-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-d135dd8f39 2024-12-15 02:39:32.876127+00:00 -------------------------------------------------------------------------------- Name : glibc Product : Fedora 40 Version : 2.39 Release : 30.fc40 URL : http://www.gnu.org/software/glibc/ Summary : The GNU libc libraries Description : The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function. -------------------------------------------------------------------------------- Update Information: This update addresses various issues, mostly by incorporating bug fixes from the upstream glibc 2.39 release branch. A security vulnerability in the getrandom and arc4random implementation (CVE-2024-12455) on POWER systems (pcpc64le). On Fedora 40, only the unreleased build glibc-2.39-28.fc40.ppc64le is affected by this issue. The most notable changes are: Performance of the arc4random family function is significantly improved and now comparable to that of alternative userspace implementations from libbsd and oher sources. The glibc-headers-* packages have been eliminated. The multi-arch glibc-devel packages still exist and replace them. The UsrMove/UsrMerge/MoveToUsr transition is applied to the paths in the RPM packages, to fix debuginfo generation. (RHBZ#1063607) Running ldconfig after upgrading from older Fedora releases no longer produces errors. (swbz#32231) Recursive dlopen function now avoids reinitializing already-initialized TLS. (RHBZ#2279885) Support recursive use of dynamic TLS in an interposed malloc. -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 11 2024 Florian Weimer <fweimer@xxxxxxxxxx> - 2.39-30 - CVE-2024-12455: Incorrect getrandom return value on ppc64le * Wed Nov 20 2024 Arjun Shankar <arjun@xxxxxxxxxx> - 2.39-29 - Sync with upstream branch release/2.39/master, commit dcaf51b41e259387602774829c45222d0507f90a: - elf: Change ldconfig auxcache magic number (bug 32231) - Make tst-strtod-underflow type-generic - Add crt1-2.0.o for glibc 2.0 compatibility tests - Add tests of more strtod special cases - Add more tests of strtod end pointer - Make tst-strtod2 and tst-strtod5 type-generic - powerpc64le: Build new strtod tests with long double ABI flags (bug 32145) - Do not set errno for overflowing NaN payload in strtod/nan (bug 32045) - Improve NaN payload testing - Make __strtod_internal tests type-generic - Fix strtod subnormal rounding (bug 30220) - More thoroughly test underflow / errno in tst-strtod-round - Test errno setting on strtod overflow in tst-strtod-round - Add tests of fread - stdio-common: Add new test for fdopen - libio: Attempt wide backup free only for non-legacy code - debug: Fix read error handling in pcprofiledump - elf: Fix tst-dlopen-tlsreinit1.out test dependency - elf: Avoid re-initializing already allocated TLS in dlopen (bug 31717) - elf: Clarify and invert second argument of _dl_allocate_tls_init - elf: Support recursive use of dynamic TLS in interposed malloc - nptl: Use <support/check.h> facilities in tst-setuid3 - posix: Use <support/check.h> facilities in tst-truncate and tst-truncate64 - ungetc: Fix backup buffer leak on program exit [BZ #27821] - ungetc: Fix uninitialized read when putting into unused streams [BZ #27821] - Make tst-ungetc use libsupport - stdio-common: Add test for vfscanf with matches longer than INT_MAX [BZ #27650] - support: Add FAIL test failure helper - string: strerror, strsignal cannot use buffer after dlmopen (bug 32026) - Define __libc_initial for the static libc - x86: Fix bug in strchrnul-evex512 [BZ #32078] - Adjust check-local-headers test for libaudit 4.0 - x32/cet: Support shadow stack during startup for Linux 6.10 - x86-64: Remove sysdeps/x86_64/x32/dl-machine.h - support: Add options list terminator to the test driver - manual/stdio: Further clarify putc, putwc, getc, and getwc - Fix name space violation in fortify wrappers (bug 32052) - resolv: Fix tst-resolv-short-response for older GCC (bug 32042) - Add mremap tests - mremap: Update manual entry - linux: Update the mremap C implementation [BZ #31968] - Enhanced test coverage for strncmp, wcsncmp - Enhance test coverage for strnlen, wcsnlen * Fri Nov 15 2024 Arjun Shankar <arjun@xxxxxxxxxx> - 2.39-28 - Add support for getrandom vDSO (RHEL-12867) * Wed Nov 6 2024 Florian Weimer <fweimer@xxxxxxxxxx> - 2.39-27 - Eliminate glibc-headers and related packages * Tue Nov 5 2024 Florian Weimer <fweimer@xxxxxxxxxx> - 2.39-26 - Complete Features/UsrMove (aka UsrMerge, MoveToUsr) transition (#1063607) * Mon Nov 4 2024 Florian Weimer <fweimer@xxxxxxxxxx> - 2.39-25 - Rework filelist construction * Mon Nov 4 2024 Florian Weimer <fweimer@xxxxxxxxxx> - 2.39-24 - Switch to the upstream way of building xtests * Tue Oct 29 2024 Troy Dawson <tdawson@xxxxxxxxxx> - 2.39-23 - Bump release for October 2024 mass rebuild: Resolves: RHEL-64018 * Thu Sep 19 2024 Florian Weimer <fweimer@xxxxxxxxxx> - 2.39-23 - Ensure that xtests can be built (RHEL-59494) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1063607 - glibc: Complete Features/UsrMove (aka UsrMerge, MoveToUsr) transition https://bugzilla.redhat.com/show_bug.cgi?id=1063607 [ 2 ] Bug #2279885 - TLS for a library gets inappropriately marked unallocated when a library is loaded in two contexts https://bugzilla.redhat.com/show_bug.cgi?id=2279885 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-d135dd8f39' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- package-announce@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-announce-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
