Mirror of git.openembedded.org/meta-openembedded https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=master 2025-12-02T17:18:20+00:00 2025-12-02T17:18:20+00:00 Gyorgy Sarvari skandigraun@gmail.com 2025-12-01T22:09:57+00:00 urn:sha1:183693a84d84ad7d4999ad592a863b1719dde1b7 Yasm was introduced as a rewrite of nasm, however its commits have dried up over the years, while its unmitigated CVEs keep piling up. Also, nasm is a healthier project with regular contributions still. There are no known recipes depending on yasm. Let's remove it. Cc: Ross Burton <ross.burton@arm.com> Cc: Yogesh Tyagi <yogesh.tyagi@intel.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> 2025-11-15T23:49:44+00:00 Gyorgy Sarvari skandigraun@gmail.com 2025-11-15T18:18:10+00:00 urn:sha1:1e2731fce05d15020fddf3dca5d8ee42ec3c04e1 Details: https://nvd.nist.gov/vuln/detail/CVE-2021-33465 The patch was taken from Debian: https://sources.debian.org/patches/yasm/1.3.0-8/1020-hash-null-CVE-2021-33456.patch/ Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> 2025-11-15T23:49:44+00:00 Gyorgy Sarvari skandigraun@gmail.com 2025-11-15T18:18:09+00:00 urn:sha1:66a0b01b52e5d1cd2af4c41ae0b67541464874e6 Details: https://nvd.nist.gov/vuln/detail/CVE-2021-33464 The patch was taken from Debian: https://sources.debian.org/patches/yasm/1.3.0-8/1010-nasm-pp-no-env-CVE-2021-33464.patch/ Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> 2025-11-15T23:49:44+00:00 Gyorgy Sarvari skandigraun@gmail.com 2025-11-15T18:18:08+00:00 urn:sha1:cc30757a7fd0af5f60b9a6408b3eb94c0810acda Details: https://nvd.nist.gov/vuln/detail/CVE-2023-29579 The patch was taken from Debian: https://sources.debian.org/patches/yasm/1.3.0-8/1000-x86-dir-cpu-CVE-2023-29579.patch/ Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> 2025-11-15T23:49:44+00:00 Gyorgy Sarvari skandigraun@gmail.com 2025-11-15T18:18:07+00:00 urn:sha1:93f85e4fd2fb124cb047f6b378cf0052a1f102aa There are multiple vendors for yasm: $ sqlite3 ./nvdcve_2-2.db "select distinct vendor, product from products where product = 'yasm';" tortall|yasm yasm_project|yasm Both products refer to the same application Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> 2025-06-25T13:44:52+00:00 Alexander Kanavin alex@linutronix.de 2025-06-20T14:06:53+00:00 urn:sha1:fc78d37ff0ce9e0d60455465851dbe4e86d7a8b3 Please see https://git.yoctoproject.org/poky/commit/?id=4dd321f8b83afecd962393101b2a6861275b5265 for what changes are needed, and sed commands that can be used to make them en masse. I've verified that bitbake -c patch world works with these, but did not run a world build; the majority of recipes shouldn't need further fixups, but if there are some that still fall out, they can be fixed in followups. Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Khem Raj <raj.khem@gmail.com> 2025-04-24T02:35:01+00:00 Martin Jansa martin.jansa@gmail.com 2025-04-22T17:57:39+00:00 urn:sha1:c6864667a61dee3ad2417531ae6dca7243de6a1b * fixes: libyasm/bitvect.h:86:32: error: cannot use keyword 'false' as enumeration constant 86 | typedef enum boolean { false = FALSE, true = TRUE } boolean; | ^~~~~ libyasm/bitvect.h:86:32: note: 'false' is a keyword with '-std=c23' onwards as suggested in: https://github.com/yasm/yasm/issues/283#issuecomment-2661108816 Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> 2025-01-21T04:20:26+00:00 Peter Marko peter.marko@siemens.com 2025-01-19T14:02:54+00:00 urn:sha1:bba186bdcb0b0e160283556509573cdccf295edc Last tag is from 2014, but bugfixing continued and last commit is from year 2024. Additional 87 commits are present, mostly bugfixes. PV already has "+git" although it was exactly on tag, no edit needed. Drop 3 patches which are included in current git version. Add CVE_STATUS for 2 CVEs from those patches. Also mark one additional CVE as fixed: CVE-2021-33454. Stack trace from https://github.com/yasm/yasm/issues/166 References the same line of code as corrected in https://github.com/yasm/yasm/pull/244 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> 2024-03-17T20:10:09+00:00 Martin Jansa martin.jansa@gmail.com 2024-03-15T05:15:29+00:00 urn:sha1:e49860ee219f52525307a4e4e4a318d2df76cfa6 * add Pending to .patch files where it was accidentally droped with upgrades or modifications in: f88e5b146e postgresql: upgrade 15.5 -> 16.2 c904e169db multipath-tools: upgrade 0.9.3 -> 0.9.8 105be9b3d9 unionfs-fuse: upgrade 2.2 --> 3.4 or new patches where the author didn't notice/care: 2a7f74cdb0 dropwatch: Use header files from sysroot instead of build host f5cc9f272a yasm: improve reproducibility 39028d0d9d python3-pybind11: Restore strip prevention patch authors of these added to CC, please be more careful with removing or not adding these or enable patch-status in ERROR_QA for your builds, see: https://lists.openembedded.org/g/openembedded-core/topic/104922136#197113 * added with: for p in `/OE/layers/openembedded-core/scripts/contrib/patchreview.py -v . | grep Missing.Upstream-Status.tag | sed 's/.*(//g;s/)$//g'`; do grep -q ^Upstream-Status: $p || sed -i "s/^---$/\nUpstream-Status: Pending\n---/g" $p; grep -q ^Upstream-Status: $p || sed -i "1iUpstream-Status: Pending\n" $p; done Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> 2024-02-27T17:05:18+00:00 Oleh Matiusha omatiush@cisco.com 2024-02-27T13:59:12+00:00 urn:sha1:f5cc9f272a5632ae2f57ed2632c1d9a575e6b8ab Place reproducible build date in source files instead of actual build date if SOURCE_DATE_EPOCH available. Signed-off-by: Oleh Matiusha <omatiush@cisco.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>