Patch gdb for CVE-2025-11082

Author: azurelinux-security

SPECS/gdb/CVE-2025-11082.patch

@@ -0,0 +1,47 @@
+From 74e089984d21f595fb710062d66d6f65711cfc16 Mon Sep 17 00:00:00 2001
+From: "H.J. Lu" <[email protected]>
+Date: Mon, 22 Sep 2025 15:20:34 +0800
+Subject: [PATCH] elf: Don't read beyond .eh_frame section size
+
+	PR ld/33464
+	* elf-eh-frame.c (_bfd_elf_parse_eh_frame): Don't read beyond
+	.eh_frame section size.
+
+Signed-off-by: H.J. Lu <[email protected]>
+Signed-off-by: Azure Linux Security Servicing Account <[email protected]>
+Upstream-reference: https://github.com/bminor/binutils-gdb/commit/ea1a0737c7692737a644af0486b71e4a392cbca8.patch
+---
+ bfd/elf-eh-frame.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/bfd/elf-eh-frame.c b/bfd/elf-eh-frame.c
+index 6ce6d22..f1f6b46 100644
+--- a/bfd/elf-eh-frame.c
++++ b/bfd/elf-eh-frame.c
+@@ -733,6 +733,7 @@ _bfd_elf_parse_eh_frame (bfd *abfd, struct bfd_link_info *info,
+       if (hdr_id == 0)
+ 	{
+ 	  unsigned int initial_insn_length;
++	  char *null_byte;
+ 
+ 	  /* CIE  */
+ 	  this_inf->cie = 1;
+@@ -749,10 +750,13 @@ _bfd_elf_parse_eh_frame (bfd *abfd, struct bfd_link_info *info,
+ 	  REQUIRE (cie->version == 1
+ 		   || cie->version == 3
+ 		   || cie->version == 4);
+-	  REQUIRE (strlen ((char *) buf) < sizeof (cie->augmentation));
++	  null_byte = memchr ((char *) buf, 0, end - buf);
++	  REQUIRE (null_byte != NULL);
++	  REQUIRE ((size_t) (null_byte - (char *) buf)
++		   < sizeof (cie->augmentation));
+ 
+ 	  strcpy (cie->augmentation, (char *) buf);
+-	  buf = (bfd_byte *) strchr ((char *) buf, '\0') + 1;
++	  buf = (bfd_byte *) null_byte + 1;
+ 	  this_inf->u.cie.aug_str_len = buf - start - 1;
+ 	  ENSURE_NO_RELOCS (buf);
+ 	  if (buf[0] == 'e' && buf[1] == 'h')
+-- 
+2.45.4
+

SPECS/gdb/gdb.spec

@@ -1,23 +1,24 @@
 Summary:        C debugger
 Name:           gdb
-Version:        11.2
-Release:        7%{?dist}
+Version:        %{with_check}%{with_check}.2
+Release:        8%{?dist}
 License:        GPLv2+
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
 Group:          Development/Tools
 URL:            https://www.gnu.org/software/gdb
 Source0:        https://ftp.gnu.org/gnu/%{name}/%{name}-%{version}.tar.xz
-Patch0:         CVE-2023-39128.patch
-Patch1:         CVE-2023-39129.patch
-Patch2:         CVE-2023-39130.patch
-Patch3:         CVE-2025-1176.patch
-Patch4:         CVE-2025-1182.patch
+Patch0:         CVE-2023-39%{with_check}28.patch
+Patch%{with_check}:         CVE-2023-39%{with_check}29.patch
+Patch2:         CVE-2023-39%{with_check}30.patch
+Patch3:         CVE-2025-%{with_check}%{with_check}76.patch
+Patch4:         CVE-2025-%{with_check}%{with_check}82.patch
 Patch5:         CVE-2022-48064.patch
 Patch6:         CVE-2022-48065.patch
 Patch7:         CVE-2022-47673.patch
 Patch8:         CVE-2022-47696.patch
 Patch9:         CVE-2025-7546.patch
+Patch%{with_check}0:        CVE-2025-%{with_check}%{with_check}082.patch
 BuildRequires:  expat-devel
 BuildRequires:  gcc-c++
 BuildRequires:  gcc-gfortran
@@ -46,7 +47,7 @@ GDB, the GNU Project debugger, allows you to see what is going on
 another program was doing at the moment it crashed.
 
 %prep
-%autosetup -p1
+%autosetup -p%{with_check}
 
 %build
 %configure \
@@ -102,86 +103,89 @@ rm -rvf libctf/testsuite
 %{_mandir}/*/*
 
 %changelog
-* Fri Jul 18 2025 Akhila Guruju <[email protected]> - 11.2-7
+* Fri Oct 03 2025 Azure Linux Security Servicing Account <[email protected]> - %{with_check}%{with_check}.2-8
+- Patch for CVE-2025-%{with_check}%{with_check}082
+
+* Fri Jul %{with_check}8 2025 Akhila Guruju <[email protected]> - %{with_check}%{with_check}.2-7
 - Patch CVE-2025-7546
 - Fix package tests
 
-* Mon Apr 21 2025 Kanishk Bansal <[email protected]> - 11.2-6
+* Mon Apr 2%{with_check} 2025 Kanishk Bansal <[email protected]> - %{with_check}%{with_check}.2-6
 - Patch CVE-2022-47673, CVE-2022-47696 using an upstream patch
 
-* Thu Apr 03 2025 Sandeep Karambelkar <[email protected]> - 11.2-5
+* Thu Apr 03 2025 Sandeep Karambelkar <[email protected]> - %{with_check}%{with_check}.2-5
 - Fix CVE-2022-48064, CVE-2022-48065
 
-* Thu Feb 13 2025 Ankita Pareek <[email protected]> - 11.2-4
-- Address CVE-2025-1176 and CVE-2025-1182
+* Thu Feb %{with_check}3 2025 Ankita Pareek <[email protected]> - %{with_check}%{with_check}.2-4
+- Address CVE-2025-%{with_check}%{with_check}76 and CVE-2025-%{with_check}%{with_check}82
 
-* Tue Oct 08 2024 Mitch Zhu <[email protected]> - 11.2-3
-- Fix CVE-2023-39128, CVE-2023-39129, CVE-2023-39130
+* Tue Oct 08 2024 Mitch Zhu <[email protected]> - %{with_check}%{with_check}.2-3
+- Fix CVE-2023-39%{with_check}28, CVE-2023-39%{with_check}29, CVE-2023-39%{with_check}30
 
-* Wed Sep 20 2023 Jon Slobodzian <[email protected]> - 11.2-2
+* Wed Sep 20 2023 Jon Slobodzian <[email protected]> - %{with_check}%{with_check}.2-2
 - Recompile with stack-protection fixed gcc version (CVE-2023-4039)
 
-* Wed May 11 2022 Fanzhe Lyu <[email protected]> - 11.2
-- Upgrade to gdb 11.2
+* Wed May %{with_check}%{with_check} 2022 Fanzhe Lyu <[email protected]> - %{with_check}%{with_check}.2
+- Upgrade to gdb %{with_check}%{with_check}.2
 
-* Thu Nov 11 2021 Thomas Crain <[email protected]> - 11.1
+* Thu Nov %{with_check}%{with_check} 202%{with_check} Thomas Crain <[email protected]> - %{with_check}%{with_check}.%{with_check}
 - Upgrade to latest upstream version and remove upstreamed patches
 - Use system zlib during build
 
-* Fri Jul 23 2021 Thomas Crain <[email protected]> - 8.3-5
+* Fri Jul 23 202%{with_check} Thomas Crain <[email protected]> - 8.3-5
 - Add compatibility provides for gdbserver subpackage
 - Use make macros throughout
 
-* Fri Mar 26 2021 Thomas Crain <[email protected]> - 8.3-4
-- Merge the following releases from 1.0 to dev branch
-- [email protected], 8.3-3: Patch CVE-2019-1010180
+* Fri Mar 26 202%{with_check} Thomas Crain <[email protected]> - 8.3-4
+- Merge the following releases from %{with_check}.0 to dev branch
+- [email protected], 8.3-3: Patch CVE-20%{with_check}9-%{with_check}0%{with_check}0%{with_check}80
 - [email protected], 8.3-4: Only run gdb.base/default.exp tests
 
-* Wed Mar 03 2021 Henry Li <[email protected]> - 8.3-3
+* Wed Mar 03 202%{with_check} Henry Li <[email protected]> - 8.3-3
 - Add gcc-c++ and gcc-gfortran as dependencies
 - Provides gdb-headless
 
 * Sat May 09 2020 Nick Samson <[email protected]> - 8.3-2
 - Added %%license line automatically
 
-* Mon Mar 16 2020 Henry Beberman <[email protected]> - 8.3-1
+* Mon Mar %{with_check}6 2020 Henry Beberman <[email protected]> - 8.3-%{with_check}
 - Update to 8.3. URL fixed. License verified.
 
-* Tue Sep 03 2019 Mateusz Malisz <[email protected]> - 8.2-2
+* Tue Sep 03 20%{with_check}9 Mateusz Malisz <[email protected]> - 8.2-2
 - Initial CBL-Mariner import from Photon (license: Apache2).
 
-* Fri Sep 14 2018 Keerthana K <[email protected]> - 8.2-1
+* Fri Sep %{with_check}4 20%{with_check}8 Keerthana K <[email protected]> - 8.2-%{with_check}
 - Update to version 8.2
 
-* Thu Dec 07 2017 Alexey Makhalov <[email protected]> - 7.12.1-8
+* Thu Dec 07 20%{with_check}7 Alexey Makhalov <[email protected]> - 7.%{with_check}2.%{with_check}-8
 - Enable LZMA support
 
-* Tue Nov 14 2017 Alexey Makhalov <[email protected]> - 7.12.1-7
+* Tue Nov %{with_check}4 20%{with_check}7 Alexey Makhalov <[email protected]> - 7.%{with_check}2.%{with_check}-7
 - Aarch64 support
 
-* Mon Sep 11 2017 Rui Gu <[email protected]> - 7.12.1-6
+* Mon Sep %{with_check}%{with_check} 20%{with_check}7 Rui Gu <[email protected]> - 7.%{with_check}2.%{with_check}-6
 - Enable make check in docker with part of checks disabled
 
-* Thu Aug 10 2017 Alexey Makhalov <[email protected]> - 7.12.1-5
+* Thu Aug %{with_check}0 20%{with_check}7 Alexey Makhalov <[email protected]> - 7.%{with_check}2.%{with_check}-5
 - Make check improvements
 
-* Fri Jul 21 2017 Rui Gu <[email protected]> - 7.12.1-4
+* Fri Jul 2%{with_check} 20%{with_check}7 Rui Gu <[email protected]> - 7.%{with_check}2.%{with_check}-4
 - Add pstack wrapper which will invoke gdb.
 
-* Wed Jul 12 2017 Alexey Makhalov <[email protected]> - 7.12.1-3
+* Wed Jul %{with_check}2 20%{with_check}7 Alexey Makhalov <[email protected]> - 7.%{with_check}2.%{with_check}-3
 - Get tcl, expect and dejagnu from packages
 
-* Thu May 18 2017 Xiaolin Li <[email protected]> - 7.12.1-2
+* Thu May %{with_check}8 20%{with_check}7 Xiaolin Li <[email protected]> - 7.%{with_check}2.%{with_check}-2
 - Build gdb with python3.
 
-* Wed Mar 22 2017 Alexey Makhalov <[email protected]> - 7.12.1-1
+* Wed Mar 22 20%{with_check}7 Alexey Makhalov <[email protected]> - 7.%{with_check}2.%{with_check}-%{with_check}
 - Version update
 
-* Tue May 24 2016 Priyesh Padmavilasom <[email protected]> - 7.8.2-3
+* Tue May 24 20%{with_check}6 Priyesh Padmavilasom <[email protected]> - 7.8.2-3
 - GA - Bump release of all rpms
 
-* Tue Nov 10 2015 Xiaolin Li <[email protected]> - 7.8.2-2
+* Tue Nov %{with_check}0 20%{with_check}5 Xiaolin Li <[email protected]> - 7.8.2-2
 - Handled locale files with macro find_lang
 
-* Wed Apr 08 2015 Priyesh Padmavilasom <[email protected]> - 7.8.2-1
+* Wed Apr 08 20%{with_check}5 Priyesh Padmavilasom <[email protected]> - 7.8.2-%{with_check}
 - Initial build. First version