From 6c12044e1645ea4caf0c5d0cc99d0861ef0dd592 Mon Sep 17 00:00:00 2001 From: fandeyuan Date: Fri, 10 Oct 2025 19:52:39 +0800 Subject: [PATCH] fix CVE-2025-11494 (cherry picked from commit f47af0eeae372daec7e5cfda74a7d6d91b918cfe) --- backport-CVE-2025-11494.patch | 48 +++++++++++++++++++++++++++++++++++ gdb.spec | 6 ++++- 2 files changed, 53 insertions(+), 1 deletion(-) create mode 100644 backport-CVE-2025-11494.patch diff --git a/backport-CVE-2025-11494.patch b/backport-CVE-2025-11494.patch new file mode 100644 index 0000000..56a299e --- /dev/null +++ b/backport-CVE-2025-11494.patch @@ -0,0 +1,48 @@ +From b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a Mon Sep 17 00:00:00 2001 +From: "H.J. Lu" +Date: Tue, 30 Sep 2025 08:13:56 +0800 +Subject: [PATCH] x86: Keep _GLOBAL_OFFSET_TABLE_ for .eh_frame + +Since x86 .eh_frame section may reference _GLOBAL_OFFSET_TABLE_, keep +_GLOBAL_OFFSET_TABLE_ if there is dynamic section and the output +.eh_frame section is non-empty. + + PR ld/33499 + * elfxx-x86.c (_bfd_x86_elf_late_size_sections): Keep + _GLOBAL_OFFSET_TABLE_ if there is dynamic section and the + output .eh_frame section is non-empty. + +Signed-off-by: H.J. Lu +--- + bfd/elfxx-x86.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/bfd/elfxx-x86.c b/bfd/elfxx-x86.c +index 58bd76d..1f56e37 100644 +--- a/bfd/elfxx-x86.c ++++ b/bfd/elfxx-x86.c +@@ -2432,6 +2432,8 @@ _bfd_x86_elf_size_dynamic_sections (bfd *output_bfd, + + if (htab->elf.sgotplt) + { ++ asection *eh_frame; ++ + /* Don't allocate .got.plt section if there are no GOT nor PLT + entries and there is no reference to _GLOBAL_OFFSET_TABLE_. */ + if ((htab->elf.hgot == NULL +@@ -2444,7 +2446,11 @@ _bfd_x86_elf_size_dynamic_sections (bfd *output_bfd, + && (htab->elf.iplt == NULL + || htab->elf.iplt->size == 0) + && (htab->elf.igotplt == NULL +- || htab->elf.igotplt->size == 0)) ++ || htab->elf.igotplt->size == 0) ++ && (!htab->elf.dynamic_sections_created ++ || (eh_frame = bfd_get_section_by_name (output_bfd, ++ ".eh_frame")) == NULL ++ || eh_frame->rawsize == 0)) + { + htab->elf.sgotplt->size = 0; + /* Solaris requires to keep _GLOBAL_OFFSET_TABLE_ even if it +-- +2.43.0 + diff --git a/gdb.spec b/gdb.spec index cd0c2b0..5e52680 100644 --- a/gdb.spec +++ b/gdb.spec @@ -1,6 +1,6 @@ Name: gdb Version: 14.1 -Release: 7 +Release: 8 License: GPLv3+ and GPLv3+ with exceptions and GPLv2+ and GPLv2+ with exceptions and GPL+ and LGPLv2+ and LGPLv3+ and BSD and Public Domain and GFDL-1.3 Source: https://ftp.gnu.org/gnu/gdb/gdb-%{version}.tar.xz @@ -61,6 +61,7 @@ Patch47: gdb-ftbs-swapped-calloc-args.patch Patch48: Fix-CVE-2025-7546.patch Patch49: gdb-rhbz2259850-list-period-crash-fix.patch Patch50: backport-CVE-2025-11082.patch +Patch51: backport-CVE-2025-11494.patch Patch9000: 0001-set-entry-point-when-text-segment-is-missing.patch @@ -338,6 +339,9 @@ rm -f $RPM_BUILD_ROOT%{_datadir}/gdb/python/gdb/command/backtrace.py %{_infodir}/ctf-spec.info* %changelog +* Fri Oct 10 2025 Deyuan Fan - 14.1-8 +- fix CVE-2025-11494 + * Thu Oct 09 2025 yujingbo - 14.1-7 - fix CVE-2025-11082 -- Gitee