ubuntu/+source/eglibc:ubuntu/lucid-devel

Last commit made on 2015-02-26
Get this branch:
git clone -b ubuntu/lucid-devel https://git.launchpad.net/ubuntu/+source/eglibc
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/lucid-devel
Repository:
lp:ubuntu/+source/eglibc

Recent commits

0c5cbca... by Marc Deslauriers on 2015-02-25

Import patches-unapplied version 2.11.1-0ubuntu7.21 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 51330080077e51aaad5bf225f346b7eb22f1a23d

New changelog entries:
  * SECURITY UPDATE: getaddrinfo writes to random file descriptors under
    high load
    - debian/patches/any/cvs-resolv-reuse-fd.diff: reload file descriptor
      after calling reopen in resolv/res_send.c.
    - CVE-2013-7423
  * SECURITY UPDATE: denial of service via endless loop in getaddr_r
    - debian/patches/any/cvs-getnetbyname.diff: iterate over alias names in
      resolv/nss_dns/dns-network.c.
    - CVE-2014-9402

5133008... by Steve Beattie on 2015-01-21

Import patches-unapplied version 2.11.1-0ubuntu7.20 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: fcdaba18326268da01eac932520130d5506fc400

New changelog entries:
  * SECURITY UPDATE: buffer overflow in __nss_hostname_digits_dots
    - debian/patches/any/CVE-2015-0235.diff: fix overflow in
      nss/digits_dots.c
    - CVE-2015-0235

fcdaba1... by Marc Deslauriers on 2014-12-02

Import patches-unapplied version 2.11.1-0ubuntu7.19 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 9dca798153b67653f0a9b0206c911e79b8f3bf86

New changelog entries:
  * SECURITY UPDATE: denial of service in IBM gconv modules
    - debian/patches/any/CVE-2012-6656.diff: fix check in
      iconvdata/ibm930.c.
    - debian/patches/any/cvs-CVE-2014-6040.diff: fix checks in
      iconvdata/ibm*.c.
    - CVE-2012-6656
    - CVE-2014-6040
  * SECURITY UPDATE: arbitrary command execution via wordexp (LP: #1396471)
    - debian/patches/any/CVE-2014-7817.diff: properly handle WRDE_NOCMD in
      posix/wordexp.c, added tests to posix/wordexp-test.c.
    - CVE-2014-7817

9dca798... by Marc Deslauriers on 2014-09-04

Import patches-unapplied version 2.11.1-0ubuntu7.17 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: e5ac47c2ebb0d19f838eb675edc73fbdca7f5a57

New changelog entries:
  * SECURITY REGRESSION: memleak in getaddrinfo (LP: #1364584)
    - debian/patches/CVE-2013-4357-memleak.patch: fix memleak in
      sysdeps/posix/getaddrinfo.c introduced by patch for CVE-2013-4357.

e5ac47c... by Adam Conrad on 2014-08-28

Import patches-unapplied version 2.11.1-0ubuntu7.16 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: abfbcb4927e9be37a44ff1c37aed951481c17264

New changelog entries:
  * SECURITY UPDATE: heap overflow in __gconv_translit_find() (LP: #1362409)
    - debian/patches/any/cvs-CVE-2014-5119.diff: Backport upstream commit to
      completely remove support for loadable gconv transliteration modules.
  * SECURITY REGRESSION: localplt regression introduced in 2.11.1-0ubuntu7.14
    - debian/patches/any/submitted-CVE-2014-0475.diff: update with a backport
      of upstream commit ca38dc17 to include memmem hidden alias declaration.

abfbcb4... by Marc Deslauriers on 2014-08-05

Import patches-unapplied version 2.11.1-0ubuntu7.15 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: a6c60fc0b10c32c01ac01e4d3b672078edc72731

New changelog entries:
  * SECURITY REGRESSION: segfault when using nscd (LP: #1352504)
    - debian/patches/lp1352504.diff: don't free non-malloced memory and fix
      memory leak in nscd/nscd_getserv_r.c.

a6c60fc... by Marc Deslauriers on 2014-07-28

Import patches-unapplied version 2.11.1-0ubuntu7.14 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 72c23b4eb023b75fb6e9570a784e7a964da8ba5b

New changelog entries:
  * SECURITY UPDATE: denial of service via buffer overflow in getaddrinfo
    - debian/patches/CVE-2013-4357.patch: fix overflow in include/alloca.h,
      nis/nss_nis/nis-alias.c, nscd/nscd_getserv_r.c, posix/glob.c,
      sysdeps/posix/getaddrinfo.c.
    - CVE-2013-4357
  * SECURITY UPDATE: denial of service via buffer overflow in getaddrinfo
    - debian/patches/any/CVE-2013-4458.patch: fix overflow in
      sysdeps/posix/getaddrinfo.c.
    - CVE-2013-4458
  * SECURITY UPDATE: Directory traversal in locale environment handling
    - debian/patches/any/CVE-2014-0475.diff: validate locale names in
      locale/findlocale.c, locale/setlocale.c, added test to
      localedata/tst-setlocale3.c, localedata/Makefile.
    - CVE-2014-0475
  * SECURITY UPDATE: use-after-free via posix_spawn_file_actions_addopen
    failing to copy the path argument
    - debian/patches/any/CVE-2014-4043.diff: properly copy path in
      posix/spawn_faction_addopen.c, posix/spawn_faction_destroy.c,
      posix/spawn_int.h, added test to posix/tst-spawn.c.
    - CVE-2014-4043
  * debian/patches/any/CVE-2013-4237-part2.diff: fix alignment issue
    causing a readdir regression on sparc.
  * debian/patches/any/CVE-2013-4332-part2.diff: added a couple of extra
    commits to fix another overflow and an infinite loop.

72c23b4... by Marc Deslauriers on 2013-10-02

Import patches-unapplied version 2.11.1-0ubuntu7.13 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: eceb5354ea0e0d03d24f5e044f00857ea2a0a4e2

New changelog entries:
  * SECURITY UPDATE: denial of service and possible code execution via
    strcoll overflows
    - debian/patches/any/CVE-2012-44xx.diff: fix overflows in
      string/strcoll_l.c, add test to string/tst-strcoll-overflow.c,
      string/Makefile.
    - CVE-2012-4412
    - CVE-2012-4424
  * SECURITY UPDATE: denial of service in regular expression matcher
    - debian/patches/any/CVE-2013-0242.diff: fix buffer overrun in
      posix/regexec.c, add test to posix/bug-regex34.c, posix/Makefile.
    - CVE-2013-0242
  * SECURITY UPDATE: denial of service in getaddrinfo
    - debian/patches/any/CVE-2013-1914.diff: fix overflow in
      sysdeps/posix/getaddrinfo.c, add libc_hidden_proto for
      __libc_alloca_cutoff in include/alloca.h, nptl/Versions,
      nptl/alloca_cutoff.c.
    - CVE-2013-1914
  * SECURITY UPDATE: denial of service and possible code execution via
    readdir_r
    - debian/patches/any/CVE-2013-4237.diff: enforce NAME_MAX limit in
      sysdeps/unix/readdir_r.c, add errcode to sysdeps/unix/dirstream.h,
      sysdeps/unix/opendir.c, sysdeps/unix/rewinddir.c, remove
      GETDENTS_64BIT_ALIGNED from
      sysdeps/unix/sysv/linux/i386/readdir64_r.c,
      sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c.
    - CVE-2013-4237
  * SECURITY UPDATE: denial of service and possible code execution via
    overflows in memory allocator
    - debian/patches/any/CVE-2013-4332.diff: check for overflows in
      malloc/malloc.c.
    - CVE-2013-4332

eceb535... by Adam Conrad on 2012-11-14

Import patches-unapplied version 2.11.1-0ubuntu7.12 to ubuntu/lucid-proposed

Imported using git-ubuntu import.

Changelog parent: 53fb72b405af09fc3da9fa219014f9662c6c4c8f

New changelog entries:
  * Pull three interdependent patches from Debian to fix AVX detection
    problems on kernels or CPUs that lack support for it (LP: #979003):
    - amd64/cvs-avx-detection.diff: Improved detection on old kernels.
    - amd64/cvs-dl_trampoline-cfi.diff: fix CFI in dl_trampoline code.
    - amd64/cvs-avx-osxsave.diff: Disable AVX without OSXAVE support.
  * Also backport amd64/submitted-tst-audit6-avx.diff from oneiric to
    skip tests if AVX extensions are not available on the build host.
  * Use non-deprecated --reject-format=unified QUILT_PATCH_OPTS option.

53fb72b... by Steve Beattie on 2012-09-29

Import patches-unapplied version 2.11.1-0ubuntu7.11 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 13a14210bc18c98b3cd8c49d7e1e5367464123bd

New changelog entries:
  * SECURITY UPDATE: buffer overflow in vfprintf handling
    - debian/patches/any/CVE-2012-3404.patch: Fix allocation when
      handling positional parameters in printf.
    - CVE-2012-3404
  * SECURITY UPDATE: buffer overflow in vfprintf handling
    - debian/patches/any/CVE-2012-3405.patch: fix extension of array
    - CVE-2012-3405
  * SECURITY UPDATE: stack buffer overflow in vfprintf handling
    (LP: #1031301)
    - debian/patches/any/CVE-2012-3406.patch: switch to malloc when
      array grows too large to handle via alloca extension
    - CVE-2012-3406
  * SECURITY UPDATE: stdlib strtod integer/buffer overflows
    - debian/patches/any/CVE-2012-3480.patch: rearrange calculations
      and modify types to void integer overflows
    - CVE-2012-3480
  * debian/patches/any/strtod_overflow_bug7066.patch: Fix array
    overflow in floating point parser triggered by applying patch for
    CVE-2012-3480
  * debian/testsuite-checking/expected-results-x86_64-linux-gnu-libc,
    debian/testsuite-checking/expected-results-i486-linux-gnu-libc,
    debian/testsuite-checking/expected-results-i686-linux-gnu-i386,
    debian/testsuite-checking/expected-results-i686-linux-gnu-i686,
    debian/testsuite-checking/expected-results-i686-linux-gnu-xen,
    debian/testsuite-checking/expected-results-sparc64-linux-gnu-sparc64:
    update for pre-existing testsuite failures that prevents FTBFS
    when the testsuite is enabled.