Joe McDonnell has uploaded this change for review. ( http://gerrit.cloudera.org:8080/24019
Change subject: IMPALA-14767: Patch binutils 2.42 with CVE fixes from Ubuntu 24 ...................................................................... IMPALA-14767: Patch binutils 2.42 with CVE fixes from Ubuntu 24 Ubuntu 24 uses binutils 2.42 and has backported several CVE fixes. These patches are available via their source packages and publications (in particular binutils_2.42-4ubuntu2.8.debian.tar.xz). None of these are security issues for Impala itself, and there is no indication that we've been affected by any of them. Even so, they include memory corruptions and memory leaks for these build tools, so it is prudent to patch binutils to fix them. This applies the CVE patches from binutils_2.42-4ubuntu2.8.debian.tar.xz in order specified by the debian/patches/series file in that tarball. This includes pieces of the changelog describing the patches in a README in the patches directory. Testing: - Ran a toolchain build Change-Id: I38ddc81416a84a39a83b43a27ea008b29015b859 --- M init.sh A source/binutils/binutils-2.42-patches/0001-PATCH-CVE-2024-57360.patch A source/binutils/binutils-2.42-patches/0002-PATCH-CVE-2025-0840.patch A source/binutils/binutils-2.42-patches/0003-PATCH-CVE-2025-1153.patch A source/binutils/binutils-2.42-patches/0004-PATCH-CVE-2025-1176.patch A source/binutils/binutils-2.42-patches/0005-PATCH-CVE-2025-1178.patch A source/binutils/binutils-2.42-patches/0006-PATCH-CVE-2025-1181-pre.patch A source/binutils/binutils-2.42-patches/0007-PATCH-CVE-2025-1181.patch A source/binutils/binutils-2.42-patches/0008-PATCH-CVE-2025-1182.patch A source/binutils/binutils-2.42-patches/0009-PATCH-CVE-2025-11082.patch A source/binutils/binutils-2.42-patches/0010-PATCH-CVE-2025-11083.patch A source/binutils/binutils-2.42-patches/0011-PATCH-CVE-2025-1147.patch A source/binutils/binutils-2.42-patches/0012-PATCH-CVE-2025-1148.patch A source/binutils/binutils-2.42-patches/0013-PATCH-CVE-2025-3198.patch A source/binutils/binutils-2.42-patches/0014-PATCH-CVE-2025-5244.patch A source/binutils/binutils-2.42-patches/0015-PATCH-CVE-2025-5245.patch A source/binutils/binutils-2.42-patches/0016-PATCH-CVE-2025-7545.patch A source/binutils/binutils-2.42-patches/0017-PATCH-CVE-2025-7546.patch A source/binutils/binutils-2.42-patches/0018-PATCH-CVE-2025-8225.patch A source/binutils/binutils-2.42-patches/0019-PATCH-CVE-2025-11839.patch A source/binutils/binutils-2.42-patches/0020-PATCH-CVE-2025-11840.patch A source/binutils/binutils-2.42-patches/0021-PATCH-CVE-2025-11412.patch A source/binutils/binutils-2.42-patches/0022-PATCH-CVE-2025-11413.patch A source/binutils/binutils-2.42-patches/0023-PATCH-CVE-2025-11414.patch A source/binutils/binutils-2.42-patches/0024-PATCH-CVE-2025-11494.patch A source/binutils/binutils-2.42-patches/README 26 files changed, 5,408 insertions(+), 1 deletion(-) git pull ssh://gerrit.cloudera.org:29418/native-toolchain refs/changes/19/24019/1 -- To view, visit http://gerrit.cloudera.org:8080/24019 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: native-toolchain Gerrit-Branch: master Gerrit-MessageType: newchange Gerrit-Change-Id: I38ddc81416a84a39a83b43a27ea008b29015b859 Gerrit-Change-Number: 24019 Gerrit-PatchSet: 1 Gerrit-Owner: Joe McDonnell <[email protected]>
