Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
aports
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Service Desk
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Incidents
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Johannes Müller
aports
Commits
fda894f6
Commit
fda894f6
authored
May 06, 2019
by
Natanael Copa
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
main/lua5.3: upgrade to 5.3.5 and sec fix CVE-2019-6706
fixes #10255
parent
7343860d
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
34 additions
and
12 deletions
+34
-12
main/lua5.3/APKBUILD
main/lua5.3/APKBUILD
+10
-12
main/lua5.3/CVE-2019-6706-use-after-free-lua_upvaluejoin.patch
...lua5.3/CVE-2019-6706-use-after-free-lua_upvaluejoin.patch
+24
-0
No files found.
main/lua5.3/APKBUILD
View file @
fda894f6
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname
=
lua5.3
_pkgname
=
lua
pkgver
=
5.3.
4
pkgver
=
5.3.
5
_luaver
=
${
pkgname
#lua
}
pkgrel
=
2
pkgrel
=
0
pkgdesc
=
"Powerful light-weight programming language"
url
=
"https://www.lua.org/"
arch
=
"all"
...
...
@@ -16,9 +16,14 @@ source="https://www.lua.org/ftp/$_pkgname-$pkgver.tar.gz
lua-5.3-make.patch
lua-5.3-module_paths.patch
linenoise.patch
CVE-2019-6706-use-after-free-lua_upvaluejoin.patch
"
builddir
=
"
$srcdir
/
$_pkgname
-
$pkgver
"
# secfixes:
# 5.3.5-r0:
# - CVE-2019-6706
prepare
()
{
default_prepare
||
return
1
cd
"
$builddir
"
...
...
@@ -132,15 +137,8 @@ libs() {
mv
"
$pkgdir
"
/usr/lib
"
$subpkgdir
"
/usr/
}
md5sums
=
"53a9c68bcc0eda58bdc2095ad5cdfc63 lua-5.3.4.tar.gz
67acac7d9e37da67806f6a08c8100599 lua-5.3-make.patch
eefd0de61b6993c62a880dc218c9abd6 lua-5.3-module_paths.patch
1447ddfe8a4217b1d23ece0583ab771c linenoise.patch"
sha256sums
=
"f681aa518233bc407e23acf0f5887c884f17436f000d453b2491a9f11a52400c lua-5.3.4.tar.gz
64eafd1d2945623fe807384f9967f94d485b4b9b620ed977b3faca80548444ce lua-5.3-make.patch
d2e2d96d3b10e72dda2c78cb7f478d655c730195d46ab466c961a7846793c644 lua-5.3-module_paths.patch
a1761ba3151e5f0c921debecb39a7ac983a6311f08f7e5691de9f05c4cb02964 linenoise.patch"
sha512sums
=
"739e31f82e6a60fa99910c2005e991b3a1e21339af52847f653cb190b30842054d189ca116ffcfdf9b36e07888c9ce5642b1dd2988cc7eff9f8789f9a2e34997 lua-5.3.4.tar.gz
sha512sums
=
"4f9516acc4659dfd0a9e911bfa00c0788f0ad9348e5724fe8fb17aac59e9c0060a64378f82be86f8534e49c6c013e7488ad17321bafcc787831d3d67406bd0f4 lua-5.3.5.tar.gz
1bc6c623024c1738155b30ff9c0edcce0f336edc25aa20c3a1400c859421ea2015d75175cce8d515e055ac3e96028426b74812e04022af18a0ed4c4601556027 lua-5.3-make.patch
313ff823ed871f380a2cb0ba1f0afbba5cfa9b98da40e6e5e8f3c7a2e5993b13c2577efbe7147b79e3903ff27d5a814fa782c1c925092b08510cb4ce02abf464 lua-5.3-module_paths.patch
49880d1131b7bd2a3169a26f401769a91d9a6a62cefe68aa5a89097139289588b7ef753535a2d0ba7f45c0369c760554940fd810716b7b1353deace32432fcfe linenoise.patch"
49880d1131b7bd2a3169a26f401769a91d9a6a62cefe68aa5a89097139289588b7ef753535a2d0ba7f45c0369c760554940fd810716b7b1353deace32432fcfe linenoise.patch
fde7f5f5a184cd393665c7c8c7ba3c728e1413df5f63dbe60855af13ddd313d9300720298534f4312638ddf59fa678a38f708bce622dd7a2298b4ed87c068ae7 CVE-2019-6706-use-after-free-lua_upvaluejoin.patch"
main/lua5.3/CVE-2019-6706-use-after-free-lua_upvaluejoin.patch
0 → 100644
View file @
fda894f6
http://lua.2524044.n2.nabble.com/CVE-2019-6706-use-after-free-in-lua-upvaluejoin-function-tc7685575.html
--- a/src/lapi.c
+++ b/src/lapi.c
@@ -1285,14 +1285,14 @@
LUA_API void *lua_upvalueid (lua_State *
LUA_API void lua_upvaluejoin (lua_State *L, int fidx1, int n1,
int fidx2, int n2) {
- LClosure *f1;
- UpVal **up1 = getupvalref(L, fidx1, n1, &f1);
+ UpVal **up1 = getupvalref(L, fidx1, n1, NULL); /* the last parameter not needed */
UpVal **up2 = getupvalref(L, fidx2, n2, NULL);
+ if (*up1 == *up2) return; /* Already joined */
+ (*up2)->refcount++;
+ if (upisopen(*up2)) (*up2)->u.open.touched = 1;
+ luaC_upvalbarrier(L, *up2);
luaC_upvdeccount(L, *up1);
*up1 = *up2;
- (*up1)->refcount++;
- if (upisopen(*up1)) (*up1)->u.open.touched = 1;
- luaC_upvalbarrier(L, *up1);
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment