Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package nasm for openSUSE:Factory checked in 
at 2026-07-08 17:35:07
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/nasm (Old)
 and      /work/SRC/openSUSE:Factory/.nasm.new.1982 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "nasm"

Wed Jul  8 17:35:07 2026 rev:48 rq:1364021 version:3.02

Changes:
--------
--- /work/SRC/openSUSE:Factory/nasm/nasm.changes        2026-02-03 
21:28:57.522233332 +0100
+++ /work/SRC/openSUSE:Factory/.nasm.new.1982/nasm.changes      2026-07-08 
17:36:50.722111338 +0200
@@ -1,0 +2,87 @@
+Mon Jul  6 09:34:10 UTC 2026 - Michael Vetter <[email protected]>
+
+- Update to 3.02:
+  * Fix build problems on C23 compilers using a pre-C23 version of <stdbool.h>
+    which defines bool as a macro in violation of the C23 specification.
+  * The immediate form of the JMPE instruction (opcode 0F B8) has been changed
+    to an absolute address, as in the Itanium Architecture Software Developer's
+    Manual, version 2.3, Volume 4, page 4:249. Hopefully this won't break
+    whatever virtual environments use JMPE, but it is the closest thing there
+    is to an official specification for this opcode.
+  * Being an absolute address, treat it equivalent to a FAR jump and do not
+    default to 64 bits in 64-bit mode.
+  * That JMPE has apparently been wrong all these years is probably as good of
+    a hint as any how much it has been actually used, but it does have the
+    possibility of breaking virtual environments. In that case, please file a
+    bug report to https://bugs.nasm.us with details about the virtual
+    environment, and we will figure out a suitable solution.
+  * Various build fixes. Fix the documentation not building on MacOS because of
+    the cp utility lacking -u there. Also fix not building generally due to
+    wrong link formatting. Another fix was a typo in compiler.h related to a
+    C++ check.
+  * Corrections to assembling encodings:
+    + Fix CMP allowing LOCK which is illegal.
+    + Correct multiple AVX512 instructions such as VCVTSD2SI, VCVTSD2USI,
+      VCVTSS2SI, VCVTSS2USI, VCVTTSD2SI, VCVTTSD2USI, VCVTTSS2SI, VCVTTSS2USI,
+      VGETEXPSH, VGETMANTSH, MOVDDUP, VMOVDDUP.
+    + Fixed other encodings or instruction formats for instructions UWRMSR,
+      CMPSD, VCMPSS, V4FMADDSS, V4FNMADDSS, VCVTDQ2PH, VCVTPD2PH, VCVTPH2UDQ,
+      VCVTQQ2PH, VCVTUDQ2PH, VCVTUQQ2PH, VGETEXPSH, VGETMANTSH, VRCPPH,
+      VRSQRTPH, VCVTPH2BF8, VCVTPH2BF8S, VCVTPH2HF8, VCVTPH2HF8S.
+    + Fixed typos in VP4DPWSSD mnemonic.
+    + Fixed BYTE and WORD operands getting the same encoding on arithmetic
+      instructions such as CMP.
+    + Fixed PUSH not assembling when used with a DWORD in 64-bit mode. This is
+      not a recommended syntax as the operand size is still 64 bits, but was
+      permitted by earlier versions of NASM.
+    + Fix parsing of $–escaped symbols in directives (GLOBAL, STATIC, EXTERN,
+      REQUIRED, COMMON).
+  * Corrections to disassembling:
+    + Shift instructions with the unity operand were getting disassembled to a
+      zero operand instead of one.
+    + JMP, CALL and JMPE disassembled incorrectly with the register operands.
+  * Whole bunch of minor fixes to operand sizes, operand size prefixes. Changes
+    mostly return the behavior known from 2.16.03.
+  * MOV [mem], label would be accepted without size specifiers which could
+    cause unintended consequences. Raise an error if no size was specified and
+    one of the operands is a memory reference and another operands is a label.
+  * JMP NEAR is now the same as JMP STRICT NEAR as the STRICT is redundant
+    here. JMP WORD on the other hand is up for optimization as NEAR and WORD
+    relate to different things – jump lengths and operation sizes respectively.
+  * Using redundant (or not) but valid operands size prefixes was fixed on
+    instructions such as IRET, PUSHF, POPF, PUSH and POP.
+  * Using an operand size prefix on a JMP or CALL instruction could generate an
+    invalid instruction. This appears to have been a long-standing bug.
+    Specifying the operand size by specifying the size of the immediate
+    explicitly (e.g. JMP DWORD label) has always worked correctly, however.
+  * Add support for C2y-style \o escape sequences, braced escape sequences, and
+    as NASM extensions, decimal escape sequences (\d) and control-character
+    escape sequences (\^). See section 3.4.2.
+  * Fix generation of the short opcodes for ADD, OR, ADC, SBB, AND, SUB, XOR, 
and CMP AL,imm8.
+  * Fix truncation of the generated constant to 63 bits when invoking a
+    single-line macro when an argument is defined as =/b or =/ub.
+  * Add an %env() preprocessor function as a more robust and flexible
+    alternative to the %! construct. See section 5.5.7.
+  * The maximum number of multi-line macro parameters is now a configurable
+    limit. See section 2.1.32.
+  * The --limit- options and %pragma limit now accept the keywords default,
+    maximum, and reset. See section 2.1.32.
+  * Fix parsing of seg:offs–style FAR pointers in EQU.
+  * Fix the %clear preprocessor directive hanging when given parameters.
+  * The never properly implemented (or documented) preprocessor directives
+    %rmacro and %irmacro are now properly disabled; to avoid breaking existing
+    code, they fall back to %macro and %imacro with a suitable warning.
+    Programmers should not rely on this behavior: in the future, these
+    directives might actually be (properly) implemented.
+  * Fix a crash when -M directives were used in response files. 
(CVE-2026-6068) (bsc#1261985)
+  * New listing option -Lc to include the contents of INCBIN files, see 
section 2.1.4.
+  * New listing option -Lt to include the output from every iteration of TIMES
+    and ALIGN directives, see section 2.1.4.
+  * The %pragma list options directive now support resetting options to their
+    command-line default, see section 2.1.4.
+  * New predefined macros __?LIST_OPTIONS?__ and __?LIST_OPTIONS_DEFAULT?__ to
+    query the active and command-line default listing options. See section 
2.1.4.
+- CVE-2026-6067: heap buffer overflow vulnerability due to a lack of bounds 
checking in the obj_directive (bsc#1261986)
+  Add nasm-CVE-2026-6067.patch
+
+-------------------------------------------------------------------

Old:
----
  nasm-3.01.tar.xz

New:
----
  nasm-3.02.tar.xz
  nasm-CVE-2026-6067.patch

----------(New B)----------
  New:- CVE-2026-6067: heap buffer overflow vulnerability due to a lack of 
bounds checking in the obj_directive (bsc#1261986)
  Add nasm-CVE-2026-6067.patch
----------(New E)----------

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ nasm.spec ++++++
--- /var/tmp/diff_new_pack.vm1a2X/_old  2026-07-08 17:36:52.098159208 +0200
+++ /var/tmp/diff_new_pack.vm1a2X/_new  2026-07-08 17:36:52.102159348 +0200
@@ -1,7 +1,7 @@
 #
 # spec file for package nasm
 #
-# Copyright (c) 2025 SUSE LLC and contributors
+# Copyright (c) 2026 SUSE LLC and contributors
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
 
 
 Name:           nasm
-Version:        3.01
+Version:        3.02
 Release:        0
 Summary:        Netwide Assembler (An x86 Assembler)
 License:        BSD-2-Clause
@@ -25,6 +25,7 @@
 URL:            https://www.nasm.us/
 Source:         
https://www.nasm.us/pub/nasm/releasebuilds/%{version}/%{name}-%{version}.tar.xz
 Patch0:         reproducible.patch
+Patch1:         nasm-CVE-2026-6067.patch
 BuildRequires:  fdupes
 
 %description
@@ -32,7 +33,7 @@
 several binary formats, including ELF, a.out, Win32, and OS/2.
 
 %prep
-%autosetup -p0
+%autosetup -p1
 
 %build
 %configure \

++++++ nasm-3.01.tar.xz -> nasm-3.02.tar.xz ++++++
++++ 158926 lines of diff (skipped)

++++++ nasm-CVE-2026-6067.patch ++++++
https://github.com/netwide-assembler/nasm/commit/80ce049f35d3b194d5ba62e8e8e417a5211b35cb
Index: nasm-3.02/output/outobj.c
===================================================================
--- nasm-3.02.orig/output/outobj.c
+++ nasm-3.02/output/outobj.c
@@ -1736,6 +1736,10 @@ obj_directive(enum directive directive,
                      */
                     continue;
                 }
+                if (grp->nentries >= GROUP_MAX) {
+                    nasm_nonfatal("too many segments in a group");
+                    return DIRR_ERROR;
+                }
                 for (seg = seghead; seg; seg = seg->next)
                     if (!strcmp(seg->name, p))
                         break;

++++++ reproducible.patch ++++++
--- /var/tmp/diff_new_pack.vm1a2X/_old  2026-07-08 17:36:53.962224057 +0200
+++ /var/tmp/diff_new_pack.vm1a2X/_new  2026-07-08 17:36:53.970224335 +0200
@@ -1,8 +1,23 @@
-Index: disasm/ndisasm.c
+Index: nasm-3.02/asm/nasm.c
 ===================================================================
---- disasm/ndisasm.c.orig
-+++ disasm/ndisasm.c
-@@ -120,8 +120,8 @@ int main(int argc, char **argv)
+--- nasm-3.02.orig/asm/nasm.c
++++ nasm-3.02/asm/nasm.c
+@@ -1047,8 +1047,8 @@ static const struct textargs textopts[]
+ 
+ static void show_version(void)
+ {
+-    printf("NASM version %s compiled on %s%s\n",
+-           nasm_version, nasm_date, nasm_compile_options);
++    printf("NASM version %s compiled on %s\n",
++           nasm_version, nasm_compile_options);
+     exit(0);
+ }
+ 
+Index: nasm-3.02/disasm/ndisasm.c
+===================================================================
+--- nasm-3.02.orig/disasm/ndisasm.c
++++ nasm-3.02/disasm/ndisasm.c
+@@ -72,8 +72,8 @@ int main(int argc, char **argv)
                  case 'r':
                  case 'v':
                      fprintf(stderr,
@@ -13,11 +28,11 @@
                      return 0;
                  case 'u':     /* -u for -b 32, -uu for -b 64 */
                    if (bits < 64)
-Index: include/ver.h
+Index: nasm-3.02/include/ver.h
 ===================================================================
---- include/ver.h.orig
-+++ include/ver.h
-@@ -41,7 +41,6 @@
+--- nasm-3.02.orig/include/ver.h
++++ nasm-3.02/include/ver.h
+@@ -11,7 +11,6 @@
  #include "compiler.h"
  
  extern const char nasm_version[];
@@ -25,11 +40,11 @@
  extern const char nasm_compile_options[];
  
  extern bool reproducible;
-Index: nasmlib/ver.c
+Index: nasm-3.02/nasmlib/ver.c
 ===================================================================
---- nasmlib/ver.c.orig
-+++ nasmlib/ver.c
-@@ -36,7 +36,6 @@
+--- nasm-3.02.orig/nasmlib/ver.c
++++ nasm-3.02/nasmlib/ver.c
+@@ -6,7 +6,6 @@
  
  /* This is printed when entering nasm -v */
  const char nasm_version[] = NASM_VER;
@@ -37,19 +52,4 @@
  const char nasm_compile_options[] = ""
  #ifdef DEBUG
      " with -DDEBUG"
-Index: asm/nasm.c
-===================================================================
---- asm/nasm.c.orig
-+++ asm/nasm.c
-@@ -977,8 +977,8 @@ static const struct textargs textopts[]
- 
- static void show_version(void)
- {
--    printf("NASM version %s compiled on %s%s\n",
--           nasm_version, nasm_date, nasm_compile_options);
-+    printf("NASM version %s compiled on %s\n",
-+           nasm_version, nasm_compile_options);
-     exit(0);
- }
- 
 

Reply via email to