[openwrt/openwrt] lua: fix CVE-2014-5461

LEDE Commits lede-commits at lists.infradead.org
Mon Jul 8 13:28:11 PDT 2024 

hauke pushed a commit to openwrt/openwrt.git, branch openwrt-22.03:
https://git.openwrt.org/bf3ea23f5a7f26e88d829b4217d1067cc68f9d5c

commit bf3ea23f5a7f26e88d829b4217d1067cc68f9d5c
Author: Rosen Penev <rosenp at gmail.com>
AuthorDate: Sun Feb 11 15:06:44 2024 -0800

    lua: fix CVE-2014-5461
    
    Patch taken from Debian.
    
    Refresh patches
    
    Signed-off-by: Rosen Penev <rosenp at gmail.com>
    (cherry picked from commit 78b0106f7d5093641f68d37c041a5863eb9dd9a0)
    Link: https://github.com/openwrt/openwrt/pull/15899
    Signed-off-by: Hauke Mehrtens <hauke at hauke-m.de>
---
 package/utils/lua/Makefile                            |  2 +-
 .../lua/patches-host/001-include-version-number.patch |  3 +--
 .../patches-host/013-lnum-strtoul-parsing-fixes.patch | 11 ++---------
 package/utils/lua/patches-host/100-no_readline.patch  |  6 +++---
 .../utils/lua/patches-host/400-CVE-2014-5461.patch    | 19 +++++++++++++++++++
 .../lua/patches/001-include-version-number.patch      |  3 +--
 .../lua/patches/013-lnum-strtoul-parsing-fixes.patch  | 11 ++---------
 package/utils/lua/patches/400-CVE-2014-5461.patch     | 19 +++++++++++++++++++
 8 files changed, 48 insertions(+), 26 deletions(-)

diff --git a/package/utils/lua/Makefile b/package/utils/lua/Makefile
index 7311e0c715..48562c96f5 100644
--- a/package/utils/lua/Makefile
+++ b/package/utils/lua/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=lua
 PKG_VERSION:=5.1.5
-PKG_RELEASE:=10
+PKG_RELEASE:=11
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://www.lua.org/ftp/ \
diff --git a/package/utils/lua/patches-host/001-include-version-number.patch b/package/utils/lua/patches-host/001-include-version-number.patch
index f769e60736..806d37003e 100644
--- a/package/utils/lua/patches-host/001-include-version-number.patch
+++ b/package/utils/lua/patches-host/001-include-version-number.patch
@@ -8,7 +8,6 @@ Including it allows multiple lua versions to coexist.
 Signed-off-by: Rafał Miłecki <rafal at milecki.pl>
 ---
 
-diff --git a/Makefile b/Makefile
 --- a/Makefile
 +++ b/Makefile
 @@ -41,10 +41,10 @@ RANLIB= ranlib
@@ -42,7 +41,7 @@ rename to doc/luac5.1.1
 diff --git a/src/Makefile b/src/Makefile
 --- a/src/Makefile
 +++ b/src/Makefile
-@@ -29,10 +29,10 @@ CORE_O=	lapi.o lcode.o ldebug.o ldo.o ldump.o lfunc.o lgc.o llex.o lmem.o \
+@@ -29,10 +29,10 @@ CORE_O=	lapi.o lcode.o ldebug.o ldo.o ld
  LIB_O=	lauxlib.o lbaselib.o ldblib.o liolib.o lmathlib.o loslib.o ltablib.o \
  	lstrlib.o loadlib.o linit.o
  
diff --git a/package/utils/lua/patches-host/013-lnum-strtoul-parsing-fixes.patch b/package/utils/lua/patches-host/013-lnum-strtoul-parsing-fixes.patch
index 7f00c8c3a2..8887229589 100644
--- a/package/utils/lua/patches-host/013-lnum-strtoul-parsing-fixes.patch
+++ b/package/utils/lua/patches-host/013-lnum-strtoul-parsing-fixes.patch
@@ -1,8 +1,6 @@
-diff --git a/src/lnum.c b/src/lnum.c
-index 1456b6a2ed23..b0632b04c2b7 100644
 --- a/src/lnum.c
 +++ b/src/lnum.c
-@@ -127,6 +127,8 @@ static int luaO_str2i (const char *s, lua_Integer *res, char **endptr_ref) {
+@@ -127,6 +127,8 @@ static int luaO_str2i (const char *s, lu
  #else
        return 0;  /* Reject the number */
  #endif
@@ -11,7 +9,7 @@ index 1456b6a2ed23..b0632b04c2b7 100644
      }
    } else if ((v > LUA_INTEGER_MAX) || (*endptr && (!isspace(*endptr)))) {
      return TK_NUMBER;	/* not in signed range, or has '.', 'e' etc. trailing */
-@@ -310,3 +312,13 @@ int try_unmint( lua_Integer *r, lua_Integer ib ) {
+@@ -310,3 +312,13 @@ int try_unmint( lua_Integer *r, lua_Inte
    return 0;
  }
  
@@ -25,8 +23,6 @@ index 1456b6a2ed23..b0632b04c2b7 100644
 +  return (unsigned LUA_INTEGER)v;
 +}
 +#endif
-diff --git a/src/lnum_config.h b/src/lnum_config.h
-index 19d7a4231a49..1092eead6629 100644
 --- a/src/lnum_config.h
 +++ b/src/lnum_config.h
 @@ -141,7 +141,12 @@
@@ -43,6 +39,3 @@ index 19d7a4231a49..1092eead6629 100644
  #endif
  #ifndef LUA_INTEGER_MIN
  # define LUA_INTEGER_MIN (-LUA_INTEGER_MAX -1)  /* -2^16|32 */
--- 
-1.9.1
-
diff --git a/package/utils/lua/patches-host/100-no_readline.patch b/package/utils/lua/patches-host/100-no_readline.patch
index 209c302bb7..700114e43c 100644
--- a/package/utils/lua/patches-host/100-no_readline.patch
+++ b/package/utils/lua/patches-host/100-no_readline.patch
@@ -10,7 +10,7 @@
  #if defined(LUA_USE_MACOSX)
 --- a/src/Makefile
 +++ b/src/Makefile
-@@ -17,6 +17,7 @@
+@@ -17,6 +17,7 @@ LIBS= -lm $(MYLIBS)
  MYCFLAGS=
  MYLDFLAGS=
  MYLIBS=
@@ -18,7 +18,7 @@
  
  # == END OF USER SETTINGS. NO NEED TO CHANGE ANYTHING BELOW THIS LINE =========
  
-@@ -75,7 +76,7 @@
+@@ -75,7 +76,7 @@ echo:
  	@echo "MYLIBS = $(MYLIBS)"
  
  # convenience targets for popular platforms
@@ -27,7 +27,7 @@
  none:
  	@echo "Please choose a platform:"
  	@echo "   $(PLATS)"
-@@ -90,16 +91,16 @@
+@@ -90,16 +91,16 @@ bsd:
  	$(MAKE) all MYCFLAGS="-DLUA_USE_POSIX -DLUA_USE_DLOPEN" MYLIBS="-Wl,-E"
  
  freebsd:
diff --git a/package/utils/lua/patches-host/400-CVE-2014-5461.patch b/package/utils/lua/patches-host/400-CVE-2014-5461.patch
new file mode 100644
index 0000000000..cce73ff96b
--- /dev/null
+++ b/package/utils/lua/patches-host/400-CVE-2014-5461.patch
@@ -0,0 +1,19 @@
+From: Enrico Tassi <gareuselesinge at debian.org>
+Date: Tue, 26 Aug 2014 16:20:55 +0200
+Subject: Fix stack overflow in vararg functions
+
+---
+ src/ldo.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/src/ldo.c
++++ b/src/ldo.c
+@@ -274,7 +274,7 @@ int luaD_precall (lua_State *L, StkId fu
+     CallInfo *ci;
+     StkId st, base;
+     Proto *p = cl->p;
+-    luaD_checkstack(L, p->maxstacksize);
++    luaD_checkstack(L, p->maxstacksize + p->numparams);
+     func = restorestack(L, funcr);
+     if (!p->is_vararg) {  /* no varargs? */
+       base = func + 1;
diff --git a/package/utils/lua/patches/001-include-version-number.patch b/package/utils/lua/patches/001-include-version-number.patch
index f769e60736..806d37003e 100644
--- a/package/utils/lua/patches/001-include-version-number.patch
+++ b/package/utils/lua/patches/001-include-version-number.patch
@@ -8,7 +8,6 @@ Including it allows multiple lua versions to coexist.
 Signed-off-by: Rafał Miłecki <rafal at milecki.pl>
 ---
 
-diff --git a/Makefile b/Makefile
 --- a/Makefile
 +++ b/Makefile
 @@ -41,10 +41,10 @@ RANLIB= ranlib
@@ -42,7 +41,7 @@ rename to doc/luac5.1.1
 diff --git a/src/Makefile b/src/Makefile
 --- a/src/Makefile
 +++ b/src/Makefile
-@@ -29,10 +29,10 @@ CORE_O=	lapi.o lcode.o ldebug.o ldo.o ldump.o lfunc.o lgc.o llex.o lmem.o \
+@@ -29,10 +29,10 @@ CORE_O=	lapi.o lcode.o ldebug.o ldo.o ld
  LIB_O=	lauxlib.o lbaselib.o ldblib.o liolib.o lmathlib.o loslib.o ltablib.o \
  	lstrlib.o loadlib.o linit.o
  
diff --git a/package/utils/lua/patches/013-lnum-strtoul-parsing-fixes.patch b/package/utils/lua/patches/013-lnum-strtoul-parsing-fixes.patch
index 7f00c8c3a2..8887229589 100644
--- a/package/utils/lua/patches/013-lnum-strtoul-parsing-fixes.patch
+++ b/package/utils/lua/patches/013-lnum-strtoul-parsing-fixes.patch
@@ -1,8 +1,6 @@
-diff --git a/src/lnum.c b/src/lnum.c
-index 1456b6a2ed23..b0632b04c2b7 100644
 --- a/src/lnum.c
 +++ b/src/lnum.c
-@@ -127,6 +127,8 @@ static int luaO_str2i (const char *s, lua_Integer *res, char **endptr_ref) {
+@@ -127,6 +127,8 @@ static int luaO_str2i (const char *s, lu
  #else
        return 0;  /* Reject the number */
  #endif
@@ -11,7 +9,7 @@ index 1456b6a2ed23..b0632b04c2b7 100644
      }
    } else if ((v > LUA_INTEGER_MAX) || (*endptr && (!isspace(*endptr)))) {
      return TK_NUMBER;	/* not in signed range, or has '.', 'e' etc. trailing */
-@@ -310,3 +312,13 @@ int try_unmint( lua_Integer *r, lua_Integer ib ) {
+@@ -310,3 +312,13 @@ int try_unmint( lua_Integer *r, lua_Inte
    return 0;
  }
  
@@ -25,8 +23,6 @@ index 1456b6a2ed23..b0632b04c2b7 100644
 +  return (unsigned LUA_INTEGER)v;
 +}
 +#endif
-diff --git a/src/lnum_config.h b/src/lnum_config.h
-index 19d7a4231a49..1092eead6629 100644
 --- a/src/lnum_config.h
 +++ b/src/lnum_config.h
 @@ -141,7 +141,12 @@
@@ -43,6 +39,3 @@ index 19d7a4231a49..1092eead6629 100644
  #endif
  #ifndef LUA_INTEGER_MIN
  # define LUA_INTEGER_MIN (-LUA_INTEGER_MAX -1)  /* -2^16|32 */
--- 
-1.9.1
-
diff --git a/package/utils/lua/patches/400-CVE-2014-5461.patch b/package/utils/lua/patches/400-CVE-2014-5461.patch
new file mode 100644
index 0000000000..cce73ff96b
--- /dev/null
+++ b/package/utils/lua/patches/400-CVE-2014-5461.patch
@@ -0,0 +1,19 @@
+From: Enrico Tassi <gareuselesinge at debian.org>
+Date: Tue, 26 Aug 2014 16:20:55 +0200
+Subject: Fix stack overflow in vararg functions
+
+---
+ src/ldo.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/src/ldo.c
++++ b/src/ldo.c
+@@ -274,7 +274,7 @@ int luaD_precall (lua_State *L, StkId fu
+     CallInfo *ci;
+     StkId st, base;
+     Proto *p = cl->p;
+-    luaD_checkstack(L, p->maxstacksize);
++    luaD_checkstack(L, p->maxstacksize + p->numparams);
+     func = restorestack(L, funcr);
+     if (!p->is_vararg) {  /* no varargs? */
+       base = func + 1;

More information about the lede-commits mailing list