diff options
| author | joseph <joseph@7b3dc134-2b1b-0410-93df-9e9f96275f8d> | 2013-10-18 21:33:25 +0000 |
|---|---|---|
| committer | joseph <joseph@7b3dc134-2b1b-0410-93df-9e9f96275f8d> | 2013-10-18 21:33:25 +0000 |
| commit | fe2ed5aaa408e1ab996a9fe1595a05634208a79c (patch) | |
| tree | e1027fbc9d8a4a8c33f8149b2b42e8cde89c74f6 /libc/NEWS | |
| parent | 571c782b982d888565e7d06bfc2f3d47582fe829 (diff) | |
| download | eglibc2-fe2ed5aaa408e1ab996a9fe1595a05634208a79c.tar.gz | |
Merge changes between r23946 and r24305 from /fsf/trunk.
git-svn-id: svn://svn.eglibc.org/trunk@24306 7b3dc134-2b1b-0410-93df-9e9f96275f8d
Diffstat (limited to 'libc/NEWS')
| -rw-r--r-- | libc/NEWS | 57 |
1 files changed, 52 insertions, 5 deletions
@@ -9,19 +9,66 @@ Version 2.19 * The following bugs are resolved with this release: - 14155, 14699, 15427, 15522, 15531, 15532, 15736, 15749, 15797, 15867, - 15886, 15887, 15890, 15897, 15905, 15909, 15921. + 156, 431, 832, 13028, 13982, 13985, 14155, 14547, 14699, 14910, 15048, + 15218, 15277, 15308, 15362, 15400, 15427, 15522, 15531, 15532, 15608, + 15609, 15610, 15632, 15640, 15672, 15680, 15681, 15723, 15734, 15735, + 15736, 15748, 15749, 15754, 15760, 15764, 15797, 15844, 15847, 15849, + 15855, 15856, 15857, 15859, 15867, 15886, 15887, 15890, 15892, 15893, + 15895, 15897, 15905, 15909, 15919, 15921, 15923, 15939, 15948, 15963, + 15966, 15988, 16032, 16034, 16036, 16041. + +* CVE-2012-4412 The strcoll implementation caches indices and rules for + large collation sequences to optimize multiple passes. This cache + computation may overflow for large collation sequences and may cause a + stack or buffer overflow. This is now fixed to use a slower algorithm + which does not use a cache if there is an integer overflow. + +* CVE-2012-4424 The strcoll implementation uses malloc to cache indices and + rules for large collation sequences to optimize multiple passes and falls + back to alloca if malloc fails, resulting in a possible stack overflow. + The implementation now falls back to an uncached collation sequence lookup + if malloc fails. + +* CVE-2013-4788 The pointer guard used for pointer mangling was not + initialized for static applications resulting in the security feature + being disabled. The pointer guard is now correctly initialized to a + random value for static applications. Existing static applications need + to be recompiled to take advantage of the fix (bug 15754). * CVE-2013-4237 The readdir_r function could write more than NAME_MAX bytes to the d_name member of struct dirent, or omit the terminating NUL character. (Bugzilla #14699). -* New locales: quz_PE. +* CVE-2013-4332 The pvalloc, valloc, memalign, posix_memalign and + aligned_alloc functions could allocate too few bytes or corrupt the + heap when passed very large allocation size values (Bugzilla #15855, + #15856, #15857). -* Add country_car field to LC_ADDRESS, many locales. +* New locales: ak_GH, cmn_TW, hak_TW, lzh_TW, nan_TW, quz_PE, pap_AW, pap_CW, + ar_SS. -* Update iso-1427.def and related occurrences. +* Substantially revised locales: gd_GB, ht_HT +* The LC_ADDRESS field was updated to support country_car for almost all + supported locales. + +* ISO 1427 definitions were updated. + +* ISO 3166 definitions were updated. + +* The localedef utility now supports --big-endian and --little-endian + command-line options to generate locales for a different system from that + for which the C library was built. + +* The configure option --disable-versioning has been removed. Builds with + --disable-versioning had not worked for several years. + +* ISO 639 definitions were updated for Chiga (cgg) and Chinese (gan, hak, czh, + cjy, lzh, cmn, mnp, cdo, czo, cpx, wuu, hsn, yue). + +* SystemTap probes for malloc have been introduced. + +* Support for powerpc64le has been added. Version 2.18 |