mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-02-22 09:29:40 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
21cedd60863e41b7fbd808863136d1e933395fc4
poky/meta/recipes-devtools/binutils/binutils-2.45.inc
Peter Marko 21cedd6086 binutils: set status for CVE-2025-7545 and CVE-2025-7546 
The patches linked in NVD reports are present in binutils-2_45-branch.
Technically the NVD is wrong (=2.45 should be <2.45), but fixing it in
the recipe is not problematic as all cpe-stable-backport will be
automatically removed in next upgrade so will not be "kept forever".

CVE-2025-7545
* https://nvd.nist.gov/vuln/detail/CVE-2025-7545
* https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944

CVE-2025-7546
* https://nvd.nist.gov/vuln/detail/CVE-2025-7546
* https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=41461010eb7c79fee7a9d5f6209accdaac66cc6b

(From OE-Core rev: 0fb876e247faea84dfa8fd302b80cb7afdc575d9)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-08-28 10:47:08 +01:00

40 lines
1.9 KiB
PHP
Raw Blame History

LIC_FILES_CHKSUM = "\
file://COPYING;md5=59530bdf33659b29e73d4adb9f9f6552\
file://COPYING.LIB;md5=9f604d8a4f8e74f4f5140845a21b6674\
file://COPYING3;md5=d32239bcb673463ab874e80d47fae504\
file://COPYING3.LIB;md5=6a6a8e020838b23406c81b19c1d46df6\
file://gas/COPYING;md5=d32239bcb673463ab874e80d47fae504\
file://include/COPYING;md5=59530bdf33659b29e73d4adb9f9f6552\
file://include/COPYING3;md5=d32239bcb673463ab874e80d47fae504\
file://libiberty/COPYING.LIB;md5=a916467b91076e631dd8edb7424769c7\
file://bfd/COPYING;md5=d32239bcb673463ab874e80d47fae504\
"
# When upgrading to next major release, ensure that there is no trailing .0, so
# that upstream version check can work correctly.
PV = "2.45"
CVE_VERSION = "2.45"
SRCBRANCH ?= "binutils-2_45-branch"
UPSTREAM_CHECK_GITTAGREGEX = "binutils-(?P<pver>\d+_(\d_?)*)"
CVE_STATUS[CVE-2025-7545] = "cpe-stable-backport: fix available in used git hash"
CVE_STATUS[CVE-2025-7546] = "cpe-stable-backport: fix available in used git hash"
SRCREV ?= "2bc7af1ff7732451b6a7b09462a815c3284f9613"
BINUTILS_GIT_URI ?= "git://sourceware.org/git/binutils-gdb.git;branch=${SRCBRANCH};protocol=https"
SRC_URI = "\
${BINUTILS_GIT_URI} \
file://0004-Point-scripts-location-to-libdir.patch \
file://0005-don-t-let-the-distro-compiler-point-to-the-wrong-ins.patch \
file://0006-warn-for-uses-of-system-directories-when-cross-linki.patch \
file://0007-fix-the-incorrect-assembling-for-ppc-wait-mnemonic.patch \
file://0008-Use-libtool-2.4.patch \
file://0009-Fix-rpath-in-libtool-when-sysroot-is-enabled.patch \
file://0010-sync-with-OE-libtool-changes.patch \
file://0011-Check-for-clang-before-checking-gcc-version.patch \
file://0012-Only-generate-an-RPATH-entry-if-LD_RUN_PATH-is-not-e.patch \
file://0013-Define-alignof-using-_Alignof-when-using-C11-or-newe.patch \
file://0014-Remove-duplicate-pe-dll.o-entry-deom-targ_extra_ofil.patch \
"
Reference in New Issue View Git Blame Copy Permalink