lp:ubuntu/karmic-security/eglibc

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

25. By Kees Cook on 2011-01-10

* SECURITY UPDATE: setuid iconv users could load arbitrary libraries.
  - debian/patches/any/dst-expansion-fix.diff: refresh with new
    proposed solution, avoiding iconv issues.
  - any/cvs-check-setuid-on-audit.diff: upstream fix for CVE-2010-3856,
    which was already had a work-around in 2.10.1-0ubuntu18.

24. By Kees Cook on 2010-10-21

* SECURITY UPDATE: root escalation via LD_AUDIT DST expansion.
  - debian/patches/any/dst-expansion-fix.diff: upstream fixes.
  - CVE-2010-3847
  - debian/patches/any/disable-ld_audit.diff: turn off LD_AUDIT
    for setuid binaries.

23. By Kees Cook on 2010-05-19

* SECURITY UPDATE: integer overflow in strfmon() might lead to arbitrary
  code execution.
  - debian/patches/any/git-strfmon-overflow.diff: backport from upstream.
  - CVE-2008-1391
* SECURITY UPDATE: newlines not escaped in /etc/mtab.
  - debian/patches/any/git-mntent-newline-escape.diff: upstream fixes.
  - CVE-2010-0296
* SECURITY UPDATE: arbitrary code execution from ELF headers (LP: #542197).
  - debian/patches/any/git-fix-dtag-cast.diff: upstream fixes.
  - CVE-2010-0830
* debian/patches/any/git-readdir-padding.diff: fix readdir padding when
  processing getdents64() in a 32-bit execution environment (LP: #392501).

22. By Matthias Klose on 2009-10-06

Don't fail the build explicitely on any architecture (used for ppa
uploads to save buildd resources).

21. By Matthias Klose on 2009-10-06

* Tighten build dependencies for binutils and gcc-4.4 with fix
  for PR debug/40521. LP: #440172.
* On armel, don't explicitely build with -fno-dwarf2-cfi-asm.
* On armel, remove check-textrel.out test from expected to fail.

20. By Matthias Klose on 2009-10-01

* On armel build with -fno-dwarf2-cfi-asm (will be the default with
  gcc-4.4 (>= 4.4.1-5ubuntu1).
* Build-depend on binutils fixing PR ld/9863.

19. By Steve Langasek on 2009-09-14

[ Steve Langasek ]
* Restore missing depends/conflicts/replaces handling for findutils and
  belocs-locales-bin, lost in the latest merge.
* Move ldconfig trigger handling to libc-bin postinst, since that's where
  ldconfig and the trigger are actually located.
* Drop debian/local/etc_init.d from the source, which is no longer shipped
  in the package having been dropped in Debian
* debian/rules.d/debhelper.mk: revert breakage from Debian experimental;
  pulling in file substitutions from script.in has to happen before
  substituting other tokens, since script.in/nohwcap.sh contains other
  tokens that have to be replaced. LP: #427288.

[ Matthias Klose ]
* Don't apply hppa patches, don't apply
  any/local-linuxthreads-kill_other.diff.

18. By Matthias Klose on 2009-09-12

Fix merge error resulting in a build failure of glibc-doc.

17. By Matthias Klose on 2009-09-12

[ Matthias Klose ]
* Merge with Debian (r3833, eglibc-2.10 branch).
* Don't build libc6-vfp anymore.
* Update from the eglibc 2.10 maintainance branch (rev 8895).
  - Remove patches/any/submitted-libgcc_s.so.diff.
* Move the ldconfig trigger from libc6 to libc-bin.

[ Loïc Minier
* Update testsuite for armel since the real FPU on the buildds passes more
  tests than the software emulation.
* Fix Vcs-Bzr URL to use https.

16. By Steve Langasek on 2009-09-12

debian/sysdeps/i386.mk: cherrypick fix from Debian, lost somewhere along
the way, that prevents /etc/ld.so.conf.d/xen.conf being added to the
libc6-xen package. LP: #427288. This still leaves us with a delta
relative to the Debian conffile name, which we ought to clean up at some
later date.