[meta-oe] yasm: drop recipe

Yasm was introduced as a rewrite of nasm, however its commits
have dried up over the years, while its unmitigated CVEs keep
piling up. Also, nasm is a healthier project with regular
contributions still.

There are no known recipes depending on yasm.

Let's remove it.

Cc: Ross Burton <ross.burton@arm.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 .../0001-bitvect-fix-build-with-gcc-15.patch  | 38 -----------------
 ...-Set-build-date-to-SOURCE_DATE_EPOCH.patch | 37 ----------------
 ...m-Use-BUILD_DATE-for-reproducibility.patch | 42 -------------------
 .../yasm/yasm/CVE-2021-33456.patch            | 35 ----------------
 .../yasm/yasm/CVE-2021-33464.patch            | 34 ---------------
 .../yasm/yasm/CVE-2023-29579.patch            | 39 -----------------
 meta-oe/recipes-devtools/yasm/yasm_git.bb     | 40 ------------------
 7 files changed, 265 deletions(-)
 delete mode 100644 meta-oe/recipes-devtools/yasm/yasm/0001-bitvect-fix-build-with-gcc-15.patch
 delete mode 100644 meta-oe/recipes-devtools/yasm/yasm/0001-yasm-Set-build-date-to-SOURCE_DATE_EPOCH.patch
 delete mode 100644 meta-oe/recipes-devtools/yasm/yasm/0002-yasm-Use-BUILD_DATE-for-reproducibility.patch
 delete mode 100644 meta-oe/recipes-devtools/yasm/yasm/CVE-2021-33456.patch
 delete mode 100644 meta-oe/recipes-devtools/yasm/yasm/CVE-2021-33464.patch
 delete mode 100644 meta-oe/recipes-devtools/yasm/yasm/CVE-2023-29579.patch
 delete mode 100644 meta-oe/recipes-devtools/yasm/yasm_git.bb

This is good. I do see meta-intel mentioning it in libipt tests

https://git.yoctoproject.org/meta-intel/tree/lib/oeqa/runtime/cases/libipt.py

It will be good for meta-intel maintainers to notice this and take action
accordingly
so please add them to thread

On Mon, Dec 1, 2025 at 12:49 PM Gyorgy Sarvari via lists.openembedded.org
<skandigraun=gmail.com@lists.openembedded.org> wrote:

> Yasm was introduced as a rewrite of nasm, however its commits
> have dried up over the years, while its unmitigated CVEs keep
> piling up. Also, nasm is a healthier project with regular
> contributions still.
>
> There are no known recipes depending on yasm.
>
> Let's remove it.
>
> Cc: Ross Burton <ross.burton@arm.com>
> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
> ---
>  .../0001-bitvect-fix-build-with-gcc-15.patch  | 38 -----------------
>  ...-Set-build-date-to-SOURCE_DATE_EPOCH.patch | 37 ----------------
>  ...m-Use-BUILD_DATE-for-reproducibility.patch | 42 -------------------
>  .../yasm/yasm/CVE-2021-33456.patch            | 35 ----------------
>  .../yasm/yasm/CVE-2021-33464.patch            | 34 ---------------
>  .../yasm/yasm/CVE-2023-29579.patch            | 39 -----------------
>  meta-oe/recipes-devtools/yasm/yasm_git.bb     | 40 ------------------
>  7 files changed, 265 deletions(-)
>  delete mode 100644
> meta-oe/recipes-devtools/yasm/yasm/0001-bitvect-fix-build-with-gcc-15.patch
>  delete mode 100644
> meta-oe/recipes-devtools/yasm/yasm/0001-yasm-Set-build-date-to-SOURCE_DATE_EPOCH.patch
>  delete mode 100644
> meta-oe/recipes-devtools/yasm/yasm/0002-yasm-Use-BUILD_DATE-for-reproducibility.patch
>  delete mode 100644 meta-oe/recipes-devtools/yasm/yasm/CVE-2021-33456.patch
>  delete mode 100644 meta-oe/recipes-devtools/yasm/yasm/CVE-2021-33464.patch
>  delete mode 100644 meta-oe/recipes-devtools/yasm/yasm/CVE-2023-29579.patch
>  delete mode 100644 meta-oe/recipes-devtools/yasm/yasm_git.bb
>
> diff --git
> a/meta-oe/recipes-devtools/yasm/yasm/0001-bitvect-fix-build-with-gcc-15.patch
> b/meta-oe/recipes-devtools/yasm/yasm/0001-bitvect-fix-build-with-gcc-15.patch
> deleted file mode 100644
> index f3f2c431d5..0000000000
> ---
> a/meta-oe/recipes-devtools/yasm/yasm/0001-bitvect-fix-build-with-gcc-15.patch
> +++ /dev/null
> @@ -1,38 +0,0 @@
> -From 64ef740eb262f329e55eebadf2ce276b146d44e9 Mon Sep 17 00:00:00 2001
> -From: Martin Jansa <martin.jansa@gmail.com>
> -Date: Tue, 22 Apr 2025 19:06:24 +0200
> -Subject: [PATCH] bitvect: fix build with gcc-15
> -
> -* fixes:
> -libyasm/bitvect.h:86:32: error: cannot use keyword 'false' as enumeration
> constant
> -   86 |         typedef enum boolean { false = FALSE, true = TRUE }
> boolean;
> -      |                                ^~~~~
> -../git/libyasm/bitvect.h:86:32: note: 'false' is a keyword with
> '-std=c23' onwards
> -
> -as suggested in:
> -https://github.com/yasm/yasm/issues/283#issuecomment-2661108816
> -
> -Upstream-Status: Submitted [https://github.com/yasm/yasm/pull/287]
> -
> -Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
> ----
> - libyasm/bitvect.h | 6 +++++-
> - 1 file changed, 5 insertions(+), 1 deletion(-)
> -
> -diff --git a/libyasm/bitvect.h b/libyasm/bitvect.h
> -index 3aee3a53..a13470ad 100644
> ---- a/libyasm/bitvect.h
> -+++ b/libyasm/bitvect.h
> -@@ -83,7 +83,11 @@ typedef  Z_longword         *Z_longwordptr;
> -     #ifdef MACOS_TRADITIONAL
> -         #define boolean Boolean
> -     #else
> --        typedef enum boolean { false = FALSE, true = TRUE } boolean;
> -+        #if __STDC_VERSION__ < 202311L
> -+             typedef enum boolean { false = FALSE, true = TRUE } boolean;
> -+        #else
> -+             typedef bool boolean;
> -+        #endif
> -     #endif
> - #endif
> -
> diff --git
> a/meta-oe/recipes-devtools/yasm/yasm/0001-yasm-Set-build-date-to-SOURCE_DATE_EPOCH.patch
> b/meta-oe/recipes-devtools/yasm/yasm/0001-yasm-Set-build-date-to-SOURCE_DATE_EPOCH.patch
> deleted file mode 100644
> index 42f5559e3f..0000000000
> ---
> a/meta-oe/recipes-devtools/yasm/yasm/0001-yasm-Set-build-date-to-SOURCE_DATE_EPOCH.patch
> +++ /dev/null
> @@ -1,37 +0,0 @@
> -From eb164bb201c0f792fa8aa78270c47294065183a3 Mon Sep 17 00:00:00 2001
> -From: Oleh Matiusha <omatiush@cisco.com>
> -Date: Tue, 6 Feb 2024 09:33:11 +0000
> -Subject: [PATCH 1/2] yasm: Set build date to SOURCE_DATE_EPOCH
> -
> -If SOURCE_DATE_EPOCH is set, use it to generate a reproducible
> -string for BUILD_DATE.
> -
> -Signed-off-by: Oleh Matiusha <omatiush@cisco.com>
> -
> -Upstream-Status: Pending
> ----
> - configure.ac | 8 ++++++++
> - 1 file changed, 8 insertions(+)
> -
> -diff --git a/configure.ac b/configure.ac
> -index 2823ecd..eeb51ce 100644
> ---- a/configure.ac
> -+++ b/configure.ac
> -@@ -103,6 +103,14 @@ AM_WITH_DMALLOC
> - #
> - AC_CHECK_HEADERS([strings.h libgen.h unistd.h direct.h sys/stat.h])
> -
> -+# Use reproducible build date and time
> -+if test "$SOURCE_DATE_EPOCH"; then
> -+      DATE_FMT="%d %b %Y %H:%M:%S"
> -+      BUILD_DATE=$(LC_ALL=C date -u -d "@$SOURCE_DATE_EPOCH"
> "+$DATE_FMT")
> -+      AC_DEFINE_UNQUOTED([BUILD_DATE], ["$BUILD_DATE"], [Use
> reproducidle build date])
> -+fi
> -+
> -+
> - #
> - # Checks for typedefs, structures, and compiler characteristics.
> - #
> ---
> -2.33.0
> -
> diff --git
> a/meta-oe/recipes-devtools/yasm/yasm/0002-yasm-Use-BUILD_DATE-for-reproducibility.patch
> b/meta-oe/recipes-devtools/yasm/yasm/0002-yasm-Use-BUILD_DATE-for-reproducibility.patch
> deleted file mode 100644
> index 4b9c933d01..0000000000
> ---
> a/meta-oe/recipes-devtools/yasm/yasm/0002-yasm-Use-BUILD_DATE-for-reproducibility.patch
> +++ /dev/null
> @@ -1,42 +0,0 @@
> -From 19fffab74a201dc41c3da7e74d86eafa8f68bbc6 Mon Sep 17 00:00:00 2001
> -From: Oleh Matiusha <omatiush@cisco.com>
> -Date: Tue, 6 Feb 2024 09:34:26 +0000
> -Subject: [PATCH] yasm: Use BUILD_DATE for reproducibility
> -
> -Use reproducible build date instead of compilation time and date.
> -
> -Signed-off-by: Oleh Matiusha <omatiush@cisco.com>
> -
> -
> -Upstream-Status: Pending
> ----
> - tools/re2c/parser.c | 5 +++++
> - 1 file changed, 5 insertions(+)
> -
> -diff --git a/tools/re2c/parser.c b/tools/re2c/parser.c
> -index 02d5c66..1c90aee 100644
> ---- a/tools/re2c/parser.c
> -+++ b/tools/re2c/parser.c
> -@@ -5,6 +5,7 @@
> - #include "tools/re2c/globals.h"
> - #include "tools/re2c/parse.h"
> - #include "tools/re2c/parser.h"
> -+#include "config.h"
> -
> - int yylex(void);
> - static RegExp *parse_expr(void);
> -@@ -233,7 +234,11 @@ void parse(FILE *i, FILE *o){
> -     peektok = NONE;
> -
> -     fputs("/* Generated by re2c 0.9.1-C on ", o);
> -+#ifndef BUILD_DATE
> -     fprintf(o, "%-24s", ctime(&now));
> -+#else
> -+    fprintf(o, "%-24s", BUILD_DATE " ");
> -+#endif
> -     fputs(" */\n", o); oline+=2;
> -
> -     in = Scanner_new(i);
> ---
> -2.33.0
> -
> diff --git a/meta-oe/recipes-devtools/yasm/yasm/CVE-2021-33456.patch
> b/meta-oe/recipes-devtools/yasm/yasm/CVE-2021-33456.patch
> deleted file mode 100644
> index 2340d8ed75..0000000000
> --- a/meta-oe/recipes-devtools/yasm/yasm/CVE-2021-33456.patch
> +++ /dev/null
> @@ -1,35 +0,0 @@
> -From 1126140b8f5ece18c58640725f0e4c08e5ec97b0 Mon Sep 17 00:00:00 2001
> -From: Gyorgy Sarvari <skandigraun@gmail.com>
> -Date: Sat, 15 Nov 2025 13:34:15 +0100
> -Subject: [PATCH] A potential null pointer difference is that the return
> value
> - of the hash may be null. This fixes CVE-2021-33456.
> -
> -From: lixuebing <lixuebing@cqsoftware.com.cn>
> -Date: Mon, 25 Aug 2025 13:51:28 +0800
> -Subject: Fix null-pointer-dereference in hash
> -Bug: https://github.com/yasm/yasm/issues/175
> -Origin: https://github.com/yasm/yasm/pull/290
> -
> -CVE: CVE-2021-33456
> -Upstream-Status: Submitted [https://github.com/yasm/yasm/pull/290]
> -
> -Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
> ----
> - modules/preprocs/nasm/nasm-pp.c | 4 ++++
> - 1 file changed, 4 insertions(+)
> -
> -diff --git a/modules/preprocs/nasm/nasm-pp.c
> b/modules/preprocs/nasm/nasm-pp.c
> -index f9f92dd1..473d98c1 100644
> ---- a/modules/preprocs/nasm/nasm-pp.c
> -+++ b/modules/preprocs/nasm/nasm-pp.c
> -@@ -1102,6 +1102,10 @@ hash(char *s)
> - {
> -     unsigned int h = 0;
> -     unsigned int i = 0;
> -+    /* Check if the input string is NULL to avoid null pointer
> dereference */
> -+    if (s == NULL) {
> -+        return 0;
> -+    }
> -     /*
> -      * Powers of three, mod 31.
> -      */
> diff --git a/meta-oe/recipes-devtools/yasm/yasm/CVE-2021-33464.patch
> b/meta-oe/recipes-devtools/yasm/yasm/CVE-2021-33464.patch
> deleted file mode 100644
> index ebae250ff9..0000000000
> --- a/meta-oe/recipes-devtools/yasm/yasm/CVE-2021-33464.patch
> +++ /dev/null
> @@ -1,34 +0,0 @@
> -From 3c3f968d48d768c1e355199d4067d99cb72abc26 Mon Sep 17 00:00:00 2001
> -From: Gyorgy Sarvari <skandigraun@gmail.com>
> -Date: Sat, 15 Nov 2025 13:30:12 +0100
> -Subject: [PATCH] Handle file descriptors with nonexisting env names
> better.
> - Avoid writing past allocated memory.
> -
> -This fixes CVE-2021-33464.
> -Author: Petter Reinholdtsen <pere@debian.org>
> -Bug: https://github.com/yasm/yasm/issues/164
> -Bug-Debian: https://bugs.debian.org/1016353
> -Forwarded: https://github.com/yasm/yasm/issues/164
> -Last-Update: 2025-04-30
> -
> -CVE: CVE-2021-33464
> -Upstream-Status: Submitted [https://github.com/yasm/yasm/issues/164]
> -
> -Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
> ----
> - modules/preprocs/nasm/nasm-pp.c | 2 +-
> - 1 file changed, 1 insertion(+), 1 deletion(-)
> -
> -diff --git a/modules/preprocs/nasm/nasm-pp.c
> b/modules/preprocs/nasm/nasm-pp.c
> -index 512f02c3..f9f92dd1 100644
> ---- a/modules/preprocs/nasm/nasm-pp.c
> -+++ b/modules/preprocs/nasm/nasm-pp.c
> -@@ -1815,7 +1815,7 @@ inc_fopen(char *file, char **newname)
> -             error(ERR_WARNING, "environment variable `%s' does not
> exist",
> -                   p1+1);
> -             *p2 = '%';
> --            p1 = p2+1;
> -+            pb = p1 = p2+1;
> -             continue;
> -         }
> -         /* need to expand */
> diff --git a/meta-oe/recipes-devtools/yasm/yasm/CVE-2023-29579.patch
> b/meta-oe/recipes-devtools/yasm/yasm/CVE-2023-29579.patch
> deleted file mode 100644
> index 58b4ed1996..0000000000
> --- a/meta-oe/recipes-devtools/yasm/yasm/CVE-2023-29579.patch
> +++ /dev/null
> @@ -1,39 +0,0 @@
> -From 81c1b7b0a28f052eaadddcb010944bf67e6ae257 Mon Sep 17 00:00:00 2001
> -From: Gyorgy Sarvari <skandigraun@gmail.com>
> -Date: Sat, 15 Nov 2025 13:24:21 +0100
> -Subject: [PATCH] Make sure CPU feature parsing use large enough string
> buffer.
> -  Fixes CVE-2023-29579.
> -
> -Author: Petter Reinholdtsen <pere@debian.org>
> -Bug: https://github.com/yasm/yasm/issues/214
> -Bug-Debian: https://bugs.debian.org/1035951
> -Forwarded:  https://github.com/yasm/yasm/issues/214
> -Last-Update: 2025-04-30
> -
> -This patch is taken from Debian:
> -
> https://sources.debian.org/patches/yasm/1.3.0-8/1000-x86-dir-cpu-CVE-2023-29579.patch/
> -
> -CVE: CVE-2023-29579
> -Upstream-Status: Submitted [https://github.com/yasm/yasm/issues/214]
> -
> -Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
> ----
> - modules/arch/x86/x86arch.c | 5 +++--
> - 1 file changed, 3 insertions(+), 2 deletions(-)
> -
> -diff --git a/modules/arch/x86/x86arch.c b/modules/arch/x86/x86arch.c
> -index bac11774..58327958 100644
> ---- a/modules/arch/x86/x86arch.c
> -+++ b/modules/arch/x86/x86arch.c
> -@@ -165,8 +165,9 @@ x86_dir_cpu(yasm_object *object, yasm_valparamhead
> *valparams,
> -                 yasm_error_set(YASM_ERROR_SYNTAX,
> -                                N_("invalid argument to [%s]"), "CPU");
> -             else {
> --                char strcpu[16];
> --                sprintf(strcpu, "%lu", yasm_intnum_get_uint(intcpu));
> -+                char strcpu[21]; /* 21 = ceil(log10(LONG_MAX)+1) */
> -+                assert(8*sizeof(unsigned long) <= 64);
> -+                snprintf(strcpu, sizeof(strcpu), "%lu",
> yasm_intnum_get_uint(intcpu));
> -                 yasm_x86__parse_cpu(arch_x86, strcpu, strlen(strcpu));
> -             }
> -         } else
> diff --git a/meta-oe/recipes-devtools/yasm/yasm_git.bb
> b/meta-oe/recipes-devtools/yasm/yasm_git.bb
> deleted file mode 100644
> index 6ddd94621a..0000000000
> --- a/meta-oe/recipes-devtools/yasm/yasm_git.bb
> +++ /dev/null
> @@ -1,40 +0,0 @@
> -SUMMARY = "x86 (SSE) assembler supporting NASM and GAS-syntaxes"
> -LICENSE = "MIT"
> -HOMEPAGE = "http://www.tortall.net/projects/yasm/"
> -
> -LIC_FILES_CHKSUM = "file://COPYING;md5=a12d8903508fb6bfd49d8d82c6170dd9"
> -
> -DEPENDS += "flex-native bison-native"
> -PACKAGECONFIG[docs] = ",,xmlto-native,"
> -
> -PV = "1.3.0+git"
> -# v1.3.0-87
> -SRCREV = "121ab150b3577b666c79a79f4a511798d7ad2432"
> -SRC_URI = "git://github.com/yasm/yasm.git;branch=master;protocol=https \
> -           file://0001-yasm-Set-build-date-to-SOURCE_DATE_EPOCH.patch \
> -           file://0002-yasm-Use-BUILD_DATE-for-reproducibility.patch \
> -           file://0001-bitvect-fix-build-with-gcc-15.patch \
> -           file://CVE-2023-29579.patch \
> -           file://CVE-2021-33464.patch \
> -           file://CVE-2021-33456.patch \
> -           "
> -
> -
> -inherit autotools gettext python3native
> -
> -CACHED_CONFIGUREVARS = "CCLD_FOR_BUILD='${CC_FOR_BUILD}'"
> -
> -BBCLASSEXTEND = "native"
> -
> -PARALLEL_MAKE = ""
> -
> -do_configure:prepend() {
> -     # Don't include $CC (which includes path to sysroot) in generated
> header.
> -     sed -i -e "s/^echo \"\/\* generated \$ac_cv_stdint_message \*\/\"
> >>\$ac_stdint$"// ${S}/m4/ax_create_stdint_h.m4
> -}
> -
> -CVE_STATUS_GROUPS += "CVE_STATUS_HASH_UPDATE"
> -CVE_STATUS_HASH_UPDATE = "CVE-2021-33454 CVE-2023-31975 CVE-2023-37732"
> -CVE_STATUS_HASH_UPDATE[status] = "fixed-version: patched in current git
> hash"
> -
> -CVE_PRODUCT += "tortall:yasm yasm_project:yasm"
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#122218):
> https://lists.openembedded.org/g/openembedded-devel/message/122218
> Mute This Topic: https://lists.openembedded.org/mt/116564756/1997914
> Group Owner: openembedded-devel+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [
> raj.khem@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
>