Update to 5.4.8
The tests tarball was generated from a local https://github.com/lua/lua checkout as follows: $ git checkout v5.4.8 $ cd testes/ $ ./packtests lua-5.4.8 Resolves: RHEL-68067
This commit is contained in:
Michal Domonkos
parent
1cb1d01993
commit
de770432e0
2
.gitignore
vendored
2
.gitignore
vendored
@ -27,3 +27,5 @@ lua-5.1.4/
|
||||
/lua-5.3.6.tar.gz
|
||||
/lua-5.4.6.tar.gz
|
||||
/lua-5.4.6-tests.tar.gz
|
||||
/lua-5.4.8.tar.gz
|
||||
/lua-5.4.8-tests.tar.gz
|
||||
|
||||
@ -1,24 +0,0 @@
|
||||
diff -up lua-5.4.6/lua-5.4.6-tests/calls.lua.big-endian-fix lua-5.4.6/lua-5.4.6-tests/calls.lua
|
||||
--- lua-5.4.6/lua-5.4.6-tests/calls.lua.big-endian-fix 2023-08-01 09:21:13.212388469 -0400
|
||||
+++ lua-5.4.6/lua-5.4.6-tests/calls.lua 2023-08-01 09:21:34.552557272 -0400
|
||||
@@ -342,20 +342,6 @@ do -- another bug (in 5.4.0)
|
||||
end
|
||||
|
||||
|
||||
-do -- another bug (since 5.2)
|
||||
- -- corrupted binary dump: list of upvalue names is larger than number
|
||||
- -- of upvalues, overflowing the array of upvalues.
|
||||
- local code =
|
||||
- "\x1b\x4c\x75\x61\x54\x00\x19\x93\x0d\x0a\x1a\x0a\x04\x08\x08\x78\x56\z
|
||||
- \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x77\x40\x00\x86\x40\z
|
||||
- \x74\x65\x6d\x70\x81\x81\x01\x00\x02\x82\x48\x00\x02\x00\xc7\x00\x01\z
|
||||
- \x00\x80\x80\x80\x82\x00\x00\x80\x81\x82\x78\x80\x82\x81\x86\x40\x74\z
|
||||
- \x65\x6d\x70"
|
||||
-
|
||||
- assert(load(code)) -- segfaults in previous versions
|
||||
-end
|
||||
-
|
||||
-
|
||||
x = string.dump(load("x = 1; return x"))
|
||||
a = assert(load(read1(x), nil, "b"))
|
||||
assert(a() == 1 and _G.x == 1)
|
||||
@ -1,66 +0,0 @@
|
||||
From f623b969325be736297bc1dff48e763c08778243 Mon Sep 17 00:00:00 2001
|
||||
From: Roberto Ierusalimschy <roberto@inf.puc-rio.br>
|
||||
Date: Wed, 14 Jun 2023 14:38:07 -0300
|
||||
Subject: [PATCH] Bug: read overflow in 'l_strcmp'
|
||||
|
||||
Equality according to 'strcoll' does not imply that strings have
|
||||
the same length.
|
||||
---
|
||||
lvm.c | 38 ++++++++++++++++++++------------------
|
||||
1 file changed, 20 insertions(+), 18 deletions(-)
|
||||
|
||||
diff --git a/src/lvm.c b/src/lvm.c
|
||||
index 4c300a87a..2b437bdfd 100644
|
||||
--- a/src/lvm.c
|
||||
+++ b/src/lvm.c
|
||||
@@ -366,30 +366,32 @@ void luaV_finishset (lua_State *L, const TValue *t, TValue *key,
|
||||
|
||||
|
||||
/*
|
||||
-** Compare two strings 'ls' x 'rs', returning an integer less-equal-
|
||||
-** -greater than zero if 'ls' is less-equal-greater than 'rs'.
|
||||
+** Compare two strings 'ts1' x 'ts2', returning an integer less-equal-
|
||||
+** -greater than zero if 'ts1' is less-equal-greater than 'ts2'.
|
||||
** The code is a little tricky because it allows '\0' in the strings
|
||||
-** and it uses 'strcoll' (to respect locales) for each segments
|
||||
-** of the strings.
|
||||
+** and it uses 'strcoll' (to respect locales) for each segment
|
||||
+** of the strings. Note that segments can compare equal but still
|
||||
+** have different lengths.
|
||||
*/
|
||||
-static int l_strcmp (const TString *ls, const TString *rs) {
|
||||
- const char *l = getstr(ls);
|
||||
- size_t ll = tsslen(ls);
|
||||
- const char *r = getstr(rs);
|
||||
- size_t lr = tsslen(rs);
|
||||
+static int l_strcmp (const TString *ts1, const TString *ts2) {
|
||||
+ const char *s1 = getstr(ts1);
|
||||
+ size_t rl1 = tsslen(ts1); /* real length */
|
||||
+ const char *s2 = getstr(ts2);
|
||||
+ size_t rl2 = tsslen(ts2);
|
||||
for (;;) { /* for each segment */
|
||||
- int temp = strcoll(l, r);
|
||||
+ int temp = strcoll(s1, s2);
|
||||
if (temp != 0) /* not equal? */
|
||||
return temp; /* done */
|
||||
else { /* strings are equal up to a '\0' */
|
||||
- size_t len = strlen(l); /* index of first '\0' in both strings */
|
||||
- if (len == lr) /* 'rs' is finished? */
|
||||
- return (len == ll) ? 0 : 1; /* check 'ls' */
|
||||
- else if (len == ll) /* 'ls' is finished? */
|
||||
- return -1; /* 'ls' is less than 'rs' ('rs' is not finished) */
|
||||
- /* both strings longer than 'len'; go on comparing after the '\0' */
|
||||
- len++;
|
||||
- l += len; ll -= len; r += len; lr -= len;
|
||||
+ size_t zl1 = strlen(s1); /* index of first '\0' in 's1' */
|
||||
+ size_t zl2 = strlen(s2); /* index of first '\0' in 's2' */
|
||||
+ if (zl2 == rl2) /* 's2' is finished? */
|
||||
+ return (zl1 == rl1) ? 0 : 1; /* check 's1' */
|
||||
+ else if (zl1 == rl1) /* 's1' is finished? */
|
||||
+ return -1; /* 's1' is less than 's2' ('s2' is not finished) */
|
||||
+ /* both strings longer than 'zl'; go on comparing after the '\0' */
|
||||
+ zl1++; zl2++;
|
||||
+ s1 += zl1; rl1 -= zl1; s2 += zl2; rl2 -= zl2;
|
||||
}
|
||||
}
|
||||
}
|
||||
14
lua.spec
14
lua.spec
@ -1,6 +1,6 @@
|
||||
%global major_version 5.4
|
||||
# Normally, this is the same as version, but... not always.
|
||||
%global test_version 5.4.6
|
||||
%global test_version 5.4.8
|
||||
# If you are incrementing major_version, enable bootstrapping and adjust accordingly.
|
||||
# Version should be the latest prior build. If you don't do this, RPM will break and
|
||||
# everything will grind to a halt.
|
||||
@ -13,8 +13,8 @@
|
||||
|
||||
|
||||
Name: lua
|
||||
Version: %{major_version}.6
|
||||
Release: 7%{?dist}
|
||||
Version: %{major_version}.8
|
||||
Release: 1%{?dist}
|
||||
Summary: Powerful light-weight programming language
|
||||
License: MIT
|
||||
URL: https://www.lua.org/
|
||||
@ -36,9 +36,6 @@ Patch4: %{name}-5.3.0-configure-compat-module.patch
|
||||
Patch5: %{name}-5.3.0-autotoolize.patch
|
||||
Patch6: %{name}-5.3.5-luac-shared-link-fix.patch
|
||||
%endif
|
||||
Patch7: lua-5.4.6-big-endian-fix.patch
|
||||
# https://www.lua.org/bugs.html
|
||||
Patch8: lua-5.4.6-bug1.patch
|
||||
|
||||
BuildRequires: automake autoconf libtool readline-devel ncurses-devel
|
||||
BuildRequires: make
|
||||
@ -95,8 +92,6 @@ mv src/luaconf.h src/luaconf.h.template.in
|
||||
# Put proper version in configure.ac, patch0 hardcodes 5.3.0
|
||||
sed -i 's|5.3.0|%{version}|g' configure.ac
|
||||
autoreconf -ifv
|
||||
%patch -P7 -p1 -b .big-endian-fix
|
||||
%patch -P8 -p1 -b .bug1
|
||||
|
||||
|
||||
%if 0%{?bootstrap}
|
||||
@ -211,6 +206,9 @@ popd
|
||||
%{_libdir}/*.a
|
||||
|
||||
%changelog
|
||||
* Tue Apr 14 2026 Michal Domonkos <mdomonko@redhat.com> - 5.4.8-1
|
||||
- Update to 5.4.8 (RHEL-68067)
|
||||
|
||||
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 5.4.6-7
|
||||
- Bump release for October 2024 mass rebuild:
|
||||
Resolves: RHEL-64018
|
||||
|
||||
2
sources
2
sources
@ -1,3 +1,5 @@
|
||||
SHA512 (lua-5.3.6.tar.gz) = ccc380d5e114d54504de0bfb0321ca25ec325d6ff1bfee44b11870b660762d1a9bf120490c027a0088128b58bb6b5271bbc648400cab84d2dc22b512c4841681
|
||||
SHA512 (lua-5.4.6.tar.gz) = d90c6903355ee1309cb0d92a8a024522ff049091a117ea21efb585b5de35776191cd67d17a65b18c2f9d374795b7c944f047576f0e3fe818d094b26f0e4845c5
|
||||
SHA512 (lua-5.4.6-tests.tar.gz) = 428b50b9546d8ad81a7c7e74582135a317d27f0c65307f899ec6de50d71c6220672c53648f999b3019503c8fa6f0c1542131621a6bab9e09a7ef2e2919183b2d
|
||||
SHA512 (lua-5.4.8.tar.gz) = 875ad1f6df3ba63722b5069564c9d3a4057b4c3564c691061bb49cf6cdf5d2e303f05762bd46797b444aaf992c03021f423df142123eebf86751fd77edaf8060
|
||||
SHA512 (lua-5.4.8-tests.tar.gz) = 1e5a3379a5a184a2c8c80df1a825ed0485180f7c5c7362b2c99cdbff20cb36f1c487123e117721f0003f0b6efc13e3b8db82c2675fda383bfe1291cd04b7a61d
|
||||
|
||||
Loading…
Reference in New Issue
Block a user