glibc: stable 2.37 branch updates.

b4e23c75ae tunables: Terminate if end of input is reached (CVE-2023-4911)
2dfd8c77b5 i686: Regenerate ulps
94ef701365 Document CVE-2023-4806 and CVE-2023-5156 in NEWS
4473d1b87d Fix leak in getaddrinfo introduced by the fix for CVE-2023-4806 [BZ #30843]
9d5c6e27ed x86: Fix for cache computation on AMD legacy cpus.
79310b45af x86/dl-cacheinfo: remove unsused parameter from handle_amd
6529a7466c getaddrinfo: Fix use after free in getcanonname (CVE-2023-4806)
b752934602 CVE-2023-4527: Stack read overflow with large TCP responses in no-aaaa mode
1a7cbe52c8 elf: Move l_init_called_next to old place of l_text_end in link map
bdb594afa5 elf: Remove unused l_text_end field from struct link_map
a7e34a6675 elf: Always call destructors in reverse constructor order (bug 30785)
3d24d1903d elf: Do not run constructors for proxy objects
be26b29262 io: Fix record locking contants for powerpc64 with __USE_FILE_OFFSET64
0d500bfdc0 hurd: Make exception subcode a long
f94ff95e93 x86: Fix incorrect scope of setting `shared_per_thread` [BZ# 30745]
cc8243fb0b x86: Use `3/4*sizeof(per-thread-L3)` as low bound for NT threshold.
80a8c858a5 x86: Fix slight bug in `shared_per_thread` cache size calculation.
1caf955269 x86: Increase `non_temporal_threshold` to roughly `sizeof_L3 / 4`

Dropped 0023-CVE-2023-4527.patch and 0024-CVE-2023-4806.patch files as they are
present in glibc version update.

(From OE-Core rev: 9e7aaefc0d764eaecf35582bb19490cc6262f966)

Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

4 files changed, 4 insertions, 564 deletions

diff --git a/meta/recipes-core/glibc/glibc-version.inc b/meta/recipes-core/glibc/glibc-version.inc
index ff2b2ade9d..7eacfec778 100644
--- a/meta/recipes-core/glibc/glibc-version.inc
+++ b/meta/recipes-core/glibc/glibc-version.inc
@@ -1,6 +1,6 @@
 SRCBRANCH ?= "release/2.37/master"
 PV = "2.37"
-SRCREV_glibc ?= "58f7431fd77c0a6dd8df08d50c51ee3e7f09825f" 
+SRCREV_glibc ?= "b4e23c75aea756b4bddc4abcf27a1c6dca8b6bd3"
 SRCREV_localedef ?= "794da69788cbf9bf57b59a852f9f11307663fa87"
 
 GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git;protocol=https"
diff --git a/meta/recipes-core/glibc/glibc/0023-CVE-2023-4527.patch b/meta/recipes-core/glibc/glibc/0023-CVE-2023-4527.patch
deleted file mode 100644
index 211249211a..0000000000
--- a/meta/recipes-core/glibc/glibc/0023-CVE-2023-4527.patch
+++ /dev/null
@@ -1,219 +0,0 @@
-From 4ea972b7edd7e36610e8cde18bf7a8149d7bac4f Mon Sep 17 00:00:00 2001
-From: Florian Weimer <fweimer@redhat.com>
-Date: Wed, 13 Sep 2023 14:10:56 +0200
-Subject: [PATCH] CVE-2023-4527: Stack read overflow with large TCP responses
- in no-aaaa mode
-
-Without passing alt_dns_packet_buffer, __res_context_search can only
-store 2048 bytes (what fits into dns_packet_buffer).  However,
-the function returns the total packet size, and the subsequent
-DNS parsing code in _nss_dns_gethostbyname4_r reads beyond the end
-of the stack-allocated buffer.
-
-Fixes commit f282cdbe7f436c75864e5640a4 ("resolv: Implement no-aaaa
-stub resolver option") and bug 30842.
-
-(cherry picked from commit bd77dd7e73e3530203be1c52c8a29d08270cb25d)
-
-Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=4ea972b7edd7e36610e8cde18bf7a8149d7bac4f]
-CVE: CVE-2023-4527
-
-Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
-
----
- NEWS                          |   7 ++
- resolv/Makefile               |   2 +
- resolv/nss_dns/dns-host.c     |   2 +-
- resolv/tst-resolv-noaaaa-vc.c | 129 ++++++++++++++++++++++++++++++++++
- 4 files changed, 139 insertions(+), 1 deletion(-)
- create mode 100644 resolv/tst-resolv-noaaaa-vc.c
-
-diff --git a/NEWS b/NEWS
---- a/NEWS
-+++ b/NEWS
-@@ -25,6 +25,7 @@
-   [30101] gmon: fix memory corruption issues
-   [30125] dynamic-link: [regression, bisected] glibc-2.37 creates new
-     symlink for libraries without soname
-+  [30842] Stack read overflow in getaddrinfo in no-aaaa mode (CVE-2023-4527)
-   [30151] gshadow: Matching sgetsgent, sgetsgent_r ERANGE handling
-   [30163] posix: Fix system blocks SIGCHLD erroneously
-   [30305] x86_64: Fix asm constraints in feraiseexcept
-@@ -54,6 +55,12 @@
-   heap and prints it to the target log file, potentially revealing a
-   portion of the contents of the heap.
-
-+  CVE-2023-4527: If the system is configured in no-aaaa mode via
-+  /etc/resolv.conf, getaddrinfo is called for the AF_UNSPEC address
-+  family, and a DNS response is received over TCP that is larger than
-+  2048 bytes, getaddrinfo may potentially disclose stack contents via
-+  the returned address data, or crash.
-+
- The following bugs are resolved with this release:
-
-   [12154] network: Cannot resolve hosts which have wildcard aliases
-diff --git a/resolv/Makefile b/resolv/Makefile
---- a/resolv/Makefile
-+++ b/resolv/Makefile
-@@ -101,6 +101,7 @@
-   tst-resolv-invalid-cname \
-   tst-resolv-network \
-   tst-resolv-noaaaa \
-+  tst-resolv-noaaaa-vc \
-   tst-resolv-nondecimal \
-   tst-resolv-res_init-multi \
-   tst-resolv-search \
-@@ -292,6 +293,7 @@
- $(objpfx)tst-resolv-invalid-cname: $(objpfx)libresolv.so \
-   $(shared-thread-library)
- $(objpfx)tst-resolv-noaaaa: $(objpfx)libresolv.so $(shared-thread-library)
-+$(objpfx)tst-resolv-noaaaa-vc: $(objpfx)libresolv.so $(shared-thread-library)
- $(objpfx)tst-resolv-nondecimal: $(objpfx)libresolv.so $(shared-thread-library)
- $(objpfx)tst-resolv-qtypes: $(objpfx)libresolv.so $(shared-thread-library)
- $(objpfx)tst-resolv-rotate: $(objpfx)libresolv.so $(shared-thread-library)
-diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c
---- a/resolv/nss_dns/dns-host.c
-+++ b/resolv/nss_dns/dns-host.c
-@@ -427,7 +427,7 @@
-     {
-       n = __res_context_search (ctx, name, C_IN, T_A,
-                                dns_packet_buffer, sizeof (dns_packet_buffer),
--                               NULL, NULL, NULL, NULL, NULL);
-+                               &alt_dns_packet_buffer, NULL, NULL, NULL, NULL);
-       if (n >= 0)
-        status = gaih_getanswer_noaaaa (alt_dns_packet_buffer, n,
-                                        &abuf, pat, errnop, herrnop, ttlp);
-diff --git a/resolv/tst-resolv-noaaaa-vc.c b/resolv/tst-resolv-noaaaa-vc.c
-new file mode 100644
---- /dev/null
-+++ b/resolv/tst-resolv-noaaaa-vc.c
-@@ -0,0 +1,129 @@
-+/* Test the RES_NOAAAA resolver option with a large response.
-+   Copyright (C) 2022-2023 Free Software Foundation, Inc.
-+   This file is part of the GNU C Library.
-+
-+   The GNU C Library is free software; you can redistribute it and/or
-+   modify it under the terms of the GNU Lesser General Public
-+   License as published by the Free Software Foundation; either
-+   version 2.1 of the License, or (at your option) any later version.
-+
-+   The GNU C Library is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   Lesser General Public License for more details.
-+
-+   You should have received a copy of the GNU Lesser General Public
-+   License along with the GNU C Library; if not, see
-+   <https://www.gnu.org/licenses/>.  */
-+
-+#include <errno.h>
-+#include <netdb.h>
-+#include <resolv.h>
-+#include <stdbool.h>
-+#include <stdlib.h>
-+#include <support/check.h>
-+#include <support/check_nss.h>
-+#include <support/resolv_test.h>
-+#include <support/support.h>
-+#include <support/xmemstream.h>
-+
-+/* Used to keep track of the number of queries.  */
-+static volatile unsigned int queries;
-+
-+/* If true, add a large TXT record at the start of the answer section.  */
-+static volatile bool stuff_txt;
-+
-+static void
-+response (const struct resolv_response_context *ctx,
-+          struct resolv_response_builder *b,
-+          const char *qname, uint16_t qclass, uint16_t qtype)
-+{
-+  /* If not using TCP, just force its use.  */
-+  if (!ctx->tcp)
-+    {
-+      struct resolv_response_flags flags = {.tc = true};
-+      resolv_response_init (b, flags);
-+      resolv_response_add_question (b, qname, qclass, qtype);
-+      return;
-+    }
-+
-+  /* The test needs to send four queries, the first three are used to
-+     grow the NSS buffer via the ERANGE handshake.  */
-+  ++queries;
-+  TEST_VERIFY (queries <= 4);
-+
-+  /* AAAA queries are supposed to be disabled.  */
-+  TEST_COMPARE (qtype, T_A);
-+  TEST_COMPARE (qclass, C_IN);
-+  TEST_COMPARE_STRING (qname, "example.com");
-+
-+  struct resolv_response_flags flags = {};
-+  resolv_response_init (b, flags);
-+  resolv_response_add_question (b, qname, qclass, qtype);
-+
-+  resolv_response_section (b, ns_s_an);
-+
-+  if (stuff_txt)
-+    {
-+      resolv_response_open_record (b, qname, qclass, T_TXT, 60);
-+      int zero = 0;
-+      for (int i = 0; i <= 15000; ++i)
-+        resolv_response_add_data (b, &zero, sizeof (zero));
-+      resolv_response_close_record (b);
-+    }
-+
-+  for (int i = 0; i < 200; ++i)
-+    {
-+      resolv_response_open_record (b, qname, qclass, qtype, 60);
-+      char ipv4[4] = {192, 0, 2, i + 1};
-+      resolv_response_add_data (b, &ipv4, sizeof (ipv4));
-+      resolv_response_close_record (b);
-+    }
-+}
-+
-+static int
-+do_test (void)
-+{
-+  struct resolv_test *obj = resolv_test_start
-+    ((struct resolv_redirect_config)
-+     {
-+       .response_callback = response
-+     });
-+
-+  _res.options |= RES_NOAAAA;
-+
-+  for (int do_stuff_txt = 0; do_stuff_txt < 2; ++do_stuff_txt)
-+    {
-+      queries = 0;
-+      stuff_txt = do_stuff_txt;
-+
-+      struct addrinfo *ai = NULL;
-+      int ret;
-+      ret = getaddrinfo ("example.com", "80",
-+                         &(struct addrinfo)
-+                         {
-+                           .ai_family = AF_UNSPEC,
-+                           .ai_socktype = SOCK_STREAM,
-+                         }, &ai);
-+
-+      char *expected_result;
-+      {
-+        struct xmemstream mem;
-+        xopen_memstream (&mem);
-+        for (int i = 0; i < 200; ++i)
-+          fprintf (mem.out, "address: STREAM/TCP 192.0.2.%d 80\n", i + 1);
-+        xfclose_memstream (&mem);
-+        expected_result = mem.buffer;
-+      }
-+
-+      check_addrinfo ("example.com", ai, ret, expected_result);
-+
-+      free (expected_result);
-+      freeaddrinfo (ai);
-+    }
-+
-+  resolv_test_end (obj);
-+  return 0;
-+}
-+
-+#include <support/test-driver.c>
diff --git a/meta/recipes-core/glibc/glibc/0024-CVE-2023-4806.patch b/meta/recipes-core/glibc/glibc/0024-CVE-2023-4806.patch
deleted file mode 100644
index 42d91fd340..0000000000
--- a/meta/recipes-core/glibc/glibc/0024-CVE-2023-4806.patch
+++ /dev/null
@@ -1,342 +0,0 @@
-From 973fe93a5675c42798b2161c6f29c01b0e243994 Mon Sep 17 00:00:00 2001
-From: Siddhesh Poyarekar <siddhesh@sourceware.org>
-Date: Fri, 15 Sep 2023 13:51:12 -0400
-Subject: [PATCH] getaddrinfo: Fix use after free in getcanonname
- (CVE-2023-4806)
-
-When an NSS plugin only implements the _gethostbyname2_r and
-_getcanonname_r callbacks, getaddrinfo could use memory that was freed
-during tmpbuf resizing, through h_name in a previous query response.
-
-The backing store for res->at->name when doing a query with
-gethostbyname3_r or gethostbyname2_r is tmpbuf, which is reallocated in
-gethosts during the query.  For AF_INET6 lookup with AI_ALL |
-AI_V4MAPPED, gethosts gets called twice, once for a v6 lookup and second
-for a v4 lookup.  In this case, if the first call reallocates tmpbuf
-enough number of times, resulting in a malloc, th->h_name (that
-res->at->name refers to) ends up on a heap allocated storage in tmpbuf.
-Now if the second call to gethosts also causes the plugin callback to
-return NSS_STATUS_TRYAGAIN, tmpbuf will get freed, resulting in a UAF
-reference in res->at->name.  This then gets dereferenced in the
-getcanonname_r plugin call, resulting in the use after free.
-
-Fix this by copying h_name over and freeing it at the end.  This
-resolves BZ #30843, which is assigned CVE-2023-4806.
-
-Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=973fe93a5675c42798b2161c6f29c01b0e243994]
-CVE: CVE-2023-4806
-
-Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
-
-Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
----
- nss/Makefile                                  | 15 ++++-
- nss/nss_test_gai_hv2_canonname.c              | 56 +++++++++++++++++
- nss/tst-nss-gai-hv2-canonname.c               | 63 +++++++++++++++++++
- nss/tst-nss-gai-hv2-canonname.h               |  1 +
- .../postclean.req                             |  0
- .../tst-nss-gai-hv2-canonname.script          |  2 +
- sysdeps/posix/getaddrinfo.c                   | 25 +++++---
- 7 files changed, 152 insertions(+), 10 deletions(-)
- create mode 100644 nss/nss_test_gai_hv2_canonname.c
- create mode 100644 nss/tst-nss-gai-hv2-canonname.c
- create mode 100644 nss/tst-nss-gai-hv2-canonname.h
- create mode 100644 nss/tst-nss-gai-hv2-canonname.root/postclean.req
- create mode 100644 nss/tst-nss-gai-hv2-canonname.root/tst-nss-gai-hv2-canonname.script
-
-diff --git a/nss/Makefile b/nss/Makefile
-index 06fcdc450f..8a5126ecf3 100644
---- a/nss/Makefile
-+++ b/nss/Makefile
-@@ -82,6 +82,7 @@ tests-container := \
-   tst-nss-test3 \
-   tst-reload1 \
-   tst-reload2 \
-+  tst-nss-gai-hv2-canonname \
- # tests-container
-
- # Tests which need libdl
-@@ -145,7 +146,8 @@ libnss_compat-inhibit-o     = $(filter-out .os,$(object-suffixes))
- ifeq ($(build-static-nss),yes)
- tests-static           += tst-nss-static
- endif
--extra-test-objs                += nss_test1.os nss_test2.os nss_test_errno.os
-+extra-test-objs                += nss_test1.os nss_test2.os nss_test_errno.os \
-+                          nss_test_gai_hv2_canonname.os
-
- include ../Rules
-
-@@ -180,12 +182,16 @@ rtld-tests-LDFLAGS += -Wl,--dynamic-list=nss_test.ver
- libof-nss_test1 = extramodules
- libof-nss_test2 = extramodules
- libof-nss_test_errno = extramodules
-+libof-nss_test_gai_hv2_canonname = extramodules
- $(objpfx)/libnss_test1.so: $(objpfx)nss_test1.os $(link-libc-deps)
-        $(build-module)
- $(objpfx)/libnss_test2.so: $(objpfx)nss_test2.os $(link-libc-deps)
-        $(build-module)
- $(objpfx)/libnss_test_errno.so: $(objpfx)nss_test_errno.os $(link-libc-deps)
-        $(build-module)
-+$(objpfx)/libnss_test_gai_hv2_canonname.so: \
-+  $(objpfx)nss_test_gai_hv2_canonname.os $(link-libc-deps)
-+       $(build-module)
- $(objpfx)nss_test2.os : nss_test1.c
- # Use the nss_files suffix for these objects as well.
- $(objpfx)/libnss_test1.so$(libnss_files.so-version): $(objpfx)/libnss_test1.so
-@@ -195,10 +201,14 @@ $(objpfx)/libnss_test2.so$(libnss_files.so-version): $(objpfx)/libnss_test2.so
- $(objpfx)/libnss_test_errno.so$(libnss_files.so-version): \
-   $(objpfx)/libnss_test_errno.so
-        $(make-link)
-+$(objpfx)/libnss_test_gai_hv2_canonname.so$(libnss_files.so-version): \
-+  $(objpfx)/libnss_test_gai_hv2_canonname.so
-+       $(make-link)
- $(patsubst %,$(objpfx)%.out,$(tests) $(tests-container)) : \
-        $(objpfx)/libnss_test1.so$(libnss_files.so-version) \
-        $(objpfx)/libnss_test2.so$(libnss_files.so-version) \
--       $(objpfx)/libnss_test_errno.so$(libnss_files.so-version)
-+       $(objpfx)/libnss_test_errno.so$(libnss_files.so-version) \
-+       $(objpfx)/libnss_test_gai_hv2_canonname.so$(libnss_files.so-version)
-
- ifeq (yes,$(have-thread-library))
- $(objpfx)tst-cancel-getpwuid_r: $(shared-thread-library)
-@@ -215,3 +225,4 @@ LDFLAGS-tst-nss-test3 = -Wl,--disable-new-dtags
- LDFLAGS-tst-nss-test4 = -Wl,--disable-new-dtags
- LDFLAGS-tst-nss-test5 = -Wl,--disable-new-dtags
- LDFLAGS-tst-nss-test_errno = -Wl,--disable-new-dtags
-+LDFLAGS-tst-nss-test_gai_hv2_canonname = -Wl,--disable-new-dtags
-diff --git a/nss/nss_test_gai_hv2_canonname.c b/nss/nss_test_gai_hv2_canonname.c
-new file mode 100644
-index 0000000000..4439c83c9f
---- /dev/null
-+++ b/nss/nss_test_gai_hv2_canonname.c
-@@ -0,0 +1,56 @@
-+/* NSS service provider that only provides gethostbyname2_r.
-+   Copyright The GNU Toolchain Authors.
-+   This file is part of the GNU C Library.
-+
-+   The GNU C Library is free software; you can redistribute it and/or
-+   modify it under the terms of the GNU Lesser General Public
-+   License as published by the Free Software Foundation; either
-+   version 2.1 of the License, or (at your option) any later version.
-+
-+   The GNU C Library is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   Lesser General Public License for more details.
-+
-+   You should have received a copy of the GNU Lesser General Public
-+   License along with the GNU C Library; if not, see
-+   <https://www.gnu.org/licenses/>.  */
-+
-+#include <nss.h>
-+#include <stdlib.h>
-+#include <string.h>
-+#include "nss/tst-nss-gai-hv2-canonname.h"
-+
-+/* Catch misnamed and functions.  */
-+#pragma GCC diagnostic error "-Wmissing-prototypes"
-+NSS_DECLARE_MODULE_FUNCTIONS (test_gai_hv2_canonname)
-+
-+extern enum nss_status _nss_files_gethostbyname2_r (const char *, int,
-+                                                   struct hostent *, char *,
-+                                                   size_t, int *, int *);
-+
-+enum nss_status
-+_nss_test_gai_hv2_canonname_gethostbyname2_r (const char *name, int af,
-+                                             struct hostent *result,
-+                                             char *buffer, size_t buflen,
-+                                             int *errnop, int *herrnop)
-+{
-+  return _nss_files_gethostbyname2_r (name, af, result, buffer, buflen, errnop,
-+                                     herrnop);
-+}
-+
-+enum nss_status
-+_nss_test_gai_hv2_canonname_getcanonname_r (const char *name, char *buffer,
-+                                           size_t buflen, char **result,
-+                                           int *errnop, int *h_errnop)
-+{
-+  /* We expect QUERYNAME, which is a small enough string that it shouldn't fail
-+     the test.  */
-+  if (memcmp (QUERYNAME, name, sizeof (QUERYNAME))
-+      || buflen < sizeof (QUERYNAME))
-+    abort ();
-+
-+  strncpy (buffer, name, buflen);
-+  *result = buffer;
-+  return NSS_STATUS_SUCCESS;
-+}
-diff --git a/nss/tst-nss-gai-hv2-canonname.c b/nss/tst-nss-gai-hv2-canonname.c
-new file mode 100644
-index 0000000000..d5f10c07d6
---- /dev/null
-+++ b/nss/tst-nss-gai-hv2-canonname.c
-@@ -0,0 +1,63 @@
-+/* Test NSS query path for plugins that only implement gethostbyname2
-+   (#30843).
-+   Copyright The GNU Toolchain Authors.
-+   This file is part of the GNU C Library.
-+
-+   The GNU C Library is free software; you can redistribute it and/or
-+   modify it under the terms of the GNU Lesser General Public
-+   License as published by the Free Software Foundation; either
-+   version 2.1 of the License, or (at your option) any later version.
-+
-+   The GNU C Library is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   Lesser General Public License for more details.
-+
-+   You should have received a copy of the GNU Lesser General Public
-+   License along with the GNU C Library; if not, see
-+   <https://www.gnu.org/licenses/>.  */
-+
-+#include <nss.h>
-+#include <netdb.h>
-+#include <stdlib.h>
-+#include <string.h>
-+#include <support/check.h>
-+#include <support/xstdio.h>
-+#include "nss/tst-nss-gai-hv2-canonname.h"
-+
-+#define PREPARE do_prepare
-+
-+static void do_prepare (int a, char **av)
-+{
-+  FILE *hosts = xfopen ("/etc/hosts", "w");
-+  for (unsigned i = 2; i < 255; i++)
-+    {
-+      fprintf (hosts, "ff01::ff02:ff03:%u:2\ttest.example.com\n", i);
-+      fprintf (hosts, "192.168.0.%u\ttest.example.com\n", i);
-+    }
-+  xfclose (hosts);
-+}
-+
-+static int
-+do_test (void)
-+{
-+  __nss_configure_lookup ("hosts", "test_gai_hv2_canonname");
-+
-+  struct addrinfo hints = {};
-+  struct addrinfo *result = NULL;
-+
-+  hints.ai_family = AF_INET6;
-+  hints.ai_flags = AI_ALL | AI_V4MAPPED | AI_CANONNAME;
-+
-+  int ret = getaddrinfo (QUERYNAME, NULL, &hints, &result);
-+
-+  if (ret != 0)
-+    FAIL_EXIT1 ("getaddrinfo failed: %s\n", gai_strerror (ret));
-+
-+  TEST_COMPARE_STRING (result->ai_canonname, QUERYNAME);
-+
-+  freeaddrinfo(result);
-+  return 0;
-+}
-+
-+#include <support/test-driver.c>
-diff --git a/nss/tst-nss-gai-hv2-canonname.h b/nss/tst-nss-gai-hv2-canonname.h
-new file mode 100644
-index 0000000000..14f2a9cb08
---- /dev/null
-+++ b/nss/tst-nss-gai-hv2-canonname.h
-@@ -0,0 +1 @@
-+#define QUERYNAME "test.example.com"
-diff --git a/nss/tst-nss-gai-hv2-canonname.root/postclean.req b/nss/tst-nss-gai-hv2-canonname.root/postclean.req
-new file mode 100644
-index 0000000000..e69de29bb2
-diff --git a/nss/tst-nss-gai-hv2-canonname.root/tst-nss-gai-hv2-canonname.script b/nss/tst-nss-gai-hv2-canonname.root/tst-nss-gai-hv2-canonname.script
-new file mode 100644
-index 0000000000..31848b4a28
---- /dev/null
-+++ b/nss/tst-nss-gai-hv2-canonname.root/tst-nss-gai-hv2-canonname.script
-@@ -0,0 +1,2 @@
-+cp $B/nss/libnss_test_gai_hv2_canonname.so $L/libnss_test_gai_hv2_canonname.so.2
-+su
-diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c
-index 6ae6744fe4..47f421fddf 100644
---- a/sysdeps/posix/getaddrinfo.c
-+++ b/sysdeps/posix/getaddrinfo.c
-@@ -120,6 +120,7 @@ struct gaih_result
- {
-   struct gaih_addrtuple *at;
-   char *canon;
-+  char *h_name;
-   bool free_at;
-   bool got_ipv6;
- };
-@@ -165,6 +166,7 @@ gaih_result_reset (struct gaih_result *res)
-   if (res->free_at)
-     free (res->at);
-   free (res->canon);
-+  free (res->h_name);
-   memset (res, 0, sizeof (*res));
- }
-
-@@ -203,9 +205,8 @@ gaih_inet_serv (const char *servicename, const struct gaih_typeproto *tp,
-   return 0;
- }
-
--/* Convert struct hostent to a list of struct gaih_addrtuple objects.  h_name
--   is not copied, and the struct hostent object must not be deallocated
--   prematurely.  The new addresses are appended to the tuple array in RES.  */
-+/* Convert struct hostent to a list of struct gaih_addrtuple objects.  The new
-+   addresses are appended to the tuple array in RES.  */
- static bool
- convert_hostent_to_gaih_addrtuple (const struct addrinfo *req, int family,
-                                   struct hostent *h, struct gaih_result *res)
-@@ -238,6 +239,15 @@ convert_hostent_to_gaih_addrtuple (const struct addrinfo *req, int family,
-   res->at = array;
-   res->free_at = true;
-
-+  /* Duplicate h_name because it may get reclaimed when the underlying storage
-+     is freed.  */
-+  if (res->h_name == NULL)
-+    {
-+      res->h_name = __strdup (h->h_name);
-+      if (res->h_name == NULL)
-+       return false;
-+    }
-+
-   /* Update the next pointers on reallocation.  */
-   for (size_t i = 0; i < old; i++)
-     array[i].next = array + i + 1;
-@@ -262,7 +272,6 @@ convert_hostent_to_gaih_addrtuple (const struct addrinfo *req, int family,
-        }
-       array[i].next = array + i + 1;
-     }
--  array[0].name = h->h_name;
-   array[count - 1].next = NULL;
-
-   return true;
-@@ -324,15 +333,15 @@ gethosts (nss_gethostbyname3_r fct, int family, const char *name,
-    memory allocation failure.  The returned string is allocated on the
-    heap; the caller has to free it.  */
- static char *
--getcanonname (nss_action_list nip, struct gaih_addrtuple *at, const char *name)
-+getcanonname (nss_action_list nip, const char *hname, const char *name)
- {
-   nss_getcanonname_r *cfct = __nss_lookup_function (nip, "getcanonname_r");
-   char *s = (char *) name;
-   if (cfct != NULL)
-     {
-       char buf[256];
--      if (DL_CALL_FCT (cfct, (at->name ?: name, buf, sizeof (buf),
--                             &s, &errno, &h_errno)) != NSS_STATUS_SUCCESS)
-+      if (DL_CALL_FCT (cfct, (hname ?: name, buf, sizeof (buf), &s, &errno,
-+                             &h_errno)) != NSS_STATUS_SUCCESS)
-        /* If the canonical name cannot be determined, use the passed
-           string.  */
-        s = (char *) name;
-@@ -771,7 +780,7 @@ get_nss_addresses (const char *name, const struct addrinfo *req,
-                  if ((req->ai_flags & AI_CANONNAME) != 0
-                      && res->canon == NULL)
-                    {
--                     char *canonbuf = getcanonname (nip, res->at, name);
-+                     char *canonbuf = getcanonname (nip, res->h_name, name);
-                      if (canonbuf == NULL)
-                        {
-                          __resolv_context_put (res_ctx);
---
-2.39.3
-
diff --git a/meta/recipes-core/glibc/glibc_2.37.bb b/meta/recipes-core/glibc/glibc_2.37.bb
index bce566acd4..e807f6974d 100644
--- a/meta/recipes-core/glibc/glibc_2.37.bb
+++ b/meta/recipes-core/glibc/glibc_2.37.bb
@@ -17,6 +17,9 @@ CVE_CHECK_IGNORE += "CVE-2019-1010025"
 # This is integrated into the 2.37 branch as of 07b9521fc6
 CVE_CHECK_IGNORE += "CVE-2023-25139"
 
+# This is integrated into the 2.37 branch as of b4e23c75ae
++CVE_CHECK_IGNORE += "CVE-2023-4806 CVE-2023-4527 CVE-2023-4911"
+
 DEPENDS += "gperf-native bison-native"
 
 NATIVESDKFIXES ?= ""
@@ -49,8 +52,6 @@ SRC_URI =  "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
            file://0020-tzselect.ksh-Use-bin-sh-default-shell-interpreter.patch \
            file://0021-fix-create-thread-failed-in-unprivileged-process-BZ-.patch \
            file://0022-Avoid-hardcoded-build-time-paths-in-the-output-binar.patch \
-           file://0023-CVE-2023-4527.patch \
-           file://0024-CVE-2023-4806.patch \
 "
 S = "${WORKDIR}/git"
 B = "${WORKDIR}/build-${TARGET_SYS}"