[FFe] late glibc upload due to CVE-2024-2961
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
glibc (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
A new CVE for glibc was just published: CVE-2024-2961
We obviously want that fixed in Noble, and the upstream patch has already been backported to the relevant branch. On that branch are several patchsets that I was already planning on incorporating as part of any future glibc SRU to noble, so I'd like to do a "full" upload of glibc rather than the minimalistic cherry-pick one.
Here is the annotated changelog of what I'd like to upload:
glibc (2.39-0ubuntu9) noble; urgency=medium
[ Matthias Klose ]
* Define _DISTRO_
and _FILE_OFFSET_BITS in the compiler by default.
See https:/
-> build fix, mostly useful for c-t-b(-p)
[ Simon Chopin ]
* debian/
- Fix support for -mtls-dialect=gnu2 on x86 and armhf:
7fc8242bf8 x86-64: Save APX registers in ld.so trampoline
a364304718 x86: Update _dl_tlsdesc_dynamic to preserve caller-saved registers
853e915fdd x86-64: Update _dl_tlsdesc_dynamic to preserve AMX registers
354cabcb26 x86-64: Allocate state buffer space for RDI, RSI and RBX
15aebdbada Ignore undefined symbols for -mtls-dialect=gnu2
a8ba52bde5 arm: Update _dl_tlsdesc_dynamic to preserve caller-saved registers (BZ 31372)
aded2fc004 elf: Enable TLS descriptor tests on aarch64
5a461f2949 Add tst-gnu2-tls2mod1 to test-internal-
-> Only touches codepaths that are touched by code using -mtls-dialect=gnu2, which is not the default. Low priority, but still worthwhile to fix.
- Fix performance regression on AMD Zen3+ architecture (LP: #2030515):
aa4249266e x86: Fix Zen3/Zen4 ERMS selection (BZ 30994)
6484a92698 x86: Do not prefer ERMS for memset on Zen3+
5d070d12b3 x86: Expand the comment on when REP STOSB is used on memset
-> Rather dramatic performance regression, that and the SVE one were my main motivation for an SRU.
- 31c7d69af5 i386: Use generic memrchr in libc (bug 31316)
-> That one is pretty irrelevant for us.
- b0e0a07018 aarch64/fpu: Sync libmvec routines from 2.39 and before with AOR
-> "fix for big-endian in AdvSIMD log, some cosmetic changes, and numerous small optimisations". Not SRU material, I admit.
- Work around issues with SVE support in kernel (related to LP 1999551)
395a89f61e aarch64: fix check for SVE support in assembler
9d92452c70 AArch64: Check kernel version for SVE ifuncs
-> This SVE kernel regression was actually discovered when testing our SRU in bug 1999551 !
- Build fixes for amd64v3:
9883f4304c x86-64: Don't use SSE resolvers for ISA level 3 or above
7b92f46f04 x86-64: Simplify minimum ISA check ifdef conditional with if
-> Nice to have for our amd64v3 experiments.
- edb9a76e30 powerpc: Fix ld.so address determination for PCREL mode (bug 31640)
-> Straight fix
- 04df8652eb Apply the Makefile sorting fix
-> Purely cosmetic
- amd64v3 fix:
423099a032 x86_64: Exclude SSE, AVX and FMA4 variants in libm multiarch
-> Again, nice to have.
- 31da30f23c iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961)
(LP: #2062228)
-> The reason for this late upload!!
* Revert the frame pointer changes on ppc64el.
It doesn't really make sense on that architecture, and causes a
performance regression on some workloads.
description: | updated |
This is bugfixes only, I don't believe an exception is required, so please go ahead.