[AUTO-CHERRYPICK] [Medium] Fix CVE-2025-0840 for binutils - branch main (#12387)

Co-authored-by: Sudipta Pandit <sudpandit@microsoft.com>

Author: CBL-Mariner-Bot

SPECS/binutils/CVE-2025-0840.patch

@@ -0,0 +1,48 @@
+From e8f8cb0a82fe67fcac9ace1efd38b178748a72ca Mon Sep 17 00:00:00 2001
+From: Sudipta Pandit <sudpandit@microsoft.com>
+Date: Tue, 4 Feb 2025 16:39:33 +0530
+Subject: [PATCH] Backport patch for CVE-2025-0840 for binutils
+
+Reference: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=baac6c221e9d69335bf41366a1c7d87d8ab2f893
+---
+ binutils/objdump.c | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/binutils/objdump.c b/binutils/objdump.c
+index a7b8303b..98e0271a 100644
+--- a/binutils/objdump.c
++++ b/binutils/objdump.c
+@@ -109,7 +109,8 @@ static bool disassemble_all;		/* -D */
+ static int disassemble_zeroes;		/* --disassemble-zeroes */
+ static bool formats_info;		/* -i */
+ static int wide_output;			/* -w */
+-static int insn_width;			/* --insn-width */
++#define MAX_INSN_WIDTH 49
++static unsigned long insn_width;			/* --insn-width */
+ static bfd_vma start_address = (bfd_vma) -1; /* --start-address */
+ static bfd_vma stop_address = (bfd_vma) -1;  /* --stop-address */
+ static int dump_debugging;		/* --debugging */
+@@ -2762,7 +2763,7 @@ disassemble_bytes (struct disassemble_info *inf,
+ 	}
+       else
+ 	{
+-	  char buf[50];
++	  char buf[MAX_INSN_WIDTH + 1];
+ 	  unsigned int bpc = 0;
+ 	  unsigned int pb = 0;
+ 
+@@ -5297,8 +5298,9 @@ main (int argc, char **argv)
+ 	  break;
+ 	case OPTION_INSN_WIDTH:
+ 	  insn_width = strtoul (optarg, NULL, 0);
+-	  if (insn_width <= 0)
+-	    fatal (_("error: instruction width must be positive"));
++	  if (insn_width - 1 >= MAX_INSN_WIDTH)
++	    fatal (_("error: instruction width must be in the range 1 to "
++		     XSTRING (MAX_INSN_WIDTH)));
+ 	  break;
+ 	case OPTION_INLINES:
+ 	  unwind_inlines = true;
+-- 
+2.34.1
+

SPECS/binutils/binutils.spec

@@ -21,7 +21,7 @@
 Summary:        Contains a linker, an assembler, and other tools
 Name:           binutils
 Version:        2.37
-Release:        10%{?dist}
+Release:        11%{?dist}
 License:        GPLv2+
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -45,6 +45,7 @@ Patch10:        CVE-2022-47011.patch
 Patch11:         CVE-2022-48063.patch
 Patch12:         CVE-2023-1972.patch
 Patch13:         CVE-2022-35205.patch
+Patch14:         CVE-2025-0840.patch
 Provides:       bundled(libiberty)
 
 # Moving macro before the "SourceX" tags breaks PR checks parsing the specs.
@@ -301,6 +302,9 @@ find %{buildroot} -type f -name "*.la" -delete -print
 %do_files aarch64-linux-gnu %{build_aarch64}
 
 %changelog
+* Tue Feb 04 2025 Sudipta Pandit <sudpandit@microsoft.com> - 2.37-11
+- Backport patch to fix CVE-2025-0840
+
 * Thu Nov 14 2024 Thien Trung Vuong <tvuong@microsoft.com> - 2.37-10
 - Added patch to fix CVE-2023-1972, CVE-2022-48063, CVE-2022-35205
 

toolkit/resources/manifests/package/pkggen_core_aarch64.txt

@@ -12,8 +12,8 @@ zlib-devel-1.2.13-2.cm2.aarch64.rpm
 file-5.40-3.cm2.aarch64.rpm
 file-devel-5.40-3.cm2.aarch64.rpm
 file-libs-5.40-3.cm2.aarch64.rpm
-binutils-2.37-10.cm2.aarch64.rpm
-binutils-devel-2.37-10.cm2.aarch64.rpm
+binutils-2.37-11.cm2.aarch64.rpm
+binutils-devel-2.37-11.cm2.aarch64.rpm
 gmp-6.2.1-4.cm2.aarch64.rpm
 gmp-devel-6.2.1-4.cm2.aarch64.rpm
 mpfr-4.1.0-2.cm2.aarch64.rpm

toolkit/resources/manifests/package/pkggen_core_x86_64.txt

@@ -12,8 +12,8 @@ zlib-devel-1.2.13-2.cm2.x86_64.rpm
 file-5.40-3.cm2.x86_64.rpm
 file-devel-5.40-3.cm2.x86_64.rpm
 file-libs-5.40-3.cm2.x86_64.rpm
-binutils-2.37-10.cm2.x86_64.rpm
-binutils-devel-2.37-10.cm2.x86_64.rpm
+binutils-2.37-11.cm2.x86_64.rpm
+binutils-devel-2.37-11.cm2.x86_64.rpm
 gmp-6.2.1-4.cm2.x86_64.rpm
 gmp-devel-6.2.1-4.cm2.x86_64.rpm
 mpfr-4.1.0-2.cm2.x86_64.rpm

toolkit/resources/manifests/package/toolchain_aarch64.txt

@@ -9,9 +9,9 @@ bash-5.1.8-4.cm2.aarch64.rpm
 bash-debuginfo-5.1.8-4.cm2.aarch64.rpm
 bash-devel-5.1.8-4.cm2.aarch64.rpm
 bash-lang-5.1.8-4.cm2.aarch64.rpm
-binutils-2.37-10.cm2.aarch64.rpm
-binutils-debuginfo-2.37-10.cm2.aarch64.rpm
-binutils-devel-2.37-10.cm2.aarch64.rpm
+binutils-2.37-11.cm2.aarch64.rpm
+binutils-debuginfo-2.37-11.cm2.aarch64.rpm
+binutils-devel-2.37-11.cm2.aarch64.rpm
 bison-3.7.6-2.cm2.aarch64.rpm
 bison-debuginfo-3.7.6-2.cm2.aarch64.rpm
 bzip2-1.0.8-1.cm2.aarch64.rpm

toolkit/resources/manifests/package/toolchain_x86_64.txt

@@ -9,10 +9,10 @@ bash-5.1.8-4.cm2.x86_64.rpm
 bash-debuginfo-5.1.8-4.cm2.x86_64.rpm
 bash-devel-5.1.8-4.cm2.x86_64.rpm
 bash-lang-5.1.8-4.cm2.x86_64.rpm
-binutils-2.37-10.cm2.x86_64.rpm
-binutils-aarch64-linux-gnu-2.37-10.cm2.x86_64.rpm
-binutils-debuginfo-2.37-10.cm2.x86_64.rpm
-binutils-devel-2.37-10.cm2.x86_64.rpm
+binutils-2.37-11.cm2.x86_64.rpm
+binutils-aarch64-linux-gnu-2.37-11.cm2.x86_64.rpm
+binutils-debuginfo-2.37-11.cm2.x86_64.rpm
+binutils-devel-2.37-11.cm2.x86_64.rpm
 bison-3.7.6-2.cm2.x86_64.rpm
 bison-debuginfo-3.7.6-2.cm2.x86_64.rpm
 bzip2-1.0.8-1.cm2.x86_64.rpm
@@ -47,7 +47,7 @@ cracklib-lang-2.9.7-5.cm2.x86_64.rpm
 createrepo_c-0.17.5-1.cm2.x86_64.rpm
 createrepo_c-debuginfo-0.17.5-1.cm2.x86_64.rpm
 createrepo_c-devel-0.17.5-1.cm2.x86_64.rpm
-cross-binutils-common-2.37-10.cm2.noarch.rpm
+cross-binutils-common-2.37-11.cm2.noarch.rpm
 cross-gcc-common-11.2.0-8.cm2.noarch.rpm
 curl-8.8.0-3.cm2.x86_64.rpm
 curl-debuginfo-8.8.0-3.cm2.x86_64.rpm