lp:ubuntu/maverick-updates/eglibc

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

58. By Steve Beattie on 2012-03-06

* SECURITY UPDATE: timezone header parsing integer overflow (LP: #906961)
  - debian/patches/any/glibc-CVE-2009-5029.patch: Check values from
    TZ file header
  - CVE-2009-5029
* SECURITY UPDATE: memory consumption denial of service in fnmatch
  - debian/patches/any/glibc-CVE-2011-1071.patch: avoid too much
    stack use in fnmatch.
  - CVE-2011-1071
* SECURITY UPDATE: /etc/mtab corruption denial of service
  - debian/patches/any/glibc-CVE-2011-1089.patch: Report write
    error in addmnt even for cached streams
  - CVE-2011-1089
* SECURITY UPDATE: insufficient locale environment sanitization
  - debian/patches/any/glibc-CVE-2011-1095.patch: escape contents of
    LANG environment variable.
  - CVE-2011-1095
* SECURITY UPDATE: ld.so insecure handling of privileged programs'
  RPATHs with $ORIGIN
  - debian/patches/any/glibc-CVE-2011-1658.patch: improve handling of
    RPATH and ORIGIN
  - CVE-2011-1658
* SECURITY UPDATE: fnmatch integer overflow
  - debian/patches/any/glibc-CVE-2011-1659.patch: check size of
    pattern in wide character representation
  - CVE-2011-1659
* SECURITY UPDATE: DoS in RPC implementation (LP: #901716)
  - debian/patches/any/glibc-CVE-2011-4609.patch: nanosleep when too
    many open fds is detected
  - CVE-2011-4609
* SECURITY UPDATE: vfprintf nargs overflow leading to FORTIFY
  check bypass
  - debian/patches/any/glibc-CVE-2012-0864.patch: check for integer
    overflow
  - CVE-2012-0864

57. By Kees Cook on 2011-01-11

* SECURITY UPDATE: setuid iconv users could load arbitrary libraries.
  - debian/patches/any/dst-expansion-fix.diff: refresh with new
    proposed solution, avoiding iconv issues.
  - any/cvs-check-setuid-on-audit.diff: upstream fix for CVE-2010-3856,
    which was already had a work-around in 2.12.1-0ubuntu8.

56. By Kees Cook on 2010-10-21

* SECURITY UPDATE: root escalation via LD_AUDIT DST expansion.
  - debian/patches/any/dst-expansion-fix.diff: upstream fixes.
  - CVE-2010-3847
  - debian/patches/any/disable-ld_audit.diff: turn off LD_AUDIT
    for setuid binaries.

55. By Matthias Klose on 2010-09-10

Fix applying the local-syscall-mcount.diff.

54. By Matthias Klose on 2010-09-10

[ Steve Langasek ]
* debian/patches/arm/local-syscall-mcount.diff: unset CALL_MCOUNT for
  __libc_do_syscall. Thanks to Peter Pearse
  <email address hidden>. Closes LP: #605030.

[ Matthias Klose ]
* Fix _FORITY_SOURCE version of longjmp for Linux/x86-64 (Chung-Lin Tang)
  LP: #601030.

53. By Matthias Klose on 2010-09-08

Again, revert the upstream change from the last upload to
enable running java on the babbage boards.

52. By Matthias Klose on 2010-09-06

* Reapply the upstream change (tested by Yao Qi). LP: #605042.
  2010-06-02 Kirill A. Shutemov <email address hidden>
      * elf/dl-reloc.c: Flush cache after solving TEXTRELs if arch
      requires it.

51. By Matthias Klose on 2010-08-23

[ Marcin Juszkiewicz ]
Add build support to only build single stages. LP: #603498.

50. By Matthias Klose on 2010-08-16

* Build eglibc_2.12.1.orig.tar.gz, based on 2.12 branch (r11211).
* Provide packaging rules in eglibc-source binary packag. LP: #609162.
* Don't patch the sources when PATCHED_SOURCES is set to `yes'.
  LP: #612631.

49. By Matthias Klose on 2010-07-14

* Revert upstream change:
  2010-06-02 Kirill A. Shutemov <email address hidden>
      * elf/dl-reloc.c: Flush cache after solving TEXTRELs if arch
      requires it.
  Breaks the OpenJDK ARM assembler interpreter. LP: #605042.
* expected-results-arm-linux-gnueabi-libc: Remove scanf15, scanf17
  and tst-eintr1, passing the tests on the buildds.