yasm: patch CVE-2021-33454 (#9433)

Author: Redent0r

SPECS/yasm/CVE-2021-33454.patch

@@ -0,0 +1,22 @@
+From 9defefae9fbcb6958cddbfa778c1ea8605da8b8b Mon Sep 17 00:00:00 2001
+From: dataisland <dataisland@outlook.com>
+Date: Fri, 22 Sep 2023 00:21:20 -0500
+Subject: [PATCH] Fix null-pointer-dereference in yasm_expr_get_intnum (#244)
+
+---
+ libyasm/expr.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libyasm/expr.c b/libyasm/expr.c
+index 5b0c418b..09ae1121 100644
+--- a/libyasm/expr.c
++++ b/libyasm/expr.c
+@@ -1264,7 +1264,7 @@ yasm_expr_get_intnum(yasm_expr **ep, int calc_bc_dist)
+ {
+     *ep = yasm_expr_simplify(*ep, calc_bc_dist);
+ 
+-    if ((*ep)->op == YASM_EXPR_IDENT && (*ep)->terms[0].type == YASM_EXPR_INT)
++    if (*ep && (*ep)->op == YASM_EXPR_IDENT && (*ep)->terms[0].type == YASM_EXPR_INT)
+         return (*ep)->terms[0].data.intn;
+     else
+         return (yasm_intnum *)NULL;

SPECS/yasm/yasm.spec

@@ -1,14 +1,15 @@
 Summary:        Modular Assembler
 Name:           yasm
 Version:        1.3.0
-Release:        14%{?dist}
+Release:        15%{?dist}
 License:        BSD and (GPLv2+ or Artistic or LGPLv2+) and LGPLv2
 URL:            https://yasm.tortall.net/
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
 Source0:        https://www.tortall.net/projects/%{name}/releases/%{name}-%{version}.tar.gz
 Patch1:         0001-Update-elf-objfmt.c.patch
 Patch2:         CVE-2023-31975.patch
+Patch3:         CVE-2021-33454.patch
 
 BuildRequires:  gcc
 BuildRequires:  bison
@@ -73,6 +74,9 @@ make install DESTDIR=%{buildroot}
 
 
 %changelog
+* Tue Jun 18 2024 Saul Paredes <saulparedes@microsoft.com> - 1.3.0-15
+- Apply upstream patch for CVE-2021-33454
+
 * Tue Jun 13 2023 Henry Beberman <henry.beberman@microsoft.com> - 1.3.0-14
 - Apply upstream patch for CVE-2023-31975