3 files changed, 2 insertions, 91 deletions
diff --git a/meta/recipes-devtools/lua/lua/CVE-2022-28805.patch b/meta/recipes-devtools/lua/lua/CVE-2022-28805.patch
deleted file mode 100644
index 3680c715a7..0000000000
--- a/meta/recipes-devtools/lua/lua/CVE-2022-28805.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 1f3c6f4534c6411313361697d98d1145a1f030fa Mon Sep 17 00:00:00 2001
-From: Roberto Ierusalimschy <roberto@inf.puc-rio.br>
-Date: Tue, 15 Feb 2022 12:28:46 -0300
-Subject: [PATCH] Bug: Lua can generate wrong code when _ENV is <const>
-CVE: CVE-2022-28805
-Upstream-Status: Backport [https://github.com/lua/lua/commit/1f3c6f4534c6411313361697d98d1145a1f030fa]
-Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
- src/lparser.c         |  1 +
- 1 files changed, 1 insertions(+)
-diff --git a/src/lparser.c b/src/lparser.c
-index 3abe3d751..a5cd55257 100644
--- a/src/lparser.c
-+++ b/src/lparser.c
-@@ -468,6 +468,7 @@ static void singlevar (LexState *ls, expdesc *var) {
-     expdesc key;
-     singlevaraux(fs, ls->envn, var, 1);  /* get environment variable */
-     lua_assert(var->k != VVOID);  /* this one must exist */
-+    luaK_exp2anyregup(fs, var);  /* but could be a constant */
-     codestring(&key, varname);  /* key is variable name */
-     luaK_indexed(fs, var, &key);  /* env[varname] */
-   }
diff --git a/meta/recipes-devtools/lua/lua/CVE-2022-33099.patch b/meta/recipes-devtools/lua/lua/CVE-2022-33099.patch
deleted file mode 100644
index fe7b6065c2..0000000000
--- a/meta/recipes-devtools/lua/lua/CVE-2022-33099.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-From 42d40581dd919fb134c07027ca1ce0844c670daf Mon Sep 17 00:00:00 2001
-From: Roberto Ierusalimschy <roberto@inf.puc-rio.br>
-Date: Fri, 20 May 2022 13:14:33 -0300
-Subject: [PATCH] Save stack space while handling errors
-Because error handling (luaG_errormsg) uses slots from EXTRA_STACK,
-and some errors can recur (e.g., string overflow while creating an
-error message in 'luaG_runerror', or a C-stack overflow before calling
-the message handler), the code should use stack slots with parsimony.
-This commit fixes the bug "Lua-stack overflow when C stack overflows
-while handling an error".
-CVE: CVE-2022-33099
-Upstream-Status: Backport [https://github.com/lua/lua/commit/42d40581dd919fb134c07027ca1ce0844c670daf]
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
- ldebug.c | 5 ++++-
- lvm.c    | 6 ++++--
- 2 files changed, 8 insertions(+), 3 deletions(-)
--- a/src/ldebug.c
-+++ b/src/ldebug.c
-@@ -824,8 +824,11 @@ l_noret luaG_runerror (lua_State *L, con
-   va_start(argp, fmt);
-   msg = luaO_pushvfstring(L, fmt, argp);  /* format message */
-   va_end(argp);
-  if (isLua(ci))  /* if Lua function, add source:line information */
-+  if (isLua(ci)) {  /* if Lua function, add source:line information */
-     luaG_addinfo(L, msg, ci_func(ci)->p->source, getcurrentline(ci));
-+    setobjs2s(L, L->top - 2, L->top - 1);  /* remove 'msg' from the stack */
-+    L->top--;
-+  }
-   luaG_errormsg(L);
- }
- 
--- a/src/lvm.c
-+++ b/src/lvm.c
-@@ -656,8 +656,10 @@ void luaV_concat (lua_State *L, int tota
-       /* collect total length and number of strings */
-       for (n = 1; n < total && tostring(L, s2v(top - n - 1)); n++) {
-         size_t l = vslen(s2v(top - n - 1));
-        if (l_unlikely(l >= (MAX_SIZE/sizeof(char)) - tl))
-+        if (l_unlikely(l >= (MAX_SIZE/sizeof(char)) - tl)) {
-+          L->top = top - total;  /* pop strings to avoid wasting stack */
-           luaG_runerror(L, "string length overflow");
-+        }
-         tl += l;
-       }
-       if (tl <= LUAI_MAXSHORTLEN) {  /* is result a short string? */
-@@ -672,7 +674,7 @@ void luaV_concat (lua_State *L, int tota
-       setsvalue2s(L, top - n, ts);  /* create result */
-     }
-     total -= n-1;  /* got 'n' strings to create 1 new */
-    L->top -= n-1;  /* popped 'n' strings and pushed one */
-+    L->top = top - (n - 1);  /* popped 'n' strings and pushed one */
-   } while (total > 1);  /* repeat until only 1 result left */
- }
- 
diff --git a/meta/recipes-devtools/lua/lua_5.4.4.bb b/meta/recipes-devtools/lua/lua_5.4.6.bb
index 26ec35f997..eabfc89575 100644
--- a/meta/recipes-devtools/lua/lua_5.4.4.bb
+++ b/meta/recipes-devtools/lua/lua_5.4.6.bb
@@ -1,20 +1,18 @@
 SUMMARY = "Lua is a powerful light-weight programming language designed \
 for extending applications."
 LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://doc/readme.html;beginline=307;endline=330;md5=79c3f6b19ad05efe24c1681f025026bb"
+LIC_FILES_CHKSUM = "file://doc/readme.html;beginline=303;endline=324;md5=e05449eb28c092473f854670c6e8375a"
 HOMEPAGE = "http://www.lua.org/"
 SRC_URI = "http://www.lua.org/ftp/lua-${PV}.tar.gz;name=tarballsrc \
           file://lua.pc.in \
-           file://CVE-2022-28805.patch \
-           file://CVE-2022-33099.patch \
           ${@bb.utils.contains('DISTRO_FEATURES', 'ptest', 'http://www.lua.org/tests/lua-${PV_testsuites}-tests.tar.gz;name=tarballtest file://run-ptest ', '', d)} \
           "
 # if no test suite matches PV release of Lua exactly, download the suite for the closest Lua release.
 PV_testsuites = "5.4.4"
-SRC_URI[tarballsrc.sha256sum] = "164c7849653b80ae67bec4b7473b884bf5cc8d2dca05653475ec2ed27b9ebf61"
+SRC_URI[tarballsrc.sha256sum] = "7d5ea1b9cb6aa0b59ca3dde1c6adcb57ef83a1ba8e5432c0ecd06bf439b3ad88"
 SRC_URI[tarballtest.sha256sum] = "04d28355cd67a2299dfe5708b55a0ff221ccb1a3907a3113cc103ccc05ac6aad"
 inherit pkgconfig binconfig ptest

diff --git a/meta/recipes-devtools/lua/lua/CVE-2022-28805.patch b/meta/recipes-devtools/lua/lua/CVE-2022-28805.patch deleted file mode 100644 index 3680c715a7..0000000000 --- a/meta/recipes-devtools/lua/lua/CVE-2022-28805.patch +++ /dev/null
@@ -1,26 +0,0 @@
1	From 1f3c6f4534c6411313361697d98d1145a1f030fa Mon Sep 17 00:00:00 2001
2	From: Roberto Ierusalimschy <roberto@inf.puc-rio.br>
3	Date: Tue, 15 Feb 2022 12:28:46 -0300
4	Subject: [PATCH] Bug: Lua can generate wrong code when _ENV is <const>
5
6	CVE: CVE-2022-28805
7
8	Upstream-Status: Backport [https://github.com/lua/lua/commit/1f3c6f4534c6411313361697d98d1145a1f030fa]
9
10	Signed-off-by: Steve Sakoman <steve@sakoman.com>
11	---
12	src/lparser.c \| 1 +
13	1 files changed, 1 insertions(+)
14
15	diff --git a/src/lparser.c b/src/lparser.c
16	index 3abe3d751..a5cd55257 100644
17	--- a/src/lparser.c
18	+++ b/src/lparser.c
19	@@ -468,6 +468,7 @@ static void singlevar (LexState ls, expdesc var) {
20	expdesc key;
21	singlevaraux(fs, ls->envn, var, 1); /* get environment variable */
22	lua_assert(var->k != VVOID); /* this one must exist */
23	+ luaK_exp2anyregup(fs, var); /* but could be a constant */
24	codestring(&key, varname); /* key is variable name */
25	luaK_indexed(fs, var, &key); /* env[varname] */
26	}


diff --git a/meta/recipes-devtools/lua/lua/CVE-2022-33099.patch b/meta/recipes-devtools/lua/lua/CVE-2022-33099.patch deleted file mode 100644 index fe7b6065c2..0000000000 --- a/meta/recipes-devtools/lua/lua/CVE-2022-33099.patch +++ /dev/null
@@ -1,61 +0,0 @@
1	From 42d40581dd919fb134c07027ca1ce0844c670daf Mon Sep 17 00:00:00 2001
2	From: Roberto Ierusalimschy <roberto@inf.puc-rio.br>
3	Date: Fri, 20 May 2022 13:14:33 -0300
4	Subject: [PATCH] Save stack space while handling errors
5
6	Because error handling (luaG_errormsg) uses slots from EXTRA_STACK,
7	and some errors can recur (e.g., string overflow while creating an
8	error message in 'luaG_runerror', or a C-stack overflow before calling
9	the message handler), the code should use stack slots with parsimony.
10
11	This commit fixes the bug "Lua-stack overflow when C stack overflows
12	while handling an error".
13
14	CVE: CVE-2022-33099
15
16	Upstream-Status: Backport [https://github.com/lua/lua/commit/42d40581dd919fb134c07027ca1ce0844c670daf]
17
18	Signed-off-by: Khem Raj <raj.khem@gmail.com>
19	---
20	ldebug.c \| 5 ++++-
21	lvm.c \| 6 ++++--
22	2 files changed, 8 insertions(+), 3 deletions(-)
23
24	--- a/src/ldebug.c
25	+++ b/src/ldebug.c
26	@@ -824,8 +824,11 @@ l_noret luaG_runerror (lua_State *L, con
27	va_start(argp, fmt);
28	msg = luaO_pushvfstring(L, fmt, argp); /* format message */
29	va_end(argp);
30	- if (isLua(ci)) /* if Lua function, add source:line information */
31	+ if (isLua(ci)) { /* if Lua function, add source:line information */
32	luaG_addinfo(L, msg, ci_func(ci)->p->source, getcurrentline(ci));
33	+ setobjs2s(L, L->top - 2, L->top - 1); /* remove 'msg' from the stack */
34	+ L->top--;
35	+ }
36	luaG_errormsg(L);
37	}
38
39	--- a/src/lvm.c
40	+++ b/src/lvm.c
41	@@ -656,8 +656,10 @@ void luaV_concat (lua_State *L, int tota
42	/* collect total length and number of strings */
43	for (n = 1; n < total && tostring(L, s2v(top - n - 1)); n++) {
44	size_t l = vslen(s2v(top - n - 1));
45	- if (l_unlikely(l >= (MAX_SIZE/sizeof(char)) - tl))
46	+ if (l_unlikely(l >= (MAX_SIZE/sizeof(char)) - tl)) {
47	+ L->top = top - total; /* pop strings to avoid wasting stack */
48	luaG_runerror(L, "string length overflow");
49	+ }
50	tl += l;
51	}
52	if (tl <= LUAI_MAXSHORTLEN) { /* is result a short string? */
53	@@ -672,7 +674,7 @@ void luaV_concat (lua_State *L, int tota
54	setsvalue2s(L, top - n, ts); /* create result */
55	}
56	total -= n-1; /* got 'n' strings to create 1 new */
57	- L->top -= n-1; /* popped 'n' strings and pushed one */
58	+ L->top = top - (n - 1); /* popped 'n' strings and pushed one */
59	} while (total > 1); /* repeat until only 1 result left */
60	}
61


diff --git a/meta/recipes-devtools/lua/lua_5.4.4.bb b/meta/recipes-devtools/lua/lua_5.4.6.bb index 26ec35f997..eabfc89575 100644 --- a/meta/recipes-devtools/lua/lua_5.4.4.bb +++ b/meta/recipes-devtools/lua/lua_5.4.6.bb
@@ -1,20 +1,18 @@
1	SUMMARY = "Lua is a powerful light-weight programming language designed \	1	SUMMARY = "Lua is a powerful light-weight programming language designed \
2	for extending applications."	2	for extending applications."
3	LICENSE = "MIT"	3	LICENSE = "MIT"
4	LIC_FILES_CHKSUM = "file://doc/readme.html;beginline=307;endline=330;md5=79c3f6b19ad05efe24c1681f025026bb"	4	LIC_FILES_CHKSUM = "file://doc/readme.html;beginline=303;endline=324;md5=e05449eb28c092473f854670c6e8375a"
5	HOMEPAGE = "http://www.lua.org/"	5	HOMEPAGE = "http://www.lua.org/"
6		6
7	SRC_URI = "http://www.lua.org/ftp/lua-${PV}.tar.gz;name=tarballsrc \	7	SRC_URI = "http://www.lua.org/ftp/lua-${PV}.tar.gz;name=tarballsrc \
8	file://lua.pc.in \	8	file://lua.pc.in \
9	file://CVE-2022-28805.patch \
10	file://CVE-2022-33099.patch \
11	${@bb.utils.contains('DISTRO_FEATURES', 'ptest', 'http://www.lua.org/tests/lua-${PV_testsuites}-tests.tar.gz;name=tarballtest file://run-ptest ', '', d)} \	9	${@bb.utils.contains('DISTRO_FEATURES', 'ptest', 'http://www.lua.org/tests/lua-${PV_testsuites}-tests.tar.gz;name=tarballtest file://run-ptest ', '', d)} \
12	"	10	"
13		11
14	# if no test suite matches PV release of Lua exactly, download the suite for the closest Lua release.	12	# if no test suite matches PV release of Lua exactly, download the suite for the closest Lua release.
15	PV_testsuites = "5.4.4"	13	PV_testsuites = "5.4.4"
16		14
17	SRC_URI[tarballsrc.sha256sum] = "164c7849653b80ae67bec4b7473b884bf5cc8d2dca05653475ec2ed27b9ebf61"	15	SRC_URI[tarballsrc.sha256sum] = "7d5ea1b9cb6aa0b59ca3dde1c6adcb57ef83a1ba8e5432c0ecd06bf439b3ad88"
18	SRC_URI[tarballtest.sha256sum] = "04d28355cd67a2299dfe5708b55a0ff221ccb1a3907a3113cc103ccc05ac6aad"	16	SRC_URI[tarballtest.sha256sum] = "04d28355cd67a2299dfe5708b55a0ff221ccb1a3907a3113cc103ccc05ac6aad"
19		17
20	inherit pkgconfig binconfig ptest	18	inherit pkgconfig binconfig ptest