.msg_iovlen = 1;
-+
-+  while ((n = sendmsg (sock, &msg, 0)) == -1 && errno == EINTR);
-+
-+  TEST_VERIFY_EXIT (n == 1);
-+}
-+
-+static int
-+recv_fd (const int sock)
-+{
-+  struct msghdr msg = {0};
-+  union
-+    {
-+      struct cmsghdr hdr;
-+      char buf[CMSG_SPACE(sizeof(int))];
-+    } cmsgbuf = {0};
-+  struct cmsghdr *cmsg;
-+  struct iovec vec;
-+  ssize_t n;
-+  char ch = '\0';
-+  int fd = -1;
-+
-+  vec.iov_base = &ch;
-+  vec.iov_len = 1;
-+  msg.msg_iov = &vec;
-+  msg.msg_iovlen = 1;
-+
-+  msg.msg_control = &cmsgbuf.buf;
-+  msg.msg_controllen = sizeof (cmsgbuf.buf);
-+
-+  while ((n = recvmsg (sock, &msg, 0)) == -1 && errno == EINTR);
-+  if (n != 1 || ch != 'A')
-+    return -1;
-+
-+  cmsg = CMSG_FIRSTHDR (&msg);
-+  if (cmsg == NULL)
-+    return -1;
-+  if (cmsg->cmsg_type != SCM_RIGHTS)
-+    return -1;
-+  memcpy (&fd, CMSG_DATA (cmsg), sizeof (fd));
-+  if (fd < 0)
-+    return -1;
-+  return fd;
-+}
-+
-+static int
-+child_func (void * const arg)
-+{
-+  xclose (sockfd[0]);
-+  const int sock = sockfd[1];
-+  char ch;
-+
-+  TEST_VERIFY_EXIT (read (sock, &ch, 1) == 1);
-+  TEST_VERIFY_EXIT (ch == '1');
-+
-+  if (mount ("/", MOUNT_NAME, NULL, MS_BIND | MS_REC, NULL))
-+    FAIL_EXIT1 ("mount failed: %m\n");
-+  const int fd = xopen ("mpoint",
-+			O_RDONLY | O_PATH | O_DIRECTORY | O_NOFOLLOW, 0);
-+
-+  send_fd (sock, fd);
-+  xclose (fd);
-+
-+  TEST_VERIFY_EXIT (read (sock, &ch, 1) == 1);
-+  TEST_VERIFY_EXIT (ch == 'a');
-+
-+  xclose (sock);
-+  return 0;
-+}
-+
-+static void
-+update_map (char * const mapping, const char * const map_file)
-+{
-+  const size_t map_len = strlen (mapping);
-+
-+  const int fd = xopen (map_file, O_WRONLY, 0);
-+  xwrite (fd, mapping, map_len);
-+  xclose (fd);
-+}
-+
-+static void
-+proc_setgroups_write (const long child_pid, const char * const str)
-+{
-+  const size_t str_len = strlen(str);
-+
-+  char setgroups_path[sizeof ("/proc//setgroups") + INT_STRLEN_BOUND (long)];
-+
-+  snprintf (setgroups_path, sizeof (setgroups_path),
-+	    "/proc/%ld/setgroups", child_pid);
-+
-+  const int fd = open (setgroups_path, O_WRONLY);
-+
-+  if (fd < 0)
-+    {
-+      TEST_VERIFY_EXIT (errno == ENOENT);
-+      FAIL_UNSUPPORTED ("/proc/%ld/setgroups not found\n", child_pid);
-+    }
-+
-+  xwrite (fd, str, str_len);
-+  xclose(fd);
-+}
-+
-+static char child_stack[1024 * 1024];
-+
-+int
-+do_test (void)
-+{
-+  base = support_create_and_chdir_toolong_temp_directory (BASENAME);
-+
-+  xmkdir (MOUNT_NAME, S_IRWXU);
-+  atexit (do_cleanup);
-+
-+  TEST_VERIFY_EXIT (socketpair (AF_UNIX, SOCK_STREAM, 0, sockfd) == 0);
-+  pid_t child_pid = xclone (child_func, NULL, child_stack,
-+			    sizeof (child_stack),
-+			    CLONE_NEWUSER | CLONE_NEWNS | SIGCHLD);
-+
-+  xclose (sockfd[1]);
-+  const int sock = sockfd[0];
-+
-+  char map_path[sizeof ("/proc//uid_map") + INT_STRLEN_BOUND (long)];
-+  char map_buf[sizeof ("0  1") + INT_STRLEN_BOUND (long)];
-+
-+  snprintf (map_path, sizeof (map_path), "/proc/%ld/uid_map",
-+	    (long) child_pid);
-+  snprintf (map_buf, sizeof (map_buf), "0 %ld 1", (long) getuid());
-+  update_map (map_buf, map_path);
-+
-+  proc_setgroups_write ((long) child_pid, "deny");
-+  snprintf (map_path, sizeof (map_path), "/proc/%ld/gid_map",
-+	    (long) child_pid);
-+  snprintf (map_buf, sizeof (map_buf), "0 %ld 1", (long) getgid());
-+  update_map (map_buf, map_path);
-+
-+  TEST_VERIFY_EXIT (send (sock, "1", 1, MSG_NOSIGNAL) == 1);
-+  const int fd = recv_fd (sock);
-+  TEST_VERIFY_EXIT (fd >= 0);
-+  TEST_VERIFY_EXIT (fchdir (fd) == 0);
-+
-+  static char buf[2 * 10 + 1];
-+  memset (buf, 'A', sizeof (buf));
-+
-+  /* Finally, call getcwd and check if it resulted in a buffer underflow.  */
-+  char * cwd = getcwd (buf + sizeof (buf) / 2, 1);
-+  TEST_VERIFY (cwd == NULL);
-+  TEST_VERIFY (errno == ERANGE);
-+
-+  for (int i = 0; i < sizeof (buf); i++)
-+    if (buf[i] != 'A')
-+      {
-+	printf ("buf[%d] = %02x\n", i, (unsigned int) buf[i]);
-+	support_record_failure ();
-+      }
-+
-+  TEST_VERIFY_EXIT (send (sock, "a", 1, MSG_NOSIGNAL) == 1);
-+  xclose (sock);
-+  TEST_VERIFY_EXIT (xwaitpid (child_pid, NULL, 0) == child_pid);
-+
-+  return 0;
-+}
-+
-+#define CLEANUP_HANDLER do_cleanup
-+#include <support/test-driver.c>
--- 
-2.27.0
-
-