!53 Update to 2.15.05 for fix CVE-2020-21685,CVE-2020-21686 and CVE-2020-21687

From: @starlet-dx 
Reviewed-by: @lyn1001 
Signed-off-by: @lyn1001

CVE-2020-21528.patch

@@ -0,0 +1,43 @@
+From 93c774d482694643cafbc82578ac8b729fb5bc8b Mon Sep 17 00:00:00 2001
+From: Cyrill Gorcunov <gorcunov@gmail.com>
+Date: Wed, 4 Nov 2020 13:08:06 +0300
+Subject: [PATCH] BR3392637: output/outieee: Fix nil dereference
+
+The handling been broken in commit 98578071.
+
+Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
+---
+ output/outieee.c | 17 +++++++++++++++++
+ 1 file changed, 17 insertions(+)
+
+diff --git a/output/outieee.c b/output/outieee.c
+index bff2f085..b3ccc5f6 100644
+--- a/output/outieee.c
++++ b/output/outieee.c
+@@ -795,6 +795,23 @@ static int32_t ieee_segment(char *name, int *bits)
+             define_label(name, seg->index + 1, 0L, false);
+         ieee_seg_needs_update = NULL;
+ 
++        /*
++         * In commit 98578071b9d71ecaa2344dd9c185237c1765041e
++         * we reworked labels significantly which in turn lead
++         * to the case where seg->name = NULL here and we get
++         * nil dereference in next segments definitions.
++         *
++         * Lets placate this case with explicit name setting
++         * if labels engine didn't set it yet.
++         *
++         * FIXME: Need to revisit this moment if such fix doesn't
++         * break anything but since IEEE 695 format is veeery
++         * old I don't expect there are many users left. In worst
++         * case this should only lead to a memory leak.
++         */
++        if (!seg->name)
++            seg->name = nasm_strdup(name);
++
+         if (seg->use32)
+             *bits = 32;
+         else
+-- 
+2.27.0
+

CVE-2022-44370.patch

@@ -0,0 +1,94 @@
+From 2d4e6952417ec6f08b6f135d2b5d0e19b7dae30d Mon Sep 17 00:00:00 2001
+From: "H. Peter Anvin" <hpa@zytor.com>
+Date: Mon, 7 Nov 2022 10:26:03 -0800
+Subject: [PATCH] quote_for_pmake: fix counter underrun resulting in segfault
+
+while (nbs--) { ... } ends with nbs == -1. Rather than a minimal fix,
+introduce mempset() to make these kinds of errors less likely in the
+future.
+
+Fixes: https://bugzilla.nasm.us/show_bug.cgi?id=3392815
+Reported-by: <13579and24680@gmail.com>
+Signed-off-by: H. Peter Anvin <hpa@zytor.com>
+---
+ asm/nasm.c         | 12 +++++-------
+ configure.ac       |  1 +
+ include/compiler.h |  7 +++++++
+ 3 files changed, 13 insertions(+), 7 deletions(-)
+
+diff --git a/asm/nasm.c b/asm/nasm.c
+index 6af927547..1e337c7ba 100644
+--- a/asm/nasm.c
++++ b/asm/nasm.c
+@@ -1,6 +1,6 @@
+ /* ----------------------------------------------------------------------- *
+  *
+- *   Copyright 1996-2020 The NASM Authors - All Rights Reserved
++ *   Copyright 1996-2022 The NASM Authors - All Rights Reserved
+  *   See the file AUTHORS included with the NASM distribution for
+  *   the specific copyright holders.
+  *
+@@ -817,8 +817,7 @@ static char *quote_for_pmake(const char *str)
+     }
+ 
+     /* Convert N backslashes at the end of filename to 2N backslashes */
+-    if (nbs)
+-        n += nbs;
++    n += nbs;
+ 
+     os = q = nasm_malloc(n);
+ 
+@@ -827,10 +826,10 @@ static char *quote_for_pmake(const char *str)
+         switch (*p) {
+         case ' ':
+         case '\t':
+-            while (nbs--)
+-                *q++ = '\\';
++            q = mempset(q, '\\', nbs);
+             *q++ = '\\';
+             *q++ = *p;
++            nbs = 0;
+             break;
+         case '$':
+             *q++ = *p;
+@@ -852,9 +851,8 @@ static char *quote_for_pmake(const char *str)
+             break;
+         }
+     }
+-    while (nbs--)
+-        *q++ = '\\';
+ 
++    q = mempset(q, '\\', nbs);
+     *q = '\0';
+ 
+     return os;
+diff --git a/configure.ac b/configure.ac
+index 04a9f648b..42cd19884 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -200,6 +200,7 @@ AC_CHECK_FUNCS(strrchrnul)
+ AC_CHECK_FUNCS(iscntrl)
+ AC_CHECK_FUNCS(isascii)
+ AC_CHECK_FUNCS(mempcpy)
++AC_CHECK_FUNCS(mempset)
+ 
+ AC_CHECK_FUNCS(getuid)
+ AC_CHECK_FUNCS(getgid)
+diff --git a/include/compiler.h b/include/compiler.h
+index c5bac6e57..407c16093 100644
+--- a/include/compiler.h
++++ b/include/compiler.h
+@@ -252,6 +252,13 @@ static inline void *mempcpy(void *dst, const void *src, size_t n)
+ }
+ #endif
+ 
++#ifndef HAVE_MEMPSET
++static inline void *mempset(void *dst, int c, size_t n)
++{
++    return (char *)memset(dst, c, n) + n;
++}
++#endif
++
+ /*
+  * Hack to support external-linkage inline functions
+  */

backport-CVE-2019-20352.patch

@@ -1,52 +0,0 @@
-From 7c88289e222dc5ef9f53f9e86ecaab1924744b88 Mon Sep 17 00:00:00 2001
-From: Cyrill Gorcunov <gorcunov@gmail.com>
-Date: Tue, 18 Aug 2020 11:25:14 +0300
-Subject: [PATCH] BR3392711: preproc: fix memory corruption in
- expand_one_smacro
-
-https://github.com/netwide-assembler/nasm/commit/7c88289e222dc5ef9f53f9e86ecaab1924744b88
-
-The mempcpy helper returns *last* byte pointer thus when
-we call set_text_free we have to pass a pointer to the
-start of the string.
-
-Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
----
- asm/preproc.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/asm/preproc.c b/asm/preproc.c
-index fec9520..1368cee 100644
---- a/asm/preproc.c
-+++ b/asm/preproc.c
-@@ -5531,7 +5531,7 @@ static SMacro *expand_one_smacro(Token ***tpp)
-         {
-             size_t mlen = strlen(m->name);
- 	    size_t len;
--            char *p;
-+            char *p, *from;
- 
-             t->type = mstart->type;
-             if (t->type == TOK_LOCAL_MACRO) {
-@@ -5544,15 +5544,15 @@ static SMacro *expand_one_smacro(Token ***tpp)
-                 plen = pep - psp;
- 
-                 len = mlen + plen;
--                p = nasm_malloc(len + 1);
-+                from = p = nasm_malloc(len + 1);
-                 p = mempcpy(p, psp, plen);
-             } else {
-                 len = mlen;
--                p = nasm_malloc(len + 1);
-+                from = p = nasm_malloc(len + 1);
-             }
-             p = mempcpy(p, m->name, mlen);
-             *p = '\0';
--	    set_text_free(t, p, len);
-+	    set_text_free(t, from, len);
- 
-             t->next = tline;
-             break;
--- 
-2.23.0
-

backport-CVE-2020-24241-1.patch

@@ -1,76 +0,0 @@
-From 6ac6ac57e3d01ea8ed4ea47706eb724b59176461 Mon Sep 17 00:00:00 2001
-From: "H. Peter Anvin (Intel)" <hpa@zytor.com>
-Date: Thu, 30 Jul 2020 15:46:12 -0700
-Subject: [PATCH] parser: when flattening an eop, must preserve any data buffer
-
-https://github.com/netwide-assembler/nasm/commit/6ac6ac57e3d01ea8ed4ea47706eb724b59176461
-
-An eop may have a data buffer associated with it as part of the same
-memory allocation. Therefore, we need to move "subexpr" up instead of
-merging it into "eop".
-
-This *partially* resolves BR 3392707, but that test case still
-triggers a violation when using -gcv8.
-
-Reported-by: Suhwan <prada960808@gmail.com>
-Signed-off-by: H. Peter Anvin (Intel) <hpa@zytor.com>
----
- asm/parser.c       | 16 +++++++++++-----
- test/br3392707.asm | 21 +++++++++++++++++++++
- 2 files changed, 32 insertions(+), 5 deletions(-)
- create mode 100644 test/br3392707.asm
-
-diff --git a/asm/parser.c b/asm/parser.c
-index dbd2240c..584e40c9 100644
---- a/asm/parser.c
-+++ b/asm/parser.c
-@@ -458,11 +458,17 @@ static int parse_eops(extop **result, bool critical, int elem)
-                 /* Subexpression is empty */
-                 eop->type = EOT_NOTHING;
-             } else if (!subexpr->next) {
--                /* Subexpression is a single element, flatten */
--                eop->val   = subexpr->val;
--                eop->type  = subexpr->type;
--                eop->dup  *= subexpr->dup;
--                nasm_free(subexpr);
-+                /*
-+                 * Subexpression is a single element, flatten.
-+                 * Note that if subexpr has an allocated buffer associated
-+                 * with it, freeing it would free the buffer, too, so
-+                 * we need to move subexpr up, not eop down.
-+                 */
-+                if (!subexpr->elem)
-+                    subexpr->elem = eop->elem;
-+                subexpr->dup *= eop->dup;
-+                nasm_free(eop);
-+                eop = subexpr;
-             } else {
-                 eop->type = EOT_EXTOP;
-             }
-diff --git a/test/br3392707.asm b/test/br3392707.asm
-new file mode 100644
-index 00000000..6e84c5b4
---- /dev/null
-+++ b/test/br3392707.asm
-@@ -0,0 +1,21 @@
-+	bits 32
-+
-+	db 33
-+	db (44)
-+;	db (44,55)	-- error
-+	db %(44.55)
-+	db %('XX','YY')
-+	db ('AA')
-+	db %('BB')
-+	db ?
-+	db 6 dup (33)
-+	db 6 dup (33, 34)
-+	db 6 dup (33, 34), 35
-+	db 7 dup (99)
-+	db 7 dup (?,?)
-+	dw byte (?,44)
-+
-+	dw 0xcc, 4 dup byte ('PQR'), ?, 0xabcd
-+
-+	dd 16 dup (0xaaaa, ?, 0xbbbbbb)
-+	dd 64 dup (?)

backport-CVE-2020-24241-2.patch

@@ -1,55 +0,0 @@
-From 78df8828a0a5d8e2d8ff3dced562bf1778ce2e6c Mon Sep 17 00:00:00 2001
-From: "H. Peter Anvin (Intel)" <hpa@zytor.com>
-Date: Thu, 30 Jul 2020 17:06:24 -0700
-Subject: [PATCH] output/codeview.c: use list_for_each_safe() to free a list
-
-https://github.com/netwide-assembler/nasm/commit/78df8828a0a5d8e2d8ff3dced562bf1778ce2e6c
-
-Using list_for_each() is by definition not safe when freeing the
-members of the list, use list_for_each_free() instead.
-
-Also, use nasm_new() and nasm_free() where appropriate.
-
-This was discovered as a downstream bug from BR 3392707.
-
-Signed-off-by: H. Peter Anvin (Intel) <hpa@zytor.com>
----
- output/codeview.c | 9 ++++-----
- 1 file changed, 4 insertions(+), 5 deletions(-)
-
-diff --git a/output/codeview.c b/output/codeview.c
-index be3fd27a..8276a4f3 100644
---- a/output/codeview.c
-+++ b/output/codeview.c
-@@ -305,7 +305,7 @@ static void build_type_table(struct coff_Section *const sect);
- static void cv8_cleanup(void)
- {
-     struct cv8_symbol *sym;
--    struct source_file *file;
-+    struct source_file *file, *ftmp;
- 
-     struct coff_Section *symbol_sect = coff_sects[cv8_state.symbol_sect];
-     struct coff_Section *type_sect = coff_sects[cv8_state.type_sect];
-@@ -316,10 +316,10 @@ static void cv8_cleanup(void)
-     build_symbol_table(symbol_sect);
-     build_type_table(type_sect);
- 
--    list_for_each(file, cv8_state.source_files) {
-+    list_for_each_safe(file, ftmp, cv8_state.source_files) {
-         nasm_free(file->fullname);
-         saa_free(file->lines);
--        free(file);
-+        nasm_free(file);
-     }
-     hash_free(&cv8_state.file_hash);
- 
-@@ -398,8 +398,7 @@ static struct source_file *register_file(const char *filename)
- 
-         fullpath = nasm_realpath(filename);
- 
--        file = nasm_zalloc(sizeof(*file));
--
-+        nasm_new(file);
-         file->filename = filename;
-         file->fullname = fullpath;
-         file->fullnamelen = strlen(fullpath);

enable-make-check.patch

@@ -0,0 +1,30 @@
+From 4d663e5249f94b49d7af474c345f96a4b9ffd931 Mon Sep 17 00:00:00 2001
+From: ExtinctFire <shenyining_00@126.com>
+Date: Sat, 27 Nov 2021 09:44:16 +0800
+Subject: [PATCH] add check summary
+
+Signed-off-by: ExtinctFire <shenyining_00@126.com>
+---
+ Makefile.in | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/Makefile.in b/Makefile.in
+index 5725ed3..9282215 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -497,10 +497,10 @@ splint:
+ 	splint -weak *.c
+ 
+ test: nasm$(X)
+-	cd test && $(RUNPERL) performtest.pl --nasm=../nasm *.asm
++	cd test && $(RUNPERL) performtest.pl --nasm=../nasm *.asm --verbose
+ 
+ golden: nasm$(X)
+-	cd test && $(RUNPERL) performtest.pl --golden --nasm=../nasm *.asm
++	cd test && $(RUNPERL) performtest.pl --golden --nasm=../nasm *.asm --verbose
+ 
+ travis: nasm$(X)
+ 	$(PYTHON3) travis/nasm-t.py run
+-- 
+2.23.0
+

fix-help-info-error.patch

@@ -0,0 +1,28 @@
+From e5987111a8fc89ed86e43ab81e0805d958c61b2c Mon Sep 17 00:00:00 2001
+From: yangchenguang <yangchenguang@uniontech.com>
+Date: Thu, 19 Jan 2023 13:27:29 +0800
+Subject: [PATCH] fix help info error
+
+Signed-off-by: yangchenguang <yangchenguang@uniontech.com>
+---
+ asm/nasm.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/asm/nasm.c b/asm/nasm.c
+index e5ae89a..e00408b 100644
+--- a/asm/nasm.c
++++ b/asm/nasm.c
+@@ -2293,8 +2293,8 @@ static void help(FILE *out)
+         "\n"
+         "   --prefix str   prepend the given string to the names of all extern,\n"
+         "                  common and global symbols (also --gprefix)\n"
+-        "   --suffix str   append the given string to the names of all extern,\n"
+-        "                  common and global symbols (also --gprefix)\n"
++        "   --postfix str  append the given string to the names of all extern,\n"
++        "                  common and global symbols (also --gpostfix)\n"
+         "   --lprefix str  prepend the given string to local symbols\n"
+         "   --lpostfix str append the given string to local symbols\n"
+         "\n"
+-- 
+2.20.1
+

nasm.spec

@@ -7,23 +7,25 @@
 %endif
 
 Name:     nasm
-Version:  2.15.03
-Release:  2
+Version:  2.15.05
+Release:  1
 Summary:  The Netwide Assembler, a portable x86 assembler with Intel-like syntax
 License:  BSD
 URL:      http://www.nasm.us
 Source0:  http://www.nasm.us/pub/nasm/releasebuilds/%{version}/%{name}-%{version}.tar.bz2
 Source1:  http://www.nasm.us/pub/nasm/releasebuilds/%{version}/%{name}-%{version}-xdoc.tar.bz2
 
-Patch6000: backport-CVE-2019-20352.patch
-Patch6001: backport-CVE-2020-24241-1.patch
-Patch6002: backport-CVE-2020-24241-2.patch
+Patch6000: enable-make-check.patch
+Patch6001: fix-help-info-error.patch
+# https://github.com/netwide-assembler/nasm/commit/2d4e6952417ec6f08b6f135d2b5d0e19b7dae30d
+Patch6002: CVE-2022-44370.patch
+Patch6003: CVE-2020-21528.patch
 
 #https://bugzilla.nasm.us/attachment.cgi?id=411648
 BuildRequires: perl(Env) autoconf asciidoc xmlto gcc make git
 
 Provides:  %{name}-rdoff
-Obsoletes: %{name}-rdoff
+Obsoletes: %{name}-rdoff < %{version}-%{release}
 
 %description
 NASM is the Netwide Assembler, a free portable assembler for the Intel
@@ -39,7 +41,7 @@ BuildRequires: perl(Sort::Versions)
 BuildRequires: adobe-source-sans-pro-fonts adobe-source-code-pro-fonts
 BuildRequires: ghostscript
 Provides:  %{name}-doc
-Obsoletes: %{name}-doc
+Obsoletes: %{name}-doc < %{version}-%{release}
 %endif
 BuildArch: noarch
 
@@ -62,6 +64,10 @@ make all %{?_smp_mflags}
 %install
 %make_install install_rdf
 
+%check
+make golden
+make test
+
 %files
 %doc CHANGES README.md
 %license AUTHORS
@@ -87,7 +93,28 @@ make all %{?_smp_mflags}
 %{_mandir}/man1/ld*
 
 %changelog
-* Thu Jan 07 2020 shixuantong <shixuantong@huawei.com> - 2.15.03-2
+* Wed Jun 26 2024 yaoxin <yao_xin001@hoperun.com> - 2.15.05-1
+- Update to 2.15.05
+  * fix %ifid with $ and $$
+  * Add --reproducible option to suppress NASM version numbers and timestamps in output files
+
+* Wed Aug 23 2023 hongjinghao <hongjinghao@huawei.com> - 2.15.03-7
+- Fix CVE-2020-21528
+
+* Wed Apr 12 2023 yaoxin <yao_xin001@hoperun.com> - 2.15.03-6
+- Fix CVE-2022-44370
+
+* Thu Jan 19 2023 yangchenguang <yangchenguang@uniontech.com> - 2.15.03-5
+- Fix help info error
+
+* Sat Oct 22 2022 zhangruifang <zhangruifang1@h-partners.com> - 2.15.03-4
+- add version number for Obsoletes
+- fix bogus date in changelog
+
+* Sat Nov 27 2021 ExtinctFire <shenyining_00@126.com> - 2.15.03-3
+- enable make check
+
+* Thu Jan 07 2021 shixuantong <shixuantong@huawei.com> - 2.15.03-2
 - fix CVE-2019-20352 CVE-2020-24241 
 
 * Thu Jul 23 2020 shixuantong <shixuantong@huawei.com> - 2.15.03-1