Accepting request 569354 from devel:tools:compiler

OBS-URL: https://build.opensuse.org/request/show/569354
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nasm?expand=0&rev=36

memory_fixes.patch

@@ -1,54 +0,0 @@
-Author: Adam Majer <amajer@suse.de>
-Date: Tue Jul 25 13:03:57 CEST 2017
-Summary: Fix use after free and buffer overflow
-BSC: 1047925 1047936
-
-Submitted upstream in linked bug reports.
-
-https://bugzilla.nasm.us/show_bug.cgi?id=3392414
-https://bugzilla.nasm.us/show_bug.cgi?id=3392415
-
-Index: nasm-2.13.01/asm/preproc.c
-===================================================================
---- nasm-2.13.01.orig/asm/preproc.c
-+++ nasm-2.13.01/asm/preproc.c
-@@ -1280,8 +1280,8 @@ static char *detoken(Token * tlist, bool
-                     t->text = nasm_zalloc(2);
-                 } else
-                     t->text = nasm_strdup(p);
-+                nasm_free(q);
-             }
--            nasm_free(q);
-         }
- 
-         /* Expand local macros here and not during preprocessing */
-@@ -3845,9 +3845,15 @@ static bool paste_tokens(Token **head, c
-                 len += strlen(tok->text);
-                 p = buf = nasm_malloc(len + 1);
- 
-+                strcpy(p, tok->text);
-+                p = strchr(p, '\0');
-+                tok = delete_Token(tok);
-+
-                 while (tok != next) {
--                    strcpy(p, tok->text);
--                    p = strchr(p, '\0');
-+                    if (PP_CONCAT_MATCH(tok, m[i].mask_tail)) {
-+                        strcpy(p, tok->text);
-+                        p = strchr(p, '\0');
-+                    }
-                     tok = delete_Token(tok);
-                 }
- 
-@@ -5095,8 +5101,9 @@ static char *pp_getline(void)
-                             nasm_free(m->paramlen);
-                             l->finishes->in_progress = 0;
-                         }
--                    } else
--                        free_mmacro(m);
-+                    } else {
-+                        // free_mmacro(m);
-+                    }
-                 }
-                 istk->expansion = l->next;
-                 nasm_free(l);

nasm-2.13.01.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:aa0213008f0433ecbe07bb628506a5c4be8079be20fc3532a5031fd639db9a5e
-size 800244

nasm-2.13.02.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:8ac3235f49a6838ff7a8d7ef7c19a4430d0deecc0c2d3e3e237b5e9f53291757
+size 805744

nasm.changes

@@ -1,3 +1,43 @@
+-------------------------------------------------------------------
+Wed Jan 24 13:09:39 UTC 2018 - adam.majer@suse.de
+
+- New upstream version 2.13.02:
+  * Fix generation of PEXTRW instruction.
+  * Fix smartalign package which could trigger an error during
+  optimization if the alignment code expanded too much due to
+  optimization of the previous code.
+  * Fix a case where negative value in TIMES directive causes
+  panic instead of an error.
+  * Fix the incorrect generation of VEX-encoded instruction
+  when static mode decorators are specified on scalar instructions,
+  losing the decorators as they require EVEX encoding.
+  * Fix generation of dependency lists.
+  * Fixes macro calls that have the wrong number of arguments
+    (bsc#1073796, CVE-2017-17810)
+  * Fixes Heap-based buffer overflow allows related to a strcpy
+    in paste_tokens (bsc#1073798, CVE-2017-17811)
+  * Fixes Heap-based buffer over-read in the function detoken()
+    (bsc#1073799, CVE-2017-17812)
+  * Fixes Use-after-free in the pp_list_one_macro function
+    (bsc#1073803, CVE-2017-17813)
+  * Fixes Use-after-free in do_directive
+    (bsc#1073808, CVE-2017-17814)
+  * Fixes Illegal address access in is_mmacro()
+    (bsc#1073818, CVE-2017-17815)
+  * Fixes Use-after-free in pp_getline
+    (bsc#1073823, CVE-2017-17816)
+  * Fixes Use-after-free in pp_verror
+    (bsc#1073829, CVE-2017-17817)
+  * Fixes Heap-based buffer over-read related to a while loop in
+    paste_tokens (bsc#1073830, CVE-2017-17818)
+  * Fixes Illegal address access in the function find_cc
+    (bsc#1073832, CVE-2017-17819)
+  * Fixes Use-after-free in pp_list_one_macro
+    (bsc#1073846, CVE-2017-17820)
+  * Fixes illegal address access in thefunction paste_tokens()
+    (bsc#1058013, CVE-2017-14228)
+- memory_fixes.patch: changes upstreamed and removed.
+
 -------------------------------------------------------------------
 Tue Jul 25 11:00:30 UTC 2017 - adam.majer@suse.de
 

nasm.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package nasm
 #
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,14 +17,13 @@
 
 
 Name:           nasm
-Version:        2.13.01
+Version:        2.13.02
 Release:        0
 Summary:        Netwide Assembler (An x86 Assembler)
 License:        BSD-2-Clause
 Group:          Development/Languages/Other
 Url:            http://www.nasm.us/
 Source:         http://www.nasm.us/pub/nasm/releasebuilds/%{version}/nasm-%{version}.tar.xz
-Patch:          memory_fixes.patch
 BuildRequires:  fdupes
 
 %description
@@ -33,7 +32,6 @@ several binary formats, including ELF, a.out, Win32, and OS/2.
 
 %prep
 %setup -q
-%patch -p1
 
 %build
 touch -r ./version.h ./version.h.stamp