Change log for eglibc package in Ubuntu
1 → 75 of 225 results | First • Previous • Next • Last |
eglibc (2.15-0ubuntu10.23) precise-security; urgency=medium * Removing locale/locales-all from debian/control since in Precise it uses langpack-locales and no binary is created in eglibc for locales -- <email address hidden> (Leonidas S. Barbosa) Thu, 05 Mar 2020 13:38:43 -0300
Available diffs
eglibc (2.19-0ubuntu6.15) trusty-security; urgency=medium * Fix NSS loading for static binaries (LP: #1821752) - debian/patches/any/local-static-dlopen-search-path.diff: fix static dlopen default library search path in elf/dl-support.c. -- Marc Deslauriers <email address hidden> Tue, 26 Mar 2019 09:53:00 -0400
Available diffs
eglibc (2.19-0ubuntu6.14) trusty-security; urgency=medium * SECURITY UPDATE: Memory leak in dynamic loader (ld.so) - debian/patches/any/cvs-compute-correct-array-size-in-_dl_init_paths.diff: Compute correct array size in _dl_init_paths - CVE-2017-1000408 * SECURITY UPDATE: Buffer overflow in dynamic loader (ld.so) - debian/patches/any/cvs-count-components-of-expanded-path-in-_dl_init_paths.diff: Count components of the expanded path in _dl_init_path - CVE-2017-1000409 * SECURITY UPDATE: One-byte overflow in glob - debian/patches/any/cvs-fix-one-byte-glob-overflow.diff: Fix one-byte overflow in glob - CVE-2017-15670 * SECURITY UPDATE: Buffer overflow in glob - debian/patches/any/cvs-fix-glob-buffer-overflow.diff: Fix buffer overflow during GLOB_TILDE unescaping - CVE-2017-15804 * SECURITY UPDATE: Local privilege escalation via mishandled RPATH / RUNPATH - debian/patches/any/cvs-elf-check-for-empty-tokens.diff: elf: Check for empty tokens before dynamic string token expansion - CVE-2017-16997 * SECURITY UPDATE: Buffer underflow in realpath() - debian/patches/any/cvs-make-getcwd-fail-if-path-is-no-absolute.diff: Make getcwd(3) fail if it cannot obtain an absolute path - CVE-2018-1000001 -- Chris Coulson <email address hidden> Mon, 15 Jan 2018 09:37:19 +0000
Available diffs
- diff from 2.19-0ubuntu6.13 (in ~ubuntu-security/ubuntu/ubuntu-security-staging-private) to 2.19-0ubuntu6.14 (6.8 KiB)
- diff from 2.19-0ubuntu6.13 (in ~ubuntu-security/ubuntu/ppa) to 2.19-0ubuntu6.14 (6.1 KiB)
- diff from 2.19-0ubuntu6.11~test.1 to 2.19-0ubuntu6.14 (pending)
eglibc (2.19-0ubuntu6.13) trusty-security; urgency=medium * SECURITY UPDATE: LD_LIBRARY_PATH stack corruption - debian/patches/any/CVE-2017-1000366.patch: Completely ignore LD_LIBRARY_PATH for AT_SECURE=1 programs - CVE-2017-1000366 * SECURITY UPDATE: LD_PRELOAD stack corruption - debian/patches/any/upstream-harden-rtld-Reject-overly-long-LD_PRELOAD.patch: Reject overly long names or names containing directories in LD_PRELOAD for AT_SECURE=1 programs. * debian/patches/any/cvs-harden-glibc-malloc-metadata.patch: add additional consistency check for 1-byte overflows * debian/patches/any/cvs-harden-ignore-LD_HWCAP_MASK.patch: ignore LD_HWCAP_MASK for AT_SECURE=1 programs -- Steve Beattie <email address hidden> Fri, 16 Jun 2017 12:06:00 -0700
Available diffs
eglibc (2.15-0ubuntu10.18) precise-security; urgency=medium * REGRESSION UPDATE: IPv6 addresses not being returned from a dual-stack ipv4-ipv6 host query. - Revert patches/any/CVE-2016-3706.diff (LP: #1674776) -- Steve Beattie <email address hidden> Thu, 23 Mar 2017 11:38:25 -0700
Available diffs
eglibc (2.15-0ubuntu10.17) precise-security; urgency=medium * REGRESSION UPDATE: Previous update introduce ABI breakage in internal glibc query ABI - Back out patches/any/CVE-2015-5180-regression.diff (LP: #1674532) -- Steve Beattie <email address hidden> Tue, 21 Mar 2017 08:49:32 -0700
Available diffs
eglibc (2.19-0ubuntu6.11) trusty-security; urgency=medium * REGRESSION UPDATE: Previous update introduced ABI breakage in internal glibc query ABI - Back out patches/any/CVE-2015-5180-regression.diff (LP: #1674532) -- Steve Beattie <email address hidden> Tue, 21 Mar 2017 03:28:13 -0700
Available diffs
eglibc (2.19-0ubuntu6.10) trusty-security; urgency=medium * SECURITY UPDATE: multiple overflows in strxfrm() - patches/any/CVE-2015-8982.diff: Fix memory handling in strxfrm_l - CVE-2015-8982 * SECURITY UPDATE: _IO_wstr_overflow integer overflow - patches/any/CVE-2015-8983.diff: Add checks for integer overflow - CVE-2015-8983 * SECURITY UPDATE: buffer overflow (read past end of buffer) in internal_fnmatch - patches/any/CVE-2015-8984.diff: Remove extra increment when skipping over collating symbol inside a bracket expression. - CVE-2015-8984 * SECURITY UPDATE: DNS resolver NULL pointer dereference with crafted record type - patches/any/CVE-2015-5180.diff: Use out of band signaling for internal queries - CVE-2015-5180 * SECURITY UPDATE: stack-based buffer overflow in the glob implementation - patches/any/CVE-2016-1234.diff: Simplify the interface for the GLOB_ALTDIRFUNC callback gl_readdir - CVE-2016-1234 * SECURITY UPDATE: getaddrinfo: stack overflow in hostent conversion - patches/any/CVE-2016-3706.diff: Use a heap allocation instead - CVE-2016-3706: * SECURITY UPDATE: stack exhaustion in clntudp_call - patches/any/CVE-2016-4429.diff: Use malloc/free for the error payload. - CVE-2016-4429 * SECURITY UPDATE: ARM32 backtrace infinite loop (DoS) - patches/any/CVE-2016-6323.diff: mark __startcontext as .cantunwind - CVE-2016-6323 * debian/testsuite-checking/expected-results-aarch64-linux-gnu-libc, debian/testsuite-checking/expected-results-arm-linux-gnueabihf-libc: Allow nptl/tst-signal6 to fail on ARM, ARM64 -- Steve Beattie <email address hidden> Mon, 06 Mar 2017 16:49:25 -0800
Available diffs
eglibc (2.15-0ubuntu10.16) precise-security; urgency=medium * SECURITY UPDATE: multiple overflows in strxfrm() - patches/any/CVE-2015-8982.diff: Fix memory handling in strxfrm_l - CVE-2015-8982 * SECURITY UPDATE: _IO_wstr_overflow integer overflow - patches/any/CVE-2015-8983.diff: Add checks for integer overflow - CVE-2015-8983 * SECURITY UPDATE: buffer overflow (read past end of buffer) in internal_fnmatch - patches/any/CVE-2015-8984.diff: Remove extra increment when skipping over collating symbol inside a bracket expression. - CVE-2015-8984 * SECURITY UPDATE: DNS resolver NULL pointer dereference with crafted record type - patches/any/CVE-2015-5180.diff: Use out of band signaling for internal queries - CVE-2015-5180 * SECURITY UPDATE: stack-based buffer overflow in the glob implementation - patches/any/CVE-2016-1234.diff: Simplify the interface for the GLOB_ALTDIRFUNC callback gl_readdir - CVE-2016-1234 * SECURITY UPDATE: getaddrinfo: stack overflow in hostent conversion - patches/any/CVE-2016-3706.diff: Use a heap allocation instead - CVE-2016-3706: * SECURITY UPDATE: stack exhaustion in clntudp_call - patches/any/CVE-2016-4429.diff: Use malloc/free for the error payload. - CVE-2016-4429 * SECURITY UPDATE: ARM32 backtrace infinite loop (DoS) - patches/any/CVE-2016-6323.diff: mark __startcontext as .cantunwind - CVE-2016-6323 -- Steve Beattie <email address hidden> Mon, 06 Mar 2017 09:37:30 -0800
Available diffs
eglibc (2.15-0ubuntu10.15) precise-security; urgency=medium * REGRESSION UPDATE: revert CVE-2014-9761 fix due to added symbol dependency from libm to libc (LP: #1585614) - debian/patches/any/CVE-2014-9761-2.diff: keep exporting __strto*_nan symbols added to libc. -- Steve Beattie <email address hidden> Thu, 26 May 2016 00:08:17 -0700
Available diffs
eglibc (2.19-0ubuntu6.9) trusty-security; urgency=medium * REGRESSION UPDATE: revert CVE-2014-9761 fix due to added symbol dependency from libm to libc (LP: #1585614) - debian/patches/any/CVE-2014-9761-2.diff: keep exporting __strto*_nan symbols added to libc. -- Steve Beattie <email address hidden> Thu, 26 May 2016 01:04:18 -0700
Available diffs
Deleted in trusty-security (Reason: Reverting update; see https://bugs.launchpad.net/ubuntu/+...) |
Deleted in trusty-updates (Reason: Reverting update; see https://bugs.launchpad.net/ubuntu/+...) |
Deleted in trusty-proposed (Reason: moved to -updates) |
eglibc (2.19-0ubuntu6.8) trusty-security; urgency=medium * SECURITY UPDATE: buffer overflow in gethostbyname_r and related functions - debian/patches/any/CVE-2015-1781.diff: take alignment padding into account when computing if buffer is too small. - CVE-2015-1781 * SECURITY UPDATE: glibc Name Service Switch (NSS) denial of sevice - debian/patches/any/CVE-2014-8121-1.diff: do not close NSS files database during iteration. - debian/patches/any/CVE-2014-8121-2.diff: Separate internal state between getXXent and getXXbyYY NSS calls. - CVE-2014-8121 * SECURITY UPDATE: glibc unbounded stack usage in NaN strtod conversion - debian/patches/any/CVE-2014-9761-1.diff: Refactor strtod parsing of NaN payloads. - debian/patches/any/CVE-2014-9761-1.diff: Fix nan functions handling of payload strings - CVE-2014-9761 * SECURITY UPDATE: NSS files long line buffer overflow - debian/patches/any/CVE-2015-5277.diff: Don't ignore too long lines in nss_files - CVE-2015-5277 * SECURITY UPDATE: out of range data to strftime() causes segfault (denial of service) - debian/patches/any/CVE-2015-8776.diff: add range checks to strftime() processing - CVE-2015-8776 * SECURITY UPDATE: glibc honors LD_POINTER_GUARD env for setuid AT_SECURE programs (e.g. setuid), allowing disabling of pointer mangling - debian/patches/any/CVE-2015-8777.diff: Always enable pointer guard - CVE-2015-8777 * SECURITY UPDATE: integer overflow in hcreate and hcreate_r - debian/patches/any/CVE-2015-8778.diff: check for large inputs - CVE-2015-8778 * SECURITY UPDATE: unbounded stack allocation in catopen() - debian/patches/any/CVE-2015-8779.diff: stop using unbounded alloca() - CVE-2015-8779 * SECURITY UPDATE: Stack overflow in _nss_dns_getnetbyname_r - debian/patches/any/CVE-2016-3075.diff: do not make unneeded memory copy on the stack. - CVE-2016-3075 * SECURITY UPDATE: pt_chown privilege escalation - debian/patches/any/CVE-2016-2856.diff: grantpt: trust the kernel about pty group and permission mode - debian/sysdeps/linux.mk: don't build pt_chown - debian/rules.d/debhelper.mk: only install pt_chown when built. - CVE-2016-2856, CVE-2013-2207 * debian/debhelper.in/libc.postinst: add reboot notifications for security updates (LP: #1546457) * debian/patches/ubuntu/submitted-no-stack-backtrace.diff: update patch to eliminate compiler warning. -- Steve Beattie <email address hidden> Fri, 08 Apr 2016 23:26:02 -0700
Available diffs
Deleted in precise-security (Reason: Reverting update; see https://bugs.launchpad.net/ubuntu/+...) |
Deleted in precise-updates (Reason: Reverting update; see https://bugs.launchpad.net/ubuntu/+...) |
Deleted in precise-proposed (Reason: moved to -updates) |
eglibc (2.15-0ubuntu10.14) precise-security; urgency=medium * SECURITY UPDATE: buffer overflow in gethostbyname_r and related functions - debian/patches/any/CVE-2015-1781.diff: take alignment padding into account when computing if buffer is too small. - CVE-2015-1781 * SECURITY UPDATE: glibc Name Service Switch (NSS) denial of sevice - debian/patches/any/CVE-2014-8121-1.diff: do not close NSS files database during iteration. - debian/patches/any/CVE-2014-8121-2.diff: Separate internal state between getXXent and getXXbyYY NSS calls. - CVE-2014-8121 * SECURITY UPDATE: glibc unbounded stack usage in NaN strtod conversion - debian/patches/any/CVE-2014-9761-1.diff: Refactor strtod parsing of NaN payloads. - debian/patches/any/CVE-2014-9761-1.diff: Fix nan functions handling of payload strings - CVE-2014-9761 * SECURITY UPDATE: out of range data to strftime() causes segfault (denial of service) - debian/patches/any/CVE-2015-8776.diff: add range checks to strftime() processing - CVE-2015-8776 * SECURITY UPDATE: glibc honors LD_POINTER_GUARD env for setuid AT_SECURE programs (e.g. setuid), allowing disabling of pointer mangling - debian/patches/any/CVE-2015-8777.diff: Always enable pointer guard - CVE-2015-8777 * SECURITY UPDATE: integer overflow in hcreate and hcreate_r - debian/patches/any/CVE-2015-8778.diff: check for large inputs - CVE-2015-8778 * SECURITY UPDATE: unbounded stack allocation in catopen() - debian/patches/any/CVE-2015-8779.diff: stop using unbounded alloca() - CVE-2015-8779 * SECURITY UPDATE: Stack overflow in _nss_dns_getnetbyname_r - debian/patches/any/CVE-2016-3075.diff: do not make unneeded memory copy on the stack. - CVE-2016-3075 * SECURITY UPDATE: pt_chown privilege escalation - debian/patches/any/CVE-2016-2856-pre.diff: add option to enable/disable pt_chown. - debian/patches/any/CVE-2016-2856.diff: grantpt: trust the kernel about pty group and permission mode - debian/debhelper.in/libc-bin.install: drop installation of pt_chown - CVE-2016-2856, CVE-2013-2207 * debian/debhelper.in/libc.postinst: add reboot notifications for security updates (LP: #1546457) -- Steve Beattie <email address hidden> Fri, 08 Apr 2016 23:59:46 -0700
Available diffs
Superseded in precise-security |
Superseded in precise-updates |
Superseded in precise-updates |
Superseded in precise-security |
eglibc (2.15-0ubuntu10.13) precise-security; urgency=medium * SECURITY UPDATE: glibc getaddrinfo stack-based buffer overflow - debian/patches/any/CVE-2015-7547-pre1.diff: fix memory leak in resolv/nss_dns/dns-host.c. - debian/patches/any/CVE-2015-7547-pre2.diff: fix memory leak in include/resolv.h, resolv/gethnamaddr.c, resolv/nss_dns/dns-canon.c, resolv/nss_dns/dns-host.c, resolv/nss_dns/dns-network.c, resolv/res_query.c, resolv/res_send.c. - debian/patches/any/CVE-2015-7547.diff: fix buffer handling in resolv/nss_dns/dns-host.c, resolv/res_query.c, resolv/res_send.c. - CVE-2015-7547 -- Marc Deslauriers <email address hidden> Tue, 16 Feb 2016 11:18:00 -0500
Available diffs
- diff from 2.15-0ubuntu10.14 (in ~ubuntu-security/ubuntu/ppa) to 2.15-0ubuntu10.13 (26.2 KiB)
- diff from 2.15-0ubuntu10.12 (in Ubuntu) to 2.15-0ubuntu10.13 (10.4 KiB)
- diff from 2.15-0ubuntu10.11 (in ~ubuntu-security/ubuntu/ppa) to 2.15-0ubuntu10.13 (14.8 KiB)
- diff from 2.15-0ubuntu10 (in Ubuntu) to 2.15-0ubuntu10.13 (74.3 KiB)
Superseded in trusty-security |
Superseded in trusty-updates |
Superseded in trusty-updates |
Superseded in trusty-security |
eglibc (2.19-0ubuntu6.7) trusty-security; urgency=medium * SECURITY UPDATE: glibc getaddrinfo stack-based buffer overflow - debian/patches/any/CVE-2015-7547-pre1.diff: fix memory leak in resolv/nss_dns/dns-host.c. - debian/patches/any/CVE-2015-7547-pre2.diff: fix memory leak in include/resolv.h, resolv/gethnamaddr.c, resolv/nss_dns/dns-canon.c, resolv/nss_dns/dns-host.c, resolv/nss_dns/dns-network.c, resolv/res_query.c, resolv/res_send.c. - debian/patches/any/CVE-2015-7547.diff: fix buffer handling in resolv/nss_dns/dns-host.c, resolv/res_query.c, resolv/res_send.c. - CVE-2015-7547 -- Marc Deslauriers <email address hidden> Tue, 16 Feb 2016 11:35:05 -0500
Available diffs
- diff from 2.19-0ubuntu6.8 (in ~ubuntu-security/ubuntu/ppa) to 2.19-0ubuntu6.7 (24.3 KiB)
- diff from 2.19-0ubuntu6.6 (in ~ubuntu-security/ubuntu/ppa) to 2.19-0ubuntu6.7 (10.6 KiB)
- diff from 2.19-0ubuntu4~test1 to 2.19-0ubuntu6.7 (pending)
eglibc (2.15-0ubuntu10.12) precise; urgency=medium * cvs-vfprintf-multibyte.diff: Fix "memory exhausted" bug in who, by no longer parsing %s format arguments as multibyte strings (LP: #1109327) * cvs-__SSE_MATH__-feraiseexcept.diff: Check for __SSE_MATH__ in x86_64 feraiseexcept to fix backported -m32 builds of GCC 4.8 (LP: #1165387) * cvs-canonical-name.diff: Don't incorrectly do a PTR lookup when asked to do a canonical lookup for a host using AI_CANONNAME (LP: #1057526) * cvs-atomic-fastbins.diff: Fix race in free() of fastbin (LP: #1020210) -- Adam Conrad <email address hidden> Wed, 25 Mar 2015 13:28:41 -0600
Available diffs
eglibc (2.15-0ubuntu10.11) precise-security; urgency=medium * SECURITY UPDATE: getaddrinfo writes to random file descriptors under high load - debian/patches/any/cvs-resolv-reuse-fd.diff: reload file descriptor after calling reopen in resolv/res_send.c. - CVE-2013-7423 * SECURITY UPDATE: denial of service via endless loop in getaddr_r - debian/patches/any/cvs-getnetbyname.diff: iterate over alias names in resolv/nss_dns/dns-network.c. - CVE-2014-9402 * SECURITY UPDATE: buffer overflow in wscanf - debian/patches/any/cvs-wscanf.diff: calculate correct size in stdio-common/vfscanf.c, added test to stdio-common/tst-sscanf.c. - CVE-2015-1472 - CVE-2015-1473 -- Marc Deslauriers <email address hidden> Wed, 25 Feb 2015 09:12:22 -0500
Available diffs
eglibc (2.19-0ubuntu6.6) trusty-security; urgency=medium * SECURITY UPDATE: getaddrinfo writes to random file descriptors under high load - debian/patches/any/cvs-resolv-reuse-fd.diff: reload file descriptor after calling reopen in resolv/res_send.c. - CVE-2013-7423 * SECURITY UPDATE: denial of service via endless loop in getaddr_r - debian/patches/any/cvs-getnetbyname.diff: iterate over alias names in resolv/nss_dns/dns-network.c. - CVE-2014-9402 * SECURITY UPDATE: buffer overflow in wscanf - debian/patches/any/cvs-wscanf.diff: calculate correct size in stdio-common/vfscanf.c, added test to stdio-common/tst-sscanf.c. - CVE-2015-1472 - CVE-2015-1473 -- Marc Deslauriers <email address hidden> Wed, 25 Feb 2015 09:04:10 -0500
Available diffs
eglibc (2.11.1-0ubuntu7.21) lucid-security; urgency=medium * SECURITY UPDATE: getaddrinfo writes to random file descriptors under high load - debian/patches/any/cvs-resolv-reuse-fd.diff: reload file descriptor after calling reopen in resolv/res_send.c. - CVE-2013-7423 * SECURITY UPDATE: denial of service via endless loop in getaddr_r - debian/patches/any/cvs-getnetbyname.diff: iterate over alias names in resolv/nss_dns/dns-network.c. - CVE-2014-9402 -- Marc Deslauriers <email address hidden> Wed, 25 Feb 2015 09:19:02 -0500
Available diffs
eglibc (2.15-0ubuntu10.10) precise-security; urgency=medium * SECURITY UPDATE: buffer overflow in __nss_hostname_digits_dots - debian/patches/any/CVE-2015-0235.diff: fix overflow in nss/digits_dots.c - CVE-2015-0235 -- Steve Beattie <email address hidden> Tue, 20 Jan 2015 13:22:12 -0800
Available diffs
eglibc (2.11.1-0ubuntu7.20) lucid-security; urgency=medium * SECURITY UPDATE: buffer overflow in __nss_hostname_digits_dots - debian/patches/any/CVE-2015-0235.diff: fix overflow in nss/digits_dots.c - CVE-2015-0235 -- Steve Beattie <email address hidden> Wed, 21 Jan 2015 13:03:05 -0800
Available diffs
eglibc (2.19-0ubuntu6.5) trusty; urgency=medium * patches/amd64/local-blacklist-on-TSX-Haswell.diff: new patch from Henrique de Moraes Holschuh to disable TSX on processors which might get it disabled through a microcode update. (LP: #1398975) -- Chris J Arges <email address hidden> Thu, 04 Dec 2014 08:30:10 -0600
Available diffs
eglibc (2.11.1-0ubuntu7.19) lucid-security; urgency=medium * SECURITY UPDATE: denial of service in IBM gconv modules - debian/patches/any/CVE-2012-6656.diff: fix check in iconvdata/ibm930.c. - debian/patches/any/cvs-CVE-2014-6040.diff: fix checks in iconvdata/ibm*.c. - CVE-2012-6656 - CVE-2014-6040 * SECURITY UPDATE: arbitrary command execution via wordexp (LP: #1396471) - debian/patches/any/CVE-2014-7817.diff: properly handle WRDE_NOCMD in posix/wordexp.c, added tests to posix/wordexp-test.c. - CVE-2014-7817 -- Marc Deslauriers <email address hidden> Tue, 02 Dec 2014 11:24:33 -0500
Available diffs
eglibc (2.15-0ubuntu10.9) precise-security; urgency=medium * SECURITY UPDATE: denial of service in IBM gconv modules - debian/patches/any/CVE-2012-6656.diff: fix check in iconvdata/ibm930.c. - debian/patches/any/cvs-CVE-2014-6040.diff: fix checks in iconvdata/ibm*.c. - CVE-2012-6656 - CVE-2014-6040 * SECURITY UPDATE: arbitrary command execution via wordexp (LP: #1396471) - debian/patches/any/CVE-2014-7817.diff: properly handle WRDE_NOCMD in posix/wordexp.c, added tests to posix/wordexp-test.c. - CVE-2014-7817 -- Marc Deslauriers <email address hidden> Tue, 02 Dec 2014 11:21:12 -0500
Available diffs
eglibc (2.19-0ubuntu6.4) trusty-security; urgency=medium * SECURITY UPDATE: denial of service in IBM gconv modules - debian/patches/any/cvs-CVE-2014-6040.diff: fix checks in iconvdata/ibm*.c. - CVE-2014-6040 * SECURITY UPDATE: arbitrary command execution via wordexp (LP: #1396471) - debian/patches/any/CVE-2014-7817.diff: properly handle WRDE_NOCMD in posix/wordexp.c, added tests to posix/wordexp-test.c. - CVE-2014-7817 -- Marc Deslauriers <email address hidden> Mon, 01 Dec 2014 12:05:33 -0500
Available diffs
eglibc (2.11.1-0ubuntu7.17) lucid-security; urgency=medium * SECURITY REGRESSION: memleak in getaddrinfo (LP: #1364584) - debian/patches/CVE-2013-4357-memleak.patch: fix memleak in sysdeps/posix/getaddrinfo.c introduced by patch for CVE-2013-4357. -- Marc Deslauriers <email address hidden> Thu, 04 Sep 2014 19:55:23 -0400
Available diffs
eglibc (2.19-0ubuntu6.3) trusty; urgency=medium * SECURITY UPDATE: heap overflow in __gconv_translit_find() (LP: #1362409) - debian/patches/any/cvs-CVE-2014-5119.diff: Backport upstream commit to completely remove support for loadable gconv transliteration modules. -- Adam Conrad <email address hidden> Wed, 27 Aug 2014 22:19:15 -0600
Available diffs
eglibc (2.15-0ubuntu10.7) precise; urgency=medium * SECURITY UPDATE: heap overflow in __gconv_translit_find() (LP: #1362409) - debian/patches/any/cvs-CVE-2014-5119.diff: Backport upstream commit to completely remove support for loadable gconv transliteration modules. * SECURITY REGRESSION: localplt regression introduced in 2.15-0ubuntu10.6 - debian/patches/any/submitted-CVE-2014-0475.diff: update with a backport of upstream commit ca38dc17 to include memmem hidden alias declaration. -- Adam Conrad <email address hidden> Wed, 27 Aug 2014 22:18:52 -0600
Available diffs
eglibc (2.11.1-0ubuntu7.16) lucid; urgency=medium * SECURITY UPDATE: heap overflow in __gconv_translit_find() (LP: #1362409) - debian/patches/any/cvs-CVE-2014-5119.diff: Backport upstream commit to completely remove support for loadable gconv transliteration modules. * SECURITY REGRESSION: localplt regression introduced in 2.11.1-0ubuntu7.14 - debian/patches/any/submitted-CVE-2014-0475.diff: update with a backport of upstream commit ca38dc17 to include memmem hidden alias declaration. -- Adam Conrad <email address hidden> Wed, 27 Aug 2014 22:08:11 -0600
Available diffs
Deleted in trusty-proposed (Reason: moved to -updates) |
eglibc (2.19-0ubuntu6.2) trusty; urgency=medium * debian/patches/any/cvs-use-zonedir-instead-of-current.diff: Ensure that time zone files are detected correctly. (LP: #1294861) -- Chris J Arges <email address hidden> Tue, 19 Aug 2014 15:20:18 -0500
Available diffs
eglibc (2.11.1-0ubuntu7.15) lucid-security; urgency=medium * SECURITY REGRESSION: segfault when using nscd (LP: #1352504) - debian/patches/lp1352504.diff: don't free non-malloced memory and fix memory leak in nscd/nscd_getserv_r.c. -- Marc Deslauriers <email address hidden> Tue, 05 Aug 2014 07:57:55 -0400
Available diffs
eglibc (2.11.1-0ubuntu7.14) lucid-security; urgency=medium * SECURITY UPDATE: denial of service via buffer overflow in getaddrinfo - debian/patches/CVE-2013-4357.patch: fix overflow in include/alloca.h, nis/nss_nis/nis-alias.c, nscd/nscd_getserv_r.c, posix/glob.c, sysdeps/posix/getaddrinfo.c. - CVE-2013-4357 * SECURITY UPDATE: denial of service via buffer overflow in getaddrinfo - debian/patches/any/CVE-2013-4458.patch: fix overflow in sysdeps/posix/getaddrinfo.c. - CVE-2013-4458 * SECURITY UPDATE: Directory traversal in locale environment handling - debian/patches/any/CVE-2014-0475.diff: validate locale names in locale/findlocale.c, locale/setlocale.c, added test to localedata/tst-setlocale3.c, localedata/Makefile. - CVE-2014-0475 * SECURITY UPDATE: use-after-free via posix_spawn_file_actions_addopen failing to copy the path argument - debian/patches/any/CVE-2014-4043.diff: properly copy path in posix/spawn_faction_addopen.c, posix/spawn_faction_destroy.c, posix/spawn_int.h, added test to posix/tst-spawn.c. - CVE-2014-4043 * debian/patches/any/CVE-2013-4237-part2.diff: fix alignment issue causing a readdir regression on sparc. * debian/patches/any/CVE-2013-4332-part2.diff: added a couple of extra commits to fix another overflow and an infinite loop. -- Marc Deslauriers <email address hidden> Mon, 28 Jul 2014 11:23:55 -0400
Available diffs
eglibc (2.15-0ubuntu10.6) precise-security; urgency=medium * SECURITY UPDATE: denial of service via buffer overflow in getaddrinfo - debian/patches/any/CVE-2013-4458.patch: fix overflow in sysdeps/posix/getaddrinfo.c. - CVE-2013-4458 * SECURITY UPDATE: Directory traversal in locale environment handling - debian/patches/any/CVE-2014-0475.diff: validate locale names in locale/findlocale.c, locale/setlocale.c, added test to localedata/tst-setlocale3.c, localedata/Makefile. - CVE-2014-0475 * SECURITY UPDATE: use-after-free via posix_spawn_file_actions_addopen failing to copy the path argument - debian/patches/any/CVE-2014-4043.diff: properly copy path in posix/spawn_faction_addopen.c, posix/spawn_faction_destroy.c, posix/spawn_int.h, added test to posix/tst-spawn.c. - CVE-2014-4043 * debian/patches/any/CVE-2013-4237-part2.diff: fix alignment issue causing a readdir regression on sparc. * debian/patches/any/CVE-2013-4332-part2.diff: added a couple of extra commits to fix another overflow and an infinite loop. -- Marc Deslauriers <email address hidden> Mon, 28 Jul 2014 07:46:03 -0400
Available diffs
eglibc (2.19-0ubuntu6.1) trusty-security; urgency=medium * SECURITY UPDATE: Directory traversal in locale environment handling - debian/patches/any/CVE-2014-0475.diff: validate locale names in locale/findlocale.c, locale/setlocale.c, added test to localedata/tst-setlocale3.c, localedata/Makefile. - CVE-2014-0475 * SECURITY UPDATE: use-after-free via posix_spawn_file_actions_addopen failing to copy the path argument - debian/patches/any/CVE-2014-4043.diff: properly copy path in posix/spawn_faction_addopen.c, posix/spawn_faction_destroy.c, posix/spawn_int.h, added test to posix/tst-spawn.c. - CVE-2014-4043 -- Marc Deslauriers <email address hidden> Mon, 28 Jul 2014 12:59:23 -0400
Available diffs
Deleted in utopic-release (Reason: Superseded by glibc) |
Published in trusty-release |
Deleted in trusty-proposed (Reason: moved to release) |
eglibc (2.19-0ubuntu6) trusty; urgency=medium * debian/patches/arm64/submitted-setcontext.diff: Update to new version of Will's setcontext patch to fix sigmask handling bug (LP: #1306829) -- Adam Conrad <email address hidden> Sat, 12 Apr 2014 01:47:43 -0600
Available diffs
- diff from 2.19-0ubuntu5 to 2.19-0ubuntu6 (2.0 KiB)
eglibc (2.19-0ubuntu5) trusty; urgency=medium * Merge with unreleased 2.19 from Debian experimental, fixing more bugs: - Pull in arm64 patches to fix setcontext corruption (LP: #1279620) - Apply the IBM 2.19 branch for POWER8 bug fixes and optimizations. - Change M_CHECK_ACTION to abort if first MALLOC_CHECK_ bit is set. -- Adam Conrad <email address hidden> Wed, 09 Apr 2014 18:27:57 -0600
Available diffs
- diff from 2.19-0ubuntu4 to 2.19-0ubuntu5 (26.1 KiB)
eglibc (2.19-0ubuntu4) trusty; urgency=low * debian/debhelper.in/libc.preinst: - do not show glibc/restart-services question when the system is uprading via the desktop session (LP: #1298281) -- Michael Vogt <email address hidden> Wed, 09 Apr 2014 11:33:31 +0200
Available diffs
- diff from 2.19-0ubuntu3 to 2.19-0ubuntu4 (607 bytes)
eglibc (2.19-0ubuntu3) trusty; urgency=medium * Merge with unreleased 2.19 from Debian experimental, fixing more bugs: - Fix bzero/__bzero definition on powerpc/ppc64 with static builds. - Enable IFUNC on arm64 builds, now that the toolchain supports it. - Revert removal of the XDR currency for installation-locale FTBFS. - Pull update from 2.19 branch, fixing bad math in __sin and __cos. * debian/sysdeps/{i386,amd64}.mk: Build i386 flavours with -fno-regmove, this can be reverted when gcc-4.9 becomes the default distro compiler. * debian/*: Drop the redundant libc6-xen packages on i386 (LP: #1271534) -- Adam Conrad <email address hidden> Sun, 09 Mar 2014 12:21:48 -0600
Available diffs
- diff from 2.19-0ubuntu2 to 2.19-0ubuntu3 (43.5 KiB)
eglibc (2.19-0ubuntu2) trusty; urgency=medium * Merge with unreleased 2.19 from Debian experimental, fixing some bugs: - debian/patches/any/local-no-malloc-backtrace.diff: Lower the default for MALLOC_CHECK_ to 1, and add it to the list of insecure variables that can't be set for suid binaries. This allows us to not backtrace malloc failures by default (Closes: #739913, LP: #1266492) and skips backtrace for suid binaries where an attacker calling into a corrupt malloc internal data structure with malloc could lead to Bad Things. - Make ldconfig stop operating on the linker entirely, so our packaged symlinks take precedence and hack the postinst to skip ldconfig when we detect a broken setup that the old ldconfig mangles (LP: #915995) -- Adam Conrad <email address hidden> Sun, 23 Feb 2014 22:39:18 -0700
Available diffs
- diff from 2.18-0ubuntu7 to 2.19-0ubuntu2 (3.2 MiB)
- diff from 2.19-0ubuntu1 to 2.19-0ubuntu2 (7.2 KiB)
Superseded in trusty-proposed |
eglibc (2.19-0ubuntu1) trusty; urgency=medium * Merge with unreleased 2.19 from Debian experimental, remaining changes: - Drop the Breaks line from libc6, which refers to a Debian transition - Remove the libc6 recommends on libc6-i686, which we don't build - Enable libc6{,-dev}-armel on armhf and libc6{-dev}-armhf on armel - Ship update-locale and validlocale in /usr/sbin in libc-bin - Don't build locales or locales-all in Ubuntu, we rely on langpacks - Heavily mangle the way we do service restarting on major upgrades - Use different MIN_KERNEL_SUPPORTED versions than Debian, due to buildd needs. This should be universally bumped to 2.6.32 once all our buildds (including the PPA guests) are running precise kernels - Build i386 variants as -march=i686, build amd64 with -O3, and build ppc64 variants (both 64-bit and 32-bit) with -O3 -fno-tree-vectorize - debian/patches/ubuntu/local-CVE-2012-3406.diff: switch to malloc when array grows too large to handle via alloca extension (CVE-2012-3406) - Build generic i386/i686 flavour with -mno-tls-direct-seg-refs * debian/patches/series.ppc64el: Drop ppc64el patches included upstream. * debian/patches/ubuntu/delete-header-pot.diff: Removed, fixed upstream. * expected-results-aarch64-linux-gnu-libc: Ignore two new arm64 failures for now, so we can get glibc built and test other packages against it.
Available diffs
- diff from 2.18-0ubuntu7 to 2.19-0ubuntu1 (3.2 MiB)
eglibc (2.18-0ubuntu7) trusty; urgency=medium * debian/patches/ppc64el/ibm-branch.diff: Drop min shlib vers to 2.17. * debian/patches/ppc64el/lookup-hack.diff: Treat 2.18 symbols as 2.17. -- Adam Conrad <email address hidden> Sun, 16 Feb 2014 08:01:02 +0000
Available diffs
- diff from 2.18-0ubuntu6 to 2.18-0ubuntu7 (1.4 KiB)
eglibc (2.18-0ubuntu6) trusty; urgency=medium * debian/sysdeps/ppc64el.mk: Use --with-cpu=power7 to optimize properly. * debian/patches/ppc64el/cvs-ppc64-MCOUNT.diff: Fix uses of CALL_MCOUNT. -- Adam Conrad <email address hidden> Wed, 15 Jan 2014 17:28:49 -0700
Available diffs
- diff from 2.18-0ubuntu5 to 2.18-0ubuntu6 (1.2 KiB)
eglibc (2.18-0ubuntu5) trusty; urgency=medium * debian/patches/arm/cvs-arm__{longjmp,sigsetjmp}-thumb.diff: Pull patch from upstream to allow building longjmp and sigsetjmp code with Thumb. * debian/patches/arm/cvs-arm-pointer-mangle-frame.diff: Upstream diff to no longer apply pointer encryption to the frame pointer (LP: #1268937) -- Adam Conrad <email address hidden> Tue, 14 Jan 2014 15:18:45 -0700
Available diffs
- diff from 2.18-0ubuntu4 to 2.18-0ubuntu5 (3.3 KiB)
eglibc (2.18-0ubuntu4) trusty; urgency=medium * debian/patches/ppc64el/ibm-branch.diff: Rebase against vfscanf patch.
Available diffs
- diff from 2.18-0ubuntu2 to 2.18-0ubuntu4 (186.0 KiB)
- diff from 2.18-0ubuntu3 to 2.18-0ubuntu4 (1.3 KiB)
Superseded in trusty-proposed |
eglibc (2.18-0ubuntu3) trusty; urgency=medium * Merge with Debian experimental, pulling in some POWER and build fixes. * debian/patches/ppc64el/ibm-branch.diff: Rebase against vDSO backports. * debian/patches/hurd-i386/libpthread_version.diff: Remove stderr vomit. -- Adam Conrad <email address hidden> Sat, 11 Jan 2014 02:37:18 -0700
Available diffs
- diff from 2.18-0ubuntu2 to 2.18-0ubuntu3 (185.1 KiB)
eglibc (2.18-0ubuntu2) trusty; urgency=medium * debian/patches/i386/cvs-sse42-strstr*: Backport upstream commits which drop buggy SSE4.2 srtstr implementations in favour of an SSE2 version. * debian/patches/kfreebsd/submitted-waitid.diff: Drop this patch pending the resolution of the upstream bug and the Linux/libc header mismatch. -- Adam Conrad <email address hidden> Thu, 19 Dec 2013 17:44:12 -0700
Available diffs
- diff from 2.18-0ubuntu1 to 2.18-0ubuntu2 (9.0 KiB)
eglibc (2.18-0ubuntu1) trusty; urgency=low * Merge with latest 2.18 from Debian experimental, remaining changes: - Drop the Breaks line from libc6, which refers to a Debian transition - Remove the libc6 recommends on libc6-i686, which we don't build - Enable libc6{,-dev}-armel on armhf and libc6{-dev}-armhf on armel - Ship update-locale and validlocale in /usr/sbin in libc-bin - Don't build locales or locales-all in Ubuntu, we rely on langpacks - Heavily mangle the way we do service restarting on major upgrades - Use different MIN_KERNEL_SUPPORTED versions than Debian, due to buildd needs. This should be universally bumped to 2.6.32 once all our buildds (including the PPA guests) are running precise kernels - Build i386 variants as -march=i686, build amd64 with -O3, and build ppc64 variants (both 64-bit and 32-bit) with -O3 -fno-tree-vectorize - debian/patches/ubuntu/local-CVE-2012-3406.diff: switch to malloc when array grows too large to handle via alloca extension (CVE-2012-3406) - Build generic i386/i686 flavour with -mno-tls-direct-seg-refs * debian/patches/ubuntu/local-linaro-cortex-strings.diff: Dropped at the request of Will Newton, who will upstream something more performant. * debian/patches/i386/cvs-nonascii-case-strcmp.diff: Pull upstream patch to fix LC_CTYPE nonascii-case fallback in i686 strcasecmp/strncasecmp. * debian/testsuite-checking/*: Update 686 targets to match the 586 ones. * Generate expected-results-powerpc64le-linux-gnu-libc for ppc64el port.
Available diffs
Superseded in trusty-release |
Obsolete in saucy-release |
Deleted in saucy-proposed (Reason: moved to release) |
eglibc (2.17-93ubuntu4) saucy; urgency=low * patches/arm64/cvs-setjmp-clobber.diff: __sigsetjmp clobbers register x1 before making the tail call to __sigjmp_save, which causes the latter to always save the signal mask. Backport git patch to fix. * patches/series: Revert the CVE-2013-2207 pt_chown fix until we come up with a sane plan to avoid users shooting themselves in the foot. * debhelper.in/libc-bin.install: Install pt_chown again for the above. -- Adam Conrad <email address hidden> Fri, 11 Oct 2013 21:06:21 -0600
Available diffs
- diff from 2.17-93ubuntu1 to 2.17-93ubuntu4 (17.6 KiB)
- diff from 2.17-93ubuntu3 to 2.17-93ubuntu4 (2.2 KiB)
Superseded in saucy-proposed |
eglibc (2.17-93ubuntu3) saucy; urgency=low * Revert the CVE-2013-4788 fix, as it causes the ARM testsuite to fail. -- Adam Conrad <email address hidden> Thu, 10 Oct 2013 01:25:14 -0600
Available diffs
- diff from 2.17-93ubuntu2 to 2.17-93ubuntu3 (540 bytes)
Superseded in saucy-proposed |
eglibc (2.17-93ubuntu2) saucy; urgency=low * patches/any/cvs-CVE-2012-44xx.diff: backport overflow fixes in strcoll addressing CVE-2012-4412 and CVE-2012-4424 (Closes: #687530, #689423) * patches/any/cvs-CVE-2013-4237.diff: backport git fix to respect the NAME_MAX constraints in readdir_r: CVE-2013-4237 (Closes: #719558) * debian/patches/any/cvs-CVE-2013-2207-pt_chown.diff: backpot git patch to disable building and using pt_chown: CVE-2013-2207 (Closes: #717544) * debhelper.in/libc-bin.install: Adjust packaging for the above change. * patches/any/cvs-CVE-2013-4788-static-ptrguard*: backport fix from git for pointer mangling in static builds: CVE-2013-4788 (Closes: #717178) * patches/ubuntu/unsubmitted-dlopen-static-crash.diff: New patch from Maciej Rozycki to fix a dlopen segfault in statically linked programs. -- Adam Conrad <email address hidden> Wed, 09 Oct 2013 22:29:57 -0600
Available diffs
- diff from 2.17-93ubuntu1 to 2.17-93ubuntu2 (16.6 KiB)
eglibc (2.11.1-0ubuntu7.13) lucid-security; urgency=low * SECURITY UPDATE: denial of service and possible code execution via strcoll overflows - debian/patches/any/CVE-2012-44xx.diff: fix overflows in string/strcoll_l.c, add test to string/tst-strcoll-overflow.c, string/Makefile. - CVE-2012-4412 - CVE-2012-4424 * SECURITY UPDATE: denial of service in regular expression matcher - debian/patches/any/CVE-2013-0242.diff: fix buffer overrun in posix/regexec.c, add test to posix/bug-regex34.c, posix/Makefile. - CVE-2013-0242 * SECURITY UPDATE: denial of service in getaddrinfo - debian/patches/any/CVE-2013-1914.diff: fix overflow in sysdeps/posix/getaddrinfo.c, add libc_hidden_proto for __libc_alloca_cutoff in include/alloca.h, nptl/Versions, nptl/alloca_cutoff.c. - CVE-2013-1914 * SECURITY UPDATE: denial of service and possible code execution via readdir_r - debian/patches/any/CVE-2013-4237.diff: enforce NAME_MAX limit in sysdeps/unix/readdir_r.c, add errcode to sysdeps/unix/dirstream.h, sysdeps/unix/opendir.c, sysdeps/unix/rewinddir.c, remove GETDENTS_64BIT_ALIGNED from sysdeps/unix/sysv/linux/i386/readdir64_r.c, sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c. - CVE-2013-4237 * SECURITY UPDATE: denial of service and possible code execution via overflows in memory allocator - debian/patches/any/CVE-2013-4332.diff: check for overflows in malloc/malloc.c. - CVE-2013-4332 -- Marc Deslauriers <email address hidden> Tue, 01 Oct 2013 20:14:40 -0400
Available diffs
eglibc (2.15-0ubuntu10.5) precise-security; urgency=low * SECURITY UPDATE: denial of service and possible code execution via strcoll overflows - debian/patches/any/CVE-2012-44xx.diff: fix overflows in string/strcoll_l.c, add test to string/tst-strcoll-overflow.c, string/Makefile. - CVE-2012-4412 - CVE-2012-4424 * SECURITY UPDATE: denial of service in regular expression matcher - debian/patches/any/CVE-2013-0242.diff: fix buffer overrun in posix/regexec.c, add test to posix/bug-regex34.c, posix/Makefile. - CVE-2013-0242 * SECURITY UPDATE: denial of service in getaddrinfo - debian/patches/any/CVE-2013-1914.diff: fix overflow in sysdeps/posix/getaddrinfo.c. - CVE-2013-1914 * SECURITY UPDATE: denial of service and possible code execution via readdir_r - debian/patches/any/CVE-2013-4237.diff: enforce NAME_MAX limit in sysdeps/unix/readdir_r.c, add errcode to sysdeps/unix/dirstream.h, sysdeps/unix/opendir.c, sysdeps/unix/rewinddir.c, remove GETDENTS_64BIT_ALIGNED from sysdeps/unix/sysv/linux/i386/readdir64_r.c, sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c. - CVE-2013-4237 * SECURITY UPDATE: denial of service and possible code execution via overflows in memory allocator - debian/patches/any/CVE-2013-4332.diff: check for overflows in malloc/malloc.c. - CVE-2013-4332 -- Marc Deslauriers <email address hidden> Fri, 27 Sep 2013 16:09:49 -0400
Available diffs
eglibc (2.15-0ubuntu20.2) quantal-security; urgency=low * SECURITY UPDATE: denial of service and possible code execution via strcoll overflows - debian/patches/any/CVE-2012-44xx.diff: fix overflows in string/strcoll_l.c, add test to string/tst-strcoll-overflow.c, string/Makefile. - CVE-2012-4412 - CVE-2012-4424 * SECURITY UPDATE: denial of service in regular expression matcher - debian/patches/any/CVE-2013-0242.diff: fix buffer overrun in posix/regexec.c, add test to posix/bug-regex34.c, posix/Makefile. - CVE-2013-0242 * SECURITY UPDATE: denial of service in getaddrinfo - debian/patches/any/CVE-2013-1914.diff: fix overflow in sysdeps/posix/getaddrinfo.c. - CVE-2013-1914 * SECURITY UPDATE: denial of service and possible code execution via readdir_r - debian/patches/any/CVE-2013-4237.diff: enforce NAME_MAX limit in sysdeps/unix/readdir_r.c, add errcode to sysdeps/unix/dirstream.h, sysdeps/unix/opendir.c, sysdeps/unix/rewinddir.c, remove GETDENTS_64BIT_ALIGNED from sysdeps/unix/sysv/linux/i386/readdir64_r.c, sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c. - CVE-2013-4237 * SECURITY UPDATE: denial of service and possible code execution via overflows in memory allocator - debian/patches/any/CVE-2013-4332.diff: check for overflows in malloc/malloc.c. - CVE-2013-4332 -- Marc Deslauriers <email address hidden> Fri, 27 Sep 2013 13:49:56 -0400
Available diffs
eglibc (2.17-0ubuntu5.1) raring-security; urgency=low * SECURITY UPDATE: denial of service and possible code execution via strcoll overflows - debian/patches/any/CVE-2012-44xx.diff: fix overflows in string/strcoll_l.c, add test to string/tst-strcoll-overflow.c, string/Makefile. - CVE-2012-4412 - CVE-2012-4424 * SECURITY UPDATE: denial of service in regular expression matcher - debian/patches/any/CVE-2013-0242.diff: fix buffer overrun in posix/regexec.c, add test to posix/bug-regex34.c, posix/Makefile. - CVE-2013-0242 * SECURITY UPDATE: denial of service in getaddrinfo - debian/patches/any/CVE-2013-1914.diff: fix overflow in sysdeps/posix/getaddrinfo.c. - CVE-2013-1914 * SECURITY UPDATE: denial of service and possible code execution via readdir_r - debian/patches/any/CVE-2013-4237.diff: enforce NAME_MAX limit in sysdeps/posix/readdir_r.c, add errcode to sysdeps/posix/dirstream.h, sysdeps/posix/opendir.c, sysdeps/posix/rewinddir.c, remove GETDENTS_64BIT_ALIGNED from sysdeps/unix/sysv/linux/i386/readdir64_r.c, sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c. - CVE-2013-4237 * SECURITY UPDATE: denial of service and possible code execution via overflows in memory allocator - debian/patches/any/CVE-2013-4332.diff: check for overflows in malloc/malloc.c. - CVE-2013-4332 -- Marc Deslauriers <email address hidden> Fri, 27 Sep 2013 09:07:13 -0400
Available diffs
eglibc (2.17-93ubuntu1) saucy; urgency=low * Merge with Debian unstable, bringing in testsuite and security fixes.
Available diffs
- diff from 2.17-91ubuntu1 to 2.17-93ubuntu1 (12.5 KiB)
eglibc (2.17-91ubuntu1) saucy; urgency=low * Merge with Debian unstable, running the testsuite in parallel and moving some manpages from eglibc to the manpages package.
Available diffs
- diff from 2.17-7ubuntu1 to 2.17-91ubuntu1 (592.4 KiB)
eglibc (2.17-7ubuntu1) saucy; urgency=low * Merge with Debian unstable, bringing in several tweaks and fixes. * debian/control.in/main: Drop build-conflicts on binutils-gold to make us buildable again with the new binutils that provides it. * Re-enable hard failure on testsuite failure for development builds.
Available diffs
- diff from 2.17-0ubuntu5 to 2.17-7ubuntu1 (107.6 KiB)
Superseded in saucy-release |
Obsolete in raring-release |
Deleted in raring-proposed (Reason: moved to release) |
eglibc (2.17-0ubuntu5) raring; urgency=low * debian/debhelper.in/libc.postint: Switch from 'awk gsub' to 'tr -d' to avoid warnings when the awk alternative points to gawk (LP: #1156923) * debian/patches/any/submitted-setfsid-wur.diff: Drop __wur from setfsuid and setfsgid functions to avoid -Werror=unused-result (Closes: #701422) * debian/patches/i386/cvs-simd-exception.diff: Pull patch from upstream to fix a performance regression in i386 SIMD exceptions (LP: #1157244) * debian/patches/svn-updates.diff: Update to r22884 of eglibc-2_17 branch * debian/testsuite-checking/compare.sh: Disable hard testsuite failures for release to avoid stable updates exploding as buildd kernels change -- Adam Conrad <email address hidden> Wed, 17 Apr 2013 22:53:13 -0600
Available diffs
- diff from 2.17-0ubuntu4 to 2.17-0ubuntu5 (4.0 KiB)
eglibc (2.17-0ubuntu4) raring; urgency=low * Brown paper bag release: restore g++-multilib build-dep on armhf. -- Adam Conrad <email address hidden> Fri, 08 Feb 2013 23:09:13 -0700
Available diffs
- diff from 2.17-0ubuntu2 to 2.17-0ubuntu4 (3.3 KiB)
- diff from 2.17-0ubuntu3 to 2.17-0ubuntu4 (708 bytes)
Superseded in raring-proposed |
eglibc (2.17-0ubuntu3) raring; urgency=low * Merge with Debian experimental, fixing arm64 builds and adding support for upstart's shiny new stateful re-exec capabilities. * Re-enable audit build-dep now that libaudit is moving to main.
Available diffs
- diff from 2.17-0ubuntu2 to 2.17-0ubuntu3 (3.2 KiB)
eglibc (2.17-0ubuntu2) raring; urgency=low * Merge with Debian experimental, bringing in several small fixes. * Sync Ubuntu's expected testsuite results with Debian's new ones.
Available diffs
- diff from 2.17-0ubuntu1 to 2.17-0ubuntu2 (7.6 KiB)
eglibc (2.17-0ubuntu1) raring; urgency=low * Merge with Debian, bringing in a new upstream and many small fixes: - patches/any/cvs-malloc-deadlock.diff: Dropped, merged upstream. - patches/ubuntu/lddebug-scopes.diff: Rebase for upstream changes. - patches/ubuntu/local-CVE-2012-3406.diff: Rebased against upstream. - patches/ubuntu/no-asm-mtune-i686.diff: Fixed in recent binutils. * This upstream merge fixes a nasty hang in pulseaudio (LP: #1085342) * Bump MIN_KERNEL_SUPPORTED to 2.6.32 on ARM, now that we no longer have to support shonky 2.6.31 kernels on imx51 babbage builders. * Drop patches/ubuntu/local-disable-nscd-host-caching.diff, as these issues were apparently resolved upstream a while ago (LP: #613662) * Fix the compiled-in bug URL to point to launchpad.net, not Debian.
Available diffs
- diff from 2.16-0ubuntu8 to 2.17-0ubuntu1 (1.4 MiB)
eglibc (2.15-0ubuntu10.4) precise; urgency=low * Add patch ubuntu/local-disable-nscd-netgroup-caching.diff to disable netgroup caching in the default config (LP: #1068889) * Backport any/cvs-malloc-deadlock.diff from upstream to prevent glibc deadlocking in mallock arena retry paths (LP: #1081734) * Fix futex issue (BZ #13844), backport from 2.16 (LP: #1091186) * Drop patch any/local-disable-nscd-host-caching.diff, as this bug was apparently resolved upstream a while ago (LP: #613662) * Add patch any/cvs-ld-self-load.diff to restore ld.so's ability to load itself, a behaviour accidentally removed (LP: #1088677) * Drop dangling libnss_db.so symlink in libc6-dev (LP: #1088773) -- Adam Conrad <email address hidden> Sun, 27 Jan 2013 16:46:30 -0700
Available diffs
eglibc (2.15-0ubuntu20.1) quantal; urgency=low * Add patch ubuntu/local-disable-nscd-netgroup-caching.diff to disable netgroup caching in the default config (LP: #1068889) * Backport any/cvs-malloc-deadlock.diff from upstream to prevent glibc deadlocking in mallock arena retry paths (LP: #1081734) * Fix futex issue (BZ #13844), backport from 2.16 (LP: #1091186) * Drop patch any/local-disable-nscd-host-caching.diff, as this bug was apparently resolved upstream a while ago (LP: #613662) * Add patch any/cvs-ld-self-load.diff to restore ld.so's ability to load itself, a behaviour accidentally removed (LP: #1088677) * Drop dangling libnss_db.so symlink in libc6-dev (LP: #1088773) -- Adam Conrad <email address hidden> Sun, 27 Jan 2013 16:46:30 -0700
Available diffs
eglibc (2.16-0ubuntu8) raring; urgency=low * Switch armel/armhf libc-dev-alt builds to the same symlink method used by other arches to avoid duplicate files and dpkg oopses. * Merge with experimental, fixing rtlddir for x32 alternate builds. -- Adam Conrad <email address hidden> Mon, 26 Nov 2012 18:32:55 -0700
Available diffs
- diff from 2.16-0ubuntu7 to 2.16-0ubuntu8 (1.9 KiB)
eglibc (2.16-0ubuntu7) raring; urgency=low * Merge with 2.16-0experimental1 from Debian, bringing in my upstream version of the C++ header autodetection patch, some packaging and upgrade fixes, and reducing our delta further. * Fix debian/tests/control syntax for autopkgtest (LP: #1081500) * Add patch ubuntu/local-disable-nscd-netgroup-caching.diff to disable netgroup caching in the default config (LP: #1068889) * Backport any/cvs-malloc-deadlock.diff from upstream to prevent glibc deadlocking in mallock arena retry paths (LP: #1081734) -- Adam Conrad <email address hidden> Sun, 25 Nov 2012 19:00:46 -0700
Available diffs
- diff from 2.16-0ubuntu6 to 2.16-0ubuntu7 (12.9 KiB)
eglibc (2.16-0ubuntu6) raring; urgency=low * debian/tests/{control,rebuild}: add a stub autopkgtest rebuild test and add the XS-Testsuite header to control (LP: #1081500) * Rework unsubmitted-cxxheaders-detection3.dif one more time to account for more multiarch versus multilib location oddities. * Adjust expected results for intermittent tst-mqueue5 failures. -- Adam Conrad <email address hidden> Wed, 21 Nov 2012 12:34:25 -0700
Available diffs
- diff from 2.16-0ubuntu3 to 2.16-0ubuntu6 (24.3 KiB)
- diff from 2.16-0ubuntu5 to 2.16-0ubuntu6 (1.9 KiB)
Superseded in raring-proposed |
eglibc (2.16-0ubuntu5) raring; urgency=low * Adjust patches/any/unsubmitted-cxxheaders-detection3.diff to try calling g++ -print-multiarch first and fall back to -dumpmachine, to account for architectures where those two values can differ. -- Adam Conrad <email address hidden> Wed, 21 Nov 2012 00:00:10 -0700
Available diffs
- diff from 2.16-0ubuntu4 to 2.16-0ubuntu5 (875 bytes)
Superseded in raring-proposed |
eglibc (2.16-0ubuntu4) raring; urgency=low * Merge with experimental SVN, bringing in several packaging fixes, and my patch to give crti.o on armhf the Tag_ABI_VFP_args tag. * Update expected testsuite results and re-enable testsuite checks. * Add patches/powerpc/unsubmitted_UAPI_ASM_POWERPC_ELF.diff to track the kernel's renaming _ASM_POWERPC_ELF to _UAPI_ASM_POWERPC_ELF. * Backport patches/any/cvs-cxxheaders-{detection1,detection2}.diff from upstream to clean up the C++ header detection for -nostdinc. * Add patches/any/unsubmitted-cxxheaders-detection3.diff to make the above work with our new g++, which puts headers in a new location. -- Adam Conrad <email address hidden> Mon, 19 Nov 2012 20:14:14 -0700
Available diffs
- diff from 2.16-0ubuntu3 to 2.16-0ubuntu4 (23.9 KiB)
eglibc (2.13-20ubuntu5.3) oneiric; urgency=low * Pull three interdependent patches from Debian to fix AVX detection problems on kernels or CPUs that lack support for it (LP: #979003): - amd64/cvs-avx-detection.diff: Improved detection on old kernels. - amd64/cvs-dl_trampoline-cfi.diff: fix CFI in dl_trampoline code. - amd64/cvs-avx-osxsave.diff: Disable AVX without OSXAVE support. -- Adam Conrad <email address hidden> Wed, 14 Nov 2012 16:03:25 -0700
Available diffs
eglibc (2.11.1-0ubuntu7.12) lucid; urgency=low * Pull three interdependent patches from Debian to fix AVX detection problems on kernels or CPUs that lack support for it (LP: #979003): - amd64/cvs-avx-detection.diff: Improved detection on old kernels. - amd64/cvs-dl_trampoline-cfi.diff: fix CFI in dl_trampoline code. - amd64/cvs-avx-osxsave.diff: Disable AVX without OSXAVE support. * Also backport amd64/submitted-tst-audit6-avx.diff from oneiric to skip tests if AVX extensions are not available on the build host. * Use non-deprecated --reject-format=unified QUILT_PATCH_OPTS option. -- Adam Conrad <email address hidden> Wed, 14 Nov 2012 16:14:37 -0700
Available diffs
eglibc (2.16-0ubuntu3) raring; urgency=low * Regenerate the control file. -- Matthias Klose <email address hidden> Sat, 27 Oct 2012 23:54:17 +0200
Available diffs
- diff from 2.16-0ubuntu1 to 2.16-0ubuntu3 (2.3 KiB)
- diff from 2.16-0ubuntu2 to 2.16-0ubuntu3 (609 bytes)
Superseded in raring-proposed |
eglibc (2.16-0ubuntu2) raring; urgency=low * Enable building x32 multilib libraries on amd64 and i386. * Build x32 multilib libraries with -mx32. * Don't run the x32 testsuite on amd64 and i386, kernel support missing. * Revert the fix for bz13979, breaking AC_HEADER checks with compilers having _FORTIFY_SOURCE enabled by default. To be reverted before the 13.04 release. -- Matthias Klose <email address hidden> Sat, 27 Oct 2012 17:34:07 +0200
Available diffs
- diff from 2.16-0ubuntu1 to 2.16-0ubuntu2 (2.3 KiB)
eglibc (2.16-0ubuntu1) raring; urgency=low * Merge with unreleased 2.16 in Debian experimental, remaining changes: - Drop the Breaks line from libc6, which refers to a Debian transition - Remove the libc6 recommends on libc6-i686, which we don't build - Enable libc6{,-dev}-armel on armhf and libc6{-dev}-armhf on armel - Ship update-locale and validlocale in /usr/sbin in libc-bin - Don't build locales or locales-all in Ubuntu, we rely on langpacks - Heavily mangle the way we do service restarting on major upgrades - Use different MIN_KERNEL_SUPPORTED versions than Debian, due to buildd needs. This should be universally bumped to 3.2.0 once all our buildds (including the PPA guests) are running precise kernels - Build i386 variants as -march=i686, build amd64 with -O3, and build ppc64 variants (both 64-bit and 32-bit) with -O3 -fno-tree-vectorize - Re-enable unsubmitted-ldconfig-cache-abi.diff and rebuild the cache on upgrades from previous versions that used a different constant - debian/patches/any/local-CVE-2012-3406.diff: switch to malloc when array grows too large to handle via alloca extension (CVE-2012-3406) - Build generic i386/i686 flavour with -mno-tls-direct-seg-refs * Changes added/dropped with this merge while reducing our delta: - Stop building glibc docs from the eglibc source, and instead make the glibc-docs stub have a hard dependency on glibc-doc-reference - Remove outdated conflicts against ancient versions of ia32-libs - Drop the tzdata dependency from libc6, it's in required and minimal - Use gcc-4.7/g++-4.7 by default on all our supported architectures - Save our historical changelog as changelog.ubuntu in the source - Drop nscd's libaudit build-dep for now, as libaudit is in universe - Drop the unnecessary Breaks from libc6 to locales and locales-all - Ship xen's ld.so.conf.d snippet as /etc/ld.so.conf.d/libc6-xen.conf * Disable hard failures on the test suite for the first upload to raring
Available diffs
eglibc (2.15-0ubuntu10.3) precise; urgency=low * Backport fixes for dbl-64 and ldbl-128 issues (LP: #1000498) * Backport another FMA support patch from glibc master branch.
Available diffs
1 → 75 of 225 results | First • Previous • Next • Last |