UbuntuUpdates.org

Package "libc6-pic"

Name: libc6-pic

Description:

GNU C Library: PIC archive library

Latest version: 2.31-0ubuntu9.16
Release: focal (20.04)
Level: updates
Repository: universe
Head package: glibc
Homepage: https://www.gnu.org/software/libc/libc.html

Links


Download "libc6-pic"


Other versions of "libc6-pic" in Focal

Repository Area Version
base universe 2.31-0ubuntu9
security universe 2.31-0ubuntu9.16

Changelog

Version: 2.31-0ubuntu9.7 2022-03-01 18:06:58 UTC

  glibc (2.31-0ubuntu9.7) focal-security; urgency=medium

  * SECURITY UPDATE: infinite loop in iconv
    - debian/patches/any/CVE-2016-10228-1.patch: rewrite iconv option
      parsing in iconv/Makefile, iconv/Versions, iconv/gconv_charset.c,
      iconv/gconv_charset.h, iconv/gconv_int.h, iconv/gconv_open.c,
      iconv/iconv_open.c, iconv/iconv_prog.c, iconv/tst-iconv-opt.c,
      iconv/tst-iconv_prog.sh, intl/dcigettext.c.
    - debian/patches/any/CVE-2016-10228-2.patch: handle translation output
      codesets with suffixes in iconv/Versions, iconv/gconv_charset.c,
      iconv/gconv_charset.h, iconv/gconv_int.h, iconv/iconv_open.c,
      iconv/iconv_prog.c, intl/dcigettext.c, intl/tst-codeset.c.
    - CVE-2016-10228
  * SECURITY UPDATE: buffer over-read in iconv
    - debian/patches/any/CVE-2019-25013.patch: fix buffer overrun in EUC-KR
      conversion module in iconvdata/bug-iconv13.c, iconvdata/euc-kr.c,
      iconvdata/ksc5601.h.
    - CVE-2019-25013
  * SECURITY UPDATE: another infinite loop in iconv
    - debian/patches/any/CVE-2020-27618.patch: fix issue in
      iconv/tst-iconv_prog.sh, iconvdata/ibm1364.c.
    - CVE-2020-27618
  * SECURITY UPDATE: DoS via assert in iconv
    - debian/patches/any/CVE-2020-29562.patch: fix incorrect UCS4 inner
      loop bounds in iconv/Makefile, iconv/gconv_simple.c,
      iconv/tst-iconv8.c.
    - CVE-2020-29562
  * SECURITY UPDATE: signed comparison issue in ARMv7 memcpy
    - debian/patches/any/CVE-2020-6096-pre1.patch: add
      support_blob_repeat_allocate_shared in support/blob_repeat.c,
      support/blob_repeat.h, support/tst-support_blob_repeat.c.
    - debian/patches/any/CVE-2020-6096-1.patch: add test case in
      string/Makefile, string/tst-memmove-overflow.c.
    - debian/patches/any/CVE-2020-6096-2.patch: mark test as as XFAIL in
      string/tst-memmove-overflow.c, sysdeps/arm/Makefile.
    - debian/patches/any/CVE-2020-6096-3.patch: fix memcpy and memmove for
      negative length in sysdeps/arm/memcpy.S, sysdeps/arm/memmove.S.
    - debian/patches/any/CVE-2020-6096-4.patch: fix multiarch memcpy for
      negative length in sysdeps/arm/armv7/multiarch/memcpy_impl.S.
    - debian/patches/any/CVE-2020-6096-5.patch: remove
      string/tst-memmove-overflow XFAIL in sysdeps/arm/Makefile.
    - CVE-2020-6096
  * SECURITY UPDATE: double-free in nscd
    - debian/patches/any/CVE-2021-27645.patch: track live allocation better
      in nscd/netgroupcache.c.
    - CVE-2021-27645
  * SECURITY UPDATE: assertion fail in iconv
    - debian/patches/any/CVE-2021-3326.patch: fix assertion failure in
      ISO-2022-JP-3 module in iconvdata/Makefile, iconvdata/bug-iconv14.c,
      iconvdata/iso-2022-jp-3.c.
    - CVE-2021-3326
  * SECURITY UPDATE: overflow in wordexp via crafted pattern
    - debian/patches/any/CVE-2021-35942.patch: handle overflow in
      positional parameter number in posix/wordexp-test.c, posix/wordexp.c.
    - CVE-2021-35942
  * SECURITY UPDATE: Off-by-one buffer overflow/underflow in getcwd()
    - debian/patches/any/CVE-2021-3999.patch: set errno to ERANGE for
      size == 1 in sysdeps/posix/getcwd.c.
    - CVE-2021-3999
  * SECURITY UPDATE: DoS via long svcunix_create path argument
    - debian/patches/any/CVE-2022-23218-pre1.patch: add the
      __sockaddr_un_set function in include/sys/un.h, socket/Makefile,
      socket/sockaddr_un_set.c, socket/tst-sockaddr_un_set.c.
    - debian/patches/any/CVE-2022-23218.patch: fix buffer overflow in
      sunrpc/svc_unix.c.
    - CVE-2022-23218
  * SECURITY UPDATE: DoS via long clnt_create hostname argument
    - debian/patches/any/CVE-2022-23219.patch: fix buffer overflow in
      sunrpc/clnt_gen.c.
    - CVE-2022-23219
  * debian/rules.d/build.mk: build with --with-default-link=no.
  * This package does _NOT_ contain the changes from (2.31-0ubuntu9.5) in
    focal-proposed.

 -- Marc Deslauriers <email address hidden> Thu, 24 Feb 2022 14:42:40 -0500

Source diff to previous version
CVE-2016-10228 The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSL
CVE-2019-25013 The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding,
CVE-2020-27618 The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371
CVE-2020-29562 The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an a
CVE-2020-6096 An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets
CVE-2021-27645 The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may
CVE-2021-3326 The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding,
CVE-2021-35942 The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called
CVE-2021-3999 Off-by-one buffer overflow/underflow in getcwd()
CVE-2022-23218 The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on t
CVE-2022-23219 The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on

Version: 2.31-0ubuntu9.3 2021-04-26 17:06:20 UTC

  glibc (2.31-0ubuntu9.3) focal; urgency=medium

  [ Aurelien Jarno ]
  * debian/patches/any/git-surplus-tls-accounting.diff: backport TLS surplus
    accounting from upstream. (Closes: #964141) (LP: #1914044)

  [ Balint Reczey ]
  * Update debian/patches/ubuntu/local-disable-ld_audit.diff
  * Prevent rare deadlock in pthread_cond_signal (LP: #1899800)
  * Cherry-pick upstream patch to fix building with -moutline-atomics
  * Make libc6 provide libc6-lse on arm64.
    Libc6 is now compiled with -moutline-atomics thus the separate binary
    package is dropped. (LP: #1912652)
  * debian/control: Libc6 should Conflict and Replace libc6-lse

 -- Balint Reczey <email address hidden> Mon, 29 Mar 2021 22:11:32 +0200

Source diff to previous version
1914044 [SRU] gstreamer fails with \
1899800 Runtime deadlock: pthread_cond_signal failed to wake up pthread_cond_wait due to a bug in undoing stealing
964141 libc6: "cannot allocate memory in static TLS block" with some library combinations on arm64

Version: 2.31-0ubuntu9.2 2021-01-26 18:07:15 UTC

  glibc (2.31-0ubuntu9.2) focal; urgency=medium

  * Drop check preventing using float128 which breaks new icc (LP: #1895358)
  * Detect debconf consistently in libc6.preinst and do not crash if it is
    not used (LP: #1902955)
  * Ship libc variant compiled for profiling in libc6-prof (LP: #1908307)
  * elf: Add endianness markup to ld.so.cache (Closes: #731082) (LP: #1906250)

 -- Balint Reczey <email address hidden> Wed, 16 Dec 2020 12:04:55 +0100

Source diff to previous version
1895358 [Bug] A simple code including tgmath.h cannot be compiled with icc with Ubuntu 20.04 OS
1902955 package libc6:amd64 2.31-0ubuntu9.1 failed to install/upgrade: package libc6:amd64 2.31-0ubuntu9.1 cannot be configured because libc6:i386 is at a di
1908307 Please ship a glibc build for profiling in libc6-prof
1906250 Segmentation fault in s390x ld.so while parsing /etc/ld.so.cache using qemu-s390x on x86_64.
731082 ld.so.cache parsing code does not deal with mixed endianess multiarch, causing segfaults

Version: 2.31-0ubuntu9.1 2020-09-22 17:06:24 UTC

  glibc (2.31-0ubuntu9.1) focal; urgency=medium

  [ Michael Hudson-Doyle ]
  * Mark tst-getpw as XFAIL on arm64. (LP: #1869364)

  [ Matthias Klose ]
  * Copy the fully conditionalized x86 variant for math-vector-fortran.h
    to /usr/include/finclude. On all architectures. (LP: #1879092)

  [ Balint Reczey ]
  * debian/gbp.conf: Add initial configuration
  * debian/control.in/main: Add Vcs-* pointing to Ubuntu packaging repository
  * debian/debhelper.in/libc.preinst: Fix setting LDCONFIG_NOTRIGGER
    (LP: #1889190)
  * Fall back to calling nanosleep syscall when __clock_nanosleep returns
    EINVAL due to CLOCK_REALTIME not being supported (LP: #1871129)
  * debian/testsuite-xfail-debian.mk: XFAIL tst-getpw on armhf, too
    (LP: #1869364)
  * XFAIL stdlib/tst-getrandom (LP: #1891403)

  [ Dimitri John Ledkov ]
  * debian/patches/powerpc: Cherrypick upstream patches to support POWER10
    optimized library loading. LP: #1887989

 -- Balint Reczey <email address hidden> Mon, 17 Aug 2020 22:02:52 +0200

1869364 glibc pwd/test-getpw test failures in autopkgtest
1879092 gfortran can't use vectorized functions.
1889190 ldconfig is still deferred in libc6.preinst
1871129 htop is blank when using in focal in wsl1
1891403 glibc tst-getrandom test needs more entropy causing test failures
1887989 [20.04 Feature] Enable glibc for POWER10



About   -   Send Feedback to @ubuntu_updates