packages/nmap
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

backport lua upstream patch to fix CVE-2022-28805

Browse Source 
(cherry picked from commit 61dc4d0f9c9bc41a0f614a7fe92ddba8bdefd45e)
This commit is contained in:
xingwei 2025-01-15 07:19:13 +00:00 committed by openeuler-sync-bot
parent 053725c156
commit bfea188fea
2 changed files with 34 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
backport-Bug-Lua-can-generate-wrong-code-when-_ENV-is-const.patch Normal file
View File

@ -0,0 +1,26 @@
From 1f3c6f4534c6411313361697d98d1145a1f030fa Mon Sep 17 00:00:00 2001
From: Roberto Ierusalimschy <roberto@inf.puc-rio.br>
Date: Tue, 15 Feb 2022 12:28:46 -0300
Subject: [PATCH] Bug: Lua can generate wrong code when _ENV is <const>
Conflict: remove testes/attrib.lua and adapt lparser.c file directory
Reference: https://github.com/lua/lua/commit/1f3c6f4534c6411313361697d98d1145a1f030fa
---
liblua/lparser.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/liblua/lparser.c b/liblua/lparser.c
index 3abe3d7..a5cd552 100644
--- a/liblua/lparser.c
+++ b/liblua/lparser.c
@@ -468,6 +468,7 @@ static void singlevar (LexState *ls, expdesc *var) {
expdesc key;
singlevaraux(fs, ls->envn, var, 1); /* get environment variable */
lua_assert(var->k != VVOID); /* this one must exist */
+ luaK_exp2anyregup(fs, var); /* but could be a constant */
codestring(&key, varname); /* key is variable name */
luaK_indexed(fs, var, &key); /* env[varname] */
}
--
2.43.0

9
nmap.spec
View File

@ -3,7 +3,7 @@
Name: nmap Name: nmap
Epoch: 2 Epoch: 2
Version: 7.94 Version: 7.94
Release: 6 Release: 7
License: GPL-2.0-or-later License: GPL-2.0-or-later
Summary: A tool for network discovery and security auditing. Summary: A tool for network discovery and security auditing.
Requires: %{name}-ncat = %{epoch}:%{version}-%{release} Requires: %{name}-ncat = %{epoch}:%{version}-%{release}
@ -24,6 +24,7 @@ Patch0005: backport-remove-nse_pcrelib-from-build.patch
Patch0006: backport-nping-fix-out-of-bounds-access.patch Patch0006: backport-nping-fix-out-of-bounds-access.patch
Patch0007: backport-Ncat-server-UDP-do-not-quit-after-EOF-on-STDIN.-Fixe.patch Patch0007: backport-Ncat-server-UDP-do-not-quit-after-EOF-on-STDIN.-Fixe.patch
Patch0008: remove-password-printing.patch Patch0008: remove-password-printing.patch
Patch0009: backport-Bug-Lua-can-generate-wrong-code-when-_ENV-is-const.patch
%define pixmap_srcdir zenmap/share/pixmaps %define pixmap_srcdir zenmap/share/pixmaps
@ -74,6 +75,12 @@ ln -s ncat %{buildroot}%{_bindir}/nc
%{_mandir}/man1/*.1.gz %{_mandir}/man1/*.1.gz
%changelog %changelog
* Wed Jan 15 2025 xingwei <xingwei14@h-partners.com> - 2:7.94-7
- Type:CVE
- CVE:CVE-2022-28805
- SUG:NA
- DESC:backport lua upstream patch to fix CVE-2022-28805
* Fri Jun 14 2024 xinghe <xinghe2@h-partners.com> - 2:7.94-6 * Fri Jun 14 2024 xinghe <xinghe2@h-partners.com> - 2:7.94-6
- Type:bugfix - Type:bugfix
- CVE:NA - CVE:NA