From 3aac35cb95615f1f2a78b67855024bd755611a0a Mon Sep 17 00:00:00 2001
From: fandeyuan <fandeyuan@kylinos.cn>
Date: Fri, 10 Oct 2025 20:43:33 +0800
Subject: [PATCH] fix CVE-2025-11494

(cherry picked from commit 9ae61d9fa776aa544cdf1a180076bdabd1463684)
---
 backport-CVE-2025-11494.patch | 48 +++++++++++++++++++++++++++++++++++
 gdb.spec                      |  6 ++++-
 2 files changed, 53 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2025-11494.patch

diff --git a/backport-CVE-2025-11494.patch b/backport-CVE-2025-11494.patch
new file mode 100644
index 00000000..04168d76
--- /dev/null
+++ b/backport-CVE-2025-11494.patch
@@ -0,0 +1,48 @@
+From b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a Mon Sep 17 00:00:00 2001
+From: "H.J. Lu" <hjl.tools@gmail.com>
+Date: Tue, 30 Sep 2025 08:13:56 +0800
+Subject: [PATCH] x86: Keep _GLOBAL_OFFSET_TABLE_ for .eh_frame
+
+Since x86 .eh_frame section may reference _GLOBAL_OFFSET_TABLE_, keep
+_GLOBAL_OFFSET_TABLE_ if there is dynamic section and the output
+.eh_frame section is non-empty.
+
+	PR ld/33499
+	* elfxx-x86.c (_bfd_x86_elf_late_size_sections): Keep
+	_GLOBAL_OFFSET_TABLE_ if there is dynamic section and the
+	output .eh_frame section is non-empty.
+
+Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
+---
+ bfd/elfxx-x86.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/bfd/elfxx-x86.c b/bfd/elfxx-x86.c
+index 088f6e5..5f69686 100644
+--- a/bfd/elfxx-x86.c
++++ b/bfd/elfxx-x86.c
+@@ -1182,6 +1182,8 @@ _bfd_x86_elf_size_dynamic_sections (bfd *output_bfd,
+ 
+   if (htab->elf.sgotplt)
+     {
++      asection *eh_frame;
++
+       /* Don't allocate .got.plt section if there are no GOT nor PLT
+ 	 entries and there is no reference to _GLOBAL_OFFSET_TABLE_.  */
+       if ((htab->elf.hgot == NULL
+@@ -1194,7 +1196,11 @@ _bfd_x86_elf_size_dynamic_sections (bfd *output_bfd,
+ 	  && (htab->elf.iplt == NULL
+ 	      || htab->elf.iplt->size == 0)
+ 	  && (htab->elf.igotplt == NULL
+-	      || htab->elf.igotplt->size == 0))
++	      || htab->elf.igotplt->size == 0)
++	  && (!htab->elf.dynamic_sections_created
++	      || (eh_frame = bfd_get_section_by_name (output_bfd,
++						      ".eh_frame")) == NULL
++	      || eh_frame->rawsize == 0))
+ 	{
+ 	  htab->elf.sgotplt->size = 0;
+ 	  /* Solaris requires to keep _GLOBAL_OFFSET_TABLE_ even if it
+-- 
+2.43.0
+
diff --git a/gdb.spec b/gdb.spec
index e5f11af6..716d694c 100644
--- a/gdb.spec
+++ b/gdb.spec
@@ -1,6 +1,6 @@
 Name: gdb
 Version: 11.1
-Release: 11
+Release: 12
 
 License: GPLv3+ and GPLv3+ with exceptions and GPLv2+ and GPLv2+ with exceptions and GPL+ and LGPLv2+ and LGPLv3+ and BSD and Public Domain and GFDL-1.3
 Source: ftp://sourceware.org/pub/gdb/releases/gdb-%{version}.tar.xz
@@ -108,6 +108,7 @@ Patch89: backport-CVE-2023-39129.patch
 Patch90: backport-CVE-2023-39130.patch
 Patch91: backport-CVE-2022-48064.patch
 Patch92: backport-CVE-2025-11082.patch
+Patch93: backport-CVE-2025-11494.patch
 
 %global gdb_src gdb-%{version}
 %global gdb_build build-%{_target_platform}
@@ -384,6 +385,9 @@ rm -f $RPM_BUILD_ROOT%{_datadir}/gdb/python/gdb/command/backtrace.py
 %{_infodir}/gdb.info*
 
 %changelog
+* Fri Oct 10 2025 Deyuan Fan <fandeyuan@kylinos.cn> - 11.1-12
+- fix CVE-2025-11494
+
 * Thu Oct 09 2025 yujingbo <yujingbo@kylinos.cn> - 11.1-11
 - fix CVE-2025-11082
 
-- 
Gitee