This bug was fixed in the package glibc - 2.32-0ubuntu3 --------------- glibc (2.32-0ubuntu3) groovy; urgency=medium
* Fix cross-toolchain-base. Use ${Depends:foo=foo} magic to not create cross packages for libnss-nis*, rpcsvc-proto, libtirpc-dev and libnsl-dev (LP: #1895632) * XFAIL time/tst-cpuclock1 (LP: #1895687) glibc (2.32-0ubuntu2) groovy; urgency=medium * Merge from Debian unstable * Refresh patches * debian/watch: Use HTTPS and download xz-compressed tarball * debian/watch: Use upstream's signing key to verify the tarball * Don't build and ship libnsl.a and Sun RPC static library and header files * XFAIL stdlib/tst-getrandom (LP: #1891403) * debian/symbols.wildcards: Update versions * Make libc-dev depend on rpcsvc-proto and libtirpc-dev. They replace development files for the Sun RPC library removed in glibc 32. * Make libc-dev depend on libnsl-dev. It replaces the development files for the new libnsl library replacing the one shipped by glibc. * Don't check symbols of libnss_nis.so and libnss_nisplus.so libraries. They are not shipped in glibc 2.32 * Depend on libnss-nis and libnss-nisplus shipping the libraries dropped in 2.32 * debian/patches/git-updates.diff: update from upstream stable branch: - x86-64: Fix FMA4 detection in ifunc * debian/testsuite-xfail-debian.mk: XFAIL unsupported tests failing in autopkgtest glibc (2.31-3) unstable; urgency=medium [ Aurelien Jarno ] * debian/control.in/libc: add a Breaks: against openarena (<< 0.8.8+dfsg-4~) due to bug#966150. * debian/control.in/libc: add a Breaks: against ioquake3 (<< 1.36+u20200211.f2c61c1~dfsg-2~) as previous versions are not correctly linked with libm. * debian/patches/git-updates.diff: update from upstream stable branch: - Fix an infinite loop in the iconv program (CVE-2016-10228). Closes: #856503. - debian/patches/any/submitted-selinux-deprecations.diff: upstreamed. - debian/patches/x32/submitted-fix-nptl-setgroups-x32.diff: upstreamed. * debian/rules.d/build.mk: install <finclude/math-vector-fortran.h> in the multiarch path. Closes: #962457. [ Samuel Thibault ] * debian/libc0.3.symbols.hurd-i386: Fix dependency of __errno_location and __h_errno_location symbols in libpthread. * patches/hurd-i386/unsubmitted-sbrk-_end.diff: Fix _end symbol appearance by reworking sbrk. * patches/hurd-i386/unsubmitted-sched_sets.diff: Add sched_set/getscheduler. * patches/hurd-i386/git-pthread_atfork-hidden.diff: Hide pthread_atfork symbols imported to applications, to avoid leaking them. glibc (2.31-2ubuntu1) groovy; urgency=medium [ Michael Hudson-Doyle ] * Mark tst-getpw as XFAIL on arm64. (LP: #1869364) [ Balint Reczey ] * Merge from Debian unstable - debian/patches/any/submitted-selinux-deprecations.diff: proposed patch to ignore the selinux deprecations introduced in libselinux (>= 3.1), fixing an FTBFS. (LP: #1887919) Remaining changes: - Enable libc6{,-dev}-armel on armhf and libc6{-dev}-armhf on armel. - Heavily mangle the way we do service restarting on major upgrades. - Build amd64 with -O3, and build ppc64 variants (both 64-bit and 32-bit) with -O3 -fno-tree-vectorize. - Build generic i386 flavour with -mno-tls-direct-seg-refs for Xen. - Drop the libc6-xen flavour, as the above change covers Xen's needs. - Enable systemtap support, which is currently disabled in Debian. - Don't build libc-l10n, its contents get stripped for language-packs. - Drop libc-bin manpages Recommends to Suggests to keep it in standard. - Revert dropping the ldconfig wrapper, as we still have a lot of packages that don't ship a trigger but instead call in postinst. - Use DH_COMPAT=8 for dh_strip to fix debug sections for valgrind. - Mangle locales package to support Ubuntu language packs seamlessly. - Relax some expected test failures for our infrastructure's quirks. - Let nptl/tst-stack4 fail, as it's been racing on several architectures. - Copy the fully conditionalized x86 variant for math-vector-fortran.h to /usr/include/finclude. On all architectures. - Backport x86 CET patches from the trunk. - Ship arm64 variant with LSE support in libc6-lse - debian/sysdeps/{amd64/i386/x32}.mk: Enable Intel Control Flow Dropped changes: - Build i386 variants as -march=i686 - debian/patches/git-updates.diff: update from upstream stable branch. * debian/gbp.conf: Add initial configuration * debian/debhelper.in/libc.preinst: Fix setting LDCONFIG_NOTRIGGER (LP: #1889190) * Build-depend again on g++-10-multilib on armel and armhf which were lost in the merge (LP: #1889069) * debian/control.in/main: Add Vcs-* pointing to Ubuntu packaging repository * Don't handle false positive stringop-overflow warnings as errors on ppc64el * Fall back to calling nanosleep syscall when __clock_nanosleep returns EINVAL (LP: #1871240) * debian/testsuite-xfail-debian.mk: XFAIL stdlib/tst-strtod-round on riscv64 glibc (2.31-2) unstable; urgency=medium [ Aurelien Jarno ] * debian/control.in/libc: add a Breaks: against macs (<< 2.2.7.1-3~) due to bug #965073. * debian/patches/git-updates.diff: update from upstream stable branch: - Fix a signed comparison vulnerability in the ARMv7 memcpy and memmove functions (CVE-2020-6096). Closes: #961452. * debian/control.in/libc: do not limit the openssh-server breaks to 32-bit architectures, clock_nanosleep has to be allowed in addition to clock_gettime64. Closes: #965932. * debian/patches/any/submitted-selinux-deprecations.diff: proposed patch to ignore the selinux deprecations introduced in libselinux (>= 3.1), fixing an FTBFS. Closes: #965941. * debian/patches/x32/submitted-fix-nptl-setgroups-x32.patch: proposed patch to fix the setgroups functions in threaded applications on x32 (without the testsuite part). Closes: #965091. [ Samuel Thibault ] * debian/patches/hurd-i386/local-tls-ie-align.diff: Fix TLS IE load with >= 8 byte alignment. * debian/testsuite-xfail-debian.mk: Update backtrace result. * debian/patches/hurd-i386/git-fix-longjmp.diff: Fix longjmp from dl loader. Notably fixes calling setuid programs from eatmydata. * debian/control: Build-depend on gnumach-dev with userland driver RPC interface. * debian/libc0.3.symbols.hurd-i386: Add userland driver RPC interface stubs. * debian/patches/hurd-i386/local-clock_gettime_MONOTONIC.diff: Make clock_nanosleep accept CLOCK_MONOTONIC as well. glibc (2.31-1) unstable; urgency=medium [ Samuel Thibault ] * debian/control: Build-depend on gcc-10 version that defaults to i686 on hurd-i386. * debian/control: Build-depend on mig-for-host instead of mig. * debian/sysdeps/hurd-i386.mk: Drop adding -march=i686. * debian/hurd-i386/git-pselect.diff: Fix pselect atomicity. * debian/hurd-i386/git-fexecve.diff: Fix fexecve. * debian/hurd-i386/git-cond_destroy.diff: Fix cond_destroy synchronization with woken threads. * debian/hurd-i386/git-holes.diff: Fix detecting support for file holes. * debian/hurd-i386/local-clock_gettime_MONOTONIC.diff: Also fix clock_getres with CLOCK_MONOTONIC. * debian/hurd-i386/git-longjmp-onstack.diff: Fix longjmp-ing from altstack. * debian/hurd-i386/git-register-atfork2.diff: Fix register-atfork ordering. * debian/hurd-i386/git-intr-msg-unwind.diff: Fix unwinding over interruptible RPC. * debian/hurd-i386/git-strtol-test.diff: Fix testing strtol errors. * debian/testsuite-xfail-debian.mk: Update. * debian/debhelper.in/libc-udeb.install.hurd-i386: Add missing libmachuser/libhurduser. * debian/rules.d/debhelper.mk: Add dh_link pass to libc-udeb binaryinst. * debian/debhelper.in/libc-udeb.links.hurd-i386: Add missing ld.so link. * debian/rules: Clean links file. [ Aurelien Jarno ] * debian/patches/git-updates.diff: update from upstream stable branch. * debian/patches/any/git-surplus-tls-accounting.diff: backport TLS surplus accounting from upstream. Closes: #964141. * debian/control.in/main: update breaks on cross-toolchain-base* as they will need changes to build with glibc 2.31. -- Balint Reczey <rbal...@ubuntu.com> Tue, 15 Sep 2020 17:13:26 +0200 ** Changed in: glibc (Ubuntu) Status: New => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-10228 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-6096 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1889190 Title: ldconfig is still deferred in libc6.preinst To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1889190/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs