This series doesn't apply to the current stable/whinlatter-nut branch: ~/Repos/openembedded-core (stable/whinlatter-nut) $ git am -3 ~/Downloads/whinlatter-1-2-binutils-fix-CVE-2025-11839.patch Applying: binutils: fix CVE-2025-11839 error: sha1 information is lacking or useless (meta/recipes-devtools/binutils/binutils-2.45.inc). error: could not build fake ancestor Patch failed at 0001 binutils: fix CVE-2025-11839 hint: Use 'git am --show-current-patch=diff' to see the failed patch When you have resolved this problem, run "git am --continue". If you prefer to skip this patch, run "git am --skip" instead. To restore the original branch and stop patching, run "git am --abort".
Steve On Sun, Dec 21, 2025 at 8:34 PM <[email protected]> wrote: > > From: Yash Shinde <[email protected]> > > CVE-2025-11839 > > PR 33448 > [BUG] Aborted in tg_tag_type at prdbg.c:2452 > Remove call to abort in the DGB debug format printing code, thus allowing > the display of a fuzzed input file to complete without triggering an abort. > > https://sourceware.org/bugzilla/show_bug.cgi?id=33448 > > Upstream-Status: Backport > [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=12ef7d5b7b02d0023db645d86eb9d0797bc747fe] > > Signed-off-by: Yash Shinde <[email protected]> > --- > .../binutils/binutils-2.45.inc | 1 + > .../binutils/0019-CVE-2025-11839.patch | 32 +++++++++++++++++++ > 2 files changed, 33 insertions(+) > create mode 100644 > meta/recipes-devtools/binutils/binutils/0019-CVE-2025-11839.patch > > diff --git a/meta/recipes-devtools/binutils/binutils-2.45.inc > b/meta/recipes-devtools/binutils/binutils-2.45.inc > index 680ba82e86..2f61c9377b 100644 > --- a/meta/recipes-devtools/binutils/binutils-2.45.inc > +++ b/meta/recipes-devtools/binutils/binutils-2.45.inc > @@ -44,4 +44,5 @@ SRC_URI = "\ > file://CVE-2025-11413.patch \ > file://CVE-2025-11495.patch \ > file://0018-CVE-2025-11494.patch \ > + file://0019-CVE-2025-11839.patch \ > " > diff --git > a/meta/recipes-devtools/binutils/binutils/0019-CVE-2025-11839.patch > b/meta/recipes-devtools/binutils/binutils/0019-CVE-2025-11839.patch > new file mode 100644 > index 0000000000..7f2f6d553d > --- /dev/null > +++ b/meta/recipes-devtools/binutils/binutils/0019-CVE-2025-11839.patch > @@ -0,0 +1,32 @@ > +From 12ef7d5b7b02d0023db645d86eb9d0797bc747fe Mon Sep 17 00:00:00 2001 > +From: Nick Clifton <[email protected]> > +Date: Mon, 3 Nov 2025 11:49:02 +0000 > +Subject: [PATCH] Remove call to abort in the DGB debug format printing code, > + thus allowing the display of a fuzzed input file to complete without > + triggering an abort. > + > +PR 33448 > +--- > + binutils/prdbg.c | 1 - > + 1 file changed, 1 deletion(-) > + > +Upstream-Status: Backport > [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=12ef7d5b7b02d0023db645d86eb9d0797bc747fe] > +CVE: CVE-2025-11839 > + > +Signed-off-by: Yash Shinde <[email protected]> > + > +diff --git a/binutils/prdbg.c b/binutils/prdbg.c > +index c239aeb1a79..5d405c48e3d 100644 > +--- a/binutils/prdbg.c > ++++ b/binutils/prdbg.c > +@@ -2449,7 +2449,6 @@ tg_tag_type (void *p, const char *name, unsigned int > id, > + t = "union class "; > + break; > + default: > +- abort (); > + return false; > + } > + > +-- > +2.43.7 > + > -- > 2.49.0 >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#228311): https://lists.openembedded.org/g/openembedded-core/message/228311 Mute This Topic: https://lists.openembedded.org/mt/116897474/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
