glibc (JollaPhone)

No votes yet

The glibc package contains standard libraries which are used by
multiple programs on the system. In order to save disk space and
memory, as well as to make upgrading easier, common system code is
kept in one place and shared between programs. This particular package
contains the most important sets of shared libraries: the standard C
library and the standard math library. Without these two libraries, a
Linux system will not function.

sha256sum filename:
0bb070e8275f25ad52d7940096788a4942c3e4e9155e3d948007aee0084d9d8d glibc-2.30+git11-0.9.4.armv7hl.rpm


Application versions: 
File glibc- MB10/03/2018 - 16:37
File glibc-2.30git7-8.armv7hl.rpm2.27 MB30/06/2021 - 21:47
File glibc-2.30git7-8.1.armv7hl.rpm2.27 MB05/08/2021 - 20:56
File glibc-2.30git7-8.2.armv7hl.rpm2.27 MB19/08/2021 - 20:06
File glibc-2.30git8-9.2.armv7hl.rpm2.27 MB04/02/2022 - 21:09
File glibc-2.30git8-9.3.armv7hl.rpm2.27 MB23/03/2022 - 03:08
File libxcrypt-compat-4.4.23git1-1.2.1.jolla_.armv7hl.rpm97.7 KB05/04/2022 - 02:02
File libxcrypt-4.4.23git1-1.2.1.jolla_.armv7hl.rpm114.4 KB05/04/2022 - 02:02
File glibc-2.30git11-0.9.3.armv7hl.rpm2.26 MB05/04/2022 - 02:05
File glibc-2.30git11-0.9.4.armv7hl.rpm2.26 MB05/09/2022 - 21:38

[25691] stdio: Remove memory leak from multibyte conversion
[29530] segfault in printf handling thousands separator
[26211] printf integer overflow calculating allocation size
[14231] stdio-common tests memory requirements
malloc: Simplify implementation of __malloc_assert

2.30+git11-0.9.3: disable-crypt

2.30+git8-9.3: fixes CVE-2016-10228

+bug24973-ee7a3144c9922808181009b7b3e50e852fb4999b.patch ( CVE-2019-25013 )
+bug22542-2.31-c4c833d3ddfc3420be71dd392655ec294ff8fc15.patch ( CVE-2022-23219 ) Fixes JB#57335
+bug28768-2.31-3ef8be9b89ef98300951741f381eb79126ac029f.patch ( CVE-2022-23218 ) Fixes JB#57362

+librt-fix-NULL-pointer-dereference-bug-28213.patch ( CVE-2021-38604 )

Security related changes:
Fix an arbitrary read in wordexp() (CVE-2021-35942)

Security related changes:

CVE-2019-19126: failed to ignore the LD_PREFER_MAP_32BIT_EXEC
environment variable during program execution after a security
transition, allowing local attackers to restrict the possible mapping
addresses for loaded libraries and thus bypass ASLR for a setuid
program. Reported by Marcin KoŇõcielnicki.

CVE-2020-10029: Trigonometric functions on x86 targets suffered from stack
corruption when they were passed a pseudo-zero argument. Reported by Guido
Vranken / ForAllSecure Mayhem.

CVE-2020-1751: A defect in the PowerPC backtrace function could cause an
out-of-bounds write when executed in a signal frame context.

CVE-2020-1752: A use-after-free vulnerability in the glob function when
expanding ~user has been fixed.

CVE-2020-29562: An assertion failure has been fixed in the iconv function
when invoked with UCS4 input containing an invalid character.

CVE-2021-33574: The mq_notify function has a potential use-after-free
issue when using a notification type of SIGEV_THREAD and a thread
attribute with a non-default affinity mask.

The following bugs are resolved with this release:

[20019] NULL pointer dereference in IFUNC due to uninitialized GOT
[20543] Please move from .gnu.linkonce to comdat
[23296] Data race in setting function descriptor during lazy binding
[23518] login: Remove utmp backend jump tables
[24682] localedata: zh_CN first weekday should be Monday per GB/T
[24867] malloc: Remove unwanted leading whitespace in malloc_info
[24879] login: Disarm timer after utmp lock acquisition
[24880] login: Use struct flock64 in utmp
[24882] login: Acquire write lock early in pututline
[24986] alpha: new getegid, geteuid and getppid syscalls used
[24899] login: Add nonstring attributes to struct utmp, struct utmpx
[24902] login: pututxline could fail to overwrite existing entries
[25066] FAIL: nptl/tst-tls1 on hppa
[25189] Don't use a custom wrapper macro around __has_include
[25203] libio: Disable vtable validation for pre-2.1 interposed handles
[25204] Ignore LD_PREFER_MAP_32BIT_EXEC for SUID programs
[25225] fails to link on x86 if GCC defaults to -fcf-protection
[25232] No const correctness for strchr et al. for Clang++
[25401] Remove incorrect alloc_size attribute from pvalloc
[25487] sinl() stack corruption from crafted input (CVE-2020-10029)
[25523] MIPS/Linux inline syscall template is miscompiled
[25635] arm: Wrong sysdep order selection for soft-fp
[25715] system() returns wrong errors when posix_spawn fails
[25810] x32: Incorrect syscall entries with pointer, off_t and size_t
[25896] Incorrect prctl
[25902] Bad LOADARGS_N
[25933] Off by one error in __strncmp_avx2
[25966] Incorrect access of __x86_shared_non_temporal_threshold for x32
[25976] nss_compat: internal_end*ent may clobber errno, hiding ERANGE
[27130] "rep movsb" performance issue
[27177] GLIBC_TUNABLES=glibc.cpu.x86_ibt=on:glibc.cpu.x86_shstk=on doesn't work