git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit

author	Peter Marko <peter.marko@siemens.com>
	Sun, 2 Nov 2025 11:58:36 +0000 (12:58 +0100)
committer	Steve Sakoman <steve@sakoman.com>
	Mon, 3 Nov 2025 15:45:57 +0000 (07:45 -0800)
commit	b220cccdab44bc707d2c934a3ea81d20b67d14b0
tree	6f4db65944149f45f89d401e0b55fe61387eeff2	tree \| snapshot
parent	fdbcbb0fe92a862a993108609eb4107e34eeeed2	commit \| diff

binutils: patch CVE-2025-11413

Pick commit per NVD CVE report.

Note that there were two patches for this, first [1] and then [2].
The second patch moved the original patch to different location.
Cherry-pick of second patch is successful leaving out the code removing
the code from first location, so the patch attached here is not
identical to the upstream commit but is identical to applying both and
merging them to a single patch.

[1] https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=1108620d7a521f1c85d2f629031ce0fbae14e331
[2] https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=72efdf166aa0ed72ecc69fc2349af6591a7a19c0

(From OE-Core rev: 98df728e6136d04af0f4922b7ffbeffb704de395)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

meta/recipes-devtools/binutils/binutils-2.42.inc		diff \| blob \| blame \| history
meta/recipes-devtools/binutils/binutils/CVE-2025-11413.patch	[new file with mode: 0644]	blob