rpms/lua
6
0
Fork 0
Code Issues Pull Requests Releases Activity

apply upstream fix for CVE-2020-24369

Browse Source
This commit is contained in:
Tom Callaway 2020-08-19 12:59:54 -04:00
parent f8bc6d8ddc
commit b9107ac261
2 changed files with 24 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
lua-5.4.0-CVE-2020-24369.patch Normal file
View File

@ -0,0 +1,18 @@
diff -up lua-5.4.0/src/ldebug.c.CVE-2020-24369 lua-5.4.0/src/ldebug.c
--- lua-5.4.0/src/ldebug.c.CVE-2020-24369 2020-08-19 12:43:01.995387723 -0400
+++ lua-5.4.0/src/ldebug.c 2020-08-19 12:43:42.191333666 -0400
@@ -783,11 +783,13 @@ l_noret luaG_runerror (lua_State *L, con
** previous instruction 'oldpc'.
*/
static int changedline (const Proto *p, int oldpc, int newpc) {
+ if (p->lineinfo == NULL) /* no debug information? */
+ return 0;
while (oldpc++ < newpc) {
if (p->lineinfo[oldpc] != 0)
return (luaG_getfuncline(p, oldpc - 1) != luaG_getfuncline(p, newpc));
}
- return 0; /* no line changes in the way */
+ return 0; /* no line changes between positions */
}
/*

8
lua.spec
View File

@ -15,7 +15,7 @@
Name: lua Name: lua
Version: %{major_version}.0 Version: %{major_version}.0
Release: 4%{?dist} Release: 5%{?dist}
Summary: Powerful light-weight programming language Summary: Powerful light-weight programming language
License: MIT License: MIT
URL: http://www.lua.org/ URL: http://www.lua.org/
@ -52,6 +52,7 @@ Patch12: %{name}-5.4.0-bug5.patch
Patch13: %{name}-5.4.0-bug6.patch Patch13: %{name}-5.4.0-bug6.patch
Patch14: %{name}-5.4.0-bug7.patch Patch14: %{name}-5.4.0-bug7.patch
Patch15: %{name}-5.4.0-bug8.patch Patch15: %{name}-5.4.0-bug8.patch
Patch16: %{name}-5.4.0-CVE-2020-24369.patch
BuildRequires: automake autoconf libtool readline-devel ncurses-devel BuildRequires: automake autoconf libtool readline-devel ncurses-devel
Requires: lua-libs = %{version}-%{release} Requires: lua-libs = %{version}-%{release}
@ -111,6 +112,7 @@ mv src/luaconf.h src/luaconf.h.template.in
%patch13 -p1 -b .bug6 %patch13 -p1 -b .bug6
%patch14 -p1 -b .bug7 %patch14 -p1 -b .bug7
%patch15 -p1 -b .bug8 %patch15 -p1 -b .bug8
%patch16 -p1 -b .CVE-2020-24369
# Put proper version in configure.ac, patch0 hardcodes 5.3.0 # Put proper version in configure.ac, patch0 hardcodes 5.3.0
sed -i 's|5.3.0|%{version}|g' configure.ac sed -i 's|5.3.0|%{version}|g' configure.ac
autoreconf -ifv autoreconf -ifv
@ -234,8 +236,10 @@ install -Dpm 0644 %{SOURCE1001} $RPM_BUILD_ROOT/%{_fileattrsdir}/lua.attr
%files static %files static
%{_libdir}/*.a %{_libdir}/*.a
%changelog %changelog
* Wed Aug 19 2020 Tom Callaway <spot@fedoraproject.org> - 5.4.0-5
- apply upstream fix for CVE-2020-24369
* Fri Jul 31 2020 Tom Callaway <spot@fedoraproject.org> - 5.4.0-4 * Fri Jul 31 2020 Tom Callaway <spot@fedoraproject.org> - 5.4.0-4
- apply upstream fix for CVE-2020-15889 - apply upstream fix for CVE-2020-15889
- apply upstream fix for CVE-2020-15945 - apply upstream fix for CVE-2020-15945