apply upstream fix for CVE-2020-24369
This commit is contained in:
Tom Callaway
parent
f8bc6d8ddc
commit
b9107ac261
18
lua-5.4.0-CVE-2020-24369.patch
Normal file
18
lua-5.4.0-CVE-2020-24369.patch
Normal file
@ -0,0 +1,18 @@
|
||||
diff -up lua-5.4.0/src/ldebug.c.CVE-2020-24369 lua-5.4.0/src/ldebug.c
|
||||
--- lua-5.4.0/src/ldebug.c.CVE-2020-24369 2020-08-19 12:43:01.995387723 -0400
|
||||
+++ lua-5.4.0/src/ldebug.c 2020-08-19 12:43:42.191333666 -0400
|
||||
@@ -783,11 +783,13 @@ l_noret luaG_runerror (lua_State *L, con
|
||||
** previous instruction 'oldpc'.
|
||||
*/
|
||||
static int changedline (const Proto *p, int oldpc, int newpc) {
|
||||
+ if (p->lineinfo == NULL) /* no debug information? */
|
||||
+ return 0;
|
||||
while (oldpc++ < newpc) {
|
||||
if (p->lineinfo[oldpc] != 0)
|
||||
return (luaG_getfuncline(p, oldpc - 1) != luaG_getfuncline(p, newpc));
|
||||
}
|
||||
- return 0; /* no line changes in the way */
|
||||
+ return 0; /* no line changes between positions */
|
||||
}
|
||||
|
||||
/*
|
||||
8
lua.spec
8
lua.spec
@ -15,7 +15,7 @@
|
||||
|
||||
Name: lua
|
||||
Version: %{major_version}.0
|
||||
Release: 4%{?dist}
|
||||
Release: 5%{?dist}
|
||||
Summary: Powerful light-weight programming language
|
||||
License: MIT
|
||||
URL: http://www.lua.org/
|
||||
@ -52,6 +52,7 @@ Patch12: %{name}-5.4.0-bug5.patch
|
||||
Patch13: %{name}-5.4.0-bug6.patch
|
||||
Patch14: %{name}-5.4.0-bug7.patch
|
||||
Patch15: %{name}-5.4.0-bug8.patch
|
||||
Patch16: %{name}-5.4.0-CVE-2020-24369.patch
|
||||
|
||||
BuildRequires: automake autoconf libtool readline-devel ncurses-devel
|
||||
Requires: lua-libs = %{version}-%{release}
|
||||
@ -111,6 +112,7 @@ mv src/luaconf.h src/luaconf.h.template.in
|
||||
%patch13 -p1 -b .bug6
|
||||
%patch14 -p1 -b .bug7
|
||||
%patch15 -p1 -b .bug8
|
||||
%patch16 -p1 -b .CVE-2020-24369
|
||||
# Put proper version in configure.ac, patch0 hardcodes 5.3.0
|
||||
sed -i 's|5.3.0|%{version}|g' configure.ac
|
||||
autoreconf -ifv
|
||||
@ -234,8 +236,10 @@ install -Dpm 0644 %{SOURCE1001} $RPM_BUILD_ROOT/%{_fileattrsdir}/lua.attr
|
||||
%files static
|
||||
%{_libdir}/*.a
|
||||
|
||||
|
||||
%changelog
|
||||
* Wed Aug 19 2020 Tom Callaway <spot@fedoraproject.org> - 5.4.0-5
|
||||
- apply upstream fix for CVE-2020-24369
|
||||
|
||||
* Fri Jul 31 2020 Tom Callaway <spot@fedoraproject.org> - 5.4.0-4
|
||||
- apply upstream fix for CVE-2020-15889
|
||||
- apply upstream fix for CVE-2020-15945
|
||||
|
||||
Loading…
Reference in New Issue
Block a user