From ad08131ca8d631796ec74348d3c25989f354ea70 Mon Sep 17 00:00:00 2001
From: tomcruiseqi <10762123+tomcruiseqi@user.noreply.gitee.com>
Date: Sat, 1 Nov 2025 18:20:08 +0800
Subject: [PATCH] [CVE] CVE-2025-49844

to #26845
add patch to fix CVE-2025-49844
Project: TC2024080204
Signed-off-by: tomcruiseqi <tomcruiseqi@inspur.com>
---
 0006-bugfix-for-CVE-2025-49844.patch | 32 ++++++++++++++++++++++++++++
 redis.spec                           |  7 +++++-
 2 files changed, 38 insertions(+), 1 deletion(-)
 create mode 100644 0006-bugfix-for-CVE-2025-49844.patch

diff --git a/0006-bugfix-for-CVE-2025-49844.patch b/0006-bugfix-for-CVE-2025-49844.patch
new file mode 100644
index 0000000..d1fa2bc
--- /dev/null
+++ b/0006-bugfix-for-CVE-2025-49844.patch
@@ -0,0 +1,32 @@
+From 02b16202a30f619628305ed89d3ae7700c280793 Mon Sep 17 00:00:00 2001
+From: Mincho Paskalev <minchopaskal@gmail.com>
+Date: Mon, 23 Jun 2025 11:41:37 +0300
+Subject: [PATCH] Lua script may lead to remote code execution (CVE-2025-49844)
+
+---
+ deps/lua/src/lparser.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/deps/lua/src/lparser.c b/deps/lua/src/lparser.c
+index dda7488dcad..ee7d90c90d7 100644
+--- a/deps/lua/src/lparser.c
++++ b/deps/lua/src/lparser.c
+@@ -384,13 +384,17 @@ Proto *luaY_parser (lua_State *L, ZIO *z, Mbuffer *buff, const char *name) {
+   struct LexState lexstate;
+   struct FuncState funcstate;
+   lexstate.buff = buff;
+-  luaX_setinput(L, &lexstate, z, luaS_new(L, name));
++  TString *tname = luaS_new(L, name);
++  setsvalue2s(L, L->top, tname);
++  incr_top(L);
++  luaX_setinput(L, &lexstate, z, tname);
+   open_func(&lexstate, &funcstate);
+   funcstate.f->is_vararg = VARARG_ISVARARG;  /* main func. is always vararg */
+   luaX_next(&lexstate);  /* read first token */
+   chunk(&lexstate);
+   check(&lexstate, TK_EOS);
+   close_func(&lexstate);
++  --L->top;
+   lua_assert(funcstate.prev == NULL);
+   lua_assert(funcstate.f->nups == 0);
+   lua_assert(lexstate.fs == NULL);
diff --git a/redis.spec b/redis.spec
index cb343ee..e107dd7 100644
--- a/redis.spec
+++ b/redis.spec
@@ -1,4 +1,4 @@
-%define anolis_release 2
+%define anolis_release 3
 
 # temp workaround to https://bugzilla.redhat.com/2059488
 %undefine _package_note_file
@@ -36,6 +36,7 @@ Patch0003:         0003-Fix-CVE-2025-46818.patch
 Patch0004:         0004-Fix-CVE-2025-46819.patch
 # https://github.com/redis/redis/commit/fc9abc775e308374f667fdf3e723ef4b7eb0e3ca
 Patch0005:         0005-Fix-CVE-2025-46817.patch
+Patch0006:         0006-bugfix-for-CVE-2025-49844.patch
 
 BuildRequires: make
 BuildRequires:     gcc
@@ -140,6 +141,7 @@ sed -i -e 's|^dir .*$|dir /var/lib/redis|g' redis.conf
 %ifarch x86_64
 sed -e 's/--with-lg-quantum/--with-lg-page=12 --with-lg-quantum/' -i deps/Makefile
 %endif
+%patch -P0006 -p1
 %ifarch aarch64
 sed -e 's/--with-lg-quantum/--with-lg-page=16 --with-lg-quantum/' -i deps/Makefile
 %endif
@@ -297,6 +299,9 @@ fi
 
 
 %changelog
+* Sat Nov 01 2025 tomcruiseqi <tomcruiseqi@inspur.com> - 7.2.10-3
+- Fix CVE-2025-49844
+
 * Fri Oct 10 2025 wh02252983 <wh02252983@alibaba-inc.com> - 7.2.10-2
 - Add patch to fix CVE-2025-46818 and CVE-2025-46819 and CVE-2025-46817
 
-- 
Gitee