rpms/lua
6
0
Fork 0
Code Issues Pull Requests Releases Activity

CVE-2020-24342

Browse Source
This commit is contained in:
Tom Callaway 2020-09-02 15:05:28 -04:00
parent a043d07614
commit 4b399374b6
2 changed files with 28 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
lua-5.4.0-CVE-2020-24342.patch Normal file
View File

@ -0,0 +1,22 @@
diff -up lua-5.4.0/src/ldo.c.CVE-2020-24342 lua-5.4.0/src/ldo.c
--- lua-5.4.0/src/ldo.c.CVE-2020-24342 2020-09-02 14:56:36.939443912 -0400
+++ lua-5.4.0/src/ldo.c 2020-09-02 14:57:47.765341519 -0400
@@ -515,14 +515,13 @@ void luaD_call (lua_State *L, StkId func
/*
** Similar to 'luaD_call', but does not allow yields during the call.
-** If there is a stack overflow, freeing all CI structures will
-** force the subsequent call to invoke 'luaE_extendCI', which then
-** will raise any errors.
*/
void luaD_callnoyield (lua_State *L, StkId func, int nResults) {
incXCcalls(L);
- if (getCcalls(L) <= CSTACKERR) /* possible stack overflow? */
- luaE_freeCI(L);
+ if (getCcalls(L) <= CSTACKERR) { /* possible C stack overflow? */
+ luaE_exitCcall(L); /* to compensate decrement in next call */
+ luaE_enterCcall(L); /* check properly */
+ }
luaD_call(L, func, nResults);
decXCcalls(L);
}

7
lua.spec
View File

@ -15,7 +15,7 @@
Name: lua Name: lua
Version: %{major_version}.0 Version: %{major_version}.0
Release: 7%{?dist} Release: 8%{?dist}
Summary: Powerful light-weight programming language Summary: Powerful light-weight programming language
License: MIT License: MIT
URL: http://www.lua.org/ URL: http://www.lua.org/
@ -55,6 +55,7 @@ Patch17: %{name}-5.4.0-CVE-2020-24370.patch
Patch18: %{name}-5.3.5-CVE-2020-24370.patch Patch18: %{name}-5.3.5-CVE-2020-24370.patch
# This is bug 9 # This is bug 9
Patch19: %{name}-5.4.0-CVE-2020-24371.patch Patch19: %{name}-5.4.0-CVE-2020-24371.patch
Patch20: %{name}-5.4.0-CVE-2020-24342.patch
BuildRequires: automake autoconf libtool readline-devel ncurses-devel BuildRequires: automake autoconf libtool readline-devel ncurses-devel
Requires: lua-libs = %{version}-%{release} Requires: lua-libs = %{version}-%{release}
@ -120,6 +121,7 @@ mv src/luaconf.h src/luaconf.h.template.in
%patch16 -p1 -b .CVE-2020-24369 %patch16 -p1 -b .CVE-2020-24369
%patch17 -p1 -b .CVE-2020-24370 %patch17 -p1 -b .CVE-2020-24370
%patch19 -p1 -b .CVE-2020-24371 %patch19 -p1 -b .CVE-2020-24371
%patch20 -p1 -b .CVE-2020-24342
# Put proper version in configure.ac, patch0 hardcodes 5.3.0 # Put proper version in configure.ac, patch0 hardcodes 5.3.0
sed -i 's|5.3.0|%{version}|g' configure.ac sed -i 's|5.3.0|%{version}|g' configure.ac
autoreconf -ifv autoreconf -ifv
@ -237,6 +239,9 @@ popd
%{_libdir}/*.a %{_libdir}/*.a
%changelog %changelog
* Wed Sep 2 2020 Tom Callaway <spot@fedoraproject.org> - 5.4.0-8
- apply upstream fix for CVE-2020-24342
* Mon Aug 31 2020 Michel Alexandre Salim <salimma@fedoraproject.org> - 5.4.0-7 * Mon Aug 31 2020 Michel Alexandre Salim <salimma@fedoraproject.org> - 5.4.0-7
- Refactor macros into lua-rpm-macros - Refactor macros into lua-rpm-macros