gnu: lua-5.1: Fix CVE-2014-5461.

* gnu/packages/lua.scm (lua-5.1)[source]: Add patch. * gnu/packages/patches/lua-CVE-2014-5461: New file. * gnu/local.mk (dist_patch_DATA): Add it.
2016-05-29 08:50:15 +03:00 · 2016-05-29 08:50:15 +03:00 · 32fddd8e29
parent 576b1aeed6
commit 32fddd8e29
3 changed files with 24 additions and 1 deletions
--- a/gnu/local.mk
+++ b/gnu/local.mk
@ -612,6 +612,7 @@ dist_patch_DATA =						\
  %D%/packages/patches/lirc-localstatedir.patch			\
  %D%/packages/patches/libpthread-glibc-preparation.patch	\
  %D%/packages/patches/lm-sensors-hwmon-attrs.patch		\
+  %D%/packages/patches/lua-CVE-2014-5461.patch                      \
  %D%/packages/patches/lua-pkgconfig.patch                      \
  %D%/packages/patches/lua51-liblua-so.patch                    \
  %D%/packages/patches/lua52-liblua-so.patch                    \
--- a/gnu/packages/lua.scm
+++ b/gnu/packages/lua.scm
@ -3,6 +3,7 @@
 ;;; Copyright © 2014 Raimon Grau <raimonster@gmail.com>
 ;;; Copyright © 2014 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2014 Andreas Enge <andreas@enge.fr>
+;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@ -78,7 +79,8 @@ for configuration, scripting, and rapid prototyping.")
                                 version ".tar.gz"))
             (sha256
              (base32 "0cskd4w0g6rdm2q8q3i4n1h3j8kylhs3rq8mxwl9vwlmlxbgqh16"))
-             (patches (search-patches "lua51-liblua-so.patch"))))))
+             (patches (search-patches "lua51-liblua-so.patch"
+                                      "lua-CVE-2014-5461.patch"))))))

 (define-public luajit
  (package
--- a/gnu/packages/patches/lua-CVE-2014-5461.patch
+++ b/gnu/packages/patches/lua-CVE-2014-5461.patch
@ -0,0 +1,20 @@
+From: Enrico Tassi <gareuselesinge@debian.org>
+Date: Tue, 26 Aug 2014 16:20:55 +0200
+Subject: Fix stack overflow in vararg functions
+
+---
+ src/ldo.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/ldo.c b/src/ldo.c
+index d1bf786..30333bf 100644
+--- a/src/ldo.c
+++ b/src/ldo.c
+@@ -274,7 +274,7 @@ int luaD_precall (lua_State *L, StkId func, int nresults) {
+     CallInfo *ci;
+     StkId st, base;
+     Proto *p = cl->p;
+-    luaD_checkstack(L, p->maxstacksize);
+    luaD_checkstack(L, p->maxstacksize + p->numparams);
+     func = restorestack(L, funcr);
+       base = func + 1;