https://bugzilla.redhat.com/show_bug.cgi?id=2050290
Bug ID: 2050290
Summary: lua: typo on man page
Product: Fedora
Version: 35
Hardware: All
OS: All
Status: NEW
Component: lua
Severity: low
Assignee: spotrh(a)gmail.com
Reporter: loganjerry(a)gmail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: 4le(a)live.com, drjohnson1(a)gmail.com,
lua-packagers-sig(a)lists.fedoraproject.org,
mhroncok(a)redhat.com, michel(a)michel-slm.name,
rob.myers(a)gtri.gatech.edu, spotrh(a)gmail.com
Target Milestone: ---
Classification: Fedora
Description of problem:
The man page says (in part):
LUA_PATH, LUA_PATH_5_4
Initial value of package.cpath, the path used by require to search for
Lua loaders.
That should be package.path, not package.cpath. This caused me a minute or so
of confusion. :-)
Version-Release number of selected component (if applicable):
lua-5.4.3-4.fc35.x86_64
How reproducible:
N/A
Steps to Reproduce:
1.
2.
3.
Actual results:
Expected results:
Additional info:
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2050290
https://bugzilla.redhat.com/show_bug.cgi?id=2177239
Bug ID: 2177239
Summary: Lua scripts use an unsafe package path
Product: Fedora
Version: 37
Status: NEW
Component: lua
Assignee: spotrh(a)gmail.com
Reporter: arstoffel(a)gmail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: 4le(a)live.com, drjohnson1(a)gmail.com,
lua-packagers-sig(a)lists.fedoraproject.org,
mhroncok(a)redhat.com, michel(a)michel-slm.name,
spotrh(a)gmail.com
Target Milestone: ---
Classification: Fedora
Description of problem:
By default, Lua allows loading code from the current directory, and Fedora
doesn't change this in packaged scripts installed in the system path. This has
security implications.
Steps to Reproduce:
1. Install any package that provides a #!/usr/bin/lua script, such as (but not
limited) to luarocks
2. In the terminal: echo 'os.execute("echo rm -rf /")' > lfs.lua; luarocks
--version
Actual results:
$ luarocks --version
rm -rf /
/usr/bin/lua: /usr/share/lua/5.4/luarocks/fs/lua.lua:299: attempt to index a
boolean value (upvalue 'lfs')
stack traceback:
/usr/share/lua/5.4/luarocks/fs/lua.lua:299: in function
'luarocks.fs.lua.current_dir'
(...tail calls...)
/usr/share/lua/5.4/luarocks/fs/unix.lua:50: in function
'luarocks.fs.unix.absolute_name'
(...tail calls...)
/usr/share/lua/5.4/luarocks/fs/linux.lua:8: in function
'luarocks.fs.linux.is_dir'
(...tail calls...)
/usr/share/lua/5.4/luarocks/fs/lua.lua:193: in function
'luarocks.fs.lua.dir'
(...tail calls...)
/usr/share/lua/5.4/luarocks/fs/lua.lua:177: in function
'luarocks.fs.lua.list_dir'
(...tail calls...)
/usr/share/lua/5.4/luarocks/fs/lua.lua:229: in function
'luarocks.fs.lua.modules'
(...tail calls...)
/usr/share/lua/5.4/luarocks/cmd.lua:511: in function
'luarocks.cmd.run_command'
/home/augusto/Projects/digestif/.luarocks/lib/luarocks/rocks-5.4/luarocks/3.9.2-1/bin/luarocks:35:
in main chunk
[C]: in ?
Expected results:
$ luarocks --version
/usr/bin/luarocks 3.9.1
LuaRocks main command-line interface
Additional info:
I'm using the following fix on a Lua program I maintain:
#!/usr/bin/env lua
-- Remove relative directories from package path
package.path = package.path:gsub("%f[^\0;]%.[^;]*", ""):gsub(";+",
";"):gsub("^;", ""):gsub(";$", "")
package.cpath = package.cpath:gsub("%f[^\0;]%.[^;]*", ""):gsub(";+",
";"):gsub("^;", ""):gsub(";$", "")
Fedora can probably do better and use hardcoded pacakge.path and cpath values,
since these are known in advance.
Scripts with the #!/usr/bin/texlua shebang also might be affected by this
issue. Since texlua provides an alternative method to find packages based on
kpathsea, something like this should be used as well:
os.setenv("TEXMFDOTDIR", "/dev/null")
However, this last modification will break programs that expect to find TeX
files in the current directory. I don't know of a more fine grained way that
would allow that but still exclude random Lua libraries from being found.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2177239
https://bugzilla.redhat.com/show_bug.cgi?id=2185584
Bug ID: 2185584
Summary: lua-readline-3.3 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: lua-readline
Keywords: FutureFeature, Triaged
Assignee: michel(a)michel-slm.name
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: lua-packagers-sig(a)lists.fedoraproject.org,
michel(a)michel-slm.name, redhat-bugzilla(a)linuxnetz.de
Target Milestone: ---
Classification: Fedora
Releases retrieved: 3.3
Upstream release that is considered latest: 3.3
Current version/release in rawhide: 3.2-2.fc38
URL: https://pjb.com.au/comp/lua/readline.html
Please consult the package updates policy before you issue an update to a
stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/
More information about the service that created this bug can be found at:
https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_M…
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from Anitya:
https://release-monitoring.org/project/141627/
To change the monitoring settings for the project, please visit:
https://src.fedoraproject.org/rpms/lua-readline
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2185584
https://bugzilla.redhat.com/show_bug.cgi?id=2192164
Bug ID: 2192164
Summary: luarocks-3.9.1 installs to /usr/lib instead of
/usr/lib64
Product: Fedora
Version: rawhide
Status: NEW
Component: luarocks
Assignee: michel(a)michel-slm.name
Reporter: ferdnyc(a)gmail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
ktdreyer(a)ktdreyer.com,
lua-packagers-sig(a)lists.fedoraproject.org,
michel(a)michel-slm.name
Target Milestone: ---
Classification: Fedora
Description of problem:
I messed up.
As I detail at the end of this Fedora Discussions thread[1], when I submitted
the PR for the luarocks-3.9.1 update, I mistakenly dropped the Fedora patch
that was correcting the default arch-specific library install dir to /usr/lib64
instead of /usr/lib.
So, without that patch, luarocks installs to the wrong library directory.
[1]:
https://discussion.fedoraproject.org/t/luarocks-does-not-install-into-lib64…
Version-Release number of selected component (if applicable):
luarocks-3.9.1-1.fc39 (luarocks on f38 and f37 is also affected; possibly EPEL
as well)
How reproducible:
100%
Steps to Reproduce:
1. `sudo luarocks --global install LuaFileSystem`
2. `ls /usr/lib64/lua/5.4/lfs.so`
3. `ls /usr/lib/lua/5.4/lfs.so`
Actual results:
2: ls: cannot access '/usr/lib64/lua/5.4/lfs.so': No such file or directory
3: /usr/lib/lua/5.4/lfs.so
Expected results:
2: /usr/lib64/lua/5.4/lfs.so
3: ls: cannot access '/usr/lib/lua/5.4/lfs.so': No such file or directory
Additional info:
I've already submitted a PR [2] to correct this on rawhide. I'll be happy to
submit backport PRs for f38 and f37 as well, if need be. Any chance we could
get new builds, to correct this unfortunate screw-up on my part?
(I'll even add in an update to luarocks-3.9.2, since that's been released now,
so we kill two birds with one bodhi update.)
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2192164
https://bugzilla.redhat.com/show_bug.cgi?id=2152006
Bug ID: 2152006
Summary: luarocks-3.9.2 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: luarocks
Keywords: FutureFeature, Triaged
Assignee: michel(a)michel-slm.name
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
ktdreyer(a)ktdreyer.com,
lua-packagers-sig(a)lists.fedoraproject.org,
michel(a)michel-slm.name
Target Milestone: ---
Classification: Fedora
Releases retrieved: 3.9.2
Upstream release that is considered latest: 3.9.2
Current version/release in rawhide: 3.9.1-1.fc38
URL: https://luarocks.org/
Please consult the package updates policy before you issue an update to a
stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/
More information about the service that created this bug can be found at:
https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_M…
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from Anitya:
https://release-monitoring.org/project/1856/
To change the monitoring settings for the project, please visit:
https://src.fedoraproject.org/rpms/luarocks
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2152006
https://bugzilla.redhat.com/show_bug.cgi?id=2167829
Bug ID: 2167829
Summary: [RFE: EPEL9] EPEL9 branch for luarocks
Product: Fedora EPEL
Version: epel9
Status: NEW
Component: luarocks
Assignee: michel(a)michel-slm.name
Reporter: riehecky(a)fnal.gov
QA Contact: extras-qa(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
ktdreyer(a)ktdreyer.com,
lua-packagers-sig(a)lists.fedoraproject.org,
michel(a)michel-slm.name
Target Milestone: ---
Classification: Fedora
Description of problem:
Can luarocks be branched for EPEL9?
Version-Release number of selected component (if applicable):
How reproducible:
Steps to Reproduce:
1.
2.
3.
Actual results:
Expected results:
Additional info:
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2167829