diff --git a/SOURCES/glibc-rh1032435.patch b/SOURCES/glibc-rh1032435.patch
index 694bec2..ed5cc92 100644
--- a/SOURCES/glibc-rh1032435.patch
+++ b/SOURCES/glibc-rh1032435.patch
@@ -17,30 +17,11 @@ Date: Wed Oct 30 16:13:37 2013 +0530
wrap around fgets that calls it multiple times with int sizes if
necessary.
-(The previous commit fixes upstream bug 16071.)
-
-commit ac60763eac3d43b7234dd21286ad3ec3f17957fc
-Author: Andreas Schwab <schwab@suse.de>
-Date: Mon Jun 23 10:24:45 2014 +0200
-
- Don't ignore too long lines in nss_files (BZ #17079)
-
-commit e07aabba73ea62e7dfa0512507c92efb851fbdbe
-Author: Florian Weimer <fweimer@redhat.com>
-Date: Tue Sep 22 13:20:18 2015 +0200
-
- Add test case for bug 18287
-
-commit 90fa42a1d7b78de0d75f7e3af362275b2abe807f
-Author: Florian Weimer <fweimer@redhat.com>
-Date: Tue Sep 22 13:40:17 2015 +0200
-
- Test in commit e07aabba73ea62e7dfa0512507c92efb851fbdbe is for bug 17079
-
-diff -u b/nss/nss_files/files-XXX.c b/nss/nss_files/files-XXX.c
---- b/nss/nss_files/files-XXX.c
-+++ b/nss/nss_files/files-XXX.c
-@@ -179,8 +179,53 @@
+diff --git glibc-2.17-c758a686/nss/nss_files/files-XXX.c glibc-2.17-c758a686/nss/nss_files/files-XXX.c
+index 082d1ea..b62208c 100644
+--- glibc-2.17-c758a686/nss/nss_files/files-XXX.c
++++ glibc-2.17-c758a686/nss/nss_files/files-XXX.c
+@@ -179,8 +179,51 @@ CONCAT(_nss_files_end,ENTNAME) (void)
return NSS_STATUS_SUCCESS;
}
�
@@ -64,12 +45,10 @@ diff -u b/nss/nss_files/files-XXX.c b/nss/nss_files/files-XXX.c
+ {
+ int curlen = ((remaining_len > (size_t) INT_MAX) ? INT_MAX
+ : remaining_len);
++ char *p = fgets_unlocked (curbuf, curlen, stream);
+
-+ /* Terminate the line so that we can test for overflow. */
+ ((unsigned char *) curbuf)[curlen - 1] = 0xff;
+
-+ char *p = fgets_unlocked (curbuf, curlen, stream);
-+
+ /* EOF or read error. */
+ if (p == NULL)
+ return gcr_error;
@@ -95,7 +74,7 @@ diff -u b/nss/nss_files/files-XXX.c b/nss/nss_files/files-XXX.c
static enum nss_status
internal_getent (struct STRUCTURE *result,
char *buffer, size_t buflen, int *errnop H_ERRNO_PROTO
-@@ -188,7 +233,7 @@
+@@ -188,7 +231,7 @@ internal_getent (struct STRUCTURE *result,
{
char *p;
struct parser_data *data = (void *) buffer;
@@ -104,7 +83,7 @@ diff -u b/nss/nss_files/files-XXX.c b/nss/nss_files/files-XXX.c
int parse_result;
if (buflen < sizeof *data + 2)
-@@ -200,17 +245,16 @@
+@@ -200,17 +243,16 @@ internal_getent (struct STRUCTURE *result,
do
{
@@ -126,7 +105,7 @@ diff -u b/nss/nss_files/files-XXX.c b/nss/nss_files/files-XXX.c
{
/* The line is too long. Give the user the opportunity to
enlarge the buffer. */
-@@ -219,7 +263,8 @@
+@@ -219,7 +261,8 @@ internal_getent (struct STRUCTURE *result,
return NSS_STATUS_TRYAGAIN;
}
@@ -136,255 +115,3 @@ diff -u b/nss/nss_files/files-XXX.c b/nss/nss_files/files-XXX.c
while (isspace (*p))
++p;
}
-
-diff a/nss/bug17079.c b/nss/bug17079.c
---- /dev/null
-+++ b/nss/bug17079.c
-@@ -0,0 +1,236 @@
-+/* Test for bug 17079: heap overflow in NSS with small buffers.
-+ Copyright (C) 2015 Free Software Foundation, Inc.
-+ This file is part of the GNU C Library.
-+
-+ The GNU C Library is free software; you can redistribute it and/or
-+ modify it under the terms of the GNU Lesser General Public
-+ License as published by the Free Software Foundation; either
-+ version 2.1 of the License, or (at your option) any later version.
-+
-+ The GNU C Library is distributed in the hope that it will be useful,
-+ but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-+ Lesser General Public License for more details.
-+
-+ You should have received a copy of the GNU Lesser General Public
-+ License along with the GNU C Library; if not, see
-+ <http://www.gnu.org/licenses/>. */
-+
-+#include <errno.h>
-+#include <pwd.h>
-+#include <stdbool.h>
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <string.h>
-+
-+/* Check if two passwd structs contain the same data. */
-+static bool
-+equal (const struct passwd *a, const struct passwd *b)
-+{
-+ return strcmp (a->pw_name, b->pw_name) == 0
-+ && strcmp (a->pw_passwd, b->pw_passwd) == 0
-+ && a->pw_uid == b->pw_uid
-+ && a->pw_gid == b->pw_gid
-+ && strcmp (a->pw_gecos, b->pw_gecos) == 0
-+ && strcmp (a->pw_dir, b->pw_dir) == 0
-+ && strcmp (a->pw_shell, b->pw_shell) == 0;
-+}
-+
-+enum { MAX_TEST_ITEMS = 10 };
-+static struct passwd test_items[MAX_TEST_ITEMS];
-+static int test_count;
-+
-+/* Initialize test_items and test_count above, with data from the
-+ passwd database. */
-+static bool
-+init_test_items (void)
-+{
-+ setpwent ();
-+ do
-+ {
-+ struct passwd *pwd = getpwent ();
-+ if (pwd == NULL)
-+ break;
-+ struct passwd *target = test_items + test_count;
-+ target->pw_name = strdup (pwd->pw_name);
-+ target->pw_passwd = strdup (pwd->pw_passwd);
-+ target->pw_uid = pwd->pw_uid;
-+ target->pw_gid = pwd->pw_gid;
-+ target->pw_gecos = strdup (pwd->pw_gecos);
-+ target->pw_dir = strdup (pwd->pw_dir);
-+ target->pw_shell = strdup (pwd->pw_shell);
-+ }
-+ while (++test_count < MAX_TEST_ITEMS);
-+ endpwent ();
-+
-+ /* Filter out those test items which cannot be looked up by name or
-+ UID. */
-+ bool found = false;
-+ for (int i = 0; i < test_count; ++i)
-+ {
-+ struct passwd *pwd1 = getpwnam (test_items[i].pw_name);
-+ struct passwd *pwd2 = getpwuid (test_items[i].pw_uid);
-+ if (pwd1 == NULL || !equal (pwd1, test_items + i)
-+ || pwd2 == NULL || !equal (pwd2, test_items + i))
-+ test_items[i].pw_name = NULL;
-+ else
-+ found = true;
-+ }
-+
-+ if (!found)
-+ puts ("error: no accounts found which can be looked up by name and UID.");
-+ return found;
-+}
-+
-+/* Set to true if an error is encountered. */
-+static bool errors;
-+
-+/* Return true if the padding has not been tampered with. */
-+static bool
-+check_padding (char *buffer, size_t size, char pad)
-+{
-+ char *end = buffer + size;
-+ while (buffer < end)
-+ {
-+ if (*buffer != pad)
-+ return false;
-+ ++buffer;
-+ }
-+ return true;
-+}
-+
-+/* Test one buffer size and padding combination. */
-+static void
-+test_one (const struct passwd *item, size_t buffer_size,
-+ char pad, size_t padding_size)
-+{
-+ char *buffer = malloc (buffer_size + padding_size);
-+ if (buffer == NULL)
-+ {
-+ puts ("error: malloc failure");
-+ errors = true;
-+ return;
-+ }
-+
-+ struct passwd pwd;
-+ struct passwd *result;
-+ int ret;
-+
-+ /* Test getpwname_r. */
-+ memset (buffer, pad, buffer_size + padding_size);
-+ pwd = (struct passwd) {};
-+ ret = getpwnam_r (item->pw_name, &pwd, buffer, buffer_size, &result);
-+ if (!check_padding (buffer + buffer_size, padding_size, pad))
-+ {
-+ printf ("error: padding change: "
-+ "name \"%s\", buffer size %zu, padding size %zu, pad 0x%02x\n",
-+ item->pw_name, buffer_size, padding_size, (unsigned char) pad);
-+ errors = true;
-+ }
-+ if (ret == 0)
-+ {
-+ if (result == NULL)
-+ {
-+ printf ("error: no data: name \"%s\", buffer size %zu\n",
-+ item->pw_name, buffer_size);
-+ errors = true;
-+ }
-+ else if (!equal (item, result))
-+ {
-+ printf ("error: lookup mismatch: name \"%s\", buffer size %zu\n",
-+ item->pw_name, buffer_size);
-+ errors = true;
-+ }
-+ }
-+ else if (ret != ERANGE)
-+ {
-+ errno = ret;
-+ printf ("error: lookup failure for name \"%s\": %m (%d)\n",
-+ item->pw_name, ret);
-+ errors = true;
-+ }
-+
-+ /* Test getpwuid_r. */
-+ memset (buffer, pad, buffer_size + padding_size);
-+ pwd = (struct passwd) {};
-+ ret = getpwuid_r (item->pw_uid, &pwd, buffer, buffer_size, &result);
-+ if (!check_padding (buffer + buffer_size, padding_size, pad))
-+ {
-+ printf ("error: padding change: "
-+ "UID %ld, buffer size %zu, padding size %zu, pad 0x%02x\n",
-+ (long) item->pw_uid, buffer_size, padding_size,
-+ (unsigned char) pad);
-+ errors = true;
-+ }
-+ if (ret == 0)
-+ {
-+ if (result == NULL)
-+ {
-+ printf ("error: no data: UID %ld, buffer size %zu\n",
-+ (long) item->pw_uid, buffer_size);
-+ errors = true;
-+ }
-+ else if (!equal (item, result))
-+ {
-+ printf ("error: lookup mismatch: UID %ld, buffer size %zu\n",
-+ (long) item->pw_uid, buffer_size);
-+ errors = true;
-+ }
-+ }
-+ else if (ret != ERANGE)
-+ {
-+ errno = ret;
-+ printf ("error: lookup failure for UID \"%ld\": %m (%d)\n",
-+ (long) item->pw_uid, ret);
-+ errors = true;
-+ }
-+
-+ free (buffer);
-+}
-+
-+/* Test one buffer size with different paddings. */
-+static void
-+test_buffer_size (size_t buffer_size)
-+{
-+ for (int i = 0; i < test_count; ++i)
-+ for (size_t padding_size = 0; padding_size < 3; ++padding_size)
-+ {
-+ test_one (test_items + i, buffer_size, '\0', padding_size);
-+ if (padding_size > 0)
-+ {
-+ test_one (test_items + i, buffer_size, ':', padding_size);
-+ test_one (test_items + i, buffer_size, '\n', padding_size);
-+ test_one (test_items + i, buffer_size, '\xff', padding_size);
-+ test_one (test_items + i, buffer_size, '@', padding_size);
-+ }
-+ }
-+}
-+
-+int
-+do_test (void)
-+{
-+ if (!init_test_items ())
-+ return 1;
-+ printf ("info: %d test items\n", test_count);
-+
-+ for (size_t buffer_size = 0; buffer_size <= 65; ++buffer_size)
-+ test_buffer_size (buffer_size);
-+ for (size_t buffer_size = 64 + 4; buffer_size < 256; buffer_size += 4)
-+ test_buffer_size (buffer_size);
-+ test_buffer_size (255);
-+ test_buffer_size (257);
-+ for (size_t buffer_size = 256; buffer_size < 512; buffer_size += 8)
-+ test_buffer_size (buffer_size);
-+ test_buffer_size (511);
-+ test_buffer_size (513);
-+ test_buffer_size (1024);
-+ test_buffer_size (2048);
-+
-+ if (errors)
-+ return 1;
-+ else
-+ return 0;
-+}
-+
-+#define TEST_FUNCTION do_test ()
-+#include "../test-skeleton.c"
-diff a/nss/Makefile b/nss/Makefile
---- a/nss/Makefile
-+++ b/nss/Makefile
-@@ -39,6 +39,6 @@
- extra-objs += $(makedb-modules:=.o)
-
--tests = test-netdb tst-nss-test1
-+tests = test-netdb tst-nss-test1 bug17079
- xtests = bug-erange
-
- include ../Makeconfig
diff --git a/SOURCES/glibc-rh1165192.patch b/SOURCES/glibc-rh1165192.patch
index 488ac49..41e2591 100644
--- a/SOURCES/glibc-rh1165192.patch
+++ b/SOURCES/glibc-rh1165192.patch
@@ -16,8 +16,8 @@ diff -up glibc-2.17-c758a686/nss/Makefile.rh1165192 glibc-2.17-c758a686/nss/Make
makedb-modules = xmalloc hash-string
extra-objs += $(makedb-modules:=.o)
--tests = test-netdb tst-nss-test1 bug17079
-+tests = test-netdb tst-nss-test1 bug17079 tst-nss-getpwent
+-tests = test-netdb tst-nss-test1
++tests = test-netdb tst-nss-test1 tst-nss-getpwent
xtests = bug-erange
include ../Makeconfig
diff --git a/SOURCES/glibc-rh1183545.patch b/SOURCES/glibc-rh1183545.patch
index a9ec106..dbd87ab 100644
--- a/SOURCES/glibc-rh1183545.patch
+++ b/SOURCES/glibc-rh1183545.patch
@@ -12,8 +12,8 @@ index 449a258..553eafa 100644
makedb-modules = xmalloc hash-string
extra-objs += $(makedb-modules:=.o)
--tests = test-netdb tst-nss-test1 bug17079 tst-nss-getpwent
-+tests = test-netdb tst-nss-test1 bug17079 tst-nss-getpwent \
+-tests = test-netdb tst-nss-test1 tst-nss-getpwent
++tests = test-netdb tst-nss-test1 tst-nss-getpwent \
+ test-digits-dots
xtests = bug-erange
diff --git a/SPECS/glibc.spec b/SPECS/glibc.spec
index 4aed418..1aa0682 100644
--- a/SPECS/glibc.spec
+++ b/SPECS/glibc.spec
@@ -1,6 +1,6 @@
%define glibcsrcdir glibc-2.17-c758a686
%define glibcversion 2.17
-%define glibcrelease 106%{?dist}.1
+%define glibcrelease 105%{?dist}
##############################################################################
# If run_glibc_tests is zero then tests are not run for the build.
# You must always set run_glibc_tests to one for production builds.
@@ -2360,12 +2360,6 @@ rm -f *.filelist*
%endif
%changelog
-* Wed Oct 28 2015 Florian Weimer <fweimer@redhat.com> - 2.17-106.1
-- Rebuild with corrected release.
-
-* Wed Oct 28 2015 Florian Weimer <fweimer@redhat.com> - 2.17-106
-- Add fix for CVE-2015-5277 (#1275920).
-
* Fri Aug 14 2015 Siddhesh Poyarekar <siddhesh@redhat.com> - 2.17-105
- Fix up test case for initial-exec fix (#1248208).