import lua-5.4.4-3.el9

i9c changed/i9c/lua-5.4.4-3.el9
MSVSphere Packaging Team 2 years ago
parent 5b73be7ed6
commit 1b8de138f2

@ -0,0 +1,22 @@
From 1f3c6f4534c6411313361697d98d1145a1f030fa Mon Sep 17 00:00:00 2001
From: Roberto Ierusalimschy <roberto@inf.puc-rio.br>
Date: Tue, 15 Feb 2022 12:28:46 -0300
Subject: [PATCH] Bug: Lua can generate wrong code when _ENV is <const>
---
lparser.c | 1 +
testes/attrib.lua | 10 ++++++++++
2 files changed, 11 insertions(+)
diff --git a/lparser.c b/lparser.c
index 3abe3d751..a5cd55257 100644
--- a/src/lparser.c
+++ b/src/lparser.c
@@ -468,6 +468,7 @@ static void singlevar (LexState *ls, expdesc *var) {
expdesc key;
singlevaraux(fs, ls->envn, var, 1); /* get environment variable */
lua_assert(var->k != VVOID); /* this one must exist */
+ luaK_exp2anyregup(fs, var); /* but could be a constant */
codestring(&key, varname); /* key is variable name */
luaK_indexed(fs, var, &key); /* env[varname] */
}

@ -14,7 +14,7 @@
Name: lua
Version: %{major_version}.4
Release: 2%{?dist}
Release: 3%{?dist}
Summary: Powerful light-weight programming language
License: MIT
URL: http://www.lua.org/
@ -39,6 +39,7 @@ Patch6: %{name}-5.3.5-luac-shared-link-fix.patch
# https://www.lua.org/bugs.html
Patch18: %{name}-5.3.5-CVE-2020-24370.patch
Patch19: %{name}-5.4.2-CVE-2022-33099.patch
Patch20: %{name}-5.4-CVE-2022-28805.patch
BuildRequires: automake autoconf libtool readline-devel ncurses-devel
BuildRequires: make
@ -94,6 +95,7 @@ mv src/luaconf.h src/luaconf.h.template.in
%patch3 -p1 -z .configure-linux
%patch4 -p1 -z .configure-compat-all
%patch19 -p1 -b .CVE-2022-33099
%patch20 -p1 -b .CVE-2022-28805
# Put proper version in configure.ac, patch0 hardcodes 5.3.0
sed -i 's|5.3.0|%{version}|g' configure.ac
autoreconf -ifv
@ -214,6 +216,9 @@ popd
* Wed Mar 15 2023 MSVSphere Packaging Team <packager@msvsphere.ru> - 5.4.2-4
- Rebuilt for MSVSphere 9.1.
* Fri Feb 03 2023 Florian Festi <ffesti@redhat.com> - 5.4.4-3
- Apply upstream patch for CVE-2022-28805
* Fri Feb 03 2023 Florian Festi <ffesti@redhat.com> - 5.4.4-2
- Resolves CVE-2021-43519

Loading…
Cancel
Save