rpms/lua
6
0
Fork 0
Code Issues Pull Requests Releases Activity

apply fix for CVE-2019-6706 (bz1670020)

Browse Source
This commit is contained in:
Tom Callaway 2019-01-28 09:29:21 -05:00
parent bc0f275b1e
commit b7b7312e06
2 changed files with 28 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
CVE-2019-6706-use-after-free-lua_upvaluejoin.patch Normal file
View File

@ -0,0 +1,22 @@
--- a/src/lapi.c
+++ b/src/lapi.c
@@ -1285,14 +1285,14 @@ LUA_API void *lua_upvalueid (lua_State *
LUA_API void lua_upvaluejoin (lua_State *L, int fidx1, int n1,
int fidx2, int n2) {
- LClosure *f1;
- UpVal **up1 = getupvalref(L, fidx1, n1, &f1);
+ UpVal **up1 = getupvalref(L, fidx1, n1, NULL); /* the last parameter not needed */
UpVal **up2 = getupvalref(L, fidx2, n2, NULL);
+ if (*up1 == *up2) return; /* Already joined */
+ (*up2)->refcount++;
+ if (upisopen(*up2)) (*up2)->u.open.touched = 1;
+ luaC_upvalbarrier(L, *up2);
luaC_upvdeccount(L, *up1);
*up1 = *up2;
- (*up1)->refcount++;
- if (upisopen(*up1)) (*up1)->u.open.touched = 1;
- luaC_upvalbarrier(L, *up1);
}

7
lua.spec
View File

@ -15,7 +15,7 @@
Name: lua Name: lua
Version: %{major_version}.5 Version: %{major_version}.5
Release: 2%{?dist} Release: 3%{?dist}
Summary: Powerful light-weight programming language Summary: Powerful light-weight programming language
Group: Development/Languages Group: Development/Languages
License: MIT License: MIT
@ -42,6 +42,7 @@ Patch6: %{name}-5.2.2-idsize.patch
Patch7: %{name}-5.2.2-luac-shared-link-fix.patch Patch7: %{name}-5.2.2-luac-shared-link-fix.patch
Patch8: %{name}-5.2.2-configure-compat-module.patch Patch8: %{name}-5.2.2-configure-compat-module.patch
%endif %endif
Patch9: CVE-2019-6706-use-after-free-lua_upvaluejoin.patch
BuildRequires: automake autoconf libtool readline-devel ncurses-devel BuildRequires: automake autoconf libtool readline-devel ncurses-devel
Requires: lua-libs = %{version}-%{release} Requires: lua-libs = %{version}-%{release}
@ -94,6 +95,7 @@ mv src/luaconf.h src/luaconf.h.template.in
#%% patch2 -p1 -z .luac-shared #%% patch2 -p1 -z .luac-shared
%patch3 -p1 -z .configure-linux %patch3 -p1 -z .configure-linux
%patch4 -p1 -z .configure-compat-all %patch4 -p1 -z .configure-compat-all
%patch9 -p1 -b .CVE-2019-6706
# Put proper version in configure.ac, patch0 hardcodes 5.3.0 # Put proper version in configure.ac, patch0 hardcodes 5.3.0
sed -i 's|5.3.0|%{version}|g' configure.ac sed -i 's|5.3.0|%{version}|g' configure.ac
autoreconf -ifv autoreconf -ifv
@ -215,6 +217,9 @@ install -Dpm 0644 %{SOURCE1000} $RPM_BUILD_ROOT/%{macrosdir}/macros.lua
%changelog %changelog
* Mon Jan 28 2019 Tom Callaway <spot@fedoraproject.org> - 5.3.5-3
- apply fix for CVE-2019-6706 (bz1670020)
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 5.3.5-2 * Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 5.3.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild