ubuntu/+source/eglibc:ubuntu/lucid-proposed

Last commit made on 2012-11-15
Get this branch:
git clone -b ubuntu/lucid-proposed https://git.launchpad.net/ubuntu/+source/eglibc
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/lucid-proposed
Repository:
lp:ubuntu/+source/eglibc

Recent commits

eceb535... by Adam Conrad on 2012-11-14

Import patches-unapplied version 2.11.1-0ubuntu7.12 to ubuntu/lucid-proposed

Imported using git-ubuntu import.

Changelog parent: 53fb72b405af09fc3da9fa219014f9662c6c4c8f

New changelog entries:
  * Pull three interdependent patches from Debian to fix AVX detection
    problems on kernels or CPUs that lack support for it (LP: #979003):
    - amd64/cvs-avx-detection.diff: Improved detection on old kernels.
    - amd64/cvs-dl_trampoline-cfi.diff: fix CFI in dl_trampoline code.
    - amd64/cvs-avx-osxsave.diff: Disable AVX without OSXAVE support.
  * Also backport amd64/submitted-tst-audit6-avx.diff from oneiric to
    skip tests if AVX extensions are not available on the build host.
  * Use non-deprecated --reject-format=unified QUILT_PATCH_OPTS option.

53fb72b... by Steve Beattie on 2012-09-29

Import patches-unapplied version 2.11.1-0ubuntu7.11 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 13a14210bc18c98b3cd8c49d7e1e5367464123bd

New changelog entries:
  * SECURITY UPDATE: buffer overflow in vfprintf handling
    - debian/patches/any/CVE-2012-3404.patch: Fix allocation when
      handling positional parameters in printf.
    - CVE-2012-3404
  * SECURITY UPDATE: buffer overflow in vfprintf handling
    - debian/patches/any/CVE-2012-3405.patch: fix extension of array
    - CVE-2012-3405
  * SECURITY UPDATE: stack buffer overflow in vfprintf handling
    (LP: #1031301)
    - debian/patches/any/CVE-2012-3406.patch: switch to malloc when
      array grows too large to handle via alloca extension
    - CVE-2012-3406
  * SECURITY UPDATE: stdlib strtod integer/buffer overflows
    - debian/patches/any/CVE-2012-3480.patch: rearrange calculations
      and modify types to void integer overflows
    - CVE-2012-3480
  * debian/patches/any/strtod_overflow_bug7066.patch: Fix array
    overflow in floating point parser triggered by applying patch for
    CVE-2012-3480
  * debian/testsuite-checking/expected-results-x86_64-linux-gnu-libc,
    debian/testsuite-checking/expected-results-i486-linux-gnu-libc,
    debian/testsuite-checking/expected-results-i686-linux-gnu-i386,
    debian/testsuite-checking/expected-results-i686-linux-gnu-i686,
    debian/testsuite-checking/expected-results-i686-linux-gnu-xen,
    debian/testsuite-checking/expected-results-sparc64-linux-gnu-sparc64:
    update for pre-existing testsuite failures that prevents FTBFS
    when the testsuite is enabled.

13a1421... by Steve Beattie on 2012-03-07

Import patches-unapplied version 2.11.1-0ubuntu7.10 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: bbf9dd14aecfe5cc9a17f7da1ceb88346973c9e0

New changelog entries:
  * SECURITY UPDATE: timezone header parsing integer overflow (LP: #906961)
    - debian/patches/any/glibc-CVE-2009-5029.patch: Check values from
      TZ file header
    - CVE-2009-5029
  * SECURITY UPDATE: memory consumption denial of service in fnmatch
    - debian/patches/any/glibc-CVE-2011-1071.patch: avoid too much
      stack use in fnmatch.
    - CVE-2011-1071
  * SECURITY UPDATE: /etc/mtab corruption denial of service
    - debian/patches/any/glibc-CVE-2011-1089.patch: Report write
      error in addmnt even for cached streams
    - CVE-2011-1089
  * SECURITY UPDATE: insufficient locale environment sanitization
    - debian/patches/any/glibc-CVE-2011-1095.patch: escape contents of
      LANG environment variable.
    - CVE-2011-1095
  * SECURITY UPDATE: ld.so insecure handling of privileged programs'
    RPATHs with $ORIGIN
    - debian/patches/any/glibc-CVE-2011-1658.patch: improve handling of
      RPATH and ORIGIN
    - CVE-2011-1658
  * SECURITY UPDATE: fnmatch integer overflow
    - debian/patches/any/glibc-CVE-2011-1659.patch: check size of
      pattern in wide character representation
    - CVE-2011-1659
  * SECURITY UPDATE: signedness bug in memcpy_ssse3
    - debian/patches/any/glibc-CVE-2011-2702.patch: use unsigned
      comparison instructions
    - CVE-2011-2702
  * SECURITY UPDATE: DoS in RPC implementation (LP: #901716)
    - debian/patches/any/glibc-CVE-2011-4609.patch: nanosleep when too
      many open fds is detected
    - CVE-2011-4609
  * SECURITY UPDATE: vfprintf nargs overflow leading to FORTIFY
    check bypass
    - debian/patches/any/glibc-CVE-2012-0864.patch: check for integer
      overflow
    - CVE-2012-0864
  * debian/testsuite-checking/expected-results-x86_64-linux-gnu-libc,
    debian/testsuite-checking/expected-results-i686-linux-gnu-i386,
    debian/testsuite-checking/expected-results-arm-linux-gnueabi-libc:
    update for pre-existing testsuite failures that prevents FTBFS
    when the testsuite is enabled.

bbf9dd1... by Matthias Klose on 2011-01-19

Import patches-unapplied version 2.11.1-0ubuntu7.8 to ubuntu/lucid-proposed

Imported using git-ubuntu import.

Changelog parent: ff6cc87379dedcdad7e2e55934cb370a8adcb499

New changelog entries:
  [ Matthias Klose ]
  * Fix issue #12077, __strncmp_ssse3 can segfault when it over-reads
    its buffer. LP: #702190.
  [ Clint Byrum ]
  * do not run 'telinit u' on upgrade, as this will break upstart.
    touch /var/run/init.upgraded instead, which will force a re-exec just
    before remounting root read-only. LP: #672177, LP: #694772.

ff6cc87... by Kees Cook on 2011-01-11

Import patches-unapplied version 2.11.1-0ubuntu7.7 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: b9317b4751a0e6a6b191783ea531c301d383433f

New changelog entries:
  * SECURITY UPDATE: setuid iconv users could load arbitrary libraries.
    - debian/patches/any/dst-expansion-fix.diff: refresh with new
      proposed solution, avoiding iconv issues.
    - any/cvs-check-setuid-on-audit.diff: upstream fix for CVE-2010-3856,
      which was already had a work-around in 2.11.1-0ubuntu7.5.

b9317b4... by Matthias Klose on 2010-11-14

Import patches-unapplied version 2.11.1-0ubuntu7.6 to ubuntu/lucid-proposed

Imported using git-ubuntu import.

Changelog parent: 1fd3cda686aa1d56b653d5df82f460f04a991a08

New changelog entries:
  * Fix issue #12159, x86-64 strchr propagation of search byte into all bytes
    of SSE register.
  * Fix issue #12113, alignment of AVX safe area on x86_64. LP: #662511.
  * Fix ifunc thunk for strspn on x86 in static libc. LP: #615953.

1fd3cda... by Kees Cook on 2010-10-21

Import patches-unapplied version 2.11.1-0ubuntu7.5 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: ed9e308c905e9daffa9f0fef226a5816cd49fe10

New changelog entries:
  * SECURITY UPDATE: root escalation via LD_AUDIT DST expansion.
    - debian/patches/any/dst-expansion-fix.diff: upstream fixes.
    - CVE-2010-3847
    - debian/patches/any/disable-ld_audit.diff: turn off LD_AUDIT
      for setuid binaries.

ed9e308... by Matthias Klose on 2010-10-07

Import patches-unapplied version 2.11.1-0ubuntu7.4 to ubuntu/lucid-proposed

Imported using git-ubuntu import.

Changelog parent: 81a1be49d73482f6173578fd719e9bb0292ef0a4

New changelog entries:
  * Fix issue #12092, strstr broken for some inputs on pre-SSE4 machines.
    LP: #655463.

81a1be4... by Matthias Klose on 2010-07-28

Import patches-unapplied version 2.11.1-0ubuntu7.3 to ubuntu/lucid-proposed

Imported using git-ubuntu import.

Changelog parent: 580c60854c5f9a2819fdfc7e6869d424cbac707b

New changelog entries:
  * BZ#5553: Fix invalid assertion in case of main_arena being used,
    patch taken from trunk/2.12. LP: #490024.

580c608... by Matthias Klose on 2010-06-03

Import patches-unapplied version 2.11.1-0ubuntu7.2 to ubuntu/lucid-proposed

Imported using git-ubuntu import.

Changelog parent: 61657f141c96e879512b56301f3a66605499012b

New changelog entries:
  * Fix issues in x86 memset-sse2.S/memset-sse2-rep.S. LP: #587055.
  * Apply from the 2.11-x86 branch: x86-64 SSE4 optimized memcmp. LP: #589136.