diff options
author | Max Rees <maxcrees@me.com> | 2019-06-21 00:53:52 -0400 |
---|---|---|
committer | Max Rees <maxcrees@me.com> | 2019-06-21 00:53:52 -0400 |
commit | 976181630770f5d6060be745299ac55d6aada462 (patch) | |
tree | 51fabe7111d45bc0917a872dc35551834ce8c228 | |
parent | 63771aaa77f749ca07d33421525d8bd23ff9d980 (diff) | |
download | packages-976181630770f5d6060be745299ac55d6aada462.tar.gz packages-976181630770f5d6060be745299ac55d6aada462.tar.bz2 packages-976181630770f5d6060be745299ac55d6aada462.tar.xz packages-976181630770f5d6060be745299ac55d6aada462.zip |
system/lua5.3: patch for CVE-2019-6706
-rw-r--r-- | system/lua5.3/APKBUILD | 10 | ||||
-rw-r--r-- | system/lua5.3/CVE-2019-6706.patch | 27 |
2 files changed, 35 insertions, 2 deletions
diff --git a/system/lua5.3/APKBUILD b/system/lua5.3/APKBUILD index 1589f14d1..9a90fc7c9 100644 --- a/system/lua5.3/APKBUILD +++ b/system/lua5.3/APKBUILD @@ -3,7 +3,7 @@ pkgname=lua5.3 _pkgname=lua pkgver=5.3.5 _luaver=${pkgname#lua} -pkgrel=0 +pkgrel=1 pkgdesc="Light-weight programming language" url="https://www.lua.org/" arch="all" @@ -17,9 +17,14 @@ source="https://www.lua.org/ftp/$_pkgname-$pkgver.tar.gz lua-5.3-make.patch lua-5.3-module_paths.patch linenoise.patch + CVE-2019-6706.patch " builddir="$srcdir/$_pkgname-$pkgver" +# secfixes: lua +# 5.3.5-r1: +# - CVE-2019-6706.patch + prepare() { default_prepare cd "$builddir" @@ -134,4 +139,5 @@ libs() { sha512sums="4f9516acc4659dfd0a9e911bfa00c0788f0ad9348e5724fe8fb17aac59e9c0060a64378f82be86f8534e49c6c013e7488ad17321bafcc787831d3d67406bd0f4 lua-5.3.5.tar.gz 1bc6c623024c1738155b30ff9c0edcce0f336edc25aa20c3a1400c859421ea2015d75175cce8d515e055ac3e96028426b74812e04022af18a0ed4c4601556027 lua-5.3-make.patch bc68772390dc8d8940176af0b9fbacc0af61891b5d27de5f1466a4e7f9b3291a1c08ba5add829bc96b789a53fa5ec2dadaa096ca6eabe54ec27724fa2810940f lua-5.3-module_paths.patch -49880d1131b7bd2a3169a26f401769a91d9a6a62cefe68aa5a89097139289588b7ef753535a2d0ba7f45c0369c760554940fd810716b7b1353deace32432fcfe linenoise.patch" +49880d1131b7bd2a3169a26f401769a91d9a6a62cefe68aa5a89097139289588b7ef753535a2d0ba7f45c0369c760554940fd810716b7b1353deace32432fcfe linenoise.patch +77755c083630d48404178012d5947230675311a15f0f5e30efa72004edf3124615fa9080b739240213c013efb015689e09ee653a41d560964a3df78a8fe0fd8d CVE-2019-6706.patch" diff --git a/system/lua5.3/CVE-2019-6706.patch b/system/lua5.3/CVE-2019-6706.patch new file mode 100644 index 000000000..c35f81a4a --- /dev/null +++ b/system/lua5.3/CVE-2019-6706.patch @@ -0,0 +1,27 @@ +Lifted from Ubuntu: + +https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/lua5.3/5.3.3-1.1ubuntu1/lua5.3_5.3.3-1.1ubuntu1.debian.tar.xz +0c7d89b1413cc55f3aff5bbd40e5726b7d69b856befbbf32f00f58588dc4ce81 + +--- a/src/lapi.c ++++ b/src/lapi.c +@@ -1285,14 +1285,14 @@ LUA_API void *lua_upvalueid (lua_State * + + LUA_API void lua_upvaluejoin (lua_State *L, int fidx1, int n1, + int fidx2, int n2) { +- LClosure *f1; +- UpVal **up1 = getupvalref(L, fidx1, n1, &f1); ++ UpVal **up1 = getupvalref(L, fidx1, n1, NULL); /* the last parameter not needed */ + UpVal **up2 = getupvalref(L, fidx2, n2, NULL); ++ if (*up1 == *up2) return; /* Already joined */ ++ (*up2)->refcount++; ++ if (upisopen(*up2)) (*up2)->u.open.touched = 1; ++ luaC_upvalbarrier(L, *up2); + luaC_upvdeccount(L, *up1); + *up1 = *up2; +- (*up1)->refcount++; +- if (upisopen(*up1)) (*up1)->u.open.touched = 1; +- luaC_upvalbarrier(L, *up1); + } + + |