diff --git a/Fix-CVE-2025-7546.patch b/Fix-CVE-2025-7546.patch new file mode 100644 index 0000000000000000000000000000000000000000..2402f5df164363bfc05f7d6baa81b3e8de6b1d61 --- /dev/null +++ b/Fix-CVE-2025-7546.patch @@ -0,0 +1,53 @@ +From 41461010eb7c79fee7a9d5f6209accdaac66cc6b Mon Sep 17 00:00:00 2001 +From: "H.J. Lu" +Date: Sat, 21 Jun 2025 06:52:00 +0800 +Subject: [PATCH 1/1] elf: Report corrupted group section + +Report corrupted group section instead of trying to recover. + + PR binutils/33050 + * elf.c (bfd_elf_set_group_contents): Report corrupted group + section. + +Signed-off-by: H.J. Lu +--- + bfd/elf.c | 23 ++++++++++------------- + 1 file changed, 10 insertions(+), 13 deletions(-) + +diff --git a/bfd/elf.c b/bfd/elf.c +index 14ce15c7254..ee894eb05f2 100644 +--- a/bfd/elf.c ++++ b/bfd/elf.c +@@ -3971,20 +3971,17 @@ bfd_elf_set_group_contents (bfd *abfd, asection *sec, void *failedptrarg) + break; + } + +- /* We should always get here with loc == sec->contents + 4, but it is +- possible to craft bogus SHT_GROUP sections that will cause segfaults +- in objcopy without checking loc here and in the loop above. */ +- if (loc == sec->contents) +- BFD_ASSERT (0); +- else ++ /* We should always get here with loc == sec->contents + 4. Return ++ an error for bogus SHT_GROUP sections. */ ++ loc -= 4; ++ if (loc != sec->contents) + { +- loc -= 4; +- if (loc != sec->contents) +- { +- BFD_ASSERT (0); +- memset (sec->contents + 4, 0, loc - sec->contents); +- loc = sec->contents; +- } ++ /* xgettext:c-format */ ++ _bfd_error_handler (_("%pB: corrupted group section: `%pA'"), ++ abfd, sec); ++ bfd_set_error (bfd_error_bad_value); ++ *failedptr = true; ++ return; + } + + H_PUT_32 (abfd, sec->flags & SEC_LINK_ONCE ? GRP_COMDAT : 0, loc); +-- +2.43.7 diff --git a/gdb.spec b/gdb.spec index 7fed17d697559545ab890dca1d0fe165bd9ec326..fc206eb8056ddd11d9d0a3f27b70e63489420d1a 100644 --- a/gdb.spec +++ b/gdb.spec @@ -1,6 +1,6 @@ Name: gdb Version: 14.1 -Release: 4 +Release: 5 License: GPLv3+ and GPLv3+ with exceptions and GPLv2+ and GPLv2+ with exceptions and GPL+ and LGPLv2+ and LGPLv3+ and BSD and Public Domain and GFDL-1.3 Source: https://ftp.gnu.org/gnu/gdb/gdb-%{version}.tar.xz @@ -58,6 +58,7 @@ Patch45: gdb-rhbz2250652-avoid-PyOS_ReadlineTState.patch Patch46: gdb-rhbz2257562-cp-namespace-null-ptr-check.patch Patch47: gdb-ftbs-swapped-calloc-args.patch # Fedra patch end +Patch48: Fix-CVE-2025-7546.patch Patch9000: 0001-set-entry-point-when-text-segment-is-missing.patch @@ -335,6 +336,9 @@ rm -f $RPM_BUILD_ROOT%{_datadir}/gdb/python/gdb/command/backtrace.py %{_infodir}/ctf-spec.info* %changelog +* Mon Jul 28 2025 zhangjian - 14.1-5 +- Fix CVE-2025-7546 + * Fri Jan 17 2025 Funda Wang - 14.1-4 - Disable guile support as it is not used for years