import lua-5.4.4-3.el9

c9 imports/c9/lua-5.4.4-3.el9
CentOS Sources 2 years ago committed by MSVSphere Packaging Team
parent 10a653b441
commit f695199b9d

@ -0,0 +1,22 @@
From 1f3c6f4534c6411313361697d98d1145a1f030fa Mon Sep 17 00:00:00 2001
From: Roberto Ierusalimschy <roberto@inf.puc-rio.br>
Date: Tue, 15 Feb 2022 12:28:46 -0300
Subject: [PATCH] Bug: Lua can generate wrong code when _ENV is <const>
---
lparser.c | 1 +
testes/attrib.lua | 10 ++++++++++
2 files changed, 11 insertions(+)
diff --git a/lparser.c b/lparser.c
index 3abe3d751..a5cd55257 100644
--- a/src/lparser.c
+++ b/src/lparser.c
@@ -468,6 +468,7 @@ static void singlevar (LexState *ls, expdesc *var) {
expdesc key;
singlevaraux(fs, ls->envn, var, 1); /* get environment variable */
lua_assert(var->k != VVOID); /* this one must exist */
+ luaK_exp2anyregup(fs, var); /* but could be a constant */
codestring(&key, varname); /* key is variable name */
luaK_indexed(fs, var, &key); /* env[varname] */
}

@ -14,7 +14,7 @@
Name: lua Name: lua
Version: %{major_version}.4 Version: %{major_version}.4
Release: 2%{?dist} Release: 3%{?dist}
Summary: Powerful light-weight programming language Summary: Powerful light-weight programming language
License: MIT License: MIT
URL: http://www.lua.org/ URL: http://www.lua.org/
@ -39,6 +39,7 @@ Patch6: %{name}-5.3.5-luac-shared-link-fix.patch
# https://www.lua.org/bugs.html # https://www.lua.org/bugs.html
Patch18: %{name}-5.3.5-CVE-2020-24370.patch Patch18: %{name}-5.3.5-CVE-2020-24370.patch
Patch19: %{name}-5.4.2-CVE-2022-33099.patch Patch19: %{name}-5.4.2-CVE-2022-33099.patch
Patch20: %{name}-5.4-CVE-2022-28805.patch
BuildRequires: automake autoconf libtool readline-devel ncurses-devel BuildRequires: automake autoconf libtool readline-devel ncurses-devel
BuildRequires: make BuildRequires: make
@ -94,6 +95,7 @@ mv src/luaconf.h src/luaconf.h.template.in
%patch3 -p1 -z .configure-linux %patch3 -p1 -z .configure-linux
%patch4 -p1 -z .configure-compat-all %patch4 -p1 -z .configure-compat-all
%patch19 -p1 -b .CVE-2022-33099 %patch19 -p1 -b .CVE-2022-33099
%patch20 -p1 -b .CVE-2022-28805
# Put proper version in configure.ac, patch0 hardcodes 5.3.0 # Put proper version in configure.ac, patch0 hardcodes 5.3.0
sed -i 's|5.3.0|%{version}|g' configure.ac sed -i 's|5.3.0|%{version}|g' configure.ac
autoreconf -ifv autoreconf -ifv
@ -211,6 +213,9 @@ popd
%{_libdir}/*.a %{_libdir}/*.a
%changelog %changelog
* Fri Feb 03 2023 Florian Festi <ffesti@redhat.com> - 5.4.4-3
- Apply upstream patch for CVE-2022-28805
* Fri Feb 03 2023 Florian Festi <ffesti@redhat.com> - 5.4.4-2 * Fri Feb 03 2023 Florian Festi <ffesti@redhat.com> - 5.4.4-2
- Resolves CVE-2021-43519 - Resolves CVE-2021-43519

Loading…
Cancel
Save