diff --git a/backport-CVE-2021-43519.patch b/backport-CVE-2021-43519.patch index acf125e42bd7783128505f08cf60fec5335cb8ff..b076b9b3ac53dda1f9907ee8f1819a8ce8a60d1c 100644 --- a/backport-CVE-2021-43519.patch +++ b/backport-CVE-2021-43519.patch @@ -7,15 +7,40 @@ Subject: [PATCH] Bug: C stack overflow with coroutines continuing execution after a protected error (that is, while running 'precover'). --- - src/ldo.c | 6 ++++-- - testes/cstack.lua | 14 ++++++++++++++ + lua-5.4.3-tests/cstack.lua | 14 ++++++++++++++ + src/ldo.c | 6 ++++-- 2 files changed, 18 insertions(+), 2 deletions(-) +diff --git a/lua-5.4.3-tests/cstack.lua b/lua-5.4.3-tests/cstack.lua +index 213d15d..ca76c87 100644 +--- a/lua-5.4.3-tests/cstack.lua ++++ b/lua-5.4.3-tests/cstack.lua +@@ -103,6 +103,20 @@ do + end + + ++do -- bug in 5.4.2 ++ print("nesting coroutines running after recoverable errors") ++ local count = 0 ++ local function foo() ++ count = count + 1 ++ pcall(1) -- create an error ++ -- running now inside 'precover' ("protected recover") ++ coroutine.wrap(foo)() -- call another coroutine ++ end ++ checkerror("C stack overflow", foo) ++ print("final count: ", count) ++end ++ ++ + if T then + print("testing stack recovery") + local N = 0 -- trace number of calls diff --git a/src/ldo.c b/src/ldo.c -index d0edc8b4f..66f890364 100644 +index 7135079..ca558fd 100644 --- a/src/ldo.c +++ b/src/ldo.c -@@ -759,11 +759,10 @@ static void resume (lua_State *L, void *ud) { +@@ -728,11 +728,10 @@ static void resume (lua_State *L, void *ud) { StkId firstArg = L->top - n; /* first argument */ CallInfo *ci = L->ci; if (L->status == LUA_OK) /* starting a coroutine? */ @@ -28,7 +53,7 @@ index d0edc8b4f..66f890364 100644 if (isLua(ci)) { /* yielded inside a hook? */ L->top = firstArg; /* discard arguments */ luaV_execute(L, ci); /* just continue running Lua code */ -@@ -814,6 +813,9 @@ LUA_API int lua_resume (lua_State *L, lua_State *from, int nargs, +@@ -783,6 +782,9 @@ LUA_API int lua_resume (lua_State *L, lua_State *from, int nargs, else if (L->status != LUA_YIELD) /* ended with errors? */ return resume_error(L, "cannot resume dead coroutine", nargs); L->nCcalls = (from) ? getCcalls(from) : 0; @@ -38,28 +63,6 @@ index d0edc8b4f..66f890364 100644 luai_userstateresume(L, nargs); api_checknelems(L, (L->status == LUA_OK) ? nargs + 1 : nargs); status = luaD_rawrunprotected(L, resume, &nargs); -diff --git a/testes/cstack.lua b/testes/cstack.lua -index 213d15d47..ca76c8729 100644 ---- a/testes/cstack.lua -+++ b/testes/cstack.lua -@@ -103,6 +103,20 @@ do - end - - -+do -- bug in 5.4.2 -+ print("nesting coroutines running after recoverable errors") -+ local count = 0 -+ local function foo() -+ count = count + 1 -+ pcall(1) -- create an error -+ -- running now inside 'precover' ("protected recover") -+ coroutine.wrap(foo)() -- call another coroutine -+ end -+ checkerror("C stack overflow", foo) -+ print("final count: ", count) -+end -+ -+ - if T then - print("testing stack recovery") - local N = 0 -- trace number of calls +-- +1.8.3.1 + diff --git a/lua.spec b/lua.spec index 14e12b7d71587ba58d2cc6fffc9189c75397e340..cc1f5189946904258e045eb92ff6cb077e211d4f 100644 --- a/lua.spec +++ b/lua.spec @@ -6,7 +6,7 @@ Name: lua Version: 5.4.3 -Release: 4 +Release: 5 Summary: A powerful, efficient, lightweight, embeddable scripting language License: MIT URL: http://www.lua.org/ @@ -56,6 +56,8 @@ mv src/luaconf.h src/luaconf.h.template.in %patch1 -p1 -z .idsize %patch2 -p1 -z .configure-linux %patch3 -p1 -z .configure-compat-all +%patch6000 -p1 + # Put proper version in configure.ac, patch0 hardcodes 5.3.0 sed -i 's|5.3.0|%{version}|g' configure.ac autoreconf -ifv @@ -129,6 +131,9 @@ LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_libdir} $RPM_BUILD_ROOT/%{_bindir}/lua -e"_U= %{_mandir}/man1/lua*.1* %changelog +* Thu Apr 14 2022 shixuantong - 5.4.3-5 +- fix CVE-2021-43519 patch error + * Fri Apr 01 2022 shixuantong - 5.4.3-4 - fix CVE-2021-43519