[AutoPR- Security] Patch nasm for CVE-2022-46456 [MEDIUM] (#16211)

Co-authored-by: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com>

Author: azurelinux-security

SPECS/nasm/CVE-2022-46456.patch

@@ -0,0 +1,86 @@
+From ce3ea138398e68fb0529edd3df51ed2493fc4080 Mon Sep 17 00:00:00 2001
+From: "H. Peter Anvin" <hpa@zytor.com>
+Date: Sat, 30 Aug 2025 16:16:43 -0700
+Subject: [PATCH] ndisasm: make the assembler (hopefully) work again
+
+- Significantly overhauled the disassembler internals to make
+  better use of the information already in the instruction template
+  and to reduce the implementation differences with the assembler
+- Add APX support to the disassembler
+- Fix problem with disassembler truncating addresses of jumps
+- Fix generation of invalid EAs in 16-bit mode
+- Fix array overrun for types in a few modules
+- Fix invalid ND flag on near JMP
+
+Signed-off-by: H. Peter Anvin (Intel) <hpa@zytor.com>
+
+Signed-off-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
+Upstream-reference: https://github.com/netwide-assembler/nasm/commit/e05867ce3dfe303186f6c66df20251bfd828fd49
+---
+ output/outdbg.c | 43 +++++++++++++++++++++++++++++++++++++++----
+ 1 file changed, 39 insertions(+), 4 deletions(-)
+
+diff --git a/output/outdbg.c b/output/outdbg.c
+index e7a9a4e..04cb3dd 100644
+--- a/output/outdbg.c
++++ b/output/outdbg.c
+@@ -408,9 +408,44 @@ dbg_pragma(const struct pragma *pragma)
+     return DIRR_OK;
+ }
+ 
+-static const char * const types[] = {
+-    "unknown", "label", "byte", "word", "dword", "float", "qword", "tbyte"
+-};
++static const char *type_name(uint32_t type)
++{
++    switch (TYM_TYPE(type)) {
++    case TY_UNKNOWN:
++        return "unknown";
++    case TY_LABEL:
++        return "label";
++    case TY_BYTE:
++        return "byte";
++    case TY_WORD:
++        return "word";
++    case TY_DWORD:
++        return "dword";
++    case TY_FLOAT:
++        return "float";
++    case TY_QWORD:
++        return "qword";
++    case TY_TBYTE:
++        return "tbyte";
++    case TY_OWORD:
++        return "oword";
++    case TY_YWORD:
++        return "yword";
++    case TY_ZWORD:
++        return "zword";
++    case TY_COMMON:
++        return "common";
++    case TY_SEG:
++        return "seg";
++    case TY_EXTERN:
++        return "extern";
++    case TY_EQU:
++        return "equ";
++    default:
++        return "<invalid type code>";
++    }
++}
++
+ static void dbgdbg_init(void)
+ {
+     fprintf(ofile, "dbg init: debug information enabled\n");
+@@ -457,7 +492,7 @@ static void dbgdbg_output(int output_type, void *param)
+ static void dbgdbg_typevalue(int32_t type)
+ {
+     fprintf(ofile, "dbg typevalue: %s(%"PRIX32")\n",
+-            types[TYM_TYPE(type) >> 3], TYM_ELEMENTS(type));
++            type_name(type), TYM_ELEMENTS(type));
+ }
+ 
+ static void
+-- 
+2.45.4
+

SPECS/nasm/nasm.spec

@@ -1,20 +1,25 @@
 Summary:        Netwide Assembler.
 Name:           nasm
 Version:        2.16
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        BSD
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
 Group:          System Environment/Libraries
 URL:            https://www.nasm.us
 Source0:        http://www.nasm.us/pub/nasm/releasebuilds/%{version}/%{name}-%{version}.tar.gz
+Patch0:         CVE-2022-46456.patch
+
+BuildRequires:  perl
+BuildRequires:  perl(File::Find)
+
 ExclusiveArch:  x86_64
 
 %description
 NASM (Netwide Assembler) is an 80x86 assembler designed for portability and modularity. It includes a disassembler as well.
 
 %prep
-%setup -q
+%autosetup -p1
 
 %build
 %configure
@@ -33,6 +38,9 @@ make %{?_smp_mflags} -k test
 %{_datadir}/*
 
 %changelog
+* Tue Mar 17 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 2.16-2
+- Patch for CVE-2022-46456
+
 * Tue May 23 2023 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 2.16-1
 - Auto-upgrade to 2.16 - patch CVE-2022-44370