Rebase lua to 5.4.4 to fix CVE-2021-44964

Resolves: #2166643
2022-11-21 16:38:34 +01:00 · 2022-11-21 16:38:34 +01:00 · d2654fd9c7
parent 371139c976
commit d2654fd9c7
3 changed files with 11 additions and 7 deletions
--- a/lua-5.4.2-CVE-2022-33099.patch
+++ b/lua-5.4.2-CVE-2022-33099.patch
@ -30,8 +30,8 @@ diff -up lua-5.4.2/src/lvm.c.orig lua-5.4.2/src/lvm.c
       /* collect total length and number of strings */
       for (n = 1; n < total && tostring(L, s2v(top - n - 1)); n++) {
         size_t l = vslen(s2v(top - n - 1));
-        if (unlikely(l >= (MAX_SIZE/sizeof(char)) - tl))
-+        if (unlikely(l >= (MAX_SIZE/sizeof(char)) - tl)) {
+-        if (l_unlikely(l >= (MAX_SIZE/sizeof(char)) - tl))
+        if (l_unlikely(l >= (MAX_SIZE/sizeof(char)) - tl)) {
 +          L->top = top - total;  /* pop strings to avoid wasting stack */
           luaG_runerror(L, "string length overflow");
 +        }
--- a/lua.spec
+++ b/lua.spec
@ -1,6 +1,6 @@
 %global major_version 5.4
 # Normally, this is the same as version, but... not always.
-%global test_version 5.4.2
+%global test_version 5.4.4
 # If you are incrementing major_version, enable bootstrapping and adjust accordingly.
 # Version should be the latest prior build. If you don't do this, RPM will break and
 # everything will grind to a halt.
@ -13,8 +13,8 @@


 Name:           lua
-Version:        %{major_version}.2
-Release:        7%{?dist}
+Version:        %{major_version}.4
+Release:        1%{?dist}
 Summary:        Powerful light-weight programming language
 License:        MIT
 URL:            http://www.lua.org/
@ -211,6 +211,10 @@ popd
 %{_libdir}/*.a

 %changelog
+* Tue Jan 24 2023 Florian Festi <ffesti@redhat.com> - 5.4.4-1
+- Rebase to lua 5.4.4
+- Resolves CVE-2021-44964
+
 * Tue Oct 25 2022 Michal Domonkos <mdomonko@redhat.com> - 5.4.2-7
 - Fix up CVE-2022-33099 patch

--- a/4
+++ b/4
@ -1,3 +1,3 @@
 SHA512 (lua-5.3.5.tar.gz) = 4f9516acc4659dfd0a9e911bfa00c0788f0ad9348e5724fe8fb17aac59e9c0060a64378f82be86f8534e49c6c013e7488ad17321bafcc787831d3d67406bd0f4
-SHA512 (lua-5.4.2.tar.gz) = 9454a6ffd973598f2f4a2399834c31c4d5090bd12e716776e3189aa57760319d114ee64a8338bbc2ef5e08150bf0adc2ad94a1b2677f38538a43359969d4d920
-SHA512 (lua-5.4.2-tests.tar.gz) = 1516c59deca211c38444bbf97b18e988e939209b03915d3691d756eeed31b52e8d3a1f05b71ac0b561965274c7b6f3afc4244cd2e9069995696e737e2d9dd40b
+SHA512 (lua-5.4.4.tar.gz) = af0c35d5ba00fecbb2dd617bd7b825edf7418a16a73076e04f2a0df58cdbf098dc3ff4402e974afd789eb5d86d2e12ec6df9c84b99b23656ea694a85f83bcd21
+SHA512 (lua-5.4.4-tests.tar.gz) = 08b3d764b3f362a2cddf5a23e71b16eea96a234a970fa0048bab358ebbd77f99d9bd132af12254383c5bb5426516e1ce2107e529e88d3963869255f5a41198ef