glibc security update

[2.28-251.0.2.2]

• Forward port of Oracle patches over 2.28-251.2
  Reviewed-by: Jose E. Marchesi
  Oracle history:
  May-23-2024 Cupertino Miranda - 2.28-251.0.2.1
  • Forward port of Oracle patches over 2.28-251.1
    Reviewed-by: Jose E. Marchesi
    May-22-2024 Cupertino Miranda - 2.28-251.0.2
  • Forward port of Oracle patches for ol8-u10
    Reviewed-by: Jose E. Marchesi
    March-28-2024 Cupertino Miranda - 2.28-251.0.1
  • Forward port of Oracle patches for ol8-u10-beta
    Reviewed-by: Jose E. Marchesi
    March-5-2024 Cupertino Miranda - 2.28-236.0.1.12
  • Forward port of Oracle patches.
    Reviewed-by: Jose E. Marchesi
    November-14-2023 Cupertino Miranda - 2.28-236.0.1.7
  • Forward port of Oracle patches.
    Reviewed-by: Jose E. Marchesi
    October-4-2023 Cupertino Miranda - 2.28-236.0.1.6
  • Forward port of Oracle patches.
    Reviewed-by: Jose E. Marchesi
    April-21-2023 Cupertino Miranda - 2.28-225.0.3
  • OraBug 35317410 Glibc tunable to disable huge pages on pthread_create stacks
  • Created tunable glibc.pthread.stack_hugetlb to control when hugepages
    can be used for stack allocation.
  • In case THP are enabled and glibc.pthread.stack_hugetlb is set to
    0, glibc will madvise the kernel not to use allow hugepages for stack
    allocations.
    Reviewed-by: Jose E. Marchesi
    April-11-2023 Cupertino Miranda - 2.28-225.0.2
  • OraBug: 35268809 Fixed initialization of VDSO for tcache_key_initialize
    Reviewed-by: Jose E. Marchesi
    March-28-2023 Cupertino Miranda - 2.28-225.0.1
  • Merge of Oracle patches for ol8u8 beta
    Reviewed-by: Jose E. Marchesi
    September-28-2022 Patrick McGehearty - 2.28-211.0.1
  • Merge of Oracle patches for ol8u7 beta
    Reviewed-by: Jose E. Marchesi
    August-8-2022 Patrick McGehearty - 2.28-189.5.0.2
  • Enable VDSO on x86_64, aarch64, i386, arm, and mips statically linked programs.
  • These changes enable reading the realtime clock without a kernel syscall.
    OraBug: 30478315
    Reviewed-by: Jose E. Marchesi
    May-2-2022 Patrick McGehearty - 2.28-199.0.1
  • Merge of patches from c8s 199 with ol8u6 beta
    Reviewed-by: Jose E. Marchesi
  • Update siginfo constants from linux kernel (OraBug: 33734528)
  • Remove limit on MALLOC_MMAP_THRESHOLD tunable (Orabug: 29630826)
  • Provide glibc.pthread.mutex_spin_count tunable for pthread adaptive
  • spin mutex (Orabug: 27982358)
    Reviewed-by: Qing Zhao
  • add Ampere emag to tunable cpu list (Patrick McGehearty)
  • add optimized memset for emag
  • add an ASIMD variant of strlen for falkor
    Orabug: 2700101.
  • Modify glibc-ora28849085.patch so it works with RHCK kernels. (Orabug: 28849085)
  • Make _IO_funlockfile match __funlockfile and _IO_flockfile match __flockfile
    Both should test
    if (stream->_flags & _IO_USER_LOCK) == 0)
    _IO_lock_lock (*stream->_lock);
    OraBug: 28481550.
    Reviewed-by: Qing Zhao
    [2.28-251.2]
• CVE-2024-33599: nscd: buffer overflow in netgroup cache (RHEL-34264)
• CVE-2024-33600: nscd: null pointer dereferences in netgroup cache (RHEL-34267)
• CVE-2024-33601: nscd: crash on out-of-memory condition (RHEL-34271)
• CVE-2024-33602: nscd: memory corruption with NSS netgroup modules (RHEL-34273)
  [2.28-251.1]
• CVE-2024-2961: Out of bounds write in iconv conversion to ISO-2022-CN-EXT (RHEL-31804)
  [2.28-251]
• Cache information in x86_64 ld.so --list-diagnostics output (RHEL-21997)
  [2.28-250]
• getaddrinfo: Return correct error EAI_MEMORY when out-of-memory (RHEL-19445)
  [2.28-249]
• Updates for AMD cache size computation (RHEL-3010)
  [2.28-248]
• Re-enable output buffering for wide stdio streams (RHEL-19824)
  [2.28-247]
• Fix TLS corruption during dlopen()/dlclose() sequences (RHEL-17468)
  [2.28-246]
• Include CentOS Hyperscaler SIG patches backported by Intel (RHEL-15696)
  [2.28-245]
• Improve compatibility between underlinking and IFUNC resolvers (RHEL-16825)
  [2.28-244]
• Restore
  compatibility with C90 compilers (RHEL-15867)
  [2.28-243]
• ldconfig should skip temporary files created by RPM (RHEL-13720)
  [2.28-242]
• Fix force-first handling in dlclose (RHEL-10481)
  [2.28-241]
• Avoid lazy binding failures during dlclose (RHEL-3639)
  [2.28-240]
• Add /usr/share/doc/glibc/gai.conf to glibc-doc (RHEL-12894)
  [2.28-239]
• nscd: Skip unusable entries in first pass in prune_cache (RHEL-1192)
  [2.28-238]
• Fix slow tls access after dlopen (RHEL-2122)
  [2.28-237]
• Enable running a single test from the testsuite (RHEL-3757)