Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package nasm for openSUSE:Factory checked in at 2026-07-08 17:35:07 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/nasm (Old) and /work/SRC/openSUSE:Factory/.nasm.new.1982 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "nasm" Wed Jul 8 17:35:07 2026 rev:48 rq:1364021 version:3.02 Changes: -------- --- /work/SRC/openSUSE:Factory/nasm/nasm.changes 2026-02-03 21:28:57.522233332 +0100 +++ /work/SRC/openSUSE:Factory/.nasm.new.1982/nasm.changes 2026-07-08 17:36:50.722111338 +0200 @@ -1,0 +2,87 @@ +Mon Jul 6 09:34:10 UTC 2026 - Michael Vetter <[email protected]> + +- Update to 3.02: + * Fix build problems on C23 compilers using a pre-C23 version of <stdbool.h> + which defines bool as a macro in violation of the C23 specification. + * The immediate form of the JMPE instruction (opcode 0F B8) has been changed + to an absolute address, as in the Itanium Architecture Software Developer's + Manual, version 2.3, Volume 4, page 4:249. Hopefully this won't break + whatever virtual environments use JMPE, but it is the closest thing there + is to an official specification for this opcode. + * Being an absolute address, treat it equivalent to a FAR jump and do not + default to 64 bits in 64-bit mode. + * That JMPE has apparently been wrong all these years is probably as good of + a hint as any how much it has been actually used, but it does have the + possibility of breaking virtual environments. In that case, please file a + bug report to https://bugs.nasm.us with details about the virtual + environment, and we will figure out a suitable solution. + * Various build fixes. Fix the documentation not building on MacOS because of + the cp utility lacking -u there. Also fix not building generally due to + wrong link formatting. Another fix was a typo in compiler.h related to a + C++ check. + * Corrections to assembling encodings: + + Fix CMP allowing LOCK which is illegal. + + Correct multiple AVX512 instructions such as VCVTSD2SI, VCVTSD2USI, + VCVTSS2SI, VCVTSS2USI, VCVTTSD2SI, VCVTTSD2USI, VCVTTSS2SI, VCVTTSS2USI, + VGETEXPSH, VGETMANTSH, MOVDDUP, VMOVDDUP. + + Fixed other encodings or instruction formats for instructions UWRMSR, + CMPSD, VCMPSS, V4FMADDSS, V4FNMADDSS, VCVTDQ2PH, VCVTPD2PH, VCVTPH2UDQ, + VCVTQQ2PH, VCVTUDQ2PH, VCVTUQQ2PH, VGETEXPSH, VGETMANTSH, VRCPPH, + VRSQRTPH, VCVTPH2BF8, VCVTPH2BF8S, VCVTPH2HF8, VCVTPH2HF8S. + + Fixed typos in VP4DPWSSD mnemonic. + + Fixed BYTE and WORD operands getting the same encoding on arithmetic + instructions such as CMP. + + Fixed PUSH not assembling when used with a DWORD in 64-bit mode. This is + not a recommended syntax as the operand size is still 64 bits, but was + permitted by earlier versions of NASM. + + Fix parsing of $–escaped symbols in directives (GLOBAL, STATIC, EXTERN, + REQUIRED, COMMON). + * Corrections to disassembling: + + Shift instructions with the unity operand were getting disassembled to a + zero operand instead of one. + + JMP, CALL and JMPE disassembled incorrectly with the register operands. + * Whole bunch of minor fixes to operand sizes, operand size prefixes. Changes + mostly return the behavior known from 2.16.03. + * MOV [mem], label would be accepted without size specifiers which could + cause unintended consequences. Raise an error if no size was specified and + one of the operands is a memory reference and another operands is a label. + * JMP NEAR is now the same as JMP STRICT NEAR as the STRICT is redundant + here. JMP WORD on the other hand is up for optimization as NEAR and WORD + relate to different things – jump lengths and operation sizes respectively. + * Using redundant (or not) but valid operands size prefixes was fixed on + instructions such as IRET, PUSHF, POPF, PUSH and POP. + * Using an operand size prefix on a JMP or CALL instruction could generate an + invalid instruction. This appears to have been a long-standing bug. + Specifying the operand size by specifying the size of the immediate + explicitly (e.g. JMP DWORD label) has always worked correctly, however. + * Add support for C2y-style \o escape sequences, braced escape sequences, and + as NASM extensions, decimal escape sequences (\d) and control-character + escape sequences (\^). See section 3.4.2. + * Fix generation of the short opcodes for ADD, OR, ADC, SBB, AND, SUB, XOR, and CMP AL,imm8. + * Fix truncation of the generated constant to 63 bits when invoking a + single-line macro when an argument is defined as =/b or =/ub. + * Add an %env() preprocessor function as a more robust and flexible + alternative to the %! construct. See section 5.5.7. + * The maximum number of multi-line macro parameters is now a configurable + limit. See section 2.1.32. + * The --limit- options and %pragma limit now accept the keywords default, + maximum, and reset. See section 2.1.32. + * Fix parsing of seg:offs–style FAR pointers in EQU. + * Fix the %clear preprocessor directive hanging when given parameters. + * The never properly implemented (or documented) preprocessor directives + %rmacro and %irmacro are now properly disabled; to avoid breaking existing + code, they fall back to %macro and %imacro with a suitable warning. + Programmers should not rely on this behavior: in the future, these + directives might actually be (properly) implemented. + * Fix a crash when -M directives were used in response files. (CVE-2026-6068) (bsc#1261985) + * New listing option -Lc to include the contents of INCBIN files, see section 2.1.4. + * New listing option -Lt to include the output from every iteration of TIMES + and ALIGN directives, see section 2.1.4. + * The %pragma list options directive now support resetting options to their + command-line default, see section 2.1.4. + * New predefined macros __?LIST_OPTIONS?__ and __?LIST_OPTIONS_DEFAULT?__ to + query the active and command-line default listing options. See section 2.1.4. +- CVE-2026-6067: heap buffer overflow vulnerability due to a lack of bounds checking in the obj_directive (bsc#1261986) + Add nasm-CVE-2026-6067.patch + +------------------------------------------------------------------- Old: ---- nasm-3.01.tar.xz New: ---- nasm-3.02.tar.xz nasm-CVE-2026-6067.patch ----------(New B)---------- New:- CVE-2026-6067: heap buffer overflow vulnerability due to a lack of bounds checking in the obj_directive (bsc#1261986) Add nasm-CVE-2026-6067.patch ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ nasm.spec ++++++ --- /var/tmp/diff_new_pack.vm1a2X/_old 2026-07-08 17:36:52.098159208 +0200 +++ /var/tmp/diff_new_pack.vm1a2X/_new 2026-07-08 17:36:52.102159348 +0200 @@ -1,7 +1,7 @@ # # spec file for package nasm # -# Copyright (c) 2025 SUSE LLC and contributors +# Copyright (c) 2026 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: nasm -Version: 3.01 +Version: 3.02 Release: 0 Summary: Netwide Assembler (An x86 Assembler) License: BSD-2-Clause @@ -25,6 +25,7 @@ URL: https://www.nasm.us/ Source: https://www.nasm.us/pub/nasm/releasebuilds/%{version}/%{name}-%{version}.tar.xz Patch0: reproducible.patch +Patch1: nasm-CVE-2026-6067.patch BuildRequires: fdupes %description @@ -32,7 +33,7 @@ several binary formats, including ELF, a.out, Win32, and OS/2. %prep -%autosetup -p0 +%autosetup -p1 %build %configure \ ++++++ nasm-3.01.tar.xz -> nasm-3.02.tar.xz ++++++ ++++ 158926 lines of diff (skipped) ++++++ nasm-CVE-2026-6067.patch ++++++ https://github.com/netwide-assembler/nasm/commit/80ce049f35d3b194d5ba62e8e8e417a5211b35cb Index: nasm-3.02/output/outobj.c =================================================================== --- nasm-3.02.orig/output/outobj.c +++ nasm-3.02/output/outobj.c @@ -1736,6 +1736,10 @@ obj_directive(enum directive directive, */ continue; } + if (grp->nentries >= GROUP_MAX) { + nasm_nonfatal("too many segments in a group"); + return DIRR_ERROR; + } for (seg = seghead; seg; seg = seg->next) if (!strcmp(seg->name, p)) break; ++++++ reproducible.patch ++++++ --- /var/tmp/diff_new_pack.vm1a2X/_old 2026-07-08 17:36:53.962224057 +0200 +++ /var/tmp/diff_new_pack.vm1a2X/_new 2026-07-08 17:36:53.970224335 +0200 @@ -1,8 +1,23 @@ -Index: disasm/ndisasm.c +Index: nasm-3.02/asm/nasm.c =================================================================== ---- disasm/ndisasm.c.orig -+++ disasm/ndisasm.c -@@ -120,8 +120,8 @@ int main(int argc, char **argv) +--- nasm-3.02.orig/asm/nasm.c ++++ nasm-3.02/asm/nasm.c +@@ -1047,8 +1047,8 @@ static const struct textargs textopts[] + + static void show_version(void) + { +- printf("NASM version %s compiled on %s%s\n", +- nasm_version, nasm_date, nasm_compile_options); ++ printf("NASM version %s compiled on %s\n", ++ nasm_version, nasm_compile_options); + exit(0); + } + +Index: nasm-3.02/disasm/ndisasm.c +=================================================================== +--- nasm-3.02.orig/disasm/ndisasm.c ++++ nasm-3.02/disasm/ndisasm.c +@@ -72,8 +72,8 @@ int main(int argc, char **argv) case 'r': case 'v': fprintf(stderr, @@ -13,11 +28,11 @@ return 0; case 'u': /* -u for -b 32, -uu for -b 64 */ if (bits < 64) -Index: include/ver.h +Index: nasm-3.02/include/ver.h =================================================================== ---- include/ver.h.orig -+++ include/ver.h -@@ -41,7 +41,6 @@ +--- nasm-3.02.orig/include/ver.h ++++ nasm-3.02/include/ver.h +@@ -11,7 +11,6 @@ #include "compiler.h" extern const char nasm_version[]; @@ -25,11 +40,11 @@ extern const char nasm_compile_options[]; extern bool reproducible; -Index: nasmlib/ver.c +Index: nasm-3.02/nasmlib/ver.c =================================================================== ---- nasmlib/ver.c.orig -+++ nasmlib/ver.c -@@ -36,7 +36,6 @@ +--- nasm-3.02.orig/nasmlib/ver.c ++++ nasm-3.02/nasmlib/ver.c +@@ -6,7 +6,6 @@ /* This is printed when entering nasm -v */ const char nasm_version[] = NASM_VER; @@ -37,19 +52,4 @@ const char nasm_compile_options[] = "" #ifdef DEBUG " with -DDEBUG" -Index: asm/nasm.c -=================================================================== ---- asm/nasm.c.orig -+++ asm/nasm.c -@@ -977,8 +977,8 @@ static const struct textargs textopts[] - - static void show_version(void) - { -- printf("NASM version %s compiled on %s%s\n", -- nasm_version, nasm_date, nasm_compile_options); -+ printf("NASM version %s compiled on %s\n", -+ nasm_version, nasm_compile_options); - exit(0); - } -
