| Message ID | 20251020220912.483748-1-peter.marko@siemens.com |
|---|---|
| State | New |
| Headers | show |
| Series | [1/5] binutils: patch CVE-2025-11414 | expand |
all 5 Patches are good, thanks. On Mon, Oct 20, 2025 at 3:09 PM Peter Marko via lists.openembedded.org <peter.marko=siemens.com@lists.openembedded.org> wrote: > > From: Peter Marko <peter.marko@siemens.com> > > Pick commit per NVD CVE report. > > Signed-off-by: Peter Marko <peter.marko@siemens.com> > --- > .../binutils/binutils-2.45.inc | 1 + > .../binutils/binutils/CVE-2025-11414.patch | 84 +++++++++++++++++++ > 2 files changed, 85 insertions(+) > create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2025-11414.patch > > diff --git a/meta/recipes-devtools/binutils/binutils-2.45.inc b/meta/recipes-devtools/binutils/binutils-2.45.inc > index 391b0157d3a..2adff3c4562 100644 > --- a/meta/recipes-devtools/binutils/binutils-2.45.inc > +++ b/meta/recipes-devtools/binutils/binutils-2.45.inc > @@ -39,4 +39,5 @@ SRC_URI = "\ > file://0015-CVE-2025-11081.patch \ > file://0016-CVE-2025-11082.patch \ > file://0017-CVE-2025-11083.patch \ > + file://CVE-2025-11414.patch \ > " > diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2025-11414.patch b/meta/recipes-devtools/binutils/binutils/CVE-2025-11414.patch > new file mode 100644 > index 00000000000..21f98f075ed > --- /dev/null > +++ b/meta/recipes-devtools/binutils/binutils/CVE-2025-11414.patch > @@ -0,0 +1,84 @@ > +From aeaaa9af6359c8e394ce9cf24911fec4f4d23703 Mon Sep 17 00:00:00 2001 > +From: "H.J. Lu" <hjl.tools@gmail.com> > +Date: Tue, 23 Sep 2025 08:52:26 +0800 > +Subject: [PATCH] elf: Return error on unsorted symbol table if not allowed > + > +Normally ELF symbol table should be sorted, i.e., local symbols precede > +global symbols. Irix 6 is an exception and its elf_bad_symtab is set > +to true. Issue an error if elf_bad_symtab is false and symbol table is > +unsorted. > + > + PR ld/33450 > + * elflink.c (set_symbol_value): Change return type to bool and > + return false on error. Issue an error on unsorted symbol table > + if not allowed. > + (elf_link_input_bfd): Return false if set_symbol_value reurns > + false. > + > +Signed-off-by: H.J. Lu <hjl.tools@gmail.com> > + > +CVE: CVE-2025-11414 > +Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=aeaaa9af6359c8e394ce9cf24911fec4f4d23703] > +Signed-off-by: Peter Marko <peter.marko@siemens.com> > +--- > + bfd/elflink.c | 21 +++++++++++++++------ > + 1 file changed, 15 insertions(+), 6 deletions(-) > + > +diff --git a/bfd/elflink.c b/bfd/elflink.c > +index 66982f82b94..54f0d6e957e 100644 > +--- a/bfd/elflink.c > ++++ b/bfd/elflink.c > +@@ -9127,7 +9127,7 @@ struct elf_outext_info > + <binary-operator> := as in C > + <unary-operator> := as in C, plus "0-" for unambiguous negation. */ > + > +-static void > ++static bool > + set_symbol_value (bfd *bfd_with_globals, > + Elf_Internal_Sym *isymbuf, > + size_t locsymcount, > +@@ -9148,9 +9148,15 @@ set_symbol_value (bfd *bfd_with_globals, > + "absolute" section and give it a value. */ > + sym->st_shndx = SHN_ABS; > + sym->st_value = val; > +- return; > ++ return true; > ++ } > ++ if (!elf_bad_symtab (bfd_with_globals)) > ++ { > ++ _bfd_error_handler (_("%pB: corrupt symbol table"), > ++ bfd_with_globals); > ++ bfd_set_error (bfd_error_bad_value); > ++ return false; > + } > +- BFD_ASSERT (elf_bad_symtab (bfd_with_globals)); > + extsymoff = 0; > + } > + > +@@ -9160,11 +9166,12 @@ set_symbol_value (bfd *bfd_with_globals, > + if (h == NULL) > + { > + /* FIXMEL What should we do ? */ > +- return; > ++ return false; > + } > + h->root.type = bfd_link_hash_defined; > + h->root.u.def.value = val; > + h->root.u.def.section = bfd_abs_section_ptr; > ++ return true; > + } > + > + static bool > +@@ -11862,8 +11869,10 @@ elf_link_input_bfd (struct elf_final_link_info *flinfo, bfd *input_bfd) > + return false; > + > + /* Symbol evaluated OK. Update to absolute value. */ > +- set_symbol_value (input_bfd, isymbuf, locsymcount, > +- r_symndx, val); > ++ if (!set_symbol_value (input_bfd, isymbuf, locsymcount, r_symndx, > ++ val)) > ++ return false; > ++ > + continue; > + } > + > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#225135): https://lists.openembedded.org/g/openembedded-core/message/225135 > Mute This Topic: https://lists.openembedded.org/mt/115863664/1997914 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [raj.khem@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- >
diff --git a/meta/recipes-devtools/binutils/binutils-2.45.inc b/meta/recipes-devtools/binutils/binutils-2.45.inc index 391b0157d3a..2adff3c4562 100644 --- a/meta/recipes-devtools/binutils/binutils-2.45.inc +++ b/meta/recipes-devtools/binutils/binutils-2.45.inc @@ -39,4 +39,5 @@ SRC_URI = "\ file://0015-CVE-2025-11081.patch \ file://0016-CVE-2025-11082.patch \ file://0017-CVE-2025-11083.patch \ + file://CVE-2025-11414.patch \ " diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2025-11414.patch b/meta/recipes-devtools/binutils/binutils/CVE-2025-11414.patch new file mode 100644 index 00000000000..21f98f075ed --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2025-11414.patch @@ -0,0 +1,84 @@ +From aeaaa9af6359c8e394ce9cf24911fec4f4d23703 Mon Sep 17 00:00:00 2001 +From: "H.J. Lu" <hjl.tools@gmail.com> +Date: Tue, 23 Sep 2025 08:52:26 +0800 +Subject: [PATCH] elf: Return error on unsorted symbol table if not allowed + +Normally ELF symbol table should be sorted, i.e., local symbols precede +global symbols. Irix 6 is an exception and its elf_bad_symtab is set +to true. Issue an error if elf_bad_symtab is false and symbol table is +unsorted. + + PR ld/33450 + * elflink.c (set_symbol_value): Change return type to bool and + return false on error. Issue an error on unsorted symbol table + if not allowed. + (elf_link_input_bfd): Return false if set_symbol_value reurns + false. + +Signed-off-by: H.J. Lu <hjl.tools@gmail.com> + +CVE: CVE-2025-11414 +Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=aeaaa9af6359c8e394ce9cf24911fec4f4d23703] +Signed-off-by: Peter Marko <peter.marko@siemens.com> +--- + bfd/elflink.c | 21 +++++++++++++++------ + 1 file changed, 15 insertions(+), 6 deletions(-) + +diff --git a/bfd/elflink.c b/bfd/elflink.c +index 66982f82b94..54f0d6e957e 100644 +--- a/bfd/elflink.c ++++ b/bfd/elflink.c +@@ -9127,7 +9127,7 @@ struct elf_outext_info + <binary-operator> := as in C + <unary-operator> := as in C, plus "0-" for unambiguous negation. */ + +-static void ++static bool + set_symbol_value (bfd *bfd_with_globals, + Elf_Internal_Sym *isymbuf, + size_t locsymcount, +@@ -9148,9 +9148,15 @@ set_symbol_value (bfd *bfd_with_globals, + "absolute" section and give it a value. */ + sym->st_shndx = SHN_ABS; + sym->st_value = val; +- return; ++ return true; ++ } ++ if (!elf_bad_symtab (bfd_with_globals)) ++ { ++ _bfd_error_handler (_("%pB: corrupt symbol table"), ++ bfd_with_globals); ++ bfd_set_error (bfd_error_bad_value); ++ return false; + } +- BFD_ASSERT (elf_bad_symtab (bfd_with_globals)); + extsymoff = 0; + } + +@@ -9160,11 +9166,12 @@ set_symbol_value (bfd *bfd_with_globals, + if (h == NULL) + { + /* FIXMEL What should we do ? */ +- return; ++ return false; + } + h->root.type = bfd_link_hash_defined; + h->root.u.def.value = val; + h->root.u.def.section = bfd_abs_section_ptr; ++ return true; + } + + static bool +@@ -11862,8 +11869,10 @@ elf_link_input_bfd (struct elf_final_link_info *flinfo, bfd *input_bfd) + return false; + + /* Symbol evaluated OK. Update to absolute value. */ +- set_symbol_value (input_bfd, isymbuf, locsymcount, +- r_symndx, val); ++ if (!set_symbol_value (input_bfd, isymbuf, locsymcount, r_symndx, ++ val)) ++ return false; ++ + continue; + } +