From 5755c03543c58e27af922b6783a1baaea9b4784e Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Tue, 28 Feb 2023 07:54:13 +0000
Subject: [PATCH] import lua-5.4.4-2.el9_1

---
 .gitignore                             |  4 ++--
 .lua.metadata                          |  4 ++--
 SOURCES/lua-5.4.2-CVE-2022-33099.patch |  4 ++--
 SPECS/lua.spec                         | 19 +++++++++++++------
 4 files changed, 19 insertions(+), 12 deletions(-)

diff --git a/.gitignore b/.gitignore
index da39ea2..1431b81 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,3 @@
 SOURCES/lua-5.3.5.tar.gz
-SOURCES/lua-5.4.2-tests.tar.gz
-SOURCES/lua-5.4.2.tar.gz
+SOURCES/lua-5.4.4-tests.tar.gz
+SOURCES/lua-5.4.4.tar.gz
diff --git a/.lua.metadata b/.lua.metadata
index 817bfa5..71ad1e1 100644
--- a/.lua.metadata
+++ b/.lua.metadata
@@ -1,3 +1,3 @@
 112eb10ff04d1b4c9898e121d6bdf54a81482447 SOURCES/lua-5.3.5.tar.gz
-b75f55632c69f0fff8fa944ac56804a7b8871b94 SOURCES/lua-5.4.2-tests.tar.gz
-96d4a21393c94bed286b8dc0568f4bdde8730b22 SOURCES/lua-5.4.2.tar.gz
+062af7753cd387eea23052fbcad26616a48acadc SOURCES/lua-5.4.4-tests.tar.gz
+03c27684b9d5d9783fb79a7c836ba1cdc5f309cd SOURCES/lua-5.4.4.tar.gz
diff --git a/SOURCES/lua-5.4.2-CVE-2022-33099.patch b/SOURCES/lua-5.4.2-CVE-2022-33099.patch
index 1a2ba97..39b35ea 100644
--- a/SOURCES/lua-5.4.2-CVE-2022-33099.patch
+++ b/SOURCES/lua-5.4.2-CVE-2022-33099.patch
@@ -30,8 +30,8 @@ diff -up lua-5.4.2/src/lvm.c.orig lua-5.4.2/src/lvm.c
        /* collect total length and number of strings */
        for (n = 1; n < total && tostring(L, s2v(top - n - 1)); n++) {
          size_t l = vslen(s2v(top - n - 1));
--        if (unlikely(l >= (MAX_SIZE/sizeof(char)) - tl))
-+        if (unlikely(l >= (MAX_SIZE/sizeof(char)) - tl)) {
+-        if (l_unlikely(l >= (MAX_SIZE/sizeof(char)) - tl))
++        if (l_unlikely(l >= (MAX_SIZE/sizeof(char)) - tl)) {
 +          L->top = top - total;  /* pop strings to avoid wasting stack */
            luaG_runerror(L, "string length overflow");
 +        }
diff --git a/SPECS/lua.spec b/SPECS/lua.spec
index 574795d..f7eaff7 100644
--- a/SPECS/lua.spec
+++ b/SPECS/lua.spec
@@ -1,6 +1,6 @@
 %global major_version 5.4
 # Normally, this is the same as version, but... not always.
-%global test_version 5.4.2
+%global test_version 5.4.4
 # If you are incrementing major_version, enable bootstrapping and adjust accordingly.
 # Version should be the latest prior build. If you don't do this, RPM will break and
 # everything will grind to a halt.
@@ -13,8 +13,8 @@
 
 
 Name:           lua
-Version:        %{major_version}.2
-Release:        4%{?dist}.3
+Version:        %{major_version}.4
+Release:        2%{?dist}
 Summary:        Powerful light-weight programming language
 License:        MIT
 URL:            http://www.lua.org/
@@ -211,13 +211,20 @@ popd
 %{_libdir}/*.a
 
 %changelog
-* Fri Oct 21 2022 Michal Domonkos <mdomonko@redhat.com> - 5.4.2-4.3
+* Fri Feb 03 2023 Florian Festi <ffesti@redhat.com> - 5.4.4-2
+- Resolves CVE-2021-43519
+
+* Tue Jan 24 2023 Florian Festi <ffesti@redhat.com> - 5.4.4-1
+- Rebase to lua 5.4.4
+- Resolves CVE-2021-44964
+
+* Tue Oct 25 2022 Michal Domonkos <mdomonko@redhat.com> - 5.4.2-7
 - Fix up CVE-2022-33099 patch
 
-* Mon Oct 17 2022 Michal Domonkos <mdomonko@redhat.com> - 5.4.2-4.2
+* Mon Oct 17 2022 Michal Domonkos <mdomonko@redhat.com> - 5.4.2-6
 - Enable gating
 
-* Mon Oct 17 2022 Michal Domonkos <mdomonko@redhat.com> - 5.4.2-4.1
+* Mon Oct 17 2022 Michal Domonkos <mdomonko@redhat.com> - 5.4.2-5
 - apply upstream fix for CVE-2022-33099
 
 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 5.4.2-4