ubuntu/+source/eglibc:ubuntu/trusty-proposed

Last commit made on 2016-04-26
Get this branch:
git clone -b ubuntu/trusty-proposed https://git.launchpad.net/ubuntu/+source/eglibc
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/trusty-proposed
Repository:
lp:ubuntu/+source/eglibc

Recent commits

2b826b9... by Steve Beattie on 2016-04-09

Import patches-unapplied version 2.19-0ubuntu6.8 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 1d8ff4e62ee6f84dc2830355f1ff23a4ccf2323c

New changelog entries:
  * SECURITY UPDATE: buffer overflow in gethostbyname_r and related
    functions
    - debian/patches/any/CVE-2015-1781.diff: take alignment padding
      into account when computing if buffer is too small.
    - CVE-2015-1781
  * SECURITY UPDATE: glibc Name Service Switch (NSS) denial of sevice
    - debian/patches/any/CVE-2014-8121-1.diff: do not close NSS files
      database during iteration.
    - debian/patches/any/CVE-2014-8121-2.diff: Separate internal state
      between getXXent and getXXbyYY NSS calls.
    - CVE-2014-8121
  * SECURITY UPDATE: glibc unbounded stack usage in NaN strtod
    conversion
    - debian/patches/any/CVE-2014-9761-1.diff: Refactor strtod parsing
      of NaN payloads.
    - debian/patches/any/CVE-2014-9761-1.diff: Fix nan functions
      handling of payload strings
    - CVE-2014-9761
  * SECURITY UPDATE: NSS files long line buffer overflow
    - debian/patches/any/CVE-2015-5277.diff: Don't ignore too long
      lines in nss_files
    - CVE-2015-5277
  * SECURITY UPDATE: out of range data to strftime() causes segfault
    (denial of service)
    - debian/patches/any/CVE-2015-8776.diff: add range checks to
      strftime() processing
    - CVE-2015-8776
  * SECURITY UPDATE: glibc honors LD_POINTER_GUARD env for setuid
    AT_SECURE programs (e.g. setuid), allowing disabling of pointer
    mangling
    - debian/patches/any/CVE-2015-8777.diff: Always enable pointer
      guard
    - CVE-2015-8777
  * SECURITY UPDATE: integer overflow in hcreate and hcreate_r
    - debian/patches/any/CVE-2015-8778.diff: check for large inputs
    - CVE-2015-8778
  * SECURITY UPDATE: unbounded stack allocation in catopen()
    - debian/patches/any/CVE-2015-8779.diff: stop using unbounded
      alloca()
    - CVE-2015-8779
  * SECURITY UPDATE: Stack overflow in _nss_dns_getnetbyname_r
    - debian/patches/any/CVE-2016-3075.diff: do not make unneeded
      memory copy on the stack.
    - CVE-2016-3075
  * SECURITY UPDATE: pt_chown privilege escalation
    - debian/patches/any/CVE-2016-2856.diff: grantpt: trust the kernel
      about pty group and permission mode
    - debian/sysdeps/linux.mk: don't build pt_chown
    - debian/rules.d/debhelper.mk: only install pt_chown when built.
    - CVE-2016-2856, CVE-2013-2207
  * debian/debhelper.in/libc.postinst: add reboot notifications for
    security updates (LP: #1546457)
  * debian/patches/ubuntu/submitted-no-stack-backtrace.diff: update
    patch to eliminate compiler warning.

1d8ff4e... by Marc Deslauriers on 2016-02-16

Import patches-unapplied version 2.19-0ubuntu6.7 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: d0383e7b4cd4dfd4058924173fd3342bb8ecafa3

New changelog entries:
  * SECURITY UPDATE: glibc getaddrinfo stack-based buffer overflow
    - debian/patches/any/CVE-2015-7547-pre1.diff: fix memory leak in
      resolv/nss_dns/dns-host.c.
    - debian/patches/any/CVE-2015-7547-pre2.diff: fix memory leak in
      include/resolv.h, resolv/gethnamaddr.c, resolv/nss_dns/dns-canon.c,
      resolv/nss_dns/dns-host.c, resolv/nss_dns/dns-network.c,
      resolv/res_query.c, resolv/res_send.c.
    - debian/patches/any/CVE-2015-7547.diff: fix buffer handling in
      resolv/nss_dns/dns-host.c, resolv/res_query.c, resolv/res_send.c.
    - CVE-2015-7547

d0383e7... by Marc Deslauriers on 2015-02-25

Import patches-unapplied version 2.19-0ubuntu6.6 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: fb932141fb15e048ab5d89b6a952c81c5f68648e

New changelog entries:
  * SECURITY UPDATE: getaddrinfo writes to random file descriptors under
    high load
    - debian/patches/any/cvs-resolv-reuse-fd.diff: reload file descriptor
      after calling reopen in resolv/res_send.c.
    - CVE-2013-7423
  * SECURITY UPDATE: denial of service via endless loop in getaddr_r
    - debian/patches/any/cvs-getnetbyname.diff: iterate over alias names in
      resolv/nss_dns/dns-network.c.
    - CVE-2014-9402
  * SECURITY UPDATE: buffer overflow in wscanf
    - debian/patches/any/cvs-wscanf.diff: calculate correct size in
      stdio-common/vfscanf.c, added test to stdio-common/tst-sscanf.c.
    - CVE-2015-1472
    - CVE-2015-1473

fb93214... by Chris J Arges on 2014-12-04

Import patches-unapplied version 2.19-0ubuntu6.5 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 3bbce49c30069eb28d07365bdc219657c8683b60

New changelog entries:
  * patches/amd64/local-blacklist-on-TSX-Haswell.diff: new patch from
    Henrique de Moraes Holschuh to disable TSX on processors which might get
    it disabled through a microcode update. (LP: #1398975)

3bbce49... by Marc Deslauriers on 2014-12-01

Import patches-unapplied version 2.19-0ubuntu6.4 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 232b11fd7793e1093c9d3e78b1c6ffdc20732ae5

New changelog entries:
  * SECURITY UPDATE: denial of service in IBM gconv modules
    - debian/patches/any/cvs-CVE-2014-6040.diff: fix checks in
      iconvdata/ibm*.c.
    - CVE-2014-6040
  * SECURITY UPDATE: arbitrary command execution via wordexp (LP: #1396471)
    - debian/patches/any/CVE-2014-7817.diff: properly handle WRDE_NOCMD in
      posix/wordexp.c, added tests to posix/wordexp-test.c.
    - CVE-2014-7817

232b11f... by Adam Conrad on 2014-08-28

Import patches-unapplied version 2.19-0ubuntu6.3 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 7a59630ff13f97610691160f0a5130d5654f8c21

New changelog entries:
  * SECURITY UPDATE: heap overflow in __gconv_translit_find() (LP: #1362409)
    - debian/patches/any/cvs-CVE-2014-5119.diff: Backport upstream commit to
      completely remove support for loadable gconv transliteration modules.

7a59630... by Chris J Arges on 2014-08-19

Import patches-unapplied version 2.19-0ubuntu6.2 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 4eba9b36305789b4405baa9fb5ee49aacdd25706

New changelog entries:
  * debian/patches/any/cvs-use-zonedir-instead-of-current.diff: Ensure that
    time zone files are detected correctly. (LP: #1294861)

4eba9b3... by Marc Deslauriers on 2014-07-28

Import patches-unapplied version 2.19-0ubuntu6.1 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: c8020d5a838fd378e5d02f9f7b81b67f55fff913

New changelog entries:
  * SECURITY UPDATE: Directory traversal in locale environment handling
    - debian/patches/any/CVE-2014-0475.diff: validate locale names in
      locale/findlocale.c, locale/setlocale.c, added test to
      localedata/tst-setlocale3.c, localedata/Makefile.
    - CVE-2014-0475
  * SECURITY UPDATE: use-after-free via posix_spawn_file_actions_addopen
    failing to copy the path argument
    - debian/patches/any/CVE-2014-4043.diff: properly copy path in
      posix/spawn_faction_addopen.c, posix/spawn_faction_destroy.c,
      posix/spawn_int.h, added test to posix/tst-spawn.c.
    - CVE-2014-4043

c8020d5... by Adam Conrad on 2014-04-12

Import patches-unapplied version 2.19-0ubuntu6 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 26764ce1127420cc8af47aaded1a9ae10ee3c2bb

New changelog entries:
  * debian/patches/arm64/submitted-setcontext.diff: Update to new version
    of Will's setcontext patch to fix sigmask handling bug (LP: #1306829)

26764ce... by Adam Conrad on 2014-04-10

Import patches-unapplied version 2.19-0ubuntu5 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 357122ad73b20af4d9c06b890eb8decbd42e8178

New changelog entries:
  * Merge with unreleased 2.19 from Debian experimental, fixing more bugs:
    - Pull in arm64 patches to fix setcontext corruption (LP: #1279620)
    - Apply the IBM 2.19 branch for POWER8 bug fixes and optimizations.
    - Change M_CHECK_ACTION to abort if first MALLOC_CHECK_ bit is set.