1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#1109941: unblock: glibc/2.41-11 (pre-approval)

    From Ivo De Decker@21:1/5 to Aurelien Jarno on Sat Jul 26 20:40:01 2025
    XPost: linux.debian.devel.release

    Control: tags -1 confirmed moreinfo

    Hi,

    On Sat, Jul 26, 2025 at 08:32:17PM +0200, Aurelien Jarno wrote:
    Please unblock package glibc

    Please go ahead with the upload and remove the moreinfo tag from this unblock request once the new upload has been in unstable for a few days, and you think it's ready to migrate.

    Note that the upload would have to happen very soon to have any chance to migrate to trixie.

    Thanks,

    Ivo

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Aurelien Jarno@21:1/5 to All on Sat Jul 26 20:40:01 2025
    XPost: linux.debian.devel.release

    This is a multi-part MIME message sent by reportbug.


    Package: release.debian.org
    Severity: normal
    X-Debbugs-Cc: [email protected]
    Control: affects -1 + src:glibc
    User: [email protected]
    Usertags: unblock

    Please unblock package glibc

    [ Reason ]
    The reason that triggered this upload is a security issue in regcomp (CVE-2025-8058) that got fixed in the upstream stable branch. It also
    includes a fix for iconv creating files with the wrong permissions.

    [ Impact ]
    If the unblock isn't granted, systems will be vulnerable to
    CVE-2025-8058.

    [ Tests ]
    Tests have been added for both changes, and actually represent the
    largest part of the debdiff.

    [ Risks ]
    Risks are quite low, besides the new tests, changes are small, easily reviewable and covered by additional tests.

    [ Checklist ]
    [x] all changes are documented in the d/changelog
    [x] I reviewed all changes and I approve them
    [x] attach debdiff against the package in testing

    [ Other info ]
    If it comes to late for the initial Trixie release, this
    could go in the first point release.

    unblock glibc/2.41-11

    diff --git a/debian/changelog b/debian/changelog
    index 4ee8be6e..85356f8e 100644
    --- a/debian/changelog
    +++ b/debian/changelog
    @@ -1,3 +1,12 @@
    +glibc (2.41-11) unstable; urgency=medium
    +
    + * debian/patches/git-updates.diff: update from upstream stable branch:
    + - Fix iconv to not create executable files with -o.
    + - Fix double-free after allocation failure in regcomp (GLIBC-SA-2025-0005 + / CVE-2025-8058). Closes: #1109803.
    +
    + -- Aurelien Jarno <[email protected]> Sat, 26 Jul 2025 20:29:12 +0200
    +
    glibc (2.41-10) unstable; urgency=medium

    [ Samuel Thibault ]
    diff --git a/debian/patches/git-updates.diff b/debian/patches/git-updates.diff index f8df40b4..ac1e1c31 100644
    --- a/debian/patches/git-updates.diff
    +++ b/debian/patches/git-updates.diff
    @@ -22,10 +22,10 @@ index d0108d2caa..aa547a443f 100644
    $(common-objdir):$(subst $(empty) ,:,$(patsubst ../$(subdir),.,$(rpath-dirs:%=$(common-objpfx)%)))
    else # build-static
    diff --git a/NEWS b/NEWS
    -index b11422b060..90d090ea77 100644
    +index b11422b060..89d0935beb 100644
    --- a/NEWS
    +++ b/NEWS
    -
  • From Aurelien Jarno@21:1/5 to Ivo De Decker on Mon Jul 28 15:50:01 2025
    XPost: linux.debian.devel.release

    control: tag -1 - moreinfo

    Hi,

    On 2025-07-26 18:36, Ivo De Decker wrote:
    Control: tags -1 confirmed moreinfo

    Hi,

    On Sat, Jul 26, 2025 at 08:32:17PM +0200, Aurelien Jarno wrote:
    Please unblock package glibc

    Please go ahead with the upload and remove the moreinfo tag from this unblock request once the new upload has been in unstable for a few days, and you think
    it's ready to migrate.

    I think that glibc is now ready to migrate, piuparts, reproducibility
    and autopkgtests are fine, and no issue have been reported.

    Regards
    Aurelien

    --
    Aurelien Jarno GPG: 4096R/1DDD8C9B [email protected] http://aurel32.net

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)