!45 [sync] PR-41: fix CVE-2021-33454, CVE-2021-33464, CVE-2023-29579

Merge pull request !45 from openeuler-sync-bot/sync-pr41-master-to-openEuler-24.03-LTS

CVE-2021-33454.patch

@@ -0,0 +1,22 @@
+From 9defefae9fbcb6958cddbfa778c1ea8605da8b8b Mon Sep 17 00:00:00 2001
+From: dataisland <dataisland@outlook.com>
+Date: Fri, 22 Sep 2023 00:21:20 -0500
+Subject: [PATCH] Fix null-pointer-dereference in yasm_expr_get_intnum (#244)
+
+---
+ libyasm/expr.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libyasm/expr.c b/libyasm/expr.c
+index 5b0c418b..09ae1121 100644
+--- a/libyasm/expr.c
++++ b/libyasm/expr.c
+@@ -1264,7 +1264,7 @@ yasm_expr_get_intnum(yasm_expr **ep, int calc_bc_dist)
+ {
+     *ep = yasm_expr_simplify(*ep, calc_bc_dist);
+ 
+-    if ((*ep)->op == YASM_EXPR_IDENT && (*ep)->terms[0].type == YASM_EXPR_INT)
++    if (*ep && (*ep)->op == YASM_EXPR_IDENT && (*ep)->terms[0].type == YASM_EXPR_INT)
+         return (*ep)->terms[0].data.intn;
+     else
+         return (yasm_intnum *)NULL;

CVE-2021-33464.patch

@@ -0,0 +1,20 @@
+Description: Handle file descriptors with nonexisting env names better.
+ Avoid writing past allocated memory.
+ This fixes CVE-2021-33464.
+Author: Petter Reinholdtsen <pere@debian.org>
+Bug: https://github.com/yasm/yasm/issues/164
+Bug-Debian: https://bugs.debian.org/1016353
+Forwarded: https://github.com/yasm/yasm/issues/164
+Last-Update: 2025-04-30
+---
+--- yasm-1.3.0.orig/modules/preprocs/nasm/nasm-pp.c
++++ yasm-1.3.0/modules/preprocs/nasm/nasm-pp.c
+@@ -1815,7 +1815,7 @@ inc_fopen(char *file, char **newname)
+             error(ERR_WARNING, "environment variable `%s' does not exist",
+                   p1+1);
+             *p2 = '%';
+-            p1 = p2+1;
++            pb = p1 = p2+1;
+             continue;
+         }
+         /* need to expand */

CVE-2023-29579.patch

@@ -0,0 +1,22 @@
+Description: Make sure CPU feature parsing use large enough string buffer.
+ Fixes CVE-2023-29579.
+Author: Petter Reinholdtsen <pere@debian.org>
+Bug: https://github.com/yasm/yasm/issues/214
+Bug-Debian: https://bugs.debian.org/1035951
+Forwarded:  https://github.com/yasm/yasm/issues/214
+Last-Update: 2025-04-30
+---
+--- yasm-1.3.0.orig/modules/arch/x86/x86arch.c
++++ yasm-1.3.0/modules/arch/x86/x86arch.c
+@@ -165,8 +165,9 @@ x86_dir_cpu(yasm_object *object, yasm_va
+                 yasm_error_set(YASM_ERROR_SYNTAX,
+                                N_("invalid argument to [%s]"), "CPU");
+             else {
+-                char strcpu[16];
+-                sprintf(strcpu, "%lu", yasm_intnum_get_uint(intcpu));
++                char strcpu[21]; /* 21 = ceil(log10(LONG_MAX)+1) */
++                assert(8*sizeof(unsigned long) <= 64);
++                snprintf(strcpu, sizeof(strcpu), "%lu", yasm_intnum_get_uint(intcpu));
+                 yasm_x86__parse_cpu(arch_x86, strcpu, strlen(strcpu));
+             }
+         } else

CVE-2023-31975.patch

@@ -0,0 +1,27 @@
+From b2cc5a1693b17ac415df76d0795b15994c106441 Mon Sep 17 00:00:00 2001
+From: Katsuhiko Gondow <gondow@cs.titech.ac.jp>
+Date: Tue, 13 Jun 2023 05:00:47 +0900
+Subject: [PATCH] Fix memory leak in bin-objfmt (#231)
+
+---
+ modules/objfmts/bin/bin-objfmt.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/modules/objfmts/bin/bin-objfmt.c b/modules/objfmts/bin/bin-objfmt.c
+index 18026750..a38c3422 100644
+--- a/modules/objfmts/bin/bin-objfmt.c
++++ b/modules/objfmts/bin/bin-objfmt.c
+@@ -1680,6 +1680,10 @@ static void
+ bin_section_data_destroy(void *data)
+ {
+     bin_section_data *bsd = (bin_section_data *)data;
++    if (bsd->align)
++        yasm_xfree(bsd->align);
++    if (bsd->valign)
++        yasm_xfree(bsd->valign);
+     if (bsd->start)
+         yasm_expr_destroy(bsd->start);
+     if (bsd->vstart)
+-- 
+2.41.0.windows.3
+

CVE-2023-37732.patch

@@ -0,0 +1,37 @@
+From 2cd3bb50e256f5ed5f611ac611d25fe673f2cec3 Mon Sep 17 00:00:00 2001
+From: Peter Johnson <johnson.peter@gmail.com>
+Date: Fri, 30 Jun 2023 08:08:55 -0700
+Subject: [PATCH] elf.c: Fix NULL deref on bad xsize expression (#234)
+
+---
+ modules/objfmts/elf/elf.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/modules/objfmts/elf/elf.c b/modules/objfmts/elf/elf.c
+index 67fe3f26..1ee98bfd 100644
+--- a/modules/objfmts/elf/elf.c
++++ b/modules/objfmts/elf/elf.c
+@@ -482,15 +482,15 @@ elf_symtab_write_to_file(FILE *f, elf_symtab_head *symtab,
+ 
+         /* get size (if specified); expr overrides stored integer */
+         if (entry->xsize) {
+-            size_intn = yasm_intnum_copy(
+-                yasm_expr_get_intnum(&entry->xsize, 1));
+-            if (!size_intn) {
++            yasm_intnum *intn = yasm_expr_get_intnum(&entry->xsize, 1);
++            if (!intn) {
+                 yasm_error_set(YASM_ERROR_VALUE,
+                                N_("size specifier not an integer expression"));
+                 yasm_errwarn_propagate(errwarns, entry->xsize->line);
+-            }
++            } else
++                size_intn = yasm_intnum_copy(intn);
+         }
+-        else
++        if (!size_intn)
+             size_intn = yasm_intnum_create_uint(entry->size);
+ 
+         /* get EQU value for constants */
+-- 
+2.41.0.windows.3
+

yasm-1.3.0-sw.patch

@@ -0,0 +1,49 @@
+diff -Nuar yasm-1.3.0.org/configure yasm-1.3.0.sw/configure
+--- yasm-1.3.0.org/configure	2022-05-26 14:47:18.140000000 +0000
++++ yasm-1.3.0.sw/configure	2022-05-26 14:50:16.340000000 +0000
+@@ -10262,7 +10262,7 @@
+ typedef unsigned long long uint64_t;
+ #endif
+ 
+-#elif defined __alpha || (defined __mips && defined _ABIN32)
++#elif defined __alpha || defined __sw_64 || (defined __mips && defined _ABIN32)
+ #if !defined _NO_LONGLONG
+ typedef long int64_t;
+ typedef unsigned long uint64_t;
+diff -Nuar yasm-1.3.0.org/m4/ax_create_stdint_h.m4 yasm-1.3.0.sw/m4/ax_create_stdint_h.m4
+--- yasm-1.3.0.org/m4/ax_create_stdint_h.m4	2022-05-26 14:47:18.330000000 +0000
++++ yasm-1.3.0.sw/m4/ax_create_stdint_h.m4	2022-05-26 14:47:53.800000000 +0000
+@@ -392,7 +392,7 @@
+ typedef unsigned long long uint64_t;
+ #endif
+ 
+-#elif defined __alpha || (defined __mips && defined _ABIN32)
++#elif defined __alpha || defined _sw_64 || (defined __mips && defined _ABIN32)
+ #if !defined _NO_LONGLONG
+ typedef long int64_t;
+ typedef unsigned long uint64_t;
+diff -Nuar yasm-1.3.0.org/m4/intdiv0.m4 yasm-1.3.0.sw/m4/intdiv0.m4
+--- yasm-1.3.0.org/m4/intdiv0.m4	2022-05-26 14:47:18.330000000 +0000
++++ yasm-1.3.0.sw/m4/intdiv0.m4	2022-05-26 14:48:19.760000000 +0000
+@@ -54,7 +54,7 @@
+         [
+           # Guess based on the CPU.
+           case "$host_cpu" in
+-            alpha* | i[34567]86 | m68k | s390*)
++            alpha* | sw_64* | i[34567]86 | m68k | s390*)
+               gt_cv_int_divbyzero_sigfpe="guessing yes";;
+             *)
+               gt_cv_int_divbyzero_sigfpe="guessing no";;
+diff -Nuar yasm-1.3.0.org/modules/objfmts/elf/elf.h yasm-1.3.0.sw/modules/objfmts/elf/elf.h
+--- yasm-1.3.0.org/modules/objfmts/elf/elf.h	2022-05-26 14:47:18.250000000 +0000
++++ yasm-1.3.0.sw/modules/objfmts/elf/elf.h	2022-05-26 14:56:18.410000000 +0000
+@@ -75,7 +75,8 @@
+     EM_SPARCV9 = 43,                            /* SPARC v9 64-bit */
+     EM_IA_64 = 50,                              /* Intel IA-64 */
+     EM_X86_64 = 62,                             /* AMD x86-64 */
+-    EM_ALPHA = 0x9026                           /* Alpha (no ABI) */
++    EM_ALPHA = 0x9026,                           /* Alpha (no ABI) */
++    EM_SW_64 = 0x9916                           /* Sw_64 (no ABI) */
+ } elf_machine;
+ 
+ typedef enum {

yasm.spec

@@ -1,10 +1,19 @@
 Name:           yasm
 Version:        1.3.0
-Release:        9
+Release:        13
 Summary:        NASM assembler
-License:        BSD
+License:        BSD-2-Clause AND BSD-3-Clause AND (GPL-1.0-or-later AND GPL-2.0-or-later OR Artistic-1.0-Perl OR LGPL-2.0-or-later)
-URL:            http://yasm.tortall.net/
+URL:            https://yasm.tortall.net/
-Source0:        http://www.tortall.net/projects/yasm/releases/yasm-1.3.0.tar.gz
+Source0:        https://www.tortall.net/projects/yasm/releases/yasm-1.3.0.tar.gz
+
+Patch1:         yasm-1.3.0-sw.patch
+Patch2:         CVE-2023-37732.patch
+Patch3:         CVE-2023-31975.patch
+Patch4:         CVE-2021-33454.patch
+# from debian
+Patch5:         CVE-2021-33464.patch
+# from debian
+Patch6:         CVE-2023-29579.patch
 
 BuildRequires:  gcc bison byacc gettext-devel xmlto
 Provides:       bundled(md5-plumb)
@@ -30,7 +39,6 @@ The package contains the libraries and headers necessary for the yasm Modular As
 %make_build
 
 %install
-rm -rf %{buildroot}
 %make_install
 
 %files
@@ -43,8 +51,20 @@ rm -rf %{buildroot}
 %{_libdir}/libyasm.a
 
 %files help
-%{_mandir}/*
+%{_mandir}/man?/*
 
 %changelog
+* Mon May 12 2025 Funda Wang <fundawang@yeah.net> - 1.3.0-13
+- fix CVE-2021-33454, CVE-2021-33464, CVE-2023-29579
+
+* Tue Aug 15 2023 liningjie <liningjie@xfusion.com> - 1.3.0-12
+- fix CVE-2023-31975
+
+* Fri Aug 11 2023 liningjie <liningjie@xfusion.com> - 1.3.0-11
+- fix CVE-2023-37732
+
+* Wed Oct 26 2022 wuzx<wuzx1226@qq.com> - 1.3.0-10
+- Add sw64 architecture
+
 * Mon Jan 6 2020 qinjian <qinjian18@huawei.com> - 1.3.0-9
 - Package init

yasm.yaml

@@ -0,0 +1,4 @@
+version_control: github
+src_repo: yasm/yasm
+tag_prefix: ^v
+seperator: .