rpms/gcc-toolset-15-binutils
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

merge into: rpms:a10s
Branches Tags
rpms:c10s
rpms:c9
rpms:c10
rpms:c9s
rpms:c8
rpms:c9-beta
rpms:a10s
rpms:c8s
rpms:imports/c9/gcc-toolset-15-binutils-2.44-3.el9_7.1
rpms:imports/c10/gcc-toolset-15-binutils-2.44-7.el10_1.1
rpms:imports/c10s/gcc-toolset-15-binutils-2.44-8.el10
rpms:imports/c8/gcc-toolset-15-binutils-2.44-3.el8_10
rpms:imports/c9-beta/gcc-toolset-15-binutils-2.44-3.el9
rpms:imports/c10s/gcc-toolset-15-binutils-2.44-7.el10
rpms:imports/c10s/gcc-toolset-15-binutils-2.44-6.el10
rpms:imports/c10s/gcc-toolset-15-binutils-2.44-5.el10
rpms:imports/c10s/gcc-toolset-15-binutils-2.44-4.el10
rpms:imports/c10s/gcc-toolset-15-binutils-2.44-3.el10
...
pull from: rpms:c10s
Branches Tags
rpms:c9
rpms:c10
rpms:c9s
rpms:c10s
rpms:c8
rpms:c9-beta
rpms:a10s
rpms:c8s
rpms:imports/c9/gcc-toolset-15-binutils-2.44-3.el9_7.1
rpms:imports/c10/gcc-toolset-15-binutils-2.44-7.el10_1.1
rpms:imports/c10s/gcc-toolset-15-binutils-2.44-8.el10
rpms:imports/c8/gcc-toolset-15-binutils-2.44-3.el8_10
rpms:imports/c9-beta/gcc-toolset-15-binutils-2.44-3.el9
rpms:imports/c10s/gcc-toolset-15-binutils-2.44-7.el10
rpms:imports/c10s/gcc-toolset-15-binutils-2.44-6.el10
rpms:imports/c10s/gcc-toolset-15-binutils-2.44-5.el10
rpms:imports/c10s/gcc-toolset-15-binutils-2.44-4.el10
rpms:imports/c10s/gcc-toolset-15-binutils-2.44-3.el10

1 Commits
a10s ... c10s

Author SHA1 Message Date
Nick Clifton
3523140290 Fix a potential illegal memory access when linking a corrupt input file. 
Resolves: RHEL-130615
 2025-11-25 13:52:56 +00:00
2 changed files with 80 additions and 1 deletions
Show Stats Expand all files Collapse all files

71
binutils-CVE-2025-11083.patch Normal file
View File

@ -0,0 +1,71 @@
From 9ca499644a21ceb3f946d1c179c38a83be084490 Mon Sep 17 00:00:00 2001
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Thu, 18 Sep 2025 16:59:25 -0700
Subject: [PATCH] elf: Don't match corrupt section header in linker input
Don't swap in nor match corrupt section header in linker input to avoid
linker crash later.
PR ld/33457
* elfcode.h (elf_swap_shdr_in): Changed to return bool. Return
false for corrupt section header in linker input.
(elf_object_p): Reject if elf_swap_shdr_in returns false.
Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
---
bfd/elfcode.h | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
--- binutils-with-gold-2.44.orig/bfd/elfcode.h 2025-11-25 13:08:19.115156918 +0000
+++ binutils-with-gold-2.44/bfd/elfcode.h 2025-11-25 13:10:34.050519670 +0000
@@ -311,7 +311,7 @@ elf_swap_ehdr_out (bfd *abfd,
/* Translate an ELF section header table entry in external format into an
ELF section header table entry in internal format. */
-static void
+static bool
elf_swap_shdr_in (bfd *abfd,
const Elf_External_Shdr *src,
Elf_Internal_Shdr *dst)
@@ -341,6 +341,9 @@ elf_swap_shdr_in (bfd *abfd,
{
_bfd_error_handler (_("warning: %pB has a section "
"extending past end of file"), abfd);
+ /* PR ld/33457: Don't match corrupt section header. */
+ if (abfd->is_linker_input)
+ return false;
abfd->read_only = 1;
}
}
@@ -350,6 +353,7 @@ elf_swap_shdr_in (bfd *abfd,
dst->sh_entsize = H_GET_WORD (abfd, src->sh_entsize);
dst->bfd_section = NULL;
dst->contents = NULL;
+ return true;
}
/* Translate an ELF section header table entry in internal format into an
@@ -642,9 +646,9 @@ elf_object_p (bfd *abfd)
/* Read the first section header at index 0, and convert to internal
form. */
- if (bfd_read (&x_shdr, sizeof x_shdr, abfd) != sizeof (x_shdr))
+ if (bfd_read (&x_shdr, sizeof x_shdr, abfd) != sizeof (x_shdr)
+ || !elf_swap_shdr_in (abfd, &x_shdr, &i_shdr))
goto got_no_match;
- elf_swap_shdr_in (abfd, &x_shdr, &i_shdr);
/* If the section count is zero, the actual count is in the first
section header. */
@@ -730,9 +734,9 @@ elf_object_p (bfd *abfd)
to internal form. */
for (shindex = 1; shindex < i_ehdrp->e_shnum; shindex++)
{
- if (bfd_read (&x_shdr, sizeof x_shdr, abfd) != sizeof (x_shdr))
+ if (bfd_read (&x_shdr, sizeof x_shdr, abfd) != sizeof (x_shdr)
+ || !elf_swap_shdr_in (abfd, &x_shdr, i_shdrp + shindex))
goto got_no_match;
- elf_swap_shdr_in (abfd, &x_shdr, i_shdrp + shindex);
/* Sanity check sh_link and sh_info. */
if (i_shdrp[shindex].sh_link >= num_sec)

10
binutils.spec
View File

@ -27,7 +27,7 @@ Name: %{?scl_prefix}binutils
# The variable %%{source} (see below) should be set to indicate which of these
# origins is being used.
Version: 2.44
Release: 7%{?dist}
Release: 8%{?dist}
License: GPL-3.0-or-later AND (GPL-3.0-or-later WITH Bison-exception-2.2) AND (LGPL-2.0-or-later WITH GCC-exception-2.0) AND BSD-3-Clause AND GFDL-1.3-or-later AND GPL-2.0-or-later AND LGPL-2.1-or-later AND LGPL-2.0-or-later
URL: https://sourceware.org/binutils
@ -334,6 +334,11 @@ Patch18: binutils-fix-ar-test.patch
# Lifetime: Fixed in 2.45
Patch19: binutils-aarch64-small-plt0.patch
# Purpose: Stops a potential illegal memory access when linking a corrupt
# input file. PR 33457
# Lifetime: Fixed in 2.46
Patch20: binutils-CVE-2025-11083.patch
#----------------------------------------------------------------------------
# Purpose: Suppress the x86 linker's p_align-1 tests due to kernel bug on CentOS-10
@ -1576,6 +1581,9 @@ exit 0
#----------------------------------------------------------------------------
%changelog
* Tue Nov 25 2025 Nick Clifton <nickc@redhat.com> - 2.44-8
- Fix a potential illegal memory access when linking a corrupt input file. (RHEL-130615)
* Mon Aug 11 2025 Nick Clifton <nickc@redhat.com> - 2.44-7
- Remove uneeded glibc/powerpc patch. (RHEL-100160)