[Git][glibc-team/glibc][bookworm] 8 commits: debian/patches/any/local-CVE-2024-2961-iso-2022-cn-ext.diff: Fix out-of-bound...

Aurelien Jarno pushed to branch bookworm at GNU Libc Maintainers / glibc

Commits:

3ee63d1c

by Aurelien Jarno at 2024-04-19T18:33:08+02:00

debian/patches/any/local-CVE-2024-2961-iso-2022-cn-ext.diff: Fix out-of-bound writes when writing escape sequence in iconv ISO-2022-CN-EXT module (CVE-2024-2961).  Closes: #1069191.

20fa9ac6
by Aurelien Jarno at 2024-04-19T18:34:28+02:00
```
releasing package glibc version 2.36-9+deb12u6
```

df18fa3b

by Aurelien Jarno at 2024-04-30T21:36:35+02:00

debian/patches/local-CVE-2024-33599-nscd.diff: Fix a stack-based buffer overflow in nscd netgroup cache (CVE-2024-33599).

7250dfd1

by Aurelien Jarno at 2024-04-30T21:45:47+02:00

debian/patches/local-CVE-2024-33600-nscd.diff: Fix a null pointer dereferences in nscd after failed netgroup cache insertion (CVE-2024-33600).

83f48ffd

by Aurelien Jarno at 2024-04-30T21:45:47+02:00

debian/patches/any/local-CVE-2024-33601-33602-nscd.diff: Fix a DoS in nscd in case of memory allocation failure (CVE-2024-33601) and a memory corruption in nscd when the underlying NSS callback function does not use the buffer space to store all strings (CVE-2024-33602).

99e5fc90
by Aurelien Jarno at 2024-04-30T23:07:38+02:00
```
releasing package glibc version 2.36-9+deb12u7
```
65086b4d
by Aurelien Jarno at 2024-04-30T23:13:50+02:00
```
releasing package glibc version 2.36-9+deb12u7
```

e0351e4b

by Aurelien Jarno at 2024-07-22T22:14:12+02:00

debian/patches/git-updates.diff: update from upstream stable branch:

* debian/patches/git-updates.diff: update from upstream stable branch:
  - debian/patches/kfreebsd/submitted-auxv.diff: refreshed.
  - debian/patches/any/local-CVE-2024-2961-iso-2022-cn-ext.diff: upstreamed.
  - debian/patches/any/local-CVE-2024-33599-nscd.diff: upstreamed.
  - debian/patches/any/local-CVE-2024-33600-nscd.diff: upstreamed.
  - debian/patches/any/local-CVE-2024-33601-33602-nscd.diff: upstreamed.
  - Fixes ffsll() performance issue depending on code alignment.
  - Fixes memmove/memset on sparc32.
  - Fixes pthread_cancel on sparc32.
  - Fixes a possible crash in _dl_start_user on arm32.
  - Fixes poor malloc/free performance due to lock contentions between
    threads when using core pinning.
  - Uses 64-bit time_t in testsuite on 32-bit systems.
  - Fixes rseq support when built against newer kernel headers.
  - Performance improvements for string functions on arm64.
  - Disables arm64 SVE functions on kernel <= 6.2.0 due to performance
    issues.
  - Fixes ld.so crash on powerpc64* when built with GCC 14.
  - Fixes ld.so crash on amd64 when built with APX enabled.
  - Fixes __WORDSIZE definition on sparc32 with sparcv9.
  - Fixes getutxent() on 32-bit architecture with _TIME_BITS=64.
  - Fixes y2038 regression in nscd following CVE-2024-33601 and
    CVE-2024-33602 fix.
  - Fixes build with --enable-hardcoded-path-in-tests with newer linkers.
  - Fixes crash in wcsncmp() in z13/vector-optimized s390 implementation.
  - Fixes rseq extension mechanism.
  - Fixes misc/tst-preadvwritev2 and misc/tst-preadvwritev64v2 with kernel
    6.9+.
  - Fixes freeing uninitialized memory in libc_freeres_fn().  Closes:
    #1073916.

1 changed file:

debian/changelog