binutils: patch CVE-2025-11414

Pick commit per NVD CVE report.

(From OE-Core rev: cd7ce80fa1a99916aa2f93c4d9591c5496c3ef71)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

diff --git a/meta/recipes-devtools/binutils/binutils-2.42.inc b/meta/recipes-devtools/binutils/binutils-2.42.inc
index dcd3325ecc7de07ba84af75ce0fd1ae32e1575cb..21f0f7e3a7f4e7bb9f014e18ff4dd944b54544e6 100644 (file)
--- a/meta/recipes-devtools/binutils/binutils-2.42.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.42.inc
@@ -63,5 +63,6 @@ SRC_URI = "\
      file://0025-CVE-2025-11083.patch \
      file://0026-CVE-2025-11081.patch \
      file://0027-CVE-2025-8225.patch \
+     file://CVE-2025-11414.patch \
 "
 S  = "${WORKDIR}/git"

diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2025-11414.patch b/meta/recipes-devtools/binutils/binutils/CVE-2025-11414.patch
new file mode 100644 (file)
index 0000000..c6e45c3
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2025-11414.patch
@@ -0,0 +1,84 @@
+From aeaaa9af6359c8e394ce9cf24911fec4f4d23703 Mon Sep 17 00:00:00 2001
+From: "H.J. Lu" <hjl.tools@gmail.com>
+Date: Tue, 23 Sep 2025 08:52:26 +0800
+Subject: [PATCH] elf: Return error on unsorted symbol table if not allowed
+
+Normally ELF symbol table should be sorted, i.e., local symbols precede
+global symbols.  Irix 6 is an exception and its elf_bad_symtab is set
+to true.  Issue an error if elf_bad_symtab is false and symbol table is
+unsorted.
+
+       PR ld/33450
+       * elflink.c (set_symbol_value): Change return type to bool and
+       return false on error.  Issue an error on unsorted symbol table
+       if not allowed.
+       (elf_link_input_bfd): Return false if set_symbol_value reurns
+       false.
+
+Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
+
+CVE: CVE-2025-11414
+Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=aeaaa9af6359c8e394ce9cf24911fec4f4d23703]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ bfd/elflink.c | 21 +++++++++++++++------
+ 1 file changed, 15 insertions(+), 6 deletions(-)
+
+diff --git a/bfd/elflink.c b/bfd/elflink.c
+index 66982f82b94..54f0d6e957e 100644
+--- a/bfd/elflink.c
++++ b/bfd/elflink.c
+@@ -8914,7 +8914,7 @@ struct elf_outext_info
+    <binary-operator> := as in C
+    <unary-operator> := as in C, plus "0-" for unambiguous negation.  */
+ 
+-static void
++static bool
+ set_symbol_value (bfd *bfd_with_globals,
+                 Elf_Internal_Sym *isymbuf,
+                 size_t locsymcount,
+@@ -8935,9 +8935,15 @@ set_symbol_value (bfd *bfd_with_globals,
+            "absolute" section and give it a value.  */
+         sym->st_shndx = SHN_ABS;
+         sym->st_value = val;
+-        return;
++        return true;
++      }
++      if (!elf_bad_symtab (bfd_with_globals))
++      {
++        _bfd_error_handler (_("%pB: corrupt symbol table"),
++                            bfd_with_globals);
++        bfd_set_error (bfd_error_bad_value);
++        return false;
+       }
+-      BFD_ASSERT (elf_bad_symtab (bfd_with_globals));
+       extsymoff = 0;
+     }
+ 
+@@ -8947,11 +8953,12 @@ set_symbol_value (bfd *bfd_with_globals,
+   if (h == NULL)
+     {
+       /* FIXMEL What should we do ?  */
+-      return;
++      return false;
+     }
+   h->root.type = bfd_link_hash_defined;
+   h->root.u.def.value = val;
+   h->root.u.def.section = bfd_abs_section_ptr;
++  return true;
+ }
+ 
+ static bool
+@@ -11641,8 +11648,10 @@ elf_link_input_bfd (struct elf_final_link_info *flinfo, bfd *input_bfd)
+                   return false;
+ 
+                 /* Symbol evaluated OK.  Update to absolute value.  */
+-                set_symbol_value (input_bfd, isymbuf, locsymcount,
+-                                  r_symndx, val);
++                if (!set_symbol_value (input_bfd, isymbuf, locsymcount, r_symndx,
++                                       val))
++                  return false;
++
+                 continue;
+               }
+