lp://staging/ubuntu/oneiric-updates/eglibc

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

242. By Adam Conrad on 2012-11-14

* Pull three interdependent patches from Debian to fix AVX detection
  problems on kernels or CPUs that lack support for it (LP: #979003):
  - amd64/cvs-avx-detection.diff: Improved detection on old kernels.
  - amd64/cvs-dl_trampoline-cfi.diff: fix CFI in dl_trampoline code.
  - amd64/cvs-avx-osxsave.diff: Disable AVX without OSXAVE support.

241. By Steve Beattie on 2012-09-18

* SECURITY UPDATE: buffer overflow in vfprintf handling
  - debian/patches/any/CVE-2012-3404.patch: Fix allocation when
    handling positional parameters in printf.
  - CVE-2012-3404
* SECURITY UPDATE: buffer overflow in vfprintf handling
  - debian/patches/any/CVE-2012-3405.patch: fix extension of array
  - CVE-2012-3405
* SECURITY UPDATE: stack buffer overflow in vfprintf handling
  (LP: #1031301)
  - debian/patches/any/CVE-2012-3406.patch: switch to malloc when
    array grows too large to handle via alloca extension
  - CVE-2012-3406
* SECURITY UPDATE: stdlib strtod integer/buffer overflows
  - debian/patches/any/CVE-2012-3480.patch: rearrange calculations
    and modify types to void integer overflows
  - CVE-2012-3480

240. By Steve Beattie on 2012-03-06

* SECURITY UPDATE: timezone header parsing integer overflow (LP: #906961)
  - debian/patches/any/glibc-CVE-2009-5029.patch: Check values from
    TZ file header
  - CVE-2009-5029
* SECURITY UPDATE: ld.so insecure handling of privileged programs'
  RPATHs with $ORIGIN
  - debian/patches/any/glibc-CVE-2011-1658.patch: improve handling of
    RPATH and ORIGIN
  - CVE-2011-1658
* SECURITY UPDATE: DoS in RPC implementation (LP: #901716)
  - debian/patches/any/glibc-CVE-2011-4609.patch: nanosleep when too
    many open fds is detected
  - CVE-2011-4609
* SECURITY UPDATE: vfprintf nargs overflow leading to FORTIFY
  check bypass
  - debian/patches/any/glibc-CVE-2012-0864.patch: check for integer
    overflow
  - CVE-2012-0864

239. By Matthias Klose on 2011-10-04

libc6-dev: Don't break the current {gnat,gcj}-4.4-base versons. LP: #853688.

238. By Michael Vogt on 2011-09-30

* debian/control:
  - help the apt resolver with the gcc-4.4 upgrade by providing
    explicit breaks against {gnat,gcc,gcj}-{4.4,4.5}-base (LP: #853688)

237. By Matthias Klose on 2011-09-26

* Fix pthread/fork race/deadlock. LP: #838975.
  - Avoid race between {,__de}allocate_stack and __reclaim_stacks during fork.

* Merge from Debian:

[ Aurelien Jarno ]
* Add debian/patches/cvs-dl_close-scope-handling.diff from upstream to
  fix issues with dl_close() when resolving locally-defined symbols.
  Closes: #625250.
* patches/i386/local-cpuid-level2.diff: fix a typo. Closes: #609389.

236. By Colin Watson on 2011-09-13

Back out Debian r4943 ("Don't include ISO14651 collation rules in
C.UTF-8 locale") for now; this breaks regcomp on character ranges, which
exposed a bug in apt, and seems likely to cause other problems, so is
too risky a change for this point in our release cycle (LP: #848907).

235. By Matthias Klose on 2011-09-09

[ Colin Watson ]
* Revert change from 2.13-17ubuntu2 now that data.tar.xz support is
  deployed in Launchpad. Add Pre-Depends: dpkg (>= 1.15.6) to affected
  packages.

[ Dr. David Alan Gilbert ]
* ARM strchr: mask r1 to char (LP: #842258)

[ Matthias Klose ]
* Merge with Debian (r4955).

234. By Matthias Klose on 2011-08-23

Compress all binary packages using standard compression, to
work around #832354.

233. By Matthias Klose on 2011-08-23

Merge with Debian (r4918).