dev-lang/luajit: apply fix for CVE-2020-15890

Bug: https://bugs.gentoo.org/733466
Package-Manager: Portage-2.3.99, Repoman-2.3.22
Signed-off-by: Rafael Martins <[email protected]>

dev-lang/luajit/files/CVE-2020-15890.patch

@@ -0,0 +1,22 @@
+From 53f82e6e2e858a0a62fd1a2ff47e9866693382e6 Mon Sep 17 00:00:00 2001
+From: Mike Pall <mike>
+Date: Sun, 12 Jul 2020 14:30:34 +0200
+Subject: [PATCH] Fix frame traversal for __gc handler frames.
+
+Reported by Changochen.
+---
+ src/lj_err.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/lj_err.c b/src/lj_err.c
+index caa7487f2..e3e0c2eb7 100644
+--- a/src/lj_err.c
++++ b/src/lj_err.c
+@@ -529,6 +529,7 @@ static ptrdiff_t finderrfunc(lua_State *L)
+       if (cframe_canyield(cf)) return 0;
+       if (cframe_errfunc(cf) >= 0)
+ 	return cframe_errfunc(cf);
++      cf = cframe_prev(cf);
+       frame = frame_prevd(frame);
+       break;
+     case FRAME_PCALL:

dev-lang/luajit/luajit-2.0.5-r2.ebuild

@@ -0,0 +1,67 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit pax-utils toolchain-funcs versionator
+
+MY_PV="$(get_version_component_range 1-3)"
+MY_P="LuaJIT-${MY_PV}"
+if [[ -n $(get_version_component_range 4) ]]; then
+	HOTFIX="v${PV}"
+	HOTFIX="${HOTFIX/_p/_hotfix}.patch"
+fi
+
+DESCRIPTION="Just-In-Time Compiler for the Lua programming language"
+HOMEPAGE="http://luajit.org/"
+SRC_URI="http://luajit.org/download/${MY_P}.tar.gz
+	${HOTFIX:+http://luajit.org/download/${HOTFIX}}"
+
+LICENSE="MIT"
+# this should probably be pkgmoved to 2.0 for sake of consistency.
+SLOT="2"
+KEYWORDS="~amd64 ~arm ~ppc ~x86 ~amd64-linux ~x86-linux"
+IUSE="lua52compat static-libs"
+
+PATCHES=(
+	"${FILESDIR}/${PN}-2-ldconfig.patch"
+	"${FILESDIR}/CVE-2020-15890.patch"
+)
+
+S="${WORKDIR}/${MY_P}"
+
+src_prepare() {
+	if [[ -n ${HOTFIX} ]]; then
+		eapply "${DISTDIR}/${HOTFIX}"
+	fi
+	default
+}
+
+_emake() {
+	emake \
+		Q= \
+		PREFIX="${EPREFIX}/usr" \
+		MULTILIB="$(get_libdir)" \
+		DESTDIR="${D}" \
+		HOST_CC="$(tc-getBUILD_CC)" \
+		STATIC_CC="$(tc-getCC)" \
+		DYNAMIC_CC="$(tc-getCC) -fPIC" \
+		TARGET_LD="$(tc-getCC)" \
+		TARGET_AR="$(tc-getAR) rcus" \
+		BUILDMODE="$(usex static-libs mixed dynamic)" \
+		TARGET_STRIP="true" \
+		INSTALL_LIB="${ED%/}/usr/$(get_libdir)" \
+		"$@"
+}
+
+src_compile() {
+	_emake XCFLAGS="$(usex lua52compat "-DLUAJIT_ENABLE_LUA52COMPAT" "")"
+}
+
+src_install() {
+	_emake install
+
+	pax-mark m "${ED}usr/bin/luajit-${MY_PV}"
+
+	HTML_DOCS="doc/." einstalldocs
+}

dev-lang/luajit/luajit-2.1.0_beta3-r1.ebuild

@@ -0,0 +1,56 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit pax-utils toolchain-funcs versionator
+
+MY_PV="$(get_version_component_range 1-4)"
+MY_PV="${MY_PV/_beta/-beta}"
+MY_P="LuaJIT-${MY_PV}"
+
+DESCRIPTION="Just-In-Time Compiler for the Lua programming language"
+HOMEPAGE="http://luajit.org/"
+SRC_URI="http://luajit.org/download/${MY_P}.tar.gz"
+
+LICENSE="MIT"
+# this should probably be pkgmoved to 2.0 for sake of consistency.
+SLOT="2"
+KEYWORDS=""
+IUSE="lua52compat static-libs"
+
+PATCHES=(
+	"${FILESDIR}/${PN}-2-ldconfig.patch"
+	"${FILESDIR}/CVE-2020-15890.patch"
+)
+
+S="${WORKDIR}/${MY_P}"
+
+_emake() {
+	emake \
+		Q= \
+		PREFIX="${EPREFIX}/usr" \
+		MULTILIB="$(get_libdir)" \
+		DESTDIR="${D}" \
+		HOST_CC="$(tc-getBUILD_CC)" \
+		STATIC_CC="$(tc-getCC)" \
+		DYNAMIC_CC="$(tc-getCC) -fPIC" \
+		TARGET_LD="$(tc-getCC)" \
+		TARGET_AR="$(tc-getAR) rcus" \
+		BUILDMODE="$(usex static-libs mixed dynamic)" \
+		TARGET_STRIP="true" \
+		INSTALL_LIB="${ED%/}/usr/$(get_libdir)" \
+		"$@"
+}
+
+src_compile() {
+	_emake XCFLAGS="$(usex lua52compat "-DLUAJIT_ENABLE_LUA52COMPAT" "")"
+}
+
+src_install() {
+	_emake install
+
+	pax-mark m "${ED}usr/bin/luajit-${MY_PV}"
+
+	HTML_DOCS="doc/." einstalldocs
+}