mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-06-14 05:49:57 +00:00
Guocai He
c14dcffcd7
An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in yasm_expr_get_intnum() in libyasm/expr.c. Backport patch to fix CVE-2021-33454 per reference [1]. [1]: https://security-tracker.debian.org/tracker/CVE-2021-33454 Signed-off-by: Guocai He <guocai.he.cn@windriver.com> Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
42 lines
1.4 KiB
BlitzBasic
42 lines
1.4 KiB
BlitzBasic
SUMMARY = "x86 (SSE) assembler supporting NASM and GAS-syntaxes"
|
|
LICENSE = "MIT"
|
|
HOMEPAGE = "http://www.tortall.net/projects/yasm/"
|
|
|
|
LIC_FILES_CHKSUM = "file://COPYING;md5=a12d8903508fb6bfd49d8d82c6170dd9"
|
|
|
|
DEPENDS += "flex-native bison-native"
|
|
PACKAGECONFIG[docs] = ",,xmlto-native,"
|
|
|
|
PV = "1.3.0+git"
|
|
# v1.3.0
|
|
SRCREV = "ba463d3c26c0ece2e797b8d6381b161633b5971a"
|
|
SRC_URI = "git://github.com/yasm/yasm.git;branch=master;protocol=https \
|
|
file://0001-Do-not-use-AC_HEADER_STDC.patch \
|
|
file://CVE-2023-31975.patch \
|
|
file://CVE-2023-37732.patch \
|
|
file://0001-yasm-Set-build-date-to-SOURCE_DATE_EPOCH.patch \
|
|
file://0002-yasm-Use-BUILD_DATE-for-reproducibility.patch \
|
|
file://CVE-2024-22653.patch \
|
|
file://CVE-2023-29579.patch \
|
|
file://CVE-2021-33464.patch \
|
|
file://CVE-2021-33456.patch \
|
|
file://CVE-2021-33454.patch \
|
|
"
|
|
|
|
S = "${WORKDIR}/git"
|
|
|
|
inherit autotools gettext python3native
|
|
|
|
CACHED_CONFIGUREVARS = "CCLD_FOR_BUILD='${CC_FOR_BUILD}'"
|
|
|
|
BBCLASSEXTEND = "native nativesdk"
|
|
|
|
PARALLEL_MAKE = ""
|
|
|
|
do_configure:prepend() {
|
|
# Don't include $CC (which includes path to sysroot) in generated header.
|
|
sed -i -e "s/^echo \"\/\* generated \$ac_cv_stdint_message \*\/\" >>\$ac_stdint$"// ${S}/m4/ax_create_stdint_h.m4
|
|
}
|
|
|
|
CVE_PRODUCT += "tortall:yasm yasm_project:yasm"
|