packages/yasm
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!46 [sync] PR-41: fix CVE-2021-33454, CVE-2021-33464, CVE-2023-29579

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @cherry530 
Signed-off-by: @cherry530
This commit is contained in:
openeuler-ci-bot 2025-05-13 02:06:29 +00:00 committed by Gitee
commit e90aca9b81
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
4 changed files with 77 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
CVE-2021-33454.patch Normal file
View File

@ -0,0 +1,22 @@
From 9defefae9fbcb6958cddbfa778c1ea8605da8b8b Mon Sep 17 00:00:00 2001
From: dataisland <dataisland@outlook.com>
Date: Fri, 22 Sep 2023 00:21:20 -0500
Subject: [PATCH] Fix null-pointer-dereference in yasm_expr_get_intnum (#244)
---
libyasm/expr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libyasm/expr.c b/libyasm/expr.c
index 5b0c418b..09ae1121 100644
--- a/libyasm/expr.c
+++ b/libyasm/expr.c
@@ -1264,7 +1264,7 @@ yasm_expr_get_intnum(yasm_expr **ep, int calc_bc_dist)
{
*ep = yasm_expr_simplify(*ep, calc_bc_dist);
- if ((*ep)->op == YASM_EXPR_IDENT && (*ep)->terms[0].type == YASM_EXPR_INT)
+ if (*ep && (*ep)->op == YASM_EXPR_IDENT && (*ep)->terms[0].type == YASM_EXPR_INT)
return (*ep)->terms[0].data.intn;
else
return (yasm_intnum *)NULL;

20
CVE-2021-33464.patch Normal file
View File

@ -0,0 +1,20 @@
Description: Handle file descriptors with nonexisting env names better.
Avoid writing past allocated memory.
This fixes CVE-2021-33464.
Author: Petter Reinholdtsen <pere@debian.org>
Bug: https://github.com/yasm/yasm/issues/164
Bug-Debian: https://bugs.debian.org/1016353
Forwarded: https://github.com/yasm/yasm/issues/164
Last-Update: 2025-04-30
---
--- yasm-1.3.0.orig/modules/preprocs/nasm/nasm-pp.c
+++ yasm-1.3.0/modules/preprocs/nasm/nasm-pp.c
@@ -1815,7 +1815,7 @@ inc_fopen(char *file, char **newname)
error(ERR_WARNING, "environment variable `%s' does not exist",
p1+1);
*p2 = '%';
- p1 = p2+1;
+ pb = p1 = p2+1;
continue;
}
/* need to expand */

22
CVE-2023-29579.patch Normal file
View File

@ -0,0 +1,22 @@
Description: Make sure CPU feature parsing use large enough string buffer.
Fixes CVE-2023-29579.
Author: Petter Reinholdtsen <pere@debian.org>
Bug: https://github.com/yasm/yasm/issues/214
Bug-Debian: https://bugs.debian.org/1035951
Forwarded: https://github.com/yasm/yasm/issues/214
Last-Update: 2025-04-30
---
--- yasm-1.3.0.orig/modules/arch/x86/x86arch.c
+++ yasm-1.3.0/modules/arch/x86/x86arch.c
@@ -165,8 +165,9 @@ x86_dir_cpu(yasm_object *object, yasm_va
yasm_error_set(YASM_ERROR_SYNTAX,
N_("invalid argument to [%s]"), "CPU");
else {
- char strcpu[16];
- sprintf(strcpu, "%lu", yasm_intnum_get_uint(intcpu));
+ char strcpu[21]; /* 21 = ceil(log10(LONG_MAX)+1) */
+ assert(8*sizeof(unsigned long) <= 64);
+ snprintf(strcpu, sizeof(strcpu), "%lu", yasm_intnum_get_uint(intcpu));
yasm_x86__parse_cpu(arch_x86, strcpu, strlen(strcpu));
}
} else

19
yasm.spec
View File

@ -1,14 +1,19 @@
Name: yasm Name: yasm
Version: 1.3.0 Version: 1.3.0
Release: 12 Release: 13
Summary: NASM assembler Summary: NASM assembler
License: BSD License: BSD-2-Clause AND BSD-3-Clause AND (GPL-1.0-or-later AND GPL-2.0-or-later OR Artistic-1.0-Perl OR LGPL-2.0-or-later)
URL: http://yasm.tortall.net/ URL: https://yasm.tortall.net/
Source0: http://www.tortall.net/projects/yasm/releases/yasm-1.3.0.tar.gz Source0: https://www.tortall.net/projects/yasm/releases/yasm-1.3.0.tar.gz
Patch1: yasm-1.3.0-sw.patch Patch1: yasm-1.3.0-sw.patch
Patch2: CVE-2023-37732.patch Patch2: CVE-2023-37732.patch
Patch3: CVE-2023-31975.patch Patch3: CVE-2023-31975.patch
Patch4: CVE-2021-33454.patch
# from debian
Patch5: CVE-2021-33464.patch
# from debian
Patch6: CVE-2023-29579.patch
BuildRequires: gcc bison byacc gettext-devel xmlto BuildRequires: gcc bison byacc gettext-devel xmlto
Provides: bundled(md5-plumb) Provides: bundled(md5-plumb)
@ -34,7 +39,6 @@ The package contains the libraries and headers necessary for the yasm Modular As
%make_build %make_build
%install %install
rm -rf %{buildroot}
%make_install %make_install
%files %files
@ -47,9 +51,12 @@ rm -rf %{buildroot}
%{_libdir}/libyasm.a %{_libdir}/libyasm.a
%files help %files help
%{_mandir}/* %{_mandir}/man?/*
%changelog %changelog
* Mon May 12 2025 Funda Wang <fundawang@yeah.net> - 1.3.0-13
- fix CVE-2021-33454, CVE-2021-33464, CVE-2023-29579
* Tue Aug 15 2023 liningjie <liningjie@xfusion.com> - 1.3.0-12 * Tue Aug 15 2023 liningjie <liningjie@xfusion.com> - 1.3.0-12
- fix CVE-2023-31975 - fix CVE-2023-31975