Fix: fix CVE-2021-45985 ,CVE-2022-33099

debian/changelog

@@ -1,3 +1,9 @@
+lua5.4 (5.4.3-1deepin1) unstable; urgency=medium
+
+  * fix CVE-2021-45985 CVE-2022-33099
+
+ -- zengwei <zengwei1@uniontech.com>  Tue, 27 Jan 2026 17:21:50 +0800
+
 lua5.4 (5.4.3-1) unstable; urgency=medium
 
   * New upstream release.

debian/patches/CVE-2021-45985.patch

@@ -0,0 +1,27 @@
+From 09a7443d97ee2ef85c65fe78d44342276e2c21dc Mon Sep 17 00:00:00 2001
+From: zengwei <zengwei1@uniontech.com>
+Date: Tue, 27 Jan 2026 17:17:08 +0800
+Subject: [PATCH] CVE-2021-45985
+
+---
+ src/ldo.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/ldo.c b/src/ldo.c
+index 7135079..9261cff 100644
+--- a/src/ldo.c
++++ b/src/ldo.c
+@@ -483,9 +483,9 @@ void luaD_pretailcall (lua_State *L, CallInfo *ci, StkId func, int narg1) {
+   int fsize = p->maxstacksize;  /* frame size */
+   int nfixparams = p->numparams;
+   int i;
++  checkstackGCp(L, fsize - delta, func);
+   for (i = 0; i < narg1; i++)  /* move down function and arguments */
+     setobjs2s(L, ci->func + i, func + i);
+-  checkstackGC(L, fsize);
+   func = ci->func;  /* moved-down function */
+   for (; narg1 <= nfixparams; narg1++)
+     setnilvalue(s2v(func + narg1));  /* complete missing arguments */
+-- 
+2.20.1
+

debian/patches/CVE-2022-33099.patch

@@ -0,0 +1,90 @@
+From d9d9d0e785fc88e321bd47969e7e2e3f46b51d4d Mon Sep 17 00:00:00 2001
+From: zengwei <zengwei1@uniontech.com>
+Date: Tue, 27 Jan 2026 17:20:15 +0800
+Subject: [PATCH] CVE-2022-33099
+
+---
+ 0001-CVE-2021-45985.patch | 27 +++++++++++++++++++++++++++
+ src/ldebug.c              |  5 ++++-
+ src/lvm.c                 |  6 ++++--
+ 3 files changed, 35 insertions(+), 3 deletions(-)
+ create mode 100644 0001-CVE-2021-45985.patch
+
+diff --git a/0001-CVE-2021-45985.patch b/0001-CVE-2021-45985.patch
+new file mode 100644
+index 0000000..5a843bc
+--- /dev/null
++++ b/0001-CVE-2021-45985.patch
+@@ -0,0 +1,27 @@
++From 09a7443d97ee2ef85c65fe78d44342276e2c21dc Mon Sep 17 00:00:00 2001
++From: zengwei <zengwei1@uniontech.com>
++Date: Tue, 27 Jan 2026 17:17:08 +0800
++Subject: [PATCH] CVE-2021-45985
++
++---
++ src/ldo.c | 2 +-
++ 1 file changed, 1 insertion(+), 1 deletion(-)
++
++diff --git a/src/ldo.c b/src/ldo.c
++index 7135079..9261cff 100644
++--- a/src/ldo.c
+++++ b/src/ldo.c
++@@ -483,9 +483,9 @@ void luaD_pretailcall (lua_State *L, CallInfo *ci, StkId func, int narg1) {
++   int fsize = p->maxstacksize;  /* frame size */
++   int nfixparams = p->numparams;
++   int i;
+++  checkstackGCp(L, fsize - delta, func);
++   for (i = 0; i < narg1; i++)  /* move down function and arguments */
++     setobjs2s(L, ci->func + i, func + i);
++-  checkstackGC(L, fsize);
++   func = ci->func;  /* moved-down function */
++   for (; narg1 <= nfixparams; narg1++)
++     setnilvalue(s2v(func + narg1));  /* complete missing arguments */
++-- 
++2.20.1
++
+diff --git a/src/ldebug.c b/src/ldebug.c
+index 1feaab2..5524fae 100644
+--- a/src/ldebug.c
++++ b/src/ldebug.c
+@@ -783,8 +783,11 @@ l_noret luaG_runerror (lua_State *L, const char *fmt, ...) {
+   va_start(argp, fmt);
+   msg = luaO_pushvfstring(L, fmt, argp);  /* format message */
+   va_end(argp);
+-  if (isLua(ci))  /* if Lua function, add source:line information */
++  if (isLua(ci)) {  /* if Lua function, add source:line information */
+     luaG_addinfo(L, msg, ci_func(ci)->p->source, getcurrentline(ci));
++    setobjs2s(L, L->top - 2, L->top - 1);  /* remove 'msg' from the stack */
++    L->top--;
++  }
+   luaG_errormsg(L);
+ }
+
+diff --git a/src/lvm.c b/src/lvm.c
+index c9729bc..51b9614 100644
+--- a/src/lvm.c
++++ b/src/lvm.c
+@@ -656,8 +656,10 @@ void luaV_concat (lua_State *L, int total) {
+       /* collect total length and number of strings */
+       for (n = 1; n < total && tostring(L, s2v(top - n - 1)); n++) {
+         size_t l = vslen(s2v(top - n - 1));
+-        if (l_unlikely(l >= (MAX_SIZE/sizeof(char)) - tl))
++        if (l_unlikely(l >= (MAX_SIZE/sizeof(char)) - tl)) {
++          L->top = top - total;  /* pop strings to avoid wasting stack */
+           luaG_runerror(L, "string length overflow");
++        }
+         tl += l;
+       }
+       if (tl <= LUAI_MAXSHORTLEN) {  /* is result a short string? */
+@@ -672,7 +674,7 @@ void luaV_concat (lua_State *L, int total) {
+       setsvalue2s(L, top - n, ts);  /* create result */
+     }
+     total -= n-1;  /* got 'n' strings to create 1 new */
+-    L->top -= n-1;  /* popped 'n' strings and pushed one */
++    L->top = top - (n - 1);  /* popped 'n' strings and pushed one */
+   } while (total > 1);  /* repeat until only 1 result left */
+ }
+
+-- 
+2.20.1
+

debian/patches/series

@@ -1,3 +1,5 @@
 0001-build-system.patch
 0002-lua-modules-paths.patch
 0003-extern_C.patch
+CVE-2021-45985.patch
+CVE-2022-33099.patch