From 3e03dd9b69dff7f2f87fff9e2f8cc2403fea046a Mon Sep 17 00:00:00 2001 From: Tom Callaway Date: Mon, 12 Oct 2020 13:53:38 -0400 Subject: [PATCH] 5.4.1 --- .gitignore | 2 + lua-5.4.0-CVE-2020-15889.patch | 24 ----- lua-5.4.0-CVE-2020-15945.patch | 169 --------------------------------- lua-5.4.0-CVE-2020-24342.patch | 22 ----- lua-5.4.0-CVE-2020-24369.patch | 18 ---- lua-5.4.0-CVE-2020-24370.patch | 23 ----- lua-5.4.0-CVE-2020-24371.patch | 117 ----------------------- lua-5.4.0-bug2.patch | 12 --- lua-5.4.0-bug3.patch | 14 --- lua-5.4.0-bug4.patch | 40 -------- lua-5.4.0-bug5.patch | 12 --- lua-5.4.0-bug6.patch | 22 ----- lua-5.4.0-bug7.patch | 12 --- lua-5.4.0-bug8.patch | 12 --- lua.spec | 40 ++------ sources | 4 +- 16 files changed, 10 insertions(+), 533 deletions(-) delete mode 100644 lua-5.4.0-CVE-2020-15889.patch delete mode 100644 lua-5.4.0-CVE-2020-15945.patch delete mode 100644 lua-5.4.0-CVE-2020-24342.patch delete mode 100644 lua-5.4.0-CVE-2020-24369.patch delete mode 100644 lua-5.4.0-CVE-2020-24370.patch delete mode 100644 lua-5.4.0-CVE-2020-24371.patch delete mode 100644 lua-5.4.0-bug2.patch delete mode 100644 lua-5.4.0-bug3.patch delete mode 100644 lua-5.4.0-bug4.patch delete mode 100644 lua-5.4.0-bug5.patch delete mode 100644 lua-5.4.0-bug6.patch delete mode 100644 lua-5.4.0-bug7.patch delete mode 100644 lua-5.4.0-bug8.patch diff --git a/.gitignore b/.gitignore index 6336dfc..de56088 100644 --- a/.gitignore +++ b/.gitignore @@ -16,3 +16,5 @@ lua-5.1.4/ /lua-5.3.5.tar.gz /lua-5.4.0.tar.gz /lua-5.4.0-tests.tar.gz +/lua-5.4.1-tests.tar.gz +/lua-5.4.1.tar.gz diff --git a/lua-5.4.0-CVE-2020-15889.patch b/lua-5.4.0-CVE-2020-15889.patch deleted file mode 100644 index a9bd7ce..0000000 --- a/lua-5.4.0-CVE-2020-15889.patch +++ /dev/null @@ -1,24 +0,0 @@ -diff -up lua-5.4.0/src/lgc.c.CVE-2020-15889 lua-5.4.0/src/lgc.c ---- lua-5.4.0/src/lgc.c.CVE-2020-15889 2020-07-31 09:52:45.494753815 -0400 -+++ lua-5.4.0/src/lgc.c 2020-07-31 09:54:24.556428702 -0400 -@@ -1131,16 +1131,14 @@ static void finishgencycle (lua_State *L - - - /* --** Does a young collection. First, mark 'OLD1' objects. (Only survival --** and "recent old" lists can contain 'OLD1' objects. New lists cannot --** contain 'OLD1' objects, at most 'OLD0' objects that were already --** visited when marked old.) Then does the atomic step. Then, --** sweep all lists and advance pointers. Finally, finish the collection. -+** Does a young collection. First, mark 'OLD1' objects. Then does the -+** atomic step. Then sweep all lists and advance pointers. Finally, -+** finish the collection. - */ - static void youngcollection (lua_State *L, global_State *g) { - GCObject **psurvival; /* to point to first non-dead survival object */ - lua_assert(g->gcstate == GCSpropagate); -- markold(g, g->survival, g->reallyold); -+ markold(g, g->allgc, g->reallyold); - markold(g, g->finobj, g->finobjrold); - atomic(L); - diff --git a/lua-5.4.0-CVE-2020-15945.patch b/lua-5.4.0-CVE-2020-15945.patch deleted file mode 100644 index 6ddf58b..0000000 --- a/lua-5.4.0-CVE-2020-15945.patch +++ /dev/null @@ -1,169 +0,0 @@ -diff -up lua-5.4.0/lua-5.3.5/src/ldebug.c.CVE-2020-15945 lua-5.4.0/lua-5.3.5/src/ldebug.c -diff -up lua-5.4.0/src/ldebug.c.CVE-2020-15945 lua-5.4.0/src/ldebug.c ---- lua-5.4.0/src/ldebug.c.CVE-2020-15945 2020-07-31 09:58:23.504997354 -0400 -+++ lua-5.4.0/src/ldebug.c 2020-07-31 10:04:19.745448815 -0400 -@@ -33,10 +33,8 @@ - - #define noLuaClosure(f) ((f) == NULL || (f)->c.tt == LUA_VCCL) - -- --/* Active Lua function (given call info) */ --#define ci_func(ci) (clLvalue(s2v((ci)->func))) -- -+/* inverse of 'pcRel' */ -+#define invpcRel(pc, p) ((p)->code + (pc) + 1) - - static const char *funcnamefromcode (lua_State *L, CallInfo *ci, - const char **name); -@@ -127,20 +125,18 @@ static void settraps (CallInfo *ci) { - /* - ** This function can be called during a signal, under "reasonable" - ** assumptions. --** Fields 'oldpc', 'basehookcount', and 'hookcount' (set by --** 'resethookcount') are for debug only, and it is no problem if they --** get arbitrary values (causes at most one wrong hook call). 'hookmask' --** is an atomic value. We assume that pointers are atomic too (e.g., gcc --** ensures that for all platforms where it runs). Moreover, 'hook' is --** always checked before being called (see 'luaD_hook'). -+** Fields 'basehookcount' and 'hookcount' (set by 'resethookcount') -+** are for debug only, and it is no problem if they get arbitrary -+** values (causes at most one wrong hook call). 'hookmask' is an atomic -+** value. We assume that pointers are atomic too (e.g., gcc ensures that -+** for all platforms where it runs). Moreover, 'hook' is always checked -+** before being called (see 'luaD_hook'). - */ - LUA_API void lua_sethook (lua_State *L, lua_Hook func, int mask, int count) { - if (func == NULL || mask == 0) { /* turn off hooks? */ - mask = 0; - func = NULL; - } -- if (isLua(L->ci)) -- L->oldpc = L->ci->u.l.savedpc; - L->hook = func; - L->basehookcount = count; - resethookcount(L); -@@ -794,11 +790,24 @@ static int changedline (const Proto *p, - return 0; /* no line changes in the way */ - } - -- -+/* -+** Traces the execution of a Lua function. Called before the execution -+** of each opcode, when debug is on. 'L->oldpc' stores the last -+** instruction traced, to detect line changes. When entering a new -+** function, 'npci' will be zero and will test as a new line without -+** the need for 'oldpc'; so, 'oldpc' does not need to be initialized -+** before. Some exceptional conditions may return to a function without -+** updating 'oldpc'. In that case, 'oldpc' may be invalid; if so, it is -+** reset to zero. (A wrong but valid 'oldpc' at most causes an extra -+** call to a line hook.) -+*/ - int luaG_traceexec (lua_State *L, const Instruction *pc) { - CallInfo *ci = L->ci; - lu_byte mask = L->hookmask; -+ const Proto *p = ci_func(ci)->p; - int counthook; -+ /* 'L->oldpc' may be invalid; reset it in this case */ -+ int oldpc = (L->oldpc < p->sizecode) ? L->oldpc : 0; - if (!(mask & (LUA_MASKLINE | LUA_MASKCOUNT))) { /* no hooks? */ - ci->u.l.trap = 0; /* don't need to stop again */ - return 0; /* turn off 'trap' */ -@@ -819,15 +828,14 @@ int luaG_traceexec (lua_State *L, const - if (counthook) - luaD_hook(L, LUA_HOOKCOUNT, -1, 0, 0); /* call count hook */ - if (mask & LUA_MASKLINE) { -- const Proto *p = ci_func(ci)->p; - int npci = pcRel(pc, p); - if (npci == 0 || /* call linehook when enter a new function, */ -- pc <= L->oldpc || /* when jump back (loop), or when */ -- changedline(p, pcRel(L->oldpc, p), npci)) { /* enter new line */ -+ pc <= invpcRel(oldpc, p) || /* when jump back (loop), or when */ -+ changedline(p, oldpc, npci)) { /* enter new line */ - int newline = luaG_getfuncline(p, npci); - luaD_hook(L, LUA_HOOKLINE, newline, 0, 0); /* call line hook */ - } -- L->oldpc = pc; /* 'pc' of last call to line hook */ -+ L->oldpc = npci; /* 'pc' of last call to line hook */ - } - if (L->status == LUA_YIELD) { /* did hook yield? */ - if (counthook) -diff -up lua-5.4.0/src/ldebug.h.CVE-2020-15945 lua-5.4.0/src/ldebug.h ---- lua-5.4.0/src/ldebug.h.CVE-2020-15945 2020-07-31 10:04:30.727969467 -0400 -+++ lua-5.4.0/src/ldebug.h 2020-07-31 10:05:07.064383528 -0400 -@@ -13,6 +13,11 @@ - - #define pcRel(pc, p) (cast_int((pc) - (p)->code) - 1) - -+ -+/* Active Lua function (given call info) */ -+#define ci_func(ci) (clLvalue(s2v((ci)->func))) -+ -+ - #define resethookcount(L) (L->hookcount = L->basehookcount) - - /* -diff -up lua-5.4.0/src/ldo.c.CVE-2020-15945 lua-5.4.0/src/ldo.c ---- lua-5.4.0/src/ldo.c.CVE-2020-15945 2020-07-31 10:05:32.374278847 -0400 -+++ lua-5.4.0/src/ldo.c 2020-07-31 10:06:43.643168227 -0400 -@@ -328,7 +328,7 @@ static StkId rethook (lua_State *L, Call - ptrdiff_t oldtop = savestack(L, L->top); /* hook may change top */ - int delta = 0; - if (isLuacode(ci)) { -- Proto *p = clLvalue(s2v(ci->func))->p; -+ Proto *p = ci_func(ci)->p; - if (p->is_vararg) - delta = ci->u.l.nextraargs + p->numparams + 1; - if (L->top < ci->top) -@@ -341,8 +341,8 @@ static StkId rethook (lua_State *L, Call - luaD_hook(L, LUA_HOOKRET, -1, ftransfer, nres); /* call it */ - ci->func -= delta; - } -- if (isLua(ci->previous)) -- L->oldpc = ci->previous->u.l.savedpc; /* update 'oldpc' */ -+ if (isLua(ci = ci->previous)) -+ L->oldpc = pcRel(ci->u.l.savedpc, ci_func(ci)->p); /* update 'oldpc' */ - return restorestack(L, oldtop); - } - -diff -up lua-5.4.0/src/lstate.c.CVE-2020-15945 lua-5.4.0/src/lstate.c ---- lua-5.4.0/src/lstate.c.CVE-2020-15945 2020-07-31 10:06:52.754770540 -0400 -+++ lua-5.4.0/src/lstate.c 2020-07-31 10:07:22.512471730 -0400 -@@ -301,6 +301,7 @@ static void preinit_thread (lua_State *L - L->openupval = NULL; - L->status = LUA_OK; - L->errfunc = 0; -+ L->oldpc = 0; - } - - -diff -up lua-5.4.0/src/lstate.h.CVE-2020-15945 lua-5.4.0/src/lstate.h ---- lua-5.4.0/src/lstate.h.CVE-2020-15945 2020-07-31 10:07:30.784110703 -0400 -+++ lua-5.4.0/src/lstate.h 2020-07-31 10:08:15.957139065 -0400 -@@ -286,7 +286,6 @@ struct lua_State { - StkId top; /* first free slot in the stack */ - global_State *l_G; - CallInfo *ci; /* call info for current function */ -- const Instruction *oldpc; /* last pc traced */ - StkId stack_last; /* last free slot in the stack */ - StkId stack; /* stack base */ - UpVal *openupval; /* list of open upvalues in this stack */ -@@ -297,6 +296,7 @@ struct lua_State { - volatile lua_Hook hook; - ptrdiff_t errfunc; /* current error handling function (stack index) */ - l_uint32 nCcalls; /* number of allowed nested C calls - 'nci' */ -+ int oldpc; /* last pc traced */ - int stacksize; - int basehookcount; - int hookcount; -diff -up lua-5.4.0/src/lvm.c.CVE-2020-15945 lua-5.4.0/src/lvm.c ---- lua-5.4.0/src/lvm.c.CVE-2020-15945 2020-07-31 10:08:32.014438227 -0400 -+++ lua-5.4.0/src/lvm.c 2020-07-31 10:08:57.189339437 -0400 -@@ -1796,7 +1796,7 @@ void luaV_execute (lua_State *L, CallInf - updatetrap(ci); - if (trap) { - luaD_hookcall(L, ci); -- L->oldpc = pc + 1; /* next opcode will be seen as a "new" line */ -+ L->oldpc = 1; /* next opcode will be seen as a "new" line */ - } - updatebase(ci); /* function has new base after adjustment */ - vmbreak; diff --git a/lua-5.4.0-CVE-2020-24342.patch b/lua-5.4.0-CVE-2020-24342.patch deleted file mode 100644 index c8267ec..0000000 --- a/lua-5.4.0-CVE-2020-24342.patch +++ /dev/null @@ -1,22 +0,0 @@ -diff -up lua-5.4.0/src/ldo.c.CVE-2020-24342 lua-5.4.0/src/ldo.c ---- lua-5.4.0/src/ldo.c.CVE-2020-24342 2020-09-02 14:56:36.939443912 -0400 -+++ lua-5.4.0/src/ldo.c 2020-09-02 14:57:47.765341519 -0400 -@@ -515,14 +515,13 @@ void luaD_call (lua_State *L, StkId func - - /* - ** Similar to 'luaD_call', but does not allow yields during the call. --** If there is a stack overflow, freeing all CI structures will --** force the subsequent call to invoke 'luaE_extendCI', which then --** will raise any errors. - */ - void luaD_callnoyield (lua_State *L, StkId func, int nResults) { - incXCcalls(L); -- if (getCcalls(L) <= CSTACKERR) /* possible stack overflow? */ -- luaE_freeCI(L); -+ if (getCcalls(L) <= CSTACKERR) { /* possible C stack overflow? */ -+ luaE_exitCcall(L); /* to compensate decrement in next call */ -+ luaE_enterCcall(L); /* check properly */ -+ } - luaD_call(L, func, nResults); - decXCcalls(L); - } diff --git a/lua-5.4.0-CVE-2020-24369.patch b/lua-5.4.0-CVE-2020-24369.patch deleted file mode 100644 index bdf216d..0000000 --- a/lua-5.4.0-CVE-2020-24369.patch +++ /dev/null @@ -1,18 +0,0 @@ -diff -up lua-5.4.0/src/ldebug.c.CVE-2020-24369 lua-5.4.0/src/ldebug.c ---- lua-5.4.0/src/ldebug.c.CVE-2020-24369 2020-08-19 12:43:01.995387723 -0400 -+++ lua-5.4.0/src/ldebug.c 2020-08-19 12:43:42.191333666 -0400 -@@ -783,11 +783,13 @@ l_noret luaG_runerror (lua_State *L, con - ** previous instruction 'oldpc'. - */ - static int changedline (const Proto *p, int oldpc, int newpc) { -+ if (p->lineinfo == NULL) /* no debug information? */ -+ return 0; - while (oldpc++ < newpc) { - if (p->lineinfo[oldpc] != 0) - return (luaG_getfuncline(p, oldpc - 1) != luaG_getfuncline(p, newpc)); - } -- return 0; /* no line changes in the way */ -+ return 0; /* no line changes between positions */ - } - - /* diff --git a/lua-5.4.0-CVE-2020-24370.patch b/lua-5.4.0-CVE-2020-24370.patch deleted file mode 100644 index b707aa0..0000000 --- a/lua-5.4.0-CVE-2020-24370.patch +++ /dev/null @@ -1,23 +0,0 @@ -diff -up lua-5.4.0/src/ldebug.c.CVE-2020-24370 lua-5.4.0/src/ldebug.c ---- lua-5.4.0/src/ldebug.c.CVE-2020-24370 2020-08-19 13:25:29.295135397 -0400 -+++ lua-5.4.0/src/ldebug.c 2020-08-19 13:25:35.012135113 -0400 -@@ -188,8 +188,8 @@ static const char *upvalname (const Prot - static const char *findvararg (CallInfo *ci, int n, StkId *pos) { - if (clLvalue(s2v(ci->func))->p->is_vararg) { - int nextra = ci->u.l.nextraargs; -- if (n <= nextra) { -- *pos = ci->func - nextra + (n - 1); -+ if (n >= -nextra) { /* 'n' is negative */ -+ *pos = ci->func - nextra - (n + 1); - return "(vararg)"; /* generic name for any vararg */ - } - } -@@ -202,7 +202,7 @@ const char *luaG_findlocal (lua_State *L - const char *name = NULL; - if (isLua(ci)) { - if (n < 0) /* access to vararg values? */ -- return findvararg(ci, -n, pos); -+ return findvararg(ci, n, pos); - else - name = luaF_getlocalname(ci_func(ci)->p, n, currentpc(ci)); - } diff --git a/lua-5.4.0-CVE-2020-24371.patch b/lua-5.4.0-CVE-2020-24371.patch deleted file mode 100644 index 3f102e0..0000000 --- a/lua-5.4.0-CVE-2020-24371.patch +++ /dev/null @@ -1,117 +0,0 @@ -diff -up lua-5.4.0/src/lgc.c.CVE-2020-24371 lua-5.4.0/src/lgc.c ---- lua-5.4.0/src/lgc.c.CVE-2020-24371 2020-08-19 13:29:50.766122493 -0400 -+++ lua-5.4.0/src/lgc.c 2020-08-19 13:34:31.886997668 -0400 -@@ -181,14 +181,17 @@ static int iscleared (global_State *g, c - - - /* --** barrier that moves collector forward, that is, mark the white object --** 'v' being pointed by the black object 'o'. (If in sweep phase, clear --** the black object to white [sweep it] to avoid other barrier calls for --** this same object.) In the generational mode, 'v' must also become --** old, if 'o' is old; however, it cannot be changed directly to OLD, --** because it may still point to non-old objects. So, it is marked as --** OLD0. In the next cycle it will become OLD1, and in the next it --** will finally become OLD (regular old). -+** Barrier that moves collector forward, that is, marks the white object -+** 'v' being pointed by the black object 'o'. In the generational -+** mode, 'v' must also become old, if 'o' is old; however, it cannot -+** be changed directly to OLD, because it may still point to non-old -+** objects. So, it is marked as OLD0. In the next cycle it will become -+** OLD1, and in the next it will finally become OLD (regular old). By -+** then, any object it points to will also be old. If called in the -+** incremental sweep phase, it clears the black object to white (sweep -+** it) to avoid other barrier calls for this same object. (That cannot -+** be done is generational mode, as its sweep does not distinguish -+** whites from deads.) - */ - void luaC_barrier_ (lua_State *L, GCObject *o, GCObject *v) { - global_State *g = G(L); -@@ -202,7 +205,8 @@ void luaC_barrier_ (lua_State *L, GCObje - } - else { /* sweep phase */ - lua_assert(issweepphase(g)); -- makewhite(g, o); /* mark main obj. as white to avoid other barriers */ -+ if (g->gckind == KGC_INC) /* incremental mode? */ -+ makewhite(g, o); /* mark 'o' as white to avoid other barriers */ - } - } - -@@ -324,10 +328,15 @@ static lu_mem markbeingfnz (global_State - - - /* --** Mark all values stored in marked open upvalues from non-marked threads. --** (Values from marked threads were already marked when traversing the --** thread.) Remove from the list threads that no longer have upvalues and --** not-marked threads. -+** For each non-marked thread, simulates a barrier between each open -+** upvalue and its value. (If the thread is collected, the value will be -+** assigned to the upvalue, but then it can be too late for the barrier -+** to act. The "barrier" does not need to check colors: A non-marked -+** thread must be young; upvalues cannot be older than their threads; so -+** any visited upvalue must be young too.) Also removes the thread from -+** the list, as it was already visited. Removes also threads with no -+** upvalues, as they have nothing to be checked. (If the thread gets an -+** upvalue later, it will be linked in the list again.) - */ - static int remarkupvals (global_State *g) { - lua_State *thread; -@@ -340,9 +349,11 @@ static int remarkupvals (global_State *g - p = &thread->twups; /* keep marked thread with upvalues in the list */ - else { /* thread is not marked or without upvalues */ - UpVal *uv; -+ lua_assert(!isold(thread) || thread->openupval == NULL); - *p = thread->twups; /* remove thread from the list */ - thread->twups = thread; /* mark that it is out of list */ - for (uv = thread->openupval; uv != NULL; uv = uv->u.open.next) { -+ lua_assert(getage(uv) <= getage(thread)); - work++; - if (!iswhite(uv)) /* upvalue already visited? */ - markvalue(g, uv->v); /* mark its value */ -@@ -997,6 +1008,9 @@ static void sweep2old (lua_State *L, GCO - ** during the sweep. So, any white object must be dead.) For - ** non-dead objects, advance their ages and clear the color of - ** new objects. (Old objects keep their colors.) -+** The ages of G_TOUCHED1 and G_TOUCHED2 objects will advance -+** in 'correctgraylist'. (That function will also remove objects -+** turned white here from any gray list.) - */ - static GCObject **sweepgen (lua_State *L, global_State *g, GCObject **p, - GCObject *limit) { -@@ -1057,16 +1071,16 @@ static GCObject **correctgraylist (GCObj - lua_assert(isgray(curr)); - gray2black(curr); /* make it black, for next barrier */ - changeage(curr, G_TOUCHED1, G_TOUCHED2); -- p = next; /* go to next element */ -+ p = next; /* keep it in the list and go to next element */ - } -- else { /* not touched in this cycle */ -+ else { /* everything else is removed */ -+ /* white objects are simply removed */ - if (!iswhite(curr)) { /* not white? */ - lua_assert(isold(curr)); - if (getage(curr) == G_TOUCHED2) /* advance from G_TOUCHED2... */ - changeage(curr, G_TOUCHED2, G_OLD); /* ... to G_OLD */ - gray2black(curr); /* make it black */ - } -- /* else, object is white: just remove it from this list */ - *p = *next; /* remove 'curr' from gray list */ - } - break; -@@ -1145,6 +1159,7 @@ static void youngcollection (lua_State * - atomic(L); - - /* sweep nursery and get a pointer to its last live element */ -+ g->gcstate = GCSswpallgc; - psurvival = sweepgen(L, g, &g->allgc, g->survival); - /* sweep 'survival' and 'old' */ - sweepgen(L, g, psurvival, g->reallyold); -@@ -1168,6 +1183,7 @@ static void youngcollection (lua_State * - - static void atomic2gen (lua_State *L, global_State *g) { - /* sweep all elements making them old */ -+ g->gcstate = GCSswpallgc; - sweep2old(L, &g->allgc); - /* everything alive now is old */ - g->reallyold = g->old = g->survival = g->allgc; diff --git a/lua-5.4.0-bug2.patch b/lua-5.4.0-bug2.patch deleted file mode 100644 index 0236d82..0000000 --- a/lua-5.4.0-bug2.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up lua-5.4.0/src/ldo.c.bug2 lua-5.4.0/src/ldo.c ---- lua-5.4.0/src/ldo.c.bug2 2020-07-31 10:40:55.409594540 -0400 -+++ lua-5.4.0/src/ldo.c 2020-07-31 10:41:19.193556341 -0400 -@@ -674,7 +674,7 @@ LUA_API int lua_resume (lua_State *L, lu - if (from == NULL) - L->nCcalls = CSTACKTHREAD; - else /* correct 'nCcalls' for this thread */ -- L->nCcalls = getCcalls(from) + from->nci - L->nci - CSTACKCF; -+ L->nCcalls = getCcalls(from) - L->nci - CSTACKCF; - if (L->nCcalls <= CSTACKERR) - return resume_error(L, "C stack overflow", nargs); - luai_userstateresume(L, nargs); diff --git a/lua-5.4.0-bug3.patch b/lua-5.4.0-bug3.patch deleted file mode 100644 index 08c5a90..0000000 --- a/lua-5.4.0-bug3.patch +++ /dev/null @@ -1,14 +0,0 @@ -diff -up lua-5.4.0/src/lundump.c.bug3 lua-5.4.0/src/lundump.c ---- lua-5.4.0/src/lundump.c.bug3 2020-07-31 10:43:45.954150092 -0400 -+++ lua-5.4.0/src/lundump.c 2020-07-31 10:44:31.560159336 -0400 -@@ -205,8 +205,9 @@ static void loadUpvalues (LoadState *S, - n = loadInt(S); - f->upvalues = luaM_newvectorchecked(S->L, n, Upvaldesc); - f->sizeupvalues = n; -- for (i = 0; i < n; i++) { -+ for (i = 0; i < n; i++) - f->upvalues[i].name = NULL; -+ for (i = 0; i < n; i++) { - f->upvalues[i].instack = loadByte(S); - f->upvalues[i].idx = loadByte(S); - f->upvalues[i].kind = loadByte(S); diff --git a/lua-5.4.0-bug4.patch b/lua-5.4.0-bug4.patch deleted file mode 100644 index 7c180da..0000000 --- a/lua-5.4.0-bug4.patch +++ /dev/null @@ -1,40 +0,0 @@ -diff -up lua-5.4.0/src/ldo.c.bug4 lua-5.4.0/src/ldo.c ---- lua-5.4.0/src/ldo.c.bug4 2020-07-31 10:46:01.013254618 -0400 -+++ lua-5.4.0/src/ldo.c 2020-07-31 10:47:23.423657317 -0400 -@@ -466,13 +466,13 @@ void luaD_call (lua_State *L, StkId func - f = fvalue(s2v(func)); - Cfunc: { - int n; /* number of returns */ -- CallInfo *ci = next_ci(L); -+ CallInfo *ci; - checkstackp(L, LUA_MINSTACK, func); /* ensure minimum stack size */ -+ L->ci = ci = next_ci(L); - ci->nresults = nresults; - ci->callstatus = CIST_C; - ci->top = L->top + LUA_MINSTACK; - ci->func = func; -- L->ci = ci; - lua_assert(ci->top <= L->stack_last); - if (L->hookmask & LUA_MASKCALL) { - int narg = cast_int(L->top - func) - 1; -@@ -486,18 +486,18 @@ void luaD_call (lua_State *L, StkId func - break; - } - case LUA_VLCL: { /* Lua function */ -- CallInfo *ci = next_ci(L); -+ CallInfo *ci; - Proto *p = clLvalue(s2v(func))->p; - int narg = cast_int(L->top - func) - 1; /* number of real arguments */ - int nfixparams = p->numparams; - int fsize = p->maxstacksize; /* frame size */ - checkstackp(L, fsize, func); -+ L->ci = ci = next_ci(L); - ci->nresults = nresults; - ci->u.l.savedpc = p->code; /* starting point */ - ci->callstatus = 0; - ci->top = func + 1 + fsize; - ci->func = func; -- L->ci = ci; - for (; narg < nfixparams; narg++) - setnilvalue(s2v(L->top++)); /* complete missing arguments */ - lua_assert(ci->top <= L->stack_last); diff --git a/lua-5.4.0-bug5.patch b/lua-5.4.0-bug5.patch deleted file mode 100644 index 2579566..0000000 --- a/lua-5.4.0-bug5.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up lua-5.4.0/src/ldo.h.bug5 lua-5.4.0/src/ldo.h ---- lua-5.4.0/src/ldo.h.bug5 2020-07-31 10:48:38.077398930 -0400 -+++ lua-5.4.0/src/ldo.h 2020-07-31 10:49:11.858926155 -0400 -@@ -44,7 +44,7 @@ - - /* macro to check stack size and GC */ - #define checkstackGC(L,fsize) \ -- luaD_checkstackaux(L, (fsize), (void)0, luaC_checkGC(L)) -+ luaD_checkstackaux(L, (fsize), luaC_checkGC(L), (void)0) - - - /* type of protected functions, to be ran by 'runprotected' */ diff --git a/lua-5.4.0-bug6.patch b/lua-5.4.0-bug6.patch deleted file mode 100644 index 953eb32..0000000 --- a/lua-5.4.0-bug6.patch +++ /dev/null @@ -1,22 +0,0 @@ -diff -up lua-5.4.0/src/lvm.c.bug6 lua-5.4.0/src/lvm.c ---- lua-5.4.0/src/lvm.c.bug6 2020-07-31 10:50:38.760137542 -0400 -+++ lua-5.4.0/src/lvm.c 2020-07-31 10:51:39.284498878 -0400 -@@ -1104,7 +1104,7 @@ void luaV_finishOp (lua_State *L) { - - - #define checkGC(L,c) \ -- { luaC_condGC(L, L->top = (c), /* limit of live values */ \ -+ { luaC_condGC(L, (savepc(L), L->top = (c)), \ - updatetrap(ci)); \ - luai_threadyield(L); } - -@@ -1792,8 +1792,7 @@ void luaV_execute (lua_State *L, CallInf - vmbreak; - } - vmcase(OP_VARARGPREP) { -- luaT_adjustvarargs(L, GETARG_A(i), ci, cl->p); -- updatetrap(ci); -+ ProtectNT(luaT_adjustvarargs(L, GETARG_A(i), ci, cl->p)); - if (trap) { - luaD_hookcall(L, ci); - L->oldpc = 1; /* next opcode will be seen as a "new" line */ diff --git a/lua-5.4.0-bug7.patch b/lua-5.4.0-bug7.patch deleted file mode 100644 index 83c2f1e..0000000 --- a/lua-5.4.0-bug7.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up lua-5.4.0/src/liolib.c.bug7 lua-5.4.0/src/liolib.c ---- lua-5.4.0/src/liolib.c.bug7 2020-07-31 10:53:20.857070633 -0400 -+++ lua-5.4.0/src/liolib.c 2020-07-31 10:53:58.694421042 -0400 -@@ -279,6 +279,8 @@ static int io_popen (lua_State *L) { - const char *filename = luaL_checkstring(L, 1); - const char *mode = luaL_optstring(L, 2, "r"); - LStream *p = newprefile(L); -+ luaL_argcheck(L, ((mode[0] == 'r' || mode[0] == 'w') && mode[1] == '\0'), -+ 2, "invalid mode"); - p->f = l_popen(L, filename, mode); - p->closef = &io_pclose; - return (p->f == NULL) ? luaL_fileresult(L, 0, filename) : 1; diff --git a/lua-5.4.0-bug8.patch b/lua-5.4.0-bug8.patch deleted file mode 100644 index dc9e9c7..0000000 --- a/lua-5.4.0-bug8.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up lua-5.4.0/src/lgc.c.bug8 lua-5.4.0/src/lgc.c ---- lua-5.4.0/src/lgc.c.bug8 2020-07-31 10:55:37.427116603 -0400 -+++ lua-5.4.0/src/lgc.c 2020-07-31 10:57:04.639314417 -0400 -@@ -856,6 +856,8 @@ static void GCTM (lua_State *L) { - if (unlikely(status != LUA_OK)) { /* error while running __gc? */ - luaE_warnerror(L, "__gc metamethod"); - L->top--; /* pops error object */ -+ if (isLua(L->ci)) -+ L->oldpc = L->ci->u.l.savedpc; /* update 'oldpc' */ - } - } - } diff --git a/lua.spec b/lua.spec index 9656e9b..450587c 100644 --- a/lua.spec +++ b/lua.spec @@ -1,7 +1,6 @@ %global major_version 5.4 # Normally, this is the same as version, but... not always. -# No tests yet for 5.3.5 -%global test_version 5.4.0 +%global test_version 5.4.1 # If you are incrementing major_version, enable bootstrapping and adjust accordingly. # Version should be the latest prior build. If you don't do this, RPM will break and # everything will grind to a halt. @@ -14,8 +13,8 @@ Name: lua -Version: %{major_version}.0 -Release: 8%{?dist} +Version: %{major_version}.1 +Release: 1%{?dist} Summary: Powerful light-weight programming language License: MIT URL: http://www.lua.org/ @@ -37,25 +36,8 @@ Patch4: %{name}-5.3.0-configure-compat-module.patch Patch5: %{name}-5.3.0-autotoolize.patch Patch6: %{name}-5.3.5-luac-shared-link-fix.patch %endif -Patch7: %{name}-5.4.0-CVE-2020-15889.patch -Patch8: %{name}-5.4.0-CVE-2020-15945.patch # https://www.lua.org/bugs.html -# Bug 1 is CVE-2020-15889 -Patch9: %{name}-5.4.0-bug2.patch -Patch10: %{name}-5.4.0-bug3.patch -Patch11: %{name}-5.4.0-bug4.patch -Patch12: %{name}-5.4.0-bug5.patch -Patch13: %{name}-5.4.0-bug6.patch -Patch14: %{name}-5.4.0-bug7.patch -Patch15: %{name}-5.4.0-bug8.patch -# This is bug 12. -Patch16: %{name}-5.4.0-CVE-2020-24369.patch -# This is bug 11 -Patch17: %{name}-5.4.0-CVE-2020-24370.patch Patch18: %{name}-5.3.5-CVE-2020-24370.patch -# This is bug 9 -Patch19: %{name}-5.4.0-CVE-2020-24371.patch -Patch20: %{name}-5.4.0-CVE-2020-24342.patch BuildRequires: automake autoconf libtool readline-devel ncurses-devel Requires: lua-libs = %{version}-%{release} @@ -109,19 +91,6 @@ mv src/luaconf.h src/luaconf.h.template.in #%% patch2 -p1 -z .luac-shared %patch3 -p1 -z .configure-linux %patch4 -p1 -z .configure-compat-all -%patch7 -p1 -b .CVE-2020-15889 -%patch8 -p1 -b .CVE-2020-15945 -%patch9 -p1 -b .bug2 -%patch10 -p1 -b .bug3 -%patch11 -p1 -b .bug4 -%patch12 -p1 -b .bug5 -%patch13 -p1 -b .bug6 -%patch14 -p1 -b .bug7 -%patch15 -p1 -b .bug8 -%patch16 -p1 -b .CVE-2020-24369 -%patch17 -p1 -b .CVE-2020-24370 -%patch19 -p1 -b .CVE-2020-24371 -%patch20 -p1 -b .CVE-2020-24342 # Put proper version in configure.ac, patch0 hardcodes 5.3.0 sed -i 's|5.3.0|%{version}|g' configure.ac autoreconf -ifv @@ -239,6 +208,9 @@ popd %{_libdir}/*.a %changelog +* Mon Oct 12 2020 Tom Callaway - 5.4.1-1 +- update to 5.4.1 + * Wed Sep 2 2020 Tom Callaway - 5.4.0-8 - apply upstream fix for CVE-2020-24342 diff --git a/sources b/sources index 9a8713a..c1a7663 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ SHA512 (lua-5.3.5.tar.gz) = 4f9516acc4659dfd0a9e911bfa00c0788f0ad9348e5724fe8fb17aac59e9c0060a64378f82be86f8534e49c6c013e7488ad17321bafcc787831d3d67406bd0f4 -SHA512 (lua-5.4.0.tar.gz) = 22aa0f9fcf953fc49c97bf50a4cee708b458e8a95447f881037b2c6ddd60e40368a807f2575671c6cd7497cedc2cf5716a8959c196445bf9a359fe7ebcd65465 -SHA512 (lua-5.4.0-tests.tar.gz) = a4529138b581057890b06bf27804648fe720ebceee071b506ffcf0daa6f14bed6ce297adca7e5b2c37321e97e93019706ff1cd68ef1347ae4b367e0ee2b70c96 +SHA512 (lua-5.4.1-tests.tar.gz) = ac7cf113d96f8fe2af4f104297a70debd3bede5997627fc18db6b5d9c78ff49e05a165f5855894def5656c6dcc2d7d9ccce741c90da17698a5c714a33828f49a +SHA512 (lua-5.4.1.tar.gz) = 49ffbe814ec41e515fc8502b6958151c6c56aa171412f0b211ad9de934be2c958c3709d49435885ddea0fa6765ed511dafb3537558950ff3b4261338214f1571