CVE-2020-24342
This commit is contained in:
parent
c4db958ec0
commit
a178517865
|
@ -0,0 +1,22 @@
|
||||||
|
diff -up lua-5.4.0/src/ldo.c.CVE-2020-24342 lua-5.4.0/src/ldo.c
|
||||||
|
--- lua-5.4.0/src/ldo.c.CVE-2020-24342 2020-09-02 14:56:36.939443912 -0400
|
||||||
|
+++ lua-5.4.0/src/ldo.c 2020-09-02 14:57:47.765341519 -0400
|
||||||
|
@@ -515,14 +515,13 @@ void luaD_call (lua_State *L, StkId func
|
||||||
|
|
||||||
|
/*
|
||||||
|
** Similar to 'luaD_call', but does not allow yields during the call.
|
||||||
|
-** If there is a stack overflow, freeing all CI structures will
|
||||||
|
-** force the subsequent call to invoke 'luaE_extendCI', which then
|
||||||
|
-** will raise any errors.
|
||||||
|
*/
|
||||||
|
void luaD_callnoyield (lua_State *L, StkId func, int nResults) {
|
||||||
|
incXCcalls(L);
|
||||||
|
- if (getCcalls(L) <= CSTACKERR) /* possible stack overflow? */
|
||||||
|
- luaE_freeCI(L);
|
||||||
|
+ if (getCcalls(L) <= CSTACKERR) { /* possible C stack overflow? */
|
||||||
|
+ luaE_exitCcall(L); /* to compensate decrement in next call */
|
||||||
|
+ luaE_enterCcall(L); /* check properly */
|
||||||
|
+ }
|
||||||
|
luaD_call(L, func, nResults);
|
||||||
|
decXCcalls(L);
|
||||||
|
}
|
10
lua.spec
10
lua.spec
|
@ -15,7 +15,7 @@
|
||||||
|
|
||||||
Name: lua
|
Name: lua
|
||||||
Version: %{major_version}.0
|
Version: %{major_version}.0
|
||||||
Release: 6%{?dist}
|
Release: 7%{?dist}
|
||||||
Summary: Powerful light-weight programming language
|
Summary: Powerful light-weight programming language
|
||||||
License: MIT
|
License: MIT
|
||||||
URL: http://www.lua.org/
|
URL: http://www.lua.org/
|
||||||
|
@ -59,6 +59,7 @@ Patch17: %{name}-5.4.0-CVE-2020-24370.patch
|
||||||
Patch18: %{name}-5.3.5-CVE-2020-24370.patch
|
Patch18: %{name}-5.3.5-CVE-2020-24370.patch
|
||||||
# This is bug 9
|
# This is bug 9
|
||||||
Patch19: %{name}-5.4.0-CVE-2020-24371.patch
|
Patch19: %{name}-5.4.0-CVE-2020-24371.patch
|
||||||
|
Patch20: %{name}-5.4.0-CVE-2020-24342.patch
|
||||||
|
|
||||||
BuildRequires: automake autoconf libtool readline-devel ncurses-devel
|
BuildRequires: automake autoconf libtool readline-devel ncurses-devel
|
||||||
Requires: lua-libs = %{version}-%{release}
|
Requires: lua-libs = %{version}-%{release}
|
||||||
|
@ -121,6 +122,7 @@ mv src/luaconf.h src/luaconf.h.template.in
|
||||||
%patch16 -p1 -b .CVE-2020-24369
|
%patch16 -p1 -b .CVE-2020-24369
|
||||||
%patch17 -p1 -b .CVE-2020-24370
|
%patch17 -p1 -b .CVE-2020-24370
|
||||||
%patch19 -p1 -b .CVE-2020-24371
|
%patch19 -p1 -b .CVE-2020-24371
|
||||||
|
%patch20 -p1 -b .CVE-2020-24342
|
||||||
# Put proper version in configure.ac, patch0 hardcodes 5.3.0
|
# Put proper version in configure.ac, patch0 hardcodes 5.3.0
|
||||||
sed -i 's|5.3.0|%{version}|g' configure.ac
|
sed -i 's|5.3.0|%{version}|g' configure.ac
|
||||||
autoreconf -ifv
|
autoreconf -ifv
|
||||||
|
@ -246,6 +248,9 @@ install -Dpm 0644 %{SOURCE1001} $RPM_BUILD_ROOT/%{_fileattrsdir}/lua.attr
|
||||||
%{_libdir}/*.a
|
%{_libdir}/*.a
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Sep 2 2020 Tom Callaway <spot@fedoraproject.org> - 5.4.0-7
|
||||||
|
- apply upstream fix for CVE-2020-24342
|
||||||
|
|
||||||
* Wed Aug 19 2020 Tom Callaway <spot@fedoraproject.org> - 5.4.0-6
|
* Wed Aug 19 2020 Tom Callaway <spot@fedoraproject.org> - 5.4.0-6
|
||||||
- apply upstream fix for CVE-2020-24370, CVE-2020-24371
|
- apply upstream fix for CVE-2020-24370, CVE-2020-24371
|
||||||
|
|
||||||
|
@ -266,9 +271,6 @@ install -Dpm 0644 %{SOURCE1001} $RPM_BUILD_ROOT/%{_fileattrsdir}/lua.attr
|
||||||
* Mon Jun 29 2020 Tom Callaway <spot@fedoraproject.org> - 5.4.0-1
|
* Mon Jun 29 2020 Tom Callaway <spot@fedoraproject.org> - 5.4.0-1
|
||||||
- update to 5.4.0
|
- update to 5.4.0
|
||||||
|
|
||||||
* Wed Oct 23 2019 Tom Callaway <spot@fedoraproject.org> - 5.4.0-0.1.beta
|
|
||||||
- 5.4.0-beta
|
|
||||||
|
|
||||||
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 5.3.5-7
|
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 5.3.5-7
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue