From 9de900f7bee8c4ab8ba4bace4c029653426c6126 Mon Sep 17 00:00:00 2001
From: eastb233 <xiezhiheng@huawei.com>
Date: Sat, 30 Aug 2025 17:21:03 +0800
Subject: [PATCH] Fix CVE-2025-5244, CVE-2025-5245

(cherry picked from commit ad8d6f3d7f9b2af30fb02eaca21975a1e52862e5)
---
 ...ing.patch => backport-CVE-2024-57630.patch |  0
 backport-CVE-2025-5244.patch                  | 30 +++++++++++++
 backport-CVE-2025-5245.patch                  | 44 +++++++++++++++++++
 binutils.spec                                 | 15 ++++++-
 4 files changed, 87 insertions(+), 2 deletions(-)
 rename nm-Avoid-potential-segmentation-fault-when-displaying.patch => backport-CVE-2024-57630.patch (100%)
 create mode 100644 backport-CVE-2025-5244.patch
 create mode 100644 backport-CVE-2025-5245.patch

diff --git a/nm-Avoid-potential-segmentation-fault-when-displaying.patch b/backport-CVE-2024-57630.patch
similarity index 100%
rename from nm-Avoid-potential-segmentation-fault-when-displaying.patch
rename to backport-CVE-2024-57630.patch
diff --git a/backport-CVE-2025-5244.patch b/backport-CVE-2025-5244.patch
new file mode 100644
index 0000000..045e111
--- /dev/null
+++ b/backport-CVE-2025-5244.patch
@@ -0,0 +1,30 @@
+From d1458933830456e54223d9fc61f0d9b3a19256f5 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Thu, 10 Apr 2025 19:41:49 +0930
+Subject: [PATCH] PR32858 ld segfault on fuzzed object
+
+We missed one place where it is necessary to check for empty groups.
+
+	PR 32858
+	* elflink.c (elf_gc_sweep): Protect against empty group.
+---
+ bfd/elflink.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/bfd/elflink.c b/bfd/elflink.c
+index a76e8e38da7..549b7b7dd92 100644
+--- a/bfd/elflink.c
++++ b/bfd/elflink.c
+@@ -14408,7 +14408,8 @@ elf_gc_sweep (bfd *abfd, struct bfd_link_info *info)
+ 	  if (o->flags & SEC_GROUP)
+ 	    {
+ 	      asection *first = elf_next_in_group (o);
+-	      o->gc_mark = first->gc_mark;
++	      if (first != NULL)
++		o->gc_mark = first->gc_mark;
+ 	    }
+ 
+ 	  if (o->gc_mark)
+-- 
+2.43.0
+
diff --git a/backport-CVE-2025-5245.patch b/backport-CVE-2025-5245.patch
new file mode 100644
index 0000000..4eca04b
--- /dev/null
+++ b/backport-CVE-2025-5245.patch
@@ -0,0 +1,44 @@
+From 6c3458a8b7ee7d39f070c7b2350851cb2110c65a Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Tue, 1 Apr 2025 22:36:54 +1030
+Subject: [PATCH] PR32829, SEGV on objdump function debug_type_samep
+
+u.kenum is always non-NULL, see debug_make_enum_type.
+
+PR 32829
+* debug.c (debug_type_samep): Correct incomplete enum test.
+(debug_write_type): Remove dead code.
+---
+ binutils/debug.c | 9 +++------
+ 1 file changed, 3 insertions(+), 6 deletions(-)
+
+diff --git a/binutils/debug.c b/binutils/debug.c
+index 022fa4ed..49b5ec69 100644
+--- a/binutils/debug.c
++++ b/binutils/debug.c
+@@ -2545,9 +2545,6 @@ debug_write_type (struct debug_handle *info,
+     case DEBUG_KIND_UNION_CLASS:
+       return debug_write_class_type (info, fns, fhandle, type, tag);
+     case DEBUG_KIND_ENUM:
+-      if (type->u.kenum == NULL)
+-	return (*fns->enum_type) (fhandle, tag, (const char **) NULL,
+-				  (bfd_signed_vma *) NULL);
+       return (*fns->enum_type) (fhandle, tag, type->u.kenum->names,
+ 				type->u.kenum->values);
+     case DEBUG_KIND_POINTER:
+@@ -3089,9 +3086,9 @@ debug_type_samep (struct debug_handle *info, struct debug_type_s *t1,
+       break;
+ 
+     case DEBUG_KIND_ENUM:
+-      if (t1->u.kenum == NULL)
+-	ret = t2->u.kenum == NULL;
+-      else if (t2->u.kenum == NULL)
++      if (t1->u.kenum->names == NULL)
++	ret = t2->u.kenum->names == NULL;
++      else if (t2->u.kenum->names == NULL)
+ 	ret = false;
+       else
+ 	{
+-- 
+2.43.0
+
diff --git a/binutils.spec b/binutils.spec
index 4a2cd20..5849d5e 100644
--- a/binutils.spec
+++ b/binutils.spec
@@ -2,7 +2,7 @@
 Summary: A GNU collection of binary utilities
 Name: binutils%{?_with_debug:-debug}
 Version: 2.41
-Release: 23
+Release: 24
 License: GPL-3.0-or-later AND (GPL-3.0-or-later WITH Bison-exception-2.2) AND (LGPL-2.0-or-later WITH GCC-exception-2.0) AND BSD-3-Clause AND GFDL-1.3-or-later AND GPL-2.0-or-later AND LGPL-2.1-or-later AND LGPL-2.0-or-later
 URL: https://sourceware.org/binutils
 
@@ -386,7 +386,7 @@ Patch5012: backport-Fix-slowdown-about-partial-linking.patch
 # Purpose: nm: Avoid potential segmentation fault when displaying
 #          symbols without version info.
 # Lifetime: Fixed in 2.44
-Patch5013: nm-Avoid-potential-segmentation-fault-when-displaying.patch
+Patch5013: backport-CVE-2024-57630.patch
 
 # Purpose: PR32560 stack-buffer-overflow at objdump disassemble_bytes
 # Lifetime: Fixed in 2.44
@@ -424,6 +424,14 @@ Patch5026: backport-x86-64-fix-suffix-less-PUSH-of-symbol-address.patch
 Patch5027: backport-x86-Check-MODRM-for-call-and-jmp-in-binutils-older-t.patch
 Patch5028: backport-x86-restrict-prefix-use-with-.insn-VEX-XOP-EVEX.patch
 
+# Purpose:  PR binutils/32858
+# Lifetime: Fixed in 2.45
+Patch5029: backport-CVE-2025-5244.patch
+
+# Purpose:  PR binutils/32829
+# Lifetime: Fixed in 2.45
+Patch5030: backport-CVE-2025-5245.patch
+
 #----------------------------------------------------------------------------
 
 Provides: bundled(libiberty)
@@ -1438,6 +1446,9 @@ exit 0
 
 #----------------------------------------------------------------------------
 %changelog
+* Sat Aug 30 2025 eastb233 <xiezhiheng@huawei.com> -2.41-24
+- Fix CVE-2025-5244, CVE-2025-5245
+
 * Mon Aug 25 2025 Peng Fan <fanpeng@loongson.cn>  - 2.41-23
 - LoongArch: common sync from upstream.
 
-- 
Gitee