summaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/binutils
diff options
context:
space:
mode:
authorDeepesh Varatharajan <Deepesh.Varatharajan@windriver.com>2025-12-16 02:02:47 -0800
committerSteve Sakoman <steve@sakoman.com>2025-12-31 07:24:53 -0800
commit0183740845d9142fda9769e3d8cbb3b4e0c3a079 (patch)
tree6602368c82741502b555f7c34c18370d28e299b2 /meta/recipes-devtools/binutils
parent2c05660b21c7cc1082aeac8b75d8a2d82e249f63 (diff)
downloadpoky-0183740845d9142fda9769e3d8cbb3b4e0c3a079.tar.gz
binutils: Fix CVE-2025-11494
Since x86 .eh_frame section may reference _GLOBAL_OFFSET_TABLE_, keep _GLOBAL_OFFSET_TABLE_ if there is dynamic section and the output .eh_frame section is non-empty. Backport a patch from upstream to fix CVE-2025-11494 Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a] (From OE-Core rev: aa67c21a07dc180a0582be46e239dafd40017ba0) Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta/recipes-devtools/binutils')
-rw-r--r--meta/recipes-devtools/binutils/binutils-2.38.inc1
-rw-r--r--meta/recipes-devtools/binutils/binutils/0048-CVE-2025-11494.patch43
2 files changed, 44 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc b/meta/recipes-devtools/binutils/binutils-2.38.inc
index d5ad3c0ecb..2fe4a17e0d 100644
--- a/meta/recipes-devtools/binutils/binutils-2.38.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.38.inc
@@ -86,5 +86,6 @@ SRC_URI = "\
86 file://0047-CVE-2025-8225.patch \ 86 file://0047-CVE-2025-8225.patch \
87 file://CVE-2025-11412.patch \ 87 file://CVE-2025-11412.patch \
88 file://CVE-2025-11413.patch \ 88 file://CVE-2025-11413.patch \
89 file://0048-CVE-2025-11494.patch \
89" 90"
90S = "${WORKDIR}/git" 91S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/0048-CVE-2025-11494.patch b/meta/recipes-devtools/binutils/binutils/0048-CVE-2025-11494.patch
new file mode 100644
index 0000000000..dc4b413658
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0048-CVE-2025-11494.patch
@@ -0,0 +1,43 @@
1From: "H.J. Lu" <hjl.tools@gmail.com>
2Date: Tue, 30 Sep 2025 08:13:56 +0800
3
4Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a]
5CVE: CVE-2025-11494
6
7Since x86 .eh_frame section may reference _GLOBAL_OFFSET_TABLE_, keep
8_GLOBAL_OFFSET_TABLE_ if there is dynamic section and the output
9.eh_frame section is non-empty.
10
11 PR ld/33499
12 * elfxx-x86.c (_bfd_x86_elf_late_size_sections): Keep
13 _GLOBAL_OFFSET_TABLE_ if there is dynamic section and the
14 output .eh_frame section is non-empty.
15
16Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
17
18diff --git a/bfd/elfxx-x86.c b/bfd/elfxx-x86.c
19index c054f7cd..ddc15945 100644
20--- a/bfd/elfxx-x86.c
21+++ b/bfd/elfxx-x86.c
22@@ -2447,6 +2447,8 @@ _bfd_x86_elf_late_size_sections (bfd *output_bfd,
23
24 if (htab->elf.sgotplt)
25 {
26+ asection *eh_frame;
27+
28 /* Don't allocate .got.plt section if there are no GOT nor PLT
29 entries and there is no reference to _GLOBAL_OFFSET_TABLE_. */
30 if ((htab->elf.hgot == NULL
31@@ -2459,7 +2461,11 @@ _bfd_x86_elf_late_size_sections (bfd *output_bfd,
32 && (htab->elf.iplt == NULL
33 || htab->elf.iplt->size == 0)
34 && (htab->elf.igotplt == NULL
35- || htab->elf.igotplt->size == 0))
36+ || htab->elf.igotplt->size == 0)
37+ && (!htab->elf.dynamic_sections_created
38+ || (eh_frame = bfd_get_section_by_name (output_bfd,
39+ ".eh_frame")) == NULL
40+ || eh_frame->rawsize == 0))
41 {
42 htab->elf.sgotplt->size = 0;
43 /* Solaris requires to keep _GLOBAL_OFFSET_TABLE_ even if it