Accepting request 827618 from home:gmbr3:Lua

- Add patch for CVE-2020-15945, boo#1174540 (un-numbered) OBS-URL: https://build.opensuse.org/request/show/827618 OBS-URL: https://build.opensuse.org/package/show/devel:languages:lua/lua54?expand=0&rev=11
2020-08-18 14:51:13 +00:00 · 2020-08-18 14:51:13 +00:00 · 3abc4d9f9d
commit 3abc4d9f9d
parent 8c8dfec466
2 changed files with 177 additions and 22 deletions
--- a/lua54.changes
+++ b/lua54.changes
@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Tue Aug 18 14:49:56 UTC 2020 - Callum Farmer <callumjfarmer13@gmail.com>
+
+- Add patch for CVE-2020-15945, boo#1174540 (un-numbered)
+
 -------------------------------------------------------------------
 Mon Aug 17 10:00:04 UTC 2020 - Callum Farmer <callumjfarmer13@gmail.com>

@ -11,7 +16,6 @@ Mon Aug 17 10:00:04 UTC 2020 - Callum Farmer <callumjfarmer13@gmail.com>
 Mon Jul 20 11:00:56 UTC 2020 - Callum Farmer <callumjfarmer13@gmail.com>

 - Add upstream patches 7 & 8
-  * Patch 8: CVE-2020-15945, boo#1174540

 -------------------------------------------------------------------
 Sat Jul 18 09:51:00 UTC 2020 - Callum Farmer <callumjfarmer13@gmail.com>
--- a/upstream-bugs.patch
+++ b/upstream-bugs.patch
@ -58,6 +58,26 @@
   g->reallyold = g->old = g->survival = g->allgc;
 --- a/src/ldo.c
 +++ b/src/ldo.c
+@@ -327,7 +327,7 @@ static StkId rethook (lua_State *L, CallInfo *ci, StkId firstres, int nres) {
+   ptrdiff_t oldtop = savestack(L, L->top);  /* hook may change top */
+   int delta = 0;
+   if (isLuacode(ci)) {
+-    Proto *p = clLvalue(s2v(ci->func))->p;
+    Proto *p = ci_func(ci)->p;
+     if (p->is_vararg)
+       delta = ci->u.l.nextraargs + p->numparams + 1;
+     if (L->top < ci->top)
+@@ -340,8 +340,8 @@ static StkId rethook (lua_State *L, CallInfo *ci, StkId firstres, int nres) {
+     luaD_hook(L, LUA_HOOKRET, -1, ftransfer, nres);  /* call it */
+     ci->func -= delta;
+   }
+-  if (isLua(ci->previous))
+-    L->oldpc = ci->previous->u.l.savedpc;  /* update 'oldpc' */
+  if (isLua(ci = ci->previous))
+    L->oldpc = pcRel(ci->u.l.savedpc, ci_func(ci)->p);  /* update 'oldpc' */
+   return restorestack(L, oldtop);
+ }
+ 
@@ -466,13 +466,13 @@ void luaD_call (lua_State *L, StkId func, int nresults) {
       f = fvalue(s2v(func));
      Cfunc: {
@ -136,27 +156,6 @@
     f->upvalues[i].instack = loadByte(S);
     f->upvalues[i].idx = loadByte(S);
     f->upvalues[i].kind = loadByte(S);
--- a/src/lvm.c
-+++ b/src/lvm.c
-@@ -1104,7 +1104,7 @@ void luaV_finishOp (lua_State *L) {
- 
- 
- #define checkGC(L,c)  \
-	{ luaC_condGC(L, L->top = (c),  /* limit of live values */ \
-+	{ luaC_condGC(L, (savepc(L), L->top = (c)), \
-                          updatetrap(ci)); \
-            luai_threadyield(L); }
- 
-@@ -1792,8 +1792,7 @@ void luaV_execute (lua_State *L, CallInfo *ci) {
-         vmbreak;
-       }
-       vmcase(OP_VARARGPREP) {
-        luaT_adjustvarargs(L, GETARG_A(i), ci, cl->p);
-        updatetrap(ci);
-+        ProtectNT(luaT_adjustvarargs(L, GETARG_A(i), ci, cl->p));
-         if (trap) {
-           luaD_hookcall(L, ci);
-           L->oldpc = pc + 1;  /* next opcode will be seen as a "new" line */
 --- a/src/liolib.c
 +++ b/src/liolib.c
@@ -279,6 +279,8 @@ static int io_popen (lua_State *L) {
@ -171,6 +170,46 @@

 --- a/src/ldebug.c
 +++ b/src/ldebug.c
+@@ -33,10 +33,8 @@
+ 
+ #define noLuaClosure(f)		((f) == NULL || (f)->c.tt == LUA_VCCL)
+ 
+-
+-/* Active Lua function (given call info) */
+-#define ci_func(ci)		(clLvalue(s2v((ci)->func)))
+-
+/* inverse of 'pcRel' */
+#define invpcRel(pc, p)		((p)->code + (pc) + 1)
+ 
+ static const char *funcnamefromcode (lua_State *L, CallInfo *ci,
+                                     const char **name);
+@@ -127,20 +125,18 @@ static void settraps (CallInfo *ci) {
+ /*
+ ** This function can be called during a signal, under "reasonable"
+ ** assumptions.
+-** Fields 'oldpc', 'basehookcount', and 'hookcount' (set by
+-** 'resethookcount') are for debug only, and it is no problem if they
+-** get arbitrary values (causes at most one wrong hook call). 'hookmask'
+-** is an atomic value. We assume that pointers are atomic too (e.g., gcc
+-** ensures that for all platforms where it runs). Moreover, 'hook' is
+-** always checked before being called (see 'luaD_hook').
+** Fields 'basehookcount' and 'hookcount' (set by 'resethookcount')
+** are for debug only, and it is no problem if they get arbitrary
+** values (causes at most one wrong hook call). 'hookmask' is an atomic
+** value. We assume that pointers are atomic too (e.g., gcc ensures that
+** for all platforms where it runs). Moreover, 'hook' is always checked
+** before being called (see 'luaD_hook').
+ */
+ LUA_API void lua_sethook (lua_State *L, lua_Hook func, int mask, int count) {
+   if (func == NULL || mask == 0) {  /* turn off hooks? */
+     mask = 0;
+     func = NULL;
+   }
+-  if (isLua(L->ci))
+-    L->oldpc = L->ci->u.l.savedpc;
+   L->hook = func;
+   L->basehookcount = count;
+   resethookcount(L);
@@ -188,8 +188,8 @@ static const char *upvalname (const Proto *p, int uv) {
 static const char *findvararg (CallInfo *ci, int n, StkId *pos) {
   if (clLvalue(s2v(ci->func))->p->is_vararg) {
@ -206,6 +245,92 @@
 }
 
 
+@@ -795,10 +791,24 @@ static int changedline (const Proto *p, int oldpc, int newpc) {
+ }
+ 
+ 
+/*
+** Traces the execution of a Lua function. Called before the execution
+** of each opcode, when debug is on. 'L->oldpc' stores the last
+** instruction traced, to detect line changes. When entering a new
+** function, 'npci' will be zero and will test as a new line without
+** the need for 'oldpc'; so, 'oldpc' does not need to be initialized
+** before. Some exceptional conditions may return to a function without
+** updating 'oldpc'. In that case, 'oldpc' may be invalid; if so, it is
+** reset to zero.  (A wrong but valid 'oldpc' at most causes an extra
+** call to a line hook.)
+*/
+ int luaG_traceexec (lua_State *L, const Instruction *pc) {
+   CallInfo *ci = L->ci;
+   lu_byte mask = L->hookmask;
+  const Proto *p = ci_func(ci)->p;
+   int counthook;
+  /* 'L->oldpc' may be invalid; reset it in this case */
+  int oldpc = (L->oldpc < p->sizecode) ? L->oldpc : 0;
+   if (!(mask & (LUA_MASKLINE | LUA_MASKCOUNT))) {  /* no hooks? */
+     ci->u.l.trap = 0;  /* don't need to stop again */
+     return 0;  /* turn off 'trap' */
+@@ -819,15 +829,14 @@ int luaG_traceexec (lua_State *L, const Instruction *pc) {
+   if (counthook)
+     luaD_hook(L, LUA_HOOKCOUNT, -1, 0, 0);  /* call count hook */
+   if (mask & LUA_MASKLINE) {
+-    const Proto *p = ci_func(ci)->p;
+     int npci = pcRel(pc, p);
+     if (npci == 0 ||  /* call linehook when enter a new function, */
+-        pc <= L->oldpc ||  /* when jump back (loop), or when */
+-        changedline(p, pcRel(L->oldpc, p), npci)) {  /* enter new line */
+        pc <= invpcRel(oldpc, p) ||  /* when jump back (loop), or when */
+        changedline(p, oldpc, npci)) {  /* enter new line */
+       int newline = luaG_getfuncline(p, npci);
+       luaD_hook(L, LUA_HOOKLINE, newline, 0, 0);  /* call line hook */
+     }
+-    L->oldpc = pc;  /* 'pc' of last call to line hook */
+    L->oldpc = npci;  /* 'pc' of last call to line hook */
+   }
+   if (L->status == LUA_YIELD) {  /* did hook yield? */
+     if (counthook)
+--- a/src/ldebug.h
+++ b/src/ldebug.h
+@@ -13,6 +13,11 @@
+ 
+ #define pcRel(pc, p)	(cast_int((pc) - (p)->code) - 1)
+ 
+
+/* Active Lua function (given call info) */
+#define ci_func(ci)		(clLvalue(s2v((ci)->func)))
+
+
+ #define resethookcount(L)	(L->hookcount = L->basehookcount)
+ 
+ /*
+--- a/src/lstate.c
+++ b/src/lstate.c
+@@ -301,6 +301,7 @@ static void preinit_thread (lua_State *L, global_State *g) {
+   L->openupval = NULL;
+   L->status = LUA_OK;
+   L->errfunc = 0;
+  L->oldpc = 0;
+ }
+ 
+ 
+--- a/src/lstate.h
+++ b/src/lstate.h
+@@ -286,7 +286,6 @@ struct lua_State {
+   StkId top;  /* first free slot in the stack */
+   global_State *l_G;
+   CallInfo *ci;  /* call info for current function */
+-  const Instruction *oldpc;  /* last pc traced */
+   StkId stack_last;  /* last free slot in the stack */
+   StkId stack;  /* stack base */
+   UpVal *openupval;  /* list of open upvalues in this stack */
+@@ -297,6 +296,7 @@ struct lua_State {
+   volatile lua_Hook hook;
+   ptrdiff_t errfunc;  /* current error handling function (stack index) */
+   l_uint32 nCcalls;  /* number of allowed nested C calls - 'nci' */
+  int oldpc;  /* last pc traced */
+   int stacksize;
+   int basehookcount;
+   int hookcount;
 --- a/src/ldo.h
 +++ b/src/ldo.h
@@ -44,7 +44,7 @@
@ -217,3 +342,29 @@
 
 
 /* type of protected functions, to be ran by 'runprotected' */
+
+--- a/src/lvm.c
+++ b/src/lvm.c
+@@ -1104,7 +1104,7 @@ void luaV_finishOp (lua_State *L) {
+ 
+ 
+ #define checkGC(L,c)  \
+-	{ luaC_condGC(L, L->top = (c),  /* limit of live values */ \
+	{ luaC_condGC(L, (savepc(L), L->top = (c)), \
+                          updatetrap(ci)); \
+            luai_threadyield(L); }
+ 
+@@ -1792,11 +1792,10 @@
+         vmbreak;
+       }
+       vmcase(OP_VARARGPREP) {
+-        luaT_adjustvarargs(L, GETARG_A(i), ci, cl->p);
+-        updatetrap(ci);
+        ProtectNT(luaT_adjustvarargs(L, GETARG_A(i), ci, cl->p));
+         if (trap) {
+           luaD_hookcall(L, ci);
+-          L->oldpc = pc + 1;  /* next opcode will be seen as a "new" line */
+          L->oldpc = 1;  /* next opcode will be seen as a "new" line */
+         }
+         updatebase(ci);  /* function has new base after adjustment */
+         vmbreak;