From bfea188feae6210ab1a248a7731a5e2435124c0f Mon Sep 17 00:00:00 2001 From: xingwei Date: Wed, 15 Jan 2025 07:19:13 +0000 Subject: [PATCH] backport lua upstream patch to fix CVE-2022-28805 (cherry picked from commit 61dc4d0f9c9bc41a0f614a7fe92ddba8bdefd45e) --- ...nerate-wrong-code-when-_ENV-is-const.patch | 26 +++++++++++++++++++ nmap.spec | 9 ++++++- 2 files changed, 34 insertions(+), 1 deletion(-) create mode 100644 backport-Bug-Lua-can-generate-wrong-code-when-_ENV-is-const.patch diff --git a/backport-Bug-Lua-can-generate-wrong-code-when-_ENV-is-const.patch b/backport-Bug-Lua-can-generate-wrong-code-when-_ENV-is-const.patch new file mode 100644 index 0000000..3dbe36f --- /dev/null +++ b/backport-Bug-Lua-can-generate-wrong-code-when-_ENV-is-const.patch @@ -0,0 +1,26 @@ +From 1f3c6f4534c6411313361697d98d1145a1f030fa Mon Sep 17 00:00:00 2001 +From: Roberto Ierusalimschy +Date: Tue, 15 Feb 2022 12:28:46 -0300 +Subject: [PATCH] Bug: Lua can generate wrong code when _ENV is + +Conflict: remove testes/attrib.lua and adapt lparser.c file directory +Reference: https://github.com/lua/lua/commit/1f3c6f4534c6411313361697d98d1145a1f030fa + +--- + liblua/lparser.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/liblua/lparser.c b/liblua/lparser.c +index 3abe3d7..a5cd552 100644 +--- a/liblua/lparser.c ++++ b/liblua/lparser.c +@@ -468,6 +468,7 @@ static void singlevar (LexState *ls, expdesc *var) { + expdesc key; + singlevaraux(fs, ls->envn, var, 1); /* get environment variable */ + lua_assert(var->k != VVOID); /* this one must exist */ ++ luaK_exp2anyregup(fs, var); /* but could be a constant */ + codestring(&key, varname); /* key is variable name */ + luaK_indexed(fs, var, &key); /* env[varname] */ + } +-- +2.43.0 \ No newline at end of file diff --git a/nmap.spec b/nmap.spec index e65ac8d..3a48987 100644 --- a/nmap.spec +++ b/nmap.spec @@ -3,7 +3,7 @@ Name: nmap Epoch: 2 Version: 7.94 -Release: 6 +Release: 7 License: GPL-2.0-or-later Summary: A tool for network discovery and security auditing. Requires: %{name}-ncat = %{epoch}:%{version}-%{release} @@ -24,6 +24,7 @@ Patch0005: backport-remove-nse_pcrelib-from-build.patch Patch0006: backport-nping-fix-out-of-bounds-access.patch Patch0007: backport-Ncat-server-UDP-do-not-quit-after-EOF-on-STDIN.-Fixe.patch Patch0008: remove-password-printing.patch +Patch0009: backport-Bug-Lua-can-generate-wrong-code-when-_ENV-is-const.patch %define pixmap_srcdir zenmap/share/pixmaps @@ -74,6 +75,12 @@ ln -s ncat %{buildroot}%{_bindir}/nc %{_mandir}/man1/*.1.gz %changelog +* Wed Jan 15 2025 xingwei - 2:7.94-7 +- Type:CVE +- CVE:CVE-2022-28805 +- SUG:NA +- DESC:backport lua upstream patch to fix CVE-2022-28805 + * Fri Jun 14 2024 xinghe - 2:7.94-6 - Type:bugfix - CVE:NA