main/lua5.3: upgrade to 5.3.5 and sec fix CVE-2019-6706

fixes #10255

2 files changed, 34 insertions, 12 deletions

diff --git a/main/lua5.3/APKBUILD b/main/lua5.3/APKBUILD
index da7587a381..614f27c8a3 100644
--- a/main/lua5.3/APKBUILD
+++ b/main/lua5.3/APKBUILD
@@ -1,9 +1,9 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=lua5.3
 _pkgname=lua
-pkgver=5.3.4
+pkgver=5.3.5
 _luaver=${pkgname#lua}
-pkgrel=2
+pkgrel=0
 pkgdesc="Powerful light-weight programming language"
 url="https://www.lua.org/"
 arch="all"
@@ -16,9 +16,14 @@ source="https://www.lua.org/ftp/$_pkgname-$pkgver.tar.gz
 	lua-5.3-make.patch
 	lua-5.3-module_paths.patch
 	linenoise.patch
+	CVE-2019-6706-use-after-free-lua_upvaluejoin.patch
 	"
 builddir="$srcdir/$_pkgname-$pkgver"
 
+# secfixes:
+#   5.3.5-r0:
+#   - CVE-2019-6706
+
 prepare() {
 	default_prepare || return 1
 	cd "$builddir"
@@ -132,15 +137,8 @@ libs() {
 	mv "$pkgdir"/usr/lib "$subpkgdir"/usr/
 }
 
-md5sums="53a9c68bcc0eda58bdc2095ad5cdfc63  lua-5.3.4.tar.gz
-67acac7d9e37da67806f6a08c8100599  lua-5.3-make.patch
-eefd0de61b6993c62a880dc218c9abd6  lua-5.3-module_paths.patch
-1447ddfe8a4217b1d23ece0583ab771c  linenoise.patch"
-sha256sums="f681aa518233bc407e23acf0f5887c884f17436f000d453b2491a9f11a52400c  lua-5.3.4.tar.gz
-64eafd1d2945623fe807384f9967f94d485b4b9b620ed977b3faca80548444ce  lua-5.3-make.patch
-d2e2d96d3b10e72dda2c78cb7f478d655c730195d46ab466c961a7846793c644  lua-5.3-module_paths.patch
-a1761ba3151e5f0c921debecb39a7ac983a6311f08f7e5691de9f05c4cb02964  linenoise.patch"
-sha512sums="739e31f82e6a60fa99910c2005e991b3a1e21339af52847f653cb190b30842054d189ca116ffcfdf9b36e07888c9ce5642b1dd2988cc7eff9f8789f9a2e34997  lua-5.3.4.tar.gz
+sha512sums="4f9516acc4659dfd0a9e911bfa00c0788f0ad9348e5724fe8fb17aac59e9c0060a64378f82be86f8534e49c6c013e7488ad17321bafcc787831d3d67406bd0f4  lua-5.3.5.tar.gz
 1bc6c623024c1738155b30ff9c0edcce0f336edc25aa20c3a1400c859421ea2015d75175cce8d515e055ac3e96028426b74812e04022af18a0ed4c4601556027  lua-5.3-make.patch
 313ff823ed871f380a2cb0ba1f0afbba5cfa9b98da40e6e5e8f3c7a2e5993b13c2577efbe7147b79e3903ff27d5a814fa782c1c925092b08510cb4ce02abf464  lua-5.3-module_paths.patch
-49880d1131b7bd2a3169a26f401769a91d9a6a62cefe68aa5a89097139289588b7ef753535a2d0ba7f45c0369c760554940fd810716b7b1353deace32432fcfe  linenoise.patch"
+49880d1131b7bd2a3169a26f401769a91d9a6a62cefe68aa5a89097139289588b7ef753535a2d0ba7f45c0369c760554940fd810716b7b1353deace32432fcfe  linenoise.patch
+fde7f5f5a184cd393665c7c8c7ba3c728e1413df5f63dbe60855af13ddd313d9300720298534f4312638ddf59fa678a38f708bce622dd7a2298b4ed87c068ae7  CVE-2019-6706-use-after-free-lua_upvaluejoin.patch"
diff --git a/main/lua5.3/CVE-2019-6706-use-after-free-lua_upvaluejoin.patch b/main/lua5.3/CVE-2019-6706-use-after-free-lua_upvaluejoin.patch
new file mode 100644
index 0000000000..ea26696fda
--- /dev/null
+++ b/main/lua5.3/CVE-2019-6706-use-after-free-lua_upvaluejoin.patch
@@ -0,0 +1,24 @@
+http://lua.2524044.n2.nabble.com/CVE-2019-6706-use-after-free-in-lua-upvaluejoin-function-tc7685575.html
+
+--- a/src/lapi.c
++++ b/src/lapi.c
+@@ -1285,14 +1285,14 @@ LUA_API void *lua_upvalueid (lua_State *
+ 
+ LUA_API void lua_upvaluejoin (lua_State *L, int fidx1, int n1,
+                                             int fidx2, int n2) {
+-  LClosure *f1;
+-  UpVal **up1 = getupvalref(L, fidx1, n1, &f1);
++  UpVal **up1 = getupvalref(L, fidx1, n1, NULL); /* the last parameter not needed */
+   UpVal **up2 = getupvalref(L, fidx2, n2, NULL);
++  if (*up1 == *up2) return; /* Already joined */
++  (*up2)->refcount++;
++  if (upisopen(*up2)) (*up2)->u.open.touched = 1;
++  luaC_upvalbarrier(L, *up2);
+   luaC_upvdeccount(L, *up1);
+   *up1 = *up2;
+-  (*up1)->refcount++;
+-  if (upisopen(*up1)) (*up1)->u.open.touched = 1;
+-  luaC_upvalbarrier(L, *up1);
+ }
+ 
+