Created by James Westby on 2010-05-25 and last modified on 2011-01-10
Get this branch:
bzr branch lp:ubuntu/karmic-security/eglibc
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Ubuntu branches
Review team:
Ubuntu Development Team

Recent revisions

25. By Kees Cook on 2011-01-10

* SECURITY UPDATE: setuid iconv users could load arbitrary libraries.
  - debian/patches/any/dst-expansion-fix.diff: refresh with new
    proposed solution, avoiding iconv issues.
  - any/cvs-check-setuid-on-audit.diff: upstream fix for CVE-2010-3856,
    which was already had a work-around in 2.10.1-0ubuntu18.

24. By Kees Cook on 2010-10-21

* SECURITY UPDATE: root escalation via LD_AUDIT DST expansion.
  - debian/patches/any/dst-expansion-fix.diff: upstream fixes.
  - CVE-2010-3847
  - debian/patches/any/disable-ld_audit.diff: turn off LD_AUDIT
    for setuid binaries.

23. By Kees Cook on 2010-05-19

* SECURITY UPDATE: integer overflow in strfmon() might lead to arbitrary
  code execution.
  - debian/patches/any/git-strfmon-overflow.diff: backport from upstream.
  - CVE-2008-1391
* SECURITY UPDATE: newlines not escaped in /etc/mtab.
  - debian/patches/any/git-mntent-newline-escape.diff: upstream fixes.
  - CVE-2010-0296
* SECURITY UPDATE: arbitrary code execution from ELF headers (LP: #542197).
  - debian/patches/any/git-fix-dtag-cast.diff: upstream fixes.
  - CVE-2010-0830
* debian/patches/any/git-readdir-padding.diff: fix readdir padding when
  processing getdents64() in a 32-bit execution environment (LP: #392501).

22. By Matthias Klose on 2009-10-06

Don't fail the build explicitely on any architecture (used for ppa
uploads to save buildd resources).

21. By Matthias Klose on 2009-10-06

* Tighten build dependencies for binutils and gcc-4.4 with fix
  for PR debug/40521. LP: #440172.
* On armel, don't explicitely build with -fno-dwarf2-cfi-asm.
* On armel, remove check-textrel.out test from expected to fail.

20. By Matthias Klose on 2009-10-01

* On armel build with -fno-dwarf2-cfi-asm (will be the default with
  gcc-4.4 (>= 4.4.1-5ubuntu1).
* Build-depend on binutils fixing PR ld/9863.

19. By Steve Langasek on 2009-09-14

[ Steve Langasek ]
* Restore missing depends/conflicts/replaces handling for findutils and
  belocs-locales-bin, lost in the latest merge.
* Move ldconfig trigger handling to libc-bin postinst, since that's where
  ldconfig and the trigger are actually located.
* Drop debian/local/etc_init.d from the source, which is no longer shipped
  in the package having been dropped in Debian
* debian/rules.d/debhelper.mk: revert breakage from Debian experimental;
  pulling in file substitutions from script.in has to happen before
  substituting other tokens, since script.in/nohwcap.sh contains other
  tokens that have to be replaced. LP: #427288.

[ Matthias Klose ]
* Don't apply hppa patches, don't apply

18. By Matthias Klose on 2009-09-12

Fix merge error resulting in a build failure of glibc-doc.

17. By Matthias Klose on 2009-09-12

[ Matthias Klose ]
* Merge with Debian (r3833, eglibc-2.10 branch).
* Don't build libc6-vfp anymore.
* Update from the eglibc 2.10 maintainance branch (rev 8895).
  - Remove patches/any/submitted-libgcc_s.so.diff.
* Move the ldconfig trigger from libc6 to libc-bin.

[ Loïc Minier
* Update testsuite for armel since the real FPU on the buildds passes more
  tests than the software emulation.
* Fix Vcs-Bzr URL to use https.

16. By Steve Langasek on 2009-09-12

debian/sysdeps/i386.mk: cherrypick fix from Debian, lost somewhere along
the way, that prevents /etc/ld.so.conf.d/xen.conf being added to the
libc6-xen package. LP: #427288. This still leaves us with a delta
relative to the Debian conffile name, which we ought to clean up at some
later date.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.