I did manually look look into the patches for the coming r4 glibc (not keyworded yet). Thereby seeing following patches only include some Changelog messages without doing any to the actual glibc code: --- 0111_all_Don-t-use-IFUNC-resolver-for-longjmp-or-system-in-li.patch 0112_all_Fix-s390-version-of-pt-longjmp.c.patch 0113_all_Add-test-for-bug-21041.patch 0118_all_Add-test-for-bug-21041.patch 0129_all_Update-NEWS-and-ChangeLog-for-CVE-2017-15671.patch 0130_all_glob-Fix-buffer-overflow-during-GLOB_TILDE-unescapin.patch 0132_all_Update-NEWS-to-add-CVE-2017-15804-entry.patch 0135_all_ia64-Add-ipc_priv.h-header-to-set-__IPC_64-to-zero.patch 0136_all_posix-Fix-mmap-for-m68k-and-ia64-BZ-21908.patch 0137_all_ia64-Fix-thread-stack-allocation-permission-set-BZ-2.patch --- Is there something gone wrong?
I emerged sys-libs/glibc-2.26-r4 and rebooted my machine without error: Gentoo~unstable amd64 linux-4.14.8 with sys-libs/glibc-2.26-r4 works. But still I especially ask myself what about these two missing patches: 0111_all_Don-t-use-IFUNC-resolver-for-longjmp-or-system-in-li.patch 0130_all_glob-Fix-buffer-overflow-during-GLOB_TILDE-unescapin.patch
My wild guess would be that creation/deletion of files is not handled correctly by a new script preparing patchsets.
Actually patches themselves are incompletely cheryr-picked.
TL;DR: As far as I can see everything is working just fine and exactly as expected... The explanation: 1) Patches only touching ChangeLog When I backport a security fix into our patchset that is in upstream master, but not in the release branch (e.g. upstream 2.26) yet, I have to drop the chunk with the changelog addition (since it does not fit to our state of the changelog). When afterwards *upstream* backports the fix as well, it enters the upstream 2.26 branch with an adapted changelog text. And when I afterwards rebase the upstream 2.26 fixes onto our gentoo/2.26 branch, git recognizes that the code part of the commit is already there and drops it, leaving a commit that only touches the changelog... 2) Missing patch numbers We have a couple of files in our gentoo branches in scripts/gentoo/extras. For example the openrc init script for nscd... The extras subdirectory is added into the patchset tar directly, so it would make no sense to have its contents in the patches as well. The patchset is generated with "git format-patch", but all commits that contain "[no patch]" at the start of the commit message are removed... I hope this clarifies things. :) PS. https://github.com/gentoo/glibc/blob/gentoo/2.25/scripts/gentoo/make-tarball.sh