Message ID | 5c0c7058484fd8b1a82c2c810f7bccf016ea482b.1753392770.git.steve@sakoman.com |
---|---|
State | Superseded |
Delegated to: | Steve Sakoman |
Headers | show |
Series | [scarthgap,01/16] libxml2: fix CVE-2025-49795 | expand |
On 7/24/25 23:35, Steve Sakoman via lists.openembedded.org wrote: > --- a/meta/recipes-devtools/binutils/binutils-2.42.inc > +++ b/meta/recipes-devtools/binutils/binutils-2.42.inc > @@ -53,6 +53,10 @@ SRC_URI = "\ > file://CVE-2025-1179.patch \ > file://0022-CVE-2025-5245.patch \ > file://0022-CVE-2025-5244.patch \ > +<<<<<<< HEAD > file://0023-CVE-2025-7546.patch \ > +======= > + file://0023-CVE-2025-7545.patch \ > +>>>>>>> binutils: Fix CVE-2025-7545 > " This looks like a merge conflict.
On Thu, Jul 24, 2025 at 10:10 PM Gyorgy Sarvari <skandigraun@gmail.com> wrote: > > On 7/24/25 23:35, Steve Sakoman via lists.openembedded.org wrote: > > --- a/meta/recipes-devtools/binutils/binutils-2.42.inc > > +++ b/meta/recipes-devtools/binutils/binutils-2.42.inc > > @@ -53,6 +53,10 @@ SRC_URI = "\ > > file://CVE-2025-1179.patch \ > > file://0022-CVE-2025-5245.patch \ > > file://0022-CVE-2025-5244.patch \ > > +<<<<<<< HEAD > > file://0023-CVE-2025-7546.patch \ > > +======= > > + file://0023-CVE-2025-7545.patch \ > > +>>>>>>> binutils: Fix CVE-2025-7545 > > " > > This looks like a merge conflict. Hmmm . . . I remember fixing that! I'll send a V2 of the series. Thanks so much for reviewing! Steve
diff --git a/meta/recipes-devtools/binutils/binutils-2.42.inc b/meta/recipes-devtools/binutils/binutils-2.42.inc index a3ad655dbe..9aa3096b4f 100644 --- a/meta/recipes-devtools/binutils/binutils-2.42.inc +++ b/meta/recipes-devtools/binutils/binutils-2.42.inc @@ -53,6 +53,10 @@ SRC_URI = "\ file://CVE-2025-1179.patch \ file://0022-CVE-2025-5245.patch \ file://0022-CVE-2025-5244.patch \ +<<<<<<< HEAD file://0023-CVE-2025-7546.patch \ +======= + file://0023-CVE-2025-7545.patch \ +>>>>>>> binutils: Fix CVE-2025-7545 " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/0023-CVE-2025-7545.patch b/meta/recipes-devtools/binutils/binutils/0023-CVE-2025-7545.patch new file mode 100644 index 0000000000..de132f74fc --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/0023-CVE-2025-7545.patch @@ -0,0 +1,39 @@ +From: "H.J. Lu" <hjl.tools@gmail.com> +Date: Sat, 21 Jun 2025 06:36:56 +0800 + +Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944] +CVE: CVE-2025-7545 + +Since the output section contents are copied from the input, don't +extend the output section size beyond the input section size. + + PR binutils/33049 + * objcopy.c (copy_section): Don't extend the output section + size beyond the input section size. + +Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com> + +diff --git a/binutils/objcopy.c b/binutils/objcopy.c +index a85d2620..18cd1bfd 100644 +--- a/binutils/objcopy.c ++++ b/binutils/objcopy.c +@@ -4547,6 +4547,7 @@ copy_section (bfd *ibfd, sec_ptr isection, void *obfdarg) + char *to = (char *) memhunk; + char *end = (char *) memhunk + size; + int i; ++ bfd_size_type memhunk_size = size; + + /* If the section address is not exactly divisible by the interleave, + then we must bias the from address. If the copy_byte is less than +@@ -4566,6 +4567,11 @@ copy_section (bfd *ibfd, sec_ptr isection, void *obfdarg) + } + + size = (size + interleave - 1 - copy_byte) / interleave * copy_width; ++ ++ /* Don't extend the output section size. */ ++ if (size > memhunk_size) ++ size = memhunk_size; ++ + osection->lma /= interleave; + if (copy_byte < extra) + osection->lma++;