-
glibc (2.19-18+deb8u10) jessie-security; urgency=medium
* debian/patches/any/local-CVE-2017-1000366-rtld-LD_AUDIT.diff,
debian/patches/any/local-CVE-2017-1000366-rtld-LD_LIBRARY_PATH.diff,
debian/patches/any/local-CVE-2017-1000366-rtld-LD_PRELOAD.diff: add
patches to protect the dynamic linker against stack clashes
(CVE-2017-1000366).
* debian/patches/any/cvs-hwcap-AT_SECURE.diff: patch backported from
upstream to disable HWCAP for AT_SECURE programs.
-- Aurelien Jarno <email address hidden> Fri, 16 Jun 2017 23:13:21 +0200
-
glibc (2.19-18+deb8u9) stable; urgency=medium
* Remove patches/any/cvs-resolv-internal-qtype.diff, it breaks the
libnss/libnss-dns ABI. Reopens: #796106.
-- Aurelien Jarno <email address hidden> Thu, 27 Apr 2017 23:00:02 +0200
-
glibc (2.19-18+deb8u7) stable; urgency=medium
[ Aurelien Jarno ]
* Update from upstream stable branch:
- Do not unconditionally use the fsqrt instruction on 64-bit PowerPC
CPUs. Closes: #843904.
* debian/patches/any/cvs-hesiod-resolver.diff: patch from upstream to
fix a regression introduced by cvs-resolv-ipv6-nameservers.diff in
hesiod. Closes: #821358.
* debian/sysdeps/{amd64,i386,x32}.mk: disable lock elision (aka Intel TSX)
on x86 architectures. This causes programs (wrongly) unlocking an already
unlocked mutex to abort. More importantly most of the other distributions
decided to disable it, so we don't want to be the only distribution left
testing this code path.
-- Aurelien Jarno <email address hidden> Thu, 24 Nov 2016 23:48:11 +0100
-
glibc (2.19-18+deb8u6) stable; urgency=medium
* Update from upstream stable branch:
- Fix backtrace hang on armel/armhf, possibly causing a minor
denial-of-service vulnerability (CVE-2016-6323). Closes: #834752.
- Fix open and openat functions with O_TMPFILE. Closes: #832521.
- Drop debian/patches/any/cvs-ld_pointer_guard.diff (merged upstream).
- Drop debian/patches/any/cvs-mangle-tls_dtor_list.diff (merged upstream).
- Drop debian/patches/any/cvs-strxfrm-buffer-overflows.diff (merged
upstream).
* debian/patches/any/submitted-resolv-ipv6-nameservers.diff: replace by
patch cvs-resolv-ipv6-nameservers.diff taken from upstream. This fixes
mtr on systems using only IPv6 nameservers. Closes: #818281.
-- Aurelien Jarno <email address hidden> Sat, 03 Sep 2016 22:39:43 +0200
-
glibc (2.19-18+deb8u4) stable; urgency=medium
[ Aurelien Jarno ]
* Update from upstream stable branch:
- Fixes bug18240 failing with a timeout on machines with a lot of swap.
* patches/any/cvs-grantpt-pty-owner.diff: new patch from upstream to
improve granpt when /dev/pts is not mounted with the correct options.
* rules.d/debhelper.mk: only install pt_chown when built.
* sysdeps/linux.mk: don't build pt_chown (CVE-2013-2207). Closes: #717544.
-- Aurelien Jarno <email address hidden> Sat, 27 Feb 2016 23:17:33 +0100
-
glibc (2.19-18+deb8u2) stable; urgency=medium
[ Aurelien Jarno ]
* Update from upstream stable branch:
- Fix getaddrinfo sometimes returning uninitialized data with nscd.
Closes: #798515.
- Fix data corruption while reading the NSS files database
(CVE-2015-5277). Closes: #799966.
- Fix buffer overflow (read past end of buffer) in internal_fnmatch.
- Fix _IO_wstr_overflow integer overflow.
- Fix unexpected closing of nss_files databases after lookups,
causing denial of service (CVE-2014-8121). Closes: #779587.
- Fix NSCD netgroup cache. Closes: #800523.
* patches/any/cvs-ld_pointer_guard.diff: new patch from upstream to
unconditionally disable LD_POINTER_GUARD. Closes: #798316, #801691.
* patches/any/cvs-mangle-tls_dtor_list.diff: new patch from upstream to
mangle function pointers in tls_dtor_list. Closes: #802256.
* patches/any/cvs-strxfrm-buffer-overflows.diff: new patch from upstream
to fix memory allocations issues that can lead to buffer overflows on
the stack. Closes: #803927.
[ Henrique de Moraes Holschuh ]
* Replace patches/amd64/local-blacklist-on-TSX-Haswell.diff by
local-blacklist-for-Intel-TSX.diff also blacklisting some Broadwell
models. Closes: #800574.
-- Aurelien Jarno <email address hidden> Mon, 28 Dec 2015 21:39:40 +0100
-
glibc (2.19-18+deb8u1) stable; urgency=medium
[ Aurelien Jarno ]
* Update from upstream stable branch:
- Fix pthread_mutex_trylock with lock elision. Closes: #759197,
#788999.
- Fix gprof entry point on ppc64el. Closes: #794222.
- Fix a buffer overflow in getanswer_r (CVE-2015-1781).
Closes: #796105.
-- Aurelien Jarno <email address hidden> Sat, 29 Aug 2015 10:56:31 +0200
-
glibc (2.19-18) unstable; urgency=medium
[ Aurelien Jarno ]
* debhelper.in/locales.templates: allow the C.UTF-8 locale to be
selected as the default locale. Closes: #782241.
-- Aurelien Jarno <email address hidden> Tue, 14 Apr 2015 19:50:11 +0200
-
glibc (2.19-17) unstable; urgency=medium
[ Adam Conrad ]
* debian/rules.d/debhelper.mk: Unconditionally create tmp.substvars.
Closes: #780431.
-- Aurelien Jarno <email address hidden> Sat, 14 Mar 2015 10:17:56 +0100
-
glibc (2.19-16) unstable; urgency=medium
[ Samuel Thibault ]
* patches/hurd-i386/cvs-libpthread-dlopen.diff: New patch to allow
libpthread.so to be dynamically loaded from a dlopened library.
* patches/hurd-i386/cvs-libpthread-libc-lockP{,2}.diff: New patch to
dynamically call pthread functions from libc.
[ Aurelien Jarno ]
* We have a transition mechanism for the locales, as the Debian archive
used to expose arch:all packages on all architectures even when the
corresponding arch:any package is not available yet. This has been
fixed long time ago, the transition mechanism has not been used
correctly for a lot of time and has been broken by the split out of
libc-bin. The breakage has been partially fixed by the "Breaks: locales
(<< 2.19)" added to libc6. It's now time to add the missing "Depends:
libc-bin (>> 2.19)" to locales and remove the transition mechanism.
Closes: #583088, #779442
* patches/any/cvs-ldconfig-aux-cache.diff: new patch from upstream to
ignore corrupted aux-cache instead of segfaulting. Closes: #759530.
-- Aurelien Jarno <email address hidden> Thu, 12 Mar 2015 22:00:40 +0100
-
glibc (2.19-15) unstable; urgency=medium
[ Aurelien Jarno ]
* debian/patches/any/cvs-wscanf.diff: new patch from upstream to fix a
heap buffer overflow in wscanf (CVE-2015-1472, CVE-2015-1473). Closes:
#777197.
-- Aurelien Jarno <email address hidden> Sun, 08 Feb 2015 15:54:37 +0100
-
glibc (2.19-13) unstable; urgency=medium
[ Aurelien Jarno ]
* kfreebsd/local-fbtl.diff: update to revision 5677 (from glibc-bsd).
Workarounds a kfreebsd 9.0 to 10.1 ABI break. Closes: #740509.
* patches/hppa/cvs-sigrtmin.diff: backport patch from upstream to change
__SIGRTMIN to match other architectures. Closes: #766605.
* patches/amd64/cvs-slow-sse42.diff: backport patch from upstream to fix
a performance issue with strcmp and friends functions on some machines.
* patches/any/cvs-regex-alloca.diff: new patch from upstream to fix a
segmentation fault in regex in case of heap allocation failure. Closes:
#767225.
* Don't fail to build in case of testsuite regressions, so that changes
in the environment (e.g.: kernel) do not prevent security or stable
versions to be built. It will be re-enabled after the Jessie release.
* debian/control.in/main: build-depends on debhelper (>= 9.20141010) to
get Build-Profiles features. This fixes the following lintian warning:
restriction-formula-with-debhelper-without-debhelper-version.
[ Samuel Thibault ]
* hurd-i386/cvs-libpthread.diff: Update to Sun Nov 2.
* hurd-i386/libpthread_clean.diff: Refresh, most of it merged into
cvs-libpthread.diff.
* hurd-i386/cvs-libpthread-pthread_condattr_setclock.diff,
cvs-libpthread_guardsize.diff, cvs-libpthread_std_thread.diff: Remove,
merged into cvs-libpthread.diff.
-- Aurelien Jarno <email address hidden> Thu, 06 Nov 2014 20:28:41 +0100
-
glibc (2.19-12) unstable; urgency=medium
[ Samuel Thibault ]
* patches/hurd-i386/tg-thread-cancel.diff: Update patch from upstream, fixes
a rare deadlock.
* patches/hurd-i386/local-libpthread-stacksize.diff: New patch to make
libpthread stacks size default to 8MiB like on Linux, to avoid surprises
with packages which assume the Linuxish default.
* patches/hurd-i386/tg-poll_errors_fixes.diff: Update patch, fixes
select returned value in case of errors. Closes: #764840.
[ Petr Salinger ]
* update testsuite-checking/expected-results-*-kfreebsd-gnu-*
under 10.x kernels, provided by Steven Chamberlain. Closes: #762404.
[ Aurelien Jarno ]
* Remove mtrace(1) and pldd(1) manpages, provided by the manpages package
starting with version 3.74.
* debian/control.in/*: update the syntax of the Build-Profiles field and
build depends on dpkg-dev (>= 1.17.14) to get the new feature. Closes:
#764274.
* Remove libc6-prof package as it's broken for years and there are better
way to profile code nowadays. Closes: #760450.
* patches/amd64/local-blacklist-on-TSX-Haswell.diff: new patch from
Henrique de Moraes Holschuh to disable TSX on processors which might get
it disable through a microcode update. Closes: #762195.
* Install French, German, Polish and Spanish version of validlocale(8)
manpage. Add a Replaces: manpages-fr-extra (<= 20141008).
* Update French manpages translations, by David Prévot. Closes: #715289.
* Update German manpages translations, by Helge Kreutzmann. Closes: #717979.
* kfreebsd/local-fbtl.diff: update to revision 5651 (from glibc-bsd).
Workarounds a kfreebsd 9.0 to 10.1 ABI break. Closes: #740509.
* patches/any/cvs-CVE-2014-6040.diff: new patch from upstream to fix crashes
on invalid input in IBM gconv modules (CVE-2014-6040).
* patches/any/cvs-check_pf-infinite-loop.diff: new patch from upstream to
fix an infinite loop in infinite loop in check_pf.
* patches/any/local-static-dlopen-search-path.diff: new patch to re-enable
default search path for dlopen() in static libraries. Closes: #754813,
#757941.
[ Helmut Grohne ]
* debian/patches/any/local-bootstrap-headers.diff: Update to handle
stubs-$abi.h which is required for multilib bootstraps. Closes: #756473
-- Aurelien Jarno <email address hidden> Wed, 22 Oct 2014 20:01:11 +0200
-
glibc (2.19-11) unstable; urgency=medium
[ Samuel Thibault ]
* patches/hurd-i386/tg-thread-cancel.diff: Update patch against two other
overzealous assertions.
* patches/hurd-i386/submitted-bind_umask.diff: Split into cvs-bind_umask.diff
and submitted-bind_umask2.diff as requested by upstream.
* patches/hurd-i386/cvs-fork_ss_hang.diff: New patch which fixes some dash
hangs.
* patches/hurd-i386/cvs-libpthread_guardsize.diff: Add another guard size
computation fix. Fixes gcj's boehm-gc. Closes: #760076.
[ Aurelien Jarno ]
* debian/control.in/main: Build-Depends on dpkg (>= 1.17.11) instead of
dpkg-dev (>= 1.17.1). Closes: #759495.
* debian/debhelper.in/libc.{preinst,postinst,postrm}: correctly remove old
conffiles /etc/ld.so.conf.d/i486-{kfreebsd-gnu.conf,gnu-gnu.conf,gnu.conf}.
Closes: #759568.
* Update Italian debconf translation, by Luca Monducci. Closes: #760092.
[ Petr Salinger ]
* kfreebsd/local-fbtl.diff: update to revision 5520 (from glibc-bsd).
Fixes x87 precision mode in newly created pthreads. Closes: #761175.
-- Aurelien Jarno <email address hidden> Fri, 12 Sep 2014 23:49:50 +0200
-
glibc (2.19-10) unstable; urgency=medium
[ Aurelien Jarno ]
* debian/rules: drop the i486 to i586 GNU triplet conversion.
* debian/control.in/main: build-depends on dpkg-dev (>= 1.17.1) and
gcc-4.8 (>= 4.8.3-8) to make sure to get the new i586 GNU triplet on
i386, hurd-i386 and kfreebsd-i386.
* Remove iconv(1), iconvconfig(8), localedef(1) and sprof(1) manpages,
provided by the manpages packages starting with version 3.71.
* patches/any/cvs-CVE-2014-5119.diff: New patch from upstream to remove
support for loadable gconv transliteration modules (CVE-2014-5119).
[ Samuel Thibault ]
* patches/hurd-i386/cvs-libpthread_guardsize.diff: Fix guard size computation.
Fixes the creation of thousands of threads, and thus pulseaudio testsuite.
Closes: #758671.
* patches/hurd-i386/cvs-libpthread_std_thread.diff: New patch to deal with
std::thread using __pthread_key_create to detect presence of libpthread.
Fixes build of webkitgtk and most probably other libstdc++-related
failures.
* patches/hurd-i386/submitted-bind_umask.diff: New patch to fix bind() when
umask is 0000, fixes clamav testsuite. Closes: #759218.
[ Adam Conrad ]
* debian/patches/series: Actually apply the submitted arm64 alignment and
setcontext patches mentioned in 2.19-0experimental0 (closes: #759042)
-- Aurelien Jarno <email address hidden> Wed, 27 Aug 2014 07:13:10 +0200
-
glibc (2.19-9) unstable; urgency=medium
[ Aurelien Jarno ]
* debian/rules.d/control.mk: don't add libc6{,-dev}-{armel,armhf}
packages in debian/control as we don't build them in Debian. New dak
code checks for NEW packages directly in debian/control.
-- Aurelien Jarno <email address hidden> Thu, 14 Aug 2014 17:58:27 +0200
-
glibc (2.19-7) unstable; urgency=high
* debian/patches/localedata/unsubmitted-tst-setlocale3-ENV.diff: Apply
correct environment for the tst-setlocale3 test to find its locales.
-- Adam Conrad <adconrad@0c3.net> Sat, 12 Jul 2014 17:29:20 -0600
-
glibc (2.19-5) unstable; urgency=medium
[ Aurelien Jarno ]
* debian/sysdeps/mips*.mk: replace EGLIBC_PASSES into GLIBC_PASSES.
* debian/patches/alpha/cvs-__pointer_chk_guard.diff: new patch from
upstream to fix testsuite failures on alpha.
* debian/patches/alpha/local-string-functions.diff: disable strcmp
and strncmp as these functions behaves incorrectly when crossing
pages. This fixes badsalttest in the testsuite.
* debian/debhelper.in/libc.postinst: don't run "telinit u" under systemd
Closes: #753725.
* debian/testsuite-checking/expected-results-alpha-linux-gnu-libc: ignore
floating point failures, as alpha is not fully IEEE compliant. Closes:
#753099.
* testsuite-checking/expected-results-*s390*: ignore tst-cancelx17.out
failure, it is due to a bug in the test (see BZ #12683).
[ Helmut Grohne ]
* Rename the bootstrap stage to DEB_BUILD_PROFILES=stage1 to conform
with https://wiki.debian.org/BuildProfileSpec. (Closes: #752480)
* Don't try to install xen headers in i386 bootstrap build, because
they are not built. Closes: #743676.
[ Adam Conrad ]
* debian/patches/alpha/cvs-unwind-backtrace.diff: Backport upstream
fix to enable unwind tables when building the backtrace routines.
-- Aurelien Jarno <email address hidden> Sun, 06 Jul 2014 21:42:09 +0200
-
glibc (2.19-4) unstable; urgency=medium
[ Aurelien Jarno ]
* debian/debhelper.in/libc.{preinst,postrm,postinst}: correctly remove
old ld.so configuration if more than one libc6 package is installed
(multiarch case). Closes: #752389, #752404.
[ Samuel Thibault ]
* patches/hurd-i386/tg-tls-threadvar.diff: Update to fix gcc-4.9 build.
[ Adam Conrad ]
* debian/control.in/main: glibc-source Conflics/Replaces eglibc-source.
* debian/patches/powerpc/local-powerpc8xx-dcbz.diff: Restrict the trap
to 32-bit builds, since the Freescale 8xx CPUs aren't 64-bit capable.
-- Aurelien Jarno <email address hidden> Mon, 23 Jun 2014 20:10:39 +0200