Accepting request 512491 from home:adamm:branches:devel:tools:compiler

- memory_fixes.patch: Fix usage-after-free and buffer overflow bugs (bsc#1047925, bsc#1047936, CVE-2017-11111, CVE-2017-10686) - Restrict %fdupes to manpage directory - Enable unit tests in %check target OBS-URL: https://build.opensuse.org/request/show/512491 OBS-URL: https://build.opensuse.org/package/show/devel:tools:compiler/nasm?expand=0&rev=31
2017-07-25 12:08:19 +00:00 · 2017-07-25 12:08:19 +00:00 · edf3e306c6
commit edf3e306c6
parent 655310f4f7
3 changed files with 66 additions and 1 deletions
--- a/memory_fixes.patch
+++ b/memory_fixes.patch
@ -0,0 +1,52 @@
+Author: Adam Majer <amajer@suse.de>
+Date: Tue Jul 25 13:03:57 CEST 2017
+Summary: Fix use after free and buffer overflow
+BSC: 1047925 1047936
+
+Submitted upstream in linked bug reports.
+
+https://bugzilla.nasm.us/show_bug.cgi?id=3392414
+https://bugzilla.nasm.us/show_bug.cgi?id=3392415
+
+Index: nasm-2.13.01/asm/preproc.c
+===================================================================
+--- nasm-2.13.01.orig/asm/preproc.c
+++ nasm-2.13.01/asm/preproc.c
+@@ -1257,6 +1257,7 @@ static char *detoken(Token * tlist, bool
+             char *q = t->text;
+ 
+             v = t->text + 2;
+            t->text = NULL;
+             if (*v == '\'' || *v == '\"' || *v == '`') {
+                 size_t len = nasm_unquote(v, NULL);
+                 size_t clen = strlen(v);
+@@ -3845,9 +3846,15 @@ static bool paste_tokens(Token **head, c
+                 len += strlen(tok->text);
+                 p = buf = nasm_malloc(len + 1);
+ 
+                strcpy(p, tok->text);
+                p = strchr(p, '\0');
+                tok = delete_Token(tok);
+
+                 while (tok != next) {
+-                    strcpy(p, tok->text);
+-                    p = strchr(p, '\0');
+                    if (PP_CONCAT_MATCH(tok, m[i].mask_tail)) {
+                        strcpy(p, tok->text);
+                        p = strchr(p, '\0');
+                    }
+                     tok = delete_Token(tok);
+                 }
+ 
+@@ -5095,8 +5102,9 @@ static char *pp_getline(void)
+                             nasm_free(m->paramlen);
+                             l->finishes->in_progress = 0;
+                         }
+-                    } else
+-                        free_mmacro(m);
+                    } else {
+                        // free_mmacro(m);
+                    }
+                 }
+                 istk->expansion = l->next;
+                 nasm_free(l);
--- a/nasm.changes
+++ b/nasm.changes
@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Tue Jul 25 11:00:30 UTC 2017 - adam.majer@suse.de
+
+- memory_fixes.patch: Fix usage-after-free and buffer overflow
+  bugs (bsc#1047925, bsc#1047936, CVE-2017-11111, CVE-2017-10686)
+- Restrict %fdupes to manpage directory
+- Enable unit tests in %check target
+
 -------------------------------------------------------------------
 Tue May 23 11:14:56 UTC 2017 - mpluskal@suse.com

--- a/nasm.spec
+++ b/nasm.spec
@ -24,6 +24,7 @@ License:        BSD-2-Clause
 Group:          Development/Languages/Other
 Url:            http://www.nasm.us/
 Source:         http://www.nasm.us/pub/nasm/releasebuilds/%{version}/nasm-%{version}.tar.xz
+Patch:          memory_fixes.patch
 BuildRequires:  fdupes

 %description
@ -32,6 +33,7 @@ several binary formats, including ELF, a.out, Win32, and OS/2.

 %prep
 %setup -q
+%patch -p1

 %build
 touch -r ./version.h ./version.h.stamp
@ -43,7 +45,10 @@ make %{?_smp_mflags} all

 %install
 make INSTALLROOT=%{buildroot} install rdf_install
-%fdupes -s %{buildroot}
+%fdupes %{buildroot}%{_mandir}
+
+%check
+make test

 %files
 %defattr(-,root,root)