packages/yasm
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:5528ca79ae867e4fb06ed0dabaf29cd5fe9a5fa5
Branches Tags
packages:main
..
compare: packages:08c8f87b7b1b07ca077a3134abcf408f712b9901
Branches Tags
packages:main

10 Commits
5528ca79ae ... 08c8f87b7b

Author SHA1 Message Date
openeuler-ci-bot
08c8f87b7b
!45 [sync] PR-41: fix CVE-2021-33454, CVE-2021-33464, CVE-2023-29579 
Merge pull request !45 from openeuler-sync-bot/sync-pr41-master-to-openEuler-24.03-LTS
 2025-05-13 02:07:15 +00:00
Funda Wang
cdb0e78f61 fix CVE-2021-33454, CVE-2021-33464, CVE-2023-29579 
(cherry picked from commit 7aec1c83b4bfa6438582630d51dfd9ceaa9059b2)
 2025-05-13 09:41:02 +08:00
openeuler-ci-bot
4b318b0dac
!38 Sync code 
From: @starlet-dx 
Reviewed-by: @cherry530 
Signed-off-by: @cherry530
 2024-04-01 09:04:13 +00:00
starlet-dx
8425aa0e6f Sync code 2024-04-01 15:57:18 +08:00
openeuler-ci-bot
f02fa9d1f6
!31 [sync] PR-28: fix CVE-2023-31975 
From: @openeuler-sync-bot 
Reviewed-by: @licihua 
Signed-off-by: @licihua
 2023-08-18 03:14:45 +00:00
liningjie
1b75da44d9 fix CVE-2023-31975 
(cherry picked from commit 62a74a1df4a23e0f020c97e8439aacf0cc089ac4)
 2023-08-18 11:13:31 +08:00
openeuler-ci-bot
4608d7fa05
!27 [sync] PR-18: fix CVE-2023-37732 
From: @openeuler-sync-bot 
Reviewed-by: @dillon_chen 
Signed-off-by: @dillon_chen
 2023-08-15 09:20:15 +00:00
liningjie
6931a7e32a fix CVE-2023-37732 
(cherry picked from commit 2a1f3ce70365bbc6797f43073d914bb91f86e756)
 2023-08-15 11:03:21 +08:00
openeuler-ci-bot
59beef7e9b !2 Add yasm.yaml 
Merge pull request !2 from yaokai13/master
 2020-05-11 20:17:55 +08:00
yaokai13
0a9e921b19 Add yasm.yaml 2020-05-09 14:42:00 +08:00
8 changed files with 207 additions and 6 deletions
Show Stats Expand all files Collapse all files

22
CVE-2021-33454.patch Normal file
View File

@ -0,0 +1,22 @@
From 9defefae9fbcb6958cddbfa778c1ea8605da8b8b Mon Sep 17 00:00:00 2001
From: dataisland <dataisland@outlook.com>
Date: Fri, 22 Sep 2023 00:21:20 -0500
Subject: [PATCH] Fix null-pointer-dereference in yasm_expr_get_intnum (#244)
---
libyasm/expr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libyasm/expr.c b/libyasm/expr.c
index 5b0c418b..09ae1121 100644
--- a/libyasm/expr.c
+++ b/libyasm/expr.c
@@ -1264,7 +1264,7 @@ yasm_expr_get_intnum(yasm_expr **ep, int calc_bc_dist)
{
*ep = yasm_expr_simplify(*ep, calc_bc_dist);
- if ((*ep)->op == YASM_EXPR_IDENT && (*ep)->terms[0].type == YASM_EXPR_INT)
+ if (*ep && (*ep)->op == YASM_EXPR_IDENT && (*ep)->terms[0].type == YASM_EXPR_INT)
return (*ep)->terms[0].data.intn;
else
return (yasm_intnum *)NULL;

20
CVE-2021-33464.patch Normal file
View File

@ -0,0 +1,20 @@
Description: Handle file descriptors with nonexisting env names better.
Avoid writing past allocated memory.
This fixes CVE-2021-33464.
Author: Petter Reinholdtsen <pere@debian.org>
Bug: https://github.com/yasm/yasm/issues/164
Bug-Debian: https://bugs.debian.org/1016353
Forwarded: https://github.com/yasm/yasm/issues/164
Last-Update: 2025-04-30
---
--- yasm-1.3.0.orig/modules/preprocs/nasm/nasm-pp.c
+++ yasm-1.3.0/modules/preprocs/nasm/nasm-pp.c
@@ -1815,7 +1815,7 @@ inc_fopen(char *file, char **newname)
error(ERR_WARNING, "environment variable `%s' does not exist",
p1+1);
*p2 = '%';
- p1 = p2+1;
+ pb = p1 = p2+1;
continue;
}
/* need to expand */

22
CVE-2023-29579.patch Normal file
View File

@ -0,0 +1,22 @@
Description: Make sure CPU feature parsing use large enough string buffer.
Fixes CVE-2023-29579.
Author: Petter Reinholdtsen <pere@debian.org>
Bug: https://github.com/yasm/yasm/issues/214
Bug-Debian: https://bugs.debian.org/1035951
Forwarded: https://github.com/yasm/yasm/issues/214
Last-Update: 2025-04-30
---
--- yasm-1.3.0.orig/modules/arch/x86/x86arch.c
+++ yasm-1.3.0/modules/arch/x86/x86arch.c
@@ -165,8 +165,9 @@ x86_dir_cpu(yasm_object *object, yasm_va
yasm_error_set(YASM_ERROR_SYNTAX,
N_("invalid argument to [%s]"), "CPU");
else {
- char strcpu[16];
- sprintf(strcpu, "%lu", yasm_intnum_get_uint(intcpu));
+ char strcpu[21]; /* 21 = ceil(log10(LONG_MAX)+1) */
+ assert(8*sizeof(unsigned long) <= 64);
+ snprintf(strcpu, sizeof(strcpu), "%lu", yasm_intnum_get_uint(intcpu));
yasm_x86__parse_cpu(arch_x86, strcpu, strlen(strcpu));
}
} else

27
CVE-2023-31975.patch Normal file
View File

@ -0,0 +1,27 @@
From b2cc5a1693b17ac415df76d0795b15994c106441 Mon Sep 17 00:00:00 2001
From: Katsuhiko Gondow <gondow@cs.titech.ac.jp>
Date: Tue, 13 Jun 2023 05:00:47 +0900
Subject: [PATCH] Fix memory leak in bin-objfmt (#231)
---
modules/objfmts/bin/bin-objfmt.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/modules/objfmts/bin/bin-objfmt.c b/modules/objfmts/bin/bin-objfmt.c
index 18026750..a38c3422 100644
--- a/modules/objfmts/bin/bin-objfmt.c
+++ b/modules/objfmts/bin/bin-objfmt.c
@@ -1680,6 +1680,10 @@ static void
bin_section_data_destroy(void *data)
{
bin_section_data *bsd = (bin_section_data *)data;
+ if (bsd->align)
+ yasm_xfree(bsd->align);
+ if (bsd->valign)
+ yasm_xfree(bsd->valign);
if (bsd->start)
yasm_expr_destroy(bsd->start);
if (bsd->vstart)
--
2.41.0.windows.3

37
CVE-2023-37732.patch Normal file
View File

@ -0,0 +1,37 @@
From 2cd3bb50e256f5ed5f611ac611d25fe673f2cec3 Mon Sep 17 00:00:00 2001
From: Peter Johnson <johnson.peter@gmail.com>
Date: Fri, 30 Jun 2023 08:08:55 -0700
Subject: [PATCH] elf.c: Fix NULL deref on bad xsize expression (#234)
---
modules/objfmts/elf/elf.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/modules/objfmts/elf/elf.c b/modules/objfmts/elf/elf.c
index 67fe3f26..1ee98bfd 100644
--- a/modules/objfmts/elf/elf.c
+++ b/modules/objfmts/elf/elf.c
@@ -482,15 +482,15 @@ elf_symtab_write_to_file(FILE *f, elf_symtab_head *symtab,
/* get size (if specified); expr overrides stored integer */
if (entry->xsize) {
- size_intn = yasm_intnum_copy(
- yasm_expr_get_intnum(&entry->xsize, 1));
- if (!size_intn) {
+ yasm_intnum *intn = yasm_expr_get_intnum(&entry->xsize, 1);
+ if (!intn) {
yasm_error_set(YASM_ERROR_VALUE,
N_("size specifier not an integer expression"));
yasm_errwarn_propagate(errwarns, entry->xsize->line);
- }
+ } else
+ size_intn = yasm_intnum_copy(intn);
}
- else
+ if (!size_intn)
size_intn = yasm_intnum_create_uint(entry->size);
/* get EQU value for constants */
--
2.41.0.windows.3

49
yasm-1.3.0-sw.patch Executable file
View File

@ -0,0 +1,49 @@
diff -Nuar yasm-1.3.0.org/configure yasm-1.3.0.sw/configure
--- yasm-1.3.0.org/configure 2022-05-26 14:47:18.140000000 +0000
+++ yasm-1.3.0.sw/configure 2022-05-26 14:50:16.340000000 +0000
@@ -10262,7 +10262,7 @@
typedef unsigned long long uint64_t;
#endif
-#elif defined __alpha || (defined __mips && defined _ABIN32)
+#elif defined __alpha || defined __sw_64 || (defined __mips && defined _ABIN32)
#if !defined _NO_LONGLONG
typedef long int64_t;
typedef unsigned long uint64_t;
diff -Nuar yasm-1.3.0.org/m4/ax_create_stdint_h.m4 yasm-1.3.0.sw/m4/ax_create_stdint_h.m4
--- yasm-1.3.0.org/m4/ax_create_stdint_h.m4 2022-05-26 14:47:18.330000000 +0000
+++ yasm-1.3.0.sw/m4/ax_create_stdint_h.m4 2022-05-26 14:47:53.800000000 +0000
@@ -392,7 +392,7 @@
typedef unsigned long long uint64_t;
#endif
-#elif defined __alpha || (defined __mips && defined _ABIN32)
+#elif defined __alpha || defined _sw_64 || (defined __mips && defined _ABIN32)
#if !defined _NO_LONGLONG
typedef long int64_t;
typedef unsigned long uint64_t;
diff -Nuar yasm-1.3.0.org/m4/intdiv0.m4 yasm-1.3.0.sw/m4/intdiv0.m4
--- yasm-1.3.0.org/m4/intdiv0.m4 2022-05-26 14:47:18.330000000 +0000
+++ yasm-1.3.0.sw/m4/intdiv0.m4 2022-05-26 14:48:19.760000000 +0000
@@ -54,7 +54,7 @@
[
# Guess based on the CPU.
case "$host_cpu" in
- alpha* | i[34567]86 | m68k | s390*)
+ alpha* | sw_64* | i[34567]86 | m68k | s390*)
gt_cv_int_divbyzero_sigfpe="guessing yes";;
*)
gt_cv_int_divbyzero_sigfpe="guessing no";;
diff -Nuar yasm-1.3.0.org/modules/objfmts/elf/elf.h yasm-1.3.0.sw/modules/objfmts/elf/elf.h
--- yasm-1.3.0.org/modules/objfmts/elf/elf.h 2022-05-26 14:47:18.250000000 +0000
+++ yasm-1.3.0.sw/modules/objfmts/elf/elf.h 2022-05-26 14:56:18.410000000 +0000
@@ -75,7 +75,8 @@
EM_SPARCV9 = 43, /* SPARC v9 64-bit */
EM_IA_64 = 50, /* Intel IA-64 */
EM_X86_64 = 62, /* AMD x86-64 */
- EM_ALPHA = 0x9026 /* Alpha (no ABI) */
+ EM_ALPHA = 0x9026, /* Alpha (no ABI) */
+ EM_SW_64 = 0x9916 /* Sw_64 (no ABI) */
} elf_machine;
typedef enum {

32
yasm.spec
View File

@ -1,10 +1,19 @@
Name: yasm
Version: 1.3.0
Release: 9
Release: 13
Summary: NASM assembler
License: BSD
URL: http://yasm.tortall.net/
Source0: http://www.tortall.net/projects/yasm/releases/yasm-1.3.0.tar.gz
License: BSD-2-Clause AND BSD-3-Clause AND (GPL-1.0-or-later AND GPL-2.0-or-later OR Artistic-1.0-Perl OR LGPL-2.0-or-later)
URL: https://yasm.tortall.net/
Source0: https://www.tortall.net/projects/yasm/releases/yasm-1.3.0.tar.gz
Patch1: yasm-1.3.0-sw.patch
Patch2: CVE-2023-37732.patch
Patch3: CVE-2023-31975.patch
Patch4: CVE-2021-33454.patch
# from debian
Patch5: CVE-2021-33464.patch
# from debian
Patch6: CVE-2023-29579.patch
BuildRequires: gcc bison byacc gettext-devel xmlto
Provides: bundled(md5-plumb)
@ -30,7 +39,6 @@ The package contains the libraries and headers necessary for the yasm Modular As
%make_build
%install
rm -rf %{buildroot}
%make_install
%files
@ -43,8 +51,20 @@ rm -rf %{buildroot}
%{_libdir}/libyasm.a
%files help
%{_mandir}/*
%{_mandir}/man?/*
%changelog
* Mon May 12 2025 Funda Wang <fundawang@yeah.net> - 1.3.0-13
- fix CVE-2021-33454, CVE-2021-33464, CVE-2023-29579
* Tue Aug 15 2023 liningjie <liningjie@xfusion.com> - 1.3.0-12
- fix CVE-2023-31975
* Fri Aug 11 2023 liningjie <liningjie@xfusion.com> - 1.3.0-11
- fix CVE-2023-37732
* Wed Oct 26 2022 wuzx<wuzx1226@qq.com> - 1.3.0-10
- Add sw64 architecture
* Mon Jan 6 2020 qinjian <qinjian18@huawei.com> - 1.3.0-9
- Package init

4
yasm.yaml Normal file
View File

@ -0,0 +1,4 @@
version_control: github
src_repo: yasm/yasm
tag_prefix: ^v
seperator: .