glibc-common (JollaPhone)

No votes yet

The glibc-common package includes common binaries for the GNU libc
libraries, as well as national language (locale) support.

sha256sum filename:
e6745ba5bc80c257fb813558a9c3d8a123c9465f63960e7a5a2aee9b44070653 glibc-common-2.30+git11-0.9.4.armv7hl.rpm



Application versions: 
File glibc-common- MB10/03/2018 - 16:32
File glibc-common-2.30git7-8.armv7hl.rpm4.75 MB30/06/2021 - 21:45
File glibc-common-2.30git7-8.1.armv7hl.rpm4.75 MB05/08/2021 - 20:55
File glibc-common-2.30git7-8.2.armv7hl.rpm4.75 MB19/08/2021 - 20:05
File glibc-common-2.30git8-9.2.armv7hl.rpm4.75 MB04/02/2022 - 21:07
File glibc-common-2.30git8-9.3.armv7hl.rpm4.75 MB23/03/2022 - 03:06
File glibc-common-2.30git11-0.9.3.armv7hl.rpm4.75 MB05/04/2022 - 02:01
File glibc-common-2.30git11-0.9.4.armv7hl.rpm4.75 MB05/09/2022 - 21:37

[25691] stdio: Remove memory leak from multibyte conversion
[29530] segfault in printf handling thousands separator
[26211] printf integer overflow calculating allocation size
[14231] stdio-common tests memory requirements
malloc: Simplify implementation of __malloc_assert

2.30+git11-0.9.3: disable-crypt

2.30+git8-9.3: fixes CVE-2016-10228

+bug24973-ee7a3144c9922808181009b7b3e50e852fb4999b.patch ( CVE-2019-25013 )
+bug22542-2.31-c4c833d3ddfc3420be71dd392655ec294ff8fc15.patch ( CVE-2022-23219 ) Fixes JB#57335
+bug28768-2.31-3ef8be9b89ef98300951741f381eb79126ac029f.patch ( CVE-2022-23218 ) Fixes JB#57362

+librt-fix-NULL-pointer-dereference-bug-28213.patch ( CVE-2021-38604 )

Security related changes:
Fix an arbitrary read in wordexp() (CVE-2021-35942)

Security related changes:

CVE-2019-19126: failed to ignore the LD_PREFER_MAP_32BIT_EXEC
environment variable during program execution after a security
transition, allowing local attackers to restrict the possible mapping
addresses for loaded libraries and thus bypass ASLR for a setuid
program. Reported by Marcin KoŇõcielnicki.

CVE-2020-10029: Trigonometric functions on x86 targets suffered from stack
corruption when they were passed a pseudo-zero argument. Reported by Guido
Vranken / ForAllSecure Mayhem.

CVE-2020-1751: A defect in the PowerPC backtrace function could cause an
out-of-bounds write when executed in a signal frame context.

CVE-2020-1752: A use-after-free vulnerability in the glob function when
expanding ~user has been fixed.

CVE-2020-29562: An assertion failure has been fixed in the iconv function
when invoked with UCS4 input containing an invalid character.

CVE-2021-33574: The mq_notify function has a potential use-after-free
issue when using a notification type of SIGEV_THREAD and a thread
attribute with a non-default affinity mask.

The following bugs are resolved with this release:

[20019] NULL pointer dereference in IFUNC due to uninitialized GOT
[20543] Please move from .gnu.linkonce to comdat
[23296] Data race in setting function descriptor during lazy binding
[23518] login: Remove utmp backend jump tables
[24682] localedata: zh_CN first weekday should be Monday per GB/T
[24867] malloc: Remove unwanted leading whitespace in malloc_info
[24879] login: Disarm timer after utmp lock acquisition
[24880] login: Use struct flock64 in utmp
[24882] login: Acquire write lock early in pututline
[24986] alpha: new getegid, geteuid and getppid syscalls used
[24899] login: Add nonstring attributes to struct utmp, struct utmpx
[24902] login: pututxline could fail to overwrite existing entries
[25066] FAIL: nptl/tst-tls1 on hppa
[25189] Don't use a custom wrapper macro around __has_include
[25203] libio: Disable vtable validation for pre-2.1 interposed handles
[25204] Ignore LD_PREFER_MAP_32BIT_EXEC for SUID programs
[25225] fails to link on x86 if GCC defaults to -fcf-protection
[25232] No const correctness for strchr et al. for Clang++
[25401] Remove incorrect alloc_size attribute from pvalloc
[25487] sinl() stack corruption from crafted input (CVE-2020-10029)
[25523] MIPS/Linux inline syscall template is miscompiled
[25635] arm: Wrong sysdep order selection for soft-fp
[25715] system() returns wrong errors when posix_spawn fails
[25810] x32: Incorrect syscall entries with pointer, off_t and size_t
[25896] Incorrect prctl
[25902] Bad LOADARGS_N
[25933] Off by one error in __strncmp_avx2
[25966] Incorrect access of __x86_shared_non_temporal_threshold for x32
[25976] nss_compat: internal_end*ent may clobber errno, hiding ERANGE
[27130] "rep movsb" performance issue
[27177] GLIBC_TUNABLES=glibc.cpu.x86_ibt=on:glibc.cpu.x86_shstk=on doesn't work