5 Commits

Author	SHA1	Message	Date
Steve Sakoman	91e14d3a8e	lua: fix CVE-2022-28805 ... singlevar in lparser.c in Lua through 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code. https://nvd.nist.gov/vuln/detail/CVE-2022-28805 (From OE-Core rev: d2ba3b8850d461bc7b773240cdf15b22b31a3f9e) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-04-19 14:02:13 +01:00
Alexander Kanavin	02a8a2c621	lua: upgrade 5.4.3 -> 5.4.4 ... (From OE-Core rev: 734cdfddd2d2a0a0e3be2b577bd4175a2abd73e5) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-02-05 17:46:05 +00:00
Richard Purdie	26ff8acdc9	lua: Backport fix for CVE-2021-43396 ... Backport the fix for CVE-2021-43396 ("C stack overflow with coroutines") from upstream. (From OE-Core rev: e74fb3f7a8171cc1293583241a9ef43a515a9320) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-11-16 22:20:33 +00:00
Alexander Kanavin	6500c74e62	lua: update 5.3.6 -> 5.4.3 ... Drop three backports and 0001-Allow-building-lua-without-readline-on-Linux.patch (feature added upstream, adjust the recipe accordingly). Adjust ar/ranlib flags for reproducibility on liblua.a. License-Update: lines moved around, formatting (From OE-Core rev: c2cad5ecfbbcee99b3cbe71efeeac9a875b6e5ff) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-10-11 18:41:37 +01:00
Alexander Kanavin	5196cfbbf8	lua: add a recipe from meta-oe ... Lua is a hard dependency in rpm 4.17. (From OE-Core rev: b06a2ffb5ded807dbb30078d10740ec294732cad) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-10-11 18:41:37 +01:00