MIRRORS/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2025-12-14 14:25:53 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

yasm: patch CVE-2021-33464

Browse Source 
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-33464

The patch was taken from Debian:
https://sources.debian.org/patches/yasm/1.3.0-8/1010-nasm-pp-no-env-CVE-2021-33464.patch/

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This commit is contained in:
Gyorgy Sarvari 2025-11-15 19:18:09 +01:00 committed by Khem Raj
parent cc30757a7f
commit 66a0b01b52
No known key found for this signature in database
GPG Key ID: BB053355919D3314
2 changed files with 35 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
meta-oe/recipes-devtools/yasm/yasm/CVE-2021-33464.patch Normal file
View File

@ -0,0 +1,34 @@
From 3c3f968d48d768c1e355199d4067d99cb72abc26 Mon Sep 17 00:00:00 2001
From: Gyorgy Sarvari <skandigraun@gmail.com>
Date: Sat, 15 Nov 2025 13:30:12 +0100
Subject: [PATCH] Handle file descriptors with nonexisting env names better.
Avoid writing past allocated memory.
This fixes CVE-2021-33464.
Author: Petter Reinholdtsen <pere@debian.org>
Bug: https://github.com/yasm/yasm/issues/164
Bug-Debian: https://bugs.debian.org/1016353
Forwarded: https://github.com/yasm/yasm/issues/164
Last-Update: 2025-04-30
CVE: CVE-2021-33464
Upstream-Status: Submitted [https://github.com/yasm/yasm/issues/164]
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
modules/preprocs/nasm/nasm-pp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/modules/preprocs/nasm/nasm-pp.c b/modules/preprocs/nasm/nasm-pp.c
index 512f02c3..f9f92dd1 100644
--- a/modules/preprocs/nasm/nasm-pp.c
+++ b/modules/preprocs/nasm/nasm-pp.c
@@ -1815,7 +1815,7 @@ inc_fopen(char *file, char **newname)
error(ERR_WARNING, "environment variable `%s' does not exist",
p1+1);
*p2 = '%';
- p1 = p2+1;
+ pb = p1 = p2+1;
continue;
}
/* need to expand */

1
meta-oe/recipes-devtools/yasm/yasm_git.bb
View File

@ -15,6 +15,7 @@ SRC_URI = "git://github.com/yasm/yasm.git;branch=master;protocol=https \
file://0002-yasm-Use-BUILD_DATE-for-reproducibility.patch \
file://0001-bitvect-fix-build-with-gcc-15.patch \
file://CVE-2023-29579.patch \
file://CVE-2021-33464.patch \
"