From 0abfafec39eb8fbba39efc3f3f6acb0a57971d48 Mon Sep 17 00:00:00 2001
From: Azure Linux Security Servicing Account
 <azurelinux-security@microsoft.com>
Date: Tue, 17 Mar 2026 13:19:44 +0000
Subject: [PATCH 1/3] Patch nasm for CVE-2022-46456

---
 SPECS/nasm/CVE-2022-46456.patch | 88 +++++++++++++++++++++++++++++++++
 SPECS/nasm/nasm.spec            |  7 ++-
 2 files changed, 94 insertions(+), 1 deletion(-)
 create mode 100644 SPECS/nasm/CVE-2022-46456.patch

diff --git a/SPECS/nasm/CVE-2022-46456.patch b/SPECS/nasm/CVE-2022-46456.patch
new file mode 100644
index 00000000000..01f424c52a0
--- /dev/null
+++ b/SPECS/nasm/CVE-2022-46456.patch
@@ -0,0 +1,88 @@
+From ce3ea138398e68fb0529edd3df51ed2493fc4080 Mon Sep 17 00:00:00 2001
+From: "H. Peter Anvin" <hpa@zytor.com>
+Date: Sat, 30 Aug 2025 16:16:43 -0700
+Subject: [PATCH] ndisasm: make the assembler (hopefully) work again
+
+- Significantly overhauled the disassembler internals to make
+  better use of the information already in the instruction template
+  and to reduce the implementation differences with the assembler
+- Add APX support to the disassembler
+- Fix problem with disassembler truncating addresses of jumps
+- Fix generation of invalid EAs in 16-bit mode
+- Fix array overrun for types in a few modules
+- Fix invalid ND flag on near JMP
+
+Signed-off-by: H. Peter Anvin (Intel) <hpa@zytor.com>
+
+Upstream Patch Reference: https://github.com/netwide-assembler/nasm/commit/e05867ce3dfe303186f6c66df20251bfd828fd49
+
+Signed-off-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
+Upstream-reference: https://raw.githubusercontent.com/Ratiranjan5/azurelinux/90dababcb45a554034f613ebaee55157e4e786b8/SPECS/nasm/CVE-2022-46456.patch
+---
+ output/outdbg.c | 43 +++++++++++++++++++++++++++++++++++++++----
+ 1 file changed, 39 insertions(+), 4 deletions(-)
+
+diff --git a/output/outdbg.c b/output/outdbg.c
+index e7a9a4e..04cb3dd 100644
+--- a/output/outdbg.c
++++ b/output/outdbg.c
+@@ -408,9 +408,44 @@ dbg_pragma(const struct pragma *pragma)
+     return DIRR_OK;
+ }
+ 
+-static const char * const types[] = {
+-    "unknown", "label", "byte", "word", "dword", "float", "qword", "tbyte"
+-};
++static const char *type_name(uint32_t type)
++{
++    switch (TYM_TYPE(type)) {
++    case TY_UNKNOWN:
++        return "unknown";
++    case TY_LABEL:
++        return "label";
++    case TY_BYTE:
++        return "byte";
++    case TY_WORD:
++        return "word";
++    case TY_DWORD:
++        return "dword";
++    case TY_FLOAT:
++        return "float";
++    case TY_QWORD:
++        return "qword";
++    case TY_TBYTE:
++        return "tbyte";
++    case TY_OWORD:
++        return "oword";
++    case TY_YWORD:
++        return "yword";
++    case TY_ZWORD:
++        return "zword";
++    case TY_COMMON:
++        return "common";
++    case TY_SEG:
++        return "seg";
++    case TY_EXTERN:
++        return "extern";
++    case TY_EQU:
++        return "equ";
++    default:
++        return "<invalid type code>";
++    }
++}
++
+ static void dbgdbg_init(void)
+ {
+     fprintf(ofile, "dbg init: debug information enabled\n");
+@@ -457,7 +492,7 @@ static void dbgdbg_output(int output_type, void *param)
+ static void dbgdbg_typevalue(int32_t type)
+ {
+     fprintf(ofile, "dbg typevalue: %s(%"PRIX32")\n",
+-            types[TYM_TYPE(type) >> 3], TYM_ELEMENTS(type));
++            type_name(type), TYM_ELEMENTS(type));
+ }
+ 
+ static void
+-- 
+2.45.4
+
diff --git a/SPECS/nasm/nasm.spec b/SPECS/nasm/nasm.spec
index b5ce9cfeadd..aa4e3f33a16 100644
--- a/SPECS/nasm/nasm.spec
+++ b/SPECS/nasm/nasm.spec
@@ -1,13 +1,14 @@
 Summary:        Netwide Assembler.
 Name:           nasm
 Version:        2.16
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        BSD
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
 Group:          System Environment/Libraries
 URL:            https://www.nasm.us
 Source0:        http://www.nasm.us/pub/nasm/releasebuilds/%{version}/%{name}-%{version}.tar.gz
+Patch0:         CVE-2022-46456.patch
 ExclusiveArch:  x86_64
 
 %description
@@ -15,6 +16,7 @@ NASM (Netwide Assembler) is an 80x86 assembler designed for portability and modu
 
 %prep
 %setup -q
+%patch 0 -p1
 
 %build
 %configure
@@ -33,6 +35,9 @@ make %{?_smp_mflags} -k test
 %{_datadir}/*
 
 %changelog
+* Tue Mar 17 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 2.16-2
+- Patch for CVE-2022-46456
+
 * Tue May 23 2023 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 2.16-1
 - Auto-upgrade to 2.16 - patch CVE-2022-44370
 

From 9d2c7f6206fe31bdb4347bd8318e34bcfedb6a66 Mon Sep 17 00:00:00 2001
From: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com>
Date: Tue, 17 Mar 2026 18:53:58 +0530
Subject: [PATCH 2/3] Fix upstream reference in CVE-2022-46456.patch

Updated upstream reference for CVE-2022-46456 patch.
---
 SPECS/nasm/CVE-2022-46456.patch | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/SPECS/nasm/CVE-2022-46456.patch b/SPECS/nasm/CVE-2022-46456.patch
index 01f424c52a0..05d9f27a016 100644
--- a/SPECS/nasm/CVE-2022-46456.patch
+++ b/SPECS/nasm/CVE-2022-46456.patch
@@ -14,10 +14,8 @@ Subject: [PATCH] ndisasm: make the assembler (hopefully) work again
 
 Signed-off-by: H. Peter Anvin (Intel) <hpa@zytor.com>
 
-Upstream Patch Reference: https://github.com/netwide-assembler/nasm/commit/e05867ce3dfe303186f6c66df20251bfd828fd49
-
 Signed-off-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
-Upstream-reference: https://raw.githubusercontent.com/Ratiranjan5/azurelinux/90dababcb45a554034f613ebaee55157e4e786b8/SPECS/nasm/CVE-2022-46456.patch
+Upstream-reference: https://github.com/netwide-assembler/nasm/commit/e05867ce3dfe303186f6c66df20251bfd828fd49
 ---
  output/outdbg.c | 43 +++++++++++++++++++++++++++++++++++++++----
  1 file changed, 39 insertions(+), 4 deletions(-)

From 7c00c9d9376a771f784b1c7902ce032201dbde7c Mon Sep 17 00:00:00 2001
From: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com>
Date: Fri, 20 Mar 2026 15:46:21 +0530
Subject: [PATCH 3/3] Update NASM spec file for build setup

---
 SPECS/nasm/nasm.spec | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/SPECS/nasm/nasm.spec b/SPECS/nasm/nasm.spec
index aa4e3f33a16..35d9b7d2644 100644
--- a/SPECS/nasm/nasm.spec
+++ b/SPECS/nasm/nasm.spec
@@ -9,14 +9,17 @@ Group:          System Environment/Libraries
 URL:            https://www.nasm.us
 Source0:        http://www.nasm.us/pub/nasm/releasebuilds/%{version}/%{name}-%{version}.tar.gz
 Patch0:         CVE-2022-46456.patch
+
+BuildRequires:  perl
+BuildRequires:  perl(File::Find)
+
 ExclusiveArch:  x86_64
 
 %description
 NASM (Netwide Assembler) is an 80x86 assembler designed for portability and modularity. It includes a disassembler as well.
 
 %prep
-%setup -q
-%patch 0 -p1
+%autosetup -p1
 
 %build
 %configure