mirrors/aports
1
0
Fork 0
mirror of https://gitlab.alpinelinux.org/alpine/aports.git synced 2026-05-05 20:36:40 +02:00
Code Issues Packages Projects Releases Wiki Activity

main/lua5.4: patch CVE-2022-28805

Browse Source
This commit is contained in:
psykose 2022-05-10 16:53:10 +00:00 committed by alice
parent 3bd7ea935c
commit 427f304d7a
2 changed files with 32 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
main/lua5.4/APKBUILD
View File

@ -3,7 +3,7 @@ pkgname=lua5.4
_pkgname=lua
pkgver=5.4.3
_luaver=${pkgname#lua}
pkgrel=0
pkgrel=1
pkgdesc="Powerful light-weight programming language"
url="https://www.lua.org/"
arch="all"
@ -17,10 +17,13 @@ source="https://www.lua.org/ftp/$_pkgname-$pkgver.tar.gz
lua-5.4-make.patch
lua-5.4-module_paths.patch
lua5.4.pc
CVE-2022-28805.patch
"
builddir="$srcdir/$_pkgname-$pkgver"
# secfixes:
# 5.4.3-r1:
# - CVE-2022-28805
# 5.3.5-r2:
# - CVE-2019-6706
@ -101,7 +104,10 @@ libs() {
mv "$pkgdir"/usr/lib "$subpkgdir"/usr/
}
sha512sums="3a1a3ee8694b72b4ec9d3ce76705fe179328294353604ca950c53f41b41161b449877d43318ef4501fee44ecbd6c83314ce7468d7425ba9b2903c9c32a28bbc0 lua-5.4.3.tar.gz
sha512sums="
3a1a3ee8694b72b4ec9d3ce76705fe179328294353604ca950c53f41b41161b449877d43318ef4501fee44ecbd6c83314ce7468d7425ba9b2903c9c32a28bbc0 lua-5.4.3.tar.gz
1bc6c623024c1738155b30ff9c0edcce0f336edc25aa20c3a1400c859421ea2015d75175cce8d515e055ac3e96028426b74812e04022af18a0ed4c4601556027 lua-5.4-make.patch
904a9b296d0bdb68630f8865fce86fc8f092120ee6ebfeb97f069b5aa49f203ddc63aeceee276ae8e006bbb73bf2811e7eceb6aae82817170d3acef3ad057c93 lua-5.4-module_paths.patch
34466bc244737a557ff2c87efbc62ab5c5424523f574d17b2f34aea40f534f2c45cdfa242097aadecd38f00d732b0c8e9daef1cd461728a084c72946edb9a48a lua5.4.pc"
34466bc244737a557ff2c87efbc62ab5c5424523f574d17b2f34aea40f534f2c45cdfa242097aadecd38f00d732b0c8e9daef1cd461728a084c72946edb9a48a lua5.4.pc
de9b2203ccde8711bfd3e6ff59fda12f48130fd9f6cc3e9db0403326a03e56433f929e29f869a12e9a4f1461d84b713efc5ea47e631a2830f945ea34fc4e081c CVE-2022-28805.patch
"

23
main/lua5.4/CVE-2022-28805.patch Normal file
View File

@ -0,0 +1,23 @@
Patch-Source: https://github.com/lua/lua/commit/1f3c6f4534c6411313361697d98d1145a1f030fa
From 1f3c6f4534c6411313361697d98d1145a1f030fa Mon Sep 17 00:00:00 2001
From: Roberto Ierusalimschy <roberto@inf.puc-rio.br>
Date: Tue, 15 Feb 2022 12:28:46 -0300
Subject: [PATCH] Bug: Lua can generate wrong code when _ENV is <const>
---
lparser.c | 1 +
testes/attrib.lua | 10 ++++++++++
2 files changed, 11 insertions(+)
diff --git a/lparser.c b/lparser.c
index 3abe3d751..a5cd55257 100644
--- a/src/lparser.c
+++ b/src/lparser.c
@@ -468,6 +468,7 @@ static void singlevar (LexState *ls, expdesc *var) {
expdesc key;
singlevaraux(fs, ls->envn, var, 1); /* get environment variable */
lua_assert(var->k != VVOID); /* this one must exist */
+ luaK_exp2anyregup(fs, var); /* but could be a constant */
codestring(&key, varname); /* key is variable name */
luaK_indexed(fs, var, &key); /* env[varname] */
}