rpms/lua
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import lua-5.4.4-2.el9_1

Browse Source
This commit is contained in:
CentOS Sources 2023-02-28 07:54:13 +00:00 committed by Stepan Oksanichenko
parent 558e0a49ae
commit 5755c03543
4 changed files with 19 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.gitignore vendored
View File

@ -1,3 +1,3 @@
SOURCES/lua-5.3.5.tar.gz
SOURCES/lua-5.4.2-tests.tar.gz
SOURCES/lua-5.4.2.tar.gz
SOURCES/lua-5.4.4-tests.tar.gz
SOURCES/lua-5.4.4.tar.gz

4
.lua.metadata
View File

@ -1,3 +1,3 @@
112eb10ff04d1b4c9898e121d6bdf54a81482447 SOURCES/lua-5.3.5.tar.gz
b75f55632c69f0fff8fa944ac56804a7b8871b94 SOURCES/lua-5.4.2-tests.tar.gz
96d4a21393c94bed286b8dc0568f4bdde8730b22 SOURCES/lua-5.4.2.tar.gz
062af7753cd387eea23052fbcad26616a48acadc SOURCES/lua-5.4.4-tests.tar.gz
03c27684b9d5d9783fb79a7c836ba1cdc5f309cd SOURCES/lua-5.4.4.tar.gz

4
SOURCES/lua-5.4.2-CVE-2022-33099.patch
View File

@ -30,8 +30,8 @@ diff -up lua-5.4.2/src/lvm.c.orig lua-5.4.2/src/lvm.c
/* collect total length and number of strings */
for (n = 1; n < total && tostring(L, s2v(top - n - 1)); n++) {
size_t l = vslen(s2v(top - n - 1));
- if (unlikely(l >= (MAX_SIZE/sizeof(char)) - tl))
+ if (unlikely(l >= (MAX_SIZE/sizeof(char)) - tl)) {
- if (l_unlikely(l >= (MAX_SIZE/sizeof(char)) - tl))
+ if (l_unlikely(l >= (MAX_SIZE/sizeof(char)) - tl)) {
+ L->top = top - total; /* pop strings to avoid wasting stack */
luaG_runerror(L, "string length overflow");
+ }

19
SPECS/lua.spec
View File

@ -1,6 +1,6 @@
%global major_version 5.4
# Normally, this is the same as version, but... not always.
%global test_version 5.4.2
%global test_version 5.4.4
# If you are incrementing major_version, enable bootstrapping and adjust accordingly.
# Version should be the latest prior build. If you don't do this, RPM will break and
# everything will grind to a halt.
@ -13,8 +13,8 @@
Name: lua
Version: %{major_version}.2
Release: 4%{?dist}.3
Version: %{major_version}.4
Release: 2%{?dist}
Summary: Powerful light-weight programming language
License: MIT
URL: http://www.lua.org/
@ -211,13 +211,20 @@ popd
%{_libdir}/*.a
%changelog
* Fri Oct 21 2022 Michal Domonkos <mdomonko@redhat.com> - 5.4.2-4.3
* Fri Feb 03 2023 Florian Festi <ffesti@redhat.com> - 5.4.4-2
- Resolves CVE-2021-43519
* Tue Jan 24 2023 Florian Festi <ffesti@redhat.com> - 5.4.4-1
- Rebase to lua 5.4.4
- Resolves CVE-2021-44964
* Tue Oct 25 2022 Michal Domonkos <mdomonko@redhat.com> - 5.4.2-7
- Fix up CVE-2022-33099 patch
* Mon Oct 17 2022 Michal Domonkos <mdomonko@redhat.com> - 5.4.2-4.2
* Mon Oct 17 2022 Michal Domonkos <mdomonko@redhat.com> - 5.4.2-6
- Enable gating
* Mon Oct 17 2022 Michal Domonkos <mdomonko@redhat.com> - 5.4.2-4.1
* Mon Oct 17 2022 Michal Domonkos <mdomonko@redhat.com> - 5.4.2-5
- apply upstream fix for CVE-2022-33099
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 5.4.2-4