diff --git a/0041-fix-CVE-2025-3198.patch b/0041-fix-CVE-2025-3198.patch new file mode 100644 index 0000000000000000000000000000000000000000..2484de565a5a04212afa6ba0ec918b6fa2dfc3cf --- /dev/null +++ b/0041-fix-CVE-2025-3198.patch @@ -0,0 +1,27 @@ +From ba6ad3a18cb26b79e0e3b84c39f707535bbc344d Mon Sep 17 00:00:00 2001 +From: Alan Modra +Date: Wed, 19 Feb 2025 07:58:54 +1030 +Subject: [PATCH] PR32716, objdump -i memory leak + + PR binutils/32716 + * bucomm.c (display_info): Free arg.info. +--- + binutils/bucomm.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/binutils/bucomm.c b/binutils/bucomm.c +index ccf54099154..d4554737db1 100644 +--- a/binutils/bucomm.c ++++ b/binutils/bucomm.c +@@ -435,6 +435,7 @@ display_info (void) + if (!arg.error) + display_target_tables (&arg); + ++ free (arg.info); + return arg.error; + } + +-- +2.43.5 + + diff --git a/binutils.spec b/binutils.spec index fdec0af7284c544a142c64df79a09df3606b1ada..0d155702ddcf6d747f03ac30e0d37d0f916e9d8b 100644 --- a/binutils.spec +++ b/binutils.spec @@ -1,4 +1,4 @@ -%define anolis_release 6 +%define anolis_release 7 # Determine if this is a native build or a cross build. # # For a cross build add --define "binutils_target " to the command @@ -356,6 +356,9 @@ Patch0039: 0039-binutils-multilib.am.patch # https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e0323071916878e0634a6e24d8250e4faff67e88 Patch0040: 0040-fix-CVE-2024-53589.patch +# https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ba6ad3a18cb26b79e0e3b84c39f707535bbc344d +Patch0041: 0041-fix-CVE-2025-3198.patch + # Purpose: Suppress the x86 linker's p_align-1 tests due to kernel bug on CentOS-10 # Lifetime: TEMPORARY Patch0099: 0099-binutils-suppress-ld-align-tests.patch @@ -1131,6 +1134,9 @@ exit 0 %doc README ChangeLog MAINTAINERS README-maintainer-mode %changelog +* Fri Jul 18 2025 wenxin - 2.41-7 +- Add patch to fix CVE-2025-3198 + * Tue May 27 2025 mgb01105731 - 2.41-6 - Add patch to fix CVE-2024-53589