guix-commits
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

01/04: gnu: lua-5.1: Fix CVE-2014-5461.

From: Efraim Flashner
Subject: 01/04: gnu: lua-5.1: Fix CVE-2014-5461.
Date: Sun, 29 May 2016 06:48:08 +0000 (UTC) 
efraim pushed a commit to branch master
in repository guix.

commit 32fddd8e29ba6bfebc7ba2081f02d2dc9730256a
Author: Efraim Flashner <address@hidden>
Date:   Sun May 29 08:50:15 2016 +0300

    gnu: lua-5.1: Fix CVE-2014-5461.
    
    * gnu/packages/lua.scm (lua-5.1)[source]: Add patch.
    * gnu/packages/patches/lua-CVE-2014-5461: New file.
    * gnu/local.mk (dist_patch_DATA): Add it.
---
 gnu/local.mk                                 |    1 +
 gnu/packages/lua.scm                         |    4 +++-
 gnu/packages/patches/lua-CVE-2014-5461.patch |   20 ++++++++++++++++++++
 3 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/gnu/local.mk b/gnu/local.mk
index 86b56d4..9a9cff4 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -612,6 +612,7 @@ dist_patch_DATA =                                           
\
   %D%/packages/patches/lirc-localstatedir.patch                        \
   %D%/packages/patches/libpthread-glibc-preparation.patch      \
   %D%/packages/patches/lm-sensors-hwmon-attrs.patch            \
+  %D%/packages/patches/lua-CVE-2014-5461.patch                      \
   %D%/packages/patches/lua-pkgconfig.patch                      \
   %D%/packages/patches/lua51-liblua-so.patch                    \
   %D%/packages/patches/lua52-liblua-so.patch                    \
diff --git a/gnu/packages/lua.scm b/gnu/packages/lua.scm
index 17874f8..a531534 100644
--- a/gnu/packages/lua.scm
+++ b/gnu/packages/lua.scm
@@ -3,6 +3,7 @@
 ;;; Copyright © 2014 Raimon Grau <address@hidden>
 ;;; Copyright © 2014 Mark H Weaver <address@hidden>
 ;;; Copyright © 2014 Andreas Enge <address@hidden>
+;;; Copyright © 2016 Efraim Flashner <address@hidden>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -78,7 +79,8 @@ for configuration, scripting, and rapid prototyping.")
                                  version ".tar.gz"))
              (sha256
               (base32 "0cskd4w0g6rdm2q8q3i4n1h3j8kylhs3rq8mxwl9vwlmlxbgqh16"))
-             (patches (search-patches "lua51-liblua-so.patch"))))))
+             (patches (search-patches "lua51-liblua-so.patch"
+                                      "lua-CVE-2014-5461.patch"))))))
 
 (define-public luajit
   (package
diff --git a/gnu/packages/patches/lua-CVE-2014-5461.patch 
b/gnu/packages/patches/lua-CVE-2014-5461.patch
new file mode 100644
index 0000000..bc72ef1
--- /dev/null
+++ b/gnu/packages/patches/lua-CVE-2014-5461.patch
@@ -0,0 +1,20 @@
+From: Enrico Tassi <address@hidden>
+Date: Tue, 26 Aug 2014 16:20:55 +0200
+Subject: Fix stack overflow in vararg functions
+
+---
+ src/ldo.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/ldo.c b/src/ldo.c
+index d1bf786..30333bf 100644
+--- a/src/ldo.c
++++ b/src/ldo.c
+@@ -274,7 +274,7 @@ int luaD_precall (lua_State *L, StkId func, int nresults) {
+     CallInfo *ci;
+     StkId st, base;
+     Proto *p = cl->p;
+-    luaD_checkstack(L, p->maxstacksize);
++    luaD_checkstack(L, p->maxstacksize + p->numparams);
+     func = restorestack(L, funcr);
+       base = func + 1;
reply via email to
[Prev in Thread] Current Thread [Next in Thread]