!1001 fix CVE-2025-0395

From: @nicholastao 
Reviewed-by: @liqingqing_1229 
Signed-off-by: @liqingqing_1229

AArch64-Optimize-memcmp.patch

@@ -0,0 +1,308 @@
+From 82dee12d3b6b11714a14ffb46886f693bc745ec6 Mon Sep 17 00:00:00 2001
+From: Wilco Dijkstra <wdijkstr@arm.com>
+Date: Thu, 2 Dec 2021 18:30:55 +0000
+Subject: [PATCH] AArch64: Optimize memcmp
+
+Rewrite memcmp to improve performance. On small and medium inputs performance
+is 10-20% better. Large inputs use a SIMD loop processing 64 bytes per
+iteration, which is 30-50% faster depending on the size.
+
+Reviewed-by: Szabolcs Nagy <szabolcs.nagy@arm.com>
+(cherry picked from commit b51eb35c572b015641f03e3682c303f7631279b7)
+---
+ sysdeps/aarch64/memcmp.S | 241 ++++++++++++++++++++++-----------------
+ 1 file changed, 134 insertions(+), 107 deletions(-)
+
+diff --git a/sysdeps/aarch64/memcmp.S b/sysdeps/aarch64/memcmp.S
+index c1937f6f5c..c7d56a8af0 100644
+--- a/sysdeps/aarch64/memcmp.S
++++ b/sysdeps/aarch64/memcmp.S
+@@ -22,105 +22,79 @@
+ 
+ /* Assumptions:
+  *
+- * ARMv8-a, AArch64, unaligned accesses.
++ * ARMv8-a, AArch64, Advanced SIMD, unaligned accesses.
+  */
+ 
+-/* Parameters and result.  */
+-#define src1		x0
+-#define src2		x1
+-#define limit		x2
+-#define result		w0
+-
+-/* Internal variables.  */
+-#define data1		x3
+-#define data1w		w3
+-#define data1h		x4
+-#define data2		x5
+-#define data2w		w5
+-#define data2h		x6
+-#define tmp1		x7
+-#define tmp2		x8
+-
+-ENTRY_ALIGN (memcmp, 6)
++#define src1	x0
++#define src2	x1
++#define limit	x2
++#define result	w0
++
++#define data1	x3
++#define data1w	w3
++#define data2	x4
++#define data2w	w4
++#define data3	x5
++#define data3w	w5
++#define data4	x6
++#define data4w	w6
++#define tmp	x6
++#define src1end	x7
++#define src2end	x8
++
++
++ENTRY (memcmp)
+ 	PTR_ARG (0)
+ 	PTR_ARG (1)
+ 	SIZE_ARG (2)
+ 
+-	subs	limit, limit, 16
++	cmp	limit, 16
+ 	b.lo	L(less16)
+-
+-	ldp	data1, data1h, [src1], 16
+-	ldp	data2, data2h, [src2], 16
++	ldp	data1, data3, [src1]
++	ldp	data2, data4, [src2]
+ 	ccmp	data1, data2, 0, ne
+-	ccmp	data1h, data2h, 0, eq
+-	b.ne	L(return64)
++	ccmp	data3, data4, 0, eq
++	b.ne	L(return2)
+ 
+-	subs	limit, limit, 16
++	add	src1end, src1, limit
++	add	src2end, src2, limit
++	cmp	limit, 32
+ 	b.ls	L(last_bytes)
+-	cmp	limit, 112
+-	b.lo	L(loop16)
+-
+-	and	tmp1, src1, 15
+-	add	limit, limit, tmp1
+-	sub	src1, src1, tmp1
+-	sub	src2, src2, tmp1
+-	subs	limit, limit, 48
++	cmp	limit, 160
++	b.hs	L(loop_align)
++	sub	limit, limit, 32
+ 
+-	/* Compare 128 up bytes using aligned access. */
+ 	.p2align 4
+-L(loop64):
+-	ldp	data1, data1h, [src1]
+-	ldp	data2, data2h, [src2]
+-	cmp	data1, data2
+-	ccmp	data1h, data2h, 0, eq
+-	b.ne	L(return64)
+-
+-	ldp	data1, data1h, [src1, 16]
+-	ldp	data2, data2h, [src2, 16]
+-	cmp	data1, data2
+-	ccmp	data1h, data2h, 0, eq
+-	b.ne	L(return64)
+-
+-	ldp	data1, data1h, [src1, 32]
+-	ldp	data2, data2h, [src2, 32]
+-	cmp	data1, data2
+-	ccmp	data1h, data2h, 0, eq
+-	b.ne	L(return64)
+-
+-	ldp	data1, data1h, [src1, 48]
+-	ldp	data2, data2h, [src2, 48]
++L(loop32):
++	ldp	data1, data3, [src1, 16]
++	ldp	data2, data4, [src2, 16]
+ 	cmp	data1, data2
+-	ccmp	data1h, data2h, 0, eq
+-	b.ne	L(return64)
++	ccmp	data3, data4, 0, eq
++	b.ne	L(return2)
++	cmp	limit, 16
++	b.ls	L(last_bytes)
+ 
+-	subs	limit, limit, 64
+-	add	src1, src1, 64
+-	add	src2, src2, 64
+-	b.pl	L(loop64)
+-	adds	limit, limit, 48
+-	b.lo	L(last_bytes)
+-
+-L(loop16):
+-	ldp	data1, data1h, [src1], 16
+-	ldp	data2, data2h, [src2], 16
++	ldp	data1, data3, [src1, 32]
++	ldp	data2, data4, [src2, 32]
+ 	cmp	data1, data2
+-	ccmp	data1h, data2h, 0, eq
+-	b.ne	L(return64)
++	ccmp	data3, data4, 0, eq
++	b.ne	L(return2)
++	add	src1, src1, 32
++	add	src2, src2, 32
++L(last64):
++	subs	limit, limit, 32
++	b.hi	L(loop32)
+ 
+-	subs	limit, limit, 16
+-	b.hi	L(loop16)
+ 	/* Compare last 1-16 bytes using unaligned access.  */
+ L(last_bytes):
+-	add	src1, src1, limit
+-	add	src2, src2, limit
+-	ldp	data1, data1h, [src1]
+-	ldp	data2, data2h, [src2]
++	ldp	data1, data3, [src1end, -16]
++	ldp	data2, data4, [src2end, -16]
++L(return2):
++	cmp	data1, data2
++	csel	data1, data1, data3, ne
++	csel	data2, data2, data4, ne
+ 
+ 	/* Compare data bytes and set return value to 0, -1 or 1.  */
+-L(return64):
+-	cmp	data1, data2
+-	csel	data1, data1, data1h, ne
+-	csel	data2, data2, data2h, ne
+ L(return):
+ #ifndef __AARCH64EB__
+ 	rev	data1, data1
+@@ -133,45 +107,98 @@ L(return):
+ 
+ 	.p2align 4
+ L(less16):
+-	adds	limit, limit, 8
+-	b.lo	L(less8)		//lo:<
++	add	src1end, src1, limit
++	add	src2end, src2, limit
++	tbz	limit, 3, L(less8)
+ 	ldr	data1, [src1]
+ 	ldr	data2, [src2]
+-	/* equal 8 optimized */
+-	ccmp	data1, data2, 0, ne
+-	b.ne	L(return)
+-
+-	ldr	data1, [src1, limit]
+-	ldr	data2, [src2, limit]
+-	b	L(return)
++	ldr	data3, [src1end, -8]
++	ldr	data4, [src2end, -8]
++	b	L(return2)
+ 
+ 	.p2align 4
+ L(less8):
+-	adds	limit, limit, 4
+-	b.lo	L(less4)
++	tbz	limit, 2, L(less4)
+ 	ldr	data1w, [src1]
+ 	ldr	data2w, [src2]
+-	ccmp	data1w, data2w, 0, ne
+-	b.ne	L(return)
+-	ldr	data1w,	[src1, limit]
+-	ldr	data2w,	[src2, limit]
+-	b	L(return)
++	ldr	data3w, [src1end, -4]
++	ldr	data4w, [src2end, -4]
++	b	L(return2)
+ 
+-	.p2align 4
+ L(less4):
+-	adds	limit, limit, 4
+-	b.eq	L(ret_0)
+-
+-L(byte_loop):
+-	ldrb	data1w, [src1], 1
+-	ldrb	data2w, [src2], 1
+-	subs	limit, limit, 1
+-	ccmp	data1w, data2w, 0, ne	/* NZCV = 0b0000.  */
+-	b.eq	L(byte_loop)
++	tbz	limit, 1, L(less2)
++	ldrh	data1w, [src1]
++	ldrh	data2w, [src2]
++	cmp	data1w, data2w
++	b.ne	L(return)
++L(less2):
++	mov	result, 0
++	tbz	limit, 0, L(return_zero)
++	ldrb	data1w, [src1end, -1]
++	ldrb	data2w, [src2end, -1]
+ 	sub	result, data1w, data2w
++L(return_zero):
+ 	ret
+-L(ret_0):
+-	mov	result, 0
++
++L(loop_align):
++	ldp	data1, data3, [src1, 16]
++	ldp	data2, data4, [src2, 16]
++	cmp	data1, data2
++	ccmp	data3, data4, 0, eq
++	b.ne	L(return2)
++
++	/* Align src2 and adjust src1, src2 and limit.  */
++	and	tmp, src2, 15
++	sub	tmp, tmp, 16
++	sub	src2, src2, tmp
++	add	limit, limit, tmp
++	sub	src1, src1, tmp
++	sub	limit, limit, 64 + 16
++
++	.p2align 4
++L(loop64):
++	ldr	q0, [src1, 16]
++	ldr	q1, [src2, 16]
++	subs	limit, limit, 64
++	ldr	q2, [src1, 32]
++	ldr	q3, [src2, 32]
++	eor	v0.16b, v0.16b, v1.16b
++	eor	v1.16b, v2.16b, v3.16b
++	ldr	q2, [src1, 48]
++	ldr	q3, [src2, 48]
++	umaxp	v0.16b, v0.16b, v1.16b
++	ldr	q4, [src1, 64]!
++	ldr	q5, [src2, 64]!
++	eor	v1.16b, v2.16b, v3.16b
++	eor	v2.16b, v4.16b, v5.16b
++	umaxp	v1.16b, v1.16b, v2.16b
++	umaxp	v0.16b, v0.16b, v1.16b
++	umaxp	v0.16b, v0.16b, v0.16b
++	fmov	tmp, d0
++	ccmp	tmp, 0, 0, hi
++	b.eq	L(loop64)
++
++	/* If equal, process last 1-64 bytes using scalar loop.  */
++	add	limit, limit, 64 + 16
++	cbz	tmp, L(last64)
++
++	/* Determine the 8-byte aligned offset of the first difference.  */
++#ifdef __AARCH64EB__
++	rev16	tmp, tmp
++#endif
++	rev	tmp, tmp
++	clz	tmp, tmp
++	bic	tmp, tmp, 7
++	sub	tmp, tmp, 48
++	ldr	data1, [src1, tmp]
++	ldr	data2, [src2, tmp]
++#ifndef __AARCH64EB__
++	rev	data1, data1
++	rev	data2, data2
++#endif
++	mov	result, 1
++	cmp	data1, data2
++	cneg	result, result, lo
+ 	ret
+ 
+ END (memcmp)
+-- 
+2.27.0
+

backport-CVE-2025-0395-underallocation-of-abort_msg_s-struct.patch

@@ -0,0 +1,96 @@
+From df4e1f4a5096b385c9bcc94424cf2eaa227b3761 Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Wed, 22 Jan 2025 17:22:02 +0100
+Subject: [PATCH] Fix underallocation of abort_msg_s struct (CVE-2025-0395)
+
+Include the space needed to store the length of the message itself, in
+addition to the message string.  This resolves BZ #32582.
+
+Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
+Reviewed: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
+(cherry picked from commit 68ee0f704cb81e9ad0a78c644a83e1e9cd2ee578)
+
+Conflict in sysdeps/posix/libc_fatal.c due to missing cleanup after
+backtrace removal.
+
+Reference:https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=df4e1f4a5096b385c9bcc94424cf2eaa227b3761
+Conflict:NEWS
+---
+ NEWS                       | 6 ++++++
+ assert/assert.c            | 4 +++-
+ sysdeps/posix/libc_fatal.c | 5 +++--
+ 3 files changed, 12 insertions(+), 3 deletions(-)
+
+diff --git a/NEWS b/NEWS
+index aabb21e86c..192bf1374f 100644
+--- a/NEWS
++++ b/NEWS
+@@ -60,6 +60,11 @@ Security related changes:
+   corresponds to the / directory through an unprivileged mount
+   namespace.  Reported by Qualys.
+
++  CVE-2025-0395: When the assert() function fails, it does not allocate
++  enough space for the assertion failure message string and size
++  information, which may lead to a buffer overflow if the message string
++  size aligns to page size.
++
+ The following bugs are resolved with this release:
+
+   [12889] nptl: Fix race between pthread_kill and thread exit
+@@ -172,6 +177,7 @@ The following bugs are resolved with this release:
+     cancellation and with cancellation disabled
+   [29097] time: fchmodat does not handle 64 bit time_t for
+     AT_SYMLINK_NOFOLLOW
++  [32582] Fix underallocation of abort_msg_s struct (CVE-2025-0395)
+ 
+ 
+ Version 2.34
+diff --git a/assert/assert.c b/assert/assert.c
+index 8a277dce00..cbc8238061 100644
+--- a/assert/assert.c
++++ b/assert/assert.c
+@@ -18,6 +18,7 @@
+ #include <assert.h>
+ #include <atomic.h>
+ #include <ldsodefs.h>
++#include <libc-pointer-arith.h>
+ #include <libintl.h>
+ #include <stdio.h>
+ #include <stdlib.h>
+@@ -64,7 +65,8 @@ __assert_fail_base (const char *fmt, const char *assertion, const char *file,
+       (void) __fxprintf (NULL, "%s", str);
+       (void) fflush (stderr);
+ 
+-      total = (total + 1 + GLRO(dl_pagesize) - 1) & ~(GLRO(dl_pagesize) - 1);
++      total = ALIGN_UP (total + sizeof (struct abort_msg_s) + 1,
++			GLRO(dl_pagesize));
+       struct abort_msg_s *buf = __mmap (NULL, total, PROT_READ | PROT_WRITE,
+ 					MAP_ANON | MAP_PRIVATE, -1, 0);
+       if (__glibc_likely (buf != MAP_FAILED))
+diff --git a/sysdeps/posix/libc_fatal.c b/sysdeps/posix/libc_fatal.c
+index 6d24bee613..7c47b0cfb5 100644
+--- a/sysdeps/posix/libc_fatal.c
++++ b/sysdeps/posix/libc_fatal.c
+@@ -20,6 +20,7 @@
+ #include <errno.h>
+ #include <fcntl.h>
+ #include <ldsodefs.h>
++#include <libc-pointer-arith.h>
+ #include <paths.h>
+ #include <stdarg.h>
+ #include <stdbool.h>
+@@ -125,8 +126,8 @@ __libc_message (enum __libc_message_action action, const char *fmt, ...)
+ 
+       if ((action & do_abort))
+ 	{
+-	  total = ((total + 1 + GLRO(dl_pagesize) - 1)
+-		   & ~(GLRO(dl_pagesize) - 1));
++	  total = ALIGN_UP (total + sizeof (struct abort_msg_s) + 1,
++			    GLRO(dl_pagesize));
+ 	  struct abort_msg_s *buf = __mmap (NULL, total,
+ 					    PROT_READ | PROT_WRITE,
+ 					    MAP_ANON | MAP_PRIVATE, -1, 0);
+-- 
+2.43.5
+
+

backport-elf-Handle-static-PIE-with-non-zero-load-address-BZ-.patch

@@ -0,0 +1,308 @@
+From e7b553272196e6175b8a15f807cb59217ba2843a Mon Sep 17 00:00:00 2001
+From: "H.J. Lu" <hjl.tools@gmail.com>
+Date: Tue, 29 Oct 2024 06:01:14 +0800
+Subject: [PATCH] elf: Handle static PIE with non-zero load address [BZ #31799]
+ 
+Reference:https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=e7b553272196e6175b8a15f807cb59217ba2843a
+Conflict:The context of the modified content is slightly different.
+ 
+For a static PIE with non-zero load address, its PT_DYNAMIC segment
+entries contain the relocated values for the load address in static PIE.
+Since static PIE usually doesn't have PT_PHDR segment, use p_vaddr of
+the PT_LOAD segment with offset == 0 as the load address in static PIE
+and adjust the entries of PT_DYNAMIC segment in static PIE by properly
+setting the l_addr field for static PIE.  This fixes BZ #31799.
+ 
+Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
+Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
+---
+ configure                    | 73 ++++++++++++++++++++++++++++++++++++
+ configure.ac                 | 36 ++++++++++++++++++
+ elf/Makefile                 | 20 ++++++++++
+ elf/dl-reloc-static-pie.c    | 30 +++++++++++----
+ elf/tst-pie-address-static.c | 19 ++++++++++
+ elf/tst-pie-address.c        | 28 ++++++++++++++
+ 6 files changed, 199 insertions(+), 7 deletions(-)
+ create mode 100644 elf/tst-pie-address-static.c
+ create mode 100644 elf/tst-pie-address.c
+
+diff --git a/configure b/configure
+index be2277b1..ae83d509 100755
+--- a/configure
++++ b/configure
+@@ -6925,6 +6925,79 @@ $as_echo "$libc_cv_cc_pie_default" >&6; }
+ libc_cv_pie_default=$libc_cv_cc_pie_default
+ 
+ 
++# Get Position Dependent Executable (PDE) load address to be used to
++# load static Position Independent Executable (PIE) at a known working
++# non-zero load address.  This is only used by glibc tests to verify
++# that PIE and static PIE with non-zero load address work correctly.
++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking PDE load address" >&5
++printf %s "checking PDE load address... " >&6; }
++if test ${libc_cv_pde_load_address+y}
++then :
++  printf %s "(cached) " >&6
++else case e in #(
++  e) cat > conftest.S <<EOF
++.globl _start
++_start:
++.globl __start
++__start:
++EOF
++if test $libc_cv_cc_pie_default = yes; then
++  pde_ld_flags="-no-pie"
++fi
++if ${CC-cc} $pde_ld_flags $CFLAGS $CPPFLAGS $LDFLAGS \
++	    -nostartfiles -nostdlib $no_ssp \
++	    -o conftest conftest.S 1>&5 2>&5; then
++  # Get the load address of the first PT_LOAD segment.
++  libc_cv_pde_load_address=$(LC_ALL=C $READELF -Wl conftest \
++			     | $AWK '/LOAD/ { print $3; exit 0; }')
++else
++  as_fn_error $? "${CC-cc} can not create PDE" "$LINENO" 5
++fi
++rm -f conftest* ;;
++esac
++fi
++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $libc_cv_pde_load_address" >&5
++printf "%s\n" "$libc_cv_pde_load_address" >&6; }
++config_vars="$config_vars
++pde-load-address = $libc_cv_pde_load_address"
++
++# Get the linker command-line option to load executable at a non-zero
++# load address.  This is only used by glibc tests to verify that PIE and
++# static PIE with non-zero load address work correctly.
++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for linker that supports -Ttext-segment=$libc_cv_pde_load_address" >&5
++printf %s "checking for linker that supports -Ttext-segment=$libc_cv_pde_load_address... " >&6; }
++libc_linker_feature=no
++cat > conftest.c <<EOF
++int _start (void) { return 42; }
++EOF
++if { ac_try='${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS $no_ssp
++		  -Wl,-Ttext-segment=$libc_cv_pde_load_address -nostdlib -nostartfiles
++		  -fPIC -shared -o conftest.so conftest.c
++		  1>&5'
++  { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5
++  (eval $ac_try) 2>&5
++  ac_status=$?
++  printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
++  test $ac_status = 0; }; }
++then
++  if ${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS $no_ssp -Wl,-Ttext-segment=$libc_cv_pde_load_address -nostdlib \
++      -nostartfiles -fPIC -shared -o conftest.so conftest.c 2>&1 \
++      | grep "warning: -Ttext-segment=$libc_cv_pde_load_address ignored" > /dev/null 2>&1; then
++    true
++  else
++    libc_linker_feature=yes
++  fi
++fi
++rm -f conftest*
++if test $libc_linker_feature = yes; then
++  libc_cv_load_address_ldflag=-Wl,-Ttext-segment
++else
++  libc_cv_load_address_ldflag=
++fi
++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $libc_linker_feature" >&5
++printf "%s\n" "$libc_linker_feature" >&6; }
++config_vars="$config_vars
++load-address-ldflag = $libc_cv_load_address_ldflag"
+ 
+ # Set the `multidir' variable by grabbing the variable from the compiler.
+ # We do it once and save the result in a generated makefile.
+diff --git a/configure.ac b/configure.ac
+index fa34af26..0ea4cbe9 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1853,6 +1853,42 @@ libc_cv_pie_default=$libc_cv_cc_pie_default
+ AC_SUBST(libc_cv_cc_pie_default)
+ AC_SUBST(libc_cv_pie_default)
+ 
++# Get Position Dependent Executable (PDE) load address to be used to
++# load static Position Independent Executable (PIE) at a known working
++# non-zero load address.  This is only used by glibc tests to verify
++# that PIE and static PIE with non-zero load address work correctly.
++AC_CACHE_CHECK([PDE load address],
++	       libc_cv_pde_load_address, [dnl
++cat > conftest.S <<EOF
++.globl _start
++_start:
++.globl __start
++__start:
++EOF
++if test $libc_cv_cc_pie_default = yes; then
++  pde_ld_flags="-no-pie"
++fi
++if ${CC-cc} $pde_ld_flags $CFLAGS $CPPFLAGS $LDFLAGS \
++	    -nostartfiles -nostdlib $no_ssp \
++	    -o conftest conftest.S 1>&AS_MESSAGE_LOG_FD 2>&AS_MESSAGE_LOG_FD; then
++  # Get the load address of the first PT_LOAD segment.
++  libc_cv_pde_load_address=$(LC_ALL=C $READELF -Wl conftest \
++			     | $AWK '/LOAD/ { print $3; exit 0; }')
++else
++  AC_MSG_ERROR([${CC-cc} can not create PDE])
++fi
++rm -f conftest*])
++LIBC_CONFIG_VAR([pde-load-address], [$libc_cv_pde_load_address])
++
++# Get the linker command-line option to load executable at a non-zero
++# load address.  This is only used by glibc tests to verify that PIE and
++# static PIE with non-zero load address work correctly.
++LIBC_LINKER_FEATURE([-Ttext-segment=$libc_cv_pde_load_address],
++		    [-Wl,-Ttext-segment=$libc_cv_pde_load_address],
++		    [libc_cv_load_address_ldflag=-Wl,-Ttext-segment],
++		    [libc_cv_load_address_ldflag=])
++LIBC_CONFIG_VAR([load-address-ldflag], [$libc_cv_load_address_ldflag])
++
+ # Set the `multidir' variable by grabbing the variable from the compiler.
+ # We do it once and save the result in a generated makefile.
+ libc_cv_multidir=`${CC-cc} $CFLAGS $CPPFLAGS -print-multi-directory`
+diff --git a/elf/Makefile b/elf/Makefile
+index 89ab30cd..e6f78d7f 100644
+--- a/elf/Makefile
++++ b/elf/Makefile
+@@ -844,6 +844,25 @@ modules-names += tst-piemod1
+ tests += tst-pie1 tst-pie2 tst-dlopen-pie tst-dlopen-tlsmodid-pie \
+   tst-dlopen-self-pie
+ tests-pie += tst-pie1 tst-pie2 tst-dlopen-tlsmodid-pie tst-dlopen-self-pie
++ifneq (,$(load-address-ldflag))
++tests += \
++  tst-pie-address \
++  # tests
++tests-pie += \
++  tst-pie-address \
++  # tests-pie
++LDFLAGS-tst-pie-address += $(load-address-ldflag)=$(pde-load-address)
++ifeq (yes,$(enable-static-pie))
++tests += \
++  tst-pie-address-static \
++  # tests
++tests-static += \
++  tst-pie-address-static \
++  # tests-static
++LDFLAGS-tst-pie-address-static += \
++  $(load-address-ldflag)=$(pde-load-address)
++endif
++endif
+ ifeq (yes,$(have-protected-data))
+ tests += vismain
+ tests-pie += vismain
+@@ -1622,6 +1641,7 @@ $(objpfx)tst-array5-static-cmp.out: tst-array5-static.exp \
+ 
+ CFLAGS-tst-pie1.c += $(pie-ccflag)
+ CFLAGS-tst-pie2.c += $(pie-ccflag)
++CFLAGS-tst-pie-address.c += $(pie-ccflag)
+ 
+ $(objpfx)tst-piemod1.so: $(libsupport)
+ $(objpfx)tst-pie1: $(objpfx)tst-piemod1.so
+diff --git a/elf/dl-reloc-static-pie.c b/elf/dl-reloc-static-pie.c
+index 2fb02d72..f4013e55 100644
+--- a/elf/dl-reloc-static-pie.c
++++ b/elf/dl-reloc-static-pie.c
+@@ -35,21 +35,37 @@ _dl_relocate_static_pie (void)
+ # define RESOLVE_MAP(sym, version, flags) BOOTSTRAP_MAP
+ # include "dynamic-link.h"
+ 
+-  /* Figure out the run-time load address of static PIE.  */
+-  main_map->l_addr = elf_machine_load_address ();
+-
+-  /* Read our own dynamic section and fill in the info array.  */
+-  main_map->l_ld = ((void *) main_map->l_addr + elf_machine_dynamic ());
+-
++  /* NB: elf_machine_load_address () returns the run-time load address
++     of static PIE.  The l_addr field contains the difference between the
++     link-time load address in the ELF file and the run-time load address
++     in memory.  We must subtract the link-time load address of static PIE,
++     which can be non-zero, when computing the l_addr field.  Since static
++     PIE usually doesn't have PT_PHDR segment, use p_vaddr of the PT_LOAD
++     segment with offset == 0 as the load address of static PIE.  */
++  ElfW(Addr) file_p_vaddr = 0;
+   const ElfW(Phdr) *ph, *phdr = GL(dl_phdr);
+   size_t phnum = GL(dl_phnum);
+   for (ph = phdr; ph < &phdr[phnum]; ++ph)
+-    if (ph->p_type == PT_DYNAMIC)
++    switch (ph->p_type)
+       {
++      case PT_LOAD:
++	if (ph->p_offset == 0)
++	  file_p_vaddr = ph->p_vaddr;
++	break;
++      case PT_DYNAMIC:
+ 	main_map->l_ld_readonly = (ph->p_flags & PF_W) == 0;
+ 	break;
++      default:
++	break;
+       }
+ 
++  /* Figure out the run-time load address of static PIE.  */
++  ElfW(Addr) l_addr = elf_machine_load_address ();
++  main_map->l_addr = l_addr - file_p_vaddr;
++
++  /* Read our own dynamic section and fill in the info array.  */
++  main_map->l_ld = ((void *) l_addr + elf_machine_dynamic ());
++
+   elf_get_dynamic_info (main_map);
+ 
+ # ifdef ELF_MACHINE_BEFORE_RTLD_RELOC
+diff --git a/elf/tst-pie-address-static.c b/elf/tst-pie-address-static.c
+new file mode 100644
+index 00000000..be2831e9
+--- /dev/null
++++ b/elf/tst-pie-address-static.c
+@@ -0,0 +1,19 @@
++/* Test static PIE with non-zero load address.
++   Copyright (C) 2024 Free Software Foundation, Inc.
++   This file is part of the GNU C Library.
++
++   The GNU C Library is free software; you can redistribute it and/or
++   modify it under the terms of the GNU Lesser General Public
++   License as published by the Free Software Foundation; either
++   version 2.1 of the License, or (at your option) any later version.
++
++   The GNU C Library is distributed in the hope that it will be useful,
++   but WITHOUT ANY WARRANTY; without even the implied warranty of
++   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++   Lesser General Public License for more details.
++
++   You should have received a copy of the GNU Lesser General Public
++   License along with the GNU C Library; if not, see
++   <https://www.gnu.org/licenses/>.  */
++
++#include "tst-pie-address.c"
+diff --git a/elf/tst-pie-address.c b/elf/tst-pie-address.c
+new file mode 100644
+index 00000000..aa1ca0a9
+--- /dev/null
++++ b/elf/tst-pie-address.c
+@@ -0,0 +1,28 @@
++/* Test PIE with non-zero load address.
++   Copyright (C) 2024 Free Software Foundation, Inc.
++   This file is part of the GNU C Library.
++
++   The GNU C Library is free software; you can redistribute it and/or
++   modify it under the terms of the GNU Lesser General Public
++   License as published by the Free Software Foundation; either
++   version 2.1 of the License, or (at your option) any later version.
++
++   The GNU C Library is distributed in the hope that it will be useful,
++   but WITHOUT ANY WARRANTY; without even the implied warranty of
++   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++   Lesser General Public License for more details.
++
++   You should have received a copy of the GNU Lesser General Public
++   License along with the GNU C Library; if not, see
++   <https://www.gnu.org/licenses/>.  */
++
++#include <stdio.h>
++
++static int
++do_test (void)
++{
++  printf ("Hello\n");
++  return 0;
++}
++
++#include <support/test-driver.c>
+-- 
+2.27.0
+

backport-elf-Introduce-_dl_relocate_object_no_relro.patch

@@ -0,0 +1,93 @@
+From f2326c2ec0a0a8db7bc7f4db8cce3002768fc3b6 Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Wed, 6 Nov 2024 10:33:44 +0100
+Subject: [PATCH] elf: Introduce _dl_relocate_object_no_relro
+
+Reference:https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=f2326c2ec0a0a8db7bc7f4db8cce3002768fc3b6
+Conflict:The context of the modified content is slightly different.
+
+And make _dl_protect_relro apply RELRO conditionally.
+
+Reviewed-by: DJ Delorie <dj@redhat.com>
+---
+ elf/dl-reloc.c             | 24 ++++++++++++++----------
+ sysdeps/generic/ldsodefs.h |  7 +++++++
+ 2 files changed, 21 insertions(+), 10 deletions(-)
+
+diff --git a/elf/dl-reloc.c b/elf/dl-reloc.c
+index e13a672a..971a9776 100644
+--- a/elf/dl-reloc.c
++++ b/elf/dl-reloc.c
+@@ -163,8 +163,8 @@ _dl_nothread_init_static_tls (struct link_map *map)
+ #endif /* !THREAD_GSCOPE_IN_TCB */
+ 
+ void
+-_dl_relocate_object (struct link_map *l, struct r_scope_elem *scope[],
+-		     int reloc_mode, int consider_profiling)
++_dl_relocate_object_no_relro (struct link_map *l, struct r_scope_elem *scope[],
++			      int reloc_mode, int consider_profiling)
+ {
+   struct textrels
+   {
+@@ -187,9 +187,6 @@ _dl_relocate_object (struct link_map *l, struct r_scope_elem *scope[],
+ # define consider_profiling 0
+ #endif
+ 
+-  if (l->l_relocated)
+-    return;
+-
+   /* If DT_BIND_NOW is set relocate all references in this object.  We
+      do not do this if we are profiling, of course.  */
+   // XXX Correct for auditing?
+@@ -316,17 +313,24 @@ _dl_relocate_object (struct link_map *l, struct r_scope_elem *scope[],
+ 
+       textrels = textrels->next;
+     }
+-
+-  /* In case we can protect the data now that the relocations are
+-     done, do it.  */
+-  if (l->l_relro_size != 0)
+-    _dl_protect_relro (l);
+ }
+ 
++void
++_dl_relocate_object (struct link_map *l, struct r_scope_elem *scope[],
++		     int reloc_mode, int consider_profiling)
++{
++  if (l->l_relocated)
++    return;
++  _dl_relocate_object_no_relro (l, scope, reloc_mode, consider_profiling);
++  _dl_protect_relro (l);
++}
+ 
+ void
+ _dl_protect_relro (struct link_map *l)
+ {
++  if (l->l_relro_size == 0)
++    return;
++
+   ElfW(Addr) start = ALIGN_DOWN((l->l_addr
+ 				 + l->l_relro_addr),
+ 				GLRO(dl_pagesize));
+diff --git a/sysdeps/generic/ldsodefs.h b/sysdeps/generic/ldsodefs.h
+index a9fffd66..a4c06c15 100644
+--- a/sysdeps/generic/ldsodefs.h
++++ b/sysdeps/generic/ldsodefs.h
+@@ -1058,6 +1058,13 @@ extern void _dl_relocate_object (struct link_map *map,
+ 				 int reloc_mode, int consider_profiling)
+      attribute_hidden;
+ 
++/* Perform relocation, but do not apply RELRO.  Does not check
++   L->relocated.  Otherwise the same as _dl_relocate_object.  */
++void _dl_relocate_object_no_relro (struct link_map *map,
++				   struct r_scope_elem *scope[],
++				   int reloc_mode, int consider_profiling)
++     attribute_hidden;
++
+ /* Protect PT_GNU_RELRO area.  */
+ extern void _dl_protect_relro (struct link_map *map) attribute_hidden;
+ 
+-- 
+2.43.0
+
+

backport-elf-Move-__rtld_malloc_init_stubs-call-into-_dl_star.patch

@@ -0,0 +1,42 @@
+From 2abfa1907218c5ec9d52bb81bee3f1af652f67c7 Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Tue, 24 Sep 2024 13:23:10 +0200
+Subject: [PATCH] elf: Move __rtld_malloc_init_stubs call into _dl_start_final
+
+Reference:https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=2abfa1907218c5ec9d52bb81bee3f1af652f67c7
+Conflict:NA
+
+Calling an extern function in a different translation unit before
+self-relocation is brittle.  The compiler may load the address
+at an earlier point in _dl_start, before self-relocation.  In
+_dl_start_final, the call is behind a compiler barrier, so this
+cannot happen.
+---
+ elf/rtld.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/elf/rtld.c b/elf/rtld.c
+index 13b4134b..5a82c1ab 100644
+--- a/elf/rtld.c
++++ b/elf/rtld.c
+@@ -449,6 +449,8 @@ _dl_start_final (void *arg, struct dl_start_final_info *info)
+ {
+   ElfW(Addr) start_addr;
+ 
++  __rtld_malloc_init_stubs ();
++
+   /* If it hasn't happen yet record the startup time.  */
+   rtld_timer_start (&start_time);
+ #if !defined DONT_USE_BOOTSTRAP_MAP
+@@ -574,7 +576,6 @@ _dl_start (void *arg)
+      function, that way the compiler cannot put accesses to the GOT
+      before ELF_DYNAMIC_RELOCATE.  */
+ 
+-  __rtld_malloc_init_stubs ();
+ 
+   {
+ #ifdef DONT_USE_BOOTSTRAP_MAP
+-- 
+2.33.0
+
+

backport-elf-Switch-to-main-malloc-after-final-ld.so-self-rel.patch

@@ -0,0 +1,216 @@
+From c1560f3f75c0e892b5522c16f91b4e303f677094 Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Wed, 6 Nov 2024 10:33:44 +0100
+Subject: [PATCH] elf: Switch to main malloc after final ld.so self-relocation
+
+Reference:https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=c1560f3f75c0e892b5522c16f91b4e303f677094
+Conflict:The context of the modified content is slightly different.
+
+Before commit ee1ada1bdb8074de6e1bdc956ab19aef7b6a7872
+("elf: Rework exception handling in the dynamic loader
+[BZ #25486]"), the previous order called the main calloc
+to allocate a shadow GOT/PLT array for auditing support.
+This happened before libc.so.6 ELF constructors were run, so
+a user malloc could run without libc.so.6 having been
+initialized fully.  One observable effect was that
+environ was NULL at this point.
+
+It does not seem to be possible at present to trigger such
+an allocation, but it seems more robust to delay switching
+to main malloc after ld.so self-relocation is complete.
+The elf/tst-rtld-no-malloc-audit test case fails with a
+2.34-era glibc that does not have this fix.
+
+Reviewed-by: DJ Delorie <dj@redhat.com>
+---
+ elf/Makefile                     |  9 ++++
+ elf/dl-support.c                 |  3 +-
+ elf/rtld.c                       | 25 +++++------
+ elf/tst-rtld-no-malloc-audit.c   |  1 +
+ elf/tst-rtld-no-malloc-preload.c |  1 +
+ elf/tst-rtld-no-malloc.c         | 76 ++++++++++++++++++++++++++++++++
+ 6 files changed, 99 insertions(+), 16 deletions(-)
+ create mode 100644 elf/tst-rtld-no-malloc-audit.c
+ create mode 100644 elf/tst-rtld-no-malloc-preload.c
+ create mode 100644 elf/tst-rtld-no-malloc.c
+
+diff --git a/elf/Makefile b/elf/Makefile
+index d73f78bd..a178a222 100644
+--- a/elf/Makefile
++++ b/elf/Makefile
+@@ -407,6 +407,9 @@ tests += \
+   tst-null-argv \
+   tst-relsort1 \
+   tst-ro-dynamic \
++  tst-rtld-no-malloc \
++  tst-rtld-no-malloc-audit \
++  tst-rtld-no-malloc-preload \
+   tst-single_threaded \
+   tst-single_threaded-pthread \
+   tst-sonamemove-dlopen \
+@@ -2519,3 +2522,9 @@ CFLAGS-tst-tlsgap-mod2.c += -mtls-dialect=gnu2
+ endif
+ 
+ $(objpfx)tst-rtld-run-static.out: $(objpfx)/ldconfig
++
++# Reuse an audit module which provides ample debug logging.
++tst-rtld-no-malloc-audit-ENV = LD_AUDIT=$(objpfx)tst-auditmod1.so
++
++# Any shared object should do.
++tst-rtld-no-malloc-preload-ENV = LD_PRELOAD=$(objpfx)tst-auditmod1.so
+diff --git a/elf/dl-support.c b/elf/dl-support.c
+index f6ab2627..ec75d851 100644
+--- a/elf/dl-support.c
++++ b/elf/dl-support.c
+@@ -421,8 +421,7 @@ _dl_non_dynamic_init (void)
+ 	}
+ 
+   /* Setup relro on the binary itself.  */
+-  if (_dl_main_map.l_relro_size != 0)
+-    _dl_protect_relro (&_dl_main_map);
++  _dl_protect_relro (&_dl_main_map);
+ }
+ 
+ #ifdef DL_SYSINFO_IMPLEMENTATION
+diff --git a/elf/rtld.c b/elf/rtld.c
+index 5a82c1ab..ebfe6713 100644
+--- a/elf/rtld.c
++++ b/elf/rtld.c
+@@ -2505,27 +2505,24 @@ dl_main (const ElfW(Phdr) *phdr,
+ 
+   if (! prelinked && rtld_multiple_ref)
+     {
+-      /* There was an explicit ref to the dynamic linker as a shared lib.
+-	 Re-relocate ourselves with user-controlled symbol definitions.
+-
+-	 We must do this after TLS initialization in case after this
+-	 re-relocation, we might call a user-supplied function
+-	 (e.g. calloc from _dl_relocate_object) that uses TLS data.  */
+-
+-      /* The malloc implementation has been relocated, so resolving
+-	 its symbols (and potentially calling IFUNC resolvers) is safe
+-	 at this point.  */
+-      __rtld_malloc_init_real (main_map);
+ 
+       /* Likewise for the locking implementation.  */
+       __rtld_mutex_init ();
+ 
++      /* Re-relocate ourselves with user-controlled symbol definitions.  */
++
+       RTLD_TIMING_VAR (start);
+       rtld_timer_start (&start);
+ 
+-      /* Mark the link map as not yet relocated again.  */
+-      GL(dl_rtld_map).l_relocated = 0;
+-      _dl_relocate_object (&GL(dl_rtld_map), main_map->l_scope, 0, 0);
++      _dl_relocate_object_no_relro (&GL(dl_rtld_map), main_map->l_scope, 0, 0);
++
++      /* The malloc implementation has been relocated, so resolving
++       its symbols (and potentially calling IFUNC resolvers) is safe
++       at this point.  */
++      __rtld_malloc_init_real (main_map);
++
++      if (GL(dl_rtld_map).l_relro_size != 0)
++        _dl_protect_relro (&GL(dl_rtld_map));
+ 
+       rtld_timer_accum (&relocate_time, start);
+     }
+diff --git a/elf/tst-rtld-no-malloc-audit.c b/elf/tst-rtld-no-malloc-audit.c
+new file mode 100644
+index 00000000..a028377a
+--- /dev/null
++++ b/elf/tst-rtld-no-malloc-audit.c
+@@ -0,0 +1 @@
++#include "tst-rtld-no-malloc.c"
+diff --git a/elf/tst-rtld-no-malloc-preload.c b/elf/tst-rtld-no-malloc-preload.c
+new file mode 100644
+index 00000000..a028377a
+--- /dev/null
++++ b/elf/tst-rtld-no-malloc-preload.c
+@@ -0,0 +1 @@
++#include "tst-rtld-no-malloc.c"
+diff --git a/elf/tst-rtld-no-malloc.c b/elf/tst-rtld-no-malloc.c
+new file mode 100644
+index 00000000..5f24d4bd
+--- /dev/null
++++ b/elf/tst-rtld-no-malloc.c
+@@ -0,0 +1,76 @@
++/* Test that program loading does not call malloc.
++   Copyright (C) 2024 Free Software Foundation, Inc.
++   This file is part of the GNU C Library.
++
++   The GNU C Library is free software; you can redistribute it and/or
++   modify it under the terms of the GNU Lesser General Public
++   License as published by the Free Software Foundation; either
++   version 2.1 of the License, or (at your option) any later version.
++
++   The GNU C Library is distributed in the hope that it will be useful,
++   but WITHOUT ANY WARRANTY; without even the implied warranty of
++   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++   Lesser General Public License for more details.
++
++   You should have received a copy of the GNU Lesser General Public
++   License along with the GNU C Library; if not, see
++   <https://www.gnu.org/licenses/>.  */
++
++
++#include <string.h>
++#include <unistd.h>
++
++static void
++print (const char *s)
++{
++  const char *end = s + strlen (s);
++  while (s < end)
++    {
++      ssize_t ret = write (STDOUT_FILENO, s, end - s);
++      if (ret <= 0)
++        _exit (2);
++      s += ret;
++    }
++}
++
++static void __attribute__ ((noreturn))
++unexpected_call (const char *function)
++{
++  print ("error: unexpected call to ");
++  print (function);
++  print ("\n");
++  _exit (1);
++}
++
++/* These are the malloc functions implement in elf/dl-minimal.c.  */
++
++void
++free (void *ignored)
++{
++  unexpected_call ("free");
++}
++
++void *
++calloc (size_t ignored1, size_t ignored2)
++{
++  unexpected_call ("calloc");
++}
++
++void *
++malloc (size_t ignored)
++{
++  unexpected_call ("malloc");
++}
++
++void *
++realloc (void *ignored1, size_t ignored2)
++{
++  unexpected_call ("realloc");
++}
++
++int
++main (void)
++{
++  /* Do not use the test wrapper, to avoid spurious malloc calls from it.  */
++  return 0;
++}
+-- 
+2.43.0
+

backport-elf-avoid-jumping-over-a-needed-declaration.patch

@@ -0,0 +1,44 @@
+From 8e572067976ea700e5ef750458c42c47328fe459 Mon Sep 17 00:00:00 2001
+From: DJ Delorie <dj@redhat.com>
+Date: Wed, 6 Nov 2024 21:40:35 -0500
+Subject: [PATCH] elf: avoid jumping over a needed declaration
+
+Reference:https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=8e572067976ea700e5ef750458c42c47328fe459
+Conflict:NA
+
+The declaration of found_other_class could be jumped
+over via the goto just above it, but the code jumped
+to uses found_other_class.  Move the declaration
+up a bit to ensure it's properly declared and initialized.
+---
+ elf/dl-load.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/elf/dl-load.c b/elf/dl-load.c
+index ac8e217a7f..335b34c56d 100644
+--- a/elf/dl-load.c
++++ b/elf/dl-load.c
+@@ -1931,6 +1931,9 @@ _dl_map_object (struct link_map *loader, const char *name,
+ 		      : "\nfile=%s [%lu];  dynamically loaded by %s [%lu]\n",
+ 		      name, nsid, DSO_FILENAME (loader->l_name), loader->l_ns);
+ 
++  /* Will be true if we found a DSO which is of the other ELF class.  */
++  bool found_other_class = false;
++
+ #ifdef SHARED
+   /* Give the auditing libraries a chance to change the name before we
+      try anything.  */
+@@ -1948,9 +1951,6 @@ _dl_map_object (struct link_map *loader, const char *name,
+     }
+ #endif
+ 
+-  /* Will be true if we found a DSO which is of the other ELF class.  */
+-  bool found_other_class = false;
+-
+   if (strchr (name, '/') == NULL)
+     {
+       /* Search for NAME in several places.  */
+-- 
+2.33.0
+
+

glibc.spec

@@ -63,7 +63,7 @@
 %define target %{_target_cpu}-%{_vendor}-linuxeabi
 %endif
 %define x86_arches %{ix86} x86_64
-%define all_license LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL
+%define all_license LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net-2.0 and ISC and Public Domain and GFDL-1.3-only
 %define GCC gcc
 %define GXX g++
 ##############################################################################
@@ -71,7 +71,7 @@
 ##############################################################################
 Name: 	 	glibc
 Version: 	2.34
-Release: 	161
+Release: 	166
 Summary: 	The GNU libc libraries
 License:	%{all_license}
 URL: 		http://www.gnu.org/software/glibc/
@@ -311,6 +311,13 @@ Patch219: backport-elf-execve-statically-linked-programs-instead-of-cra.patch
 Patch220: backport-elf-Use-errcode-instead-of-unset-errno-in-rtld_chain.patch
 Patch221: backport-resolv-track-single-request-fallback-flags.patch
 Patch222: backport-resolv-allow-short-error-response-to-match-any-query.patch
+Patch223: backport-elf-avoid-jumping-over-a-needed-declaration.patch
+Patch224: backport-elf-Move-__rtld_malloc_init_stubs-call-into-_dl_star.patch
+Patch225: backport-elf-Handle-static-PIE-with-non-zero-load-address-BZ-.patch
+Patch226: backport-elf-Introduce-_dl_relocate_object_no_relro.patch
+Patch227: backport-elf-Switch-to-main-malloc-after-final-ld.so-self-rel.patch
+Patch228: AArch64-Optimize-memcmp.patch
+Patch229: backport-CVE-2025-0395-underallocation-of-abort_msg_s-struct.patch
 
 Patch9000: turn-default-value-of-x86_rep_stosb_threshold_form_2K_to_1M.patch
 Patch9001: delete-no-hard-link-to-avoid-all_language-package-to.patch 
@@ -1541,6 +1548,34 @@ fi
 %endif
 
 %changelog
+* Tue Feb 25 2025 taoyuxiang <taoyuxiang2@huawei.com> - 2.34-166
+- Type:CVE
+- CVE:CVE-2025-0395
+- SUG:NA
+- DESC:fix CVE-2025-0395
+
+* Mon Feb 10 2025 mayuhang <mayuhang@huawei.com> - 2.34-165
+- AArch64: Optimize memcmp
+
+* Wed Dec 11 2024 taoyuxiang <taoyuxiang2@huawei.com> - 2.34-164
+- Change Inner-Net to Inner-Net-2.0
+- Change GFDL to GFDL-1.3-only
+
+* Fri Dec 06 2024 shixuantong <shixuantong1@huawei.com> - 2.34-163
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:elf: Handle static PIE with non-zero load address
+       elf: Introduce _dl_relocate_object_no_relro
+       elf: Switch to main malloc after final ld.so self-relocation
+
+* Fri Nov 29 2024 shixuantong <shixuantong1@huawei.com> - 2.34-162
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:elf: avoid jumping over a needed declaration
+       elf: Move __rtld_malloc_init_stubs call into _dl_start_final 
+
 * Thu Nov 21 2024 Qingqing Li <liqingqing3@huawei.com> - 2.34-161
 - try to enable system thp ability when LD_HUGEPAGE_LIB=2