[whinlatter,v2,05/51] binutils: Fix CVE-2025-69652

Message ID	f2c834408e93586b0a6777e4767503104b13520f.1776377993.git.yoann.congal@smile.fr
State	RFC, archived
Delegated to:	Yoann Congal
Headers	show Return-Path: <yoann.congal@smile.fr> ip: 209.85.128.68, mailfrom: yoann.congal@smile.fr) From: Yoann Congal <yoann.congal@smile.fr> To: openembedded-core@lists.openembedded.org Subject: [OE-core][whinlatter v2 05/51] binutils: Fix CVE-2025-69652 Date: Fri, 17 Apr 2026 00:29:48 +0200 Message-ID: <f2c834408e93586b0a6777e4767503104b13520f.1776377993.git.yoann.congal@smile.fr> In-Reply-To: <cover.1776377993.git.yoann.congal@smile.fr> References: <cover.1776377993.git.yoann.congal@smile.fr> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[whinlatter,v2,01/51] binutils: mark CVE-2025-69650 and CVE-2025-69651 as disputed \| expand [whinlatter,v2,01/51] binutils: mark CVE-2025-69650 and CVE-2025-69651 as disputed [whinlatter,v2,02/51] binutils: Fix CVE-2025-69648 [whinlatter,v2,03/51] binutils: Fix CVE-2025-69644 CVE-2025-69647 [whinlatter,v2,04/51] binutils: Fix CVE-2025-69649 [whinlatter,v2,05/51] binutils: Fix CVE-2025-69652 [whinlatter,v2,06/51] nfs-utils: Fix CVE-2025-12801 [whinlatter,v2,07/51] sqlite3: Fix CVE-2025-70873 [whinlatter,v2,08/51] python3: upgrade 3.13.11 -> 3.13.12 [whinlatter,v2,09/51] libarchive: upgrade 3.8.5 -> 3.8.6 [whinlatter,v2,10/51] vim: Fix CVE-2026-33412 [whinlatter,v2,11/51] vim: Fix CVE-2026-28418 [whinlatter,v2,12/51] vim: Fix CVE-2026-28419 [whinlatter,v2,13/51] binutils: Fix build with GLIBC 2.43 on the host [whinlatter,v2,14/51] gcc: backport a fix for building with gcc-16 [whinlatter,v2,15/51] barebox/barebox-tools: upgrade 2025.09.0 -> 2025.09.3 [whinlatter,v2,16/51] openssl: upgrade 3.5.5 -> 3.5.6 [whinlatter,v2,17/51] go: upgrade 1.25.8 -> 1.25.9 [whinlatter,v2,18/51] dtc: backport fix for build with glibc-2.43 [whinlatter,v2,19/51] pseudo: Add fix for glibc 2.43 [whinlatter,v2,20/51] yocto-uninative: Update to 5.1 for glibc 2.43 [whinlatter,v2,21/51] m4: backport 3 gnulib changes to fix build with glibc-2.43 on host [whinlatter,v2,22/51] gettext: backport gnulib changes to fix build with glibc-2.43 on host [whinlatter,v2,23/51] util-linux: backport fix to build with glibc-2.43 on host [whinlatter,v2,24/51] systemd: backport fix to build with glibc-2.43 on host [whinlatter,v2,25/51] virglrenderer: Fix build with glibc 2.43+ [whinlatter,v2,26/51] libxcrypt: avoid discarded-qualifiers build failure with glibc 2.43 [whinlatter,v2,27/51] libxcrypt: Fix build wrt C23 support [whinlatter,v2,28/51] libxcrypt: Use configure knob to disable warnings as errors [whinlatter,v2,29/51] glibc: stable 2.42 branch updates [whinlatter,v2,30/51] spirv-tools: backport a fix for building with gcc-16 [whinlatter,v2,31/51] ovmf: backport a fix for build with gcc-16 [whinlatter,v2,32/51] libpng: upgrade 1.6.55 -> 1.6.56 [whinlatter,v2,33/51] recipetool: Recognise https://git. as git urls [whinlatter,v2,34/51] selftest/scripts: Update old git protocol references [whinlatter,v2,35/51] archiver: Don't try to preserve all attributes when copying files [whinlatter,v2,36/51] license.py: Drop visit_Str from SeenVisitor in selftest [whinlatter,v2,37/51] oeqa/selftest/devtool: add vulkan feature check for test needing it [whinlatter,v2,38/51] selftest/minidebuginfo: extract files from tar archive using tarfile module [whinlatter,v2,39/51] selftest/gdbserver: replace shutil.unpack_archive with tarfile extract [whinlatter,v2,40/51] oeqa/selftest: add wayland feature check for tests needing it [whinlatter,v2,41/51] report-error.bbclass: replace 'codecs.open()' with 'open()' [whinlatter,v2,42/51] oeqa/sdk: Default to https git protocol for YP/OE repos [whinlatter,v2,43/51] scripts: Default to https git protocol for YP/OE repos [whinlatter,v2,44/51] oeqa/selftest/git-submodule-test: Default to https git protocol for YP/OE rep… [whinlatter,v2,45/51] meta/files/layers.example.json: switch to https clone URIs [whinlatter,v2,46/51] build-appliance-image: switch SRC_URI to https protocol [whinlatter,v2,47/51] scripts/install-buildtools: Update to 5.3.3 [whinlatter,v2,48/51] binutils: Upgrade to 2.45.1 release [whinlatter,v2,49/51] ptest-runner: Upgrade 2.4.5.1 -> 2.5.0 [whinlatter,v2,50/51] ptest-runner: Use git tag in SRC_URI [whinlatter,v2,51/51] ptest-runner: Upgrade 2.5.0 -> 2.5.1

Message ID

f2c834408e93586b0a6777e4767503104b13520f.1776377993.git.yoann.congal@smile.fr

State

RFC, archived

Delegated to:

Yoann Congal

Headers

From: Yoann Congal <yoann.congal@smile.fr>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][whinlatter v2 05/51] binutils: Fix CVE-2025-69652
Date: Fri, 17 Apr 2026 00:29:48 +0200
Message-ID: 
 <f2c834408e93586b0a6777e4767503104b13520f.1776377993.git.yoann.congal@smile.fr>
In-Reply-To: <cover.1776377993.git.yoann.congal@smile.fr>
References: <cover.1776377993.git.yoann.congal@smile.fr>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[whinlatter,v2,01/51] binutils: mark CVE-2025-69650 and CVE-2025-69651 as disputed | expand

Commit Message

Yoann Congal April 16, 2026, 10:29 p.m. UTC

From: Deepak Rathore <deeratho@cisco.com>

Pick the patch [1] as mentioned in [2].

[1] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=44b79abd0fa12e7947252eb4c6e5d16ed6033e01
[2] https://nvd.nist.gov/vuln/detail/CVE-2025-69652

Signed-off-by: Deepak Rathore <deeratho@cisco.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 .../binutils/binutils-2.45.inc                |  1 +
 .../binutils/binutils/CVE-2025-69652.patch    | 40 +++++++++++++++++++
 2 files changed, 41 insertions(+)
 create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2025-69652.patch

diff --git a/meta/recipes-devtools/binutils/binutils-2.45.inc b/meta/recipes-devtools/binutils/binutils-2.45.inc
index 94b7ca54cb8..f635d76069a 100644
--- a/meta/recipes-devtools/binutils/binutils-2.45.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.45.inc
@@ -51,4 +51,5 @@  SRC_URI = "\
      file://CVE-2025-69648.patch \
      file://CVE-2025-69644_CVE-2025-69647.patch \
      file://CVE-2025-69649.patch \
+     file://CVE-2025-69652.patch \
 "
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2025-69652.patch b/meta/recipes-devtools/binutils/binutils/CVE-2025-69652.patch
new file mode 100644
index 00000000000..5de94820d1d
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2025-69652.patch
@@ -0,0 +1,40 @@ 
+From 5a2f57ab03067f6622c19983e1e31207bd2293a6 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Mon, 8 Dec 2025 16:04:44 +1030
+Subject: [PATCH] PR 33701, abort in byte_get_little_endian
+
+	PR 33701
+	* dwarf.c (process_debug_info): Set debug_info_p NULL when
+	DEBUG_INFO_UNAVAILABLE.
+
+CVE: CVE-2025-69652
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=44b79abd0fa12e7947252eb4c6e5d16ed6033e01]
+
+(cherry picked from commit 44b79abd0fa12e7947252eb4c6e5d16ed6033e01)
+Signed-off-by: Deepak Rathore <deeratho@cisco.com>
+---
+ binutils/dwarf.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/binutils/dwarf.c b/binutils/dwarf.c
+index 2462e6540a7..0d88ea94619 100644
+--- a/binutils/dwarf.c
++++ b/binutils/dwarf.c
+@@ -4248,9 +4248,11 @@ process_debug_info (struct dwarf_section * section,
+ 	      break;
+ 	    }
+ 
+-	  debug_info *debug_info_p = ((debug_information
+-				       && unit < alloc_num_debug_info_entries)
+-				      ? debug_information + unit : NULL);
++	  debug_info *debug_info_p = NULL;
++	  if (debug_information
++	      && num_debug_info_entries != DEBUG_INFO_UNAVAILABLE
++	      && unit < alloc_num_debug_info_entries)
++	    debug_info_p = debug_information + unit;
+ 
+ 	  assert (!debug_info_p
+ 		  || (debug_info_p->num_loc_offsets
+-- 
+2.35.6
+

[whinlatter,v2,05/51] binutils: Fix CVE-2025-69652

Commit Message

Patch