This commit is contained in:
Tom Callaway 2020-10-12 13:53:38 -04:00
parent fae2e38de7
commit 3e03dd9b69
16 changed files with 10 additions and 533 deletions

2
.gitignore vendored
View File

@ -16,3 +16,5 @@ lua-5.1.4/
/lua-5.3.5.tar.gz
/lua-5.4.0.tar.gz
/lua-5.4.0-tests.tar.gz
/lua-5.4.1-tests.tar.gz
/lua-5.4.1.tar.gz

View File

@ -1,24 +0,0 @@
diff -up lua-5.4.0/src/lgc.c.CVE-2020-15889 lua-5.4.0/src/lgc.c
--- lua-5.4.0/src/lgc.c.CVE-2020-15889 2020-07-31 09:52:45.494753815 -0400
+++ lua-5.4.0/src/lgc.c 2020-07-31 09:54:24.556428702 -0400
@@ -1131,16 +1131,14 @@ static void finishgencycle (lua_State *L
/*
-** Does a young collection. First, mark 'OLD1' objects. (Only survival
-** and "recent old" lists can contain 'OLD1' objects. New lists cannot
-** contain 'OLD1' objects, at most 'OLD0' objects that were already
-** visited when marked old.) Then does the atomic step. Then,
-** sweep all lists and advance pointers. Finally, finish the collection.
+** Does a young collection. First, mark 'OLD1' objects. Then does the
+** atomic step. Then sweep all lists and advance pointers. Finally,
+** finish the collection.
*/
static void youngcollection (lua_State *L, global_State *g) {
GCObject **psurvival; /* to point to first non-dead survival object */
lua_assert(g->gcstate == GCSpropagate);
- markold(g, g->survival, g->reallyold);
+ markold(g, g->allgc, g->reallyold);
markold(g, g->finobj, g->finobjrold);
atomic(L);

View File

@ -1,169 +0,0 @@
diff -up lua-5.4.0/lua-5.3.5/src/ldebug.c.CVE-2020-15945 lua-5.4.0/lua-5.3.5/src/ldebug.c
diff -up lua-5.4.0/src/ldebug.c.CVE-2020-15945 lua-5.4.0/src/ldebug.c
--- lua-5.4.0/src/ldebug.c.CVE-2020-15945 2020-07-31 09:58:23.504997354 -0400
+++ lua-5.4.0/src/ldebug.c 2020-07-31 10:04:19.745448815 -0400
@@ -33,10 +33,8 @@
#define noLuaClosure(f) ((f) == NULL || (f)->c.tt == LUA_VCCL)
-
-/* Active Lua function (given call info) */
-#define ci_func(ci) (clLvalue(s2v((ci)->func)))
-
+/* inverse of 'pcRel' */
+#define invpcRel(pc, p) ((p)->code + (pc) + 1)
static const char *funcnamefromcode (lua_State *L, CallInfo *ci,
const char **name);
@@ -127,20 +125,18 @@ static void settraps (CallInfo *ci) {
/*
** This function can be called during a signal, under "reasonable"
** assumptions.
-** Fields 'oldpc', 'basehookcount', and 'hookcount' (set by
-** 'resethookcount') are for debug only, and it is no problem if they
-** get arbitrary values (causes at most one wrong hook call). 'hookmask'
-** is an atomic value. We assume that pointers are atomic too (e.g., gcc
-** ensures that for all platforms where it runs). Moreover, 'hook' is
-** always checked before being called (see 'luaD_hook').
+** Fields 'basehookcount' and 'hookcount' (set by 'resethookcount')
+** are for debug only, and it is no problem if they get arbitrary
+** values (causes at most one wrong hook call). 'hookmask' is an atomic
+** value. We assume that pointers are atomic too (e.g., gcc ensures that
+** for all platforms where it runs). Moreover, 'hook' is always checked
+** before being called (see 'luaD_hook').
*/
LUA_API void lua_sethook (lua_State *L, lua_Hook func, int mask, int count) {
if (func == NULL || mask == 0) { /* turn off hooks? */
mask = 0;
func = NULL;
}
- if (isLua(L->ci))
- L->oldpc = L->ci->u.l.savedpc;
L->hook = func;
L->basehookcount = count;
resethookcount(L);
@@ -794,11 +790,24 @@ static int changedline (const Proto *p,
return 0; /* no line changes in the way */
}
-
+/*
+** Traces the execution of a Lua function. Called before the execution
+** of each opcode, when debug is on. 'L->oldpc' stores the last
+** instruction traced, to detect line changes. When entering a new
+** function, 'npci' will be zero and will test as a new line without
+** the need for 'oldpc'; so, 'oldpc' does not need to be initialized
+** before. Some exceptional conditions may return to a function without
+** updating 'oldpc'. In that case, 'oldpc' may be invalid; if so, it is
+** reset to zero. (A wrong but valid 'oldpc' at most causes an extra
+** call to a line hook.)
+*/
int luaG_traceexec (lua_State *L, const Instruction *pc) {
CallInfo *ci = L->ci;
lu_byte mask = L->hookmask;
+ const Proto *p = ci_func(ci)->p;
int counthook;
+ /* 'L->oldpc' may be invalid; reset it in this case */
+ int oldpc = (L->oldpc < p->sizecode) ? L->oldpc : 0;
if (!(mask & (LUA_MASKLINE | LUA_MASKCOUNT))) { /* no hooks? */
ci->u.l.trap = 0; /* don't need to stop again */
return 0; /* turn off 'trap' */
@@ -819,15 +828,14 @@ int luaG_traceexec (lua_State *L, const
if (counthook)
luaD_hook(L, LUA_HOOKCOUNT, -1, 0, 0); /* call count hook */
if (mask & LUA_MASKLINE) {
- const Proto *p = ci_func(ci)->p;
int npci = pcRel(pc, p);
if (npci == 0 || /* call linehook when enter a new function, */
- pc <= L->oldpc || /* when jump back (loop), or when */
- changedline(p, pcRel(L->oldpc, p), npci)) { /* enter new line */
+ pc <= invpcRel(oldpc, p) || /* when jump back (loop), or when */
+ changedline(p, oldpc, npci)) { /* enter new line */
int newline = luaG_getfuncline(p, npci);
luaD_hook(L, LUA_HOOKLINE, newline, 0, 0); /* call line hook */
}
- L->oldpc = pc; /* 'pc' of last call to line hook */
+ L->oldpc = npci; /* 'pc' of last call to line hook */
}
if (L->status == LUA_YIELD) { /* did hook yield? */
if (counthook)
diff -up lua-5.4.0/src/ldebug.h.CVE-2020-15945 lua-5.4.0/src/ldebug.h
--- lua-5.4.0/src/ldebug.h.CVE-2020-15945 2020-07-31 10:04:30.727969467 -0400
+++ lua-5.4.0/src/ldebug.h 2020-07-31 10:05:07.064383528 -0400
@@ -13,6 +13,11 @@
#define pcRel(pc, p) (cast_int((pc) - (p)->code) - 1)
+
+/* Active Lua function (given call info) */
+#define ci_func(ci) (clLvalue(s2v((ci)->func)))
+
+
#define resethookcount(L) (L->hookcount = L->basehookcount)
/*
diff -up lua-5.4.0/src/ldo.c.CVE-2020-15945 lua-5.4.0/src/ldo.c
--- lua-5.4.0/src/ldo.c.CVE-2020-15945 2020-07-31 10:05:32.374278847 -0400
+++ lua-5.4.0/src/ldo.c 2020-07-31 10:06:43.643168227 -0400
@@ -328,7 +328,7 @@ static StkId rethook (lua_State *L, Call
ptrdiff_t oldtop = savestack(L, L->top); /* hook may change top */
int delta = 0;
if (isLuacode(ci)) {
- Proto *p = clLvalue(s2v(ci->func))->p;
+ Proto *p = ci_func(ci)->p;
if (p->is_vararg)
delta = ci->u.l.nextraargs + p->numparams + 1;
if (L->top < ci->top)
@@ -341,8 +341,8 @@ static StkId rethook (lua_State *L, Call
luaD_hook(L, LUA_HOOKRET, -1, ftransfer, nres); /* call it */
ci->func -= delta;
}
- if (isLua(ci->previous))
- L->oldpc = ci->previous->u.l.savedpc; /* update 'oldpc' */
+ if (isLua(ci = ci->previous))
+ L->oldpc = pcRel(ci->u.l.savedpc, ci_func(ci)->p); /* update 'oldpc' */
return restorestack(L, oldtop);
}
diff -up lua-5.4.0/src/lstate.c.CVE-2020-15945 lua-5.4.0/src/lstate.c
--- lua-5.4.0/src/lstate.c.CVE-2020-15945 2020-07-31 10:06:52.754770540 -0400
+++ lua-5.4.0/src/lstate.c 2020-07-31 10:07:22.512471730 -0400
@@ -301,6 +301,7 @@ static void preinit_thread (lua_State *L
L->openupval = NULL;
L->status = LUA_OK;
L->errfunc = 0;
+ L->oldpc = 0;
}
diff -up lua-5.4.0/src/lstate.h.CVE-2020-15945 lua-5.4.0/src/lstate.h
--- lua-5.4.0/src/lstate.h.CVE-2020-15945 2020-07-31 10:07:30.784110703 -0400
+++ lua-5.4.0/src/lstate.h 2020-07-31 10:08:15.957139065 -0400
@@ -286,7 +286,6 @@ struct lua_State {
StkId top; /* first free slot in the stack */
global_State *l_G;
CallInfo *ci; /* call info for current function */
- const Instruction *oldpc; /* last pc traced */
StkId stack_last; /* last free slot in the stack */
StkId stack; /* stack base */
UpVal *openupval; /* list of open upvalues in this stack */
@@ -297,6 +296,7 @@ struct lua_State {
volatile lua_Hook hook;
ptrdiff_t errfunc; /* current error handling function (stack index) */
l_uint32 nCcalls; /* number of allowed nested C calls - 'nci' */
+ int oldpc; /* last pc traced */
int stacksize;
int basehookcount;
int hookcount;
diff -up lua-5.4.0/src/lvm.c.CVE-2020-15945 lua-5.4.0/src/lvm.c
--- lua-5.4.0/src/lvm.c.CVE-2020-15945 2020-07-31 10:08:32.014438227 -0400
+++ lua-5.4.0/src/lvm.c 2020-07-31 10:08:57.189339437 -0400
@@ -1796,7 +1796,7 @@ void luaV_execute (lua_State *L, CallInf
updatetrap(ci);
if (trap) {
luaD_hookcall(L, ci);
- L->oldpc = pc + 1; /* next opcode will be seen as a "new" line */
+ L->oldpc = 1; /* next opcode will be seen as a "new" line */
}
updatebase(ci); /* function has new base after adjustment */
vmbreak;

View File

@ -1,22 +0,0 @@
diff -up lua-5.4.0/src/ldo.c.CVE-2020-24342 lua-5.4.0/src/ldo.c
--- lua-5.4.0/src/ldo.c.CVE-2020-24342 2020-09-02 14:56:36.939443912 -0400
+++ lua-5.4.0/src/ldo.c 2020-09-02 14:57:47.765341519 -0400
@@ -515,14 +515,13 @@ void luaD_call (lua_State *L, StkId func
/*
** Similar to 'luaD_call', but does not allow yields during the call.
-** If there is a stack overflow, freeing all CI structures will
-** force the subsequent call to invoke 'luaE_extendCI', which then
-** will raise any errors.
*/
void luaD_callnoyield (lua_State *L, StkId func, int nResults) {
incXCcalls(L);
- if (getCcalls(L) <= CSTACKERR) /* possible stack overflow? */
- luaE_freeCI(L);
+ if (getCcalls(L) <= CSTACKERR) { /* possible C stack overflow? */
+ luaE_exitCcall(L); /* to compensate decrement in next call */
+ luaE_enterCcall(L); /* check properly */
+ }
luaD_call(L, func, nResults);
decXCcalls(L);
}

View File

@ -1,18 +0,0 @@
diff -up lua-5.4.0/src/ldebug.c.CVE-2020-24369 lua-5.4.0/src/ldebug.c
--- lua-5.4.0/src/ldebug.c.CVE-2020-24369 2020-08-19 12:43:01.995387723 -0400
+++ lua-5.4.0/src/ldebug.c 2020-08-19 12:43:42.191333666 -0400
@@ -783,11 +783,13 @@ l_noret luaG_runerror (lua_State *L, con
** previous instruction 'oldpc'.
*/
static int changedline (const Proto *p, int oldpc, int newpc) {
+ if (p->lineinfo == NULL) /* no debug information? */
+ return 0;
while (oldpc++ < newpc) {
if (p->lineinfo[oldpc] != 0)
return (luaG_getfuncline(p, oldpc - 1) != luaG_getfuncline(p, newpc));
}
- return 0; /* no line changes in the way */
+ return 0; /* no line changes between positions */
}
/*

View File

@ -1,23 +0,0 @@
diff -up lua-5.4.0/src/ldebug.c.CVE-2020-24370 lua-5.4.0/src/ldebug.c
--- lua-5.4.0/src/ldebug.c.CVE-2020-24370 2020-08-19 13:25:29.295135397 -0400
+++ lua-5.4.0/src/ldebug.c 2020-08-19 13:25:35.012135113 -0400
@@ -188,8 +188,8 @@ static const char *upvalname (const Prot
static const char *findvararg (CallInfo *ci, int n, StkId *pos) {
if (clLvalue(s2v(ci->func))->p->is_vararg) {
int nextra = ci->u.l.nextraargs;
- if (n <= nextra) {
- *pos = ci->func - nextra + (n - 1);
+ if (n >= -nextra) { /* 'n' is negative */
+ *pos = ci->func - nextra - (n + 1);
return "(vararg)"; /* generic name for any vararg */
}
}
@@ -202,7 +202,7 @@ const char *luaG_findlocal (lua_State *L
const char *name = NULL;
if (isLua(ci)) {
if (n < 0) /* access to vararg values? */
- return findvararg(ci, -n, pos);
+ return findvararg(ci, n, pos);
else
name = luaF_getlocalname(ci_func(ci)->p, n, currentpc(ci));
}

View File

@ -1,117 +0,0 @@
diff -up lua-5.4.0/src/lgc.c.CVE-2020-24371 lua-5.4.0/src/lgc.c
--- lua-5.4.0/src/lgc.c.CVE-2020-24371 2020-08-19 13:29:50.766122493 -0400
+++ lua-5.4.0/src/lgc.c 2020-08-19 13:34:31.886997668 -0400
@@ -181,14 +181,17 @@ static int iscleared (global_State *g, c
/*
-** barrier that moves collector forward, that is, mark the white object
-** 'v' being pointed by the black object 'o'. (If in sweep phase, clear
-** the black object to white [sweep it] to avoid other barrier calls for
-** this same object.) In the generational mode, 'v' must also become
-** old, if 'o' is old; however, it cannot be changed directly to OLD,
-** because it may still point to non-old objects. So, it is marked as
-** OLD0. In the next cycle it will become OLD1, and in the next it
-** will finally become OLD (regular old).
+** Barrier that moves collector forward, that is, marks the white object
+** 'v' being pointed by the black object 'o'. In the generational
+** mode, 'v' must also become old, if 'o' is old; however, it cannot
+** be changed directly to OLD, because it may still point to non-old
+** objects. So, it is marked as OLD0. In the next cycle it will become
+** OLD1, and in the next it will finally become OLD (regular old). By
+** then, any object it points to will also be old. If called in the
+** incremental sweep phase, it clears the black object to white (sweep
+** it) to avoid other barrier calls for this same object. (That cannot
+** be done is generational mode, as its sweep does not distinguish
+** whites from deads.)
*/
void luaC_barrier_ (lua_State *L, GCObject *o, GCObject *v) {
global_State *g = G(L);
@@ -202,7 +205,8 @@ void luaC_barrier_ (lua_State *L, GCObje
}
else { /* sweep phase */
lua_assert(issweepphase(g));
- makewhite(g, o); /* mark main obj. as white to avoid other barriers */
+ if (g->gckind == KGC_INC) /* incremental mode? */
+ makewhite(g, o); /* mark 'o' as white to avoid other barriers */
}
}
@@ -324,10 +328,15 @@ static lu_mem markbeingfnz (global_State
/*
-** Mark all values stored in marked open upvalues from non-marked threads.
-** (Values from marked threads were already marked when traversing the
-** thread.) Remove from the list threads that no longer have upvalues and
-** not-marked threads.
+** For each non-marked thread, simulates a barrier between each open
+** upvalue and its value. (If the thread is collected, the value will be
+** assigned to the upvalue, but then it can be too late for the barrier
+** to act. The "barrier" does not need to check colors: A non-marked
+** thread must be young; upvalues cannot be older than their threads; so
+** any visited upvalue must be young too.) Also removes the thread from
+** the list, as it was already visited. Removes also threads with no
+** upvalues, as they have nothing to be checked. (If the thread gets an
+** upvalue later, it will be linked in the list again.)
*/
static int remarkupvals (global_State *g) {
lua_State *thread;
@@ -340,9 +349,11 @@ static int remarkupvals (global_State *g
p = &thread->twups; /* keep marked thread with upvalues in the list */
else { /* thread is not marked or without upvalues */
UpVal *uv;
+ lua_assert(!isold(thread) || thread->openupval == NULL);
*p = thread->twups; /* remove thread from the list */
thread->twups = thread; /* mark that it is out of list */
for (uv = thread->openupval; uv != NULL; uv = uv->u.open.next) {
+ lua_assert(getage(uv) <= getage(thread));
work++;
if (!iswhite(uv)) /* upvalue already visited? */
markvalue(g, uv->v); /* mark its value */
@@ -997,6 +1008,9 @@ static void sweep2old (lua_State *L, GCO
** during the sweep. So, any white object must be dead.) For
** non-dead objects, advance their ages and clear the color of
** new objects. (Old objects keep their colors.)
+** The ages of G_TOUCHED1 and G_TOUCHED2 objects will advance
+** in 'correctgraylist'. (That function will also remove objects
+** turned white here from any gray list.)
*/
static GCObject **sweepgen (lua_State *L, global_State *g, GCObject **p,
GCObject *limit) {
@@ -1057,16 +1071,16 @@ static GCObject **correctgraylist (GCObj
lua_assert(isgray(curr));
gray2black(curr); /* make it black, for next barrier */
changeage(curr, G_TOUCHED1, G_TOUCHED2);
- p = next; /* go to next element */
+ p = next; /* keep it in the list and go to next element */
}
- else { /* not touched in this cycle */
+ else { /* everything else is removed */
+ /* white objects are simply removed */
if (!iswhite(curr)) { /* not white? */
lua_assert(isold(curr));
if (getage(curr) == G_TOUCHED2) /* advance from G_TOUCHED2... */
changeage(curr, G_TOUCHED2, G_OLD); /* ... to G_OLD */
gray2black(curr); /* make it black */
}
- /* else, object is white: just remove it from this list */
*p = *next; /* remove 'curr' from gray list */
}
break;
@@ -1145,6 +1159,7 @@ static void youngcollection (lua_State *
atomic(L);
/* sweep nursery and get a pointer to its last live element */
+ g->gcstate = GCSswpallgc;
psurvival = sweepgen(L, g, &g->allgc, g->survival);
/* sweep 'survival' and 'old' */
sweepgen(L, g, psurvival, g->reallyold);
@@ -1168,6 +1183,7 @@ static void youngcollection (lua_State *
static void atomic2gen (lua_State *L, global_State *g) {
/* sweep all elements making them old */
+ g->gcstate = GCSswpallgc;
sweep2old(L, &g->allgc);
/* everything alive now is old */
g->reallyold = g->old = g->survival = g->allgc;

View File

@ -1,12 +0,0 @@
diff -up lua-5.4.0/src/ldo.c.bug2 lua-5.4.0/src/ldo.c
--- lua-5.4.0/src/ldo.c.bug2 2020-07-31 10:40:55.409594540 -0400
+++ lua-5.4.0/src/ldo.c 2020-07-31 10:41:19.193556341 -0400
@@ -674,7 +674,7 @@ LUA_API int lua_resume (lua_State *L, lu
if (from == NULL)
L->nCcalls = CSTACKTHREAD;
else /* correct 'nCcalls' for this thread */
- L->nCcalls = getCcalls(from) + from->nci - L->nci - CSTACKCF;
+ L->nCcalls = getCcalls(from) - L->nci - CSTACKCF;
if (L->nCcalls <= CSTACKERR)
return resume_error(L, "C stack overflow", nargs);
luai_userstateresume(L, nargs);

View File

@ -1,14 +0,0 @@
diff -up lua-5.4.0/src/lundump.c.bug3 lua-5.4.0/src/lundump.c
--- lua-5.4.0/src/lundump.c.bug3 2020-07-31 10:43:45.954150092 -0400
+++ lua-5.4.0/src/lundump.c 2020-07-31 10:44:31.560159336 -0400
@@ -205,8 +205,9 @@ static void loadUpvalues (LoadState *S,
n = loadInt(S);
f->upvalues = luaM_newvectorchecked(S->L, n, Upvaldesc);
f->sizeupvalues = n;
- for (i = 0; i < n; i++) {
+ for (i = 0; i < n; i++)
f->upvalues[i].name = NULL;
+ for (i = 0; i < n; i++) {
f->upvalues[i].instack = loadByte(S);
f->upvalues[i].idx = loadByte(S);
f->upvalues[i].kind = loadByte(S);

View File

@ -1,40 +0,0 @@
diff -up lua-5.4.0/src/ldo.c.bug4 lua-5.4.0/src/ldo.c
--- lua-5.4.0/src/ldo.c.bug4 2020-07-31 10:46:01.013254618 -0400
+++ lua-5.4.0/src/ldo.c 2020-07-31 10:47:23.423657317 -0400
@@ -466,13 +466,13 @@ void luaD_call (lua_State *L, StkId func
f = fvalue(s2v(func));
Cfunc: {
int n; /* number of returns */
- CallInfo *ci = next_ci(L);
+ CallInfo *ci;
checkstackp(L, LUA_MINSTACK, func); /* ensure minimum stack size */
+ L->ci = ci = next_ci(L);
ci->nresults = nresults;
ci->callstatus = CIST_C;
ci->top = L->top + LUA_MINSTACK;
ci->func = func;
- L->ci = ci;
lua_assert(ci->top <= L->stack_last);
if (L->hookmask & LUA_MASKCALL) {
int narg = cast_int(L->top - func) - 1;
@@ -486,18 +486,18 @@ void luaD_call (lua_State *L, StkId func
break;
}
case LUA_VLCL: { /* Lua function */
- CallInfo *ci = next_ci(L);
+ CallInfo *ci;
Proto *p = clLvalue(s2v(func))->p;
int narg = cast_int(L->top - func) - 1; /* number of real arguments */
int nfixparams = p->numparams;
int fsize = p->maxstacksize; /* frame size */
checkstackp(L, fsize, func);
+ L->ci = ci = next_ci(L);
ci->nresults = nresults;
ci->u.l.savedpc = p->code; /* starting point */
ci->callstatus = 0;
ci->top = func + 1 + fsize;
ci->func = func;
- L->ci = ci;
for (; narg < nfixparams; narg++)
setnilvalue(s2v(L->top++)); /* complete missing arguments */
lua_assert(ci->top <= L->stack_last);

View File

@ -1,12 +0,0 @@
diff -up lua-5.4.0/src/ldo.h.bug5 lua-5.4.0/src/ldo.h
--- lua-5.4.0/src/ldo.h.bug5 2020-07-31 10:48:38.077398930 -0400
+++ lua-5.4.0/src/ldo.h 2020-07-31 10:49:11.858926155 -0400
@@ -44,7 +44,7 @@
/* macro to check stack size and GC */
#define checkstackGC(L,fsize) \
- luaD_checkstackaux(L, (fsize), (void)0, luaC_checkGC(L))
+ luaD_checkstackaux(L, (fsize), luaC_checkGC(L), (void)0)
/* type of protected functions, to be ran by 'runprotected' */

View File

@ -1,22 +0,0 @@
diff -up lua-5.4.0/src/lvm.c.bug6 lua-5.4.0/src/lvm.c
--- lua-5.4.0/src/lvm.c.bug6 2020-07-31 10:50:38.760137542 -0400
+++ lua-5.4.0/src/lvm.c 2020-07-31 10:51:39.284498878 -0400
@@ -1104,7 +1104,7 @@ void luaV_finishOp (lua_State *L) {
#define checkGC(L,c) \
- { luaC_condGC(L, L->top = (c), /* limit of live values */ \
+ { luaC_condGC(L, (savepc(L), L->top = (c)), \
updatetrap(ci)); \
luai_threadyield(L); }
@@ -1792,8 +1792,7 @@ void luaV_execute (lua_State *L, CallInf
vmbreak;
}
vmcase(OP_VARARGPREP) {
- luaT_adjustvarargs(L, GETARG_A(i), ci, cl->p);
- updatetrap(ci);
+ ProtectNT(luaT_adjustvarargs(L, GETARG_A(i), ci, cl->p));
if (trap) {
luaD_hookcall(L, ci);
L->oldpc = 1; /* next opcode will be seen as a "new" line */

View File

@ -1,12 +0,0 @@
diff -up lua-5.4.0/src/liolib.c.bug7 lua-5.4.0/src/liolib.c
--- lua-5.4.0/src/liolib.c.bug7 2020-07-31 10:53:20.857070633 -0400
+++ lua-5.4.0/src/liolib.c 2020-07-31 10:53:58.694421042 -0400
@@ -279,6 +279,8 @@ static int io_popen (lua_State *L) {
const char *filename = luaL_checkstring(L, 1);
const char *mode = luaL_optstring(L, 2, "r");
LStream *p = newprefile(L);
+ luaL_argcheck(L, ((mode[0] == 'r' || mode[0] == 'w') && mode[1] == '\0'),
+ 2, "invalid mode");
p->f = l_popen(L, filename, mode);
p->closef = &io_pclose;
return (p->f == NULL) ? luaL_fileresult(L, 0, filename) : 1;

View File

@ -1,12 +0,0 @@
diff -up lua-5.4.0/src/lgc.c.bug8 lua-5.4.0/src/lgc.c
--- lua-5.4.0/src/lgc.c.bug8 2020-07-31 10:55:37.427116603 -0400
+++ lua-5.4.0/src/lgc.c 2020-07-31 10:57:04.639314417 -0400
@@ -856,6 +856,8 @@ static void GCTM (lua_State *L) {
if (unlikely(status != LUA_OK)) { /* error while running __gc? */
luaE_warnerror(L, "__gc metamethod");
L->top--; /* pops error object */
+ if (isLua(L->ci))
+ L->oldpc = L->ci->u.l.savedpc; /* update 'oldpc' */
}
}
}

View File

@ -1,7 +1,6 @@
%global major_version 5.4
# Normally, this is the same as version, but... not always.
# No tests yet for 5.3.5
%global test_version 5.4.0
%global test_version 5.4.1
# If you are incrementing major_version, enable bootstrapping and adjust accordingly.
# Version should be the latest prior build. If you don't do this, RPM will break and
# everything will grind to a halt.
@ -14,8 +13,8 @@
Name: lua
Version: %{major_version}.0
Release: 8%{?dist}
Version: %{major_version}.1
Release: 1%{?dist}
Summary: Powerful light-weight programming language
License: MIT
URL: http://www.lua.org/
@ -37,25 +36,8 @@ Patch4: %{name}-5.3.0-configure-compat-module.patch
Patch5: %{name}-5.3.0-autotoolize.patch
Patch6: %{name}-5.3.5-luac-shared-link-fix.patch
%endif
Patch7: %{name}-5.4.0-CVE-2020-15889.patch
Patch8: %{name}-5.4.0-CVE-2020-15945.patch
# https://www.lua.org/bugs.html
# Bug 1 is CVE-2020-15889
Patch9: %{name}-5.4.0-bug2.patch
Patch10: %{name}-5.4.0-bug3.patch
Patch11: %{name}-5.4.0-bug4.patch
Patch12: %{name}-5.4.0-bug5.patch
Patch13: %{name}-5.4.0-bug6.patch
Patch14: %{name}-5.4.0-bug7.patch
Patch15: %{name}-5.4.0-bug8.patch
# This is bug 12.
Patch16: %{name}-5.4.0-CVE-2020-24369.patch
# This is bug 11
Patch17: %{name}-5.4.0-CVE-2020-24370.patch
Patch18: %{name}-5.3.5-CVE-2020-24370.patch
# This is bug 9
Patch19: %{name}-5.4.0-CVE-2020-24371.patch
Patch20: %{name}-5.4.0-CVE-2020-24342.patch
BuildRequires: automake autoconf libtool readline-devel ncurses-devel
Requires: lua-libs = %{version}-%{release}
@ -109,19 +91,6 @@ mv src/luaconf.h src/luaconf.h.template.in
#%% patch2 -p1 -z .luac-shared
%patch3 -p1 -z .configure-linux
%patch4 -p1 -z .configure-compat-all
%patch7 -p1 -b .CVE-2020-15889
%patch8 -p1 -b .CVE-2020-15945
%patch9 -p1 -b .bug2
%patch10 -p1 -b .bug3
%patch11 -p1 -b .bug4
%patch12 -p1 -b .bug5
%patch13 -p1 -b .bug6
%patch14 -p1 -b .bug7
%patch15 -p1 -b .bug8
%patch16 -p1 -b .CVE-2020-24369
%patch17 -p1 -b .CVE-2020-24370
%patch19 -p1 -b .CVE-2020-24371
%patch20 -p1 -b .CVE-2020-24342
# Put proper version in configure.ac, patch0 hardcodes 5.3.0
sed -i 's|5.3.0|%{version}|g' configure.ac
autoreconf -ifv
@ -239,6 +208,9 @@ popd
%{_libdir}/*.a
%changelog
* Mon Oct 12 2020 Tom Callaway <spot@fedoraproject.org> - 5.4.1-1
- update to 5.4.1
* Wed Sep 2 2020 Tom Callaway <spot@fedoraproject.org> - 5.4.0-8
- apply upstream fix for CVE-2020-24342

View File

@ -1,3 +1,3 @@
SHA512 (lua-5.3.5.tar.gz) = 4f9516acc4659dfd0a9e911bfa00c0788f0ad9348e5724fe8fb17aac59e9c0060a64378f82be86f8534e49c6c013e7488ad17321bafcc787831d3d67406bd0f4
SHA512 (lua-5.4.0.tar.gz) = 22aa0f9fcf953fc49c97bf50a4cee708b458e8a95447f881037b2c6ddd60e40368a807f2575671c6cd7497cedc2cf5716a8959c196445bf9a359fe7ebcd65465
SHA512 (lua-5.4.0-tests.tar.gz) = a4529138b581057890b06bf27804648fe720ebceee071b506ffcf0daa6f14bed6ce297adca7e5b2c37321e97e93019706ff1cd68ef1347ae4b367e0ee2b70c96
SHA512 (lua-5.4.1-tests.tar.gz) = ac7cf113d96f8fe2af4f104297a70debd3bede5997627fc18db6b5d9c78ff49e05a165f5855894def5656c6dcc2d7d9ccce741c90da17698a5c714a33828f49a
SHA512 (lua-5.4.1.tar.gz) = 49ffbe814ec41e515fc8502b6958151c6c56aa171412f0b211ad9de934be2c958c3709d49435885ddea0fa6765ed511dafb3537558950ff3b4261338214f1571