diff --git a/SPECS/ntopng/CVE-2021-43519.patch b/SPECS/ntopng/CVE-2021-43519.patch new file mode 100644 index 00000000000..6ec0576d8f6 --- /dev/null +++ b/SPECS/ntopng/CVE-2021-43519.patch @@ -0,0 +1,39 @@ +From e4eacd26f6a534e2128d513469217889283d8b7d Mon Sep 17 00:00:00 2001 +From: jykanase +Date: Thu, 6 Feb 2025 11:25:29 +0000 +Subject: [PATCH] CVE-2021-43519 + +--- + third-party/lua-5.4.3/src/ldo.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/third-party/lua-5.4.3/src/ldo.c b/third-party/lua-5.4.3/src/ldo.c +index d81e731..fc5a167 100644 +--- a/third-party/lua-5.4.3/src/ldo.c ++++ b/third-party/lua-5.4.3/src/ldo.c +@@ -728,11 +728,10 @@ static void resume (lua_State *L, void *ud) { + StkId firstArg = L->top - n; /* first argument */ + CallInfo *ci = L->ci; + if (L->status == LUA_OK) /* starting a coroutine? */ +- ccall(L, firstArg - 1, LUA_MULTRET, 1); /* just call its body */ ++ ccall(L, firstArg - 1, LUA_MULTRET, 0); /* just call its body */ + else { /* resuming from previous yield */ + lua_assert(L->status == LUA_YIELD); + L->status = LUA_OK; /* mark that it is running (again) */ +- luaE_incCstack(L); /* control the C stack */ + if (isLua(ci)) { /* yielded inside a hook? */ + L->top = firstArg; /* discard arguments */ + luaV_execute(L, ci); /* just continue running Lua code */ +@@ -783,6 +782,9 @@ LUA_API int lua_resume (lua_State *L, lua_State *from, int nargs, + else if (L->status != LUA_YIELD) /* ended with errors? */ + return resume_error(L, "cannot resume dead coroutine", nargs); + L->nCcalls = (from) ? getCcalls(from) : 0; ++ if (getCcalls(L) >= LUAI_MAXCCALLS) ++ return resume_error(L, "C stack overflow", nargs); ++ L->nCcalls++; + luai_userstateresume(L, nargs); + api_checknelems(L, (L->status == LUA_OK) ? nargs + 1 : nargs); + status = luaD_rawrunprotected(L, resume, &nargs); +-- +2.45.2 + diff --git a/SPECS/ntopng/CVE-2021-44647.patch b/SPECS/ntopng/CVE-2021-44647.patch new file mode 100644 index 00000000000..658161705ee --- /dev/null +++ b/SPECS/ntopng/CVE-2021-44647.patch @@ -0,0 +1,25 @@ +From 4c1a24d4494156007879399032bfe551d78c1932 Mon Sep 17 00:00:00 2001 +From: jykanase +Date: Thu, 6 Feb 2025 07:11:57 +0000 +Subject: [PATCH] CVE-2021-44647 + +Source Link: https://github.com/lua/lua/commit/1de95e97ef65632a88e08b6184bd9d1ceba7ec2f +--- + third-party/lua-5.4.3/src/lstate.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/third-party/lua-5.4.3/src/lstate.c b/third-party/lua-5.4.3/src/lstate.c +index c5e3b43..38da773 100644 +--- a/third-party/lua-5.4.3/src/lstate.c ++++ b/third-party/lua-5.4.3/src/lstate.c +@@ -271,6 +271,7 @@ static void close_state (lua_State *L) { + if (!completestate(g)) /* closing a partially built state? */ + luaC_freeallobjects(L); /* jucst collect its objects */ + else { /* closing a fully built state */ ++ L->ci = &L->base_ci; /* unwind CallInfo list */ + luaD_closeprotected(L, 1, LUA_OK); /* close all upvalues */ + luaC_freeallobjects(L); /* collect all objects */ + luai_userstateclose(L); +-- +2.45.2 + diff --git a/SPECS/ntopng/ntopng.spec b/SPECS/ntopng/ntopng.spec index 836fef502e0..1124941ce5d 100644 --- a/SPECS/ntopng/ntopng.spec +++ b/SPECS/ntopng/ntopng.spec @@ -2,7 +2,7 @@ Summary: Web-based Network Traffic Monitoring Application Name: ntopng Version: 5.2.1 -Release: 4%{?dist} +Release: 5%{?dist} License: GPLv3 Vendor: Microsoft Corporation Distribution: Azure Linux @@ -16,6 +16,8 @@ Patch1: CVE-2021-45985.patch Patch2: CVE-2022-28805.patch Patch3: CVE-2017-18214.patch Patch4: CVE-2022-33099.patch +Patch5: CVE-2021-44647.patch +Patch6: CVE-2021-43519.patch BuildRequires: curl-devel BuildRequires: gcc BuildRequires: glib-devel @@ -65,6 +67,9 @@ mv nDPI-%{nDPIver} nDPI %{_datadir}/ntopng/* %changelog +* Thu Feb 06 2025 Jyoti Kanase - 5.2.1-5 +- Patch to fix CVE-2021-44647 and CVE-2021-43519. + * Mon Jul 08 2024 Andrew Phelps - 5.2.1-4 - Add patches for CVE-2017-18214 and CVE-2022-33099