[scarthgap,V2,03/16] binutils: Fix CVE-2025-7545

Message ID	128e40c39d8eafdd32fea71b902b38801afec202.1753468892.git.steve@sakoman.com
State	New
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.215.179, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap V2 03/16] binutils: Fix CVE-2025-7545 Date: Fri, 25 Jul 2025 11:44:17 -0700 Message-ID: <128e40c39d8eafdd32fea71b902b38801afec202.1753468892.git.steve@sakoman.com> In-Reply-To: <cover.1753468892.git.steve@sakoman.com> References: <cover.1753468892.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[scarthgap,V2,01/16] libxml2: fix CVE-2025-49795 \| expand [scarthgap,V2,01/16] libxml2: fix CVE-2025-49795 [scarthgap,V2,02/16] binutils: Fix CVE-2025-7546 [scarthgap,V2,03/16] binutils: Fix CVE-2025-7545 [scarthgap,V2,04/16] sqlite3: fix CVE-2025-6965 [scarthgap,V2,05/16] orc: set CVE_PRODUCT [scarthgap,V2,06/16] openssl: CVE-2024-41996 [scarthgap,V2,07/16] openssl: patch CVE-2025-27587 [scarthgap,V2,08/16] libpam: fix CVE-2025-6020 [scarthgap,V2,09/16] glibc: stable 2.39 branch updates [scarthgap,V2,10/16] xserver-xorg: upgrade 21.1.6 -> 21.1.18 [scarthgap,V2,11/16] mtools: upgrade 4.0.43 -> 4.0.44 [scarthgap,V2,12/16] mtools: upgrade 4.0.44 -> 4.0.45 [scarthgap,V2,13/16] mtools: upgrade 4.0.45 -> 4.0.46 [scarthgap,V2,14/16] mtools: upgrade 4.0.46 -> 4.0.47 [scarthgap,V2,15/16] mtools: upgrade 4.0.47 -> 4.0.48 [scarthgap,V2,16/16] mtools: upgrade 4.0.48 -> 4.0.49

Message ID

128e40c39d8eafdd32fea71b902b38801afec202.1753468892.git.steve@sakoman.com

State

New

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap V2 03/16] binutils: Fix CVE-2025-7545
Date: Fri, 25 Jul 2025 11:44:17 -0700
Message-ID: 
 <128e40c39d8eafdd32fea71b902b38801afec202.1753468892.git.steve@sakoman.com>
In-Reply-To: <cover.1753468892.git.steve@sakoman.com>
References: <cover.1753468892.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[scarthgap,V2,01/16] libxml2: fix CVE-2025-49795 | expand

Commit Message

Steve Sakoman July 25, 2025, 6:44 p.m. UTC

From: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>

objcopy: Don't extend the output section size
Since the output section contents are copied from the input, don't
extend the output section size beyond the input section size.

Backport a patch from upstream to fix CVE-2025-7545
Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944]

Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../binutils/binutils-2.42.inc                |  1 +
 .../binutils/0023-CVE-2025-7545.patch         | 39 +++++++++++++++++++
 2 files changed, 40 insertions(+)
 create mode 100644 meta/recipes-devtools/binutils/binutils/0023-CVE-2025-7545.patch

diff --git a/meta/recipes-devtools/binutils/binutils-2.42.inc b/meta/recipes-devtools/binutils/binutils-2.42.inc
index a3ad655dbe..fb34ea9763 100644
--- a/meta/recipes-devtools/binutils/binutils-2.42.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.42.inc
@@ -54,5 +54,6 @@  SRC_URI = "\
      file://0022-CVE-2025-5245.patch \
      file://0022-CVE-2025-5244.patch \
      file://0023-CVE-2025-7546.patch \
+     file://0023-CVE-2025-7545.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/0023-CVE-2025-7545.patch b/meta/recipes-devtools/binutils/binutils/0023-CVE-2025-7545.patch
new file mode 100644
index 0000000000..de132f74fc
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0023-CVE-2025-7545.patch
@@ -0,0 +1,39 @@ 
+From: "H.J. Lu" <hjl.tools@gmail.com>
+Date: Sat, 21 Jun 2025 06:36:56 +0800
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944]
+CVE: CVE-2025-7545
+
+Since the output section contents are copied from the input, don't
+extend the output section size beyond the input section size.
+
+	PR binutils/33049
+	* objcopy.c (copy_section): Don't extend the output section
+	size beyond the input section size.
+
+Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
+
+diff --git a/binutils/objcopy.c b/binutils/objcopy.c
+index a85d2620..18cd1bfd 100644
+--- a/binutils/objcopy.c
++++ b/binutils/objcopy.c
+@@ -4547,6 +4547,7 @@ copy_section (bfd *ibfd, sec_ptr isection, void *obfdarg)
+ 	  char *to = (char *) memhunk;
+ 	  char *end = (char *) memhunk + size;
+ 	  int i;
++	  bfd_size_type memhunk_size = size;
+ 
+ 	  /* If the section address is not exactly divisible by the interleave,
+ 	     then we must bias the from address.  If the copy_byte is less than
+@@ -4566,6 +4567,11 @@ copy_section (bfd *ibfd, sec_ptr isection, void *obfdarg)
+ 	      }
+ 
+ 	  size = (size + interleave - 1 - copy_byte) / interleave * copy_width;
++
++         /* Don't extend the output section size.  */
++         if (size > memhunk_size)
++           size = memhunk_size;
++	  
+ 	  osection->lma /= interleave;
+ 	  if (copy_byte < extra)
+ 	    osection->lma++;

[scarthgap,V2,03/16] binutils: Fix CVE-2025-7545

Commit Message

Patch