commit: a2a054ce465da2fd25ff354c875024011b9fd2c9 Author: Rafael Martins <rafaelmartins <AT> gentoo <DOT> org> AuthorDate: Wed Jul 22 19:38:50 2020 +0000 Commit: Rafael Martins <rafaelmartins <AT> gentoo <DOT> org> CommitDate: Wed Jul 22 19:40:24 2020 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a2a054ce
dev-lang/luajit: apply fix for CVE-2020-15890 Bug: https://bugs.gentoo.org/733466 Package-Manager: Portage-2.3.99, Repoman-2.3.22 Signed-off-by: Rafael Martins <rafaelmartins <AT> gentoo.org> dev-lang/luajit/files/CVE-2020-15890.patch | 22 +++++++++ dev-lang/luajit/luajit-2.0.5-r2.ebuild | 67 ++++++++++++++++++++++++++++ dev-lang/luajit/luajit-2.1.0_beta3-r1.ebuild | 56 +++++++++++++++++++++++ 3 files changed, 145 insertions(+) diff --git a/dev-lang/luajit/files/CVE-2020-15890.patch b/dev-lang/luajit/files/CVE-2020-15890.patch new file mode 100644 index 00000000000..751726571a0 --- /dev/null +++ b/dev-lang/luajit/files/CVE-2020-15890.patch @@ -0,0 +1,22 @@ +From 53f82e6e2e858a0a62fd1a2ff47e9866693382e6 Mon Sep 17 00:00:00 2001 +From: Mike Pall <mike> +Date: Sun, 12 Jul 2020 14:30:34 +0200 +Subject: [PATCH] Fix frame traversal for __gc handler frames. + +Reported by Changochen. +--- + src/lj_err.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/lj_err.c b/src/lj_err.c +index caa7487f2..e3e0c2eb7 100644 +--- a/src/lj_err.c ++++ b/src/lj_err.c +@@ -529,6 +529,7 @@ static ptrdiff_t finderrfunc(lua_State *L) + if (cframe_canyield(cf)) return 0; + if (cframe_errfunc(cf) >= 0) + return cframe_errfunc(cf); ++ cf = cframe_prev(cf); + frame = frame_prevd(frame); + break; + case FRAME_PCALL: diff --git a/dev-lang/luajit/luajit-2.0.5-r2.ebuild b/dev-lang/luajit/luajit-2.0.5-r2.ebuild new file mode 100644 index 00000000000..b36b964f23c --- /dev/null +++ b/dev-lang/luajit/luajit-2.0.5-r2.ebuild @@ -0,0 +1,67 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit pax-utils toolchain-funcs versionator + +MY_PV="$(get_version_component_range 1-3)" +MY_P="LuaJIT-${MY_PV}" +if [[ -n $(get_version_component_range 4) ]]; then + HOTFIX="v${PV}" + HOTFIX="${HOTFIX/_p/_hotfix}.patch" +fi + +DESCRIPTION="Just-In-Time Compiler for the Lua programming language" +HOMEPAGE="http://luajit.org/"; +SRC_URI="http://luajit.org/download/${MY_P}.tar.gz + ${HOTFIX:+http://luajit.org/download/${HOTFIX}}"; + +LICENSE="MIT" +# this should probably be pkgmoved to 2.0 for sake of consistency. +SLOT="2" +KEYWORDS="~amd64 ~arm ~ppc ~x86 ~amd64-linux ~x86-linux" +IUSE="lua52compat static-libs" + +PATCHES=( + "${FILESDIR}/${PN}-2-ldconfig.patch" + "${FILESDIR}/CVE-2020-15890.patch" +) + +S="${WORKDIR}/${MY_P}" + +src_prepare() { + if [[ -n ${HOTFIX} ]]; then + eapply "${DISTDIR}/${HOTFIX}" + fi + default +} + +_emake() { + emake \ + Q= \ + PREFIX="${EPREFIX}/usr" \ + MULTILIB="$(get_libdir)" \ + DESTDIR="${D}" \ + HOST_CC="$(tc-getBUILD_CC)" \ + STATIC_CC="$(tc-getCC)" \ + DYNAMIC_CC="$(tc-getCC) -fPIC" \ + TARGET_LD="$(tc-getCC)" \ + TARGET_AR="$(tc-getAR) rcus" \ + BUILDMODE="$(usex static-libs mixed dynamic)" \ + TARGET_STRIP="true" \ + INSTALL_LIB="${ED%/}/usr/$(get_libdir)" \ + "$@" +} + +src_compile() { + _emake XCFLAGS="$(usex lua52compat "-DLUAJIT_ENABLE_LUA52COMPAT" "")" +} + +src_install() { + _emake install + + pax-mark m "${ED}usr/bin/luajit-${MY_PV}" + + HTML_DOCS="doc/." einstalldocs +} diff --git a/dev-lang/luajit/luajit-2.1.0_beta3-r1.ebuild b/dev-lang/luajit/luajit-2.1.0_beta3-r1.ebuild new file mode 100644 index 00000000000..a959393a5d7 --- /dev/null +++ b/dev-lang/luajit/luajit-2.1.0_beta3-r1.ebuild @@ -0,0 +1,56 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit pax-utils toolchain-funcs versionator + +MY_PV="$(get_version_component_range 1-4)" +MY_PV="${MY_PV/_beta/-beta}" +MY_P="LuaJIT-${MY_PV}" + +DESCRIPTION="Just-In-Time Compiler for the Lua programming language" +HOMEPAGE="http://luajit.org/"; +SRC_URI="http://luajit.org/download/${MY_P}.tar.gz"; + +LICENSE="MIT" +# this should probably be pkgmoved to 2.0 for sake of consistency. +SLOT="2" +KEYWORDS="" +IUSE="lua52compat static-libs" + +PATCHES=( + "${FILESDIR}/${PN}-2-ldconfig.patch" + "${FILESDIR}/CVE-2020-15890.patch" +) + +S="${WORKDIR}/${MY_P}" + +_emake() { + emake \ + Q= \ + PREFIX="${EPREFIX}/usr" \ + MULTILIB="$(get_libdir)" \ + DESTDIR="${D}" \ + HOST_CC="$(tc-getBUILD_CC)" \ + STATIC_CC="$(tc-getCC)" \ + DYNAMIC_CC="$(tc-getCC) -fPIC" \ + TARGET_LD="$(tc-getCC)" \ + TARGET_AR="$(tc-getAR) rcus" \ + BUILDMODE="$(usex static-libs mixed dynamic)" \ + TARGET_STRIP="true" \ + INSTALL_LIB="${ED%/}/usr/$(get_libdir)" \ + "$@" +} + +src_compile() { + _emake XCFLAGS="$(usex lua52compat "-DLUAJIT_ENABLE_LUA52COMPAT" "")" +} + +src_install() { + _emake install + + pax-mark m "${ED}usr/bin/luajit-${MY_PV}" + + HTML_DOCS="doc/." einstalldocs +}
