7 files changed, 0 insertions, 265 deletions
diff --git a/meta-oe/recipes-devtools/yasm/yasm/0001-bitvect-fix-build-with-gcc-15.patch b/meta-oe/recipes-devtools/yasm/yasm/0001-bitvect-fix-build-with-gcc-15.patch
deleted file mode 100644
index f3f2c431d5..0000000000
--- a/meta-oe/recipes-devtools/yasm/yasm/0001-bitvect-fix-build-with-gcc-15.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From 64ef740eb262f329e55eebadf2ce276b146d44e9 Mon Sep 17 00:00:00 2001
-From: Martin Jansa <martin.jansa@gmail.com>
-Date: Tue, 22 Apr 2025 19:06:24 +0200
-Subject: [PATCH] bitvect: fix build with gcc-15
-* fixes:
-libyasm/bitvect.h:86:32: error: cannot use keyword 'false' as enumeration constant
-   86 |         typedef enum boolean { false = FALSE, true = TRUE } boolean;
-      |                                ^~~~~
-../git/libyasm/bitvect.h:86:32: note: 'false' is a keyword with '-std=c23' onwards
-as suggested in:
-https://github.com/yasm/yasm/issues/283#issuecomment-2661108816
-Upstream-Status: Submitted [https://github.com/yasm/yasm/pull/287]
-Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
---
- libyasm/bitvect.h | 6 +++++-
- 1 file changed, 5 insertions(+), 1 deletion(-)
-diff --git a/libyasm/bitvect.h b/libyasm/bitvect.h
-index 3aee3a53..a13470ad 100644
--- a/libyasm/bitvect.h
-+++ b/libyasm/bitvect.h
-@@ -83,7 +83,11 @@ typedef  Z_longword         *Z_longwordptr;
-     #ifdef MACOS_TRADITIONAL
-         #define boolean Boolean
-     #else
-        typedef enum boolean { false = FALSE, true = TRUE } boolean;
-+        #if __STDC_VERSION__ < 202311L
-+             typedef enum boolean { false = FALSE, true = TRUE } boolean;
-+        #else
-+             typedef bool boolean;
-+        #endif
-     #endif
- #endif
- 
diff --git a/meta-oe/recipes-devtools/yasm/yasm/0001-yasm-Set-build-date-to-SOURCE_DATE_EPOCH.patch b/meta-oe/recipes-devtools/yasm/yasm/0001-yasm-Set-build-date-to-SOURCE_DATE_EPOCH.patch
deleted file mode 100644
index 42f5559e3f..0000000000
--- a/meta-oe/recipes-devtools/yasm/yasm/0001-yasm-Set-build-date-to-SOURCE_DATE_EPOCH.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From eb164bb201c0f792fa8aa78270c47294065183a3 Mon Sep 17 00:00:00 2001
-From: Oleh Matiusha <omatiush@cisco.com>
-Date: Tue, 6 Feb 2024 09:33:11 +0000
-Subject: [PATCH 1/2] yasm: Set build date to SOURCE_DATE_EPOCH
-If SOURCE_DATE_EPOCH is set, use it to generate a reproducible
-string for BUILD_DATE.
-Signed-off-by: Oleh Matiusha <omatiush@cisco.com>
-Upstream-Status: Pending
---
- configure.ac | 8 ++++++++
- 1 file changed, 8 insertions(+)
-diff --git a/configure.ac b/configure.ac
-index 2823ecd..eeb51ce 100644
--- a/configure.ac
-+++ b/configure.ac
-@@ -103,6 +103,14 @@ AM_WITH_DMALLOC
- #
- AC_CHECK_HEADERS([strings.h libgen.h unistd.h direct.h sys/stat.h])
- 
-+# Use reproducible build date and time
-+if test "$SOURCE_DATE_EPOCH"; then
-+       DATE_FMT="%d %b %Y %H:%M:%S"
-+       BUILD_DATE=$(LC_ALL=C date -u -d "@$SOURCE_DATE_EPOCH" "+$DATE_FMT")
-+       AC_DEFINE_UNQUOTED([BUILD_DATE], ["$BUILD_DATE"], [Use reproducidle build date])
-+fi
-+
-+
- #
- # Checks for typedefs, structures, and compiler characteristics.
- #
-- 
-2.33.0
diff --git a/meta-oe/recipes-devtools/yasm/yasm/0002-yasm-Use-BUILD_DATE-for-reproducibility.patch b/meta-oe/recipes-devtools/yasm/yasm/0002-yasm-Use-BUILD_DATE-for-reproducibility.patch
deleted file mode 100644
index 4b9c933d01..0000000000
--- a/meta-oe/recipes-devtools/yasm/yasm/0002-yasm-Use-BUILD_DATE-for-reproducibility.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From 19fffab74a201dc41c3da7e74d86eafa8f68bbc6 Mon Sep 17 00:00:00 2001
-From: Oleh Matiusha <omatiush@cisco.com>
-Date: Tue, 6 Feb 2024 09:34:26 +0000
-Subject: [PATCH] yasm: Use BUILD_DATE for reproducibility
-Use reproducible build date instead of compilation time and date.
-Signed-off-by: Oleh Matiusha <omatiush@cisco.com>
-Upstream-Status: Pending
---
- tools/re2c/parser.c | 5 +++++
- 1 file changed, 5 insertions(+)
-diff --git a/tools/re2c/parser.c b/tools/re2c/parser.c
-index 02d5c66..1c90aee 100644
--- a/tools/re2c/parser.c
-+++ b/tools/re2c/parser.c
-@@ -5,6 +5,7 @@
- #include "tools/re2c/globals.h"
- #include "tools/re2c/parse.h"
- #include "tools/re2c/parser.h"
-+#include "config.h"
- 
- int yylex(void);
- static RegExp *parse_expr(void);
-@@ -233,7 +234,11 @@ void parse(FILE *i, FILE *o){
-     peektok = NONE;
- 
-     fputs("/* Generated by re2c 0.9.1-C on ", o);
-+#ifndef BUILD_DATE
-     fprintf(o, "%-24s", ctime(&now));
-+#else
-+    fprintf(o, "%-24s", BUILD_DATE " ");
-+#endif
-     fputs(" */\n", o); oline+=2;
- 
-     in = Scanner_new(i);
-- 
-2.33.0
diff --git a/meta-oe/recipes-devtools/yasm/yasm/CVE-2021-33456.patch b/meta-oe/recipes-devtools/yasm/yasm/CVE-2021-33456.patch
deleted file mode 100644
index 2340d8ed75..0000000000
--- a/meta-oe/recipes-devtools/yasm/yasm/CVE-2021-33456.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 1126140b8f5ece18c58640725f0e4c08e5ec97b0 Mon Sep 17 00:00:00 2001
-From: Gyorgy Sarvari <skandigraun@gmail.com>
-Date: Sat, 15 Nov 2025 13:34:15 +0100
-Subject: [PATCH] A potential null pointer difference is that the return value
- of the hash may be null. This fixes CVE-2021-33456.
-From: lixuebing <lixuebing@cqsoftware.com.cn>
-Date: Mon, 25 Aug 2025 13:51:28 +0800
-Subject: Fix null-pointer-dereference in hash
-Bug: https://github.com/yasm/yasm/issues/175
-Origin: https://github.com/yasm/yasm/pull/290
-CVE: CVE-2021-33456
-Upstream-Status: Submitted [https://github.com/yasm/yasm/pull/290]
-Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
- modules/preprocs/nasm/nasm-pp.c | 4 ++++
- 1 file changed, 4 insertions(+)
-diff --git a/modules/preprocs/nasm/nasm-pp.c b/modules/preprocs/nasm/nasm-pp.c
-index f9f92dd1..473d98c1 100644
--- a/modules/preprocs/nasm/nasm-pp.c
-+++ b/modules/preprocs/nasm/nasm-pp.c
-@@ -1102,6 +1102,10 @@ hash(char *s)
- {
-     unsigned int h = 0;
-     unsigned int i = 0;
-+    /* Check if the input string is NULL to avoid null pointer dereference */
-+    if (s == NULL) {
-+        return 0;
-+    }
-     /*
-      * Powers of three, mod 31.
-      */
diff --git a/meta-oe/recipes-devtools/yasm/yasm/CVE-2021-33464.patch b/meta-oe/recipes-devtools/yasm/yasm/CVE-2021-33464.patch
deleted file mode 100644
index ebae250ff9..0000000000
--- a/meta-oe/recipes-devtools/yasm/yasm/CVE-2021-33464.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 3c3f968d48d768c1e355199d4067d99cb72abc26 Mon Sep 17 00:00:00 2001
-From: Gyorgy Sarvari <skandigraun@gmail.com>
-Date: Sat, 15 Nov 2025 13:30:12 +0100
-Subject: [PATCH] Handle file descriptors with nonexisting env names better. 
- Avoid writing past allocated memory.
-This fixes CVE-2021-33464.
-Author: Petter Reinholdtsen <pere@debian.org>
-Bug: https://github.com/yasm/yasm/issues/164
-Bug-Debian: https://bugs.debian.org/1016353
-Forwarded: https://github.com/yasm/yasm/issues/164
-Last-Update: 2025-04-30
-CVE: CVE-2021-33464
-Upstream-Status: Submitted [https://github.com/yasm/yasm/issues/164]
-Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
- modules/preprocs/nasm/nasm-pp.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/modules/preprocs/nasm/nasm-pp.c b/modules/preprocs/nasm/nasm-pp.c
-index 512f02c3..f9f92dd1 100644
--- a/modules/preprocs/nasm/nasm-pp.c
-+++ b/modules/preprocs/nasm/nasm-pp.c
-@@ -1815,7 +1815,7 @@ inc_fopen(char *file, char **newname)
-             error(ERR_WARNING, "environment variable `%s' does not exist",
-                   p1+1);
-             *p2 = '%';
-            p1 = p2+1;
-+            pb = p1 = p2+1;
-             continue;
-         }
-         /* need to expand */
diff --git a/meta-oe/recipes-devtools/yasm/yasm/CVE-2023-29579.patch b/meta-oe/recipes-devtools/yasm/yasm/CVE-2023-29579.patch
deleted file mode 100644
index 58b4ed1996..0000000000
--- a/meta-oe/recipes-devtools/yasm/yasm/CVE-2023-29579.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From 81c1b7b0a28f052eaadddcb010944bf67e6ae257 Mon Sep 17 00:00:00 2001
-From: Gyorgy Sarvari <skandigraun@gmail.com>
-Date: Sat, 15 Nov 2025 13:24:21 +0100
-Subject: [PATCH] Make sure CPU feature parsing use large enough string buffer.
-  Fixes CVE-2023-29579.
-Author: Petter Reinholdtsen <pere@debian.org>
-Bug: https://github.com/yasm/yasm/issues/214
-Bug-Debian: https://bugs.debian.org/1035951
-Forwarded:  https://github.com/yasm/yasm/issues/214
-Last-Update: 2025-04-30
-This patch is taken from Debian:
-https://sources.debian.org/patches/yasm/1.3.0-8/1000-x86-dir-cpu-CVE-2023-29579.patch/
-CVE: CVE-2023-29579
-Upstream-Status: Submitted [https://github.com/yasm/yasm/issues/214]
-Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
- modules/arch/x86/x86arch.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-diff --git a/modules/arch/x86/x86arch.c b/modules/arch/x86/x86arch.c
-index bac11774..58327958 100644
--- a/modules/arch/x86/x86arch.c
-+++ b/modules/arch/x86/x86arch.c
-@@ -165,8 +165,9 @@ x86_dir_cpu(yasm_object *object, yasm_valparamhead *valparams,
-                 yasm_error_set(YASM_ERROR_SYNTAX,
-                                N_("invalid argument to [%s]"), "CPU");
-             else {
-                char strcpu[16];
-                sprintf(strcpu, "%lu", yasm_intnum_get_uint(intcpu));
-+                char strcpu[21]; /* 21 = ceil(log10(LONG_MAX)+1) */
-+                assert(8*sizeof(unsigned long) <= 64);
-+                snprintf(strcpu, sizeof(strcpu), "%lu", yasm_intnum_get_uint(intcpu));
-                 yasm_x86__parse_cpu(arch_x86, strcpu, strlen(strcpu));
-             }
-         } else
diff --git a/meta-oe/recipes-devtools/yasm/yasm_git.bb b/meta-oe/recipes-devtools/yasm/yasm_git.bb
deleted file mode 100644
index 6ddd94621a..0000000000
--- a/meta-oe/recipes-devtools/yasm/yasm_git.bb
+++ /dev/null
@@ -1,40 +0,0 @@
-SUMMARY = "x86 (SSE) assembler supporting NASM and GAS-syntaxes"
-LICENSE = "MIT"
-HOMEPAGE = "http://www.tortall.net/projects/yasm/"
-LIC_FILES_CHKSUM = "file://COPYING;md5=a12d8903508fb6bfd49d8d82c6170dd9"
-DEPENDS += "flex-native bison-native"
-PACKAGECONFIG[docs] = ",,xmlto-native,"
-PV = "1.3.0+git"
-# v1.3.0-87
-SRCREV = "121ab150b3577b666c79a79f4a511798d7ad2432"
-SRC_URI = "git://github.com/yasm/yasm.git;branch=master;protocol=https \
-           file://0001-yasm-Set-build-date-to-SOURCE_DATE_EPOCH.patch \
-           file://0002-yasm-Use-BUILD_DATE-for-reproducibility.patch \
-           file://0001-bitvect-fix-build-with-gcc-15.patch \
-           file://CVE-2023-29579.patch \
-           file://CVE-2021-33464.patch \
-           file://CVE-2021-33456.patch \
-           "
-inherit autotools gettext python3native
-CACHED_CONFIGUREVARS = "CCLD_FOR_BUILD='${CC_FOR_BUILD}'"
-BBCLASSEXTEND = "native"
-PARALLEL_MAKE = ""
-do_configure:prepend() {
-     # Don't include $CC (which includes path to sysroot) in generated header.
-     sed -i -e "s/^echo \"\/\* generated \$ac_cv_stdint_message \*\/\" >>\$ac_stdint$"// ${S}/m4/ax_create_stdint_h.m4
-}
-CVE_STATUS_GROUPS += "CVE_STATUS_HASH_UPDATE"
-CVE_STATUS_HASH_UPDATE = "CVE-2021-33454 CVE-2023-31975 CVE-2023-37732"
-CVE_STATUS_HASH_UPDATE[status] = "fixed-version: patched in current git hash"
-CVE_PRODUCT += "tortall:yasm yasm_project:yasm"

diff --git a/meta-oe/recipes-devtools/yasm/yasm/0001-bitvect-fix-build-with-gcc-15.patch b/meta-oe/recipes-devtools/yasm/yasm/0001-bitvect-fix-build-with-gcc-15.patch deleted file mode 100644 index f3f2c431d5..0000000000 --- a/meta-oe/recipes-devtools/yasm/yasm/0001-bitvect-fix-build-with-gcc-15.patch +++ /dev/null
@@ -1,38 +0,0 @@
1	From 64ef740eb262f329e55eebadf2ce276b146d44e9 Mon Sep 17 00:00:00 2001
2	From: Martin Jansa <martin.jansa@gmail.com>
3	Date: Tue, 22 Apr 2025 19:06:24 +0200
4	Subject: [PATCH] bitvect: fix build with gcc-15
5
6	* fixes:
7	libyasm/bitvect.h:86:32: error: cannot use keyword 'false' as enumeration constant
8	86 \| typedef enum boolean { false = FALSE, true = TRUE } boolean;
9	\| ^~~~~
10	../git/libyasm/bitvect.h:86:32: note: 'false' is a keyword with '-std=c23' onwards
11
12	as suggested in:
13	https://github.com/yasm/yasm/issues/283#issuecomment-2661108816
14
15	Upstream-Status: Submitted [https://github.com/yasm/yasm/pull/287]
16
17	Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
18	---
19	libyasm/bitvect.h \| 6 +++++-
20	1 file changed, 5 insertions(+), 1 deletion(-)
21
22	diff --git a/libyasm/bitvect.h b/libyasm/bitvect.h
23	index 3aee3a53..a13470ad 100644
24	--- a/libyasm/bitvect.h
25	+++ b/libyasm/bitvect.h
26	@@ -83,7 +83,11 @@ typedef Z_longword *Z_longwordptr;
27	#ifdef MACOS_TRADITIONAL
28	#define boolean Boolean
29	#else
30	- typedef enum boolean { false = FALSE, true = TRUE } boolean;
31	+ #if __STDC_VERSION__ < 202311L
32	+ typedef enum boolean { false = FALSE, true = TRUE } boolean;
33	+ #else
34	+ typedef bool boolean;
35	+ #endif
36	#endif
37	#endif
38


diff --git a/meta-oe/recipes-devtools/yasm/yasm/0001-yasm-Set-build-date-to-SOURCE_DATE_EPOCH.patch b/meta-oe/recipes-devtools/yasm/yasm/0001-yasm-Set-build-date-to-SOURCE_DATE_EPOCH.patch deleted file mode 100644 index 42f5559e3f..0000000000 --- a/meta-oe/recipes-devtools/yasm/yasm/0001-yasm-Set-build-date-to-SOURCE_DATE_EPOCH.patch +++ /dev/null
@@ -1,37 +0,0 @@
1	From eb164bb201c0f792fa8aa78270c47294065183a3 Mon Sep 17 00:00:00 2001
2	From: Oleh Matiusha <omatiush@cisco.com>
3	Date: Tue, 6 Feb 2024 09:33:11 +0000
4	Subject: [PATCH 1/2] yasm: Set build date to SOURCE_DATE_EPOCH
5
6	If SOURCE_DATE_EPOCH is set, use it to generate a reproducible
7	string for BUILD_DATE.
8
9	Signed-off-by: Oleh Matiusha <omatiush@cisco.com>
10
11	Upstream-Status: Pending
12	---
13	configure.ac \| 8 ++++++++
14	1 file changed, 8 insertions(+)
15
16	diff --git a/configure.ac b/configure.ac
17	index 2823ecd..eeb51ce 100644
18	--- a/configure.ac
19	+++ b/configure.ac
20	@@ -103,6 +103,14 @@ AM_WITH_DMALLOC
21	#
22	AC_CHECK_HEADERS([strings.h libgen.h unistd.h direct.h sys/stat.h])
23
24	+# Use reproducible build date and time
25	+if test "$SOURCE_DATE_EPOCH"; then
26	+ DATE_FMT="%d %b %Y %H:%M:%S"
27	+ BUILD_DATE=$(LC_ALL=C date -u -d "@$SOURCE_DATE_EPOCH" "+$DATE_FMT")
28	+ AC_DEFINE_UNQUOTED([BUILD_DATE], ["$BUILD_DATE"], [Use reproducidle build date])
29	+fi
30	+
31	+
32	#
33	# Checks for typedefs, structures, and compiler characteristics.
34	#
35	--
36	2.33.0
37


diff --git a/meta-oe/recipes-devtools/yasm/yasm/0002-yasm-Use-BUILD_DATE-for-reproducibility.patch b/meta-oe/recipes-devtools/yasm/yasm/0002-yasm-Use-BUILD_DATE-for-reproducibility.patch deleted file mode 100644 index 4b9c933d01..0000000000 --- a/meta-oe/recipes-devtools/yasm/yasm/0002-yasm-Use-BUILD_DATE-for-reproducibility.patch +++ /dev/null
@@ -1,42 +0,0 @@
1	From 19fffab74a201dc41c3da7e74d86eafa8f68bbc6 Mon Sep 17 00:00:00 2001
2	From: Oleh Matiusha <omatiush@cisco.com>
3	Date: Tue, 6 Feb 2024 09:34:26 +0000
4	Subject: [PATCH] yasm: Use BUILD_DATE for reproducibility
5
6	Use reproducible build date instead of compilation time and date.
7
8	Signed-off-by: Oleh Matiusha <omatiush@cisco.com>
9
10
11	Upstream-Status: Pending
12	---
13	tools/re2c/parser.c \| 5 +++++
14	1 file changed, 5 insertions(+)
15
16	diff --git a/tools/re2c/parser.c b/tools/re2c/parser.c
17	index 02d5c66..1c90aee 100644
18	--- a/tools/re2c/parser.c
19	+++ b/tools/re2c/parser.c
20	@@ -5,6 +5,7 @@
21	#include "tools/re2c/globals.h"
22	#include "tools/re2c/parse.h"
23	#include "tools/re2c/parser.h"
24	+#include "config.h"
25
26	int yylex(void);
27	static RegExp *parse_expr(void);
28	@@ -233,7 +234,11 @@ void parse(FILE i, FILE o){
29	peektok = NONE;
30
31	fputs("/* Generated by re2c 0.9.1-C on ", o);
32	+#ifndef BUILD_DATE
33	fprintf(o, "%-24s", ctime(&now));
34	+#else
35	+ fprintf(o, "%-24s", BUILD_DATE " ");
36	+#endif
37	fputs(" */\n", o); oline+=2;
38
39	in = Scanner_new(i);
40	--
41	2.33.0
42


diff --git a/meta-oe/recipes-devtools/yasm/yasm/CVE-2021-33456.patch b/meta-oe/recipes-devtools/yasm/yasm/CVE-2021-33456.patch deleted file mode 100644 index 2340d8ed75..0000000000 --- a/meta-oe/recipes-devtools/yasm/yasm/CVE-2021-33456.patch +++ /dev/null
@@ -1,35 +0,0 @@
1	From 1126140b8f5ece18c58640725f0e4c08e5ec97b0 Mon Sep 17 00:00:00 2001
2	From: Gyorgy Sarvari <skandigraun@gmail.com>
3	Date: Sat, 15 Nov 2025 13:34:15 +0100
4	Subject: [PATCH] A potential null pointer difference is that the return value
5	of the hash may be null. This fixes CVE-2021-33456.
6
7	From: lixuebing <lixuebing@cqsoftware.com.cn>
8	Date: Mon, 25 Aug 2025 13:51:28 +0800
9	Subject: Fix null-pointer-dereference in hash
10	Bug: https://github.com/yasm/yasm/issues/175
11	Origin: https://github.com/yasm/yasm/pull/290
12
13	CVE: CVE-2021-33456
14	Upstream-Status: Submitted [https://github.com/yasm/yasm/pull/290]
15
16	Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
17	---
18	modules/preprocs/nasm/nasm-pp.c \| 4 ++++
19	1 file changed, 4 insertions(+)
20
21	diff --git a/modules/preprocs/nasm/nasm-pp.c b/modules/preprocs/nasm/nasm-pp.c
22	index f9f92dd1..473d98c1 100644
23	--- a/modules/preprocs/nasm/nasm-pp.c
24	+++ b/modules/preprocs/nasm/nasm-pp.c
25	@@ -1102,6 +1102,10 @@ hash(char *s)
26	{
27	unsigned int h = 0;
28	unsigned int i = 0;
29	+ /* Check if the input string is NULL to avoid null pointer dereference */
30	+ if (s == NULL) {
31	+ return 0;
32	+ }
33	/*
34	* Powers of three, mod 31.
35	*/


diff --git a/meta-oe/recipes-devtools/yasm/yasm/CVE-2021-33464.patch b/meta-oe/recipes-devtools/yasm/yasm/CVE-2021-33464.patch deleted file mode 100644 index ebae250ff9..0000000000 --- a/meta-oe/recipes-devtools/yasm/yasm/CVE-2021-33464.patch +++ /dev/null
@@ -1,34 +0,0 @@
1	From 3c3f968d48d768c1e355199d4067d99cb72abc26 Mon Sep 17 00:00:00 2001
2	From: Gyorgy Sarvari <skandigraun@gmail.com>
3	Date: Sat, 15 Nov 2025 13:30:12 +0100
4	Subject: [PATCH] Handle file descriptors with nonexisting env names better.
5	Avoid writing past allocated memory.
6
7	This fixes CVE-2021-33464.
8	Author: Petter Reinholdtsen <pere@debian.org>
9	Bug: https://github.com/yasm/yasm/issues/164
10	Bug-Debian: https://bugs.debian.org/1016353
11	Forwarded: https://github.com/yasm/yasm/issues/164
12	Last-Update: 2025-04-30
13
14	CVE: CVE-2021-33464
15	Upstream-Status: Submitted [https://github.com/yasm/yasm/issues/164]
16
17	Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
18	---
19	modules/preprocs/nasm/nasm-pp.c \| 2 +-
20	1 file changed, 1 insertion(+), 1 deletion(-)
21
22	diff --git a/modules/preprocs/nasm/nasm-pp.c b/modules/preprocs/nasm/nasm-pp.c
23	index 512f02c3..f9f92dd1 100644
24	--- a/modules/preprocs/nasm/nasm-pp.c
25	+++ b/modules/preprocs/nasm/nasm-pp.c
26	@@ -1815,7 +1815,7 @@ inc_fopen(char file, char *newname)
27	error(ERR_WARNING, "environment variable `%s' does not exist",
28	p1+1);
29	*p2 = '%';
30	- p1 = p2+1;
31	+ pb = p1 = p2+1;
32	continue;
33	}
34	/* need to expand */


diff --git a/meta-oe/recipes-devtools/yasm/yasm/CVE-2023-29579.patch b/meta-oe/recipes-devtools/yasm/yasm/CVE-2023-29579.patch deleted file mode 100644 index 58b4ed1996..0000000000 --- a/meta-oe/recipes-devtools/yasm/yasm/CVE-2023-29579.patch +++ /dev/null
@@ -1,39 +0,0 @@
1	From 81c1b7b0a28f052eaadddcb010944bf67e6ae257 Mon Sep 17 00:00:00 2001
2	From: Gyorgy Sarvari <skandigraun@gmail.com>
3	Date: Sat, 15 Nov 2025 13:24:21 +0100
4	Subject: [PATCH] Make sure CPU feature parsing use large enough string buffer.
5	Fixes CVE-2023-29579.
6
7	Author: Petter Reinholdtsen <pere@debian.org>
8	Bug: https://github.com/yasm/yasm/issues/214
9	Bug-Debian: https://bugs.debian.org/1035951
10	Forwarded: https://github.com/yasm/yasm/issues/214
11	Last-Update: 2025-04-30
12
13	This patch is taken from Debian:
14	https://sources.debian.org/patches/yasm/1.3.0-8/1000-x86-dir-cpu-CVE-2023-29579.patch/
15
16	CVE: CVE-2023-29579
17	Upstream-Status: Submitted [https://github.com/yasm/yasm/issues/214]
18
19	Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
20	---
21	modules/arch/x86/x86arch.c \| 5 +++--
22	1 file changed, 3 insertions(+), 2 deletions(-)
23
24	diff --git a/modules/arch/x86/x86arch.c b/modules/arch/x86/x86arch.c
25	index bac11774..58327958 100644
26	--- a/modules/arch/x86/x86arch.c
27	+++ b/modules/arch/x86/x86arch.c
28	@@ -165,8 +165,9 @@ x86_dir_cpu(yasm_object object, yasm_valparamhead valparams,
29	yasm_error_set(YASM_ERROR_SYNTAX,
30	N_("invalid argument to [%s]"), "CPU");
31	else {
32	- char strcpu[16];
33	- sprintf(strcpu, "%lu", yasm_intnum_get_uint(intcpu));
34	+ char strcpu[21]; /* 21 = ceil(log10(LONG_MAX)+1) */
35	+ assert(8*sizeof(unsigned long) <= 64);
36	+ snprintf(strcpu, sizeof(strcpu), "%lu", yasm_intnum_get_uint(intcpu));
37	yasm_x86__parse_cpu(arch_x86, strcpu, strlen(strcpu));
38	}
39	} else


diff --git a/meta-oe/recipes-devtools/yasm/yasm_git.bb b/meta-oe/recipes-devtools/yasm/yasm_git.bb deleted file mode 100644 index 6ddd94621a..0000000000 --- a/meta-oe/recipes-devtools/yasm/yasm_git.bb +++ /dev/null
@@ -1,40 +0,0 @@
1	SUMMARY = "x86 (SSE) assembler supporting NASM and GAS-syntaxes"
2	LICENSE = "MIT"
3	HOMEPAGE = "http://www.tortall.net/projects/yasm/"
4
5	LIC_FILES_CHKSUM = "file://COPYING;md5=a12d8903508fb6bfd49d8d82c6170dd9"
6
7	DEPENDS += "flex-native bison-native"
8	PACKAGECONFIG[docs] = ",,xmlto-native,"
9
10	PV = "1.3.0+git"
11	# v1.3.0-87
12	SRCREV = "121ab150b3577b666c79a79f4a511798d7ad2432"
13	SRC_URI = "git://github.com/yasm/yasm.git;branch=master;protocol=https \
14	file://0001-yasm-Set-build-date-to-SOURCE_DATE_EPOCH.patch \
15	file://0002-yasm-Use-BUILD_DATE-for-reproducibility.patch \
16	file://0001-bitvect-fix-build-with-gcc-15.patch \
17	file://CVE-2023-29579.patch \
18	file://CVE-2021-33464.patch \
19	file://CVE-2021-33456.patch \
20	"
21
22
23	inherit autotools gettext python3native
24
25	CACHED_CONFIGUREVARS = "CCLD_FOR_BUILD='${CC_FOR_BUILD}'"
26
27	BBCLASSEXTEND = "native"
28
29	PARALLEL_MAKE = ""
30
31	do_configure:prepend() {
32	# Don't include $CC (which includes path to sysroot) in generated header.
33	sed -i -e "s/^echo \"\/\* generated \$ac_cv_stdint_message \*\/\" >>\$ac_stdint$"// ${S}/m4/ax_create_stdint_h.m4
34	}
35
36	CVE_STATUS_GROUPS += "CVE_STATUS_HASH_UPDATE"
37	CVE_STATUS_HASH_UPDATE = "CVE-2021-33454 CVE-2023-31975 CVE-2023-37732"
38	CVE_STATUS_HASH_UPDATE[status] = "fixed-version: patched in current git hash"
39
40	CVE_PRODUCT += "tortall:yasm yasm_project:yasm"