summaryrefslogtreecommitdiff
path: root/user/lua5.3
diff options
context:
space:
mode:
Diffstat (limited to 'user/lua5.3')
-rw-r--r--user/lua5.3/APKBUILD139
-rw-r--r--user/lua5.3/CVE-2019-6706.patch27
-rw-r--r--user/lua5.3/CVE-2020-24370.patch36
-rw-r--r--user/lua5.3/linenoise.patch18
-rw-r--r--user/lua5.3/lua-5.3-make.patch74
-rw-r--r--user/lua5.3/lua-5.3-module_paths.patch31
6 files changed, 325 insertions, 0 deletions
diff --git a/user/lua5.3/APKBUILD b/user/lua5.3/APKBUILD
new file mode 100644
index 000000000..5786668d5
--- /dev/null
+++ b/user/lua5.3/APKBUILD
@@ -0,0 +1,139 @@
+# Maintainer:
+pkgname=lua5.3
+_pkgname=lua
+pkgver=5.3.5
+_luaver=${pkgname#lua}
+pkgrel=2
+pkgdesc="Embeddable programming language"
+url="https://www.lua.org/"
+arch="all"
+license="MIT"
+ldpath="/usr/lib/$pkgname"
+depends=""
+depends_dev="$pkgname"
+makedepends="libtool autoconf automake linenoise-dev"
+provides="lua"
+subpackages="$pkgname-dev $pkgname-doc $pkgname-libs"
+source="https://www.lua.org/ftp/$_pkgname-$pkgver.tar.gz
+ lua-5.3-make.patch
+ lua-5.3-module_paths.patch
+ linenoise.patch
+ CVE-2019-6706.patch
+ CVE-2020-24370.patch
+ "
+builddir="$srcdir/$_pkgname-$pkgver"
+
+# secfixes: lua
+# 5.3.5-r2:
+# - CVE-2020-24370
+# 5.3.5-r1:
+# - CVE-2019-6706
+
+prepare() {
+ default_prepare
+
+ # disable readline
+ sed -i '/#define LUA_USE_READLINE/d' src/luaconf.h
+
+ # we use libtool
+ cat > configure.ac <<-EOF
+ top_buildir=.
+
+ AC_INIT(src/luaconf.h)
+ AC_PROG_LIBTOOL
+ AC_OUTPUT()
+ EOF
+ libtoolize --force --install && aclocal && autoconf
+}
+
+build() {
+ ./configure \
+ --build=$CBUILD \
+ --host=$CHOST \
+ --prefix=/usr
+
+ cd src
+ make V=${pkgver%.*} \
+ CFLAGS="-DLUA_USE_LINUX -DLUA_COMPAT_5_2 -DLUA_USE_LINENOISE" \
+ SYSLDFLAGS="$LDFLAGS" \
+ RPATH="/usr/lib" \
+ LIB_LIBS="-lpthread -lm -ldl -llinenoise" \
+ alpine_all
+}
+
+check() {
+ make test
+}
+
+package() {
+ make V=${pkgver%.*} \
+ INSTALL_TOP="$pkgdir"/usr \
+ INSTALL_INC="$pkgdir"/usr/include/$pkgname \
+ INSTALL_LIB="$pkgdir"/usr/lib/$pkgname \
+ alpine_install
+
+ for _solib in "$pkgdir"/usr/lib/$pkgname/*.so.*; do
+ ln -s $pkgname/${_solib##*/} "$pkgdir"/usr/lib/${_solib##*/}
+ done
+
+ install -D -m 644 doc/lua.1 "$pkgdir"/usr/share/man/man1/lua.1
+ install -D -m 644 doc/luac.1 "$pkgdir"/usr/share/man/man1/luac.1
+
+ install -d "$pkgdir"/usr/lib/pkgconfig
+ cat > "$pkgdir"/usr/lib/pkgconfig/lua.pc <<-EOF
+ # lua.pc -- pkg-config data for Lua
+
+ # vars from install Makefile
+
+ # grep '^V=' ../Makefile
+ V= ${_luaver}
+ # grep '^R=' ../Makefile
+ R= ${pkgver}
+
+ # grep '^INSTALL_.*=' ../Makefile | sed 's/INSTALL_TOP/prefix/'
+ prefix= /usr
+ INSTALL_BIN= \${prefix}/bin
+ INSTALL_INC= \${prefix}/include
+ INSTALL_LIB= \${prefix}/lib
+ INSTALL_MAN= \${prefix}/man/man1
+ INSTALL_LMOD= \${prefix}/share/lua/\${V}
+ INSTALL_CMOD= \${prefix}/lib/lua/\${V}
+
+ # canonical vars
+ exec_prefix=\${prefix}
+ libdir=\${exec_prefix}/lib/$pkgname
+ includedir=\${prefix}/include/$pkgname
+
+ Name: Lua
+ Description: An Extensible Extension Language
+ Version: \${R}
+ Requires:
+ Libs: -L\${libdir} -llua -lm
+ Cflags: -I\${includedir}
+
+ # (end of lua.pc)
+ EOF
+
+}
+
+dev() {
+ default_dev
+
+ mkdir -p "$subpkgdir"/usr/lib/$pkgname
+ mv "$pkgdir"/usr/lib/$pkgname/liblua.so "$subpkgdir"/usr/lib/$pkgname/
+}
+
+libs() {
+ pkgdesc="Lua dynamic library runtime"
+ replaces="lua"
+
+ mkdir -p "$subpkgdir"/usr
+ mv "$pkgdir"/usr/lib "$subpkgdir"/usr/
+}
+
+sha512sums="4f9516acc4659dfd0a9e911bfa00c0788f0ad9348e5724fe8fb17aac59e9c0060a64378f82be86f8534e49c6c013e7488ad17321bafcc787831d3d67406bd0f4 lua-5.3.5.tar.gz
+1bc6c623024c1738155b30ff9c0edcce0f336edc25aa20c3a1400c859421ea2015d75175cce8d515e055ac3e96028426b74812e04022af18a0ed4c4601556027 lua-5.3-make.patch
+bc68772390dc8d8940176af0b9fbacc0af61891b5d27de5f1466a4e7f9b3291a1c08ba5add829bc96b789a53fa5ec2dadaa096ca6eabe54ec27724fa2810940f lua-5.3-module_paths.patch
+49880d1131b7bd2a3169a26f401769a91d9a6a62cefe68aa5a89097139289588b7ef753535a2d0ba7f45c0369c760554940fd810716b7b1353deace32432fcfe linenoise.patch
+77755c083630d48404178012d5947230675311a15f0f5e30efa72004edf3124615fa9080b739240213c013efb015689e09ee653a41d560964a3df78a8fe0fd8d CVE-2019-6706.patch
+0c28366d352e3e6660413d16c1deaa0b1c6070170c13d95ae7a48b6b39c728a16d3f2a6068f665b3ec3e17f4f69d006625af074a4ddb51c8f3845d567c0dd809 CVE-2020-24370.patch"
diff --git a/user/lua5.3/CVE-2019-6706.patch b/user/lua5.3/CVE-2019-6706.patch
new file mode 100644
index 000000000..c35f81a4a
--- /dev/null
+++ b/user/lua5.3/CVE-2019-6706.patch
@@ -0,0 +1,27 @@
+Lifted from Ubuntu:
+
+https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/lua5.3/5.3.3-1.1ubuntu1/lua5.3_5.3.3-1.1ubuntu1.debian.tar.xz
+0c7d89b1413cc55f3aff5bbd40e5726b7d69b856befbbf32f00f58588dc4ce81
+
+--- a/src/lapi.c
++++ b/src/lapi.c
+@@ -1285,14 +1285,14 @@ LUA_API void *lua_upvalueid (lua_State *
+
+ LUA_API void lua_upvaluejoin (lua_State *L, int fidx1, int n1,
+ int fidx2, int n2) {
+- LClosure *f1;
+- UpVal **up1 = getupvalref(L, fidx1, n1, &f1);
++ UpVal **up1 = getupvalref(L, fidx1, n1, NULL); /* the last parameter not needed */
+ UpVal **up2 = getupvalref(L, fidx2, n2, NULL);
++ if (*up1 == *up2) return; /* Already joined */
++ (*up2)->refcount++;
++ if (upisopen(*up2)) (*up2)->u.open.touched = 1;
++ luaC_upvalbarrier(L, *up2);
+ luaC_upvdeccount(L, *up1);
+ *up1 = *up2;
+- (*up1)->refcount++;
+- if (upisopen(*up1)) (*up1)->u.open.touched = 1;
+- luaC_upvalbarrier(L, *up1);
+ }
+
+
diff --git a/user/lua5.3/CVE-2020-24370.patch b/user/lua5.3/CVE-2020-24370.patch
new file mode 100644
index 000000000..0bfce24b1
--- /dev/null
+++ b/user/lua5.3/CVE-2020-24370.patch
@@ -0,0 +1,36 @@
+From b5bc89846721375fe30772eb8c5ab2786f362bf9 Mon Sep 17 00:00:00 2001
+From: Roberto Ierusalimschy <roberto@inf.puc-rio.br>
+Date: Mon, 3 Aug 2020 16:25:28 -0300
+Subject: [PATCH] Fixed bug: Negation overflow in getlocal/setlocal
+
+---
+ ldebug.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/ldebug.c b/ldebug.c
+index e1389296e..bb0e1d4ac 100644
+--- a/src/ldebug.c
++++ b/src/ldebug.c
+@@ -133,10 +133,11 @@ static const char *upvalname (Proto *p, int uv) {
+
+ static const char *findvararg (CallInfo *ci, int n, StkId *pos) {
+ int nparams = clLvalue(ci->func)->p->numparams;
+- if (n >= cast_int(ci->u.l.base - ci->func) - nparams)
++ int nvararg = cast_int(ci->u.l.base - ci->func) - nparams;
++ if (n <= -nvararg)
+ return NULL; /* no such vararg */
+ else {
+- *pos = ci->func + nparams + n;
++ *pos = ci->func + nparams - n;
+ return "(*vararg)"; /* generic name for any vararg */
+ }
+ }
+@@ -148,7 +149,7 @@ static const char *findlocal (lua_State *L, CallInfo *ci, int n,
+ StkId base;
+ if (isLua(ci)) {
+ if (n < 0) /* access to vararg values? */
+- return findvararg(ci, -n, pos);
++ return findvararg(ci, n, pos);
+ else {
+ base = ci->u.l.base;
+ name = luaF_getlocalname(ci_func(ci)->p, n, currentpc(ci));
diff --git a/user/lua5.3/linenoise.patch b/user/lua5.3/linenoise.patch
new file mode 100644
index 000000000..fdca6205a
--- /dev/null
+++ b/user/lua5.3/linenoise.patch
@@ -0,0 +1,18 @@
+--- ./src/lua.c.orig
++++ ./src/lua.c
+@@ -85,6 +85,15 @@
+ add_history(lua_tostring(L, idx)); /* add it to history */
+ #define lua_freeline(L,b) ((void)L, free(b))
+
++#elif defined(LUA_USE_LINENOISE)/* }{ */
++
++#include "linenoise.h"
++#define lua_readline(L,b,p) ((void)L, ((b)=linenoise(p)) != NULL)
++#define lua_saveline(L,idx) \
++ if (lua_rawlen(L,idx) > 0) /* non-empty line? */ \
++ linenoiseHistoryAdd(lua_tostring(L, idx)); /* add it to history */
++#define lua_freeline(L,b) ((void)L, free(b))
++
+ #else /* }{ */
+
+ #define lua_readline(L,b,p) \
diff --git a/user/lua5.3/lua-5.3-make.patch b/user/lua5.3/lua-5.3-make.patch
new file mode 100644
index 000000000..349218607
--- /dev/null
+++ b/user/lua5.3/lua-5.3-make.patch
@@ -0,0 +1,74 @@
+diff --git a/Makefile b/Makefile
+index 7fa91c8..c85ede2 100644
+--- a/Makefile
++++ b/Makefile
+@@ -112,3 +112,18 @@ pc:
+ .PHONY: all $(PLATS) clean test install local none dummy echo pecho lecho
+
+ # (end of Makefile)
++
++# Use libtool for binary installs, etc.
++
++export V
++export LIBTOOL = ../libtool --quiet --tag=CC
++# See libtool manual about how to set this
++
++alpine_clean:
++ cd src; $(MAKE) $@
++
++alpine_install:
++ mkdir -p $(INSTALL_BIN) $(INSTALL_INC) $(INSTALL_LIB)
++ cd src; $(LIBTOOL) --mode=install $(INSTALL_EXEC) lua luac $(INSTALL_BIN)
++ cd src; $(INSTALL_DATA) $(TO_INC) $(INSTALL_INC)
++ cd src; $(LIBTOOL) --mode=install $(INSTALL_DATA) liblua.la $(INSTALL_LIB)
+diff --git a/src/Makefile b/src/Makefile
+index 2e7a412..a72f342 100644
+--- a/src/Makefile
++++ b/src/Makefile
+@@ -59,10 +59,10 @@ $(LUA_A): $(BASE_O)
+ $(AR) $@ $(BASE_O)
+ $(RANLIB) $@
+
+-$(LUA_T): $(LUA_O) $(LUA_A)
++origin$(LUA_T): $(LUA_O) $(LUA_A)
+ $(CC) -o $@ $(LDFLAGS) $(LUA_O) $(LUA_A) $(LIBS)
+
+-$(LUAC_T): $(LUAC_O) $(LUA_A)
++origin$(LUAC_T): $(LUAC_O) $(LUA_A)
+ $(CC) -o $@ $(LDFLAGS) $(LUAC_O) $(LUA_A) $(LIBS)
+
+ clean:
+@@ -194,4 +194,33 @@ lvm.o: lvm.c lprefix.h lua.h luaconf.h ldebug.h lstate.h lobject.h \
+ lzio.o: lzio.c lprefix.h lua.h luaconf.h llimits.h lmem.h lstate.h \
+ lobject.h ltm.h lzio.h
+
++
++export LIBTOOL = ../libtool --quiet --tag=CC
++export LIB_VERSION = 0:0:0
++
++# The following rules use libtool for compiling and linking in order to
++# provide shared library support.
++
++LIB_NAME = liblua.la
++LIB_OBJS = $(CORE_O:.o=.lo) $(LIB_O:.o=.lo)
++
++%.lo %.o: %.c
++ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) -o $@ $<
++
++$(LIB_NAME): $(LIB_OBJS)
++ $(LIBTOOL) --mode=link $(CC) -version-info $(LIB_VERSION) -release $(V) \
++ -rpath $(RPATH) $(LDFLAGS) -o $(LIB_NAME) $(LIB_OBJS) $(LIB_LIBS)
++
++$(LUA_T): $(LUA_O:.o=.lo) $(LIB_NAME)
++ $(LIBTOOL) --mode=link $(CC) -export-dynamic $(LDFLAGS) -o $@ \
++ $(LUA_O:.o=.lo) $(LIB_NAME) $(LUA_LIBS)
++
++$(LUAC_T): $(LUAC_O:.o=.lo) $(LIB_NAME)
++ $(LIBTOOL) --mode=link $(CC) -static $(LDFLAGS) -o $@ $(LUAC_O:.o=.lo) \
++ $(LIB_NAME)
++
++alpine_clean:
++ $(LIBTOOL) --mode=clean $(RM) $(ALL_O:.o=.lo) $(LIB_NAME) lua luac
++
++alpine_all: $(LIB_NAME) $(LUA_T) $(LUAC_T)
+ # (end of Makefile)
diff --git a/user/lua5.3/lua-5.3-module_paths.patch b/user/lua5.3/lua-5.3-module_paths.patch
new file mode 100644
index 000000000..313d9c609
--- /dev/null
+++ b/user/lua5.3/lua-5.3-module_paths.patch
@@ -0,0 +1,31 @@
+diff --git a/src/luaconf.h b/src/luaconf.h
+index fd28d21..4c65295 100644
+--- a/src/luaconf.h
++++ b/src/luaconf.h
+@@ -203,12 +201,25 @@
+ #define LUA_ROOT "/usr/local/"
+ #define LUA_LDIR LUA_ROOT "share/lua/" LUA_VDIR "/"
+ #define LUA_CDIR LUA_ROOT "lib/lua/" LUA_VDIR "/"
++
++#define LUA_VENDOR_ROOT "/usr/"
++/* Path for version-specific Lua modules. */
++#define LUA_VENDOR_LDIR LUA_VENDOR_ROOT "share/lua/" LUA_VDIR "/"
++/* Path for Lua modules that are compatible with Lua 5.1 and newer. */
++#define LUA_VENDOR_COMMON_LDIR LUA_VENDOR_ROOT "share/lua/common/"
++#define LUA_VENDOR_CDIR LUA_VENDOR_ROOT "lib/lua/" LUA_VDIR "/"
++
+ #define LUA_PATH_DEFAULT \
+ LUA_LDIR"?.lua;" LUA_LDIR"?/init.lua;" \
+ LUA_CDIR"?.lua;" LUA_CDIR"?/init.lua;" \
++ LUA_VENDOR_LDIR"?.lua;" LUA_VENDOR_LDIR"?/init.lua;" \
++ LUA_VENDOR_CDIR"?.lua;" LUA_VENDOR_CDIR"?/init.lua;" \
++ LUA_VENDOR_COMMON_LDIR"?.lua;" LUA_VENDOR_COMMON_LDIR"?/init.lua;" \
+ "./?.lua;" "./?/init.lua"
+ #define LUA_CPATH_DEFAULT \
+- LUA_CDIR"?.so;" LUA_CDIR"loadall.so;" "./?.so"
++ LUA_CDIR"?.so;" LUA_CDIR"loadall.so;" \
++ LUA_VENDOR_CDIR"?.so;" LUA_VENDOR_CDIR"loadall.so;" \
++ "./?.so"
+ #endif /* } */
+
+