import CS binutils-2.35.2-72.el9
This commit is contained in:
AlmaLinux RelEng Bot
parent
913d8c86c3
commit
a02b84c9f9
79
SOURCES/binutils-CVE-2025-11083.patch
Normal file
79
SOURCES/binutils-CVE-2025-11083.patch
Normal file
@ -0,0 +1,79 @@
|
||||
From 9ca499644a21ceb3f946d1c179c38a83be084490 Mon Sep 17 00:00:00 2001
|
||||
From: "H.J. Lu" <hjl.tools@gmail.com>
|
||||
Date: Thu, 18 Sep 2025 16:59:25 -0700
|
||||
Subject: [PATCH] elf: Don't match corrupt section header in linker input
|
||||
|
||||
Don't swap in nor match corrupt section header in linker input to avoid
|
||||
linker crash later.
|
||||
|
||||
PR ld/33457
|
||||
* elfcode.h (elf_swap_shdr_in): Changed to return bool. Return
|
||||
false for corrupt section header in linker input.
|
||||
(elf_object_p): Reject if elf_swap_shdr_in returns false.
|
||||
|
||||
Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
|
||||
---
|
||||
bfd/elfcode.h | 14 +++++++++-----
|
||||
1 file changed, 9 insertions(+), 5 deletions(-)
|
||||
|
||||
--- binutils-2.35.2.orig/bfd/elfcode.h 2025-11-11 11:51:18.923256541 +0000
|
||||
+++ binutils-2.35.2/bfd/elfcode.h 2025-11-11 11:56:54.539093437 +0000
|
||||
@@ -298,7 +298,7 @@ elf_swap_ehdr_out (bfd *abfd,
|
||||
/* Translate an ELF section header table entry in external format into an
|
||||
ELF section header table entry in internal format. */
|
||||
|
||||
-static void
|
||||
+static bfd_boolean
|
||||
elf_swap_shdr_in (bfd *abfd,
|
||||
const Elf_External_Shdr *src,
|
||||
Elf_Internal_Shdr *dst)
|
||||
@@ -322,10 +322,13 @@ elf_swap_shdr_in (bfd *abfd,
|
||||
ufile_ptr filesize = bfd_get_file_size (abfd);
|
||||
|
||||
if (filesize != 0 && dst->sh_size > filesize)
|
||||
- _bfd_error_handler
|
||||
- (_("warning: %pB has a corrupt section with a size (%"
|
||||
- BFD_VMA_FMT "x) larger than the file size"),
|
||||
- abfd, dst->sh_size);
|
||||
+ {
|
||||
+ _bfd_error_handler
|
||||
+ (_("warning: %pB has a corrupt section with a size (%"
|
||||
+ BFD_VMA_FMT "x) larger than the file size"),
|
||||
+ abfd, dst->sh_size);
|
||||
+ return FALSE;
|
||||
+ }
|
||||
}
|
||||
dst->sh_link = H_GET_32 (abfd, src->sh_link);
|
||||
dst->sh_info = H_GET_32 (abfd, src->sh_info);
|
||||
@@ -333,6 +336,7 @@ elf_swap_shdr_in (bfd *abfd,
|
||||
dst->sh_entsize = H_GET_WORD (abfd, src->sh_entsize);
|
||||
dst->bfd_section = NULL;
|
||||
dst->contents = NULL;
|
||||
+ return TRUE;
|
||||
}
|
||||
|
||||
/* Translate an ELF section header table entry in internal format into an
|
||||
@@ -625,9 +629,9 @@ elf_object_p (bfd *abfd)
|
||||
|
||||
/* Read the first section header at index 0, and convert to internal
|
||||
form. */
|
||||
- if (bfd_bread (&x_shdr, sizeof x_shdr, abfd) != sizeof (x_shdr))
|
||||
+ if (bfd_bread (&x_shdr, sizeof x_shdr, abfd) != sizeof (x_shdr)
|
||||
+ || !elf_swap_shdr_in (abfd, &x_shdr, &i_shdr))
|
||||
goto got_no_match;
|
||||
- elf_swap_shdr_in (abfd, &x_shdr, &i_shdr);
|
||||
|
||||
/* If the section count is zero, the actual count is in the first
|
||||
section header. */
|
||||
@@ -710,9 +714,9 @@ elf_object_p (bfd *abfd)
|
||||
to internal form. */
|
||||
for (shindex = 1; shindex < i_ehdrp->e_shnum; shindex++)
|
||||
{
|
||||
- if (bfd_bread (&x_shdr, sizeof x_shdr, abfd) != sizeof (x_shdr))
|
||||
+ if (bfd_bread (&x_shdr, sizeof x_shdr, abfd) != sizeof (x_shdr)
|
||||
+ || !elf_swap_shdr_in (abfd, &x_shdr, i_shdrp + shindex))
|
||||
goto got_no_match;
|
||||
- elf_swap_shdr_in (abfd, &x_shdr, i_shdrp + shindex);
|
||||
|
||||
/* Sanity check sh_link and sh_info. */
|
||||
if (i_shdrp[shindex].sh_link >= num_sec)
|
||||
38
SOURCES/binutils-error-on-corrupted-group.patch
Normal file
38
SOURCES/binutils-error-on-corrupted-group.patch
Normal file
@ -0,0 +1,38 @@
|
||||
From 41461010eb7c79fee7a9d5f6209accdaac66cc6b Mon Sep 17 00:00:00 2001
|
||||
From: "H.J. Lu" <hjl.tools@gmail.com>
|
||||
Date: Sat, 21 Jun 2025 06:52:00 +0800
|
||||
Subject: [PATCH] elf: Report corrupted group section
|
||||
|
||||
Report corrupted group section instead of trying to recover.
|
||||
|
||||
PR binutils/33050
|
||||
* elf.c (bfd_elf_set_group_contents): Report corrupted group
|
||||
section.
|
||||
|
||||
Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
|
||||
---
|
||||
bfd/elf.c | 23 ++++++++++-------------
|
||||
1 file changed, 10 insertions(+), 13 deletions(-)
|
||||
|
||||
--- binutils.orig/bfd/elf.c 2025-12-16 12:33:34.627390340 +0000
|
||||
+++ binutils-2.35.2/bfd/elf.c 2025-12-16 12:36:53.274123682 +0000
|
||||
@@ -3667,8 +3667,18 @@ bfd_elf_set_group_contents (bfd *abfd, a
|
||||
break;
|
||||
}
|
||||
|
||||
+ /* We should always get here with loc == sec->contents + 4. Return
|
||||
+ an error for bogus SHT_GROUP sections. */
|
||||
loc -= 4;
|
||||
- BFD_ASSERT (loc == sec->contents);
|
||||
+ if (loc != sec->contents)
|
||||
+ {
|
||||
+ /* xgettext:c-format */
|
||||
+ _bfd_error_handler (_("%pB: corrupted group section: `%pA'"),
|
||||
+ abfd, sec);
|
||||
+ bfd_set_error (bfd_error_bad_value);
|
||||
+ *failedptr = TRUE;
|
||||
+ return;
|
||||
+ }
|
||||
|
||||
H_PUT_32 (abfd, sec->flags & SEC_LINK_ONCE ? GRP_COMDAT : 0, loc);
|
||||
}
|
||||
@ -1809,7 +1809,7 @@ diff -rupN binutils.orig/ld/testsuite/ld-powerpc/ppc476-shared2.d binutils-2.35.
|
||||
|
||||
DYNAMIC RELOCATION RECORDS
|
||||
-OFFSET TYPE VALUE
|
||||
+OFFSET +TYPE +VALUE
|
||||
+OFFSET +TYPE +VALUE.*
|
||||
0001000[02] R_PPC_ADDR16_LO \.text\+0x00050000
|
||||
0002000[02] R_PPC_ADDR16_LO \.text\+0x00050000
|
||||
0003000[02] R_PPC_ADDR16_LO \.text\+0x00050000
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
Summary: A GNU collection of binary utilities
|
||||
Name: binutils%{?_with_debug:-debug}
|
||||
Version: 2.35.2
|
||||
Release: 67%{?dist}
|
||||
Release: 72%{?dist}
|
||||
License: GPLv3+
|
||||
URL: https://sourceware.org/binutils
|
||||
|
||||
@ -533,6 +533,16 @@ Patch105: binutils-AArch64-missing-assembler-tests-12.patch
|
||||
# Lifetime: Fixed in 2.46
|
||||
Patch106: binutils-execstack-error-tests.patch
|
||||
|
||||
# Purpose: Stops a potential illegal memory access when linking a corrupt
|
||||
# input file. PR 33457
|
||||
# Lifetime: Fixed in 2.46
|
||||
Patch107: binutils-CVE-2025-11083.patch
|
||||
|
||||
# Purpose: Stops a potential illegal memory access when copying a corrupt
|
||||
# input file. PR 33050
|
||||
# Lifetime: Fixed in 2.46
|
||||
Patch108: binutils-error-on-corrupted-group.patch
|
||||
|
||||
#----------------------------------------------------------------------------
|
||||
|
||||
Provides: bundled(libiberty)
|
||||
@ -1392,6 +1402,18 @@ exit 0
|
||||
|
||||
#----------------------------------------------------------------------------
|
||||
%changelog
|
||||
* Mon Jan 19 2026 Nick Clifton <nickc@redhat.com> - 2.35.2-72
|
||||
- Fix a potential illegal memory access when copying a corrupt input file. (RHEL-142281)
|
||||
|
||||
* Tue Dec 16 2025 Nick Clifton <nickc@redhat.com> - 2.35.2-71
|
||||
- Fix a potential illegal memory access when copying a corrupt input file. (RHEL-132287)
|
||||
|
||||
* Tue Nov 11 2025 Nick Clifton <nickc@redhat.com> - 2.35.2-69
|
||||
- Fix a potential illegal memory access when linking a corrupt input file. (RHEL-126883)
|
||||
|
||||
* Wed Sep 10 2025 Nick Clifton <nickc@redhat.com> - 2.35.2-68
|
||||
- Add missing space to ppc476-shared2 linker test. (RHEL-113842)
|
||||
|
||||
* Tue Aug 19 2025 Nick Clifton <nickc@redhat.com> - 2.35.2-67
|
||||
- Adds tests for the linker's --error-execstack and --error-rwx-segments command line options. (RHEL-109970)
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user