binutils: Upgrade to 2.45 release

Added support for SFrame stack tracing with ELF binaries on x86 and AArch64 architectures.
Support for various new RISC-V extensions
Support for most Armv9.6 extensions.

Detailed release notes are here [1]

[1] https://lists.gnu.org/archive/html/info-gnu/2025-07/msg00009.html

(From OE-Core rev: a03cc7e39ea182d4818bc6a2b0fe7d355e5c44b3)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

meta/recipes-devtools/binutils/binutils-2.45.inc

@@ -12,15 +12,15 @@ LIC_FILES_CHKSUM = "\
 
 # When upgrading to next major release, ensure that there is no trailing .0, so
 # that upstream version check can work correctly.
-PV = "2.44"
-CVE_VERSION = "2.44"
-SRCBRANCH ?= "binutils-2_44-branch"
+PV = "2.45"
+CVE_VERSION = "2.45"
+SRCBRANCH ?= "binutils-2_45-branch"
 
 UPSTREAM_CHECK_GITTAGREGEX = "binutils-(?P<pver>\d+_(\d_?)*)"
 
 CVE_STATUS[CVE-2025-1153] = "cpe-stable-backport: fix available in used git hash"
 
-SRCREV ?= "8e98f97aecb0f0a1a1e2ef244e9aa235248ef8fa"
+SRCREV ?= "2bc7af1ff7732451b6a7b09462a815c3284f9613"
 BINUTILS_GIT_URI ?= "git://sourceware.org/git/binutils-gdb.git;branch=${SRCBRANCH};protocol=https"
 SRC_URI = "\
      ${BINUTILS_GIT_URI} \
@@ -35,14 +35,4 @@ SRC_URI = "\
      file://0012-Only-generate-an-RPATH-entry-if-LD_RUN_PATH-is-not-e.patch \
      file://0013-Define-alignof-using-_Alignof-when-using-C11-or-newe.patch \
      file://0014-Remove-duplicate-pe-dll.o-entry-deom-targ_extra_ofil.patch \
-     file://0015-CVE-2025-1178.patch \
-     file://CVE-2025-1180.patch \
-     file://CVE-2025-1182.patch \
-     file://0016-CVE-2025-1181-1.patch \
-     file://0017-CVE-2025-1181-2.patch \
-     file://0018-CVE-2025-5245.patch \
-     file://0019-CVE-2025-5244.patch \
-     file://0019-CVE-2025-3198.patch \
-     file://0020-CVE-2025-7546.patch \
-     file://0020-CVE-2025-7545.patch \
 "

meta/recipes-devtools/binutils/binutils/0001-binutils-crosssdk-Generate-relocatable-SDKs.patch

@@ -1,4 +1,4 @@
-From df3faaf0a09fd828330d3bac45782868a04f7bc0 Mon Sep 17 00:00:00 2001
+From 61cfb723b5fba70c823a9b486a9e4f30b28a8f53 Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Mon, 2 Mar 2015 01:58:54 +0000
 Subject: [PATCH] binutils-crosssdk: Generate relocatable SDKs

meta/recipes-devtools/binutils/binutils/0002-binutils-cross-Do-not-generate-linker-script-directo.patch

@@ -1,4 +1,4 @@
-From 3105d7ecc3f16d66c19985a6557cd1e9becfab55 Mon Sep 17 00:00:00 2001
+From 82bbbee7c31f64e51e6221fbbd29760ac61b789f Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Mon, 6 Mar 2017 23:37:05 -0800
 Subject: [PATCH] binutils-cross: Do not generate linker script directories

meta/recipes-devtools/binutils/binutils/0003-binutils-nativesdk-Search-for-alternative-ld.so.conf.patch

@@ -1,4 +1,4 @@
-From d718e17e1668880a85ff05993f0027d9c9ad6935 Mon Sep 17 00:00:00 2001
+From 96b52f92b2888e1954f619bffd17a3f55be2e27e Mon Sep 17 00:00:00 2001
 From: Richard Purdie <richard.purdie@linuxfoundation.org>
 Date: Wed, 19 Feb 2020 09:51:16 -0800
 Subject: [PATCH] binutils-nativesdk: Search for alternative ld.so.conf in SDK
@@ -57,7 +57,7 @@ index 3e24bd4deb2..23d4f1f3132 100644
  AM_CFLAGS = $(WARN_CFLAGS) $(ELF_CFLAGS) $(JANSSON_CFLAGS) $(ZSTD_CFLAGS)
  
 diff --git a/ld/ldelf.c b/ld/ldelf.c
-index 4a1aa044e70..f6f3ac11a76 100644
+index f4f27fc3873..a870c39bd81 100644
 --- a/ld/ldelf.c
 +++ b/ld/ldelf.c
 @@ -943,7 +943,7 @@ ldelf_check_ld_so_conf (const struct bfd_link_needed_list *l, int force,
@@ -70,10 +70,10 @@ index 4a1aa044e70..f6f3ac11a76 100644
        if (!ldelf_parse_ld_so_conf (&info, tmppath))
  	{
 diff --git a/ld/ldmain.c b/ld/ldmain.c
-index f1c5f7035c5..cce4991b25a 100644
+index 67c60c3f80d..7878bd3922f 100644
 --- a/ld/ldmain.c
 +++ b/ld/ldmain.c
-@@ -69,6 +69,7 @@ char *program_name;
+@@ -74,6 +74,7 @@ char *program_name;
  
  /* The prefix for system library directories.  */
  const char *ld_sysroot;

meta/recipes-devtools/binutils/binutils/0004-Point-scripts-location-to-libdir.patch

@@ -1,4 +1,4 @@
-From 0ff4f23d3521a45835eaa03731c0b3351a50d8ba Mon Sep 17 00:00:00 2001
+From 94c43a338e789b32a31e830c971ac52332c3fe5a Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Mon, 2 Mar 2015 01:09:58 +0000
 Subject: [PATCH] Point scripts location to libdir

meta/recipes-devtools/binutils/binutils/0005-don-t-let-the-distro-compiler-point-to-the-wrong-ins.patch

@@ -1,4 +1,4 @@
-From 340d2cf058b373ed4fbf6bcea4f6674eab23c73a Mon Sep 17 00:00:00 2001
+From 7e78955c1995a39c847013b909627f77c41ca232 Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Mon, 2 Mar 2015 01:39:01 +0000
 Subject: [PATCH] don't let the distro compiler point to the wrong installation
@@ -17,10 +17,10 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com>
  1 file changed, 2 insertions(+), 1 deletion(-)
 
 diff --git a/libiberty/Makefile.in b/libiberty/Makefile.in
-index b11df756b4b..f47269fdc0e 100644
+index d507f27a9ef..462d47b2eb1 100644
 --- a/libiberty/Makefile.in
 +++ b/libiberty/Makefile.in
-@@ -385,7 +385,8 @@ install-strip: install
+@@ -387,7 +387,8 @@ install-strip: install
  # multilib-specific flags, it's overridden by FLAGS_TO_PASS from the
  # default multilib, so we have to take CFLAGS into account as well,
  # since it will be passed the multilib flags.

meta/recipes-devtools/binutils/binutils/0006-warn-for-uses-of-system-directories-when-cross-linki.patch

@@ -1,4 +1,4 @@
-From e9297b35595d7dd6c50ce6ff7282eee248b7e479 Mon Sep 17 00:00:00 2001
+From 05dcd732a4b91ecd77f37fabd8a1a14209467816 Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Fri, 15 Jan 2016 06:31:09 +0000
 Subject: [PATCH] warn for uses of system directories when cross linking
@@ -52,7 +52,7 @@ Signed-off-by: Scott Garman <scott.a.garman@intel.com>
 Signed-off-by: Khem Raj <raj.khem@gmail.com>
 ---
  ld/config.in    |  3 +++
- ld/configure    | 16 ++++++++++++++++
+ ld/configure    | 20 ++++++++++++++++++--
  ld/configure.ac | 10 ++++++++++
  ld/ld.h         |  8 ++++++++
  ld/ld.texi      | 12 ++++++++++++
@@ -60,10 +60,10 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com>
  ld/ldlex.h      |  2 ++
  ld/ldmain.c     |  6 ++++--
  ld/lexsup.c     | 15 +++++++++++++++
- 9 files changed, 87 insertions(+), 2 deletions(-)
+ 9 files changed, 89 insertions(+), 4 deletions(-)
 
 diff --git a/ld/config.in b/ld/config.in
-index 2d7b6406d2b..37cd12d20fa 100644
+index 37812241bd9..be89571196c 100644
 --- a/ld/config.in
 +++ b/ld/config.in
 @@ -78,6 +78,9 @@
@@ -77,27 +77,45 @@ index 2d7b6406d2b..37cd12d20fa 100644
  #undef EXTRA_SHLIB_EXTENSION
  
 diff --git a/ld/configure b/ld/configure
-index 597d110f57a..d537ec391d2 100755
+index 4afc58566fc..ca3d58ff618 100755
 --- a/ld/configure
 +++ b/ld/configure
-@@ -844,6 +844,7 @@ with_lib_path
+@@ -841,6 +841,7 @@ enable_checking
+ with_lib_path
  enable_targets
- enable_64_bit_bfd
  with_sysroot
 +enable_poison_system_directories
  enable_gold
  enable_got
  enable_compressed_debug_sections
-@@ -1537,6 +1538,8 @@ Optional Features:
+@@ -1533,6 +1534,8 @@ Optional Features:
+   --disable-largefile     omit support for large files
    --enable-checking       enable run-time checks
    --enable-targets        alternative target configurations
-   --enable-64-bit-bfd     64-bit support (on hosts with narrower word sizes)
 +  --enable-poison-system-directories
 +                          warn for use of native system library directories
    --enable-gold[=ARG]     build gold [ARG={default,yes,no}]
    --enable-got=<type>     GOT handling scheme (target, single, negative,
                            multigot)
-@@ -15571,6 +15574,19 @@ fi
+@@ -11514,7 +11517,7 @@ else
+   lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
+   lt_status=$lt_dlunknown
+   cat > conftest.$ac_ext <<_LT_EOF
+-#line 11517 "configure"
++#line 11520 "configure"
+ #include "confdefs.h"
+ 
+ #if HAVE_DLFCN_H
+@@ -11620,7 +11623,7 @@ else
+   lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
+   lt_status=$lt_dlunknown
+   cat > conftest.$ac_ext <<_LT_EOF
+-#line 11623 "configure"
++#line 11626 "configure"
+ #include "confdefs.h"
+ 
+ #if HAVE_DLFCN_H
+@@ -15367,6 +15370,19 @@ fi
  
  
  
@@ -118,10 +136,10 @@ index 597d110f57a..d537ec391d2 100755
  if test "${enable_gold+set}" = set; then :
    enableval=$enable_gold; case "${enableval}" in
 diff --git a/ld/configure.ac b/ld/configure.ac
-index 228f2ee4089..50a4b0f4db1 100644
+index 3ee84958b1c..99ea84513da 100644
 --- a/ld/configure.ac
 +++ b/ld/configure.ac
-@@ -102,6 +102,16 @@ AC_SUBST(use_sysroot)
+@@ -115,6 +115,16 @@ AC_SUBST(use_sysroot)
  AC_SUBST(TARGET_SYSTEM_ROOT)
  AC_SUBST(TARGET_SYSTEM_ROOT_DEFINE)
  
@@ -139,7 +157,7 @@ index 228f2ee4089..50a4b0f4db1 100644
  dnl "install_as_default" is set to false if gold is the default linker.
  dnl "installed_linker" is the installed BFD linker name.
 diff --git a/ld/ld.h b/ld/ld.h
-index 254f0a097bb..daf777c65c8 100644
+index c8688153bd4..0b16caf347a 100644
 --- a/ld/ld.h
 +++ b/ld/ld.h
 @@ -166,6 +166,14 @@ typedef struct
@@ -158,10 +176,10 @@ index 254f0a097bb..daf777c65c8 100644
    enum endian_enum endian;
  
 diff --git a/ld/ld.texi b/ld/ld.texi
-index f6384ad82dd..26479a6a232 100644
+index 413335ad765..7bea7fd7e1f 100644
 --- a/ld/ld.texi
 +++ b/ld/ld.texi
-@@ -3279,6 +3279,18 @@ creation of the metadata note, if one had been enabled by an earlier
+@@ -3350,6 +3350,18 @@ creation of the metadata note, if one had been enabled by an earlier
  occurrence of the --package-metadata option.
  If the linker has been built with libjansson, then the JSON string
  will be validated.
@@ -181,7 +199,7 @@ index f6384ad82dd..26479a6a232 100644
  
  @c man end
 diff --git a/ld/ldfile.c b/ld/ldfile.c
-index 12551504ae6..8bea4e7048f 100644
+index 75fd360d5e3..5a825c52bd3 100644
 --- a/ld/ldfile.c
 +++ b/ld/ldfile.c
 @@ -328,6 +328,23 @@ ldfile_add_library_path (const char *name, bool cmdline)
@@ -209,10 +227,10 @@ index 12551504ae6..8bea4e7048f 100644
  
  static void
 diff --git a/ld/ldlex.h b/ld/ldlex.h
-index b8b7d6b6829..a8faeb635c4 100644
+index 815da76a4c0..53fabed4ba2 100644
 --- a/ld/ldlex.h
 +++ b/ld/ldlex.h
-@@ -150,6 +150,8 @@ enum option_values
+@@ -151,6 +151,8 @@ enum option_values
    OPTION_PLUGIN_OPT,
    OPTION_PLUGIN_SAVE_TEMPS,
  #endif /* BFD_SUPPORTS_PLUGINS */
@@ -222,10 +240,10 @@ index b8b7d6b6829..a8faeb635c4 100644
    OPTION_PRINT_OUTPUT_FORMAT,
    OPTION_PRINT_SYSROOT,
 diff --git a/ld/ldmain.c b/ld/ldmain.c
-index cce4991b25a..1859465635d 100644
+index 7878bd3922f..c9293a3cf41 100644
 --- a/ld/ldmain.c
 +++ b/ld/ldmain.c
-@@ -352,6 +352,8 @@ main (int argc, char **argv)
+@@ -672,6 +672,8 @@ main (int argc, char **argv)
    command_line.warn_mismatch = true;
    command_line.warn_search_mismatch = true;
    command_line.check_section_addresses = -1;
@@ -234,7 +252,7 @@ index cce4991b25a..1859465635d 100644
  
    /* We initialize DEMANGLING based on the environment variable
       COLLECT_NO_DEMANGLE.  The gcc collect2 program will demangle the
-@@ -1500,7 +1502,7 @@ undefined_symbol (struct bfd_link_info *info,
+@@ -1876,7 +1878,7 @@ undefined_symbol (struct bfd_link_info *info,
        argv[1] = "undefined-symbol";
        argv[2] = (char *) name;
        argv[3] = NULL;
@@ -243,7 +261,7 @@ index cce4991b25a..1859465635d 100644
        if (verbose)
  	einfo (_("%P: About to run error handling script '%s' with arguments: '%s' '%s'\n"),
  	       argv[0], argv[1], argv[2]);
-@@ -1521,7 +1523,7 @@ undefined_symbol (struct bfd_link_info *info,
+@@ -1897,7 +1899,7 @@ undefined_symbol (struct bfd_link_info *info,
  	 carry on to issue the normal error message.  */
      }
  #endif /* SUPPORT_ERROR_HANDLING_SCRIPT */
@@ -253,10 +271,10 @@ index cce4991b25a..1859465635d 100644
      {
        if (error_count < MAX_ERRORS_IN_A_ROW)
 diff --git a/ld/lexsup.c b/ld/lexsup.c
-index 5399aa45b72..8f9a221bfba 100644
+index bde20465835..95ab1b7c200 100644
 --- a/ld/lexsup.c
 +++ b/ld/lexsup.c
-@@ -650,6 +650,14 @@ static const struct ld_option ld_options[] =
+@@ -652,6 +652,14 @@ static const struct ld_option ld_options[] =
  		   "                                <method> is: share-unconflicted (default),\n"
  		   "                                             share-duplicated"),
      TWO_DASHES },
@@ -271,7 +289,7 @@ index 5399aa45b72..8f9a221bfba 100644
  };
  
  #define OPTION_COUNT ARRAY_SIZE (ld_options)
-@@ -1838,6 +1846,13 @@ parse_args (unsigned argc, char **argv)
+@@ -1849,6 +1857,13 @@ parse_args (unsigned argc, char **argv)
  
  	case OPTION_PRINT_MAP_LOCALS:
  	  config.print_map_locals = true;

meta/recipes-devtools/binutils/binutils/0007-fix-the-incorrect-assembling-for-ppc-wait-mnemonic.patch

@@ -1,4 +1,4 @@
-From de07998ce2189c329220a76feb073438c4ec88f5 Mon Sep 17 00:00:00 2001
+From c1def8b996df3f6cace833cf72116de93ed48195 Mon Sep 17 00:00:00 2001
 From: Zhenhua Luo <zhenhua.luo@nxp.com>
 Date: Sat, 11 Jun 2016 22:08:29 -0500
 Subject: [PATCH] fix the incorrect assembling for ppc wait mnemonic
@@ -14,10 +14,10 @@ Signed-off-by: Zhenhua Luo <zhenhua.luo@nxp.com>
  1 file changed, 1 insertion(+), 3 deletions(-)
 
 diff --git a/opcodes/ppc-opc.c b/opcodes/ppc-opc.c
-index aa4484ef9ab..81b6a4c2db9 100644
+index 712cd31d19e..a76fe73a10f 100644
 --- a/opcodes/ppc-opc.c
 +++ b/opcodes/ppc-opc.c
-@@ -7138,8 +7138,6 @@ const struct powerpc_opcode powerpc_opcodes[] = {
+@@ -7257,8 +7257,6 @@ const struct powerpc_opcode powerpc_opcodes[] = {
  {"waitasec",	X(31,30),      XRTRARB_MASK, POWER8,	POWER9,		{0}},
  {"waitrsv",	XWCPL(31,30,1,0),0xffffffff, POWER10,	EXT,		{0}},
  {"pause_short",	XWCPL(31,30,2,0),0xffffffff, POWER10,	EXT,		{0}},
@@ -26,7 +26,7 @@ index aa4484ef9ab..81b6a4c2db9 100644
  
  {"lwepx",	X(31,31),	X_MASK,	  E500MC|PPCA2, 0,		{RT, RA0, RB}},
  
-@@ -7193,7 +7191,7 @@ const struct powerpc_opcode powerpc_opcodes[] = {
+@@ -7312,7 +7310,7 @@ const struct powerpc_opcode powerpc_opcodes[] = {
  
  {"waitrsv",	X(31,62)|(1<<21), 0xffffffff, E500MC|PPCA2, EXT,	{0}},
  {"waitimpl",	X(31,62)|(2<<21), 0xffffffff, E500MC|PPCA2, EXT,	{0}},

meta/recipes-devtools/binutils/binutils/0009-Fix-rpath-in-libtool-when-sysroot-is-enabled.patch

@@ -1,4 +1,4 @@
-From 1967fbe2cbbb039e3b54666b55f6456325c58e91 Mon Sep 17 00:00:00 2001
+From da88907333b1c7d6227cd9a4a7e7469c07580c2d Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Mon, 2 Mar 2015 01:42:38 +0000
 Subject: [PATCH] Fix rpath in libtool when sysroot is enabled

meta/recipes-devtools/binutils/binutils/0010-sync-with-OE-libtool-changes.patch

@@ -1,4 +1,4 @@
-From 6b37e476ee9f7feac837063cd0ca8e634fb76f90 Mon Sep 17 00:00:00 2001
+From a876af7b3e426b746890b8b8c0e7dcea4fcdc4b9 Mon Sep 17 00:00:00 2001
 From: Ross Burton <ross.burton@intel.com>
 Date: Mon, 6 Mar 2017 23:33:27 -0800
 Subject: [PATCH] sync with OE libtool changes

meta/recipes-devtools/binutils/binutils/0011-Check-for-clang-before-checking-gcc-version.patch

@@ -1,4 +1,4 @@
-From 8942cfa25f5822d88f990c3a939c0a4f7832a0e2 Mon Sep 17 00:00:00 2001
+From 9bad9efbe713d72ca7ba01b19dcd5c34031ff6b1 Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Wed, 15 Apr 2020 14:17:20 -0700
 Subject: [PATCH] Check for clang before checking gcc version

meta/recipes-devtools/binutils/binutils/0012-Only-generate-an-RPATH-entry-if-LD_RUN_PATH-is-not-e.patch

@@ -1,4 +1,4 @@
-From fecc7af84b2735fad82da304fce37f373d2c0f53 Mon Sep 17 00:00:00 2001
+From 59998ac2c7ebc871587a4b02e003f654673b1629 Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Thu, 10 Mar 2022 21:21:33 -0800
 Subject: [PATCH] Only generate an RPATH entry if LD_RUN_PATH is not empty
@@ -14,7 +14,7 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com>
  1 file changed, 5 insertions(+)
 
 diff --git a/ld/ldelf.c b/ld/ldelf.c
-index f6f3ac11a76..77442fdc964 100644
+index a870c39bd81..82e41ff5785 100644
 --- a/ld/ldelf.c
 +++ b/ld/ldelf.c
 @@ -1134,6 +1134,9 @@ ldelf_handle_dt_needed (struct elf_link_hash_table *htab,
@@ -27,7 +27,7 @@ index f6f3ac11a76..77442fdc964 100644
  		  if (path
  		      && ldelf_search_needed (path, &n, force,
  					      is_linux, elfsize))
-@@ -1811,6 +1814,8 @@ ldelf_before_allocation (char *audit, char *depaudit,
+@@ -1808,6 +1811,8 @@ ldelf_before_allocation (char **audit, char **depaudit,
    rpath = command_line.rpath;
    if (rpath == NULL)
      rpath = (const char *) getenv ("LD_RUN_PATH");

meta/recipes-devtools/binutils/binutils/0013-Define-alignof-using-_Alignof-when-using-C11-or-newe.patch

@@ -1,4 +1,4 @@
-From ea68b64a00dd236c6e062a9403bf8a4b2234aaa5 Mon Sep 17 00:00:00 2001
+From 4e9b1d2b54289068f36bd572e378662c720351d4 Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Sun, 15 Jan 2023 00:16:25 -0800
 Subject: [PATCH] Define alignof using _Alignof when using C11 or newer

meta/recipes-devtools/binutils/binutils/0014-Remove-duplicate-pe-dll.o-entry-deom-targ_extra_ofil.patch

@@ -1,4 +1,4 @@
-From f40157cc203a8c8348fb9a39d9fd830d6b4b23f7 Mon Sep 17 00:00:00 2001
+From a17eacebc6a652a83577cbdf65b4ea3161090aac Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Wed, 18 Jan 2023 19:35:07 -0800
 Subject: [PATCH] Remove duplicate pe-dll.o entry deom targ_extra_ofiles

meta/recipes-devtools/binutils/binutils/0015-CVE-2025-1178.patch

@@ -1,33 +0,0 @@
-From 75086e9de1707281172cc77f178e7949a4414ed0 Mon Sep 17 00:00:00 2001
-From: Nick Clifton <nickc@redhat.com>
-Date: Wed, 5 Feb 2025 13:26:51 +0000
-Subject: [PATCH] Prevent an abort in the bfd linker when attempting to
- generate dynamic relocs for a corrupt input file.
-
-PR 32638
-
-Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=75086e9de1707281172cc77f178e7949a4414ed0]
-CVE: CVE-2025-1178
-
-Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
-
-diff --git a/bfd/elf64-x86-64.c b/bfd/elf64-x86-64.c
-index cb32732e..a08e9c97 100644
---- a/bfd/elf64-x86-64.c
-+++ b/bfd/elf64-x86-64.c
-@@ -5031,6 +5031,15 @@ elf_x86_64_finish_dynamic_symbol (bfd *output_bfd,
- 
-       if (generate_dynamic_reloc)
- 	{
-+	  /* If the relgot section has not been created, then
-+	     generate an error instead of a reloc.  cf PR 32638.  */
-+	  if (relgot == NULL || relgot->size == 0)
-+	    {
-+	      info->callbacks->einfo (_("%F%pB: Unable to generate dynamic relocs because a suitable section does not exist\n"),
-+					output_bfd);
-+	      return false;
-+	    }
-+	  
- 	  if (relative_reloc_name != NULL
- 	      && htab->params->report_relative_reloc)
- 	    _bfd_x86_elf_link_report_relative_reloc

meta/recipes-devtools/binutils/binutils/0016-CVE-2025-1181-1.patch

@@ -1,141 +0,0 @@
-From: Nick Clifton <nickc@redhat.com>
-Date: Wed, 5 Feb 2025 14:31:10 +0000
-
-Prevent illegal memory access when checking relocs in a corrupt ELF binary.
-
-PR 32641
-
-Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=18cc11a2771d9e40180485da9a4fb660c03efac3]
-CVE: CVE-2025-1181
-
-Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
-
-diff --git a/bfd/elf-bfd.h b/bfd/elf-bfd.h
-index 785a37dd7fd..d2bf8e5cbae 100644
---- a/bfd/elf-bfd.h
-+++ b/bfd/elf-bfd.h
-@@ -3150,6 +3150,9 @@ extern bool _bfd_elf_link_mmap_section_contents
- extern void _bfd_elf_link_munmap_section_contents
-   (asection *);
- 
-+extern struct elf_link_hash_entry * _bfd_elf_get_link_hash_entry
-+  (struct elf_link_hash_entry **, unsigned int, Elf_Internal_Shdr *);
-+
- /* Large common section.  */
- extern asection _bfd_elf_large_com_section;
- 
-diff --git a/bfd/elf64-x86-64.c b/bfd/elf64-x86-64.c
-index 32db254ba6c..2d82c6583c3 100644
---- a/bfd/elf64-x86-64.c
-+++ b/bfd/elf64-x86-64.c
-@@ -1744,7 +1744,7 @@ elf_x86_64_convert_load_reloc (bfd *abfd,
-   bool to_reloc_pc32;
-   bool abs_symbol;
-   bool local_ref;
--  asection *tsec;
-+  asection *tsec = NULL;
-   bfd_signed_vma raddend;
-   unsigned int opcode;
-   unsigned int modrm;
-@@ -1910,6 +1910,9 @@ elf_x86_64_convert_load_reloc (bfd *abfd,
- 	return true;
-     }
- 
-+  if (tsec == NULL)
-+    return false;
-+
-   /* Don't convert GOTPCREL relocation against large section.  */
-   if (elf_section_data (tsec) !=  NULL
-       && (elf_section_flags (tsec) & SHF_X86_64_LARGE) != 0)
-@@ -2206,10 +2209,7 @@ elf_x86_64_scan_relocs (bfd *abfd, struct bfd_link_info *info,
-       else
- 	{
- 	  isym = NULL;
--	  h = sym_hashes[r_symndx - symtab_hdr->sh_info];
--	  while (h->root.type == bfd_link_hash_indirect
--		 || h->root.type == bfd_link_hash_warning)
--	    h = (struct elf_link_hash_entry *) h->root.u.i.link;
-+	  h = _bfd_elf_get_link_hash_entry (sym_hashes, r_symndx, symtab_hdr);
- 	}
- 
-       /* Check invalid x32 relocations.  */
-diff --git a/bfd/elflink.c b/bfd/elflink.c
-index 1f1263007c0..eafbd133ff5 100644
---- a/bfd/elflink.c
-+++ b/bfd/elflink.c
-@@ -96,6 +96,27 @@ _bfd_elf_link_keep_memory (struct bfd_link_info *info)
-   return true;
- }
- 
-+struct elf_link_hash_entry *
-+_bfd_elf_get_link_hash_entry (struct elf_link_hash_entry **  sym_hashes,
-+			      unsigned int                   symndx,
-+			      Elf_Internal_Shdr *            symtab_hdr)
-+{
-+  if (symndx < symtab_hdr->sh_info)
-+    return NULL;
-+
-+  struct elf_link_hash_entry *h = sym_hashes[symndx - symtab_hdr->sh_info];
-+
-+  /* The hash might be empty.  See PR 32641 for an example of this.  */
-+  if (h == NULL)
-+    return NULL;
-+
-+  while (h->root.type == bfd_link_hash_indirect
-+	 || h->root.type == bfd_link_hash_warning)
-+    h = (struct elf_link_hash_entry *) h->root.u.i.link;
-+
-+  return h;
-+}
-+
- static struct elf_link_hash_entry *
- get_ext_sym_hash (struct elf_reloc_cookie *cookie, unsigned long r_symndx)
- {
-@@ -108,6 +129,9 @@ get_ext_sym_hash (struct elf_reloc_cookie *cookie, unsigned long r_symndx)
-     {
-       h = cookie->sym_hashes[r_symndx - cookie->extsymoff];
- 
-+      if (h == NULL)
-+	return NULL;
-+
-       while (h->root.type == bfd_link_hash_indirect
- 	     || h->root.type == bfd_link_hash_warning)
- 	h = (struct elf_link_hash_entry *) h->root.u.i.link;
-diff --git a/bfd/elfxx-x86.c b/bfd/elfxx-x86.c
-index 8e5a005fd36..832a5495eb1 100644
---- a/bfd/elfxx-x86.c
-+++ b/bfd/elfxx-x86.c
-@@ -973,15 +973,7 @@ _bfd_x86_elf_check_relocs (bfd *abfd,
- 	  goto error_return;
- 	}
- 
--      if (r_symndx < symtab_hdr->sh_info)
--	h = NULL;
--      else
--	{
--	  h = sym_hashes[r_symndx - symtab_hdr->sh_info];
--	  while (h->root.type == bfd_link_hash_indirect
--		 || h->root.type == bfd_link_hash_warning)
--	    h = (struct elf_link_hash_entry *) h->root.u.i.link;
--	}
-+      h = _bfd_elf_get_link_hash_entry (sym_hashes, r_symndx, symtab_hdr);
- 
-       if (X86_NEED_DYNAMIC_RELOC_TYPE_P (is_x86_64, r_type)
- 	  && NEED_DYNAMIC_RELOCATION_P (is_x86_64, info, true, h, sec,
-@@ -1209,10 +1201,12 @@ _bfd_x86_elf_link_relax_section (bfd *abfd ATTRIBUTE_UNUSED,
-       else
- 	{
- 	  /* Get H and SEC for GENERATE_DYNAMIC_RELOCATION_P below.  */
--	  h = sym_hashes[r_symndx - symtab_hdr->sh_info];
--	  while (h->root.type == bfd_link_hash_indirect
--		 || h->root.type == bfd_link_hash_warning)
--	    h = (struct elf_link_hash_entry *) h->root.u.i.link;
-+	  h = _bfd_elf_get_link_hash_entry (sym_hashes, r_symndx, symtab_hdr);
-+	  if (h == NULL)
-+	    {
-+	      /* FIXMEL: Issue an error message ?  */
-+	      continue;
-+	    }
- 
- 	  if (h->root.type == bfd_link_hash_defined
- 	      || h->root.type == bfd_link_hash_defweak)

meta/recipes-devtools/binutils/binutils/0017-CVE-2025-1181-2.patch

@@ -1,337 +0,0 @@
-From: Nick Clifton <nickc@redhat.com>
-Date: Wed, 5 Feb 2025 15:43:04 +0000
-
-Add even more checks for corrupt input when processing
-relocations for ELF files.
-
-PR 32643
-
-Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=931494c9a89558acb36a03a340c01726545eef24]
-CVE: CVE-2025-1181
-
-Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
-
-diff --git a/bfd/elflink.c b/bfd/elflink.c
-index fd423d61..91cd7c28 100644
---- a/bfd/elflink.c
-+++ b/bfd/elflink.c
-@@ -96,15 +96,17 @@
-   return true;
- }
- 
--struct elf_link_hash_entry *
--_bfd_elf_get_link_hash_entry (struct elf_link_hash_entry **  sym_hashes,
--			      unsigned int                   symndx,
--			      Elf_Internal_Shdr *            symtab_hdr)
-+static struct elf_link_hash_entry *
-+get_link_hash_entry (struct elf_link_hash_entry **  sym_hashes,
-+		     unsigned int                   symndx,
-+		     unsigned int                   ext_sym_start)
- {
--  if (symndx < symtab_hdr->sh_info)
-+  if (sym_hashes == NULL
-+      /* Guard against corrupt input.  See PR 32636 for an example.  */
-+      || symndx < ext_sym_start)
-     return NULL;
- 
--  struct elf_link_hash_entry *h = sym_hashes[symndx - symtab_hdr->sh_info];
-+  struct elf_link_hash_entry *h = sym_hashes[symndx - ext_sym_start];
- 
-   /* The hash might be empty.  See PR 32641 for an example of this.  */
-   if (h == NULL)
-@@ -117,27 +119,28 @@
-   return h;
- }
- 
--static struct elf_link_hash_entry *
--get_ext_sym_hash (struct elf_reloc_cookie *cookie, unsigned long r_symndx)
-+struct elf_link_hash_entry *
-+_bfd_elf_get_link_hash_entry (struct elf_link_hash_entry **  sym_hashes,
-+			      unsigned int                   symndx,
-+			      Elf_Internal_Shdr *            symtab_hdr)
- {
--  struct elf_link_hash_entry *h = NULL;
--
--  if ((r_symndx >= cookie->locsymcount
--       || ELF_ST_BIND (cookie->locsyms[r_symndx].st_info) != STB_LOCAL)
--      /* Guard against corrupt input.  See PR 32636 for an example.  */
--      && r_symndx >= cookie->extsymoff)
--    {
--      h = cookie->sym_hashes[r_symndx - cookie->extsymoff];
-+  if (symtab_hdr == NULL)
-+    return NULL;
- 
--      if (h == NULL)
--	return NULL;
-+  return get_link_hash_entry (sym_hashes, symndx, symtab_hdr->sh_info);
-+}
- 
--      while (h->root.type == bfd_link_hash_indirect
--	     || h->root.type == bfd_link_hash_warning)
--	h = (struct elf_link_hash_entry *) h->root.u.i.link;
--    }
-+static struct elf_link_hash_entry *
-+get_ext_sym_hash_from_cookie (struct elf_reloc_cookie *cookie, unsigned long r_symndx)
-+{
-+  if (cookie == NULL || cookie->sym_hashes == NULL)
-+    return NULL;
-+  
-+  if (r_symndx >= cookie->locsymcount
-+      || ELF_ST_BIND (cookie->locsyms[r_symndx].st_info) != STB_LOCAL)
-+    return get_link_hash_entry (cookie->sym_hashes, r_symndx, cookie->extsymoff);
- 
--  return h;
-+  return NULL;
- }
- 
- asection *
-@@ -147,7 +150,7 @@
- {
-   struct elf_link_hash_entry *h;
- 
--  h = get_ext_sym_hash (cookie, r_symndx);
-+  h = get_ext_sym_hash_from_cookie (cookie, r_symndx);
-   
-   if (h != NULL)
-     {
-@@ -9105,7 +9108,6 @@
- 		  size_t symidx,
- 		  bfd_vma val)
- {
--  struct elf_link_hash_entry **sym_hashes;
-   struct elf_link_hash_entry *h;
-   size_t extsymoff = locsymcount;
- 
-@@ -9128,12 +9130,12 @@
- 
-   /* It is a global symbol: set its link type
-      to "defined" and give it a value.  */
--
--  sym_hashes = elf_sym_hashes (bfd_with_globals);
--  h = sym_hashes [symidx - extsymoff];
--  while (h->root.type == bfd_link_hash_indirect
--	 || h->root.type == bfd_link_hash_warning)
--    h = (struct elf_link_hash_entry *) h->root.u.i.link;
-+  h = get_link_hash_entry (elf_sym_hashes (bfd_with_globals), symidx, extsymoff);
-+  if (h == NULL)
-+    {
-+      /* FIXMEL What should we do ?  */
-+      return;
-+    }
-   h->root.type = bfd_link_hash_defined;
-   h->root.u.def.value = val;
-   h->root.u.def.section = bfd_abs_section_ptr;
-@@ -11611,10 +11613,19 @@
- 	      || (elf_bad_symtab (input_bfd)
- 		  && flinfo->sections[symndx] == NULL))
- 	    {
--	      struct elf_link_hash_entry *h = sym_hashes[symndx - extsymoff];
--	      while (h->root.type == bfd_link_hash_indirect
--		     || h->root.type == bfd_link_hash_warning)
--		h = (struct elf_link_hash_entry *) h->root.u.i.link;
-+	      struct elf_link_hash_entry *h;
-+
-+	      h = get_link_hash_entry (sym_hashes, symndx, extsymoff);
-+	      if (h == NULL)
-+		{
-+		  _bfd_error_handler
-+		    /* xgettext:c-format */
-+		    (_("error: %pB: unable to create group section symbol"),
-+		     input_bfd);
-+		  bfd_set_error (bfd_error_bad_value);
-+		  return false;
-+		}	      
-+
- 	      /* Arrange for symbol to be output.  */
- 	      h->indx = -2;
- 	      elf_section_data (osec)->this_hdr.sh_info = -2;
-@@ -11749,7 +11760,7 @@
- 		  || (elf_bad_symtab (input_bfd)
- 		      && flinfo->sections[r_symndx] == NULL))
- 		{
--		  h = sym_hashes[r_symndx - extsymoff];
-+		  h = get_link_hash_entry (sym_hashes, r_symndx, extsymoff);
- 
- 		  /* Badly formatted input files can contain relocs that
- 		     reference non-existant symbols.  Check here so that
-@@ -11758,17 +11769,13 @@
- 		    {
- 		      _bfd_error_handler
- 			/* xgettext:c-format */
--			(_("error: %pB contains a reloc (%#" PRIx64 ") for section %pA "
-+			(_("error: %pB contains a reloc (%#" PRIx64 ") for section '%pA' "
- 			   "that references a non-existent global symbol"),
- 			 input_bfd, (uint64_t) rel->r_info, o);
- 		      bfd_set_error (bfd_error_bad_value);
- 		      return false;
- 		    }
- 
--		  while (h->root.type == bfd_link_hash_indirect
--			 || h->root.type == bfd_link_hash_warning)
--		    h = (struct elf_link_hash_entry *) h->root.u.i.link;
--
- 		  s_type = h->type;
- 
- 		  /* If a plugin symbol is referenced from a non-IR file,
-@@ -11984,7 +11991,6 @@
- 			  && flinfo->sections[r_symndx] == NULL))
- 		    {
- 		      struct elf_link_hash_entry *rh;
--		      unsigned long indx;
- 
- 		      /* This is a reloc against a global symbol.  We
- 			 have not yet output all the local symbols, so
-@@ -11993,15 +11999,16 @@
- 			 reloc to point to the global hash table entry
- 			 for this symbol.  The symbol index is then
- 			 set at the end of bfd_elf_final_link.  */
--		      indx = r_symndx - extsymoff;
--		      rh = elf_sym_hashes (input_bfd)[indx];
--		      while (rh->root.type == bfd_link_hash_indirect
--			     || rh->root.type == bfd_link_hash_warning)
--			rh = (struct elf_link_hash_entry *) rh->root.u.i.link;
--
--		      /* Setting the index to -2 tells
--			 elf_link_output_extsym that this symbol is
--			 used by a reloc.  */
-+		      rh = get_link_hash_entry (elf_sym_hashes (input_bfd),
-+						r_symndx, extsymoff);
-+		      if (rh == NULL)
-+			{
-+			  /* FIXME: Generate an error ?  */
-+			  continue;
-+			}
-+
-+		      /* Setting the index to -2 tells elf_link_output_extsym
-+			 that this symbol is used by a reloc.  */
- 		      BFD_ASSERT (rh->indx < 0);
- 		      rh->indx = -2;
- 		      *rel_hash = rh;
-@@ -13965,25 +13972,21 @@
- 		       struct elf_link_hash_entry *h,
- 		       Elf_Internal_Sym *sym)
- {
--  if (h != NULL)
-+  if (h == NULL)
-+    return bfd_section_from_elf_index (sec->owner, sym->st_shndx);
-+
-+  switch (h->root.type)
-     {
--      switch (h->root.type)
--	{
--	case bfd_link_hash_defined:
--	case bfd_link_hash_defweak:
--	  return h->root.u.def.section;
-+    case bfd_link_hash_defined:
-+    case bfd_link_hash_defweak:
-+      return h->root.u.def.section;
- 
--	case bfd_link_hash_common:
--	  return h->root.u.c.p->section;
-+    case bfd_link_hash_common:
-+      return h->root.u.c.p->section;
- 
--	default:
--	  break;
--	}
-+    default:
-+      return NULL;
-     }
--  else
--    return bfd_section_from_elf_index (sec->owner, sym->st_shndx);
--
--  return NULL;
- }
- 
- /* Return the debug definition section.  */
-@@ -14032,46 +14035,49 @@
-   if (r_symndx == STN_UNDEF)
-     return NULL;
- 
--  h = get_ext_sym_hash (cookie, r_symndx);
-+  h = get_ext_sym_hash_from_cookie (cookie, r_symndx);
-+  if (h == NULL)
-+    {
-+      /* A corrup tinput file can lead to a situation where the index
-+	 does not reference either a local or an external symbol.  */
-+      if (r_symndx >= cookie->locsymcount)
-+	return NULL;
- 
--  if (h != NULL)
-+      return (*gc_mark_hook) (sec, info, cookie->rel, NULL,
-+			      &cookie->locsyms[r_symndx]);
-+    }
-+
-+  bool was_marked = h->mark;
-+
-+  h->mark = 1;
-+  /* Keep all aliases of the symbol too.  If an object symbol
-+     needs to be copied into .dynbss then all of its aliases
-+     should be present as dynamic symbols, not just the one used
-+     on the copy relocation.  */
-+  hw = h;
-+  while (hw->is_weakalias)
-     {
--      bool was_marked;
-+      hw = hw->u.alias;
-+      hw->mark = 1;
-+    }
- 
--      was_marked = h->mark;
--      h->mark = 1;
--      /* Keep all aliases of the symbol too.  If an object symbol
--	 needs to be copied into .dynbss then all of its aliases
--	 should be present as dynamic symbols, not just the one used
--	 on the copy relocation.  */
--      hw = h;
--      while (hw->is_weakalias)
--	{
--	  hw = hw->u.alias;
--	  hw->mark = 1;
--	}
-+  if (!was_marked && h->start_stop && !h->root.ldscript_def)
-+    {
-+      if (info->start_stop_gc)
-+	return NULL;
- 
--      if (!was_marked && h->start_stop && !h->root.ldscript_def)
-+      /* To work around a glibc bug, mark XXX input sections
-+	 when there is a reference to __start_XXX or __stop_XXX
-+	 symbols.  */
-+      else if (start_stop != NULL)
- 	{
--	  if (info->start_stop_gc)
--	    return NULL;
--
--	  /* To work around a glibc bug, mark XXX input sections
--	     when there is a reference to __start_XXX or __stop_XXX
--	     symbols.  */
--	  else if (start_stop != NULL)
--	    {
--	      asection *s = h->u2.start_stop_section;
--	      *start_stop = true;
--	      return s;
--	    }
-+	  asection *s = h->u2.start_stop_section;
-+	  *start_stop = true;
-+	  return s;
- 	}
--
--      return (*gc_mark_hook) (sec, info, cookie->rel, h, NULL);
-     }
- 
--  return (*gc_mark_hook) (sec, info, cookie->rel, NULL,
--			  &cookie->locsyms[r_symndx]);
-+  return (*gc_mark_hook) (sec, info, cookie->rel, h, NULL);
- }
- 
- /* COOKIE->rel describes a relocation against section SEC, which is
-@@ -15094,7 +15100,7 @@
- 
-       struct elf_link_hash_entry *h;
- 
--      h = get_ext_sym_hash (rcookie, r_symndx);
-+      h = get_ext_sym_hash_from_cookie (rcookie, r_symndx);
- 
-       if (h != NULL)
- 	{

meta/recipes-devtools/binutils/binutils/0018-CVE-2025-5245.patch

@@ -1,38 +0,0 @@
-From: Alan Modra <amodra@gmail.com>
-Date: Tue, 1 Apr 2025 22:36:54 +1030
-
-PR32829, SEGV on objdump function debug_type_samep
-u.kenum is always non-NULL, see debug_make_enum_type.
-
-Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=6c3458a8b7ee7d39f070c7b2350851cb2110c65a]
-CVE: CVE-2025-5245
-
-Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
-
-diff --git a/binutils/debug.c b/binutils/debug.c
-index dcc8ccde..465b18e7 100644
---- a/binutils/debug.c
-+++ b/binutils/debug.c
-@@ -2554,9 +2554,6 @@ debug_write_type (struct debug_handle *info,
-     case DEBUG_KIND_UNION_CLASS:
-       return debug_write_class_type (info, fns, fhandle, type, tag);
-     case DEBUG_KIND_ENUM:
--      if (type->u.kenum == NULL)
--	return (*fns->enum_type) (fhandle, tag, (const char **) NULL,
--				  (bfd_signed_vma *) NULL);
-       return (*fns->enum_type) (fhandle, tag, type->u.kenum->names,
- 				type->u.kenum->values);
-     case DEBUG_KIND_POINTER:
-@@ -3097,9 +3094,9 @@ debug_type_samep (struct debug_handle *info, struct debug_type_s *t1,
-       break;
- 
-     case DEBUG_KIND_ENUM:
--      if (t1->u.kenum == NULL)
--	ret = t2->u.kenum == NULL;
--      else if (t2->u.kenum == NULL)
-+      if (t1->u.kenum->names == NULL)
-+	ret = t2->u.kenum->names == NULL;
-+      else if (t2->u.kenum->names == NULL)
- 	ret = false;
-       else
- 	{

meta/recipes-devtools/binutils/binutils/0019-CVE-2025-3198.patch

@@ -1,28 +0,0 @@
-From ba6ad3a18cb26b79e0e3b84c39f707535bbc344d Mon Sep 17 00:00:00 2001
-From: Alan Modra <amodra@gmail.com>
-Date: Wed, 19 Feb 2025 07:58:54 +1030
-Subject: [PATCH] PR32716, objdump -i memory leak
-
-	PR binutils/32716
-	* bucomm.c (display_info): Free arg.info.
-
-Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=ba6ad3a18cb26b79e0e3b84c39f707535bbc344d]
-CVE: CVE-2025-3198
-
-Signed-off-by: Harish Sadineni <Harish.Sadineni@windriver.com>
----
- binutils/bucomm.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/binutils/bucomm.c b/binutils/bucomm.c
-index ccf54099154..d4554737db1 100644
---- a/binutils/bucomm.c
-+++ b/binutils/bucomm.c
-@@ -435,6 +435,7 @@ display_info (void)
-   if (!arg.error)
-     display_target_tables (&arg);
- 
-+  free (arg.info);
-   return arg.error;
- }
- 

meta/recipes-devtools/binutils/binutils/0019-CVE-2025-5244.patch

@@ -1,25 +0,0 @@
-From: Alan Modra <amodra@gmail.com>
-Date: Thu, 10 Apr 2025 19:41:49 +0930
-
-Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=d1458933830456e54223d9fc61f0d9b3a19256f5]
-CVE: CVE-2025-5244
-
-PR32858 ld segfault on fuzzed object
-We missed one place where it is necessary to check for empty groups.
-
-Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
-
-diff --git a/bfd/elflink.c b/bfd/elflink.c
-index a76e8e38da7..549b7b7dd92 100644
---- a/bfd/elflink.c
-+++ b/bfd/elflink.c
-@@ -14408,7 +14408,8 @@ elf_gc_sweep (bfd *abfd, struct bfd_link_info *info)
- 	  if (o->flags & SEC_GROUP)
- 	    {
- 	      asection *first = elf_next_in_group (o);
--	      o->gc_mark = first->gc_mark;
-+	      if (first != NULL)
-+		o->gc_mark = first->gc_mark;
- 	    }
- 
- 	  if (o->gc_mark)

meta/recipes-devtools/binutils/binutils/0020-CVE-2025-7545.patch

@@ -1,39 +0,0 @@
-From: "H.J. Lu" <hjl.tools@gmail.com>
-Date: Sat, 21 Jun 2025 06:36:56 +0800
-
-Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944]
-CVE: CVE-2025-7545
-
-Since the output section contents are copied from the input, don't
-extend the output section size beyond the input section size.
-
-	PR binutils/33049
-	* objcopy.c (copy_section): Don't extend the output section
-	size beyond the input section size.
-
-Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
-
-diff --git a/binutils/objcopy.c b/binutils/objcopy.c
-index e2e6bd7e..3cbb3977 100644
---- a/binutils/objcopy.c
-+++ b/binutils/objcopy.c
-@@ -4634,6 +4634,7 @@ copy_section (bfd *ibfd, sec_ptr isection, bfd *obfd)
- 	  char *to = (char *) memhunk;
- 	  char *end = (char *) memhunk + size;
- 	  int i;
-+	  bfd_size_type memhunk_size = size;
- 
- 	  /* If the section address is not exactly divisible by the interleave,
- 	     then we must bias the from address.  If the copy_byte is less than
-@@ -4653,6 +4654,11 @@ copy_section (bfd *ibfd, sec_ptr isection, bfd *obfd)
- 	      }
- 
- 	  size = (size + interleave - 1 - copy_byte) / interleave * copy_width;
-+
-+          /* Don't extend the output section size.  */
-+          if (size > memhunk_size)
-+            size = memhunk_size;
-+	  
- 	  osection->lma /= interleave;
- 	  if (copy_byte < extra)
- 	    osection->lma++;

meta/recipes-devtools/binutils/binutils/0020-CVE-2025-7546.patch

@@ -1,58 +0,0 @@
-From 41461010eb7c79fee7a9d5f6209accdaac66cc6b Mon Sep 17 00:00:00 2001
-From: "H.J. Lu" <hjl.tools@gmail.com>
-Date: Sat, 21 Jun 2025 06:52:00 +0800
-Subject: [PATCH] elf: Report corrupted group section
-
-Report corrupted group section instead of trying to recover.
-
-	PR binutils/33050
-	* elf.c (bfd_elf_set_group_contents): Report corrupted group
-	section.
-
-Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=41461010eb7c79fee7a9d5f6209accdaac66cc6b]
-CVE: CVE-2025-7546
-
-Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
-Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
----
- bfd/elf.c | 23 ++++++++++-------------
- 1 file changed, 10 insertions(+), 13 deletions(-)
-
-diff --git a/bfd/elf.c b/bfd/elf.c
-index 14ce15c7254..ee894eb05f2 100644
---- a/bfd/elf.c
-+++ b/bfd/elf.c
-@@ -3971,20 +3971,17 @@ bfd_elf_set_group_contents (bfd *abfd, asection *sec, void *failedptrarg)
- 	break;
-     }
- 
--  /* We should always get here with loc == sec->contents + 4, but it is
--     possible to craft bogus SHT_GROUP sections that will cause segfaults
--     in objcopy without checking loc here and in the loop above.  */
--  if (loc == sec->contents)
--    BFD_ASSERT (0);
--  else
-+  /* We should always get here with loc == sec->contents + 4.  Return
-+     an error for bogus SHT_GROUP sections.  */
-+  loc -= 4;
-+  if (loc != sec->contents)
-     {
--      loc -= 4;
--      if (loc != sec->contents)
--	{
--	  BFD_ASSERT (0);
--	  memset (sec->contents + 4, 0, loc - sec->contents);
--	  loc = sec->contents;
--	}
-+      /* xgettext:c-format */
-+      _bfd_error_handler (_("%pB: corrupted group section: `%pA'"),
-+			  abfd, sec);
-+      bfd_set_error (bfd_error_bad_value);
-+      *failedptr = true;
-+      return;
-     }
- 
-   H_PUT_32 (abfd, sec->flags & SEC_LINK_ONCE ? GRP_COMDAT : 0, loc);
--- 
-2.43.5
-

meta/recipes-devtools/binutils/binutils/CVE-2025-1180.patch

@@ -1,165 +0,0 @@
-From 509c5afcd71afd36cd6496f8c84733b11bd5e9e5 Mon Sep 17 00:00:00 2001
-From: Nick Clifton <nickc@redhat.com>
-Date: Thu, 22 May 2025 01:56:17 -0700
-Subject: [PATCH] Backport fix for PR 32642(CVE-2025-1180)
-
-Backporting the fix from PR 32636 to fix PR 32642 (ld SEGV (illegal read access)
-in _bfd_elf_write_section_eh_frame (bfd/elf-eh-frame.c:2234:29) with
- --gc-sections --gc-keep-exported option)
-
-https://nvd.nist.gov/vuln/detail/CVE-2025-1180 is associated with
-PR32642 which will get fixed with commit from PR 32636.
-
-(cherry picked from commit: f9978defb6fab0bd8583942d97c112b0932ac814)
-Upstream-Status: Submitted [https://sourceware.org/pipermail/binutils/2025-May/141351.html]
-CVE: CVE-2025-1180
-
-Signed-off-by: Harish Sadineni <Harish.Sadineni@windriver.com>
----
- bfd/elflink.c | 88 +++++++++++++++++++++++++--------------------------
- 1 file changed, 44 insertions(+), 44 deletions(-)
-
-diff --git a/bfd/elflink.c b/bfd/elflink.c
-index 6346d7e2b4b..d765b688801 100644
---- a/bfd/elflink.c
-+++ b/bfd/elflink.c
-@@ -96,22 +96,37 @@ _bfd_elf_link_keep_memory (struct bfd_link_info *info)
-   return true;
- }
- 
--asection *
--_bfd_elf_section_for_symbol (struct elf_reloc_cookie *cookie,
--			     unsigned long r_symndx,
--			     bool discard)
-+static struct elf_link_hash_entry *
-+get_ext_sym_hash (struct elf_reloc_cookie *cookie, unsigned long r_symndx)
- {
--  if (r_symndx >= cookie->locsymcount
--      || ELF_ST_BIND (cookie->locsyms[r_symndx].st_info) != STB_LOCAL)
--    {
--      struct elf_link_hash_entry *h;
-+  struct elf_link_hash_entry *h = NULL;
- 
-+  if ((r_symndx >= cookie->locsymcount
-+       || ELF_ST_BIND (cookie->locsyms[r_symndx].st_info) != STB_LOCAL)
-+      /* Guard against corrupt input.  See PR 32636 for an example.  */
-+      && r_symndx >= cookie->extsymoff)
-+    {
-       h = cookie->sym_hashes[r_symndx - cookie->extsymoff];
- 
-       while (h->root.type == bfd_link_hash_indirect
- 	     || h->root.type == bfd_link_hash_warning)
- 	h = (struct elf_link_hash_entry *) h->root.u.i.link;
-+    }
-+
-+  return h;
-+}
- 
-+asection *
-+_bfd_elf_section_for_symbol (struct elf_reloc_cookie *cookie,
-+			     unsigned long r_symndx,
-+			     bool discard)
-+{
-+  struct elf_link_hash_entry *h;
-+
-+  h = get_ext_sym_hash (cookie, r_symndx);
-+  
-+  if (h != NULL)
-+    {
-       if ((h->root.type == bfd_link_hash_defined
- 	   || h->root.type == bfd_link_hash_defweak)
- 	   && discarded_section (h->root.u.def.section))
-@@ -119,21 +134,20 @@ _bfd_elf_section_for_symbol (struct elf_reloc_cookie *cookie,
-       else
- 	return NULL;
-     }
--  else
--    {
--      /* It's not a relocation against a global symbol,
--	 but it could be a relocation against a local
--	 symbol for a discarded section.  */
--      asection *isec;
--      Elf_Internal_Sym *isym;
- 
--      /* Need to: get the symbol; get the section.  */
--      isym = &cookie->locsyms[r_symndx];
--      isec = bfd_section_from_elf_index (cookie->abfd, isym->st_shndx);
--      if (isec != NULL
--	  && discard ? discarded_section (isec) : 1)
--	return isec;
--     }
-+  /* It's not a relocation against a global symbol,
-+     but it could be a relocation against a local
-+     symbol for a discarded section.  */
-+  asection *isec;
-+  Elf_Internal_Sym *isym;
-+
-+  /* Need to: get the symbol; get the section.  */
-+  isym = &cookie->locsyms[r_symndx];
-+  isec = bfd_section_from_elf_index (cookie->abfd, isym->st_shndx);
-+  if (isec != NULL
-+      && discard ? discarded_section (isec) : 1)
-+    return isec;
-+
-   return NULL;
- }
- 
-@@ -13994,22 +14008,12 @@ _bfd_elf_gc_mark_rsec (struct bfd_link_info *info, asection *sec,
-   if (r_symndx == STN_UNDEF)
-     return NULL;
- 
--  if (r_symndx >= cookie->locsymcount
--      || ELF_ST_BIND (cookie->locsyms[r_symndx].st_info) != STB_LOCAL)
-+  h = get_ext_sym_hash (cookie, r_symndx);
-+
-+  if (h != NULL)
-     {
-       bool was_marked;
- 
--      h = cookie->sym_hashes[r_symndx - cookie->extsymoff];
--      if (h == NULL)
--	{
--	  info->callbacks->fatal (_("%F%P: corrupt input: %pB\n"),
--				  sec->owner);
--	  return NULL;
--	}
--      while (h->root.type == bfd_link_hash_indirect
--	     || h->root.type == bfd_link_hash_warning)
--	h = (struct elf_link_hash_entry *) h->root.u.i.link;
--
-       was_marked = h->mark;
-       h->mark = 1;
-       /* Keep all aliases of the symbol too.  If an object symbol
-@@ -15064,17 +15068,12 @@ bfd_elf_reloc_symbol_deleted_p (bfd_vma offset, void *cookie)
-       if (r_symndx == STN_UNDEF)
- 	return true;
- 
--      if (r_symndx >= rcookie->locsymcount
--	  || ELF_ST_BIND (rcookie->locsyms[r_symndx].st_info) != STB_LOCAL)
--	{
--	  struct elf_link_hash_entry *h;
--
--	  h = rcookie->sym_hashes[r_symndx - rcookie->extsymoff];
-+      struct elf_link_hash_entry *h;
- 
--	  while (h->root.type == bfd_link_hash_indirect
--		 || h->root.type == bfd_link_hash_warning)
--	    h = (struct elf_link_hash_entry *) h->root.u.i.link;
-+      h = get_ext_sym_hash (rcookie, r_symndx);
- 
-+      if (h != NULL)
-+	{
- 	  if ((h->root.type == bfd_link_hash_defined
- 	       || h->root.type == bfd_link_hash_defweak)
- 	      && (h->root.u.def.section->owner != rcookie->abfd
-@@ -15098,6 +15097,7 @@ bfd_elf_reloc_symbol_deleted_p (bfd_vma offset, void *cookie)
- 		  || discarded_section (isec)))
- 	    return true;
- 	}
-+      
-       return false;
-     }
-   return false;
--- 
-2.49.0
-

meta/recipes-devtools/binutils/binutils/CVE-2025-1182.patch

@@ -1,36 +0,0 @@
-From 92bcd04fcd97f261ff40e9248e00a1dbebf3a536 Mon Sep 17 00:00:00 2001
-From: Nick Clifton <nickc@redhat.com>
-Date: Tue, 27 May 2025 03:37:50 -0700
-Subject: [PATCH] Backport fix for PR 32644(CVE-2025-1182)
-
-Fix another illegal memory access triggered by corrupt ELF input files.
-
-PR 32644
-
-(cherry picked from commit:b425859021d17adf62f06fb904797cf8642986ad)
-Upstream-Status: Submitted [https://sourceware.org/pipermail/binutils/2025-May/141415.html]
-CVE: CVE-2025-1182 
-
-Signed-off-by: Harish Sadineni <Harish.Sadineni@windriver.com>
----
- bfd/elflink.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/bfd/elflink.c b/bfd/elflink.c
-index 6346d7e2b4b..a0b237b2224 100644
---- a/bfd/elflink.c
-+++ b/bfd/elflink.c
-@@ -15084,6 +15084,10 @@ bfd_elf_reloc_symbol_deleted_p (bfd_vma offset, void *cookie)
- 	}
-       else
- 	{
-+	  if (r_symndx >= rcookie->locsymcount)
-+	    /* This can happen with corrupt input.  */
-+	    return false;
-+
- 	  /* It's not a relocation against a global symbol,
- 	     but it could be a relocation against a local
- 	     symbol for a discarded section.  */
--- 
-2.49.0
-