Details: https://nvd.nist.gov/vuln/detail/CVE-2023-29579
The patch was taken from Debian: https://sources.debian.org/patches/yasm/1.3.0-8/1000-x86-dir-cpu-CVE-2023-29579.patch/ Signed-off-by: Gyorgy Sarvari <[email protected]> --- .../yasm/yasm/CVE-2023-29579.patch | 39 +++++++++++++++++++ meta-oe/recipes-devtools/yasm/yasm_git.bb | 3 +- 2 files changed, 41 insertions(+), 1 deletion(-) create mode 100644 meta-oe/recipes-devtools/yasm/yasm/CVE-2023-29579.patch diff --git a/meta-oe/recipes-devtools/yasm/yasm/CVE-2023-29579.patch b/meta-oe/recipes-devtools/yasm/yasm/CVE-2023-29579.patch new file mode 100644 index 0000000000..58b4ed1996 --- /dev/null +++ b/meta-oe/recipes-devtools/yasm/yasm/CVE-2023-29579.patch @@ -0,0 +1,39 @@ +From 81c1b7b0a28f052eaadddcb010944bf67e6ae257 Mon Sep 17 00:00:00 2001 +From: Gyorgy Sarvari <[email protected]> +Date: Sat, 15 Nov 2025 13:24:21 +0100 +Subject: [PATCH] Make sure CPU feature parsing use large enough string buffer. + Fixes CVE-2023-29579. + +Author: Petter Reinholdtsen <[email protected]> +Bug: https://github.com/yasm/yasm/issues/214 +Bug-Debian: https://bugs.debian.org/1035951 +Forwarded: https://github.com/yasm/yasm/issues/214 +Last-Update: 2025-04-30 + +This patch is taken from Debian: +https://sources.debian.org/patches/yasm/1.3.0-8/1000-x86-dir-cpu-CVE-2023-29579.patch/ + +CVE: CVE-2023-29579 +Upstream-Status: Submitted [https://github.com/yasm/yasm/issues/214] + +Signed-off-by: Gyorgy Sarvari <[email protected]> +--- + modules/arch/x86/x86arch.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/modules/arch/x86/x86arch.c b/modules/arch/x86/x86arch.c +index bac11774..58327958 100644 +--- a/modules/arch/x86/x86arch.c ++++ b/modules/arch/x86/x86arch.c +@@ -165,8 +165,9 @@ x86_dir_cpu(yasm_object *object, yasm_valparamhead *valparams, + yasm_error_set(YASM_ERROR_SYNTAX, + N_("invalid argument to [%s]"), "CPU"); + else { +- char strcpu[16]; +- sprintf(strcpu, "%lu", yasm_intnum_get_uint(intcpu)); ++ char strcpu[21]; /* 21 = ceil(log10(LONG_MAX)+1) */ ++ assert(8*sizeof(unsigned long) <= 64); ++ snprintf(strcpu, sizeof(strcpu), "%lu", yasm_intnum_get_uint(intcpu)); + yasm_x86__parse_cpu(arch_x86, strcpu, strlen(strcpu)); + } + } else diff --git a/meta-oe/recipes-devtools/yasm/yasm_git.bb b/meta-oe/recipes-devtools/yasm/yasm_git.bb index abaeef4db3..4fb1aa3552 100644 --- a/meta-oe/recipes-devtools/yasm/yasm_git.bb +++ b/meta-oe/recipes-devtools/yasm/yasm_git.bb @@ -14,7 +14,8 @@ SRC_URI = "git://github.com/yasm/yasm.git;branch=master;protocol=https \ file://0001-yasm-Set-build-date-to-SOURCE_DATE_EPOCH.patch \ file://0002-yasm-Use-BUILD_DATE-for-reproducibility.patch \ file://0001-bitvect-fix-build-with-gcc-15.patch \ -" + file://CVE-2023-29579.patch \ + " inherit autotools gettext python3native
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#121739): https://lists.openembedded.org/g/openembedded-devel/message/121739 Mute This Topic: https://lists.openembedded.org/mt/116311374/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
