> Вот хоть-бы раз glibc обновляли за восемь обновлений!glibc (2.19-18+deb8u9) stable; urgency=medium
* Remove patches/any/cvs-resolv-internal-qtype.diff, it breaks the
libnss/libnss-dns ABI. Reopens: #796106.
-- Aurelien Jarno <aurel32@debian.org> Thu, 27 Apr 2017 23:00:02 +0200
glibc (2.19-18+deb8u8) stable; urgency=medium
[ Aurelien Jarno ]
* Update from upstream stable branch:
- Fix PowerPC sqrt inaccuracy. Closes: #855606.
* patches/any/cvs-resolv-internal-qtype.diff: patch from upstream to fix a
NULL pointer dereference in libresolv when receiving a T_UNSPEC internal
QTYPE (CVE-2015-5180). Closes: #796106.
-- Aurelien Jarno <aurel32@debian.org> Mon, 24 Apr 2017 06:41:38 +0200
glibc (2.19-18+deb8u7) stable; urgency=medium
[ Aurelien Jarno ]
* Update from upstream stable branch:
- Do not unconditionally use the fsqrt instruction on 64-bit PowerPC
CPUs. Closes: #843904.
* debian/patches/any/cvs-hesiod-resolver.diff: patch from upstream to
fix a regression introduced by cvs-resolv-ipv6-nameservers.diff in
hesiod. Closes: #821358.
* debian/sysdeps/{amd64,i386,x32}.mk: disable lock elision (aka Intel TSX)
on x86 architectures. This causes programs (wrongly) unlocking an already
unlocked mutex to abort. More importantly most of the other distributions
decided to disable it, so we don't want to be the only distribution left
testing this code path.
-- Aurelien Jarno <aurel32@debian.org> Thu, 24 Nov 2016 23:48:11 +0100
glibc (2.19-18+deb8u6) stable; urgency=medium
* Update from upstream stable branch:
- Fix backtrace hang on armel/armhf, possibly causing a minor
denial-of-service vulnerability (CVE-2016-6323). Closes: #834752.
- Fix open and openat functions with O_TMPFILE. Closes: #832521.
- Drop debian/patches/any/cvs-ld_pointer_guard.diff (merged upstream).
- Drop debian/patches/any/cvs-mangle-tls_dtor_list.diff (merged upstream).
- Drop debian/patches/any/cvs-strxfrm-buffer-overflows.diff (merged
upstream).
* debian/patches/any/submitted-resolv-ipv6-nameservers.diff: replace by
patch cvs-resolv-ipv6-nameservers.diff taken from upstream. This fixes
mtr on systems using only IPv6 nameservers. Closes: #818281.
-- Aurelien Jarno <aurel32@debian.org> Sat, 03 Sep 2016 22:39:43 +0200
glibc (2.19-18+deb8u5) stable; urgency=medium
[ Aurelien Jarno ]
* Update from upstream stable branch:
- Drop debian/patches/any/local-CVE-2015-7547.diff.
- Refresh debian/patches/any/cvs-resolv-first-query-failure.diff.
- Fix assertion failure with unconnectable name server addresses.
(regression introduced by CVE-2015-7547). Closes: #816669.
- Fix *context functions on s390x.
- Fix a buffer overflow in the glob function (CVE-2016-1234).
- Fix a stack overflow in nss_dns_getnetbyname_r (CVE-2016-3075).
- Fix a stack overflow in getaddrinfo function (CVE-2016-3706).
- Fix a stack overflow in Sun RPC clntudp_call() (CVE-2016-4429).
-- Aurelien Jarno <aurel32@debian.org> Wed, 13 Jul 2016 00:03:52 +0200
glibc (2.19-18+deb8u4) stable; urgency=medium
[ Aurelien Jarno ]
* Update from upstream stable branch:
- Fixes bug18240 failing with a timeout on machines with a lot of swap.
* patches/any/cvs-grantpt-pty-owner.diff: new patch from upstream to
improve granpt when /dev/pts is not mounted with the correct options.
* rules.d/debhelper.mk: only install pt_chown when built.
* sysdeps/linux.mk: don't build pt_chown (CVE-2013-2207). Closes: #717544.
-- Aurelien Jarno <aurel32@debian.org> Sat, 27 Feb 2016 23:17:33 +0100
glibc (2.19-18+deb8u3) stable-security; urgency=medium
[ Aurelien Jarno ]
* Update from upstream stable branch:
- Fix segmentation fault caused by passing out-of-range data to strftime()
(CVE-2015-8776). Closes: #812445.
- Fix an integer overflow in hcreate() and hcreate_r() (CVE-2015-8778).
Closes: #812441.
- Fix multiple unbounded stack allocations in catopen() (CVE-2015-8779).
Closes: #812455.
* patches/any/local-CVE-2015-7547.diff: new patch to fix glibc getaddrinfo
stack-based buffer overflow (CVE-2015-7547).
-- Aurelien Jarno <aurel32@debian.org> Thu, 11 Feb 2016 23:31:28 +0100
glibc (2.19-18+deb8u2) stable; urgency=medium
[ Aurelien Jarno ]
* Update from upstream stable branch:
- Fix getaddrinfo sometimes returning uninitialized data with nscd.
Closes: #798515.
- Fix data corruption while reading the NSS files database
(CVE-2015-5277). Closes: #799966.
- Fix buffer overflow (read past end of buffer) in internal_fnmatch.
- Fix _IO_wstr_overflow integer overflow.
- Fix unexpected closing of nss_files databases after lookups,
causing denial of service (CVE-2014-8121). Closes: #779587.
- Fix NSCD netgroup cache. Closes: #800523.
* patches/any/cvs-ld_pointer_guard.diff: new patch from upstream to
unconditionally disable LD_POINTER_GUARD. Closes: #798316, #801691.
* patches/any/cvs-mangle-tls_dtor_list.diff: new patch from upstream to
mangle function pointers in tls_dtor_list. Closes: #802256.
* patches/any/cvs-strxfrm-buffer-overflows.diff: new patch from upstream
to fix memory allocations issues that can lead to buffer overflows on
the stack. Closes: #803927.
[ Henrique de Moraes Holschuh ]
* Replace patches/amd64/local-blacklist-on-TSX-Haswell.diff by
local-blacklist-for-Intel-TSX.diff also blacklisting some Broadwell
models. Closes: #800574.
-- Aurelien Jarno <aurel32@debian.org> Mon, 28 Dec 2015 21:39:40 +0100
glibc (2.19-18+deb8u1) stable; urgency=medium
[ Aurelien Jarno ]
* Update from upstream stable branch:
- Fix pthread_mutex_trylock with lock elision. Closes: #759197,
#788999.
- Fix gprof entry point on ppc64el. Closes: #794222.
- Fix a buffer overflow in getanswer_r (CVE-2015-1781).
Closes: #796105.
-- Aurelien Jarno <aurel32@debian.org> Sat, 29 Aug 2015 10:56:31 +0200