diff options
-rw-r--r-- | meta-oe/recipes-devtools/lua/lua/CVE-2020-15888.patch | 45 | ||||
-rw-r--r-- | meta-oe/recipes-devtools/lua/lua_5.3.5.bb | 2 | ||||
-rw-r--r-- | meta-oe/recipes-support/glog/glog_0.3.5.bb | 2 | ||||
-rw-r--r-- | meta-python/recipes-devtools/python/python-redis.inc | 1 |
4 files changed, 49 insertions, 1 deletions
diff --git a/meta-oe/recipes-devtools/lua/lua/CVE-2020-15888.patch b/meta-oe/recipes-devtools/lua/lua/CVE-2020-15888.patch new file mode 100644 index 0000000000..60a4125971 --- /dev/null +++ b/meta-oe/recipes-devtools/lua/lua/CVE-2020-15888.patch @@ -0,0 +1,45 @@ +From 6298903e35217ab69c279056f925fb72900ce0b7 Mon Sep 17 00:00:00 2001 +From: Roberto Ierusalimschy <roberto@inf.puc-rio.br> +Date: Mon, 6 Jul 2020 12:11:54 -0300 +Subject: [PATCH] Keep minimum size when shrinking a stack + +When shrinking a stack (during GC), do not make it smaller than the +initial stack size. +--- + ldo.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) +==== end of original header ==== + +CVE: CVE-2020-15888 + +Upstream-Status: backport [https://github.com/lua/lua.git] + +Signed-off-by: Joe Slater <joe.slater@windriver.com> + +==== +diff --git a/ldo.c b/ldo.c +index c563b1d9..a89ac010 100644 +--- a/src/ldo.c ++++ b/src/ldo.c +@@ -220,7 +220,7 @@ static int stackinuse (lua_State *L) { + + void luaD_shrinkstack (lua_State *L) { + int inuse = stackinuse(L); +- int goodsize = inuse + (inuse / 8) + 2*EXTRA_STACK; ++ int goodsize = inuse + BASIC_STACK_SIZE; + if (goodsize > LUAI_MAXSTACK) + goodsize = LUAI_MAXSTACK; /* respect stack limit */ + if (L->stacksize > LUAI_MAXSTACK) /* had been handling stack overflow? */ +@@ -229,8 +229,7 @@ void luaD_shrinkstack (lua_State *L) { + luaE_shrinkCI(L); /* shrink list */ + /* if thread is currently not handling a stack overflow and its + good size is smaller than current size, shrink its stack */ +- if (inuse <= (LUAI_MAXSTACK - EXTRA_STACK) && +- goodsize < L->stacksize) ++ if (inuse <= (LUAI_MAXSTACK - EXTRA_STACK) && goodsize < L->stacksize) + luaD_reallocstack(L, goodsize); + else /* don't change stack */ + condmovestack(L,{},{}); /* (change only for debugging) */ +-- +2.17.1 + diff --git a/meta-oe/recipes-devtools/lua/lua_5.3.5.bb b/meta-oe/recipes-devtools/lua/lua_5.3.5.bb index ae41e627f0..d3461b06de 100644 --- a/meta-oe/recipes-devtools/lua/lua_5.3.5.bb +++ b/meta-oe/recipes-devtools/lua/lua_5.3.5.bb @@ -7,6 +7,7 @@ HOMEPAGE = "http://www.lua.org/" SRC_URI = "http://www.lua.org/ftp/lua-${PV}.tar.gz;name=tarballsrc \ file://lua.pc.in \ file://0001-Allow-building-lua-without-readline-on-Linux.patch \ + file://CVE-2020-15888.patch \ " # if no test suite matches PV release of Lua exactly, download the suite for the closest Lua release. @@ -35,6 +36,7 @@ EXTRA_OEMAKE = "'CC=${CC} -fPIC' 'MYCFLAGS=${CFLAGS} -fPIC' MYLDFLAGS='${LDFLAGS do_configure_prepend() { sed -i -e s:/usr/local:${prefix}:g src/luaconf.h + sed -i -e s:lib/lua/:${baselib}/lua/:g src/luaconf.h } do_compile () { diff --git a/meta-oe/recipes-support/glog/glog_0.3.5.bb b/meta-oe/recipes-support/glog/glog_0.3.5.bb index 3de01ef5b6..70eef72057 100644 --- a/meta-oe/recipes-support/glog/glog_0.3.5.bb +++ b/meta-oe/recipes-support/glog/glog_0.3.5.bb @@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=dc9db360e0bbd4e46672f3fd91dd6c4b" DEPENDS = "libunwind" SRC_URI = " \ - git://github.com/google/glog.git;branch=v035 \ + git://github.com/google/glog.git;nobranch=1 \ file://0001-Rework-CMake-glog-VERSION-management.patch \ file://0002-Find-Libunwind-during-configure.patch \ file://0003-installation-path-fix.patch \ diff --git a/meta-python/recipes-devtools/python/python-redis.inc b/meta-python/recipes-devtools/python/python-redis.inc index 1a65d73144..3f9e3f871f 100644 --- a/meta-python/recipes-devtools/python/python-redis.inc +++ b/meta-python/recipes-devtools/python/python-redis.inc @@ -9,4 +9,5 @@ SRC_URI[sha256sum] = "a22ca993cea2962dbb588f9f30d0015ac4afcc45bee27d3978c0dbe9e9 RDEPENDS_${PN} += "\ ${PYTHON_PN}-datetime \ + ${PYTHON_PN}-cryptography \ " |