Change log for eglibc package in Ubuntu
| 1 → 75 of 225 results | First • Previous • Next • Last |
eglibc (2.15-0ubuntu10.23) precise-security; urgency=medium
* Removing locale/locales-all from debian/control since in Precise
it uses langpack-locales and no binary is created in eglibc for locales
-- <email address hidden> (Leonidas S. Barbosa) Thu, 05 Mar 2020 13:38:43 -0300
Available diffs
eglibc (2.19-0ubuntu6.15) trusty-security; urgency=medium * Fix NSS loading for static binaries (LP: #1821752) - debian/patches/any/local-static-dlopen-search-path.diff: fix static dlopen default library search path in elf/dl-support.c. -- Marc Deslauriers <email address hidden> Tue, 26 Mar 2019 09:53:00 -0400
Available diffs
eglibc (2.19-0ubuntu6.14) trusty-security; urgency=medium
* SECURITY UPDATE: Memory leak in dynamic loader (ld.so)
- debian/patches/any/cvs-compute-correct-array-size-in-_dl_init_paths.diff:
Compute correct array size in _dl_init_paths
- CVE-2017-1000408
* SECURITY UPDATE: Buffer overflow in dynamic loader (ld.so)
- debian/patches/any/cvs-count-components-of-expanded-path-in-_dl_init_paths.diff:
Count components of the expanded path in _dl_init_path
- CVE-2017-1000409
* SECURITY UPDATE: One-byte overflow in glob
- debian/patches/any/cvs-fix-one-byte-glob-overflow.diff: Fix one-byte
overflow in glob
- CVE-2017-15670
* SECURITY UPDATE: Buffer overflow in glob
- debian/patches/any/cvs-fix-glob-buffer-overflow.diff: Fix buffer overflow
during GLOB_TILDE unescaping
- CVE-2017-15804
* SECURITY UPDATE: Local privilege escalation via mishandled RPATH / RUNPATH
- debian/patches/any/cvs-elf-check-for-empty-tokens.diff: elf: Check for
empty tokens before dynamic string token expansion
- CVE-2017-16997
* SECURITY UPDATE: Buffer underflow in realpath()
- debian/patches/any/cvs-make-getcwd-fail-if-path-is-no-absolute.diff:
Make getcwd(3) fail if it cannot obtain an absolute path
- CVE-2018-1000001
-- Chris Coulson <email address hidden> Mon, 15 Jan 2018 09:37:19 +0000
Available diffs
- diff from 2.19-0ubuntu6.13 (in ~ubuntu-security/ubuntu/ubuntu-security-staging-private) to 2.19-0ubuntu6.14 (6.8 KiB)
- diff from 2.19-0ubuntu6.13 (in ~ubuntu-security/ubuntu/ppa) to 2.19-0ubuntu6.14 (6.1 KiB)
- diff from 2.19-0ubuntu6.11~test.1 to 2.19-0ubuntu6.14 (pending)
eglibc (2.19-0ubuntu6.13) trusty-security; urgency=medium
* SECURITY UPDATE: LD_LIBRARY_PATH stack corruption
- debian/patches/any/CVE-2017-1000366.patch: Completely ignore
LD_LIBRARY_PATH for AT_SECURE=1 programs
- CVE-2017-1000366
* SECURITY UPDATE: LD_PRELOAD stack corruption
- debian/patches/any/upstream-harden-rtld-Reject-overly-long-LD_PRELOAD.patch:
Reject overly long names or names containing directories in
LD_PRELOAD for AT_SECURE=1 programs.
* debian/patches/any/cvs-harden-glibc-malloc-metadata.patch: add
additional consistency check for 1-byte overflows
* debian/patches/any/cvs-harden-ignore-LD_HWCAP_MASK.patch: ignore
LD_HWCAP_MASK for AT_SECURE=1 programs
-- Steve Beattie <email address hidden> Fri, 16 Jun 2017 12:06:00 -0700
Available diffs
eglibc (2.15-0ubuntu10.18) precise-security; urgency=medium
* REGRESSION UPDATE: IPv6 addresses not being returned from a
dual-stack ipv4-ipv6 host query.
- Revert patches/any/CVE-2016-3706.diff (LP: #1674776)
-- Steve Beattie <email address hidden> Thu, 23 Mar 2017 11:38:25 -0700
Available diffs
eglibc (2.15-0ubuntu10.17) precise-security; urgency=medium
* REGRESSION UPDATE: Previous update introduce ABI breakage in
internal glibc query ABI
- Back out patches/any/CVE-2015-5180-regression.diff
(LP: #1674532)
-- Steve Beattie <email address hidden> Tue, 21 Mar 2017 08:49:32 -0700
Available diffs
eglibc (2.19-0ubuntu6.11) trusty-security; urgency=medium
* REGRESSION UPDATE: Previous update introduced ABI breakage in
internal glibc query ABI
- Back out patches/any/CVE-2015-5180-regression.diff
(LP: #1674532)
-- Steve Beattie <email address hidden> Tue, 21 Mar 2017 03:28:13 -0700
Available diffs
eglibc (2.19-0ubuntu6.10) trusty-security; urgency=medium
* SECURITY UPDATE: multiple overflows in strxfrm()
- patches/any/CVE-2015-8982.diff: Fix memory handling in strxfrm_l
- CVE-2015-8982
* SECURITY UPDATE: _IO_wstr_overflow integer overflow
- patches/any/CVE-2015-8983.diff: Add checks for integer overflow
- CVE-2015-8983
* SECURITY UPDATE: buffer overflow (read past end of buffer) in
internal_fnmatch
- patches/any/CVE-2015-8984.diff: Remove extra increment when
skipping over collating symbol inside a bracket expression.
- CVE-2015-8984
* SECURITY UPDATE: DNS resolver NULL pointer dereference with
crafted record type
- patches/any/CVE-2015-5180.diff: Use out of band signaling for
internal queries
- CVE-2015-5180
* SECURITY UPDATE: stack-based buffer overflow in the glob
implementation
- patches/any/CVE-2016-1234.diff: Simplify the interface for the
GLOB_ALTDIRFUNC callback gl_readdir
- CVE-2016-1234
* SECURITY UPDATE: getaddrinfo: stack overflow in hostent conversion
- patches/any/CVE-2016-3706.diff: Use a heap allocation instead
- CVE-2016-3706:
* SECURITY UPDATE: stack exhaustion in clntudp_call
- patches/any/CVE-2016-4429.diff: Use malloc/free for the error
payload.
- CVE-2016-4429
* SECURITY UPDATE: ARM32 backtrace infinite loop (DoS)
- patches/any/CVE-2016-6323.diff: mark __startcontext as
.cantunwind
- CVE-2016-6323
* debian/testsuite-checking/expected-results-aarch64-linux-gnu-libc,
debian/testsuite-checking/expected-results-arm-linux-gnueabihf-libc:
Allow nptl/tst-signal6 to fail on ARM, ARM64
-- Steve Beattie <email address hidden> Mon, 06 Mar 2017 16:49:25 -0800
Available diffs
eglibc (2.15-0ubuntu10.16) precise-security; urgency=medium
* SECURITY UPDATE: multiple overflows in strxfrm()
- patches/any/CVE-2015-8982.diff: Fix memory handling in strxfrm_l
- CVE-2015-8982
* SECURITY UPDATE: _IO_wstr_overflow integer overflow
- patches/any/CVE-2015-8983.diff: Add checks for integer overflow
- CVE-2015-8983
* SECURITY UPDATE: buffer overflow (read past end of buffer) in
internal_fnmatch
- patches/any/CVE-2015-8984.diff: Remove extra increment when
skipping over collating symbol inside a bracket expression.
- CVE-2015-8984
* SECURITY UPDATE: DNS resolver NULL pointer dereference with
crafted record type
- patches/any/CVE-2015-5180.diff: Use out of band signaling for
internal queries
- CVE-2015-5180
* SECURITY UPDATE: stack-based buffer overflow in the glob
implementation
- patches/any/CVE-2016-1234.diff: Simplify the interface for the
GLOB_ALTDIRFUNC callback gl_readdir
- CVE-2016-1234
* SECURITY UPDATE: getaddrinfo: stack overflow in hostent conversion
- patches/any/CVE-2016-3706.diff: Use a heap allocation instead
- CVE-2016-3706:
* SECURITY UPDATE: stack exhaustion in clntudp_call
- patches/any/CVE-2016-4429.diff: Use malloc/free for the error
payload.
- CVE-2016-4429
* SECURITY UPDATE: ARM32 backtrace infinite loop (DoS)
- patches/any/CVE-2016-6323.diff: mark __startcontext as
.cantunwind
- CVE-2016-6323
-- Steve Beattie <email address hidden> Mon, 06 Mar 2017 09:37:30 -0800
Available diffs
eglibc (2.15-0ubuntu10.15) precise-security; urgency=medium
* REGRESSION UPDATE: revert CVE-2014-9761 fix due to added symbol
dependency from libm to libc (LP: #1585614)
- debian/patches/any/CVE-2014-9761-2.diff: keep exporting
__strto*_nan symbols added to libc.
-- Steve Beattie <email address hidden> Thu, 26 May 2016 00:08:17 -0700
Available diffs
eglibc (2.19-0ubuntu6.9) trusty-security; urgency=medium
* REGRESSION UPDATE: revert CVE-2014-9761 fix due to added symbol
dependency from libm to libc (LP: #1585614)
- debian/patches/any/CVE-2014-9761-2.diff: keep exporting
__strto*_nan symbols added to libc.
-- Steve Beattie <email address hidden> Thu, 26 May 2016 01:04:18 -0700
Available diffs
| Deleted in trusty-security (Reason: Reverting update; see https://bugs.launchpad.net/ubuntu/+...) |
| Deleted in trusty-updates (Reason: Reverting update; see https://bugs.launchpad.net/ubuntu/+...) |
| Deleted in trusty-proposed (Reason: moved to -updates) |
eglibc (2.19-0ubuntu6.8) trusty-security; urgency=medium
* SECURITY UPDATE: buffer overflow in gethostbyname_r and related
functions
- debian/patches/any/CVE-2015-1781.diff: take alignment padding
into account when computing if buffer is too small.
- CVE-2015-1781
* SECURITY UPDATE: glibc Name Service Switch (NSS) denial of sevice
- debian/patches/any/CVE-2014-8121-1.diff: do not close NSS files
database during iteration.
- debian/patches/any/CVE-2014-8121-2.diff: Separate internal state
between getXXent and getXXbyYY NSS calls.
- CVE-2014-8121
* SECURITY UPDATE: glibc unbounded stack usage in NaN strtod
conversion
- debian/patches/any/CVE-2014-9761-1.diff: Refactor strtod parsing
of NaN payloads.
- debian/patches/any/CVE-2014-9761-1.diff: Fix nan functions
handling of payload strings
- CVE-2014-9761
* SECURITY UPDATE: NSS files long line buffer overflow
- debian/patches/any/CVE-2015-5277.diff: Don't ignore too long
lines in nss_files
- CVE-2015-5277
* SECURITY UPDATE: out of range data to strftime() causes segfault
(denial of service)
- debian/patches/any/CVE-2015-8776.diff: add range checks to
strftime() processing
- CVE-2015-8776
* SECURITY UPDATE: glibc honors LD_POINTER_GUARD env for setuid
AT_SECURE programs (e.g. setuid), allowing disabling of pointer
mangling
- debian/patches/any/CVE-2015-8777.diff: Always enable pointer
guard
- CVE-2015-8777
* SECURITY UPDATE: integer overflow in hcreate and hcreate_r
- debian/patches/any/CVE-2015-8778.diff: check for large inputs
- CVE-2015-8778
* SECURITY UPDATE: unbounded stack allocation in catopen()
- debian/patches/any/CVE-2015-8779.diff: stop using unbounded
alloca()
- CVE-2015-8779
* SECURITY UPDATE: Stack overflow in _nss_dns_getnetbyname_r
- debian/patches/any/CVE-2016-3075.diff: do not make unneeded
memory copy on the stack.
- CVE-2016-3075
* SECURITY UPDATE: pt_chown privilege escalation
- debian/patches/any/CVE-2016-2856.diff: grantpt: trust the kernel
about pty group and permission mode
- debian/sysdeps/linux.mk: don't build pt_chown
- debian/rules.d/debhelper.mk: only install pt_chown when built.
- CVE-2016-2856, CVE-2013-2207
* debian/debhelper.in/libc.postinst: add reboot notifications for
security updates (LP: #1546457)
* debian/patches/ubuntu/submitted-no-stack-backtrace.diff: update
patch to eliminate compiler warning.
-- Steve Beattie <email address hidden> Fri, 08 Apr 2016 23:26:02 -0700
Available diffs
| Deleted in precise-security (Reason: Reverting update; see https://bugs.launchpad.net/ubuntu/+...) |
| Deleted in precise-updates (Reason: Reverting update; see https://bugs.launchpad.net/ubuntu/+...) |
| Deleted in precise-proposed (Reason: moved to -updates) |
eglibc (2.15-0ubuntu10.14) precise-security; urgency=medium
* SECURITY UPDATE: buffer overflow in gethostbyname_r and related
functions
- debian/patches/any/CVE-2015-1781.diff: take alignment padding
into account when computing if buffer is too small.
- CVE-2015-1781
* SECURITY UPDATE: glibc Name Service Switch (NSS) denial of sevice
- debian/patches/any/CVE-2014-8121-1.diff: do not close NSS files
database during iteration.
- debian/patches/any/CVE-2014-8121-2.diff: Separate internal state
between getXXent and getXXbyYY NSS calls.
- CVE-2014-8121
* SECURITY UPDATE: glibc unbounded stack usage in NaN strtod
conversion
- debian/patches/any/CVE-2014-9761-1.diff: Refactor strtod parsing
of NaN payloads.
- debian/patches/any/CVE-2014-9761-1.diff: Fix nan functions
handling of payload strings
- CVE-2014-9761
* SECURITY UPDATE: out of range data to strftime() causes segfault
(denial of service)
- debian/patches/any/CVE-2015-8776.diff: add range checks to
strftime() processing
- CVE-2015-8776
* SECURITY UPDATE: glibc honors LD_POINTER_GUARD env for setuid
AT_SECURE programs (e.g. setuid), allowing disabling of pointer
mangling
- debian/patches/any/CVE-2015-8777.diff: Always enable pointer
guard
- CVE-2015-8777
* SECURITY UPDATE: integer overflow in hcreate and hcreate_r
- debian/patches/any/CVE-2015-8778.diff: check for large inputs
- CVE-2015-8778
* SECURITY UPDATE: unbounded stack allocation in catopen()
- debian/patches/any/CVE-2015-8779.diff: stop using unbounded
alloca()
- CVE-2015-8779
* SECURITY UPDATE: Stack overflow in _nss_dns_getnetbyname_r
- debian/patches/any/CVE-2016-3075.diff: do not make unneeded
memory copy on the stack.
- CVE-2016-3075
* SECURITY UPDATE: pt_chown privilege escalation
- debian/patches/any/CVE-2016-2856-pre.diff: add option to
enable/disable pt_chown.
- debian/patches/any/CVE-2016-2856.diff: grantpt: trust the kernel
about pty group and permission mode
- debian/debhelper.in/libc-bin.install: drop installation of
pt_chown
- CVE-2016-2856, CVE-2013-2207
* debian/debhelper.in/libc.postinst: add reboot notifications for
security updates (LP: #1546457)
-- Steve Beattie <email address hidden> Fri, 08 Apr 2016 23:59:46 -0700
Available diffs
| Superseded in precise-security |
| Superseded in precise-updates |
| Superseded in precise-updates |
| Superseded in precise-security |
eglibc (2.15-0ubuntu10.13) precise-security; urgency=medium
* SECURITY UPDATE: glibc getaddrinfo stack-based buffer overflow
- debian/patches/any/CVE-2015-7547-pre1.diff: fix memory leak in
resolv/nss_dns/dns-host.c.
- debian/patches/any/CVE-2015-7547-pre2.diff: fix memory leak in
include/resolv.h, resolv/gethnamaddr.c, resolv/nss_dns/dns-canon.c,
resolv/nss_dns/dns-host.c, resolv/nss_dns/dns-network.c,
resolv/res_query.c, resolv/res_send.c.
- debian/patches/any/CVE-2015-7547.diff: fix buffer handling in
resolv/nss_dns/dns-host.c, resolv/res_query.c, resolv/res_send.c.
- CVE-2015-7547
-- Marc Deslauriers <email address hidden> Tue, 16 Feb 2016 11:18:00 -0500
Available diffs
- diff from 2.15-0ubuntu10.14 (in ~ubuntu-security/ubuntu/ppa) to 2.15-0ubuntu10.13 (26.2 KiB)
- diff from 2.15-0ubuntu10.12 (in Ubuntu) to 2.15-0ubuntu10.13 (10.4 KiB)
- diff from 2.15-0ubuntu10.11 (in ~ubuntu-security/ubuntu/ppa) to 2.15-0ubuntu10.13 (14.8 KiB)
- diff from 2.15-0ubuntu10 (in Ubuntu) to 2.15-0ubuntu10.13 (74.3 KiB)
| Superseded in trusty-security |
| Superseded in trusty-updates |
| Superseded in trusty-updates |
| Superseded in trusty-security |
eglibc (2.19-0ubuntu6.7) trusty-security; urgency=medium
* SECURITY UPDATE: glibc getaddrinfo stack-based buffer overflow
- debian/patches/any/CVE-2015-7547-pre1.diff: fix memory leak in
resolv/nss_dns/dns-host.c.
- debian/patches/any/CVE-2015-7547-pre2.diff: fix memory leak in
include/resolv.h, resolv/gethnamaddr.c, resolv/nss_dns/dns-canon.c,
resolv/nss_dns/dns-host.c, resolv/nss_dns/dns-network.c,
resolv/res_query.c, resolv/res_send.c.
- debian/patches/any/CVE-2015-7547.diff: fix buffer handling in
resolv/nss_dns/dns-host.c, resolv/res_query.c, resolv/res_send.c.
- CVE-2015-7547
-- Marc Deslauriers <email address hidden> Tue, 16 Feb 2016 11:35:05 -0500
Available diffs
- diff from 2.19-0ubuntu6.8 (in ~ubuntu-security/ubuntu/ppa) to 2.19-0ubuntu6.7 (24.3 KiB)
- diff from 2.19-0ubuntu6.6 (in ~ubuntu-security/ubuntu/ppa) to 2.19-0ubuntu6.7 (10.6 KiB)
- diff from 2.19-0ubuntu4~test1 to 2.19-0ubuntu6.7 (pending)
eglibc (2.15-0ubuntu10.12) precise; urgency=medium
* cvs-vfprintf-multibyte.diff: Fix "memory exhausted" bug in who, by no
longer parsing %s format arguments as multibyte strings (LP: #1109327)
* cvs-__SSE_MATH__-feraiseexcept.diff: Check for __SSE_MATH__ in x86_64
feraiseexcept to fix backported -m32 builds of GCC 4.8 (LP: #1165387)
* cvs-canonical-name.diff: Don't incorrectly do a PTR lookup when asked
to do a canonical lookup for a host using AI_CANONNAME (LP: #1057526)
* cvs-atomic-fastbins.diff: Fix race in free() of fastbin (LP: #1020210)
-- Adam Conrad <email address hidden> Wed, 25 Mar 2015 13:28:41 -0600
Available diffs
eglibc (2.15-0ubuntu10.11) precise-security; urgency=medium
* SECURITY UPDATE: getaddrinfo writes to random file descriptors under
high load
- debian/patches/any/cvs-resolv-reuse-fd.diff: reload file descriptor
after calling reopen in resolv/res_send.c.
- CVE-2013-7423
* SECURITY UPDATE: denial of service via endless loop in getaddr_r
- debian/patches/any/cvs-getnetbyname.diff: iterate over alias names in
resolv/nss_dns/dns-network.c.
- CVE-2014-9402
* SECURITY UPDATE: buffer overflow in wscanf
- debian/patches/any/cvs-wscanf.diff: calculate correct size in
stdio-common/vfscanf.c, added test to stdio-common/tst-sscanf.c.
- CVE-2015-1472
- CVE-2015-1473
-- Marc Deslauriers <email address hidden> Wed, 25 Feb 2015 09:12:22 -0500
Available diffs
eglibc (2.19-0ubuntu6.6) trusty-security; urgency=medium
* SECURITY UPDATE: getaddrinfo writes to random file descriptors under
high load
- debian/patches/any/cvs-resolv-reuse-fd.diff: reload file descriptor
after calling reopen in resolv/res_send.c.
- CVE-2013-7423
* SECURITY UPDATE: denial of service via endless loop in getaddr_r
- debian/patches/any/cvs-getnetbyname.diff: iterate over alias names in
resolv/nss_dns/dns-network.c.
- CVE-2014-9402
* SECURITY UPDATE: buffer overflow in wscanf
- debian/patches/any/cvs-wscanf.diff: calculate correct size in
stdio-common/vfscanf.c, added test to stdio-common/tst-sscanf.c.
- CVE-2015-1472
- CVE-2015-1473
-- Marc Deslauriers <email address hidden> Wed, 25 Feb 2015 09:04:10 -0500
Available diffs
eglibc (2.11.1-0ubuntu7.21) lucid-security; urgency=medium
* SECURITY UPDATE: getaddrinfo writes to random file descriptors under
high load
- debian/patches/any/cvs-resolv-reuse-fd.diff: reload file descriptor
after calling reopen in resolv/res_send.c.
- CVE-2013-7423
* SECURITY UPDATE: denial of service via endless loop in getaddr_r
- debian/patches/any/cvs-getnetbyname.diff: iterate over alias names in
resolv/nss_dns/dns-network.c.
- CVE-2014-9402
-- Marc Deslauriers <email address hidden> Wed, 25 Feb 2015 09:19:02 -0500
Available diffs
eglibc (2.15-0ubuntu10.10) precise-security; urgency=medium
* SECURITY UPDATE: buffer overflow in __nss_hostname_digits_dots
- debian/patches/any/CVE-2015-0235.diff: fix overflow in
nss/digits_dots.c
- CVE-2015-0235
-- Steve Beattie <email address hidden> Tue, 20 Jan 2015 13:22:12 -0800
Available diffs
eglibc (2.11.1-0ubuntu7.20) lucid-security; urgency=medium
* SECURITY UPDATE: buffer overflow in __nss_hostname_digits_dots
- debian/patches/any/CVE-2015-0235.diff: fix overflow in
nss/digits_dots.c
- CVE-2015-0235
-- Steve Beattie <email address hidden> Wed, 21 Jan 2015 13:03:05 -0800
Available diffs
eglibc (2.19-0ubuntu6.5) trusty; urgency=medium
* patches/amd64/local-blacklist-on-TSX-Haswell.diff: new patch from
Henrique de Moraes Holschuh to disable TSX on processors which might get
it disabled through a microcode update. (LP: #1398975)
-- Chris J Arges <email address hidden> Thu, 04 Dec 2014 08:30:10 -0600
Available diffs
eglibc (2.11.1-0ubuntu7.19) lucid-security; urgency=medium
* SECURITY UPDATE: denial of service in IBM gconv modules
- debian/patches/any/CVE-2012-6656.diff: fix check in
iconvdata/ibm930.c.
- debian/patches/any/cvs-CVE-2014-6040.diff: fix checks in
iconvdata/ibm*.c.
- CVE-2012-6656
- CVE-2014-6040
* SECURITY UPDATE: arbitrary command execution via wordexp (LP: #1396471)
- debian/patches/any/CVE-2014-7817.diff: properly handle WRDE_NOCMD in
posix/wordexp.c, added tests to posix/wordexp-test.c.
- CVE-2014-7817
-- Marc Deslauriers <email address hidden> Tue, 02 Dec 2014 11:24:33 -0500
Available diffs
eglibc (2.15-0ubuntu10.9) precise-security; urgency=medium
* SECURITY UPDATE: denial of service in IBM gconv modules
- debian/patches/any/CVE-2012-6656.diff: fix check in
iconvdata/ibm930.c.
- debian/patches/any/cvs-CVE-2014-6040.diff: fix checks in
iconvdata/ibm*.c.
- CVE-2012-6656
- CVE-2014-6040
* SECURITY UPDATE: arbitrary command execution via wordexp (LP: #1396471)
- debian/patches/any/CVE-2014-7817.diff: properly handle WRDE_NOCMD in
posix/wordexp.c, added tests to posix/wordexp-test.c.
- CVE-2014-7817
-- Marc Deslauriers <email address hidden> Tue, 02 Dec 2014 11:21:12 -0500
Available diffs
eglibc (2.19-0ubuntu6.4) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service in IBM gconv modules
- debian/patches/any/cvs-CVE-2014-6040.diff: fix checks in
iconvdata/ibm*.c.
- CVE-2014-6040
* SECURITY UPDATE: arbitrary command execution via wordexp (LP: #1396471)
- debian/patches/any/CVE-2014-7817.diff: properly handle WRDE_NOCMD in
posix/wordexp.c, added tests to posix/wordexp-test.c.
- CVE-2014-7817
-- Marc Deslauriers <email address hidden> Mon, 01 Dec 2014 12:05:33 -0500
Available diffs
eglibc (2.11.1-0ubuntu7.17) lucid-security; urgency=medium * SECURITY REGRESSION: memleak in getaddrinfo (LP: #1364584) - debian/patches/CVE-2013-4357-memleak.patch: fix memleak in sysdeps/posix/getaddrinfo.c introduced by patch for CVE-2013-4357. -- Marc Deslauriers <email address hidden> Thu, 04 Sep 2014 19:55:23 -0400
Available diffs
eglibc (2.19-0ubuntu6.3) trusty; urgency=medium * SECURITY UPDATE: heap overflow in __gconv_translit_find() (LP: #1362409) - debian/patches/any/cvs-CVE-2014-5119.diff: Backport upstream commit to completely remove support for loadable gconv transliteration modules. -- Adam Conrad <email address hidden> Wed, 27 Aug 2014 22:19:15 -0600
Available diffs
eglibc (2.15-0ubuntu10.7) precise; urgency=medium * SECURITY UPDATE: heap overflow in __gconv_translit_find() (LP: #1362409) - debian/patches/any/cvs-CVE-2014-5119.diff: Backport upstream commit to completely remove support for loadable gconv transliteration modules. * SECURITY REGRESSION: localplt regression introduced in 2.15-0ubuntu10.6 - debian/patches/any/submitted-CVE-2014-0475.diff: update with a backport of upstream commit ca38dc17 to include memmem hidden alias declaration. -- Adam Conrad <email address hidden> Wed, 27 Aug 2014 22:18:52 -0600
Available diffs
eglibc (2.11.1-0ubuntu7.16) lucid; urgency=medium * SECURITY UPDATE: heap overflow in __gconv_translit_find() (LP: #1362409) - debian/patches/any/cvs-CVE-2014-5119.diff: Backport upstream commit to completely remove support for loadable gconv transliteration modules. * SECURITY REGRESSION: localplt regression introduced in 2.11.1-0ubuntu7.14 - debian/patches/any/submitted-CVE-2014-0475.diff: update with a backport of upstream commit ca38dc17 to include memmem hidden alias declaration. -- Adam Conrad <email address hidden> Wed, 27 Aug 2014 22:08:11 -0600
Available diffs
| Deleted in trusty-proposed (Reason: moved to -updates) |
eglibc (2.19-0ubuntu6.2) trusty; urgency=medium
* debian/patches/any/cvs-use-zonedir-instead-of-current.diff: Ensure that
time zone files are detected correctly. (LP: #1294861)
-- Chris J Arges <email address hidden> Tue, 19 Aug 2014 15:20:18 -0500
Available diffs
eglibc (2.11.1-0ubuntu7.15) lucid-security; urgency=medium * SECURITY REGRESSION: segfault when using nscd (LP: #1352504) - debian/patches/lp1352504.diff: don't free non-malloced memory and fix memory leak in nscd/nscd_getserv_r.c. -- Marc Deslauriers <email address hidden> Tue, 05 Aug 2014 07:57:55 -0400
Available diffs
eglibc (2.11.1-0ubuntu7.14) lucid-security; urgency=medium
* SECURITY UPDATE: denial of service via buffer overflow in getaddrinfo
- debian/patches/CVE-2013-4357.patch: fix overflow in include/alloca.h,
nis/nss_nis/nis-alias.c, nscd/nscd_getserv_r.c, posix/glob.c,
sysdeps/posix/getaddrinfo.c.
- CVE-2013-4357
* SECURITY UPDATE: denial of service via buffer overflow in getaddrinfo
- debian/patches/any/CVE-2013-4458.patch: fix overflow in
sysdeps/posix/getaddrinfo.c.
- CVE-2013-4458
* SECURITY UPDATE: Directory traversal in locale environment handling
- debian/patches/any/CVE-2014-0475.diff: validate locale names in
locale/findlocale.c, locale/setlocale.c, added test to
localedata/tst-setlocale3.c, localedata/Makefile.
- CVE-2014-0475
* SECURITY UPDATE: use-after-free via posix_spawn_file_actions_addopen
failing to copy the path argument
- debian/patches/any/CVE-2014-4043.diff: properly copy path in
posix/spawn_faction_addopen.c, posix/spawn_faction_destroy.c,
posix/spawn_int.h, added test to posix/tst-spawn.c.
- CVE-2014-4043
* debian/patches/any/CVE-2013-4237-part2.diff: fix alignment issue
causing a readdir regression on sparc.
* debian/patches/any/CVE-2013-4332-part2.diff: added a couple of extra
commits to fix another overflow and an infinite loop.
-- Marc Deslauriers <email address hidden> Mon, 28 Jul 2014 11:23:55 -0400
Available diffs
eglibc (2.15-0ubuntu10.6) precise-security; urgency=medium
* SECURITY UPDATE: denial of service via buffer overflow in getaddrinfo
- debian/patches/any/CVE-2013-4458.patch: fix overflow in
sysdeps/posix/getaddrinfo.c.
- CVE-2013-4458
* SECURITY UPDATE: Directory traversal in locale environment handling
- debian/patches/any/CVE-2014-0475.diff: validate locale names in
locale/findlocale.c, locale/setlocale.c, added test to
localedata/tst-setlocale3.c, localedata/Makefile.
- CVE-2014-0475
* SECURITY UPDATE: use-after-free via posix_spawn_file_actions_addopen
failing to copy the path argument
- debian/patches/any/CVE-2014-4043.diff: properly copy path in
posix/spawn_faction_addopen.c, posix/spawn_faction_destroy.c,
posix/spawn_int.h, added test to posix/tst-spawn.c.
- CVE-2014-4043
* debian/patches/any/CVE-2013-4237-part2.diff: fix alignment issue
causing a readdir regression on sparc.
* debian/patches/any/CVE-2013-4332-part2.diff: added a couple of extra
commits to fix another overflow and an infinite loop.
-- Marc Deslauriers <email address hidden> Mon, 28 Jul 2014 07:46:03 -0400
Available diffs
eglibc (2.19-0ubuntu6.1) trusty-security; urgency=medium
* SECURITY UPDATE: Directory traversal in locale environment handling
- debian/patches/any/CVE-2014-0475.diff: validate locale names in
locale/findlocale.c, locale/setlocale.c, added test to
localedata/tst-setlocale3.c, localedata/Makefile.
- CVE-2014-0475
* SECURITY UPDATE: use-after-free via posix_spawn_file_actions_addopen
failing to copy the path argument
- debian/patches/any/CVE-2014-4043.diff: properly copy path in
posix/spawn_faction_addopen.c, posix/spawn_faction_destroy.c,
posix/spawn_int.h, added test to posix/tst-spawn.c.
- CVE-2014-4043
-- Marc Deslauriers <email address hidden> Mon, 28 Jul 2014 12:59:23 -0400
Available diffs
| Deleted in utopic-release (Reason: Superseded by glibc) |
| Published in trusty-release |
| Deleted in trusty-proposed (Reason: moved to release) |
eglibc (2.19-0ubuntu6) trusty; urgency=medium
* debian/patches/arm64/submitted-setcontext.diff: Update to new version
of Will's setcontext patch to fix sigmask handling bug (LP: #1306829)
-- Adam Conrad <email address hidden> Sat, 12 Apr 2014 01:47:43 -0600
Available diffs
- diff from 2.19-0ubuntu5 to 2.19-0ubuntu6 (2.0 KiB)
eglibc (2.19-0ubuntu5) trusty; urgency=medium
* Merge with unreleased 2.19 from Debian experimental, fixing more bugs:
- Pull in arm64 patches to fix setcontext corruption (LP: #1279620)
- Apply the IBM 2.19 branch for POWER8 bug fixes and optimizations.
- Change M_CHECK_ACTION to abort if first MALLOC_CHECK_ bit is set.
-- Adam Conrad <email address hidden> Wed, 09 Apr 2014 18:27:57 -0600
Available diffs
- diff from 2.19-0ubuntu4 to 2.19-0ubuntu5 (26.1 KiB)
eglibc (2.19-0ubuntu4) trusty; urgency=low
* debian/debhelper.in/libc.preinst:
- do not show glibc/restart-services question when the system
is uprading via the desktop session (LP: #1298281)
-- Michael Vogt <email address hidden> Wed, 09 Apr 2014 11:33:31 +0200
Available diffs
- diff from 2.19-0ubuntu3 to 2.19-0ubuntu4 (607 bytes)
eglibc (2.19-0ubuntu3) trusty; urgency=medium
* Merge with unreleased 2.19 from Debian experimental, fixing more bugs:
- Fix bzero/__bzero definition on powerpc/ppc64 with static builds.
- Enable IFUNC on arm64 builds, now that the toolchain supports it.
- Revert removal of the XDR currency for installation-locale FTBFS.
- Pull update from 2.19 branch, fixing bad math in __sin and __cos.
* debian/sysdeps/{i386,amd64}.mk: Build i386 flavours with -fno-regmove,
this can be reverted when gcc-4.9 becomes the default distro compiler.
* debian/*: Drop the redundant libc6-xen packages on i386 (LP: #1271534)
-- Adam Conrad <email address hidden> Sun, 09 Mar 2014 12:21:48 -0600
Available diffs
- diff from 2.19-0ubuntu2 to 2.19-0ubuntu3 (43.5 KiB)
eglibc (2.19-0ubuntu2) trusty; urgency=medium
* Merge with unreleased 2.19 from Debian experimental, fixing some bugs:
- debian/patches/any/local-no-malloc-backtrace.diff: Lower the default
for MALLOC_CHECK_ to 1, and add it to the list of insecure variables
that can't be set for suid binaries. This allows us to not backtrace
malloc failures by default (Closes: #739913, LP: #1266492) and skips
backtrace for suid binaries where an attacker calling into a corrupt
malloc internal data structure with malloc could lead to Bad Things.
- Make ldconfig stop operating on the linker entirely, so our packaged
symlinks take precedence and hack the postinst to skip ldconfig when
we detect a broken setup that the old ldconfig mangles (LP: #915995)
-- Adam Conrad <email address hidden> Sun, 23 Feb 2014 22:39:18 -0700
Available diffs
- diff from 2.18-0ubuntu7 to 2.19-0ubuntu2 (3.2 MiB)
- diff from 2.19-0ubuntu1 to 2.19-0ubuntu2 (7.2 KiB)
| Superseded in trusty-proposed |
eglibc (2.19-0ubuntu1) trusty; urgency=medium
* Merge with unreleased 2.19 from Debian experimental, remaining changes:
- Drop the Breaks line from libc6, which refers to a Debian transition
- Remove the libc6 recommends on libc6-i686, which we don't build
- Enable libc6{,-dev}-armel on armhf and libc6{-dev}-armhf on armel
- Ship update-locale and validlocale in /usr/sbin in libc-bin
- Don't build locales or locales-all in Ubuntu, we rely on langpacks
- Heavily mangle the way we do service restarting on major upgrades
- Use different MIN_KERNEL_SUPPORTED versions than Debian, due to
buildd needs. This should be universally bumped to 2.6.32 once all
our buildds (including the PPA guests) are running precise kernels
- Build i386 variants as -march=i686, build amd64 with -O3, and build
ppc64 variants (both 64-bit and 32-bit) with -O3 -fno-tree-vectorize
- debian/patches/ubuntu/local-CVE-2012-3406.diff: switch to malloc when
array grows too large to handle via alloca extension (CVE-2012-3406)
- Build generic i386/i686 flavour with -mno-tls-direct-seg-refs
* debian/patches/series.ppc64el: Drop ppc64el patches included upstream.
* debian/patches/ubuntu/delete-header-pot.diff: Removed, fixed upstream.
* expected-results-aarch64-linux-gnu-libc: Ignore two new arm64 failures
for now, so we can get glibc built and test other packages against it.
Available diffs
- diff from 2.18-0ubuntu7 to 2.19-0ubuntu1 (3.2 MiB)
eglibc (2.18-0ubuntu7) trusty; urgency=medium * debian/patches/ppc64el/ibm-branch.diff: Drop min shlib vers to 2.17. * debian/patches/ppc64el/lookup-hack.diff: Treat 2.18 symbols as 2.17. -- Adam Conrad <email address hidden> Sun, 16 Feb 2014 08:01:02 +0000
Available diffs
- diff from 2.18-0ubuntu6 to 2.18-0ubuntu7 (1.4 KiB)
eglibc (2.18-0ubuntu6) trusty; urgency=medium * debian/sysdeps/ppc64el.mk: Use --with-cpu=power7 to optimize properly. * debian/patches/ppc64el/cvs-ppc64-MCOUNT.diff: Fix uses of CALL_MCOUNT. -- Adam Conrad <email address hidden> Wed, 15 Jan 2014 17:28:49 -0700
Available diffs
- diff from 2.18-0ubuntu5 to 2.18-0ubuntu6 (1.2 KiB)
eglibc (2.18-0ubuntu5) trusty; urgency=medium
* debian/patches/arm/cvs-arm__{longjmp,sigsetjmp}-thumb.diff: Pull patch
from upstream to allow building longjmp and sigsetjmp code with Thumb.
* debian/patches/arm/cvs-arm-pointer-mangle-frame.diff: Upstream diff to
no longer apply pointer encryption to the frame pointer (LP: #1268937)
-- Adam Conrad <email address hidden> Tue, 14 Jan 2014 15:18:45 -0700
Available diffs
- diff from 2.18-0ubuntu4 to 2.18-0ubuntu5 (3.3 KiB)
eglibc (2.18-0ubuntu4) trusty; urgency=medium * debian/patches/ppc64el/ibm-branch.diff: Rebase against vfscanf patch.
Available diffs
- diff from 2.18-0ubuntu2 to 2.18-0ubuntu4 (186.0 KiB)
- diff from 2.18-0ubuntu3 to 2.18-0ubuntu4 (1.3 KiB)
| Superseded in trusty-proposed |
eglibc (2.18-0ubuntu3) trusty; urgency=medium * Merge with Debian experimental, pulling in some POWER and build fixes. * debian/patches/ppc64el/ibm-branch.diff: Rebase against vDSO backports. * debian/patches/hurd-i386/libpthread_version.diff: Remove stderr vomit. -- Adam Conrad <email address hidden> Sat, 11 Jan 2014 02:37:18 -0700
Available diffs
- diff from 2.18-0ubuntu2 to 2.18-0ubuntu3 (185.1 KiB)
eglibc (2.18-0ubuntu2) trusty; urgency=medium
* debian/patches/i386/cvs-sse42-strstr*: Backport upstream commits which
drop buggy SSE4.2 srtstr implementations in favour of an SSE2 version.
* debian/patches/kfreebsd/submitted-waitid.diff: Drop this patch pending
the resolution of the upstream bug and the Linux/libc header mismatch.
-- Adam Conrad <email address hidden> Thu, 19 Dec 2013 17:44:12 -0700
Available diffs
- diff from 2.18-0ubuntu1 to 2.18-0ubuntu2 (9.0 KiB)
eglibc (2.18-0ubuntu1) trusty; urgency=low
* Merge with latest 2.18 from Debian experimental, remaining changes:
- Drop the Breaks line from libc6, which refers to a Debian transition
- Remove the libc6 recommends on libc6-i686, which we don't build
- Enable libc6{,-dev}-armel on armhf and libc6{-dev}-armhf on armel
- Ship update-locale and validlocale in /usr/sbin in libc-bin
- Don't build locales or locales-all in Ubuntu, we rely on langpacks
- Heavily mangle the way we do service restarting on major upgrades
- Use different MIN_KERNEL_SUPPORTED versions than Debian, due to
buildd needs. This should be universally bumped to 2.6.32 once all
our buildds (including the PPA guests) are running precise kernels
- Build i386 variants as -march=i686, build amd64 with -O3, and build
ppc64 variants (both 64-bit and 32-bit) with -O3 -fno-tree-vectorize
- debian/patches/ubuntu/local-CVE-2012-3406.diff: switch to malloc when
array grows too large to handle via alloca extension (CVE-2012-3406)
- Build generic i386/i686 flavour with -mno-tls-direct-seg-refs
* debian/patches/ubuntu/local-linaro-cortex-strings.diff: Dropped at the
request of Will Newton, who will upstream something more performant.
* debian/patches/i386/cvs-nonascii-case-strcmp.diff: Pull upstream patch
to fix LC_CTYPE nonascii-case fallback in i686 strcasecmp/strncasecmp.
* debian/testsuite-checking/*: Update 686 targets to match the 586 ones.
* Generate expected-results-powerpc64le-linux-gnu-libc for ppc64el port.
Available diffs
| Superseded in trusty-release |
| Obsolete in saucy-release |
| Deleted in saucy-proposed (Reason: moved to release) |
eglibc (2.17-93ubuntu4) saucy; urgency=low
* patches/arm64/cvs-setjmp-clobber.diff: __sigsetjmp clobbers register
x1 before making the tail call to __sigjmp_save, which causes the
latter to always save the signal mask. Backport git patch to fix.
* patches/series: Revert the CVE-2013-2207 pt_chown fix until we come
up with a sane plan to avoid users shooting themselves in the foot.
* debhelper.in/libc-bin.install: Install pt_chown again for the above.
-- Adam Conrad <email address hidden> Fri, 11 Oct 2013 21:06:21 -0600
Available diffs
- diff from 2.17-93ubuntu1 to 2.17-93ubuntu4 (17.6 KiB)
- diff from 2.17-93ubuntu3 to 2.17-93ubuntu4 (2.2 KiB)
| Superseded in saucy-proposed |
eglibc (2.17-93ubuntu3) saucy; urgency=low * Revert the CVE-2013-4788 fix, as it causes the ARM testsuite to fail. -- Adam Conrad <email address hidden> Thu, 10 Oct 2013 01:25:14 -0600
Available diffs
- diff from 2.17-93ubuntu2 to 2.17-93ubuntu3 (540 bytes)
| Superseded in saucy-proposed |
eglibc (2.17-93ubuntu2) saucy; urgency=low
* patches/any/cvs-CVE-2012-44xx.diff: backport overflow fixes in strcoll
addressing CVE-2012-4412 and CVE-2012-4424 (Closes: #687530, #689423)
* patches/any/cvs-CVE-2013-4237.diff: backport git fix to respect the
NAME_MAX constraints in readdir_r: CVE-2013-4237 (Closes: #719558)
* debian/patches/any/cvs-CVE-2013-2207-pt_chown.diff: backpot git patch
to disable building and using pt_chown: CVE-2013-2207 (Closes: #717544)
* debhelper.in/libc-bin.install: Adjust packaging for the above change.
* patches/any/cvs-CVE-2013-4788-static-ptrguard*: backport fix from git
for pointer mangling in static builds: CVE-2013-4788 (Closes: #717178)
* patches/ubuntu/unsubmitted-dlopen-static-crash.diff: New patch from
Maciej Rozycki to fix a dlopen segfault in statically linked programs.
-- Adam Conrad <email address hidden> Wed, 09 Oct 2013 22:29:57 -0600
Available diffs
- diff from 2.17-93ubuntu1 to 2.17-93ubuntu2 (16.6 KiB)
eglibc (2.11.1-0ubuntu7.13) lucid-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
strcoll overflows
- debian/patches/any/CVE-2012-44xx.diff: fix overflows in
string/strcoll_l.c, add test to string/tst-strcoll-overflow.c,
string/Makefile.
- CVE-2012-4412
- CVE-2012-4424
* SECURITY UPDATE: denial of service in regular expression matcher
- debian/patches/any/CVE-2013-0242.diff: fix buffer overrun in
posix/regexec.c, add test to posix/bug-regex34.c, posix/Makefile.
- CVE-2013-0242
* SECURITY UPDATE: denial of service in getaddrinfo
- debian/patches/any/CVE-2013-1914.diff: fix overflow in
sysdeps/posix/getaddrinfo.c, add libc_hidden_proto for
__libc_alloca_cutoff in include/alloca.h, nptl/Versions,
nptl/alloca_cutoff.c.
- CVE-2013-1914
* SECURITY UPDATE: denial of service and possible code execution via
readdir_r
- debian/patches/any/CVE-2013-4237.diff: enforce NAME_MAX limit in
sysdeps/unix/readdir_r.c, add errcode to sysdeps/unix/dirstream.h,
sysdeps/unix/opendir.c, sysdeps/unix/rewinddir.c, remove
GETDENTS_64BIT_ALIGNED from
sysdeps/unix/sysv/linux/i386/readdir64_r.c,
sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c.
- CVE-2013-4237
* SECURITY UPDATE: denial of service and possible code execution via
overflows in memory allocator
- debian/patches/any/CVE-2013-4332.diff: check for overflows in
malloc/malloc.c.
- CVE-2013-4332
-- Marc Deslauriers <email address hidden> Tue, 01 Oct 2013 20:14:40 -0400
Available diffs
eglibc (2.15-0ubuntu10.5) precise-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
strcoll overflows
- debian/patches/any/CVE-2012-44xx.diff: fix overflows in
string/strcoll_l.c, add test to string/tst-strcoll-overflow.c,
string/Makefile.
- CVE-2012-4412
- CVE-2012-4424
* SECURITY UPDATE: denial of service in regular expression matcher
- debian/patches/any/CVE-2013-0242.diff: fix buffer overrun in
posix/regexec.c, add test to posix/bug-regex34.c, posix/Makefile.
- CVE-2013-0242
* SECURITY UPDATE: denial of service in getaddrinfo
- debian/patches/any/CVE-2013-1914.diff: fix overflow in
sysdeps/posix/getaddrinfo.c.
- CVE-2013-1914
* SECURITY UPDATE: denial of service and possible code execution via
readdir_r
- debian/patches/any/CVE-2013-4237.diff: enforce NAME_MAX limit in
sysdeps/unix/readdir_r.c, add errcode to sysdeps/unix/dirstream.h,
sysdeps/unix/opendir.c, sysdeps/unix/rewinddir.c, remove
GETDENTS_64BIT_ALIGNED from
sysdeps/unix/sysv/linux/i386/readdir64_r.c,
sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c.
- CVE-2013-4237
* SECURITY UPDATE: denial of service and possible code execution via
overflows in memory allocator
- debian/patches/any/CVE-2013-4332.diff: check for overflows in
malloc/malloc.c.
- CVE-2013-4332
-- Marc Deslauriers <email address hidden> Fri, 27 Sep 2013 16:09:49 -0400
Available diffs
eglibc (2.15-0ubuntu20.2) quantal-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
strcoll overflows
- debian/patches/any/CVE-2012-44xx.diff: fix overflows in
string/strcoll_l.c, add test to string/tst-strcoll-overflow.c,
string/Makefile.
- CVE-2012-4412
- CVE-2012-4424
* SECURITY UPDATE: denial of service in regular expression matcher
- debian/patches/any/CVE-2013-0242.diff: fix buffer overrun in
posix/regexec.c, add test to posix/bug-regex34.c, posix/Makefile.
- CVE-2013-0242
* SECURITY UPDATE: denial of service in getaddrinfo
- debian/patches/any/CVE-2013-1914.diff: fix overflow in
sysdeps/posix/getaddrinfo.c.
- CVE-2013-1914
* SECURITY UPDATE: denial of service and possible code execution via
readdir_r
- debian/patches/any/CVE-2013-4237.diff: enforce NAME_MAX limit in
sysdeps/unix/readdir_r.c, add errcode to sysdeps/unix/dirstream.h,
sysdeps/unix/opendir.c, sysdeps/unix/rewinddir.c, remove
GETDENTS_64BIT_ALIGNED from
sysdeps/unix/sysv/linux/i386/readdir64_r.c,
sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c.
- CVE-2013-4237
* SECURITY UPDATE: denial of service and possible code execution via
overflows in memory allocator
- debian/patches/any/CVE-2013-4332.diff: check for overflows in
malloc/malloc.c.
- CVE-2013-4332
-- Marc Deslauriers <email address hidden> Fri, 27 Sep 2013 13:49:56 -0400
Available diffs
eglibc (2.17-0ubuntu5.1) raring-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
strcoll overflows
- debian/patches/any/CVE-2012-44xx.diff: fix overflows in
string/strcoll_l.c, add test to string/tst-strcoll-overflow.c,
string/Makefile.
- CVE-2012-4412
- CVE-2012-4424
* SECURITY UPDATE: denial of service in regular expression matcher
- debian/patches/any/CVE-2013-0242.diff: fix buffer overrun in
posix/regexec.c, add test to posix/bug-regex34.c, posix/Makefile.
- CVE-2013-0242
* SECURITY UPDATE: denial of service in getaddrinfo
- debian/patches/any/CVE-2013-1914.diff: fix overflow in
sysdeps/posix/getaddrinfo.c.
- CVE-2013-1914
* SECURITY UPDATE: denial of service and possible code execution via
readdir_r
- debian/patches/any/CVE-2013-4237.diff: enforce NAME_MAX limit in
sysdeps/posix/readdir_r.c, add errcode to sysdeps/posix/dirstream.h,
sysdeps/posix/opendir.c, sysdeps/posix/rewinddir.c, remove
GETDENTS_64BIT_ALIGNED from
sysdeps/unix/sysv/linux/i386/readdir64_r.c,
sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c.
- CVE-2013-4237
* SECURITY UPDATE: denial of service and possible code execution via
overflows in memory allocator
- debian/patches/any/CVE-2013-4332.diff: check for overflows in
malloc/malloc.c.
- CVE-2013-4332
-- Marc Deslauriers <email address hidden> Fri, 27 Sep 2013 09:07:13 -0400
Available diffs
eglibc (2.17-93ubuntu1) saucy; urgency=low * Merge with Debian unstable, bringing in testsuite and security fixes.
Available diffs
- diff from 2.17-91ubuntu1 to 2.17-93ubuntu1 (12.5 KiB)
eglibc (2.17-91ubuntu1) saucy; urgency=low
* Merge with Debian unstable, running the testsuite in parallel
and moving some manpages from eglibc to the manpages package.
Available diffs
- diff from 2.17-7ubuntu1 to 2.17-91ubuntu1 (592.4 KiB)
eglibc (2.17-7ubuntu1) saucy; urgency=low
* Merge with Debian unstable, bringing in several tweaks and fixes.
* debian/control.in/main: Drop build-conflicts on binutils-gold to
make us buildable again with the new binutils that provides it.
* Re-enable hard failure on testsuite failure for development builds.
Available diffs
- diff from 2.17-0ubuntu5 to 2.17-7ubuntu1 (107.6 KiB)
| Superseded in saucy-release |
| Obsolete in raring-release |
| Deleted in raring-proposed (Reason: moved to release) |
eglibc (2.17-0ubuntu5) raring; urgency=low
* debian/debhelper.in/libc.postint: Switch from 'awk gsub' to 'tr -d' to
avoid warnings when the awk alternative points to gawk (LP: #1156923)
* debian/patches/any/submitted-setfsid-wur.diff: Drop __wur from setfsuid
and setfsgid functions to avoid -Werror=unused-result (Closes: #701422)
* debian/patches/i386/cvs-simd-exception.diff: Pull patch from upstream
to fix a performance regression in i386 SIMD exceptions (LP: #1157244)
* debian/patches/svn-updates.diff: Update to r22884 of eglibc-2_17 branch
* debian/testsuite-checking/compare.sh: Disable hard testsuite failures
for release to avoid stable updates exploding as buildd kernels change
-- Adam Conrad <email address hidden> Wed, 17 Apr 2013 22:53:13 -0600
Available diffs
- diff from 2.17-0ubuntu4 to 2.17-0ubuntu5 (4.0 KiB)
eglibc (2.17-0ubuntu4) raring; urgency=low * Brown paper bag release: restore g++-multilib build-dep on armhf. -- Adam Conrad <email address hidden> Fri, 08 Feb 2013 23:09:13 -0700
Available diffs
- diff from 2.17-0ubuntu2 to 2.17-0ubuntu4 (3.3 KiB)
- diff from 2.17-0ubuntu3 to 2.17-0ubuntu4 (708 bytes)
| Superseded in raring-proposed |
eglibc (2.17-0ubuntu3) raring; urgency=low
* Merge with Debian experimental, fixing arm64 builds and adding
support for upstart's shiny new stateful re-exec capabilities.
* Re-enable audit build-dep now that libaudit is moving to main.
Available diffs
- diff from 2.17-0ubuntu2 to 2.17-0ubuntu3 (3.2 KiB)
eglibc (2.17-0ubuntu2) raring; urgency=low * Merge with Debian experimental, bringing in several small fixes. * Sync Ubuntu's expected testsuite results with Debian's new ones.
Available diffs
- diff from 2.17-0ubuntu1 to 2.17-0ubuntu2 (7.6 KiB)
eglibc (2.17-0ubuntu1) raring; urgency=low
* Merge with Debian, bringing in a new upstream and many small fixes:
- patches/any/cvs-malloc-deadlock.diff: Dropped, merged upstream.
- patches/ubuntu/lddebug-scopes.diff: Rebase for upstream changes.
- patches/ubuntu/local-CVE-2012-3406.diff: Rebased against upstream.
- patches/ubuntu/no-asm-mtune-i686.diff: Fixed in recent binutils.
* This upstream merge fixes a nasty hang in pulseaudio (LP: #1085342)
* Bump MIN_KERNEL_SUPPORTED to 2.6.32 on ARM, now that we no longer
have to support shonky 2.6.31 kernels on imx51 babbage builders.
* Drop patches/ubuntu/local-disable-nscd-host-caching.diff, as these
issues were apparently resolved upstream a while ago (LP: #613662)
* Fix the compiled-in bug URL to point to launchpad.net, not Debian.
Available diffs
- diff from 2.16-0ubuntu8 to 2.17-0ubuntu1 (1.4 MiB)
eglibc (2.15-0ubuntu10.4) precise; urgency=low
* Add patch ubuntu/local-disable-nscd-netgroup-caching.diff to
disable netgroup caching in the default config (LP: #1068889)
* Backport any/cvs-malloc-deadlock.diff from upstream to prevent
glibc deadlocking in mallock arena retry paths (LP: #1081734)
* Fix futex issue (BZ #13844), backport from 2.16 (LP: #1091186)
* Drop patch any/local-disable-nscd-host-caching.diff, as this
bug was apparently resolved upstream a while ago (LP: #613662)
* Add patch any/cvs-ld-self-load.diff to restore ld.so's ability
to load itself, a behaviour accidentally removed (LP: #1088677)
* Drop dangling libnss_db.so symlink in libc6-dev (LP: #1088773)
-- Adam Conrad <email address hidden> Sun, 27 Jan 2013 16:46:30 -0700
Available diffs
eglibc (2.15-0ubuntu20.1) quantal; urgency=low
* Add patch ubuntu/local-disable-nscd-netgroup-caching.diff to
disable netgroup caching in the default config (LP: #1068889)
* Backport any/cvs-malloc-deadlock.diff from upstream to prevent
glibc deadlocking in mallock arena retry paths (LP: #1081734)
* Fix futex issue (BZ #13844), backport from 2.16 (LP: #1091186)
* Drop patch any/local-disable-nscd-host-caching.diff, as this
bug was apparently resolved upstream a while ago (LP: #613662)
* Add patch any/cvs-ld-self-load.diff to restore ld.so's ability
to load itself, a behaviour accidentally removed (LP: #1088677)
* Drop dangling libnss_db.so symlink in libc6-dev (LP: #1088773)
-- Adam Conrad <email address hidden> Sun, 27 Jan 2013 16:46:30 -0700
Available diffs
eglibc (2.16-0ubuntu8) raring; urgency=low
* Switch armel/armhf libc-dev-alt builds to the same symlink method
used by other arches to avoid duplicate files and dpkg oopses.
* Merge with experimental, fixing rtlddir for x32 alternate builds.
-- Adam Conrad <email address hidden> Mon, 26 Nov 2012 18:32:55 -0700
Available diffs
- diff from 2.16-0ubuntu7 to 2.16-0ubuntu8 (1.9 KiB)
eglibc (2.16-0ubuntu7) raring; urgency=low
* Merge with 2.16-0experimental1 from Debian, bringing in my
upstream version of the C++ header autodetection patch, some
packaging and upgrade fixes, and reducing our delta further.
* Fix debian/tests/control syntax for autopkgtest (LP: #1081500)
* Add patch ubuntu/local-disable-nscd-netgroup-caching.diff to
disable netgroup caching in the default config (LP: #1068889)
* Backport any/cvs-malloc-deadlock.diff from upstream to prevent
glibc deadlocking in mallock arena retry paths (LP: #1081734)
-- Adam Conrad <email address hidden> Sun, 25 Nov 2012 19:00:46 -0700
Available diffs
- diff from 2.16-0ubuntu6 to 2.16-0ubuntu7 (12.9 KiB)
eglibc (2.16-0ubuntu6) raring; urgency=low
* debian/tests/{control,rebuild}: add a stub autopkgtest rebuild
test and add the XS-Testsuite header to control (LP: #1081500)
* Rework unsubmitted-cxxheaders-detection3.dif one more time to
account for more multiarch versus multilib location oddities.
* Adjust expected results for intermittent tst-mqueue5 failures.
-- Adam Conrad <email address hidden> Wed, 21 Nov 2012 12:34:25 -0700
Available diffs
- diff from 2.16-0ubuntu3 to 2.16-0ubuntu6 (24.3 KiB)
- diff from 2.16-0ubuntu5 to 2.16-0ubuntu6 (1.9 KiB)
| Superseded in raring-proposed |
eglibc (2.16-0ubuntu5) raring; urgency=low
* Adjust patches/any/unsubmitted-cxxheaders-detection3.diff to try
calling g++ -print-multiarch first and fall back to -dumpmachine,
to account for architectures where those two values can differ.
-- Adam Conrad <email address hidden> Wed, 21 Nov 2012 00:00:10 -0700
Available diffs
- diff from 2.16-0ubuntu4 to 2.16-0ubuntu5 (875 bytes)
| Superseded in raring-proposed |
eglibc (2.16-0ubuntu4) raring; urgency=low
* Merge with experimental SVN, bringing in several packaging fixes,
and my patch to give crti.o on armhf the Tag_ABI_VFP_args tag.
* Update expected testsuite results and re-enable testsuite checks.
* Add patches/powerpc/unsubmitted_UAPI_ASM_POWERPC_ELF.diff to track
the kernel's renaming _ASM_POWERPC_ELF to _UAPI_ASM_POWERPC_ELF.
* Backport patches/any/cvs-cxxheaders-{detection1,detection2}.diff
from upstream to clean up the C++ header detection for -nostdinc.
* Add patches/any/unsubmitted-cxxheaders-detection3.diff to make the
above work with our new g++, which puts headers in a new location.
-- Adam Conrad <email address hidden> Mon, 19 Nov 2012 20:14:14 -0700
Available diffs
- diff from 2.16-0ubuntu3 to 2.16-0ubuntu4 (23.9 KiB)
eglibc (2.13-20ubuntu5.3) oneiric; urgency=low
* Pull three interdependent patches from Debian to fix AVX detection
problems on kernels or CPUs that lack support for it (LP: #979003):
- amd64/cvs-avx-detection.diff: Improved detection on old kernels.
- amd64/cvs-dl_trampoline-cfi.diff: fix CFI in dl_trampoline code.
- amd64/cvs-avx-osxsave.diff: Disable AVX without OSXAVE support.
-- Adam Conrad <email address hidden> Wed, 14 Nov 2012 16:03:25 -0700
Available diffs
eglibc (2.11.1-0ubuntu7.12) lucid; urgency=low
* Pull three interdependent patches from Debian to fix AVX detection
problems on kernels or CPUs that lack support for it (LP: #979003):
- amd64/cvs-avx-detection.diff: Improved detection on old kernels.
- amd64/cvs-dl_trampoline-cfi.diff: fix CFI in dl_trampoline code.
- amd64/cvs-avx-osxsave.diff: Disable AVX without OSXAVE support.
* Also backport amd64/submitted-tst-audit6-avx.diff from oneiric to
skip tests if AVX extensions are not available on the build host.
* Use non-deprecated --reject-format=unified QUILT_PATCH_OPTS option.
-- Adam Conrad <email address hidden> Wed, 14 Nov 2012 16:14:37 -0700
Available diffs
eglibc (2.16-0ubuntu3) raring; urgency=low * Regenerate the control file. -- Matthias Klose <email address hidden> Sat, 27 Oct 2012 23:54:17 +0200
Available diffs
- diff from 2.16-0ubuntu1 to 2.16-0ubuntu3 (2.3 KiB)
- diff from 2.16-0ubuntu2 to 2.16-0ubuntu3 (609 bytes)
| Superseded in raring-proposed |
eglibc (2.16-0ubuntu2) raring; urgency=low
* Enable building x32 multilib libraries on amd64 and i386.
* Build x32 multilib libraries with -mx32.
* Don't run the x32 testsuite on amd64 and i386, kernel support missing.
* Revert the fix for bz13979, breaking AC_HEADER checks with compilers
having _FORTIFY_SOURCE enabled by default. To be reverted before the
13.04 release.
-- Matthias Klose <email address hidden> Sat, 27 Oct 2012 17:34:07 +0200
Available diffs
- diff from 2.16-0ubuntu1 to 2.16-0ubuntu2 (2.3 KiB)
eglibc (2.16-0ubuntu1) raring; urgency=low
* Merge with unreleased 2.16 in Debian experimental, remaining changes:
- Drop the Breaks line from libc6, which refers to a Debian transition
- Remove the libc6 recommends on libc6-i686, which we don't build
- Enable libc6{,-dev}-armel on armhf and libc6{-dev}-armhf on armel
- Ship update-locale and validlocale in /usr/sbin in libc-bin
- Don't build locales or locales-all in Ubuntu, we rely on langpacks
- Heavily mangle the way we do service restarting on major upgrades
- Use different MIN_KERNEL_SUPPORTED versions than Debian, due to
buildd needs. This should be universally bumped to 3.2.0 once all
our buildds (including the PPA guests) are running precise kernels
- Build i386 variants as -march=i686, build amd64 with -O3, and build
ppc64 variants (both 64-bit and 32-bit) with -O3 -fno-tree-vectorize
- Re-enable unsubmitted-ldconfig-cache-abi.diff and rebuild the cache
on upgrades from previous versions that used a different constant
- debian/patches/any/local-CVE-2012-3406.diff: switch to malloc when
array grows too large to handle via alloca extension (CVE-2012-3406)
- Build generic i386/i686 flavour with -mno-tls-direct-seg-refs
* Changes added/dropped with this merge while reducing our delta:
- Stop building glibc docs from the eglibc source, and instead make
the glibc-docs stub have a hard dependency on glibc-doc-reference
- Remove outdated conflicts against ancient versions of ia32-libs
- Drop the tzdata dependency from libc6, it's in required and minimal
- Use gcc-4.7/g++-4.7 by default on all our supported architectures
- Save our historical changelog as changelog.ubuntu in the source
- Drop nscd's libaudit build-dep for now, as libaudit is in universe
- Drop the unnecessary Breaks from libc6 to locales and locales-all
- Ship xen's ld.so.conf.d snippet as /etc/ld.so.conf.d/libc6-xen.conf
* Disable hard failures on the test suite for the first upload to raring
Available diffs
eglibc (2.15-0ubuntu10.3) precise; urgency=low * Backport fixes for dbl-64 and ldbl-128 issues (LP: #1000498) * Backport another FMA support patch from glibc master branch.
Available diffs
| 1 → 75 of 225 results | First • Previous • Next • Last |
