-
glibc (2.24-9ubuntu2.2) zesty-security; urgency=medium
* SECURITY UPDATE: LD_LIBRARY_PATH stack corruption
- debian/patches/any/CVE-2017-1000366.patch: Completely ignore
LD_LIBRARY_PATH for AT_SECURE=1 programs
- CVE-2017-1000366
* SECURITY UPDATE: LD_PRELOAD stack corruption
- debian/patches/any/upstream-harden-rtld-Reject-overly-long-LD_PRELOAD.patch:
Reject overly long names or names containing directories in
LD_PRELOAD for AT_SECURE=1 programs.
- debian/patches/any/cve-i686-Add-missing-IS_IN-libc-guards.patch:
prerequisite patch
* debian/patches/any/cvs-harden-glibc-malloc-metadata.patch: add
additional consistency check for 1-byte overflows
* debian/patches/any/cvs-harden-ignore-LD_HWCAP_MASK.patch: ignore
LD_HWCAP_MASK for AT_SECURE=1 programs
-- Steve Beattie <email address hidden> Fri, 16 Jun 2017 11:42:30 -0700
-
glibc (2.24-9ubuntu2) zesty; urgency=medium
* debian/patches/any/cvs-resolv-internal-qtype.diff: Revert to avoid
failure in name resolution on upgrades from yakkety (LP: #1674532)
-- Adam Conrad <email address hidden> Tue, 21 Mar 2017 15:27:15 -0600
-
glibc (2.24-9ubuntu1) zesty; urgency=medium
* Merge with Debian testing, bringing in packaging and upstream fixes.
* debian/patches/any/cvs-ttyname-namespaces.diff: Pull upstream commit
to return ENODEV for ttyname() when /proc/self/fd* point to nonsense
in namespaces (LP: #1669578)
* debian/patches/any/cvs-pthread-free.diff: Pull an upstream commit to
fix use after free in pthread_create() (LP: #1651525)
* debian/patches/powerpc/cvs-lock-elision.diff: Pull upstream commit
to fix write-after-destroy in lock elision on powerpc (LP: #1640518)
glibc (2.24-9) unstable; urgency=medium
[ Samuel Thibault ]
* hurd-i386/tg-libpthread-gsync-mutex.diff: Update patch, fixes trylock
error return.
* hurd-i386/tg-magic-pid.diff: New patch, add support for /proc/self.
* hurd-i386/tg-mlockall.diff: New patch, add support for mlockall.
- control: Bump gnumach-dev build-depend accordingly.
* hurd-i386/tg-gsync-libc.diff: Fix linking against built libmachuser
instead of installed libmachuser.
* libc0.3.symbols.hurd-i386: Add vm_wire_all symbols.
[ Aurelien Jarno ]
* debian/sysdeps/{amd64,i386,x32}.mk: disable lock elision (aka Intel TSX)
on x86 architectures. This causes programs (wrongly) unlocking an already
unlocked mutex to abort. More importantly most of the other distributions
decided to disable it, so we don't want to be the only distribution left
testing this code path. Closes: #850182.
* debian/rules.d/build.mk: pass --no-recursion before -T in the call to tar
to workaround or fix bug#829738. This reduces the size of the glibc-source
package by 40%
* debian/patches/localedata/supported.diff: rename the kk_KZ locale with the
RK1048 charset to kk_KZ.RK1048 to avoid conflicting with the kk_KZ locale
with the PT154 charset. Closes: #847596.
* debian/patches/git-updates.diff: update from upstream stable branch:
- debian/patches/alpha/submitted-math-fixes.diff: Drop, merged upstream.
* patches/any/cvs-resolv-internal-qtype.diff: patch from upstream to fix a
NULL pointer dereference in libresolv when receiving a T_UNSPEC internal
QTYPE (CVE-2015-5180). Closes: #796106.
* Make the package build reproducibly, thanks to Ximin Luo for the patch.
Closes: #783210.
- debian/rules: export SOURCE_DATE_EPOCH when not building with
dpkg-buildpackage.
- debian/rules.d/build.mk: use --clamp-mtime instead of touching the
files.
- debian/rules.d/debhelper.mk: do not chmod +x the shell script, call
it with sh instead.
* debian/rules.d/control.mk: Add the sh3 architecture to libc6_archs.
Closes: #850565.
glibc (2.24-8) unstable; urgency=medium
[ Samuel Thibault ]
* hurd-i386/tg-libc_rwlock_recursive.diff: New patch to work around
fakeroot-tcp issue, see #845930.
* hurd-i386/cvs-hurd_signal.h_c++.diff: New patch to fix building gdb.
* hurd-i386/tg-poll_errors_fixes.diff: Fix port leak.
-- Adam Conrad <email address hidden> Mon, 20 Mar 2017 11:07:30 -0600
-
glibc (2.24-7ubuntu2) zesty; urgency=medium
* Disable lock-elision on all targets to avoid regressions (LP: #1642390)
glibc (2.24-7ubuntu1) zesty; urgency=medium
* Merge with 2.24 from Debian sid, with upstream and packaging updates.
glibc (2.24-7) unstable; urgency=medium
[ Samuel Thibault ]
* hurd-i386/tg-hurdsig-SA_SIGINFO.diff: Fix passing address to legacy SIGBUS
handlers.
* hurd-i386/tg-libpthread-gsync-mutex.diff: New patch to make mutexes use
gsync too.
* hurd-i386/tg-NOFOLLOW.diff: New patch to fix O_NOFOLLOW errors.
* hurd-i386/tg-NOFOLLOW-DIRECTORY.diff: New patch to fix O_NOFOLLOW |
O_DIRECTORY errors.
[ Aurelien Jarno ]
* debian/patches/git-updates.diff: update from upstream stable branch.
* debian/rules: build with -no-pie -fno-PIE. Closes: #845512, #845521.
[ Matthias Klose ]
* Allow to inject the libc-dev dependency on linux-libc-dev by the build
environment.
glibc (2.24-6) unstable; urgency=medium
[ Samuel Thibault ]
* libc0.3.symbols.hurd-i386: Drop removed RPCs.
* hurd-i386/cvs-libpthread.diff: Update to latest upstream version.
- hurd-i386/cvs-libpthread-static-weak.diff: Drop, merged upstream.
- hurd-i386/cvs-pthread-atfork.diff: Drop, merged upstream.
- hurd-i386/cvs-setcancelstate.diff: Drop, merged upstream.
* hurd-i386/tg-libpthread-gsync-spin.diff: New patch to make spinlocks use
gsync too. Thanks Svante Signell for investigating issues with the first
version.
* hurd-i386/tg-ONSTACK.diff: New patch to fix SS_ONSTACK support.
Closes: #551470.
* hurd-i386/tg-extern_inline.diff: Update to upstream.
- hurd-i386/tg-sigstate_thread_reference.diff: Refresh.
- hurd-i386/tg-gsync-libc.diff: Refresh.
* hurd-i386/tg-hurdsig-SA_SIGINFO.diff: Update to upstream.
* hurd-i386/tg-EGREGIOUS-fr.diff: New patch to fix grammar in french
translation.
[ Aurelien Jarno ]
* debian/patches/git-updates.diff: update from upstream stable branch:
- Fix pread/pwrite syscalls on SH4.
- Fix build on powerpc/ppc64el with binutils from trunk. Closes: #843691.
- Fix flexible array usage in gconv.h. Closes: #841304.
- Fix linknamespace parallel test failures. Closes: #844132.
* debian/patches/any/submitted-unicode-9.0.0.diff: proposed patch to update
Unicode support to version 9.0.0. Closes: #842466.
* debian/patches/localedata/locale-C.diff: update to Unicode 9.0.0.
* debian/patches/localedata/submitted-en_AU-date_fmt.diff: improve date_fmt
for en_AU locale. Closes: #841916.
glibc (2.24-5) unstable; urgency=medium
[ Aurelien Jarno ]
* debian/sysdeps/linux.mk: fix cross-compilation by also looking at headers
in $(LINUX_HEADERS).
* debian/testsuite-xfail-debian.mk: allow nptl/tst-stack4 to fail on HPPA.
[ Samuel Thibault ]
* hurd-i386/cvs-libpthread-static-weak.diff: New patch to fix weak
references when linking in libpthread statically.
* hurd-i386/cvs-pthread-atfork.diff: New patch to fix unregistering atfork
handlers at library unload. Closes: #841068.
* debhelper.in/libc-dev.install.hurd-i386: Install libpthread_nonshared.a.
glibc (2.24-4) unstable; urgency=medium
[ Samuel Thibault ]
* hurd-i386/tg-hurdsig-SA_SIGINFO.diff: Fix preemptors and thus
hurd_safe_*.
* hurd-i386/tg-hurdsig-fixes.diff: Fix uninitialized value.
* hurd-i386/submitted-exec_filename.diff: Add missing includes, fix const
warning.
* hurd-i386/cvs-mallocfork.diff: New patch to fix concurrency between
hurd_malloc and fork, triggered by malloc/tst-malloc-fork-deadlock.
* hurd-i386/cvs-libpthread.diff: Update to latest upstream version.
Closes: #839742.
* hurd-i386/libpthread_build.diff: Refresh.
* hurd-i386/libpthread_version.diff: Refresh.
* hurd-i386/unsubmitted-libc_alloca_cutoff.diff: Refresh.
* hurd-i386/cvs-hidden.diff: Drop, merged upstream.
* hurd-i386/cvs-libpthread-2.23.diff: Drop, merged upstream.
* hurd-i386/cvs-libpthread-api.diff: Drop, merged upstream.
* hurd-i386/cvs-libpthread_build.diff: Drop, merged upstream.
* hurd-i386/cvs-libpthread_clean2.diff: Drop, merged upstream.
* hurd-i386/cvs-pt-kill.diff: Drop, merged upstream.
* hurd-i386/libpthread-versions.diff: Drop, merged upstream.
* hurd-i386/libpthread_clean.diff: Drop, merged upstream.
* hurd-i386/libpthread_sigmask.diff: Drop, merged upstream.
* hurd-i386/libpthread_spin-lock.diff: Drop, merged upstream.
* hurd-i386/unsubmitted-libpthread-semaphore.h.diff: Drop, merged upstream.
* hurd-i386/tg-pthread_deps.diff: New patch, fixes references to libc
symbols.
* testsuite-xfail-debian.mk: Clear fixed hurd-i386 test.
* control: Drop hurd dependency from libc-bin: the reason for the dep has
disappeared.
* hurd-i386/unsubmitted-libc_alloca_cutoff.diff: Rename to
hurd-i386/tg-allocalim.diff.
* hurd-i386/unsubmitted-timer_routines.diff: Rename to
hurd-i386/tg-timer_routines.diff.
* hurd-i386/tg-glibc-2.24-restore-malloc-hook.diff: Restore malloc_hook for
now for mach-defpager.
* hurd-i386/cvs-setcancelstate.diff: New patch to work around a bug with
newer libpthread snapshot.
[ Adam Conrad ]
* debian/rules.d/tarball.mk: Apply --no-renames to make the diff readable.
* debian/rules.d/tarball.mk: Avoid filterdiff bugs with git pathspec magic.
* debian/patches/git-updates.diff: Update to 2.24 master to test the above.
[ John David Anglin ]
* debian/patches/hppa/cvs-atomic-machine.diff: New patch from upstream to
fix nptl/tst-stack4 on hppa. Closes: #838574.
[ Aurelien Jarno ]
* debian/sysdeps/linux.mk: Install both kernel and library headers symlinks
using a single for loop.
* debian/sysdeps/linux.mk: Also install a /usr/include/<triplet>/arch
symlink if it exists, needed for the tilegx architecture.
* debian/control.in/main: add a dependency on lsb-base (>= 3.0-6) for ncsd.
* debian/debhelper.in/nscd.init: also invalidate services and netgroup
during reload. Closes: #793649.
* debian/control.in/main, debian/rules.d/debhelper.mk: install nscd systemd
files. Closes: #767707.
* debian/patches/localedata/locale-C.diff: switch back transliterations to
combining. Closes: #840199.
* debian/debhelper.in/locales.postinst: improve locales-all detection.
Closes: #840901.
* debian/patches/i386/local-cpuid-level2.diff: replace by upstream patch
cvs-cpuid-level2.diff.
* debian/control.in/main: slightly relax the build-dependency on g++-6 to
make lintian happy.
-- Adam Conrad <email address hidden> Mon, 05 Dec 2016 05:36:48 -0700
-
glibc (2.24-7ubuntu1) zesty; urgency=medium
* Merge with Debian (2.24-7).
glibc (2.24-7) unstable; urgency=medium
[ Samuel Thibault ]
* hurd-i386/tg-hurdsig-SA_SIGINFO.diff: Fix passing address to legacy SIGBUS
handlers.
* hurd-i386/tg-libpthread-gsync-mutex.diff: New patch to make mutexes use
gsync too.
* hurd-i386/tg-NOFOLLOW.diff: New patch to fix O_NOFOLLOW errors.
* hurd-i386/tg-NOFOLLOW-DIRECTORY.diff: New patch to fix O_NOFOLLOW |
O_DIRECTORY errors.
[ Aurelien Jarno ]
* debian/patches/git-updates.diff: update from upstream stable branch.
* debian/rules: build with -no-pie -fno-PIE. Closes: #845512, #845521.
[ Matthias Klose ]
* Allow to inject the libc-dev dependency on linux-libc-dev by the build
environment.
glibc (2.24-6) unstable; urgency=medium
[ Samuel Thibault ]
* libc0.3.symbols.hurd-i386: Drop removed RPCs.
* hurd-i386/cvs-libpthread.diff: Update to latest upstream version.
- hurd-i386/cvs-libpthread-static-weak.diff: Drop, merged upstream.
- hurd-i386/cvs-pthread-atfork.diff: Drop, merged upstream.
- hurd-i386/cvs-setcancelstate.diff: Drop, merged upstream.
* hurd-i386/tg-libpthread-gsync-spin.diff: New patch to make spinlocks use
gsync too. Thanks Svante Signell for investigating issues with the first
version.
* hurd-i386/tg-ONSTACK.diff: New patch to fix SS_ONSTACK support.
Closes: #551470.
* hurd-i386/tg-extern_inline.diff: Update to upstream.
- hurd-i386/tg-sigstate_thread_reference.diff: Refresh.
- hurd-i386/tg-gsync-libc.diff: Refresh.
* hurd-i386/tg-hurdsig-SA_SIGINFO.diff: Update to upstream.
* hurd-i386/tg-EGREGIOUS-fr.diff: New patch to fix grammar in french
translation.
[ Aurelien Jarno ]
* debian/patches/git-updates.diff: update from upstream stable branch:
- Fix pread/pwrite syscalls on SH4.
- Fix build on powerpc/ppc64el with binutils from trunk. Closes: #843691.
- Fix flexible array usage in gconv.h. Closes: #841304.
- Fix linknamespace parallel test failures. Closes: #844132.
* debian/patches/any/submitted-unicode-9.0.0.diff: proposed patch to update
Unicode support to version 9.0.0. Closes: #842466.
* debian/patches/localedata/locale-C.diff: update to Unicode 9.0.0.
* debian/patches/localedata/submitted-en_AU-date_fmt.diff: improve date_fmt
for en_AU locale. Closes: #841916.
glibc (2.24-5) unstable; urgency=medium
[ Aurelien Jarno ]
* debian/sysdeps/linux.mk: fix cross-compilation by also looking at headers
in $(LINUX_HEADERS).
* debian/testsuite-xfail-debian.mk: allow nptl/tst-stack4 to fail on HPPA.
[ Samuel Thibault ]
* hurd-i386/cvs-libpthread-static-weak.diff: New patch to fix weak
references when linking in libpthread statically.
* hurd-i386/cvs-pthread-atfork.diff: New patch to fix unregistering atfork
handlers at library unload. Closes: #841068.
* debhelper.in/libc-dev.install.hurd-i386: Install libpthread_nonshared.a.
glibc (2.24-4) unstable; urgency=medium
[ Samuel Thibault ]
* hurd-i386/tg-hurdsig-SA_SIGINFO.diff: Fix preemptors and thus
hurd_safe_*.
* hurd-i386/tg-hurdsig-fixes.diff: Fix uninitialized value.
* hurd-i386/submitted-exec_filename.diff: Add missing includes, fix const
warning.
* hurd-i386/cvs-mallocfork.diff: New patch to fix concurrency between
hurd_malloc and fork, triggered by malloc/tst-malloc-fork-deadlock.
* hurd-i386/cvs-libpthread.diff: Update to latest upstream version.
Closes: #839742.
* hurd-i386/libpthread_build.diff: Refresh.
* hurd-i386/libpthread_version.diff: Refresh.
* hurd-i386/unsubmitted-libc_alloca_cutoff.diff: Refresh.
* hurd-i386/cvs-hidden.diff: Drop, merged upstream.
* hurd-i386/cvs-libpthread-2.23.diff: Drop, merged upstream.
* hurd-i386/cvs-libpthread-api.diff: Drop, merged upstream.
* hurd-i386/cvs-libpthread_build.diff: Drop, merged upstream.
* hurd-i386/cvs-libpthread_clean2.diff: Drop, merged upstream.
* hurd-i386/cvs-pt-kill.diff: Drop, merged upstream.
* hurd-i386/libpthread-versions.diff: Drop, merged upstream.
* hurd-i386/libpthread_clean.diff: Drop, merged upstream.
* hurd-i386/libpthread_sigmask.diff: Drop, merged upstream.
* hurd-i386/libpthread_spin-lock.diff: Drop, merged upstream.
* hurd-i386/unsubmitted-libpthread-semaphore.h.diff: Drop, merged upstream.
* hurd-i386/tg-pthread_deps.diff: New patch, fixes references to libc
symbols.
* testsuite-xfail-debian.mk: Clear fixed hurd-i386 test.
* control: Drop hurd dependency from libc-bin: the reason for the dep has
disappeared.
* hurd-i386/unsubmitted-libc_alloca_cutoff.diff: Rename to
hurd-i386/tg-allocalim.diff.
* hurd-i386/unsubmitted-timer_routines.diff: Rename to
hurd-i386/tg-timer_routines.diff.
* hurd-i386/tg-glibc-2.24-restore-malloc-hook.diff: Restore malloc_hook for
now for mach-defpager.
* hurd-i386/cvs-setcancelstate.diff: New patch to work around a bug with
newer libpthread snapshot.
[ Adam Conrad ]
* debian/rules.d/tarball.mk: Apply --no-renames to make the diff readable.
* debian/rules.d/tarball.mk: Avoid filterdiff bugs with git pathspec magic.
* debian/patches/git-updates.diff: Update to 2.24 master to test the above.
[ John David Anglin ]
* debian/patches/hppa/cvs-atomic-machine.diff: New patch from upstream to
fix nptl/tst-stack4 on hppa. Closes: #838574.
[ Aurelien Jarno ]
* debian/sysdeps/linux.mk: Install both kernel and library headers symlinks
using a single for loop.
* debian/sysdeps/linux.mk: Also install a /usr/include/<triplet>/arch
symlink if it exists, needed for the tilegx architecture.
* debian/control.in/main: add a dependency on lsb-base (>= 3.0-6) for ncsd.
* debian/debhelper.in/nscd.init: also invalidate services and netgroup
during reload. Closes: #793649.
* debian/control.in/main, debian/rules.d/debhelper.mk: install nscd systemd
files. Closes: #767707.
* debian/patches/localedata/locale-C.diff: switch back transliterations to
combining. Closes: #840199.
* debian/debhelper.in/locales.postinst: improve locales-all detection.
Closes: #840901.
* debian/patches/i386/local-cpuid-level2.diff: replace by upstream patch
cvs-cpuid-level2.diff.
* debian/control.in/main: slightly relax the build-dependency on g++-6 to
make lintian happy.
-- Matthias Klose <email address hidden> Sat, 26 Nov 2016 19:19:33 +0100
-
glibc (2.24-3ubuntu1) yakkety; urgency=medium
* Merge with 2.24 from Debian sid, bringing in minor packaging changes and
upstream updates, including the security fix for CVE-2016-6323 on ARMv7.
* debian/patches/ubuntu/local-altlocaledir.diff: Updated to latest version
from Martin that limits scope to LC_MESSAGES, fixing segv (LP: #1577460)
* debian/testsuite-xfail-debian.mk: Allow nptl/tst-signal6 to fail on ARM.
-- Adam Conrad <email address hidden> Wed, 05 Oct 2016 14:25:57 -0600