From 05f658af62dd5321ade374c3b05c1b9779b362a1 Mon Sep 17 00:00:00 2001 From: Funda Wang Date: Mon, 12 May 2025 13:42:23 +0800 Subject: [PATCH] fix CVE-2021-33454, CVE-2021-33464, CVE-2023-29579 --- CVE-2021-33454.patch | 22 ++++++++++++++++++++ CVE-2021-33464.patch | 20 ++++++++++++++++++ CVE-2023-29579.patch | 22 ++++++++++++++++++++ yasm-1.3.0-sw.patch | 49 ++++++++++++++++++++++++++++++++++++++++++++ yasm.spec | 33 +++++++++++++++++++---------- yasm.yaml | 4 ++++ 6 files changed, 139 insertions(+), 11 deletions(-) create mode 100644 CVE-2021-33454.patch create mode 100644 CVE-2021-33464.patch create mode 100644 CVE-2023-29579.patch create mode 100755 yasm-1.3.0-sw.patch create mode 100644 yasm.yaml diff --git a/CVE-2021-33454.patch b/CVE-2021-33454.patch new file mode 100644 index 0000000..3ef4d25 --- /dev/null +++ b/CVE-2021-33454.patch @@ -0,0 +1,22 @@ +From 9defefae9fbcb6958cddbfa778c1ea8605da8b8b Mon Sep 17 00:00:00 2001 +From: dataisland +Date: Fri, 22 Sep 2023 00:21:20 -0500 +Subject: [PATCH] Fix null-pointer-dereference in yasm_expr_get_intnum (#244) + +--- + libyasm/expr.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libyasm/expr.c b/libyasm/expr.c +index 5b0c418b..09ae1121 100644 +--- a/libyasm/expr.c ++++ b/libyasm/expr.c +@@ -1264,7 +1264,7 @@ yasm_expr_get_intnum(yasm_expr **ep, int calc_bc_dist) + { + *ep = yasm_expr_simplify(*ep, calc_bc_dist); + +- if ((*ep)->op == YASM_EXPR_IDENT && (*ep)->terms[0].type == YASM_EXPR_INT) ++ if (*ep && (*ep)->op == YASM_EXPR_IDENT && (*ep)->terms[0].type == YASM_EXPR_INT) + return (*ep)->terms[0].data.intn; + else + return (yasm_intnum *)NULL; diff --git a/CVE-2021-33464.patch b/CVE-2021-33464.patch new file mode 100644 index 0000000..e4e86e6 --- /dev/null +++ b/CVE-2021-33464.patch @@ -0,0 +1,20 @@ +Description: Handle file descriptors with nonexisting env names better. + Avoid writing past allocated memory. + This fixes CVE-2021-33464. +Author: Petter Reinholdtsen +Bug: https://github.com/yasm/yasm/issues/164 +Bug-Debian: https://bugs.debian.org/1016353 +Forwarded: https://github.com/yasm/yasm/issues/164 +Last-Update: 2025-04-30 +--- +--- yasm-1.3.0.orig/modules/preprocs/nasm/nasm-pp.c ++++ yasm-1.3.0/modules/preprocs/nasm/nasm-pp.c +@@ -1815,7 +1815,7 @@ inc_fopen(char *file, char **newname) + error(ERR_WARNING, "environment variable `%s' does not exist", + p1+1); + *p2 = '%'; +- p1 = p2+1; ++ pb = p1 = p2+1; + continue; + } + /* need to expand */ diff --git a/CVE-2023-29579.patch b/CVE-2023-29579.patch new file mode 100644 index 0000000..10b1073 --- /dev/null +++ b/CVE-2023-29579.patch @@ -0,0 +1,22 @@ +Description: Make sure CPU feature parsing use large enough string buffer. + Fixes CVE-2023-29579. +Author: Petter Reinholdtsen +Bug: https://github.com/yasm/yasm/issues/214 +Bug-Debian: https://bugs.debian.org/1035951 +Forwarded: https://github.com/yasm/yasm/issues/214 +Last-Update: 2025-04-30 +--- +--- yasm-1.3.0.orig/modules/arch/x86/x86arch.c ++++ yasm-1.3.0/modules/arch/x86/x86arch.c +@@ -165,8 +165,9 @@ x86_dir_cpu(yasm_object *object, yasm_va + yasm_error_set(YASM_ERROR_SYNTAX, + N_("invalid argument to [%s]"), "CPU"); + else { +- char strcpu[16]; +- sprintf(strcpu, "%lu", yasm_intnum_get_uint(intcpu)); ++ char strcpu[21]; /* 21 = ceil(log10(LONG_MAX)+1) */ ++ assert(8*sizeof(unsigned long) <= 64); ++ snprintf(strcpu, sizeof(strcpu), "%lu", yasm_intnum_get_uint(intcpu)); + yasm_x86__parse_cpu(arch_x86, strcpu, strlen(strcpu)); + } + } else diff --git a/yasm-1.3.0-sw.patch b/yasm-1.3.0-sw.patch new file mode 100755 index 0000000..515ee60 --- /dev/null +++ b/yasm-1.3.0-sw.patch @@ -0,0 +1,49 @@ +diff -Nuar yasm-1.3.0.org/configure yasm-1.3.0.sw/configure +--- yasm-1.3.0.org/configure 2022-05-26 14:47:18.140000000 +0000 ++++ yasm-1.3.0.sw/configure 2022-05-26 14:50:16.340000000 +0000 +@@ -10262,7 +10262,7 @@ + typedef unsigned long long uint64_t; + #endif + +-#elif defined __alpha || (defined __mips && defined _ABIN32) ++#elif defined __alpha || defined __sw_64 || (defined __mips && defined _ABIN32) + #if !defined _NO_LONGLONG + typedef long int64_t; + typedef unsigned long uint64_t; +diff -Nuar yasm-1.3.0.org/m4/ax_create_stdint_h.m4 yasm-1.3.0.sw/m4/ax_create_stdint_h.m4 +--- yasm-1.3.0.org/m4/ax_create_stdint_h.m4 2022-05-26 14:47:18.330000000 +0000 ++++ yasm-1.3.0.sw/m4/ax_create_stdint_h.m4 2022-05-26 14:47:53.800000000 +0000 +@@ -392,7 +392,7 @@ + typedef unsigned long long uint64_t; + #endif + +-#elif defined __alpha || (defined __mips && defined _ABIN32) ++#elif defined __alpha || defined _sw_64 || (defined __mips && defined _ABIN32) + #if !defined _NO_LONGLONG + typedef long int64_t; + typedef unsigned long uint64_t; +diff -Nuar yasm-1.3.0.org/m4/intdiv0.m4 yasm-1.3.0.sw/m4/intdiv0.m4 +--- yasm-1.3.0.org/m4/intdiv0.m4 2022-05-26 14:47:18.330000000 +0000 ++++ yasm-1.3.0.sw/m4/intdiv0.m4 2022-05-26 14:48:19.760000000 +0000 +@@ -54,7 +54,7 @@ + [ + # Guess based on the CPU. + case "$host_cpu" in +- alpha* | i[34567]86 | m68k | s390*) ++ alpha* | sw_64* | i[34567]86 | m68k | s390*) + gt_cv_int_divbyzero_sigfpe="guessing yes";; + *) + gt_cv_int_divbyzero_sigfpe="guessing no";; +diff -Nuar yasm-1.3.0.org/modules/objfmts/elf/elf.h yasm-1.3.0.sw/modules/objfmts/elf/elf.h +--- yasm-1.3.0.org/modules/objfmts/elf/elf.h 2022-05-26 14:47:18.250000000 +0000 ++++ yasm-1.3.0.sw/modules/objfmts/elf/elf.h 2022-05-26 14:56:18.410000000 +0000 +@@ -75,7 +75,8 @@ + EM_SPARCV9 = 43, /* SPARC v9 64-bit */ + EM_IA_64 = 50, /* Intel IA-64 */ + EM_X86_64 = 62, /* AMD x86-64 */ +- EM_ALPHA = 0x9026 /* Alpha (no ABI) */ ++ EM_ALPHA = 0x9026, /* Alpha (no ABI) */ ++ EM_SW_64 = 0x9916 /* Sw_64 (no ABI) */ + } elf_machine; + + typedef enum { diff --git a/yasm.spec b/yasm.spec index d5091e9..78c0995 100644 --- a/yasm.spec +++ b/yasm.spec @@ -1,17 +1,23 @@ Name: yasm Version: 1.3.0 -Release: 11 +Release: 13 Summary: NASM assembler -License: BSD -URL: http://yasm.tortall.net/ -Source0: http://www.tortall.net/projects/yasm/releases/yasm-1.3.0.tar.gz +License: BSD-2-Clause AND BSD-3-Clause AND (GPL-1.0-or-later AND GPL-2.0-or-later OR Artistic-1.0-Perl OR LGPL-2.0-or-later) +URL: https://yasm.tortall.net/ +Source0: https://www.tortall.net/projects/yasm/releases/yasm-1.3.0.tar.gz + +Patch1: yasm-1.3.0-sw.patch +Patch2: CVE-2023-37732.patch +Patch3: CVE-2023-31975.patch +Patch4: CVE-2021-33454.patch +# from debian +Patch5: CVE-2021-33464.patch +# from debian +Patch6: CVE-2023-29579.patch BuildRequires: gcc bison byacc gettext-devel xmlto Provides: bundled(md5-plumb) -Patch1: CVE-2023-37732.patch -Patch2: CVE-2023-31975.patch - %description Yasm is a complete rewrite of the NASM assembler under the “new” BSD License. @@ -33,7 +39,6 @@ The package contains the libraries and headers necessary for the yasm Modular As %make_build %install -rm -rf %{buildroot} %make_install %files @@ -46,14 +51,20 @@ rm -rf %{buildroot} %{_libdir}/libyasm.a %files help -%{_mandir}/* +%{_mandir}/man?/* %changelog -* Tue Aug 15 2023 liningjie - 1.3.0-11 +* Mon May 12 2025 Funda Wang - 1.3.0-13 +- fix CVE-2021-33454, CVE-2021-33464, CVE-2023-29579 + +* Tue Aug 15 2023 liningjie - 1.3.0-12 - fix CVE-2023-31975 -* Fri Aug 11 2023 liningjie - 1.3.0-10 +* Fri Aug 11 2023 liningjie - 1.3.0-11 - fix CVE-2023-37732 +* Wed Oct 26 2022 wuzx - 1.3.0-10 +- Add sw64 architecture + * Mon Jan 6 2020 qinjian - 1.3.0-9 - Package init diff --git a/yasm.yaml b/yasm.yaml new file mode 100644 index 0000000..7365b8b --- /dev/null +++ b/yasm.yaml @@ -0,0 +1,4 @@ +version_control: github +src_repo: yasm/yasm +tag_prefix: ^v +seperator: . -- Gitee