packages/lua
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

upgrade lua to version 5.4.4

Browse Source 
Signed-off-by: hubin <hubin73@huawei.com>
This commit is contained in:
hubin 2023-01-19 16:02:23 +08:00
parent 621f043634
commit ef4fddc773
9 changed files with 11 additions and 425 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
backport-CVE-2021-43519.patch
View File

@ -1,68 +0,0 @@
From 74d99057a5146755e737c479850f87fd0e3b6868 Mon Sep 17 00:00:00 2001
From: Roberto Ierusalimschy <roberto@inf.puc-rio.br>
Date: Wed, 3 Nov 2021 15:04:18 -0300
Subject: [PATCH] Bug: C stack overflow with coroutines
'coroutine.resume' did not increment counter of C calls when
continuing execution after a protected error (that is,
while running 'precover').
---
lua-5.4.3-tests/cstack.lua | 14 ++++++++++++++
src/ldo.c | 6 ++++--
2 files changed, 18 insertions(+), 2 deletions(-)
diff --git a/lua-5.4.3-tests/cstack.lua b/lua-5.4.3-tests/cstack.lua
index 213d15d..ca76c87 100644
--- a/lua-5.4.3-tests/cstack.lua
+++ b/lua-5.4.3-tests/cstack.lua
@@ -103,6 +103,20 @@ do
end
+do -- bug in 5.4.2
+ print("nesting coroutines running after recoverable errors")
+ local count = 0
+ local function foo()
+ count = count + 1
+ pcall(1) -- create an error
+ -- running now inside 'precover' ("protected recover")
+ coroutine.wrap(foo)() -- call another coroutine
+ end
+ checkerror("C stack overflow", foo)
+ print("final count: ", count)
+end
+
+
if T then
print("testing stack recovery")
local N = 0 -- trace number of calls
diff --git a/src/ldo.c b/src/ldo.c
index 7135079..ca558fd 100644
--- a/src/ldo.c
+++ b/src/ldo.c
@@ -728,11 +728,10 @@ static void resume (lua_State *L, void *ud) {
StkId firstArg = L->top - n; /* first argument */
CallInfo *ci = L->ci;
if (L->status == LUA_OK) /* starting a coroutine? */
- ccall(L, firstArg - 1, LUA_MULTRET, 1); /* just call its body */
+ ccall(L, firstArg - 1, LUA_MULTRET, 0); /* just call its body */
else { /* resuming from previous yield */
lua_assert(L->status == LUA_YIELD);
L->status = LUA_OK; /* mark that it is running (again) */
- luaE_incCstack(L); /* control the C stack */
if (isLua(ci)) { /* yielded inside a hook? */
L->top = firstArg; /* discard arguments */
luaV_execute(L, ci); /* just continue running Lua code */
@@ -783,6 +782,9 @@ LUA_API int lua_resume (lua_State *L, lua_State *from, int nargs,
else if (L->status != LUA_YIELD) /* ended with errors? */
return resume_error(L, "cannot resume dead coroutine", nargs);
L->nCcalls = (from) ? getCcalls(from) : 0;
+ if (getCcalls(L) >= LUAI_MAXCCALLS)
+ return resume_error(L, "C stack overflow", nargs);
+ L->nCcalls++;
luai_userstateresume(L, nargs);
api_checknelems(L, (L->status == LUA_OK) ? nargs + 1 : nargs);
status = luaD_rawrunprotected(L, resume, &nargs);
--
1.8.3.1

24
backport-CVE-2021-44647.patch
View File

@ -1,24 +0,0 @@
From 1de95e97ef65632a88e08b6184bd9d1ceba7ec2f Mon Sep 17 00:00:00 2001
From: Roberto Ierusalimschy <roberto@inf.puc-rio.br>
Date: Fri, 10 Dec 2021 10:53:54 -0300
Subject: [PATCH] Bug: Lua stack still active when closing a state
---
src/lstate.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/lstate.c b/src/lstate.c
index c5e3b43..38da773 100644
--- a/src/lstate.c
+++ b/src/lstate.c
@@ -271,6 +271,7 @@ static void close_state (lua_State *L) {
if (!completestate(g)) /* closing a partially built state? */
luaC_freeallobjects(L); /* jucst collect its objects */
else { /* closing a fully built state */
+ L->ci = &L->base_ci; /* unwind CallInfo list */
luaD_closeprotected(L, 1, LUA_OK); /* close all upvalues */
luaC_freeallobjects(L); /* collect all objects */
luai_userstateclose(L);
--
1.8.3.1

297
backport-CVE-2021-44964.patch
View File

@ -1,297 +0,0 @@
From 0bfc572e51d9035a615ef6e9523f736c9ffa8e57 Mon Sep 17 00:00:00 2001
From: Roberto Ierusalimschy <roberto@inf.puc-rio.br>
Date: Mon, 13 Dec 2021 10:41:17 -0300
Subject: [PATCH] Bug: GC is not reentrant
As the GC is not reentrant, finalizers should not be able to invoke it.
---
lua-5.4.3-tests/api.lua | 5 ++---
lua-5.4.3-tests/gc.lua | 6 ++++--
src/lapi.c | 17 +++++++++--------
src/lbaselib.c | 19 +++++++++++++++++--
src/lgc.c | 11 +++++++----
src/lgc.h | 9 +++++++++
src/lstate.c | 4 ++--
src/lstate.h | 2 +-
8 files changed, 51 insertions(+), 22 deletions(-)
diff --git a/lua-5.4.3-tests/api.lua b/lua-5.4.3-tests/api.lua
index c1bcb4b..bd85a92 100644
--- a/lua-5.4.3-tests/api.lua
+++ b/lua-5.4.3-tests/api.lua
@@ -804,15 +804,14 @@ F = function (x)
d = nil
assert(debug.getmetatable(x).__gc == F)
assert(load("table.insert({}, {})"))() -- create more garbage
- collectgarbage() -- force a GC during GC
- assert(debug.getmetatable(x).__gc == F) -- previous GC did not mess this?
+ assert(not collectgarbage()) -- GC during GC (no op)
local dummy = {} -- create more garbage during GC
if A ~= nil then
assert(type(A) == "userdata")
assert(T.udataval(A) == B)
debug.getmetatable(A) -- just access it
end
- A = x -- ressucita userdata
+ A = x -- ressurect userdata
B = udval
return 1,2,3
end
diff --git a/lua-5.4.3-tests/gc.lua b/lua-5.4.3-tests/gc.lua
index 2332c93..d865cb2 100644
--- a/lua-5.4.3-tests/gc.lua
+++ b/lua-5.4.3-tests/gc.lua
@@ -676,11 +676,13 @@ end
-- just to make sure
assert(collectgarbage'isrunning')
-do -- check that the collector is reentrant in incremental mode
+do -- check that the collector is not reentrant in incremental mode
+ local res = true
setmetatable({}, {__gc = function ()
- collectgarbage()
+ res = collectgarbage()
end})
collectgarbage()
+ assert(not res)
end
diff --git a/src/lapi.c b/src/lapi.c
index f8f70cd..7b96979 100644
--- a/src/lapi.c
+++ b/src/lapi.c
@@ -1126,18 +1126,19 @@ LUA_API int lua_status (lua_State *L) {
LUA_API int lua_gc (lua_State *L, int what, ...) {
va_list argp;
int res = 0;
- global_State *g;
+ global_State *g = G(L);
+ if (g->gcstp & GCSTPGC) /* internal stop? */
+ return -1; /* all options are invalid when stopped */
lua_lock(L);
- g = G(L);
va_start(argp, what);
switch (what) {
case LUA_GCSTOP: {
- g->gcrunning = 0;
+ g->gcstp = GCSTPUSR; /* stopeed by the user */
break;
}
case LUA_GCRESTART: {
luaE_setdebt(g, 0);
- g->gcrunning = 1;
+ g->gcstp = 0; /* (GCSTPGC must be already zero here) */
break;
}
case LUA_GCCOLLECT: {
@@ -1156,8 +1157,8 @@ LUA_API int lua_gc (lua_State *L, int what, ...) {
case LUA_GCSTEP: {
int data = va_arg(argp, int);
l_mem debt = 1; /* =1 to signal that it did an actual step */
- lu_byte oldrunning = g->gcrunning;
- g->gcrunning = 1; /* allow GC to run */
+ lu_byte oldstp = g->gcstp;
+ g->gcstp = 0; /* allow GC to run (GCSTPGC must be zero here) */
if (data == 0) {
luaE_setdebt(g, 0); /* do a basic step */
luaC_step(L);
@@ -1167,7 +1168,7 @@ LUA_API int lua_gc (lua_State *L, int what, ...) {
luaE_setdebt(g, debt);
luaC_checkGC(L);
}
- g->gcrunning = oldrunning; /* restore previous state */
+ g->gcstp = oldstp; /* restore previous state */
if (debt > 0 && g->gcstate == GCSpause) /* end of cycle? */
res = 1; /* signal it */
break;
@@ -1185,7 +1186,7 @@ LUA_API int lua_gc (lua_State *L, int what, ...) {
break;
}
case LUA_GCISRUNNING: {
- res = g->gcrunning;
+ res = gcrunning(g);
break;
}
case LUA_GCGEN: {
diff --git a/src/lbaselib.c b/src/lbaselib.c
index 83ad306..82abd94 100644
--- a/src/lbaselib.c
+++ b/src/lbaselib.c
@@ -182,12 +182,20 @@ static int luaB_rawset (lua_State *L) {
static int pushmode (lua_State *L, int oldmode) {
- lua_pushstring(L, (oldmode == LUA_GCINC) ? "incremental"
- : "generational");
+ if (oldmode == -1)
+ luaL_pushfail(L); /* invalid call to 'lua_gc' */
+ else
+ lua_pushstring(L, (oldmode == LUA_GCINC) ? "incremental"
+ : "generational");
return 1;
}
+/*
+** check whether call to 'lua_gc' was valid (not inside a finalizer)
+*/
+#define checkvalres(res) { if (res == -1) break; }
+
static int luaB_collectgarbage (lua_State *L) {
static const char *const opts[] = {"stop", "restart", "collect",
"count", "step", "setpause", "setstepmul",
@@ -200,12 +208,14 @@ static int luaB_collectgarbage (lua_State *L) {
case LUA_GCCOUNT: {
int k = lua_gc(L, o);
int b = lua_gc(L, LUA_GCCOUNTB);
+ checkvalres(k);
lua_pushnumber(L, (lua_Number)k + ((lua_Number)b/1024));
return 1;
}
case LUA_GCSTEP: {
int step = (int)luaL_optinteger(L, 2, 0);
int res = lua_gc(L, o, step);
+ checkvalres(res);
lua_pushboolean(L, res);
return 1;
}
@@ -213,11 +223,13 @@ static int luaB_collectgarbage (lua_State *L) {
case LUA_GCSETSTEPMUL: {
int p = (int)luaL_optinteger(L, 2, 0);
int previous = lua_gc(L, o, p);
+ checkvalres(previous);
lua_pushinteger(L, previous);
return 1;
}
case LUA_GCISRUNNING: {
int res = lua_gc(L, o);
+ checkvalres(res);
lua_pushboolean(L, res);
return 1;
}
@@ -234,10 +246,13 @@ static int luaB_collectgarbage (lua_State *L) {
}
default: {
int res = lua_gc(L, o);
+ checkvalres(res);
lua_pushinteger(L, res);
return 1;
}
}
+ luaL_pushfail(L); /* invalid call (inside a finalizer) */
+ return 1;
}
diff --git a/src/lgc.c b/src/lgc.c
index b360eed..7d0b5e4 100644
--- a/src/lgc.c
+++ b/src/lgc.c
@@ -906,16 +906,16 @@ static void GCTM (lua_State *L) {
if (!notm(tm)) { /* is there a finalizer? */
int status;
lu_byte oldah = L->allowhook;
- int running = g->gcrunning;
+ int oldgcstp = g->gcstp;
+ g->gcstp = GCSTPGC; /* avoid GC steps */
L->allowhook = 0; /* stop debug hooks during GC metamethod */
- g->gcrunning = 0; /* avoid GC steps */
setobj2s(L, L->top++, tm); /* push finalizer... */
setobj2s(L, L->top++, &v); /* ... and its argument */
L->ci->callstatus |= CIST_FIN; /* will run a finalizer */
status = luaD_pcall(L, dothecall, NULL, savestack(L, L->top - 2), 0);
L->ci->callstatus &= ~CIST_FIN; /* not running a finalizer anymore */
L->allowhook = oldah; /* restore hooks */
- g->gcrunning = running; /* restore state */
+ g->gcstp = oldgcstp; /* restore state */
if (l_unlikely(status != LUA_OK)) { /* error while running __gc? */
luaE_warnerror(L, "__gc metamethod");
L->top--; /* pops error object */
@@ -1502,9 +1502,11 @@ static void deletelist (lua_State *L, GCObject *p, GCObject *limit) {
*/
void luaC_freeallobjects (lua_State *L) {
global_State *g = G(L);
+ g->gcstp = GCSTPGC;
luaC_changemode(L, KGC_INC);
separatetobefnz(g, 1); /* separate all objects with finalizers */
lua_assert(g->finobj == NULL);
+ g->gcstp = 0;
callallpendingfinalizers(L);
deletelist(L, g->allgc, obj2gco(g->mainthread));
deletelist(L, g->finobj, NULL);
@@ -1647,6 +1649,7 @@ void luaC_runtilstate (lua_State *L, int statesmask) {
}
+
/*
** Performs a basic incremental step. The debt and step size are
** converted from bytes to "units of work"; then the function loops
@@ -1678,7 +1681,7 @@ static void incstep (lua_State *L, global_State *g) {
void luaC_step (lua_State *L) {
global_State *g = G(L);
lua_assert(!g->gcemergency);
- if (g->gcrunning) { /* running? */
+ if (gcrunning(g)) { /* running? */
if(isdecGCmodegen(g))
genstep(L, g);
else
diff --git a/src/lgc.h b/src/lgc.h
index 073e2a4..024a432 100644
--- a/src/lgc.h
+++ b/src/lgc.h
@@ -148,6 +148,15 @@
*/
#define isdecGCmodegen(g) (g->gckind == KGC_GEN || g->lastatomic != 0)
+
+/*
+** Control when GC is running:
+*/
+#define GCSTPUSR 1 /* bit true when GC stopped by user */
+#define GCSTPGC 2 /* bit true when GC stopped by itself */
+#define gcrunning(g) ((g)->gcstp == 0)
+
+
/*
** Does one step of collection when debt becomes positive. 'pre'/'pos'
** allows some adjustments to be done only when needed. macro
diff --git a/src/lstate.c b/src/lstate.c
index 38da773..59b4f21 100644
--- a/src/lstate.c
+++ b/src/lstate.c
@@ -236,7 +236,7 @@ static void f_luaopen (lua_State *L, void *ud) {
luaS_init(L);
luaT_init(L);
luaX_init(L);
- g->gcrunning = 1; /* allow gc */
+ g->gcstp = 0; /* allow gc */
setnilvalue(&g->nilvalue); /* now state is complete */
luai_userstateopen(L);
}
@@ -373,7 +373,7 @@ LUA_API lua_State *lua_newstate (lua_Alloc f, void *ud) {
g->ud_warn = NULL;
g->mainthread = L;
g->seed = luai_makeseed(L);
- g->gcrunning = 0; /* no GC while building state */
+ g->gcstp = GCSTPGC; /* no GC while building state */
g->strt.size = g->strt.nuse = 0;
g->strt.hash = NULL;
setnilvalue(&g->l_registry);
diff --git a/src/lstate.h b/src/lstate.h
index c1283bb..0d2099f 100644
--- a/src/lstate.h
+++ b/src/lstate.h
@@ -263,7 +263,7 @@ typedef struct global_State {
lu_byte gcstopem; /* stops emergency collections */
lu_byte genminormul; /* control for minor generational collections */
lu_byte genmajormul; /* control for major generational collections */
- lu_byte gcrunning; /* true if GC is running */
+ lu_byte gcstp; /* control whether GC is running */
lu_byte gcemergency; /* true if this is an emergency collection */
lu_byte gcpause; /* size of pause between successive GCs */
lu_byte gcstepmul; /* GC "speed" */
--
2.33.0

24
backport-CVE-2022-28805.patch
View File

@ -4,31 +4,9 @@ Date: Tue, 15 Feb 2022 12:28:46 -0300
Subject: [PATCH] Bug: Lua can generate wrong code when _ENV is <const>
---
lua-5.4.3-tests/attrib.lua | 10 ++++++++++
src/lparser.c | 1 +
2 files changed, 11 insertions(+)
1 files changed, 1 insertions(+)
diff --git a/lua-5.4.3-tests/attrib.lua b/lua-5.4.3-tests/attrib.lua
index b1076c7..83821c0 100644
--- a/lua-5.4.3-tests/attrib.lua
+++ b/lua-5.4.3-tests/attrib.lua
@@ -434,6 +434,16 @@ a.aVeryLongName012345678901234567890123456789012345678901234567890123456789 ==
10)
+do
+ -- _ENV constant
+ local function foo ()
+ local _ENV <const> = 11
+ X = "hi"
+ end
+ local st, msg = pcall(foo)
+ assert(not st and string.find(msg, "number"))
+end
+
-- test of large float/integer indices
diff --git a/src/lparser.c b/src/lparser.c
index 284ef1f..0626833 100644
--- a/src/lparser.c

BIN
lua-5.4.3-tests.tar.gz
View File

Binary file not shown.

BIN
lua-5.4.3.tar.gz
View File

Binary file not shown.

BIN
lua-5.4.4-tests.tar.gz Normal file
View File

Binary file not shown.

BIN
lua-5.4.4.tar.gz Normal file
View File

Binary file not shown.

23
lua.spec
View File

@ -1,12 +1,12 @@
%global major_version 5.4
# test version is still 5.4.3
%global test_version 5.4.3
# test version is 5.4.4
%global test_version 5.4.4
# Place rpm-macros into proper location.
%global macrosdir %(d=%{_rpmconfigdir}/macros.d; [ -d $d ] || d=%{_sysconfdir}/rpm; echo $d)
Name: lua
Version: 5.4.3
Release: 10
Version: 5.4.4
Release: 1
Summary: A powerful, efficient, lightweight, embeddable scripting language
License: MIT
URL: http://www.lua.org/
@ -23,12 +23,9 @@ Patch0: lua-5.4.0-beta-autotoolize.patch
Patch1: lua-5.3.0-idsize.patch
Patch2: lua-5.2.2-configure-linux.patch
Patch3: lua-5.3.0-configure-compat-module.patch
Patch6000: backport-CVE-2021-43519.patch
Patch6001: backport-CVE-2021-44647.patch
Patch6002: backport-CVE-2022-28805.patch
Patch6003: backport-CVE-2022-33099.patch
Patch6004: backport-CVE-2021-44964.patch
Patch6005: backport-luaV_concat-can-use-invalidated-pointer-to-stack.patch
Patch6000: backport-CVE-2022-28805.patch
Patch6001: backport-CVE-2022-33099.patch
Patch6002: backport-luaV_concat-can-use-invalidated-pointer-to-stack.patch
BuildRequires: automake autoconf libtool readline-devel ncurses-devel
@ -64,9 +61,6 @@ mv src/luaconf.h src/luaconf.h.template.in
%patch6000 -p1
%patch6001 -p1
%patch6002 -p1
%patch6003 -p1
%patch6004 -p1
%patch6005 -p1
# Put proper version in configure.ac, patch0 hardcodes 5.3.0
sed -i 's|5.3.0|%{version}|g' configure.ac
@ -141,6 +135,9 @@ LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_libdir} $RPM_BUILD_ROOT/%{_bindir}/lua -e"_U=
%{_mandir}/man1/lua*.1*
%changelog
* Thu Jan 19 2023 hubin <hubin73@huawei.com> - 5.4.4-1
- upgrade to version 5.4.4
* Mon Dec 26 2022 liyanan <liyanan32@h-partners.com> - 5.4.3-10
- add support for LoongArch