summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRafael Martins <rafaelmartins@gentoo.org>2020-07-22 21:38:50 +0200
committerRafael Martins <rafaelmartins@gentoo.org>2020-07-22 21:40:24 +0200
commita2a054ce465da2fd25ff354c875024011b9fd2c9 (patch)
treef9f40aa10a5a65874122a79ef755ea8fb792b561 /dev-lang
parentnet-dns/pdns-recursor: Cleanup (diff)
downloadgentoo-a2a054ce465da2fd25ff354c875024011b9fd2c9.tar.gz
gentoo-a2a054ce465da2fd25ff354c875024011b9fd2c9.tar.bz2
gentoo-a2a054ce465da2fd25ff354c875024011b9fd2c9.zip
dev-lang/luajit: apply fix for CVE-2020-15890
Bug: https://bugs.gentoo.org/733466 Package-Manager: Portage-2.3.99, Repoman-2.3.22 Signed-off-by: Rafael Martins <rafaelmartins@gentoo.org>
Diffstat (limited to 'dev-lang')
-rw-r--r--dev-lang/luajit/files/CVE-2020-15890.patch22
-rw-r--r--dev-lang/luajit/luajit-2.0.5-r2.ebuild67
-rw-r--r--dev-lang/luajit/luajit-2.1.0_beta3-r1.ebuild56
3 files changed, 145 insertions, 0 deletions
diff --git a/dev-lang/luajit/files/CVE-2020-15890.patch b/dev-lang/luajit/files/CVE-2020-15890.patch
new file mode 100644
index 000000000000..751726571a05
--- /dev/null
+++ b/dev-lang/luajit/files/CVE-2020-15890.patch
@@ -0,0 +1,22 @@
+From 53f82e6e2e858a0a62fd1a2ff47e9866693382e6 Mon Sep 17 00:00:00 2001
+From: Mike Pall <mike>
+Date: Sun, 12 Jul 2020 14:30:34 +0200
+Subject: [PATCH] Fix frame traversal for __gc handler frames.
+
+Reported by Changochen.
+---
+ src/lj_err.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/lj_err.c b/src/lj_err.c
+index caa7487f2..e3e0c2eb7 100644
+--- a/src/lj_err.c
++++ b/src/lj_err.c
+@@ -529,6 +529,7 @@ static ptrdiff_t finderrfunc(lua_State *L)
+ if (cframe_canyield(cf)) return 0;
+ if (cframe_errfunc(cf) >= 0)
+ return cframe_errfunc(cf);
++ cf = cframe_prev(cf);
+ frame = frame_prevd(frame);
+ break;
+ case FRAME_PCALL:
diff --git a/dev-lang/luajit/luajit-2.0.5-r2.ebuild b/dev-lang/luajit/luajit-2.0.5-r2.ebuild
new file mode 100644
index 000000000000..b36b964f23c8
--- /dev/null
+++ b/dev-lang/luajit/luajit-2.0.5-r2.ebuild
@@ -0,0 +1,67 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit pax-utils toolchain-funcs versionator
+
+MY_PV="$(get_version_component_range 1-3)"
+MY_P="LuaJIT-${MY_PV}"
+if [[ -n $(get_version_component_range 4) ]]; then
+ HOTFIX="v${PV}"
+ HOTFIX="${HOTFIX/_p/_hotfix}.patch"
+fi
+
+DESCRIPTION="Just-In-Time Compiler for the Lua programming language"
+HOMEPAGE="http://luajit.org/"
+SRC_URI="http://luajit.org/download/${MY_P}.tar.gz
+ ${HOTFIX:+http://luajit.org/download/${HOTFIX}}"
+
+LICENSE="MIT"
+# this should probably be pkgmoved to 2.0 for sake of consistency.
+SLOT="2"
+KEYWORDS="~amd64 ~arm ~ppc ~x86 ~amd64-linux ~x86-linux"
+IUSE="lua52compat static-libs"
+
+PATCHES=(
+ "${FILESDIR}/${PN}-2-ldconfig.patch"
+ "${FILESDIR}/CVE-2020-15890.patch"
+)
+
+S="${WORKDIR}/${MY_P}"
+
+src_prepare() {
+ if [[ -n ${HOTFIX} ]]; then
+ eapply "${DISTDIR}/${HOTFIX}"
+ fi
+ default
+}
+
+_emake() {
+ emake \
+ Q= \
+ PREFIX="${EPREFIX}/usr" \
+ MULTILIB="$(get_libdir)" \
+ DESTDIR="${D}" \
+ HOST_CC="$(tc-getBUILD_CC)" \
+ STATIC_CC="$(tc-getCC)" \
+ DYNAMIC_CC="$(tc-getCC) -fPIC" \
+ TARGET_LD="$(tc-getCC)" \
+ TARGET_AR="$(tc-getAR) rcus" \
+ BUILDMODE="$(usex static-libs mixed dynamic)" \
+ TARGET_STRIP="true" \
+ INSTALL_LIB="${ED%/}/usr/$(get_libdir)" \
+ "$@"
+}
+
+src_compile() {
+ _emake XCFLAGS="$(usex lua52compat "-DLUAJIT_ENABLE_LUA52COMPAT" "")"
+}
+
+src_install() {
+ _emake install
+
+ pax-mark m "${ED}usr/bin/luajit-${MY_PV}"
+
+ HTML_DOCS="doc/." einstalldocs
+}
diff --git a/dev-lang/luajit/luajit-2.1.0_beta3-r1.ebuild b/dev-lang/luajit/luajit-2.1.0_beta3-r1.ebuild
new file mode 100644
index 000000000000..a959393a5d76
--- /dev/null
+++ b/dev-lang/luajit/luajit-2.1.0_beta3-r1.ebuild
@@ -0,0 +1,56 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit pax-utils toolchain-funcs versionator
+
+MY_PV="$(get_version_component_range 1-4)"
+MY_PV="${MY_PV/_beta/-beta}"
+MY_P="LuaJIT-${MY_PV}"
+
+DESCRIPTION="Just-In-Time Compiler for the Lua programming language"
+HOMEPAGE="http://luajit.org/"
+SRC_URI="http://luajit.org/download/${MY_P}.tar.gz"
+
+LICENSE="MIT"
+# this should probably be pkgmoved to 2.0 for sake of consistency.
+SLOT="2"
+KEYWORDS=""
+IUSE="lua52compat static-libs"
+
+PATCHES=(
+ "${FILESDIR}/${PN}-2-ldconfig.patch"
+ "${FILESDIR}/CVE-2020-15890.patch"
+)
+
+S="${WORKDIR}/${MY_P}"
+
+_emake() {
+ emake \
+ Q= \
+ PREFIX="${EPREFIX}/usr" \
+ MULTILIB="$(get_libdir)" \
+ DESTDIR="${D}" \
+ HOST_CC="$(tc-getBUILD_CC)" \
+ STATIC_CC="$(tc-getCC)" \
+ DYNAMIC_CC="$(tc-getCC) -fPIC" \
+ TARGET_LD="$(tc-getCC)" \
+ TARGET_AR="$(tc-getAR) rcus" \
+ BUILDMODE="$(usex static-libs mixed dynamic)" \
+ TARGET_STRIP="true" \
+ INSTALL_LIB="${ED%/}/usr/$(get_libdir)" \
+ "$@"
+}
+
+src_compile() {
+ _emake XCFLAGS="$(usex lua52compat "-DLUAJIT_ENABLE_LUA52COMPAT" "")"
+}
+
+src_install() {
+ _emake install
+
+ pax-mark m "${ED}usr/bin/luajit-${MY_PV}"
+
+ HTML_DOCS="doc/." einstalldocs
+}