ubuntu/+source/eglibc:applied/ubuntu/precise-proposed

Last commit made on 2016-04-26
Get this branch:
git clone -b applied/ubuntu/precise-proposed https://git.launchpad.net/ubuntu/+source/eglibc
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/precise-proposed
Repository:
lp:ubuntu/+source/eglibc

Recent commits

18cb894... by Steve Beattie on 2016-04-09

Import patches-applied version 2.15-0ubuntu10.14 to applied/ubuntu/precise-proposed

Imported using git-ubuntu import.

Changelog parent: 8f175e6e90b1018eb9d740dc080794a389f78616
Unapplied parent: f7b3665e2bbdea3add1c3be88bd2ddec65dabc92

New changelog entries:
  * SECURITY UPDATE: buffer overflow in gethostbyname_r and related
    functions
    - debian/patches/any/CVE-2015-1781.diff: take alignment padding
      into account when computing if buffer is too small.
    - CVE-2015-1781
  * SECURITY UPDATE: glibc Name Service Switch (NSS) denial of sevice
    - debian/patches/any/CVE-2014-8121-1.diff: do not close NSS files
      database during iteration.
    - debian/patches/any/CVE-2014-8121-2.diff: Separate internal state
      between getXXent and getXXbyYY NSS calls.
    - CVE-2014-8121
  * SECURITY UPDATE: glibc unbounded stack usage in NaN strtod
    conversion
    - debian/patches/any/CVE-2014-9761-1.diff: Refactor strtod parsing
      of NaN payloads.
    - debian/patches/any/CVE-2014-9761-1.diff: Fix nan functions
      handling of payload strings
    - CVE-2014-9761
  * SECURITY UPDATE: out of range data to strftime() causes segfault
    (denial of service)
    - debian/patches/any/CVE-2015-8776.diff: add range checks to
      strftime() processing
    - CVE-2015-8776
  * SECURITY UPDATE: glibc honors LD_POINTER_GUARD env for setuid
    AT_SECURE programs (e.g. setuid), allowing disabling of pointer
    mangling
    - debian/patches/any/CVE-2015-8777.diff: Always enable pointer
      guard
    - CVE-2015-8777
  * SECURITY UPDATE: integer overflow in hcreate and hcreate_r
    - debian/patches/any/CVE-2015-8778.diff: check for large inputs
    - CVE-2015-8778
  * SECURITY UPDATE: unbounded stack allocation in catopen()
    - debian/patches/any/CVE-2015-8779.diff: stop using unbounded
      alloca()
    - CVE-2015-8779
  * SECURITY UPDATE: Stack overflow in _nss_dns_getnetbyname_r
    - debian/patches/any/CVE-2016-3075.diff: do not make unneeded
      memory copy on the stack.
    - CVE-2016-3075
  * SECURITY UPDATE: pt_chown privilege escalation
    - debian/patches/any/CVE-2016-2856-pre.diff: add option to
      enable/disable pt_chown.
    - debian/patches/any/CVE-2016-2856.diff: grantpt: trust the kernel
      about pty group and permission mode
    - debian/debhelper.in/libc-bin.install: drop installation of
      pt_chown
    - CVE-2016-2856, CVE-2013-2207
  * debian/debhelper.in/libc.postinst: add reboot notifications for
    security updates (LP: #1546457)

f7b3665... by Steve Beattie on 2016-04-09

Import patches-unapplied version 2.15-0ubuntu10.14 to ubuntu/precise-proposed

Imported using git-ubuntu import.

Changelog parent: 3f7a6a3f0398b8de3788bd14d294daa4a1564a49

New changelog entries:
  * SECURITY UPDATE: buffer overflow in gethostbyname_r and related
    functions
    - debian/patches/any/CVE-2015-1781.diff: take alignment padding
      into account when computing if buffer is too small.
    - CVE-2015-1781
  * SECURITY UPDATE: glibc Name Service Switch (NSS) denial of sevice
    - debian/patches/any/CVE-2014-8121-1.diff: do not close NSS files
      database during iteration.
    - debian/patches/any/CVE-2014-8121-2.diff: Separate internal state
      between getXXent and getXXbyYY NSS calls.
    - CVE-2014-8121
  * SECURITY UPDATE: glibc unbounded stack usage in NaN strtod
    conversion
    - debian/patches/any/CVE-2014-9761-1.diff: Refactor strtod parsing
      of NaN payloads.
    - debian/patches/any/CVE-2014-9761-1.diff: Fix nan functions
      handling of payload strings
    - CVE-2014-9761
  * SECURITY UPDATE: out of range data to strftime() causes segfault
    (denial of service)
    - debian/patches/any/CVE-2015-8776.diff: add range checks to
      strftime() processing
    - CVE-2015-8776
  * SECURITY UPDATE: glibc honors LD_POINTER_GUARD env for setuid
    AT_SECURE programs (e.g. setuid), allowing disabling of pointer
    mangling
    - debian/patches/any/CVE-2015-8777.diff: Always enable pointer
      guard
    - CVE-2015-8777
  * SECURITY UPDATE: integer overflow in hcreate and hcreate_r
    - debian/patches/any/CVE-2015-8778.diff: check for large inputs
    - CVE-2015-8778
  * SECURITY UPDATE: unbounded stack allocation in catopen()
    - debian/patches/any/CVE-2015-8779.diff: stop using unbounded
      alloca()
    - CVE-2015-8779
  * SECURITY UPDATE: Stack overflow in _nss_dns_getnetbyname_r
    - debian/patches/any/CVE-2016-3075.diff: do not make unneeded
      memory copy on the stack.
    - CVE-2016-3075
  * SECURITY UPDATE: pt_chown privilege escalation
    - debian/patches/any/CVE-2016-2856-pre.diff: add option to
      enable/disable pt_chown.
    - debian/patches/any/CVE-2016-2856.diff: grantpt: trust the kernel
      about pty group and permission mode
    - debian/debhelper.in/libc-bin.install: drop installation of
      pt_chown
    - CVE-2016-2856, CVE-2013-2207
  * debian/debhelper.in/libc.postinst: add reboot notifications for
    security updates (LP: #1546457)

8f175e6... by Marc Deslauriers on 2016-02-16

Import patches-applied version 2.15-0ubuntu10.13 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 0b283cacf93a70e47542096556afbf8444239c9e
Unapplied parent: 3f7a6a3f0398b8de3788bd14d294daa4a1564a49

New changelog entries:
  * SECURITY UPDATE: glibc getaddrinfo stack-based buffer overflow
    - debian/patches/any/CVE-2015-7547-pre1.diff: fix memory leak in
      resolv/nss_dns/dns-host.c.
    - debian/patches/any/CVE-2015-7547-pre2.diff: fix memory leak in
      include/resolv.h, resolv/gethnamaddr.c, resolv/nss_dns/dns-canon.c,
      resolv/nss_dns/dns-host.c, resolv/nss_dns/dns-network.c,
      resolv/res_query.c, resolv/res_send.c.
    - debian/patches/any/CVE-2015-7547.diff: fix buffer handling in
      resolv/nss_dns/dns-host.c, resolv/res_query.c, resolv/res_send.c.
    - CVE-2015-7547

3f7a6a3... by Marc Deslauriers on 2016-02-16

Import patches-unapplied version 2.15-0ubuntu10.13 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 9b82e0c0561983ffa355cfe6901dc250c8619971

New changelog entries:
  * SECURITY UPDATE: glibc getaddrinfo stack-based buffer overflow
    - debian/patches/any/CVE-2015-7547-pre1.diff: fix memory leak in
      resolv/nss_dns/dns-host.c.
    - debian/patches/any/CVE-2015-7547-pre2.diff: fix memory leak in
      include/resolv.h, resolv/gethnamaddr.c, resolv/nss_dns/dns-canon.c,
      resolv/nss_dns/dns-host.c, resolv/nss_dns/dns-network.c,
      resolv/res_query.c, resolv/res_send.c.
    - debian/patches/any/CVE-2015-7547.diff: fix buffer handling in
      resolv/nss_dns/dns-host.c, resolv/res_query.c, resolv/res_send.c.
    - CVE-2015-7547

0b283ca... by Adam Conrad on 2015-03-25

Import patches-applied version 2.15-0ubuntu10.12 to applied/ubuntu/precise-proposed

Imported using git-ubuntu import.

Changelog parent: d276036481c25692a99e7a01519b337227177f99
Unapplied parent: 9b82e0c0561983ffa355cfe6901dc250c8619971

New changelog entries:
  * cvs-vfprintf-multibyte.diff: Fix "memory exhausted" bug in who, by no
    longer parsing %s format arguments as multibyte strings (LP: #1109327)
  * cvs-__SSE_MATH__-feraiseexcept.diff: Check for __SSE_MATH__ in x86_64
    feraiseexcept to fix backported -m32 builds of GCC 4.8 (LP: #1165387)
  * cvs-canonical-name.diff: Don't incorrectly do a PTR lookup when asked
    to do a canonical lookup for a host using AI_CANONNAME (LP: #1057526)
  * cvs-atomic-fastbins.diff: Fix race in free() of fastbin (LP: #1020210)

9b82e0c... by Adam Conrad on 2015-03-25

Import patches-unapplied version 2.15-0ubuntu10.12 to ubuntu/precise-proposed

Imported using git-ubuntu import.

Changelog parent: 2e2f0dac641cb622f531e2810339331998cacbdd

New changelog entries:
  * cvs-vfprintf-multibyte.diff: Fix "memory exhausted" bug in who, by no
    longer parsing %s format arguments as multibyte strings (LP: #1109327)
  * cvs-__SSE_MATH__-feraiseexcept.diff: Check for __SSE_MATH__ in x86_64
    feraiseexcept to fix backported -m32 builds of GCC 4.8 (LP: #1165387)
  * cvs-canonical-name.diff: Don't incorrectly do a PTR lookup when asked
    to do a canonical lookup for a host using AI_CANONNAME (LP: #1057526)
  * cvs-atomic-fastbins.diff: Fix race in free() of fastbin (LP: #1020210)

d276036... by Marc Deslauriers on 2015-02-25

Import patches-applied version 2.15-0ubuntu10.11 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 43b3c01c6f0acab3543beb97a1191a278a7077d2
Unapplied parent: 2e2f0dac641cb622f531e2810339331998cacbdd

New changelog entries:
  * SECURITY UPDATE: getaddrinfo writes to random file descriptors under
    high load
    - debian/patches/any/cvs-resolv-reuse-fd.diff: reload file descriptor
      after calling reopen in resolv/res_send.c.
    - CVE-2013-7423
  * SECURITY UPDATE: denial of service via endless loop in getaddr_r
    - debian/patches/any/cvs-getnetbyname.diff: iterate over alias names in
      resolv/nss_dns/dns-network.c.
    - CVE-2014-9402
  * SECURITY UPDATE: buffer overflow in wscanf
    - debian/patches/any/cvs-wscanf.diff: calculate correct size in
      stdio-common/vfscanf.c, added test to stdio-common/tst-sscanf.c.
    - CVE-2015-1472
    - CVE-2015-1473

2e2f0da... by Marc Deslauriers on 2015-02-25

Import patches-unapplied version 2.15-0ubuntu10.11 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: ed12cd48dbaf6c835ad7ec17a14d998a15d93513

New changelog entries:
  * SECURITY UPDATE: getaddrinfo writes to random file descriptors under
    high load
    - debian/patches/any/cvs-resolv-reuse-fd.diff: reload file descriptor
      after calling reopen in resolv/res_send.c.
    - CVE-2013-7423
  * SECURITY UPDATE: denial of service via endless loop in getaddr_r
    - debian/patches/any/cvs-getnetbyname.diff: iterate over alias names in
      resolv/nss_dns/dns-network.c.
    - CVE-2014-9402
  * SECURITY UPDATE: buffer overflow in wscanf
    - debian/patches/any/cvs-wscanf.diff: calculate correct size in
      stdio-common/vfscanf.c, added test to stdio-common/tst-sscanf.c.
    - CVE-2015-1472
    - CVE-2015-1473

43b3c01... by Steve Beattie on 2015-01-20

Import patches-applied version 2.15-0ubuntu10.10 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: ccb58d9110e020821ab21f160b2462bb33263d9a
Unapplied parent: ed12cd48dbaf6c835ad7ec17a14d998a15d93513

New changelog entries:
  * SECURITY UPDATE: buffer overflow in __nss_hostname_digits_dots
    - debian/patches/any/CVE-2015-0235.diff: fix overflow in
      nss/digits_dots.c
    - CVE-2015-0235

ed12cd4... by Steve Beattie on 2015-01-20

Import patches-unapplied version 2.15-0ubuntu10.10 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 2611c33197900430902567a4f7c4eb38ff7b21b6

New changelog entries:
  * SECURITY UPDATE: buffer overflow in __nss_hostname_digits_dots
    - debian/patches/any/CVE-2015-0235.diff: fix overflow in
      nss/digits_dots.c
    - CVE-2015-0235