diff options
| author | Polampalli, Archana <archana.polampalli@windriver.com> | 2023-07-20 11:35:41 +0000 |
|---|---|---|
| committer | Armin Kuster <akuster808@gmail.com> | 2023-08-03 16:47:53 -0400 |
| commit | 83f5741bd53ae3eafee33fdbf52dbacc593e3c95 (patch) | |
| tree | fa9a9da904a737c56947caa7c9c59159bb7da34b | |
| parent | 4da92ed9be41734f6ced46b981958e2e868cbff2 (diff) | |
| download | meta-openembedded-83f5741bd53ae3eafee33fdbf52dbacc593e3c95.tar.gz | |
yasm: fix CVE-2023-31975
yasm v1.3.0 was discovered to contain a memory leak via the function
yasm_intnum_copy at /libyasm/intnum.c.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-31975
https://github.com/yasm/yasm/issues/210
Upstream patches:
https://github.com/yasm/yasm/commit/b2cc5a1693b17ac415df76d0795b15994c106441
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
| -rw-r--r-- | meta-oe/recipes-devtools/yasm/yasm/CVE-2023-31975.patch | 29 | ||||
| -rw-r--r-- | meta-oe/recipes-devtools/yasm/yasm_git.bb | 1 |
2 files changed, 30 insertions, 0 deletions
diff --git a/meta-oe/recipes-devtools/yasm/yasm/CVE-2023-31975.patch b/meta-oe/recipes-devtools/yasm/yasm/CVE-2023-31975.patch new file mode 100644 index 0000000000..ae10e99c2f --- /dev/null +++ b/meta-oe/recipes-devtools/yasm/yasm/CVE-2023-31975.patch | |||
| @@ -0,0 +1,29 @@ | |||
| 1 | From b2cc5a1693b17ac415df76d0795b15994c106441 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Katsuhiko Gondow <gondow@cs.titech.ac.jp> | ||
| 3 | Date: Tue, 13 Jun 2023 05:00:47 +0900 | ||
| 4 | Subject: [PATCH] Fix memory leak in bin-objfmt (#231) | ||
| 5 | |||
| 6 | Upstream-Status: Backport [https://github.com/yasm/yasm/commit/b2cc5a1693b17ac415df76d0795b15994c106441] | ||
| 7 | |||
| 8 | CVE: CVE-2023-31975 | ||
| 9 | --- | ||
| 10 | modules/objfmts/bin/bin-objfmt.c | 4 ++++ | ||
| 11 | 1 file changed, 4 insertions(+) | ||
| 12 | |||
| 13 | diff --git a/modules/objfmts/bin/bin-objfmt.c b/modules/objfmts/bin/bin-objfmt.c | ||
| 14 | index 18026750..a38c3422 100644 | ||
| 15 | --- a/modules/objfmts/bin/bin-objfmt.c | ||
| 16 | +++ b/modules/objfmts/bin/bin-objfmt.c | ||
| 17 | @@ -1680,6 +1680,10 @@ static void | ||
| 18 | bin_section_data_destroy(void *data) | ||
| 19 | { | ||
| 20 | bin_section_data *bsd = (bin_section_data *)data; | ||
| 21 | + if (bsd->align) | ||
| 22 | + yasm_xfree(bsd->align); | ||
| 23 | + if (bsd->valign) | ||
| 24 | + yasm_xfree(bsd->valign); | ||
| 25 | if (bsd->start) | ||
| 26 | yasm_expr_destroy(bsd->start); | ||
| 27 | if (bsd->vstart) | ||
| 28 | -- | ||
| 29 | 2.40.0 | ||
diff --git a/meta-oe/recipes-devtools/yasm/yasm_git.bb b/meta-oe/recipes-devtools/yasm/yasm_git.bb index 044fcbea74..5c3562300b 100644 --- a/meta-oe/recipes-devtools/yasm/yasm_git.bb +++ b/meta-oe/recipes-devtools/yasm/yasm_git.bb | |||
| @@ -11,6 +11,7 @@ PV = "1.3.0+git${SRCPV}" | |||
| 11 | SRCREV = "ba463d3c26c0ece2e797b8d6381b161633b5971a" | 11 | SRCREV = "ba463d3c26c0ece2e797b8d6381b161633b5971a" |
| 12 | SRC_URI = "git://github.com/yasm/yasm.git;branch=master;protocol=https \ | 12 | SRC_URI = "git://github.com/yasm/yasm.git;branch=master;protocol=https \ |
| 13 | file://0001-Do-not-use-AC_HEADER_STDC.patch \ | 13 | file://0001-Do-not-use-AC_HEADER_STDC.patch \ |
| 14 | file://CVE-2023-31975.patch \ | ||
| 14 | " | 15 | " |
| 15 | 16 | ||
| 16 | S = "${WORKDIR}/git" | 17 | S = "${WORKDIR}/git" |