summaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/lua
Commit message (Collapse)AuthorAgeFilesLines
* lua: Backport fix for CVE-2022-33099Khem Raj2022-07-182-0/+62
| | | | | | | | | Fixes stack overflow while handling recurring errors in Lua-stack (From OE-Core rev: caad9d5f7184f0fa60fa7770e5d3da3f533647cb) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* lua: Fix multilib buildpath reproducibility issuesRichard Purdie2022-07-082-4/+3
| | | | | | | | | | | | | | | The .pc we install ourselves for lua has hardcoded /lib assumptions in it which means in a multilib environment, full build paths end up in users like rpm's configuration. Fix the .pc file to use a correct includedir and libdir to resolve those reproducibility issues. (From OE-Core rev: 93bee5c74b8d181adf93de4b4101e25d24780603) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* lua: fix CVE-2022-28805Steve Sakoman2022-04-192-0/+27
| | | | | | | | | | | | | singlevar in lparser.c in Lua through 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code. https://nvd.nist.gov/vuln/detail/CVE-2022-28805 (From OE-Core rev: d2ba3b8850d461bc7b773240cdf15b22b31a3f9e) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* lua: upgrade 5.4.3 -> 5.4.4Alexander Kanavin2022-02-052-52/+3
| | | | | | | (From OE-Core rev: 734cdfddd2d2a0a0e3be2b577bd4175a2abd73e5) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* lua: Backport fix for CVE-2021-43396Richard Purdie2021-11-162-0/+44
| | | | | | | | | Backport the fix for CVE-2021-43396 ("C stack overflow with coroutines") from upstream. (From OE-Core rev: e74fb3f7a8171cc1293583241a9ef43a515a9320) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* lua: update 5.3.6 -> 5.4.3Alexander Kanavin2021-10-115-379/+13
| | | | | | | | | | | | | Drop three backports and 0001-Allow-building-lua-without-readline-on-Linux.patch (feature added upstream, adjust the recipe accordingly). Adjust ar/ranlib flags for reproducibility on liblua.a. License-Update: lines moved around, formatting (From OE-Core rev: c2cad5ecfbbcee99b3cbe71efeeac9a875b6e5ff) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* lua: add a recipe from meta-oeAlexander Kanavin2021-10-117-0/+457
Lua is a hard dependency in rpm 4.17. (From OE-Core rev: b06a2ffb5ded807dbb30078d10740ec294732cad) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>