!75 fix CVE-2020-24370

From: @ultra_planet 
Reviewed-by: @t_feng 
Signed-off-by: @t_feng

backport-CVE-2020-24370.patch

@@ -0,0 +1,36 @@
+From b5bc89846721375fe30772eb8c5ab2786f362bf9 Mon Sep 17 00:00:00 2001
+From: Roberto Ierusalimschy <roberto@inf.puc-rio.br>
+Date: Mon, 3 Aug 2020 16:25:28 -0300
+Subject: [PATCH] Fixed bug: Negation overflow in getlocal/setlocal
+
+---
+ com32/lua/src/ldebug.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/com32/lua/src/ldebug.c b/com32/lua/src/ldebug.c
+index e1389296e..bb0e1d4ac 100644
+--- a/com32/lua/src/ldebug.c
++++ b/com32/lua/src/ldebug.c
+@@ -133,10 +133,11 @@ static const char *upvalname (Proto *p, int uv) {
+ 
+ static const char *findvararg (CallInfo *ci, int n, StkId *pos) {
+   int nparams = clLvalue(ci->func)->p->numparams;
+-  if (n >= ci->u.l.base - ci->func - nparams)
++  int nvararg = ci->u.l.base - ci->func - nparams;
++  if (n <= -nvararg)
+     return NULL;  /* no such vararg */
+   else {
+-    *pos = ci->func + nparams + n;
++    *pos = ci->func + nparams - n;
+     return "(*vararg)";  /* generic name for any vararg */
+   }
+ }
+@@ -148,7 +149,7 @@ static const char *findlocal (lua_State *L, CallInfo *ci, int n,
+   StkId base;
+   if (isLua(ci)) {
+     if (n < 0)  /* access to vararg values? */
+-      return findvararg(ci, -n, pos);
++      return findvararg(ci, n, pos);
+     else {
+       base = ci->u.l.base;
+       name = luaF_getlocalname(ci_func(ci)->p, n, currentpc(ci));

syslinux.spec

@@ -2,7 +2,7 @@
 
 Name:           syslinux
 Version:        6.04
-Release:        10
+Release:        15
 License:        GPLv2+
 Summary:        The Syslinux boot loader collection
 URL:            http://syslinux.zytor.com/wiki/index.php/The_Syslinux_Project
@@ -26,6 +26,9 @@ Patch0003:      0003-include-sysmacros-h.patch
 Patch0004:      backport-replace-builtin-strlen-that-appears-to-get-optimized.patch
 Patch0005:      backport-add-RPMOPTFLAGS-to-CFLAGS-for-some-stuff.patch
 Patch0006:      backport-tweak-for-gcc-10.patch
+Patch0007:      backport-zlib-update.patch
+Patch0008:      backport-libpng-update-to-1.6.36.patch
+Patch0009:      backport-CVE-2020-24370.patch
 
 %description
 The Syslinux Project covers lightweight bootloaders for MS-DOS FAT filesystems (SYSLINUX),
@@ -121,7 +124,7 @@ fi
 %files
 %doc COPYING NEWS README*
 %doc doc/* sample
-%{_mandir}/man1/{gethostip*,syslinux*,extlinux*,isohybrid*,memdiskfind*}
+%{_mandir}/man1/{gethostip*,extlinux*,isohybrid*,memdiskfind*,syslinux.1.gz}
 %{_datadir}/doc/syslinux/sample/sample.msg 
 %{_bindir}/{gethostip,isohybrid,memdiskfind,syslinux}
 %dir %{_datadir}/syslinux/dosutil
@@ -160,31 +163,48 @@ fi
 %{_datadir}/syslinux/efi64
 
 %changelog
-* Mon Sep 6 2021 yangcheng<yangcheng87@huawei.com> - 6.04-10
+* Wed Mar 12 2025 lingsheng <lingsheng1@h-partners.com> - 6.04-15
+- fix CVE-2020-24370
+
+* Thu Aug 29 2024 lingsheng <lingsheng1@h-partners.com> - 6.04-14
+- update libpng 1.6.36 to fix CVE-2011-2501 CVE-2011-2690 CVE-2011-2691
+- CVE-2011-2692 CVE-2011-3045 CVE-2011-3048 CVE-2012-3425 CVE-2015-7981
+- CVE-2015-8126 CVE-2015-8472 CVE-2015-8540 CVE-2016-10087 CVE-2017-12652
+
+* Thu Aug 29 2024 lingsheng <lingsheng1@h-partners.com> - 6.04-13
+- Clean changelog format, fix bogus date
+
+* Tue Jul 11 2023 zhangpan <zhangpan103@h-partners.com> - 6.04-12
+- fix CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843
+
+* Sat May 07 2022 wangkerong <wangkerong@h-partners.com> - 6.04-11
+- slove duplicate package files
+
+* Mon Sep 6 2021 yangcheng <yangcheng87@huawei.com> - 6.04-10
 - fix build failed due to gcc-10
 
-* Mon Sep 6 2021 yangcheng<yangcheng87@huawei.com> - 6.04-9  
+* Mon Sep 6 2021 yangcheng <yangcheng87@huawei.com> - 6.04-9
 - Streamline the build dependency and fix the compiling stuck
 
-* Sat Jul 16 2021 hanhui<hanhui15@huawei.com> - 6.04-8
+* Fri Jul 16 2021 hanhui <hanhui15@huawei.com> - 6.04-8
 - solves the problem of compiling stuck
 
-* Sat Mar 20 2021 hanhui<hanhui15@huawei.com> - 6.04-7
+* Sat Mar 20 2021 hanhui <hanhui15@huawei.com> - 6.04-7
 - slove the problem of security scanning of options
 
-* Sun Feb 7 2021 jinzhimin<jinzhimin2@huawei.com> - 6.04-6
+* Sun Feb 7 2021 jinzhimin <jinzhimin2@huawei.com> - 6.04-6
 - add patch to replace builtin strlen
 
-* Mon Mar 2 2020 songnannan<songnannan2@huawei.com> -6.04-5
+* Mon Mar 2 2020 songnannan <songnannan2@huawei.com> - 6.04-5
 - change the path of file
 
-* Mon Mar 2 2020 songnannan<songnannan2@huawei.com> - 6.04-4 
+* Mon Mar 2 2020 songnannan <songnannan2@huawei.com> - 6.04-4
 - change files
 
-* Mon Mar 2 2020 songnannan<songnannan2@huawei.com> - 6.04-3
+* Mon Mar 2 2020 songnannan <songnannan2@huawei.com> - 6.04-3
 - add sample.msg file to help package
 
-* Mon Mar 2 2020 songnannan<songnannan2@huawei.com> - 6.04-2
+* Mon Mar 2 2020 songnannan <songnannan2@huawei.com> - 6.04-2
 - change the mingw64-gcc to gcc in buildrequires
 
 * Thu Feb 27 2020 Ling Yang <lingyang2@huawei.com> - 6.04-1