binutils: Fix CVE-2025-1178

Prevent an abort in the bfd linker when attempting to generate dynamic relocs for a corrupt input file. PR 32638 Backport a patch from upstream to fix CVE-2025-1178 Upstream-Status: Backport from [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=75086e9de1707281172cc77f178e7949a4414ed0] (From OE-Core rev: e820e5364c4b3ec52796a77842b480fea8bc7967) Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com> 2025-04-28 02:41:11 -0700
committer: Steve Sakoman <steve@sakoman.com> 2025-05-02 08:12:41 -0700
commit: 520ba611e6b5bfb592d2e57032493ac9dd57ccaf (patch)
tree: f58013890a3c8643111a102605a516233de711ba /meta
parent: 04861f8c29dba7bbe9986c543ff31f22165f67f4 (diff)
download: poky-520ba611e6b5bfb592d2e57032493ac9dd57ccaf.tar.gz
2 files changed, 34 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc b/meta/recipes-devtools/binutils/binutils-2.38.inc
index 26d0b570f3..82dd5c9eb6 100644
--- a/meta/recipes-devtools/binutils/binutils-2.38.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.38.inc
@@ -73,5 +73,6 @@ SRC_URI = "\
     file://0036-CVE-2023-39130.patch \
     file://0037-CVE-2024-53589.patch \
     file://0038-CVE-2025-0840.patch \
+     file://0039-CVE-2025-1178.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/0039-CVE-2025-1178.patch b/meta/recipes-devtools/binutils/binutils/0039-CVE-2025-1178.patch
new file mode 100644
index 0000000000..9d2054abab
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0039-CVE-2025-1178.patch
@@ -0,0 +1,33 @@
+From 75086e9de1707281172cc77f178e7949a4414ed0 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Wed, 5 Feb 2025 13:26:51 +0000
+Subject: [PATCH] Prevent an abort in the bfd linker when attempting to
+ generate dynamic relocs for a corrupt input file.
+PR 32638
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=75086e9de1707281172cc77f178e7949a4414ed0]
+CVE: CVE-2025-1178
+Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
+diff --git a/bfd/elf64-x86-64.c b/bfd/elf64-x86-64.c
+index 970379de..cbd16abc 100644
+--- a/bfd/elf64-x86-64.c
+++ b/bfd/elf64-x86-64.c
+@@ -4575,6 +4575,15 @@ elf_x86_64_finish_dynamic_symbol (bfd *output_bfd,
+ 
+       if (generate_dynamic_reloc)
+        {
+         /* If the relgot section has not been created, then
+            generate an error instead of a reloc.  cf PR 32638.  */
+         if (relgot == NULL || relgot->size == 0)
+           {
+             info->callbacks->einfo (_("%F%pB: Unable to generate dynamic relocs because a suitable section does not exist\n"),
+                                       output_bfd);
+             return false;
+           }
+         
+          if (relative_reloc_name != NULL
+              && htab->params->report_relative_reloc)
+            _bfd_x86_elf_link_report_relative_reloc
author	Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>	2025-04-28 02:41:11 -0700
committer	Steve Sakoman <steve@sakoman.com>	2025-05-02 08:12:41 -0700
commit	520ba611e6b5bfb592d2e57032493ac9dd57ccaf (patch)
tree	f58013890a3c8643111a102605a516233de711ba /meta
parent	04861f8c29dba7bbe9986c543ff31f22165f67f4 (diff)
download	poky-520ba611e6b5bfb592d2e57032493ac9dd57ccaf.tar.gz

diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc b/meta/recipes-devtools/binutils/binutils-2.38.inc index 26d0b570f3..82dd5c9eb6 100644 --- a/meta/recipes-devtools/binutils/binutils-2.38.inc +++ b/meta/recipes-devtools/binutils/binutils-2.38.inc
@@ -73,5 +73,6 @@ SRC_URI = "\
73	file://0036-CVE-2023-39130.patch \	73	file://0036-CVE-2023-39130.patch \
74	file://0037-CVE-2024-53589.patch \	74	file://0037-CVE-2024-53589.patch \
75	file://0038-CVE-2025-0840.patch \	75	file://0038-CVE-2025-0840.patch \
		76	file://0039-CVE-2025-1178.patch \
76	"	77	"
77	S = "${WORKDIR}/git"	78	S = "${WORKDIR}/git"


diff --git a/meta/recipes-devtools/binutils/binutils/0039-CVE-2025-1178.patch b/meta/recipes-devtools/binutils/binutils/0039-CVE-2025-1178.patch new file mode 100644 index 0000000000..9d2054abab --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/0039-CVE-2025-1178.patch
@@ -0,0 +1,33 @@
		1	From 75086e9de1707281172cc77f178e7949a4414ed0 Mon Sep 17 00:00:00 2001
		2	From: Nick Clifton <nickc@redhat.com>
		3	Date: Wed, 5 Feb 2025 13:26:51 +0000
		4	Subject: [PATCH] Prevent an abort in the bfd linker when attempting to
		5	generate dynamic relocs for a corrupt input file.
		6
		7	PR 32638
		8
		9	Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=75086e9de1707281172cc77f178e7949a4414ed0]
		10	CVE: CVE-2025-1178
		11
		12	Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
		13
		14	diff --git a/bfd/elf64-x86-64.c b/bfd/elf64-x86-64.c
		15	index 970379de..cbd16abc 100644
		16	--- a/bfd/elf64-x86-64.c
		17	+++ b/bfd/elf64-x86-64.c
		18	@@ -4575,6 +4575,15 @@ elf_x86_64_finish_dynamic_symbol (bfd *output_bfd,
		19
		20	if (generate_dynamic_reloc)
		21	{
		22	+ /* If the relgot section has not been created, then
		23	+ generate an error instead of a reloc. cf PR 32638. */
		24	+ if (relgot == NULL \|\| relgot->size == 0)
		25	+ {
		26	+ info->callbacks->einfo (_("%F%pB: Unable to generate dynamic relocs because a suitable section does not exist\n"),
		27	+ output_bfd);
		28	+ return false;
		29	+ }
		30	+
		31	if (relative_reloc_name != NULL
		32	&& htab->params->report_relative_reloc)
		33	_bfd_x86_elf_link_report_relative_reloc