diff options
| author | Leo <thinkabit.ukim@gmail.com> | 2020-12-09 19:10:21 -0300 |
|---|---|---|
| committer | Leo <thinkabit.ukim@gmail.com> | 2020-12-10 07:53:31 +0000 |
| commit | cb41109f986b87f331ebdf6ecd3848010dec38fe (patch) | |
| tree | 2eb86e7c68c3b351a8dede34d80dcc2d184d8de0 | |
| parent | e8e43fb99a6689f0bcc0a33f6ca6ee44269586a5 (diff) | |
main/luajit: fix CVE-2020-15890
see #11872
| -rw-r--r-- | main/luajit/APKBUILD | 13 | ||||
| -rw-r--r-- | main/luajit/CVE-2020-15890.patch | 22 |
2 files changed, 32 insertions, 3 deletions
diff --git a/main/luajit/APKBUILD b/main/luajit/APKBUILD index 9cf0502d1af..33295f79d20 100644 --- a/main/luajit/APKBUILD +++ b/main/luajit/APKBUILD @@ -3,7 +3,7 @@ pkgname=luajit _pkgname=moonjit pkgver=2.2.0 -pkgrel=2 +pkgrel=3 pkgdesc="Integration fork of the original LuaJIT" url="https://github.com/moonjit/moonjit" arch="all" @@ -12,9 +12,15 @@ provides="lua" subpackages="$pkgname-dev $pkgname-doc" source="$_pkgname-$pkgver.tar.gz::https://github.com/moonjit/moonjit/archive/$pkgver.tar.gz 10-module-paths.patch - 20-src-lib_string.patch" + 20-src-lib_string.patch + CVE-2020-15890.patch + " builddir="$srcdir/$_pkgname-$pkgver" +# secfixes: +# 2.2.0-r3: +# - CVE-2020-15890 + build() { make amalg PREFIX=/usr } @@ -43,4 +49,5 @@ package() { sha512sums="a940dd9973801f7067e376d62ec70ab5fbf635f59c648dcb45072f55290a6752abb3b1fa307bdd81d4bf05c719338e8fbda143f62861c61cb66b34cc9e8e7d54 moonjit-2.2.0.tar.gz 9c6c410e142838c5128c70570e66beb53cc5422df5ecfb8ab0b5f362637b21ab5978c00f19bc1759165df162fd6438a2ed43e25020400011b7bb14014d87c62e 10-module-paths.patch -9d87e944580fe7a3c24e043012dbdacf5141bafb5ea83dc141c42f6641b8df117d1779c3c50ee9fccc58e625a0bc04c64dd75ab0c1815bbbf2a2e645ec0ff85e 20-src-lib_string.patch" +9d87e944580fe7a3c24e043012dbdacf5141bafb5ea83dc141c42f6641b8df117d1779c3c50ee9fccc58e625a0bc04c64dd75ab0c1815bbbf2a2e645ec0ff85e 20-src-lib_string.patch +d227f22f1b7776f36b8a1e1471e6fcb3a2442037e09fcd0f4d489c3853a5cb2916b02cd6ab0194105989502b76bcb03e97ea1825d21212a534344afe96e3448c CVE-2020-15890.patch" diff --git a/main/luajit/CVE-2020-15890.patch b/main/luajit/CVE-2020-15890.patch new file mode 100644 index 00000000000..751726571a0 --- /dev/null +++ b/main/luajit/CVE-2020-15890.patch @@ -0,0 +1,22 @@ +From 53f82e6e2e858a0a62fd1a2ff47e9866693382e6 Mon Sep 17 00:00:00 2001 +From: Mike Pall <mike> +Date: Sun, 12 Jul 2020 14:30:34 +0200 +Subject: [PATCH] Fix frame traversal for __gc handler frames. + +Reported by Changochen. +--- + src/lj_err.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/lj_err.c b/src/lj_err.c +index caa7487f2..e3e0c2eb7 100644 +--- a/src/lj_err.c ++++ b/src/lj_err.c +@@ -529,6 +529,7 @@ static ptrdiff_t finderrfunc(lua_State *L) + if (cframe_canyield(cf)) return 0; + if (cframe_errfunc(cf) >= 0) + return cframe_errfunc(cf); ++ cf = cframe_prev(cf); + frame = frame_prevd(frame); + break; + case FRAME_PCALL: |