date:20160216

Processed: Bug#814958 marked as pending

2016-02-16 Thread Debian Bug Tracking System

Processing commands for cont...@bugs.debian.org:

> tag 814958 pending
Bug #814958 [glibc] glibc: FTBFS[kfreebsd]: misc/bug18240 timed out
Ignoring request to alter tags of bug #814958 to the same tags previously set
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
814958: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=814958
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Bug#814958 marked as pending

2016-02-16 Thread Debian Bug Tracking System

Processing commands for cont...@bugs.debian.org:

> tag 814958 pending
Bug #814958 [glibc] glibc: FTBFS[kfreebsd]: misc/bug18240 timed out
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
814958: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=814958
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

[glibc] 02/02: Add bug number

2016-02-16 Thread Aurelien Jarno

This is an automated email from the git hooks/post-receive script.

aurel32 pushed a commit to branch glibc-2.22
in repository glibc.

commit ffda95b5035aa82fd2067bf8a5212f683f902cea
Author: Aurelien Jarno 
Date:   Wed Feb 17 08:51:44 2016 +0100

Add bug number
---
 debian/changelog | 1 +
 1 file changed, 1 insertion(+)

diff --git a/debian/changelog b/debian/changelog
index 35bcd23..f10ec91 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,7 @@ glibc (2.22-0experimental3) experimental; urgency=medium
   [ Aurelien Jarno ]
   * Update from upstream stable branch:
 - Fixes bug18240 failing with a timeout on machines with a lot of swap.
+  Closes: #814958.
 
  -- Aurelien Jarno   Tue, 16 Feb 2016 23:16:18 +0100
 

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/pkg-glibc/glibc.git

[glibc] 01/02: releasing package glibc version 2.22-0experimental3

2016-02-16 Thread Aurelien Jarno

This is an automated email from the git hooks/post-receive script.

aurel32 pushed a commit to branch glibc-2.22
in repository glibc.

commit fbe60319cc4cce1843e1cc4de4950abe509b2204
Author: Aurelien Jarno 
Date:   Tue Feb 16 23:16:38 2016 +0100

releasing package glibc version 2.22-0experimental3
---
 debian/changelog | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 0d7d2c6..35bcd23 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,10 +1,10 @@
-glibc (2.22-0experimental3) UNRELEASED; urgency=medium
+glibc (2.22-0experimental3) experimental; urgency=medium
 
   [ Aurelien Jarno ]
   * Update from upstream stable branch:
 - Fixes bug18240 failing with a timeout on machines with a lot of swap.
 
- -- Aurelien Jarno   Tue, 16 Feb 2016 15:20:32 +0100
+ -- Aurelien Jarno   Tue, 16 Feb 2016 23:16:18 +0100
 
 glibc (2.22-0experimental2) experimental; urgency=medium
 

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/pkg-glibc/glibc.git

[glibc] 01/01: Add bug number

2016-02-16 Thread Aurelien Jarno

This is an automated email from the git hooks/post-receive script.

aurel32 pushed a commit to branch sid
in repository glibc.

commit cbbd29ff3942d2ea86eebc37445bd048c9fa3953
Author: Aurelien Jarno 
Date:   Wed Feb 17 08:49:59 2016 +0100

Add bug number
---
 debian/changelog | 1 +
 1 file changed, 1 insertion(+)

diff --git a/debian/changelog b/debian/changelog
index d5b637f..fb38e7c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,7 @@ glibc (2.21-9) UNRELEASED; urgency=medium
   [ Aurelien Jarno ]
   * Update from upstream stable branch:
 - Fixes bug18240 failing with a timeout on machines with a lot of swap.
+  Closes: #814958.
 
  -- Aurelien Jarno   Tue, 16 Feb 2016 15:20:12 +0100
 

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/pkg-glibc/glibc.git

Bug#814958: glibc: FTBFS[kfreebsd]: misc/bug18240 timed out

2016-02-16 Thread Steven Chamberlain

Steven Chamberlain wrote:
> Unfortunately gdb on kfreebsd doesn't handle threads very well, [...]

I changed the test runner to send a SIGABRT instead of SIGKILL;  then
gdb returns a trace of the thread we are interested in:

| #0  memset () at ../sysdeps/x86_64/memset.S:93
| No locals.
| #1  0x00080089bbf0 in alloc_perturb (n=, p=) at malloc.c:1864
| No locals.
| #2  _int_malloc (av=av@entry=0x800b84b40 , 
bytes=bytes@entry=51539607552) at malloc.c:3796
| iters = 
| nb = 
| idx = 
| bin = 
| victim = 
| size = 
| victim_index = 
| remainder = 
| remainder_size = 
| block = 
| bit = 
| map = 
| fwd = 
| bck = 
| errstr = 0x0
| __func__ = "_int_malloc"
| #3  0x00080089e581 in __libc_calloc (n=, 
elem_size=) at malloc.c:3213
| av = 0x800b84b40 
| oldtop = 0x606250
| p = 
| bytes = 51539607552
| sz = 51539607552
| csz = 
| oldtopsize = 130480
| mem = 
| clearsize = 
| nclears = 
| d = 
| hook = 
| __func__ = "__libc_calloc"
| #4  0x00080090006e in __GI_hcreate_r (nel=, 
htab=0x800b873d0 ) at hsearch_r.c:99
| No locals.
| #5  0x00401187 in test_size (size=2147483645) at 
../../misc/bug18240.c:29

The problem is the large memory allocation by hcreate(INT_MAX-2), when
M_PERTURB option is also set (by test-skeleton.c).  It takes some time
allocating and zeroing that memory, until the 2-second timeout is
reached, or memory exhausted.

A more condensed testcase is:

#include 
#include 

int main() {
  mallopt (M_PERTURB, 42);
  int res = hcreate(2147483645);
  return 0;
}

$ LD_LIBRARY_PATH=. /usr/bin/time ./testcase
Command terminated by signal 9
0.70user 2.75system 0:04.11elapsed 84%CPU (17avgtext+589avgdata 
5981064maxresident)k
0inputs+0outputs (0major+1492254minor)pagefaults 0swaps

Regards,
-- 
Steven Chamberlain
ste...@pyro.eu.org


signature.asc
Description: Digital signature

Bug#814958: glibc: FTBFS[kfreebsd]: misc/bug18240 timed out

2016-02-16 Thread Steven Chamberlain

Package: glibc
Version: 2.21-8
Severity: important
User: debian-...@lists.debian.org
Usertags: kfreebsd
X-Debbugs-Cc: debian-...@lists.debian.org

| misc/bug18240
| +-+
| TEST misc/bug18240:
| Timed out: killed the child process
https://buildd.debian.org/status/fetch.php?pkg=glibc=kfreebsd-amd64=2.21-8=1455647345

Christoph Egger wrote:
> Also I noticed the unstable upload to fix this (-8) fails due to
> testsuite regressions .. it seems the package got some unrelated[0]
> updates between -7 and -8 so not completely sure what caused this yet.
> [0] 
> https://anonscm.debian.org/cgit/pkg-glibc/glibc.git/commit/?id=6a0c9c0a8e4c94e7028cf908482e0224664db510

That commit added a new test misc/bug18240 which fails reliably for me
on kfreebsd-amd64.

With glibc -7, the testcase crashes with SIGSEGV, which is the bug
that is now fixed.  With -8 however, the testcase 'times out' after 2
seconds not really doing anything.

Compiling misc/bug18240.c as a single-threaded executable, it takes
<0.01 seconds to succesfully run and return 0.

When misc/bug18240 is compiled with test-skeleton.c, the code under test
runs in a separate thread (ID 101060 below), which just hangs until the
test runner (thread ID 102564) kills it.

Unfortunately gdb on kfreebsd doesn't handle threads very well, but
here's a ktrace at least:

| 7705 102564 bug18240 0.000842 CALL  fork
| 7705 102564 bug18240 0.000892 RET   fork 7706/0x1e1a
| 7706 101060 bug18240 0.000918 RET   fork 0
| 7705 102564 bug18240 0.000924 CALL  
sigaction(SIGALRM,0x7fffe410,0x7fffe430)
| 7706 101060 bug18240 0.000931 CALL  getpid
| 7705 102564 bug18240 0.000931 RET   sigaction 0
| 7706 101060 bug18240 0.000961 RET   getpid 7706/0x1e1a
| 7705 102564 bug18240 0.000971 CALL  setitimer(0,0x7fffe430,0x7fffe410)
| 7706 101060 bug18240 0.000973 CALL  thr_self(0x800624d90)
| 7705 102564 bug18240 0.000980 RET   setitimer 0
| 7706 101060 bug18240 0.000988 RET   thr_self 0
| 7705 102564 bug18240 0.000991 CALL  
sigaction(SIGINT,0x7fffe410,0x7fffe430)
| 7705 102564 bug18240 0.001007 RET   sigaction 0
| 7705 102564 bug18240 0.001013 CALL  wait4(0x1e1a,0x7fffe470,0,0)
| 7706 101060 bug18240 0.001022 CALL  setrlimit(RLIMIT_CORE,0x7fffe460)
| 7706 101060 bug18240 0.001030 RET   setrlimit 0
| 7706 101060 bug18240 0.001036 CALL  getrlimit(RLIMIT_DATA,0x7fffe470)
| 7706 101060 bug18240 0.001041 RET   getrlimit 0
| 7706 101060 bug18240 0.001056 CALL  setrlimit(RLIMIT_DATA,0x7fffe470)
| 7706 101060 bug18240 0.001062 RET   setrlimit 0
| 7706 101060 bug18240 0.001068 CALL  setpgid(0,0)
| 7706 101060 bug18240 0.001074 RET   setpgid 0
| 7706 101060 bug18240 0.001085 CALL  break(0x625210)
| 7706 101060 bug18240 0.001092 RET   break 0
| 7706 101060 bug18240 0.001101 CALL  break(0x626000)
| 7706 101060 bug18240 0.001109 RET   break 0
| 7706 101060 bug18240 0.001255 CALL  
mmap(0,0xc1000,0x3,0x1002

Re: Bug #808205 inappropriately marked as closed

2016-02-16 Thread Greg Alexander

Thank you, Aurelien, for the informative answer.

crt is the single most popular static object on a Unix system, and libc6
is also one of the most popular dependencies.  As a pragmatic matter,
don't mark all of them, just mark the one that will get in the way of
every single user.  Breaking the ELF file format itself is not something
to be done carelessly or shrugged off.  The plan does not need to be
perfect but it can be a bit better than "meh."

In other words, have any of the other affected packages received 4
reports of this issue already?

And the idea that partial upgrades are not supported is a farce.  I've
been doing partial upgrades on Debian for 21 years now, and the places
where they are broken are few and far between -- on this issue, today,
glibc is underperforming compared to the vast majority of Debian.  Debian
is unique in having such a robust dependency system.  To fail on a
partial upgrade is forgivable, but it is not unavoidable.

Disagree with me if you want, but you are talking to the man who invented
dpkg --force-all. :)  They told me I was crazy, but I didn't listen!  No
one can resist!  I bet you even use dpkg --force-all yourself, and why
would you do that if not for partial upgrades??  MWAHAHAHAH!!  (evil mad
scientist laugh)

Mark my words: You will hear more about this from other users before the
week is up.  This is the last from me though!

Carry on,
- Greg

On Tue, Feb 16, 2016 at 10:50:18PM +0100, Aurelien Jarno wrote:
> On 2016-02-16 16:11, Greg Alexander wrote:
> > Hi -
> > 
> > Sorry that I am not up on all of the details, but I have run into a bug
> > that had already -- and incorrectly -- been marked closed.  Many more
> > people will be running into the same issue soon because of
> > CVE-2015-7547-inspired updates over the next few days.
> > 
> > Bug #808205 seems to be a version dependency between glibc and binutils
> > that, from a user's perspective, breaks all compiles if binutils is not
> > new enough.  It seems that the bug was closed because the proper version
> > of binutils became available.  The good news is that I can confirm that
> > upgrading binutils "fixes" the issue.
> > 
> > However, apt is capable of resolving this issue before it presents to the
> > user.  Off the top of my head, I think the "Breaks:" line needs an entry
> > like "binutils (<< 2.25.90.20151219-1)" (but I am no apt guru).  The
> > issue has definitely not been fixed if everyone updating glibc has to
> > google the bug report to know to upgrade binutils.
> 
> This is nothing specific to glibc, but affects all static libraries.
> This doesn't seem to make sense to fix thousand of source packages just
> because of that, so it has been decided that we won't add a breaks
> entry. In general partial upgrades are not supported.
> 
> -- 
> Aurelien Jarno  GPG: 4096R/1DDD8C9B
> aurel...@aurel32.net http://www.aurel32.net

Re: Bug #808205 inappropriately marked as closed

2016-02-16 Thread Aurelien Jarno

On 2016-02-16 16:11, Greg Alexander wrote:
> Hi -
> 
> Sorry that I am not up on all of the details, but I have run into a bug
> that had already -- and incorrectly -- been marked closed.  Many more
> people will be running into the same issue soon because of
> CVE-2015-7547-inspired updates over the next few days.
> 
> Bug #808205 seems to be a version dependency between glibc and binutils
> that, from a user's perspective, breaks all compiles if binutils is not
> new enough.  It seems that the bug was closed because the proper version
> of binutils became available.  The good news is that I can confirm that
> upgrading binutils "fixes" the issue.
> 
> However, apt is capable of resolving this issue before it presents to the
> user.  Off the top of my head, I think the "Breaks:" line needs an entry
> like "binutils (<< 2.25.90.20151219-1)" (but I am no apt guru).  The
> issue has definitely not been fixed if everyone updating glibc has to
> google the bug report to know to upgrade binutils.

This is nothing specific to glibc, but affects all static libraries.
This doesn't seem to make sense to fix thousand of source packages just
because of that, so it has been decided that we won't add a breaks
entry. In general partial upgrades are not supported.

-- 
Aurelien Jarno  GPG: 4096R/1DDD8C9B
aurel...@aurel32.net http://www.aurel32.net

Bug #808205 inappropriately marked as closed

2016-02-16 Thread Greg Alexander

Hi -

Sorry that I am not up on all of the details, but I have run into a bug
that had already -- and incorrectly -- been marked closed.  Many more
people will be running into the same issue soon because of
CVE-2015-7547-inspired updates over the next few days.

Bug #808205 seems to be a version dependency between glibc and binutils
that, from a user's perspective, breaks all compiles if binutils is not
new enough.  It seems that the bug was closed because the proper version
of binutils became available.  The good news is that I can confirm that
upgrading binutils "fixes" the issue.

However, apt is capable of resolving this issue before it presents to the
user.  Off the top of my head, I think the "Breaks:" line needs an entry
like "binutils (<< 2.25.90.20151219-1)" (but I am no apt guru).  The
issue has definitely not been fixed if everyone updating glibc has to
google the bug report to know to upgrade binutils.

For what it's worth, my system is woody migrated to unstable on an
as-needed basis.  This is the power of apt's dependency system.
Learn it.  Use it.  Love it.  Are we not apt users?  We are Debian!

Thanks,
- Greg

eglibc_2.13-38+deb7u10_all.changes ACCEPTED into oldstable-proposed-updates->oldstable-new

2016-02-16 Thread Debian FTP Masters

Mapping oldstable-security to oldstable-proposed-updates.

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 11 Feb 2016 23:11:53 +0100
Source: eglibc
Binary: libc-bin libc-dev-bin glibc-doc eglibc-source locales locales-all nscd 
multiarch-support libc6 libc6-dev libc6-dbg libc6-prof libc6-pic libc6-udeb 
libc6.1 libc6.1-dev libc6.1-dbg libc6.1-prof libc6.1-pic libc6.1-udeb libc0.3 
libc0.3-dev libc0.3-dbg libc0.3-prof libc0.3-pic libc0.3-udeb libc0.1 
libc0.1-dev libc0.1-dbg libc0.1-prof libc0.1-pic libc0.1-udeb libc6-i386 
libc6-dev-i386 libc6-sparc64 libc6-dev-sparc64 libc6-s390 libc6-dev-s390 
libc6-s390x libc6-dev-s390x libc6-amd64 libc6-dev-amd64 libc6-powerpc 
libc6-dev-powerpc libc6-ppc64 libc6-dev-ppc64 libc6-mipsn32 libc6-dev-mipsn32 
libc6-mips64 libc6-dev-mips64 libc0.1-i386 libc0.1-dev-i386 libc6-i686 
libc6-xen libc0.1-i686 libc0.3-i686 libc0.3-xen libc6.1-alphaev67 
libc6-loongson2f libnss-dns-udeb libnss-files-udeb
Architecture: source all amd64
Version: 2.13-38+deb7u10
Distribution: wheezy-security
Urgency: medium
Maintainer: GNU Libc Maintainers 
Changed-By: Aurelien Jarno 
Description: 
 eglibc-source - Embedded GNU C Library: sources
 glibc-doc  - Embedded GNU C Library: Documentation
 libc-bin   - Embedded GNU C Library: Binaries
 libc-dev-bin - Embedded GNU C Library: Development binaries
 libc0.1- Embedded GNU C Library: Shared libraries
 libc0.1-dbg - Embedded GNU C Library: detached debugging symbols
 libc0.1-dev - Embedded GNU C Library: Development Libraries and Header Files
 libc0.1-dev-i386 - Embedded GNU C Library: 32bit development libraries for 
AMD64
 libc0.1-i386 - Embedded GNU C Library: 32bit shared libraries for AMD64
 libc0.1-i686 - Embedded GNU C Library: Shared libraries [i686 optimized]
 libc0.1-pic - Embedded GNU C Library: PIC archive library
 libc0.1-prof - Embedded GNU C Library: Profiling Libraries
 libc0.1-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libc0.3- Embedded GNU C Library: Shared libraries
 libc0.3-dbg - Embedded GNU C Library: detached debugging symbols
 libc0.3-dev - Embedded GNU C Library: Development Libraries and Header Files
 libc0.3-i686 - Embedded GNU C Library: Shared libraries [i686 optimized]
 libc0.3-pic - Embedded GNU C Library: PIC archive library
 libc0.3-prof - Embedded GNU C Library: Profiling Libraries
 libc0.3-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libc0.3-xen - Embedded GNU C Library: Shared libraries [Xen version]
 libc6  - Embedded GNU C Library: Shared libraries
 libc6-amd64 - Embedded GNU C Library: 64bit Shared libraries for AMD64
 libc6-dbg  - Embedded GNU C Library: detached debugging symbols
 libc6-dev  - Embedded GNU C Library: Development Libraries and Header Files
 libc6-dev-amd64 - Embedded GNU C Library: 64bit Development Libraries for AMD64
 libc6-dev-i386 - Embedded GNU C Library: 32-bit development libraries for AMD64
 libc6-dev-mips64 - Embedded GNU C Library: 64bit Development Libraries for 
MIPS64
 libc6-dev-mipsn32 - Embedded GNU C Library: n32 Development Libraries for 
MIPS64
 libc6-dev-powerpc - Embedded GNU C Library: 32bit powerpc development 
libraries for p
 libc6-dev-ppc64 - Embedded GNU C Library: 64bit Development Libraries for 
PowerPC64
 libc6-dev-s390 - Embedded GNU C Library: 32bit Development Libraries for IBM 
zSeri
 libc6-dev-s390x - Embedded GNU C Library: 64bit Development Libraries for IBM 
zSeri
 libc6-dev-sparc64 - Embedded GNU C Library: 64bit Development Libraries for 
UltraSPAR
 libc6-i386 - Embedded GNU C Library: 32-bit shared libraries for AMD64
 libc6-i686 - Embedded GNU C Library: Shared libraries [i686 optimized]
 libc6-loongson2f - Embedded GNU C Library: Shared libraries (Loongson 2F 
optimized)
 libc6-mips64 - Embedded GNU C Library: 64bit Shared libraries for MIPS64
 libc6-mipsn32 - Embedded GNU C Library: n32 Shared libraries for MIPS64
 libc6-pic  - Embedded GNU C Library: PIC archive library
 libc6-powerpc - Embedded GNU C Library: 32bit powerpc shared libraries for 
ppc64
 libc6-ppc64 - Embedded GNU C Library: 64bit Shared libraries for PowerPC64
 libc6-prof - Embedded GNU C Library: Profiling Libraries
 libc6-s390 - Embedded GNU C Library: 32bit Shared libraries for IBM zSeries
 libc6-s390x - Embedded GNU C Library: 64bit Shared libraries for IBM zSeries
 libc6-sparc64 - Embedded GNU C Library: 64bit Shared libraries for UltraSPARC
 libc6-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libc6-xen  - Embedded GNU C Library: Shared libraries [Xen version]
 libc6.1- Embedded GNU C Library: Shared libraries
 libc6.1-alphaev67 - Embedded GNU C Library: Shared libraries (EV67 optimized)
 libc6.1-dbg - Embedded GNU C Library: detached debugging symbols
 libc6.1-dev - Embedded GNU C Library: Development Libraries and Header Files
 libc6.1-pic - Embedded GNU C Library: PIC archive library
 libc6.1-prof - Embedded GNU C

Processing of eglibc_2.13-38+deb7u10_all.changes

2016-02-16 Thread Debian FTP Masters

eglibc_2.13-38+deb7u10_all.changes uploaded successfully to localhost
along with the files:
  eglibc_2.13-38+deb7u10.dsc
  eglibc_2.13-38+deb7u10.diff.gz
  glibc-doc_2.13-38+deb7u10_all.deb
  eglibc-source_2.13-38+deb7u10_all.deb
  locales_2.13-38+deb7u10_all.deb

Greetings,

Your Debian queue daemon (running on host franck.debian.org)

[glibc] branch glibc-2.22 updated (6037464 -> a6da622)

2016-02-16 Thread Aurelien Jarno

This is an automated email from the git hooks/post-receive script.

aurel32 pushed a change to branch glibc-2.22
in repository glibc.

  from  6037464   releasing package glibc version 2.22-0experimental2
   new  a6da622   New changelog entry

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Summary of changes:
 debian/changelog | 6 ++
 1 file changed, 6 insertions(+)

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/pkg-glibc/glibc.git

[glibc] branch sid updated (a96b646 -> 28419c6)

2016-02-16 Thread Aurelien Jarno

This is an automated email from the git hooks/post-receive script.

aurel32 pushed a change to branch sid
in repository glibc.

  from  a96b646   releasing package glibc version 2.21-8
   new  28419c6   New changelog entry

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Summary of changes:
 debian/changelog | 6 ++
 1 file changed, 6 insertions(+)

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/pkg-glibc/glibc.git

Processing of eglibc_2.11.3-4+deb6u11_multi.changes

2016-02-16 Thread Debian FTP Masters

eglibc_2.11.3-4+deb6u11_multi.changes uploaded successfully to localhost
along with the files:
  eglibc_2.11.3-4+deb6u11.dsc
  eglibc_2.11.3-4+deb6u11.diff.gz
  glibc-doc_2.11.3-4+deb6u11_all.deb
  eglibc-source_2.11.3-4+deb6u11_all.deb
  locales_2.11.3-4+deb6u11_all.deb
  libc6_2.11.3-4+deb6u11_amd64.deb
  libc6-dev_2.11.3-4+deb6u11_amd64.deb
  libc6-prof_2.11.3-4+deb6u11_amd64.deb
  libc6-pic_2.11.3-4+deb6u11_amd64.deb
  libc-bin_2.11.3-4+deb6u11_amd64.deb
  libc-dev-bin_2.11.3-4+deb6u11_amd64.deb
  locales-all_2.11.3-4+deb6u11_amd64.deb
  libc6-i386_2.11.3-4+deb6u11_amd64.deb
  libc6-dev-i386_2.11.3-4+deb6u11_amd64.deb
  nscd_2.11.3-4+deb6u11_amd64.deb
  libc6-dbg_2.11.3-4+deb6u11_amd64.deb
  libc6-udeb_2.11.3-4+deb6u11_amd64.udeb
  libnss-dns-udeb_2.11.3-4+deb6u11_amd64.udeb
  libnss-files-udeb_2.11.3-4+deb6u11_amd64.udeb
  libc6_2.11.3-4+deb6u11_i386.deb
  libc6-dev_2.11.3-4+deb6u11_i386.deb
  libc6-prof_2.11.3-4+deb6u11_i386.deb
  libc6-pic_2.11.3-4+deb6u11_i386.deb
  libc-bin_2.11.3-4+deb6u11_i386.deb
  libc-dev-bin_2.11.3-4+deb6u11_i386.deb
  locales-all_2.11.3-4+deb6u11_i386.deb
  libc6-i686_2.11.3-4+deb6u11_i386.deb
  libc6-xen_2.11.3-4+deb6u11_i386.deb
  libc6-amd64_2.11.3-4+deb6u11_i386.deb
  libc6-dev-amd64_2.11.3-4+deb6u11_i386.deb
  nscd_2.11.3-4+deb6u11_i386.deb
  libc6-dbg_2.11.3-4+deb6u11_i386.deb
  libc6-udeb_2.11.3-4+deb6u11_i386.udeb
  libnss-dns-udeb_2.11.3-4+deb6u11_i386.udeb
  libnss-files-udeb_2.11.3-4+deb6u11_i386.udeb

Greetings,

Your Debian queue daemon (running on host franck.debian.org)

[glibc] annotated tag debian/2.22-0experimental2 created (now 1906827)

2016-02-16 Thread Aurelien Jarno

This is an automated email from the git hooks/post-receive script.

aurel32 pushed a change to annotated tag debian/2.22-0experimental2
in repository glibc.

at  1906827   (tag)
   tagging  6037464a6a350e527a99bbff74ed838251385c24 (commit)
  replaces  debian/2.19-19
 tagged by  Aurelien Jarno
on  Mon Feb 15 21:49:09 2016 +0100

- Log -
tagging package glibc version debian/2.22-0experimental2
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAABCgAGBQJWwjnFAAoJELqceAYd3YybaG0QAInn8ioLTbgWW0iHH0e/G8Te
Y90MRLgW6doaxb9Evop9wibsZ8jZLCzG70nyA3rCdfRAOZQYZ9Wlgd0dJVMEiyJ0
U+xZwp45VlAeQAmWdL2qBwLfYg1okiiO3ilN6AteFAB66OLtbwjBqAXlwX3o1Kfp
6Ov94d3dA+68neWALNiMoD3vutXsEvdIMNBjd1x9zuOD8AOQj5lOqxzCwt3Lczei
h/0mpIaG4bD2FTDDmLCw/MrA2/dfoXKrGfZMXTxKD1iRqPfymfboz/lJUDXUdS8S
2M/lmFPak6fSyy3q8+SJ5vYnL9Oxr+LKsBu6QoYspco1II7W4E0KNTrCCY8u3QlA
YYuswlgh10cbkjVMjiQ2qwJm3e3PdwEt3/nv3KChpjveifEiY3nfBUB17axCfDzW
l4OMFIHf64eGDpbop25aT8EE+9KPif4dQ7FDC7HiReyzLZXX6tt4Umqe01oIfHba
YRTtRSlGZxUuarpont8EYQu5upLWSdGodTMHEiK31aVA516DJ2CY7JAzNKbEhCo1
nAHQ4BUiZiBy+ac1mwoyG9kbraHXpHLQ+s/suRIBOXHoFdR4jWYq0EmP8DxYEuvH
Ut9Gfb+Cjk4OyGbnGf1/CvpiAE6eBbE6yDg53r26iHZzpggAFOpprZ2tVNNLiX8g
3l07kt3EU+OjjN9OpiU2
=c5Kf
-END PGP SIGNATURE-

Adam Conrad (11):
  debian/patches/arm/local-arm-futex.diff: Lie about the minimum kernel
  * New upstream release: version 2.22, with git updates up to 2015-09-17:
  Fix mismatched brackets in mips/submitted-rld_map.diff
  debian/patches/any/local-tester-gcc-4.9.diff: Dropped.
  Trim trailing whitespace from debian/changelog
  arch-restrict libc6-loongson2f conflict to mipsel
  debian/libc6*.symbols: Add libmvec.so.1 to the amd64/x32 symbols files.
  debian/*: Conditionally add libmvec to libc-udeb only on amd64 and x32.
  Merge from 2.21 branch
  debian/patches/any/cvs-gawk-gensub.diff: Fix scary output from newer gawk.
  debian/debhelper.in/libc-bin.postinst: Call ldconfig during configure as 
well, or major version upgrades will leave us without due to dep ordering.

Aurelien Jarno (141):
  debian/patches/localedata/locale-C.diff: fix d_fmt time format (Closes:
  Fix multilib enabled stage1 cross builds (closes: #766877).
  Create source tarball in a deterministic manner: adjust file modification
  Merge changelog entries
  * Update from upstream stable branch:
  unfuzz hurd-i386/tg-sysheaders.diff
  sysdeps/linux.mk: don't build pt_chown (CVE-2013-2207). Closes: #717544.
  Move translation to a new libc-l10n package from the locales packages.
  control.in/main: Bump Standards-Version to 3.9.6 (no changes).
  Upload to experimental
  New changelog entry
  debian/locales-depver is gone since r6371
  debian/wrapper is gone in r3326
  debian/bug is gone in r4765
  Fix a typo
  rules.d/debhelper.mk: replace GLIBC_VERSION before LIBC.  Closes:
  Fix some issues with stage 1.  Closes: #797831.
  Drop loongson-2f flavour on mipsel as this machine is not supported
  kfreebsd/local-sysdeps.diff: update to revision 5772 (from glibc-bsd).
  testsuite-checking/expected-results-mips*: allow the new tst-audit9
  testsuite-checking/expected-results-mips(el)-linux-gnu-libc: allow
  testsuite-checking/expected-results-mips*: sort the files. Remove
  Fix a spelling error reported by lintian
  debhelper.in/locales-all.prerm: do not specify a path to check for
  libc6.1.symbols.alpha: remove invoke_dynamic_linker from libpcprofile.so.
  sysdeps/kfreebsd.mk: find kfreebsd-kernel-headers in multiarch path.
  Remove debver2localesdep.pl, it is unused since 2.19-16.
  Use $(GLIBC_VERSION) for shlib, instead of defining the version in a
  Remove completely outdated TODO file
  Remove completely outdated README file
  We use a 3.0 (quilt) format, we don't need to explain anymore how to 
apply patches
  Also remove README, README.source and TODO from glibc-source.filelist
  Add a changelog entry for previous commits
  rules.d/debhelper.mk: use the default compression format for libc6,
  Bump debhelper compatiblity to level 9. This brings compressed debug
  Properly remove libc6-loongson2f
  control.in/*: remove pre-squeeze conflicts.
  Fix more typos found by lintian in changelog
  Replace a few sed and perl calls into a single sed call
  debhelper.mk: include files before doing any value replacement
  debhelper.mk: Drop EXIT_CHECK, it's unused
  debian/rules: keep shlib_dep_ver, it's used in sysdeps.d/*mk
  Don't generate symbols for iconv libraries
  Stop handling conflict between armel and armhf in libc6-dbg
  libc-bin, libc-dev-bin: Recommends the manpages package and add lintian
  Allow a few tests to fail on mipsel due to kernel bug on the buildds
  sysdeps/s390x.mk: --enable-lock-elision.

[glibc] branch glibc-2.22 updated (8885bf8 -> 6037464)

2016-02-16 Thread Aurelien Jarno

This is an automated email from the git hooks/post-receive script.

aurel32 pushed a change to branch glibc-2.22
in repository glibc.

  from  8885bf8   Also remove hppa/cvs-start.diff and 
hppa/cvs-inline-syscall.diff from patches/series
   new  bdcbf35   patches/any/local-CVE-2015-7547.diff
   new  6037464   releasing package glibc version 2.22-0experimental2

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Summary of changes:
 debian/changelog|   4 +-
 debian/patches/any/local-CVE-2015-7547.diff | 554 
 debian/patches/series   |   1 +
 3 files changed, 557 insertions(+), 2 deletions(-)
 create mode 100644 debian/patches/any/local-CVE-2015-7547.diff

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/pkg-glibc/glibc.git

[glibc] 01/01: New changelog entry

2016-02-16 Thread Aurelien Jarno

This is an automated email from the git hooks/post-receive script.

aurel32 pushed a commit to branch glibc-2.22
in repository glibc.

commit a6da62221c575be8bf59bde32be4dc3e2062baef
Author: Aurelien Jarno 
Date:   Tue Feb 16 15:21:12 2016 +0100

New changelog entry
---
 debian/changelog | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 5d734aa..7980be4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+glibc (2.22-0experimental3) UNRELEASED; urgency=medium
+
+  * 
+
+ -- Aurelien Jarno   Tue, 16 Feb 2016 15:20:32 +0100
+
 glibc (2.22-0experimental2) experimental; urgency=medium
 
   [ Aurelien Jarno ]

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/pkg-glibc/glibc.git

[glibc] branch sid updated (6a0c9c0 -> a96b646)

2016-02-16 Thread Aurelien Jarno

This is an automated email from the git hooks/post-receive script.

aurel32 pushed a change to branch sid
in repository glibc.

  from  6a0c9c0   Update from upstream stable branch
   new  a398029   fix glibc getaddrinfo stack-based buffer overflow 
(CVE-2015-7547)
   new  a96b646   releasing package glibc version 2.21-8

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Summary of changes:
 debian/changelog|   6 +-
 debian/patches/any/local-CVE-2015-7547.diff | 554 
 debian/patches/series   |   1 +
 3 files changed, 559 insertions(+), 2 deletions(-)
 create mode 100644 debian/patches/any/local-CVE-2015-7547.diff

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/pkg-glibc/glibc.git

[glibc] annotated tag debian/2.21-8 created (now 6ea1b9f)

2016-02-16 Thread Aurelien Jarno

This is an automated email from the git hooks/post-receive script.

aurel32 pushed a change to annotated tag debian/2.21-8
in repository glibc.

at  6ea1b9f   (tag)
   tagging  a96b64673e3e0cd4879e1a234d8423c79937ad30 (commit)
  replaces  debian/2.21-7
 tagged by  Aurelien Jarno
on  Mon Feb 15 21:38:31 2016 +0100

- Log -
tagging package glibc version debian/2.21-8
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAABCgAGBQJWwjdHAAoJELqceAYd3YybpnoP+QGUS7gGxksR8ZRT6Y/tshlE
sqDkQcNJ3ksafg9LybAAl6jeqwVSnf2sxpYHCQsOQHAiGORk2EZvenufMvfBfPIp
udw9DZ4CAraUXGo6A3KXNFcHeiMB3PTbn/mOm7FuDXXL2Bh1zaKINynnLgAjcd34
+VOXGgvKf47E/skU4OOFsdN58z6lCPbMu7GPF4/ssD+ydme/Qyt6zhwEQ2qOUrd2
G3vHZYy0ru+3QPjWHn91A7aNZZJMiduez2bjDMdNldkum9UdYXRTSUaZM/7uQ5/F
+JyxwFr/EbduQih6iQ3T4S9nqharjTLDUILigMHEMEbCdRqmFOSB6EtJy7Mvkycq
M6+D9b9aQ7dqdjKdehSQJPQ6ZRmIiB0Q6UydFt1zgYiUwMKizklMwIRMZP5tyRhH
MLjxJA4b4V82acLwec3kNcbXKQARygL4c+waOlmhv9FpIZvNgWUp44GQCA5F9BpN
RYjskK61dpcB1WUk3gvZJuMA9ozHQG7s9gH9ia5BRMSyuV+WDVN53UbdjojQcHT0
YMbewW/GYXOIgyqDffNwUOn46bFVjToIYt0aNYZrGf2eVreOQUVMMZOm9Vbho2bU
KR608RInM5jsnIIER9L7Aj97Y8uoRHkfawgM/nAl5RDZPm6hPnRKPs9e/tfOUJfK
QbF6izaE84DzARsUDORP
=O5HX
-END PGP SIGNATURE-

Aurelien Jarno (5):
  New changelog entry
  Add a bug numbers for security bugs closed in -7
  Update from upstream stable branch
  fix glibc getaddrinfo stack-based buffer overflow (CVE-2015-7547)
  releasing package glibc version 2.21-8

Samuel Thibault (1):
  Note that -7 fixed the bug (closed separately)

---

This annotated tag includes the following new commits:

   new  a398029   fix glibc getaddrinfo stack-based buffer overflow 
(CVE-2015-7547)
   new  a96b646   releasing package glibc version 2.21-8

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/pkg-glibc/glibc.git

[glibc] annotated tag debian/2.13-38+deb7u10 created (now 90aff46)

2016-02-16 Thread Aurelien Jarno

This is an automated email from the git hooks/post-receive script.

aurel32 pushed a change to annotated tag debian/2.13-38+deb7u10
in repository glibc.

at  90aff46   (tag)
   tagging  2226fbe3b8280b3474c04601ce0cc69020f26bb7 (commit)
  replaces  debian/2.13-38+deb7u9
 tagged by  Aurelien Jarno
on  Thu Feb 11 23:12:35 2016 +0100

- Log -
tagging package eglibc version debian/2.13-38+deb7u10
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAABCgAGBQJWvQdTAAoJELqceAYd3YybC68P/i8QUTKPM1qUt+sxmN0vZ11D
oPbo22OHnIveVL+wW6DsnNRRJ5epj7NTEKAY2GP2AkPsobLgWRp50q0l/N8GH2ni
diuObHafUcw6yEUxBWUpINuoLp8OoDITS3vbUijm/3jaNjI/aPcMiu2rhMPSnZjb
dmY7+rdEyB/u7rqzGfz3wTVZO0ocZPIhhKDWa38QSYHJ4Nv6HK+EfhFRq4C70AR5
ji5I/9/jMmuPFyOP4bR+HvhcsCVFZpIgALbFDzF6/fnO8uWYFLO1YWPFjLdy45Dj
dZrg61JAx0UL0oqEB9aZMYKr4e1rXGPkVSo2qEpOMrKLvmfZsM3u2Bg1XGDlXHqK
MhlkC1Ka8JPm1nS8XgRXAR1ymbVvBZ6idGEE2LNOz5qnUTJfeButRjYgXVoj+pf1
RqGS++dPNYDdKVdgZq2KZiFnFRpOF3+DAaw3OotMvWbobGvA06RdnU+De94ll1gB
HkFWZ6R9HeIpez/D8qtUR9ULn5W6iYkHnUP5EKb6CVFWtiZlFclyeMEio6zsJLqm
yW7OH985ndM1Z57FC0qhLGmOiSlkegIlNdw2tpCdCLRWP4QskrCygLX2bHzd6XeA
aFhHL/KJEKvVJO/c6zgMJQ4REioUGtw7oYJfFzMg2ZXMP214/1ANMq1wU9UiFa2z
PetQwxen6Frmri8zv+Hc
=GEZP
-END PGP SIGNATURE-

Aurelien Jarno (6):
  patches/any/cvs-strftime.diff: new patch from upstream to fix 
segmentation fault caused by passing out-of-range data to strftime() 
(CVE-2015-8776).  Closes: #812445.
  patches/any/cvs-hcreate.diff: new patch from upstream to fix an integer 
overflow in hcreate() and hcreate_r() (CVE-2015-8778). Closes: #812441.
  patches/any/cvs-catopen.diff: new patch from upstream to fix multiple 
unbounded stack allocations in catopen() (CVE-2015-8779).  Closes: #812455.
  patches/any/cvs-gethostbyname4-memory-leak.diff: new patch from upstream 
to fix a memory leak in _nss_dns_gethostbyname4_r with big DNS answers.
  fix glibc getaddrinfo stack-based buffer overflow (CVE-2015-7547)
  releasing package eglibc version 2.13-38+deb7u10

---

This annotated tag includes the following new commits:

   new  61200ac   patches/any/cvs-gethostbyname4-memory-leak.diff: new 
patch from upstream to fix a memory leak in _nss_dns_gethostbyname4_r with big 
DNS answers.
   new  3532bb9   fix glibc getaddrinfo stack-based buffer overflow 
(CVE-2015-7547)
   new  2226fbe   releasing package eglibc version 2.13-38+deb7u10

The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/pkg-glibc/glibc.git

[glibc] branch jessie updated (aee812b -> a795297)

2016-02-16 Thread Aurelien Jarno

This is an automated email from the git hooks/post-receive script.

aurel32 pushed a change to branch jessie
in repository glibc.

  from  aee812b   Update from upstream stable branch
   new  7567794   fix glibc getaddrinfo stack-based buffer overflow 
(CVE-2015-7547)
   new  a795297   releasing package glibc version 2.19-18+deb8u3

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Summary of changes:
 debian/changelog|   6 +-
 debian/patches/any/local-CVE-2015-7547.diff | 541 
 debian/patches/series   |   1 +
 3 files changed, 546 insertions(+), 2 deletions(-)
 create mode 100644 debian/patches/any/local-CVE-2015-7547.diff

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/pkg-glibc/glibc.git

[glibc] annotated tag debian/2.19-18+deb8u3 created (now d37af34)

2016-02-16 Thread Aurelien Jarno

This is an automated email from the git hooks/post-receive script.

aurel32 pushed a change to annotated tag debian/2.19-18+deb8u3
in repository glibc.

at  d37af34   (tag)
   tagging  a795297e88f10e8f822002ffccfcb49d6e2ed986 (commit)
  replaces  debian/2.19-18+deb8u2
 tagged by  Aurelien Jarno
on  Thu Feb 11 23:31:39 2016 +0100

- Log -
tagging package glibc version debian/2.19-18+deb8u3
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAABCgAGBQJWvQvLAAoJELqceAYd3YyblmEQAJ51SkS/zMea0miMr8d1yOru
8lZ+B1WHZZ6+AkRWoNfPIT42gHX7vr9BNKxDcIrwYIFDc3y3Yh/tjF8Vou2REt5J
7sSD2yMPgHahwRb1vVayLEk1aPgC5ddF2mhCWuVhmyD9E3GmV5YfUFUDocHDqyBJ
pbnPM7zTuEpxtefkVSzfO2QiUbyCJAxRKvJfuLFB5G1TrV7sgo+N37I1A+0ZlK6z
xDHpZ4KT/aUM8RdSTo/Ur6FWphz7b22whJG0X8QNKQKjYcCKmRUzXiYL2QR10h3B
OQohDsH5Owr9C7Ihnj8T+QdpVDwWloKr6cGrDnSv+2ciuKurqOkSSM0fEhwyjGT3
p2MLmxWjLZnmUx3O3ijeNUMcyr0tmq9yidoENYXgUmI38tmIfMiwkZlVVsJF5BhR
Yg5AxkFOqeye/O9HJ9vekirS4r1GkGVn/7SXCfmH4eedMJTso1hNyKFNeZiTI32n
sbTvwL+YFabjYY0Hj4OlWbBcVfB/IJmm1KBn7BoH/pUlUbBkt/TcEBNN7AU7viAn
kaJNLFyoVve9JM1+H2ui5GTFZlPV0BH/1voyc5C7vtXi/ZYu9CweAvUrti77ULXd
anP4kY92V+7cY9njXGXukNJ1KQU4fn+j3YF6d2G4VZE0W3/mzmzsxld3A4E+WS4L
Ly/Bz+wqFAQUgIjr7Z/g
=Vog8
-END PGP SIGNATURE-

Aurelien Jarno (4):
  Update from upstream stable branch
  Update from upstream stable branch
  fix glibc getaddrinfo stack-based buffer overflow (CVE-2015-7547)
  releasing package glibc version 2.19-18+deb8u3

---

This annotated tag includes the following new commits:

   new  7567794   fix glibc getaddrinfo stack-based buffer overflow 
(CVE-2015-7547)
   new  a795297   releasing package glibc version 2.19-18+deb8u3

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/pkg-glibc/glibc.git

[glibc] branch wheezy updated (1dc30ec -> 2226fbe)

2016-02-16 Thread Aurelien Jarno

This is an automated email from the git hooks/post-receive script.

aurel32 pushed a change to branch wheezy
in repository glibc.

  from  1dc30ec   patches/any/cvs-catopen.diff: new patch from upstream to 
fix multiple unbounded stack allocations in catopen() (CVE-2015-8779).  Closes: 
#812455.
   new  61200ac   patches/any/cvs-gethostbyname4-memory-leak.diff: new 
patch from upstream to fix a memory leak in _nss_dns_gethostbyname4_r with big 
DNS answers.
   new  3532bb9   fix glibc getaddrinfo stack-based buffer overflow 
(CVE-2015-7547)
   new  2226fbe   releasing package eglibc version 2.13-38+deb7u10

The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Summary of changes:
 debian/changelog   |   9 +-
 .../any/cvs-gethostbyname4-memory-leak.diff| 447 +
 debian/patches/any/local-CVE-2015-7547.diff| 538 +
 debian/patches/series  |   2 +
 4 files changed, 994 insertions(+), 2 deletions(-)
 create mode 100644 debian/patches/any/cvs-gethostbyname4-memory-leak.diff
 create mode 100644 debian/patches/any/local-CVE-2015-7547.diff

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/pkg-glibc/glibc.git

[glibc] 01/01: New changelog entry

2016-02-16 Thread Aurelien Jarno

This is an automated email from the git hooks/post-receive script.

aurel32 pushed a commit to branch sid
in repository glibc.

commit 28419c6bb8e2fb5ee90f7e89c70dbcab2e420ca6
Author: Aurelien Jarno 
Date:   Tue Feb 16 15:20:16 2016 +0100

New changelog entry
---
 debian/changelog | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 374deb8..0904afe 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+glibc (2.21-9) UNRELEASED; urgency=medium
+
+  * 
+
+ -- Aurelien Jarno   Tue, 16 Feb 2016 15:20:12 +0100
+
 glibc (2.21-8) unstable; urgency=critical
 
   * Update from upstream stable branch:

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/pkg-glibc/glibc.git

Processing of glibc_2.22-0experimental2_source.changes

2016-02-16 Thread Debian FTP Masters

glibc_2.22-0experimental2_source.changes uploaded successfully to localhost
along with the files:
  glibc_2.22-0experimental2.dsc
  glibc_2.22-0experimental2.debian.tar.xz

Greetings,

Your Debian queue daemon (running on host franck.debian.org)

Processing of glibc_2.21-8_source.changes

2016-02-16 Thread Debian FTP Masters

glibc_2.21-8_source.changes uploaded successfully to localhost
along with the files:
  glibc_2.21-8.dsc
  glibc_2.21-8.debian.tar.xz

Greetings,

Your Debian queue daemon (running on host franck.debian.org)

[glibc] 02/02: releasing package glibc version 2.21-8

2016-02-16 Thread Aurelien Jarno

This is an automated email from the git hooks/post-receive script.

aurel32 pushed a commit to branch sid
in repository glibc.

commit a96b64673e3e0cd4879e1a234d8423c79937ad30
Author: Aurelien Jarno 
Date:   Mon Feb 15 21:38:31 2016 +0100

releasing package glibc version 2.21-8
---
 debian/changelog | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 68c5032..374deb8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-glibc (2.21-8) UNRELEASED; urgency=critical
+glibc (2.21-8) unstable; urgency=critical
 
   * Update from upstream stable branch:
 - Fix an integer overflow in hcreate() and hcreate_r() (CVE-2015-8778).
@@ -6,7 +6,7 @@ glibc (2.21-8) UNRELEASED; urgency=critical
   * patches/any/local-CVE-2015-7547.diff: new patch to fix glibc getaddrinfo
 stack-based buffer overflow (CVE-2015-7547).
 
- -- Aurelien Jarno   Sun, 24 Jan 2016 00:32:22 +0100
+ -- Aurelien Jarno   Mon, 15 Feb 2016 21:38:15 +0100
 
 glibc (2.21-7) unstable; urgency=medium
 

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/pkg-glibc/glibc.git

[glibc] 01/02: fix glibc getaddrinfo stack-based buffer overflow (CVE-2015-7547)

2016-02-16 Thread Aurelien Jarno

This is an automated email from the git hooks/post-receive script.

aurel32 pushed a commit to branch sid
in repository glibc.

commit a3980295cd61c169f684c03e1dc7ec27f9b11f80
Author: Aurelien Jarno 
Date:   Sun Jan 31 17:09:30 2016 +0100

fix glibc getaddrinfo stack-based buffer overflow (CVE-2015-7547)
---
 debian/changelog|   4 +-
 debian/patches/any/local-CVE-2015-7547.diff | 554 
 debian/patches/series   |   1 +
 3 files changed, 558 insertions(+), 1 deletion(-)

diff --git a/debian/changelog b/debian/changelog
index 5ca2880..68c5032 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,8 +1,10 @@
-glibc (2.21-8) UNRELEASED; urgency=medium
+glibc (2.21-8) UNRELEASED; urgency=critical
 
   * Update from upstream stable branch:
 - Fix an integer overflow in hcreate() and hcreate_r() (CVE-2015-8778).
   Closes: #812441.
+  * patches/any/local-CVE-2015-7547.diff: new patch to fix glibc getaddrinfo
+stack-based buffer overflow (CVE-2015-7547).
 
  -- Aurelien Jarno   Sun, 24 Jan 2016 00:32:22 +0100
 
diff --git a/debian/patches/any/local-CVE-2015-7547.diff 
b/debian/patches/any/local-CVE-2015-7547.diff
new file mode 100644
index 000..8038a57
--- /dev/null
+++ b/debian/patches/any/local-CVE-2015-7547.diff
@@ -0,0 +1,554 @@
+diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c
+index f715ab0..1921b39 100644
+--- a/resolv/nss_dns/dns-host.c
 b/resolv/nss_dns/dns-host.c
+@@ -1031,7 +1031,10 @@ gaih_getanswer_slice (const querybuf *answer, int 
anslen, const char *qname,
+   int h_namelen = 0;
+ 
+   if (ancount == 0)
+-return NSS_STATUS_NOTFOUND;
++{
++  *h_errnop = HOST_NOT_FOUND;
++  return NSS_STATUS_NOTFOUND;
++}
+ 
+   while (ancount-- > 0 && cp < end_of_message && had_error == 0)
+ {
+@@ -1208,7 +1211,14 @@ gaih_getanswer_slice (const querybuf *answer, int 
anslen, const char *qname,
+   /* Special case here: if the resolver sent a result but it only
+  contains a CNAME while we are looking for a T_A or T_ record,
+  we fail with NOTFOUND instead of TRYAGAIN.  */
+-  return canon == NULL ? NSS_STATUS_TRYAGAIN : NSS_STATUS_NOTFOUND;
++  if (canon != NULL)
++{
++  *h_errnop = HOST_NOT_FOUND;
++  return NSS_STATUS_NOTFOUND;
++}
++
++  *h_errnop = NETDB_INTERNAL;
++  return NSS_STATUS_TRYAGAIN;
+ }
+ 
+ 
+@@ -1222,11 +1232,101 @@ gaih_getanswer (const querybuf *answer1, int anslen1, 
const querybuf *answer2,
+ 
+   enum nss_status status = NSS_STATUS_NOTFOUND;
+ 
++  /* Combining the NSS status of two distinct queries requires some
++ compromise and attention to symmetry (A or  queries can be
++ returned in any order).  What follows is a breakdown of how this
++ code is expected to work and why. We discuss only SUCCESS,
++ TRYAGAIN, NOTFOUND and UNAVAIL, since they are the only returns
++ that apply (though RETURN and MERGE exist).  We make a distinction
++ between TRYAGAIN (recoverable) and TRYAGAIN' (not-recoverable).
++ A recoverable TRYAGAIN is almost always due to buffer size issues
++ and returns ERANGE in errno and the caller is expected to retry
++ with a larger buffer.
++
++ Lastly, you may be tempted to make significant changes to the
++ conditions in this code to bring about symmetry between responses.
++ Please don't change anything without due consideration for
++ expected application behaviour.  Some of the synthesized responses
++ aren't very well thought out and sometimes appear to imply that
++ IPv4 responses are always answer 1, and IPv6 responses are always
++ answer 2, but that's not true (see the implemetnation of send_dg
++ and send_vc to see response can arrive in any order, particlarly
++ for UDP). However, we expect it holds roughly enough of the time
++ that this code works, but certainly needs to be fixed to make this
++ a more robust implementation.
++
++ --
++ | Answer 1 Status /   | Synthesized | Reason |
++ | Answer 2 Status | Status  ||
++ ||
++ | SUCCESS/SUCCESS | SUCCESS | [1]|
++ | SUCCESS/TRYAGAIN| TRYAGAIN| [5]|
++ | SUCCESS/TRYAGAIN'   | SUCCESS | [1]|
++ | SUCCESS/NOTFOUND| SUCCESS | [1]|
++ | SUCCESS/UNAVAIL | SUCCESS | [1]|
++ | TRYAGAIN/SUCCESS| TRYAGAIN| [2]|
++ | TRYAGAIN/TRYAGAIN   | TRYAGAIN| [2]|
++ | TRYAGAIN/TRYAGAIN'  | TRYAGAIN| [2]|
++ | TRYAGAIN/NOTFOUND   | TRYAGAIN| [2]|
++ | TRYAGAIN/UNAVAIL| TRYAGAIN| [2]|
++ | TRYAGAIN'/SUCCESS   | SUCCESS | [3]|
++ | TRYAGAIN'/TRYAGAIN  | TRYAGAIN| [3]|
++ | TRYAGAIN'/TRYAGAIN' | TRYAGAIN'   | [3]|
++ | TRYAGAIN'/NOTFOUND  |

[glibc] 01/02: patches/any/local-CVE-2015-7547.diff

2016-02-16 Thread Aurelien Jarno

This is an automated email from the git hooks/post-receive script.

aurel32 pushed a commit to branch glibc-2.22
in repository glibc.

commit bdcbf352ebee7cfb38b2bcafcb77fe9650d927e0
Author: Aurelien Jarno 
Date:   Sun Jan 31 17:47:28 2016 +0100

patches/any/local-CVE-2015-7547.diff
---
 debian/patches/any/local-CVE-2015-7547.diff | 554 
 debian/patches/series   |   1 +
 2 files changed, 555 insertions(+)

diff --git a/debian/patches/any/local-CVE-2015-7547.diff 
b/debian/patches/any/local-CVE-2015-7547.diff
new file mode 100644
index 000..7d28bb0
--- /dev/null
+++ b/debian/patches/any/local-CVE-2015-7547.diff
@@ -0,0 +1,554 @@
+diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c
+index 357ac04..9659296 100644
+--- a/resolv/nss_dns/dns-host.c
 b/resolv/nss_dns/dns-host.c
+@@ -1031,7 +1031,10 @@ gaih_getanswer_slice (const querybuf *answer, int 
anslen, const char *qname,
+   int h_namelen = 0;
+ 
+   if (ancount == 0)
+-return NSS_STATUS_NOTFOUND;
++{
++  *h_errnop = HOST_NOT_FOUND;
++  return NSS_STATUS_NOTFOUND;
++}
+ 
+   while (ancount-- > 0 && cp < end_of_message && had_error == 0)
+ {
+@@ -1208,7 +1211,14 @@ gaih_getanswer_slice (const querybuf *answer, int 
anslen, const char *qname,
+   /* Special case here: if the resolver sent a result but it only
+  contains a CNAME while we are looking for a T_A or T_ record,
+  we fail with NOTFOUND instead of TRYAGAIN.  */
+-  return canon == NULL ? NSS_STATUS_TRYAGAIN : NSS_STATUS_NOTFOUND;
++  if (canon != NULL)
++{
++  *h_errnop = HOST_NOT_FOUND;
++  return NSS_STATUS_NOTFOUND;
++}
++
++  *h_errnop = NETDB_INTERNAL;
++  return NSS_STATUS_TRYAGAIN;
+ }
+ 
+ 
+@@ -1222,11 +1232,101 @@ gaih_getanswer (const querybuf *answer1, int anslen1, 
const querybuf *answer2,
+ 
+   enum nss_status status = NSS_STATUS_NOTFOUND;
+ 
++  /* Combining the NSS status of two distinct queries requires some
++ compromise and attention to symmetry (A or  queries can be
++ returned in any order).  What follows is a breakdown of how this
++ code is expected to work and why. We discuss only SUCCESS,
++ TRYAGAIN, NOTFOUND and UNAVAIL, since they are the only returns
++ that apply (though RETURN and MERGE exist).  We make a distinction
++ between TRYAGAIN (recoverable) and TRYAGAIN' (not-recoverable).
++ A recoverable TRYAGAIN is almost always due to buffer size issues
++ and returns ERANGE in errno and the caller is expected to retry
++ with a larger buffer.
++
++ Lastly, you may be tempted to make significant changes to the
++ conditions in this code to bring about symmetry between responses.
++ Please don't change anything without due consideration for
++ expected application behaviour.  Some of the synthesized responses
++ aren't very well thought out and sometimes appear to imply that
++ IPv4 responses are always answer 1, and IPv6 responses are always
++ answer 2, but that's not true (see the implemetnation of send_dg
++ and send_vc to see response can arrive in any order, particlarly
++ for UDP). However, we expect it holds roughly enough of the time
++ that this code works, but certainly needs to be fixed to make this
++ a more robust implementation.
++
++ --
++ | Answer 1 Status /   | Synthesized | Reason |
++ | Answer 2 Status | Status  ||
++ ||
++ | SUCCESS/SUCCESS | SUCCESS | [1]|
++ | SUCCESS/TRYAGAIN| TRYAGAIN| [5]|
++ | SUCCESS/TRYAGAIN'   | SUCCESS | [1]|
++ | SUCCESS/NOTFOUND| SUCCESS | [1]|
++ | SUCCESS/UNAVAIL | SUCCESS | [1]|
++ | TRYAGAIN/SUCCESS| TRYAGAIN| [2]|
++ | TRYAGAIN/TRYAGAIN   | TRYAGAIN| [2]|
++ | TRYAGAIN/TRYAGAIN'  | TRYAGAIN| [2]|
++ | TRYAGAIN/NOTFOUND   | TRYAGAIN| [2]|
++ | TRYAGAIN/UNAVAIL| TRYAGAIN| [2]|
++ | TRYAGAIN'/SUCCESS   | SUCCESS | [3]|
++ | TRYAGAIN'/TRYAGAIN  | TRYAGAIN| [3]|
++ | TRYAGAIN'/TRYAGAIN' | TRYAGAIN'   | [3]|
++ | TRYAGAIN'/NOTFOUND  | TRYAGAIN'   | [3]|
++ | TRYAGAIN'/UNAVAIL   | UNAVAIL | [3]|
++ | NOTFOUND/SUCCESS| SUCCESS | [3]|
++ | NOTFOUND/TRYAGAIN   | TRYAGAIN| [3]|
++ | NOTFOUND/TRYAGAIN'  | TRYAGAIN'   | [3]|
++ | NOTFOUND/NOTFOUND   | NOTFOUND| [3]|
++ | NOTFOUND/UNAVAIL| UNAVAIL | [3]|
++ | UNAVAIL/SUCCESS | UNAVAIL | [4]|
++ | UNAVAIL/TRYAGAIN| UNAVAIL | [4]|
++ | UNAVAIL/TRYAGAIN'   | UNAVAIL | [4]|
++ | UNAVAIL/NOTFOUND| UNAVAIL | [4]|
++ | UNAVAIL/UNAVAIL | UNAVAIL | [4]|
++ --
++
++

[glibc] 01/02: fix glibc getaddrinfo stack-based buffer overflow (CVE-2015-7547)

2016-02-16 Thread Aurelien Jarno

This is an automated email from the git hooks/post-receive script.

aurel32 pushed a commit to branch jessie
in repository glibc.

commit 756779470550852fc12859d56af8c1fc389b81bf
Author: Aurelien Jarno 
Date:   Sun Jan 31 16:35:57 2016 +0100

fix glibc getaddrinfo stack-based buffer overflow (CVE-2015-7547)
---
 debian/changelog|   2 +
 debian/patches/any/local-CVE-2015-7547.diff | 541 
 debian/patches/series   |   1 +
 3 files changed, 544 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 07a33a8..c10a656 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -8,6 +8,8 @@ glibc (2.19-18+deb8u3) UNRELEASED; urgency=medium
   Closes: #812441.
 - Fix multiple unbounded stack allocations in catopen() (CVE-2015-8779).
   Closes: #812455.
+  * patches/any/local-CVE-2015-7547.diff: new patch to fix glibc getaddrinfo
+stack-based buffer overflow (CVE-2015-7547).
 
  -- Aurelien Jarno   Wed, 27 Jan 2016 18:46:44 +0100
 
diff --git a/debian/patches/any/local-CVE-2015-7547.diff 
b/debian/patches/any/local-CVE-2015-7547.diff
new file mode 100644
index 000..0a93cd5
--- /dev/null
+++ b/debian/patches/any/local-CVE-2015-7547.diff
@@ -0,0 +1,541 @@
+--- a/resolv/nss_dns/dns-host.c
 b/resolv/nss_dns/dns-host.c
+@@ -1052,7 +1052,10 @@
+   int h_namelen = 0;
+ 
+   if (ancount == 0)
+-return NSS_STATUS_NOTFOUND;
++{
++  *h_errnop = HOST_NOT_FOUND;
++  return NSS_STATUS_NOTFOUND;
++}
+ 
+   while (ancount-- > 0 && cp < end_of_message && had_error == 0)
+ {
+@@ -1229,7 +1232,14 @@
+   /* Special case here: if the resolver sent a result but it only
+  contains a CNAME while we are looking for a T_A or T_ record,
+  we fail with NOTFOUND instead of TRYAGAIN.  */
+-  return canon == NULL ? NSS_STATUS_TRYAGAIN : NSS_STATUS_NOTFOUND;
++  if (canon != NULL)
++{
++  *h_errnop = HOST_NOT_FOUND;
++  return NSS_STATUS_NOTFOUND;
++}
++
++  *h_errnop = NETDB_INTERNAL;
++  return NSS_STATUS_TRYAGAIN;
+ }
+ 
+ 
+@@ -1243,11 +1253,101 @@
+ 
+   enum nss_status status = NSS_STATUS_NOTFOUND;
+ 
++  /* Combining the NSS status of two distinct queries requires some
++ compromise and attention to symmetry (A or  queries can be
++ returned in any order).  What follows is a breakdown of how this
++ code is expected to work and why. We discuss only SUCCESS,
++ TRYAGAIN, NOTFOUND and UNAVAIL, since they are the only returns
++ that apply (though RETURN and MERGE exist).  We make a distinction
++ between TRYAGAIN (recoverable) and TRYAGAIN' (not-recoverable).
++ A recoverable TRYAGAIN is almost always due to buffer size issues
++ and returns ERANGE in errno and the caller is expected to retry
++ with a larger buffer.
++
++ Lastly, you may be tempted to make significant changes to the
++ conditions in this code to bring about symmetry between responses.
++ Please don't change anything without due consideration for
++ expected application behaviour.  Some of the synthesized responses
++ aren't very well thought out and sometimes appear to imply that
++ IPv4 responses are always answer 1, and IPv6 responses are always
++ answer 2, but that's not true (see the implemetnation of send_dg
++ and send_vc to see response can arrive in any order, particlarly
++ for UDP). However, we expect it holds roughly enough of the time
++ that this code works, but certainly needs to be fixed to make this
++ a more robust implementation.
++
++ --
++ | Answer 1 Status /   | Synthesized | Reason |
++ | Answer 2 Status | Status  ||
++ ||
++ | SUCCESS/SUCCESS | SUCCESS | [1]|
++ | SUCCESS/TRYAGAIN| TRYAGAIN| [5]|
++ | SUCCESS/TRYAGAIN'   | SUCCESS | [1]|
++ | SUCCESS/NOTFOUND| SUCCESS | [1]|
++ | SUCCESS/UNAVAIL | SUCCESS | [1]|
++ | TRYAGAIN/SUCCESS| TRYAGAIN| [2]|
++ | TRYAGAIN/TRYAGAIN   | TRYAGAIN| [2]|
++ | TRYAGAIN/TRYAGAIN'  | TRYAGAIN| [2]|
++ | TRYAGAIN/NOTFOUND   | TRYAGAIN| [2]|
++ | TRYAGAIN/UNAVAIL| TRYAGAIN| [2]|
++ | TRYAGAIN'/SUCCESS   | SUCCESS | [3]|
++ | TRYAGAIN'/TRYAGAIN  | TRYAGAIN| [3]|
++ | TRYAGAIN'/TRYAGAIN' | TRYAGAIN'   | [3]|
++ | TRYAGAIN'/NOTFOUND  | TRYAGAIN'   | [3]|
++ | TRYAGAIN'/UNAVAIL   | UNAVAIL | [3]|
++ | NOTFOUND/SUCCESS| SUCCESS | [3]|
++ | NOTFOUND/TRYAGAIN   | TRYAGAIN| [3]|
++ | NOTFOUND/TRYAGAIN'  | TRYAGAIN'   | [3]|
++ | NOTFOUND/NOTFOUND   | NOTFOUND| [3]|
++ | NOTFOUND/UNAVAIL| UNAVAIL | [3]|
++ | UNAVAIL/SUCCESS | UNAVAIL | [4]|
++ |

[glibc] 03/03: releasing package eglibc version 2.13-38+deb7u10

2016-02-16 Thread Aurelien Jarno

This is an automated email from the git hooks/post-receive script.

aurel32 pushed a commit to branch wheezy
in repository glibc.

commit 2226fbe3b8280b3474c04601ce0cc69020f26bb7
Author: Aurelien Jarno 
Date:   Thu Feb 11 23:12:35 2016 +0100

releasing package eglibc version 2.13-38+deb7u10
---
 debian/changelog | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 64a9688..7eb54e6 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-eglibc (2.13-38+deb7u10) UNRELEASED; urgency=medium
+eglibc (2.13-38+deb7u10) wheezy-security; urgency=medium
 
   [ Aurelien Jarno ]
   * patches/any/cvs-strftime.diff: new patch from upstream to fix
@@ -15,7 +15,7 @@ eglibc (2.13-38+deb7u10) UNRELEASED; urgency=medium
   * patches/any/local-CVE-2015-7547.diff: new patch to fix glibc getaddrinfo
 stack-based buffer overflow (CVE-2015-7547).
 
- -- Aurelien Jarno   Sun, 31 Jan 2016 12:55:29 +0100
+ -- Aurelien Jarno   Thu, 11 Feb 2016 23:11:53 +0100
 
 eglibc (2.13-38+deb7u9) wheezy; urgency=medium
 

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/pkg-glibc/glibc.git

[glibc] 02/02: releasing package glibc version 2.22-0experimental2

2016-02-16 Thread Aurelien Jarno

This is an automated email from the git hooks/post-receive script.

aurel32 pushed a commit to branch glibc-2.22
in repository glibc.

commit 6037464a6a350e527a99bbff74ed838251385c24
Author: Aurelien Jarno 
Date:   Mon Feb 15 21:49:08 2016 +0100

releasing package glibc version 2.22-0experimental2
---
 debian/changelog | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 88ce1ac..5d734aa 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-glibc (2.22-0experimental2) UNRELEASED; urgency=medium
+glibc (2.22-0experimental2) experimental; urgency=medium
 
   [ Aurelien Jarno ]
   * debian/patches/m68k/local-fpic.diff: drop, obsolete.
@@ -75,7 +75,7 @@ glibc (2.22-0experimental2) UNRELEASED; urgency=medium
   * debian/debhelper.in/libc-bin.postinst: Call ldconfig during configure as
 well, or major version upgrades will leave us without due to dep ordering.
 
- -- Aurelien Jarno   Thu, 10 Dec 2015 23:41:13 +0100
+ -- Aurelien Jarno   Mon, 15 Feb 2016 21:48:56 +0100
 
 glibc (2.22-0experimental1) experimental; urgency=medium
 

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/pkg-glibc/glibc.git

[glibc] 02/02: releasing package glibc version 2.19-18+deb8u3

2016-02-16 Thread Aurelien Jarno

This is an automated email from the git hooks/post-receive script.

aurel32 pushed a commit to branch jessie
in repository glibc.

commit a795297e88f10e8f822002ffccfcb49d6e2ed986
Author: Aurelien Jarno 
Date:   Thu Feb 11 23:31:39 2016 +0100

releasing package glibc version 2.19-18+deb8u3
---
 debian/changelog | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index c10a656..19e3a4e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-glibc (2.19-18+deb8u3) UNRELEASED; urgency=medium
+glibc (2.19-18+deb8u3) stable-security; urgency=medium
 
   [ Aurelien Jarno ]
   * Update from upstream stable branch:
@@ -11,7 +11,7 @@ glibc (2.19-18+deb8u3) UNRELEASED; urgency=medium
   * patches/any/local-CVE-2015-7547.diff: new patch to fix glibc getaddrinfo
 stack-based buffer overflow (CVE-2015-7547).
 
- -- Aurelien Jarno   Wed, 27 Jan 2016 18:46:44 +0100
+ -- Aurelien Jarno   Thu, 11 Feb 2016 23:31:28 +0100
 
 glibc (2.19-18+deb8u2) stable; urgency=medium
 

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/pkg-glibc/glibc.git

[glibc] 01/03: patches/any/cvs-gethostbyname4-memory-leak.diff: new patch from upstream to fix a memory leak in _nss_dns_gethostbyname4_r with big DNS answers.

2016-02-16 Thread Aurelien Jarno

This is an automated email from the git hooks/post-receive script.

aurel32 pushed a commit to branch wheezy
in repository glibc.

commit 61200ac9d6700a13ad561676ac20861ed8e82b2f
Author: Aurelien Jarno 
Date:   Mon Feb 1 09:55:01 2016 +0100

patches/any/cvs-gethostbyname4-memory-leak.diff: new patch from upstream to 
fix a memory leak in _nss_dns_gethostbyname4_r with big DNS answers.
---
 debian/changelog   |   3 +
 .../any/cvs-gethostbyname4-memory-leak.diff| 447 +
 debian/patches/series  |   1 +
 3 files changed, 451 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 62a7344..7e23804 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -9,6 +9,9 @@ eglibc (2.13-38+deb7u10) UNRELEASED; urgency=medium
   * patches/any/cvs-catopen.diff: new patch from upstream to fix multiple
 unbounded stack allocations in catopen() (CVE-2015-8779).  Closes:
 #812455.
+  * patches/any/cvs-gethostbyname4-memory-leak.diff: new patch from
+upstream to fix a memory leak in _nss_dns_gethostbyname4_r with big
+DNS answers.
 
  -- Aurelien Jarno   Sun, 31 Jan 2016 12:55:29 +0100
 
diff --git a/debian/patches/any/cvs-gethostbyname4-memory-leak.diff 
b/debian/patches/any/cvs-gethostbyname4-memory-leak.diff
new file mode 100644
index 000..15eb6eb
--- /dev/null
+++ b/debian/patches/any/cvs-gethostbyname4-memory-leak.diff
@@ -0,0 +1,447 @@
+2014-02-18  Andreas Schwab  
+
+   [BZ #16574]
+   * resolv/res_send.c (send_vc): Add parameter ansp2_malloced.
+   Store non-zero if the second buffer was newly allocated.
+   (send_dg): Likewise.
+   (__libc_res_nsend): Add parameter ansp2_malloced and pass it down
+   to send_vc and send_dg.
+   (res_nsend): Pass NULL for ansp2_malloced.
+   * resolv/res_query.c (__libc_res_nquery): Add parameter
+   answerp2_malloced and pass it down to __libc_res_nsend.
+   (res_nquery): Pass additional NULL to __libc_res_nquery.
+   (__libc_res_nsearch): Add parameter answerp2_malloced and pass it
+   down to __libc_res_nquery and __libc_res_nquerydomain.  Deallocate
+   second answer buffer if answerp2_malloced was set.
+   (res_nsearch): Pass additional NULL to __libc_res_nsearch.
+   (__libc_res_nquerydomain): Add parameter
+   answerp2_malloced and pass it down to __libc_res_nquery.
+   (res_nquerydomain): Pass additional NULL to
+   __libc_res_nquerydomain.
+   * resolv/nss_dns/dns-network.c (_nss_dns_getnetbyname_r): Pass
+   additional NULL to __libc_res_nsend and __libc_res_nquery.
+   * resolv/nss_dns/dns-host.c (_nss_dns_gethostbyname3_r): Pass
+   additional NULL to __libc_res_nsearch.
+   (_nss_dns_gethostbyname4_r): Revert last change.  Use new
+   parameter of __libc_res_nsearch to check for separately allocated
+   second buffer.
+   (_nss_dns_gethostbyaddr2_r): Pass additional NULL to
+   __libc_res_nquery.
+   * resolv/nss_dns/dns-canon.c (_nss_dns_getcanonname_r): Pass
+   additional NULL to __libc_res_nquery.
+   * resolv/gethnamaddr.c (gethostbyname2): Pass additional NULL to
+   __libc_res_nsearch.
+   (gethostbyaddr): Pass additional NULL to __libc_res_nquery.
+   * include/resolv.h: Update prototypes of __libc_res_nquery,
+   __libc_res_nsearch, __libc_res_nsend.
+
+2014-02-13  Andreas Schwab  
+
+   [BZ #16574]
+   * resolv/nss_dns/dns-host.c (_nss_dns_gethostbyname4_r): Free the
+   second answer buffer if it was separately allocated.
+
+--- a/include/resolv.h
 b/include/resolv.h
+@@ -58,11 +58,11 @@
+ libc_hidden_proto (__res_state)
+ 
+ int __libc_res_nquery (res_state, const char *, int, int, u_char *, int,
+- u_char **, u_char **, int *, int *);
++ u_char **, u_char **, int *, int *, int *);
+ int __libc_res_nsearch (res_state, const char *, int, int, u_char *, int,
+-  u_char **, u_char **, int *, int *);
++  u_char **, u_char **, int *, int *, int *);
+ int __libc_res_nsend (res_state, const u_char *, int, const u_char *, int,
+-u_char *, int, u_char **, u_char **, int *, int *)
++u_char *, int, u_char **, u_char **, int *, int *, int *)
+   attribute_hidden;
+ 
+ libresolv_hidden_proto (_sethtent)
+--- a/resolv/gethnamaddr.c
 b/resolv/gethnamaddr.c
+@@ -621,7 +621,7 @@
+   buf.buf = origbuf = (querybuf *) alloca (1024);
+ 
+   if ((n = __libc_res_nsearch(&_res, name, C_IN, type, buf.buf->buf, 1024,
+-  , NULL, NULL, NULL)) < 0) {
++  , NULL, NULL, NULL, NULL)) < 0) {
+   if (buf.buf != origbuf)
+   free (buf.buf);
+   Dprintf("res_nsearch failed (%d)\n", n);
+@@ -716,12 +716,12 @@
+

[glibc] 02/03: fix glibc getaddrinfo stack-based buffer overflow (CVE-2015-7547)

2016-02-16 Thread Aurelien Jarno

This is an automated email from the git hooks/post-receive script.

aurel32 pushed a commit to branch wheezy
in repository glibc.

commit 3532bb9384a97e6038e98027f4c5883c4b7fe762
Author: Aurelien Jarno 
Date:   Mon Feb 1 09:55:01 2016 +0100

fix glibc getaddrinfo stack-based buffer overflow (CVE-2015-7547)
---
 debian/changelog|   2 +
 debian/patches/any/local-CVE-2015-7547.diff | 538 
 debian/patches/series   |   1 +
 3 files changed, 541 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 7e23804..64a9688 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -12,6 +12,8 @@ eglibc (2.13-38+deb7u10) UNRELEASED; urgency=medium
   * patches/any/cvs-gethostbyname4-memory-leak.diff: new patch from
 upstream to fix a memory leak in _nss_dns_gethostbyname4_r with big
 DNS answers.
+  * patches/any/local-CVE-2015-7547.diff: new patch to fix glibc getaddrinfo
+stack-based buffer overflow (CVE-2015-7547).
 
  -- Aurelien Jarno   Sun, 31 Jan 2016 12:55:29 +0100
 
diff --git a/debian/patches/any/local-CVE-2015-7547.diff 
b/debian/patches/any/local-CVE-2015-7547.diff
new file mode 100644
index 000..43dd930
--- /dev/null
+++ b/debian/patches/any/local-CVE-2015-7547.diff
@@ -0,0 +1,538 @@
+--- a/resolv/nss_dns/dns-host.c
 b/resolv/nss_dns/dns-host.c
+@@ -1036,7 +1036,10 @@
+   int h_namelen = 0;
+ 
+   if (ancount == 0)
+-return NSS_STATUS_NOTFOUND;
++{
++  *h_errnop = HOST_NOT_FOUND;
++  return NSS_STATUS_NOTFOUND;
++}
+ 
+   while (ancount-- > 0 && cp < end_of_message && had_error == 0)
+ {
+@@ -1205,7 +1208,14 @@
+   /* Special case here: if the resolver sent a result but it only
+  contains a CNAME while we are looking for a T_A or T_ record,
+  we fail with NOTFOUND instead of TRYAGAIN.  */
+-  return canon == NULL ? NSS_STATUS_TRYAGAIN : NSS_STATUS_NOTFOUND;
++  if (canon != NULL)
++{
++  *h_errnop = HOST_NOT_FOUND;
++  return NSS_STATUS_NOTFOUND;
++}
++
++  *h_errnop = NETDB_INTERNAL;
++  return NSS_STATUS_TRYAGAIN;
+ }
+ 
+ 
+@@ -1219,11 +1229,101 @@
+ 
+   enum nss_status status = NSS_STATUS_NOTFOUND;
+ 
++  /* Combining the NSS status of two distinct queries requires some
++ compromise and attention to symmetry (A or  queries can be
++ returned in any order).  What follows is a breakdown of how this
++ code is expected to work and why. We discuss only SUCCESS,
++ TRYAGAIN, NOTFOUND and UNAVAIL, since they are the only returns
++ that apply (though RETURN and MERGE exist).  We make a distinction
++ between TRYAGAIN (recoverable) and TRYAGAIN' (not-recoverable).
++ A recoverable TRYAGAIN is almost always due to buffer size issues
++ and returns ERANGE in errno and the caller is expected to retry
++ with a larger buffer.
++
++ Lastly, you may be tempted to make significant changes to the
++ conditions in this code to bring about symmetry between responses.
++ Please don't change anything without due consideration for
++ expected application behaviour.  Some of the synthesized responses
++ aren't very well thought out and sometimes appear to imply that
++ IPv4 responses are always answer 1, and IPv6 responses are always
++ answer 2, but that's not true (see the implemetnation of send_dg
++ and send_vc to see response can arrive in any order, particlarly
++ for UDP). However, we expect it holds roughly enough of the time
++ that this code works, but certainly needs to be fixed to make this
++ a more robust implementation.
++
++ --
++ | Answer 1 Status /   | Synthesized | Reason |
++ | Answer 2 Status | Status  ||
++ ||
++ | SUCCESS/SUCCESS | SUCCESS | [1]|
++ | SUCCESS/TRYAGAIN| TRYAGAIN| [5]|
++ | SUCCESS/TRYAGAIN'   | SUCCESS | [1]|
++ | SUCCESS/NOTFOUND| SUCCESS | [1]|
++ | SUCCESS/UNAVAIL | SUCCESS | [1]|
++ | TRYAGAIN/SUCCESS| TRYAGAIN| [2]|
++ | TRYAGAIN/TRYAGAIN   | TRYAGAIN| [2]|
++ | TRYAGAIN/TRYAGAIN'  | TRYAGAIN| [2]|
++ | TRYAGAIN/NOTFOUND   | TRYAGAIN| [2]|
++ | TRYAGAIN/UNAVAIL| TRYAGAIN| [2]|
++ | TRYAGAIN'/SUCCESS   | SUCCESS | [3]|
++ | TRYAGAIN'/TRYAGAIN  | TRYAGAIN| [3]|
++ | TRYAGAIN'/TRYAGAIN' | TRYAGAIN'   | [3]|
++ | TRYAGAIN'/NOTFOUND  | TRYAGAIN'   | [3]|
++ | TRYAGAIN'/UNAVAIL   | UNAVAIL | [3]|
++ | NOTFOUND/SUCCESS| SUCCESS | [3]|
++ | NOTFOUND/TRYAGAIN   | TRYAGAIN| [3]|
++ | NOTFOUND/TRYAGAIN'  | TRYAGAIN'   | [3]|
++ | NOTFOUND/NOTFOUND   | NOTFOUND| [3]|
++ | NOTFOUND/UNAVAIL| UNAVAIL | [3]|
++ | UNAVAIL/SUCCESS

Processed: Bug#814958 marked as pending

Processed: Bug#814958 marked as pending

[glibc] 02/02: Add bug number

[glibc] 01/02: releasing package glibc version 2.22-0experimental3

[glibc] 01/01: Add bug number

Bug#814958: glibc: FTBFS[kfreebsd]: misc/bug18240 timed out

Bug#814958: glibc: FTBFS[kfreebsd]: misc/bug18240 timed out

Re: Bug #808205 inappropriately marked as closed

Re: Bug #808205 inappropriately marked as closed

Bug #808205 inappropriately marked as closed

eglibc_2.13-38+deb7u10_all.changes ACCEPTED into oldstable-proposed-updates->oldstable-new

Processing of eglibc_2.13-38+deb7u10_all.changes

[glibc] branch glibc-2.22 updated (6037464 -> a6da622)

[glibc] branch sid updated (a96b646 -> 28419c6)

Processing of eglibc_2.11.3-4+deb6u11_multi.changes

[glibc] annotated tag debian/2.22-0experimental2 created (now 1906827)

[glibc] branch glibc-2.22 updated (8885bf8 -> 6037464)

[glibc] 01/01: New changelog entry

[glibc] branch sid updated (6a0c9c0 -> a96b646)

[glibc] annotated tag debian/2.21-8 created (now 6ea1b9f)

[glibc] annotated tag debian/2.13-38+deb7u10 created (now 90aff46)

[glibc] branch jessie updated (aee812b -> a795297)

[glibc] annotated tag debian/2.19-18+deb8u3 created (now d37af34)

[glibc] branch wheezy updated (1dc30ec -> 2226fbe)

[glibc] 01/01: New changelog entry

Processing of glibc_2.22-0experimental2_source.changes

Processing of glibc_2.21-8_source.changes

[glibc] 02/02: releasing package glibc version 2.21-8

[glibc] 01/02: fix glibc getaddrinfo stack-based buffer overflow (CVE-2015-7547)

[glibc] 01/02: patches/any/local-CVE-2015-7547.diff

[glibc] 01/02: fix glibc getaddrinfo stack-based buffer overflow (CVE-2015-7547)

[glibc] 03/03: releasing package eglibc version 2.13-38+deb7u10

[glibc] 02/02: releasing package glibc version 2.22-0experimental2

[glibc] 02/02: releasing package glibc version 2.19-18+deb8u3

[glibc] 01/03: patches/any/cvs-gethostbyname4-memory-leak.diff: new patch from upstream to fix a memory leak in _nss_dns_gethostbyname4_r with big DNS answers.

[glibc] 02/03: fix glibc getaddrinfo stack-based buffer overflow (CVE-2015-7547)

36 matches

Site Navigation

Mail list logo

Footer information