[walnascar,10/13] binutils: Fix CVE-2025-7545

Message ID	9730ddc98bd961d4e2b5b79fa60a2dde1d2a3301.1752720827.git.steve@sakoman.com
State	RFC
Delegated to:	Steve Sakoman
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.216.41, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][walnascar 10/13] binutils: Fix CVE-2025-7545 Date: Wed, 16 Jul 2025 19:55:33 -0700 Message-ID: <9730ddc98bd961d4e2b5b79fa60a2dde1d2a3301.1752720827.git.steve@sakoman.com> In-Reply-To: <cover.1752720827.git.steve@sakoman.com> References: <cover.1752720827.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[walnascar,01/13] busybox: apply patch for CVE-2023-39810 \| expand [walnascar,01/13] busybox: apply patch for CVE-2023-39810 [walnascar,02/13] curl: ignore CVE-2025-4947 and CVE-2025-5025 [walnascar,03/13] iputils: patch CVE-2025-48964 [walnascar,04/13] gdk-pixbuf: fix CVE-2025-7345 [walnascar,05/13] libxml2: fix CVE-2025-6021 [walnascar,06/13] libxml2: Fix CVE-2025-49794 & CVE-2025-49796 [walnascar,07/13] libxml2: fix CVE-2025-49795 [walnascar,08/13] binutils: stable 2.44 branch updates [walnascar,09/13] binutils: Fix CVE-2025-5245 [walnascar,10/13] binutils: Fix CVE-2025-7545 [walnascar,11/13] binutils: Fix CVE-2025-7546 [walnascar,12/13] ruby-ptest : some ptest fixes [walnascar,13/13] kea: set correct permissions for /var/run/kea

Message ID

9730ddc98bd961d4e2b5b79fa60a2dde1d2a3301.1752720827.git.steve@sakoman.com

State

RFC

Delegated to:

Steve Sakoman

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][walnascar 10/13] binutils: Fix CVE-2025-7545
Date: Wed, 16 Jul 2025 19:55:33 -0700
Message-ID: 
 <9730ddc98bd961d4e2b5b79fa60a2dde1d2a3301.1752720827.git.steve@sakoman.com>
In-Reply-To: <cover.1752720827.git.steve@sakoman.com>
References: <cover.1752720827.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[walnascar,01/13] busybox: apply patch for CVE-2023-39810 | expand

Commit Message

Steve Sakoman July 17, 2025, 2:55 a.m. UTC

From: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>

objcopy: Don't extend the output section size
Since the output section contents are copied from the input, don't
extend the output section size beyond the input section size.

Backport a patch from upstream to fix CVE-2025-7545
Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944]

Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../binutils/binutils-2.44.inc                |  1 +
 .../binutils/0019-CVE-2025-7545.patch         | 39 +++++++++++++++++++
 2 files changed, 40 insertions(+)
 create mode 100644 meta/recipes-devtools/binutils/binutils/0019-CVE-2025-7545.patch

diff --git a/meta/recipes-devtools/binutils/binutils-2.44.inc b/meta/recipes-devtools/binutils/binutils-2.44.inc
index 0f0befe30e..8a26fe76f1 100644
--- a/meta/recipes-devtools/binutils/binutils-2.44.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.44.inc
@@ -43,5 +43,6 @@  SRC_URI = "\
      file://0016-CVE-2025-5244.patch \
      file://0016-CVE-2025-3198.patch \
      file://0018-CVE-2025-5245.patch \
+     file://0019-CVE-2025-7545.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/0019-CVE-2025-7545.patch b/meta/recipes-devtools/binutils/binutils/0019-CVE-2025-7545.patch
new file mode 100644
index 0000000000..062d6721b6
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0019-CVE-2025-7545.patch
@@ -0,0 +1,39 @@ 
+From: "H.J. Lu" <hjl.tools@gmail.com>
+Date: Sat, 21 Jun 2025 06:36:56 +0800
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944]
+CVE: CVE-2025-7545
+
+Since the output section contents are copied from the input, don't
+extend the output section size beyond the input section size.
+
+	PR binutils/33049
+	* objcopy.c (copy_section): Don't extend the output section
+	size beyond the input section size.
+
+Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
+
+diff --git a/binutils/objcopy.c b/binutils/objcopy.c
+index e2e6bd7e..3cbb3977 100644
+--- a/binutils/objcopy.c
++++ b/binutils/objcopy.c
+@@ -4634,6 +4634,7 @@ copy_section (bfd *ibfd, sec_ptr isection, bfd *obfd)
+ 	  char *to = (char *) memhunk;
+ 	  char *end = (char *) memhunk + size;
+ 	  int i;
++	  bfd_size_type memhunk_size = size;
+ 
+ 	  /* If the section address is not exactly divisible by the interleave,
+ 	     then we must bias the from address.  If the copy_byte is less than
+@@ -4653,6 +4654,11 @@ copy_section (bfd *ibfd, sec_ptr isection, bfd *obfd)
+ 	      }
+ 
+ 	  size = (size + interleave - 1 - copy_byte) / interleave * copy_width;
++
++          /* Don't extend the output section size.  */
++          if (size > memhunk_size)
++            size = memhunk_size;
++	  
+ 	  osection->lma /= interleave;
+ 	  if (copy_byte < extra)
+ 	    osection->lma++;

[walnascar,10/13] binutils: Fix CVE-2025-7545

Commit Message

Patch