Compare commits

...

No commits in common. 'cs10' and 'c9' have entirely different histories.
cs10 ... c9

4
.gitignore vendored

@ -1,2 +1,2 @@
SOURCES/lua-5.4.6-tests.tar.gz
SOURCES/lua-5.4.6.tar.gz
SOURCES/lua-5.4.4-tests.tar.gz
SOURCES/lua-5.4.4.tar.gz

@ -1,2 +1,2 @@
34e1642b89f645b5f02a1c3e62ca316348ad918f SOURCES/lua-5.4.6-tests.tar.gz
83f41abf92620dd15f022e6f863807b07e318495 SOURCES/lua-5.4.6.tar.gz
062af7753cd387eea23052fbcad26616a48acadc SOURCES/lua-5.4.4-tests.tar.gz
03c27684b9d5d9783fb79a7c836ba1cdc5f309cd SOURCES/lua-5.4.4.tar.gz

@ -0,0 +1,12 @@
diff -up lua-5.3.0/src/luaconf.h.template.in.idsize lua-5.3.0/src/luaconf.h.template.in
--- lua-5.3.0/src/luaconf.h.template.in.idsize 2015-01-15 10:23:20.515801344 -0500
+++ lua-5.3.0/src/luaconf.h.template.in 2015-01-15 10:23:48.955651916 -0500
@@ -693,7 +693,7 @@
@@ of a function in debug information.
** CHANGE it if you want a different size.
*/
-#define LUA_IDSIZE 60
+#define LUA_IDSIZE 512
/*

@ -0,0 +1,26 @@
diff -up lua-5.3.5/src/ldebug.c.CVE-2020-24370 lua-5.3.5/src/ldebug.c
--- lua-5.3.5/src/ldebug.c.CVE-2020-24370 2020-08-19 13:37:17.075859557 -0400
+++ lua-5.3.5/src/ldebug.c 2020-08-19 13:38:53.117779244 -0400
@@ -133,10 +133,11 @@ static const char *upvalname (Proto *p,
static const char *findvararg (CallInfo *ci, int n, StkId *pos) {
int nparams = clLvalue(ci->func)->p->numparams;
- if (n >= cast_int(ci->u.l.base - ci->func) - nparams)
+ int nvararg = cast_int(ci->u.l.base - ci->func) - nparams;
+ if (n <= -nvararg)
return NULL; /* no such vararg */
else {
- *pos = ci->func + nparams + n;
+ *pos = ci->func + nparams - n;
return "(*vararg)"; /* generic name for any vararg */
}
}
@@ -148,7 +149,7 @@ static const char *findlocal (lua_State
StkId base;
if (isLua(ci)) {
if (n < 0) /* access to vararg values? */
- return findvararg(ci, -n, pos);
+ return findvararg(ci, n, pos);
else {
base = ci->u.l.base;
name = luaF_getlocalname(ci_func(ci)->p, n, currentpc(ci));

@ -0,0 +1,22 @@
From 1f3c6f4534c6411313361697d98d1145a1f030fa Mon Sep 17 00:00:00 2001
From: Roberto Ierusalimschy <roberto@inf.puc-rio.br>
Date: Tue, 15 Feb 2022 12:28:46 -0300
Subject: [PATCH] Bug: Lua can generate wrong code when _ENV is <const>
---
lparser.c | 1 +
testes/attrib.lua | 10 ++++++++++
2 files changed, 11 insertions(+)
diff --git a/lparser.c b/lparser.c
index 3abe3d751..a5cd55257 100644
--- a/src/lparser.c
+++ b/src/lparser.c
@@ -468,6 +468,7 @@ static void singlevar (LexState *ls, expdesc *var) {
expdesc key;
singlevaraux(fs, ls->envn, var, 1); /* get environment variable */
lua_assert(var->k != VVOID); /* this one must exist */
+ luaK_exp2anyregup(fs, var); /* but could be a constant */
codestring(&key, varname); /* key is variable name */
luaK_indexed(fs, var, &key); /* env[varname] */
}

@ -0,0 +1,51 @@
diff -up lua-5.4.2/src/ldebug.c.orig lua-5.4.2/src/ldebug.c
--- lua-5.4.2/src/ldebug.c.orig 2020-11-13 16:32:00.000000000 +0100
+++ lua-5.4.2/src/ldebug.c 2022-10-21 14:35:02.200941813 +0200
@@ -772,8 +772,11 @@ l_noret luaG_runerror (lua_State *L, con
va_start(argp, fmt);
msg = luaO_pushvfstring(L, fmt, argp); /* format message */
va_end(argp);
- if (isLua(ci)) /* if Lua function, add source:line information */
+ if (isLua(ci)) { /* if Lua function, add source:line information */
luaG_addinfo(L, msg, ci_func(ci)->p->source, getcurrentline(ci));
+ setobjs2s(L, L->top - 2, L->top - 1); /* remove 'msg' from the stack */
+ L->top--;
+ }
luaG_errormsg(L);
}
diff -up lua-5.4.2/src/lvm.c.orig lua-5.4.2/src/lvm.c
--- lua-5.4.2/src/lvm.c.orig 2020-11-13 16:32:02.000000000 +0100
+++ lua-5.4.2/src/lvm.c 2022-10-21 14:35:31.713755890 +0200
@@ -641,7 +641,7 @@ void luaV_concat (lua_State *L, int tota
int n = 2; /* number of elements handled in this pass (at least 2) */
if (!(ttisstring(s2v(top - 2)) || cvt2str(s2v(top - 2))) ||
!tostring(L, s2v(top - 1)))
- luaT_tryconcatTM(L);
+ luaT_tryconcatTM(L); /* may invalidate 'top' */
else if (isemptystr(s2v(top - 1))) /* second operand is empty? */
cast_void(tostring(L, s2v(top - 2))); /* result is first operand */
else if (isemptystr(s2v(top - 2))) { /* first operand is empty string? */
@@ -654,8 +654,10 @@ void luaV_concat (lua_State *L, int tota
/* collect total length and number of strings */
for (n = 1; n < total && tostring(L, s2v(top - n - 1)); n++) {
size_t l = vslen(s2v(top - n - 1));
- if (l_unlikely(l >= (MAX_SIZE/sizeof(char)) - tl))
+ if (l_unlikely(l >= (MAX_SIZE/sizeof(char)) - tl)) {
+ L->top = top - total; /* pop strings to avoid wasting stack */
luaG_runerror(L, "string length overflow");
+ }
tl += l;
}
if (tl <= LUAI_MAXSHORTLEN) { /* is result a short string? */
@@ -669,8 +671,8 @@ void luaV_concat (lua_State *L, int tota
}
setsvalue2s(L, top - n, ts); /* create result */
}
- total -= n-1; /* got 'n' strings to create 1 new */
- L->top -= n-1; /* popped 'n' strings and pushed one */
+ total -= n - 1; /* got 'n' strings to create one new */
+ L->top -= n - 1; /* popped 'n' strings and pushed one */
} while (total > 1); /* repeat until only 1 result left */
}

@ -1,24 +0,0 @@
diff -up lua-5.4.6/lua-5.4.6-tests/calls.lua.big-endian-fix lua-5.4.6/lua-5.4.6-tests/calls.lua
--- lua-5.4.6/lua-5.4.6-tests/calls.lua.big-endian-fix 2023-08-01 09:21:13.212388469 -0400
+++ lua-5.4.6/lua-5.4.6-tests/calls.lua 2023-08-01 09:21:34.552557272 -0400
@@ -342,20 +342,6 @@ do -- another bug (in 5.4.0)
end
-do -- another bug (since 5.2)
- -- corrupted binary dump: list of upvalue names is larger than number
- -- of upvalues, overflowing the array of upvalues.
- local code =
- "\x1b\x4c\x75\x61\x54\x00\x19\x93\x0d\x0a\x1a\x0a\x04\x08\x08\x78\x56\z
- \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x77\x40\x00\x86\x40\z
- \x74\x65\x6d\x70\x81\x81\x01\x00\x02\x82\x48\x00\x02\x00\xc7\x00\x01\z
- \x00\x80\x80\x80\x82\x00\x00\x80\x81\x82\x78\x80\x82\x81\x86\x40\x74\z
- \x65\x6d\x70"
-
- assert(load(code)) -- segfaults in previous versions
-end
-
-
x = string.dump(load("x = 1; return x"))
a = assert(load(read1(x), nil, "b"))
assert(a() == 1 and _G.x == 1)

@ -1,66 +0,0 @@
From f623b969325be736297bc1dff48e763c08778243 Mon Sep 17 00:00:00 2001
From: Roberto Ierusalimschy <roberto@inf.puc-rio.br>
Date: Wed, 14 Jun 2023 14:38:07 -0300
Subject: [PATCH] Bug: read overflow in 'l_strcmp'
Equality according to 'strcoll' does not imply that strings have
the same length.
---
lvm.c | 38 ++++++++++++++++++++------------------
1 file changed, 20 insertions(+), 18 deletions(-)
diff --git a/src/lvm.c b/src/lvm.c
index 4c300a87a..2b437bdfd 100644
--- a/src/lvm.c
+++ b/src/lvm.c
@@ -366,30 +366,32 @@ void luaV_finishset (lua_State *L, const TValue *t, TValue *key,
/*
-** Compare two strings 'ls' x 'rs', returning an integer less-equal-
-** -greater than zero if 'ls' is less-equal-greater than 'rs'.
+** Compare two strings 'ts1' x 'ts2', returning an integer less-equal-
+** -greater than zero if 'ts1' is less-equal-greater than 'ts2'.
** The code is a little tricky because it allows '\0' in the strings
-** and it uses 'strcoll' (to respect locales) for each segments
-** of the strings.
+** and it uses 'strcoll' (to respect locales) for each segment
+** of the strings. Note that segments can compare equal but still
+** have different lengths.
*/
-static int l_strcmp (const TString *ls, const TString *rs) {
- const char *l = getstr(ls);
- size_t ll = tsslen(ls);
- const char *r = getstr(rs);
- size_t lr = tsslen(rs);
+static int l_strcmp (const TString *ts1, const TString *ts2) {
+ const char *s1 = getstr(ts1);
+ size_t rl1 = tsslen(ts1); /* real length */
+ const char *s2 = getstr(ts2);
+ size_t rl2 = tsslen(ts2);
for (;;) { /* for each segment */
- int temp = strcoll(l, r);
+ int temp = strcoll(s1, s2);
if (temp != 0) /* not equal? */
return temp; /* done */
else { /* strings are equal up to a '\0' */
- size_t len = strlen(l); /* index of first '\0' in both strings */
- if (len == lr) /* 'rs' is finished? */
- return (len == ll) ? 0 : 1; /* check 'ls' */
- else if (len == ll) /* 'ls' is finished? */
- return -1; /* 'ls' is less than 'rs' ('rs' is not finished) */
- /* both strings longer than 'len'; go on comparing after the '\0' */
- len++;
- l += len; ll -= len; r += len; lr -= len;
+ size_t zl1 = strlen(s1); /* index of first '\0' in 's1' */
+ size_t zl2 = strlen(s2); /* index of first '\0' in 's2' */
+ if (zl2 == rl2) /* 's2' is finished? */
+ return (zl1 == rl1) ? 0 : 1; /* check 's1' */
+ else if (zl1 == rl1) /* 's1' is finished? */
+ return -1; /* 's1' is less than 's2' ('s2' is not finished) */
+ /* both strings longer than 'zl'; go on comparing after the '\0' */
+ zl1++; zl2++;
+ s1 += zl1; rl1 -= zl1; s2 += zl2; rl2 -= zl2;
}
}
}

@ -1,12 +0,0 @@
diff -up lua-5.4.6/src/luaconf.h.template.in.idsize lua-5.4.6/src/luaconf.h.template.in
--- lua-5.4.6/src/luaconf.h.template.in.idsize 2023-05-22 11:02:54.207370261 -0400
+++ lua-5.4.6/src/luaconf.h.template.in 2023-05-22 11:04:21.410747055 -0400
@@ -761,7 +761,7 @@
** of a function in debug information.
** CHANGE it if you want a different size.
*/
-#define LUA_IDSIZE 60
+#define LUA_IDSIZE 512
/*

@ -1,34 +1,34 @@
%global major_version 5.4
# Normally, this is the same as version, but... not always.
%global test_version 5.4.6
%global test_version 5.4.4
# If you are incrementing major_version, enable bootstrapping and adjust accordingly.
# Version should be the latest prior build. If you don't do this, RPM will break and
# everything will grind to a halt.
%global bootstrap 0
%global bootstrap_major_version 5.3
%global bootstrap_version %{bootstrap_major_version}.6
%global bootstrap_version %{bootstrap_major_version}.5
# Place rpm-macros into proper location.
%global macrosdir %(d=%{_rpmconfigdir}/macros.d; [ -d $d ] || d=%{_sysconfdir}/rpm; echo $d)
Name: lua
Version: %{major_version}.6
Release: 7%{?dist}
Version: %{major_version}.4
Release: 4%{?dist}
Summary: Powerful light-weight programming language
License: MIT
URL: https://www.lua.org/
Source0: https://www.lua.org/ftp/lua-%{version}.tar.gz
URL: http://www.lua.org/
Source0: http://www.lua.org/ftp/lua-%{version}.tar.gz
# copied from doc/readme.html on 2014-07-18
Source1: mit.txt
%if 0%{?bootstrap}
Source2: https://www.lua.org/ftp/lua-%{bootstrap_version}.tar.gz
Source2: http://www.lua.org/ftp/lua-%{bootstrap_version}.tar.gz
%endif
Source3: https://www.lua.org/tests/lua-%{test_version}-tests.tar.gz
Source3: http://www.lua.org/tests/lua-%{test_version}-tests.tar.gz
# multilib
Source4: luaconf.h
Patch0: %{name}-5.4.0-beta-autotoolize.patch
Patch1: %{name}-5.4.6-idsize.patch
Patch1: %{name}-5.3.0-idsize.patch
#Patch2: %%{name}-5.3.0-luac-shared-link-fix.patch
Patch3: %{name}-5.2.2-configure-linux.patch
Patch4: %{name}-5.3.0-configure-compat-module.patch
@ -36,9 +36,10 @@ Patch4: %{name}-5.3.0-configure-compat-module.patch
Patch5: %{name}-5.3.0-autotoolize.patch
Patch6: %{name}-5.3.5-luac-shared-link-fix.patch
%endif
Patch7: lua-5.4.6-big-endian-fix.patch
# https://www.lua.org/bugs.html
Patch8: lua-5.4.6-bug1.patch
Patch18: %{name}-5.3.5-CVE-2020-24370.patch
Patch19: %{name}-5.4.2-CVE-2022-33099.patch
Patch20: %{name}-5.4-CVE-2022-28805.patch
BuildRequires: automake autoconf libtool readline-devel ncurses-devel
BuildRequires: make
@ -88,25 +89,26 @@ This package contains the static version of liblua for %{name}.
%endif
cp %{SOURCE1} .
mv src/luaconf.h src/luaconf.h.template.in
%patch -P0 -p1 -E -z .autoxxx
%patch -P1 -p1 -z .idsize
#%% patch -P2 -p1 -z .luac-shared
%patch -P3 -p1 -z .configure-linux
%patch0 -p1 -E -z .autoxxx
%patch1 -p1 -z .idsize
#%% patch2 -p1 -z .luac-shared
%patch3 -p1 -z .configure-linux
%patch4 -p1 -z .configure-compat-all
%patch19 -p1 -b .CVE-2022-33099
%patch20 -p1 -b .CVE-2022-28805
# Put proper version in configure.ac, patch0 hardcodes 5.3.0
sed -i 's|5.3.0|%{version}|g' configure.ac
autoreconf -ifv
%patch -P7 -p1 -b .big-endian-fix
%patch -P8 -p1 -b .bug1
%if 0%{?bootstrap}
cd lua-%{bootstrap_version}/
mv src/luaconf.h src/luaconf.h.template.in
%patch -P5 -p1 -b .autoxxx
%patch -P1 -p1 -b .idsize
%patch -P3 -p1 -z .configure-linux
%patch -P4 -p1 -z .configure-compat-all
%patch -P6 -p1 -b .luac-shared-link-fix
%patch5 -p1 -b .autoxxx
%patch1 -p1 -b .idsize
%patch3 -p1 -z .configure-linux
%patch4 -p1 -z .configure-compat-all
%patch6 -p1 -b .luac-shared-link-fix
%patch18 -p1 -b .CVE-2020-24370
autoreconf -i
cd ..
%endif
@ -121,7 +123,7 @@ sed -i 's|@pkgdatadir@|%{_datadir}|g' src/luaconf.h.template
# hack so that only /usr/bin/lua gets linked with readline as it is the
# only one which needs this and otherwise we get License troubles
%make_build LIBS="-lm -ldl"
make %{?_smp_mflags} LIBS="-lm -ldl"
# only /usr/bin/lua links with readline now #luac_LDADD="liblua.la -lm -ldl"
%if 0%{?bootstrap}
@ -134,7 +136,7 @@ sed -i 's|@pkgdatadir@|%{_datadir}|g' src/luaconf.h.template
# hack so that only /usr/bin/lua gets linked with readline as it is the
# only one which needs this and otherwise we get License troubles
%make_build LIBS="-lm -ldl" luac_LDADD="liblua.la -lm -ldl"
make %{?_smp_mflags} LIBS="-lm -ldl" luac_LDADD="liblua.la -lm -ldl"
popd
%endif
@ -158,7 +160,7 @@ sed -i.orig -e '
LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_libdir} $RPM_BUILD_ROOT/%{_bindir}/lua -e"_U=true" all.lua
%install
%make_install
make install DESTDIR=$RPM_BUILD_ROOT
rm $RPM_BUILD_ROOT%{_libdir}/*.la
mkdir -p $RPM_BUILD_ROOT%{_libdir}/lua/%{major_version}
mkdir -p $RPM_BUILD_ROOT%{_datadir}/lua/%{major_version}
@ -211,71 +213,34 @@ popd
%{_libdir}/*.a
%changelog
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 5.4.6-7
- Bump release for October 2024 mass rebuild:
Resolves: RHEL-64018
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 5.4.6-6
- Bump release for June 2024 mass rebuild
* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 5.4.6-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 5.4.6-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Tue Aug 1 2023 Tom Callaway <spot@fedoraproject.org> - 5.4.6-3
- disable "corrupted binary dump" test that has issues on big-endian architectures
- apply upstream fix for 5.4.6 bug 1
* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 5.4.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Mon May 22 2023 Tom Callaway <spot@fedoraproject.org> - 5.4.6-1
- update to 5.4.6
* Tue Feb 14 2023 Tom Callaway <spot@fedoraproject.org> - 5.4.4-9
- add upstream fixes for Bugs 8 and 9
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 5.4.4-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Thu Dec 8 2022 Charles R. Anderson <cra@alum.wpi.edu> - 5.4.4-7
- Add patch for http://lua-users.org/lists/lua-l/2022-02/msg00112.html (#2111138)
* Mon Oct 17 2022 Tom Callaway <spot@fedoraproject.org> - 5.4.4-6
- add upstream fix for Bug 7
* Mon Oct 17 2022 Panu Matilainen <pmatilai@redhat.com> - 5.4.4-5
- Disable bootstrap mode forgotten on 5.4 rebase
* Mon Apr 17 2023 Florian Festi <ffesti@redhat.com> - 5.4.4-4
- Disable bootstrap mode forgotten on 5.4 rebase (#2135419)
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 5.4.4-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Fri Feb 03 2023 Florian Festi <ffesti@redhat.com> - 5.4.4-3
- Apply upstream patch for CVE-2022-28805
* Tue Jul 19 2022 Tom Callaway <spot@fedoraproject.org> - 5.4.4-3
- upstream bug fixes (3,4,5) including fix for CVE-2022-33099
* Fri Feb 03 2023 Florian Festi <ffesti@redhat.com> - 5.4.4-2
- Resolves CVE-2021-43519
* Tue Apr 5 2022 Tom Callaway <spot@fedoraproject.org> - 5.4.4-2
- upstream bug fixes
* Tue Jan 24 2023 Florian Festi <ffesti@redhat.com> - 5.4.4-1
- Rebase to lua 5.4.4
- Resolves CVE-2021-44964
* Tue Feb 1 2022 Tom Callaway <spot@fedoraproject.org> - 5.4.4-1
- update to 5.4.4, update bootstrap code to 5.3.6
- 5.4.4 contains the fix for 5.4.3 bug7, which is also CVE-2021-43519
This fix was also in 5.4.3-4, so you do not need to update solely for that.
* Tue Oct 25 2022 Michal Domonkos <mdomonko@redhat.com> - 5.4.2-7
- Fix up CVE-2022-33099 patch
* Mon Jan 24 2022 Tom Callaway <spot@fedoraproject.org> - 5.4.3-4
- apply upstream fix for CVE-2021-44647
- apply upstream fixes for known lua bugs 4-10 (11 assumes other changes beyond 5.4.3)
* Mon Oct 17 2022 Michal Domonkos <mdomonko@redhat.com> - 5.4.2-6
- Enable gating
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 5.4.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Mon Oct 17 2022 Michal Domonkos <mdomonko@redhat.com> - 5.4.2-5
- apply upstream fix for CVE-2022-33099
* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 5.4.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 5.4.2-4
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Wed Mar 31 2021 Tom Callaway <spot@fedoraproject.org> - 5.4.3-1
- update to 5.4.3
- apply fix for bug3
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 5.4.2-3
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 5.4.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild

Loading…
Cancel
Save