diff --git a/backport-CVE-2025-7545.patch b/backport-CVE-2025-7545.patch new file mode 100644 index 0000000000000000000000000000000000000000..643c8675824a94eb72c36fc05c42a20702e96a18 --- /dev/null +++ b/backport-CVE-2025-7545.patch @@ -0,0 +1,44 @@ +From 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944 Mon Sep 17 00:00:00 2001 +From: "H.J. Lu" +Date: Sat, 21 Jun 2025 06:36:56 +0800 +Subject: [PATCH] objcopy: Don't extend the output section size + +Since the output section contents are copied from the input, don't +extend the output section size beyond the input section size. + + PR binutils/33049 + * objcopy.c (copy_section): Don't extend the output section + size beyond the input section size. + +Signed-off-by: H.J. Lu +--- + binutils/objcopy.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/binutils/objcopy.c b/binutils/objcopy.c +index 366e1079d82..2e98ba44c01 100644 +--- a/binutils/objcopy.c ++++ b/binutils/objcopy.c +@@ -4650,6 +4650,7 @@ copy_section (bfd *ibfd, sec_ptr isection, bfd *obfd) + char *to = (char *) memhunk; + char *end = (char *) memhunk + size; + int i; ++ bfd_size_type memhunk_size = size; + + /* If the section address is not exactly divisible by the interleave, + then we must bias the from address. If the copy_byte is less than +@@ -4669,6 +4670,11 @@ copy_section (bfd *ibfd, sec_ptr isection, bfd *obfd) + } + + size = (size + interleave - 1 - copy_byte) / interleave * copy_width; ++ ++ /* Don't extend the output section size. */ ++ if (size > memhunk_size) ++ size = memhunk_size; ++ + osection->lma /= interleave; + if (copy_byte < extra) + osection->lma++; +-- +2.20.1 + diff --git a/binutils.spec b/binutils.spec index e73e030469e22b82a8e7ef580376dd2adaaf1e9a..0d34413ced4bf07a16a2c5bc1e6c22fba18d4c28 100644 --- a/binutils.spec +++ b/binutils.spec @@ -2,7 +2,7 @@ Summary: A GNU collection of binary utilities Name: binutils%{?_with_debug:-debug} Version: 2.41 -Release: 20 +Release: 21 License: GPL-3.0-or-later AND (GPL-3.0-or-later WITH Bison-exception-2.2) AND (LGPL-2.0-or-later WITH GCC-exception-2.0) AND BSD-3-Clause AND GFDL-1.3-or-later AND GPL-2.0-or-later AND LGPL-2.1-or-later AND LGPL-2.0-or-later URL: https://sourceware.org/binutils @@ -400,7 +400,7 @@ Patch6006: backport-libctf-fix-ref-leak-of-names-of-newly-inserted-non-r.patch Patch6007: backport-x86-64-fix-suffix-less-PUSH-of-symbol-address.patch Patch6008: backport-x86-Check-MODRM-for-call-and-jmp-in-binutils-older-t.patch Patch6009: backport-x86-restrict-prefix-use-with-.insn-VEX-XOP-EVEX.patch - +Patch6010: backport-CVE-2025-7545.patch Provides: bundled(libiberty) @@ -1416,6 +1416,9 @@ exit 0 #---------------------------------------------------------------------------- %changelog +* Tue Aug 19 2025 Yu Peng - 2.41-21 +- Fix CVE-2025-7545: objcopy: Don't extend the output section size + * Fri Jul 11 2025 huyubiao - 2.41-20 - Fix leaks and instruction-related issues in aarch64 and x86. - Add backport-bfd-aarch64-Avoid-BTI-stub-for-a-PLT-that-has-BTI.patch