import lua-5.4.4-3.el9

2023-03-28 09:16:22 +00:00 · 2023-03-28 09:16:22 +00:00 · d08db8febe
commit d08db8febe
parent 97d0272371
5 changed files with 103 additions and 7 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,3 @@
 SOURCES/lua-5.3.5.tar.gz
-SOURCES/lua-5.4.2-tests.tar.gz
-SOURCES/lua-5.4.2.tar.gz
+SOURCES/lua-5.4.4-tests.tar.gz
+SOURCES/lua-5.4.4.tar.gz
--- a/.lua.metadata
+++ b/.lua.metadata
@ -1,3 +1,3 @@
 112eb10ff04d1b4c9898e121d6bdf54a81482447 SOURCES/lua-5.3.5.tar.gz
-b75f55632c69f0fff8fa944ac56804a7b8871b94 SOURCES/lua-5.4.2-tests.tar.gz
-96d4a21393c94bed286b8dc0568f4bdde8730b22 SOURCES/lua-5.4.2.tar.gz
+062af7753cd387eea23052fbcad26616a48acadc SOURCES/lua-5.4.4-tests.tar.gz
+03c27684b9d5d9783fb79a7c836ba1cdc5f309cd SOURCES/lua-5.4.4.tar.gz
--- a/SOURCES/lua-5.4-CVE-2022-28805.patch
+++ b/SOURCES/lua-5.4-CVE-2022-28805.patch
@ -0,0 +1,22 @@
+From 1f3c6f4534c6411313361697d98d1145a1f030fa Mon Sep 17 00:00:00 2001
+From: Roberto Ierusalimschy <roberto@inf.puc-rio.br>
+Date: Tue, 15 Feb 2022 12:28:46 -0300
+Subject: [PATCH] Bug: Lua can generate wrong code when _ENV is <const>
+
+---
+ lparser.c         |  1 +
+ testes/attrib.lua | 10 ++++++++++
+ 2 files changed, 11 insertions(+)
+
+diff --git a/lparser.c b/lparser.c
+index 3abe3d751..a5cd55257 100644
+--- a/src/lparser.c
+++ b/src/lparser.c
+@@ -468,6 +468,7 @@ static void singlevar (LexState *ls, expdesc *var) {
+     expdesc key;
+     singlevaraux(fs, ls->envn, var, 1);  /* get environment variable */
+     lua_assert(var->k != VVOID);  /* this one must exist */
+    luaK_exp2anyregup(fs, var);  /* but could be a constant */
+     codestring(&key, varname);  /* key is variable name */
+     luaK_indexed(fs, var, &key);  /* env[varname] */
+   }
--- a/SOURCES/lua-5.4.2-CVE-2022-33099.patch
+++ b/SOURCES/lua-5.4.2-CVE-2022-33099.patch
@ -0,0 +1,51 @@
+diff -up lua-5.4.2/src/ldebug.c.orig lua-5.4.2/src/ldebug.c
+--- lua-5.4.2/src/ldebug.c.orig	2020-11-13 16:32:00.000000000 +0100
+++ lua-5.4.2/src/ldebug.c	2022-10-21 14:35:02.200941813 +0200
+@@ -772,8 +772,11 @@ l_noret luaG_runerror (lua_State *L, con
+   va_start(argp, fmt);
+   msg = luaO_pushvfstring(L, fmt, argp);  /* format message */
+   va_end(argp);
+-  if (isLua(ci))  /* if Lua function, add source:line information */
+  if (isLua(ci)) {  /* if Lua function, add source:line information */
+     luaG_addinfo(L, msg, ci_func(ci)->p->source, getcurrentline(ci));
+    setobjs2s(L, L->top - 2, L->top - 1);  /* remove 'msg' from the stack */
+    L->top--;
+  }
+   luaG_errormsg(L);
+ }
+ 
+diff -up lua-5.4.2/src/lvm.c.orig lua-5.4.2/src/lvm.c
+--- lua-5.4.2/src/lvm.c.orig	2020-11-13 16:32:02.000000000 +0100
+++ lua-5.4.2/src/lvm.c	2022-10-21 14:35:31.713755890 +0200
+@@ -641,7 +641,7 @@ void luaV_concat (lua_State *L, int tota
+     int n = 2;  /* number of elements handled in this pass (at least 2) */
+     if (!(ttisstring(s2v(top - 2)) || cvt2str(s2v(top - 2))) ||
+         !tostring(L, s2v(top - 1)))
+-      luaT_tryconcatTM(L);
+      luaT_tryconcatTM(L);  /* may invalidate 'top' */
+     else if (isemptystr(s2v(top - 1)))  /* second operand is empty? */
+       cast_void(tostring(L, s2v(top - 2)));  /* result is first operand */
+     else if (isemptystr(s2v(top - 2))) {  /* first operand is empty string? */
+@@ -654,8 +654,10 @@ void luaV_concat (lua_State *L, int tota
+       /* collect total length and number of strings */
+       for (n = 1; n < total && tostring(L, s2v(top - n - 1)); n++) {
+         size_t l = vslen(s2v(top - n - 1));
+-        if (l_unlikely(l >= (MAX_SIZE/sizeof(char)) - tl))
+        if (l_unlikely(l >= (MAX_SIZE/sizeof(char)) - tl)) {
+          L->top = top - total;  /* pop strings to avoid wasting stack */
+           luaG_runerror(L, "string length overflow");
+        }
+         tl += l;
+       }
+       if (tl <= LUAI_MAXSHORTLEN) {  /* is result a short string? */
+@@ -669,8 +671,8 @@ void luaV_concat (lua_State *L, int tota
+       }
+       setsvalue2s(L, top - n, ts);  /* create result */
+     }
+-    total -= n-1;  /* got 'n' strings to create 1 new */
+-    L->top -= n-1;  /* popped 'n' strings and pushed one */
+    total -= n - 1;  /* got 'n' strings to create one new */
+    L->top -= n - 1;  /* popped 'n' strings and pushed one */
+   } while (total > 1);  /* repeat until only 1 result left */
+ }
+ 
--- a/SPECS/lua.spec
+++ b/SPECS/lua.spec
@ -1,6 +1,6 @@
 %global major_version 5.4
 # Normally, this is the same as version, but... not always.
-%global test_version 5.4.2
+%global test_version 5.4.4
 # If you are incrementing major_version, enable bootstrapping and adjust accordingly.
 # Version should be the latest prior build. If you don't do this, RPM will break and
 # everything will grind to a halt.
@ -13,8 +13,8 @@


 Name:           lua
-Version:        %{major_version}.2
-Release:        4%{?dist}
+Version:        %{major_version}.4
+Release:        3%{?dist}
 Summary:        Powerful light-weight programming language
 License:        MIT
 URL:            http://www.lua.org/
@ -38,6 +38,8 @@ Patch6:		%{name}-5.3.5-luac-shared-link-fix.patch
 %endif
 # https://www.lua.org/bugs.html
 Patch18:	%{name}-5.3.5-CVE-2020-24370.patch
+Patch19:	%{name}-5.4.2-CVE-2022-33099.patch
+Patch20:	%{name}-5.4-CVE-2022-28805.patch

 BuildRequires:  automake autoconf libtool readline-devel ncurses-devel
 BuildRequires: make
@ -92,6 +94,8 @@ mv src/luaconf.h src/luaconf.h.template.in
 #%% patch2 -p1 -z .luac-shared
 %patch3 -p1 -z .configure-linux
 %patch4 -p1 -z .configure-compat-all
+%patch19 -p1 -b .CVE-2022-33099
+%patch20 -p1 -b .CVE-2022-28805
 # Put proper version in configure.ac, patch0 hardcodes 5.3.0
 sed -i 's|5.3.0|%{version}|g' configure.ac
 autoreconf -ifv
@ -209,6 +213,25 @@ popd
 %{_libdir}/*.a

 %changelog
+* Fri Feb 03 2023 Florian Festi <ffesti@redhat.com> - 5.4.4-3
+- Apply upstream patch for CVE-2022-28805
+
+* Fri Feb 03 2023 Florian Festi <ffesti@redhat.com> - 5.4.4-2
+- Resolves CVE-2021-43519
+
+* Tue Jan 24 2023 Florian Festi <ffesti@redhat.com> - 5.4.4-1
+- Rebase to lua 5.4.4
+- Resolves CVE-2021-44964
+
+* Tue Oct 25 2022 Michal Domonkos <mdomonko@redhat.com> - 5.4.2-7
+- Fix up CVE-2022-33099 patch
+
+* Mon Oct 17 2022 Michal Domonkos <mdomonko@redhat.com> - 5.4.2-6
+- Enable gating
+
+* Mon Oct 17 2022 Michal Domonkos <mdomonko@redhat.com> - 5.4.2-5
+- apply upstream fix for CVE-2022-33099
+
 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 5.4.2-4
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
  Related: rhbz#1991688