!78 [sync] PR-74: fix CVE-2020-24370

From: @openeuler-sync-bot Reviewed-by: @t_feng Signed-off-by: @t_feng
fix CVE-2020-24370
2025-03-12 06:58:28 +00:00 · 2025-03-12 10:43:55 +08:00 · 2024-08-31 02:57:32 +00:00 · 2024-08-30 08:18:45 +00:00 · 2024-08-02 07:56:26 +00:00 · 2024-08-01 10:48:40 +00:00
5 changed files with 78776 additions and 14 deletions
--- a/backport-CVE-2020-24370.patch
+++ b/backport-CVE-2020-24370.patch
@ -0,0 +1,36 @@
 From b5bc89846721375fe30772eb8c5ab2786f362bf9 Mon Sep 17 00:00:00 2001
 From: Roberto Ierusalimschy <roberto@inf.puc-rio.br>
 Date: Mon, 3 Aug 2020 16:25:28 -0300
 Subject: [PATCH] Fixed bug: Negation overflow in getlocal/setlocal
 ---
 com32/lua/src/ldebug.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)
 diff --git a/com32/lua/src/ldebug.c b/com32/lua/src/ldebug.c
 index e1389296e..bb0e1d4ac 100644
 --- a/com32/lua/src/ldebug.c
 +++ b/com32/lua/src/ldebug.c
@@ -133,10 +133,11 @@ static const char *upvalname (Proto *p, int uv) {
 static const char *findvararg (CallInfo *ci, int n, StkId *pos) {
   int nparams = clLvalue(ci->func)->p->numparams;
 -  if (n >= ci->u.l.base - ci->func - nparams)
 +  int nvararg = ci->u.l.base - ci->func - nparams;
 +  if (n <= -nvararg)
     return NULL;  /* no such vararg */
   else {
 -    *pos = ci->func + nparams + n;
 +    *pos = ci->func + nparams - n;
     return "(*vararg)";  /* generic name for any vararg */
   }
 }
@@ -148,7 +149,7 @@ static const char *findlocal (lua_State *L, CallInfo *ci, int n,
   StkId base;
   if (isLua(ci)) {
     if (n < 0)  /* access to vararg values? */
 -      return findvararg(ci, -n, pos);
 +      return findvararg(ci, n, pos);
     else {
       base = ci->u.l.base;
       name = luaF_getlocalname(ci_func(ci)->p, n, currentpc(ci));
--- a/backport-libpng-update-to-1.6.36.patch
+++ b/backport-libpng-update-to-1.6.36.patch
--- a/backport-zlib-update.patch
+++ b/backport-zlib-update.patch
--- a/syslinux.spec
+++ b/syslinux.spec
@ -2,7 +2,7 @@
 Name:           syslinux
 Version:        6.04
-Release:        12
+Release:        17
 License:        GPLv2+
 Summary:        The Syslinux boot loader collection
 URL:            http://syslinux.zytor.com/wiki/index.php/The_Syslinux_Project
@ -26,6 +26,9 @@ Patch0003:      0003-include-sysmacros-h.patch
 Patch0004:      backport-replace-builtin-strlen-that-appears-to-get-optimized.patch
 Patch0005:      backport-add-RPMOPTFLAGS-to-CFLAGS-for-some-stuff.patch
 Patch0006:      backport-tweak-for-gcc-10.patch
 Patch0007:      backport-zlib-update.patch
 Patch0008:      backport-libpng-update-to-1.6.36.patch
 Patch0009:      backport-CVE-2020-24370.patch
 %description
 The Syslinux Project covers lightweight bootloaders for MS-DOS FAT filesystems (SYSLINUX),
@ -121,7 +124,7 @@ fi
 %files
 %doc COPYING NEWS README*
 %doc doc/* sample
-%{_mandir}/man1/{gethostip*,extlinux*,isohybrid*,memdiskfind*,syslinux.1.gz}
+%{_mandir}/man1/{gethostip*,isohybrid*,memdiskfind*,syslinux.1.gz}
 %{_datadir}/doc/syslinux/sample/sample.msg 
 %{_bindir}/{gethostip,isohybrid,memdiskfind,syslinux}
 %dir %{_datadir}/syslinux/dosutil
@ -142,6 +145,7 @@ fi
 %{_datadir}/syslinux/com32/*
 %files extlinux
 %{_mandir}/man1/extlinux*
 /sbin/extlinux
 %config /etc/extlinux.conf
@ -160,37 +164,54 @@ fi
 %{_datadir}/syslinux/efi64
 %changelog
-* Mon Apr 18 2022 hanhui<hanhui15@h-partners.com> - 6.04-12
+* Wed Mar 12 2025 lingsheng <lingsheng1@h-partners.com> - 6.04-17
 - fix CVE-2020-24370
 * Thu Aug 29 2024 lingsheng <lingsheng1@h-partners.com> - 6.04-16
 - update libpng 1.6.36 to fix CVE-2011-2501 CVE-2011-2690 CVE-2011-2691
 - CVE-2011-2692 CVE-2011-3045 CVE-2011-3048 CVE-2012-3425 CVE-2015-7981
 - CVE-2015-8126 CVE-2015-8472 CVE-2015-8540 CVE-2016-10087 CVE-2017-12652
 * Thu Aug 01 2024 lingsheng <lingsheng1@h-partners.com> - 6.04-15
 - Clean changelog format, fix yaml
 * Tue Jul 11 2023 zhangpan <zhangpan103@h-partners.com> - 6.04-14
 - fix CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843
 * Tue May 24 2022 hanhui <hanhui15@h-partners.com> - 6.04-13
 - package the extlinux* file into the syslinux-extlinux.rpm
 * Mon Apr 18 2022 hanhui <hanhui15@h-partners.com> - 6.04-12
 - slove duplicate package files
-* Mon Aug 23 2021 yangcheng<yangcheng87@huawei.com> - 6.04-11
+* Mon Aug 23 2021 yangcheng <yangcheng87@huawei.com> - 6.04-11
 - Increase perl and gcc dependencies in buildrequires
-* Thu Aug 12 2021 yangcheng<yangcheng87@huawei.com> - 6.04-10
+* Thu Aug 12 2021 yangcheng <yangcheng87@huawei.com> - 6.04-10
 - streamline the build dependency and fix the compiling stuck
-* Fri Jul 30 2021 hanhui<hanhui15@huawei.com> - 6.04-9
+* Fri Jul 30 2021 hanhui <hanhui15@huawei.com> - 6.04-9
 - fix build failed due to gcc-10
-* Fri Jul 16 2021 hanhui<hanhui15@huawei.com> - 6.04-8
+* Fri Jul 16 2021 hanhui <hanhui15@huawei.com> - 6.04-8
 - solves the problem of compiling stuck
-* Sat Mar 20 2021 hanhui<hanhui15@huawei.com> - 6.04-7
+* Sat Mar 20 2021 hanhui <hanhui15@huawei.com> - 6.04-7
 - slove the problem of security scanning of options
-* Sun Feb 7 2021 jinzhimin<jinzhimin2@huawei.com> - 6.04-6
+* Sun Feb 7 2021 jinzhimin <jinzhimin2@huawei.com> - 6.04-6
 - add patch to replace builtin strlen
-* Mon Mar 2 2020 songnannan<songnannan2@huawei.com> -6.04-5
+* Mon Mar 2 2020 songnannan <songnannan2@huawei.com> - 6.04-5
 - change the path of file
-* Mon Mar 2 2020 songnannan<songnannan2@huawei.com> - 6.04-4 
+* Mon Mar 2 2020 songnannan <songnannan2@huawei.com> - 6.04-4 
 - change files
-* Mon Mar 2 2020 songnannan<songnannan2@huawei.com> - 6.04-3
+* Mon Mar 2 2020 songnannan <songnannan2@huawei.com> - 6.04-3
 - add sample.msg file to help package
-* Mon Mar 2 2020 songnannan<songnannan2@huawei.com> - 6.04-2
+* Mon Mar 2 2020 songnannan <songnannan2@huawei.com> - 6.04-2
 - change the mingw64-gcc to gcc in buildrequires
 * Thu Feb 27 2020 Ling Yang <lingyang2@huawei.com> - 6.04-1
--- a/syslinux.yaml
+++ b/syslinux.yaml
@ -1,4 +1,4 @@
 version_control: git
 src_repo: https://repo.or.cz/syslinux.git
 tag_prefix: syslinux-
-seperator: .
+separator: .
Author	SHA1	Message	Date
openeuler-ci-bot	506533c36a	!78 [sync] PR-74: fix CVE-2020-24370 From: @openeuler-sync-bot Reviewed-by: @t_feng Signed-off-by: @t_feng	2025-03-12 06:58:28 +00:00
lingsheng	fefd22e263	fix CVE-2020-24370 (cherry picked from commit 63f384c0a82a36aec9540f980226692e3d40ec2f)	2025-03-12 10:43:55 +08:00
openeuler-ci-bot	96af17052e	!68 fix CVE-2011-2501 CVE-2011-2690 CVE-2011-2691 CVE-2011-2692 CVE-2011-3045 CVE-2011-3048 CVE-2012-3425 CVE-2015-7981 CVE-2015-8126 CVE-2015-8472 CVE-2015-8540 CVE-2016-10087 CVE-2017-12652 From: @ultra_planet Reviewed-by: @t_feng Signed-off-by: @t_feng	2024-08-31 02:57:32 +00:00
lingsheng	b5debaa7a3	update libpng 1.6.36 to fix CVE-2011-2501 CVE-2011-2690 CVE-2011-2691 CVE-2011-2692 CVE-2011-3045 CVE-2011-3048 CVE-2012-3425 CVE-2015-7981 CVE-2015-8126 CVE-2015-8472 CVE-2015-8540 CVE-2016-10087 CVE-2017-12652	2024-08-30 08:18:45 +00:00
openeuler-ci-bot	dceaed86df	!58 Clean changelog format, fix yaml From: @ultra_planet Reviewed-by: @t_feng Signed-off-by: @t_feng	2024-08-02 07:56:26 +00:00
lingsheng	140fee68a3	Clean changelog format, fix yaml	2024-08-01 10:48:40 +00:00
openeuler-ci-bot	7f2318a9d7	!50 fix CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 From: @zppzhangpan Reviewed-by: @t_feng Signed-off-by: @t_feng	2023-07-11 10:55:35 +00:00
zhangpan	fb27200e9d	fix CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843	2023-07-11 09:48:51 +00:00
openeuler-ci-bot	1cc0622e98	!47 package the extlinux* file into the syslinux-extlinux.rpm From: @shirely16 Reviewed-by: @zzm_567, @t_feng Signed-off-by: @t_feng	2022-05-24 02:47:57 +00:00
shirely16	9858386545	package the extlinux* file into the syslinux-extlinux.rpm	2022-05-24 10:16:37 +08:00