From 1c4985317030888ba46df0a288c1cc4b93c83f2d Mon Sep 17 00:00:00 2001 From: wenxin Date: Wed, 6 Aug 2025 11:53:06 +0800 Subject: [PATCH] Add patch to fix CVE-2025-5244,CVE-2025-5245 --- 0044-fix-CVE-2025-5244.patch | 30 ++++++++++++++++++++++++ 0045-fix-CVE-2025-5245.patch | 44 ++++++++++++++++++++++++++++++++++++ binutils.spec | 11 ++++++++- 3 files changed, 84 insertions(+), 1 deletion(-) create mode 100644 0044-fix-CVE-2025-5244.patch create mode 100644 0045-fix-CVE-2025-5245.patch diff --git a/0044-fix-CVE-2025-5244.patch b/0044-fix-CVE-2025-5244.patch new file mode 100644 index 0000000..f836483 --- /dev/null +++ b/0044-fix-CVE-2025-5244.patch @@ -0,0 +1,30 @@ +From d1458933830456e54223d9fc61f0d9b3a19256f5 Mon Sep 17 00:00:00 2001 +From: Alan Modra +Date: Thu, 10 Apr 2025 19:41:49 +0930 +Subject: [PATCH] PR32858 ld segfault on fuzzed object + +We missed one place where it is necessary to check for empty groups. + + PR 32858 + * elflink.c (elf_gc_sweep): Protect against empty group. +--- + bfd/elflink.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/bfd/elflink.c b/bfd/elflink.c +index 19dc853a..7bc48ce1 100644 +--- a/bfd/elflink.c ++++ b/bfd/elflink.c +@@ -14099,7 +14099,8 @@ elf_gc_sweep (bfd *abfd, struct bfd_link_info *info) + if (o->flags & SEC_GROUP) + { + asection *first = elf_next_in_group (o); +- o->gc_mark = first->gc_mark; ++ if (first != NULL) ++ o->gc_mark = first->gc_mark; + } + + if (o->gc_mark) +-- +2.47.3 + diff --git a/0045-fix-CVE-2025-5245.patch b/0045-fix-CVE-2025-5245.patch new file mode 100644 index 0000000..01e3925 --- /dev/null +++ b/0045-fix-CVE-2025-5245.patch @@ -0,0 +1,44 @@ +From 6c3458a8b7ee7d39f070c7b2350851cb2110c65a Mon Sep 17 00:00:00 2001 +From: Alan Modra +Date: Tue, 1 Apr 2025 22:36:54 +1030 +Subject: [PATCH] PR32829, SEGV on objdump function debug_type_samep + +u.kenum is always non-NULL, see debug_make_enum_type. + + PR 32829 + * debug.c (debug_type_samep): Correct incomplete enum test. + (debug_write_type): Remove dead code. +--- + binutils/debug.c | 9 +++------ + 1 file changed, 3 insertions(+), 6 deletions(-) + +diff --git a/binutils/debug.c b/binutils/debug.c +index dcc8ccde4c5..465b18e7c0a 100644 +--- a/binutils/debug.c ++++ b/binutils/debug.c +@@ -2554,9 +2554,6 @@ debug_write_type (struct debug_handle *info, + case DEBUG_KIND_UNION_CLASS: + return debug_write_class_type (info, fns, fhandle, type, tag); + case DEBUG_KIND_ENUM: +- if (type->u.kenum == NULL) +- return (*fns->enum_type) (fhandle, tag, (const char **) NULL, +- (bfd_signed_vma *) NULL); + return (*fns->enum_type) (fhandle, tag, type->u.kenum->names, + type->u.kenum->values); + case DEBUG_KIND_POINTER: +@@ -3097,9 +3094,9 @@ debug_type_samep (struct debug_handle *info, struct debug_type_s *t1, + break; + + case DEBUG_KIND_ENUM: +- if (t1->u.kenum == NULL) +- ret = t2->u.kenum == NULL; +- else if (t2->u.kenum == NULL) ++ if (t1->u.kenum->names == NULL) ++ ret = t2->u.kenum->names == NULL; ++ else if (t2->u.kenum->names == NULL) + ret = false; + else + { +-- +2.43.7 + diff --git a/binutils.spec b/binutils.spec index f3892e3..2efb95d 100644 --- a/binutils.spec +++ b/binutils.spec @@ -1,4 +1,4 @@ -%define anolis_release 7 +%define anolis_release 8 # Determine if this is a native build or a cross build. # # For a cross build add --define "binutils_target " to the command @@ -365,6 +365,12 @@ Patch0042: 0042-fix-CVE-2025-7545.patch # https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=41461010eb7c79fee7a9d5f6209accdaac66cc6b Patch0043: 0043-fix-CVE-2025-7546.patch +# https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d1458933830456e54223d9fc61f0d9b3a19256f5 +Patch0044: 0044-fix-CVE-2025-5244.patch + +# https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6c3458a8b7ee7d39f070c7b2350851cb2110c65a +Patch0045: 0045-fix-CVE-2025-5245.patch + # Purpose: Suppress the x86 linker's p_align-1 tests due to kernel bug on CentOS-10 # Lifetime: TEMPORARY Patch0099: 0099-binutils-suppress-ld-align-tests.patch @@ -1140,6 +1146,9 @@ exit 0 %doc README ChangeLog MAINTAINERS README-maintainer-mode %changelog +* Wed Aug 06 2025 wenxin - 2.41-8 +- Add patch to fix CVE-2025-5244, CVE-2025-5245 + * Wed Jul 30 2025 wenxin - 2.41-7 - Add patch to fix CVE-2025-3198,CVE-2025-7545,CVE-2025-7546 -- Gitee