From a178517865142135b31ba81598ab5890b0aaa379 Mon Sep 17 00:00:00 2001
From: Tom Callaway <spot@fedoraproject.org>
Date: Wed, 2 Sep 2020 15:09:42 -0400
Subject: [PATCH 1/2] CVE-2020-24342

---
 lua-5.4.0-CVE-2020-24342.patch | 22 ++++++++++++++++++++++
 lua.spec                       | 10 ++++++----
 2 files changed, 28 insertions(+), 4 deletions(-)
 create mode 100644 lua-5.4.0-CVE-2020-24342.patch

diff --git a/lua-5.4.0-CVE-2020-24342.patch b/lua-5.4.0-CVE-2020-24342.patch
new file mode 100644
index 0000000..c8267ec
--- /dev/null
+++ b/lua-5.4.0-CVE-2020-24342.patch
@@ -0,0 +1,22 @@
+diff -up lua-5.4.0/src/ldo.c.CVE-2020-24342 lua-5.4.0/src/ldo.c
+--- lua-5.4.0/src/ldo.c.CVE-2020-24342	2020-09-02 14:56:36.939443912 -0400
++++ lua-5.4.0/src/ldo.c	2020-09-02 14:57:47.765341519 -0400
+@@ -515,14 +515,13 @@ void luaD_call (lua_State *L, StkId func
+ 
+ /*
+ ** Similar to 'luaD_call', but does not allow yields during the call.
+-** If there is a stack overflow, freeing all CI structures will
+-** force the subsequent call to invoke 'luaE_extendCI', which then
+-** will raise any errors.
+ */
+ void luaD_callnoyield (lua_State *L, StkId func, int nResults) {
+   incXCcalls(L);
+-  if (getCcalls(L) <= CSTACKERR)  /* possible stack overflow? */
+-    luaE_freeCI(L);
++  if (getCcalls(L) <= CSTACKERR) {  /* possible C stack overflow? */
++    luaE_exitCcall(L);  /* to compensate decrement in next call */
++    luaE_enterCcall(L);  /* check properly */
++  }
+   luaD_call(L, func, nResults);
+   decXCcalls(L);
+ }
diff --git a/lua.spec b/lua.spec
index be9d603..742e56e 100644
--- a/lua.spec
+++ b/lua.spec
@@ -15,7 +15,7 @@
 
 Name:           lua
 Version:        %{major_version}.0
-Release:        6%{?dist}
+Release:        7%{?dist}
 Summary:        Powerful light-weight programming language
 License:        MIT
 URL:            http://www.lua.org/
@@ -59,6 +59,7 @@ Patch17:	%{name}-5.4.0-CVE-2020-24370.patch
 Patch18:	%{name}-5.3.5-CVE-2020-24370.patch
 # This is bug 9
 Patch19:	%{name}-5.4.0-CVE-2020-24371.patch
+Patch20:	%{name}-5.4.0-CVE-2020-24342.patch
 
 BuildRequires:  automake autoconf libtool readline-devel ncurses-devel
 Requires:       lua-libs = %{version}-%{release}
@@ -121,6 +122,7 @@ mv src/luaconf.h src/luaconf.h.template.in
 %patch16 -p1 -b .CVE-2020-24369
 %patch17 -p1 -b .CVE-2020-24370
 %patch19 -p1 -b .CVE-2020-24371
+%patch20 -p1 -b .CVE-2020-24342
 # Put proper version in configure.ac, patch0 hardcodes 5.3.0
 sed -i 's|5.3.0|%{version}|g' configure.ac
 autoreconf -ifv
@@ -246,6 +248,9 @@ install -Dpm 0644 %{SOURCE1001} $RPM_BUILD_ROOT/%{_fileattrsdir}/lua.attr
 %{_libdir}/*.a
 
 %changelog
+* Wed Sep  2 2020 Tom Callaway <spot@fedoraproject.org> - 5.4.0-7
+- apply upstream fix for CVE-2020-24342
+
 * Wed Aug 19 2020 Tom Callaway <spot@fedoraproject.org> - 5.4.0-6
 - apply upstream fix for CVE-2020-24370, CVE-2020-24371
 
@@ -266,9 +271,6 @@ install -Dpm 0644 %{SOURCE1001} $RPM_BUILD_ROOT/%{_fileattrsdir}/lua.attr
 * Mon Jun 29 2020 Tom Callaway <spot@fedoraproject.org> - 5.4.0-1
 - update to 5.4.0
 
-* Wed Oct 23 2019 Tom Callaway <spot@fedoraproject.org> - 5.4.0-0.1.beta
-- 5.4.0-beta
-
 * Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 5.3.5-7
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
 

From 96be13d24efde3cc33a1c1445fbd29b143d0c772 Mon Sep 17 00:00:00 2001
From: Tom spot Callaway <spot@fedoraproject.org>
Date: Wed, 28 Apr 2021 13:35:31 -0400
Subject: [PATCH 2/2] 5.4.3

---
 .gitignore           |  2 ++
 lua-5.4.3-bug3.patch | 32 ++++++++++++++++++++++++++++++++
 lua.spec             | 10 ++++++++--
 sources              |  4 ++--
 4 files changed, 44 insertions(+), 4 deletions(-)
 create mode 100644 lua-5.4.3-bug3.patch

diff --git a/.gitignore b/.gitignore
index 8d90a98..c67ec4f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -20,3 +20,5 @@ lua-5.1.4/
 /lua-5.4.1.tar.gz
 /lua-5.4.2.tar.gz
 /lua-5.4.2-tests.tar.gz
+/lua-5.4.3.tar.gz
+/lua-5.4.3-tests.tar.gz
diff --git a/lua-5.4.3-bug3.patch b/lua-5.4.3-bug3.patch
new file mode 100644
index 0000000..dd27670
--- /dev/null
+++ b/lua-5.4.3-bug3.patch
@@ -0,0 +1,32 @@
+diff -up lua-5.4.3/src/lvm.c.bug3 lua-5.4.3/src/lvm.c
+--- lua-5.4.3/src/lvm.c.bug3	2021-04-28 13:27:54.025590350 -0400
++++ lua-5.4.3/src/lvm.c	2021-04-28 13:28:55.233614835 -0400
+@@ -847,10 +847,19 @@ void luaV_finishOp (lua_State *L) {
+       luaV_concat(L, total);  /* concat them (may yield again) */
+       break;
+     }
+-    case OP_CLOSE:  case OP_RETURN: {  /* yielded closing variables */
++    case OP_CLOSE: {  /* yielded closing variables */
+       ci->u.l.savedpc--;  /* repeat instruction to close other vars. */
+       break;
+     }
++    case OP_RETURN: {  /* yielded closing variables */
++      StkId ra = base + GETARG_A(inst);
++      /* correct top to signal correct number of returns (in case the
++         return is "in top" */
++      L->top = ra + ci->u2.nres;
++      /* repeat instruction to close other vars. and complete the return */
++      ci->u.l.savedpc--;
++      break;
++    }
+     default: {
+       /* only these other opcodes can yield */
+       lua_assert(op == OP_TFORCALL || op == OP_CALL ||
+@@ -1670,6 +1679,7 @@ void luaV_execute (lua_State *L, CallInf
+           n = cast_int(L->top - ra);  /* get what is available */
+         savepc(ci);
+         if (TESTARG_k(i)) {  /* may there be open upvalues? */
++          ci->u2.nres = n;  /* save number of returns */
+           if (L->top < ci->top)
+             L->top = ci->top;
+           luaF_close(L, base, CLOSEKTOP, 1);
diff --git a/lua.spec b/lua.spec
index c12fcc2..d5e1141 100644
--- a/lua.spec
+++ b/lua.spec
@@ -1,6 +1,6 @@
 %global major_version 5.4
 # Normally, this is the same as version, but... not always.
-%global test_version 5.4.2
+%global test_version 5.4.3
 # If you are incrementing major_version, enable bootstrapping and adjust accordingly.
 # Version should be the latest prior build. If you don't do this, RPM will break and
 # everything will grind to a halt.
@@ -13,7 +13,7 @@
 
 
 Name:           lua
-Version:        %{major_version}.2
+Version:        %{major_version}.3
 Release:        1%{?dist}
 Summary:        Powerful light-weight programming language
 License:        MIT
@@ -38,6 +38,7 @@ Patch6:		%{name}-5.3.5-luac-shared-link-fix.patch
 %endif
 # https://www.lua.org/bugs.html
 Patch18:	%{name}-5.3.5-CVE-2020-24370.patch
+Patch19:	%{name}-5.4.3-bug3.patch
 
 BuildRequires:  automake autoconf libtool readline-devel ncurses-devel
 Requires:       lua-libs = %{version}-%{release}
@@ -93,6 +94,7 @@ mv src/luaconf.h src/luaconf.h.template.in
 %patch4 -p1 -z .configure-compat-all
 # Put proper version in configure.ac, patch0 hardcodes 5.3.0
 sed -i 's|5.3.0|%{version}|g' configure.ac
+%patch19 -p1 -b .bug3
 autoreconf -ifv
 
 %if 0%{?bootstrap}
@@ -208,6 +210,10 @@ popd
 %{_libdir}/*.a
 
 %changelog
+* Wed Mar 31 2021 Tom Callaway <spot@fedoraproject.org> - 5.4.3-1
+- update to 5.4.3
+- apply fix for bug3
+
 * Thu Dec  3 2020 Tom Callaway <spot@fedoraproject.org> - 5.4.2-1
 - update to 5.4.2
 
diff --git a/sources b/sources
index 3eee4e5..729c244 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
 SHA512 (lua-5.3.5.tar.gz) = 4f9516acc4659dfd0a9e911bfa00c0788f0ad9348e5724fe8fb17aac59e9c0060a64378f82be86f8534e49c6c013e7488ad17321bafcc787831d3d67406bd0f4
-SHA512 (lua-5.4.2.tar.gz) = 9454a6ffd973598f2f4a2399834c31c4d5090bd12e716776e3189aa57760319d114ee64a8338bbc2ef5e08150bf0adc2ad94a1b2677f38538a43359969d4d920
-SHA512 (lua-5.4.2-tests.tar.gz) = 1516c59deca211c38444bbf97b18e988e939209b03915d3691d756eeed31b52e8d3a1f05b71ac0b561965274c7b6f3afc4244cd2e9069995696e737e2d9dd40b
+SHA512 (lua-5.4.3.tar.gz) = 3a1a3ee8694b72b4ec9d3ce76705fe179328294353604ca950c53f41b41161b449877d43318ef4501fee44ecbd6c83314ce7468d7425ba9b2903c9c32a28bbc0
+SHA512 (lua-5.4.3-tests.tar.gz) = 034ebddd5b89ccc57e1d9f25853b502e1569bdef2b0bf26380d8babf0d5b2e001c55086cc28e0840969dc2905ac05b55dd2b4496fa997c6f4e37c8878e123359