!923 [sync] PR-917: sync some patches

From: @openeuler-sync-bot 
Reviewed-by: @liqingqing_1229 
Signed-off-by: @liqingqing_1229

backport-resolv-allow-short-error-response-to-match-any-query.patch

@@ -0,0 +1,71 @@
+From 691a3b2e9bfaba842e46a5ccb7f5e6ea144c3ade Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Wed, 24 Jul 2024 12:06:47 +0200
+Subject: [PATCH] resolv: Allow short error responses to match any query (bug
+ 31890)
+
+Reviewed-by: DJ Delorie <dj@redhat.com>
+
+Conflict:tst-resolv-short-response test case
+Reference:https://sourceware.org/git/?p=glibc.git;a=patch;h=691a3b2e9bfaba842e46a5ccb7f5e6ea144c3ade
+
+---
+ resolv/res_send.c | 29 +++++++++++++++++++----------
+ 1 file changed, 19 insertions(+), 10 deletions(-)
+
+diff --git a/resolv/res_send.c b/resolv/res_send.c
+index 701c089a..f2014a94 100644
+--- a/resolv/res_send.c
++++ b/resolv/res_send.c
+@@ -1194,19 +1194,30 @@ send_dg(res_state statp,
+ 		}
+ 
+ 		/* Check for the correct header layout and a matching
+-		   question.  */
++		   question.  Some recursive resolvers send REFUSED
++		   without copying back the question section
++		   (producing a response that is only HFIXEDSZ bytes
++		   long).  Skip query matching in this case.  */
++		bool thisansp_error = (anhp->rcode == SERVFAIL ||
++				       anhp->rcode == NOTIMP ||
++				       anhp->rcode == REFUSED);
++		bool skip_query_match = (*thisresplenp == HFIXEDSZ
++					 && ntohs (anhp->qdcount) == 0
++					 && thisansp_error);
+ 		int matching_query = 0; /* Default to no matching query.  */
+ 		if (!recvresp1
+ 		    && anhp->id == hp->id
+-		    && __libc_res_queriesmatch (buf, buf + buflen,
+-						*thisansp,
+-						*thisansp + *thisanssizp))
++		    && (skip_query_match
++			|| __libc_res_queriesmatch (buf, buf + buflen,
++						    *thisansp,
++						    *thisansp + *thisanssizp)))
+ 		  matching_query = 1;
+ 		if (!recvresp2
+ 		    && anhp->id == hp2->id
+-		    && __libc_res_queriesmatch (buf2, buf2 + buflen2,
+-						*thisansp,
+-						*thisansp + *thisanssizp))
++		    && (skip_query_match
++			|| __libc_res_queriesmatch (buf2, buf2 + buflen2,
++						    *thisansp,
++						    *thisansp + *thisanssizp)))
+ 		  matching_query = 2;
+ 		if (matching_query == 0)
+ 		  /* Spurious UDP packet.  Drop it and continue
+@@ -1216,9 +1227,7 @@ send_dg(res_state statp,
+ 		    goto wait;
+ 		  }
+ 
+-		if (anhp->rcode == SERVFAIL ||
+-		    anhp->rcode == NOTIMP ||
+-		    anhp->rcode == REFUSED) {
++		if (thisansp_error) {
+ 		next_ns:
+ 			if (recvresp1 || (buf2 != NULL && recvresp2)) {
+ 			  *resplen2 = 0;
+-- 
+2.33.0
+

backport-resolv-track-single-request-fallback-flags.patch

@@ -0,0 +1,71 @@
+From 868ab8923a2ec977faafec97ecafac0c3159c1b2 Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Thu, 13 Jun 2024 18:56:30 +0200
+Subject: [PATCH] resolv: Track single-request fallback via _res._flags (bug
+ 31476)
+
+This avoids changing _res.options, which inteferes with change
+detection as part of automatic reloading of /etc/resolv.conf.
+
+Reviewed-by: DJ Delorie <dj@redhat.com>
+
+Conflict:NA
+Reference:https://sourceware.org/git/?p=glibc.git;a=patch;h=868ab8923a2ec977faafec97ecafac0c3159c1b2
+
+---
+ resolv/res_send.c        | 12 +++++++-----
+ resolv/resolv-internal.h |  2 ++
+ 2 files changed, 9 insertions(+), 5 deletions(-)
+
+diff --git a/resolv/res_send.c b/resolv/res_send.c
+index 54226a2e..701c089a 100644
+--- a/resolv/res_send.c
++++ b/resolv/res_send.c
+@@ -942,9 +942,11 @@ send_dg(res_state statp,
+ 		seconds /= statp->nscount;
+ 	if (seconds <= 0)
+ 		seconds = 1;
+-	bool single_request_reopen = (statp->options & RES_SNGLKUPREOP) != 0;
+-	bool single_request = (((statp->options & RES_SNGLKUP) != 0)
+-			       | single_request_reopen);
++	bool single_request_reopen = ((statp->options & RES_SNGLKUPREOP)
++				      || (statp->_flags & RES_F_SNGLKUPREOP));
++	bool single_request = ((statp->options & RES_SNGLKUP)
++			       || (statp->_flags & RES_F_SNGLKUP)
++			       || single_request_reopen);
+ 	int save_gotsomewhere = *gotsomewhere;
+ 
+ 	int retval;
+@@ -1001,14 +1003,14 @@ send_dg(res_state statp,
+ 		       have received the first answer.  */
+ 		    if (!single_request)
+ 		      {
+-			statp->options |= RES_SNGLKUP;
++			statp->_flags |= RES_F_SNGLKUP;
+ 			single_request = true;
+ 			*gotsomewhere = save_gotsomewhere;
+ 			goto retry;
+ 		      }
+ 		    else if (!single_request_reopen)
+ 		      {
+-			statp->options |= RES_SNGLKUPREOP;
++			statp->_flags |= RES_F_SNGLKUPREOP;
+ 			single_request_reopen = true;
+ 			*gotsomewhere = save_gotsomewhere;
+ 			__res_iclose (statp, false);
+diff --git a/resolv/resolv-internal.h b/resolv/resolv-internal.h
+index 216e47ed..fa92d318 100644
+--- a/resolv/resolv-internal.h
++++ b/resolv/resolv-internal.h
+@@ -26,6 +26,8 @@
+ #define RES_F_VC        0x00000001 /* Socket is TCP.  */
+ #define RES_F_CONN      0x00000002 /* Socket is connected.  */
+ #define RES_F_EDNS0ERR  0x00000004 /* EDNS0 caused errors.  */
++#define RES_F_SNGLKUP	0x00200000 /* Private version of RES_SNGLKUP.  */
++#define RES_F_SNGLKUPREOP 0x00400000 /* Private version of RES_SNGLKUPREOP.  */
+ 
+ /* Legacy function.  This needs to be removed once all NSS modules
+    have been adjusted.  */
+-- 
+2.33.0
+

glibc.spec

@@ -71,7 +71,7 @@
 ##############################################################################
 Name: 	 	glibc
 Version: 	2.34
-Release: 	159
+Release: 	160
 Summary: 	The GNU libc libraries
 License:	%{all_license}
 URL: 		http://www.gnu.org/software/glibc/
@@ -309,6 +309,8 @@ Patch217: backport-resolv-fix-non-existing-second-DNS-response-error.patch
 Patch218: backport-mktime-improve-heuristic-for-ca-1986-Indiana-DST.patch
 Patch219: backport-elf-execve-statically-linked-programs-instead-of-cra.patch
 Patch220: backport-elf-Use-errcode-instead-of-unset-errno-in-rtld_chain.patch
+Patch221: backport-resolv-track-single-request-fallback-flags.patch
+Patch222: backport-resolv-allow-short-error-response-to-match-any-query.patch
 
 Patch9000: turn-default-value-of-x86_rep_stosb_threshold_form_2K_to_1M.patch
 Patch9001: delete-no-hard-link-to-avoid-all_language-package-to.patch 
@@ -1538,6 +1540,13 @@ fi
 %endif
 
 %changelog
+* Wed Nov 06 2024 chengyechun <chengyechun1@huawei.com> - 2.34-160
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:resolv: Track single-request fallback via _res._flags
+       resolv: Allow short error responses to match any query
+
 * Mon Nov 04 2024 shixuantong <shixuantong1@huawei.com> - 2.34-159
 - elf: execve statically linked programs instead of crashing