** Description changed: - Details to follow. + A new CVE for glibc was just published: CVE-2024-2961 + + We obviously want that fixed in Noble, and the upstream patch has + already been backported to the relevant branch. On that branch are + several patchsets that I was already planning on incorporating as part + of any future glibc SRU to noble, so I'd like to do a "full" upload of + glibc rather than the minimalistic cherry-pick one. + + Here is the annotated changelog of what I'd like to upload: + + glibc (2.39-0ubuntu9) noble; urgency=medium + + [ Matthias Klose ] + * Define _DISTRO_EVADE_TIME_BITS for the build, not setting _TIME_BITS + and _FILE_OFFSET_BITS in the compiler by default. + See https://sourceware.org/bugzilla/show_bug.cgi?id=31624. + -> build fix, mostly useful for c-t-b(-p) + + [ Simon Chopin ] + * debian/patches/git-updates.diff: update from upstream stable branch: + - Fix support for -mtls-dialect=gnu2 on x86 and armhf: + 7fc8242bf8 x86-64: Save APX registers in ld.so trampoline + a364304718 x86: Update _dl_tlsdesc_dynamic to preserve caller-saved registers + 853e915fdd x86-64: Update _dl_tlsdesc_dynamic to preserve AMX registers + 354cabcb26 x86-64: Allocate state buffer space for RDI, RSI and RBX + 15aebdbada Ignore undefined symbols for -mtls-dialect=gnu2 + a8ba52bde5 arm: Update _dl_tlsdesc_dynamic to preserve caller-saved registers (BZ 31372) + aded2fc004 elf: Enable TLS descriptor tests on aarch64 + 5a461f2949 Add tst-gnu2-tls2mod1 to test-internal-extras + -> Only touches codepaths that are touched by code using -mtls-dialect=gnu2, which is not the default. Low priority, but still worthwhile to fix. + + - Fix performance regression on AMD Zen3+ architecture (LP: #2030515): + aa4249266e x86: Fix Zen3/Zen4 ERMS selection (BZ 30994) + 6484a92698 x86: Do not prefer ERMS for memset on Zen3+ + 5d070d12b3 x86: Expand the comment on when REP STOSB is used on memset + -> Rather dramatic performance regression, that and the SVE one were my main motivation for an SRU. + + - 31c7d69af5 i386: Use generic memrchr in libc (bug 31316) + -> That one is pretty irrelevant for us. + + - b0e0a07018 aarch64/fpu: Sync libmvec routines from 2.39 and before with AOR + -> "fix for big-endian in AdvSIMD log, some cosmetic changes, and numerous small optimisations". Not SRU material, I admit. + + - Work around issues with SVE support in kernel (related to LP 1999551) + 395a89f61e aarch64: fix check for SVE support in assembler + 9d92452c70 AArch64: Check kernel version for SVE ifuncs + -> This SVE kernel regression was actually discovered when testing our SRU in bug 1999551 ! + + - Build fixes for amd64v3: + 9883f4304c x86-64: Don't use SSE resolvers for ISA level 3 or above + 7b92f46f04 x86-64: Simplify minimum ISA check ifdef conditional with if + -> Nice to have for our amd64v3 experiments. + - edb9a76e30 powerpc: Fix ld.so address determination for PCREL mode (bug 31640) + -> Straight fix + + - 04df8652eb Apply the Makefile sorting fix + -> Purely cosmetic + + - amd64v3 fix: + 423099a032 x86_64: Exclude SSE, AVX and FMA4 variants in libm multiarch + -> Again, nice to have. + + - 31da30f23c iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961) + (LP: #2062228) + -> The reason for this late upload!! + + * Revert the frame pointer changes on ppc64el. + It doesn't really make sense on that architecture, and causes a + performance regression on some workloads.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2062228 Title: [FFe] late glibc upload due to CVE-2024-2961 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/2062228/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
