From 3f63306ce91cdb29a043efb2c01002b4ec9d916c Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 5 Nov 2019 15:55:04 -0500 Subject: [PATCH] import lua-5.3.4-11.el8 --- SOURCES/lua-5-3.4-upvaluejoin.patch | 11 +++++++++++ SPECS/lua.spec | 7 ++++++- 2 files changed, 17 insertions(+), 1 deletion(-) create mode 100644 SOURCES/lua-5-3.4-upvaluejoin.patch diff --git a/SOURCES/lua-5-3.4-upvaluejoin.patch b/SOURCES/lua-5-3.4-upvaluejoin.patch new file mode 100644 index 0000000..7761d37 --- /dev/null +++ b/SOURCES/lua-5-3.4-upvaluejoin.patch @@ -0,0 +1,11 @@ +--- lua-5.3.4/src/lapi.c.orig 2019-06-03 17:29:46.376205064 +0200 ++++ lua-5.3.4/src/lapi.c 2019-06-03 17:31:08.869905663 +0200 +@@ -1289,6 +1289,8 @@ + LClosure *f1; + UpVal **up1 = getupvalref(L, fidx1, n1, &f1); + UpVal **up2 = getupvalref(L, fidx2, n2, NULL); ++ if (*up1 == *up2) ++ return; + luaC_upvdeccount(L, *up1); + *up1 = *up2; + (*up1)->refcount++; diff --git a/SPECS/lua.spec b/SPECS/lua.spec index 12d832e..a6420e7 100644 --- a/SPECS/lua.spec +++ b/SPECS/lua.spec @@ -12,7 +12,7 @@ Name: lua Version: %{major_version}.4 -Release: 10%{?dist} +Release: 11%{?dist} Summary: Powerful light-weight programming language Group: Development/Languages License: MIT @@ -44,6 +44,7 @@ Patch9: lua-5.3.4-bug1.patch Patch10: lua-5.3.4-bug4.patch Patch11: lua-5.3.4-bug5.patch Patch12: lua-5.3.4-bug6.patch +Patch13: lua-5-3.4-upvaluejoin.patch BuildRequires: automake autoconf libtool readline-devel ncurses-devel Requires: lua-libs = %{version}-%{release} @@ -100,6 +101,7 @@ mv src/luaconf.h src/luaconf.h.template.in %patch10 -p1 -b .bug4 %patch11 -p1 -b .bug5 %patch12 -p1 -b .bug6 +%patch13 -p1 -b .upvaluejoin # Put proper version in configure.ac, patch0 hardcodes 5.3.0 sed -i 's|5.3.0|%{version}|g' configure.ac autoreconf -ifv @@ -222,6 +224,9 @@ install -Dpm 0644 %{SOURCE1000} $RPM_BUILD_ROOT/%{macrosdir}/macros.lua %changelog +* Mon Jun 03 2019 Florian Festi - 5.3.4-11 +- Fix use after free in lua_upvaluejoin (#1670167) + * Tue Feb 13 2018 Tom Callaway - 5.3.4-10 - move lua(abi) provide to -libs - add fix for bug 6