summaryrefslogtreecommitdiff
path: root/repo/lua/CVE-2022-28805.patch
diff options
context:
space:
mode:
Diffstat (limited to 'repo/lua/CVE-2022-28805.patch')
-rw-r--r--repo/lua/CVE-2022-28805.patch336
1 files changed, 336 insertions, 0 deletions
diff --git a/repo/lua/CVE-2022-28805.patch b/repo/lua/CVE-2022-28805.patch
new file mode 100644
index 0000000..95c66fc
--- /dev/null
+++ b/repo/lua/CVE-2022-28805.patch
@@ -0,0 +1,336 @@
+<!DOCTYPE html>
+<html lang='en'>
+<head>
+<title>CVE-2022-28805.patch « lua5.4 « main - aports - Alpine packages build scripts
+</title>
+<meta name='generator' content='cgit v1.2.3'/>
+<meta name='robots' content='index, nofollow'/>
+<link rel='stylesheet' type='text/css' href='/cgit.css'/>
+<link rel='shortcut icon' href='//alpinelinux.org/alpine-logo.ico'/>
+<link rel='alternate' title='Atom feed' href='http://git.alpinelinux.org/aports/atom/main/lua5.4/CVE-2022-28805.patch?h=master' type='application/atom+xml'/>
+<link rel='vcs-git' href='https://git.alpinelinux.org/aports' title='aports Git repository'/>
+</head>
+<body>
+<div id='cgit'><table id='header'>
+<tr>
+<td class='logo' rowspan='2'><a href='/'><img src='//wiki.alpinelinux.org/images/alogo.png' alt='cgit logo'/></a></td>
+<td class='main'><a href='/'>index</a> : <a title='aports' href='/aports/'>aports</a></td><td class='form'><form method='get'>
+<select name='h' onchange='this.form.submit();'>
+<option value='1.10-stable'>1.10-stable</option>
+<option value='1.9'>1.9</option>
+<option value='2.0-stable'>2.0-stable</option>
+<option value='2.1-stable'>2.1-stable</option>
+<option value='2.2-stable'>2.2-stable</option>
+<option value='2.3-stable'>2.3-stable</option>
+<option value='2.4-stable'>2.4-stable</option>
+<option value='2.5-stable'>2.5-stable</option>
+<option value='2.6-stable'>2.6-stable</option>
+<option value='2.7-stable'>2.7-stable</option>
+<option value='3.0-stable'>3.0-stable</option>
+<option value='3.1-stable'>3.1-stable</option>
+<option value='3.10-stable'>3.10-stable</option>
+<option value='3.11-stable'>3.11-stable</option>
+<option value='3.12-stable'>3.12-stable</option>
+<option value='3.13-stable'>3.13-stable</option>
+<option value='3.14-stable'>3.14-stable</option>
+<option value='3.15-stable'>3.15-stable</option>
+<option value='3.2-stable'>3.2-stable</option>
+<option value='3.3-stable'>3.3-stable</option>
+<option value='3.4-stable'>3.4-stable</option>
+<option value='3.5-stable'>3.5-stable</option>
+<option value='3.6-stable'>3.6-stable</option>
+<option value='3.7-stable'>3.7-stable</option>
+<option value='3.8-stable'>3.8-stable</option>
+<option value='3.9-stable'>3.9-stable</option>
+<option value='fs-upgrade-1.10.7'>fs-upgrade-1.10.7</option>
+<option value='libcgroup'>libcgroup</option>
+<option value='master' selected='selected'>master</option>
+<option value='nuspell'>nuspell</option>
+<option value='patches/3527'>patches/3527</option>
+<option value='patches/3530'>patches/3530</option>
+<option value='patches/3531'>patches/3531</option>
+<option value='patches/3534'>patches/3534</option>
+<option value='patches/3535'>patches/3535</option>
+<option value='patches/3538'>patches/3538</option>
+<option value='patches/3539'>patches/3539</option>
+<option value='patches/3540'>patches/3540</option>
+<option value='patches/3551'>patches/3551</option>
+<option value='patches/3556'>patches/3556</option>
+<option value='patches/3558'>patches/3558</option>
+<option value='patches/3559'>patches/3559</option>
+<option value='patches/3562'>patches/3562</option>
+<option value='patches/3563'>patches/3563</option>
+<option value='patches/3564'>patches/3564</option>
+<option value='patches/3565'>patches/3565</option>
+<option value='patches/3567'>patches/3567</option>
+<option value='patches/3568'>patches/3568</option>
+<option value='patches/3569'>patches/3569</option>
+<option value='patches/3574'>patches/3574</option>
+<option value='patches/3575'>patches/3575</option>
+<option value='patches/3576'>patches/3576</option>
+<option value='patches/3577'>patches/3577</option>
+<option value='patches/3582'>patches/3582</option>
+<option value='patches/3584'>patches/3584</option>
+<option value='patches/3590'>patches/3590</option>
+<option value='patches/3592'>patches/3592</option>
+<option value='patches/3594'>patches/3594</option>
+<option value='patches/3598'>patches/3598</option>
+<option value='patches/3599'>patches/3599</option>
+<option value='patches/3601'>patches/3601</option>
+<option value='patches/3603'>patches/3603</option>
+<option value='patches/3604'>patches/3604</option>
+<option value='patches/3606'>patches/3606</option>
+<option value='patches/3607'>patches/3607</option>
+<option value='patches/3608'>patches/3608</option>
+<option value='patches/3610'>patches/3610</option>
+<option value='patches/3612'>patches/3612</option>
+<option value='patches/3613'>patches/3613</option>
+<option value='patches/3615'>patches/3615</option>
+<option value='patches/3616'>patches/3616</option>
+<option value='patches/3618'>patches/3618</option>
+<option value='patches/3621'>patches/3621</option>
+<option value='patches/3622'>patches/3622</option>
+<option value='patches/3624'>patches/3624</option>
+<option value='patches/3627'>patches/3627</option>
+<option value='patches/3632'>patches/3632</option>
+<option value='patches/3633'>patches/3633</option>
+<option value='patches/3635'>patches/3635</option>
+<option value='patches/3636'>patches/3636</option>
+<option value='patches/3646'>patches/3646</option>
+<option value='patches/3654'>patches/3654</option>
+<option value='patches/3656'>patches/3656</option>
+<option value='patches/3662'>patches/3662</option>
+<option value='patches/3666'>patches/3666</option>
+<option value='patches/3670'>patches/3670</option>
+<option value='patches/3671'>patches/3671</option>
+<option value='patches/3675'>patches/3675</option>
+<option value='patches/3687'>patches/3687</option>
+<option value='patches/3690'>patches/3690</option>
+<option value='patches/3691'>patches/3691</option>
+<option value='patches/3692'>patches/3692</option>
+<option value='patches/3697'>patches/3697</option>
+<option value='patches/3706'>patches/3706</option>
+<option value='patches/3707'>patches/3707</option>
+<option value='patches/3715'>patches/3715</option>
+<option value='patches/3721'>patches/3721</option>
+<option value='patches/3722'>patches/3722</option>
+<option value='patches/3724'>patches/3724</option>
+<option value='patches/3731'>patches/3731</option>
+<option value='patches/3756'>patches/3756</option>
+<option value='patches/3764'>patches/3764</option>
+<option value='patches/3767'>patches/3767</option>
+<option value='patches/3770'>patches/3770</option>
+<option value='patches/3771'>patches/3771</option>
+<option value='patches/3774'>patches/3774</option>
+<option value='patches/3775'>patches/3775</option>
+<option value='patches/3777'>patches/3777</option>
+<option value='patches/3779'>patches/3779</option>
+<option value='patches/3787'>patches/3787</option>
+<option value='patches/3788'>patches/3788</option>
+<option value='patches/3789'>patches/3789</option>
+<option value='patches/3793'>patches/3793</option>
+<option value='patches/3796'>patches/3796</option>
+<option value='patches/3797'>patches/3797</option>
+<option value='patches/3798'>patches/3798</option>
+<option value='patches/3799'>patches/3799</option>
+<option value='patches/3800'>patches/3800</option>
+<option value='patches/3802'>patches/3802</option>
+<option value='patches/3803'>patches/3803</option>
+<option value='patches/3804'>patches/3804</option>
+<option value='patches/3805'>patches/3805</option>
+<option value='patches/3808'>patches/3808</option>
+<option value='patches/3813'>patches/3813</option>
+<option value='patches/3816'>patches/3816</option>
+<option value='patches/3818'>patches/3818</option>
+<option value='patches/3820'>patches/3820</option>
+<option value='patches/3821'>patches/3821</option>
+<option value='patches/3822'>patches/3822</option>
+<option value='patches/3823'>patches/3823</option>
+<option value='patches/3825'>patches/3825</option>
+<option value='patches/3827'>patches/3827</option>
+<option value='patches/3828'>patches/3828</option>
+<option value='patches/3829'>patches/3829</option>
+<option value='patches/3830'>patches/3830</option>
+<option value='patches/3831'>patches/3831</option>
+<option value='patches/3832'>patches/3832</option>
+<option value='patches/3833'>patches/3833</option>
+<option value='patches/3835'>patches/3835</option>
+<option value='patches/3836'>patches/3836</option>
+<option value='patches/3837'>patches/3837</option>
+<option value='patches/3838'>patches/3838</option>
+<option value='patches/3839'>patches/3839</option>
+<option value='patches/3843'>patches/3843</option>
+<option value='patches/3845'>patches/3845</option>
+<option value='patches/3846'>patches/3846</option>
+<option value='patches/3847'>patches/3847</option>
+<option value='patches/3850'>patches/3850</option>
+<option value='patches/3852'>patches/3852</option>
+<option value='patches/3853'>patches/3853</option>
+<option value='patches/3854'>patches/3854</option>
+<option value='patches/3855'>patches/3855</option>
+<option value='patches/3858'>patches/3858</option>
+<option value='patches/3861'>patches/3861</option>
+<option value='patches/3863'>patches/3863</option>
+<option value='patches/3864'>patches/3864</option>
+<option value='patches/3868'>patches/3868</option>
+<option value='patches/3869'>patches/3869</option>
+<option value='patches/3870'>patches/3870</option>
+<option value='patches/3871'>patches/3871</option>
+<option value='patches/3873'>patches/3873</option>
+<option value='patches/3878'>patches/3878</option>
+<option value='patches/3881'>patches/3881</option>
+<option value='patches/3882'>patches/3882</option>
+<option value='patches/3883'>patches/3883</option>
+<option value='patches/3885'>patches/3885</option>
+<option value='patches/3886'>patches/3886</option>
+<option value='patches/3887'>patches/3887</option>
+<option value='patches/3888'>patches/3888</option>
+<option value='patches/3890'>patches/3890</option>
+<option value='patches/3891'>patches/3891</option>
+<option value='patches/3892'>patches/3892</option>
+<option value='patches/3895'>patches/3895</option>
+<option value='patches/3896'>patches/3896</option>
+<option value='patches/3897'>patches/3897</option>
+<option value='patches/3908'>patches/3908</option>
+<option value='patches/3909'>patches/3909</option>
+<option value='patches/3912'>patches/3912</option>
+<option value='patches/3913'>patches/3913</option>
+<option value='patches/3914'>patches/3914</option>
+<option value='patches/3916'>patches/3916</option>
+<option value='patches/3918'>patches/3918</option>
+<option value='patches/3920'>patches/3920</option>
+<option value='patches/3923'>patches/3923</option>
+<option value='patches/3927'>patches/3927</option>
+<option value='patches/3933'>patches/3933</option>
+<option value='patches/3934'>patches/3934</option>
+<option value='patches/3937'>patches/3937</option>
+<option value='patches/3941'>patches/3941</option>
+<option value='patches/3946'>patches/3946</option>
+<option value='patches/3947'>patches/3947</option>
+<option value='patches/3949'>patches/3949</option>
+<option value='patches/3950'>patches/3950</option>
+<option value='patches/3953'>patches/3953</option>
+<option value='patches/3954'>patches/3954</option>
+<option value='patches/3957'>patches/3957</option>
+<option value='patches/3958'>patches/3958</option>
+<option value='patches/3959'>patches/3959</option>
+<option value='patches/3963'>patches/3963</option>
+<option value='patches/3969'>patches/3969</option>
+<option value='patches/3970'>patches/3970</option>
+<option value='patches/3976'>patches/3976</option>
+<option value='patches/3977'>patches/3977</option>
+<option value='patches/3979'>patches/3979</option>
+<option value='patches/3980'>patches/3980</option>
+<option value='patches/3981'>patches/3981</option>
+<option value='patches/3987'>patches/3987</option>
+<option value='patches/3988'>patches/3988</option>
+<option value='patches/3989'>patches/3989</option>
+<option value='patches/3998'>patches/3998</option>
+<option value='patches/3999'>patches/3999</option>
+<option value='patches/4000'>patches/4000</option>
+<option value='patches/4001'>patches/4001</option>
+<option value='patches/4002'>patches/4002</option>
+<option value='patches/4008'>patches/4008</option>
+<option value='patches/4012'>patches/4012</option>
+<option value='patches/4013'>patches/4013</option>
+<option value='patches/4019'>patches/4019</option>
+<option value='patches/4021'>patches/4021</option>
+<option value='patches/4022'>patches/4022</option>
+<option value='patches/4026'>patches/4026</option>
+<option value='patches/4029'>patches/4029</option>
+<option value='patches/4030'>patches/4030</option>
+<option value='patches/4031'>patches/4031</option>
+<option value='patches/4033'>patches/4033</option>
+<option value='patches/4037'>patches/4037</option>
+<option value='patches/4040'>patches/4040</option>
+<option value='patches/4042'>patches/4042</option>
+<option value='patches/4045'>patches/4045</option>
+<option value='patches/4047'>patches/4047</option>
+<option value='patches/4058'>patches/4058</option>
+<option value='patches/4059'>patches/4059</option>
+<option value='patches/4060'>patches/4060</option>
+<option value='patches/4062'>patches/4062</option>
+<option value='patches/4063'>patches/4063</option>
+<option value='patches/4066'>patches/4066</option>
+<option value='patches/4067'>patches/4067</option>
+<option value='patches/4069'>patches/4069</option>
+<option value='patches/4070'>patches/4070</option>
+<option value='patches/4072'>patches/4072</option>
+<option value='patches/4073'>patches/4073</option>
+<option value='patches/4076'>patches/4076</option>
+<option value='patches/4078'>patches/4078</option>
+<option value='patches/4079'>patches/4079</option>
+<option value='patches/4080'>patches/4080</option>
+<option value='patches/4081'>patches/4081</option>
+<option value='py3-fonttools'>py3-fonttools</option>
+<option value='wlroots'>wlroots</option>
+</select> <input type='submit' value='switch'/></form></td></tr>
+<tr><td class='sub'>Alpine packages build scripts
+</td><td class='sub right'>uwsgi</td></tr></table>
+<table class='tabs'><tr><td>
+<a href='/aports/about/'>about</a><a href='/aports/'>summary</a><a href='/aports/refs/'>refs</a><a href='/aports/log/main/lua5.4/CVE-2022-28805.patch'>log</a><a class='active' href='/aports/tree/main/lua5.4/CVE-2022-28805.patch'>tree</a><a href='/aports/commit/main/lua5.4/CVE-2022-28805.patch'>commit</a><a href='/aports/diff/main/lua5.4/CVE-2022-28805.patch'>diff</a><a href='/aports/stats/main/lua5.4/CVE-2022-28805.patch'>stats</a></td><td class='form'><form class='right' method='get' action='/aports/log/main/lua5.4/CVE-2022-28805.patch'>
+<select name='qt'>
+<option value='grep'>log msg</option>
+<option value='author'>author</option>
+<option value='committer'>committer</option>
+<option value='range'>range</option>
+</select>
+<input class='txt' type='search' size='10' name='q' value=''/>
+<input type='submit' value='search'/>
+</form>
+</td></tr></table>
+<div class='path'>path: <a href='/aports/tree/'>root</a>/<a href='/aports/tree/main'>main</a>/<a href='/aports/tree/main/lua5.4'>lua5.4</a>/<a href='/aports/tree/main/lua5.4/CVE-2022-28805.patch'>CVE-2022-28805.patch</a></div><div class='content'>blob: b00fcc63f7c8ce53208dfc10c9c275f50ca8a8c9 (<a href='/aports/plain/main/lua5.4/CVE-2022-28805.patch'>plain</a>) (<a href='/aports/blame/main/lua5.4/CVE-2022-28805.patch'>blame</a>)
+<table summary='blob content' class='blob'>
+<tr><td class='linenumbers'><pre><a id='n1' href='#n1'>1</a>
+<a id='n2' href='#n2'>2</a>
+<a id='n3' href='#n3'>3</a>
+<a id='n4' href='#n4'>4</a>
+<a id='n5' href='#n5'>5</a>
+<a id='n6' href='#n6'>6</a>
+<a id='n7' href='#n7'>7</a>
+<a id='n8' href='#n8'>8</a>
+<a id='n9' href='#n9'>9</a>
+<a id='n10' href='#n10'>10</a>
+<a id='n11' href='#n11'>11</a>
+<a id='n12' href='#n12'>12</a>
+<a id='n13' href='#n13'>13</a>
+<a id='n14' href='#n14'>14</a>
+<a id='n15' href='#n15'>15</a>
+<a id='n16' href='#n16'>16</a>
+<a id='n17' href='#n17'>17</a>
+<a id='n18' href='#n18'>18</a>
+<a id='n19' href='#n19'>19</a>
+<a id='n20' href='#n20'>20</a>
+<a id='n21' href='#n21'>21</a>
+<a id='n22' href='#n22'>22</a>
+<a id='n23' href='#n23'>23</a>
+</pre></td>
+<td class='lines'><pre><code>Patch-Source: https://github.com/lua/lua/commit/1f3c6f4534c6411313361697d98d1145a1f030fa
+From 1f3c6f4534c6411313361697d98d1145a1f030fa Mon Sep 17 00:00:00 2001
+From: Roberto Ierusalimschy &lt;roberto&#64;inf.puc-rio.br&gt;
+Date: Tue, 15 Feb 2022 12:28:46 -0300
+Subject: [PATCH] Bug: Lua can generate wrong code when _ENV is &lt;const&gt;
+
+<span style="color:#000000; font-weight:bold">---</span>
+ lparser.c | 1 +
+ testes/attrib.lua | 10 ++++++++++
+ 2 files changed, 11 insertions(+)
+
+diff --git a/lparser.c b/lparser.c
+index 3abe3d751..a5cd55257 100644
+<span style="color:#000000; font-weight:bold">--- a/src/lparser.c</span>
+<span style="color:#0057ae">+++ b/src/lparser.c</span>
+&#64;&#64; -468,6 +468,7 &#64;&#64; static void singlevar (LexState *ls, expdesc *var) {
+ expdesc key;
+ singlevaraux(fs, ls-&gt;envn, var, 1); /* get environment variable */
+ lua_assert(var-&gt;k != VVOID); /* this one must exist */
+<span style="color:#0057ae">+ luaK_exp2anyregup(fs, var); /* but could be a constant */</span>
+ codestring(&amp;key, varname); /* key is variable name */
+ luaK_indexed(fs, var, &amp;key); /* env[varname] */
+ }
+</code></pre></td></tr></table>
+</div> <!-- class=content -->
+<div class='footer'>generated by <a href='https://git.zx2c4.com/cgit/about/'>cgit v1.2.3</a> (<a href='https://git-scm.com/'>git 2.25.1</a>) at 2022-05-19 21:36:56 +0000</div>
+</div> <!-- id=cgit -->
+</body>
+</html>
generated by cgit v1.2.1 (git 2.18.0) at 2024-05-29 07:38:08 +0000