ubuntu/+source/glibc:ubuntu/hardy-security

Last commit made on 2012-12-17
Get this branch:
git clone -b ubuntu/hardy-security https://git.launchpad.net/ubuntu/+source/glibc
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/hardy-security
Repository:
lp:ubuntu/+source/glibc

Recent commits

4bfedaa... by Marc Deslauriers on 2012-12-15

Import patches-unapplied version 2.7-10ubuntu8.3 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: 5a60a85ec94e5a7ccd94547f8ca5b1bf151d88cf

New changelog entries:
  * debian/patches/any/strtod_overflow_bug7066.patch: Fix array
    overflow in floating point parser triggered by applying patch for
    CVE-2012-3480 (LP: #1090740)

5a60a85... by Steve Beattie on 2012-09-28

Import patches-unapplied version 2.7-10ubuntu8.2 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: 26b3b387b02d2a221cdb6212dbfe7e4a82475133

New changelog entries:
  * SECURITY UPDATE: buffer overflow in vfprintf handling
    - debian/patches/any/CVE-2012-3404.patch: Fix allocation when
      handling positional parameters in printf.
    - CVE-2012-3404
  * SECURITY UPDATE: buffer overflow in vfprintf handling
    - debian/patches/any/CVE-2012-3405.patch: fix extension of array
    - CVE-2012-3405
  * SECURITY UPDATE: stack buffer overflow in vfprintf handling
    (LP: #1031301)
    - debian/patches/any/CVE-2012-3406.patch: switch to malloc when
      array grows too large to handle via alloca extension
    - CVE-2012-3406
  * SECURITY UPDATE: stdlib strtod integer/buffer overflows
    - debian/patches/any/CVE-2012-3480.patch: rearrange calculations
      and modify types to void integer overflows
    - CVE-2012-3480
  * debian/expected_test_summary: update expected results to prevent FTBFS

26b3b38... by Steve Beattie on 2012-03-06

Import patches-unapplied version 2.7-10ubuntu8.1 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: ab0c0367acec608db411d907242866c0490995c0

New changelog entries:
  * SECURITY UPDATE: timezone header parsing integer overflow (LP: #906961)
    - debian/patches/any/glibc-CVE-2009-5029.patch: Check values from
      TZ file header
    - CVE-2009-5029
  * SECURITY UPDATE:
    - debian/patches/any/submitted-nis-shadow.diff remove encrypted
      passwords from passwd entries, and add them in shadow entries and
      fix incorrect password overwriting
    - CVE-2010-0015
  * SECURITY UPDATE: memory consumption denial of service in fnmatch
    - debian/patches/any/glibc-CVE-2011-1071.patch: avoid too much
      stack use in fnmatch.
    - CVE-2011-1071
  * SECURITY UPDATE: /etc/mtab corruption denial of service
    - debian/patches/any/glibc-CVE-2011-1089.patch: Report write
      error in addmnt even for cached streams
    - CVE-2011-1089
  * SECURITY UPDATE: insufficient locale environment sanitization
    - debian/patches/any/glibc-CVE-2011-1095.patch: escape contents of
      LANG environment variable.
    - CVE-2011-1095
  * SECURITY UPDATE: ld.so insecure handling of privileged programs'
    RPATHs with $ORIGIN
    - debian/patches/any/glibc-CVE-2011-1658.patch: improve handling of
      RPATH and ORIGIN
    - CVE-2011-1658
  * SECURITY UPDATE: fnmatch integer overflow
    - debian/patches/any/glibc-CVE-2011-1659.patch: check size of
      pattern in wide character representation
    - CVE-2011-1659
  * SECURITY UPDATE: signedness bug in memcpy_ssse3
    - debian/patches/any/glibc-CVE-2011-2702.patch: use unsigned
      comparison instructions
    - CVE-2011-2702
  * SECURITY UPDATE: DoS in RPC implementation (LP: #901716)
    - debian/patches/any/glibc-CVE-2011-4609.patch: nanosleep when too
      many open fds is detected
    - CVE-2011-4609
  * SECURITY UPDATE: vfprintf nargs overflow leading to FORTIFY
    check bypass
    - debian/patches/any/glibc-CVE-2012-0864.patch: check for integer
      overflow
    - CVE-2012-0864

ab0c036... by Kees Cook on 2011-01-11

Import patches-unapplied version 2.7-10ubuntu8 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: 607a9c710544acc0f7ad3a3411a3c2ccf692c6a0

New changelog entries:
  * SECURITY UPDATE: setuid iconv users could load arbitrary libraries.
    - debian/patches/any/dst-expansion-fix.diff: refresh with new
      proposed solution, avoiding iconv issues.
    - any/cvs-check-setuid-on-audit.diff: upstream fix for CVE-2010-3856,
      which was already had a work-around in 2.7-10ubuntu7.

607a9c7... by Kees Cook on 2010-10-22

Import patches-unapplied version 2.7-10ubuntu7 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: c32ebbb5f6e5f0062933c5a9a5d3fe371b61fd3b

New changelog entries:
  * SECURITY UPDATE: root escalation via LD_AUDIT DST expansion.
    - debian/patches/any/dst-expansion-fix.diff: upstream fixes.
    - CVE-2010-3847
    - debian/patches/any/disable-ld_audit.diff: turn off LD_AUDIT
      for setuid binaries.

c32ebbb... by Kees Cook on 2010-05-19

Import patches-unapplied version 2.7-10ubuntu6 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: 2440dbb480757899ed3f9076a42c4ddb185246b2

New changelog entries:
  * SECURITY UPDATE: integer overflow in strfmon() might lead to arbitrary
    code execution.
    - debian/patches/any/git-strfmon-overflow.diff: backport from upstream.
    - CVE-2008-1391
  * SECURITY UPDATE: newlines not escaped in /etc/mtab.
    - debian/patches/any/git-mntent-newline-escape.diff: upstream fixes.
    - CVE-2010-0296
  * SECURITY UPDATE: arbitrary code execution from ELF headers (LP: #542197).
    - debian/patches/any/git-fix-dtag-cast.diff: upstream fixes.
    - CVE-2010-0830
  * debian/patches/any/git-readdir-padding.diff: fix readdir padding when
    processing getdents64() in a 32-bit execution environment (LP: #392501).

2440dbb... by Kees Cook on 2009-07-30

Import patches-unapplied version 2.7-10ubuntu5 to ubuntu/hardy-proposed

Imported using git-ubuntu import.

Changelog parent: bb36bf35588c191a0d92471c802febebe000f19e

New changelog entries:
  * stack-guard-quick-randomization.diff: use stack guard randomimzation
    patch from Intrepid (along with Jaunty tests patch) to stop using static
    sentinel (LP: #275493).

bb36bf3... by Matthias Klose on 2008-09-12

Import patches-unapplied version 2.7-10ubuntu4 to ubuntu/hardy-proposed

Imported using git-ubuntu import.

Changelog parent: 5ff559fa5e5e5d621173ba8bde7b713f4d0cd281

New changelog entries:
  * glibc fixes for hardy. LP: #269299.
  * Fix vscanf define in strict C99 or POSIX mode. LP: #234893.
  * Merge changes from glibc-2.7-11, -12 and -13:
    - Cherry-pick upstream fixes with respect to locale rwlocks, merge them into
      patches/any/cvs-strerror_r.diff. Closes: #489906.
    - patches/any/cvs-getaddrinfo.diff: new patch from CVS to correctly
      initialize internal resolver structures in getaddrinfo(). Closes:
      #489586.
    - patches/any/cvs-iconv-braces.diff: new patch from upstream to fix various
      iconv bugs.
    - local/manpages/nscd.conf.5: update nscd.conf manpage. Closes: #482505.

5ff559f... by Matthias Klose on 2008-04-04

Import patches-unapplied version 2.7-10ubuntu3 to ubuntu/hardy

Imported using git-ubuntu import.

Changelog parent: ddd24ffdaeb4e9dd219cd2ddbf79bb0788876d64

New changelog entries:
  * Probably built on the good buildds last time; pessimize expected
    test results on ia64, i386.
  * debian/expected_test_summary: Fix typos in expected sparc results.

ddd24ff... by Matthias Klose on 2008-04-04

Import patches-unapplied version 2.7-10ubuntu2 to ubuntu/hardy

Imported using git-ubuntu import.

Changelog parent: f64be5a081ca0c3d47a86c29b1eeab89a8392d5f

New changelog entries:
  * Adjust debian/expected_test_summary:
    - Fix typo for i386 xen.
    - crypt/sha512c fails on i386 (log-test-i486-linux-gnu-libc), but not on
      the PPA build.
    - Add current results for ia64, powerpc, sparc.