Upgrade lua to 5.4.4 to fix CVE-2021-44964 (#5478)

* Upgrade lua to 5.4.4 to fix CVE-2021-44964

* Update signature file manually

* Update toolchain build scripts for lua

* Remove patches that were already merged to lua-5.4.4

* Fix typo in changelog
This commit is contained in:
Bala 2023-05-23 11:58:06 +05:30 коммит произвёл GitHub
Родитель 33106ca0ad
Коммит b9b5742300
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
14 изменённых файлов: 39 добавлений и 165 удалений

Просмотреть файл

@ -1,50 +0,0 @@
From ffdc636df564edc0f9982e8538a56010db08e9d6 Mon Sep 17 00:00:00 2001
From: Shreenidhi Shedi <sshedi@vmware.com>
Date: Mon, 15 Nov 2021 16:54:56 +0530
Subject: [PATCH] Bug: C stack overflow with coroutines
'coroutine.resume' did not increment counter of C calls when
continuing execution after a protected error (that is,
while running 'precover').
Upstream commit:
https://github.com/lua/lua/commit/74d99057a5146755e737c479850f87fd0e3b6868
Originally Authored by: Roberto Ierusalimschy <roberto@inf.puc-rio.br>
Test related changes are omitted.
[Signed-off-by: Shreenidhi Shedi <sshedi@vmware.com>]
---
src/ldo.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/ldo.c b/src/ldo.c
index 7135079..ca558fd 100644
--- a/src/ldo.c
+++ b/src/ldo.c
@@ -728,11 +728,10 @@ static void resume (lua_State *L, void *ud) {
StkId firstArg = L->top - n; /* first argument */
CallInfo *ci = L->ci;
if (L->status == LUA_OK) /* starting a coroutine? */
- ccall(L, firstArg - 1, LUA_MULTRET, 1); /* just call its body */
+ ccall(L, firstArg - 1, LUA_MULTRET, 0); /* just call its body */
else { /* resuming from previous yield */
lua_assert(L->status == LUA_YIELD);
L->status = LUA_OK; /* mark that it is running (again) */
- luaE_incCstack(L); /* control the C stack */
if (isLua(ci)) { /* yielded inside a hook? */
L->top = firstArg; /* discard arguments */
luaV_execute(L, ci); /* just continue running Lua code */
@@ -783,6 +782,9 @@ LUA_API int lua_resume (lua_State *L, lua_State *from, int nargs,
else if (L->status != LUA_YIELD) /* ended with errors? */
return resume_error(L, "cannot resume dead coroutine", nargs);
L->nCcalls = (from) ? getCcalls(from) : 0;
+ if (getCcalls(L) >= LUAI_MAXCCALLS)
+ return resume_error(L, "C stack overflow", nargs);
+ L->nCcalls++;
luai_userstateresume(L, nargs);
api_checknelems(L, (L->status == LUA_OK) ? nargs + 1 : nargs);
status = luaD_rawrunprotected(L, resume, &nargs);
--
2.25.1

Просмотреть файл

@ -1,25 +0,0 @@
From d91a8fb06a65491e4e6f75cade82ae8c9c043487 Mon Sep 17 00:00:00 2001
From: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Tue, 7 Jun 2022 16:40:53 -0700
Subject: [PATCH] Applying patch for CVE-2021-44647 from
http://lua-users.org/lists/lua-l/2021-11/msg00206.html.
---
src/lstate.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/lstate.c b/src/lstate.c
index c5e3b43..38da773 100644
--- a/src/lstate.c
+++ b/src/lstate.c
@@ -271,6 +271,7 @@ static void close_state (lua_State *L) {
if (!completestate(g)) /* closing a partially built state? */
luaC_freeallobjects(L); /* jucst collect its objects */
else { /* closing a fully built state */
+ L->ci = &L->base_ci; /* unwind CallInfo list */
luaD_closeprotected(L, 1, LUA_OK); /* close all upvalues */
luaC_freeallobjects(L); /* collect all objects */
luai_userstateclose(L);
--
2.34.1

Просмотреть файл

@ -1,15 +0,0 @@
diff --git a/src/ldo.c b/src/ldo.c
index 7135079..d81e731 100644
--- a/src/ldo.c
+++ b/src/ldo.c
@@ -483,9 +483,9 @@ void luaD_pretailcall (lua_State *L, CallInfo *ci, StkId func, int narg1) {
int fsize = p->maxstacksize; /* frame size */
int nfixparams = p->numparams;
int i;
+ checkstackGC(L, fsize);
for (i = 0; i < narg1; i++) /* move down function and arguments */
setobjs2s(L, ci->func + i, func + i);
- checkstackGC(L, fsize);
func = ci->func; /* moved-down function */
for (; narg1 <= nfixparams; narg1++)
setnilvalue(s2v(func + narg1)); /* complete missing arguments */

Просмотреть файл

@ -1,32 +0,0 @@
diff -up lua-5.4.3/src/lvm.c.bug3 lua-5.4.3/src/lvm.c
--- lua-5.4.3/src/lvm.c.bug3 2021-04-28 13:27:54.025590350 -0400
+++ lua-5.4.3/src/lvm.c 2021-04-28 13:28:55.233614835 -0400
@@ -847,10 +847,19 @@ void luaV_finishOp (lua_State *L) {
luaV_concat(L, total); /* concat them (may yield again) */
break;
}
- case OP_CLOSE: case OP_RETURN: { /* yielded closing variables */
+ case OP_CLOSE: { /* yielded closing variables */
ci->u.l.savedpc--; /* repeat instruction to close other vars. */
break;
}
+ case OP_RETURN: { /* yielded closing variables */
+ StkId ra = base + GETARG_A(inst);
+ /* correct top to signal correct number of returns (in case the
+ return is "in top" */
+ L->top = ra + ci->u2.nres;
+ /* repeat instruction to close other vars. and complete the return */
+ ci->u.l.savedpc--;
+ break;
+ }
default: {
/* only these other opcodes can yield */
lua_assert(op == OP_TFORCALL || op == OP_CALL ||
@@ -1670,6 +1679,7 @@ void luaV_execute (lua_State *L, CallInf
n = cast_int(L->top - ra); /* get what is available */
savepc(ci);
if (TESTARG_k(i)) { /* may there be open upvalues? */
+ ci->u2.nres = n; /* save number of returns */
if (L->top < ci->top)
L->top = ci->top;
luaF_close(L, base, CLOSEKTOP, 1);

Просмотреть файл

@ -1,7 +1,7 @@
{
"Signatures": {
"lua-5.4.3.tar.gz": "f8612276169e3bfcbcfb8f226195bfc6e466fe13042f1076cbde92b7ec96bbfb",
"lua-5.4.3-tests.tar.gz": "5d29c3022897a8290f280ebe1c6853248dfa35a668e1fc02ba9c8cde4e7bf110",
"lua-5.4.4.tar.gz": "164c7849653b80ae67bec4b7473b884bf5cc8d2dca05653475ec2ed27b9ebf61",
"lua-5.4.4-tests.tar.gz": "04d28355cd67a2299dfe5708b55a0ff221ccb1a3907a3113cc103ccc05ac6aad",
"lua-5.3.5.tar.gz": "0c2eed3f960446e1a3e4b9a1ca2f3ff893b6ce41942cf54d5dd59ab4b3b058ac",
"luaconf.h": "88e9751d81e778de9546db7c57eab5aeba4dfd8051e010f53ae36fbbce115e45",
"mit.txt": "ac92bb84aa21edfecf0112e59c96c75620313d504ada0d66e8e78fe6788d3a4d"

Просмотреть файл

@ -1,6 +1,6 @@
%global major_version 5.4
# Normally, this is the same as version, but... not always.
%global test_version 5.4.3
%global test_version 5.4.4
# If you are incrementing major_version, enable bootstrapping and adjust accordingly.
# Version should be the latest prior build. If you don't do this, RPM will break and
# everything will grind to a halt.
@ -13,8 +13,8 @@
Summary: Powerful light-weight programming language
Name: lua
Version: %{major_version}.3
Release: 5%{?dist}
Version: %{major_version}.4
Release: 1%{?dist}
License: MIT
Vendor: Microsoft Corporation
Distribution: Mariner
@ -40,12 +40,8 @@ Patch6: %{name}-5.3.5-luac-shared-link-fix.patch
%endif
# https://www.lua.org/bugs.html
Patch18: %{name}-5.3.5-CVE-2020-24370.patch
Patch19: %{name}-5.4.3-bug3.patch
Patch20: CVE-2021-43519.patch
Patch21: CVE-2022-28805.patch
Patch22: CVE-2021-44647.patch
Patch23: CVE-2022-33099.patch
Patch24: CVE-2021-45985.patch
BuildRequires: autoconf
BuildRequires: automake
@ -104,12 +100,8 @@ mv src/luaconf.h src/luaconf.h.template.in
%patch4 -p1 -z .configure-compat-all
# Put proper version in configure.ac, patch0 hardcodes 5.3.0
sed -i 's|5.3.0|%{version}|g' configure.ac
%patch19 -p1 -b .bug3
%patch20 -p1
%patch21 -p1
%patch22 -p1
%patch23 -p1
%patch24 -p1
autoreconf -ifv
%if 0%{?bootstrap}
@ -224,6 +216,10 @@ popd
%{_libdir}/*.a
%changelog
* Tue May 09 2023 Bala <balakumaran.kannan@microsoft.com> - 5.4.4-1
- Upgrade to version 5.4.4 to fix CVE-2021-44964
- Removed patches that are already part of new version
* Mon Apr 14 2023 Bala <balakumaran.kannan@microsoft.com> - 5.4.3-5
- Patching CVE-2021-45985
- Add patch command to apply unapplied patches

Просмотреть файл

@ -12291,8 +12291,8 @@
"type": "other",
"other": {
"name": "lua",
"version": "5.4.3",
"downloadUrl": "https://www.lua.org/ftp/lua-5.4.3.tar.gz"
"version": "5.4.4",
"downloadUrl": "https://www.lua.org/ftp/lua-5.4.4.tar.gz"
}
}
},

Просмотреть файл

@ -206,8 +206,8 @@ libltdl-2.4.6-8.cm2.aarch64.rpm
libltdl-devel-2.4.6-8.cm2.aarch64.rpm
pcre-8.45-2.cm2.aarch64.rpm
pcre-libs-8.45-2.cm2.aarch64.rpm
lua-5.4.3-5.cm2.aarch64.rpm
lua-libs-5.4.3-5.cm2.aarch64.rpm
lua-5.4.4-1.cm2.aarch64.rpm
lua-libs-5.4.4-1.cm2.aarch64.rpm
mariner-rpm-macros-2.0-21.cm2.noarch.rpm
mariner-check-macros-2.0-21.cm2.noarch.rpm
libassuan-2.5.5-2.cm2.aarch64.rpm

Просмотреть файл

@ -206,8 +206,8 @@ libltdl-2.4.6-8.cm2.x86_64.rpm
libltdl-devel-2.4.6-8.cm2.x86_64.rpm
pcre-8.45-2.cm2.x86_64.rpm
pcre-libs-8.45-2.cm2.x86_64.rpm
lua-5.4.3-5.cm2.x86_64.rpm
lua-libs-5.4.3-5.cm2.x86_64.rpm
lua-5.4.4-1.cm2.x86_64.rpm
lua-libs-5.4.4-1.cm2.x86_64.rpm
mariner-rpm-macros-2.0-21.cm2.noarch.rpm
mariner-check-macros-2.0-21.cm2.noarch.rpm
libassuan-2.5.5-2.cm2.x86_64.rpm

Просмотреть файл

@ -214,13 +214,13 @@ libxml2-devel-2.10.3-1.cm2.aarch64.rpm
libxslt-1.1.34-7.cm2.aarch64.rpm
libxslt-debuginfo-1.1.34-7.cm2.aarch64.rpm
libxslt-devel-1.1.34-7.cm2.aarch64.rpm
lua-5.4.3-5.cm2.aarch64.rpm
lua-debuginfo-5.4.3-5.cm2.aarch64.rpm
lua-devel-5.4.3-5.cm2.aarch64.rpm
lua-libs-5.4.3-5.cm2.aarch64.rpm
lua-5.4.4-1.cm2.aarch64.rpm
lua-debuginfo-5.4.4-1.cm2.aarch64.rpm
lua-devel-5.4.4-1.cm2.aarch64.rpm
lua-libs-5.4.4-1.cm2.aarch64.rpm
lua-rpm-macros-1-6.cm2.noarch.rpm
lua-srpm-macros-1-6.cm2.noarch.rpm
lua-static-5.4.3-5.cm2.aarch64.rpm
lua-static-5.4.4-1.cm2.aarch64.rpm
lz4-1.9.3-1.cm2.aarch64.rpm
lz4-debuginfo-1.9.3-1.cm2.aarch64.rpm
lz4-devel-1.9.3-1.cm2.aarch64.rpm

Просмотреть файл

@ -214,13 +214,13 @@ libxml2-devel-2.10.3-1.cm2.x86_64.rpm
libxslt-1.1.34-7.cm2.x86_64.rpm
libxslt-debuginfo-1.1.34-7.cm2.x86_64.rpm
libxslt-devel-1.1.34-7.cm2.x86_64.rpm
lua-5.4.3-5.cm2.x86_64.rpm
lua-debuginfo-5.4.3-5.cm2.x86_64.rpm
lua-devel-5.4.3-5.cm2.x86_64.rpm
lua-libs-5.4.3-5.cm2.x86_64.rpm
lua-5.4.4-1.cm2.x86_64.rpm
lua-debuginfo-5.4.4-1.cm2.x86_64.rpm
lua-devel-5.4.4-1.cm2.x86_64.rpm
lua-libs-5.4.4-1.cm2.x86_64.rpm
lua-rpm-macros-1-6.cm2.noarch.rpm
lua-srpm-macros-1-6.cm2.noarch.rpm
lua-static-5.4.3-5.cm2.x86_64.rpm
lua-static-5.4.4-1.cm2.x86_64.rpm
lz4-1.9.3-1.cm2.x86_64.rpm
lz4-debuginfo-1.9.3-1.cm2.x86_64.rpm
lz4-devel-1.9.3-1.cm2.x86_64.rpm

Просмотреть файл

@ -25,13 +25,13 @@ https://tukaani.org/xz/xz-5.2.5.tar.xz
https://src.fedoraproject.org/repo/pkgs/zlib/zlib-1.2.12.tar.xz/sha512/12940e81e988f7661da52fa20bdc333314ae86a621fdb748804a20840b065a1d6d984430f2d41f3a057de0effc6ff9bcf42f9ee9510b88219085f59cbbd082bd/zlib-1.2.12.tar.xz
https://ftp.gnu.org/gnu/cpio/cpio-2.13.tar.bz2
https://github.com/libarchive/libarchive/releases/download/v3.6.1/libarchive-3.6.1.tar.gz
https://www.lua.org/ftp/lua-5.4.3.tar.gz
https://www.lua.org/ftp/lua-5.4.4.tar.gz
http://ftp.rpm.org/popt/releases/popt-1.x/popt-1.18.tar.gz
https://github.com/rpm-software-management/rpm/archive/rpm-4.17.0-release.tar.gz
https://git.centos.org/rpms/python-rpm-generators/raw/c8s/f/SOURCES/python.attr
https://git.centos.org/rpms/python-rpm-generators/raw/c8s/f/SOURCES/pythondeps.sh
https://git.centos.org/rpms/python-rpm-generators/raw/c8s/f/SOURCES/pythondistdeps.py
https://www.linuxfromscratch.org/patches/downloads/lua/lua-5.4.3-shared_library-1.patch
https://www.linuxfromscratch.org/patches/downloads/lua/lua-5.4.4-shared_library-2.patch
https://ftp.gnu.org/gnu/gcc/gcc-11.2.0/gcc-11.2.0.tar.xz
https://ftp.gnu.org/gnu/glibc/glibc-2.35.tar.xz
https://www.linuxfromscratch.org/patches/downloads/glibc/glibc-2.35-fhs-1.patch

Просмотреть файл

@ -32,8 +32,8 @@ c676146577d989189940f1959d9e3980d28513d74eedfbc6b7f15ea45fe54ee2 libarchive-3.6
0d72e12e4f2afff67fd7b9df0a24d7ba42b5a7c9211ac5b3dcccc5cd8b286f2b libpipeline-1.5.0.tar.gz
7c87a8c2c8c0fc9cd5019e402bed4292462d00a718a7cd5f11218153bf28b26f libtool-2.4.6.tar.xz
540fb721619a6aba3bdeef7d940d8e9e0e6d2c193595bc243241b77ff9e93620 libffi-3.4.2.tar.gz
5add91e10446d34d6b3e94c587e4ae5c206200d016dcb303b8bd5c7ca73859f0 lua-5.4.3-shared_library-1.patch
f8612276169e3bfcbcfb8f226195bfc6e466fe13042f1076cbde92b7ec96bbfb lua-5.4.3.tar.gz
44324a802822f0a35d095aaad2f5f58fa7b1821ae87ae44dbcfc8a23fcd2e67e lua-5.4.4-shared_library-2.patch
164c7849653b80ae67bec4b7473b884bf5cc8d2dca05653475ec2ed27b9ebf61 lua-5.4.4.tar.gz
3be4a26d825ffdfda52a56fc43246456989a3630093cced3fbddf4771ee58a70 m4-1.4.19.tar.gz
e05fdde47c5f7ca45cb697e973894ff4f5d79e13b750ed57d7b66d8defc78e19 make-4.3.tar.gz
2ffd8f2e80122fe72e60c740c851e6a3e15c9a7921185eb4752c1c672824bed6 man-db-2.10.1.tar.xz

Просмотреть файл

@ -1057,12 +1057,12 @@ popd
rm -rf libarchive-3.6.1
touch /logs/status_libarchive_complete
echo lua-5.4.3
tar xf lua-5.4.3.tar.gz
pushd lua-5.4.3
echo lua-5.4.4
tar xf lua-5.4.4.tar.gz
pushd lua-5.4.4
cat > lua.pc << "EOF"
V=5.4
R=5.4.3
R=5.4.4
prefix=/usr
INSTALL_BIN=${prefix}/bin
INSTALL_INC=${prefix}/include
@ -1080,19 +1080,19 @@ Requires:
Libs: -L${libdir} -llua -lm -ldl
Cflags: -I${includedir}
EOF
patch -Np1 -i ../lua-5.4.3-shared_library-1.patch
patch -Np1 -i ../lua-5.4.4-shared_library-2.patch
sed -i '/#define LUA_ROOT/s:/usr/local/:/usr/:' src/luaconf.h
make MYCFLAGS="-DLUA_COMPAT_5_2 -DLUA_COMPAT_5_1" linux
make INSTALL_TOP=/usr \
INSTALL_DATA="cp -d" \
INSTALL_MAN=/usr/share/man/man1 \
TO_LIB="liblua.so liblua.so.5.4 liblua.so.5.4.3" \
TO_LIB="liblua.so liblua.so.5.4 liblua.so.5.4.4" \
install
mkdir -pv /usr/share/doc/lua-5.4.3
cp -v doc/*.{html,css,gif,png} /usr/share/doc/lua-5.4.3
mkdir -pv /usr/share/doc/lua-5.4.4
cp -v doc/*.{html,css,gif,png} /usr/share/doc/lua-5.4.4
install -v -m644 -D lua.pc /usr/lib/pkgconfig/lua.pc
popd
rm -rf lua-5.4.3
rm -rf lua-5.4.4
touch /logs/status_lua_complete
DEBUGEDIT_WITH_VERSION=debugedit-5.0