| Message ID | 20250521045414.449621-1-Deepesh.Varatharajan@windriver.com |
|---|---|
| State | Under Review |
| Delegated to: | Steve Sakoman |
| Headers | show |
| Series | [walnascar] binutils: Fix CVE-2025-1178 | expand |
LGTM On Tue, May 20, 2025 at 9:54 PM Varatharajan, Deepesh via lists.openembedded.org <deepesh.varatharajan=windriver.com@lists.openembedded.org> wrote: > > From: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com> > > Prevent an abort in the bfd linker when attempting to > generate dynamic relocs for a corrupt input file. > > PR 32638 > > Backport a patch from upstream to fix CVE-2025-1178 > Upstream-Status: Backport from [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=75086e9de1707281172cc77f178e7949a4414ed0] > > Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com> > --- > .../binutils/binutils-2.44.inc | 1 + > .../binutils/0015-CVE-2025-1178.patch | 33 +++++++++++++++++++ > 2 files changed, 34 insertions(+) > create mode 100644 meta/recipes-devtools/binutils/binutils/0015-CVE-2025-1178.patch > > diff --git a/meta/recipes-devtools/binutils/binutils-2.44.inc b/meta/recipes-devtools/binutils/binutils-2.44.inc > index 7a19aa31d5..395549a624 100644 > --- a/meta/recipes-devtools/binutils/binutils-2.44.inc > +++ b/meta/recipes-devtools/binutils/binutils-2.44.inc > @@ -35,5 +35,6 @@ SRC_URI = "\ > file://0012-Only-generate-an-RPATH-entry-if-LD_RUN_PATH-is-not-e.patch \ > file://0013-Define-alignof-using-_Alignof-when-using-C11-or-newe.patch \ > file://0014-Remove-duplicate-pe-dll.o-entry-deom-targ_extra_ofil.patch \ > + file://0015-CVE-2025-1178.patch \ > " > S = "${WORKDIR}/git" > diff --git a/meta/recipes-devtools/binutils/binutils/0015-CVE-2025-1178.patch b/meta/recipes-devtools/binutils/binutils/0015-CVE-2025-1178.patch > new file mode 100644 > index 0000000000..c39f43fba4 > --- /dev/null > +++ b/meta/recipes-devtools/binutils/binutils/0015-CVE-2025-1178.patch > @@ -0,0 +1,33 @@ > +From 75086e9de1707281172cc77f178e7949a4414ed0 Mon Sep 17 00:00:00 2001 > +From: Nick Clifton <nickc@redhat.com> > +Date: Wed, 5 Feb 2025 13:26:51 +0000 > +Subject: [PATCH] Prevent an abort in the bfd linker when attempting to > + generate dynamic relocs for a corrupt input file. > + > +PR 32638 > + > +Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=75086e9de1707281172cc77f178e7949a4414ed0] > +CVE: CVE-2025-1178 > + > +Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com> > + > +diff --git a/bfd/elf64-x86-64.c b/bfd/elf64-x86-64.c > +index cb32732e..a08e9c97 100644 > +--- a/bfd/elf64-x86-64.c > ++++ b/bfd/elf64-x86-64.c > +@@ -5031,6 +5031,15 @@ elf_x86_64_finish_dynamic_symbol (bfd *output_bfd, > + > + if (generate_dynamic_reloc) > + { > ++ /* If the relgot section has not been created, then > ++ generate an error instead of a reloc. cf PR 32638. */ > ++ if (relgot == NULL || relgot->size == 0) > ++ { > ++ info->callbacks->einfo (_("%F%pB: Unable to generate dynamic relocs because a suitable section does not exist\n"), > ++ output_bfd); > ++ return false; > ++ } > ++ > + if (relative_reloc_name != NULL > + && htab->params->report_relative_reloc) > + _bfd_x86_elf_link_report_relative_reloc > -- > 2.49.0 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#216965): https://lists.openembedded.org/g/openembedded-core/message/216965 > Mute This Topic: https://lists.openembedded.org/mt/113224477/1997914 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [raj.khem@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- >
diff --git a/meta/recipes-devtools/binutils/binutils-2.44.inc b/meta/recipes-devtools/binutils/binutils-2.44.inc index 7a19aa31d5..395549a624 100644 --- a/meta/recipes-devtools/binutils/binutils-2.44.inc +++ b/meta/recipes-devtools/binutils/binutils-2.44.inc @@ -35,5 +35,6 @@ SRC_URI = "\ file://0012-Only-generate-an-RPATH-entry-if-LD_RUN_PATH-is-not-e.patch \ file://0013-Define-alignof-using-_Alignof-when-using-C11-or-newe.patch \ file://0014-Remove-duplicate-pe-dll.o-entry-deom-targ_extra_ofil.patch \ + file://0015-CVE-2025-1178.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/0015-CVE-2025-1178.patch b/meta/recipes-devtools/binutils/binutils/0015-CVE-2025-1178.patch new file mode 100644 index 0000000000..c39f43fba4 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/0015-CVE-2025-1178.patch @@ -0,0 +1,33 @@ +From 75086e9de1707281172cc77f178e7949a4414ed0 Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Wed, 5 Feb 2025 13:26:51 +0000 +Subject: [PATCH] Prevent an abort in the bfd linker when attempting to + generate dynamic relocs for a corrupt input file. + +PR 32638 + +Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=75086e9de1707281172cc77f178e7949a4414ed0] +CVE: CVE-2025-1178 + +Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com> + +diff --git a/bfd/elf64-x86-64.c b/bfd/elf64-x86-64.c +index cb32732e..a08e9c97 100644 +--- a/bfd/elf64-x86-64.c ++++ b/bfd/elf64-x86-64.c +@@ -5031,6 +5031,15 @@ elf_x86_64_finish_dynamic_symbol (bfd *output_bfd, + + if (generate_dynamic_reloc) + { ++ /* If the relgot section has not been created, then ++ generate an error instead of a reloc. cf PR 32638. */ ++ if (relgot == NULL || relgot->size == 0) ++ { ++ info->callbacks->einfo (_("%F%pB: Unable to generate dynamic relocs because a suitable section does not exist\n"), ++ output_bfd); ++ return false; ++ } ++ + if (relative_reloc_name != NULL + && htab->params->report_relative_reloc) + _bfd_x86_elf_link_report_relative_reloc