import lua-5.4.4-3.el9
This commit is contained in:
CentOS Sources
Stepan Oksanichenko
parent
5755c03543
commit
bebcc85044
|
|
@ -0,0 +1,22 @@
|
|||
From 1f3c6f4534c6411313361697d98d1145a1f030fa Mon Sep 17 00:00:00 2001
|
||||
From: Roberto Ierusalimschy <roberto@inf.puc-rio.br>
|
||||
Date: Tue, 15 Feb 2022 12:28:46 -0300
|
||||
Subject: [PATCH] Bug: Lua can generate wrong code when _ENV is <const>
|
||||
|
||||
---
|
||||
lparser.c | 1 +
|
||||
testes/attrib.lua | 10 ++++++++++
|
||||
2 files changed, 11 insertions(+)
|
||||
|
||||
diff --git a/lparser.c b/lparser.c
|
||||
index 3abe3d751..a5cd55257 100644
|
||||
--- a/src/lparser.c
|
||||
+++ b/src/lparser.c
|
||||
@@ -468,6 +468,7 @@ static void singlevar (LexState *ls, expdesc *var) {
|
||||
expdesc key;
|
||||
singlevaraux(fs, ls->envn, var, 1); /* get environment variable */
|
||||
lua_assert(var->k != VVOID); /* this one must exist */
|
||||
+ luaK_exp2anyregup(fs, var); /* but could be a constant */
|
||||
codestring(&key, varname); /* key is variable name */
|
||||
luaK_indexed(fs, var, &key); /* env[varname] */
|
||||
}
|
||||
|
|
@ -14,7 +14,7 @@
|
|||
|
||||
Name: lua
|
||||
Version: %{major_version}.4
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
Summary: Powerful light-weight programming language
|
||||
License: MIT
|
||||
URL: http://www.lua.org/
|
||||
|
|
@ -39,6 +39,7 @@ Patch6: %{name}-5.3.5-luac-shared-link-fix.patch
|
|||
# https://www.lua.org/bugs.html
|
||||
Patch18: %{name}-5.3.5-CVE-2020-24370.patch
|
||||
Patch19: %{name}-5.4.2-CVE-2022-33099.patch
|
||||
Patch20: %{name}-5.4-CVE-2022-28805.patch
|
||||
|
||||
BuildRequires: automake autoconf libtool readline-devel ncurses-devel
|
||||
BuildRequires: make
|
||||
|
|
@ -94,6 +95,7 @@ mv src/luaconf.h src/luaconf.h.template.in
|
|||
%patch3 -p1 -z .configure-linux
|
||||
%patch4 -p1 -z .configure-compat-all
|
||||
%patch19 -p1 -b .CVE-2022-33099
|
||||
%patch20 -p1 -b .CVE-2022-28805
|
||||
# Put proper version in configure.ac, patch0 hardcodes 5.3.0
|
||||
sed -i 's|5.3.0|%{version}|g' configure.ac
|
||||
autoreconf -ifv
|
||||
|
|
@ -211,6 +213,9 @@ popd
|
|||
%{_libdir}/*.a
|
||||
|
||||
%changelog
|
||||
* Fri Feb 03 2023 Florian Festi <ffesti@redhat.com> - 5.4.4-3
|
||||
- Apply upstream patch for CVE-2022-28805
|
||||
|
||||
* Fri Feb 03 2023 Florian Festi <ffesti@redhat.com> - 5.4.4-2
|
||||
- Resolves CVE-2021-43519
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue