[Bug 2062228] Re: [FFe] late glibc upload due to CVE-2024-2961

Simon Chopin 2062228 at bugs.launchpad.net
Thu Apr 18 13:13:25 UTC 2024 

** Description changed:

- Details to follow.
+ A new CVE for glibc was just published: CVE-2024-2961
+ 
+ We obviously want that fixed in Noble, and the upstream patch has
+ already been backported to the relevant branch. On that branch are
+ several patchsets that I was already planning on incorporating as part
+ of any future glibc SRU to noble, so I'd like to do a "full" upload of
+ glibc rather than the minimalistic cherry-pick one.
+ 
+ Here is the annotated changelog of what I'd like to upload:
+ 
+ glibc (2.39-0ubuntu9) noble; urgency=medium
+ 
+   [ Matthias Klose ]
+   * Define _DISTRO_EVADE_TIME_BITS for the build, not setting _TIME_BITS
+     and _FILE_OFFSET_BITS in the compiler by default.
+     See https://sourceware.org/bugzilla/show_bug.cgi?id=31624.
+ -> build fix, mostly useful for c-t-b(-p)
+ 
+   [ Simon Chopin ]
+   * debian/patches/git-updates.diff: update from upstream stable branch:
+     - Fix support for -mtls-dialect=gnu2 on x86 and armhf:
+       7fc8242bf8 x86-64: Save APX registers in ld.so trampoline
+       a364304718 x86: Update _dl_tlsdesc_dynamic to preserve caller-saved registers
+       853e915fdd x86-64: Update _dl_tlsdesc_dynamic to preserve AMX registers
+       354cabcb26 x86-64: Allocate state buffer space for RDI, RSI and RBX
+       15aebdbada Ignore undefined symbols for -mtls-dialect=gnu2
+       a8ba52bde5 arm: Update _dl_tlsdesc_dynamic to preserve caller-saved registers (BZ 31372)
+       aded2fc004 elf: Enable TLS descriptor tests on aarch64
+       5a461f2949 Add tst-gnu2-tls2mod1 to test-internal-extras
+ -> Only touches codepaths that are touched by code using -mtls-dialect=gnu2, which is not the default. Low priority, but still worthwhile to fix.
+ 
+     - Fix performance regression on AMD Zen3+ architecture (LP: #2030515):
+       aa4249266e x86: Fix Zen3/Zen4 ERMS selection (BZ 30994)
+       6484a92698 x86: Do not prefer ERMS for memset on Zen3+
+       5d070d12b3 x86: Expand the comment on when REP STOSB is used on memset
+ -> Rather dramatic performance regression, that and the SVE one were my main motivation for an SRU.
+ 
+     - 31c7d69af5 i386: Use generic memrchr in libc (bug 31316)
+ -> That one is pretty irrelevant for us.
+ 
+     - b0e0a07018 aarch64/fpu: Sync libmvec routines from 2.39 and before with AOR
+ -> "fix for big-endian in AdvSIMD log, some cosmetic changes, and numerous small optimisations". Not SRU material, I admit.
+ 
+     - Work around issues with SVE support in kernel (related to LP 1999551)
+       395a89f61e aarch64: fix check for SVE support in assembler
+       9d92452c70 AArch64: Check kernel version for SVE ifuncs
+ -> This SVE kernel regression was actually discovered when testing our SRU in bug 1999551 !
+ 
+     - Build fixes for amd64v3:
+       9883f4304c x86-64: Don't use SSE resolvers for ISA level 3 or above
+       7b92f46f04 x86-64: Simplify minimum ISA check ifdef conditional with if
+ -> Nice to have for our amd64v3 experiments.
+     - edb9a76e30 powerpc: Fix ld.so address determination for PCREL mode (bug 31640)
+ -> Straight fix
+ 
+     - 04df8652eb Apply the Makefile sorting fix
+ -> Purely cosmetic
+ 
+     - amd64v3 fix:
+       423099a032 x86_64: Exclude SSE, AVX and FMA4 variants in libm multiarch
+ -> Again, nice to have.
+ 
+     - 31da30f23c iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961)
+       (LP: #2062228)
+ -> The reason for this late upload!!
+ 
+   * Revert the frame pointer changes on ppc64el.
+     It doesn't really make sense on that architecture, and causes a
+     performance regression on some workloads.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to glibc in Ubuntu.
https://bugs.launchpad.net/bugs/2062228

Title:
  [FFe] late glibc upload due to CVE-2024-2961

Status in glibc package in Ubuntu:
  New

Bug description:
  A new CVE for glibc was just published: CVE-2024-2961

  We obviously want that fixed in Noble, and the upstream patch has
  already been backported to the relevant branch. On that branch are
  several patchsets that I was already planning on incorporating as part
  of any future glibc SRU to noble, so I'd like to do a "full" upload of
  glibc rather than the minimalistic cherry-pick one.

  Here is the annotated changelog of what I'd like to upload:

  glibc (2.39-0ubuntu9) noble; urgency=medium

    [ Matthias Klose ]
    * Define _DISTRO_EVADE_TIME_BITS for the build, not setting _TIME_BITS
      and _FILE_OFFSET_BITS in the compiler by default.
      See https://sourceware.org/bugzilla/show_bug.cgi?id=31624.
  -> build fix, mostly useful for c-t-b(-p)

    [ Simon Chopin ]
    * debian/patches/git-updates.diff: update from upstream stable branch:
      - Fix support for -mtls-dialect=gnu2 on x86 and armhf:
        7fc8242bf8 x86-64: Save APX registers in ld.so trampoline
        a364304718 x86: Update _dl_tlsdesc_dynamic to preserve caller-saved registers
        853e915fdd x86-64: Update _dl_tlsdesc_dynamic to preserve AMX registers
        354cabcb26 x86-64: Allocate state buffer space for RDI, RSI and RBX
        15aebdbada Ignore undefined symbols for -mtls-dialect=gnu2
        a8ba52bde5 arm: Update _dl_tlsdesc_dynamic to preserve caller-saved registers (BZ 31372)
        aded2fc004 elf: Enable TLS descriptor tests on aarch64
        5a461f2949 Add tst-gnu2-tls2mod1 to test-internal-extras
  -> Only touches codepaths that are touched by code using -mtls-dialect=gnu2, which is not the default. Low priority, but still worthwhile to fix.

      - Fix performance regression on AMD Zen3+ architecture (LP: #2030515):
        aa4249266e x86: Fix Zen3/Zen4 ERMS selection (BZ 30994)
        6484a92698 x86: Do not prefer ERMS for memset on Zen3+
        5d070d12b3 x86: Expand the comment on when REP STOSB is used on memset
  -> Rather dramatic performance regression, that and the SVE one were my main motivation for an SRU.

      - 31c7d69af5 i386: Use generic memrchr in libc (bug 31316)
  -> That one is pretty irrelevant for us.

      - b0e0a07018 aarch64/fpu: Sync libmvec routines from 2.39 and before with AOR
  -> "fix for big-endian in AdvSIMD log, some cosmetic changes, and numerous small optimisations". Not SRU material, I admit.

      - Work around issues with SVE support in kernel (related to LP 1999551)
        395a89f61e aarch64: fix check for SVE support in assembler
        9d92452c70 AArch64: Check kernel version for SVE ifuncs
  -> This SVE kernel regression was actually discovered when testing our SRU in bug 1999551 !

      - Build fixes for amd64v3:
        9883f4304c x86-64: Don't use SSE resolvers for ISA level 3 or above
        7b92f46f04 x86-64: Simplify minimum ISA check ifdef conditional with if
  -> Nice to have for our amd64v3 experiments.
      - edb9a76e30 powerpc: Fix ld.so address determination for PCREL mode (bug 31640)
  -> Straight fix

      - 04df8652eb Apply the Makefile sorting fix
  -> Purely cosmetic

      - amd64v3 fix:
        423099a032 x86_64: Exclude SSE, AVX and FMA4 variants in libm multiarch
  -> Again, nice to have.

      - 31da30f23c iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961)
        (LP: #2062228)
  -> The reason for this late upload!!

    * Revert the frame pointer changes on ppc64el.
      It doesn't really make sense on that architecture, and causes a
      performance regression on some workloads.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/2062228/+subscriptions

More information about the foundations-bugs mailing list