- Sat Jun 24 2017 tmb <tmb> 6:2.20-25.mga5
+ Revision: 1108319
- sunrpc: xdr_bytes/xdr_string need to free buffer on error [BZ #21461]
(CVE-2017-8804)
- Ignore LD_LIBRARY_PATH for AT_SECURE=1 programs [BZ #21624]
(CVE-2017-1000366)
- ld.so: Reject overly long LD_PRELOAD path elements
- ld.so: Reject overly long LD_AUDIT path elements
- Ignore and remove LD_HWCAP_MASK for AT_SECURE programs [BZ #21209]
- Fix resource leak in resolver [BZ #19257] (CVE-2016-5417)
- resolv: Fix crash with internal QTYPE [BZ #18784] (CVE-2015-5180)
- Fix static dlopen default library search path [BZ #17250]
- grantpt: trust the kernel about pty group and permission mode [BZ #19347]
- sunrpc: Do not use alloca in clntudp_call [BZ #20112] (CVE-2016-4429, mga#18651)
- glob: Simplify the interface for the GLOB_ALTDIRFUNC callback gl_readdir
- CVE-2016-1234: glob: Do not copy d_name field of struct dirent [BZ #19779]
- CVE-2016-3075: Stack overflow in _nss_dns_getnetbyname_r [BZ #19879]
- CVE-2016-3706: getaddrinfo: stack overflow in hostent conversion [BZ #20010]
- getaddrinfo() stack-based buffer overflow [BZ 18665] (CVE-2015-7547)
- nan function unbounded stack allocation [BZ 16961, 16962] (CVE-2014-9761)
- catopen() Multiple unbounded stack allocations [BZ 17905] (CVE-2015-8779)
- hcreate, hcreate_r should fail with ENOMEM if element count is too large [BZ 18240] (CVE-2015-8778)
- out of range data to strftime() causes a segfault [BZ 18985] (CVE-2015-8776)
- Always enable pointer guard [BZ #18928] (CVE-2015-8777) - Sat May 2 2015 tmb <tmb> 6:2.20-20.mga5
+ Revision: 821015
- Do not close NSS files database during iteration [BZ #18007] (CVE-2014-8121) - Fri May 1 2015 tmb <tmb> 6:2.20-19.mga5
+ Revision: 821001
- resolv/nss_dns/dns-host.c buffer overflow (CVE-2015-1781) [BZ#18287] - Sun Apr 19 2015 tmb <tmb> 6:2.20-18.mga5
+ Revision: 820468
- nscd needs /var/db/nscd (mga#15545) - Sat Apr 18 2015 tmb <tmb> 6:2.20-17.mga5
+ Revision: 820464
- Fix _IO_wstr_overflow integer overflow (PR/BZ #17269)
- Fix read past end of pattern in fnmatch (PR/BZ #18032) - Sat Feb 21 2015 tmb <tmb> 6:2.20-16.mga5
+ Revision: 816252
- sync with upstream glibc-2.20 maintenance branch:
* Update Russian translation
* Revert to defining __extern_inline only for gcc-4.3+ (BZ #17266)
* Update French translation
* BZ#17460: Fix buffer overrun in nscd --help
* MIPS: Avoid a dangling `vfork@GLIBC_2.0' reference
* AArch64: End frame record chain correctly
* Make __extern_always_inline usable on clang++ again
* Move findidx nested functions to top-level
* Fix memory handling in strxfrm_l [BZ #16009] (CVE pending)
* Use AVX unaligned memcpy only if AVX2 is available - Sun Feb 8 2015 tmb <tmb> 6:2.20-15.mga5
+ Revision: 814068
- wscanf allocates too little memory (CVE-2015-1472, CVE-2015-1473) - Sun Dec 21 2014 tmb <tmb> 6:2.20-14.mga5
+ Revision: 804687
- Fix stack overflow in vfprintf [BZ #16617] (CVE-2012-3406)
- Avoid infinite loop in nss_dns getnetbyname [BZ #17630] (CVE-2014-9402) - Sat Nov 22 2014 tmb <tmb> 6:2.20-12.mga5
+ Revision: 798301
- posix wordexp fails to honour WRDE_NOCMD (CVE-2014-7817) - Wed Oct 15 2014 tmb <tmb> 6:2.20-11.mga5
+ Revision: 751288
- elf/dl-load.c (open_path): Avoid writing to 'env_path_list'
when none of the search directories exist. (BZ #15378)
- Fix infinite loop in check_pf (BZ #12926)
- disable lock elision again - Fri Oct 10 2014 tmb <tmb> 6:2.20-10.mga5
+ Revision: 737970
- re-enable lock elision for now as disabling it triggesrs SIGILL traps - Fri Oct 10 2014 tmb <tmb> 6:2.20-9.mga5
+ Revision: 737928
- add missing checks on ELIDE_UNLOCK for disabled lock elision (mga#14172) - Fri Oct 10 2014 tmb <tmb> 6:2.20-8.mga5
+ Revision: 737868
- ensure adaptive elision in rwlocks is disabled (mga#14172) - Thu Oct 9 2014 tv <tv> 6:2.20-7.mga5
+ Revision: 737764
- convert %pretrans from dash to lua (one less Requires(pre), one less dep loop)
(note that previous scriptlet was broken since UsrMove) - Sun Sep 28 2014 tmb <tmb> 6:2.20-6.mga5
+ Revision: 731421
- disable lock-elision as glibc breaks on intel microcode update - Thu Sep 25 2014 tmb <tmb> 6:2.20-5.mga5
+ Revision: 724574
- Fix memory leak in libio/wfileops.c do_ftell_wide [BZ #17370]
- Fix memory leak in error path of do_ftell_wide [BZ #17370]
+ tv
- autoconvert to new prov/req excludes - Sat Sep 13 2014 tmb <tmb> 6:2.20-4.mga5
+ Revision: 674978
- fix segfault in getifaddrs_internal [BZ#17371]
- malloc: additional unlink hardening for non-small bins [BZ#17344]
- Add new Linux 3.16 constants to netinet/udp.h - Tue Sep 9 2014 tmb <tmb> 6:2.20-3.mga5
+ Revision: 674336
- submit to release - Mon Sep 8 2014 tmb <tmb> 6:2.20-2.mga5
+ Revision: 673679
- hp-timing.c is dropped upstream
- rebase some patches so they apply
- dont use conditional patching for mips build
- drop old powerpc fix
- nptl is not an addon anymore, adjust build accordingly
- drop merged patches
- update to 2.20 - Thu Sep 4 2014 tmb <tmb> 6:2.19-12.mga5
+ Revision: 672173
- fix crashes on invalid input in IBM gconv modules [BZ #17325] (CVE-2014-6040) - Thu Aug 28 2014 tmb <tmb> 6:2.19-11.mga5
+ Revision: 669052
- _gconv_translit_find: Disable function [BZ #17187]
(CVE-2014-5119) (mga#13995) - Sun Jul 27 2014 tmb <tmb> 6:2.19-10.mga5
+ Revision: 657579
- rebuild with fixed gcc - Wed Jul 23 2014 tmb <tmb> 6:2.19-9.mga5
+ Revision: 656122
- setlocale: Use the heap for the copy of the locale argument
- _nl_find_locale: Improve handling of crafted locale names
(BZ#17137, CVE-2014-0475) - Wed Jul 23 2014 colin <colin> 6:2.19-8.mga5
+ Revision: 655883
- Rename ldconfig filetrigger to make sure it's run first - Sun Jun 29 2014 tmb <tmb> 6:2.19-7.mga5
+ Revision: 640940
- posix_spawn_file_actions_addopen needs to copy the path argument
(BZ 17048, CVE-2014-4043)