Maandelijks archief juni 2021

2.30+git11-0.9.4:
[25691] stdio: Remove memory leak from multibyte conversion
[29530] segfault in printf handling thousands separator
[26211] printf integer overflow calculating allocation size
[14231] stdio-common tests memory requirements
malloc: Simplify implementation of __malloc_assert

2.30+git11-0.9.3: disable-crypt

2.30+git8-9.3: fixes CVE-2016-10228

2.30+git8-9.2:
+bug28524-2.31-e26a2db14191f3f6ed93612d8242876bf95d5921.patch
+0022-socket-Add-the-__sockaddr_un_set-function.patch
+bug24973-ee7a3144c9922808181009b7b3e50e852fb4999b.patch ( CVE-2019-25013 )
+bug22542-2.31-c4c833d3ddfc3420be71dd392655ec294ff8fc15.patch ( CVE-2022-23219 ) Fixes JB#57335
+bug22542-tst-2.31-412aaf15229ec6a362418682f339ef5c17801c65.patch
+shlib-compat.h-Support-compat_symb._ref.-for_ISOMACe5c8da982624482cb499f17b76a7b2ceb6880d9f
+bug28768-2.31-3ef8be9b89ef98300951741f381eb79126ac029f.patch ( CVE-2022-23218 ) Fixes JB#57362
+Add-xpthread_kill-2.32-a2539f5b1d4547389578ae08a952d984568f251e.patch

2.30+git7-8.2:
+librt-fix-NULL-pointer-dereference-bug-28213.patch ( CVE-2021-38604 )
+librt-add-test-bug28213.patch

2.30+git7-8.1:
Security related changes:
Fix an arbitrary read in wordexp() (CVE-2021-35942)

2.30+git7-8:
Security related changes:

CVE-2019-19126: ld.so failed to ignore the LD_PREFER_MAP_32BIT_EXEC
environment variable during program execution after a security
transition, allowing local attackers to restrict the possible mapping
addresses for loaded libraries and thus bypass ASLR for a setuid
program. Reported by Marcin Kościelnicki.

CVE-2020-10029: Trigonometric functions on x86 targets suffered from stack
corruption when they were passed a pseudo-zero argument. Reported by Guido
Vranken / ForAllSecure Mayhem.

CVE-2020-1751: A defect in the PowerPC backtrace function could cause an
out-of-bounds write when executed in a signal frame context.

CVE-2020-1752: A use-after-free vulnerability in the glob function when
expanding ~user has been fixed.

CVE-2020-29562: An assertion failure has been fixed in the iconv function
when invoked with UCS4 input containing an invalid character.

CVE-2021-33574: The mq_notify function has a potential use-after-free
issue when using a notification type of SIGEV_THREAD and a thread
attribute with a non-default affinity mask.

The following bugs are resolved with this release:

[20019] NULL pointer dereference in libc.so.6 IFUNC due to uninitialized GOT
[20543] Please move from .gnu.linkonce to comdat
[23296] Data race in setting function descriptor during lazy binding
[23518] login: Remove utmp backend jump tables
[24682] localedata: zh_CN first weekday should be Monday per GB/T
7408-2005
[24867] malloc: Remove unwanted leading whitespace in malloc_info
[24879] login: Disarm timer after utmp lock acquisition
[24880] login: Use struct flock64 in utmp
[24882] login: Acquire write lock early in pututline
[24986] alpha: new getegid, geteuid and getppid syscalls used
unconditionally
[24899] login: Add nonstring attributes to struct utmp, struct utmpx
[24902] login: pututxline could fail to overwrite existing entries
[25066] FAIL: nptl/tst-tls1 on hppa
[25189] Don’t use a custom wrapper macro around __has_include
[25203] libio: Disable vtable validation for pre-2.1 interposed handles
[25204] Ignore LD_PREFER_MAP_32BIT_EXEC for SUID programs
[25225] ld.so fails to link on x86 if GCC defaults to -fcf-protection
[25232] No const correctness for strchr et al. for Clang++
[25401] Remove incorrect alloc_size attribute from pvalloc
[25487] sinl() stack corruption from crafted input (CVE-2020-10029)
[25523] MIPS/Linux inline syscall template is miscompiled
[25635] arm: Wrong sysdep order selection for soft-fp
[25715] system() returns wrong errors when posix_spawn fails
[25810] x32: Incorrect syscall entries with pointer, off_t and size_t
[25896] Incorrect prctl
[25902] Bad LOADARGS_N
[25933] Off by one error in __strncmp_avx2
[25966] Incorrect access of __x86_shared_non_temporal_threshold for x32
[25976] nss_compat: internal_end*ent may clobber errno, hiding ERANGE
[27130] “rep movsb” performance issue
[27177] GLIBC_TUNABLES=glibc.cpu.x86_ibt=on:glibc.cpu.x86_shstk=on doesn’t work

2.30+git11-0.9.4:
[25691] stdio: Remove memory leak from multibyte conversion
[29530] segfault in printf handling thousands separator
[26211] printf integer overflow calculating allocation size
[14231] stdio-common tests memory requirements
malloc: Simplify implementation of __malloc_assert

2.30+git11-0.9.3: disable-crypt

2.30+git8-9.3: fixes CVE-2016-10228

2.30+git8-9.2:
+bug28524-2.31-e26a2db14191f3f6ed93612d8242876bf95d5921.patch
+0022-socket-Add-the-__sockaddr_un_set-function.patch
+bug24973-ee7a3144c9922808181009b7b3e50e852fb4999b.patch ( CVE-2019-25013 )
+bug22542-2.31-c4c833d3ddfc3420be71dd392655ec294ff8fc15.patch ( CVE-2022-23219 ) Fixes JB#57335
+bug22542-tst-2.31-412aaf15229ec6a362418682f339ef5c17801c65.patch
+shlib-compat.h-Support-compat_symb._ref.-for_ISOMACe5c8da982624482cb499f17b76a7b2ceb6880d9f
+bug28768-2.31-3ef8be9b89ef98300951741f381eb79126ac029f.patch ( CVE-2022-23218 ) Fixes JB#57362
+Add-xpthread_kill-2.32-a2539f5b1d4547389578ae08a952d984568f251e.patch

2.30+git7-8.2:
+librt-fix-NULL-pointer-dereference-bug-28213.patch ( CVE-2021-38604 )
+librt-add-test-bug28213.patch

2.30+git7-8.1:
Security related changes:
Fix an arbitrary read in wordexp() (CVE-2021-35942)

2.30+git7-8:
Security related changes:

CVE-2019-19126: ld.so failed to ignore the LD_PREFER_MAP_32BIT_EXEC
environment variable during program execution after a security
transition, allowing local attackers to restrict the possible mapping
addresses for loaded libraries and thus bypass ASLR for a setuid
program. Reported by Marcin Kościelnicki.

CVE-2020-10029: Trigonometric functions on x86 targets suffered from stack
corruption when they were passed a pseudo-zero argument. Reported by Guido
Vranken / ForAllSecure Mayhem.

CVE-2020-1751: A defect in the PowerPC backtrace function could cause an
out-of-bounds write when executed in a signal frame context.

CVE-2020-1752: A use-after-free vulnerability in the glob function when
expanding ~user has been fixed.

CVE-2020-29562: An assertion failure has been fixed in the iconv function
when invoked with UCS4 input containing an invalid character.

CVE-2021-33574: The mq_notify function has a potential use-after-free
issue when using a notification type of SIGEV_THREAD and a thread
attribute with a non-default affinity mask.

The following bugs are resolved with this release:

[20019] NULL pointer dereference in libc.so.6 IFUNC due to uninitialized GOT
[20543] Please move from .gnu.linkonce to comdat
[23296] Data race in setting function descriptor during lazy binding
[23518] login: Remove utmp backend jump tables
[24682] localedata: zh_CN first weekday should be Monday per GB/T
7408-2005
[24867] malloc: Remove unwanted leading whitespace in malloc_info
[24879] login: Disarm timer after utmp lock acquisition
[24880] login: Use struct flock64 in utmp
[24882] login: Acquire write lock early in pututline
[24986] alpha: new getegid, geteuid and getppid syscalls used
unconditionally
[24899] login: Add nonstring attributes to struct utmp, struct utmpx
[24902] login: pututxline could fail to overwrite existing entries
[25066] FAIL: nptl/tst-tls1 on hppa
[25189] Don’t use a custom wrapper macro around __has_include
[25203] libio: Disable vtable validation for pre-2.1 interposed handles
[25204] Ignore LD_PREFER_MAP_32BIT_EXEC for SUID programs
[25225] ld.so fails to link on x86 if GCC defaults to -fcf-protection
[25232] No const correctness for strchr et al. for Clang++
[25401] Remove incorrect alloc_size attribute from pvalloc
[25487] sinl() stack corruption from crafted input (CVE-2020-10029)
[25523] MIPS/Linux inline syscall template is miscompiled
[25635] arm: Wrong sysdep order selection for soft-fp
[25715] system() returns wrong errors when posix_spawn fails
[25810] x32: Incorrect syscall entries with pointer, off_t and size_t
[25896] Incorrect prctl
[25902] Bad LOADARGS_N
[25933] Off by one error in __strncmp_avx2
[25966] Incorrect access of __x86_shared_non_temporal_threshold for x32
[25976] nss_compat: internal_end*ent may clobber errno, hiding ERANGE
[27130] “rep movsb” performance issue
[27177] GLIBC_TUNABLES=glibc.cpu.x86_ibt=on:glibc.cpu.x86_shstk=on doesn’t work

2.30+git11-0.9.4:
[25691] stdio: Remove memory leak from multibyte conversion
[29530] segfault in printf handling thousands separator
[26211] printf integer overflow calculating allocation size
[14231] stdio-common tests memory requirements
malloc: Simplify implementation of __malloc_assert

2.30+git11-0.9.3: disable-crypt

2.30+git8-9.3: fixes CVE-2016-10228

2.30+git8-9.2:
+bug28524-2.31-e26a2db14191f3f6ed93612d8242876bf95d5921.patch
+0022-socket-Add-the-__sockaddr_un_set-function.patch
+bug24973-ee7a3144c9922808181009b7b3e50e852fb4999b.patch ( CVE-2019-25013 )
+bug22542-2.31-c4c833d3ddfc3420be71dd392655ec294ff8fc15.patch ( CVE-2022-23219 ) Fixes JB#57335
+bug22542-tst-2.31-412aaf15229ec6a362418682f339ef5c17801c65.patch
+shlib-compat.h-Support-compat_symb._ref.-for_ISOMACe5c8da982624482cb499f17b76a7b2ceb6880d9f
+bug28768-2.31-3ef8be9b89ef98300951741f381eb79126ac029f.patch ( CVE-2022-23218 ) Fixes JB#57362
+Add-xpthread_kill-2.32-a2539f5b1d4547389578ae08a952d984568f251e.patch

2.30+git7-8.2:
+librt-fix-NULL-pointer-dereference-bug-28213.patch ( CVE-2021-38604 )
+librt-add-test-bug28213.patch

2.30+git7-8.1:
Security related changes:
Fix an arbitrary read in wordexp() (CVE-2021-35942)

2.30+git7-8:
Security related changes:

CVE-2019-19126: ld.so failed to ignore the LD_PREFER_MAP_32BIT_EXEC
environment variable during program execution after a security
transition, allowing local attackers to restrict the possible mapping
addresses for loaded libraries and thus bypass ASLR for a setuid
program. Reported by Marcin Kościelnicki.

CVE-2020-10029: Trigonometric functions on x86 targets suffered from stack
corruption when they were passed a pseudo-zero argument. Reported by Guido
Vranken / ForAllSecure Mayhem.

CVE-2020-1751: A defect in the PowerPC backtrace function could cause an
out-of-bounds write when executed in a signal frame context.

CVE-2020-1752: A use-after-free vulnerability in the glob function when
expanding ~user has been fixed.

CVE-2020-29562: An assertion failure has been fixed in the iconv function
when invoked with UCS4 input containing an invalid character.

CVE-2021-33574: The mq_notify function has a potential use-after-free
issue when using a notification type of SIGEV_THREAD and a thread
attribute with a non-default affinity mask.

The following bugs are resolved with this release:

[20019] NULL pointer dereference in libc.so.6 IFUNC due to uninitialized GOT
[20543] Please move from .gnu.linkonce to comdat
[23296] Data race in setting function descriptor during lazy binding
[23518] login: Remove utmp backend jump tables
[24682] localedata: zh_CN first weekday should be Monday per GB/T
7408-2005
[24867] malloc: Remove unwanted leading whitespace in malloc_info
[24879] login: Disarm timer after utmp lock acquisition
[24880] login: Use struct flock64 in utmp
[24882] login: Acquire write lock early in pututline
[24986] alpha: new getegid, geteuid and getppid syscalls used
unconditionally
[24899] login: Add nonstring attributes to struct utmp, struct utmpx
[24902] login: pututxline could fail to overwrite existing entries
[25066] FAIL: nptl/tst-tls1 on hppa
[25189] Don’t use a custom wrapper macro around __has_include
[25203] libio: Disable vtable validation for pre-2.1 interposed handles
[25204] Ignore LD_PREFER_MAP_32BIT_EXEC for SUID programs
[25225] ld.so fails to link on x86 if GCC defaults to -fcf-protection
[25232] No const correctness for strchr et al. for Clang++
[25401] Remove incorrect alloc_size attribute from pvalloc
[25487] sinl() stack corruption from crafted input (CVE-2020-10029)
[25523] MIPS/Linux inline syscall template is miscompiled
[25635] arm: Wrong sysdep order selection for soft-fp
[25715] system() returns wrong errors when posix_spawn fails
[25810] x32: Incorrect syscall entries with pointer, off_t and size_t
[25896] Incorrect prctl
[25902] Bad LOADARGS_N
[25933] Off by one error in __strncmp_avx2
[25966] Incorrect access of __x86_shared_non_temporal_threshold for x32
[25976] nss_compat: internal_end*ent may clobber errno, hiding ERANGE
[27130] “rep movsb” performance issue
[27177] GLIBC_TUNABLES=glibc.cpu.x86_ibt=on:glibc.cpu.x86_shstk=on doesn’t work

!! Jolla1 NOT SUPPORTED !!

2.30+git11-0.9.4:
[25691] stdio: Remove memory leak from multibyte conversion
[29530] segfault in printf handling thousands separator
[26211] printf integer overflow calculating allocation size
[14231] stdio-common tests memory requirements
malloc: Simplify implementation of __malloc_assert

2.30+git11-0.9.3: disable-crypt

2.30+git8-9.3: fixes CVE-2016-10228

2.30+git8-9.2:
+bug28524-2.31-e26a2db14191f3f6ed93612d8242876bf95d5921.patch
+0022-socket-Add-the-__sockaddr_un_set-function.patch
+bug24973-ee7a3144c9922808181009b7b3e50e852fb4999b.patch ( CVE-2019-25013 )
+bug22542-2.31-c4c833d3ddfc3420be71dd392655ec294ff8fc15.patch ( CVE-2022-23219 ) Fixes JB#57335
+bug22542-tst-2.31-412aaf15229ec6a362418682f339ef5c17801c65.patch
+shlib-compat.h-Support-compat_symb._ref.-for_ISOMACe5c8da982624482cb499f17b76a7b2ceb6880d9f
+bug28768-2.31-3ef8be9b89ef98300951741f381eb79126ac029f.patch ( CVE-2022-23218 ) Fixes JB#57362
+Add-xpthread_kill-2.32-a2539f5b1d4547389578ae08a952d984568f251e.patch

2.30+git7-8.2:
+librt-fix-NULL-pointer-dereference-bug-28213.patch
+librt-add-test-bug28213.patch

2.30+git7-8.1:
Security related changes:
Fix an arbitrary read in wordexp() (CVE-2021-35942)

2.30+git7-8:
Security related changes:

CVE-2019-19126: ld.so failed to ignore the LD_PREFER_MAP_32BIT_EXEC
environment variable during program execution after a security
transition, allowing local attackers to restrict the possible mapping
addresses for loaded libraries and thus bypass ASLR for a setuid
program. Reported by Marcin Kościelnicki.

CVE-2020-10029: Trigonometric functions on x86 targets suffered from stack
corruption when they were passed a pseudo-zero argument. Reported by Guido
Vranken / ForAllSecure Mayhem.

CVE-2020-1751: A defect in the PowerPC backtrace function could cause an
out-of-bounds write when executed in a signal frame context.

CVE-2020-1752: A use-after-free vulnerability in the glob function when
expanding ~user has been fixed.

CVE-2020-29562: An assertion failure has been fixed in the iconv function
when invoked with UCS4 input containing an invalid character.

CVE-2021-33574: The mq_notify function has a potential use-after-free
issue when using a notification type of SIGEV_THREAD and a thread
attribute with a non-default affinity mask.

The following bugs are resolved with this release:

[20019] NULL pointer dereference in libc.so.6 IFUNC due to uninitialized GOT
[20543] Please move from .gnu.linkonce to comdat
[23296] Data race in setting function descriptor during lazy binding
[23518] login: Remove utmp backend jump tables
[24682] localedata: zh_CN first weekday should be Monday per GB/T
7408-2005
[24867] malloc: Remove unwanted leading whitespace in malloc_info
[24879] login: Disarm timer after utmp lock acquisition
[24880] login: Use struct flock64 in utmp
[24882] login: Acquire write lock early in pututline
[24986] alpha: new getegid, geteuid and getppid syscalls used
unconditionally
[24899] login: Add nonstring attributes to struct utmp, struct utmpx
[24902] login: pututxline could fail to overwrite existing entries
[25066] FAIL: nptl/tst-tls1 on hppa
[25189] Don’t use a custom wrapper macro around __has_include
[25203] libio: Disable vtable validation for pre-2.1 interposed handles
[25204] Ignore LD_PREFER_MAP_32BIT_EXEC for SUID programs
[25225] ld.so fails to link on x86 if GCC defaults to -fcf-protection
[25232] No const correctness for strchr et al. for Clang++
[25401] Remove incorrect alloc_size attribute from pvalloc
[25487] sinl() stack corruption from crafted input (CVE-2020-10029)
[25523] MIPS/Linux inline syscall template is miscompiled
[25635] arm: Wrong sysdep order selection for soft-fp
[25715] system() returns wrong errors when posix_spawn fails
[25810] x32: Incorrect syscall entries with pointer, off_t and size_t
[25896] Incorrect prctl
[25902] Bad LOADARGS_N
[25933] Off by one error in __strncmp_avx2
[25966] Incorrect access of __x86_shared_non_temporal_threshold for x32
[25976] nss_compat: internal_end*ent may clobber errno, hiding ERANGE
[27130] “rep movsb” performance issue
[27177] GLIBC_TUNABLES=glibc.cpu.x86_ibt=on:glibc.cpu.x86_shstk=on doesn’t work

2.30+git11-0.9.4:
[25691] stdio: Remove memory leak from multibyte conversion
[29530] segfault in printf handling thousands separator
[26211] printf integer overflow calculating allocation size
[14231] stdio-common tests memory requirements
malloc: Simplify implementation of __malloc_assert

2.30+git11-0.9.3: disable-crypt

2.30+git8-9.3: fixes CVE-2016-10228

2.30+git8-9.2:
+bug28524-2.31-e26a2db14191f3f6ed93612d8242876bf95d5921.patch
+0022-socket-Add-the-__sockaddr_un_set-function.patch
+bug24973-ee7a3144c9922808181009b7b3e50e852fb4999b.patch ( CVE-2019-25013 )
+bug22542-2.31-c4c833d3ddfc3420be71dd392655ec294ff8fc15.patch ( CVE-2022-23219 ) Fixes JB#57335
+bug22542-tst-2.31-412aaf15229ec6a362418682f339ef5c17801c65.patch
+shlib-compat.h-Support-compat_symb._ref.-for_ISOMACe5c8da982624482cb499f17b76a7b2ceb6880d9f
+bug28768-2.31-3ef8be9b89ef98300951741f381eb79126ac029f.patch ( CVE-2022-23218 ) Fixes JB#57362
+Add-xpthread_kill-2.32-a2539f5b1d4547389578ae08a952d984568f251e.patch

2.30+git7-8.2:
+librt-fix-NULL-pointer-dereference-bug-28213.patch ( CVE-2021-38604 )
+librt-add-test-bug28213.patch

2.30+git7-8.1:
Security related changes:
Fix an arbitrary read in wordexp() (CVE-2021-35942)

2.30+git7-8:
Security related changes:

CVE-2019-19126: ld.so failed to ignore the LD_PREFER_MAP_32BIT_EXEC
environment variable during program execution after a security
transition, allowing local attackers to restrict the possible mapping
addresses for loaded libraries and thus bypass ASLR for a setuid
program. Reported by Marcin Kościelnicki.

CVE-2020-10029: Trigonometric functions on x86 targets suffered from stack
corruption when they were passed a pseudo-zero argument. Reported by Guido
Vranken / ForAllSecure Mayhem.

CVE-2020-1751: A defect in the PowerPC backtrace function could cause an
out-of-bounds write when executed in a signal frame context.

CVE-2020-1752: A use-after-free vulnerability in the glob function when
expanding ~user has been fixed.

CVE-2020-29562: An assertion failure has been fixed in the iconv function
when invoked with UCS4 input containing an invalid character.

CVE-2021-33574: The mq_notify function has a potential use-after-free
issue when using a notification type of SIGEV_THREAD and a thread
attribute with a non-default affinity mask.

The following bugs are resolved with this release:

[20019] NULL pointer dereference in libc.so.6 IFUNC due to uninitialized GOT
[20543] Please move from .gnu.linkonce to comdat
[23296] Data race in setting function descriptor during lazy binding
[23518] login: Remove utmp backend jump tables
[24682] localedata: zh_CN first weekday should be Monday per GB/T
7408-2005
[24867] malloc: Remove unwanted leading whitespace in malloc_info
[24879] login: Disarm timer after utmp lock acquisition
[24880] login: Use struct flock64 in utmp
[24882] login: Acquire write lock early in pututline
[24986] alpha: new getegid, geteuid and getppid syscalls used
unconditionally
[24899] login: Add nonstring attributes to struct utmp, struct utmpx
[24902] login: pututxline could fail to overwrite existing entries
[25066] FAIL: nptl/tst-tls1 on hppa
[25189] Don’t use a custom wrapper macro around __has_include
[25203] libio: Disable vtable validation for pre-2.1 interposed handles
[25204] Ignore LD_PREFER_MAP_32BIT_EXEC for SUID programs
[25225] ld.so fails to link on x86 if GCC defaults to -fcf-protection
[25232] No const correctness for strchr et al. for Clang++
[25401] Remove incorrect alloc_size attribute from pvalloc
[25487] sinl() stack corruption from crafted input (CVE-2020-10029)
[25523] MIPS/Linux inline syscall template is miscompiled
[25635] arm: Wrong sysdep order selection for soft-fp
[25715] system() returns wrong errors when posix_spawn fails
[25810] x32: Incorrect syscall entries with pointer, off_t and size_t
[25896] Incorrect prctl
[25902] Bad LOADARGS_N
[25933] Off by one error in __strncmp_avx2
[25966] Incorrect access of __x86_shared_non_temporal_threshold for x32
[25976] nss_compat: internal_end*ent may clobber errno, hiding ERANGE
[27130] “rep movsb” performance issue
[27177] GLIBC_TUNABLES=glibc.cpu.x86_ibt=on:glibc.cpu.x86_shstk=on doesn’t work

2.30+git11-0.9.4:
[25691] stdio: Remove memory leak from multibyte conversion
[29530] segfault in printf handling thousands separator
[26211] printf integer overflow calculating allocation size
[14231] stdio-common tests memory requirements
malloc: Simplify implementation of __malloc_assert

2.30+git11-0.9.3: disable-crypt

2.30+git8-9.3: fixes CVE-2016-10228

2.30+git8-9.2:
+bug28524-2.31-e26a2db14191f3f6ed93612d8242876bf95d5921.patch
+0022-socket-Add-the-__sockaddr_un_set-function.patch
+bug24973-ee7a3144c9922808181009b7b3e50e852fb4999b.patch ( CVE-2019-25013 )
+bug22542-2.31-c4c833d3ddfc3420be71dd392655ec294ff8fc15.patch ( CVE-2022-23219 ) Fixes JB#57335
+bug22542-tst-2.31-412aaf15229ec6a362418682f339ef5c17801c65.patch
+shlib-compat.h-Support-compat_symb._ref.-for_ISOMACe5c8da982624482cb499f17b76a7b2ceb6880d9f
+bug28768-2.31-3ef8be9b89ef98300951741f381eb79126ac029f.patch ( CVE-2022-23218 ) Fixes JB#57362
+Add-xpthread_kill-2.32-a2539f5b1d4547389578ae08a952d984568f251e.patch

2.30+git7-8.2:
+librt-fix-NULL-pointer-dereference-bug-28213.patch ( CVE-2021-38604 )
+librt-add-test-bug28213.patch

2.30+git7-8.1:
Security related changes:
Fix an arbitrary read in wordexp() (CVE-2021-35942)

2.30+git7-8:
Security related changes:

CVE-2019-19126: ld.so failed to ignore the LD_PREFER_MAP_32BIT_EXEC
environment variable during program execution after a security
transition, allowing local attackers to restrict the possible mapping
addresses for loaded libraries and thus bypass ASLR for a setuid
program. Reported by Marcin Kościelnicki.

CVE-2020-10029: Trigonometric functions on x86 targets suffered from stack
corruption when they were passed a pseudo-zero argument. Reported by Guido
Vranken / ForAllSecure Mayhem.

CVE-2020-1751: A defect in the PowerPC backtrace function could cause an
out-of-bounds write when executed in a signal frame context.

CVE-2020-1752: A use-after-free vulnerability in the glob function when
expanding ~user has been fixed.

CVE-2020-29562: An assertion failure has been fixed in the iconv function
when invoked with UCS4 input containing an invalid character.

CVE-2021-33574: The mq_notify function has a potential use-after-free
issue when using a notification type of SIGEV_THREAD and a thread
attribute with a non-default affinity mask.

The following bugs are resolved with this release:

[20019] NULL pointer dereference in libc.so.6 IFUNC due to uninitialized GOT
[20543] Please move from .gnu.linkonce to comdat
[23296] Data race in setting function descriptor during lazy binding
[23518] login: Remove utmp backend jump tables
[24682] localedata: zh_CN first weekday should be Monday per GB/T
7408-2005
[24867] malloc: Remove unwanted leading whitespace in malloc_info
[24879] login: Disarm timer after utmp lock acquisition
[24880] login: Use struct flock64 in utmp
[24882] login: Acquire write lock early in pututline
[24986] alpha: new getegid, geteuid and getppid syscalls used
unconditionally
[24899] login: Add nonstring attributes to struct utmp, struct utmpx
[24902] login: pututxline could fail to overwrite existing entries
[25066] FAIL: nptl/tst-tls1 on hppa
[25189] Don’t use a custom wrapper macro around __has_include
[25203] libio: Disable vtable validation for pre-2.1 interposed handles
[25204] Ignore LD_PREFER_MAP_32BIT_EXEC for SUID programs
[25225] ld.so fails to link on x86 if GCC defaults to -fcf-protection
[25232] No const correctness for strchr et al. for Clang++
[25401] Remove incorrect alloc_size attribute from pvalloc
[25487] sinl() stack corruption from crafted input (CVE-2020-10029)
[25523] MIPS/Linux inline syscall template is miscompiled
[25635] arm: Wrong sysdep order selection for soft-fp
[25715] system() returns wrong errors when posix_spawn fails
[25810] x32: Incorrect syscall entries with pointer, off_t and size_t
[25896] Incorrect prctl
[25902] Bad LOADARGS_N
[25933] Off by one error in __strncmp_avx2
[25966] Incorrect access of __x86_shared_non_temporal_threshold for x32
[25976] nss_compat: internal_end*ent may clobber errno, hiding ERANGE
[27130] “rep movsb” performance issue
[27177] GLIBC_TUNABLES=glibc.cpu.x86_ibt=on:glibc.cpu.x86_shstk=on doesn’t work

2.30+git11-0.9.4:
[25691] stdio: Remove memory leak from multibyte conversion
[29530] segfault in printf handling thousands separator
[26211] printf integer overflow calculating allocation size
[14231] stdio-common tests memory requirements
malloc: Simplify implementation of __malloc_assert

2.30+git11-0.9.3: disable-crypt

2.30+git8-9.3: fixes CVE-2016-10228

2.30+git8-9.2:
+bug28524-2.31-e26a2db14191f3f6ed93612d8242876bf95d5921.patch
+0022-socket-Add-the-__sockaddr_un_set-function.patch
+bug24973-ee7a3144c9922808181009b7b3e50e852fb4999b.patch ( CVE-2019-25013 )
+bug22542-2.31-c4c833d3ddfc3420be71dd392655ec294ff8fc15.patch ( CVE-2022-23219 ) Fixes JB#57335
+bug22542-tst-2.31-412aaf15229ec6a362418682f339ef5c17801c65.patch
+shlib-compat.h-Support-compat_symb._ref.-for_ISOMACe5c8da982624482cb499f17b76a7b2ceb6880d9f
+bug28768-2.31-3ef8be9b89ef98300951741f381eb79126ac029f.patch ( CVE-2022-23218 ) Fixes JB#57362
+Add-xpthread_kill-2.32-a2539f5b1d4547389578ae08a952d984568f251e.patch

2.30+git7-8.2:
+librt-fix-NULL-pointer-dereference-bug-28213.patch
+librt-add-test-bug28213.patch

2.30+git7-8.1:
Security related changes:
Fix an arbitrary read in wordexp() (CVE-2021-35942)

2.30+git7-8:
Security related changes:

CVE-2019-19126: ld.so failed to ignore the LD_PREFER_MAP_32BIT_EXEC
environment variable during program execution after a security
transition, allowing local attackers to restrict the possible mapping
addresses for loaded libraries and thus bypass ASLR for a setuid
program. Reported by Marcin Kościelnicki.

CVE-2020-10029: Trigonometric functions on x86 targets suffered from stack
corruption when they were passed a pseudo-zero argument. Reported by Guido
Vranken / ForAllSecure Mayhem.

CVE-2020-1751: A defect in the PowerPC backtrace function could cause an
out-of-bounds write when executed in a signal frame context.

CVE-2020-1752: A use-after-free vulnerability in the glob function when
expanding ~user has been fixed.

CVE-2020-29562: An assertion failure has been fixed in the iconv function
when invoked with UCS4 input containing an invalid character.

CVE-2021-33574: The mq_notify function has a potential use-after-free
issue when using a notification type of SIGEV_THREAD and a thread
attribute with a non-default affinity mask.

The following bugs are resolved with this release:

[20019] NULL pointer dereference in libc.so.6 IFUNC due to uninitialized GOT
[20543] Please move from .gnu.linkonce to comdat
[23296] Data race in setting function descriptor during lazy binding
[23518] login: Remove utmp backend jump tables
[24682] localedata: zh_CN first weekday should be Monday per GB/T
7408-2005
[24867] malloc: Remove unwanted leading whitespace in malloc_info
[24879] login: Disarm timer after utmp lock acquisition
[24880] login: Use struct flock64 in utmp
[24882] login: Acquire write lock early in pututline
[24986] alpha: new getegid, geteuid and getppid syscalls used
unconditionally
[24899] login: Add nonstring attributes to struct utmp, struct utmpx
[24902] login: pututxline could fail to overwrite existing entries
[25066] FAIL: nptl/tst-tls1 on hppa
[25189] Don’t use a custom wrapper macro around __has_include
[25203] libio: Disable vtable validation for pre-2.1 interposed handles
[25204] Ignore LD_PREFER_MAP_32BIT_EXEC for SUID programs
[25225] ld.so fails to link on x86 if GCC defaults to -fcf-protection
[25232] No const correctness for strchr et al. for Clang++
[25401] Remove incorrect alloc_size attribute from pvalloc
[25487] sinl() stack corruption from crafted input (CVE-2020-10029)
[25523] MIPS/Linux inline syscall template is miscompiled
[25635] arm: Wrong sysdep order selection for soft-fp
[25715] system() returns wrong errors when posix_spawn fails
[25810] x32: Incorrect syscall entries with pointer, off_t and size_t
[25896] Incorrect prctl
[25902] Bad LOADARGS_N
[25933] Off by one error in __strncmp_avx2
[25966] Incorrect access of __x86_shared_non_temporal_threshold for x32
[25976] nss_compat: internal_end*ent may clobber errno, hiding ERANGE
[27130] “rep movsb” performance issue
[27177] GLIBC_TUNABLES=glibc.cpu.x86_ibt=on:glibc.cpu.x86_shstk=on doesn’t work