Compare commits
2 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
abef50b280 | ||
| 86d04fef31 |
71
SOURCES/binutils-CVE-2025-11083.patch
Normal file
71
SOURCES/binutils-CVE-2025-11083.patch
Normal file
@ -0,0 +1,71 @@
|
||||
From 9ca499644a21ceb3f946d1c179c38a83be084490 Mon Sep 17 00:00:00 2001
|
||||
From: "H.J. Lu" <hjl.tools@gmail.com>
|
||||
Date: Thu, 18 Sep 2025 16:59:25 -0700
|
||||
Subject: [PATCH] elf: Don't match corrupt section header in linker input
|
||||
|
||||
Don't swap in nor match corrupt section header in linker input to avoid
|
||||
linker crash later.
|
||||
|
||||
PR ld/33457
|
||||
* elfcode.h (elf_swap_shdr_in): Changed to return bool. Return
|
||||
false for corrupt section header in linker input.
|
||||
(elf_object_p): Reject if elf_swap_shdr_in returns false.
|
||||
|
||||
Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
|
||||
---
|
||||
bfd/elfcode.h | 14 +++++++++-----
|
||||
1 file changed, 9 insertions(+), 5 deletions(-)
|
||||
|
||||
--- binutils-2.40.orig/bfd/elfcode.h 2025-11-27 09:08:14.978889644 +0000
|
||||
+++ binutils-2.40/bfd/elfcode.h 2025-11-27 09:08:27.837705323 +0000
|
||||
@@ -298,7 +298,7 @@ elf_swap_ehdr_out (bfd *abfd,
|
||||
/* Translate an ELF section header table entry in external format into an
|
||||
ELF section header table entry in internal format. */
|
||||
|
||||
-static void
|
||||
+static bool
|
||||
elf_swap_shdr_in (bfd *abfd,
|
||||
const Elf_External_Shdr *src,
|
||||
Elf_Internal_Shdr *dst)
|
||||
@@ -328,6 +328,9 @@ elf_swap_shdr_in (bfd *abfd,
|
||||
{
|
||||
_bfd_error_handler (_("warning: %pB has a section "
|
||||
"extending past end of file"), abfd);
|
||||
+ /* PR ld/33457: Don't match corrupt section header. */
|
||||
+ if (abfd->is_linker_input)
|
||||
+ return false;
|
||||
abfd->read_only = 1;
|
||||
}
|
||||
}
|
||||
@@ -337,6 +340,7 @@ elf_swap_shdr_in (bfd *abfd,
|
||||
dst->sh_entsize = H_GET_WORD (abfd, src->sh_entsize);
|
||||
dst->bfd_section = NULL;
|
||||
dst->contents = NULL;
|
||||
+ return true;
|
||||
}
|
||||
|
||||
/* Translate an ELF section header table entry in internal format into an
|
||||
@@ -629,9 +633,9 @@ elf_object_p (bfd *abfd)
|
||||
|
||||
/* Read the first section header at index 0, and convert to internal
|
||||
form. */
|
||||
- if (bfd_bread (&x_shdr, sizeof x_shdr, abfd) != sizeof (x_shdr))
|
||||
+ if (bfd_bread (&x_shdr, sizeof x_shdr, abfd) != sizeof (x_shdr)
|
||||
+ || !elf_swap_shdr_in (abfd, &x_shdr, &i_shdr))
|
||||
goto got_no_match;
|
||||
- elf_swap_shdr_in (abfd, &x_shdr, &i_shdr);
|
||||
|
||||
/* If the section count is zero, the actual count is in the first
|
||||
section header. */
|
||||
@@ -717,9 +721,9 @@ elf_object_p (bfd *abfd)
|
||||
to internal form. */
|
||||
for (shindex = 1; shindex < i_ehdrp->e_shnum; shindex++)
|
||||
{
|
||||
- if (bfd_bread (&x_shdr, sizeof x_shdr, abfd) != sizeof (x_shdr))
|
||||
+ if (bfd_bread (&x_shdr, sizeof x_shdr, abfd) != sizeof (x_shdr)
|
||||
+ || !elf_swap_shdr_in (abfd, &x_shdr, i_shdrp + shindex))
|
||||
goto got_no_match;
|
||||
- elf_swap_shdr_in (abfd, &x_shdr, i_shdrp + shindex);
|
||||
|
||||
/* Sanity check sh_link and sh_info. */
|
||||
if (i_shdrp[shindex].sh_link >= num_sec)
|
||||
@ -1125,109 +1125,3 @@ diff -rup binutils.orig/ld/testsuite/ld-elf/tls.exp binutils-2.40/ld/testsuite/l
|
||||
# Check to see if the C compiler works.
|
||||
if { ![check_compiler_available] } {
|
||||
return
|
||||
--- binutils.orig/ld/testsuite/ld-elf/indirect.exp 2023-04-25 09:59:06.491645786 +0100
|
||||
+++ binutils-2.40/ld/testsuite/ld-elf/indirect.exp 2023-04-25 10:00:53.347435547 +0100
|
||||
@@ -160,12 +160,6 @@ set run_tests {
|
||||
{"Run with libindirect4c.so 4"
|
||||
"-Wl,--no-as-needed tmpdir/libindirect4c.so tmpdir/indirect4b.o tmpdir/indirect4a.o" ""
|
||||
{dummy.c} "indirect4d" "indirect4.out"}
|
||||
- {"Run indirect5 1"
|
||||
- "$NOPIE_LDFLAGS -Wl,--no-as-needed tmpdir/libindirect5.so" ""
|
||||
- {indirect5a.c} "indirect5a" "indirect5.out" "$NOPIE_CFLAGS"}
|
||||
- {"Run indirect5 2"
|
||||
- "$NOPIE_LDFLAGS -Wl,--no-as-needed tmpdir/indirect5a.o tmpdir/libindirect5.so" ""
|
||||
- {dummy.c} "indirect5b" "indirect5.out" "$NOPIE_CFLAGS"}
|
||||
{"Run indirect6 1"
|
||||
"$NOPIE_LDFLAGS -Wl,--no-as-needed tmpdir/libindirect5.so" ""
|
||||
{indirect6a.c} "indirect6a" "indirect5.out" "$NOPIE_CFLAGS"}
|
||||
@@ -217,15 +211,6 @@ proc check_dynamic_syms { test } {
|
||||
return 1
|
||||
}
|
||||
|
||||
-foreach t [list indirect5a indirect5b indirect6a indirect6b] {
|
||||
- set testname [concat $t "dynsym"]
|
||||
- if { [check_dynamic_syms tmpdir/$t] } {
|
||||
- pass $testname
|
||||
- } else {
|
||||
- fail $testname
|
||||
- }
|
||||
-}
|
||||
-
|
||||
send_log "$CC_FOR_TARGET -fPIE -pie $srcdir/$subdir/main.c -o tmpdir/pie"
|
||||
catch "exec $CC_FOR_TARGET -fPIE -pie $srcdir/$subdir/main.c -o tmpdir/pie" exec_output
|
||||
send_log "$exec_output"
|
||||
@@ -234,12 +219,6 @@ if { ! [string match "" $exec_output] }
|
||||
}
|
||||
|
||||
set pie_tests {
|
||||
- {"Run indirect5 3"
|
||||
- "-pie -Wl,--no-as-needed tmpdir/libindirect5.so" ""
|
||||
- {indirect5a.c} "indirect5c" "indirect5.out" "-fPIE"}
|
||||
- {"Run indirect5 4"
|
||||
- "-pie -Wl,--no-as-needed tmpdir/indirect5a.o tmpdir/libindirect5.so" ""
|
||||
- {dummy.c} "indirect5d" "indirect5.out" "-fPIE"}
|
||||
{"Run indirect6 3"
|
||||
"-pie -Wl,--no-as-needed tmpdir/libindirect5.so" ""
|
||||
{indirect6a.c} "indirect6c" "indirect5.out" "-fPIE"}
|
||||
@@ -250,7 +229,7 @@ set pie_tests {
|
||||
|
||||
run_ld_link_exec_tests $pie_tests
|
||||
|
||||
-foreach t [list indirect5c indirect5d indirect6c indirect6d] {
|
||||
+foreach t [list indirect6c indirect6d] {
|
||||
set testname [concat $t "dynsym"]
|
||||
if { [check_dynamic_syms tmpdir/$t] } {
|
||||
pass $testname
|
||||
--- binutils.orig/ld/testsuite/ld-vsb/vsb.exp 2023-04-25 09:59:06.671645424 +0100
|
||||
+++ binutils-2.40/ld/testsuite/ld-vsb/vsb.exp 2023-04-25 10:40:56.526332345 +0100
|
||||
@@ -513,6 +513,11 @@ if { [istarget mips*-*-*] && ! [at_least
|
||||
set picflag "-KPIC"
|
||||
}
|
||||
}
|
||||
+
|
||||
+if { [istarget s390x*-*-linux*] } {
|
||||
+ return
|
||||
+}
|
||||
+
|
||||
verbose "Using $picflag to compile PIC code"
|
||||
|
||||
visibility_run hidden
|
||||
--- binutils.orig/ld/testsuite/ld-shared/shared.exp 2023-04-25 09:59:06.652645462 +0100
|
||||
+++ binutils-2.40/ld/testsuite/ld-shared/shared.exp 2023-04-25 11:00:01.019876693 +0100
|
||||
@@ -263,7 +263,7 @@ if ![ld_compile "$CC_FOR_TARGET $SHCFLAG
|
||||
setup_xfail "x86_64-*-linux*"
|
||||
}
|
||||
setup_xfail "x86_64-*-linux-gnux32"
|
||||
- setup_xfail "s390x-*-linux*"
|
||||
+
|
||||
if [ string match $shared_needs_pic "yes" ] {
|
||||
setup_xfail "arm*-*-linux*"
|
||||
}
|
||||
--- binutils.orig/ld/testsuite/ld-ctf/slice.d 2023-08-03 10:14:42.141231721 +0100
|
||||
+++ binutils-2.40/ld/testsuite/ld-ctf/slice.d 2023-08-03 10:17:52.161503327 +0100
|
||||
@@ -24,10 +24,10 @@ Contents of CTF section .ctf:
|
||||
Types:
|
||||
#...
|
||||
0x[0-9a-f]*: \(kind 6\) struct slices \(size 0x[0-9a-f]*\) \(aligned at 0x[0-9a-f]*\)
|
||||
- *\[0x0\] one: ID 0x[0-9a-f]*: \(kind 1\) int:1 \[slice 0x0:0x1\] \(format 0x1\) \(size 0x1\) \(aligned at 0x1\)
|
||||
- *\[0x1\] two: ID 0x[0-9a-f]*: \(kind 1\) int:2 \[slice 0x0:0x2\] \(format 0x1\) \(size 0x1\) \(aligned at 0x1\)
|
||||
- *\[0x3\] six: ID 0x[0-9a-f]*: \(kind 1\) int:6 \[slice 0x0:0x6\] \(format 0x1\) \(size 0x1\) \(aligned at 0x1\)
|
||||
- *\[0x9\] ten: ID 0x[0-9a-f]*: \(kind 1\) int:10 \[slice 0x0:0xa\] \(format 0x1\) \(size 0x2\) \(aligned at 0x2\)
|
||||
- *\[0x13\] bar: ID 0x[0-9a-f]*: \(kind 8\) enum foo:1 \[slice 0x0:0x1\] \(format 0x1\) \(size 0x1\) \(aligned at 0x1\)
|
||||
+ *\[0x0\] one: ID 0x[0-9a-f]*: \(kind 1\) int:1 \[slice 0x.:0x1\] \(format 0x1\) \(size 0x1\) \(aligned at 0x1\)
|
||||
+ *\[0x.\] two: ID 0x[0-9a-f]*: \(kind 1\) int:2 \[slice 0x.:0x2\] \(format 0x1\) \(size 0x1\) \(aligned at 0x1\)
|
||||
+ *\[0x.\] six: ID 0x[0-9a-f]*: \(kind 1\) int:6 \[slice 0x.:0x6\] \(format 0x1\) \(size 0x1\) \(aligned at 0x1\)
|
||||
+ *\[0x.\] ten: ID 0x[0-9a-f]*: \(kind 1\) int:10 \[slice 0x.:0xa\] \(format 0x1\) \(size 0x2\) \(aligned at 0x2\)
|
||||
+ *\[0x.*\] bar: ID 0x[0-9a-f]*: \(kind 8\) enum foo:1 \[slice 0x.*:0x1\] \(format 0x1\) \(size 0x1\) \(aligned at 0x1\)
|
||||
|
||||
#...
|
||||
--- binutils.orig/ld/testsuite/ld-shared/shared.exp 2023-08-03 16:29:35.541625154 +0100
|
||||
+++ binutils-2.40/ld/testsuite/ld-shared/shared.exp 2023-08-03 16:38:09.990388416 +0100
|
||||
@@ -270,6 +270,7 @@ if ![ld_compile "$CC_FOR_TARGET $SHCFLAG
|
||||
setup_xfail "aarch64*-*-linux*"
|
||||
# Solaris defaults to -z text.
|
||||
setup_xfail "*-*-solaris2*"
|
||||
+ setup_xfail "s390*-*-*"
|
||||
shared_test shnp "shared (non PIC, load offset)" \
|
||||
mainnp.o sh1np.o sh2np.o shared \
|
||||
"-Wl,-T,$srcdir/$subdir/elf-offset.ld,--hash-style=sysv"
|
||||
|
||||
@ -9,7 +9,7 @@ BuildRequires: scl-utils-build
|
||||
Summary: A GNU collection of binary utilities
|
||||
Name: %{?scl_prefix}binutils
|
||||
Version: 2.40
|
||||
Release: 21%{?dist}
|
||||
Release: 22%{?dist}
|
||||
License: GPLv3+
|
||||
URL: https://sourceware.org/binutils
|
||||
|
||||
@ -281,6 +281,11 @@ Patch21: binutils-CVE-2023-1972.patch
|
||||
# Lifetime: Fixed in 2.42
|
||||
Patch22: binutils-AMD-znver5.patch
|
||||
|
||||
# Purpose: Stops a potential illegal memory access when linking a corrupt
|
||||
# input file. PR 33457
|
||||
# Lifetime: Fixed in 2.46
|
||||
Patch23: binutils-CVE-2025-11083.patch
|
||||
|
||||
#----------------------------------------------------------------------------
|
||||
|
||||
Provides: bundled(libiberty)
|
||||
@ -1129,7 +1134,7 @@ export QA_RPATHS=0x0003
|
||||
# BZ 2232410: We cannot be sure that the GTS runtime rpm has restored the SE context.
|
||||
restorecon -R %{_scl_root}/usr/share/locale
|
||||
|
||||
# RHEL-22817: Restore the SELinux context of the bfd-plugins.
|
||||
# RHEL-22818: Restore the SELinux context of the bfd-plugins.
|
||||
restorecon -R %{_libdir}
|
||||
|
||||
exit 0
|
||||
@ -1145,7 +1150,7 @@ exit 0
|
||||
|
||||
%if %{with gprofng}
|
||||
%post gprofng
|
||||
# RHEL-22817: Restire the SELinux context of the gprofng libraries.
|
||||
# RHEL-22818: Restire the SELinux context of the gprofng libraries.
|
||||
restorecon -R %{_libdir}
|
||||
# And the rc file.
|
||||
restorecon /opt/rh/gcc-toolset-13/root/usr/etc/gprofng.rc
|
||||
@ -1313,15 +1318,18 @@ exit 0
|
||||
|
||||
#----------------------------------------------------------------------------
|
||||
%changelog
|
||||
* Thu Nov 27 2025 Nick Clifton <nickc@redhat.com> - 2.40-22
|
||||
- Fix a potential illegal memory access when linking a corrupt input file. (RHEL-130655)
|
||||
|
||||
* Thu Feb 22 2024 Nick Clifton <nickc@redhat.com> - 2.40-21
|
||||
- Run x86_64 assembler tests for znver5 architecture extension. (RHEL-25405)
|
||||
- Run x86_64 assembler tests for znver5 architecture extension. (RHEL-23798)
|
||||
|
||||
* Tue Feb 13 2024 Nick Clifton <nickc@redhat.com> - 2.40-20
|
||||
- Add support for AMD's znver5 architecture extension. (RHEL-25405)
|
||||
- Add support for AMD's znver5 architecture extension. (RHEL-23798)
|
||||
|
||||
* Fri Feb 09 2024 Nick Clifton <nickc@redhat.com> - 2.40-19
|
||||
- Spec File: Restore the SElinux context to %%{_libdir}. (RHEL-22817)
|
||||
- [2.40-18: was a failed attempt to fix RHEL-22817]
|
||||
- Spec File: Restore the SElinux context to %%{_libdir}. (RHEL-22818)
|
||||
- [2.40-18: was a failed attempt to fix RHEL-22818]
|
||||
|
||||
* Thu Jan 11 2024 Nick Clifton <nickc@redhat.com> - 2.40-17
|
||||
- Spec File: Do not use of the system zlib by default. (RHEL-19373)
|
||||
@ -1331,32 +1339,23 @@ exit 0
|
||||
- Disable building static libraries with LTO. (RHEL-18800)
|
||||
|
||||
* Mon Sep 11 2023 Nick Clifton <nickc@redhat.com> - 2.40-15
|
||||
- Restore the SE context during the post install phase. (#2232410)
|
||||
|
||||
* Thu Aug 03 2023 Nick Clifton <nickc@redhat.com> - 2.40-14
|
||||
- Add expected linker test failure for s390x. (#2228870)
|
||||
- Restore the SE context during the post install phase. (#2236729)
|
||||
|
||||
* Thu Aug 03 2023 Nick Clifton <nickc@redhat.com> - 2.40-13
|
||||
- Spec File: Really fix building with GTS-13 gcc. (#2217911)
|
||||
- Spec File: Really fix building with GTS-13 gcc. (#2217819) (#2225130)
|
||||
|
||||
* Mon Jun 26 2023 Nick Clifton <nickc@redhat.com> - 2.40-12
|
||||
- Spec File: Enable building with GTS-13 gcc. (#2217911)
|
||||
- Spec File: Build static libraries with -fno-lto.
|
||||
- Spec File: Enable building with GTS-13 gcc. (#2217819)
|
||||
- Spec File: Sync version number with c8s.
|
||||
|
||||
* Mon Jun 12 2023 Nick Clifton <nickc@redhat.com> - 2.40-11
|
||||
- Spec File: Use the correct alternatives. (#2209151 and #2213913)
|
||||
* Mon Jun 12 2023 Nick Clifton <nickc@redhat.com> - 2.40-9
|
||||
- Spec File: Use the correct alternatives. (#2209148 and #2213913)
|
||||
|
||||
* Mon May 22 2023 Marek Polacek <polacek@redhat.com> - 2.40-9
|
||||
- Spec File: Use the correct alternatives. (#2209151)
|
||||
|
||||
* Tue Apr 25 2023 Nick Clifton <nickc@redhat.com> - 2.40-8
|
||||
- Suppress some s390x linker tests. (#2186396)
|
||||
|
||||
* Mon Apr 24 2023 Nick Clifton <nickc@redhat.com> - 2.40-7
|
||||
- Rebase to 2.40.
|
||||
- Spec File: Fix typo. (#2186396)
|
||||
* Mon May 22 2023 Marek Polacek <polacek@redhat.com> - 2.40-8
|
||||
- Spec File: Use the correct alternatives. (#2209148)
|
||||
|
||||
* Mon Apr 17 2023 Nick Clifton <nickc@redhat.com> - 2.40-7
|
||||
- Spec File: Fix typo. (#2186396)
|
||||
- BFD library: Fix illegal memory access when loading corrupt symbol version info. (#2186579)
|
||||
|
||||
* Thu Mar 30 2023 Nick Clifton <nickc@redhat.com> - 2.40-6
|
||||
|
||||
Loading…
Reference in New Issue
Block a user