** Description changed:

- Details to follow.
+ A new CVE for glibc was just published: CVE-2024-2961
+ 
+ We obviously want that fixed in Noble, and the upstream patch has
+ already been backported to the relevant branch. On that branch are
+ several patchsets that I was already planning on incorporating as part
+ of any future glibc SRU to noble, so I'd like to do a "full" upload of
+ glibc rather than the minimalistic cherry-pick one.
+ 
+ Here is the annotated changelog of what I'd like to upload:
+ 
+ glibc (2.39-0ubuntu9) noble; urgency=medium
+ 
+   [ Matthias Klose ]
+   * Define _DISTRO_EVADE_TIME_BITS for the build, not setting _TIME_BITS
+     and _FILE_OFFSET_BITS in the compiler by default.
+     See https://sourceware.org/bugzilla/show_bug.cgi?id=31624.
+ -> build fix, mostly useful for c-t-b(-p)
+ 
+   [ Simon Chopin ]
+   * debian/patches/git-updates.diff: update from upstream stable branch:
+     - Fix support for -mtls-dialect=gnu2 on x86 and armhf:
+       7fc8242bf8 x86-64: Save APX registers in ld.so trampoline
+       a364304718 x86: Update _dl_tlsdesc_dynamic to preserve caller-saved 
registers
+       853e915fdd x86-64: Update _dl_tlsdesc_dynamic to preserve AMX registers
+       354cabcb26 x86-64: Allocate state buffer space for RDI, RSI and RBX
+       15aebdbada Ignore undefined symbols for -mtls-dialect=gnu2
+       a8ba52bde5 arm: Update _dl_tlsdesc_dynamic to preserve caller-saved 
registers (BZ 31372)
+       aded2fc004 elf: Enable TLS descriptor tests on aarch64
+       5a461f2949 Add tst-gnu2-tls2mod1 to test-internal-extras
+ -> Only touches codepaths that are touched by code using -mtls-dialect=gnu2, 
which is not the default. Low priority, but still worthwhile to fix.
+ 
+     - Fix performance regression on AMD Zen3+ architecture (LP: #2030515):
+       aa4249266e x86: Fix Zen3/Zen4 ERMS selection (BZ 30994)
+       6484a92698 x86: Do not prefer ERMS for memset on Zen3+
+       5d070d12b3 x86: Expand the comment on when REP STOSB is used on memset
+ -> Rather dramatic performance regression, that and the SVE one were my main 
motivation for an SRU.
+ 
+     - 31c7d69af5 i386: Use generic memrchr in libc (bug 31316)
+ -> That one is pretty irrelevant for us.
+ 
+     - b0e0a07018 aarch64/fpu: Sync libmvec routines from 2.39 and before with 
AOR
+ -> "fix for big-endian in AdvSIMD log, some cosmetic changes, and numerous 
small optimisations". Not SRU material, I admit.
+ 
+     - Work around issues with SVE support in kernel (related to LP 1999551)
+       395a89f61e aarch64: fix check for SVE support in assembler
+       9d92452c70 AArch64: Check kernel version for SVE ifuncs
+ -> This SVE kernel regression was actually discovered when testing our SRU in 
bug 1999551 !
+ 
+     - Build fixes for amd64v3:
+       9883f4304c x86-64: Don't use SSE resolvers for ISA level 3 or above
+       7b92f46f04 x86-64: Simplify minimum ISA check ifdef conditional with if
+ -> Nice to have for our amd64v3 experiments.
+     - edb9a76e30 powerpc: Fix ld.so address determination for PCREL mode (bug 
31640)
+ -> Straight fix
+ 
+     - 04df8652eb Apply the Makefile sorting fix
+ -> Purely cosmetic
+ 
+     - amd64v3 fix:
+       423099a032 x86_64: Exclude SSE, AVX and FMA4 variants in libm multiarch
+ -> Again, nice to have.
+ 
+     - 31da30f23c iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing 
escape sequence (CVE-2024-2961)
+       (LP: #2062228)
+ -> The reason for this late upload!!
+ 
+   * Revert the frame pointer changes on ppc64el.
+     It doesn't really make sense on that architecture, and causes a
+     performance regression on some workloads.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2062228

Title:
  [FFe] late glibc upload due to CVE-2024-2961

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/2062228/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to