Hello community, here is the log from the commit of package nasm for openSUSE:Factory checked in at 2017-07-28 09:40:53 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/nasm (Old) and /work/SRC/openSUSE:Factory/.nasm.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "nasm" Fri Jul 28 09:40:53 2017 rev:35 rq:512649 version:2.13.01 Changes: -------- --- /work/SRC/openSUSE:Factory/nasm/nasm.changes 2017-06-02 10:29:39.107108037 +0200 +++ /work/SRC/openSUSE:Factory/.nasm.new/nasm.changes 2017-07-28 09:40:55.289063827 +0200 @@ -1,0 +2,8 @@ +Tue Jul 25 11:00:30 UTC 2017 - adam.majer@suse.de + +- memory_fixes.patch: Fix usage-after-free and buffer overflow + bugs (bsc#1047925, bsc#1047936, CVE-2017-11111, CVE-2017-10686) +- Restrict %fdupes to manpage directory +- Enable unit tests in %check target + +------------------------------------------------------------------- New: ---- memory_fixes.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ nasm.spec ++++++ --- /var/tmp/diff_new_pack.LCBcOC/_old 2017-07-28 09:40:55.800991729 +0200 +++ /var/tmp/diff_new_pack.LCBcOC/_new 2017-07-28 09:40:55.804991166 +0200 @@ -24,6 +24,7 @@ Group: Development/Languages/Other Url: http://www.nasm.us/ Source: http://www.nasm.us/pub/nasm/releasebuilds/%{version}/nasm-%{version}.tar.xz +Patch: memory_fixes.patch BuildRequires: fdupes %description @@ -32,6 +33,7 @@ %prep %setup -q +%patch -p1 %build touch -r ./version.h ./version.h.stamp @@ -43,7 +45,10 @@ %install make INSTALLROOT=%{buildroot} install rdf_install -%fdupes -s %{buildroot} +%fdupes %{buildroot}%{_mandir} + +%check +make test %files %defattr(-,root,root) ++++++ memory_fixes.patch ++++++ Author: Adam Majer <amajer@suse.de> Date: Tue Jul 25 13:03:57 CEST 2017 Summary: Fix use after free and buffer overflow BSC: 1047925 1047936 Submitted upstream in linked bug reports. https://bugzilla.nasm.us/show_bug.cgi?id=3392414 https://bugzilla.nasm.us/show_bug.cgi?id=3392415 Index: nasm-2.13.01/asm/preproc.c =================================================================== --- nasm-2.13.01.orig/asm/preproc.c +++ nasm-2.13.01/asm/preproc.c @@ -1280,8 +1280,8 @@ static char *detoken(Token * tlist, bool t->text = nasm_zalloc(2); } else t->text = nasm_strdup(p); + nasm_free(q); } - nasm_free(q); } /* Expand local macros here and not during preprocessing */ @@ -3845,9 +3845,15 @@ static bool paste_tokens(Token **head, c len += strlen(tok->text); p = buf = nasm_malloc(len + 1); + strcpy(p, tok->text); + p = strchr(p, '\0'); + tok = delete_Token(tok); + while (tok != next) { - strcpy(p, tok->text); - p = strchr(p, '\0'); + if (PP_CONCAT_MATCH(tok, m[i].mask_tail)) { + strcpy(p, tok->text); + p = strchr(p, '\0'); + } tok = delete_Token(tok); } @@ -5095,8 +5101,9 @@ static char *pp_getline(void) nasm_free(m->paramlen); l->finishes->in_progress = 0; } - } else - free_mmacro(m); + } else { + // free_mmacro(m); + } } istk->expansion = l->next; nasm_free(l);