yasm was punted as dependency in chromium 6 years ago. https://chromium.googlesource.com/chromium/src/third_party/yasm/+/306b2b1d4fdb53a7ede81911a02dfd4b8efbfe4d
On Tue, Nov 18, 2025 at 7:54 AM Khem Raj <[email protected]> wrote: > > > On Tue, Nov 18, 2025 at 6:53 AM Ross Burton via lists.openembedded.org > <[email protected]> wrote: > >> On 17 Nov 2025, at 09:38, Gyorgy Sarvari via lists.openembedded.org >> <[email protected]> wrote: >> > >> > - yasm: CVE-2021-33455: https://nvd.nist.gov/vuln/detail/CVE-2021-33455 >> > - yasm: CVE-2021-33457: https://nvd.nist.gov/vuln/detail/CVE-2021-33457 >> > - yasm: CVE-2021-33458: https://nvd.nist.gov/vuln/detail/CVE-2021-33458 >> > - yasm: CVE-2021-33459: https://nvd.nist.gov/vuln/detail/CVE-2021-33459 >> > - yasm: CVE-2021-33460: https://nvd.nist.gov/vuln/detail/CVE-2021-33460 >> > - yasm: CVE-2021-33461: https://nvd.nist.gov/vuln/detail/CVE-2021-33461 >> > - yasm: CVE-2021-33462: https://nvd.nist.gov/vuln/detail/CVE-2021-33462 >> > - yasm: CVE-2021-33463: https://nvd.nist.gov/vuln/detail/CVE-2021-33463 >> > - yasm: CVE-2021-33465: https://nvd.nist.gov/vuln/detail/CVE-2021-33465 >> > - yasm: CVE-2021-33466: https://nvd.nist.gov/vuln/detail/CVE-2021-33466 >> > - yasm: CVE-2021-33467: https://nvd.nist.gov/vuln/detail/CVE-2021-33467 >> > - yasm: CVE-2021-33468: https://nvd.nist.gov/vuln/detail/CVE-2021-33468 >> > - yasm: CVE-2023-30402: https://nvd.nist.gov/vuln/detail/CVE-2023-30402 >> > - yasm: CVE-2023-31972: https://nvd.nist.gov/vuln/detail/CVE-2023-31972 >> > - yasm: CVE-2023-31973: https://nvd.nist.gov/vuln/detail/CVE-2023-31973 >> > - yasm: CVE-2023-31974: https://nvd.nist.gov/vuln/detail/CVE-2023-31974 >> > - yasm: CVE-2023-51258: https://nvd.nist.gov/vuln/detail/CVE-2023-51258 >> >> Proposal: delete yasm. It advertises itself as a rewrite of nasm, but >> nasm is still alive and did a major release just a few months ago. Nothing >> else in meta-oe depends on yasm, and according to the layer index[1] the >> only interesting recipe that depends on yasm is chromium, which I basically >> refuse to believe won’t work with nasm (mainly as the debian packaging for >> chromium doesn’t depend on nasm or yasm[2] so this dependency is likely >> obsolete now). >> >> I can send a patch... :) > > > I think we need to ensure chromium can still build without it otherwise I > am with you on this proposal > >> >> >> Cheers, >> Ross >> >> [1] >> https://layers.openembedded.org/layerindex/branch/master/recipes/?q=depends%3Ayasm-native >> [2] >> https://salsa.debian.org/chromium-team/chromium/-/blob/master/debian/control >> >> >> >> >>
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#121865): https://lists.openembedded.org/g/openembedded-devel/message/121865 Mute This Topic: https://lists.openembedded.org/mt/116334910/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
