diff --git a/backport-CVE-2025-7545.patch b/backport-CVE-2025-7545.patch new file mode 100644 index 0000000000000000000000000000000000000000..aff415803fc8225ee3d62defe00c8b1ca8acd50a --- /dev/null +++ b/backport-CVE-2025-7545.patch @@ -0,0 +1,44 @@ +From 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944 Mon Sep 17 00:00:00 2001 +From: "H.J. Lu" +Date: Sat, 21 Jun 2025 06:36:56 +0800 +Subject: [PATCH] objcopy: Don't extend the output section size + +Since the output section contents are copied from the input, don't +extend the output section size beyond the input section size. + + PR binutils/33049 + * objcopy.c (copy_section): Don't extend the output section + size beyond the input section size. + +Signed-off-by: H.J. Lu +--- + binutils/objcopy.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/binutils/objcopy.c b/binutils/objcopy.c +index 366e1079d82..2e98ba44c01 100644 +--- a/binutils/objcopy.c ++++ b/binutils/objcopy.c +@@ -4514,6 +4514,7 @@ copy_section (bfd *ibfd, sec_ptr isection, void *obfdarg) + char *to = (char *) memhunk; + char *end = (char *) memhunk + size; + int i; ++ bfd_size_type memhunk_size = size; + + /* If the section address is not exactly divisible by the interleave, + then we must bias the from address. If the copy_byte is less than +@@ -4533,6 +4534,11 @@ copy_section (bfd *ibfd, sec_ptr isection, void *obfdarg) + } + + size = (size + interleave - 1 - copy_byte) / interleave * copy_width; ++ ++ /* Don't extend the output section size. */ ++ if (size > memhunk_size) ++ size = memhunk_size; ++ + osection->lma /= interleave; + if (copy_byte < extra) + osection->lma++; +-- +2.43.7 + diff --git a/binutils.spec b/binutils.spec index 04d5469cfeeffed5430eaffe0d110c47d537f5ee..683250726e9107913db3b12c82b13134d7fe53dd 100644 --- a/binutils.spec +++ b/binutils.spec @@ -1,7 +1,7 @@ Summary: Binary utilities Name: binutils Version: 2.37 -Release: 34 +Release: 35 License: GPLv3+ URL: https://sourceware.org/binutils @@ -92,6 +92,7 @@ Patch3064: SME-0010-aarch64-Add-support-for-new-SME-instructions.patch Patch3065: backport-libctf-fix-ref-leak-of-names-of-newly-inserted-non-r.patch Patch3066: backport-CVE-2024-57630.patch Patch3067: backport-CVE-2025-0840.patch +Patch3068: backport-CVE-2025-7545.patch %ifarch loongarch64 # LoongArch @@ -480,6 +481,9 @@ fi %{_infodir}/bfd*info* %changelog +* Wed Aug 20 2025 Yu Peng - 2.37-35 +- Fix CVE-2025-7545:objcopy: Don't extend the output section size + * Tue Aug 19 2025 eastb233 - 2.37-34 - [NFC] format patch names