Mon Oct 9 18:10:01 UTC 202320231009181001

a/aaa_glibc-solibs-2.38-x86_64-2.txz:  Rebuilt.
ap/qpdf-11.6.2-x86_64-1.txz:  Upgraded.
ap/vim-9.0.2009-x86_64-1.txz:  Upgraded.
l/desktop-file-utils-0.27-x86_64-1.txz:  Upgraded.
l/glibc-2.38-x86_64-2.txz:  Rebuilt.
  These glibc packages are the exact ones that were previously in /testing.
  A test mass rebuild was done here finding no new FTBFS, so I think these
  are good to go. :)
l/glibc-i18n-2.38-x86_64-2.txz:  Rebuilt.
l/glibc-profile-2.38-x86_64-2.txz:  Rebuilt.
l/imagemagick-7.1.1_20-x86_64-1.txz:  Upgraded.
l/libxkbcommon-1.6.0-x86_64-1.txz:  Upgraded.
l/shared-mime-info-2.3-x86_64-1.txz:  Upgraded.
n/c-ares-1.20.0-x86_64-1.txz:  Upgraded.
n/libtirpc-1.3.4-x86_64-1.txz:  Upgraded.
n/proftpd-1.3.8a-x86_64-1.txz:  Upgraded.
n/whois-5.5.19-x86_64-1.txz:  Upgraded.
  Fixed english support for Japanese queries to not add again the /e argument
  if it had already been provided by the user. (Closes: #1050171)
  Added the .ye and .*************** (.xn--54b7fta0cc, Bangladesh) TLD servers.
  Updated the .ba, .bb, .dk, .es, .gt, .jo, .ml, .mo, .pa, .pn, .sv, .uy,
  .a+-la-r+-d+.n+, (.xn--mgbayh7gpa, Jordan) and .****** (.xn--mix891f, Macao)
  TLD servers.
  Upgraded the TLD URLs to HTTPS whenever possible.
  Updated the charset for whois.jprs.jp.
  Removed 3 new gTLDs which are no longer active.
  Removed support for the obsolete as32 dot notation.
x/xterm-386-x86_64-1.txz:  Upgraded.
xap/vim-gvim-9.0.2009-x86_64-1.txz:  Upgraded.

15 files changed, 1088 insertions, 278 deletions

diff --git a/source/l/desktop-file-utils/desktop-file-utils.SlackBuild b/source/l/desktop-file-utils/desktop-file-utils.SlackBuild
index db23c76e8..f1e3775b2 100755
--- a/source/l/desktop-file-utils/desktop-file-utils.SlackBuild
+++ b/source/l/desktop-file-utils/desktop-file-utils.SlackBuild
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright 2006, 2008, 2009, 2010, 2018, 2020  Patrick J. Volkerding, Sebeka, MN, USA
+# Copyright 2006, 2008, 2009, 2010, 2018, 2020, 2023  Patrick J. Volkerding, Sebeka, MN, USA
 # All rights reserved.
 #
 # Redistribution and use of this script, with or without modification, is
@@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd)
 
 PKGNAM=desktop-file-utils
 VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-3}
+BUILD=${BUILD:-1}
 
 NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
 
@@ -76,22 +76,27 @@ find . \
  \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
  -exec chmod 644 {} \+
 
-if [ ! -r configure ]; then
-  NOCONFIGURE=1 ./autogen.sh
-fi
-
-# Configure:
-CFLAGS="$SLKCFLAGS" \
-./configure \
+# Configure, build, and install:
+export CFLAGS="$SLKCFLAGS"
+export CXXFLAGS="$SLKCFLAGS"
+mkdir meson-build
+cd meson-build
+meson setup \
   --prefix=/usr \
+  --libdir=lib${LIBDIRSUFFIX} \
+  --libexecdir=/usr/libexec \
+  --bindir=/usr/bin \
+  --sbindir=/usr/sbin \
+  --includedir=/usr/include \
+  --datadir=/usr/share \
   --mandir=/usr/man \
-  --docdir=/usr/doc/$PKGNAM-$VERSION \
-  --build=$ARCH-slackware-linux \
-  --host=$ARCH-slackware-linux
-
-# Build and install:
-make $NUMJOBS || make || exit 1
-make install DESTDIR=$PKG || exit 1
+  --sysconfdir=/etc \
+  --localstatedir=/var \
+  --buildtype=release \
+  .. || exit 1
+  "${NINJA:=ninja}" $NUMJOBS || exit 1
+  DESTDIR=$PKG $NINJA install || exit 1
+cd ..
 
 mkdir -p $PKG/var/log/setup
 cat << EOF > $PKG/var/log/setup/setup.07.update-desktop-database
diff --git a/source/l/glibc/doinst.sh-aaa_glibc-solibs b/source/l/glibc/doinst.sh-aaa_glibc-solibs
index d5fea2e5f..fe8fc1f37 100644
--- a/source/l/glibc/doinst.sh-aaa_glibc-solibs
+++ b/source/l/glibc/doinst.sh-aaa_glibc-solibs
@@ -72,6 +72,8 @@ if [ -x /sbin/ldconfig -a -d lib/incoming ]; then # swap on the fly
             rm -f $LIBRARY
           done
         done
+        # Remove stale versions of libcrypt from Slackware 14.2 or newer:
+        rm -f libcrypt-{2.23,2.24,2.25,2.26,2.27,2.28,2.29,2.30,2.31,2.32,2.33,2.34,2.35,2.36,2.37}.so
       )
     fi
     # Finally, rename them and clean up:
@@ -136,7 +138,9 @@ if [ ! -x /sbin/ldconfig ]; then
 ( cd lib ; rm -rf libanl.so.1 )
 ( cd lib ; ln -sf libanl-@@VERSION@@.so libanl.so.1 )
 ( cd lib ; rm -rf libcrypt.so.1 )
-( cd lib ; ln -sf libcrypt-@@VERSION@@.so libcrypt.so.1 )
+( cd lib ; ln -sf libcrypt1-@@VERSION@@.so libcrypt.so.1 )
+( cd lib ; rm -rf libcrypt.so.2 )
+( cd lib ; ln -sf libcrypt2-@@VERSION@@.so libcrypt.so.2 )
 ( cd lib ; rm -rf libBrokenLocale.so.1 )
 ( cd lib ; ln -sf libBrokenLocale-@@VERSION@@.so libBrokenLocale.so.1 )
 ( cd lib ; rm -rf ld-linux.so.2 )
@@ -152,4 +156,3 @@ if [ ! -x /sbin/ldconfig ]; then
 ( cd lib ; rm -rf librt.so.1 )
 ( cd lib ; ln -sf librt-@@VERSION@@.so librt.so.1 )
 fi
-
diff --git a/source/l/glibc/doinst.sh-glibc b/source/l/glibc/doinst.sh-glibc
index 2ed07ad03..5fa7d2f86 100644
--- a/source/l/glibc/doinst.sh-glibc
+++ b/source/l/glibc/doinst.sh-glibc
@@ -72,6 +72,8 @@ if [ -x /sbin/ldconfig -a -d lib/incoming ]; then # swap on the fly
             rm -f $LIBRARY
           done
         done
+        # Remove stale versions of libcrypt from Slackware 14.2 or newer:
+        rm -f libcrypt-{2.23,2.24,2.25,2.26,2.27,2.28,2.29,2.30,2.31,2.32,2.33,2.34,2.35,2.36,2.37}.so
       )
     fi
     # Finally, rename them and clean up:
@@ -138,7 +140,9 @@ if [ ! -x /sbin/ldconfig ]; then
 ( cd lib ; rm -rf libanl.so.1 )
 ( cd lib ; ln -sf libanl-@@VERSION@@.so libanl.so.1 )
 ( cd lib ; rm -rf libcrypt.so.1 )
-( cd lib ; ln -sf libcrypt-@@VERSION@@.so libcrypt.so.1 )
+( cd lib ; ln -sf libcrypt1-@@VERSION@@.so libcrypt.so.1 )
+( cd lib ; rm -rf libcrypt.so.2 )
+( cd lib ; ln -sf libcrypt2-@@VERSION@@.so libcrypt.so.2 )
 ( cd lib ; rm -rf libBrokenLocale.so.1 )
 ( cd lib ; ln -sf libBrokenLocale-@@VERSION@@.so libBrokenLocale.so.1 )
 ( cd lib ; rm -rf ld-linux.so.2 )
diff --git a/source/l/glibc/glibc.SlackBuild b/source/l/glibc/glibc.SlackBuild
index bac317163..044662fe5 100755
--- a/source/l/glibc/glibc.SlackBuild
+++ b/source/l/glibc/glibc.SlackBuild
@@ -25,7 +25,7 @@ cd $(dirname $0) ; CWD=$(pwd)
 PKGNAM=glibc
 VERSION=${VERSION:-$(echo glibc-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
 CHECKOUT=${CHECKOUT:-""}
-BUILD=${BUILD:-3}
+BUILD=${BUILD:-2}
 
 # I was considering disabling NSCD, but MoZes talked me out of it.  :)
 #DISABLE_NSCD=" --disable-nscd "
@@ -230,7 +230,7 @@ CFLAGS="-g $OPTIMIZ" \
 ../configure \
   --prefix=/usr \
   --libdir=/usr/lib${LIBDIRSUFFIX} \
-  --enable-kernel=2.6.32 \
+  --enable-kernel=4.4 \
   --with-headers=/usr/include \
   --enable-add-ons \
   --enable-profile \
@@ -251,6 +251,11 @@ make $NUMJOBS install install_root=$PKG || exit 1
 # completes much faster. :)
 make $NUMJOBS localedata/install-locales install_root=$PKG DESTDIR=$PKG || exit 1
 
+# Build and install libxcrypt:
+pushd $CWD
+ARCH=$SLACKWARE_ARCH LIBDIRSUFFIX=$LIBDIRSUFFIX SLKCFLAGS=$OPTIMIZ ./libxcrypt.build
+popd
+
 # We've always had an sln symlink in /bin, so let's make sure it
 # remains there so as not to break any scripts that might need it:
 mkdir -p $PKG/bin
@@ -306,8 +311,7 @@ cat nscd/nscd.conf > $PKG/etc/nscd.conf.new
 # Install docs:
 ( mkdir -p $PKG/usr/doc/glibc-$VERSION
   cp -a \
-    BUGS CONFORMANCE COPYING* FAQ INSTALL LICENSES NAMESPACE \
-    NEWS NOTES PROJECTS README* \
+    CONTRIBUTED-BY* COPYING* INSTALL* LICENSES* MAINTAINERS* NEWS* README* SECURITY* SHARED-FILES* \
     $PKG/usr/doc/glibc-$VERSION
 )
 
@@ -338,9 +342,20 @@ fi
   find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs strip -g 2> /dev/null
 )
 
-# Fix info dir:
-rm $PKG/usr/info/dir
-gzip -9 $PKG/usr/info/*
+# Compress manual pages:
+find $PKG/usr/man -type f -exec gzip -9 {} \+
+for i in $( find $PKG/usr/man -type l ) ; do
+  ln -s $( readlink $i ).gz $i.gz
+  rm $i
+done
+
+# Compress info files, if any:
+if [ -d $PKG/usr/info ]; then
+  ( cd $PKG/usr/info
+    rm -f dir
+    gzip -9 *
+  )
+fi
 
 # This is junk
 rm $PKG/etc/ld.so.cache
@@ -411,6 +426,11 @@ cp -a $PKG/lib${LIBDIRSUFFIX}/* lib${LIBDIRSUFFIX}
   # have to handle these files differently and so that it's easy to see what
   # version of glibc is in use at a glance.
   cd incoming
+  # First do the new libxcrypt links (a little bit differently):
+  for cryptlib in libcrypt.so.* ; do
+    CRYPTSO=$(echo $cryptlib | cut -f 3 -d .)
+    mv $cryptlib libcrypt${CRYPTSO}-${VERSION}.so
+  done
   for library in *.so.* ; do
     mv $library $(echo $library | cut -f 1 -d .)-${VERSION}.so
   done
@@ -465,17 +485,13 @@ find lib${LIBDIRSUFFIX} -type l -exec rm {} \+
 mkdir install
 cp -a $CWD/slack-desc.glibc install/slack-desc
 cp -a $CWD/doinst.sh-glibc install/doinst.sh
-# Fix specific versioning for the symlink creation script. This part of the
-# script would only be used in the case where there is no ldconfig on the
-# running system that's used to install the package. That should never be the
-# case, but we'll leave the code in place anyway just in case.
-sed -i "s/@@VERSION@@/$VERSION/g" install/doinst.sh
 # Call the function to fix doinst.sh where $LIBDIRSUFFIX is needed:
 fix_doinst
 ( cd lib${LIBDIRSUFFIX}
   mkdir incoming
   mv *so* incoming
   mv incoming/libmemusage.so .
+  #mv incoming/libcrypt* .
   # Beginning with glibc-2.34, shared objects are using their ABI sonames
   # directly, which is frankly, a terrible idea. It might help other package
   # managers, but doesn't do us any favors where we already had a system for
@@ -484,6 +500,11 @@ fix_doinst
   # have to handle these files differently and so that it's easy to see what
   # version of glibc is in use at a glance.
   cd incoming
+  # First do the new libxcrypt links (a little bit differently):
+  for cryptlib in libcrypt.so.* ; do
+    CRYPTSO=$(echo $cryptlib | cut -f 3 -d .)
+    mv $cryptlib libcrypt${CRYPTSO}-${VERSION}.so
+  done
   for library in *.so.* ; do
     mv $library $(echo $library | cut -f 1 -d .)-${VERSION}.so
   done
diff --git a/source/l/glibc/libxcrypt.build b/source/l/glibc/libxcrypt.build
new file mode 100755
index 000000000..17bc62ec5
--- /dev/null
+++ b/source/l/glibc/libxcrypt.build
@@ -0,0 +1,119 @@
+#!/bin/bash
+
+# Copyright 2023  Patrick J. Volkerding, Sebeka, Minnesota, USA
+# All rights reserved.
+#
+# Redistribution and use of this script, with or without modification, is
+# permitted provided that the following conditions are met:
+#
+# 1. Redistributions of this script must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+#
+#  THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+#  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+#  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO
+#  EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+#  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+#  PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+#  OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+#  WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+#  OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+#  ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+cd $(dirname $0) ; CWD=$(pwd)
+
+PKGNAM=libxcrypt
+VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
+
+TMP=${TMP:-/tmp}
+PKG=$TMP/package-glibc-incoming-tree
+
+cd $TMP
+rm -rf $PKGNAM-$VERSION
+tar xvf $CWD/$PKGNAM-$VERSION.tar.?z || exit 1
+cd $PKGNAM-$VERSION || exit 1
+
+chown -R root:root .
+find . \
+  \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
+  -exec chmod 755 {} \+ -o \
+  \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
+  -exec chmod 644 {} \+
+
+# Configure, build, and install:
+if [ ! -r configure ]; then
+  if [ -x ./autogen.sh ]; then
+    NOCONFIGURE=1 ./autogen.sh
+  else
+    autoreconf -vif
+  fi
+fi
+
+# First, build and install the compat library:
+mkdir build-libxcrypt-compat
+cd build-libxcrypt-compat
+CFLAGS="$SLKCFLAGS" \
+CXXFLAGS="$SLKCFLAGS" \
+../configure \
+  --prefix=/usr \
+  --libdir=/usr/lib${LIBDIRSUFFIX} \
+  --mandir=/usr/man \
+  --enable-hashes=strong,glibc \
+  --enable-obsolete-api=glibc \
+  --disable-failure-tokens \
+  --build=$ARCH-slackware-linux || exit 1
+make $NUMJOBS || make || exit 1
+make install DESTDIR=$PKG || exit 1
+cd ..
+
+# Next, build the next-gen crypt library. We'll see what can link to it. :)
+mkdir build-libxcrypt
+cd build-libxcrypt
+CFLAGS="$SLKCFLAGS" \
+CXXFLAGS="$SLKCFLAGS" \
+../configure \
+  --prefix=/usr \
+  --libdir=/usr/lib${LIBDIRSUFFIX} \
+  --mandir=/usr/man \
+  --enable-hashes=strong,glibc \
+  --enable-obsolete-api=no \
+  --disable-failure-tokens \
+  --build=$ARCH-slackware-linux || exit 1
+make $NUMJOBS || make || exit 1
+make install DESTDIR=$PKG || exit 1
+cd ..
+
+# Don't ship .la files:
+rm -f $PKG/{,usr/}lib${LIBDIRSUFFIX}/libcrypt*.la
+
+# Strip binaries:
+find $PKG | xargs file | grep -e "executable" -e "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
+
+# Move libraries out of /usr:
+mkdir -p $PKG/lib${LIBDIRSUFFIX}
+( cd $PKG/usr/lib${LIBDIRSUFFIX}
+  ## Actually, glibc always had libcrypt.a, so...
+  ## No static crypt() libraries:
+  #rm libcrypt*.a
+  # No .so symlinks (yet):
+  rm libcrypt*.so
+  # Move libraries and remaining symlinks:
+  mv libcrypt*so* ../../lib${LIBDIRSUFFIX}
+  # Add .so symlinks for libcrypt and libxcrypt:
+  ln -sf ../../lib${LIBDIRSUFFIX}/libcrypt.so.2 libcrypt.so
+  ln -sf ../../lib${LIBDIRSUFFIX}/libcrypt.so.2 libxcrypt.so
+)
+
+# Add a documentation directory:
+mkdir -p $PKG/usr/doc/${PKGNAM}-$VERSION
+cp -a \
+  AUTHORS* ChangeLog COPYING* LICENSING* NEWS* README* THANKS* TODO* \
+  $PKG/usr/doc/${PKGNAM}-$VERSION
+
+# If there's a ChangeLog, installing at least part of the recent history
+# is useful, but don't let it get totally out of control:
+if [ -r ChangeLog ]; then
+  DOCSDIR=$(echo $PKG/usr/doc/${PKGNAM}-$VERSION)
+  cat ChangeLog | head -n 1000 > $DOCSDIR/ChangeLog
+  touch -r ChangeLog $DOCSDIR/ChangeLog
+fi
diff --git a/source/l/glibc/libxcrypt.url b/source/l/glibc/libxcrypt.url
new file mode 100644
index 000000000..4e0d180af
--- /dev/null
+++ b/source/l/glibc/libxcrypt.url
@@ -0,0 +1 @@
+https://github.com/besser82/libxcrypt
diff --git a/source/l/glibc/patches/CVE-2023-25139.patch b/source/l/glibc/patches/CVE-2023-25139.patch
deleted file mode 100644
index 3361e68fa..000000000
--- a/source/l/glibc/patches/CVE-2023-25139.patch
+++ /dev/null
@@ -1,81 +0,0 @@
-This is a partial fix for mishandling of grouping when formatting
-integers.  It properly computes the width in presence of grouping
-characteres when the precision is larger than the number of significant
-digits.
----
- stdio-common/Makefile               |  1 +
- stdio-common/tst-grouping3.c        | 37 +++++++++++++++++++++++++++++
- stdio-common/vfprintf-process-arg.c |  2 +-
- 3 files changed, 39 insertions(+), 1 deletion(-)
- create mode 100644 stdio-common/tst-grouping3.c
-
-diff --git a/stdio-common/Makefile b/stdio-common/Makefile
-index 6e9d104524..b46d932a20 100644
---- a/stdio-common/Makefile
-+++ b/stdio-common/Makefile
-@@ -195,6 +195,7 @@ tests := \
-   tst-gets \
-   tst-grouping \
-   tst-grouping2 \
-+  tst-grouping3 \
-   tst-long-dbl-fphex \
-   tst-memstream-string \
-   tst-obprintf \
-diff --git a/stdio-common/tst-grouping3.c b/stdio-common/tst-grouping3.c
-new file mode 100644
-index 0000000000..0031ad4010
---- /dev/null
-+++ b/stdio-common/tst-grouping3.c
-@@ -0,0 +1,37 @@
-+/* Test printf with grouping and padding (bug 23432)
-+   Copyright (C) 2023 Free Software Foundation, Inc.
-+   This file is part of the GNU C Library.
-+
-+   The GNU C Library is free software; you can redistribute it and/or
-+   modify it under the terms of the GNU Lesser General Public
-+   License as published by the Free Software Foundation; either
-+   version 2.1 of the License, or (at your option) any later version.
-+
-+   The GNU C Library is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   Lesser General Public License for more details.
-+
-+   You should have received a copy of the GNU Lesser General Public
-+   License along with the GNU C Library; if not, see
-+   <https://www.gnu.org/licenses/>.  */
-+
-+#include <locale.h>
-+#include <stdio.h>
-+#include <support/check.h>
-+#include <support/support.h>
-+
-+static int
-+do_test (void)
-+{
-+  char buf[80];
-+
-+  xsetlocale (LC_NUMERIC, "de_DE.UTF-8");
-+
-+  sprintf (buf, "%+-'13.9d", 1234567);
-+  TEST_COMPARE_STRING (buf, "+001.234.567 ");
-+
-+  return 0;
-+}
-+
-+#include <support/test-driver.c>
-diff --git a/stdio-common/vfprintf-process-arg.c b/stdio-common/vfprintf-process-arg.c
-index 2c651946df..cd3eaf5c0c 100644
---- a/stdio-common/vfprintf-process-arg.c
-+++ b/stdio-common/vfprintf-process-arg.c
-@@ -257,7 +257,7 @@ LABEL (unsigned_number):      /* Unsigned number of base BASE.  */
-           width -= 2;
-         }
-
--      width -= workend - string + prec;
-+      width -= number_length + prec;
-
-       Xprintf_buffer_pad (buf, L_('0'), prec);
-
---
-2.39.1
diff --git a/source/l/glibc/patches/glibc-2.37.CVE-2023-4911.patch b/source/l/glibc/patches/glibc-2.37.CVE-2023-4911.patch
deleted file mode 100644
index 074317990..000000000
--- a/source/l/glibc/patches/glibc-2.37.CVE-2023-4911.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-From 1056e5b4c3f2d90ed2b4a55f96add28da2f4c8fa Mon Sep 17 00:00:00 2001
-From: Siddhesh Poyarekar <siddhesh@sourceware.org>
-Date: Tue, 19 Sep 2023 18:39:32 -0400
-Subject: [PATCH] tunables: Terminate if end of input is reached
- (CVE-2023-4911)
-
-The string parsing routine may end up writing beyond bounds of tunestr
-if the input tunable string is malformed, of the form name=name=val.
-This gets processed twice, first as name=name=val and next as name=val,
-resulting in tunestr being name=name=val:name=val, thus overflowing
-tunestr.
-
-Terminate the parsing loop at the first instance itself so that tunestr
-does not overflow.
-
-Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
-Reviewed-by: Carlos O'Donell <carlos@redhat.com>
----
- NEWS                          |  5 +++++
- elf/dl-tunables.c             | 17 +++++++++-------
-
-
---- ./NEWS.orig	2023-01-31 21:27:45.000000000 -0600
-+++ ./NEWS	2023-10-03 15:47:54.560781260 -0500
-@@ -28,6 +28,11 @@
-   heap and prints it to the target log file, potentially revealing a
-   portion of the contents of the heap.
- 
-+  CVE-2023-4911: If a tunable of the form NAME=NAME=VAL is passed in the
-+  environment of a setuid program and NAME is valid, it may result in a
-+  buffer overflow, which could be exploited to achieve escalated
-+  privileges.  This flaw was introduced in glibc 2.34.
-+
- The following bugs are resolved with this release:
- 
-   [12154] network: Cannot resolve hosts which have wildcard aliases
---- ./elf/dl-tunables.c.orig	2023-01-31 21:27:45.000000000 -0600
-+++ ./elf/dl-tunables.c	2023-10-03 15:47:54.560781260 -0500
-@@ -187,11 +187,7 @@
-       /* If we reach the end of the string before getting a valid name-value
- 	 pair, bail out.  */
-       if (p[len] == '\0')
--	{
--	  if (__libc_enable_secure)
--	    tunestr[off] = '\0';
--	  return;
--	}
-+	break;
- 
-       /* We did not find a valid name-value pair before encountering the
- 	 colon.  */
-@@ -251,9 +247,16 @@
- 	    }
- 	}
- 
--      if (p[len] != '\0')
--	p += len + 1;
-+      /* We reached the end while processing the tunable string.  */
-+      if (p[len] == '\0')
-+	break;
-+
-+      p += len + 1;
-     }
-+
-+  /* Terminate tunestr before we leave.  */
-+  if (__libc_enable_secure)
-+    tunestr[off] = '\0';
- }
- #endif
- 
diff --git a/source/l/glibc/patches/glibc-2.38-upstream_fixes-1.patch b/source/l/glibc/patches/glibc-2.38-upstream_fixes-1.patch
new file mode 100644
index 000000000..e111d8aba
--- /dev/null
+++ b/source/l/glibc/patches/glibc-2.38-upstream_fixes-1.patch
@@ -0,0 +1,695 @@
+Submitted By:            Xi Ruoyao <xry111 at xry111.site>
+Date:                    2023-09-13
+Initial Package Version: 2.38
+Upstream Status:         Under review
+Origin:                  Upstream & Self
+  - 1/5: https://sourceware.org/git/?p=glibc.git;a=patch;h=542b11058525
+  - 2/5: https://sourceware.org/pipermail/libc-alpha/2023-August/150857.html
+  - 3/5: Trivial unused code removal
+  - 4/5: https://sourceware.org/pipermail/libc-alpha/2023-September/151522.html
+  - 5/5: https://sourceware.org/pipermail/libc-alpha/2023-September/151548.html
+Description:             Fixes a regression causing posix_memalign()
+                         very slow in certain conditions to avoid
+                         breaking ffmpeg-based applications;
+                         fixes two security vulnerabilities,
+                         CVE-2023-4527 and CVE-2023-4806.
+
+From fc01478d06658ace8d57e5328c1e717275acfe84 Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Fri, 11 Aug 2023 11:18:17 +0200
+Subject: [PATCH 1/3] malloc: Enable merging of remainders in memalign (bug
+ 30723)
+
+Previously, calling _int_free from _int_memalign could put remainders
+into the tcache or into fastbins, where they are invisible to the
+low-level allocator.  This results in missed merge opportunities
+because once these freed chunks become available to the low-level
+allocator, further memalign allocations (even of the same size are)
+likely obstructing merges.
+
+Furthermore, during forwards merging in _int_memalign, do not
+completely give up when the remainder is too small to serve as a
+chunk on its own.  We can still give it back if it can be merged
+with the following unused chunk.  This makes it more likely that
+memalign calls in a loop achieve a compact memory layout,
+independently of initial heap layout.
+
+Drop some useless (unsigned long) casts along the way, and tweak
+the style to more closely match GNU on changed lines.
+
+Reviewed-by: DJ Delorie <dj@redhat.com>
+(cherry picked from commit 542b1105852568c3ebc712225ae78b8c8ba31a78)
+---
+ malloc/malloc.c | 197 +++++++++++++++++++++++++++++-------------------
+ 1 file changed, 121 insertions(+), 76 deletions(-)
+
+diff --git a/malloc/malloc.c b/malloc/malloc.c
+index e2f1a615a4..948f9759af 100644
+--- a/malloc/malloc.c
++++ b/malloc/malloc.c
+@@ -1086,6 +1086,11 @@ typedef struct malloc_chunk* mchunkptr;
+ 
+ static void*  _int_malloc(mstate, size_t);
+ static void     _int_free(mstate, mchunkptr, int);
++static void _int_free_merge_chunk (mstate, mchunkptr, INTERNAL_SIZE_T);
++static INTERNAL_SIZE_T _int_free_create_chunk (mstate,
++					       mchunkptr, INTERNAL_SIZE_T,
++					       mchunkptr, INTERNAL_SIZE_T);
++static void _int_free_maybe_consolidate (mstate, INTERNAL_SIZE_T);
+ static void*  _int_realloc(mstate, mchunkptr, INTERNAL_SIZE_T,
+ 			   INTERNAL_SIZE_T);
+ static void*  _int_memalign(mstate, size_t, size_t);
+@@ -4637,31 +4642,52 @@ _int_free (mstate av, mchunkptr p, int have_lock)
+     if (!have_lock)
+       __libc_lock_lock (av->mutex);
+ 
+-    nextchunk = chunk_at_offset(p, size);
+-
+-    /* Lightweight tests: check whether the block is already the
+-       top block.  */
+-    if (__glibc_unlikely (p == av->top))
+-      malloc_printerr ("double free or corruption (top)");
+-    /* Or whether the next chunk is beyond the boundaries of the arena.  */
+-    if (__builtin_expect (contiguous (av)
+-			  && (char *) nextchunk
+-			  >= ((char *) av->top + chunksize(av->top)), 0))
+-	malloc_printerr ("double free or corruption (out)");
+-    /* Or whether the block is actually not marked used.  */
+-    if (__glibc_unlikely (!prev_inuse(nextchunk)))
+-      malloc_printerr ("double free or corruption (!prev)");
+-
+-    nextsize = chunksize(nextchunk);
+-    if (__builtin_expect (chunksize_nomask (nextchunk) <= CHUNK_HDR_SZ, 0)
+-	|| __builtin_expect (nextsize >= av->system_mem, 0))
+-      malloc_printerr ("free(): invalid next size (normal)");
++    _int_free_merge_chunk (av, p, size);
+ 
+-    free_perturb (chunk2mem(p), size - CHUNK_HDR_SZ);
++    if (!have_lock)
++      __libc_lock_unlock (av->mutex);
++  }
++  /*
++    If the chunk was allocated via mmap, release via munmap().
++  */
++
++  else {
++    munmap_chunk (p);
++  }
++}
++
++/* Try to merge chunk P of SIZE bytes with its neighbors.  Put the
++   resulting chunk on the appropriate bin list.  P must not be on a
++   bin list yet, and it can be in use.  */
++static void
++_int_free_merge_chunk (mstate av, mchunkptr p, INTERNAL_SIZE_T size)
++{
++  mchunkptr nextchunk = chunk_at_offset(p, size);
++
++  /* Lightweight tests: check whether the block is already the
++     top block.  */
++  if (__glibc_unlikely (p == av->top))
++    malloc_printerr ("double free or corruption (top)");
++  /* Or whether the next chunk is beyond the boundaries of the arena.  */
++  if (__builtin_expect (contiguous (av)
++			&& (char *) nextchunk
++			>= ((char *) av->top + chunksize(av->top)), 0))
++    malloc_printerr ("double free or corruption (out)");
++  /* Or whether the block is actually not marked used.  */
++  if (__glibc_unlikely (!prev_inuse(nextchunk)))
++    malloc_printerr ("double free or corruption (!prev)");
++
++  INTERNAL_SIZE_T nextsize = chunksize(nextchunk);
++  if (__builtin_expect (chunksize_nomask (nextchunk) <= CHUNK_HDR_SZ, 0)
++      || __builtin_expect (nextsize >= av->system_mem, 0))
++    malloc_printerr ("free(): invalid next size (normal)");
++
++  free_perturb (chunk2mem(p), size - CHUNK_HDR_SZ);
+ 
+-    /* consolidate backward */
+-    if (!prev_inuse(p)) {
+-      prevsize = prev_size (p);
++  /* Consolidate backward.  */
++  if (!prev_inuse(p))
++    {
++      INTERNAL_SIZE_T prevsize = prev_size (p);
+       size += prevsize;
+       p = chunk_at_offset(p, -((long) prevsize));
+       if (__glibc_unlikely (chunksize(p) != prevsize))
+@@ -4669,9 +4695,25 @@ _int_free (mstate av, mchunkptr p, int have_lock)
+       unlink_chunk (av, p);
+     }
+ 
+-    if (nextchunk != av->top) {
++  /* Write the chunk header, maybe after merging with the following chunk.  */
++  size = _int_free_create_chunk (av, p, size, nextchunk, nextsize);
++  _int_free_maybe_consolidate (av, size);
++}
++
++/* Create a chunk at P of SIZE bytes, with SIZE potentially increased
++   to cover the immediately following chunk NEXTCHUNK of NEXTSIZE
++   bytes (if NEXTCHUNK is unused).  The chunk at P is not actually
++   read and does not have to be initialized.  After creation, it is
++   placed on the appropriate bin list.  The function returns the size
++   of the new chunk.  */
++static INTERNAL_SIZE_T
++_int_free_create_chunk (mstate av, mchunkptr p, INTERNAL_SIZE_T size,
++			mchunkptr nextchunk, INTERNAL_SIZE_T nextsize)
++{
++  if (nextchunk != av->top)
++    {
+       /* get and clear inuse bit */
+-      nextinuse = inuse_bit_at_offset(nextchunk, nextsize);
++      bool nextinuse = inuse_bit_at_offset (nextchunk, nextsize);
+ 
+       /* consolidate forward */
+       if (!nextinuse) {
+@@ -4686,8 +4728,8 @@ _int_free (mstate av, mchunkptr p, int have_lock)
+ 	been given one chance to be used in malloc.
+       */
+ 
+-      bck = unsorted_chunks(av);
+-      fwd = bck->fd;
++      mchunkptr bck = unsorted_chunks (av);
++      mchunkptr fwd = bck->fd;
+       if (__glibc_unlikely (fwd->bk != bck))
+ 	malloc_printerr ("free(): corrupted unsorted chunks");
+       p->fd = fwd;
+@@ -4706,61 +4748,52 @@ _int_free (mstate av, mchunkptr p, int have_lock)
+       check_free_chunk(av, p);
+     }
+ 
+-    /*
+-      If the chunk borders the current high end of memory,
+-      consolidate into top
+-    */
+-
+-    else {
++  else
++    {
++      /* If the chunk borders the current high end of memory,
++	 consolidate into top.  */
+       size += nextsize;
+       set_head(p, size | PREV_INUSE);
+       av->top = p;
+       check_chunk(av, p);
+     }
+ 
+-    /*
+-      If freeing a large space, consolidate possibly-surrounding
+-      chunks. Then, if the total unused topmost memory exceeds trim
+-      threshold, ask malloc_trim to reduce top.
+-
+-      Unless max_fast is 0, we don't know if there are fastbins
+-      bordering top, so we cannot tell for sure whether threshold
+-      has been reached unless fastbins are consolidated.  But we
+-      don't want to consolidate on each free.  As a compromise,
+-      consolidation is performed if FASTBIN_CONSOLIDATION_THRESHOLD
+-      is reached.
+-    */
++  return size;
++}
+ 
+-    if ((unsigned long)(size) >= FASTBIN_CONSOLIDATION_THRESHOLD) {
++/* If freeing a large space, consolidate possibly-surrounding
++   chunks.  Then, if the total unused topmost memory exceeds trim
++   threshold, ask malloc_trim to reduce top.  */
++static void
++_int_free_maybe_consolidate (mstate av, INTERNAL_SIZE_T size)
++{
++  /* Unless max_fast is 0, we don't know if there are fastbins
++     bordering top, so we cannot tell for sure whether threshold has
++     been reached unless fastbins are consolidated.  But we don't want
++     to consolidate on each free.  As a compromise, consolidation is
++     performed if FASTBIN_CONSOLIDATION_THRESHOLD is reached.  */
++  if (size >= FASTBIN_CONSOLIDATION_THRESHOLD)
++    {
+       if (atomic_load_relaxed (&av->have_fastchunks))
+ 	malloc_consolidate(av);
+ 
+-      if (av == &main_arena) {
++      if (av == &main_arena)
++	{
+ #ifndef MORECORE_CANNOT_TRIM
+-	if ((unsigned long)(chunksize(av->top)) >=
+-	    (unsigned long)(mp_.trim_threshold))
+-	  systrim(mp_.top_pad, av);
++	  if (chunksize (av->top) >= mp_.trim_threshold)
++	    systrim (mp_.top_pad, av);
+ #endif
+-      } else {
+-	/* Always try heap_trim(), even if the top chunk is not
+-	   large, because the corresponding heap might go away.  */
+-	heap_info *heap = heap_for_ptr(top(av));
++	}
++      else
++	{
++	  /* Always try heap_trim, even if the top chunk is not large,
++	     because the corresponding heap might go away.  */
++	  heap_info *heap = heap_for_ptr (top (av));
+ 
+-	assert(heap->ar_ptr == av);
+-	heap_trim(heap, mp_.top_pad);
+-      }
++	  assert (heap->ar_ptr == av);
++	  heap_trim (heap, mp_.top_pad);
++	}
+     }
+-
+-    if (!have_lock)
+-      __libc_lock_unlock (av->mutex);
+-  }
+-  /*
+-    If the chunk was allocated via mmap, release via munmap().
+-  */
+-
+-  else {
+-    munmap_chunk (p);
+-  }
+ }
+ 
+ /*
+@@ -5221,7 +5254,7 @@ _int_memalign (mstate av, size_t alignment, size_t bytes)
+                 (av != &main_arena ? NON_MAIN_ARENA : 0));
+       set_inuse_bit_at_offset (newp, newsize);
+       set_head_size (p, leadsize | (av != &main_arena ? NON_MAIN_ARENA : 0));
+-      _int_free (av, p, 1);
++      _int_free_merge_chunk (av, p, leadsize);
+       p = newp;
+ 
+       assert (newsize >= nb &&
+@@ -5232,15 +5265,27 @@ _int_memalign (mstate av, size_t alignment, size_t bytes)
+   if (!chunk_is_mmapped (p))
+     {
+       size = chunksize (p);
+-      if ((unsigned long) (size) > (unsigned long) (nb + MINSIZE))
++      mchunkptr nextchunk = chunk_at_offset(p, size);
++      INTERNAL_SIZE_T nextsize = chunksize(nextchunk);
++      if (size > nb)
+         {
+           remainder_size = size - nb;
+-          remainder = chunk_at_offset (p, nb);
+-          set_head (remainder, remainder_size | PREV_INUSE |
+-                    (av != &main_arena ? NON_MAIN_ARENA : 0));
+-          set_head_size (p, nb);
+-          _int_free (av, remainder, 1);
+-        }
++	  if (remainder_size >= MINSIZE
++	      || nextchunk == av->top
++	      || !inuse_bit_at_offset (nextchunk, nextsize))
++	    {
++	      /* We can only give back the tail if it is larger than
++		 MINSIZE, or if the following chunk is unused (top
++		 chunk or unused in-heap chunk).  Otherwise we would
++		 create a chunk that is smaller than MINSIZE.  */
++	      remainder = chunk_at_offset (p, nb);
++	      set_head_size (p, nb);
++	      remainder_size = _int_free_create_chunk (av, remainder,
++						       remainder_size,
++						       nextchunk, nextsize);
++	      _int_free_maybe_consolidate (av, remainder_size);
++	    }
++	}
+     }
+ 
+   check_inuse_chunk (av, p);
+-- 
+2.41.0
+
+From b37e836b7cc2dba672e1de1cc7e076ba1c712614 Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Fri, 11 Aug 2023 17:48:13 +0200
+Subject: [PATCH 2/3] malloc: Remove bin scanning from memalign (bug 30723)
+
+On the test workload (mpv --cache=yes with VP9 video decoding), the
+bin scanning has a very poor success rate (less than 2%).  The tcache
+scanning has about 50% success rate, so keep that.
+
+Update comments in malloc/tst-memalign-2 to indicate the purpose
+of the tests.  Even with the scanning removed, the additional
+merging opportunities since commit 542b1105852568c3ebc712225ae78b
+("malloc: Enable merging of remainders in memalign (bug 30723)")
+are sufficient to pass the existing large bins test.
+
+Link: https://sourceware.org/pipermail/libc-alpha/2023-August/150857.html
+---
+ malloc/malloc.c         | 127 ++--------------------------------------
+ malloc/tst-memalign-2.c |   7 ++-
+ 2 files changed, 10 insertions(+), 124 deletions(-)
+
+diff --git a/malloc/malloc.c b/malloc/malloc.c
+index 948f9759af..9c2cab7a59 100644
+--- a/malloc/malloc.c
++++ b/malloc/malloc.c
+@@ -5082,7 +5082,6 @@ _int_memalign (mstate av, size_t alignment, size_t bytes)
+   mchunkptr remainder;            /* spare room at end to split off */
+   unsigned long remainder_size;   /* its size */
+   INTERNAL_SIZE_T size;
+-  mchunkptr victim;
+ 
+   nb = checked_request2size (bytes);
+   if (nb == 0)
+@@ -5101,129 +5100,13 @@ _int_memalign (mstate av, size_t alignment, size_t bytes)
+      we don't find anything in those bins, the common malloc code will
+      scan starting at 2x.  */
+ 
+-  /* This will be set if we found a candidate chunk.  */
+-  victim = NULL;
++  /* Call malloc with worst case padding to hit alignment. */
++  m = (char *) (_int_malloc (av, nb + alignment + MINSIZE));
+ 
+-  /* Fast bins are singly-linked, hard to remove a chunk from the middle
+-     and unlikely to meet our alignment requirements.  We have not done
+-     any experimentation with searching for aligned fastbins.  */
++  if (m == 0)
++    return 0;           /* propagate failure */
+ 
+-  if (av != NULL)
+-    {
+-      int first_bin_index;
+-      int first_largebin_index;
+-      int last_bin_index;
+-
+-      if (in_smallbin_range (nb))
+-	first_bin_index = smallbin_index (nb);
+-      else
+-	first_bin_index = largebin_index (nb);
+-
+-      if (in_smallbin_range (nb * 2))
+-	last_bin_index = smallbin_index (nb * 2);
+-      else
+-	last_bin_index = largebin_index (nb * 2);
+-
+-      first_largebin_index = largebin_index (MIN_LARGE_SIZE);
+-
+-      int victim_index;                 /* its bin index */
+-
+-      for (victim_index = first_bin_index;
+-	   victim_index < last_bin_index;
+-	   victim_index ++)
+-	{
+-	  victim = NULL;
+-
+-	  if (victim_index < first_largebin_index)
+-	    {
+-	      /* Check small bins.  Small bin chunks are doubly-linked despite
+-		 being the same size.  */
+-
+-	      mchunkptr fwd;                    /* misc temp for linking */
+-	      mchunkptr bck;                    /* misc temp for linking */
+-
+-	      bck = bin_at (av, victim_index);
+-	      fwd = bck->fd;
+-	      while (fwd != bck)
+-		{
+-		  if (chunk_ok_for_memalign (fwd, alignment, nb) > 0)
+-		    {
+-		      victim = fwd;
+-
+-		      /* Unlink it */
+-		      victim->fd->bk = victim->bk;
+-		      victim->bk->fd = victim->fd;
+-		      break;
+-		    }
+-
+-		  fwd = fwd->fd;
+-		}
+-	    }
+-	  else
+-	    {
+-	      /* Check large bins.  */
+-	      mchunkptr fwd;                    /* misc temp for linking */
+-	      mchunkptr bck;                    /* misc temp for linking */
+-	      mchunkptr best = NULL;
+-	      size_t best_size = 0;
+-
+-	      bck = bin_at (av, victim_index);
+-	      fwd = bck->fd;
+-
+-	      while (fwd != bck)
+-		{
+-		  int extra;
+-
+-		  if (chunksize (fwd) < nb)
+-		    break;
+-		  extra = chunk_ok_for_memalign (fwd, alignment, nb);
+-		  if (extra > 0
+-		      && (extra <= best_size || best == NULL))
+-		    {
+-		      best = fwd;
+-		      best_size = extra;
+-		    }
+-
+-		  fwd = fwd->fd;
+-		}
+-	      victim = best;
+-
+-	      if (victim != NULL)
+-		{
+-		  unlink_chunk (av, victim);
+-		  break;
+-		}
+-	    }
+-
+-	  if (victim != NULL)
+-	    break;
+-	}
+-    }
+-
+-  /* Strategy: find a spot within that chunk that meets the alignment
+-     request, and then possibly free the leading and trailing space.
+-     This strategy is incredibly costly and can lead to external
+-     fragmentation if header and footer chunks are unused.  */
+-
+-  if (victim != NULL)
+-    {
+-      p = victim;
+-      m = chunk2mem (p);
+-      set_inuse (p);
+-      if (av != &main_arena)
+-	set_non_main_arena (p);
+-    }
+-  else
+-    {
+-      /* Call malloc with worst case padding to hit alignment. */
+-
+-      m = (char *) (_int_malloc (av, nb + alignment + MINSIZE));
+-
+-      if (m == 0)
+-	return 0;           /* propagate failure */
+-
+-      p = mem2chunk (m);
+-    }
++  p = mem2chunk (m);
+ 
+   if ((((unsigned long) (m)) % alignment) != 0)   /* misaligned */
+     {
+diff --git a/malloc/tst-memalign-2.c b/malloc/tst-memalign-2.c
+index f229283dbf..ecd6fa249e 100644
+--- a/malloc/tst-memalign-2.c
++++ b/malloc/tst-memalign-2.c
+@@ -86,7 +86,8 @@ do_test (void)
+       TEST_VERIFY (tcache_allocs[i].ptr1 == tcache_allocs[i].ptr2);
+     }
+ 
+-  /* Test for non-head tcache hits.  */
++  /* Test for non-head tcache hits.  This exercises the memalign
++     scanning code to find matching allocations.  */
+   for (i = 0; i < array_length (ptr); ++ i)
+     {
+       if (i == 4)
+@@ -113,7 +114,9 @@ do_test (void)
+   free (p);
+   TEST_VERIFY (count > 0);
+ 
+-  /* Large bins test.  */
++  /* Large bins test.  This verifies that the over-allocated parts
++     that memalign releases for future allocations can be reused by
++     memalign itself at least in some cases.  */
+ 
+   for (i = 0; i < LN; ++ i)
+     {
+-- 
+2.41.0
+
+From 26973f7b09c33e67f6bcbc79371796c8dd334528 Mon Sep 17 00:00:00 2001
+From: Xi Ruoyao <xry111@xry111.site>
+Date: Mon, 14 Aug 2023 11:05:18 +0800
+Subject: [PATCH 3/3] malloc: Remove unused functions and variables
+
+Remove unused chunk_ok_for_memalign function and unused local variables
+in _int_free.
+
+Signed-off-by: Xi Ruoyao <xry111@xry111.site>
+---
+ malloc/malloc.c | 42 ------------------------------------------
+ 1 file changed, 42 deletions(-)
+
+diff --git a/malloc/malloc.c b/malloc/malloc.c
+index 9c2cab7a59..d0bbbf3710 100644
+--- a/malloc/malloc.c
++++ b/malloc/malloc.c
+@@ -4488,12 +4488,6 @@ _int_free (mstate av, mchunkptr p, int have_lock)
+ {
+   INTERNAL_SIZE_T size;        /* its size */
+   mfastbinptr *fb;             /* associated fastbin */
+-  mchunkptr nextchunk;         /* next contiguous chunk */
+-  INTERNAL_SIZE_T nextsize;    /* its size */
+-  int nextinuse;               /* true if nextchunk is used */
+-  INTERNAL_SIZE_T prevsize;    /* size of previous contiguous chunk */
+-  mchunkptr bck;               /* misc temp for linking */
+-  mchunkptr fwd;               /* misc temp for linking */
+ 
+   size = chunksize (p);
+ 
+@@ -5032,42 +5026,6 @@ _int_realloc (mstate av, mchunkptr oldp, INTERNAL_SIZE_T oldsize,
+    ------------------------------ memalign ------------------------------
+  */
+ 
+-/* Returns 0 if the chunk is not and does not contain the requested
+-   aligned sub-chunk, else returns the amount of "waste" from
+-   trimming.  NB is the *chunk* byte size, not the user byte
+-   size.  */
+-static size_t
+-chunk_ok_for_memalign (mchunkptr p, size_t alignment, size_t nb)
+-{
+-  void *m = chunk2mem (p);
+-  INTERNAL_SIZE_T size = chunksize (p);
+-  void *aligned_m = m;
+-
+-  if (__glibc_unlikely (misaligned_chunk (p)))
+-    malloc_printerr ("_int_memalign(): unaligned chunk detected");
+-
+-  aligned_m = PTR_ALIGN_UP (m, alignment);
+-
+-  INTERNAL_SIZE_T front_extra = (intptr_t) aligned_m - (intptr_t) m;
+-
+-  /* We can't trim off the front as it's too small.  */
+-  if (front_extra > 0 && front_extra < MINSIZE)
+-    return 0;
+-
+-  /* If it's a perfect fit, it's an exception to the return value rule
+-     (we would return zero waste, which looks like "not usable"), so
+-     handle it here by returning a small non-zero value instead.  */
+-  if (size == nb && front_extra == 0)
+-    return 1;
+-
+-  /* If the block we need fits in the chunk, calculate total waste.  */
+-  if (size > nb + front_extra)
+-    return size - nb;
+-
+-  /* Can't use this chunk.  */
+-  return 0;
+-}
+-
+ /* BYTES is user requested bytes, not requested chunksize bytes.  */
+ static void *
+ _int_memalign (mstate av, size_t alignment, size_t bytes)
+-- 
+2.41.0
+
+diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c
+index c8b77bbc35..119dc9f00f 100644
+--- a/resolv/nss_dns/dns-host.c
++++ b/resolv/nss_dns/dns-host.c
+@@ -427,7 +427,7 @@ _nss_dns_gethostbyname4_r (const char *name, struct gaih_addrtuple **pat,
+     {
+       n = __res_context_search (ctx, name, C_IN, T_A,
+ 				dns_packet_buffer, sizeof (dns_packet_buffer),
+-				NULL, NULL, NULL, NULL, NULL);
++				&alt_dns_packet_buffer, NULL, NULL, NULL, NULL);
+       if (n >= 0)
+ 	status = gaih_getanswer_noaaaa (alt_dns_packet_buffer, n,
+ 					&abuf, pat, errnop, herrnop, ttlp);
+
+diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c
+index 6ae6744fe4..eb5ba59dac 100644
+--- a/sysdeps/posix/getaddrinfo.c
++++ b/sysdeps/posix/getaddrinfo.c
+@@ -120,6 +120,7 @@ struct gaih_result
+ {
+   struct gaih_addrtuple *at;
+   char *canon;
++  char *hname;
+   bool free_at;
+   bool got_ipv6;
+ };
+@@ -165,6 +166,7 @@ gaih_result_reset (struct gaih_result *res)
+   if (res->free_at)
+     free (res->at);
+   free (res->canon);
++  free (res->hname);
+   memset (res, 0, sizeof (*res));
+ }
+ 
+@@ -203,9 +205,8 @@ gaih_inet_serv (const char *servicename, const struct gaih_typeproto *tp,
+   return 0;
+ }
+ 
+-/* Convert struct hostent to a list of struct gaih_addrtuple objects.  h_name
+-   is not copied, and the struct hostent object must not be deallocated
+-   prematurely.  The new addresses are appended to the tuple array in RES.  */
++/* Convert struct hostent to a list of struct gaih_addrtuple objects.  The new
++   addresses are appended to the tuple array in RES.  */
+ static bool
+ convert_hostent_to_gaih_addrtuple (const struct addrinfo *req, int family,
+ 				   struct hostent *h, struct gaih_result *res)
+@@ -238,6 +239,15 @@ convert_hostent_to_gaih_addrtuple (const struct addrinfo *req, int family,
+   res->at = array;
+   res->free_at = true;
+ 
++  /* Duplicate h_name because it may get reclaimed when the underlying storage
++     is freed.  */
++  if (res->hname == NULL)
++    {
++      res->hname = __strdup (h->h_name);
++      if (res->hname == NULL)
++	return false;
++    }
++
+   /* Update the next pointers on reallocation.  */
+   for (size_t i = 0; i < old; i++)
+     array[i].next = array + i + 1;
+@@ -262,7 +272,6 @@ convert_hostent_to_gaih_addrtuple (const struct addrinfo *req, int family,
+ 	}
+       array[i].next = array + i + 1;
+     }
+-  array[0].name = h->h_name;
+   array[count - 1].next = NULL;
+ 
+   return true;
+@@ -324,15 +333,15 @@ gethosts (nss_gethostbyname3_r fct, int family, const char *name,
+    memory allocation failure.  The returned string is allocated on the
+    heap; the caller has to free it.  */
+ static char *
+-getcanonname (nss_action_list nip, struct gaih_addrtuple *at, const char *name)
++getcanonname (nss_action_list nip, const char *hname, const char *name)
+ {
+   nss_getcanonname_r *cfct = __nss_lookup_function (nip, "getcanonname_r");
+   char *s = (char *) name;
+   if (cfct != NULL)
+     {
+       char buf[256];
+-      if (DL_CALL_FCT (cfct, (at->name ?: name, buf, sizeof (buf),
+-			      &s, &errno, &h_errno)) != NSS_STATUS_SUCCESS)
++      if (DL_CALL_FCT (cfct, (hname ?: name, buf, sizeof (buf), &s, &errno,
++			      &h_errno)) != NSS_STATUS_SUCCESS)
+ 	/* If the canonical name cannot be determined, use the passed
+ 	   string.  */
+ 	s = (char *) name;
+@@ -740,6 +749,7 @@ get_nss_addresses (const char *name, const struct addrinfo *req,
+ 		    }
+ 		  no_inet6_data = no_data;
+ 		  inet6_status = status;
++
+ 		}
+ 	      if (req->ai_family == AF_INET
+ 		  || req->ai_family == AF_UNSPEC
+@@ -771,7 +781,7 @@ get_nss_addresses (const char *name, const struct addrinfo *req,
+ 		  if ((req->ai_flags & AI_CANONNAME) != 0
+ 		      && res->canon == NULL)
+ 		    {
+-		      char *canonbuf = getcanonname (nip, res->at, name);
++		      char *canonbuf = getcanonname (nip, res->hname, name);
+ 		      if (canonbuf == NULL)
+ 			{
+ 			  __resolv_context_put (res_ctx);
diff --git a/source/l/glibc/patches/glibc.CVE-2023-4911.patch b/source/l/glibc/patches/glibc.CVE-2023-4911.patch
new file mode 100644
index 000000000..a790a8305
--- /dev/null
+++ b/source/l/glibc/patches/glibc.CVE-2023-4911.patch
@@ -0,0 +1,173 @@
+From 1056e5b4c3f2d90ed2b4a55f96add28da2f4c8fa Mon Sep 17 00:00:00 2001
+From: Siddhesh Poyarekar <siddhesh@sourceware.org>
+Date: Tue, 19 Sep 2023 18:39:32 -0400
+Subject: [PATCH] tunables: Terminate if end of input is reached
+ (CVE-2023-4911)
+
+The string parsing routine may end up writing beyond bounds of tunestr
+if the input tunable string is malformed, of the form name=name=val.
+This gets processed twice, first as name=name=val and next as name=val,
+resulting in tunestr being name=name=val:name=val, thus overflowing
+tunestr.
+
+Terminate the parsing loop at the first instance itself so that tunestr
+does not overflow.
+
+This also fixes up tst-env-setuid-tunables to actually handle failures
+correct and add new tests to validate the fix for this CVE.
+
+Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
+Reviewed-by: Carlos O'Donell <carlos@redhat.com>
+---
+ NEWS                          |  5 +++++
+ elf/dl-tunables.c             | 17 +++++++++-------
+ elf/tst-env-setuid-tunables.c | 37 +++++++++++++++++++++++++++--------
+ 3 files changed, 44 insertions(+), 15 deletions(-)
+
+diff --git a/NEWS b/NEWS
+index a94650da64..cc4b81f0ac 100644
+--- a/NEWS
++++ b/NEWS
+@@ -64,6 +64,11 @@ Security related changes:
+   an application calls getaddrinfo for AF_INET6 with AI_CANONNAME,
+   AI_ALL and AI_V4MAPPED flags set.
+ 
++  CVE-2023-4911: If a tunable of the form NAME=NAME=VAL is passed in the
++  environment of a setuid program and NAME is valid, it may result in a
++  buffer overflow, which could be exploited to achieve escalated
++  privileges.  This flaw was introduced in glibc 2.34.
++
+ The following bugs are resolved with this release:
+ 
+   [The release manager will add the list generated by
+diff --git a/elf/dl-tunables.c b/elf/dl-tunables.c
+index 62b7332d95..cae67efa0a 100644
+--- a/elf/dl-tunables.c
++++ b/elf/dl-tunables.c
+@@ -180,11 +180,7 @@ parse_tunables (char *tunestr, char *valstring)
+       /* If we reach the end of the string before getting a valid name-value
+ 	 pair, bail out.  */
+       if (p[len] == '\0')
+-	{
+-	  if (__libc_enable_secure)
+-	    tunestr[off] = '\0';
+-	  return;
+-	}
++	break;
+ 
+       /* We did not find a valid name-value pair before encountering the
+ 	 colon.  */
+@@ -244,9 +240,16 @@ parse_tunables (char *tunestr, char *valstring)
+ 	    }
+ 	}
+ 
+-      if (p[len] != '\0')
+-	p += len + 1;
++      /* We reached the end while processing the tunable string.  */
++      if (p[len] == '\0')
++	break;
++
++      p += len + 1;
+     }
++
++  /* Terminate tunestr before we leave.  */
++  if (__libc_enable_secure)
++    tunestr[off] = '\0';
+ }
+ 
+ /* Enable the glibc.malloc.check tunable in SETUID/SETGID programs only when
+diff --git a/elf/tst-env-setuid-tunables.c b/elf/tst-env-setuid-tunables.c
+index 7dfb0e073a..f0b92c97e7 100644
+--- a/elf/tst-env-setuid-tunables.c
++++ b/elf/tst-env-setuid-tunables.c
+@@ -50,6 +50,8 @@ const char *teststrings[] =
+   "glibc.malloc.perturb=0x800:not_valid.malloc.check=2:glibc.malloc.mmap_threshold=4096",
+   "glibc.not_valid.check=2:glibc.malloc.mmap_threshold=4096",
+   "not_valid.malloc.check=2:glibc.malloc.mmap_threshold=4096",
++  "glibc.malloc.mmap_threshold=glibc.malloc.mmap_threshold=4096",
++  "glibc.malloc.check=2",
+   "glibc.malloc.garbage=2:glibc.maoc.mmap_threshold=4096:glibc.malloc.check=2",
+   "glibc.malloc.check=4:glibc.malloc.garbage=2:glibc.maoc.mmap_threshold=4096",
+   ":glibc.malloc.garbage=2:glibc.malloc.check=1",
+@@ -68,6 +70,8 @@ const char *resultstrings[] =
+   "glibc.malloc.perturb=0x800:glibc.malloc.mmap_threshold=4096",
+   "glibc.malloc.mmap_threshold=4096",
+   "glibc.malloc.mmap_threshold=4096",
++  "glibc.malloc.mmap_threshold=glibc.malloc.mmap_threshold=4096",
++  "",
+   "",
+   "",
+   "",
+@@ -81,11 +85,18 @@ test_child (int off)
+ {
+   const char *val = getenv ("GLIBC_TUNABLES");
+ 
++  printf ("    [%d] GLIBC_TUNABLES is %s\n", off, val);
++  fflush (stdout);
+   if (val != NULL && strcmp (val, resultstrings[off]) == 0)
+     return 0;
+ 
+   if (val != NULL)
+-    printf ("[%d] Unexpected GLIBC_TUNABLES VALUE %s\n", off, val);
++    printf ("    [%d] Unexpected GLIBC_TUNABLES VALUE %s, expected %s\n",
++	    off, val, resultstrings[off]);
++  else
++    printf ("    [%d] GLIBC_TUNABLES environment variable absent\n", off);
++
++  fflush (stdout);
+ 
+   return 1;
+ }
+@@ -106,21 +117,26 @@ do_test (int argc, char **argv)
+       if (ret != 0)
+ 	exit (1);
+ 
+-      exit (EXIT_SUCCESS);
++      /* Special return code to make sure that the child executed all the way
++	 through.  */
++      exit (42);
+     }
+   else
+     {
+-      int ret = 0;
+-
+       /* Spawn tests.  */
+       for (int i = 0; i < array_length (teststrings); i++)
+ 	{
+ 	  char buf[INT_BUFSIZE_BOUND (int)];
+ 
+-	  printf ("Spawned test for %s (%d)\n", teststrings[i], i);
++	  printf ("[%d] Spawned test for %s\n", i, teststrings[i]);
+ 	  snprintf (buf, sizeof (buf), "%d\n", i);
++	  fflush (stdout);
+ 	  if (setenv ("GLIBC_TUNABLES", teststrings[i], 1) != 0)
+-	    exit (1);
++	    {
++	      printf ("    [%d] Failed to set GLIBC_TUNABLES: %m", i);
++	      support_record_failure ();
++	      continue;
++	    }
+ 
+ 	  int status = support_capture_subprogram_self_sgid (buf);
+ 
+@@ -128,9 +144,14 @@ do_test (int argc, char **argv)
+ 	  if (WEXITSTATUS (status) == EXIT_UNSUPPORTED)
+ 	    return EXIT_UNSUPPORTED;
+ 
+-	  ret |= status;
++	  if (WEXITSTATUS (status) != 42)
++	    {
++	      printf ("    [%d] child failed with status %d\n", i,
++		      WEXITSTATUS (status));
++	      support_record_failure ();
++	    }
+ 	}
+-      return ret;
++      return 0;
+     }
+ }
+ 
+-- 
+2.39.3
+
+
diff --git a/source/l/glibc/patches/reenable_DT_HASH.patch b/source/l/glibc/patches/reenable_DT_HASH.patch
index f828b011b..7b7fe9ee4 100644
--- a/source/l/glibc/patches/reenable_DT_HASH.patch
+++ b/source/l/glibc/patches/reenable_DT_HASH.patch
@@ -1,27 +1,7 @@
-From e47de5cb2d4dbecb58f569ed241e8e95c568f03c Mon Sep 17 00:00:00 2001
-From: Florian Weimer <fweimer@redhat.com>
-Date: Fri, 29 Apr 2022 16:37:51 +0200
-Subject: [PATCH] Do not use --hash-style=both for building glibc shared
- objects
-
-The comment indicates that --hash-style=both was used to maintain
-compatibility with static dlopen, but we had many internal ABI
-changes since then, so this compatiblity does not add value anymore.
-
-Reviewed-by: Carlos O'Donell <carlos@redhat.com>
----
- Makeconfig     |  9 +++++++++
- Makerules      |  7 +++++++
- config.make.in |  1 +
- configure      | 28 ++++++++++++++++++++++++++++
- configure.ac   | 16 ++++++++++++++++
- 5 files changed, 61 insertions(+)
-
-diff --git b/Makeconfig a/Makeconfig
-index 760f14e92f..0aa5fb0099 100644
---- b/Makeconfig
-+++ a/Makeconfig
-@@ -362,6 +362,15 @@ relro-LDFLAGS = -Wl,-z,relro
+diff -up glibc-2.38/Makeconfig.45~ glibc-2.38/Makeconfig
+--- glibc-2.38/Makeconfig.45~	2023-08-01 01:02:58.246719027 +0200
++++ glibc-2.38/Makeconfig	2023-08-01 01:02:58.303719582 +0200
+@@ -381,6 +381,15 @@ relro-LDFLAGS = -Wl,-z,relro
  LDFLAGS.so += $(relro-LDFLAGS)
  LDFLAGS-rtld += $(relro-LDFLAGS)
  
@@ -34,53 +14,34 @@ index 760f14e92f..0aa5fb0099 100644
 +LDFLAGS-rtld += $(hashstyle-LDFLAGS)
 +endif
 +
- ifeq (no,$(build-pie-default))
- pie-default = $(no-pie-ccflag)
- else # build-pie-default
-diff --git b/Makerules a/Makerules
-index 354528b8c7..428464f092 100644
---- b/Makerules
-+++ a/Makerules
-@@ -557,6 +557,13 @@ $(common-objpfx)shlib.lds: $(common-objpfx)config.make $(..)Makerules
- 		  -Wl,--verbose 2>/dev/null | \
- 	  sed > $@T \
- 	      -e '/^=========/,/^=========/!d;/^=========/d' \
-+	      $(if $(filter yes,$(have-hash-style)), \
-+		   -e 's/^.*\.gnu\.hash[ 	]*:.*$$/  .note.ABI-tag : { *(.note.ABI-tag) } &/' \
-+		   -e '/^[ 	]*\.hash[ 	]*:.*$$/{h;d;}' \
-+		   -e '/DATA_SEGMENT_ALIGN/{H;g}' \
-+		, \
-+		   -e 's/^.*\.hash[ 	]*:.*$$/  .note.ABI-tag : { *(.note.ABI-tag) } &/' \
-+	       ) \
- 	      -e 's/^.*\*(\.dynbss).*$$/& \
- 		 PROVIDE(__start___libc_freeres_ptrs = .); \
- 		 *(__libc_freeres_ptrs) \
-diff --git b/config.make.in a/config.make.in
-index fff4c78dd0..bf728c71c0 100644
---- b/config.make.in
-+++ a/config.make.in
-@@ -70,6 +70,7 @@ have-libcap = @have_libcap@
+ # Linker options to enable and disable DT_RELR.
+ ifeq ($(have-dt-relr),yes)
+ dt-relr-ldflag = -Wl,-z,pack-relative-relocs
+diff -up glibc-2.38/Makerules.45~ glibc-2.38/Makerules
+diff -up glibc-2.38/config.make.in.45~ glibc-2.38/config.make.in
+--- glibc-2.38/config.make.in.45~	2023-08-01 01:02:58.301719562 +0200
++++ glibc-2.38/config.make.in	2023-08-01 01:03:54.721267748 +0200
+@@ -71,6 +71,7 @@ have-libaudit = @have_libaudit@
+ have-libcap = @have_libcap@
  have-cc-with-libunwind = @libc_cv_cc_with_libunwind@
- fno-unit-at-a-time = @fno_unit_at_a_time@
  bind-now = @bindnow@
 +have-hash-style = @libc_cv_hashstyle@
- use-default-link = @use_default_link@
  have-cxx-thread_local = @libc_cv_cxx_thread_local@
  have-loop-to-function = @libc_cv_cc_loop_to_function@
-diff --git b/configure a/configure
-index 716dc041b6..5a730dc5fc 100755
---- b/configure
-+++ a/configure
-@@ -622,6 +622,7 @@ libc_cv_cc_nofma
+ have-textrel_ifunc = @libc_cv_textrel_ifunc@
+diff -up glibc-2.38/configure.45~ glibc-2.38/configure
+--- glibc-2.38/configure.45~	2023-07-31 19:54:16.000000000 +0200
++++ glibc-2.38/configure	2023-08-01 01:04:54.904850299 +0200
+@@ -655,6 +655,7 @@ libc_cv_cc_submachine
+ libc_cv_cc_nofma
  libc_cv_mtls_dialect_gnu2
- fno_unit_at_a_time
  libc_cv_has_glob_dat
 +libc_cv_hashstyle
  libc_cv_fpie
  libc_cv_z_execstack
  ASFLAGS_config
-@@ -6193,6 +6194,33 @@ $as_echo "$libc_cv_fpie" >&6; }
- 
+@@ -7107,6 +7108,32 @@ fi
+ printf "%s\n" "$libc_cv_fpie" >&6; }
  
  
 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for --hash-style option" >&5
@@ -92,8 +53,8 @@ index 716dc041b6..5a730dc5fc 100755
 +int _start (void) { return 42; }
 +EOF
 +if { ac_try='${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS $no_ssp
-+			    -fPIC -shared -o conftest.so conftest.c
-+			    -Wl,--hash-style=both -nostdlib 1>&5'
++                           -fPIC -shared -o conftest.so conftest.c
++                           -Wl,--hash-style=both -nostdlib 1>&5'
 +  { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5
 +  (eval $ac_try) 2>&5
 +  ac_status=$?
@@ -109,15 +70,13 @@ index 716dc041b6..5a730dc5fc 100755
 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libc_cv_hashstyle" >&5
 +$as_echo "$libc_cv_hashstyle" >&6; }
 +
-+
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GLOB_DAT reloc" >&5
- $as_echo_n "checking for GLOB_DAT reloc... " >&6; }
- if ${libc_cv_has_glob_dat+:} false; then :
-diff --git b/configure.ac a/configure.ac
-index d08ad4d64e..a045f6608e 100644
---- b/configure.ac
-+++ a/configure.ac
-@@ -1360,6 +1360,22 @@ LIBC_TRY_CC_OPTION([-fpie], [libc_cv_fpie=yes], [libc_cv_fpie=no])
+ 
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for GLOB_DAT reloc" >&5
+ printf %s "checking for GLOB_DAT reloc... " >&6; }
+diff -up glibc-2.38/configure.ac.45~ glibc-2.38/configure.ac
+--- glibc-2.38/configure.ac.45~	2023-07-31 19:54:16.000000000 +0200
++++ glibc-2.38/configure.ac	2023-08-01 01:02:58.303719582 +0200
+@@ -1339,6 +1339,22 @@ LIBC_TRY_CC_OPTION([-fpie], [libc_cv_fpi
  
  AC_SUBST(libc_cv_fpie)
  
@@ -140,6 +99,3 @@ index d08ad4d64e..a045f6608e 100644
  AC_CACHE_CHECK(for GLOB_DAT reloc,
  	       libc_cv_has_glob_dat, [dnl
  cat > conftest.c <<EOF
--- 
-2.37.1
-
diff --git a/source/l/shared-mime-info/shared-mime-info.SlackBuild b/source/l/shared-mime-info/shared-mime-info.SlackBuild
index 9b54b78ef..3db808028 100755
--- a/source/l/shared-mime-info/shared-mime-info.SlackBuild
+++ b/source/l/shared-mime-info/shared-mime-info.SlackBuild
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright 2008, 2009, 2010, 2012, 2016, 2018, 2021, 2022  Patrick J. Volkerding, Sebeka, MN, USA
+# Copyright 2008, 2009, 2010, 2012, 2016, 2018, 2021, 2022, 2023  Patrick J. Volkerding, Sebeka, MN, USA
 # All rights reserved.
 #
 # Redistribution and use of this script, with or without modification, is
@@ -78,8 +78,6 @@ find . \
  \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
  -exec chmod 644 {} \+
 
-zcat $CWD/shared-mime-info.skip_tests.diff.gz | patch -p1 --verbose || exit 1
-
 # Configure, build, and install:
 export CFLAGS="$SLKCFLAGS"
 export CXXFLAGS="$SLKCFLAGS"
@@ -97,6 +95,7 @@ meson setup \
   --sysconfdir=/etc \
   --localstatedir=/var \
   --buildtype=release \
+  -Dbuild-tests=false \
   -Dupdate-mimedb=false \
   .. || exit 1
   # Don't use fdatasync() unless you want it to take 1000x longer
diff --git a/source/l/shared-mime-info/shared-mime-info.skip_tests.diff b/source/l/shared-mime-info/shared-mime-info.skip_tests.diff
deleted file mode 100644
index a05576053..000000000
--- a/source/l/shared-mime-info/shared-mime-info.skip_tests.diff
+++ /dev/null
@@ -1,11 +0,0 @@
---- ./meson.build.orig	2022-03-27 05:19:00.000000000 -0500
-+++ ./meson.build	2022-03-28 13:48:19.290060450 -0500
-@@ -65,7 +65,7 @@
-     gio = dependency('gio-2.0', required: false)
-     subdir('src')
- endif
--subdir('tests')
-+#subdir('tests')
- 
- configure_file(
-     input: 'shared-mime-info.pc.in',
diff --git a/source/n/libtirpc/libtirpc.SlackBuild b/source/n/libtirpc/libtirpc.SlackBuild
index f9b63f8c0..c7361bd35 100755
--- a/source/n/libtirpc/libtirpc.SlackBuild
+++ b/source/n/libtirpc/libtirpc.SlackBuild
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright 2015, 2018  Patrick J. Volkerding, Sebeka, Minnesota, USA
+# Copyright 2015, 2018, 2023  Patrick J. Volkerding, Sebeka, Minnesota, USA
 # All rights reserved.
 #
 # Redistribution and use of this script, with or without modification, is
@@ -21,10 +21,6 @@
 #  ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 # Thanks to Jan Rafaj for contributing the original reference script.
-# Remark: - The GSS support (for secure RPC) is currently not built, as it
-# Remark:   requires Kerberos 5 libraries. If you need it, install
-# Remark:   Kerberos 5, remove '--disable-gssapi' from the configure flags
-# Remark:   below and rebuild.
 
 cd $(dirname $0) ; CWD=$(pwd)
 
diff --git a/source/n/proftpd/proftpd.SlackBuild b/source/n/proftpd/proftpd.SlackBuild
index 038b4d3b9..bcac2741a 100755
--- a/source/n/proftpd/proftpd.SlackBuild
+++ b/source/n/proftpd/proftpd.SlackBuild
@@ -23,9 +23,9 @@
 cd $(dirname $0) ; CWD=$(pwd)
 
 PKGNAM=proftpd
-VERSION=1.3.8
-DIRVER=1.3.8
-BUILD=${BUILD:-4}
+VERSION=1.3.8a
+DIRVER=1.3.8a
+BUILD=${BUILD:-1}
 
 NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}