diff options
| author |   takeshi_hoshina <takeshi_hoshina@mail.toyota.co.jp> | 2020-10-22 14:58:56 +0900 |
|---|---|---|
| committer | takeshi_hoshina <takeshi_hoshina@mail.toyota.co.jp> | 2020-10-22 14:58:56 +0900 |
| commit | 4204309872da5cb401cbb2729d9e2d4869a87f42 (patch) | |
| tree | c7415e8600205e40ff7e91e8e5f4c411f30329f2 /external/meta-openembedded/meta-oe/recipes-devtools | |
| parent | 5b80bfd7bffd4c20d80b7c70a7130529e9a755dd (diff) | |
agl-basesystem 0.1sandbox/ToshikazuOhiwa/master
Diffstat (limited to 'external/meta-openembedded/meta-oe/recipes-devtools')
3 files changed, 35 insertions, 0 deletions
diff --git a/external/meta-openembedded/meta-oe/recipes-devtools/libedit/libedit_20180525-3.1.bb b/external/meta-openembedded/meta-oe/recipes-devtools/libedit/libedit_20180525-3.1.bb index 8cc0e959..60f4f5a2 100644 --- a/external/meta-openembedded/meta-oe/recipes-devtools/libedit/libedit_20180525-3.1.bb +++ b/external/meta-openembedded/meta-oe/recipes-devtools/libedit/libedit_20180525-3.1.bb @@ -19,3 +19,5 @@ SRC_URI[md5sum] = "97679319742f45d6cdcd6075511b14ac" SRC_URI[sha256sum] = "c41bea8fd140fb57ba67a98ec1d8ae0b8ffa82f4aba9c35a87e5a9499e653116" S = "${WORKDIR}/${BPN}-${PV}" + +BBCLASSEXTEND = "native nativesdk" diff --git a/external/meta-openembedded/meta-oe/recipes-devtools/lua/lua/CVE-2019-6706.patch b/external/meta-openembedded/meta-oe/recipes-devtools/lua/lua/CVE-2019-6706.patch new file mode 100644 index 00000000..cfe48af5 --- /dev/null +++ b/external/meta-openembedded/meta-oe/recipes-devtools/lua/lua/CVE-2019-6706.patch @@ -0,0 +1,32 @@ +CVE-2019-6706: use-after-free in lua_upvaluejoin function + +Upstream-Status: Backport +http://lua.2524044.n2.nabble.com/CVE-2019-6706-use-after-free-in-lua-upvaluejoin-function-tc7685575.html +CVE: CVE-2019-6706 +Affects < 5.3.5 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +Index: lua-5.3.4/src/lapi.c +=================================================================== +--- lua-5.3.4.orig/src/lapi.c ++++ lua-5.3.4/src/lapi.c +@@ -1285,14 +1285,14 @@ LUA_API void *lua_upvalueid (lua_State * + + LUA_API void lua_upvaluejoin (lua_State *L, int fidx1, int n1, + int fidx2, int n2) { +- LClosure *f1; +- UpVal **up1 = getupvalref(L, fidx1, n1, &f1); ++ UpVal **up1 = getupvalref(L, fidx1, n1, NULL); /* the last parameter not needed */ + UpVal **up2 = getupvalref(L, fidx2, n2, NULL); ++ if (*up1 == *up2) return; /* Already joined */ ++ (*up2)->refcount++; ++ if (upisopen(*up2)) (*up2)->u.open.touched = 1; ++ luaC_upvalbarrier(L, *up2); + luaC_upvdeccount(L, *up1); + *up1 = *up2; +- (*up1)->refcount++; +- if (upisopen(*up1)) (*up1)->u.open.touched = 1; +- luaC_upvalbarrier(L, *up1); + } + + diff --git a/external/meta-openembedded/meta-oe/recipes-devtools/lua/lua_5.3.4.bb b/external/meta-openembedded/meta-oe/recipes-devtools/lua/lua_5.3.4.bb index 8f4e8fe6..978c2033 100644 --- a/external/meta-openembedded/meta-oe/recipes-devtools/lua/lua_5.3.4.bb +++ b/external/meta-openembedded/meta-oe/recipes-devtools/lua/lua_5.3.4.bb @@ -7,6 +7,7 @@ HOMEPAGE = "http://www.lua.org/" DEPENDS = "readline" SRC_URI = "http://www.lua.org/ftp/lua-${PV}.tar.gz;name=tarballsrc \ file://lua.pc.in \ + file://CVE-2019-6706.patch \ " SRC_URI += "${@bb.utils.contains('DISTRO_FEATURES', 'ptest', \ 'http://www.lua.org/tests/lua-${PV}-tests.tar.gz;name=tarballtest \ |