lp:ubuntu/precise-proposed/eglibc

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

315. By Steve Beattie on 2016-04-08

* SECURITY UPDATE: buffer overflow in gethostbyname_r and related
  functions
  - debian/patches/any/CVE-2015-1781.diff: take alignment padding
    into account when computing if buffer is too small.
  - CVE-2015-1781
* SECURITY UPDATE: glibc Name Service Switch (NSS) denial of sevice
  - debian/patches/any/CVE-2014-8121-1.diff: do not close NSS files
    database during iteration.
  - debian/patches/any/CVE-2014-8121-2.diff: Separate internal state
    between getXXent and getXXbyYY NSS calls.
  - CVE-2014-8121
* SECURITY UPDATE: glibc unbounded stack usage in NaN strtod
  conversion
  - debian/patches/any/CVE-2014-9761-1.diff: Refactor strtod parsing
    of NaN payloads.
  - debian/patches/any/CVE-2014-9761-1.diff: Fix nan functions
    handling of payload strings
  - CVE-2014-9761
* SECURITY UPDATE: out of range data to strftime() causes segfault
  (denial of service)
  - debian/patches/any/CVE-2015-8776.diff: add range checks to
    strftime() processing
  - CVE-2015-8776
* SECURITY UPDATE: glibc honors LD_POINTER_GUARD env for setuid
  AT_SECURE programs (e.g. setuid), allowing disabling of pointer
  mangling
  - debian/patches/any/CVE-2015-8777.diff: Always enable pointer
    guard
  - CVE-2015-8777
* SECURITY UPDATE: integer overflow in hcreate and hcreate_r
  - debian/patches/any/CVE-2015-8778.diff: check for large inputs
  - CVE-2015-8778
* SECURITY UPDATE: unbounded stack allocation in catopen()
  - debian/patches/any/CVE-2015-8779.diff: stop using unbounded
    alloca()
  - CVE-2015-8779
* SECURITY UPDATE: Stack overflow in _nss_dns_getnetbyname_r
  - debian/patches/any/CVE-2016-3075.diff: do not make unneeded
    memory copy on the stack.
  - CVE-2016-3075
* SECURITY UPDATE: pt_chown privilege escalation
  - debian/patches/any/CVE-2016-2856-pre.diff: add option to
    enable/disable pt_chown.
  - debian/patches/any/CVE-2016-2856.diff: grantpt: trust the kernel
    about pty group and permission mode
  - debian/debhelper.in/libc-bin.install: drop installation of
    pt_chown
  - CVE-2016-2856, CVE-2013-2207
* debian/debhelper.in/libc.postinst: add reboot notifications for
  security updates (LP: #1546457)

314. By Adam Conrad on 2015-03-25

* cvs-vfprintf-multibyte.diff: Fix "memory exhausted" bug in who, by no
  longer parsing %s format arguments as multibyte strings (LP: #1109327)
* cvs-__SSE_MATH__-feraiseexcept.diff: Check for __SSE_MATH__ in x86_64
  feraiseexcept to fix backported -m32 builds of GCC 4.8 (LP: #1165387)
* cvs-canonical-name.diff: Don't incorrectly do a PTR lookup when asked
  to do a canonical lookup for a host using AI_CANONNAME (LP: #1057526)
* cvs-atomic-fastbins.diff: Fix race in free() of fastbin (LP: #1020210)

313. By Adam Conrad on 2013-01-27

* Add patch ubuntu/local-disable-nscd-netgroup-caching.diff to
  disable netgroup caching in the default config (LP: #1068889)
* Backport any/cvs-malloc-deadlock.diff from upstream to prevent
  glibc deadlocking in mallock arena retry paths (LP: #1081734)
* Fix futex issue (BZ #13844), backport from 2.16 (LP: #1091186)
* Drop patch any/local-disable-nscd-host-caching.diff, as this
  bug was apparently resolved upstream a while ago (LP: #613662)
* Add patch any/cvs-ld-self-load.diff to restore ld.so's ability
  to load itself, a behaviour accidentally removed (LP: #1088677)
* Drop dangling libnss_db.so symlink in libc6-dev (LP: #1088773)

312. By Adam Conrad on 2012-10-03

* Backport fixes for dbl-64 and ldbl-128 issues (LP: #1000498)
* Backport another FMA support patch from glibc master branch.

311. By Adam Conrad on 2012-08-09

* Backport fix from 2.16 to fix htons() conversion errors on non-x86
  architectures, by correctly casting to uint16_t (LP: #1016349)
* Restore missing AT_EMPTY_PATH definition in fnctl.h (LP: #1010069)
* Backport FMA4/AVX detection from glibc 2.16 (LP: #956051, #979003)
* Backport fixups to AVX-using code to match the detection backport.
* Backport fix from 2.16 for sscanf/realloc deadlock (LP: #1028038)
* Backport for bogus FPE on underflow for exp(double) (LP: #1007457)

310. By Steve Langasek on 2012-04-19

kdm is not meant to be restarted, only warned about; moving the restart
code to the preinst is causing kdm restarts that will break the desktop
in the middle of the upgrade. Zero out our list of services between the
two uses of the variable. LP: #985735.

309. By Adam Conrad on 2012-04-15

debian/debhelper.in/libc.preinst: Brown paper bag fix; when we
upgrade from older versions, we don't have our linker in place
before unpacking, however the preisnt wants one, so create a
temporary linker symlink in the new location for one-time use

308. By Adam Conrad on 2012-04-13

* debian/patches/arm/unsubmitted-armhf-linker.diff: Add the new armhf
  linker to the triplet/LDSO table in ports/sysdeps/arm/shlib-versions
* debian/sysdeps/arm{el,hf}.mk: Stop installing armhf linker to its
  multiarch path, the new standard path is /lib/ld-linux-armhf.so.3
* debian/sysdeps/arm{el,hf}.mk: Define configure targets for alt libs
* debian/sysdeps/arm{el,hf}.mk: Provide compat symlinks in armhf builds
  so that old binaries continue to work without needing rebuilding
* debian/rules.d/build.mk: Change ldd to use the new armhf linker path
* debian/libc6.symbols.armhf: ld-linux-armhf.so.3 depends on having a
  new enough version of libc6 installed to make the linker available
* debian/patches/arm/unsubmitted-soname-hack.diff: Apply unfortunate
  hack to elf/dl-load.c to allow our old binaries keep running with the
  new linker, by spoofing the SONAME of the new as if it were the old
* debian/debhelper.in/libc-udeb.install.armhf: No longer required
* debian/sysdeps/armhf.mk: Create symlink in the udeb for legacy linker
* debian/debhelper.in/libc{,-alt}.postrm: If we remove libc6:i386 before
  libc6-i386:amd64, maintain sanity of /lib/ld-linux.so.2 (LP: #852101)

307. By Adam Conrad on 2012-04-12

[ James Hunt ]
* debian/debhelper.in/libc.preinst: Moved logic from postinst to
  prompt user for services to restart. We ask here to allow the
  problematic cron to be stopped in the preinst, but defer the restart of
  remaining services until postinst time (LP: #508083).

[ Steve Langasek ]
* debian/debhelper.in/libc.{pre,post}inst: drop special casing of upstart
  jobs when restarting, since the check was completely wrong anyway,
  depending on the no-longer-existent /lib/init/readlink.
* Drop obsolete gdm upgrade handling code that only applies for upgrades
  from hardy to lucid.
* Remove the /etc/ld.so.conf.d/i486-linux-gnu.conf conffile on upgrade on
  i386, since it's no longer shipped and we should give consistent results
  on upgrade and install; and add a Breaks on the three library packages
  in lucid that used this path.

[ Adam Conrad ]
* debian/patches/any/local-nscd-NO_MAPPING.diff: Apply patch from Jeff Law
  to clean up thread handling in __nscd_get_nl_timestamp and resolve a few
  random crashing issues with chromium-browser and ktorrent (LP: #929219)
* debian/rules.d/debhelper.mk: Fix RTLD_SO replacement regex for sanity.

306. By Steve Beattie on 2012-03-12

* SECURITY UPDATE: denial of service in RPC implementation (LP: #901716)
  - debian/patches/any/local-CVE-2011-4609.patch: nanosleep when too
    many open fds are detected
  - CVE-2011-4609
* SECURITY UPDATE: vfprintf nargs overflow leading to FORTIFY
  check bypass (LP: #953171)
  - debian/patches/any/cvs-CVE-2012-0864.patch: check for integer
    overflow
  - CVE-2012-0864