5.4.4, 5.3.6

.gitignore

@@ -22,3 +22,6 @@ lua-5.1.4/
 /lua-5.4.2-tests.tar.gz
 /lua-5.4.3.tar.gz
 /lua-5.4.3-tests.tar.gz
+/lua-5.4.4.tar.gz
+/lua-5.4.4-tests.tar.gz
+/lua-5.3.6.tar.gz

lua.spec

@@ -1,20 +1,20 @@
 %global major_version 5.4
 # Normally, this is the same as version, but... not always.
-%global test_version 5.4.3
+%global test_version 5.4.4
 # If you are incrementing major_version, enable bootstrapping and adjust accordingly.
 # Version should be the latest prior build. If you don't do this, RPM will break and
 # everything will grind to a halt.
 %global bootstrap 1
 %global bootstrap_major_version 5.3
-%global bootstrap_version %{bootstrap_major_version}.5
+%global bootstrap_version %{bootstrap_major_version}.6
 
 # Place rpm-macros into proper location.
 %global macrosdir %(d=%{_rpmconfigdir}/macros.d; [ -d $d ] || d=%{_sysconfdir}/rpm; echo $d)
 
 
 Name:           lua
-Version:        %{major_version}.3
-Release:        4%{?dist}
+Version:        %{major_version}.4
+Release:        1%{?dist}
 Summary:        Powerful light-weight programming language
 License:        MIT
 URL:            http://www.lua.org/
@@ -36,18 +36,7 @@ Patch4:         %{name}-5.3.0-configure-compat-module.patch
 Patch5:         %{name}-5.3.0-autotoolize.patch
 Patch6:		%{name}-5.3.5-luac-shared-link-fix.patch
 %endif
-# This is also bug 9
-Patch7:		%{name}-5.4.3-CVE-2021-44647.patch
-
 # https://www.lua.org/bugs.html
-Patch18:	%{name}-5.3.5-CVE-2020-24370.patch
-Patch19:	%{name}-5.4.3-bug3.patch
-Patch20:	%{name}-5.4.3-bug4.patch
-Patch21:	%{name}-5.4.3-bug5.patch
-Patch22:	%{name}-5.4.3-bug6.patch
-Patch23:	%{name}-5.4.3-bug7.patch
-Patch24:	%{name}-5.4.3-bug8.patch
-Patch25:	%{name}-5.4.3-bug10.patch
 
 BuildRequires:  automake autoconf libtool readline-devel ncurses-devel
 BuildRequires:  make
@@ -102,16 +91,8 @@ mv src/luaconf.h src/luaconf.h.template.in
 #%% patch2 -p1 -z .luac-shared
 %patch3 -p1 -z .configure-linux
 %patch4 -p1 -z .configure-compat-all
-%patch7 -p1 -b .CVE-2021-44647
 # Put proper version in configure.ac, patch0 hardcodes 5.3.0
 sed -i 's|5.3.0|%{version}|g' configure.ac
-%patch19 -p1 -b .bug3
-%patch20 -p1 -b .bug4
-%patch21 -p1 -b .bug5
-%patch22 -p1 -b .bug6
-%patch23 -p1 -b .bug7
-%patch24 -p1 -b .bug8
-%patch25 -p1 -b .bug10
 autoreconf -ifv
 
 %if 0%{?bootstrap}
@@ -122,7 +103,6 @@ mv src/luaconf.h src/luaconf.h.template.in
 %patch3 -p1 -z .configure-linux
 %patch4 -p1 -z .configure-compat-all
 %patch6 -p1 -b .luac-shared-link-fix
-%patch18 -p1 -b .CVE-2020-24370
 autoreconf -i
 cd ..
 %endif
@@ -227,6 +207,11 @@ popd
 %{_libdir}/*.a
 
 %changelog
+* Tue Feb  1 2022 Tom Callaway <spot@fedoraproject.org> - 5.4.4-1
+- update to 5.4.4, update bootstrap code to 5.3.6
+- 5.4.4 contains the fix for 5.4.3 bug7, which is also CVE-2021-43519
+  This fix was also in 5.4.3-4, so you do not need to update solely for that.
+
 * Mon Jan 24 2022 Tom Callaway <spot@fedoraproject.org> - 5.4.3-4
 - apply upstream fix for CVE-2021-44647
 - apply upstream fixes for known lua bugs 4-10 (11 assumes other changes beyond 5.4.3)

sources

@@ -1,3 +1,3 @@
-SHA512 (lua-5.3.5.tar.gz) = 4f9516acc4659dfd0a9e911bfa00c0788f0ad9348e5724fe8fb17aac59e9c0060a64378f82be86f8534e49c6c013e7488ad17321bafcc787831d3d67406bd0f4
-SHA512 (lua-5.4.3.tar.gz) = 3a1a3ee8694b72b4ec9d3ce76705fe179328294353604ca950c53f41b41161b449877d43318ef4501fee44ecbd6c83314ce7468d7425ba9b2903c9c32a28bbc0
-SHA512 (lua-5.4.3-tests.tar.gz) = 034ebddd5b89ccc57e1d9f25853b502e1569bdef2b0bf26380d8babf0d5b2e001c55086cc28e0840969dc2905ac05b55dd2b4496fa997c6f4e37c8878e123359
+SHA512 (lua-5.4.4.tar.gz) = af0c35d5ba00fecbb2dd617bd7b825edf7418a16a73076e04f2a0df58cdbf098dc3ff4402e974afd789eb5d86d2e12ec6df9c84b99b23656ea694a85f83bcd21
+SHA512 (lua-5.4.4-tests.tar.gz) = 08b3d764b3f362a2cddf5a23e71b16eea96a234a970fa0048bab358ebbd77f99d9bd132af12254383c5bb5426516e1ce2107e529e88d3963869255f5a41198ef
+SHA512 (lua-5.3.6.tar.gz) = ccc380d5e114d54504de0bfb0321ca25ec325d6ff1bfee44b11870b660762d1a9bf120490c027a0088128b58bb6b5271bbc648400cab84d2dc22b512c4841681