diff --git a/backport-CVE-2025-7545.patch b/backport-CVE-2025-7545.patch new file mode 100644 index 0000000000000000000000000000000000000000..aff415803fc8225ee3d62defe00c8b1ca8acd50a --- /dev/null +++ b/backport-CVE-2025-7545.patch @@ -0,0 +1,44 @@ +From 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944 Mon Sep 17 00:00:00 2001 +From: "H.J. Lu" +Date: Sat, 21 Jun 2025 06:36:56 +0800 +Subject: [PATCH] objcopy: Don't extend the output section size + +Since the output section contents are copied from the input, don't +extend the output section size beyond the input section size. + + PR binutils/33049 + * objcopy.c (copy_section): Don't extend the output section + size beyond the input section size. + +Signed-off-by: H.J. Lu +--- + binutils/objcopy.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/binutils/objcopy.c b/binutils/objcopy.c +index 366e1079d82..2e98ba44c01 100644 +--- a/binutils/objcopy.c ++++ b/binutils/objcopy.c +@@ -4514,6 +4514,7 @@ copy_section (bfd *ibfd, sec_ptr isection, void *obfdarg) + char *to = (char *) memhunk; + char *end = (char *) memhunk + size; + int i; ++ bfd_size_type memhunk_size = size; + + /* If the section address is not exactly divisible by the interleave, + then we must bias the from address. If the copy_byte is less than +@@ -4533,6 +4534,11 @@ copy_section (bfd *ibfd, sec_ptr isection, void *obfdarg) + } + + size = (size + interleave - 1 - copy_byte) / interleave * copy_width; ++ ++ /* Don't extend the output section size. */ ++ if (size > memhunk_size) ++ size = memhunk_size; ++ + osection->lma /= interleave; + if (copy_byte < extra) + osection->lma++; +-- +2.43.7 + diff --git a/binutils.spec b/binutils.spec index 2938f36e2d329b9f32c651682d267e6daf66f45b..96bc28394c110da738101f5549078b077bdf6ace 100644 --- a/binutils.spec +++ b/binutils.spec @@ -1,7 +1,7 @@ Summary: Binary utilities Name: binutils Version: 2.34 -Release: 36 +Release: 37 License: GPLv3+ URL: https://sourceware.org/binutils @@ -71,6 +71,7 @@ Patch56: backport-CVE-2025-0840.patch Patch57: backport-CVE-2025-3198.patch Patch58: backport-CVE-2025-5244.patch Patch59: backport-CVE-2025-5245.patch +Patch60: backport-CVE-2025-7545.patch Provides: bundled(libiberty) @@ -325,6 +326,9 @@ fi %{_infodir}/bfd*info* %changelog +* Wed Aug 20 2025 Yu Peng - 2.34-37 +- Fix CVE-2025-7545:objcopy: Don't extend the output section size + * Tue Aug 19 2025 eastb233 - 2.34-36 - [NFC] format patch names