Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: gl...@packages.debian.org, debian-b...@lists.debian.org
Control: affects -1 + src:glibc
[ Reason ]
The upstream stable branch got a few fixes in the last months, and this
update pulls them into the debian package.
[ Impact ]
In case the update isn't approved, systems will be left with a few
issues, and the differences with upstream will increase, which might
make next fixes more difficult to review.
[ Tests ]
The upstream fixes come with additional tests, which represent a
significant part of the diff.
[ Risks ]
The changes to do not affect critical part of the library, and come with
additional tests. The upstream changes have been in testing/sid for
about 3 weeks.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
Please find below the changelog with additional explanations:
* debian/patches/git-updates.diff: update from upstream stable branch:
- any/local-CVE-2023-4911.patch: upstreamed.
- any/local-CVE-2023-6246.patch: upstreamed.
- any/local-CVE-2023-6779.patch: upstreamed.
- any/local-CVE-2023-6780.patch: upstreamed.
=> Those patches went upstream, with some additional tests.
- Revert fix to always call destructors in reverse constructor order due
to unforeseen application compatibility issues.
=> This fix introduced some regression, even if none have been reported to
Debian, so they have been reverted to come back to the previous situation.
- Fix a DTV corruption due to a reuse of a TLS module ID following dlclose
with unused TLS.
=> This issue affect the Mesa crocus driver that is shipped in bookworm, even
if we haven't got any report on the Debian side. The fix is a very simple
one liner. More details can be found on the upstream BTS:
https://sourceware.org/bugzilla/show_bug.cgi?id=29039
- Fix the DTV field load on x32.
=> The testcase added for the above issue, uncovered an issue on x32. For
stable architectures, this only affects the libc6-x32 package. More details
can be found on the upstream BTS:
https://sourceware.org/bugzilla/show_bug.cgi?id=31184
- Fix the TCB field load on x32.
=> Debugging the above x32 issue, uncovered a similar bug. For
stable architectures, this only affects the libc6-x32 package. More details
can be found on the upstream BTS:
https://sourceware.org/bugzilla/show_bug.cgi?id=31185
[ Other info ]
debian-boot is in Cc: as glibc has one udeb.
diff --git a/debian/changelog b/debian/changelog
index 8e1ee881..b708d99d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,19 @@
+glibc (2.36-9+deb12u5) bookworm; urgency=medium
+
+ * debian/patches/git-updates.diff: update from upstream stable branch:
+- any/local-CVE-2023-4911.patch: upstreamed.
+- any/local-CVE-2023-6246.patch: upstreamed.
+- any/local-CVE-2023-6779.patch: upstreamed.
+- any/local-CVE-2023-6780.patch: upstreamed.
+- Revert fix to always call destructors in reverse constructor order due
+ to unforeseen application compatibility issues.
+- Fix a DTV corruption due to a reuse of a TLS module ID following dlclose
+ with unused TLS.
+- Fix the DTV field load on x32.
+- Fix the TCB field load on x32.
+
+ -- Aurelien Jarno Sat, 24 Feb 2024 16:49:22 +0100
+
glibc (2.36-9+deb12u4) bookworm-security; urgency=medium
* debian/patches/any/local-CVE-2023-6246.patch: Fix a heap buffer overflow
diff --git a/debian/patches/any/local-CVE-2023-4911.patch
b/debian/patches/any/local-CVE-2023-4911.patch
deleted file mode 100644
index 4c4c2094..
--- a/debian/patches/any/local-CVE-2023-4911.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-From d2b77337f734fcacdfc8e0ddec14cf31a746c7be Mon Sep 17 00:00:00 2001
-From: Siddhesh Poyarekar
-Date: Mon, 11 Sep 2023 18:53:15 -0400
-Subject: [PATCH v2] tunables: Terminate immediately if end of input is reached
-
-The string parsing routine may end up writing beyond bounds of tunestr
-if the input tunable string is malformed, of the form name=name=val.
-This gets processed twice, first as name=name=val and next as name=val,
-resulting in tunestr being name=name=val:name=val, thus overflowing
-tunestr.
-
-Terminate the parsing loop at the first instance itself so that tunestr
-does not overflow.
-Changes from v1:
-
-- Also null-terminate tunestr before exiting.
-
- elf/dl-tunables.c | 17 ++---
- 1 file changed, 10 insertions(+), 7 deletions(-)
-
-diff --git a/elf/dl-tunables.c b/elf/dl-tunables.c
-index 8e7ee9df10..76cf8b9da3 100644
a/elf/dl-tunables.c
-+++ b/elf/dl-tunables.c
-@@ -187,11 +187,7 @@ parse_tunables (char *tunestr, char *valstring)
- /* If we reach the end of the string before getting a valid name-value
-pair,
