Accepting request 512491 from home:adamm:branches:devel:tools:compiler

- memory_fixes.patch: Fix usage-after-free and buffer overflow
  bugs (bsc#1047925, bsc#1047936, CVE-2017-11111, CVE-2017-10686)
- Restrict %fdupes to manpage directory
- Enable unit tests in %check target

OBS-URL: https://build.opensuse.org/request/show/512491
OBS-URL: https://build.opensuse.org/package/show/devel:tools:compiler/nasm?expand=0&rev=31

memory_fixes.patch

@@ -0,0 +1,52 @@
+Author: Adam Majer <amajer@suse.de>
+Date: Tue Jul 25 13:03:57 CEST 2017
+Summary: Fix use after free and buffer overflow
+BSC: 1047925 1047936
+
+Submitted upstream in linked bug reports.
+
+https://bugzilla.nasm.us/show_bug.cgi?id=3392414
+https://bugzilla.nasm.us/show_bug.cgi?id=3392415
+
+Index: nasm-2.13.01/asm/preproc.c
+===================================================================
+--- nasm-2.13.01.orig/asm/preproc.c
++++ nasm-2.13.01/asm/preproc.c
+@@ -1257,6 +1257,7 @@ static char *detoken(Token * tlist, bool
+             char *q = t->text;
+ 
+             v = t->text + 2;
++            t->text = NULL;
+             if (*v == '\'' || *v == '\"' || *v == '`') {
+                 size_t len = nasm_unquote(v, NULL);
+                 size_t clen = strlen(v);
+@@ -3845,9 +3846,15 @@ static bool paste_tokens(Token **head, c
+                 len += strlen(tok->text);
+                 p = buf = nasm_malloc(len + 1);
+ 
++                strcpy(p, tok->text);
++                p = strchr(p, '\0');
++                tok = delete_Token(tok);
++
+                 while (tok != next) {
+-                    strcpy(p, tok->text);
+-                    p = strchr(p, '\0');
++                    if (PP_CONCAT_MATCH(tok, m[i].mask_tail)) {
++                        strcpy(p, tok->text);
++                        p = strchr(p, '\0');
++                    }
+                     tok = delete_Token(tok);
+                 }
+ 
+@@ -5095,8 +5102,9 @@ static char *pp_getline(void)
+                             nasm_free(m->paramlen);
+                             l->finishes->in_progress = 0;
+                         }
+-                    } else
+-                        free_mmacro(m);
++                    } else {
++                        // free_mmacro(m);
++                    }
+                 }
+                 istk->expansion = l->next;
+                 nasm_free(l);

nasm.changes

@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Tue Jul 25 11:00:30 UTC 2017 - adam.majer@suse.de
+
+- memory_fixes.patch: Fix usage-after-free and buffer overflow
+  bugs (bsc#1047925, bsc#1047936, CVE-2017-11111, CVE-2017-10686)
+- Restrict %fdupes to manpage directory
+- Enable unit tests in %check target
+
 -------------------------------------------------------------------
 Tue May 23 11:14:56 UTC 2017 - mpluskal@suse.com
 

nasm.spec

@@ -24,6 +24,7 @@ License:        BSD-2-Clause
 Group:          Development/Languages/Other
 Url:            http://www.nasm.us/
 Source:         http://www.nasm.us/pub/nasm/releasebuilds/%{version}/nasm-%{version}.tar.xz
+Patch:          memory_fixes.patch
 BuildRequires:  fdupes
 
 %description
@@ -32,6 +33,7 @@ several binary formats, including ELF, a.out, Win32, and OS/2.
 
 %prep
 %setup -q
+%patch -p1
 
 %build
 touch -r ./version.h ./version.h.stamp
@@ -43,7 +45,10 @@ make %{?_smp_mflags} all
 
 %install
 make INSTALLROOT=%{buildroot} install rdf_install
-%fdupes -s %{buildroot}
+%fdupes %{buildroot}%{_mandir}
+
+%check
+make test
 
 %files
 %defattr(-,root,root)