import lua-5.4.4-2.el9_1

2 years ago · 5b73be7ed6
parent 499e208be4
commit 5b73be7ed6
4 changed files with 19 additions and 12 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,3 @@
 SOURCES/lua-5.3.5.tar.gz
-SOURCES/lua-5.4.2-tests.tar.gz
-SOURCES/lua-5.4.2.tar.gz
+SOURCES/lua-5.4.4-tests.tar.gz
+SOURCES/lua-5.4.4.tar.gz
--- a/.lua.metadata
+++ b/.lua.metadata
@ -1,3 +1,3 @@
 112eb10ff04d1b4c9898e121d6bdf54a81482447 SOURCES/lua-5.3.5.tar.gz
-b75f55632c69f0fff8fa944ac56804a7b8871b94 SOURCES/lua-5.4.2-tests.tar.gz
-96d4a21393c94bed286b8dc0568f4bdde8730b22 SOURCES/lua-5.4.2.tar.gz
+062af7753cd387eea23052fbcad26616a48acadc SOURCES/lua-5.4.4-tests.tar.gz
+03c27684b9d5d9783fb79a7c836ba1cdc5f309cd SOURCES/lua-5.4.4.tar.gz
--- a/SOURCES/lua-5.4.2-CVE-2022-33099.patch
+++ b/SOURCES/lua-5.4.2-CVE-2022-33099.patch
@ -30,8 +30,8 @@ diff -up lua-5.4.2/src/lvm.c.orig lua-5.4.2/src/lvm.c
       /* collect total length and number of strings */
       for (n = 1; n < total && tostring(L, s2v(top - n - 1)); n++) {
         size_t l = vslen(s2v(top - n - 1));
-        if (unlikely(l >= (MAX_SIZE/sizeof(char)) - tl))
-+        if (unlikely(l >= (MAX_SIZE/sizeof(char)) - tl)) {
+-        if (l_unlikely(l >= (MAX_SIZE/sizeof(char)) - tl))
+        if (l_unlikely(l >= (MAX_SIZE/sizeof(char)) - tl)) {
 +          L->top = top - total;  /* pop strings to avoid wasting stack */
           luaG_runerror(L, "string length overflow");
 +        }
--- a/SPECS/lua.spec
+++ b/SPECS/lua.spec
@ -1,6 +1,6 @@
 %global major_version 5.4
 # Normally, this is the same as version, but... not always.
-%global test_version 5.4.2
+%global test_version 5.4.4
 # If you are incrementing major_version, enable bootstrapping and adjust accordingly.
 # Version should be the latest prior build. If you don't do this, RPM will break and
 # everything will grind to a halt.
@ -13,8 +13,8 @@


 Name:           lua
-Version:        %{major_version}.2
-Release:        4%{?dist}.3
+Version:        %{major_version}.4
+Release:        2%{?dist}
 Summary:        Powerful light-weight programming language
 License:        MIT
 URL:            http://www.lua.org/
@ -214,13 +214,20 @@ popd
 * Wed Mar 15 2023 MSVSphere Packaging Team <packager@msvsphere.ru> - 5.4.2-4
 - Rebuilt for MSVSphere 9.1.

-* Fri Oct 21 2022 Michal Domonkos <mdomonko@redhat.com> - 5.4.2-4.3
+* Fri Feb 03 2023 Florian Festi <ffesti@redhat.com> - 5.4.4-2
+- Resolves CVE-2021-43519
+
+* Tue Jan 24 2023 Florian Festi <ffesti@redhat.com> - 5.4.4-1
+- Rebase to lua 5.4.4
+- Resolves CVE-2021-44964
+
+* Tue Oct 25 2022 Michal Domonkos <mdomonko@redhat.com> - 5.4.2-7
 - Fix up CVE-2022-33099 patch

-* Mon Oct 17 2022 Michal Domonkos <mdomonko@redhat.com> - 5.4.2-4.2
+* Mon Oct 17 2022 Michal Domonkos <mdomonko@redhat.com> - 5.4.2-6
 - Enable gating

-* Mon Oct 17 2022 Michal Domonkos <mdomonko@redhat.com> - 5.4.2-4.1
+* Mon Oct 17 2022 Michal Domonkos <mdomonko@redhat.com> - 5.4.2-5
 - apply upstream fix for CVE-2022-33099

 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 5.4.2-4