diff options
| author | Peter Marko <peter.marko@siemens.com> | 2024-04-23 23:54:45 +0200 |
|---|---|---|
| committer | Steve Sakoman <steve@sakoman.com> | 2024-05-23 08:55:01 -0700 |
| commit | 3c1d8fd96e6352e4ea6eccf9a9cd58c4034d2419 (patch) | |
| tree | 2ebd564e8433066b109859ecdd3ab8c4490e5836 | |
| parent | e7d86da7aa555ede91835aa329a0919f89c05cb0 (diff) | |
| download | poky-3c1d8fd96e6352e4ea6eccf9a9cd58c4034d2419.tar.gz | |
glibc: Update to latest on stable 2.39 branch
Adresses CVE-2024-2961
Remove backported patch included in hash update.
Changes:
31da30f23c iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961)
423099a032 x86_64: Exclude SSE, AVX and FMA4 variants in libm multiarch
04df8652eb Apply the Makefile sorting fix
edb9a76e30 powerpc: Fix ld.so address determination for PCREL mode (bug 31640)
7b92f46f04 x86-64: Simplify minimum ISA check ifdef conditional with if
9883f4304c x86-64: Don't use SSE resolvers for ISA level 3 or above
9d92452c70 AArch64: Check kernel version for SVE ifuncs
395a89f61e aarch64: fix check for SVE support in assembler
b0e0a07018 aarch64/fpu: Sync libmvec routines from 2.39 and before with AOR
31c7d69af5 i386: Use generic memrchr in libc (bug 31316)
5d070d12b3 x86: Expand the comment on when REP STOSB is used on memset
6484a92698 x86: Do not prefer ERMS for memset on Zen3+
aa4249266e x86: Fix Zen3/Zen4 ERMS selection (BZ 30994)
5a461f2949 Add tst-gnu2-tls2mod1 to test-internal-extras
aded2fc004 elf: Enable TLS descriptor tests on aarch64
a8ba52bde5 arm: Update _dl_tlsdesc_dynamic to preserve caller-saved registers (BZ 31372)
15aebdbada Ignore undefined symbols for -mtls-dialect=gnu2
354cabcb26 x86-64: Allocate state buffer space for RDI, RSI and RBX
853e915fdd x86-64: Update _dl_tlsdesc_dynamic to preserve AMX registers
a364304718 x86: Update _dl_tlsdesc_dynamic to preserve caller-saved registers
7fc8242bf8 x86-64: Save APX registers in ld.so trampoline
983f34a125 LoongArch: Correct {__ieee754, _}_scalb -> {__ieee754, _}_scalbf
aad45c8ac3 powerpc: Placeholder and infrastructure/build support to add Power11 related changes.
ee7f4c54e1 powerpc: Add HWCAP3/HWCAP4 data to TCB for Power Architecture.
71fcdba577 linux: Use rseq area unconditionally in sched_getcpu (bug 31479)
(From OE-Core rev: 7f3e6019a902eb3dcee3798e9ea0f94865d51c7f)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8b0124782510389bdc376fab645a0920b3fb94c8)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
| -rw-r--r-- | meta/recipes-core/glibc/glibc-version.inc | 2 | ||||
| -rw-r--r-- | meta/recipes-core/glibc/glibc/0023-aarch64-configure-Pass-mcpu-along-with-march-to-dete.patch | 62 | ||||
| -rw-r--r-- | meta/recipes-core/glibc/glibc/0023-qemu-stale-process.patch (renamed from meta/recipes-core/glibc/glibc/0024-qemu-stale-process.patch) | 0 | ||||
| -rw-r--r-- | meta/recipes-core/glibc/glibc_2.39.bb | 7 |
4 files changed, 6 insertions, 65 deletions
diff --git a/meta/recipes-core/glibc/glibc-version.inc b/meta/recipes-core/glibc/glibc-version.inc index 618a574566..4fc6986ffc 100644 --- a/meta/recipes-core/glibc/glibc-version.inc +++ b/meta/recipes-core/glibc/glibc-version.inc | |||
| @@ -1,6 +1,6 @@ | |||
| 1 | SRCBRANCH ?= "release/2.39/master" | 1 | SRCBRANCH ?= "release/2.39/master" |
| 2 | PV = "2.39+git" | 2 | PV = "2.39+git" |
| 3 | SRCREV_glibc ?= "1b9c1a0047fb26a65a9b2a7b8cd977243f7d353c" | 3 | SRCREV_glibc ?= "31da30f23cddd36db29d5b6a1c7619361b271fb4" |
| 4 | SRCREV_localedef ?= "fab74f31b3811df543e24b6de47efdf45b538abc" | 4 | SRCREV_localedef ?= "fab74f31b3811df543e24b6de47efdf45b538abc" |
| 5 | 5 | ||
| 6 | GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git;protocol=https" | 6 | GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git;protocol=https" |
diff --git a/meta/recipes-core/glibc/glibc/0023-aarch64-configure-Pass-mcpu-along-with-march-to-dete.patch b/meta/recipes-core/glibc/glibc/0023-aarch64-configure-Pass-mcpu-along-with-march-to-dete.patch deleted file mode 100644 index f6523c5498..0000000000 --- a/meta/recipes-core/glibc/glibc/0023-aarch64-configure-Pass-mcpu-along-with-march-to-dete.patch +++ /dev/null | |||
| @@ -1,62 +0,0 @@ | |||
| 1 | From 73c26018ed0ecd9c807bb363cc2c2ab4aca66a82 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Szabolcs Nagy <szabolcs.nagy@arm.com> | ||
| 3 | Date: Wed, 13 Mar 2024 14:34:14 +0000 | ||
| 4 | Subject: [PATCH] aarch64: fix check for SVE support in assembler | ||
| 5 | |||
| 6 | Due to GCC bug 110901 -mcpu can override -march setting when compiling | ||
| 7 | asm code and thus a compiler targetting a specific cpu can fail the | ||
| 8 | configure check even when binutils gas supports SVE. | ||
| 9 | |||
| 10 | The workaround is that explicit .arch directive overrides both -mcpu | ||
| 11 | and -march, and since that's what the actual SVE memcpy uses the | ||
| 12 | configure check should use that too even if the GCC issue is fixed | ||
| 13 | independently. | ||
| 14 | |||
| 15 | Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=73c26018ed0ecd9c807bb363cc2c2ab4aca66a82] | ||
| 16 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
| 17 | Reviewed-by: Florian Weimer <fweimer@redhat.com> | ||
| 18 | --- | ||
| 19 | sysdeps/aarch64/configure | 5 +++-- | ||
| 20 | sysdeps/aarch64/configure.ac | 5 +++-- | ||
| 21 | 2 files changed, 6 insertions(+), 4 deletions(-) | ||
| 22 | mode change 100644 => 100755 sysdeps/aarch64/configure | ||
| 23 | |||
| 24 | diff --git a/sysdeps/aarch64/configure b/sysdeps/aarch64/configure | ||
| 25 | old mode 100644 | ||
| 26 | new mode 100755 | ||
| 27 | index ca57edce47..9606137e8d | ||
| 28 | --- a/sysdeps/aarch64/configure | ||
| 29 | +++ b/sysdeps/aarch64/configure | ||
| 30 | @@ -325,9 +325,10 @@ then : | ||
| 31 | printf %s "(cached) " >&6 | ||
| 32 | else $as_nop | ||
| 33 | cat > conftest.s <<\EOF | ||
| 34 | - ptrue p0.b | ||
| 35 | + .arch armv8.2-a+sve | ||
| 36 | + ptrue p0.b | ||
| 37 | EOF | ||
| 38 | -if { ac_try='${CC-cc} -c -march=armv8.2-a+sve conftest.s 1>&5' | ||
| 39 | +if { ac_try='${CC-cc} -c conftest.s 1>&5' | ||
| 40 | { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5 | ||
| 41 | (eval $ac_try) 2>&5 | ||
| 42 | ac_status=$? | ||
| 43 | diff --git a/sysdeps/aarch64/configure.ac b/sysdeps/aarch64/configure.ac | ||
| 44 | index 27874eceb4..56d12d661d 100644 | ||
| 45 | --- a/sysdeps/aarch64/configure.ac | ||
| 46 | +++ b/sysdeps/aarch64/configure.ac | ||
| 47 | @@ -90,9 +90,10 @@ LIBC_CONFIG_VAR([aarch64-variant-pcs], [$libc_cv_aarch64_variant_pcs]) | ||
| 48 | # Check if asm support armv8.2-a+sve | ||
| 49 | AC_CACHE_CHECK([for SVE support in assembler], [libc_cv_aarch64_sve_asm], [dnl | ||
| 50 | cat > conftest.s <<\EOF | ||
| 51 | - ptrue p0.b | ||
| 52 | + .arch armv8.2-a+sve | ||
| 53 | + ptrue p0.b | ||
| 54 | EOF | ||
| 55 | -if AC_TRY_COMMAND(${CC-cc} -c -march=armv8.2-a+sve conftest.s 1>&AS_MESSAGE_LOG_FD); then | ||
| 56 | +if AC_TRY_COMMAND(${CC-cc} -c conftest.s 1>&AS_MESSAGE_LOG_FD); then | ||
| 57 | libc_cv_aarch64_sve_asm=yes | ||
| 58 | else | ||
| 59 | libc_cv_aarch64_sve_asm=no | ||
| 60 | -- | ||
| 61 | 2.44.0 | ||
| 62 | |||
diff --git a/meta/recipes-core/glibc/glibc/0024-qemu-stale-process.patch b/meta/recipes-core/glibc/glibc/0023-qemu-stale-process.patch index c0a467fcec..c0a467fcec 100644 --- a/meta/recipes-core/glibc/glibc/0024-qemu-stale-process.patch +++ b/meta/recipes-core/glibc/glibc/0023-qemu-stale-process.patch | |||
diff --git a/meta/recipes-core/glibc/glibc_2.39.bb b/meta/recipes-core/glibc/glibc_2.39.bb index 9122472689..988e43c014 100644 --- a/meta/recipes-core/glibc/glibc_2.39.bb +++ b/meta/recipes-core/glibc/glibc_2.39.bb | |||
| @@ -16,6 +16,10 @@ CVE_STATUS[CVE-2019-1010025] = "disputed: \ | |||
| 16 | Allows for ASLR bypass so can bypass some hardening, not an exploit in itself, may allow \ | 16 | Allows for ASLR bypass so can bypass some hardening, not an exploit in itself, may allow \ |
| 17 | easier access for another. 'ASLR bypass itself is not a vulnerability.'" | 17 | easier access for another. 'ASLR bypass itself is not a vulnerability.'" |
| 18 | 18 | ||
| 19 | CVE_STATUS_GROUPS += "CVE_STATUS_STABLE_BACKPORTS" | ||
| 20 | CVE_STATUS_STABLE_BACKPORTS = "CVE-2024-2961" | ||
| 21 | CVE_STATUS_STABLE_BACKPORTS[status] = "cpe-stable-backport: fix available in used git hash" | ||
| 22 | |||
| 19 | DEPENDS += "gperf-native bison-native" | 23 | DEPENDS += "gperf-native bison-native" |
| 20 | 24 | ||
| 21 | NATIVESDKFIXES ?= "" | 25 | NATIVESDKFIXES ?= "" |
| @@ -48,8 +52,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \ | |||
| 48 | file://0020-tzselect.ksh-Use-bin-sh-default-shell-interpreter.patch \ | 52 | file://0020-tzselect.ksh-Use-bin-sh-default-shell-interpreter.patch \ |
| 49 | file://0021-fix-create-thread-failed-in-unprivileged-process-BZ-.patch \ | 53 | file://0021-fix-create-thread-failed-in-unprivileged-process-BZ-.patch \ |
| 50 | file://0022-Avoid-hardcoded-build-time-paths-in-the-output-binar.patch \ | 54 | file://0022-Avoid-hardcoded-build-time-paths-in-the-output-binar.patch \ |
| 51 | file://0023-aarch64-configure-Pass-mcpu-along-with-march-to-dete.patch \ | 55 | file://0023-qemu-stale-process.patch \ |
| 52 | file://0024-qemu-stale-process.patch \ | ||
| 53 | " | 56 | " |
| 54 | S = "${WORKDIR}/git" | 57 | S = "${WORKDIR}/git" |
| 55 | B = "${WORKDIR}/build-${TARGET_SYS}" | 58 | B = "${WORKDIR}/build-${TARGET_SYS}" |