From a8f2c801c3b1415adf216cead6d227c2c78068b7 Mon Sep 17 00:00:00 2001 From: wenyuzifang Date: Tue, 2 Sep 2025 12:36:06 +0800 Subject: [PATCH] Update code from upstream --- binutils-2.27-aarch64-ifunc.patch | 11 + binutils-CVE-2025-5244.patch | 22 ++ binutils-aarch64-small-plt0.patch | 12 + binutils-big-merge.patch | 29 +++ binutils-gold-empty-dwp.patch | 11 + binutils-gold-mismatched-section-flags.patch | 19 ++ binutils-handle-corrupt-version-info.patch | 29 +++ binutils-revert-PLT-elision.patch | 167 +++++++++++++ binutils-riscv-SUB_ULEB128.patch | 239 +++++++++++++++++++ binutils-special-sections-in-groups.patch | 27 +++ binutils.spec | 38 ++- 11 files changed, 600 insertions(+), 4 deletions(-) create mode 100644 binutils-2.27-aarch64-ifunc.patch create mode 100644 binutils-CVE-2025-5244.patch create mode 100644 binutils-aarch64-small-plt0.patch create mode 100644 binutils-big-merge.patch create mode 100644 binutils-gold-empty-dwp.patch create mode 100644 binutils-gold-mismatched-section-flags.patch create mode 100644 binutils-handle-corrupt-version-info.patch create mode 100644 binutils-revert-PLT-elision.patch create mode 100644 binutils-riscv-SUB_ULEB128.patch create mode 100644 binutils-special-sections-in-groups.patch diff --git a/binutils-2.27-aarch64-ifunc.patch b/binutils-2.27-aarch64-ifunc.patch new file mode 100644 index 0000000..562ef18 --- /dev/null +++ b/binutils-2.27-aarch64-ifunc.patch @@ -0,0 +1,11 @@ +diff -rup binutils.orig/bfd/elfnn-aarch64.c binutils-2.27/bfd/elfnn-aarch64.c +--- binutils.orig/bfd/elfnn-aarch64.c 2017-02-21 10:45:19.311956006 +0000 ++++ binutils-2.27/bfd/elfnn-aarch64.c 2017-02-21 11:55:07.517922655 +0000 +@@ -4947,6 +4947,7 @@ elfNN_aarch64_final_link_relocate (reloc + it here if it is defined in a non-shared object. */ + if (h != NULL + && h->type == STT_GNU_IFUNC ++ && (input_section->flags & SEC_ALLOC) + && h->def_regular) + { + asection *plt; diff --git a/binutils-CVE-2025-5244.patch b/binutils-CVE-2025-5244.patch new file mode 100644 index 0000000..d76e588 --- /dev/null +++ b/binutils-CVE-2025-5244.patch @@ -0,0 +1,22 @@ +# commit d1458933830456e54223d9fc61f0d9b3a19256f5 +# tree 98864afbaa67a592824cc9f0c846bce8efde33c9 tree +# parent 6fe4e5bd10b996428a557e036c07c5839a8e0a49 commit | diff +# PR32858 ld segfault on fuzzed object +# +# We missed one place where it is necessary to check for empty groups. +# +# PR 32858 +# * elflink.c (elf_gc_sweep): Protect against empty group. + +--- binutils.orig/bfd/elflink.c 2025-06-30 15:59:11.706908490 +0100 ++++ binutils-2.41/bfd/elflink.c 2025-06-30 16:00:32.282299523 +0100 +@@ -14115,7 +14115,8 @@ elf_gc_sweep (bfd *abfd, struct bfd_link + if (o->flags & SEC_GROUP) + { + asection *first = elf_next_in_group (o); +- o->gc_mark = first->gc_mark; ++ if (first != NULL) ++ o->gc_mark = first->gc_mark; + } + + if (o->gc_mark) diff --git a/binutils-aarch64-small-plt0.patch b/binutils-aarch64-small-plt0.patch new file mode 100644 index 0000000..40a42b1 --- /dev/null +++ b/binutils-aarch64-small-plt0.patch @@ -0,0 +1,12 @@ +--- binutils-2.41.orig/bfd/elfnn-aarch64.c 2025-02-07 11:44:36.953219415 +0000 ++++ binutils-2.41/bfd/elfnn-aarch64.c 2025-02-07 11:44:46.021239972 +0000 +@@ -10264,7 +10264,8 @@ elfNN_aarch64_init_small_plt0_entry (bfd + /* PR 26312: Explicitly set the sh_entsize to 0 so that + consumers do not think that the section contains fixed + sized objects. */ +- elf_section_data (htab->root.splt->output_section)->this_hdr.sh_entsize = 0; ++ if (elf_section_data (htab->root.splt->output_section) != NULL) ++ elf_section_data (htab->root.splt->output_section)->this_hdr.sh_entsize = 0; + + plt_got_2nd_ent = (htab->root.sgotplt->output_section->vma + + htab->root.sgotplt->output_offset diff --git a/binutils-big-merge.patch b/binutils-big-merge.patch new file mode 100644 index 0000000..b177a3e --- /dev/null +++ b/binutils-big-merge.patch @@ -0,0 +1,29 @@ +--- binutils.orig/bfd/merge.c 2023-11-07 09:49:56.923358543 +0000 ++++ binutils-2.41/bfd/merge.c 2023-11-07 09:51:47.031552039 +0000 +@@ -167,7 +167,7 @@ static bool + sec_merge_maybe_resize (struct sec_merge_hash *table, unsigned added) + { + struct bfd_hash_table *bfdtab = &table->table; +- if (bfdtab->count + added > table->nbuckets * 2 / 3) ++ if (bfdtab->count + added > table->nbuckets / 3 * 2) + { + unsigned i; + unsigned long newnb = table->nbuckets * 2; +@@ -175,7 +175,7 @@ sec_merge_maybe_resize (struct sec_merge + uint64_t *newl; + unsigned long alloc; + +- while (bfdtab->count + added > newnb * 2 / 3) ++ while (bfdtab->count + added > newnb / 3 * 2) + { + newnb *= 2; + if (!newnb) +@@ -240,7 +240,7 @@ sec_merge_hash_insert (struct sec_merge_ + hashp->u.suffix = NULL; + hashp->next = NULL; + // We must not need resizing, otherwise _index is wrong +- BFD_ASSERT (bfdtab->count + 1 <= table->nbuckets * 2 / 3); ++ BFD_ASSERT (bfdtab->count + 1 <= table->nbuckets / 3 * 2); + bfdtab->count++; + table->key_lens[_index] = (hash << 32) | (uint32_t)len; + table->values[_index] = hashp; diff --git a/binutils-gold-empty-dwp.patch b/binutils-gold-empty-dwp.patch new file mode 100644 index 0000000..b716565 --- /dev/null +++ b/binutils-gold-empty-dwp.patch @@ -0,0 +1,11 @@ +--- binutils.orig/gold/dwp.cc 2023-05-02 13:26:44.075148082 +0100 ++++ binutils-2.40/gold/dwp.cc 2023-05-02 13:27:16.189130127 +0100 +@@ -2418,6 +2418,8 @@ main(int argc, char** argv) + { + Dwo_file exe_file(exe_filename); + exe_file.read_executable(&files); ++ if (files.empty()) ++ gold_fatal(_("Could not find any dwo links in specified EXE")); + } + + // Add any additional files listed on command line. diff --git a/binutils-gold-mismatched-section-flags.patch b/binutils-gold-mismatched-section-flags.patch new file mode 100644 index 0000000..63dba2b --- /dev/null +++ b/binutils-gold-mismatched-section-flags.patch @@ -0,0 +1,19 @@ +diff -rup binutils.orig/gold/layout.cc binutils-2.32/gold/layout.cc +--- binutils.orig/gold/layout.cc 2019-06-24 14:37:36.013086899 +0100 ++++ binutils-2.32/gold/layout.cc 2019-06-24 14:41:40.054517479 +0100 +@@ -868,6 +868,7 @@ Layout::get_output_section(const char* n + && (same_name->flags() & elfcpp::SHF_TLS) == 0) + os = same_name; + } ++#if 0 /* BZ 1722715, PR 17556. */ + else if ((flags & elfcpp::SHF_TLS) == 0) + { + elfcpp::Elf_Xword zero_flags = 0; +@@ -878,6 +879,7 @@ Layout::get_output_section(const char* n + if (p != this->section_name_map_.end()) + os = p->second; + } ++#endif + } + + if (os == NULL) diff --git a/binutils-handle-corrupt-version-info.patch b/binutils-handle-corrupt-version-info.patch new file mode 100644 index 0000000..72e85f4 --- /dev/null +++ b/binutils-handle-corrupt-version-info.patch @@ -0,0 +1,29 @@ +--- binutils.orig/bfd/elf.c 2023-10-13 11:38:25.159530287 +0100 ++++ binutils-2.41/bfd/elf.c 2023-10-13 11:41:23.290898228 +0100 +@@ -9479,6 +9479,8 @@ _bfd_elf_slurp_version_tables (bfd *abfd + if (elf_use_dt_symtab_p (abfd)) + iverneed->vn_filename + = elf_tdata (abfd)->dt_strtab + iverneed->vn_file; ++ else if (hdr == NULL) ++ goto error_return_bad_verref; + else + iverneed->vn_filename + = bfd_elf_string_from_elf_section (abfd, hdr->sh_link, +@@ -9516,6 +9518,8 @@ _bfd_elf_slurp_version_tables (bfd *abfd + if (elf_use_dt_symtab_p (abfd)) + ivernaux->vna_nodename + = elf_tdata (abfd)->dt_strtab + ivernaux->vna_name; ++ else if (hdr == NULL) ++ goto error_return_bad_verref; + else + ivernaux->vna_nodename + = bfd_elf_string_from_elf_section (abfd, hdr->sh_link, +@@ -9546,7 +9550,7 @@ _bfd_elf_slurp_version_tables (bfd *abfd + iverneed->vn_nextref = NULL; + if (iverneed->vn_next == 0) + break; +- if (i + 1 < hdr->sh_info) ++ if (hdr != NULL && (i + 1 < hdr->sh_info)) + iverneed->vn_nextref = iverneed + 1; + + if (iverneed->vn_next diff --git a/binutils-revert-PLT-elision.patch b/binutils-revert-PLT-elision.patch new file mode 100644 index 0000000..b262e54 --- /dev/null +++ b/binutils-revert-PLT-elision.patch @@ -0,0 +1,167 @@ +diff -rup binutils.orig/ld/testsuite/ld-i386/pltgot-1.d binutils-2.29.1/ld/testsuite/ld-i386/pltgot-1.d +--- binutils.orig/ld/testsuite/ld-i386/pltgot-1.d 2017-11-15 13:32:39.335065263 +0000 ++++ binutils-2.29.1/ld/testsuite/ld-i386/pltgot-1.d 2017-11-15 15:03:55.649727195 +0000 +@@ -2,6 +2,7 @@ + #readelf: -S --wide + #as: --32 + ++#pass + #... + +\[ *[0-9]+\] \.plt +PROGBITS +[0-9a-f]+ +[0-9a-f]+ +0+10 +.* + #... +diff -rup binutils.orig/ld/testsuite/ld-i386/pltgot-2.d binutils-2.29.1/ld/testsuite/ld-i386/pltgot-2.d +--- binutils.orig/ld/testsuite/ld-i386/pltgot-2.d 2017-11-15 13:32:39.329065335 +0000 ++++ binutils-2.29.1/ld/testsuite/ld-i386/pltgot-2.d 2017-11-15 15:04:20.803430034 +0000 +@@ -3,7 +3,6 @@ + #readelf: -d --wide + #as: --32 + +-#failif + #... + +0x[0-9a-f]+ +\(PLTREL.* + #... +diff -rup binutils.orig/ld/testsuite/ld-i386/pr19636-2d.d binutils-2.29.1/ld/testsuite/ld-i386/pr19636-2d.d +--- binutils.orig/ld/testsuite/ld-i386/pr19636-2d.d 2017-11-15 13:32:39.336065251 +0000 ++++ binutils-2.29.1/ld/testsuite/ld-i386/pr19636-2d.d 2017-11-15 15:03:00.413379749 +0000 +@@ -9,7 +9,7 @@ Relocation section '\.rel\.dyn' at offse + [0-9a-f]+ +[0-9a-f]+ +R_386_32 +0+ +func + [0-9a-f]+ +[0-9a-f]+ +R_386_PC32 +0+ +func + [0-9a-f]+ +[0-9a-f]+ +R_386_GLOB_DAT +0+ +func +- ++#... + Symbol table '\.dynsym' contains [0-9]+ entries: + +Num: +Value +Size Type +Bind +Vis +Ndx Name + #... +diff -rup binutils.orig/ld/testsuite/ld-i386/pr19636-2e.d binutils-2.29.1/ld/testsuite/ld-i386/pr19636-2e.d +--- binutils.orig/ld/testsuite/ld-i386/pr19636-2e.d 2017-11-15 13:32:39.330065323 +0000 ++++ binutils-2.29.1/ld/testsuite/ld-i386/pr19636-2e.d 2017-11-15 15:03:28.928042882 +0000 +@@ -9,7 +9,7 @@ Relocation section '\.rel\.dyn' at offse + [0-9a-f]+ +[0-9a-f]+ +R_386_32 +0+ +func + [0-9a-f]+ +[0-9a-f]+ +R_386_PC32 +0+ +func + [0-9a-f]+ +[0-9a-f]+ +R_386_GLOB_DAT +0+ +func +- ++#... + Symbol table '\.dynsym' contains [0-9]+ entries: + +Num: +Value +Size Type +Bind +Vis +Ndx Name + #... +diff -rup binutils.orig/ld/testsuite/ld-x86-64/pltgot-1.d binutils-2.29.1/ld/testsuite/ld-x86-64/pltgot-1.d +--- binutils.orig/ld/testsuite/ld-x86-64/pltgot-1.d 2017-11-15 13:32:39.415064300 +0000 ++++ binutils-2.29.1/ld/testsuite/ld-x86-64/pltgot-1.d 2017-11-15 15:08:39.333375801 +0000 +@@ -2,8 +2,4 @@ + #readelf: -S --wide + #as: --64 + +-#... +- +\[ *[0-9]+\] \.plt +PROGBITS +[0-9a-f]+ +[0-9a-f]+ +0+10 +.* +-#... +- +\[ *[0-9]+\] \.got\.plt +PROGBITS +[0-9a-f]+ +[0-9a-f]+ +0+18 +.* + #pass +diff -rup binutils.orig/ld/testsuite/ld-x86-64/pltgot-2.d binutils-2.29.1/ld/testsuite/ld-x86-64/pltgot-2.d +--- binutils.orig/ld/testsuite/ld-x86-64/pltgot-2.d 2017-11-15 13:32:39.404064432 +0000 ++++ binutils-2.29.1/ld/testsuite/ld-x86-64/pltgot-2.d 2017-11-15 15:08:59.031143095 +0000 +@@ -3,7 +3,6 @@ + #readelf: -d --wide + #as: --64 + +-#failif + #... + +0x[0-9a-f]+ +\(PLTREL.* + #... +diff -rup binutils.orig/ld/testsuite/ld-x86-64/plt-main.rd binutils-2.29.1/ld/testsuite/ld-x86-64/plt-main.rd +--- binutils.orig/ld/testsuite/ld-x86-64/plt-main.rd 2017-11-15 13:32:39.407064397 +0000 ++++ binutils-2.29.1/ld/testsuite/ld-x86-64/plt-main.rd 2017-11-15 15:06:17.244054423 +0000 +@@ -1,4 +1,3 @@ +-#failif + #... + [0-9a-f ]+R_X86_64_JUMP_SLOT +0+ +bar \+ 0 + #... +diff -rup binutils.orig/ld/testsuite/ld-x86-64/pr20830a.d binutils-2.29.1/ld/testsuite/ld-x86-64/pr20830a.d +--- binutils.orig/ld/testsuite/ld-x86-64/pr20830a.d 2017-11-15 13:32:39.412064336 +0000 ++++ binutils-2.29.1/ld/testsuite/ld-x86-64/pr20830a.d 2017-11-15 15:15:09.918750288 +0000 +@@ -20,6 +20,7 @@ Contents of the .eh_frame section: + DW_CFA_offset: r16 \(rip\) at cfa-8 + DW_CFA_nop + DW_CFA_nop ++#pass + + 0+18 0000000000000014 0000001c FDE cie=00000000 pc=00000000000001c8..00000000000001d4 + DW_CFA_nop +diff -rup binutils.orig/ld/testsuite/ld-x86-64/pr20830a-now.d binutils-2.29.1/ld/testsuite/ld-x86-64/pr20830a-now.d +--- binutils.orig/ld/testsuite/ld-x86-64/pr20830a-now.d 2017-11-15 13:32:39.413064324 +0000 ++++ binutils-2.29.1/ld/testsuite/ld-x86-64/pr20830a-now.d 2017-11-15 15:16:08.227055104 +0000 +@@ -20,6 +20,7 @@ Contents of the .eh_frame section: + DW_CFA_offset: r16 \(rip\) at cfa-8 + DW_CFA_nop + DW_CFA_nop ++#pass + + 0+18 0000000000000014 0000001c FDE cie=00000000 pc=00000000000001c8..00000000000001d4 + DW_CFA_nop +diff -rup binutils.orig/ld/testsuite/ld-x86-64/pr20830b.d binutils-2.29.1/ld/testsuite/ld-x86-64/pr20830b.d +--- binutils.orig/ld/testsuite/ld-x86-64/pr20830b.d 2017-11-15 13:32:39.413064324 +0000 ++++ binutils-2.29.1/ld/testsuite/ld-x86-64/pr20830b.d 2017-11-15 15:16:20.115913358 +0000 +@@ -20,7 +20,8 @@ Contents of the .eh_frame section: + DW_CFA_offset: r16 \(rip\) at cfa-8 + DW_CFA_nop + DW_CFA_nop +- ++#pass ++ + 0+18 0000000000000010 0000001c FDE cie=00000000 pc=0000000000000138..0000000000000144 + DW_CFA_nop + DW_CFA_nop +diff -rup binutils.orig/ld/testsuite/ld-x86-64/pr20830b-now.d binutils-2.29.1/ld/testsuite/ld-x86-64/pr20830b-now.d +--- binutils.orig/ld/testsuite/ld-x86-64/pr20830b-now.d 2017-11-15 13:32:39.411064348 +0000 ++++ binutils-2.29.1/ld/testsuite/ld-x86-64/pr20830b-now.d 2017-11-15 15:16:29.012807282 +0000 +@@ -20,7 +20,8 @@ Contents of the .eh_frame section: + DW_CFA_offset: r16 \(rip\) at cfa-8 + DW_CFA_nop + DW_CFA_nop +- ++#pass ++ + 0+18 0000000000000010 0000001c FDE cie=00000000 pc=0000000000000138..0000000000000144 + DW_CFA_nop + DW_CFA_nop +diff -rup binutils.orig/ld/testsuite/ld-x86-64/tlspic2.rd binutils-2.29.1/ld/testsuite/ld-x86-64/tlspic2.rd +--- binutils.orig/ld/testsuite/ld-x86-64/tlspic2.rd 2017-11-15 13:32:39.417064276 +0000 ++++ binutils-2.29.1/ld/testsuite/ld-x86-64/tlspic2.rd 2017-11-15 15:05:02.950932110 +0000 +@@ -14,6 +14,7 @@ Section Headers: + +\[[ 0-9]+\] .dynsym +.* + +\[[ 0-9]+\] .dynstr +.* + +\[[ 0-9]+\] .rela.dyn +.* ++#pass + +\[[ 0-9]+\] .plt +.* + +\[[ 0-9]+\] .plt.got +.* + +\[[ 0-9]+\] .text +PROGBITS +0+1000 0+1000 0+31a 00 +AX +0 +0 4096 +--- binutils.orig/bfd/elfxx-x86.c 2018-01-22 15:59:25.875788033 +0000 ++++ binutils-2.30.0/bfd/elfxx-x86.c 2018-01-22 16:00:20.789146597 +0000 +@@ -107,7 +107,7 @@ elf_x86_allocate_dynrelocs (struct elf_l + plt_entry_size = htab->plt.plt_entry_size; + + resolved_to_zero = UNDEFINED_WEAK_RESOLVED_TO_ZERO (info, eh); +- ++#if 0 + /* We can't use the GOT PLT if pointer equality is needed since + finish_dynamic_symbol won't clear symbol value and the dynamic + linker won't update the GOT slot. We will get into an infinite +@@ -125,7 +125,7 @@ elf_x86_allocate_dynrelocs (struct elf_l + /* Use the GOT PLT. */ + eh->plt_got.refcount = 1; + } +- ++#endif + /* Since STT_GNU_IFUNC symbol must go through PLT, we handle it + here if it is defined and referenced in a non-shared object. */ + if (h->type == STT_GNU_IFUNC +--- binutils.orig/ld/testsuite/ld-i386/pr20830.d 2018-07-09 09:49:51.277239857 +0100 ++++ binutils-2.30.90/ld/testsuite/ld-i386/pr20830.d 2018-07-09 10:32:41.113356733 +0100 +@@ -19,7 +19,7 @@ Contents of the .eh_frame section: + DW_CFA_offset: r8 \(eip\) at cfa-4 + DW_CFA_nop + DW_CFA_nop +- ++#pass + 0+18 00000010 0000001c FDE cie=00000000 pc=00000128..00000133 + DW_CFA_nop + DW_CFA_nop diff --git a/binutils-riscv-SUB_ULEB128.patch b/binutils-riscv-SUB_ULEB128.patch new file mode 100644 index 0000000..16480cf --- /dev/null +++ b/binutils-riscv-SUB_ULEB128.patch @@ -0,0 +1,239 @@ +diff -rupN binutils.orig/bfd/elfnn-riscv.c binutils-2.41/bfd/elfnn-riscv.c +--- binutils.orig/bfd/elfnn-riscv.c 2024-01-02 17:35:07.412218130 +0000 ++++ binutils-2.41/bfd/elfnn-riscv.c 2024-01-02 17:36:52.274311071 +0000 +@@ -1737,7 +1737,10 @@ perform_relocation (const reloc_howto_ty + { + if (howto->pc_relative) + value -= sec_addr (input_section) + rel->r_offset; +- value += rel->r_addend; ++ ++ /* PR31179, ignore the non-zero addend of R_RISCV_SUB_ULEB128. */ ++ if (ELFNN_R_TYPE (rel->r_info) != R_RISCV_SUB_ULEB128) ++ value += rel->r_addend; + + switch (ELFNN_R_TYPE (rel->r_info)) + { +@@ -1818,10 +1821,7 @@ perform_relocation (const reloc_howto_ty + value = ENCODE_CITYPE_LUI_IMM (RISCV_CONST_HIGH_PART (value)); + break; + +- /* SUB_ULEB128 must be applied after SET_ULEB128, so we only write the +- value back for SUB_ULEB128 should be enough. */ +- case R_RISCV_SET_ULEB128: +- break; ++ /* R_RISCV_SET_ULEB128 won't go into here. */ + case R_RISCV_SUB_ULEB128: + { + unsigned int len = 0; +@@ -2514,7 +2514,7 @@ riscv_elf_relocate_section (bfd *output_ + else + { + msg = ("Mismatched R_RISCV_SET_ULEB128, it must be paired with" +- "and applied before R_RISCV_SUB_ULEB128"); ++ " and applied before R_RISCV_SUB_ULEB128"); + r = bfd_reloc_dangerous; + } + break; +@@ -2523,14 +2523,40 @@ riscv_elf_relocate_section (bfd *output_ + if (uleb128_set_rel != NULL + && uleb128_set_rel->r_offset == rel->r_offset) + { +- relocation = uleb128_set_vma - relocation; ++ relocation = uleb128_set_vma - relocation ++ + uleb128_set_rel->r_addend; + uleb128_set_vma = 0; + uleb128_set_rel = NULL; ++ ++ /* PR31179, the addend of SUB_ULEB128 should be zero if using ++ .uleb128, but we make it non-zero by accident in assembler, ++ so just ignore it in perform_relocation, and make assembler ++ continue doing the right thing. Don't reset the addend of ++ SUB_ULEB128 to zero here since it will break the --emit-reloc, ++ even though the non-zero addend is unexpected. ++ ++ We encourage people to rebuild their stuff to get the ++ non-zero addend of SUB_ULEB128, but that might need some ++ times, so report warnings to inform people need to rebuild ++ if --check-uleb128 is enabled. However, since the failed ++ .reloc cases for ADD/SET/SUB/ULEB128 are rarely to use, it ++ may acceptable that stop supproting them until people rebuld ++ their stuff, maybe half-year or one year later. I believe ++ this might be the least harmful option that we should go. ++ ++ Or maybe we should teach people that don't write the ++ .reloc R_RISCV_SUB* with non-zero constant, and report ++ warnings/errors in assembler. */ ++ if (htab->params->check_uleb128 ++ && rel->r_addend != 0) ++ _bfd_error_handler (_("%pB: warning: R_RISCV_SUB_ULEB128 with" ++ " non-zero addend, please rebuild by" ++ " Fedora 40 binutils or up"), input_bfd); + } + else + { + msg = ("Mismatched R_RISCV_SUB_ULEB128, it must be paired with" +- "and applied after R_RISCV_SET_ULEB128"); ++ " and applied after R_RISCV_SET_ULEB128"); + r = bfd_reloc_dangerous; + } + break; +@@ -5123,7 +5149,13 @@ _bfd_riscv_relax_section (bfd *abfd, ase + if (h != NULL && h->type == STT_GNU_IFUNC) + continue; + ++ /* Maybe we should check UNDEFWEAK_NO_DYNAMIC_RELOC here? But that ++ will break the undefweak relaxation testcases, so just make sure ++ we won't do relaxations for linker_def symbols in short-term. */ + if (h->root.type == bfd_link_hash_undefweak ++ /* The linker_def symbol like __ehdr_start that may be undefweak ++ for now, but will be guaranteed to be defined later. */ ++ && !h->root.linker_def + && (relax_func == _bfd_riscv_relax_lui + || relax_func == _bfd_riscv_relax_pc)) + { +diff -rupN binutils.orig/bfd/elfxx-riscv.h binutils-2.41/bfd/elfxx-riscv.h +--- binutils.orig/bfd/elfxx-riscv.h 2024-01-02 17:35:07.412218130 +0000 ++++ binutils-2.41/bfd/elfxx-riscv.h 2024-01-02 17:35:24.252233056 +0000 +@@ -31,6 +31,8 @@ struct riscv_elf_params + { + /* Whether to relax code sequences to GP-relative addressing. */ + bool relax_gp; ++ /* Whether to check if SUB_ULEB128 relocation has non-zero addend. */ ++ bool check_uleb128; + }; + + extern void riscv_elf32_set_options (struct bfd_link_info *, +diff -rupN binutils.orig/ld/NEWS binutils-2.41/ld/NEWS +--- binutils.orig/ld/NEWS 2024-01-02 17:35:08.012218662 +0000 ++++ binutils-2.41/ld/NEWS 2024-01-02 17:35:56.139261318 +0000 +@@ -1,5 +1,10 @@ + -*- text -*- + ++* On RISC-V, add ld target option --[no-]check-uleb128. Should rebuild the ++ objects by binutils 2.42 and up if enabling the option and get warnings, ++ since the non-zero addend of SUB_ULEB128 shouldn't be generated from .uleb128 ++ directives. ++ + * Added --warn-execstack-objects to warn about executable stacks only when an + input object file requests one. Also added --error-execstack and + --error-rxw-segments options to convert warnings about executable stacks and +diff -rupN binutils.orig/ld/emultempl/riscvelf.em binutils-2.41/ld/emultempl/riscvelf.em +--- binutils.orig/ld/emultempl/riscvelf.em 2024-01-02 17:35:07.699218385 +0000 ++++ binutils-2.41/ld/emultempl/riscvelf.em 2024-01-02 17:35:24.252233056 +0000 +@@ -25,7 +25,8 @@ fragment <fr_fix, 0, + exp_dup, 0, BFD_RELOC_RISCV_SET_ULEB128); + exp_dup->X_add_symbol = exp->X_op_symbol; ++ exp_dup->X_add_number = 0; /* Set addend of SUB_ULEB128 to zero. */ + fix_new_exp (fragP, fragP->fr_fix, 0, + exp_dup, 0, BFD_RELOC_RISCV_SUB_ULEB128); + } diff --git a/binutils-special-sections-in-groups.patch b/binutils-special-sections-in-groups.patch new file mode 100644 index 0000000..7de5a93 --- /dev/null +++ b/binutils-special-sections-in-groups.patch @@ -0,0 +1,27 @@ +--- binutils.orig/bfd/elf.c 2018-10-19 11:42:10.107277490 +0100 ++++ binutils-2.31.1/bfd/elf.c 2018-10-19 11:44:33.607105801 +0100 +@@ -830,7 +830,13 @@ setup_group (bfd *abfd, Elf_Internal_Shd + } + } + +- if (elf_group_name (newsect) == NULL) ++ if (elf_group_name (newsect) == NULL ++ /* OS specific sections might be in a group (eg ARM's ARM_EXIDX section) ++ but they will not have been added to the group because they do not ++ have contents that the ELF code in the BFD library knows how to ++ process. This is OK though - we rely upon the target backends to ++ handle these sections for us. */ ++ && hdr->sh_type < SHT_LOOS) + { + /* xgettext:c-format */ + _bfd_error_handler (_("%pB: no group info for section '%pA'"), +@@ -936,7 +942,8 @@ _bfd_elf_setup_sections (bfd *abfd) + else if (idx->shdr->bfd_section) + elf_sec_group (idx->shdr->bfd_section) = shdr->bfd_section; + else if (idx->shdr->sh_type != SHT_RELA +- && idx->shdr->sh_type != SHT_REL) ++ && idx->shdr->sh_type != SHT_REL ++ && idx->shdr->sh_type < SHT_LOOS) + { + /* There are some unknown sections in the group. */ + _bfd_error_handler diff --git a/binutils.spec b/binutils.spec index fdec0af..e43a167 100644 --- a/binutils.spec +++ b/binutils.spec @@ -1,4 +1,4 @@ -%define anolis_release 6 +%define anolis_release 7 # Determine if this is a native build or a cross build. # # For a cross build add --define "binutils_target " to the command @@ -38,10 +38,12 @@ Summary: A GNU collection of binary utilities Name: binutils%{?name_cross}%{?_with_debug:-debug} -Version: 2.41 +Version: 2.41 Release: %{anolis_release}%{?dist} License: GPL-3.0-or-later AND (GPL-3.0-or-later WITH Bison-exception-2.2) AND (LGPL-2.0-or-later WITH GCC-exception-2.0) AND BSD-3-Clause AND GFDL-1.3-or-later AND GPL-2.0-or-later LGPL-2.1-or-later AND LGPL-2.0-or-later URL: https://sourceware.org/binutils +Source0: https://ftp.gnu.org/gnu/binutils/binutils-2.41.tar.xz +Source2: binutils-2.19.50.0.1-output-format.sed #---------------------------------------------------------------------------- @@ -178,8 +180,6 @@ URL: https://sourceware.org/binutils # too many controversial patches so we stick with the official FSF version # instead. -Source: https://ftp.gnu.org/gnu/binutils/binutils-%{version}.tar.xz -Source2: binutils-2.19.50.0.1-output-format.sed #---------------------------------------------------------------------------- @@ -496,6 +496,16 @@ Patch3129: Modify-test-because-of-readelf-not-update.patch Patch3130: remove-file-produced-by-bison.patch Patch3131: replace-space-with-tab.patch Patch3132: LoongArch-binutils-compatible-with-older-gcc.diff +Patch3133: binutils-special-sections-in-groups.patch +Patch3134: binutils-big-merge.patch +Patch3135: binutils-revert-PLT-elision.patch +Patch3136: binutils-gold-mismatched-section-flags.patch +Patch3137: binutils-2.27-aarch64-ifunc.patch +Patch3138: binutils-gold-empty-dwp.patch +Patch3139: binutils-handle-corrupt-version-info.patch +Patch3140: binutils-CVE-2025-5244.patch +Patch3141: binutils-aarch64-small-plt0.patch +Patch3142: binutils-riscv-SUB_ULEB128.patch #---------------------------------------------------------------------------- @@ -640,6 +650,18 @@ Summary: Next Generating code profiling tool Provides: gprofng = %{version}-%{release} Requires: binutils = %{version}-%{release} BuildRequires: bison +BuildRequires: automake +BuildRequires: sharutils, +BuildRequires: sed +BuildRequires: findutils +BuildRequires: perl +BuildRequires: zlib-devel +BuildRequires: libstdc++ +BuildRequires: bc, +BuildRequires: autoconf +BuildRequires: glibc-static, +BuildRequires: dejagnu, +BuildRequires: coreutils %description gprofng Gprofng is the GNU Next Generation profiler for analyzing the performance @@ -1131,6 +1153,14 @@ exit 0 %doc README ChangeLog MAINTAINERS README-maintainer-mode %changelog +* Tue Sep 02 2025 Wenyu Zifang - 2.41-7 +- Apply patch to prevent incorrect section merging and improve linker correctness and security. (PR31180) +- Apply patch to prevent incorrect section merging and improve linker correctness and security. (PR31180) +- Fix potential crash from NULL pointer dereference in ELF section handling. (PR31181) +- Fix incorrect ULEB128 relocations, ensure proper symbol difference encoding, and improve toolchain robustness. (PR31182) +- Prevents 32-bit overflow, improves portability and ensures correct hash table behavior. (PR31183) +- Fixes false error reporting for OS-specific sections in ELF groups. (PR31184) +- Improve test accuracy, ensure correct PLT/GOT behavior, and fix weak symbol handling. (PR31185) * Tue May 27 2025 mgb01105731 - 2.41-6 - Add patch to fix CVE-2024-53589 -- Gitee