SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for glibc-2.3.6-owl16.3.0.2.i686.rpm :

* Sat Feb 23 2013 Vasiliy Kulikov 2.3.6-owl16.3.0.2- Backported a fix for TLS handling bug which triggered \'assert\' on Firefoxstartup.http://www.openwall.com/lists/owl-dev/2013/02/23/2
* Sat Feb 23 2013 Solar Designer 2.3.6-owl16.3.0.1- Corrected the processing of \'\\x80\' characters in crypt_freesec.c. This isthe issue known as CVE-2012-2143 in other projects using the FreeSec code, butluckily in Owl we\'ve been using this code only for the \"extended\" hashes(continuing to use glibc\'s UFC-crypt for \"traditional\" ones), and these wereonly affected in terms of compatibility (with BSD/OS and certain otherimplementations), but not security.
* Sun Oct 09 2011 Solar Designer 2.3.6-owl16- Excluded the zoneinfo files (now part of tzdata package).
* Sat Jul 16 2011 Solar Designer 2.3.6-owl15- Revised the recent changes to crypt_blowfish, including based on feedbackfrom Ludwig Nussel (thanks!)
* Wed Jul 06 2011 Solar Designer 2.3.6-owl14- In crypt_blowfish, support \"$2y$\" to refer to the correct algorithm (same as\"$2a$\" in OpenBSD), but with \"$2a$\" deviate from the correct algorithm whennecessary to prevent easy collisions with multiple hashes produced by the signextension buggy algorithm.
* Tue Jun 21 2011 Solar Designer 2.3.6-owl13- crypt_blowfish 1.1, correcting the sign extension bug with 8-bit charactersin passwords.
* Mon Oct 18 2010 Dmitry V. Levin 2.3.6-owl12- Build glibc without NDEBUG. Disabling of assertion checks does notprovide significant performance advantage, but it may expose some securityproblems. Those asserts, which NDEBUG removes, might in fact reduce theimpact of the surrounding code not matching the programmers\' intent andexpectations. Proposed by Solar Designer.
* Sun Oct 03 2010 Vasiliy Kulikov 2.3.6-owl11- Fixed build with binutils 2.20.x.
* Tue Mar 30 2010 Solar Designer 2.3.6-owl10- Added atomic_write_barrier() before setting the \"initialized\" flag incrypt/crypt_util.c: __init_des_r() (upstream code), as well as incrypt/wrapper.c: _crypt_extended_init_r() (Owl-specific instance of thesame approach). The __init_des_r() issue was reported upstream:http://sourceware.org/bugzilla/show_bug.cgi?id=11449
* Sat Feb 20 2010 Solar Designer 2.3.6-owl9- Corrected the sanity check of the \"setting\" string in _crypt_blowfish_rn() toreject iteration counts encoded as 36 through 39. Previously, these would bemisinterpreted as being the same as 04 through 07. This was reported to us byJoey Smith.- Added .section .note.GNU-stack to crypt_blowfish\'s x86.S.- Enhanced crypt_freesec.c to detect and reject invalid \"setting\" strings.
* Thu Feb 11 2010 Dmitry V. Levin 2.3.6-owl8- Switched from linuxthreads to NPTL.- Optimized res_randomid patch.
* Thu Jul 17 2008 Dmitry V. Levin 2.3.6-owl7- Made crypt_blowfish buildable by modern gcc compilers by movingfcrypt weak alias definition from crypt-entry.c to wrapper.c file.
* Sat May 27 2006 Dmitry V. Levin 2.3.6-owl6- Backported configure fix: compile source test files with -fPIC for -shared.- Backported linuxthreads x86-64 asm syntax corrections.- Backported ctermid declaration fix.- Backported upstream patch to fix build with new GNU assembler.- Applied upstream linuxthreads ix86 TLS fix.- Fixed ldd error reporting on multilib platforms like x86-64.- Fixed \"ldd -u\".
* Tue May 23 2006 Solar Designer 2.3.6-owl5- In crypt_blowfish, enable BF_SCALE on x86-64 for better performance.
* Fri Feb 03 2006 Dmitry V. Levin 2.3.6-owl4- Marked /etc/ld.so.conf with %config(noreplace) flag.- Dropped old ChangeLog files.
* Mon Jan 02 2006 Solar Designer 2.3.6-owl3- Corrected a bug in the way salts for extended DES-based and for MD5-basedhashes are generated; thanks to Marko Kreen for discovering this.
* Tue Dec 20 2005 Solar Designer 2.3.6-owl2- Imported a patch from Gentoo (re-generated from glibc234-alpha-xstat.patch)to re-introduce support for building on Alpha with pre-2.6.4 kernel headers.
* Wed Nov 09 2005 Dmitry V. Levin 2.3.6-owl1- Updated to 2.3.6.
* Mon May 23 2005 Solar Designer 2.3.5-owl5- Even more changes to the sanitize-env patch: corrected the way__libc_enable_secure is set in __libc_init_secure() if still undecided atthat point, provide safe defaults for __libc_enable_secure and__libc_security_mask in sysdeps/generic/dl-sysdep.c.
* Tue May 17 2005 Dmitry V. Levin 2.3.5-owl4- Further changes to the sanitize-env patch: left__libc_enable_secure a boolean variable; instead, introduced aninternal bitmask, __libc_security_mask.
* Mon May 16 2005 Solar Designer 2.3.5-owl3- Further changes to the sanitize-env patch: be safe in case thekernel passes multiple instances of AT_
*ID.
* Sun May 15 2005 Dmitry V. Levin 2.3.5-owl2- Reworked sanitize-env patch to take into account AT_SECURE valueof the auxiliary vector in addition to AT_
*ID values.- Removed unneeded __locale_getenv() function which was introducedin 2.3.3.2004061600-owl1.
* Fri May 13 2005 Dmitry V. Levin 2.3.5-owl1- Updated to 2.3.5 with changes from glibc-2_3-branch snapshot 20050427.- Enabled GNU Libidn add-on.- Updated patches which were imported from ALT.- Imported SuSE patch which adds -a option to getconf utility.- Disabled packaging of the obsolete pt_chown helper.- Corrected info files installation.
* Sat Apr 02 2005 Solar Designer 2.3.3.2004061600-owl6- Corrected the permissions on /etc/ld.so.conf.d.
* Sun Mar 06 2005 Solar Designer 2.3.3.2004061600-owl5- Use UTC for our default timezone, Factory is just too ugly (\"Local timezone must be set--see zic manual page\" - hardly an informative message foran end-user - and it comes up while booting off the CD).
* Thu Mar 03 2005 Solar Designer 2.3.3.2004061600-owl4- Place strlc
*() into libc_nonshared.a such that no programs become dependenton the presence of these extensions in the shared library.- Added the strlcpy(3) and strlcat(3) man pages.
* Tue Feb 22 2005 Solar Designer 2.3.3.2004061600-owl3- crypt_blowfish-0.4.7: crypt(3) man page updates.
* Thu Jan 20 2005 Solar Designer 2.3.3.2004061600-owl2- Many post-update corrections.
* Sun Jan 09 2005 (GalaxyMaster) 2.3.3.2004061600-owl1- Updated to CVS version 2.3.3 (2004061600).- Spec file was revised and reworked.- Imported a bunch of patches from ALT Linux.- Owl patches were revised and regenerated against new version (if necessary).- Dropped realpath-comments patch (this functionality is implemented).- Added tmp-scripts patch to deal with tmp file handling issues in the scripts.- sanitize-env patch was revised and reworked to embrace all issues it hasto deal with.- Added BUILD_LOCALES and BUILD_LOCALES_UTF8 macros to control building oflocales. BUILD_LOCALES support is incomplete yet, we will divide our glibcinto functional sub-packages soon and generation of locales package will becontroled through BUILD_LOCALES macro.- Added rpcgen-cpp patch to avoid hardcoding of path to cpp binary. Thispatch also replaces execv() to execvp() to search for cpp binary in PATH.- Cleaned up the spec.
* Sat Dec 25 2004 (GalaxyMaster) 2.3.2-owl3- Fixed compat-fake\'s provides to deal with Owl 1.1 release upgrades- Fixed a bug with creating buildtree using i686, but accessing itusing RPM_ARCH variable. Thanks goes to Piotr Janiec, who had pointed andfixed this issue.
* Wed Dec 08 2004 (GalaxyMaster) 2.3.2-owl2- Fixed types (we were using types from linux/types.h insteadof sys/types). Thanks goes to Sergio .
* Tue Nov 02 2004 Solar Designer 2.3.2-owl1- Corrected the -compat-fake sub-package description.- Set Release to -owl1 such that we can make it public, then proceed withfurther corrections for whatever we\'ve broken with the big update.
* Thu Sep 30 2004 (GalaxyMaster) 2.3.2-owl0.8- Added compat-fake sub-package to help upgrade procedure
* Sat Mar 20 2004 Solar Designer 2.3.2-owl0.7- Corrections to BUILD_PROFILE support.
* Wed Mar 10 2004 (GalaxyMaster) 2.3.2-owl0.6- Moved big rh9 patch to the sources- Split glibc utility programs into glibc-utils subpackage
* Tue Mar 09 2004 (GalaxyMaster) 2.3.2-owl0.5- Updated patch set for 2.3.2 version
* Thu Mar 04 2004 (GalaxyMaster) 2.3.2-owl0.4- Spec clean up, added documentation
* Mon Mar 01 2004 (GalaxyMaster) 2.3.2-owl0.3- Prepared spec for FHS 2.2
* Tue Feb 24 2004 (GalaxyMaster) 2.3.2-owl0.2- Cleaned up spec for building under \"stage4\" environment.
* Thu Feb 19 2004 (GalaxyMaster) 2.3.2-owl0.1- Regenerated crypt_blowfish patch against this version of glibc
* Mon Feb 16 2004 (GalaxyMaster) 2.3.2-owl0- Updated to the new version - 2.3.2 (official release); This cannot be usedas primary glibc on system yet due to missing crypt_blowfish.
* Mon Dec 08 2003 Solar Designer 2.1.3-owl38- Sanity check the forward and backward chunk pointers in dlmalloc\'sunlink() macro, thanks to Stefan Esser for the idea.
* Sun Dec 07 2003 Solar Designer 2.1.3-owl37- Allow tmpfile(3) to use $TMPDIR, thanks to the report and patch by(GalaxyMaster). Certain other implementations are known to do the same.
* Wed Oct 29 2003 Solar Designer 2.1.3-owl36- Added \"Provides: glibc-crypt_blowfish-devel\" tag to -devel subpackage.- Dropped the obsolete \"Provides: glibc <= 2.1.3-19owl\" tag which wasneeded during our transition to the new Release numbering scheme.
* Sat Aug 02 2003 Solar Designer 2.1.3-owl35- Back-ported a fix from glibc CVS to pass the high and low 32 bits offile offsets into ftruncate64, truncate64, pread64, and pwrite64syscalls under the correct endianness. Of the architectures we supportcurrently, this only makes a difference for SPARC. The MIPS-specificbits of this fix are intentionally not included (we\'ll probably updateglibc earlier than we might possibly support it).
* Sat Jun 28 2003 Solar Designer 2.1.3-owl34- Corrected the comments in stdlib.h for canonicalize_file_name() andrealpath() to not describe behavior that is not actually implemented.
* Sun Jun 22 2003 Solar Designer 2.1.3-owl33- Back-ported a fix from glibc CVS to relax the mutex ownership checksin pthread_cond_wait(3) and related functions.
* Sat Jun 21 2003 Solar Designer 2.1.3-owl32- Applied a fix by Dmitry V. Levin to call openlog_internal() with aNULL ident instead of with LogTag to not cause possible deallocationof LogTagDynamic.
* Fri May 23 2003 Solar Designer 2.1.3-owl31- Moved /etc/nsswitch.conf from glibc to owl-etc package.
* Sun Mar 23 2003 Solar Designer 2.1.3-owl30- Included Red Hat\'s back-port of the Sun RPC XDR integer overflow fixesfrom glibc CVS; the fixes are by Paul Eggert and Roland McGrath, and thexdrmem_getbytes() integer overflow has been discovered by Riley Hassellof eEye Digital Security.
* Fri Nov 08 2002 Solar Designer - Made the x86 assembly code in crypt_blowfish reentrant (this time forreal), added a test for proper operation with multiple threads, madecrypt_blowfish more careful about overwriting sensitive data.- Cleaned up the default /etc/nsswitch.conf file. Now it refers tonsswitch.conf(5) for more information, uses the proper terms instead ofcalling everything an \"entry\" (now we use \"databases\", name \"services\",and \"entries\" being looked up via NSS), and lists \"tcb\" among possiblename services and provides an example of its use.
* Tue Oct 01 2002 Solar Designer - Avoid read buffer overruns in glibc itself and applications thatnaively assume the length returned by res_
* is always less than or equalto the answer buffer size (CERT VU#738331, CVE CAN-2002-1146), bytruncating the answer in res_send(3); the patch is by Olaf Kirch of SuSE.- Avoid some potential reads beyond end of undersized DNS responses bymaking sure they\'re at least HFIXEDSZ+QFIXEDSZ in size; pointed out byDmitry V. Levin of ALT Linux.
* Mon Aug 19 2002 Michail Litvak - Deal with info dir entries such that the menu looks pretty.
* Tue Aug 06 2002 Solar Designer - Updated the recent calloc(3) patch to conform to POSIX-2001 wrt thebehavior on elsize == 0. Pointed out by Sebastian Krahmer of SuSE.
* Sun Aug 04 2002 Solar Designer - Made the FreeSec code reentrant, adjusted crypt
*(3) wrappers and themanual page accordingly.
* Thu Aug 01 2002 Solar Designer - Patched two potential integer overflows (and thus buffer overflows) incalloc(3) and xdr_array (the latter discovered by ISS X-Force).
* Fri Jul 05 2002 Solar Designer - Added the patch by NISHIMURA Daisuke and Tomohiro \'Tomo-p\' KATO ofVine Linux to fix the DNS resolver buffer overflows affecting both hostand net lookups in the glibc-compat code that is used by binaries builtagainst glibc 2.0:http://sources.redhat.com/ml/bug-glibc/2002-07/msg00119.html
* Thu Jul 04 2002 Solar Designer - Back-ported the fix to buffer overflow in resolv/nss_dns/dns-network.caffecting getnetby{addr,name}{,_r}(3) when \"dns\" is listed on \"networks\"line in /etc/nsswitch.conf (which is not the default).- Improved the code used to produce unpredictable DNS query IDs to makeit generate different sequences of IDs in forked processes (problemnoted by Jarno Huuskonen), conserve the kernel\'s randomness pool (basedon feedback from Michael Tokarev), and properly reseed when chrooted.
* Thu Jul 04 2002 Michail Litvak - patch to build with new texinfo
* Wed Jun 12 2002 Solar Designer - ldd(1) will no longer try to invoke programs directly, even when itseems like that would work. The dynamic linker will be invoked as aprogram instead. This makes a difference when the program is SGID andis being ldd\'ed by root. If the program was executed directly, glibcwould detect its SGID status and drop LD_
* variables, resulting in theprogram being actually started rather than ldd\'ed. Thanks to DmitryV. Levin of ALT Linux for suggesting this solution.- Use ctime_r() instead of strftime_r() in syslog(3) so that month nameswill not depend on current locale settings. The patch is originally byMichael Tokarev, with modifications to apply to our glibc.- glibcbug: use mktemp(1) in a fail-close way, let it use $TMPDIR, defaultto vitmp(1) for the editor.- crypt_blowfish-0.4.3 (documentation updates, a check to produce bettercode for PA-RISC).
* Mon Feb 04 2002 Michail Litvak - Enforce our new spec file conventions.
* Fri Dec 14 2001 Solar Designer - Back-ported a glob(3) buffer overflow fix from the CVS; the bug has beendiscovered and an initial patch produced by Flavio Veloso of Magnux.- Applied fixes to vasprintf(3) (thus affecting asprintf(3) as well) tomake it behave on errors, changed the semantics to match Todd Miller\'simplementation on
*BSD, fixed uses of [v]asprintf(3) in glibc itself tohandle possible errors. Thanks to Dmitry V. Levin of ALT Linux fordiscovering and looking into these issues.- Updated to crypt_blowfish-0.4.2 (more man page fixes).
* Thu Nov 08 2001 Solar Designer - If syslog(3) is called by a SUID/SGID program without a preceding call toopenlog(3), don\'t blindly trust __progname for the syslog ident.
* Fri Jul 06 2001 Solar Designer - Corrected the declaration of struct dqstats in .
* Wed Jun 13 2001 Solar Designer - Back-ported a patch from the CVS to handle unaligned relocations on Alpha.References:http://bugs.debian.org/43401http://www.alphalinux.org/archives/debian-alpha/February2000/0183.htmlhttp://www.alphalinux.org/archives/debian-alpha/February2000/0197.htmlhttp://gcc.gnu.org/ml/gcc/1999-07n/msg00968.htmlhttp://gcc.gnu.org/ml/gcc/1999-07n/msg01041.html
* Sun Jun 03 2001 Solar Designer - Sync the fts(3) routines with current OpenBSD and FreeBSD; this istriggered by Nick Cleaton\'s report of yet another FTS vulnerabilityto FreeBSD, and a discussion with Kris Kennaway and Todd Miller. Itshould no longer be possible to trick FTS into leaving the intendeddirectory hierarchy, but DoS attacks on FTS itself remain possible.- Updated to crypt_blowfish-0.4.1 (man page fixes).
* Thu May 10 2001 Solar Designer - Updated to crypt_blowfish-0.4 (release).
* Fri May 04 2001 Solar Designer - Updated to crypt_blowfish-0.3.9, which adds crypt_ra, crypt_gensalt_raand an up-to-date crypt(3) man page.
* Sat Apr 07 2001 Solar Designer - Force known control characters for iscntrl(3) (in localedef and C locale).
* Thu Jan 11 2001 Solar Designer - Sanitize the environment in a paranoid way (this was meant to be delayeduntil we add a configuration file, but well...).
* Wed Jan 10 2001 Solar Designer - Included several critical dynamic linker security fixes from the CVS.
* Tue Jan 02 2001 Solar Designer - Back-ported the mktemp, tempnam, tmpnam, and tmpnam_r link_warning\'s.
* Fri Nov 17 2000 Solar Designer - \'ASFLAGS-.os += -Wa,-Av8plusa\' for sparcv9.
* Thu Sep 07 2000 Solar Designer - Added optflags_lib support and _target_platform to configure.
* Fri Sep 01 2000 Solar Designer - One more security fix (locale once again) from the CVS version.- Fixed a bug in crypt_gensalt
*() reported by Michael Tokarev.
* Fri Aug 25 2000 Solar Designer - Back-ported 3 security-related fixes from the CVS version.
* Sun Aug 06 2000 Solar Designer - Added FreeSec (as a patch) to support extended/new-style/BSDI passwordhashes in crypt(3) (but not in the reentrant versions; this is a hack).- The building of profiling libraries is now optional and disabled bydefault.
* Fri Jul 14 2000 Alexandr D. Kanevskiy - import syslog fix from RH- import time fix from RH- import timezone fixes from RH- import ldd patch to handle non-executable shared objects. (mdk)- import ucontext.h patch from mdk
* Wed Jul 12 2000 Alexandr D. Kanevskiy - paths patch from RH- import libNoVersion from RH- import xdr_ypall patch (RH bug id #249)- import linuxthreads patches from RH- import nis malloc fixes from RH- import some little fixes from RH- import cp1251 locales from BCL
* Sun Jun 18 2000 Solar Designer - import this spec from RH, and make it use the original glibc 2.1.3code with Owl patches only; libNoVersion and other RH hacks may be addedat a later stage.
  
ICM