-
glibc (2.37-0ubuntu2.2) lunar-security; urgency=medium
* SECURITY UPDATE: use-after-free through getcanonname_r plugin call
- debian/patches/any/CVE-2023-4806.patch: copy h_name over and free it at
the end (getaddrinfo).
- CVE-2023-4806
* SECURITY UPDATE: memory leak in getaddrinfo
- debian/patches/any/CVE-2023-5156.patch: fix leak in getaddrinfo
introduced by the fix for CVE-2023-4806.
- CVE-2023-5156
-- Camila Camargo de Matos <email address hidden> Wed, 22 Nov 2023 10:31:12 -0300
-
glibc (2.37-0ubuntu2.1) lunar-security; urgency=medium
* SECURITY UPDATE: DoS and info disclosure via no-aaaa
- debian/patches/any/CVE-2023-4527.patch: pass alt_dns_packet_buffer in
resolv/nss_dns/dns-host.c, add test to resolv/Makefile,
resolv/tst-resolv-noaaaa-vc.c.
- CVE-2023-4527
* SECURITY UPDATE: privilege escalation in ld.so
- debian/patches/any/CVE-2023-4911.patch: terminate immediately if end
of input is reached in elf/dl-tunables.c.
- CVE-2023-4911
-- Marc Deslauriers <email address hidden> Mon, 25 Sep 2023 08:20:52 -0400
-
glibc (2.37-0ubuntu2) lunar; urgency=medium
* d/p/u/lp2007599*.patch: add tunables for s390x (LP: #2007599)
* d/p/any/local-ldso-disable-hwcap: fix compilation error (LP: #2006485)
* d/sysdeps/arm64.mk: enable Memory Tagging Extension (MTE) checking on arm64
(LP: #2006739)
* d/control: declare a Breaks on older cyrus-imapd (LP: #2011326)
* d/control: Fix missing version bumps that could cause issues on upgrades
* Cherry-pick patches from upstream maintenance branch:
- 0001-cdefs-Limit-definition-of-fortification-macros.patch
- 0002-LoongArch-Add-new-relocation-types.patch
- 0003-Use-64-bit-time_t-interfaces-in-strftime-and-strptim.patch
- 0004-Account-for-grouping-in-printf-width-bug-30068.patch
- 0005-NEWS-Document-CVE-2023-25139.patch
- 0006-elf-Smoke-test-ldconfig-p-against-system-etc-ld.so.c.patch
- 0007-stdlib-Undo-post-review-change-to-16adc58e73f3-BZ-27.patch
- 0008-elf-Restore-ldconfig-libc6-implicit-soname-logic-BZ-.patch
-- Simon Chopin <email address hidden> Thu, 16 Mar 2023 09:44:01 +0100
-
glibc (2.37-0ubuntu1) lunar; urgency=medium
* New upstream release
+ d/symbols.wildcard: add GLIBC_2.37 symbol
+ d/libc6.symbols.common: drop libcrypt.so.1, removed upstream
+ d/patches:
- Dropped all upstream patches from stable branch
- localedata/locales-fr.diff refreshed
- riscv64/local-asin-acos-raise-invalid.diff dropped since
it has been implemented upstream
- any/local-ldso-disable-hwcap.diff rebased
=> Do we still need this?
- ubuntu/local-fallback-to-monotonic.diff rebased
- 0001-Ensure-calculations-happen-with-desired-rounding-mod.patch
Dropped, merged upstream
- 0001-Avoid-undefined-behaviour-in-ibm128-implementation-o.patch
Dropped, merged upstream
- 0001-Fix-BZ-29463-in-the-ibm128-implementation-of-y1l-too.patch
Dropped, merged upstream
- u/submitted-no-sprintf-pre-truncate.diff: dropped as
-D_FORTIFY_SOURCE=2 has now been the default in Debian for >7 years
without this patch.
* Add io/tst-statx to armhf xfails as it's failing on check-prof
* d/symbols.wildcard: add GLIBC_ABI_DT_RELR symbol introduced back in 2.36
* d/libc6.symbols.common: include libc_malloc_debug.so.0 introduced in 2.34
* d/libc6.symbols.common: remove libSegFault.so dropped in 2.35
-- Simon Chopin <email address hidden> Thu, 02 Feb 2023 10:07:58 +0100
-
glibc (2.36-0ubuntu4) kinetic; urgency=medium
[ Michael Hudson-Doyle ]
* Enable building for the 'arc' architecture. (LP: #1991652)
* Cherry-pick patches from upstream maintenance branch (LP: #1991898):
- 0020-01-scripts-dso-ordering-test.py-Generate-program-run-ti.patch
- 0020-02-elf-Rename-_dl_sort_maps-parameter-from-skip-to-forc.patch
- 0021-elf-Implement-force_first-handling-in-_dl_sort_maps_.patch
- 0022-gconv-Use-64-bit-interfaces-in-gconv_parseconfdir-bu.patch
- 0023-01-x86-include-BMI1-and-BMI2-in-x86-64-v3-level.patch
- 0023-02-x86-64-Require-BMI2-for-AVX2-str-n-casecmp-implement.patch
- 0023-03-x86-64-Require-BMI2-for-AVX2-strcmp-implementation.patch
- 0023-04-x86-64-Require-BMI2-for-AVX2-strncmp-implementation.patch
- 0023-05-x86-64-Require-BMI2-for-AVX2-wcs-n-cmp-implementatio.patch
- 0023-06-x86-64-Require-BMI2-for-AVX2-raw-w-memchr-implementa.patch
- 0023-07-x86-64-Require-BMI2-and-LZCNT-for-AVX2-memrchr-imple.patch
- 0023-08-x86-64-Require-BMI1-BMI2-for-AVX2-strrchr-and-wcsrch.patch
- 0024-nscd-Drop-local-address-tuple-variable-BZ-29607.patch
- 0025-get_nscd_addresses-Fix-subscript-typos-BZ-29605.patch
- 0026-stdlib-Fix-__getrandom_nocancel-type-and-arc4random-.patch
-- Simon Chopin <email address hidden> Fri, 07 Oct 2022 10:13:35 +0200