mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 05:49:57 +00:00
Code Issues Projects Releases Wiki Activity
24,433 Commits 64 Branches 0 Tags
kirkstone
Commit Graph

14 Commits

Author SHA1 Message Date
Gyorgy Sarvari 67bb8e4b16 yasm: patch CVE-2021-33456 
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-33465

The patch was taken from Debian:
https://sources.debian.org/patches/yasm/1.3.0-8/1020-hash-null-CVE-2021-33456.patch/

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 1e2731fce0)
 2025-11-30 20:48:05 +01:00
Gyorgy Sarvari 68a44fe280 yasm: patch CVE-2021-33464 
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-33464

The patch was taken from Debian:
https://sources.debian.org/patches/yasm/1.3.0-8/1010-nasm-pp-no-env-CVE-2021-33464.patch/

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 66a0b01b52)
 2025-11-30 20:48:04 +01:00
Gyorgy Sarvari 5fb0376aed yasm: patch CVE-2023-29579 
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-29579

The patch was taken from Debian:
https://sources.debian.org/patches/yasm/1.3.0-8/1000-x86-dir-cpu-CVE-2023-29579.patch/

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit cc30757a7f)
 2025-11-30 20:48:03 +01:00
Gyorgy Sarvari b6eb044866 yasm: add alternative CVE_PRODUCT 
There are multiple vendors for yasm:

$ sqlite3 ./nvdcve_2-2.db "select distinct vendor, product from products where product = 'yasm';"
tortall|yasm
yasm_project|yasm

Both products refer to the same application

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 93f85e4fd2)
 2025-11-30 20:48:01 +01:00
Praveen Kumar 9146afcebb yasm: fix CVE-2024-22653 
yasm commit 9defefae was discovered to contain a NULL pointer
dereference via the yasm_section_bcs_append function at section.c.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-22653

Upstream-patch:
https://github.com/yasm/yasm/commit/121ab150b3577b666c79a79f4a511798d7ad2432

Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-10-17 10:51:27 +02:00
Soumya 7f5ded2c88 yasm: fix CVE-2023-37732 
Yasm v1.3.0.78 was found prone to NULL Pointer Dereference in /libyasm/intnum.c
and /elf/elf.c, which allows the attacker to cause a denial of service via a
crafted file.

References:
https://github.com/yasm/yasm/issues/233
https://nvd.nist.gov/vuln/detail/CVE-2023-37732

Signed-off-by: Soumya <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit 41fffef6b0)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-01-12 07:14:16 -05:00
Polampalli, Archana 83f5741bd5 yasm: fix CVE-2023-31975 
yasm v1.3.0 was discovered to contain a memory leak via the function
yasm_intnum_copy at /libyasm/intnum.c.

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-31975
https://github.com/yasm/yasm/issues/210

Upstream patches:
https://github.com/yasm/yasm/commit/b2cc5a1693b17ac415df76d0795b15994c106441

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2023-08-03 16:47:53 -04:00
Anuj Mittal 9165fb0d1f yasm: fix buildpaths warning 
ax_create_stdint_h.m4 includes $CC as a comment in the generated header
which leads to buildpaths warning:

| WARNING: yasm-1.3.0+gitAUTOINC+ba463d3c26-r0 do_package_qa: QA Issue: File /usr/include/libyasm-stdint.h in package yasm-dev contains reference to TMPDIR [buildpaths]

Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit a7346d2bb1)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-08-07 15:02:38 -07:00
Richard Purdie b402a3076f recipes: Update SRC_URI branch and protocols 
This patch updates SRC_URIs using git to include branch=master if no branch is set
and also to use protocol=https for github urls as generated by the conversion script
in OE-Core.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2021-11-03 06:57:49 -07:00
Khem Raj efa63d8ffb yasm: Fix build with autotools 2.70+ 
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2021-02-04 08:53:47 -08:00
Khem Raj 5057746583 meta-oe: Remove using python2 
This change makes the parsing go though, we still might have build
issues, which will be reported in world builds seprately

Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2020-01-22 09:56:34 -08:00
Christophe PRIOUZEAU e023880905 yasm: Clarify BSD license variant 
The License of yasm is MIT.

Signed-off-by: Christophe Priouzeau <christophe.priouzeau@st.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2019-10-25 10:29:51 -07:00
Khem Raj 58fc24db71 yasm: Use 1.3.0 release 
* latest master might have issues, so revert to using 1.3.0 release
* Disable parallel compile

Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2018-10-02 17:17:10 -07:00
Khem Raj 7e196d2c3a yasm: Add recipe ( previously in oe-core ) 
Remove in OE-Core via

http://git.openembedded.org/openembedded-core/commit/?id=b7f3f7ecfdf26129c5df2d3ee14e73c4633ea5a3

while apps in OE-core have move to use nasm or other things yasm is
still needed by some apps in rest of OE universe e.g. firefox

switch to github URI since master has bunch of fixes over 1.3.0 release

Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2018-09-30 10:17:48 -07:00