packages/syslinux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!78 [sync] PR-74: fix CVE-2020-24370

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @t_feng 
Signed-off-by: @t_feng
This commit is contained in:
openeuler-ci-bot 2025-03-12 06:58:28 +00:00 committed by Gitee
commit 506533c36a
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 41 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
backport-CVE-2020-24370.patch Normal file
View File

@ -0,0 +1,36 @@
From b5bc89846721375fe30772eb8c5ab2786f362bf9 Mon Sep 17 00:00:00 2001
From: Roberto Ierusalimschy <roberto@inf.puc-rio.br>
Date: Mon, 3 Aug 2020 16:25:28 -0300
Subject: [PATCH] Fixed bug: Negation overflow in getlocal/setlocal
---
com32/lua/src/ldebug.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/com32/lua/src/ldebug.c b/com32/lua/src/ldebug.c
index e1389296e..bb0e1d4ac 100644
--- a/com32/lua/src/ldebug.c
+++ b/com32/lua/src/ldebug.c
@@ -133,10 +133,11 @@ static const char *upvalname (Proto *p, int uv) {
static const char *findvararg (CallInfo *ci, int n, StkId *pos) {
int nparams = clLvalue(ci->func)->p->numparams;
- if (n >= ci->u.l.base - ci->func - nparams)
+ int nvararg = ci->u.l.base - ci->func - nparams;
+ if (n <= -nvararg)
return NULL; /* no such vararg */
else {
- *pos = ci->func + nparams + n;
+ *pos = ci->func + nparams - n;
return "(*vararg)"; /* generic name for any vararg */
}
}
@@ -148,7 +149,7 @@ static const char *findlocal (lua_State *L, CallInfo *ci, int n,
StkId base;
if (isLua(ci)) {
if (n < 0) /* access to vararg values? */
- return findvararg(ci, -n, pos);
+ return findvararg(ci, n, pos);
else {
base = ci->u.l.base;
name = luaF_getlocalname(ci_func(ci)->p, n, currentpc(ci));

6
syslinux.spec
View File

@ -2,7 +2,7 @@
Name: syslinux
Version: 6.04
Release: 16
Release: 17
License: GPLv2+
Summary: The Syslinux boot loader collection
URL: http://syslinux.zytor.com/wiki/index.php/The_Syslinux_Project
@ -28,6 +28,7 @@ Patch0005: backport-add-RPMOPTFLAGS-to-CFLAGS-for-some-stuff.patch
Patch0006: backport-tweak-for-gcc-10.patch
Patch0007: backport-zlib-update.patch
Patch0008: backport-libpng-update-to-1.6.36.patch
Patch0009: backport-CVE-2020-24370.patch
%description
The Syslinux Project covers lightweight bootloaders for MS-DOS FAT filesystems (SYSLINUX),
@ -163,6 +164,9 @@ fi
%{_datadir}/syslinux/efi64
%changelog
* Wed Mar 12 2025 lingsheng <lingsheng1@h-partners.com> - 6.04-17
- fix CVE-2020-24370
* Thu Aug 29 2024 lingsheng <lingsheng1@h-partners.com> - 6.04-16
- update libpng 1.6.36 to fix CVE-2011-2501 CVE-2011-2690 CVE-2011-2691
- CVE-2011-2692 CVE-2011-3045 CVE-2011-3048 CVE-2012-3425 CVE-2015-7981