mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 17:59:59 +00:00
Code Issues Projects Releases Wiki Activity

yasm: patch CVE-2021-33464

Browse Source 
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-33464

The patch was taken from Debian:
https://sources.debian.org/patches/yasm/1.3.0-8/1010-nasm-pp-no-env-CVE-2021-33464.patch/

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 66a0b01b52)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
This commit is contained in:
Gyorgy Sarvari
2025-11-30 21:35:06 +01:00
committed by Anuj Mittal
parent 138ac945d9
commit 782c49a05a
2 changed files with 35 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-oe/recipes-devtools/yasm/yasm/CVE-2021-33464.patch
+34
View File
@@ -0,0 +1,34 @@
From 3c3f968d48d768c1e355199d4067d99cb72abc26 Mon Sep 17 00:00:00 2001
From: Gyorgy Sarvari <skandigraun@gmail.com>
Date: Sat, 15 Nov 2025 13:30:12 +0100
Subject: [PATCH] Handle file descriptors with nonexisting env names better.
Avoid writing past allocated memory.
This fixes CVE-2021-33464.
Author: Petter Reinholdtsen <pere@debian.org>
Bug: https://github.com/yasm/yasm/issues/164
Bug-Debian: https://bugs.debian.org/1016353
Forwarded: https://github.com/yasm/yasm/issues/164
Last-Update: 2025-04-30
CVE: CVE-2021-33464
Upstream-Status: Submitted [https://github.com/yasm/yasm/issues/164]
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
modules/preprocs/nasm/nasm-pp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/modules/preprocs/nasm/nasm-pp.c b/modules/preprocs/nasm/nasm-pp.c
index 512f02c3..f9f92dd1 100644
--- a/modules/preprocs/nasm/nasm-pp.c
+++ b/modules/preprocs/nasm/nasm-pp.c
@@ -1815,7 +1815,7 @@ inc_fopen(char *file, char **newname)
error(ERR_WARNING, "environment variable `%s' does not exist",
p1+1);
*p2 = '%';
- p1 = p2+1;
+ pb = p1 = p2+1;
continue;
}
/* need to expand */
meta-oe/recipes-devtools/yasm/yasm_git.bb
+1
View File
@@ -18,6 +18,7 @@ SRC_URI = "git://github.com/yasm/yasm.git;branch=master;protocol=https \
file://0002-yasm-Use-BUILD_DATE-for-reproducibility.patch \
file://CVE-2024-22653.patch \
file://CVE-2023-29579.patch \
file://CVE-2021-33464.patch \
"
S = "${WORKDIR}/git"