glibc-2.23-4

git-svn-id: http://trac.vinelinux.org/repos/projects/specs@10738 ec354946-7b23-47d6-9f5a-488ba84defc7

g/glibc/glibc-vl.spec

@@ -30,7 +30,7 @@ Summary: The GNU libc libraries
 Summary(ja): GNU libc ライブラリ
 Name: glibc
 Version: %{glibcversion}
-Release: 3%{?_dist_release}
+Release: 4%{?_dist_release}
 # GPLv2+ is used in a bunch of programs, LGPLv2+ is used for libraries.
 # Things that are linked directly into dynamically linked programs
 # and shared libraries (e.g. crt files, lib*_nonshared.a) have an additional
@@ -56,6 +56,12 @@ Patch13: %{name}-2.18-locarchive.patch
 # patch for Vine
 Patch10001: glibc-2.18-vine-build-env.patch
 
+# security
+Patch20000: CVE-2016-1234-1.patch
+Patch20001: CVE-2016-1234-2.patch
+Patch20002: CVE-2016-3075.patch
+Patch20003: CVE-2016-3706.patch
+Patch20004: CVE-2016-4429.patch
 
 Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 Obsoletes: glibc-profile < 2.4
@@ -430,6 +436,11 @@ package or when debugging this package.
 
 %patch10001 -p1
 
+%patch20000 -p1
+%patch20001 -p1
+%patch20002 -p1
+%patch20003 -p1
+%patch20004 -p1
 
 # A lot of programs still misuse memcpy when they have to use
 # memmove. The memcpy implementation below is not tolerant at
@@ -1402,6 +1413,13 @@ rm -f *.filelist*
 %endif
 
 %changelog
+* Mon Aug  1 2016 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 2.23-4
+- added Patch20000-20004 to fix vulnerabilities.
+  - CVE-2016-1234
+  - CVE-2016-3075
+  - CVE-2016-3706
+  - CVE-2016-4429
+
 * Sun Jun 26 2016 Yoji TOYODA <bsyamato@sea.plala.or.jp> 2.23-3
 - rebuilt with gcc-5.4.0