回滚master分支pr:fix CVE-2022-24736

2022-07-05 11:09:37 +08:00 · 2022-07-05 11:09:37 +08:00 · 082db0406c
commit 082db0406c
parent 51da7e90b9
2 changed files with 1 additions and 66 deletions
--- a/CVE-2022-24736.patch
+++ b/CVE-2022-24736.patch
@ -1,60 +0,0 @@
 diff -Naru redis-5.0.14/deps/lua/src/ldebug.c redis-5.0.14-new/deps/lua/src/ldebug.c
 --- redis-5.0.14/deps/lua/src/ldebug.c	2021-10-04 18:58:43.000000000 +0800
 +++ redis-5.0.14-new/deps/lua/src/ldebug.c	2022-05-16 11:01:09.877613000 +0800
@@ -80,7 +80,6 @@
   return L->basehookcount;
 }
 -
 LUA_API int lua_getstack (lua_State *L, int level, lua_Debug *ar) {
   int status;
   CallInfo *ci;
 diff -Naru redis-5.0.14/deps/lua/src/lobject.h redis-5.0.14-new/deps/lua/src/lobject.h
 --- redis-5.0.14/deps/lua/src/lobject.h	2021-10-04 18:58:43.000000000 +0800
 +++ redis-5.0.14-new/deps/lua/src/lobject.h	2022-05-16 11:03:06.374928000 +0800
@@ -337,7 +337,8 @@
 typedef struct Table {
   CommonHeader;
 -  lu_byte flags;  /* 1<<p means tagmethod(p) is not present */ 
 +  lu_byte flags;  /* 1<<p means tagmethod(p) is not present */
 +  int readonly; 
   lu_byte lsizenode;  /* log2 of size of `node' array */
   struct Table *metatable;
   TValue *array;  /* array part */
 diff -Naru redis-5.0.14/deps/lua/src/ltable.c redis-5.0.14-new/deps/lua/src/ltable.c
 --- redis-5.0.14/deps/lua/src/ltable.c	2021-10-04 18:58:43.000000000 +0800
 +++ redis-5.0.14-new/deps/lua/src/ltable.c	2022-05-16 14:40:02.759382000 +0800
@@ -364,6 +364,7 @@
   t->array = NULL;
   t->sizearray = 0;
   t->lsizenode = 0;
 +  t->readonly = 0;
   t->node = cast(Node *, dummynode);
   setarrayvector(L, t, narray);
   setnodevector(L, t, nhash);
 diff -Naru redis-5.0.14/deps/lua/src/lua.h redis-5.0.14-new/deps/lua/src/lua.h
 --- redis-5.0.14/deps/lua/src/lua.h	2021-10-04 18:58:43.000000000 +0800
 +++ redis-5.0.14-new/deps/lua/src/lua.h	2022-05-16 11:06:52.052521000 +0800
@@ -358,6 +358,9 @@
   int i_ci;  /* active function */
 };
 +  LUA_API void lua_enablereadonlytable (lua_State *L, int index, int enabled);
 +  LUA_API int lua_isreadonlytable (lua_State *L, int index);
 +
 /* }====================================================================== */
 diff -Naru redis-5.0.14/deps/lua/src/lvm.c redis-5.0.14-new/deps/lua/src/lvm.c
 --- redis-5.0.14/deps/lua/src/lvm.c	2021-10-04 18:58:43.000000000 +0800
 +++ redis-5.0.14-new/deps/lua/src/lvm.c	2022-05-16 11:14:26.356619000 +0800
@@ -138,6 +138,8 @@
     const TValue *tm;
     if (ttistable(t)) {  /* `t' is a table? */
       Table *h = hvalue(t);
 +      if (h->readonly)
 +        luaG_runerror(L, "Attempt to modify a readonly table");
       TValue *oldval = luaH_set(L, h, key); /* do a primitive set */
       if (!ttisnil(oldval) ||  /* result is no nil? */
           (tm = fasttm(L, h->metatable, TM_NEWINDEX)) == NULL) { /* or no TM? */
--- a/redis5.spec
+++ b/redis5.spec
@ -6,7 +6,7 @@
 %global Pname redis
 Name:                redis5
 Version:             5.0.14
-Release:             3
+Release:             2
 Summary:             A persistent key-value database
 License:             BSD and MIT
 URL:                 https://redis.io
@ -24,7 +24,6 @@ Source10:            https://github.com/antirez/%{Pname}-doc/archive/%{doc_commi
 Patch0001:           Modify-aarch64-architecture-jemalloc-page-size-from-from-4k-to-64k.patch
 Patch0002:           Fix-display-error-message.patch
 Patch0003:           CVE-2022-24736.patch
 BuildRequires:       gcc
 %if %{with tests}
@ -86,7 +85,6 @@ tar -xvf  %{SOURCE10}
 %patch0001 -p1
 %endif
 %patch0002 -p1
 %patch0003 -p1
 mv ../%{Pname}-doc-%{doc_commit} doc
 mv deps/lua/COPYRIGHT    COPYRIGHT-lua
 mv deps/hiredis/COPYING  COPYING-hiredis
@ -191,9 +189,6 @@ exit 0
 %{_docdir}/%{Pname}
 %changelog
 * Thu May 19 2022 dengyuyu <yuyu.deng@epro.com.cn> - 5.0.14-3
 - Fix CVE-2022-24736
 * Sat Dec 04 2021 xu_ping <xuping33@huawei.com> - 5.0.14-2
 - Fix display error message