mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-06-04 06:52:39 +02:00
Code Issues Packages Projects Releases Wiki Activity
80,276 Commits 38 Branches 625 Tags
2d7b511b207dbf6e08240fc9a02c19cb30dcbde5
Commit Graph

11 Commits

Author SHA1 Message Date
Peter Marko
06237fd316 binutils: patch CVE-2025-11495 
Pick commit per NVD CVE report.

(From OE-Core rev: d3ec5a470bba069dee809780a5c892c7d52e05ac)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2025-10-27 11:37:43 +00:00
Peter Marko
5b2ea2b50e binutils: patch CVE-2025-11413 
Pick commit per NVD CVE report.

Note that there were two patches for this, first [1] and then [2].
The second patch moved the original patch to different location.
Cherry-pick of second patch is successful leaving out the code removing
the code from first location, so the patch attached here is not
identical to the upstream commit but is identical to applying both and
merging them to a single patch.

[1] https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=1108620d7a521f1c85d2f629031ce0fbae14e331
[2] https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=72efdf166aa0ed72ecc69fc2349af6591a7a19c0

(From OE-Core rev: 98df728e6136d04af0f4922b7ffbeffb704de395)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2025-10-27 11:37:43 +00:00
Peter Marko
52f475fd13 binutils: patch CVE-2025-11412 
Pick commit per NVD CVE report.

(From OE-Core rev: 6b94ff6c584a31d2b1e06d1e1dc19392d759b4b7)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2025-10-27 11:37:43 +00:00
Peter Marko
241b671179 binutils: patch CVE-2025-11414 
Pick commit per NVD CVE report.

(From OE-Core rev: cd7ce80fa1a99916aa2f93c4d9591c5496c3ef71)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2025-10-27 11:37:43 +00:00
Peter Marko
665e06da7d binutils: patch CVE-2025-11083 
Pick patch per link in NVD report.

(From OE-Core rev: 363961f74e3a8df3d1b97ce33855b8b40f6da497)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2025-10-13 18:01:04 +01:00
Peter Marko
a590d94c7f binutils: patch CVE-2025-11082 
Pick patch per link in NVD report.

(From OE-Core rev: 4c72e3bcf1f7898e69d5b0b0d490e550bb96bc0e)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2025-10-13 18:01:04 +01:00
Yash Shinde
932a695838 binutils: fix CVE-2025-11081 
CVE: CVE-2025-11081

Trying to dump .sframe in a PE file results in a segfault accessing
elf_section_data.

	* objdump (dump_sframe_section, dump_dwarf_section): Don't access
	elf_section_type without first checking the file is ELF.

PR 33406 SEGV in dump_dwarf_section
[https://sourceware.org/bugzilla/show_bug.cgi?id=33406]

Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=f87a66db645caf8cc0e6fc87b0c28c78a38af59b]

(From OE-Core rev: d1eb65d2e9365f6bd2acf450496d3bfeda6aedc1)

Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2025-10-13 18:01:04 +01:00
Deepesh Varatharajan
a450fa44a8 binutils: stable 2.45 branch updates 
Below commits on binutils-2.45 stable branch are updated.

316da476e61 visium MAX_MEM_FOR_RS_ALIGN_CODE
b58f54a9bde strip: Don't treat fat IiR objects as plugin object
a71a4df76e2 strip: Treat "default" output_target as unspecified
96114b5c147 strip: Don't check target_defaulted in input BFD
2b2e51a31ec libctf: link: rejig lazy opening to not need weak symbols
ae8c1b4241a libctf: don't run tests requiring deduplicating linker unless one is in use
e54a1de9515 libctf: exclude always-emitted Solaris symbols from the symtypetab
32830073ea0 libctf: get libctf-nobfd.ver from the right place with Solaris ld
404cb58a92f libctf: do not use mmap on Solaris 11
99f48156dd1 LoongArch: Fix symbol size after relaxation
d45e8bff0b4 libiberty: sync with gcc
b09f71c1c46 Re: resbin: don't pass NULL as printf %s arg
72d7cfff264 PR 33229 nds32 gas segfaults on gcc output
879eabba0fc Fix more unused variable warnings
29996106c19 Fix unused variable warnings
5541a7e7712 binutils: drop unused note_size, contents, old variables
f4290b25097 bfd: drop unused elt_no
2a07e06e269 Re: Re-enable development on the 2.45 branch
ad8cf343ab5 Re-enable development on the 2.45 branch

Test Results:
                                 Before  After  Diff
No. of expected passes            315     317    +2
No. of unexpected failures        1       1      0
No. of untested testcases         1       1      0
No. of unsupported tests          9       9      0

96114b5c147 strip: Don't check target_defaulted in input BFD
The above commit adds the newly passing test cases.

PASSed tests changes
+PASS: binutils-all/x86-64/pr33230.obj ( --strip-debug)
+PASS: binutils-all/x86-64/pr33230.obj (--input-target=default --strip-debug)

(From OE-Core rev: 324f75bffa95a1b97048032f9bdaf0ff7d770f7a)

Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2025-09-15 17:57:23 +01:00
Peter Marko
21cedd6086 binutils: set status for CVE-2025-7545 and CVE-2025-7546 
The patches linked in NVD reports are present in binutils-2_45-branch.
Technically the NVD is wrong (=2.45 should be <2.45), but fixing it in
the recipe is not problematic as all cpe-stable-backport will be
automatically removed in next upgrade so will not be "kept forever".

CVE-2025-7545
* https://nvd.nist.gov/vuln/detail/CVE-2025-7545
* https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944

CVE-2025-7546
* https://nvd.nist.gov/vuln/detail/CVE-2025-7546
* https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=41461010eb7c79fee7a9d5f6209accdaac66cc6b

(From OE-Core rev: 0fb876e247faea84dfa8fd302b80cb7afdc575d9)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2025-08-28 10:47:08 +01:00
Khem Raj
7a3cf79a8e binutils: Drop CVE_STATUS for CVE-2025-1153 
binutils 2.45 has all the needed fixes for this CVE [1]

[1] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150

(From OE-Core rev: 37215b6be9432da060eb20540c319b9b4967c8ec)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2025-08-04 18:04:03 +01:00
Khem Raj
d1afce3aa0 binutils: Upgrade to 2.45 release 
Added support for SFrame stack tracing with ELF binaries on x86 and AArch64 architectures.
Support for various new RISC-V extensions
Support for most Armv9.6 extensions.

Detailed release notes are here [1]

[1] https://lists.gnu.org/archive/html/info-gnu/2025-07/msg00009.html

(From OE-Core rev: a03cc7e39ea182d4818bc6a2b0fe7d355e5c44b3)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2025-07-31 10:48:36 +01:00