From 435d079e124a4bca6c7c5ce27cbf1a6b50e6eb3c76ebe744920573cf26341fd3 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Fri, 21 Aug 2020 13:51:34 +0000 Subject: [PATCH] Accepting request 827933 from home:gmbr3:Active - Added upstream-bugs.patch: upstream bug patches * Patches 2,3,4 - Added upstream-bugs-backport-lua54.patch: bugs discovered in lua54 * Patch 10: CVE-2020-24371, boo#1175449 * Patch 11: CVE-2020-24370, boo#1175448 * Patch 13 - Add RISC-V to list of 64-bit architectures OBS-URL: https://build.opensuse.org/request/show/827933 OBS-URL: https://build.opensuse.org/package/show/devel:languages:lua/lua53?expand=0&rev=34 --- lua53.changes | 11 ++ lua53.spec | 6 +- upstream-bugs-backport-lua54.patch | 82 ++++++++++ upstream-bugs.patch | 253 +++++++++++++++++++++++++++++ 4 files changed, 351 insertions(+), 1 deletion(-) create mode 100644 upstream-bugs-backport-lua54.patch create mode 100644 upstream-bugs.patch diff --git a/lua53.changes b/lua53.changes index 7657283..30c6560 100644 --- a/lua53.changes +++ b/lua53.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Wed Aug 19 14:03:08 UTC 2020 - Callum Farmer + +- Added upstream-bugs.patch: upstream bug patches + * Patches 2,3,4 +- Added upstream-bugs-backport-lua54.patch: bugs discovered in lua54 + * Patch 10: CVE-2020-24371, boo#1175449 + * Patch 11: CVE-2020-24370, boo#1175448 + * Patch 13 +- Add RISC-V to list of 64-bit architectures + ------------------------------------------------------------------- Fri Aug 2 08:13:02 UTC 2019 - Martin Liška diff --git a/lua53.spec b/lua53.spec index 6e2e6a8..30c67cb 100644 --- a/lua53.spec +++ b/lua53.spec @@ -29,6 +29,10 @@ Source: http://www.lua.org/ftp/lua-%{version}.tar.gz Source99: baselibs.conf # PATCH-FIX-SUSE tweak the buildsystem to produce what is needed for SUSE Patch0: lua-build-system.patch +# PATCH-FIX-UPSTREAM https://www.lua.org/bugs.html#5.3.5 +Patch1: upstream-bugs.patch +# PATCH-FIX-UPSTREAM https://www.lua.org/bugs.html#5.4.0 +Patch2: upstream-bugs-backport-lua54.patch BuildRequires: libtool BuildRequires: lua-macros BuildRequires: pkgconfig @@ -75,7 +79,7 @@ application. Summary: The Lua integration library # Compat as libtool changes the soname Group: System/Libraries -%ifarch aarch64 x86_64 ppc64 ppc64le s390x +%ifarch aarch64 x86_64 ppc64 ppc64le s390x riscv64 Provides: liblua.so.5.3()(64bit) %else Provides: liblua.so.5.3 diff --git a/upstream-bugs-backport-lua54.patch b/upstream-bugs-backport-lua54.patch new file mode 100644 index 0000000..695dfe9 --- /dev/null +++ b/upstream-bugs-backport-lua54.patch @@ -0,0 +1,82 @@ +--- a/src/ldebug.c ++++ b/src/ldebug.c +@@ -133,10 +133,11 @@ static const char *upvalname (Proto *p, int uv) { + + static const char *findvararg (CallInfo *ci, int n, StkId *pos) { + int nparams = clLvalue(ci->func)->p->numparams; +- if (n >= cast_int(ci->u.l.base - ci->func) - nparams) ++ int nvararg = cast_int(ci->u.l.base - ci->func) - nparams; ++ if (n <= -nvararg) + return NULL; /* no such vararg */ + else { +- *pos = ci->func + nparams + n; ++ *pos = ci->func + nparams - n; + return "(*vararg)"; /* generic name for any vararg */ + } + } +@@ -148,7 +149,7 @@ static const char *findlocal (lua_State *L, CallInfo *ci, int n, + StkId base; + if (isLua(ci)) { + if (n < 0) /* access to vararg values? */ +- return findvararg(ci, -n, pos); ++ return findvararg(ci, n, pos); + else { + base = ci->u.l.base; + name = luaF_getlocalname(ci_func(ci)->p, n, currentpc(ci)); +--- a/src/liolib.c ++++ b/src/liolib.c +@@ -277,6 +277,8 @@ static int io_popen (lua_State *L) { + const char *filename = luaL_checkstring(L, 1); + const char *mode = luaL_optstring(L, 2, "r"); + LStream *p = newprefile(L); ++ luaL_argcheck(L, ((mode[0] == 'r' || mode[0] == 'w') && mode[1] == '\0'), ++ 2, "invalid mode"); + p->f = l_popen(L, filename, mode); + p->closef = &io_pclose; + return (p->f == NULL) ? luaL_fileresult(L, 0, filename) : 1; +--- a/src/lauxlib.c ++++ b/src/lauxlib.c +@@ -1013,10 +1013,10 @@ static void *l_alloc (void *ud, void *ptr, size_t osize, size_t nsize) { + } + else { /* cannot fail when shrinking a block */ + void *newptr = realloc(ptr, nsize); +- if (newptr == NULL && ptr != NULL && nsize <= osize) +- return ptr; /* keep the original block */ +- else /* no fail or not shrinking */ +- return newptr; /* use the new block */ ++ if (newptr == NULL && ptr != NULL && nsize <= osize) ++ return ptr; /* keep the original block */ ++ else /* no fail or not shrinking */ ++ return newptr; /* use the new block */ + } + } + +--- a/src/lundump.c ++++ b/src/lundump.c +@@ -86,6 +86,7 @@ static lua_Integer LoadInteger (LoadState *S) { + + + static TString *LoadString (LoadState *S, Proto *p) { ++ lua_State *L = S->L; + size_t size = LoadByte(S); + TString *ts; + if (size == 0xFF) +@@ -95,13 +96,16 @@ static TString *LoadString (LoadState *S, Proto *p) { + else if (--size <= LUAI_MAXSHORTLEN) { /* short string? */ + char buff[LUAI_MAXSHORTLEN]; + LoadVector(S, buff, size); +- ts = luaS_newlstr(S->L, buff, size); ++ ts = luaS_newlstr(L, buff, size); + } + else { /* long string */ +- ts = luaS_createlngstrobj(S->L, size); ++ ts = luaS_createlngstrobj(L, size); ++ setsvalue2s(L, L->top, ts); /* anchor it ('loadVector' can GC) */ ++ luaD_inctop(L); + LoadVector(S, getstr(ts), size); /* load directly in final place */ ++ L->top--; /* pop string */ + } +- luaC_objbarrier(S->L, p, ts); ++ luaC_objbarrier(L, p, ts); + return ts; + } diff --git a/upstream-bugs.patch b/upstream-bugs.patch new file mode 100644 index 0000000..86a2110 --- /dev/null +++ b/upstream-bugs.patch @@ -0,0 +1,253 @@ +--- a/src/lauxlib.c ++++ b/src/lauxlib.c +@@ -1011,8 +1011,13 @@ static void *l_alloc (void *ud, void *ptr, size_t osize, size_t nsize) { + free(ptr); + return NULL; + } +- else +- return realloc(ptr, nsize); ++ else { /* cannot fail when shrinking a block */ ++ void *newptr = realloc(ptr, nsize); ++ if (newptr == NULL && ptr != NULL && nsize <= osize) ++ return ptr; /* keep the original block */ ++ else /* no fail or not shrinking */ ++ return newptr; /* use the new block */ ++ } + } + + +--- a/src/llex.c ++++ b/src/llex.c +@@ -244,12 +244,12 @@ static int read_numeral (LexState *ls, SemInfo *seminfo) { + + + /* +-** skip a sequence '[=*[' or ']=*]'; if sequence is well formed, return +-** its number of '='s; otherwise, return a negative number (-1 iff there +-** are no '='s after initial bracket) ++** reads a sequence '[=*[' or ']=*]', leaving the last bracket. ++** If sequence is well formed, return its number of '='s + 2; otherwise, ++** return 1 if there is no '='s or 0 otherwise (an unfinished '[==...'). + */ +-static int skip_sep (LexState *ls) { +- int count = 0; ++static size_t skip_sep (LexState *ls) { ++ size_t count = 0; + int s = ls->current; + lua_assert(s == '[' || s == ']'); + save_and_next(ls); +@@ -257,11 +257,14 @@ static int skip_sep (LexState *ls) { + save_and_next(ls); + count++; + } +- return (ls->current == s) ? count : (-count) - 1; ++ return (ls->current == s) ? count + 2 ++ : (count == 0) ? 1 ++ : 0; ++ + } + + +-static void read_long_string (LexState *ls, SemInfo *seminfo, int sep) { ++static void read_long_string (LexState *ls, SemInfo *seminfo, size_t sep) { + int line = ls->linenumber; /* initial line (for error message) */ + save_and_next(ls); /* skip 2nd '[' */ + if (currIsNewline(ls)) /* string starts with a newline? */ +@@ -295,8 +298,8 @@ static void read_long_string (LexState *ls, SemInfo *seminfo, int sep) { + } + } endloop: + if (seminfo) +- seminfo->ts = luaX_newstring(ls, luaZ_buffer(ls->buff) + (2 + sep), +- luaZ_bufflen(ls->buff) - 2*(2 + sep)); ++ seminfo->ts = luaX_newstring(ls, luaZ_buffer(ls->buff) + sep, ++ luaZ_bufflen(ls->buff) - 2 * sep); + } + + +@@ -444,9 +447,9 @@ static int llex (LexState *ls, SemInfo *seminfo) { + /* else is a comment */ + next(ls); + if (ls->current == '[') { /* long comment? */ +- int sep = skip_sep(ls); ++ size_t sep = skip_sep(ls); + luaZ_resetbuffer(ls->buff); /* 'skip_sep' may dirty the buffer */ +- if (sep >= 0) { ++ if (sep >= 2) { + read_long_string(ls, NULL, sep); /* skip long comment */ + luaZ_resetbuffer(ls->buff); /* previous call may dirty the buff. */ + break; +@@ -458,12 +461,12 @@ static int llex (LexState *ls, SemInfo *seminfo) { + break; + } + case '[': { /* long string or simply '[' */ +- int sep = skip_sep(ls); +- if (sep >= 0) { ++ size_t sep = skip_sep(ls); ++ if (sep >= 2) { + read_long_string(ls, seminfo, sep); + return TK_STRING; + } +- else if (sep != -1) /* '[=...' missing second bracket */ ++ else if (sep == 0) /* '[=...' missing second bracket */ + lexerror(ls, "invalid long string delimiter", TK_STRING); + return '['; + } + +--- a/src/lparser.c ++++ b/src/lparser.c +@@ -544,6 +544,7 @@ static void open_func (LexState *ls, FuncState *fs, BlockCnt *bl) { + fs->bl = NULL; + f = fs->f; + f->source = ls->source; ++ luaC_objbarrier(ls->L, f, f->source); + f->maxstacksize = 2; /* registers 0/1 are always valid */ + enterblock(fs, bl, 0); + } +@@ -1616,6 +1617,7 @@ static void mainfunc (LexState *ls, FuncState *fs) { + fs->f->is_vararg = 1; /* main function is always declared vararg */ + init_exp(&v, VLOCAL, 0); /* create and... */ + newupvalue(fs, ls->envn, &v); /* ...set environment upvalue */ ++ luaC_objbarrier(ls->L, fs->f, ls->envn); + luaX_next(ls); /* read first token */ + statlist(ls); /* parse main body */ + check(ls, TK_EOS); +@@ -1634,6 +1636,7 @@ LClosure *luaY_parser (lua_State *L, ZIO *z, Mbuffer *buff, + sethvalue(L, L->top, lexstate.h); /* anchor it */ + luaD_inctop(L); + funcstate.f = cl->p = luaF_newproto(L); ++ luaC_objbarrier(L, cl, cl->p); + funcstate.f->source = luaS_new(L, name); /* create and anchor TString */ + lua_assert(iswhite(funcstate.f)); /* do not need barrier here */ + lexstate.buff = buff; +--- a/src/lundump.c ++++ b/src/lundump.c +@@ -85,8 +85,9 @@ static lua_Integer LoadInteger (LoadState *S) { + } + + +-static TString *LoadString (LoadState *S) { ++static TString *LoadString (LoadState *S, Proto *p) { + size_t size = LoadByte(S); ++ TString *ts; + if (size == 0xFF) + LoadVar(S, size); + if (size == 0) +@@ -94,13 +95,14 @@ static TString *LoadString (LoadState *S) { + else if (--size <= LUAI_MAXSHORTLEN) { /* short string? */ + char buff[LUAI_MAXSHORTLEN]; + LoadVector(S, buff, size); +- return luaS_newlstr(S->L, buff, size); ++ ts = luaS_newlstr(S->L, buff, size); + } + else { /* long string */ +- TString *ts = luaS_createlngstrobj(S->L, size); ++ ts = luaS_createlngstrobj(S->L, size); + LoadVector(S, getstr(ts), size); /* load directly in final place */ +- return ts; + } ++ luaC_objbarrier(S->L, p, ts); ++ return ts; + } + + +@@ -140,7 +142,7 @@ static void LoadConstants (LoadState *S, Proto *f) { + break; + case LUA_TSHRSTR: + case LUA_TLNGSTR: +- setsvalue2n(S->L, o, LoadString(S)); ++ setsvalue2n(S->L, o, LoadString(S, f)); + break; + default: + lua_assert(0); +@@ -158,6 +160,7 @@ static void LoadProtos (LoadState *S, Proto *f) { + f->p[i] = NULL; + for (i = 0; i < n; i++) { + f->p[i] = luaF_newproto(S->L); ++ luaC_objbarrier(S->L, f, f->p[i]); + LoadFunction(S, f->p[i], f->source); + } + } +@@ -189,18 +192,18 @@ static void LoadDebug (LoadState *S, Proto *f) { + for (i = 0; i < n; i++) + f->locvars[i].varname = NULL; + for (i = 0; i < n; i++) { +- f->locvars[i].varname = LoadString(S); ++ f->locvars[i].varname = LoadString(S, f); + f->locvars[i].startpc = LoadInt(S); + f->locvars[i].endpc = LoadInt(S); + } + n = LoadInt(S); + for (i = 0; i < n; i++) +- f->upvalues[i].name = LoadString(S); ++ f->upvalues[i].name = LoadString(S, f); + } + + + static void LoadFunction (LoadState *S, Proto *f, TString *psource) { +- f->source = LoadString(S); ++ f->source = LoadString(S, f); + if (f->source == NULL) /* no source in dump? */ + f->source = psource; /* reuse parent's source */ + f->linedefined = LoadInt(S); +@@ -271,6 +274,7 @@ LClosure *luaU_undump(lua_State *L, ZIO *Z, const char *name) { + setclLvalue(L, L->top, cl); + luaD_inctop(L); + cl->p = luaF_newproto(L); ++ luaC_objbarrier(L, cl, cl->p); + LoadFunction(&S, cl->p, NULL); + lua_assert(cl->nupvalues == cl->p->sizeupvalues); + luai_verifycode(L, buff, cl->p); +--- a/src/lapi.c ++++ b/src/lapi.c +@@ -1254,13 +1254,12 @@ LUA_API const char *lua_setupvalue (lua_State *L, int funcindex, int n) { + } + + +-static UpVal **getupvalref (lua_State *L, int fidx, int n, LClosure **pf) { ++static UpVal **getupvalref (lua_State *L, int fidx, int n) { + LClosure *f; + StkId fi = index2addr(L, fidx); + api_check(L, ttisLclosure(fi), "Lua function expected"); + f = clLvalue(fi); + api_check(L, (1 <= n && n <= f->p->sizeupvalues), "invalid upvalue index"); +- if (pf) *pf = f; + return &f->upvals[n - 1]; /* get its upvalue pointer */ + } + +@@ -1269,7 +1268,7 @@ LUA_API void *lua_upvalueid (lua_State *L, int fidx, int n) { + StkId fi = index2addr(L, fidx); + switch (ttype(fi)) { + case LUA_TLCL: { /* lua closure */ +- return *getupvalref(L, fidx, n, NULL); ++ return *getupvalref(L, fidx, n); + } + case LUA_TCCL: { /* C closure */ + CClosure *f = clCvalue(fi); +@@ -1286,9 +1285,10 @@ LUA_API void *lua_upvalueid (lua_State *L, int fidx, int n) { + + LUA_API void lua_upvaluejoin (lua_State *L, int fidx1, int n1, + int fidx2, int n2) { +- LClosure *f1; +- UpVal **up1 = getupvalref(L, fidx1, n1, &f1); +- UpVal **up2 = getupvalref(L, fidx2, n2, NULL); ++ UpVal **up1 = getupvalref(L, fidx1, n1); ++ UpVal **up2 = getupvalref(L, fidx2, n2); ++ if (*up1 == *up2) ++ return; + luaC_upvdeccount(L, *up1); + *up1 = *up2; + (*up1)->refcount++; +@@ -1289,6 +1289,8 @@ LUA_API void lua_upvaluejoin (lua_State *L, int fidx1, int n1, + LClosure *f1; + UpVal **up1 = getupvalref(L, fidx1, n1, &f1); + UpVal **up2 = getupvalref(L, fidx2, n2, NULL); ++ if (*up1 == *up2) ++ return; + luaC_upvdeccount(L, *up1); + *up1 = *up2; + (*up1)->refcount++; +--- a/Makefile ++++ b/Makefile +@@ -49 +49 @@ +-R= $V.4 ++R= $V.5