From: "Mathieu Dubois-Briand" <mathieu.dubois-briand@bootlin.com>
To: <Harish.Sadineni@windriver.com>,
<openembedded-core@lists.openembedded.org>
Cc: <Sundeep.Kokkonda@windriver.com>
Subject: Re: [OE-core] [PATCH] binutils: Fix CVE-2025-1148
Date: Fri, 28 Mar 2025 13:41:15 +0100 [thread overview]
Message-ID: <D8RWNSC4TKU7.3DARX9RP9QHG4@bootlin.com> (raw)
In-Reply-To: <Groupsio.1.1800bd6b-be1d-43a0-80b0-076f4471e631@windriver.com>
On Fri Mar 28, 2025 at 6:50 AM CET, Harish via lists.openembedded.org Sadineni wrote:
> [Edited Message Follows]
>
>
> On 3/25/2025 1:23 PM, Mathieu Dubois-Briand wrote:
> > CAUTION: This email comes from a non Wind River email account!
> > Do not click links or open attachments unless you recognize the sender and know the content is safe.
> >
> > On Wed Mar 19, 2025 at 10:35 AM CET, Harish via lists.openembedded.org Sadineni wrote:
> >> From: Harish Sadineni <Harish.Sadineni@windriver.com>
> >>
> >> A few place dealing with ld script handling made some attempt to free
> >> memory, but this was generally ignored and would be quite a lot of
> >> work to implement. Instead, use the stat_obstack rather than
> >> mallocing in many more cases.
> >>
> >> Backport a patch from upstream to fix CVE-2025-1148
> >> Upstream-Status: Backport [https://sourceware.org/cgit/binutils-gdb/commit/?id=d4115c2c8d447e297ae353892de89192c1996211]
> >>
> >> Signed-off-by: Harish Sadineni <Harish.Sadineni@windriver.com>
> >> ---
> > Hi,
> >
> > Thanks for your patch.
> >
> > I've seen it is already discussed, but as an additional note, current
> > version seems to generate some build error on the autobuilder:
> >
> > ERROR: gdb-16.2-r0 do_package_qa: QA Issue: The /usr/share/info/dir file is not meant to be shipped in a particular package. [infodir]
> >
> > https://autobuilder.yoctoproject.org/valkyrie/#/builders/17/builds/1170
> >
> I tested "bitbake world" with the same configuration as in qemux86-world-alt with the current patch, and the issue did not occur.
> Typically, errors like "file is not meant to be shipped in a particular package" arise when there is a change in the recipe
> related to installation or packaging.
>
I relaunched the build and it did fail again, twice:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/17/builds/1170
https://autobuilder.yoctoproject.org/valkyrie/#/builders/17/builds/1206
But on the other hand, I confirm I was not able to reproduce it locally
event using the exact same commit as on the AB.
It will try to apply it again on top of my master-next and see how it
goes
--
Mathieu Dubois-Briand, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
prev parent reply other threads:[~2025-03-28 12:41 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-19 9:35 [PATCH] binutils: Fix CVE-2025-1148 Harish.Sadineni
2025-03-19 9:41 ` Sadineni, Harish
2025-03-24 19:45 ` [OE-core] " Khem Raj
2025-03-25 7:53 ` Mathieu Dubois-Briand
2025-03-28 5:37 ` Harish Sadineni
2025-03-28 5:50 ` Sadineni, Harish
[not found] ` <Groupsio.1.1800bd6b-be1d-43a0-80b0-076f4471e631@windriver.com>
2025-03-28 12:41 ` Mathieu Dubois-Briand [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=D8RWNSC4TKU7.3DARX9RP9QHG4@bootlin.com \
--to=mathieu.dubois-briand@bootlin.com \
--cc=Harish.Sadineni@windriver.com \
--cc=Sundeep.Kokkonda@windriver.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.