8 changed files with 6 additions and 207 deletions
--- a/CVE-2021-33454.patch
+++ b/CVE-2021-33454.patch
@ -1,22 +0,0 @@
 From 9defefae9fbcb6958cddbfa778c1ea8605da8b8b Mon Sep 17 00:00:00 2001
 From: dataisland <dataisland@outlook.com>
 Date: Fri, 22 Sep 2023 00:21:20 -0500
 Subject: [PATCH] Fix null-pointer-dereference in yasm_expr_get_intnum (#244)
 ---
 libyasm/expr.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/libyasm/expr.c b/libyasm/expr.c
 index 5b0c418b..09ae1121 100644
 --- a/libyasm/expr.c
 +++ b/libyasm/expr.c
@@ -1264,7 +1264,7 @@ yasm_expr_get_intnum(yasm_expr **ep, int calc_bc_dist)
 {
     *ep = yasm_expr_simplify(*ep, calc_bc_dist);
 -    if ((*ep)->op == YASM_EXPR_IDENT && (*ep)->terms[0].type == YASM_EXPR_INT)
 +    if (*ep && (*ep)->op == YASM_EXPR_IDENT && (*ep)->terms[0].type == YASM_EXPR_INT)
         return (*ep)->terms[0].data.intn;
     else
         return (yasm_intnum *)NULL;
--- a/CVE-2021-33464.patch
+++ b/CVE-2021-33464.patch
@ -1,20 +0,0 @@
 Description: Handle file descriptors with nonexisting env names better.
 Avoid writing past allocated memory.
 This fixes CVE-2021-33464.
 Author: Petter Reinholdtsen <pere@debian.org>
 Bug: https://github.com/yasm/yasm/issues/164
 Bug-Debian: https://bugs.debian.org/1016353
 Forwarded: https://github.com/yasm/yasm/issues/164
 Last-Update: 2025-04-30
 ---
 --- yasm-1.3.0.orig/modules/preprocs/nasm/nasm-pp.c
 +++ yasm-1.3.0/modules/preprocs/nasm/nasm-pp.c
@@ -1815,7 +1815,7 @@ inc_fopen(char *file, char **newname)
             error(ERR_WARNING, "environment variable `%s' does not exist",
                   p1+1);
             *p2 = '%';
 -            p1 = p2+1;
 +            pb = p1 = p2+1;
             continue;
         }
         /* need to expand */
--- a/CVE-2023-29579.patch
+++ b/CVE-2023-29579.patch
@ -1,22 +0,0 @@
 Description: Make sure CPU feature parsing use large enough string buffer.
 Fixes CVE-2023-29579.
 Author: Petter Reinholdtsen <pere@debian.org>
 Bug: https://github.com/yasm/yasm/issues/214
 Bug-Debian: https://bugs.debian.org/1035951
 Forwarded:  https://github.com/yasm/yasm/issues/214
 Last-Update: 2025-04-30
 ---
 --- yasm-1.3.0.orig/modules/arch/x86/x86arch.c
 +++ yasm-1.3.0/modules/arch/x86/x86arch.c
@@ -165,8 +165,9 @@ x86_dir_cpu(yasm_object *object, yasm_va
                 yasm_error_set(YASM_ERROR_SYNTAX,
                                N_("invalid argument to [%s]"), "CPU");
             else {
 -                char strcpu[16];
 -                sprintf(strcpu, "%lu", yasm_intnum_get_uint(intcpu));
 +                char strcpu[21]; /* 21 = ceil(log10(LONG_MAX)+1) */
 +                assert(8*sizeof(unsigned long) <= 64);
 +                snprintf(strcpu, sizeof(strcpu), "%lu", yasm_intnum_get_uint(intcpu));
                 yasm_x86__parse_cpu(arch_x86, strcpu, strlen(strcpu));
             }
         } else
--- a/CVE-2023-31975.patch
+++ b/CVE-2023-31975.patch
@ -1,27 +0,0 @@
 From b2cc5a1693b17ac415df76d0795b15994c106441 Mon Sep 17 00:00:00 2001
 From: Katsuhiko Gondow <gondow@cs.titech.ac.jp>
 Date: Tue, 13 Jun 2023 05:00:47 +0900
 Subject: [PATCH] Fix memory leak in bin-objfmt (#231)
 ---
 modules/objfmts/bin/bin-objfmt.c | 4 ++++
 1 file changed, 4 insertions(+)
 diff --git a/modules/objfmts/bin/bin-objfmt.c b/modules/objfmts/bin/bin-objfmt.c
 index 18026750..a38c3422 100644
 --- a/modules/objfmts/bin/bin-objfmt.c
 +++ b/modules/objfmts/bin/bin-objfmt.c
@@ -1680,6 +1680,10 @@ static void
 bin_section_data_destroy(void *data)
 {
     bin_section_data *bsd = (bin_section_data *)data;
 +    if (bsd->align)
 +        yasm_xfree(bsd->align);
 +    if (bsd->valign)
 +        yasm_xfree(bsd->valign);
     if (bsd->start)
         yasm_expr_destroy(bsd->start);
     if (bsd->vstart)
 -- 
 2.41.0.windows.3
--- a/CVE-2023-37732.patch
+++ b/CVE-2023-37732.patch
@ -1,37 +0,0 @@
 From 2cd3bb50e256f5ed5f611ac611d25fe673f2cec3 Mon Sep 17 00:00:00 2001
 From: Peter Johnson <johnson.peter@gmail.com>
 Date: Fri, 30 Jun 2023 08:08:55 -0700
 Subject: [PATCH] elf.c: Fix NULL deref on bad xsize expression (#234)
 ---
 modules/objfmts/elf/elf.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)
 diff --git a/modules/objfmts/elf/elf.c b/modules/objfmts/elf/elf.c
 index 67fe3f26..1ee98bfd 100644
 --- a/modules/objfmts/elf/elf.c
 +++ b/modules/objfmts/elf/elf.c
@@ -482,15 +482,15 @@ elf_symtab_write_to_file(FILE *f, elf_symtab_head *symtab,
         /* get size (if specified); expr overrides stored integer */
         if (entry->xsize) {
 -            size_intn = yasm_intnum_copy(
 -                yasm_expr_get_intnum(&entry->xsize, 1));
 -            if (!size_intn) {
 +            yasm_intnum *intn = yasm_expr_get_intnum(&entry->xsize, 1);
 +            if (!intn) {
                 yasm_error_set(YASM_ERROR_VALUE,
                                N_("size specifier not an integer expression"));
                 yasm_errwarn_propagate(errwarns, entry->xsize->line);
 -            }
 +            } else
 +                size_intn = yasm_intnum_copy(intn);
         }
 -        else
 +        if (!size_intn)
             size_intn = yasm_intnum_create_uint(entry->size);
         /* get EQU value for constants */
 -- 
 2.41.0.windows.3
--- a/yasm-1.3.0-sw.patch
+++ b/yasm-1.3.0-sw.patch
@ -1,49 +0,0 @@
 diff -Nuar yasm-1.3.0.org/configure yasm-1.3.0.sw/configure
 --- yasm-1.3.0.org/configure	2022-05-26 14:47:18.140000000 +0000
 +++ yasm-1.3.0.sw/configure	2022-05-26 14:50:16.340000000 +0000
@@ -10262,7 +10262,7 @@
 typedef unsigned long long uint64_t;
 #endif
 -#elif defined __alpha || (defined __mips && defined _ABIN32)
 +#elif defined __alpha || defined __sw_64 || (defined __mips && defined _ABIN32)
 #if !defined _NO_LONGLONG
 typedef long int64_t;
 typedef unsigned long uint64_t;
 diff -Nuar yasm-1.3.0.org/m4/ax_create_stdint_h.m4 yasm-1.3.0.sw/m4/ax_create_stdint_h.m4
 --- yasm-1.3.0.org/m4/ax_create_stdint_h.m4	2022-05-26 14:47:18.330000000 +0000
 +++ yasm-1.3.0.sw/m4/ax_create_stdint_h.m4	2022-05-26 14:47:53.800000000 +0000
@@ -392,7 +392,7 @@
 typedef unsigned long long uint64_t;
 #endif
 -#elif defined __alpha || (defined __mips && defined _ABIN32)
 +#elif defined __alpha || defined _sw_64 || (defined __mips && defined _ABIN32)
 #if !defined _NO_LONGLONG
 typedef long int64_t;
 typedef unsigned long uint64_t;
 diff -Nuar yasm-1.3.0.org/m4/intdiv0.m4 yasm-1.3.0.sw/m4/intdiv0.m4
 --- yasm-1.3.0.org/m4/intdiv0.m4	2022-05-26 14:47:18.330000000 +0000
 +++ yasm-1.3.0.sw/m4/intdiv0.m4	2022-05-26 14:48:19.760000000 +0000
@@ -54,7 +54,7 @@
         [
           # Guess based on the CPU.
           case "$host_cpu" in
 -            alpha* | i[34567]86 | m68k | s390*)
 +            alpha* | sw_64* | i[34567]86 | m68k | s390*)
               gt_cv_int_divbyzero_sigfpe="guessing yes";;
             *)
               gt_cv_int_divbyzero_sigfpe="guessing no";;
 diff -Nuar yasm-1.3.0.org/modules/objfmts/elf/elf.h yasm-1.3.0.sw/modules/objfmts/elf/elf.h
 --- yasm-1.3.0.org/modules/objfmts/elf/elf.h	2022-05-26 14:47:18.250000000 +0000
 +++ yasm-1.3.0.sw/modules/objfmts/elf/elf.h	2022-05-26 14:56:18.410000000 +0000
@@ -75,7 +75,8 @@
     EM_SPARCV9 = 43,                            /* SPARC v9 64-bit */
     EM_IA_64 = 50,                              /* Intel IA-64 */
     EM_X86_64 = 62,                             /* AMD x86-64 */
 -    EM_ALPHA = 0x9026                           /* Alpha (no ABI) */
 +    EM_ALPHA = 0x9026,                           /* Alpha (no ABI) */
 +    EM_SW_64 = 0x9916                           /* Sw_64 (no ABI) */
 } elf_machine;
 typedef enum {
--- a/yasm.spec
+++ b/yasm.spec
@ -1,19 +1,10 @@
 Name:           yasm
 Version:        1.3.0
-Release:        13
+Release:        9
 Summary:        NASM assembler
-License:        BSD-2-Clause AND BSD-3-Clause AND (GPL-1.0-or-later AND GPL-2.0-or-later OR Artistic-1.0-Perl OR LGPL-2.0-or-later)
+License:        BSD
-URL:            https://yasm.tortall.net/
+URL:            http://yasm.tortall.net/
-Source0:        https://www.tortall.net/projects/yasm/releases/yasm-1.3.0.tar.gz
+Source0:        http://www.tortall.net/projects/yasm/releases/yasm-1.3.0.tar.gz
 Patch1:         yasm-1.3.0-sw.patch
 Patch2:         CVE-2023-37732.patch
 Patch3:         CVE-2023-31975.patch
 Patch4:         CVE-2021-33454.patch
 # from debian
 Patch5:         CVE-2021-33464.patch
 # from debian
 Patch6:         CVE-2023-29579.patch
 BuildRequires:  gcc bison byacc gettext-devel xmlto
 Provides:       bundled(md5-plumb)
@ -39,6 +30,7 @@ The package contains the libraries and headers necessary for the yasm Modular As
 %make_build
 %install
 rm -rf %{buildroot}
 %make_install
 %files
@ -51,20 +43,8 @@ The package contains the libraries and headers necessary for the yasm Modular As
 %{_libdir}/libyasm.a
 %files help
-%{_mandir}/man?/*
+%{_mandir}/*
 %changelog
 * Mon May 12 2025 Funda Wang <fundawang@yeah.net> - 1.3.0-13
 - fix CVE-2021-33454, CVE-2021-33464, CVE-2023-29579
 * Tue Aug 15 2023 liningjie <liningjie@xfusion.com> - 1.3.0-12
 - fix CVE-2023-31975
 * Fri Aug 11 2023 liningjie <liningjie@xfusion.com> - 1.3.0-11
 - fix CVE-2023-37732
 * Wed Oct 26 2022 wuzx<wuzx1226@qq.com> - 1.3.0-10
 - Add sw64 architecture
 * Mon Jan 6 2020 qinjian <qinjian18@huawei.com> - 1.3.0-9
 - Package init
--- a/yasm.yaml
+++ b/yasm.yaml
@ -1,4 +0,0 @@
 version_control: github
 src_repo: yasm/yasm
 tag_prefix: ^v
 seperator: .