From 698748c1538ed03efbcfdd936cf8317b4f138c29 Mon Sep 17 00:00:00 2001 From: Yue Tao Date: Tue, 28 Jul 2020 10:31:07 -0700 Subject: lua: Security Advisory - lua - CVE-2020-15888 Backport fix from https://github.com/lua/lua.git. Signed-off-by: Yue Tao Signed-off-by: Joe Slater Signed-off-by: Khem Raj --- .../recipes-devtools/lua/lua/CVE-2020-15888.patch | 45 ++++++++++++++++++++++ meta-oe/recipes-devtools/lua/lua_5.3.5.bb | 1 + 2 files changed, 46 insertions(+) create mode 100644 meta-oe/recipes-devtools/lua/lua/CVE-2020-15888.patch diff --git a/meta-oe/recipes-devtools/lua/lua/CVE-2020-15888.patch b/meta-oe/recipes-devtools/lua/lua/CVE-2020-15888.patch new file mode 100644 index 0000000000..60a4125971 --- /dev/null +++ b/meta-oe/recipes-devtools/lua/lua/CVE-2020-15888.patch @@ -0,0 +1,45 @@ +From 6298903e35217ab69c279056f925fb72900ce0b7 Mon Sep 17 00:00:00 2001 +From: Roberto Ierusalimschy +Date: Mon, 6 Jul 2020 12:11:54 -0300 +Subject: [PATCH] Keep minimum size when shrinking a stack + +When shrinking a stack (during GC), do not make it smaller than the +initial stack size. +--- + ldo.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) +==== end of original header ==== + +CVE: CVE-2020-15888 + +Upstream-Status: backport [https://github.com/lua/lua.git] + +Signed-off-by: Joe Slater + +==== +diff --git a/ldo.c b/ldo.c +index c563b1d9..a89ac010 100644 +--- a/src/ldo.c ++++ b/src/ldo.c +@@ -220,7 +220,7 @@ static int stackinuse (lua_State *L) { + + void luaD_shrinkstack (lua_State *L) { + int inuse = stackinuse(L); +- int goodsize = inuse + (inuse / 8) + 2*EXTRA_STACK; ++ int goodsize = inuse + BASIC_STACK_SIZE; + if (goodsize > LUAI_MAXSTACK) + goodsize = LUAI_MAXSTACK; /* respect stack limit */ + if (L->stacksize > LUAI_MAXSTACK) /* had been handling stack overflow? */ +@@ -229,8 +229,7 @@ void luaD_shrinkstack (lua_State *L) { + luaE_shrinkCI(L); /* shrink list */ + /* if thread is currently not handling a stack overflow and its + good size is smaller than current size, shrink its stack */ +- if (inuse <= (LUAI_MAXSTACK - EXTRA_STACK) && +- goodsize < L->stacksize) ++ if (inuse <= (LUAI_MAXSTACK - EXTRA_STACK) && goodsize < L->stacksize) + luaD_reallocstack(L, goodsize); + else /* don't change stack */ + condmovestack(L,{},{}); /* (change only for debugging) */ +-- +2.17.1 + diff --git a/meta-oe/recipes-devtools/lua/lua_5.3.5.bb b/meta-oe/recipes-devtools/lua/lua_5.3.5.bb index a23a4a5dac..d3461b06de 100644 --- a/meta-oe/recipes-devtools/lua/lua_5.3.5.bb +++ b/meta-oe/recipes-devtools/lua/lua_5.3.5.bb @@ -7,6 +7,7 @@ HOMEPAGE = "http://www.lua.org/" SRC_URI = "http://www.lua.org/ftp/lua-${PV}.tar.gz;name=tarballsrc \ file://lua.pc.in \ file://0001-Allow-building-lua-without-readline-on-Linux.patch \ + file://CVE-2020-15888.patch \ " # if no test suite matches PV release of Lua exactly, download the suite for the closest Lua release. -- cgit 1.2.3-korg