- Avoid large allocas in the dynamic linker (#1452716)

- Fix invalid-free when using getaddrinfo() and AI_IDN (CVE-2013-7424,

- Fix parsing of numeric hosts in gethostbyname_r (CVE-2015-0235, #1183532).

- Remove gconv transliteration loadable modules support (CVE-2014-5119,
  - _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475,

- Remove gconv transliteration loadable modules support (CVE-2014-5119,
  - _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475,

- Fix integer overflows in *valloc and memalign. (#1011804).

- Revert incomplete fix for bug #758193.

- Add support for newer L3 caches on x86-64 and correctly count
  the number of hardware threads sharing a cacheline (#1011422).

- Fix _nl_find_msg malloc failure case, and callers (#963813).
  - Test on init_fct, not result->__init_fct, after demangling (#963812).
  - Don't handle ttl == 0 specially (#962903).

- Add missing patch to avoid use after free (#816647).

- Always demangle function before checking for NULL value. (#816647).

- Do not fail in ttyname if /proc is not available (#851450).

- Fix out of bounds array access in strto* exposed by 847929 patch.

- Fix iconv() segfault if the invalid multibyte character 0xffff is input when converting from IBM930 (#837896)

- Fix memory leak in NIS endgrent (#810323)

- Add dist tag
- Filter out <built-in> when building file lists (#784646).
- Avoid "nargs" integer overflow which could be used to bypass FORTIFY_SOURCE (#794813)

- Correct test for detecting cycle during topo sort (#729661)

- Use correct type when casting d_tag (#767687)
- Report write error  in addmnt even for cached streams (#767687)
- ldd: Never run file directly (#767687).
- Workaround misconfigured system (#767687)

- Correct cycle detection during dependency sorting (#729661)

- Don't underestimate length of DST substitution (#694655)

- Fix ordering of DSO constructors and destructors (#604796)

- Don't underestimate length of DST substitution (#694655)

- Avoid too much stack use in fnmatch (#681054, CVE-2011-1071)
- Properly quote output of locale (#625893, CVE-2011-1095)
- Don't leave empty element in rpath when skipping the first element,
  ignore rpath elements containing non-isolated use of $ORIGIN when
  privileged (#667974, CVE-2011-0536)
- Fix handling of newline in addmntent (#559579, CVE-2010-0296)

- Fix typo (#531576)

- Require suid bit on audit objects in privileged programs (#645677,
  CVE-2010-3856)

- Never expand $ORIGIN in privileged programs (#643818, CVE-2010-3847)

- Restore locking in free_check (#637067)

- Fix POWER6 memcpy/memset (#614546)

- Enable -fasynchronous-unwind-tables throughout (#594617)

- Fix more issues with setuid race (#491995)

- Avoid a race condition setting l_used (#548692)

- Fix error path in sem_timedwait on x86/x86_64 (#540475)

- drop broken nscd locking change introduced in 2.5-41

- force malloc hook pointers into register to avoid rereading them
  from memory non-atomically (#507530, BZ#9957)

- fix gethostbyname/gethostbyaddr NSS lookup (#478716)

- another dynamic TLS handling fix (#470054)