[ubuntu/vivid-proposed] glibc 2.19-15ubuntu1 (Accepted)
Adam Conrad
adconrad at ubuntu.com
Mon Feb 9 07:16:27 UTC 2015
glibc (2.19-15ubuntu1) vivid; urgency=medium
* Merge with Debian unstable, bringing in several security and bug fixes
from upstream and swapping some Ubuntu patches for Debian equivalents.
glibc (2.19-15) unstable; urgency=medium
[ Aurelien Jarno ]
* debian/patches/any/cvs-wscanf.diff: new patch from upstream to fix a
heap buffer overflow in wscanf (CVE-2015-1472, CVE-2015-1473). Closes:
#777197.
glibc (2.19-14) unstable; urgency=medium
[ Samuel Thibault ]
* patches/hurd-i386/libpthread_spin-lock.diff: New patch to fix spin-lock.h
inclusion order.
* patches/hurd-i386/tg-WRLCK-upgrade.diff: New patch to fix atomicity of
changing between rd locks and wr locks.
* patches/hurd-i386/cvs-static-dlopen.diff: New patch to fix dlopen from
static binaries, busybox notably.
* control.in/main: Bump mig dependency to get _routines@ symbols, bump
gnumach-dev dependency to get protected payload symbols.
* libc0.3.symbols.hurd-i386: Update symbols.
* patches/hurd-i386/submitted-startup-pid2.diff: Remove, replaced by...
* patches/hurd-i386/tg-reboot-startup.diff: ... new patch to make reboot
lookup startup through /servers/startup instead of guessing its pid and
using its message port.
[ Adam Conrad ]
* debian/rules.d/tarball.mk: Fix update-from-upstream manual/* filter rule.
[ Petr Salinger ]
* kfreebsd/local-sysdeps.diff: update to revision 5688 (from glibc-bsd).
Do not return EINTR from sigwait. Closes: #763705.
[ Aurelien Jarno ]
* debian/patches/any/cvs-wordexp.diff: new patch from upstream to fix a
command execution in wordexp() with WRDE_NOCMD specified (CVS-2014-7817).
* debian/patches/any/cvs-getnetbyname.diff: new patch from upstream to fix
an infinite loop in getnetbyname (CVE-2014-9402). Closes: #775572.
* debian/patches/any/cvs-vfprintf.diff: new patch from ustream to fix a
stack overflow in vfprintf (CVE-2012-3406). Closes: #681888.
* debian/patches/git-updates.diff: update to the latest commit of the 2.19
branch to fix a few buffer overflow, unbounded stack allocation or memory
leaks that have not been (yet ?) tagged as security issue. This branch
includes a few patches already applied manually:
- drop patches/localedata/unsubmitted-tst-setlocale3-ENV.diff (merged
upstream).
- drop patches/s390/cvs-s390-abi-reversal.diff (merged upstream).
- update patches/any/cvs-resolv-first-query-failure.diff
- drop patches/any/cvs-resolv-reuse-fd.diff (merged upstream).
- drop patches/any/cvs-posix_spawn_file_actions_addopen.diff (merged
upstream).
- drop patches/any/cvs-setlocale-alloca.diff (merged upstream).
- drop patches/any/cvs-CVE-2014-0475.diff (merged upstream).
- drop patches/any/cvs-CVE-2014-5119.diff (merged upstream).
- drop patches/any/cvs-CVE-2014-6040.diff (merged upstream).
Date: Sun, 08 Feb 2015 21:52:50 -0700
Changed-By: Adam Conrad <adconrad at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/glibc/2.19-15ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 08 Feb 2015 21:52:50 -0700
Source: glibc
Binary: libc-bin libc-dev-bin glibc-doc glibc-source locales locales-all nscd multiarch-support libc6 libc6-dev libc6-dbg libc6-pic libc6-udeb libc6.1 libc6.1-dev libc6.1-dbg libc6.1-pic libc6.1-udeb libc0.3 libc0.3-dev libc0.3-dbg libc0.3-pic libc0.3-udeb libc0.1 libc0.1-dev libc0.1-dbg libc0.1-pic libc0.1-udeb libc6-i386 libc6-dev-i386 libc6-sparc libc6-dev-sparc libc6-sparc64 libc6-dev-sparc64 libc6-s390 libc6-dev-s390 libc6-amd64 libc6-dev-amd64 libc6-powerpc libc6-dev-powerpc libc6-ppc64 libc6-dev-ppc64 libc6-mips32 libc6-dev-mips32 libc6-mipsn32 libc6-dev-mipsn32 libc6-mips64 libc6-dev-mips64 libc6-armhf libc6-dev-armhf libc6-armel libc6-dev-armel libc0.1-i386 libc0.1-dev-i386 libc6-x32 libc6-dev-x32 libc6-i686 libc6-xen libc0.1-i686 libc0.3-i686 libc0.3-xen libc6.1-alphaev67 libc6-loongson2f libnss-dns-udeb libnss-files-udeb
Architecture: source
Version: 2.19-15ubuntu1
Distribution: vivid
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Adam Conrad <adconrad at ubuntu.com>
Description:
glibc-doc - GNU C Library: Documentation
glibc-source - GNU C Library: sources
libc-bin - GNU C Library: Binaries
libc-dev-bin - GNU C Library: Development binaries
libc0.1 - GNU C Library: Shared libraries
libc0.1-dbg - GNU C Library: detached debugging symbols
libc0.1-dev - GNU C Library: Development Libraries and Header Files
libc0.1-dev-i386 - GNU C Library: 32bit development libraries for AMD64
libc0.1-i386 - GNU C Library: 32bit shared libraries for AMD64
libc0.1-i686 - GNU C Library: Shared libraries [i686 optimized]
libc0.1-pic - GNU C Library: PIC archive library
libc0.1-udeb - GNU C Library: Shared libraries - udeb (udeb)
libc0.3 - GNU C Library: Shared libraries
libc0.3-dbg - GNU C Library: detached debugging symbols
libc0.3-dev - GNU C Library: Development Libraries and Header Files
libc0.3-i686 - GNU C Library: Shared libraries [i686 optimized]
libc0.3-pic - GNU C Library: PIC archive library
libc0.3-udeb - GNU C Library: Shared libraries - udeb (udeb)
libc0.3-xen - GNU C Library: Shared libraries [Xen version]
libc6 - GNU C Library: Shared libraries
libc6-amd64 - GNU C Library: 64bit Shared libraries for AMD64
libc6-armel - GNU C Library: ARM softfp shared libraries for armhf
libc6-armhf - GNU C Library: ARM hard float shared libraries for armel
libc6-dbg - GNU C Library: detached debugging symbols
libc6-dev - GNU C Library: Development Libraries and Header Files
libc6-dev-amd64 - GNU C Library: 64bit Development Libraries for AMD64
libc6-dev-armel - GNU C Library: ARM softfp development libraries for armhf
libc6-dev-armhf - GNU C Library: ARM hard float development libraries for armel
libc6-dev-i386 - GNU C Library: 32-bit development libraries for AMD64
libc6-dev-mips32 - GNU C Library: o32 Development Libraries for MIPS
libc6-dev-mips64 - GNU C Library: 64bit Development Libraries for MIPS64
libc6-dev-mipsn32 - GNU C Library: n32 Development Libraries for MIPS64
libc6-dev-powerpc - GNU C Library: 32bit powerpc development libraries for ppc64
libc6-dev-ppc64 - GNU C Library: 64bit Development Libraries for PowerPC64
libc6-dev-s390 - GNU C Library: 32bit Development Libraries for IBM zSeries
libc6-dev-sparc - GNU C Library: 32bit Development Libraries for SPARC
libc6-dev-sparc64 - GNU C Library: 64bit Development Libraries for UltraSPARC
libc6-dev-x32 - GNU C Library: X32 ABI Development Libraries for AMD64
libc6-i386 - GNU C Library: 32-bit shared libraries for AMD64
libc6-i686 - GNU C Library: Shared libraries [i686 optimized]
libc6-loongson2f - GNU C Library: Shared libraries (Loongson 2F optimized)
libc6-mips32 - GNU C Library: o32 Shared libraries for MIPS
libc6-mips64 - GNU C Library: 64bit Shared libraries for MIPS64
libc6-mipsn32 - GNU C Library: n32 Shared libraries for MIPS64
libc6-pic - GNU C Library: PIC archive library
libc6-powerpc - GNU C Library: 32bit powerpc shared libraries for ppc64
libc6-ppc64 - GNU C Library: 64bit Shared libraries for PowerPC64
libc6-s390 - GNU C Library: 32bit Shared libraries for IBM zSeries
libc6-sparc - GNU C Library: 32bit Shared libraries for SPARC
libc6-sparc64 - GNU C Library: 64bit Shared libraries for UltraSPARC
libc6-udeb - GNU C Library: Shared libraries - udeb (udeb)
libc6-x32 - GNU C Library: X32 ABI Shared libraries for AMD64
libc6-xen - GNU C Library: Shared libraries [Xen version]
libc6.1 - GNU C Library: Shared libraries
libc6.1-alphaev67 - GNU C Library: Shared libraries (EV67 optimized)
libc6.1-dbg - GNU C Library: detached debugging symbols
libc6.1-dev - GNU C Library: Development Libraries and Header Files
libc6.1-pic - GNU C Library: PIC archive library
libc6.1-udeb - GNU C Library: Shared libraries - udeb (udeb)
libnss-dns-udeb - GNU C Library: NSS helper for DNS - udeb (udeb)
libnss-files-udeb - GNU C Library: NSS helper for files - udeb (udeb)
locales - GNU C Library: National Language (locale) data [support]
locales-all - GNU C Library: Precompiled locale data
multiarch-support - Transitional package to ensure multiarch compatibility
nscd - GNU C Library: Name Service Cache Daemon
Closes: 681888 763705 775572 777197
Changes:
glibc (2.19-15ubuntu1) vivid; urgency=medium
.
* Merge with Debian unstable, bringing in several security and bug fixes
from upstream and swapping some Ubuntu patches for Debian equivalents.
.
glibc (2.19-15) unstable; urgency=medium
.
[ Aurelien Jarno ]
* debian/patches/any/cvs-wscanf.diff: new patch from upstream to fix a
heap buffer overflow in wscanf (CVE-2015-1472, CVE-2015-1473). Closes:
#777197.
.
glibc (2.19-14) unstable; urgency=medium
.
[ Samuel Thibault ]
* patches/hurd-i386/libpthread_spin-lock.diff: New patch to fix spin-lock.h
inclusion order.
* patches/hurd-i386/tg-WRLCK-upgrade.diff: New patch to fix atomicity of
changing between rd locks and wr locks.
* patches/hurd-i386/cvs-static-dlopen.diff: New patch to fix dlopen from
static binaries, busybox notably.
* control.in/main: Bump mig dependency to get _routines@ symbols, bump
gnumach-dev dependency to get protected payload symbols.
* libc0.3.symbols.hurd-i386: Update symbols.
* patches/hurd-i386/submitted-startup-pid2.diff: Remove, replaced by...
* patches/hurd-i386/tg-reboot-startup.diff: ... new patch to make reboot
lookup startup through /servers/startup instead of guessing its pid and
using its message port.
.
[ Adam Conrad ]
* debian/rules.d/tarball.mk: Fix update-from-upstream manual/* filter rule.
.
[ Petr Salinger ]
* kfreebsd/local-sysdeps.diff: update to revision 5688 (from glibc-bsd).
Do not return EINTR from sigwait. Closes: #763705.
.
[ Aurelien Jarno ]
* debian/patches/any/cvs-wordexp.diff: new patch from upstream to fix a
command execution in wordexp() with WRDE_NOCMD specified (CVS-2014-7817).
* debian/patches/any/cvs-getnetbyname.diff: new patch from upstream to fix
an infinite loop in getnetbyname (CVE-2014-9402). Closes: #775572.
* debian/patches/any/cvs-vfprintf.diff: new patch from ustream to fix a
stack overflow in vfprintf (CVE-2012-3406). Closes: #681888.
* debian/patches/git-updates.diff: update to the latest commit of the 2.19
branch to fix a few buffer overflow, unbounded stack allocation or memory
leaks that have not been (yet ?) tagged as security issue. This branch
includes a few patches already applied manually:
- drop patches/localedata/unsubmitted-tst-setlocale3-ENV.diff (merged
upstream).
- drop patches/s390/cvs-s390-abi-reversal.diff (merged upstream).
- update patches/any/cvs-resolv-first-query-failure.diff
- drop patches/any/cvs-resolv-reuse-fd.diff (merged upstream).
- drop patches/any/cvs-posix_spawn_file_actions_addopen.diff (merged
upstream).
- drop patches/any/cvs-setlocale-alloca.diff (merged upstream).
- drop patches/any/cvs-CVE-2014-0475.diff (merged upstream).
- drop patches/any/cvs-CVE-2014-5119.diff (merged upstream).
- drop patches/any/cvs-CVE-2014-6040.diff (merged upstream).
Checksums-Sha1:
65fb78e54d062d4f96147f02a7c8eb274036226f 8692 glibc_2.19-15ubuntu1.dsc
c3a303e6b8c465f9e356de04f9fdd4804e8c0bc8 1054632 glibc_2.19-15ubuntu1.debian.tar.xz
Checksums-Sha256:
acd7efbb72bfab6a196d082b71ee0792dbae83abdfe40590bd52cb4f0d1f8ff9 8692 glibc_2.19-15ubuntu1.dsc
5ce2cc0065169778dbfe4f502d7d44b5561645040671f6cb0e621e419d050d06 1054632 glibc_2.19-15ubuntu1.debian.tar.xz
Files:
a9dced2d67b3b24989ebe1c2c3b04e9c 8692 libs required glibc_2.19-15ubuntu1.dsc
3b40c55ef82182424dbd953052007fd3 1054632 libs required glibc_2.19-15ubuntu1.debian.tar.xz
Original-Maintainer: GNU Libc Maintainers <debian-glibc at lists.debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJU2F4+AAoJEINAGjCxzeWPld8QAIkgrUf855gkL4lK337mZwyK
v0vnj78oR9mfDnb2DzJkpy4rE0tIbPaTlms385atvhY7CwQ0EOG6XjKrnMspXXKs
xbNZEz2fd2uNffX3b8wNLXmaW+SqXAreWLEq60mCqM1OUyYw1knqVlkI/UlpigTD
bknSeU33fd74sHYpV/F7LgwzULGtZlMgGzOYpiPl9B5QRx/yT0tAYFLnQrcK3L2q
HgK7RhpCS0oLYLXMinIc9hB9dnZS/fp4zRzu4xmdiikl//UWE2q/seCcOIa4tCfB
p9yqyAH+RKFH3p+LaI3u7aXQ07DzJY9XuOjsdbuYBm7b+2MOAYLLErih0xqn6EQU
w+E2AuX2YCP8Zw67mM6L6zJfyyprgIJ85dIRn2Ei12EmjzQ0X2/baTHn8tVJjHw8
pDHRPfYKnGVnErC87wYrxK7qOfkqlwNW16dpaZYnCtWKcCL7b9/3jnA5Wy0LtXpl
mYGgQ57ssdinRnkZXoGk3rjm3uvf4dOLQYIRAXXVFDZjWfly+rayS2c0dVsSF4z6
dFYAAd8PkXq4dUvNY4l7r63E1LdSHO+ZaOTaBFL59k9uxILwvSecQCKhlz1ToI6K
IZMUl4CS1+9lhtPwp2bFTwtdqV3SYpb6U3C/Blf15etpQvNAaRzgNPHr0lBaGAKj
VZMcUY0Fu76N+lC6omTF
=UYP5
-----END PGP SIGNATURE-----
More information about the Vivid-changes
mailing list