binutils: Fix CVE-2025-1178

Prevent an abort in the bfd linker when attempting to generate dynamic relocs for a corrupt input file. PR 32638 Backport a patch from upstream to fix CVE-2025-1178 Upstream-Status: Backport from [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=75086e9de1707281172cc77f178e7949a4414ed0] (From OE-Core rev: f58f174daa7e30baa18abe4db9eda9c1b1c425cc) Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com> 2025-05-20 22:36:23 -0700
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2025-05-22 14:36:49 +0100
commit: 9786fca4f6383ce89f8652353c116730f02d7043 (patch)
tree: 454d72154c0e309f6d30f3d08213f3355509454a /meta
parent: 32b3f35bf68baf5c603e38e8b18b902a1af281df (diff)
download: poky-9786fca4f6383ce89f8652353c116730f02d7043.tar.gz
2 files changed, 34 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.44.inc b/meta/recipes-devtools/binutils/binutils-2.44.inc
index 6bc65a0fea..1c988bafd4 100644
--- a/meta/recipes-devtools/binutils/binutils-2.44.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.44.inc
@@ -35,5 +35,6 @@ SRC_URI = "\
     file://0012-Only-generate-an-RPATH-entry-if-LD_RUN_PATH-is-not-e.patch \
     file://0013-Define-alignof-using-_Alignof-when-using-C11-or-newe.patch \
     file://0014-Remove-duplicate-pe-dll.o-entry-deom-targ_extra_ofil.patch \
+     file://0015-CVE-2025-1178.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/0015-CVE-2025-1178.patch b/meta/recipes-devtools/binutils/binutils/0015-CVE-2025-1178.patch
new file mode 100644
index 0000000000..c39f43fba4
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0015-CVE-2025-1178.patch
@@ -0,0 +1,33 @@
+From 75086e9de1707281172cc77f178e7949a4414ed0 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Wed, 5 Feb 2025 13:26:51 +0000
+Subject: [PATCH] Prevent an abort in the bfd linker when attempting to
+ generate dynamic relocs for a corrupt input file.
+PR 32638
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=75086e9de1707281172cc77f178e7949a4414ed0]
+CVE: CVE-2025-1178
+Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
+diff --git a/bfd/elf64-x86-64.c b/bfd/elf64-x86-64.c
+index cb32732e..a08e9c97 100644
+--- a/bfd/elf64-x86-64.c
+++ b/bfd/elf64-x86-64.c
+@@ -5031,6 +5031,15 @@ elf_x86_64_finish_dynamic_symbol (bfd *output_bfd,
+ 
+       if (generate_dynamic_reloc)
+        {
+         /* If the relgot section has not been created, then
+            generate an error instead of a reloc.  cf PR 32638.  */
+         if (relgot == NULL || relgot->size == 0)
+           {
+             info->callbacks->einfo (_("%F%pB: Unable to generate dynamic relocs because a suitable section does not exist\n"),
+                                       output_bfd);
+             return false;
+           }
+         
+          if (relative_reloc_name != NULL
+              && htab->params->report_relative_reloc)
+            _bfd_x86_elf_link_report_relative_reloc
author	Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>	2025-05-20 22:36:23 -0700
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2025-05-22 14:36:49 +0100
commit	9786fca4f6383ce89f8652353c116730f02d7043 (patch)
tree	454d72154c0e309f6d30f3d08213f3355509454a /meta
parent	32b3f35bf68baf5c603e38e8b18b902a1af281df (diff)
download	poky-9786fca4f6383ce89f8652353c116730f02d7043.tar.gz

diff --git a/meta/recipes-devtools/binutils/binutils-2.44.inc b/meta/recipes-devtools/binutils/binutils-2.44.inc index 6bc65a0fea..1c988bafd4 100644 --- a/meta/recipes-devtools/binutils/binutils-2.44.inc +++ b/meta/recipes-devtools/binutils/binutils-2.44.inc
@@ -35,5 +35,6 @@ SRC_URI = "\
35	file://0012-Only-generate-an-RPATH-entry-if-LD_RUN_PATH-is-not-e.patch \	35	file://0012-Only-generate-an-RPATH-entry-if-LD_RUN_PATH-is-not-e.patch \
36	file://0013-Define-alignof-using-_Alignof-when-using-C11-or-newe.patch \	36	file://0013-Define-alignof-using-_Alignof-when-using-C11-or-newe.patch \
37	file://0014-Remove-duplicate-pe-dll.o-entry-deom-targ_extra_ofil.patch \	37	file://0014-Remove-duplicate-pe-dll.o-entry-deom-targ_extra_ofil.patch \
		38	file://0015-CVE-2025-1178.patch \
38	"	39	"
39	S = "${WORKDIR}/git"	40	S = "${WORKDIR}/git"


diff --git a/meta/recipes-devtools/binutils/binutils/0015-CVE-2025-1178.patch b/meta/recipes-devtools/binutils/binutils/0015-CVE-2025-1178.patch new file mode 100644 index 0000000000..c39f43fba4 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/0015-CVE-2025-1178.patch
@@ -0,0 +1,33 @@
		1	From 75086e9de1707281172cc77f178e7949a4414ed0 Mon Sep 17 00:00:00 2001
		2	From: Nick Clifton <nickc@redhat.com>
		3	Date: Wed, 5 Feb 2025 13:26:51 +0000
		4	Subject: [PATCH] Prevent an abort in the bfd linker when attempting to
		5	generate dynamic relocs for a corrupt input file.
		6
		7	PR 32638
		8
		9	Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=75086e9de1707281172cc77f178e7949a4414ed0]
		10	CVE: CVE-2025-1178
		11
		12	Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
		13
		14	diff --git a/bfd/elf64-x86-64.c b/bfd/elf64-x86-64.c
		15	index cb32732e..a08e9c97 100644
		16	--- a/bfd/elf64-x86-64.c
		17	+++ b/bfd/elf64-x86-64.c
		18	@@ -5031,6 +5031,15 @@ elf_x86_64_finish_dynamic_symbol (bfd *output_bfd,
		19
		20	if (generate_dynamic_reloc)
		21	{
		22	+ /* If the relgot section has not been created, then
		23	+ generate an error instead of a reloc. cf PR 32638. */
		24	+ if (relgot == NULL \|\| relgot->size == 0)
		25	+ {
		26	+ info->callbacks->einfo (_("%F%pB: Unable to generate dynamic relocs because a suitable section does not exist\n"),
		27	+ output_bfd);
		28	+ return false;
		29	+ }
		30	+
		31	if (relative_reloc_name != NULL
		32	&& htab->params->report_relative_reloc)
		33	_bfd_x86_elf_link_report_relative_reloc