ubuntu/+source/eglibc:applied/ubuntu/precise-devel

Last commit made on 2017-03-24
Get this branch:
git clone -b applied/ubuntu/precise-devel https://git.launchpad.net/ubuntu/+source/eglibc
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/precise-devel
Repository:
lp:ubuntu/+source/eglibc

Recent commits

5d1856b... by Steve Beattie on 2017-03-23

Import patches-applied version 2.15-0ubuntu10.18 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 5c3280fcefac11a8512dc8618278da13ff2a4253
Unapplied parent: 1478213cdb7b0d27ec6611df41c7291d8668d3df

New changelog entries:
  * REGRESSION UPDATE: IPv6 addresses not being returned from a
    dual-stack ipv4-ipv6 host query.
    - Revert patches/any/CVE-2016-3706.diff (LP: #1674776)

1478213... by Steve Beattie on 2017-03-23

Import patches-unapplied version 2.15-0ubuntu10.18 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 2c8379e5d1da783171ad805f5e60401ac8896a58

New changelog entries:
  * REGRESSION UPDATE: IPv6 addresses not being returned from a
    dual-stack ipv4-ipv6 host query.
    - Revert patches/any/CVE-2016-3706.diff (LP: #1674776)

5c3280f... by Steve Beattie on 2017-03-21

Import patches-applied version 2.15-0ubuntu10.17 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 9c7f1324789cb8032bcc9bf3fd3231130227db8b
Unapplied parent: 2c8379e5d1da783171ad805f5e60401ac8896a58

New changelog entries:
  * REGRESSION UPDATE: Previous update introduce ABI breakage in
    internal glibc query ABI
    - Back out patches/any/CVE-2015-5180-regression.diff
      (LP: #1674532)

2c8379e... by Steve Beattie on 2017-03-21

Import patches-unapplied version 2.15-0ubuntu10.17 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 8c006e4c8e6ea4da3a640963d697cf9aaa84bd33

New changelog entries:
  * REGRESSION UPDATE: Previous update introduce ABI breakage in
    internal glibc query ABI
    - Back out patches/any/CVE-2015-5180-regression.diff
      (LP: #1674532)

9c7f132... by Steve Beattie on 2017-03-06

Import patches-applied version 2.15-0ubuntu10.16 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: cc878afd5b5801d2f9f4c76e49545ca5f7aebdf8
Unapplied parent: 8c006e4c8e6ea4da3a640963d697cf9aaa84bd33

New changelog entries:
  * SECURITY UPDATE: multiple overflows in strxfrm()
    - patches/any/CVE-2015-8982.diff: Fix memory handling in strxfrm_l
    - CVE-2015-8982
  * SECURITY UPDATE: _IO_wstr_overflow integer overflow
    - patches/any/CVE-2015-8983.diff: Add checks for integer overflow
    - CVE-2015-8983
  * SECURITY UPDATE: buffer overflow (read past end of buffer) in
    internal_fnmatch
    - patches/any/CVE-2015-8984.diff: Remove extra increment when
      skipping over collating symbol inside a bracket expression.
    - CVE-2015-8984
  * SECURITY UPDATE: DNS resolver NULL pointer dereference with
    crafted record type
    - patches/any/CVE-2015-5180.diff: Use out of band signaling for
      internal queries
    - CVE-2015-5180
  * SECURITY UPDATE: stack-based buffer overflow in the glob
    implementation
    - patches/any/CVE-2016-1234.diff: Simplify the interface for the
      GLOB_ALTDIRFUNC callback gl_readdir
    - CVE-2016-1234
  * SECURITY UPDATE: getaddrinfo: stack overflow in hostent conversion
    - patches/any/CVE-2016-3706.diff: Use a heap allocation instead
    - CVE-2016-3706:
  * SECURITY UPDATE: stack exhaustion in clntudp_call
    - patches/any/CVE-2016-4429.diff: Use malloc/free for the error
      payload.
    - CVE-2016-4429
  * SECURITY UPDATE: ARM32 backtrace infinite loop (DoS)
    - patches/any/CVE-2016-6323.diff: mark __startcontext as
      .cantunwind
    - CVE-2016-6323

8c006e4... by Steve Beattie on 2017-03-06

Import patches-unapplied version 2.15-0ubuntu10.16 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: deca66614212ff3460a3588b7d3e7d5f8864a25d

New changelog entries:
  * SECURITY UPDATE: multiple overflows in strxfrm()
    - patches/any/CVE-2015-8982.diff: Fix memory handling in strxfrm_l
    - CVE-2015-8982
  * SECURITY UPDATE: _IO_wstr_overflow integer overflow
    - patches/any/CVE-2015-8983.diff: Add checks for integer overflow
    - CVE-2015-8983
  * SECURITY UPDATE: buffer overflow (read past end of buffer) in
    internal_fnmatch
    - patches/any/CVE-2015-8984.diff: Remove extra increment when
      skipping over collating symbol inside a bracket expression.
    - CVE-2015-8984
  * SECURITY UPDATE: DNS resolver NULL pointer dereference with
    crafted record type
    - patches/any/CVE-2015-5180.diff: Use out of band signaling for
      internal queries
    - CVE-2015-5180
  * SECURITY UPDATE: stack-based buffer overflow in the glob
    implementation
    - patches/any/CVE-2016-1234.diff: Simplify the interface for the
      GLOB_ALTDIRFUNC callback gl_readdir
    - CVE-2016-1234
  * SECURITY UPDATE: getaddrinfo: stack overflow in hostent conversion
    - patches/any/CVE-2016-3706.diff: Use a heap allocation instead
    - CVE-2016-3706:
  * SECURITY UPDATE: stack exhaustion in clntudp_call
    - patches/any/CVE-2016-4429.diff: Use malloc/free for the error
      payload.
    - CVE-2016-4429
  * SECURITY UPDATE: ARM32 backtrace infinite loop (DoS)
    - patches/any/CVE-2016-6323.diff: mark __startcontext as
      .cantunwind
    - CVE-2016-6323

cc878af... by Steve Beattie on 2016-05-26

Import patches-applied version 2.15-0ubuntu10.15 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 18cb89482d1d51fce6089556e41c026d1c80add6
Unapplied parent: deca66614212ff3460a3588b7d3e7d5f8864a25d

New changelog entries:
  * REGRESSION UPDATE: revert CVE-2014-9761 fix due to added symbol
    dependency from libm to libc (LP: #1585614)
    - debian/patches/any/CVE-2014-9761-2.diff: keep exporting
      __strto*_nan symbols added to libc.

deca666... by Steve Beattie on 2016-05-26

Import patches-unapplied version 2.15-0ubuntu10.15 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: f7b3665e2bbdea3add1c3be88bd2ddec65dabc92

New changelog entries:
  * REGRESSION UPDATE: revert CVE-2014-9761 fix due to added symbol
    dependency from libm to libc (LP: #1585614)
    - debian/patches/any/CVE-2014-9761-2.diff: keep exporting
      __strto*_nan symbols added to libc.

18cb894... by Steve Beattie on 2016-04-09

Import patches-applied version 2.15-0ubuntu10.14 to applied/ubuntu/precise-proposed

Imported using git-ubuntu import.

Changelog parent: 8f175e6e90b1018eb9d740dc080794a389f78616
Unapplied parent: f7b3665e2bbdea3add1c3be88bd2ddec65dabc92

New changelog entries:
  * SECURITY UPDATE: buffer overflow in gethostbyname_r and related
    functions
    - debian/patches/any/CVE-2015-1781.diff: take alignment padding
      into account when computing if buffer is too small.
    - CVE-2015-1781
  * SECURITY UPDATE: glibc Name Service Switch (NSS) denial of sevice
    - debian/patches/any/CVE-2014-8121-1.diff: do not close NSS files
      database during iteration.
    - debian/patches/any/CVE-2014-8121-2.diff: Separate internal state
      between getXXent and getXXbyYY NSS calls.
    - CVE-2014-8121
  * SECURITY UPDATE: glibc unbounded stack usage in NaN strtod
    conversion
    - debian/patches/any/CVE-2014-9761-1.diff: Refactor strtod parsing
      of NaN payloads.
    - debian/patches/any/CVE-2014-9761-1.diff: Fix nan functions
      handling of payload strings
    - CVE-2014-9761
  * SECURITY UPDATE: out of range data to strftime() causes segfault
    (denial of service)
    - debian/patches/any/CVE-2015-8776.diff: add range checks to
      strftime() processing
    - CVE-2015-8776
  * SECURITY UPDATE: glibc honors LD_POINTER_GUARD env for setuid
    AT_SECURE programs (e.g. setuid), allowing disabling of pointer
    mangling
    - debian/patches/any/CVE-2015-8777.diff: Always enable pointer
      guard
    - CVE-2015-8777
  * SECURITY UPDATE: integer overflow in hcreate and hcreate_r
    - debian/patches/any/CVE-2015-8778.diff: check for large inputs
    - CVE-2015-8778
  * SECURITY UPDATE: unbounded stack allocation in catopen()
    - debian/patches/any/CVE-2015-8779.diff: stop using unbounded
      alloca()
    - CVE-2015-8779
  * SECURITY UPDATE: Stack overflow in _nss_dns_getnetbyname_r
    - debian/patches/any/CVE-2016-3075.diff: do not make unneeded
      memory copy on the stack.
    - CVE-2016-3075
  * SECURITY UPDATE: pt_chown privilege escalation
    - debian/patches/any/CVE-2016-2856-pre.diff: add option to
      enable/disable pt_chown.
    - debian/patches/any/CVE-2016-2856.diff: grantpt: trust the kernel
      about pty group and permission mode
    - debian/debhelper.in/libc-bin.install: drop installation of
      pt_chown
    - CVE-2016-2856, CVE-2013-2207
  * debian/debhelper.in/libc.postinst: add reboot notifications for
    security updates (LP: #1546457)

f7b3665... by Steve Beattie on 2016-04-09

Import patches-unapplied version 2.15-0ubuntu10.14 to ubuntu/precise-proposed

Imported using git-ubuntu import.

Changelog parent: 3f7a6a3f0398b8de3788bd14d294daa4a1564a49

New changelog entries:
  * SECURITY UPDATE: buffer overflow in gethostbyname_r and related
    functions
    - debian/patches/any/CVE-2015-1781.diff: take alignment padding
      into account when computing if buffer is too small.
    - CVE-2015-1781
  * SECURITY UPDATE: glibc Name Service Switch (NSS) denial of sevice
    - debian/patches/any/CVE-2014-8121-1.diff: do not close NSS files
      database during iteration.
    - debian/patches/any/CVE-2014-8121-2.diff: Separate internal state
      between getXXent and getXXbyYY NSS calls.
    - CVE-2014-8121
  * SECURITY UPDATE: glibc unbounded stack usage in NaN strtod
    conversion
    - debian/patches/any/CVE-2014-9761-1.diff: Refactor strtod parsing
      of NaN payloads.
    - debian/patches/any/CVE-2014-9761-1.diff: Fix nan functions
      handling of payload strings
    - CVE-2014-9761
  * SECURITY UPDATE: out of range data to strftime() causes segfault
    (denial of service)
    - debian/patches/any/CVE-2015-8776.diff: add range checks to
      strftime() processing
    - CVE-2015-8776
  * SECURITY UPDATE: glibc honors LD_POINTER_GUARD env for setuid
    AT_SECURE programs (e.g. setuid), allowing disabling of pointer
    mangling
    - debian/patches/any/CVE-2015-8777.diff: Always enable pointer
      guard
    - CVE-2015-8777
  * SECURITY UPDATE: integer overflow in hcreate and hcreate_r
    - debian/patches/any/CVE-2015-8778.diff: check for large inputs
    - CVE-2015-8778
  * SECURITY UPDATE: unbounded stack allocation in catopen()
    - debian/patches/any/CVE-2015-8779.diff: stop using unbounded
      alloca()
    - CVE-2015-8779
  * SECURITY UPDATE: Stack overflow in _nss_dns_getnetbyname_r
    - debian/patches/any/CVE-2016-3075.diff: do not make unneeded
      memory copy on the stack.
    - CVE-2016-3075
  * SECURITY UPDATE: pt_chown privilege escalation
    - debian/patches/any/CVE-2016-2856-pre.diff: add option to
      enable/disable pt_chown.
    - debian/patches/any/CVE-2016-2856.diff: grantpt: trust the kernel
      about pty group and permission mode
    - debian/debhelper.in/libc-bin.install: drop installation of
      pt_chown
    - CVE-2016-2856, CVE-2013-2207
  * debian/debhelper.in/libc.postinst: add reboot notifications for
    security updates (LP: #1546457)