diff options
| author |   Federico Denkena <federico.denkena@posteo.de> | 2022-09-26 17:43:34 +0200 |
|---|---|---|
| committer |   David Seifert <soap@gentoo.org> | 2022-09-26 17:43:34 +0200 |
| commit | 4fb0d3e7e9eafdd19a6931dce5948016ddc351e0 (patch) | |
| tree | c4085493347a2308c0c53f20c8664dda0204a810 | |
| parent | media-fonts/lxgw-wenkai: add 1.245, drop 1.240 (diff) | |
| download | gentoo-4fb0d3e7.tar.gz gentoo-4fb0d3e7.tar.bz2 gentoo-4fb0d3e7.zip | |
dev-lang/lua: Fix for CVE-2022-28805
This commit fixes CVE-2022-28805 (patch from upstream, slightly modified
due to changed file paths in gentoo).
Closes: https://github.com/gentoo/gentoo/pull/27423
Bug: https://bugs.gentoo.org/837521
Signed-off-by: Federico Denkena <federico.denkena@posteo.de>
Signed-off-by: David Seifert <soap@gentoo.org>
| -rw-r--r-- | dev-lang/lua/files/lua-5.4.4-lparser-overread.patch | 34 | ||||
| -rw-r--r-- | dev-lang/lua/lua-5.4.4-r103.ebuild (renamed from dev-lang/lua/lua-5.4.4-r102.ebuild) | 4 |
2 files changed, 38 insertions, 0 deletions
diff --git a/dev-lang/lua/files/lua-5.4.4-lparser-overread.patch b/dev-lang/lua/files/lua-5.4.4-lparser-overread.patch new file mode 100644 index 000000000000..3e625aa4ffc0 --- /dev/null +++ b/dev-lang/lua/files/lua-5.4.4-lparser-overread.patch @@ -0,0 +1,34 @@ +From https://github.com/lua/lua/commit/1f3c6f4534c6411313361697d98d1145a1f030fa Mon Sep 17 00:00:00 2001 +From: Roberto Ierusalimschy <roberto@inf.puc-rio.br> +Date: Tue, 15 Feb 2022 12:28:46 -0300 +Subject: [PATCH] Bug: Lua can generate wrong code when _ENV is <const> + +--- a/src/lparser.c ++++ b/src/lparser.c +@@ -468,6 +468,7 @@ static void singlevar (LexState *ls, expdesc *var) { + expdesc key; + singlevaraux(fs, ls->envn, var, 1); /* get environment variable */ + lua_assert(var->k != VVOID); /* this one must exist */ ++ luaK_exp2anyregup(fs, var); /* but could be a constant */ + codestring(&key, varname); /* key is variable name */ + luaK_indexed(fs, var, &key); /* env[varname] */ + } +--- a/tests/attrib.lua ++++ b/tests/attrib.lua +@@ -434,6 +434,16 @@ a.aVeryLongName012345678901234567890123456789012345678901234567890123456789 == + 10) + + ++do ++ -- _ENV constant ++ local function foo () ++ local _ENV <const> = 11 ++ X = "hi" ++ end ++ local st, msg = pcall(foo) ++ assert(not st and string.find(msg, "number")) ++end ++ + + -- test of large float/integer indices + diff --git a/dev-lang/lua/lua-5.4.4-r102.ebuild b/dev-lang/lua/lua-5.4.4-r103.ebuild index 1667e6078222..6d39113fa1a3 100644 --- a/dev-lang/lua/lua-5.4.4-r102.ebuild +++ b/dev-lang/lua/lua-5.4.4-r103.ebuild @@ -22,6 +22,10 @@ DEPEND=" RDEPEND="${DEPEND}" BDEPEND="virtual/pkgconfig" +PATCHES=( + "${FILESDIR}/${P}-lparser-overread.patch" +) + src_prepare() { default |