Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitd29f955

Browse files
authored
Merge changes for 2.0 monthly update (#15021)
2 parentsb6184b4 +463c58f commitd29f955

File tree

53 files changed

+2949
-114
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

53 files changed

+2949
-114
lines changed

‎SPECS-EXTENDED/samba/CVE-2025-49716-netlogon.patch‎

Lines changed: 457 additions & 0 deletions
Large diffs are not rendered by default.

‎SPECS-EXTENDED/samba/samba.spec‎

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -85,7 +85,7 @@
8585

8686
Name: samba
8787
Version: 4.12.5
88-
Release:6%{?dist}
88+
Release:7%{?dist}
8989

9090

9191
%define samba_depver %{version}-%{release}
@@ -247,6 +247,8 @@ BuildRequires: krb5-server >= %{required_mit_krb5}
247247
BuildRequires: bind
248248
%endif
249249

250+
Patch0: CVE-2025-49716-netlogon.patch
251+
250252
# filter out perl requirements pulled in from examples in the docdir.
251253
%global __requires_exclude_from ^%{_docdir}/.*$
252254
%global __provides_exclude_from ^%{_docdir}/.*$
@@ -796,6 +798,7 @@ and use CTDB instead.
796798

797799

798800
%prep
801+
%autosetup -p1
799802
xzcat %{SOURCE0}| gpgv2 --quiet --keyring %{SOURCE2} %{SOURCE1} -
800803
%autosetup -n samba-%{version}%{pre_release} -p1
801804
# Remove `xsltproc` binary if installed. This is only used for docs, which we do not build
@@ -3438,6 +3441,9 @@ fi
34383441
%endif
34393442

34403443
%changelog
3444+
*Fri Oct 10 2025Andy Zaugg<azaugg@linkedin.com> -4.12.5-7
3445+
-Fix winbind netlogon issue with Windows security update 2025 CVE-2025-49716
3446+
34413447
*Wed Apr 17 2024Andrew Phelps<anphel@microsoft.com> -4.12.5-6
34423448
-Fix build issue with docs by removing xsltproc
34433449

Lines changed: 47 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,47 @@
1+
From 1a2eb7a4a288ffe6d1a7a6a7260c1a59d8638f46 Mon Sep 17 00:00:00 2001
2+
From: "H.J. Lu" <hjl.tools@gmail.com>
3+
Date: Mon, 22 Sep 2025 15:20:34 +0800
4+
Subject: [PATCH] elf: Don't read beyond .eh_frame section size
5+
6+
PR ld/33464
7+
* elf-eh-frame.c (_bfd_elf_parse_eh_frame): Don't read beyond
8+
.eh_frame section size.
9+
10+
Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
11+
Signed-off-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
12+
Upstream-reference: https://github.com/bminor/binutils-gdb/commit/ea1a0737c7692737a644af0486b71e4a392cbca8.patch
13+
---
14+
bfd/elf-eh-frame.c | 8 ++++++--
15+
1 file changed, 6 insertions(+), 2 deletions(-)
16+
17+
diff --git a/binutils-2.37/bfd/elf-eh-frame.c b/binutils-2.37/bfd/elf-eh-frame.c
18+
index 6ce6d225..f1f6b463 100644
19+
--- a/bfd/elf-eh-frame.c
20+
+++ b/bfd/elf-eh-frame.c
21+
@@ -733,6 +733,7 @@ _bfd_elf_parse_eh_frame (bfd *abfd, struct bfd_link_info *info,
22+
if (hdr_id == 0)
23+
{
24+
unsigned int initial_insn_length;
25+
+ char *null_byte;
26+
27+
/* CIE */
28+
this_inf->cie = 1;
29+
@@ -749,10 +750,13 @@ _bfd_elf_parse_eh_frame (bfd *abfd, struct bfd_link_info *info,
30+
REQUIRE (cie->version == 1
31+
|| cie->version == 3
32+
|| cie->version == 4);
33+
- REQUIRE (strlen ((char *) buf) < sizeof (cie->augmentation));
34+
+ null_byte = memchr ((char *) buf, 0, end - buf);
35+
+ REQUIRE (null_byte != NULL);
36+
+ REQUIRE ((size_t) (null_byte - (char *) buf)
37+
+ < sizeof (cie->augmentation));
38+
39+
strcpy (cie->augmentation, (char *) buf);
40+
- buf = (bfd_byte *) strchr ((char *) buf, '\0') + 1;
41+
+ buf = (bfd_byte *) null_byte + 1;
42+
this_inf->u.cie.aug_str_len = buf - start - 1;
43+
ENSURE_NO_RELOCS (buf);
44+
if (buf[0] == 'e' && buf[1] == 'h')
45+
--
46+
2.45.4
47+
Lines changed: 80 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,80 @@
1+
From b3847cb425387f93f099513980721e3d87c236de Mon Sep 17 00:00:00 2001
2+
From: AllSpark <allspark@microsoft.com>
3+
Date: Wed, 1 Oct 2025 19:12:40 +0000
4+
Subject: [PATCH] bfd/elf: Avoid matching corrupt section header in linker
5+
input (PR ld/33457)
6+
7+
- Change elf_swap_shdr_in to return bool; return false for corrupt section header when abfd->is_linker_input.
8+
- In elf_object_p, check return value of elf_swap_shdr_in and reject on failure.
9+
- Preserve warning message and set abfd->read_only after rejection logic.
10+
11+
Backport of upstream patch 9ca499644a21ceb3f946d1c179c38a83be084490.
12+
13+
Signed-off-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
14+
Upstream-reference: AI Backport of https://github.com/bminor/binutils-gdb/commit/9ca499644a21ceb3f946d1c179c38a83be084490.patch
15+
---
16+
bfd/elfcode.h | 16 ++++++++++------
17+
1 file changed, 10 insertions(+), 6 deletions(-)
18+
19+
diff --git a/bfd/elfcode.h b/bfd/elfcode.h
20+
index 7eb27c2e..8195b92e 100644
21+
--- a/bfd/elfcode.h
22+
+++ b/bfd/elfcode.h
23+
@@ -298,7 +298,7 @@ elf_swap_ehdr_out (bfd *abfd,
24+
/* Translate an ELF section header table entry in external format into an
25+
ELF section header table entry in internal format. */
26+
27+
-static void
28+
+static bool
29+
elf_swap_shdr_in (bfd *abfd,
30+
const Elf_External_Shdr *src,
31+
Elf_Internal_Shdr *dst)
32+
@@ -325,9 +325,12 @@ elf_swap_shdr_in (bfd *abfd,
33+
&& ((ufile_ptr) dst->sh_offset > filesize
34+
|| dst->sh_size > filesize - dst->sh_offset))
35+
{
36+
- abfd->read_only = 1;
37+
_bfd_error_handler (_("warning: %pB has a section "
38+
"extending past end of file"), abfd);
39+
+ /* PR ld/33457: Don't match corrupt section header. */
40+
+ if (abfd->is_linker_input)
41+
+ return false;
42+
+ abfd->read_only = 1;
43+
}
44+
}
45+
dst->sh_link = H_GET_32 (abfd, src->sh_link);
46+
@@ -336,6 +339,7 @@ elf_swap_shdr_in (bfd *abfd,
47+
dst->sh_entsize = H_GET_WORD (abfd, src->sh_entsize);
48+
dst->bfd_section = NULL;
49+
dst->contents = NULL;
50+
+ return true;
51+
}
52+
53+
/* Translate an ELF section header table entry in internal format into an
54+
@@ -628,9 +632,9 @@ elf_object_p (bfd *abfd)
55+
56+
/* Read the first section header at index 0, and convert to internal
57+
form. */
58+
- if (bfd_bread (&x_shdr, sizeof x_shdr, abfd) != sizeof (x_shdr))
59+
+ if (bfd_bread (&x_shdr, sizeof x_shdr, abfd) != sizeof (x_shdr)
60+
+ || !elf_swap_shdr_in (abfd, &x_shdr, &i_shdr))
61+
goto got_no_match;
62+
- elf_swap_shdr_in (abfd, &x_shdr, &i_shdr);
63+
64+
/* If the section count is zero, the actual count is in the first
65+
section header. */
66+
@@ -716,9 +720,9 @@ elf_object_p (bfd *abfd)
67+
to internal form. */
68+
for (shindex = 1; shindex < i_ehdrp->e_shnum; shindex++)
69+
{
70+
- if (bfd_bread (&x_shdr, sizeof x_shdr, abfd) != sizeof (x_shdr))
71+
+ if (bfd_bread (&x_shdr, sizeof x_shdr, abfd) != sizeof (x_shdr)
72+
+ || !elf_swap_shdr_in (abfd, &x_shdr, i_shdrp + shindex))
73+
goto got_no_match;
74+
- elf_swap_shdr_in (abfd, &x_shdr, i_shdrp + shindex);
75+
76+
/* Sanity check sh_link and sh_info. */
77+
if (i_shdrp[shindex].sh_link >= num_sec)
78+
--
79+
2.45.4
80+
Lines changed: 37 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,37 @@
1+
From eee96bd5f9200a9b74df45fd6ae116bad7417236 Mon Sep 17 00:00:00 2001
2+
From: Alan Modra <amodra@gmail.com>
3+
Date: Thu, 25 Sep 2025 08:22:24 +0930
4+
Subject: [PATCH] PR 33452 SEGV in bfd_elf_gc_record_vtentry
5+
6+
Limit addends on vtentry relocs, otherwise ld might attempt to
7+
allocate a stupidly large array. This also fixes the expression
8+
overflow leading to pr33452. A vtable of 33M entries on a 64-bit
9+
host is surely large enough, especially considering that VTINHERIT
10+
and VTENTRY relocations are to support -fvtable-gc that disappeared
11+
from gcc over 20 years ago.
12+
13+
PR ld/33452
14+
* elflink.c (bfd_elf_gc_record_vtentry): Sanity check addend.
15+
16+
Signed-off-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
17+
Upstream-reference: https://github.com/bminor/binutils-gdb/commit/047435dd988a3975d40c6626a8f739a0b2e154bc.patch
18+
---
19+
bfd/elflink.c | 2 +-
20+
1 file changed, 1 insertion(+), 1 deletion(-)
21+
22+
diff --git a/bfd/elflink.c b/bfd/elflink.c
23+
index 51790953..37caba7e 100644
24+
--- a/bfd/elflink.c
25+
+++ b/bfd/elflink.c
26+
@@ -14235,7 +14235,7 @@ bfd_elf_gc_record_vtentry (bfd *abfd, asection *sec,
27+
const struct elf_backend_data *bed = get_elf_backend_data (abfd);
28+
unsigned int log_file_align = bed->s->log_file_align;
29+
30+
- if (!h)
31+
+ if (!h || addend > 1u << 28)
32+
{
33+
/* xgettext:c-format */
34+
_bfd_error_handler (_("%pB: section '%pA': corrupt VTENTRY entry"),
35+
--
36+
2.45.4
37+
Lines changed: 85 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,85 @@
1+
From 576abdc0a868acbcf0d363c720e4d6eaf25b3089 Mon Sep 17 00:00:00 2001
2+
From: "H.J. Lu" <hjl.tools@gmail.com>
3+
Date: Tue, 23 Sep 2025 08:52:26 +0800
4+
Subject: [PATCH] elf: Return error on unsorted symbol table if not allowed
5+
6+
Normally ELF symbol table should be sorted, i.e., local symbols precede
7+
global symbols. Irix 6 is an exception and its elf_bad_symtab is set
8+
to true. Issue an error if elf_bad_symtab is false and symbol table is
9+
unsorted.
10+
11+
PR ld/33450
12+
* elflink.c (set_symbol_value): Change return type to bool and
13+
return false on error. Issue an error on unsorted symbol table
14+
if not allowed.
15+
(elf_link_input_bfd): Return false if set_symbol_value reurns
16+
false.
17+
18+
Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
19+
Signed-off-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
20+
Upstream-reference: https://github.com/bminor/binutils-gdb/commit/aeaaa9af6359c8e394ce9cf24911fec4f4d23703.patch
21+
---
22+
bfd/elflink.c | 21 +++++++++++++++------
23+
1 file changed, 15 insertions(+), 6 deletions(-)
24+
25+
diff --git a/bfd/elflink.c b/bfd/elflink.c
26+
index 37caba7e..b841a750 100644
27+
--- a/bfd/elflink.c
28+
+++ b/bfd/elflink.c
29+
@@ -8623,7 +8623,7 @@ struct elf_outext_info
30+
<binary-operator> := as in C
31+
<unary-operator> := as in C, plus "0-" for unambiguous negation. */
32+
33+
-static void
34+
+static bool
35+
set_symbol_value (bfd *bfd_with_globals,
36+
Elf_Internal_Sym *isymbuf,
37+
size_t locsymcount,
38+
@@ -8644,9 +8644,15 @@ set_symbol_value (bfd *bfd_with_globals,
39+
"absolute" section and give it a value. */
40+
sym->st_shndx = SHN_ABS;
41+
sym->st_value = val;
42+
- return;
43+
+ return true;
44+
+}
45+
+ if (!elf_bad_symtab (bfd_with_globals))
46+
+{
47+
+ _bfd_error_handler (_("%pB: corrupt symbol table"),
48+
+ bfd_with_globals);
49+
+ bfd_set_error (bfd_error_bad_value);
50+
+ return false;
51+
}
52+
- BFD_ASSERT (elf_bad_symtab (bfd_with_globals));
53+
extsymoff = 0;
54+
}
55+
56+
@@ -8656,11 +8662,12 @@ set_symbol_value (bfd *bfd_with_globals,
57+
if (h == NULL)
58+
{
59+
/* FIXMEL What should we do ? */
60+
- return;
61+
+ return false;
62+
}
63+
h->root.type = bfd_link_hash_defined;
64+
h->root.u.def.value = val;
65+
h->root.u.def.section = bfd_abs_section_ptr;
66+
+ return true;
67+
}
68+
69+
static bool
70+
@@ -11369,8 +11376,10 @@ elf_link_input_bfd (struct elf_final_link_info *flinfo, bfd *input_bfd)
71+
return false;
72+
73+
/* Symbol evaluated OK. Update to absolute value. */
74+
- set_symbol_value (input_bfd, isymbuf, locsymcount,
75+
- r_symndx, val);
76+
+ if (!set_symbol_value (input_bfd, isymbuf, locsymcount, r_symndx,
77+
+ val))
78+
+ return false;
79+
+
80+
continue;
81+
}
82+
83+
--
84+
2.45.4
85+

‎SPECS/binutils/binutils.spec‎

Lines changed: 12 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -21,13 +21,13 @@
2121
Summary: Contains a linker, an assembler, and other tools
2222
Name: binutils
2323
Version: 2.37
24-
Release:17%{?dist}
24+
Release:19%{?dist}
2525
License: GPLv2+
2626
Vendor: Microsoft Corporation
2727
Distribution: Mariner
2828
Group: System Environment/Base
2929
URL: https://www.gnu.org/software/binutils
30-
Source0: https://ftp.gnu.org/gnu/binutils/%{name}-%{version}.tar.xz
30+
Source0: https://sourceware.org/pub/binutils/releases/%{name}-%{version}.tar.xz
3131
# Patch was derived from source: https://src.fedoraproject.org/rpms/binutils/blob/f34/f/binutils-export-demangle.h.patch
3232
Patch0: export-demangle-header.patch
3333
# Patch1 Source https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=6b86da53d5ee2022b9065f445d23356190380746
@@ -56,6 +56,10 @@ Patch21: CVE-2025-5244.patch
5656
Patch22: CVE-2025-7545.patch
5757
Patch23: CVE-2025-7546.patch
5858
Patch24: CVE-2025-8225.patch
59+
Patch25: CVE-2025-11412.patch
60+
Patch26: CVE-2025-11414.patch
61+
Patch27: CVE-2025-11082.patch
62+
Patch28: CVE-2025-11083.patch
5963
Provides: bundled(libiberty)
6064

6165
# Moving macro before the "SourceX" tags breaks PR checks parsing the specs.
@@ -312,6 +316,12 @@ find %{buildroot} -type f -name "*.la" -delete -print
312316
%do_filesaarch64-linux-gnu %{build_aarch64}
313317

314318
%changelog
319+
*Thu Oct 23 2025Azure Linux Security Servicing Account<azurelinux-security@microsoft.com> -2.37-19
320+
-Patch for CVE-2025-11083, CVE-2025-11082
321+
322+
*Thu Oct 16 2025Azure Linux Security Servicing Account<azurelinux-security@microsoft.com> -2.37-18
323+
-Patch for CVE-2025-11414, CVE-2025-11412
324+
315325
*Mon Jul 28 2025Azure Linux Security Servicing Account<azurelinux-security@microsoft.com> -2.37-17
316326
-Patch for CVE-2025-8225
317327

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp