From 6a9a239240d90be930eaf62d77bdfa9d154cc4ea Mon Sep 17 00:00:00 2001 From: zhangjian Date: Mon, 28 Jul 2025 07:13:00 +0000 Subject: [PATCH] fix cve-2025-7546 Signed-off-by: zhangjian --- backport-CVE-2025-7546.patch | 53 ++++++++++++++++++++++++++++++++++++ binutils.spec | 7 ++++- 2 files changed, 59 insertions(+), 1 deletion(-) create mode 100644 backport-CVE-2025-7546.patch diff --git a/backport-CVE-2025-7546.patch b/backport-CVE-2025-7546.patch new file mode 100644 index 0000000..2402f5d --- /dev/null +++ b/backport-CVE-2025-7546.patch @@ -0,0 +1,53 @@ +From 41461010eb7c79fee7a9d5f6209accdaac66cc6b Mon Sep 17 00:00:00 2001 +From: "H.J. Lu" +Date: Sat, 21 Jun 2025 06:52:00 +0800 +Subject: [PATCH 1/1] elf: Report corrupted group section + +Report corrupted group section instead of trying to recover. + + PR binutils/33050 + * elf.c (bfd_elf_set_group_contents): Report corrupted group + section. + +Signed-off-by: H.J. Lu +--- + bfd/elf.c | 23 ++++++++++------------- + 1 file changed, 10 insertions(+), 13 deletions(-) + +diff --git a/bfd/elf.c b/bfd/elf.c +index 14ce15c7254..ee894eb05f2 100644 +--- a/bfd/elf.c ++++ b/bfd/elf.c +@@ -3971,20 +3971,17 @@ bfd_elf_set_group_contents (bfd *abfd, asection *sec, void *failedptrarg) + break; + } + +- /* We should always get here with loc == sec->contents + 4, but it is +- possible to craft bogus SHT_GROUP sections that will cause segfaults +- in objcopy without checking loc here and in the loop above. */ +- if (loc == sec->contents) +- BFD_ASSERT (0); +- else ++ /* We should always get here with loc == sec->contents + 4. Return ++ an error for bogus SHT_GROUP sections. */ ++ loc -= 4; ++ if (loc != sec->contents) + { +- loc -= 4; +- if (loc != sec->contents) +- { +- BFD_ASSERT (0); +- memset (sec->contents + 4, 0, loc - sec->contents); +- loc = sec->contents; +- } ++ /* xgettext:c-format */ ++ _bfd_error_handler (_("%pB: corrupted group section: `%pA'"), ++ abfd, sec); ++ bfd_set_error (bfd_error_bad_value); ++ *failedptr = true; ++ return; + } + + H_PUT_32 (abfd, sec->flags & SEC_LINK_ONCE ? GRP_COMDAT : 0, loc); +-- +2.43.7 diff --git a/binutils.spec b/binutils.spec index ce1b7f4..f4ae3dc 100644 --- a/binutils.spec +++ b/binutils.spec @@ -2,7 +2,7 @@ Summary: A GNU collection of binary utilities Name: binutils%{?_with_debug:-debug} Version: 2.41 -Release: 17 +Release: 18 License: GPL-3.0-or-later AND (GPL-3.0-or-later WITH Bison-exception-2.2) AND (LGPL-2.0-or-later WITH GCC-exception-2.0) AND BSD-3-Clause AND GFDL-1.3-or-later AND GPL-2.0-or-later AND LGPL-2.1-or-later AND LGPL-2.0-or-later URL: https://sourceware.org/binutils @@ -375,6 +375,8 @@ Patch5012: backport-CVE-2025-3198.patch Patch6001: aarch64-add-l4-instruction.patch +Patch6002: backport-CVE-2025-7546.patch + Provides: bundled(libiberty) %if %{with debug} @@ -1387,6 +1389,9 @@ exit 0 #---------------------------------------------------------------------------- %changelog +* Mon Jul 28 2025 zhangjian - 2.41-18 +- fix cve-2025-7546 + * Wed Jul 23 2025 swcompiler - 2.41-17 - Add support for Sw64 EFI (efi-*-sw_64). -- Gitee