Upstream commit: 97bb89668d7171164975f3dc895e38343a2f3a95
- Force DT_RPATH for --enable-hardcoded-path-in-tests
- elf: Only process multiple tunable once (BZ 31686)
- Add a test to check for duplicate definitions in the static library
- i686: Fix multiple definitions of __memmove_chk and __memset_chk
- i586: Fix multiple definitions of __memcpy_chk and __mempcpy_chk
- time: Allow later version licensing.
- nscd: Use time_t for return type of addgetnetgrentX
- login: structs utmp, utmpx, lastlog _TIME_BITS independence (bug 30701)
- login: Check default sizes of structs utmp, utmpx, lastlog
Related: RHEL-35602
Fedora 40 commit: b3097fa24a
This supports multiple ld.so files in a cleaner way. Also
forward-port multiple libc.so.6 file handling in
wrap-find-debuginfo.sh from downstream. This also incorporates
the “nm --format=posix“ change from #2115831 downstream.
Related: RHEL-35602
Fedora 40 commit: 4ccb7475fc
Upstream commit: fd658f026f25cf59e8db243bc3b3e09cd5a20ba0
nscd is currently not build, so the security fixes below
are not relevant.
- elf: Also compile dl-misc.os with $(rtld-early-cflags)
- CVE-2024-33601, CVE-2024-33602: nscd: netgroup: Use two buffers in addgetnetgrentX (bug 31680)
- CVE-2024-33600: nscd: Avoid null pointer crashes after notfound response (bug 31678)
- CVE-2024-33600: nscd: Do not send missing not-found response in addgetnetgrentX (bug 31678)
- CVE-2024-33599: nscd: Stack-based buffer overflow in netgroup cache (bug 31677)
- x86: Define MINIMUM_X86_ISA_LEVEL in config.h [BZ #31676]
Related: RHEL-31738
- i386: ulp update for SSE2 --disable-multi-arch configurations
- nptl: Fix tst-cancel30 on kernels without ppoll_time64 support
Related: RHEL-35602
Fedora 40 commit: 94914be52f
Upstream commit: 31da30f23cddd36db29d5b6a1c7619361b271fb4
- iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961)
Resolves: RHEL-31801
- x86_64: Exclude SSE, AVX and FMA4 variants in libm multiarch
- Apply the Makefile sorting fix
- powerpc: Fix ld.so address determination for PCREL mode (bug 31640)
- x86-64: Simplify minimum ISA check ifdef conditional with if
- x86-64: Don't use SSE resolvers for ISA level 3 or above
- AArch64: Check kernel version for SVE ifuncs
- aarch64: fix check for SVE support in assembler
- aarch64/fpu: Sync libmvec routines from 2.39 and before with AOR
- i386: Use generic memrchr in libc (bug 31316)
Related: RHEL-35602
Fedora 40 commit: 1bea1361dc
Upstream commit: 6ade91c21140d8c803c289932dbfc74537f65a1f
- elf: Avoid some free (NULL) calls in _dl_update_slotinfo
- misc: Add support for Linux uio.h RWF_NOAPPEND flag
- i386: Disable Intel Xeon Phi tests for GCC 15 and above (BZ 31782)
- Reinstate generic features-time64.h
- Always define __USE_TIME_BITS64 when 64 bit time_t is used
- socket: Use may_alias on sockaddr structs (bug 19622)
- parse_fdinfo: Don't advance pointer twice [BZ #31798]
- LoongArch: Fix undefined `__memset_aligned` reference in ld.so linking.
- socket: Add new test for connect
- libsupport: Add xgetpeername
- x86_64: Fix missing wcsncat function definition without multiarch (x86-64-v4)
libc_malloc_debug.so.0 and libmemusage.so are memory tracing libraries
and therefore should not be installed by default. Since they need to
be preloaded in order to use memory tracing tools in glibc-utils, they
belong alongside them.
On x86_64, glibc-utils will now only contain the 64-bit version of these
libraries but still need the 32-bit version (in order to support tracing
i686 applications). Therefore, on i686 the libraries remain in the main
glibc package.
rawhide commits:
* 2d5af83031edfa8191254814609961e4e57766fc
* e9d072eb64a251e09a121122941605f4a22d170a
Upstream commit: 97bb89668d7171164975f3dc895e38343a2f3a95
- Force DT_RPATH for --enable-hardcoded-path-in-tests
- elf: Only process multiple tunable once (BZ 31686)
- Add a test to check for duplicate definitions in the static library
- i686: Fix multiple definitions of __memmove_chk and __memset_chk
- i586: Fix multiple definitions of __memcpy_chk and __mempcpy_chk
- time: Allow later version licensing.
- nscd: Use time_t for return type of addgetnetgrentX
- login: structs utmp, utmpx, lastlog _TIME_BITS independence (bug 30701)
- login: Check default sizes of structs utmp, utmpx, lastlog
This supports multiple ld.so files in a cleaner way. Also
forward-port multiple libc.so.6 file handling in
wrap-find-debuginfo.sh from downstream. This also incorporates
the “nm --format=posix“ change from #2115831 downstream.
Co-authored-by: Tulio Magno Quites Machado Filho <tuliom@redhat.com>
(cherry picked from commit 7749ea58a9e2198f830d6eb8b162344aaf8acb84)
Upstream commit: fd658f026f25cf59e8db243bc3b3e09cd5a20ba0
nscd is currently not build, so the security fixes below
are not relevant.
- elf: Also compile dl-misc.os with $(rtld-early-cflags)
- CVE-2024-33601, CVE-2024-33602: nscd: netgroup: Use two buffers in addgetnetgrentX (bug 31680)
- CVE-2024-33600: nscd: Avoid null pointer crashes after notfound response (bug 31678)
- CVE-2024-33600: nscd: Do not send missing not-found response in addgetnetgrentX (bug 31678)
- CVE-2024-33599: nscd: Stack-based buffer overflow in netgroup cache (bug 31677)
- x86: Define MINIMUM_X86_ISA_LEVEL in config.h [BZ #31676]
- i386: ulp update for SSE2 --disable-multi-arch configurations
- nptl: Fix tst-cancel30 on kernels without ppoll_time64 support
Upstream commit: 31da30f23cddd36db29d5b6a1c7619361b271fb4
- iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961)
- x86_64: Exclude SSE, AVX and FMA4 variants in libm multiarch
- Apply the Makefile sorting fix
- powerpc: Fix ld.so address determination for PCREL mode (bug 31640)
- x86-64: Simplify minimum ISA check ifdef conditional with if
- x86-64: Don't use SSE resolvers for ISA level 3 or above
- AArch64: Check kernel version for SVE ifuncs
- aarch64: fix check for SVE support in assembler
- aarch64/fpu: Sync libmvec routines from 2.39 and before with AOR
- i386: Use generic memrchr in libc (bug 31316)
Upstream commit: 5d070d12b3a52bc44dd1b71743abc4b6243862ae
Related: RHEL-25850
- x86: Expand the comment on when REP STOSB is used on memset
- x86: Do not prefer ERMS for memset on Zen3+
- x86: Fix Zen3/Zen4 ERMS selection (BZ 30994)
Resolves: RHEL-25530
- Add tst-gnu2-tls2mod1 to test-internal-extras
- elf: Enable TLS descriptor tests on aarch64
- arm: Update _dl_tlsdesc_dynamic to preserve caller-saved registers (BZ 31372)
- Ignore undefined symbols for -mtls-dialect=gnu2
- x86-64: Allocate state buffer space for RDI, RSI and RBX
- x86-64: Update _dl_tlsdesc_dynamic to preserve AMX registers
- x86: Update _dl_tlsdesc_dynamic to preserve caller-saved registers
Resolves: RHEL-29179
- x86-64: Save APX registers in ld.so trampoline
Resolves: RHEL-25045
- LoongArch: Correct {__ieee754, _}_scalb -> {__ieee754, _}_scalbf
- powerpc: Placeholder and infrastructure/build support to add Power11 related changes.
- powerpc: Add HWCAP3/HWCAP4 data to TCB for Power Architecture.
Resolves: RHEL-24761
Fedora 40 commit: 24af28d49b
GCC for x86_64 includes 32-bit multilib support, requiring a 32-bit
glibc to be present when GCC is built. That 32-bit glibc cannot come
from an i686 RPM because of limitations in Koji, so there is a hack
including a glibc32 "source" package that actually contains binaries
from an i686 build (and thus needs additional manual update steps).
Set up glibc.spec to build a glibc32 binary package directly when
building for x86_64, so avoiding the need for the separate glibc32
source package. Do not generate ELF dependencies for glibc32 to avoid
accidentally having it chosen over glibc.686.
The list of files in the glibc32 package has been compared to that in
the previous package (the gnu/lib-names-32.h header is added, as its
previous omission appears to be a bug). And the lists of files in the
other packages built from glibc.spec have also been compared before
and after this change, to make sure there aren't inappropriate changes
to those lists.
Resolves: RHEL-29228
Related: RHEL-25850
Fedora 40 commits: fc720e61941470fe1da7
This commit (a) expands on and corrects some errors in the long
comment describing various licenses used in glibc preceding the
License field; and (b) migrates the License field to SPDX identifiers
based on an analysis of glibc-2.39 sources done using the ScanCode
toolkit.
Resolves: RHEL-25850
Fedora 40 commit: aa075b2434
Upstream commit: 5d070d12b3a52bc44dd1b71743abc4b6243862ae
- x86: Expand the comment on when REP STOSB is used on memset
- x86: Do not prefer ERMS for memset on Zen3+
- x86: Fix Zen3/Zen4 ERMS selection (BZ 30994)
- Add tst-gnu2-tls2mod1 to test-internal-extras
- elf: Enable TLS descriptor tests on aarch64
- arm: Update _dl_tlsdesc_dynamic to preserve caller-saved registers (BZ 31372)
- Ignore undefined symbols for -mtls-dialect=gnu2
- x86-64: Allocate state buffer space for RDI, RSI and RBX
- x86-64: Update _dl_tlsdesc_dynamic to preserve AMX registers
- x86: Update _dl_tlsdesc_dynamic to preserve caller-saved registers
- x86-64: Save APX registers in ld.so trampoline
- LoongArch: Correct {__ieee754, _}_scalb -> {__ieee754, _}_scalbf
- powerpc: Placeholder and infrastructure/build support to add Power11 related changes.
- powerpc: Add HWCAP3/HWCAP4 data to TCB for Power Architecture.
GCC for x86_64 includes 32-bit multilib support, requiring a 32-bit
glibc to be present when GCC is built. That 32-bit glibc cannot come
from an i686 RPM because of limitations in Koji, so there is a hack
including a glibc32 "source" package that actually contains binaries
from an i686 build (and thus needs additional manual update steps).
Set up glibc.spec to build a glibc32 binary package directly when
building for x86_64, so avoiding the need for the separate glibc32
source package. This improvement is tracked in
<https://fedoraproject.org/wiki/Changes/glibc32_Build_Adjustments> and
<https://bugzilla.redhat.com/show_bug.cgi?id=1598524>.
The list of files in the glibc32 package has been compared to that in
the previous package (the gnu/lib-names-32.h header is added, as its
previous omission appears to be a bug). And the lists of files in the
other packages built from glibc.spec have also been compared before
and after this change, to make sure there aren't inappropriate changes
to those lists.
(cherry picked from commit e025effd84d415d98dcebbc97cdf03e6e44465b8)
Exclude the /sys-root/ tree in various places and prevent
debuginfo extract and dependency generation.
Forward-port of the feature from Fedora 35, with subsequent fixes:
Add kernel header files, and do not use = in linker scripts.
Upstream commit: ae49a7b29acc184b03c2a6bd6ac01b5e08efd54f
- Relicense IBM portions of resolv/base64.c resolv/res_debug.c.
- localedata: Use consistent values for grouping and mon_grouping
- manual: fix order of arguments of memalign and aligned_alloc (Bug 27547)
