-
glibc (2.34-0ubuntu3.2) impish-security; urgency=medium
* SECURITY UPDATE: Unexpected return value from realpath()
- debian/patches/any/CVE-2021-3998-pre1.patch: add helpers to create
paths longer than PATH_MAX in support/temp_file.c,
support/temp_file.h.
- debian/patches/any/CVE-2021-3998-1.patch: set errno to ENAMETOOLONG
for result larger than PATH_MAX in stdlib/Makefile,
stdlib/canonicalize.c, stdlib/tst-realpath-toolong.c.
- debian/patches/any/CVE-2021-3998-2.patch: avoid overwriting
preexisting error in stdlib/canonicalize.c.
- CVE-2021-3998
* SECURITY UPDATE: Off-by-one buffer overflow/underflow in getcwd()
- debian/patches/any/CVE-2021-3999-1.patch: set errno to ERANGE for
size == 1 in sysdeps/posix/getcwd.c,
sysdeps/unix/sysv/linux/Makefile,
sysdeps/unix/sysv/linux/tst-getcwd-smallbuff.c.
- debian/patches/any/CVE-2021-3999-2.patch: detect user namespace
support in sysdeps/unix/sysv/linux/tst-getcwd-smallbuff.c.
- CVE-2021-3999
* SECURITY UPDATE: DoS via long svcunix_create path argument
- debian/patches/any/CVE-2022-23218-pre1.patch: add the
__sockaddr_un_set function in include/sys/un.h, socket/Makefile,
socket/sockaddr_un_set.c, socket/tst-sockaddr_un_set.c.
- debian/patches/any/CVE-2022-23218.patch: fix buffer overflow in
sunrpc/Makefile, sunrpc/svc_unix.c, sunrpc/tst-bug28768.c.
- CVE-2022-23218
* SECURITY UPDATE: DoS via long clnt_create hostname argument
- debian/patches/any/CVE-2022-23219.patch: fix buffer overflow in
sunrpc/clnt_gen.c.
- CVE-2022-23219
* debian/rules.d/build.mk: build with --with-default-link=no.
-- Marc Deslauriers <email address hidden> Thu, 24 Feb 2022 14:45:39 -0500
-
glibc (2.34-0ubuntu3) impish; urgency=medium
* d/patches/git-updates.diff: Update from release/2.34/master branch.
- d/patches/ubuntu/Fix-close_range-closefrom-tests.patch,
d/patches/ubuntu/fix-iconvconfig-directory.diff: removed as now
upstream.
* d/patches/ubuntu/disable-clone3.patch: Disable use of clone3 syscall
to give Electron apps more time to get rebuilt. (LP: #1944468)
-- Michael Hudson-Doyle <email address hidden> Tue, 28 Sep 2021 14:38:09 +1300
-
glibc (2.34-0ubuntu2) impish; urgency=medium
* d/patches/ubuntu/Fix-close_range-closefrom-tests.patch: Patch from
upstream to fix test failures in autopkgtest environment (which has a
pair of fds open that the test suite did not cope with).
* d/debhelper.in/libc.postinst: go back to restarting systemd on libc6
upgrade, but carefully. LP: #1942276
-- Michael Hudson-Doyle <email address hidden> Fri, 03 Sep 2021 09:26:51 +1200
-
glibc (2.34-0ubuntu1) impish; urgency=medium
* New upstream version.
* Update patches.
* Adapt to upstream changes to install the dynamic linker in its ABI
location directly by installing it under its SONAME, but still in the
multiarch directory.
* Update xfails.
* d/patches/ubuntu/fix-iconvconfig-directory.diff: fix the directory path
written to the gconv modules cache (BZ #28199).
-- Michael Hudson-Doyle <email address hidden> Thu, 12 Aug 2021 11:15:13 +1200
-
glibc (2.33-0ubuntu9) impish; urgency=medium
* debian/patches/git-updates.diff: update from upstream stable branch
- CVE-2021-33574: The mq_notify function has a potential use-after-free
issue when using a notification type of SIGEV_THREAD and a thread
attribute with a non-default affinity mask.
- [15271] dlfcn function failure after dlmopen terminates process.
- [27646] gethostbyname and NSS crashes after dlmopen.
- x86_64: Remove unneeded static PIE check for undefined weak diagnostic.
-- Matthias Klose <email address hidden> Tue, 13 Jul 2021 08:26:17 +0200
-
glibc (2.33-0ubuntu8) impish; urgency=medium
[ Matthias Klose ]
* Don't strip ld.so (LP: #1927192)
[ Balint Reczey ]
* Don't use DH_COMPAT=8 for stripping udeb packages either
* Drop maintaner script delta cleaning up /var/lib/locales/supported.d/local
Those handled upgrades from Ubuntu << 16.04.
* debian/patches/hurd-i386/: Drop delta of Hurd patches, they are not applied anyway
* Merge 2.31-12 changes from Debian unstable:
- debian/po/de.po: fix encoding declaration. Closes: #986450.
- debian/patches/any/local-rtlddir-cross.diff: drop patch, letting upstream
makefiles to install the dynamic linker symlink directly in the right
location. This fixes the temporary installation done by upstream makefiles
to run some tests in a container. Closes: #973278, #985617.
- debian/rules.d/build.mk: do not create the dynamic linker manually.
- debian/sysdeps/*.mk: do not create the dynamic linker manually for
bi/tri-arch packages.
- debian/rules.d/build.mk: create the soname symlink for ld-2.xx.so, to
avoid its creation later by ldconfig.
- debian/debhelper.in/libc.install, debhelper.in/libc-alt.install,
debhelper.in/libc-udeb.install, debhelper.in/libc-udeb.install.hurd-i386:
adjust given that the dynamic linker symlink is now already at the correct
location.
- debian/patches/git-updates.diff: update from upstream stable branch:
- Fix GLIBC_TUNABLES parsing for AT_SECURE binaries.
- debian/rules.d/build.mk: escape EOL so that $configure_build is correctly
passed to the configure script.
- debian/debhelper.in/libc.preinst: handle the case where debconf
configuration has never been done. Closes: #986180.
- debian/debhelper.in/libc.preinst: fallback to text mode in case 1) debconf
is about to use the dialog frontend with whiptail or frontend and 2) the
corresponding executable is unusable. Closes: #984533.
- debian/rules.d/debhelper.mk: correctly strip libpthread.so for bi/triarch
builds. Closes: #983457.
- debian/patches/hurd-i386/git-tiocflush.diff: Cope with
BSD 4.1-ish ioctl(..., TIOCFLUSH, NULL).
- debian/debhelper.in/libc-udeb.install.hurd-i386: Add missing
libmachuser/libhurduser.
- debian/testsuite-xfail-debian.mk: Update tests.
* debian/patches/git-updates.diff: update from upstream stable branch
- [27892] powerpc: scv ABI error handling fails to check IS_ERR_VALUE
* Keep only armhf ld.so unstripped (LP: #1927192)
-- Balint Reczey <email address hidden> Tue, 01 Jun 2021 18:41:50 +0200
-
glibc (2.33-0ubuntu7) impish; urgency=medium
* debian/patches/git-updates.diff: update from upstream stable branch
- [27648] FAIL: misc/tst-select
- [27651] Performance regression after updating to 2.33
- [27706] select fails to update timeout on error
- [27744] Support different libpthread/ld.so load orders for gdb -p
* Ignore test failures for the profile build on amd64 for now.
-- Matthias Klose <email address hidden> Mon, 03 May 2021 19:45:58 +0200
-
glibc (2.33-0ubuntu6) impish; urgency=medium
* Revert: Use DH_COMPAT=8 for dh_strip to fix debug sections for valgrind.
Enables debugging of ld.so related issues.
* Stop building sf/hf multilibs on armel/armhf.
-- Matthias Klose <email address hidden> Sun, 25 Apr 2021 12:42:49 +0200
-
glibc (2.33-0ubuntu5) hirsute; urgency=medium
* debian/tests/rebuild: Revert printing cpuinfo, this information is already
present in the log.
* debian/control: Libc6 should Conflict and Replace libc6-lse (LP: #1912652)
* Don't support disabling hwcaps on amd64 and arm64.
There is no need for it and it adds extra overhead.
* debian/patches/git-updates.diff: update from upstream stable branch
- [18435] pthread_once hangs when init routine throws an exception
- [23462] Static binary with dynamic string tokens ($LIB, $PLATFORM, $ORIGIN)
crashes
- [27304] pthread_cond_destroy does not pass private flag to futex system calls
- [27537] test-container: Always copy test-specific support files
- [27577] elf/ld.so --help doesn't work
* XFAIL io/tst-stat on s390
-- Balint Reczey <email address hidden> Wed, 31 Mar 2021 15:44:28 +0200