diff options
Diffstat (limited to 'user/lua5.3')
-rw-r--r-- | user/lua5.3/APKBUILD | 139 | ||||
-rw-r--r-- | user/lua5.3/CVE-2019-6706.patch | 27 | ||||
-rw-r--r-- | user/lua5.3/CVE-2020-24370.patch | 36 | ||||
-rw-r--r-- | user/lua5.3/linenoise.patch | 18 | ||||
-rw-r--r-- | user/lua5.3/lua-5.3-make.patch | 74 | ||||
-rw-r--r-- | user/lua5.3/lua-5.3-module_paths.patch | 31 |
6 files changed, 325 insertions, 0 deletions
diff --git a/user/lua5.3/APKBUILD b/user/lua5.3/APKBUILD new file mode 100644 index 000000000..5786668d5 --- /dev/null +++ b/user/lua5.3/APKBUILD @@ -0,0 +1,139 @@ +# Maintainer: +pkgname=lua5.3 +_pkgname=lua +pkgver=5.3.5 +_luaver=${pkgname#lua} +pkgrel=2 +pkgdesc="Embeddable programming language" +url="https://www.lua.org/" +arch="all" +license="MIT" +ldpath="/usr/lib/$pkgname" +depends="" +depends_dev="$pkgname" +makedepends="libtool autoconf automake linenoise-dev" +provides="lua" +subpackages="$pkgname-dev $pkgname-doc $pkgname-libs" +source="https://www.lua.org/ftp/$_pkgname-$pkgver.tar.gz + lua-5.3-make.patch + lua-5.3-module_paths.patch + linenoise.patch + CVE-2019-6706.patch + CVE-2020-24370.patch + " +builddir="$srcdir/$_pkgname-$pkgver" + +# secfixes: lua +# 5.3.5-r2: +# - CVE-2020-24370 +# 5.3.5-r1: +# - CVE-2019-6706 + +prepare() { + default_prepare + + # disable readline + sed -i '/#define LUA_USE_READLINE/d' src/luaconf.h + + # we use libtool + cat > configure.ac <<-EOF + top_buildir=. + + AC_INIT(src/luaconf.h) + AC_PROG_LIBTOOL + AC_OUTPUT() + EOF + libtoolize --force --install && aclocal && autoconf +} + +build() { + ./configure \ + --build=$CBUILD \ + --host=$CHOST \ + --prefix=/usr + + cd src + make V=${pkgver%.*} \ + CFLAGS="-DLUA_USE_LINUX -DLUA_COMPAT_5_2 -DLUA_USE_LINENOISE" \ + SYSLDFLAGS="$LDFLAGS" \ + RPATH="/usr/lib" \ + LIB_LIBS="-lpthread -lm -ldl -llinenoise" \ + alpine_all +} + +check() { + make test +} + +package() { + make V=${pkgver%.*} \ + INSTALL_TOP="$pkgdir"/usr \ + INSTALL_INC="$pkgdir"/usr/include/$pkgname \ + INSTALL_LIB="$pkgdir"/usr/lib/$pkgname \ + alpine_install + + for _solib in "$pkgdir"/usr/lib/$pkgname/*.so.*; do + ln -s $pkgname/${_solib##*/} "$pkgdir"/usr/lib/${_solib##*/} + done + + install -D -m 644 doc/lua.1 "$pkgdir"/usr/share/man/man1/lua.1 + install -D -m 644 doc/luac.1 "$pkgdir"/usr/share/man/man1/luac.1 + + install -d "$pkgdir"/usr/lib/pkgconfig + cat > "$pkgdir"/usr/lib/pkgconfig/lua.pc <<-EOF + # lua.pc -- pkg-config data for Lua + + # vars from install Makefile + + # grep '^V=' ../Makefile + V= ${_luaver} + # grep '^R=' ../Makefile + R= ${pkgver} + + # grep '^INSTALL_.*=' ../Makefile | sed 's/INSTALL_TOP/prefix/' + prefix= /usr + INSTALL_BIN= \${prefix}/bin + INSTALL_INC= \${prefix}/include + INSTALL_LIB= \${prefix}/lib + INSTALL_MAN= \${prefix}/man/man1 + INSTALL_LMOD= \${prefix}/share/lua/\${V} + INSTALL_CMOD= \${prefix}/lib/lua/\${V} + + # canonical vars + exec_prefix=\${prefix} + libdir=\${exec_prefix}/lib/$pkgname + includedir=\${prefix}/include/$pkgname + + Name: Lua + Description: An Extensible Extension Language + Version: \${R} + Requires: + Libs: -L\${libdir} -llua -lm + Cflags: -I\${includedir} + + # (end of lua.pc) + EOF + +} + +dev() { + default_dev + + mkdir -p "$subpkgdir"/usr/lib/$pkgname + mv "$pkgdir"/usr/lib/$pkgname/liblua.so "$subpkgdir"/usr/lib/$pkgname/ +} + +libs() { + pkgdesc="Lua dynamic library runtime" + replaces="lua" + + mkdir -p "$subpkgdir"/usr + mv "$pkgdir"/usr/lib "$subpkgdir"/usr/ +} + +sha512sums="4f9516acc4659dfd0a9e911bfa00c0788f0ad9348e5724fe8fb17aac59e9c0060a64378f82be86f8534e49c6c013e7488ad17321bafcc787831d3d67406bd0f4 lua-5.3.5.tar.gz +1bc6c623024c1738155b30ff9c0edcce0f336edc25aa20c3a1400c859421ea2015d75175cce8d515e055ac3e96028426b74812e04022af18a0ed4c4601556027 lua-5.3-make.patch +bc68772390dc8d8940176af0b9fbacc0af61891b5d27de5f1466a4e7f9b3291a1c08ba5add829bc96b789a53fa5ec2dadaa096ca6eabe54ec27724fa2810940f lua-5.3-module_paths.patch +49880d1131b7bd2a3169a26f401769a91d9a6a62cefe68aa5a89097139289588b7ef753535a2d0ba7f45c0369c760554940fd810716b7b1353deace32432fcfe linenoise.patch +77755c083630d48404178012d5947230675311a15f0f5e30efa72004edf3124615fa9080b739240213c013efb015689e09ee653a41d560964a3df78a8fe0fd8d CVE-2019-6706.patch +0c28366d352e3e6660413d16c1deaa0b1c6070170c13d95ae7a48b6b39c728a16d3f2a6068f665b3ec3e17f4f69d006625af074a4ddb51c8f3845d567c0dd809 CVE-2020-24370.patch" diff --git a/user/lua5.3/CVE-2019-6706.patch b/user/lua5.3/CVE-2019-6706.patch new file mode 100644 index 000000000..c35f81a4a --- /dev/null +++ b/user/lua5.3/CVE-2019-6706.patch @@ -0,0 +1,27 @@ +Lifted from Ubuntu: + +https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/lua5.3/5.3.3-1.1ubuntu1/lua5.3_5.3.3-1.1ubuntu1.debian.tar.xz +0c7d89b1413cc55f3aff5bbd40e5726b7d69b856befbbf32f00f58588dc4ce81 + +--- a/src/lapi.c ++++ b/src/lapi.c +@@ -1285,14 +1285,14 @@ LUA_API void *lua_upvalueid (lua_State * + + LUA_API void lua_upvaluejoin (lua_State *L, int fidx1, int n1, + int fidx2, int n2) { +- LClosure *f1; +- UpVal **up1 = getupvalref(L, fidx1, n1, &f1); ++ UpVal **up1 = getupvalref(L, fidx1, n1, NULL); /* the last parameter not needed */ + UpVal **up2 = getupvalref(L, fidx2, n2, NULL); ++ if (*up1 == *up2) return; /* Already joined */ ++ (*up2)->refcount++; ++ if (upisopen(*up2)) (*up2)->u.open.touched = 1; ++ luaC_upvalbarrier(L, *up2); + luaC_upvdeccount(L, *up1); + *up1 = *up2; +- (*up1)->refcount++; +- if (upisopen(*up1)) (*up1)->u.open.touched = 1; +- luaC_upvalbarrier(L, *up1); + } + + diff --git a/user/lua5.3/CVE-2020-24370.patch b/user/lua5.3/CVE-2020-24370.patch new file mode 100644 index 000000000..0bfce24b1 --- /dev/null +++ b/user/lua5.3/CVE-2020-24370.patch @@ -0,0 +1,36 @@ +From b5bc89846721375fe30772eb8c5ab2786f362bf9 Mon Sep 17 00:00:00 2001 +From: Roberto Ierusalimschy <roberto@inf.puc-rio.br> +Date: Mon, 3 Aug 2020 16:25:28 -0300 +Subject: [PATCH] Fixed bug: Negation overflow in getlocal/setlocal + +--- + ldebug.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/ldebug.c b/ldebug.c +index e1389296e..bb0e1d4ac 100644 +--- a/src/ldebug.c ++++ b/src/ldebug.c +@@ -133,10 +133,11 @@ static const char *upvalname (Proto *p, int uv) { + + static const char *findvararg (CallInfo *ci, int n, StkId *pos) { + int nparams = clLvalue(ci->func)->p->numparams; +- if (n >= cast_int(ci->u.l.base - ci->func) - nparams) ++ int nvararg = cast_int(ci->u.l.base - ci->func) - nparams; ++ if (n <= -nvararg) + return NULL; /* no such vararg */ + else { +- *pos = ci->func + nparams + n; ++ *pos = ci->func + nparams - n; + return "(*vararg)"; /* generic name for any vararg */ + } + } +@@ -148,7 +149,7 @@ static const char *findlocal (lua_State *L, CallInfo *ci, int n, + StkId base; + if (isLua(ci)) { + if (n < 0) /* access to vararg values? */ +- return findvararg(ci, -n, pos); ++ return findvararg(ci, n, pos); + else { + base = ci->u.l.base; + name = luaF_getlocalname(ci_func(ci)->p, n, currentpc(ci)); diff --git a/user/lua5.3/linenoise.patch b/user/lua5.3/linenoise.patch new file mode 100644 index 000000000..fdca6205a --- /dev/null +++ b/user/lua5.3/linenoise.patch @@ -0,0 +1,18 @@ +--- ./src/lua.c.orig ++++ ./src/lua.c +@@ -85,6 +85,15 @@ + add_history(lua_tostring(L, idx)); /* add it to history */ + #define lua_freeline(L,b) ((void)L, free(b)) + ++#elif defined(LUA_USE_LINENOISE)/* }{ */ ++ ++#include "linenoise.h" ++#define lua_readline(L,b,p) ((void)L, ((b)=linenoise(p)) != NULL) ++#define lua_saveline(L,idx) \ ++ if (lua_rawlen(L,idx) > 0) /* non-empty line? */ \ ++ linenoiseHistoryAdd(lua_tostring(L, idx)); /* add it to history */ ++#define lua_freeline(L,b) ((void)L, free(b)) ++ + #else /* }{ */ + + #define lua_readline(L,b,p) \ diff --git a/user/lua5.3/lua-5.3-make.patch b/user/lua5.3/lua-5.3-make.patch new file mode 100644 index 000000000..349218607 --- /dev/null +++ b/user/lua5.3/lua-5.3-make.patch @@ -0,0 +1,74 @@ +diff --git a/Makefile b/Makefile +index 7fa91c8..c85ede2 100644 +--- a/Makefile ++++ b/Makefile +@@ -112,3 +112,18 @@ pc: + .PHONY: all $(PLATS) clean test install local none dummy echo pecho lecho + + # (end of Makefile) ++ ++# Use libtool for binary installs, etc. ++ ++export V ++export LIBTOOL = ../libtool --quiet --tag=CC ++# See libtool manual about how to set this ++ ++alpine_clean: ++ cd src; $(MAKE) $@ ++ ++alpine_install: ++ mkdir -p $(INSTALL_BIN) $(INSTALL_INC) $(INSTALL_LIB) ++ cd src; $(LIBTOOL) --mode=install $(INSTALL_EXEC) lua luac $(INSTALL_BIN) ++ cd src; $(INSTALL_DATA) $(TO_INC) $(INSTALL_INC) ++ cd src; $(LIBTOOL) --mode=install $(INSTALL_DATA) liblua.la $(INSTALL_LIB) +diff --git a/src/Makefile b/src/Makefile +index 2e7a412..a72f342 100644 +--- a/src/Makefile ++++ b/src/Makefile +@@ -59,10 +59,10 @@ $(LUA_A): $(BASE_O) + $(AR) $@ $(BASE_O) + $(RANLIB) $@ + +-$(LUA_T): $(LUA_O) $(LUA_A) ++origin$(LUA_T): $(LUA_O) $(LUA_A) + $(CC) -o $@ $(LDFLAGS) $(LUA_O) $(LUA_A) $(LIBS) + +-$(LUAC_T): $(LUAC_O) $(LUA_A) ++origin$(LUAC_T): $(LUAC_O) $(LUA_A) + $(CC) -o $@ $(LDFLAGS) $(LUAC_O) $(LUA_A) $(LIBS) + + clean: +@@ -194,4 +194,33 @@ lvm.o: lvm.c lprefix.h lua.h luaconf.h ldebug.h lstate.h lobject.h \ + lzio.o: lzio.c lprefix.h lua.h luaconf.h llimits.h lmem.h lstate.h \ + lobject.h ltm.h lzio.h + ++ ++export LIBTOOL = ../libtool --quiet --tag=CC ++export LIB_VERSION = 0:0:0 ++ ++# The following rules use libtool for compiling and linking in order to ++# provide shared library support. ++ ++LIB_NAME = liblua.la ++LIB_OBJS = $(CORE_O:.o=.lo) $(LIB_O:.o=.lo) ++ ++%.lo %.o: %.c ++ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) -o $@ $< ++ ++$(LIB_NAME): $(LIB_OBJS) ++ $(LIBTOOL) --mode=link $(CC) -version-info $(LIB_VERSION) -release $(V) \ ++ -rpath $(RPATH) $(LDFLAGS) -o $(LIB_NAME) $(LIB_OBJS) $(LIB_LIBS) ++ ++$(LUA_T): $(LUA_O:.o=.lo) $(LIB_NAME) ++ $(LIBTOOL) --mode=link $(CC) -export-dynamic $(LDFLAGS) -o $@ \ ++ $(LUA_O:.o=.lo) $(LIB_NAME) $(LUA_LIBS) ++ ++$(LUAC_T): $(LUAC_O:.o=.lo) $(LIB_NAME) ++ $(LIBTOOL) --mode=link $(CC) -static $(LDFLAGS) -o $@ $(LUAC_O:.o=.lo) \ ++ $(LIB_NAME) ++ ++alpine_clean: ++ $(LIBTOOL) --mode=clean $(RM) $(ALL_O:.o=.lo) $(LIB_NAME) lua luac ++ ++alpine_all: $(LIB_NAME) $(LUA_T) $(LUAC_T) + # (end of Makefile) diff --git a/user/lua5.3/lua-5.3-module_paths.patch b/user/lua5.3/lua-5.3-module_paths.patch new file mode 100644 index 000000000..313d9c609 --- /dev/null +++ b/user/lua5.3/lua-5.3-module_paths.patch @@ -0,0 +1,31 @@ +diff --git a/src/luaconf.h b/src/luaconf.h +index fd28d21..4c65295 100644 +--- a/src/luaconf.h ++++ b/src/luaconf.h +@@ -203,12 +201,25 @@ + #define LUA_ROOT "/usr/local/" + #define LUA_LDIR LUA_ROOT "share/lua/" LUA_VDIR "/" + #define LUA_CDIR LUA_ROOT "lib/lua/" LUA_VDIR "/" ++ ++#define LUA_VENDOR_ROOT "/usr/" ++/* Path for version-specific Lua modules. */ ++#define LUA_VENDOR_LDIR LUA_VENDOR_ROOT "share/lua/" LUA_VDIR "/" ++/* Path for Lua modules that are compatible with Lua 5.1 and newer. */ ++#define LUA_VENDOR_COMMON_LDIR LUA_VENDOR_ROOT "share/lua/common/" ++#define LUA_VENDOR_CDIR LUA_VENDOR_ROOT "lib/lua/" LUA_VDIR "/" ++ + #define LUA_PATH_DEFAULT \ + LUA_LDIR"?.lua;" LUA_LDIR"?/init.lua;" \ + LUA_CDIR"?.lua;" LUA_CDIR"?/init.lua;" \ ++ LUA_VENDOR_LDIR"?.lua;" LUA_VENDOR_LDIR"?/init.lua;" \ ++ LUA_VENDOR_CDIR"?.lua;" LUA_VENDOR_CDIR"?/init.lua;" \ ++ LUA_VENDOR_COMMON_LDIR"?.lua;" LUA_VENDOR_COMMON_LDIR"?/init.lua;" \ + "./?.lua;" "./?/init.lua" + #define LUA_CPATH_DEFAULT \ +- LUA_CDIR"?.so;" LUA_CDIR"loadall.so;" "./?.so" ++ LUA_CDIR"?.so;" LUA_CDIR"loadall.so;" \ ++ LUA_VENDOR_CDIR"?.so;" LUA_VENDOR_CDIR"loadall.so;" \ ++ "./?.so" + #endif /* } */ + + |