CVE: CVE-2025-8225
It is possible with fuzzed files to have num_debug_info_entries zero
after allocating space for debug_information, leading to multiple
allocations.
* dwarf.c (process_debug_info): Don't test num_debug_info_entries
to determine whether debug_information has been allocated,
test alloc_num_debug_info_entries.
Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4]
(From OE-Core rev: 7feed679262025b8405488d064e2c546a3ed7a0c)
Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
During the execution of the command: i686-w64-mingw32-dlltool
--input-def $def_filepath --output-delaylib $filepath --dllname qemu.exe
An error occurred:
i686-w64-mingw32-dlltool: failed to open temporary head file: ..._w64_mingw32_nativesdk_qemu_8_2_2_build_plugins_libqemu_plugin_api_a_h.s
Due to the path length exceeding the Linux system's file name length
limit (NAME_MAX=255), the temporary file name generated by the
i686-w64-mingw32-dlltool command becomes too long to open. To address
this, a new temporary file name prefix is generated using tmp_prefix =
prefix_encode ("d", getpid()), ensuring that the file name does not
exceed the system's length limit.
Allow for "snnnnn.o" suffix when testing against NAME_MAX, and tidy
TMP_STUB handling by overwriting a prior nnnnn.o string rather than
copying the entire name.
(From OE-Core rev: 617df4ee1d6523ded43f156af8206dfca2c0c8ee)
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A buffer overflow vulnerability exists in GNU Binutils’ objdump utility
when processing tekhex format files. The vulnerability occurs in the
Binary File Descriptor (BFD) library’s tekhex parser during format identification.
Specifically, the issue manifests when attempting to read 8 bytes at an address
that precedes the global variable ‘_bfd_std_section’, resulting in an out-of-bounds read.
Backport a patch from upstream to fix CVE-2024-53589.
Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=e0323071916878e0634a6e24d8250e4faff67e88]
(From OE-Core rev: 15635eb807ea1cbf0fd04e0cbe9cf169df107a05)
Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Code backported from binutils development tree.
aarch64: Remove asserts from operand qualifier decoders [PR31595]
Given that the disassembler should never abort when decoding
(potentially random) data, assertion statements in the
`get_*reg_qualifier_from_value' function family prove problematic.
...
(From OE-Core rev: 3b070fc3963d04ce8c13b5b78c3b7ae95e26c435)
Signed-off-by: Mark Hatle <mark.hatle@amd.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 00f3d8495a1d8fe44336b53c5a9d9a5f8a8d5664)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Backport a patch from upstream to fix CVE-2023-1972.
(From OE-Core rev: 10d63933e3a30bfac2f6cec896460c22e04baadd)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
- Rebase existing patches
- Drop 0014-configure-remove-dependencies-on-gmp-and-mpfr-when-g.patch
which is already in
- Correct packaging path to libgprofng.so
- Below commits on binutils-2.40 stable branch are updated.
4671be001eb Updated Hungarian translation for the gprof directory
ded035f913e lto: Don't add indirect symbols for versioned aliases in IR
74cb2ddeabc gas: arm: Change warning message to not reference specific A-class architecture revision
570b9c09bbf gas: arm: Fix a further IT-predicated vcvt issue in the presense of MVE vcvtn
bddd62e188c libctf: get the offsets of fields of unnamed structs/unions right
7aa47eafcce libctf: fix assertion failure with no system qsort_r
165accf0752 coff_get_normalized_symtab bfd_release
af35798e957 PR30217, dynamic relocations using local dynamic symbols
18bb604f1e1 PR30198, Assertion and segfault when linking x86_64 elf and coff
34a2b4a0e21 PR30155, ld segfault in _bfd_nearby_section
3d0046f39aa PR30046, power cmpi leads to unknown architecture
5c87fb1d59b ppc32 and "LOAD segment with RWX permissions"
11f5c1ebf14 Updated Serbian translations for gold, gprof and opcodes sub-directories
38e455b1d9a Updated translations for the bfd and gprof directories.
b2bc62b7b4e gas: correct symbol name comparison in .startof./.sizeof. handling
17294931e3e configure: remove dependencies on gmp and mpfr when gdb is disabled
1fc096a4c59 Regen config files
e1815414077 Pass $JANSSON_LIBS and $ZSTD_LIBS to ld-bootstrap/bootrap.exp
3e888977f16 bpf: fix error conversion from long unsigned int to unsigned int [-Werror=overflow]
65dbb942145 Updated Swedish translation for the binutils sub-directory
27f59ec47a1 RISC-V: make C-extension JAL available again for (32-bit) assembly
edd36b26f35 gprofng: PR30043 libgprofng.so.* are installed to a wrong location
c6e269febbc gprofng: PR29521 [docs] man pages are not in the release tarball
bcea253f5fa toplevel: Makefile.def: add install-strip dependency on libsframe
(From OE-Core rev: 5d7389770af6613af4ca8a2d30cc79d494a91075)
(From OE-Core rev: dcaf5192599b9474901ab73b66c330a401623fc1)
Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Currently binutils in buildtools is searching for /etc/etc/ld.so.conf
which makes no sense. ld_sysconfdir already contains /etc so we need to
drop the /etc from the fixed string.
(From OE-Core rev: ccd28c418ab8390118d738fbe914395b5c2a1f75)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Backport a fix for CVE-2021-45078.
(From OE-Core rev: f3128fd1b2e5cbf3683dc69eabc56fbc0bd0e7d5)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We update the libtool m4 files in binutils with the latest files from
our patched libtool so that we can use the --with-libtool-sysroot option.
Remove the chunks that are specific to the libtool renaming, which now
doesn't happen.
(From OE-Core rev: 30baaf6c20a2e1619439cf3eb8d9ce7cb877d2fa)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Originally issue:
building of glibc 2.32 or 2.34 with option "-Wl,--build-id"
produce libc.so.6 with section ".note.gnu.build-id" that have
invalid(double, 0x48) section size. It happens because glibc
use sublibraries for linking libc.so.6
ld produce this sublibraries with build-id section and on last
linking stage loads this sections as input for linking.
ld should create new(valid) ".note.gnu.build-id" into function
ldelf_setup_build_id on last linking stage but it skip creating because
build-id section already exists.
As result libc.so.6 contain ".note.gnu.build-id" with build-ids from
sublibraries and without valid build-id
Howto solved:
1. Discard input .note.gnu.build-id sections.
2. Clear the build ID field before writing.
3. Use bfd_make_section_anyway_with_flags to create the output
.note.gnu.build-id section.
Upstream-Status: Backport
Reference to upstream patch:
[https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=1f1d0f8888a6c944e612b416a2a6e11abcf5199f]
(From OE-Core rev: 68bbff44a481a036dc7d39e5d5745a01ccffdb95)
Signed-off-by: Valerii Chernous <vchernou@cisco.com>
Signed-off-by: Valery Chernous <valery.chernous@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The kernel has dropped this as of 5.16 and we don't want to carry such patches
without active maintainers for such targets.
It isn't clear who would even have such hardware and it isn't something we can
support. It would be best maintained as a separate layer by those who can test
it if needed.
(From OE-Core rev: 5cd5075412639c0be9506cf1101737b12894fc5f)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
