[COMMITTED 2.39 1/2] NEWS: update list of fixed bugs in 2.39

[COMMITTED 2.39 1/2] NEWS: update list of fixed bugs in 2.39

[Andreas K. Hüttel]

Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>
---
 NEWS | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 50 insertions(+)

diff --git a/NEWS b/NEWS
index 1b89f9c010..eba57af12f 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,56 @@ See the end for copying conditions.
 Please send GNU C library bug reports via <https://sourceware.org/bugzilla/>
 using `glibc' in the "product" field.
 \f
+Version 2.39.1
+
+Security related changes:
+
+The following bugs are resolved with this release:
+
+  [19622] network: Support aliasing with struct sockaddr
+  [30701] time: getutxent misbehaves on 32-bit x86 when _TIME_BITS=64
+  [30994] REP MOVSB performance suffers from page aliasing on Zen 4
+  [31339] libc: arm32 loader crash after cleanup in 2.36
+  [31325] mips: clone3 is wrong for o32
+  [31335] math: Compile glibc with -march=x86-64-v3 should disable FMA4
+    multi-arch version
+  [31402] libc: clone (NULL, NULL, ...) clobbers %r7 register on
+    s390{,x}
+  [31479] libc: Missing #include <sys/rseq.h> in sched_getcpu.c may
+    result in a loss of rseq acceleration
+  [31316] build: Fails test misc/tst-dirname "Didn't expect signal from
+    child: got `Illegal instruction'" on non SSE CPUs
+  [31371] x86-64: APX and Tile registers aren't preserved in ld.so 
+    trampoline
+  [31372] dynamic-link: _dl_tlsdesc_dynamic doesn't preserve all caller-
+    saved registers
+  [31429] build: Glibc failed to build with -march=x86-64-v3
+  [31501] dynamic-link: _dl_tlsdesc_dynamic_xsavec may clobber %rbx
+  [31640] dynamic-link: POWER10 ld.so crashes in
+    elf_machine_load_address with GCC 14
+  [31676] Configuring with CC="gcc -march=x86-64-v3"
+    --with-rtld-early-cflags=-march=x86-64 results in linker failure
+  [31677] nscd: nscd: netgroup cache: invalid memcpy under low
+    memory/storage conditions
+  [31678] nscd: nscd: Null pointer dereferences after failed netgroup
+    cache insertion
+  [31679] nscd: nscd: netgroup cache may terminate daemon on memory
+    allocation failure
+  [31680] nscd: nscd: netgroup cache assumes NSS callback uses in-buffer
+    strings
+  [31686] dynamic-link: Stack-based buffer overflow in
+    parse_tunables_string
+  [31719] dynamic-link: --enable-hardcoded-path-in-tests doesn't work
+    with -Wl,--enable-new-dtags
+  [31782] Test build failure with recent GCC trunk
+    (x86/tst-cpu-features-supports.c:69:3: error: parameter to builtin
+    not valid: avx5124fmaps)
+  [31798] pidfd_getpid.c is miscompiled by GCC 6.4
+  [31867] build: "CPU ISA level is lower than required" on SSE2-free
+    CPUs
+  [31883] build: ISA level support configure check relies on bashism /
+    is otherwise broken for arithmetic
+\f
 Version 2.39
 
 Major new features:
-- 
2.44.2

[COMMITTED 2.39 2/2] NEWS: update list of fixed CVEs in 2.39

[Andreas K. Hüttel]

Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>
---
 NEWS | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/NEWS b/NEWS
index eba57af12f..06faac3b1f 100644
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,26 @@ Version 2.39.1
 
 Security related changes:
 
+The following CVEs were fixed in this release:
+
+  GLIBC-SA-2024-0004:
+    ISO-2022-CN-EXT: fix out-of-bound writes when writing escape
+    sequence (CVE-2024-2961)
+
+  GLIBC-SA-2024-0005:
+    nscd: Stack-based buffer overflow in netgroup cache (CVE-2024-33599)
+
+  GLIBC-SA-2024-0006:
+    nscd: Null pointer crash after notfound response (CVE-2024-33600)
+
+  GLIBC-SA-2024-0007:
+    nscd: netgroup cache may terminate daemon on memory allocation
+    failure (CVE-2024-33601)
+
+  GLIBC-SA-2024-0008:
+    nscd: netgroup cache assumes NSS callback uses in-buffer strings
+    (CVE-2024-33602)
+
 The following bugs are resolved with this release:
 
   [19622] network: Support aliasing with struct sockaddr
-- 
2.44.2