diff --git a/0044-fix-CVE-2025-5244.patch b/0044-fix-CVE-2025-5244.patch new file mode 100644 index 0000000000000000000000000000000000000000..f836483a2d6bcb4b546b61dd899206ac7a3c5467 --- /dev/null +++ b/0044-fix-CVE-2025-5244.patch @@ -0,0 +1,30 @@ +From d1458933830456e54223d9fc61f0d9b3a19256f5 Mon Sep 17 00:00:00 2001 +From: Alan Modra +Date: Thu, 10 Apr 2025 19:41:49 +0930 +Subject: [PATCH] PR32858 ld segfault on fuzzed object + +We missed one place where it is necessary to check for empty groups. + + PR 32858 + * elflink.c (elf_gc_sweep): Protect against empty group. +--- + bfd/elflink.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/bfd/elflink.c b/bfd/elflink.c +index 19dc853a..7bc48ce1 100644 +--- a/bfd/elflink.c ++++ b/bfd/elflink.c +@@ -14099,7 +14099,8 @@ elf_gc_sweep (bfd *abfd, struct bfd_link_info *info) + if (o->flags & SEC_GROUP) + { + asection *first = elf_next_in_group (o); +- o->gc_mark = first->gc_mark; ++ if (first != NULL) ++ o->gc_mark = first->gc_mark; + } + + if (o->gc_mark) +-- +2.47.3 + diff --git a/0045-fix-CVE-2025-5245.patch b/0045-fix-CVE-2025-5245.patch new file mode 100644 index 0000000000000000000000000000000000000000..01e39251803f376c1b0afe14ec1e81703eaf4da1 --- /dev/null +++ b/0045-fix-CVE-2025-5245.patch @@ -0,0 +1,44 @@ +From 6c3458a8b7ee7d39f070c7b2350851cb2110c65a Mon Sep 17 00:00:00 2001 +From: Alan Modra +Date: Tue, 1 Apr 2025 22:36:54 +1030 +Subject: [PATCH] PR32829, SEGV on objdump function debug_type_samep + +u.kenum is always non-NULL, see debug_make_enum_type. + + PR 32829 + * debug.c (debug_type_samep): Correct incomplete enum test. + (debug_write_type): Remove dead code. +--- + binutils/debug.c | 9 +++------ + 1 file changed, 3 insertions(+), 6 deletions(-) + +diff --git a/binutils/debug.c b/binutils/debug.c +index dcc8ccde4c5..465b18e7c0a 100644 +--- a/binutils/debug.c ++++ b/binutils/debug.c +@@ -2554,9 +2554,6 @@ debug_write_type (struct debug_handle *info, + case DEBUG_KIND_UNION_CLASS: + return debug_write_class_type (info, fns, fhandle, type, tag); + case DEBUG_KIND_ENUM: +- if (type->u.kenum == NULL) +- return (*fns->enum_type) (fhandle, tag, (const char **) NULL, +- (bfd_signed_vma *) NULL); + return (*fns->enum_type) (fhandle, tag, type->u.kenum->names, + type->u.kenum->values); + case DEBUG_KIND_POINTER: +@@ -3097,9 +3094,9 @@ debug_type_samep (struct debug_handle *info, struct debug_type_s *t1, + break; + + case DEBUG_KIND_ENUM: +- if (t1->u.kenum == NULL) +- ret = t2->u.kenum == NULL; +- else if (t2->u.kenum == NULL) ++ if (t1->u.kenum->names == NULL) ++ ret = t2->u.kenum->names == NULL; ++ else if (t2->u.kenum->names == NULL) + ret = false; + else + { +-- +2.43.7 + diff --git a/binutils.spec b/binutils.spec index f992a1e247c941cdc87dbd79d16bdc7d5bfdb7ba..a175ea51131c538937d84bb25c74dd9c119b19aa 100644 --- a/binutils.spec +++ b/binutils.spec @@ -1,4 +1,4 @@ -%define anolis_release 9 +%define anolis_release 10 # Determine if this is a native build or a cross build. # # For a cross build add --define "binutils_target " to the command @@ -365,6 +365,12 @@ Patch0042: 0042-fix-CVE-2025-7545.patch # https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=41461010eb7c79fee7a9d5f6209accdaac66cc6b Patch0043: 0043-fix-CVE-2025-7546.patch +# https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d1458933830456e54223d9fc61f0d9b3a19256f5 +Patch0044: 0044-fix-CVE-2025-5244.patch + +# https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=6c3458a8b7ee7d39f070c7b2350851cb2110c65a +Patch0045: 0045-fix-CVE-2025-5245.patch + # Purpose: Suppress the x86 linker's p_align-1 tests due to kernel bug on CentOS-10 # Lifetime: TEMPORARY Patch0099: 0099-binutils-suppress-ld-align-tests.patch @@ -1144,6 +1150,9 @@ exit 0 %doc README ChangeLog MAINTAINERS README-maintainer-mode %changelog +* Wed Aug 06 2025 wenxin - 2.41-10 +- Add patch to fix CVE-2025-5244,CVE-2025-5245 + * Thu Jul 31 2025 Weisson - 2.41-9 - bugfix: use correct configure parameters.