diff options
Diffstat (limited to 'package/utils/lua/patches')
4 files changed, 30 insertions, 19 deletions
diff --git a/package/utils/lua/patches/001-include-version-number.patch b/package/utils/lua/patches/001-include-version-number.patch index f769e607367..806d37003ed 100644 --- a/package/utils/lua/patches/001-include-version-number.patch +++ b/package/utils/lua/patches/001-include-version-number.patch @@ -8,7 +8,6 @@ Including it allows multiple lua versions to coexist. Signed-off-by: Rafał Miłecki <rafal@milecki.pl> --- -diff --git a/Makefile b/Makefile --- a/Makefile +++ b/Makefile @@ -41,10 +41,10 @@ RANLIB= ranlib @@ -42,7 +41,7 @@ rename to doc/luac5.1.1 diff --git a/src/Makefile b/src/Makefile --- a/src/Makefile +++ b/src/Makefile -@@ -29,10 +29,10 @@ CORE_O= lapi.o lcode.o ldebug.o ldo.o ldump.o lfunc.o lgc.o llex.o lmem.o \ +@@ -29,10 +29,10 @@ CORE_O= lapi.o lcode.o ldebug.o ldo.o ld LIB_O= lauxlib.o lbaselib.o ldblib.o liolib.o lmathlib.o loslib.o ltablib.o \ lstrlib.o loadlib.o linit.o diff --git a/package/utils/lua/patches/010-lua-5.1.3-lnum-full-260308.patch b/package/utils/lua/patches/010-lua-5.1.3-lnum-full-260308.patch index ac0722c7073..58cc894e1c8 100644 --- a/package/utils/lua/patches/010-lua-5.1.3-lnum-full-260308.patch +++ b/package/utils/lua/patches/010-lua-5.1.3-lnum-full-260308.patch @@ -1589,18 +1589,18 @@ + * (and doing them). + */ +int try_addint( lua_Integer *r, lua_Integer ib, lua_Integer ic ) { -+ lua_Integer v= ib+ic; /* may overflow */ -+ if (ib>0 && ic>0) { if (v < 0) return 0; /*overflow, use floats*/ } -+ else if (ib<0 && ic<0) { if (v >= 0) return 0; } -+ *r= v; ++ /* Signed int overflow is undefined behavior, so catch it without causing it. */ ++ if (ic>0) { if (ib > LUA_INTEGER_MAX - ic) return 0; /*overflow, use floats*/ } ++ else { if (ib < LUA_INTEGER_MIN - ic) return 0; } ++ *r = ib + ic; + return 1; +} + +int try_subint( lua_Integer *r, lua_Integer ib, lua_Integer ic ) { -+ lua_Integer v= ib-ic; /* may overflow */ -+ if (ib>=0 && ic<0) { if (v < 0) return 0; /*overflow, use floats*/ } -+ else if (ib<0 && ic>0) { if (v >= 0) return 0; } -+ *r= v; ++ /* Signed int overflow is undefined behavior, so catch it without causing it. */ ++ if (ic>0) { if (ib < LUA_INTEGER_MIN + ic) return 0; /*overflow, use floats*/ } ++ else { if (ib > LUA_INTEGER_MAX + ic) return 0; } ++ *r = ib - ic; + return 1; +} + diff --git a/package/utils/lua/patches/013-lnum-strtoul-parsing-fixes.patch b/package/utils/lua/patches/013-lnum-strtoul-parsing-fixes.patch index 7f00c8c3a2d..8887229589d 100644 --- a/package/utils/lua/patches/013-lnum-strtoul-parsing-fixes.patch +++ b/package/utils/lua/patches/013-lnum-strtoul-parsing-fixes.patch @@ -1,8 +1,6 @@ -diff --git a/src/lnum.c b/src/lnum.c -index 1456b6a2ed23..b0632b04c2b7 100644 --- a/src/lnum.c +++ b/src/lnum.c -@@ -127,6 +127,8 @@ static int luaO_str2i (const char *s, lua_Integer *res, char **endptr_ref) { +@@ -127,6 +127,8 @@ static int luaO_str2i (const char *s, lu #else return 0; /* Reject the number */ #endif @@ -11,7 +9,7 @@ index 1456b6a2ed23..b0632b04c2b7 100644 } } else if ((v > LUA_INTEGER_MAX) || (*endptr && (!isspace(*endptr)))) { return TK_NUMBER; /* not in signed range, or has '.', 'e' etc. trailing */ -@@ -310,3 +312,13 @@ int try_unmint( lua_Integer *r, lua_Integer ib ) { +@@ -310,3 +312,13 @@ int try_unmint( lua_Integer *r, lua_Inte return 0; } @@ -25,8 +23,6 @@ index 1456b6a2ed23..b0632b04c2b7 100644 + return (unsigned LUA_INTEGER)v; +} +#endif -diff --git a/src/lnum_config.h b/src/lnum_config.h -index 19d7a4231a49..1092eead6629 100644 --- a/src/lnum_config.h +++ b/src/lnum_config.h @@ -141,7 +141,12 @@ @@ -43,6 +39,3 @@ index 19d7a4231a49..1092eead6629 100644 #endif #ifndef LUA_INTEGER_MIN # define LUA_INTEGER_MIN (-LUA_INTEGER_MAX -1) /* -2^16|32 */ --- -1.9.1 - diff --git a/package/utils/lua/patches/400-CVE-2014-5461.patch b/package/utils/lua/patches/400-CVE-2014-5461.patch new file mode 100644 index 00000000000..cce73ff96bd --- /dev/null +++ b/package/utils/lua/patches/400-CVE-2014-5461.patch @@ -0,0 +1,19 @@ +From: Enrico Tassi <gareuselesinge@debian.org> +Date: Tue, 26 Aug 2014 16:20:55 +0200 +Subject: Fix stack overflow in vararg functions + +--- + src/ldo.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/src/ldo.c ++++ b/src/ldo.c +@@ -274,7 +274,7 @@ int luaD_precall (lua_State *L, StkId fu + CallInfo *ci; + StkId st, base; + Proto *p = cl->p; +- luaD_checkstack(L, p->maxstacksize); ++ luaD_checkstack(L, p->maxstacksize + p->numparams); + func = restorestack(L, funcr); + if (!p->is_vararg) { /* no varargs? */ + base = func + 1; |