4 Commits

Author	SHA1	Message	Date
Khem Raj	832fb7c1c3	lua: Backport fix for CVE-2022-33099 ... Fixes stack overflow while handling recurring errors in Lua-stack (From OE-Core rev: caad9d5f7184f0fa60fa7770e5d3da3f533647cb) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-07-18 11:47:37 +01:00
Richard Purdie	87d4b74f0e	lua: Fix multilib buildpath reproducibility issues ... The .pc we install ourselves for lua has hardcoded /lib assumptions in it which means in a multilib environment, full build paths end up in users like rpm's configuration. Fix the .pc file to use a correct includedir and libdir to resolve those reproducibility issues. (From OE-Core rev: 93bee5c74b8d181adf93de4b4101e25d24780603) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-07-08 00:09:42 +01:00
Steve Sakoman	91e14d3a8e	lua: fix CVE-2022-28805 ... singlevar in lparser.c in Lua through 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code. https://nvd.nist.gov/vuln/detail/CVE-2022-28805 (From OE-Core rev: d2ba3b8850d461bc7b773240cdf15b22b31a3f9e) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-04-19 14:02:13 +01:00
Alexander Kanavin	02a8a2c621	lua: upgrade 5.4.3 -> 5.4.4 ... (From OE-Core rev: 734cdfddd2d2a0a0e3be2b577bd4175a2abd73e5) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-02-05 17:46:05 +00:00