[Medium] Patch yasm for CVE-2023-51258 & CVE-2023-37732 (#13795)

Author: akhila-guruju

SPECS/yasm/CVE-2023-37732.patch

@@ -0,0 +1,39 @@
+From a8196f22eccfd6e2b934dfdb4f8dac97d7e6c1f3 Mon Sep 17 00:00:00 2001
+From: akhila-guruju <v-guakhila@microsoft.com>
+Date: Wed, 14 May 2025 07:35:12 +0000
+Subject: [PATCH] Address CVE-2023-37732
+
+Upstream patch reference: https://github.com/yasm/yasm/commit/2cd3bb50e256f5ed5f611ac611d25fe673f2cec3
+
+---
+ modules/objfmts/elf/elf.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/modules/objfmts/elf/elf.c b/modules/objfmts/elf/elf.c
+index 2486bba..bab4c9c 100644
+--- a/modules/objfmts/elf/elf.c
++++ b/modules/objfmts/elf/elf.c
+@@ -482,15 +482,15 @@ elf_symtab_write_to_file(FILE *f, elf_symtab_head *symtab,
+ 
+         /* get size (if specified); expr overrides stored integer */
+         if (entry->xsize) {
+-            size_intn = yasm_intnum_copy(
+-                yasm_expr_get_intnum(&entry->xsize, 1));
+-            if (!size_intn) {
++            yasm_intnum *intn = yasm_expr_get_intnum(&entry->xsize, 1);
++            if (!intn) {
+                 yasm_error_set(YASM_ERROR_VALUE,
+                                N_("size specifier not an integer expression"));
+                 yasm_errwarn_propagate(errwarns, entry->xsize->line);
+-            }
++            } else
++                size_intn = yasm_intnum_copy(intn);
+         }
+-        else
++        if (!size_intn)
+             size_intn = yasm_intnum_create_uint(entry->size);
+ 
+         /* get EQU value for constants */
+-- 
+2.45.2
+

SPECS/yasm/CVE-2023-51258.patch

@@ -0,0 +1,34 @@
+From fd85453926e43073dc785ec0cc02a10fe2dd2794 Mon Sep 17 00:00:00 2001
+From: akhila-guruju <v-guakhila@microsoft.com>
+Date: Wed, 14 May 2025 07:13:01 +0000
+Subject: [PATCH] Address CVE-2023-51258
+
+Upstream patch reference: https://github.com/yasm/yasm/pull/264/commits/eeee94bfd6dd18af8b1508c1804d93cf20ef44e6
+
+---
+ modules/preprocs/nasm/nasm-pp.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/modules/preprocs/nasm/nasm-pp.c b/modules/preprocs/nasm/nasm-pp.c
+index 27a8cc6..76df757 100644
+--- a/modules/preprocs/nasm/nasm-pp.c
++++ b/modules/preprocs/nasm/nasm-pp.c
+@@ -3091,6 +3091,7 @@ do_directive(Token * tline)
+             {
+                 error(ERR_NONFATAL, "`%s': not defining a macro",
+                         tline->text);
++                free_tlist(origline);
+                 return DIRECTIVE_FOUND;
+             }
+             k = hash(defining->name);
+@@ -3188,6 +3189,7 @@ do_directive(Token * tline)
+                 {
+                     error(ERR_NONFATAL, "non-constant value given to `%%rep'");
+                     yasm_expr_destroy(evalresult);
++                    free_tlist(origline);
+                     return DIRECTIVE_FOUND;
+                 }
+                 i = (int)yasm_intnum_get_int(intn) + 1;
+-- 
+2.45.2
+

SPECS/yasm/yasm.spec

@@ -1,7 +1,7 @@
 Summary:        Modular Assembler
 Name:           yasm
 Version:        1.3.0
-Release:        15%{?dist}
+Release:        16%{?dist}
 License:        BSD and (GPLv2+ or Artistic or LGPLv2+) and LGPLv2
 URL:            https://yasm.tortall.net/
 Vendor:         Microsoft Corporation
@@ -10,6 +10,8 @@ Source0:        https://www.tortall.net/projects/%{name}/releases/%{name}-%{vers
 Patch1:         0001-Update-elf-objfmt.c.patch
 Patch2:         CVE-2023-31975.patch
 Patch3:         CVE-2021-33454.patch
+Patch4:         CVE-2023-51258.patch
+Patch5:         CVE-2023-37732.patch
 
 BuildRequires:  gcc
 BuildRequires:  bison
@@ -74,6 +76,9 @@ make install DESTDIR=%{buildroot}
 
 
 %changelog
+* Wed May 14 2025 Akhila Guruju <v-guakhila@microsoft.com> - 1.3.0-16
+- Patch CVE-2023-51258 and CVE-2023-37732
+
 * Tue Jun 18 2024 Saul Paredes <saulparedes@microsoft.com> - 1.3.0-15
 - Apply upstream patch for CVE-2021-33454