Compare commits
1 Commits
Author | SHA1 | Date | |
---|---|---|---|
|
c9b9f4ac09 |
26
lua-5.3.5-CVE-2020-24370.patch
Normal file
26
lua-5.3.5-CVE-2020-24370.patch
Normal file
@ -0,0 +1,26 @@
|
||||
diff -up lua-5.3.5/src/ldebug.c.CVE-2020-24370 lua-5.3.5/src/ldebug.c
|
||||
--- lua-5.3.5/src/ldebug.c.CVE-2020-24370 2020-08-19 13:37:17.075859557 -0400
|
||||
+++ lua-5.3.5/src/ldebug.c 2020-08-19 13:38:53.117779244 -0400
|
||||
@@ -133,10 +133,11 @@ static const char *upvalname (Proto *p,
|
||||
|
||||
static const char *findvararg (CallInfo *ci, int n, StkId *pos) {
|
||||
int nparams = clLvalue(ci->func)->p->numparams;
|
||||
- if (n >= cast_int(ci->u.l.base - ci->func) - nparams)
|
||||
+ int nvararg = cast_int(ci->u.l.base - ci->func) - nparams;
|
||||
+ if (n <= -nvararg)
|
||||
return NULL; /* no such vararg */
|
||||
else {
|
||||
- *pos = ci->func + nparams + n;
|
||||
+ *pos = ci->func + nparams - n;
|
||||
return "(*vararg)"; /* generic name for any vararg */
|
||||
}
|
||||
}
|
||||
@@ -148,7 +149,7 @@ static const char *findlocal (lua_State
|
||||
StkId base;
|
||||
if (isLua(ci)) {
|
||||
if (n < 0) /* access to vararg values? */
|
||||
- return findvararg(ci, -n, pos);
|
||||
+ return findvararg(ci, n, pos);
|
||||
else {
|
||||
base = ci->u.l.base;
|
||||
name = luaF_getlocalname(ci_func(ci)->p, n, currentpc(ci));
|
7
lua.spec
7
lua.spec
@ -15,7 +15,7 @@
|
||||
|
||||
Name: lua
|
||||
Version: %{major_version}.5
|
||||
Release: 7%{?dist}
|
||||
Release: 8%{?dist}
|
||||
Summary: Powerful light-weight programming language
|
||||
License: MIT
|
||||
URL: http://www.lua.org/
|
||||
@ -42,6 +42,7 @@ Patch7: %{name}-5.2.2-luac-shared-link-fix.patch
|
||||
Patch8: %{name}-5.2.2-configure-compat-module.patch
|
||||
%endif
|
||||
Patch9: CVE-2019-6706-use-after-free-lua_upvaluejoin.patch
|
||||
Patch10: %{name}-5.3.5-CVE-2020-24370.patch
|
||||
|
||||
BuildRequires: automake autoconf libtool readline-devel ncurses-devel
|
||||
Requires: lua-libs = %{version}-%{release}
|
||||
@ -93,6 +94,7 @@ mv src/luaconf.h src/luaconf.h.template.in
|
||||
%patch3 -p1 -z .configure-linux
|
||||
%patch4 -p1 -z .configure-compat-all
|
||||
%patch9 -p1 -b .CVE-2019-6706
|
||||
%patch10 -p1 -b .CVE-2020-24370
|
||||
# Put proper version in configure.ac, patch0 hardcodes 5.3.0
|
||||
sed -i 's|5.3.0|%{version}|g' configure.ac
|
||||
autoreconf -ifv
|
||||
@ -214,6 +216,9 @@ install -Dpm 0644 %{SOURCE1000} $RPM_BUILD_ROOT/%{macrosdir}/macros.lua
|
||||
|
||||
|
||||
%changelog
|
||||
* Wed Aug 19 2020 Tom Callaway <spot@fedoraproject.org> - 5.3.5-8
|
||||
- fix CVE-2020-24370
|
||||
|
||||
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 5.3.5-7
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user