Branches for Quantal

Author: Steve Langasek
Revision Date: 2013-12-11 22:51:10 UTC

Null merge of fixed up commits

Author: Adam Conrad
Revision Date: 2013-01-27 16:46:30 UTC

* Add patch ubuntu/local-disable-nscd-netgroup-caching.diff to
  disable netgroup caching in the default config (LP: #1068889)
* Backport any/cvs-malloc-deadlock.diff from upstream to prevent
  glibc deadlocking in mallock arena retry paths (LP: #1081734)
* Fix futex issue (BZ #13844), backport from 2.16 (LP: #1091186)
* Drop patch any/local-disable-nscd-host-caching.diff, as this
  bug was apparently resolved upstream a while ago (LP: #613662)
* Add patch any/cvs-ld-self-load.diff to restore ld.so's ability
  to load itself, a behaviour accidentally removed (LP: #1088677)
* Drop dangling libnss_db.so symlink in libc6-dev (LP: #1088773)

Author: Marc Deslauriers
Revision Date: 2013-09-27 13:49:56 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  strcoll overflows
  - debian/patches/any/CVE-2012-44xx.diff: fix overflows in
    string/strcoll_l.c, add test to string/tst-strcoll-overflow.c,
    string/Makefile.
  - CVE-2012-4412
  - CVE-2012-4424
* SECURITY UPDATE: denial of service in regular expression matcher
  - debian/patches/any/CVE-2013-0242.diff: fix buffer overrun in
    posix/regexec.c, add test to posix/bug-regex34.c, posix/Makefile.
  - CVE-2013-0242
* SECURITY UPDATE: denial of service in getaddrinfo
  - debian/patches/any/CVE-2013-1914.diff: fix overflow in
    sysdeps/posix/getaddrinfo.c.
  - CVE-2013-1914
* SECURITY UPDATE: denial of service and possible code execution via
  readdir_r
  - debian/patches/any/CVE-2013-4237.diff: enforce NAME_MAX limit in
    sysdeps/unix/readdir_r.c, add errcode to sysdeps/unix/dirstream.h,
    sysdeps/unix/opendir.c, sysdeps/unix/rewinddir.c, remove
    GETDENTS_64BIT_ALIGNED from
    sysdeps/unix/sysv/linux/i386/readdir64_r.c,
    sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c.
  - CVE-2013-4237
* SECURITY UPDATE: denial of service and possible code execution via
  overflows in memory allocator
  - debian/patches/any/CVE-2013-4332.diff: check for overflows in
    malloc/malloc.c.
  - CVE-2013-4332

Author: Marc Deslauriers
Revision Date: 2013-09-27 13:49:56 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  strcoll overflows
  - debian/patches/any/CVE-2012-44xx.diff: fix overflows in
    string/strcoll_l.c, add test to string/tst-strcoll-overflow.c,
    string/Makefile.
  - CVE-2012-4412
  - CVE-2012-4424
* SECURITY UPDATE: denial of service in regular expression matcher
  - debian/patches/any/CVE-2013-0242.diff: fix buffer overrun in
    posix/regexec.c, add test to posix/bug-regex34.c, posix/Makefile.
  - CVE-2013-0242
* SECURITY UPDATE: denial of service in getaddrinfo
  - debian/patches/any/CVE-2013-1914.diff: fix overflow in
    sysdeps/posix/getaddrinfo.c.
  - CVE-2013-1914
* SECURITY UPDATE: denial of service and possible code execution via
  readdir_r
  - debian/patches/any/CVE-2013-4237.diff: enforce NAME_MAX limit in
    sysdeps/unix/readdir_r.c, add errcode to sysdeps/unix/dirstream.h,
    sysdeps/unix/opendir.c, sysdeps/unix/rewinddir.c, remove
    GETDENTS_64BIT_ALIGNED from
    sysdeps/unix/sysv/linux/i386/readdir64_r.c,
    sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c.
  - CVE-2013-4237
* SECURITY UPDATE: denial of service and possible code execution via
  overflows in memory allocator
  - debian/patches/any/CVE-2013-4332.diff: check for overflows in
    malloc/malloc.c.
  - CVE-2013-4332