| Message ID | 20250824124248.1093100-2-peter.marko@siemens.com |
|---|---|
| State | Changes Requested |
| Delegated to: | Steve Sakoman |
| Headers | show |
| Series | [walnascar,1/2] binutils: set status for CVE-2025-8224 | expand |
The first patch in this series applies without issue, but this one fails with: Applying: binutils: patch CVE-2025-8225 error: sha1 information is lacking or useless (meta/recipes-devtools/binutils/binutils-2.44.inc). error: could not build fake ancestor Patch failed at 0001 binutils: patch CVE-2025-8225 hint: Use 'git am --show-current-patch=diff' to see the failed patch Steve On Sun, Aug 24, 2025 at 5:43 AM Peter Marko via lists.openembedded.org <peter.marko=siemens.com@lists.openembedded.org> wrote: > > From: Peter Marko <peter.marko@siemens.com> > > Pick commit [1] mentioned in [2]. > > [1] https://gitlab.com/gnutools/binutils-gdb/-/commit/e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4 > [2] https://nvd.nist.gov/vuln/detail/CVE-2025-8225 > > Testsuite did not show any changes in results: > > === binutils Summary === > > # of expected passes 310 > # of unexpected failures 1 > # of untested testcases 1 > # of unsupported tests 9 > > Signed-off-by: Peter Marko <peter.marko@siemens.com> > --- > .../binutils/binutils-2.44.inc | 1 + > .../binutils/0019-CVE-2025-8225.patch | 41 +++++++++++++++++++ > 2 files changed, 42 insertions(+) > create mode 100644 meta/recipes-devtools/binutils/binutils/0019-CVE-2025-8225.patch > > diff --git a/meta/recipes-devtools/binutils/binutils-2.44.inc b/meta/recipes-devtools/binutils/binutils-2.44.inc > index 67ced2863b..20d9c2a6f2 100644 > --- a/meta/recipes-devtools/binutils/binutils-2.44.inc > +++ b/meta/recipes-devtools/binutils/binutils-2.44.inc > @@ -46,5 +46,6 @@ SRC_URI = "\ > file://0018-CVE-2025-5245.patch \ > file://0019-CVE-2025-7545.patch \ > file://0018-CVE-2025-7546.patch \ > + file://0019-CVE-2025-8225.patch \ > " > S = "${WORKDIR}/git" > diff --git a/meta/recipes-devtools/binutils/binutils/0019-CVE-2025-8225.patch b/meta/recipes-devtools/binutils/binutils/0019-CVE-2025-8225.patch > new file mode 100644 > index 0000000000..43bc4c56d8 > --- /dev/null > +++ b/meta/recipes-devtools/binutils/binutils/0019-CVE-2025-8225.patch > @@ -0,0 +1,41 @@ > +From e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4 Mon Sep 17 00:00:00 2001 > +From: Alan Modra <amodra@gmail.com> > +Date: Wed, 19 Feb 2025 22:45:29 +1030 > +Subject: [PATCH] binutils/dwarf.c debug_information leak > + > +It is possible with fuzzed files to have num_debug_info_entries zero > +after allocating space for debug_information, leading to multiple > +allocations. > + > + * dwarf.c (process_debug_info): Don't test num_debug_info_entries > + to determine whether debug_information has been allocated, > + test alloc_num_debug_info_entries. > + > +CVE: CVE-2025-8225 > +Upstream-Status: Backport [https://gitlab.com/gnutools/binutils-gdb/-/commit/e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4] > +Signed-off-by: Peter Marko <peter.marko@siemens.com> > +--- > + binutils/dwarf.c | 8 +++----- > + 1 file changed, 3 insertions(+), 5 deletions(-) > + > +diff --git a/binutils/dwarf.c b/binutils/dwarf.c > +index 8e004cea839..bfbf83ec9f4 100644 > +--- a/binutils/dwarf.c > ++++ b/binutils/dwarf.c > +@@ -3807,13 +3807,11 @@ process_debug_info (struct dwarf_section * section, > + } > + > + if ((do_loc || do_debug_loc || do_debug_ranges || do_debug_info) > +- && num_debug_info_entries == 0 > +- && ! do_types) > ++ && alloc_num_debug_info_entries == 0 > ++ && !do_types) > + { > +- > + /* Then allocate an array to hold the information. */ > +- debug_information = (debug_info *) cmalloc (num_units, > +- sizeof (* debug_information)); > ++ debug_information = cmalloc (num_units, sizeof (*debug_information)); > + if (debug_information == NULL) > + { > + error (_("Not enough memory for a debug info array of %u entries\n"), > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#222371): https://lists.openembedded.org/g/openembedded-core/message/222371 > Mute This Topic: https://lists.openembedded.org/mt/114864423/3620601 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [steve@sakoman.com] > -=-=-=-=-=-=-=-=-=-=-=- >
There was a conflict with a parallel patch in binutils. I have rebased and resent this failing patch. Peter > -----Original Message----- > From: Steve Sakoman <steve@sakoman.com> > Sent: Monday, August 25, 2025 21:59 > To: Marko, Peter (FT D EU SK BFS1) <Peter.Marko@siemens.com> > Cc: openembedded-core@lists.openembedded.org > Subject: Re: [OE-core][walnascar][PATCH 2/2] binutils: patch CVE-2025-8225 > > The first patch in this series applies without issue, but this one fails with: > > Applying: binutils: patch CVE-2025-8225 > error: sha1 information is lacking or useless > (meta/recipes-devtools/binutils/binutils-2.44.inc). > error: could not build fake ancestor > Patch failed at 0001 binutils: patch CVE-2025-8225 > hint: Use 'git am --show-current-patch=diff' to see the failed patch > > Steve > > On Sun, Aug 24, 2025 at 5:43 AM Peter Marko via lists.openembedded.org > <peter.marko=siemens.com@lists.openembedded.org> wrote: > > > > From: Peter Marko <peter.marko@siemens.com> > > > > Pick commit [1] mentioned in [2]. > > > > [1] https://gitlab.com/gnutools/binutils-gdb/- > /commit/e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4 > > [2] https://nvd.nist.gov/vuln/detail/CVE-2025-8225 > > > > Testsuite did not show any changes in results: > > > > === binutils Summary === > > > > # of expected passes 310 > > # of unexpected failures 1 > > # of untested testcases 1 > > # of unsupported tests 9 > > > > Signed-off-by: Peter Marko <peter.marko@siemens.com> > > --- > > .../binutils/binutils-2.44.inc | 1 + > > .../binutils/0019-CVE-2025-8225.patch | 41 +++++++++++++++++++ > > 2 files changed, 42 insertions(+) > > create mode 100644 meta/recipes-devtools/binutils/binutils/0019-CVE-2025- > 8225.patch > > > > diff --git a/meta/recipes-devtools/binutils/binutils-2.44.inc b/meta/recipes- > devtools/binutils/binutils-2.44.inc > > index 67ced2863b..20d9c2a6f2 100644 > > --- a/meta/recipes-devtools/binutils/binutils-2.44.inc > > +++ b/meta/recipes-devtools/binutils/binutils-2.44.inc > > @@ -46,5 +46,6 @@ SRC_URI = "\ > > file://0018-CVE-2025-5245.patch \ > > file://0019-CVE-2025-7545.patch \ > > file://0018-CVE-2025-7546.patch \ > > + file://0019-CVE-2025-8225.patch \ > > " > > S = "${WORKDIR}/git" > > diff --git a/meta/recipes-devtools/binutils/binutils/0019-CVE-2025-8225.patch > b/meta/recipes-devtools/binutils/binutils/0019-CVE-2025-8225.patch > > new file mode 100644 > > index 0000000000..43bc4c56d8 > > --- /dev/null > > +++ b/meta/recipes-devtools/binutils/binutils/0019-CVE-2025-8225.patch > > @@ -0,0 +1,41 @@ > > +From e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4 Mon Sep 17 00:00:00 > 2001 > > +From: Alan Modra <amodra@gmail.com> > > +Date: Wed, 19 Feb 2025 22:45:29 +1030 > > +Subject: [PATCH] binutils/dwarf.c debug_information leak > > + > > +It is possible with fuzzed files to have num_debug_info_entries zero > > +after allocating space for debug_information, leading to multiple > > +allocations. > > + > > + * dwarf.c (process_debug_info): Don't test num_debug_info_entries > > + to determine whether debug_information has been allocated, > > + test alloc_num_debug_info_entries. > > + > > +CVE: CVE-2025-8225 > > +Upstream-Status: Backport [https://gitlab.com/gnutools/binutils-gdb/- > /commit/e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4] > > +Signed-off-by: Peter Marko <peter.marko@siemens.com> > > +--- > > + binutils/dwarf.c | 8 +++----- > > + 1 file changed, 3 insertions(+), 5 deletions(-) > > + > > +diff --git a/binutils/dwarf.c b/binutils/dwarf.c > > +index 8e004cea839..bfbf83ec9f4 100644 > > +--- a/binutils/dwarf.c > > ++++ b/binutils/dwarf.c > > +@@ -3807,13 +3807,11 @@ process_debug_info (struct dwarf_section * > section, > > + } > > + > > + if ((do_loc || do_debug_loc || do_debug_ranges || do_debug_info) > > +- && num_debug_info_entries == 0 > > +- && ! do_types) > > ++ && alloc_num_debug_info_entries == 0 > > ++ && !do_types) > > + { > > +- > > + /* Then allocate an array to hold the information. */ > > +- debug_information = (debug_info *) cmalloc (num_units, > > +- sizeof (* debug_information)); > > ++ debug_information = cmalloc (num_units, sizeof (*debug_information)); > > + if (debug_information == NULL) > > + { > > + error (_("Not enough memory for a debug info array of %u entries\n"), > > > > -=-=-=-=-=-=-=-=-=-=-=- > > Links: You receive all messages sent to this group. > > View/Reply Online (#222371): https://lists.openembedded.org/g/openembedded- > core/message/222371 > > Mute This Topic: https://lists.openembedded.org/mt/114864423/3620601 > > Group Owner: openembedded-core+owner@lists.openembedded.org > > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub > [steve@sakoman.com] > > -=-=-=-=-=-=-=-=-=-=-=- > >
diff --git a/meta/recipes-devtools/binutils/binutils-2.44.inc b/meta/recipes-devtools/binutils/binutils-2.44.inc index 67ced2863b..20d9c2a6f2 100644 --- a/meta/recipes-devtools/binutils/binutils-2.44.inc +++ b/meta/recipes-devtools/binutils/binutils-2.44.inc @@ -46,5 +46,6 @@ SRC_URI = "\ file://0018-CVE-2025-5245.patch \ file://0019-CVE-2025-7545.patch \ file://0018-CVE-2025-7546.patch \ + file://0019-CVE-2025-8225.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/0019-CVE-2025-8225.patch b/meta/recipes-devtools/binutils/binutils/0019-CVE-2025-8225.patch new file mode 100644 index 0000000000..43bc4c56d8 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/0019-CVE-2025-8225.patch @@ -0,0 +1,41 @@ +From e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Wed, 19 Feb 2025 22:45:29 +1030 +Subject: [PATCH] binutils/dwarf.c debug_information leak + +It is possible with fuzzed files to have num_debug_info_entries zero +after allocating space for debug_information, leading to multiple +allocations. + + * dwarf.c (process_debug_info): Don't test num_debug_info_entries + to determine whether debug_information has been allocated, + test alloc_num_debug_info_entries. + +CVE: CVE-2025-8225 +Upstream-Status: Backport [https://gitlab.com/gnutools/binutils-gdb/-/commit/e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4] +Signed-off-by: Peter Marko <peter.marko@siemens.com> +--- + binutils/dwarf.c | 8 +++----- + 1 file changed, 3 insertions(+), 5 deletions(-) + +diff --git a/binutils/dwarf.c b/binutils/dwarf.c +index 8e004cea839..bfbf83ec9f4 100644 +--- a/binutils/dwarf.c ++++ b/binutils/dwarf.c +@@ -3807,13 +3807,11 @@ process_debug_info (struct dwarf_section * section, + } + + if ((do_loc || do_debug_loc || do_debug_ranges || do_debug_info) +- && num_debug_info_entries == 0 +- && ! do_types) ++ && alloc_num_debug_info_entries == 0 ++ && !do_types) + { +- + /* Then allocate an array to hold the information. */ +- debug_information = (debug_info *) cmalloc (num_units, +- sizeof (* debug_information)); ++ debug_information = cmalloc (num_units, sizeof (*debug_information)); + if (debug_information == NULL) + { + error (_("Not enough memory for a debug info array of %u entries\n"),