This commit does 3 things: address ipv6 breakage with nscd due to previous CVE fix, reformat previous CVE patches, and patch 4 new CVEs
The ipv6 w/ nscd breakage was due to CVE-2023-4806's patch and caused wrong results with IPv6 addresses when using nscd. The patch mixes up the variables i and count. Therefore backport the fix (227c903).
Additionally, the above fix highlighted that our original patches for CVE-2023-4806 and CVE-2023-5156 were malformed. Specifically, the CVE-2023-4806 patch which updates "/sysdeps/posix/getaddrinfo.c.” to latest from glibc-2.35 (commit 17092c0) did not include the changes to other files (mostly additional tests so impact was low) but did partially include CVE-2023-5156's changes. To fix, regenerate both patches based on commits from upstream stable 2.35.
Finally, this PR applies patches for CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602
* Upgrade golang to 1.19.4 upgrade to latest
* fix issues due to golang 1.19.4 upgrade
* re-add CVE-2022-41717.patch which is required by golang 1.17 spec
* clean up gh dependencies
* Revert "Patch buildah for CVE-2022-27651 (#4264)"
This reverts commit d1fadabbd6.
* Revert "Move nbdkit and its dependent packages from Extended to Core (#4163)"
This reverts commit 21d673ed73.
* Make `glibc-static` a real package and police its version
* Add version bounds to all mentions of `glibc-static` in spec files
* Bump releases for all affected packages
* Add pipeline job to check static glibc versions
* Release new glibc packages with split out glibc-static
* Include distribution in requirement bounds
* Don't implicitly install glibc-static in pkggen chroot
* Correctly split up the static libraries between devel/static
* Consistent use of f-strings
* Allow libacvp to build without depending on `glibc-static`
* Remove `libhugetlbfs-tests` package
* Update kernel configs to not support static linking
* Declare `glibc-static` dependency for flannel
* Enable `-pie` by default in `clang`
* Rebuild SymCrypt with `-pie` enabled `clang`
* Use `glibc-static` on all platforms for `busybox`
* Tidy up libacvp Source lines
* Clang can't default to `-pie` so move `crt1.o` to `glibc-devel`
* Fix libacvp Source0 syntax
* Don't build static binaries in libhugetlbfs-tests
* Update kernel config signatures
* Kubevirt needs glibc-static too
Muhammad Falak R Wani
Rachel Menge
Nan Liu
Pawel Winogrodzki
Minghe Ren
Mandeep Plaha
bfjelds
Andrew Phelps
CBL-Mariner-Bot
Sumynwa
Sam Meluch
Ameya Usgaonkar
Olivia Crain
Andy Caldwell
Olivia Crain
Thomas Crain