-
glibc (2.31-0ubuntu9.14) focal-security; urgency=medium
* SECURITY UPDATE: use-after-free through getcanonname_r plugin call
- debian/patches/any/CVE-2023-4806.patch: copy h_name over and free it at
the end (getaddrinfo).
- CVE-2023-4806
* SECURITY UPDATE: use-after-free in gaih_inet function
- debian/patches/any/CVE-2023-4813.patch: simplify allocations and fix
merge and continue actions.
- CVE-2023-4813
* debian/testsuite-xfail-debian.mk: add tst-nss-gai-actions and
tst-nss-gai-hv2-canonname to xfails (container tests).
-- Camila Camargo de Matos <email address hidden> Wed, 22 Nov 2023 10:32:50 -0300
-
glibc (2.31-0ubuntu9.12) focal; urgency=medium
* Drop SVE memcpy implementation due to kernel-related performance
regression
glibc (2.31-0ubuntu9.11) focal; urgency=medium
* Drop memcmp arm64 SIMD optimization patch due to performance regression
on Raspberry Pi 3+ and 4
glibc (2.31-0ubuntu9.10) focal; urgency=medium
[ Andrei Gherzan ]
* d/p/lp1910312: Backport upstream fix for SEM_STAT_ANY (LP: #1910312)
[ Simon Chopin ]
* d/p/lp1999551/*: backport mem{cmp,cpy} optimizations for arm64 (LP: #1999551)
* d/p/lp2001932/*: fix segfault in AVX2 strncmp (LP: #2001932)
* d/p/lp2001975/*: fix overflow in AVX2 wcsncmp (LP: #2001975)
-- Simon Chopin <email address hidden> Wed, 26 Jul 2023 09:44:39 +0200
-
glibc (2.31-0ubuntu9.11) focal; urgency=medium
* Drop memcmp arm64 SIMD optimization patch due to performance regression
on Raspberry Pi 3+ and 4
glibc (2.31-0ubuntu9.10) focal; urgency=medium
[ Andrei Gherzan ]
* d/p/lp1910312: Backport upstream fix for SEM_STAT_ANY (LP: #1910312)
[ Simon Chopin ]
* d/p/lp1999551/*: backport mem{cmp,cpy} optimizations for arm64 (LP: #1999551)
* d/p/lp2001932/*: fix segfault in AVX2 strncmp (LP: #2001932)
* d/p/lp2001975/*: fix overflow in AVX2 wcsncmp (LP: #2001975)
-- Simon Chopin <email address hidden> Fri, 07 Jul 2023 10:12:59 +0200
-
glibc (2.31-0ubuntu9.10) focal; urgency=medium
[ Andrei Gherzan ]
* d/p/lp1910312: Backport upstream fix for SEM_STAT_ANY (LP: #1910312)
[ Simon Chopin ]
* d/p/lp1999551/*: backport mem{cmp,cpy} optimizations for arm64 (LP: #1999551)
* d/p/lp2001932/*: fix segfault in AVX2 strncmp (LP: #2001932)
* d/p/lp2001975/*: fix overflow in AVX2 wcsncmp (LP: #2001975)
-- Simon Chopin <email address hidden> Wed, 31 May 2023 17:57:25 +0200
-
glibc (2.31-0ubuntu9.9) focal; urgency=medium
* Disable testsuite on riscv64. It is failing maths tests intermittently in
ways that cannot be a glibc regression and is disabled in later series
anyway.
glibc (2.31-0ubuntu9.8) focal; urgency=medium
* Update for 20.04. (LP: #1951033)
[ Balint Reczey ]
* Cherry-pick upstream patch to fix building with -moutline-atomics
* Prevent rare deadlock in pthread_cond_signal (LP: #1899800)
[ Matthias Klose ]
* Revert: Use DH_COMPAT=8 for dh_strip to fix debug sections for valgrind.
Enables debugging ld.so related issues. (LP: #1918035)
* Don't strip ld.so on armhf. (LP: #1927192)
[ Gunnar Hjalmarsson ]
* d/local/usr_sbin/update-locale: improve sanity checks. (LP: #1892825)
[ Heitor Alves de Siqueira ]
* d/p/u/git-lp1928508-reversing-calculation-of-__x86_shared_non_temporal.patch:
- Fix memcpy() performance regression on x86 AMD systems (LP: #1928508)
[ Aurelien Jarno ]
* debian/debhelper.in/libc.preinst: drop the check for kernel release
> 255 now that glibc and preinstall script are fixed. (LP: #1962225)
[ Michael Hudson-Doyle ]
* libc6 on arm64 is now built with -moutline-atomics so libc6-lse can now be
an empty package that is safe to remove. (LP: #1912652)
* d/patches/u/aarch64-memcpy-improvements.patch: Backport memcpy
improvements. (LP: #1951032)
* Add test-float64x-yn to xfails on riscv64.
-- Michael Hudson-Doyle <email address hidden> Thu, 07 Apr 2022 13:24:41 +1200
-
glibc (2.31-0ubuntu9.8) focal; urgency=medium
* Update for 20.04. (LP: #1951033)
[ Balint Reczey ]
* Cherry-pick upstream patch to fix building with -moutline-atomics
* Prevent rare deadlock in pthread_cond_signal (LP: #1899800)
[ Matthias Klose ]
* Revert: Use DH_COMPAT=8 for dh_strip to fix debug sections for valgrind.
Enables debugging ld.so related issues. (LP: #1918035)
* Don't strip ld.so on armhf. (LP: #1927192)
[ Gunnar Hjalmarsson ]
* d/local/usr_sbin/update-locale: improve sanity checks. (LP: #1892825)
[ Heitor Alves de Siqueira ]
* d/p/u/git-lp1928508-reversing-calculation-of-__x86_shared_non_temporal.patch:
- Fix memcpy() performance regression on x86 AMD systems (LP: #1928508)
[ Aurelien Jarno ]
* debian/debhelper.in/libc.preinst: drop the check for kernel release
> 255 now that glibc and preinstall script are fixed. (LP: #1962225)
[ Michael Hudson-Doyle ]
* libc6 on arm64 is now built with -moutline-atomics so libc6-lse can now be
an empty package that is safe to remove. (LP: #1912652)
* d/patches/u/aarch64-memcpy-improvements.patch: Backport memcpy
improvements. (LP: #1951032)
* Add test-float64x-yn to xfails on riscv64.
-- Michael Hudson-Doyle <email address hidden> Thu, 10 Mar 2022 14:36:19 +1300
-
glibc (2.31-0ubuntu9.7) focal-security; urgency=medium
* SECURITY UPDATE: infinite loop in iconv
- debian/patches/any/CVE-2016-10228-1.patch: rewrite iconv option
parsing in iconv/Makefile, iconv/Versions, iconv/gconv_charset.c,
iconv/gconv_charset.h, iconv/gconv_int.h, iconv/gconv_open.c,
iconv/iconv_open.c, iconv/iconv_prog.c, iconv/tst-iconv-opt.c,
iconv/tst-iconv_prog.sh, intl/dcigettext.c.
- debian/patches/any/CVE-2016-10228-2.patch: handle translation output
codesets with suffixes in iconv/Versions, iconv/gconv_charset.c,
iconv/gconv_charset.h, iconv/gconv_int.h, iconv/iconv_open.c,
iconv/iconv_prog.c, intl/dcigettext.c, intl/tst-codeset.c.
- CVE-2016-10228
* SECURITY UPDATE: buffer over-read in iconv
- debian/patches/any/CVE-2019-25013.patch: fix buffer overrun in EUC-KR
conversion module in iconvdata/bug-iconv13.c, iconvdata/euc-kr.c,
iconvdata/ksc5601.h.
- CVE-2019-25013
* SECURITY UPDATE: another infinite loop in iconv
- debian/patches/any/CVE-2020-27618.patch: fix issue in
iconv/tst-iconv_prog.sh, iconvdata/ibm1364.c.
- CVE-2020-27618
* SECURITY UPDATE: DoS via assert in iconv
- debian/patches/any/CVE-2020-29562.patch: fix incorrect UCS4 inner
loop bounds in iconv/Makefile, iconv/gconv_simple.c,
iconv/tst-iconv8.c.
- CVE-2020-29562
* SECURITY UPDATE: signed comparison issue in ARMv7 memcpy
- debian/patches/any/CVE-2020-6096-pre1.patch: add
support_blob_repeat_allocate_shared in support/blob_repeat.c,
support/blob_repeat.h, support/tst-support_blob_repeat.c.
- debian/patches/any/CVE-2020-6096-1.patch: add test case in
string/Makefile, string/tst-memmove-overflow.c.
- debian/patches/any/CVE-2020-6096-2.patch: mark test as as XFAIL in
string/tst-memmove-overflow.c, sysdeps/arm/Makefile.
- debian/patches/any/CVE-2020-6096-3.patch: fix memcpy and memmove for
negative length in sysdeps/arm/memcpy.S, sysdeps/arm/memmove.S.
- debian/patches/any/CVE-2020-6096-4.patch: fix multiarch memcpy for
negative length in sysdeps/arm/armv7/multiarch/memcpy_impl.S.
- debian/patches/any/CVE-2020-6096-5.patch: remove
string/tst-memmove-overflow XFAIL in sysdeps/arm/Makefile.
- CVE-2020-6096
* SECURITY UPDATE: double-free in nscd
- debian/patches/any/CVE-2021-27645.patch: track live allocation better
in nscd/netgroupcache.c.
- CVE-2021-27645
* SECURITY UPDATE: assertion fail in iconv
- debian/patches/any/CVE-2021-3326.patch: fix assertion failure in
ISO-2022-JP-3 module in iconvdata/Makefile, iconvdata/bug-iconv14.c,
iconvdata/iso-2022-jp-3.c.
- CVE-2021-3326
* SECURITY UPDATE: overflow in wordexp via crafted pattern
- debian/patches/any/CVE-2021-35942.patch: handle overflow in
positional parameter number in posix/wordexp-test.c, posix/wordexp.c.
- CVE-2021-35942
* SECURITY UPDATE: Off-by-one buffer overflow/underflow in getcwd()
- debian/patches/any/CVE-2021-3999.patch: set errno to ERANGE for
size == 1 in sysdeps/posix/getcwd.c.
- CVE-2021-3999
* SECURITY UPDATE: DoS via long svcunix_create path argument
- debian/patches/any/CVE-2022-23218-pre1.patch: add the
__sockaddr_un_set function in include/sys/un.h, socket/Makefile,
socket/sockaddr_un_set.c, socket/tst-sockaddr_un_set.c.
- debian/patches/any/CVE-2022-23218.patch: fix buffer overflow in
sunrpc/svc_unix.c.
- CVE-2022-23218
* SECURITY UPDATE: DoS via long clnt_create hostname argument
- debian/patches/any/CVE-2022-23219.patch: fix buffer overflow in
sunrpc/clnt_gen.c.
- CVE-2022-23219
* debian/rules.d/build.mk: build with --with-default-link=no.
* This package does _NOT_ contain the changes from (2.31-0ubuntu9.5) in
focal-proposed.
-- Marc Deslauriers <email address hidden> Thu, 24 Feb 2022 14:42:40 -0500
-
glibc (2.31-0ubuntu9.5) focal; urgency=medium
* Remove d/patches/u/aarch64-memcpy-improvements.patch again until it can be
verified that it does not regress performance on all microarchitectures.
glibc (2.31-0ubuntu9.4) focal; urgency=medium
* Update for 20.04. (LP: #1951033)
[ Balint Reczey ]
* Revert backporting TLS surplus accounting changes including updating
debian/patches/ubuntu/local-disable-ld_audit.diff
(LP: #1926355, LP: #1926379)
* Don't strip ld.so on armhf. (LP: #1927192)
[ Matthias Klose ]
* Revert: Use DH_COMPAT=8 for dh_strip to fix debug sections for valgrind.
Enables debugging ld.so related issues. (LP: #1918035)
[ Michael Hudson-Doyle ]
* d/local/usr_sbin/update-locale: improve sanity checks. (LP: #1892825)
* d/patches/u/aarch64-memcpy-improvements.patch: Backport memcpy
improvements. (LP: #1951032)
[ Heitor Alves de Siqueira ]
* d/p/u/git-lp1928508-reversing-calculation-of-__x86_shared_non_temporal.patch:
- Fix memcpy() performance regression on x86 AMD systems (LP: #1928508)
-- Michael Hudson-Doyle <email address hidden> Thu, 10 Feb 2022 12:54:20 +1300
-
glibc (2.31-0ubuntu9.4) focal; urgency=medium
* Update for 20.04. (LP: #1951033)
[ Balint Reczey ]
* Revert backporting TLS surplus accounting changes including updating
debian/patches/ubuntu/local-disable-ld_audit.diff
(LP: #1926355, LP: #1926379)
* Don't strip ld.so on armhf. (LP: #1927192)
[ Matthias Klose ]
* Revert: Use DH_COMPAT=8 for dh_strip to fix debug sections for valgrind.
Enables debugging ld.so related issues. (LP: #1918035)
[ Michael Hudson-Doyle ]
* d/local/usr_sbin/update-locale: improve sanity checks. (LP: #1892825)
* d/patches/u/aarch64-memcpy-improvements.patch: Backport memcpy
improvements. (LP: #1951032)
[ Heitor Alves de Siqueira ]
* d/p/u/git-lp1928508-reversing-calculation-of-__x86_shared_non_temporal.patch:
- Fix memcpy() performance regression on x86 AMD systems (LP: #1928508)
-- Michael Hudson-Doyle <email address hidden> Fri, 03 Dec 2021 16:36:14 +1300
-
glibc (2.31-0ubuntu9.3) focal; urgency=medium
[ Aurelien Jarno ]
* debian/patches/any/git-surplus-tls-accounting.diff: backport TLS surplus
accounting from upstream. (Closes: #964141) (LP: #1914044)
[ Balint Reczey ]
* Update debian/patches/ubuntu/local-disable-ld_audit.diff
* Prevent rare deadlock in pthread_cond_signal (LP: #1899800)
* Cherry-pick upstream patch to fix building with -moutline-atomics
* Make libc6 provide libc6-lse on arm64.
Libc6 is now compiled with -moutline-atomics thus the separate binary
package is dropped. (LP: #1912652)
* debian/control: Libc6 should Conflict and Replace libc6-lse
-- Balint Reczey <email address hidden> Mon, 29 Mar 2021 22:11:32 +0200
-
glibc (2.31-0ubuntu9.2) focal; urgency=medium
* Drop check preventing using float128 which breaks new icc (LP: #1895358)
* Detect debconf consistently in libc6.preinst and do not crash if it is
not used (LP: #1902955)
* Ship libc variant compiled for profiling in libc6-prof (LP: #1908307)
* elf: Add endianness markup to ld.so.cache (Closes: #731082) (LP: #1906250)
-- Balint Reczey <email address hidden> Wed, 16 Dec 2020 12:04:55 +0100
-
glibc (2.31-0ubuntu9.1) focal; urgency=medium
[ Michael Hudson-Doyle ]
* Mark tst-getpw as XFAIL on arm64. (LP: #1869364)
[ Matthias Klose ]
* Copy the fully conditionalized x86 variant for math-vector-fortran.h
to /usr/include/finclude. On all architectures. (LP: #1879092)
[ Balint Reczey ]
* debian/gbp.conf: Add initial configuration
* debian/control.in/main: Add Vcs-* pointing to Ubuntu packaging repository
* debian/debhelper.in/libc.preinst: Fix setting LDCONFIG_NOTRIGGER
(LP: #1889190)
* Fall back to calling nanosleep syscall when __clock_nanosleep returns
EINVAL due to CLOCK_REALTIME not being supported (LP: #1871129)
* debian/testsuite-xfail-debian.mk: XFAIL tst-getpw on armhf, too
(LP: #1869364)
* XFAIL stdlib/tst-getrandom (LP: #1891403)
[ Dimitri John Ledkov ]
* debian/patches/powerpc: Cherrypick upstream patches to support POWER10
optimized library loading. LP: #1887989
-- Balint Reczey <email address hidden> Mon, 17 Aug 2020 22:02:52 +0200
-
glibc (2.31-0ubuntu9) focal; urgency=medium
* Ship arm64 variant with LSE support in libc6-lse
* debian/testsuite-xfail-debian.mk: Mark as XFAIL malloc/tst-mxfast
and nptl/tst-mutex10 to fix riscv64 FTBFS.
glibc (2.31-0ubuntu8) focal; urgency=medium
* debian/testsuite-xfail-debian.mk: mark as XFAIL the new tst-system
which is another container test.
-- Balint Reczey <email address hidden> Tue, 14 Apr 2020 21:26:04 +0200
-
glibc (2.31-0ubuntu8) focal; urgency=medium
* debian/testsuite-xfail-debian.mk: mark as XFAIL the new tst-system
which is another container test.
-- Steve Langasek <email address hidden> Wed, 08 Apr 2020 08:03:34 -0700
-
glibc (2.31-0ubuntu7) focal; urgency=medium
* debian/patches/git-updates.diff: update from upstream stable branch.
- Stop ignoring some float tests for the non-default armel multilib variant.
- submitted-stt-gnu-ifunc-detection.patch: Remove, applied upstream.
- 5828bc4523230685ac29a4a882967913255f5666.diff: Remove, applied upstream.
* Merge with Debian packaging 4cb14efd231568673b889a1ddf095457a19a8acb.
- Adjust the version number for the openssh-server break.
* restore__glibc_has_include.diff: Remove, not needed anymore by gcc-N
packages.
* debian/sysdeps/*.mk: stop building libcrypt for multilib packages.
Closes: #951880. LP: #1867432.
-- Matthias Klose <email address hidden> Thu, 02 Apr 2020 16:42:14 +0200
-
glibc (2.31-0ubuntu6) focal; urgency=medium
* Bump dependency on libcrypt1 to the version which fixes the path to
libcrypt.so.1, to avoid files disappearing due to replaces on upgrade.
LP: #18673431.
-- Steve Langasek <email address hidden> Sat, 14 Mar 2020 16:21:20 -0700
-
glibc (2.31-0ubuntu5) focal; urgency=medium
* Move libcrypt1 back from pre-depends to depends; while this works fine
on upgrades, it fails on new installations of libc6+libcrypt1 via apt,
which is relevant for multiarch and therefore not viable.
-- Steve Langasek <email address hidden> Wed, 11 Mar 2020 23:26:31 -0700
-
glibc (2.31-0ubuntu4) focal; urgency=medium
* debian/testsuite-xfail-debian.mk: mark as XFAIL various new tests which
depend on a container setup which does not work correctly with Debian's
multiarch-style layout.
(https://sourceware.org/bugzilla/show_bug.cgi?id=25652)
* Move libcrypt to pre-depends of libc, to ensure libraries possibly
required by essential packages are always present on disk throughout an
upgrade.
* Install the architecture specific math-vector-fortran.h into the multiarch
include dir. LP: #1861353.
-- Steve Langasek <email address hidden> Tue, 10 Mar 2020 23:19:41 -0700
-
glibc (2.31-0ubuntu3) focal; urgency=medium
* Move ldconfig handling to the very TOP of the preinst, before we attempt
to load the debconf module, which requires perl. This properly
localizes the handling of upgrade ordering to libc + libxcrypt instead
of involving other packages.
-- Steve Langasek <email address hidden> Mon, 09 Mar 2020 13:35:19 -0700
-
glibc (2.31-0ubuntu2) focal; urgency=medium
* libcrypt1 breaks/replaces libc6 (<< 2.31). cannot use a pre-depends on
libcrypt1. In the preinst, call ldconfig unconditionally for the first
libc6 depending on libcrypt1
* libc6: Depend on libgcc-sN instead of libgccN.
-- Matthias Klose <email address hidden> Sat, 07 Mar 2020 09:34:11 +0100
-
glibc (2.31-0ubuntu1) focal; urgency=medium
* Merge with current Debian git glibc-2.31.
* debian/patches/git-updates.diff: update from upstream stable branch.
* Ignore test failures for sysvipc/test-sysvmsg, sysvipc/test-sysvsem and
sysvipc/test-sysvshm on 32bit architectures, failing on the xenial kernel,
succeeding on the bionic and focal kernels.
* Restore the __glibc_has_include macro, needed until GCC is rebuilt
to not include this in the fixed-include headers.
* Backport 5828bc4523230685ac29a4a882967913255f5666, making the clone3
syscall known on arm64, fixing misc/tst-glibcsyscalls.
* Ignore some float tests for the non-default armel multilib variant.
https://sourceware.org/ml/libc-alpha/2020-03/msg00074.html
-- Matthias Klose <email address hidden> Fri, 06 Mar 2020 12:06:42 +0100
-
glibc (2.30-0ubuntu3) focal; urgency=medium
* Cherrypick upstream fix for strstr on s390x z15. LP: #1854326
-- Dimitri John Ledkov <email address hidden> Fri, 29 Nov 2019 14:19:57 +0000
-
glibc (2.30-0ubuntu2) eoan; urgency=medium
* Merge with current Debian git, bringing in container-based testsuite fix:
- debian/patches/any/local-test-install.diff: Use install_root rather than
DESTDIR when installing container root, since we override install_root.
* debian/patches/ubuntu/local-pldd-root.diff: Run tst-pldd as root to get us
CAP_SYS_PTRACE, which is disabled by default in Ubuntu for non-root users.
-- Adam Conrad <email address hidden> Mon, 16 Sep 2019 08:56:30 -0600
