packages/redis5
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!38 回滚master分支pr:fix CVE-2022-24736

Browse Source 
From: @yuluosha 
Reviewed-by: @wuzeyi1 
Signed-off-by: @wuzeyi1
This commit is contained in:
openeuler-ci-bot 2022-08-05 06:41:57 +00:00 committed by Gitee
commit 1ec4b23f3a
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 1 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
CVE-2022-24736.patch
View File

@ -1,60 +0,0 @@
diff -Naru redis-5.0.14/deps/lua/src/ldebug.c redis-5.0.14-new/deps/lua/src/ldebug.c
--- redis-5.0.14/deps/lua/src/ldebug.c 2021-10-04 18:58:43.000000000 +0800
+++ redis-5.0.14-new/deps/lua/src/ldebug.c 2022-05-16 11:01:09.877613000 +0800
@@ -80,7 +80,6 @@
return L->basehookcount;
}
-
LUA_API int lua_getstack (lua_State *L, int level, lua_Debug *ar) {
int status;
CallInfo *ci;
diff -Naru redis-5.0.14/deps/lua/src/lobject.h redis-5.0.14-new/deps/lua/src/lobject.h
--- redis-5.0.14/deps/lua/src/lobject.h 2021-10-04 18:58:43.000000000 +0800
+++ redis-5.0.14-new/deps/lua/src/lobject.h 2022-05-16 11:03:06.374928000 +0800
@@ -337,7 +337,8 @@
typedef struct Table {
CommonHeader;
- lu_byte flags; /* 1<<p means tagmethod(p) is not present */
+ lu_byte flags; /* 1<<p means tagmethod(p) is not present */
+ int readonly;
lu_byte lsizenode; /* log2 of size of `node' array */
struct Table *metatable;
TValue *array; /* array part */
diff -Naru redis-5.0.14/deps/lua/src/ltable.c redis-5.0.14-new/deps/lua/src/ltable.c
--- redis-5.0.14/deps/lua/src/ltable.c 2021-10-04 18:58:43.000000000 +0800
+++ redis-5.0.14-new/deps/lua/src/ltable.c 2022-05-16 14:40:02.759382000 +0800
@@ -364,6 +364,7 @@
t->array = NULL;
t->sizearray = 0;
t->lsizenode = 0;
+ t->readonly = 0;
t->node = cast(Node *, dummynode);
setarrayvector(L, t, narray);
setnodevector(L, t, nhash);
diff -Naru redis-5.0.14/deps/lua/src/lua.h redis-5.0.14-new/deps/lua/src/lua.h
--- redis-5.0.14/deps/lua/src/lua.h 2021-10-04 18:58:43.000000000 +0800
+++ redis-5.0.14-new/deps/lua/src/lua.h 2022-05-16 11:06:52.052521000 +0800
@@ -358,6 +358,9 @@
int i_ci; /* active function */
};
+ LUA_API void lua_enablereadonlytable (lua_State *L, int index, int enabled);
+ LUA_API int lua_isreadonlytable (lua_State *L, int index);
+
/* }====================================================================== */
diff -Naru redis-5.0.14/deps/lua/src/lvm.c redis-5.0.14-new/deps/lua/src/lvm.c
--- redis-5.0.14/deps/lua/src/lvm.c 2021-10-04 18:58:43.000000000 +0800
+++ redis-5.0.14-new/deps/lua/src/lvm.c 2022-05-16 11:14:26.356619000 +0800
@@ -138,6 +138,8 @@
const TValue *tm;
if (ttistable(t)) { /* `t' is a table? */
Table *h = hvalue(t);
+ if (h->readonly)
+ luaG_runerror(L, "Attempt to modify a readonly table");
TValue *oldval = luaH_set(L, h, key); /* do a primitive set */
if (!ttisnil(oldval) || /* result is no nil? */
(tm = fasttm(L, h->metatable, TM_NEWINDEX)) == NULL) { /* or no TM? */

7
redis5.spec
View File

@ -6,7 +6,7 @@
%global Pname redis
Name: redis5
Version: 5.0.14
Release: 3
Release: 2
Summary: A persistent key-value database
License: BSD and MIT
URL: https://redis.io
@ -24,7 +24,6 @@ Source10: https://github.com/antirez/%{Pname}-doc/archive/%{doc_commi
Patch0001: Modify-aarch64-architecture-jemalloc-page-size-from-from-4k-to-64k.patch
Patch0002: Fix-display-error-message.patch
Patch0003: CVE-2022-24736.patch
BuildRequires: gcc
%if %{with tests}
@ -86,7 +85,6 @@ tar -xvf %{SOURCE10}
%patch0001 -p1
%endif
%patch0002 -p1
%patch0003 -p1
mv ../%{Pname}-doc-%{doc_commit} doc
mv deps/lua/COPYRIGHT COPYRIGHT-lua
mv deps/hiredis/COPYING COPYING-hiredis
@ -191,9 +189,6 @@ exit 0
%{_docdir}/%{Pname}
%changelog
* Thu May 19 2022 dengyuyu <yuyu.deng@epro.com.cn> - 5.0.14-3
- Fix CVE-2022-24736
* Sat Dec 04 2021 xu_ping <xuping33@huawei.com> - 5.0.14-2
- Fix display error message