Last commit made on 2019-04-03
Get this branch:
git clone -b ubuntu/trusty-updates https://git.launchpad.net/ubuntu/+source/eglibc
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information


Recent commits

bd8c368... by Marc Deslauriers on 2019-03-26

Import patches-unapplied version 2.19-0ubuntu6.15 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 3dcd3d12e12c6c4db873f48821cc4cbbf0fc73cd

New changelog entries:
  * Fix NSS loading for static binaries (LP: #1821752)
    - debian/patches/any/local-static-dlopen-search-path.diff: fix static
      dlopen default library search path in elf/dl-support.c.

3dcd3d1... by Chris Coulson on 2018-01-15

Import patches-unapplied version 2.19-0ubuntu6.14 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 53d5734276d6cb3df277dae2644b44f4b62003d4

New changelog entries:
  * SECURITY UPDATE: Memory leak in dynamic loader (ld.so)
    - debian/patches/any/cvs-compute-correct-array-size-in-_dl_init_paths.diff:
      Compute correct array size in _dl_init_paths
    - CVE-2017-1000408
  * SECURITY UPDATE: Buffer overflow in dynamic loader (ld.so)
    - debian/patches/any/cvs-count-components-of-expanded-path-in-_dl_init_paths.diff:
      Count components of the expanded path in _dl_init_path
    - CVE-2017-1000409
  * SECURITY UPDATE: One-byte overflow in glob
    - debian/patches/any/cvs-fix-one-byte-glob-overflow.diff: Fix one-byte
      overflow in glob
    - CVE-2017-15670
  * SECURITY UPDATE: Buffer overflow in glob
    - debian/patches/any/cvs-fix-glob-buffer-overflow.diff: Fix buffer overflow
      during GLOB_TILDE unescaping
    - CVE-2017-15804
  * SECURITY UPDATE: Local privilege escalation via mishandled RPATH / RUNPATH
    - debian/patches/any/cvs-elf-check-for-empty-tokens.diff: elf: Check for
      empty tokens before dynamic string token expansion
    - CVE-2017-16997
  * SECURITY UPDATE: Buffer underflow in realpath()
    - debian/patches/any/cvs-make-getcwd-fail-if-path-is-no-absolute.diff:
      Make getcwd(3) fail if it cannot obtain an absolute path
    - CVE-2018-1000001

53d5734... by Steve Beattie on 2017-06-16

Import patches-unapplied version 2.19-0ubuntu6.13 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 1a0456d94e6ff3dc720bb5fa1bd82ff4a59d24d4

New changelog entries:
    - debian/patches/any/CVE-2017-1000366.patch: Completely ignore
      LD_LIBRARY_PATH for AT_SECURE=1 programs
    - CVE-2017-1000366
  * SECURITY UPDATE: LD_PRELOAD stack corruption
    - debian/patches/any/upstream-harden-rtld-Reject-overly-long-LD_PRELOAD.patch:
      Reject overly long names or names containing directories in
      LD_PRELOAD for AT_SECURE=1 programs.
  * debian/patches/any/cvs-harden-glibc-malloc-metadata.patch: add
    additional consistency check for 1-byte overflows
  * debian/patches/any/cvs-harden-ignore-LD_HWCAP_MASK.patch: ignore
    LD_HWCAP_MASK for AT_SECURE=1 programs

1a0456d... by Steve Beattie on 2017-03-21

Import patches-unapplied version 2.19-0ubuntu6.11 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: f79e76d8b28d5c614bd7e8ec61a124eda9e85cc0

New changelog entries:
  * REGRESSION UPDATE: Previous update introduced ABI breakage in
    internal glibc query ABI
    - Back out patches/any/CVE-2015-5180-regression.diff
      (LP: #1674532)

f79e76d... by Steve Beattie on 2017-03-07

Import patches-unapplied version 2.19-0ubuntu6.10 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 1f2e88af50c7b02cedf555c16fa26e2365de12d7

New changelog entries:
  * SECURITY UPDATE: multiple overflows in strxfrm()
    - patches/any/CVE-2015-8982.diff: Fix memory handling in strxfrm_l
    - CVE-2015-8982
  * SECURITY UPDATE: _IO_wstr_overflow integer overflow
    - patches/any/CVE-2015-8983.diff: Add checks for integer overflow
    - CVE-2015-8983
  * SECURITY UPDATE: buffer overflow (read past end of buffer) in
    - patches/any/CVE-2015-8984.diff: Remove extra increment when
      skipping over collating symbol inside a bracket expression.
    - CVE-2015-8984
  * SECURITY UPDATE: DNS resolver NULL pointer dereference with
    crafted record type
    - patches/any/CVE-2015-5180.diff: Use out of band signaling for
      internal queries
    - CVE-2015-5180
  * SECURITY UPDATE: stack-based buffer overflow in the glob
    - patches/any/CVE-2016-1234.diff: Simplify the interface for the
      GLOB_ALTDIRFUNC callback gl_readdir
    - CVE-2016-1234
  * SECURITY UPDATE: getaddrinfo: stack overflow in hostent conversion
    - patches/any/CVE-2016-3706.diff: Use a heap allocation instead
    - CVE-2016-3706:
  * SECURITY UPDATE: stack exhaustion in clntudp_call
    - patches/any/CVE-2016-4429.diff: Use malloc/free for the error
    - CVE-2016-4429
  * SECURITY UPDATE: ARM32 backtrace infinite loop (DoS)
    - patches/any/CVE-2016-6323.diff: mark __startcontext as
    - CVE-2016-6323
  * debian/testsuite-checking/expected-results-aarch64-linux-gnu-libc,
    Allow nptl/tst-signal6 to fail on ARM, ARM64

1f2e88a... by Steve Beattie on 2016-05-26

Import patches-unapplied version 2.19-0ubuntu6.9 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 2b826b936afe62b935bc574e0b424d2b89e72365

New changelog entries:
  * REGRESSION UPDATE: revert CVE-2014-9761 fix due to added symbol
    dependency from libm to libc (LP: #1585614)
    - debian/patches/any/CVE-2014-9761-2.diff: keep exporting
      __strto*_nan symbols added to libc.

2b826b9... by Steve Beattie on 2016-04-09

Import patches-unapplied version 2.19-0ubuntu6.8 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 1d8ff4e62ee6f84dc2830355f1ff23a4ccf2323c

New changelog entries:
  * SECURITY UPDATE: buffer overflow in gethostbyname_r and related
    - debian/patches/any/CVE-2015-1781.diff: take alignment padding
      into account when computing if buffer is too small.
    - CVE-2015-1781
  * SECURITY UPDATE: glibc Name Service Switch (NSS) denial of sevice
    - debian/patches/any/CVE-2014-8121-1.diff: do not close NSS files
      database during iteration.
    - debian/patches/any/CVE-2014-8121-2.diff: Separate internal state
      between getXXent and getXXbyYY NSS calls.
    - CVE-2014-8121
  * SECURITY UPDATE: glibc unbounded stack usage in NaN strtod
    - debian/patches/any/CVE-2014-9761-1.diff: Refactor strtod parsing
      of NaN payloads.
    - debian/patches/any/CVE-2014-9761-1.diff: Fix nan functions
      handling of payload strings
    - CVE-2014-9761
  * SECURITY UPDATE: NSS files long line buffer overflow
    - debian/patches/any/CVE-2015-5277.diff: Don't ignore too long
      lines in nss_files
    - CVE-2015-5277
  * SECURITY UPDATE: out of range data to strftime() causes segfault
    (denial of service)
    - debian/patches/any/CVE-2015-8776.diff: add range checks to
      strftime() processing
    - CVE-2015-8776
  * SECURITY UPDATE: glibc honors LD_POINTER_GUARD env for setuid
    AT_SECURE programs (e.g. setuid), allowing disabling of pointer
    - debian/patches/any/CVE-2015-8777.diff: Always enable pointer
    - CVE-2015-8777
  * SECURITY UPDATE: integer overflow in hcreate and hcreate_r
    - debian/patches/any/CVE-2015-8778.diff: check for large inputs
    - CVE-2015-8778
  * SECURITY UPDATE: unbounded stack allocation in catopen()
    - debian/patches/any/CVE-2015-8779.diff: stop using unbounded
    - CVE-2015-8779
  * SECURITY UPDATE: Stack overflow in _nss_dns_getnetbyname_r
    - debian/patches/any/CVE-2016-3075.diff: do not make unneeded
      memory copy on the stack.
    - CVE-2016-3075
  * SECURITY UPDATE: pt_chown privilege escalation
    - debian/patches/any/CVE-2016-2856.diff: grantpt: trust the kernel
      about pty group and permission mode
    - debian/sysdeps/linux.mk: don't build pt_chown
    - debian/rules.d/debhelper.mk: only install pt_chown when built.
    - CVE-2016-2856, CVE-2013-2207
  * debian/debhelper.in/libc.postinst: add reboot notifications for
    security updates (LP: #1546457)
  * debian/patches/ubuntu/submitted-no-stack-backtrace.diff: update
    patch to eliminate compiler warning.

1d8ff4e... by Marc Deslauriers on 2016-02-16

Import patches-unapplied version 2.19-0ubuntu6.7 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: d0383e7b4cd4dfd4058924173fd3342bb8ecafa3

New changelog entries:
  * SECURITY UPDATE: glibc getaddrinfo stack-based buffer overflow
    - debian/patches/any/CVE-2015-7547-pre1.diff: fix memory leak in
    - debian/patches/any/CVE-2015-7547-pre2.diff: fix memory leak in
      include/resolv.h, resolv/gethnamaddr.c, resolv/nss_dns/dns-canon.c,
      resolv/nss_dns/dns-host.c, resolv/nss_dns/dns-network.c,
      resolv/res_query.c, resolv/res_send.c.
    - debian/patches/any/CVE-2015-7547.diff: fix buffer handling in
      resolv/nss_dns/dns-host.c, resolv/res_query.c, resolv/res_send.c.
    - CVE-2015-7547

d0383e7... by Marc Deslauriers on 2015-02-25

Import patches-unapplied version 2.19-0ubuntu6.6 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: fb932141fb15e048ab5d89b6a952c81c5f68648e

New changelog entries:
  * SECURITY UPDATE: getaddrinfo writes to random file descriptors under
    high load
    - debian/patches/any/cvs-resolv-reuse-fd.diff: reload file descriptor
      after calling reopen in resolv/res_send.c.
    - CVE-2013-7423
  * SECURITY UPDATE: denial of service via endless loop in getaddr_r
    - debian/patches/any/cvs-getnetbyname.diff: iterate over alias names in
    - CVE-2014-9402
  * SECURITY UPDATE: buffer overflow in wscanf
    - debian/patches/any/cvs-wscanf.diff: calculate correct size in
      stdio-common/vfscanf.c, added test to stdio-common/tst-sscanf.c.
    - CVE-2015-1472
    - CVE-2015-1473

fb93214... by Chris J Arges on 2014-12-04

Import patches-unapplied version 2.19-0ubuntu6.5 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 3bbce49c30069eb28d07365bdc219657c8683b60

New changelog entries:
  * patches/amd64/local-blacklist-on-TSX-Haswell.diff: new patch from
    Henrique de Moraes Holschuh to disable TSX on processors which might get
    it disabled through a microcode update. (LP: #1398975)