Ubuntu
glibc package

Change logs for glibc source package in Jammy

  1. Jammy (22.04)
  2. Change log 
  • glibc (2.35-0ubuntu3.7) jammy-security; urgency=medium

  * SECURITY UPDATE: OOB write in iconv plugin ISO-2022-CN-EXT
    - debian/patches/any/CVE-2024-2961.patch: fix out-of-bound writes when
      writing escape sequence in iconvdata/Makefile,
      iconvdata/iso-2022-cn-ext.c, iconvdata/tst-iconv-iso-2022-cn-ext.c.
    - CVE-2024-2961

 -- Marc Deslauriers <email address hidden>  Tue, 16 Apr 2024 09:40:36 -0400
  • glibc (2.35-0ubuntu3.6) jammy-security; urgency=medium

  * SECURITY REGRESSION: incorrect processing of address family with nscd
    (LP: #2047155)
    - debian/patches/lp2047155/lp2047155-refactor-bits-for-readability.patch:
      split out line processing for 'label', 'precedence' and 'scopev4' into
      separate functions (gaiconf_inet).
    - debian/patches/lp2047155/lp2047155-avoid-if-to-else-jump.patch: clean up
      another antipattern where code flows from an if condition to its else
      counterpart with a goto (gai_init).
    - debian/patches/lp2047155/lp2047155-refactor-code-for-readability.patch:
      refactor the code and make it easier to follow by removing the confusing
      close_retry goto jump (getaddrinfo).
    - debian/patches/lp2047155/
      lp2047155-get-nscd-addresses-fix-subscript-typos.patch: fix the
      subscript on air->family, which was accidentally set to 'count' when it
      should have remained as 'i' (get_nscd_addresses).
    - CVE-2023-4806

 -- Camila Camargo de Matos <email address hidden>  Tue, 02 Jan 2024 10:22:42 -0300
  • glibc (2.35-0ubuntu3.5) jammy-security; urgency=medium

  * SECURITY UPDATE: use-after-free through getcanonname_r plugin call
    - debian/patches/any/CVE-2023-4806-pre1.patch: sort tests and
      tests-container and put one test per line (nss).
    - debian/patches/any/CVE-2023-4806-pre2.patch: simplify canon name
      resolution (gaih_inet).
    - debian/patches/any/CVE-2023-4806-pre3.patch: fix leak with AI_ALL
      (gaih_inet).
    - debian/patches/any/CVE-2023-4806-pre4.patch: simplify service resolution
      (gaih_inet).
    - debian/patches/any/CVE-2023-4806-pre5.patch: make numeric lookup a
      separate routine (gaih_inet).
    - debian/patches/any/CVE-2023-4806-pre6.patch: split simple gethostbyname
      into its own function (gaih_inet).
    - debian/patches/any/CVE-2023-4806-pre7.patch: split nscd lookup code into
      its own function (gaih_inet).
    - debian/patches/any/CVE-2023-4806-pre8.patch: separate nss lookup loop
      into its own function (gaih_inet).
    - debian/patches/any/CVE-2023-4806-pre9.patch: make gethosts into a
      function (gaih_inet).
    - debian/patches/any/CVE-2023-4806-pre10.patch: split loopback lookup into
      its own function (gaih_inet).
    - debian/patches/any/CVE-2023-4806-pre11.patch: split result generation
      into its own function (gaih_inet).
    - debian/patches/any/CVE-2023-4806-pre12.patch: return EAI_MEMORY on
      allocation failure (gethosts).
    - debian/patches/any/CVE-2023-4806.patch: copy h_name over and free it at
      the end (getaddrinfo).
    - CVE-2023-4806
  * SECURITY UPDATE: use-after-free in gaih_inet function
    - debian/patches/any/CVE-2023-4813.patch: simplify allocations and fix
      merge and continue actions.
    - CVE-2023-4813
  * SECURITY UPDATE: memory leak in getaddrinfo
    - debian/patches/any/CVE-2023-5156.patch: fix leak in getaddrinfo
      introduced by the fix for CVE-2023-4806.
    - CVE-2023-5156

 -- Camila Camargo de Matos <email address hidden>  Wed, 22 Nov 2023 10:18:45 -0300
  • glibc (2.35-0ubuntu3.4) jammy-security; urgency=medium

  * SECURITY UPDATE: privilege escalation in ld.so
    - debian/patches/any/CVE-2023-4911.patch: terminate immediately if end
      of input is reached in elf/dl-tunables.c.
    - CVE-2023-4911

 -- Marc Deslauriers <email address hidden>  Mon, 25 Sep 2023 10:45:50 -0400
  • glibc (2.35-0ubuntu3.3) jammy; urgency=medium

  * Drop SVE patches due to kernal-related performance regression
  * Fix the armhf stripping exception for ld.so (LP: #1927192)

glibc (2.35-0ubuntu3.2) jammy; urgency=medium

  * d/rules.d/debhelper.mk: fix permissions of libc.so (LP: #1989082)
  * Cherry-picks from upstream:
    - d/p/lp1999551/*: arm64 memcpy optimization (LP: #1999551)
    - d/p/lp1995362*.patch: Fix ldd segfault with missing libs (LP: #1995362)
    - d/p/lp2007796*: Fix missing cancellation point in pthread (LP: #2007796)
    - d/p/lp2007599*: add new tunables for s390x (LP: #2007599)
    - d/p/lp2011421/*: Fix crash on TDX-enabled platforms (LP: #2011421)
    - d/p/lp1992159*: Fix socket.h headers for non-GNU compilers (LP: #1992159)

 -- Simon Chopin <email address hidden>  Wed, 26 Jul 2023 10:27:54 +0200
  • glibc (2.35-0ubuntu3.2) jammy; urgency=medium

  * d/rules.d/debhelper.mk: fix permissions of libc.so (LP: #1989082)
  * Cherry-picks from upstream:
    - d/p/lp1999551/*: arm64 memcpy optimization (LP: #1999551)
    - d/p/lp1995362*.patch: Fix ldd segfault with missing libs (LP: #1995362)
    - d/p/lp2007796*: Fix missing cancellation point in pthread (LP: #2007796)
    - d/p/lp2007599*: add new tunables for s390x (LP: #2007599)
    - d/p/lp2011421/*: Fix crash on TDX-enabled platforms (LP: #2011421)
    - d/p/lp1992159*: Fix socket.h headers for non-GNU compilers (LP: #1992159)

 -- Simon Chopin <email address hidden>  Wed, 31 May 2023 17:17:00 +0200
  • glibc (2.35-0ubuntu3.1) jammy; urgency=medium

  * debian/maint: add a script to manage backports of patches from upstream
    maintenance branch.
  * Cherry-pick patches from upstream maintenance branch:
    - 0001-S390-Add-new-s390-platform-z16.patch (LP: #1971612)
    - 0002-powerpc-Fix-VSX-register-number-on-__strncpy_power9-.patch (LP: #1978130)

 -- Michael Hudson-Doyle <email address hidden>  Thu, 07 Jul 2022 11:23:23 +1200
  • glibc (2.35-0ubuntu3) jammy; urgency=medium

  * debian/rules.d/build.mk: build with --with-default-link=no.

 -- Michael Hudson-Doyle <email address hidden>  Fri, 04 Mar 2022 15:54:17 +1300
  • glibc (2.35-0ubuntu2) jammy; urgency=medium

  * d/patches/arm/local-vfp-sysdeps.diff: Restore, and add another EABI
    attribute to hopefully avoid upsetting current binutils.
  * debian/debhelper.in/libc.preinst: drop the check for kernel release
    > 255 now that glibc and preinstall script are fixed. (LP: #1962225)
  * Fix "./debian/rules update-from-upstream" to replace rather than append to
    git-updates.diff.
  * Update d/patches/git-updates.diff:
    - linux: fix accuracy of get_nprocs and get_nprocs_conf [BZ #28865]
    - linux: Use socket-constants-time64.h on tst-socket-timestamp-compat
    - string: Add a testcase for wcsncmp with SIZE_MAX [BZ #28755]
    - x86: Fallback {str|wcs}cmp RTM in the ncmp overflow case [BZ #28896]
    - x86: Test wcscmp RTM in the wcsncmp overflow case [BZ #28896]
    - x86: Fix TEST_NAME to make it a string in tst-strncmp-rtm.c
    - elf: Check invalid hole in PT_LOAD segments [BZ #28838]
    - elf: Replace tst-audit24bmod2.so with tst-audit24bmod2
    - resolv: Fix tst-resolv tests for 2.35 ABIs and later
    - localedef: Update LC_MONETARY handling (Bug 28845)
    - localedata: Do not generate output if warnings were present.
    - localedef: Handle symbolic links when generating locale-archive
    - nptl: Fix cleanups for stack grows up [BZ# 28899]
  * Remove tst-p_align3 from xfails.

 -- Michael Hudson-Doyle <email address hidden>  Fri, 04 Mar 2022 15:38:35 +1300
  • glibc (2.35-0ubuntu1) jammy; urgency=medium

  * New upstream version.
  * Update control files for new version.
  * Remove d/patches/git-updates.diff and refresh other patches.
  * d/patches/localedata/locale-C.diff: Remove as upstream now ships a C
    locale.
  * d/patches/ubuntu/disable-clone3.patch: Remove, electron apps have had
    long enough to get updated now.
  * d/patches/arm/local-vfp-sysdeps.diff: Remove, incompatible with modern
    binutils.
  * d/patches/all/submitted-po-fr-fixes.diff: Remove, included upstream.
  * Stop building the C.UTF-8 locale files separately now that upstream
    includes it, but still include them in the libc-bin package.
  * d/patches/ubuntu/sdt-headers.patch: borrow patch from fedora to fix build
    failure on s390x.
  * Update xfails:
    - tst-cpu-features-cpuinfo{,-static} fail on some builders due to old
      kernels.
    - tst-p_align3: Fails depending on fine details of binutils behaviour.
  * Build with default gcc (i.e. 11).
  * Remove the 'catchsegv' binary from the libc-bin package, removed upstream.
  * Update "./debian/rules update-from-upstream" to work better with how I
    maintain my git tree.
  * Add d/patches/git-updates.diff with first few patches after release:
    - posix: Fix tst-spawn6 terminal handling (BZ #28853)
    - linux: __get_nprocs_sched: do not feed CPU_COUNT_S with garbage [BZ #28850]
    - linux: Fix missing __convert_scm_timestamps (BZ #28860)

 -- Michael Hudson-Doyle <email address hidden>  Fri, 04 Feb 2022 13:59:11 +1300
  • glibc (2.34-0ubuntu3) impish; urgency=medium

  * d/patches/git-updates.diff: Update from release/2.34/master branch.
    - d/patches/ubuntu/Fix-close_range-closefrom-tests.patch,
      d/patches/ubuntu/fix-iconvconfig-directory.diff: removed as now
      upstream.
  * d/patches/ubuntu/disable-clone3.patch: Disable use of clone3 syscall
    to give Electron apps more time to get rebuilt. (LP: #1944468)

 -- Michael Hudson-Doyle <email address hidden>  Tue, 28 Sep 2021 14:38:09 +1300