From 7b9ef2b25311149e0749c87544b68520cd264c7b Mon Sep 17 00:00:00 2001
From: Kshitiz Godara <kgodara@microsoft.com>
Date: Tue, 5 Aug 2025 10:19:38 +0000
Subject: [PATCH 1/5] Patch luajit for CVE-2024-25177[HIGH]

---
 SPECS/luajit/CVE-2024-25177.patch | 45 +++++++++++++++++++++++++++++++
 SPECS/luajit/luajit.spec          | 10 ++++---
 2 files changed, 52 insertions(+), 3 deletions(-)
 create mode 100644 SPECS/luajit/CVE-2024-25177.patch

diff --git a/SPECS/luajit/CVE-2024-25177.patch b/SPECS/luajit/CVE-2024-25177.patch
new file mode 100644
index 00000000000..c7ef115c343
--- /dev/null
+++ b/SPECS/luajit/CVE-2024-25177.patch
@@ -0,0 +1,45 @@
+From 3c4209f69e4f0f3810b9acfde263569ef7c0a197 Mon Sep 17 00:00:00 2001
+From: Mike Pall <mike>
+Date: Tue, 23 Jan 2024 18:58:52 +0100
+Subject: [PATCH] Fix unsinking of IR_FSTORE for NULL metatable.
+
+Reported by pwnhacker0x18. #1147
+
+Upstream reference:
+https://github.com/LuaJIT/LuaJIT/commit/85b4fed0b0353dd78c8c875c2f562d522a2b310f
+---
+ src/lj_snap.c | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/src/lj_snap.c b/src/lj_snap.c
+index 4140fdb..d2c454c 100644
+--- a/src/lj_snap.c
++++ b/src/lj_snap.c
+@@ -453,6 +453,7 @@ static TRef snap_replay_const(jit_State *J, IRIns *ir)
+   case IR_KNUM: case IR_KINT64:
+     return lj_ir_k64(J, (IROp)ir->o, ir_k64(ir)->u64);
+   case IR_KPTR: return lj_ir_kptr(J, ir_kptr(ir));  /* Continuation. */
++  case IR_KNULL: return lj_ir_knull(J, irt_type(ir->t));
+   default: lj_assertJ(0, "bad IR constant op %d", ir->o); return TREF_NIL;
+   }
+ }
+@@ -882,9 +883,13 @@ static void snap_unsink(jit_State *J, GCtrace *T, ExitState *ex,
+ 	if (irk->o == IR_FREF) {
+ 	  lj_assertJ(irk->op2 == IRFL_TAB_META,
+ 		     "sunk store with bad field %d", irk->op2);
+-	  snap_restoreval(J, T, ex, snapno, rfilt, irs->op2, &tmp);
+-	  /* NOBARRIER: The table is new (marked white). */
+-	  setgcref(t->metatable, obj2gco(tabV(&tmp)));
++	  if (T->ir[irs->op2].o == IR_KNULL) {
++	    setgcrefnull(t->metatable);
++	  } else {
++	    snap_restoreval(J, T, ex, snapno, rfilt, irs->op2, &tmp);
++	    /* NOBARRIER: The table is new (marked white). */
++	    setgcref(t->metatable, obj2gco(tabV(&tmp)));
++	  }
+ 	} else {
+ 	  irk = &T->ir[irk->op2];
+ 	  if (irk->o == IR_KSLOT) irk = &T->ir[irk->op1];
+-- 
+2.45.4
+
diff --git a/SPECS/luajit/luajit.spec b/SPECS/luajit/luajit.spec
index 14f1d5dcba7..c719aef3d55 100644
--- a/SPECS/luajit/luajit.spec
+++ b/SPECS/luajit/luajit.spec
@@ -5,7 +5,7 @@ Name:           luajit
 Version:        2.1.0
 %global apiver %(v=%{version}; echo ${v%.${v#[0-9].[0-9].}})
 %global srcver %{version}%{?rctag:-%{rctag}}
-Release:        27%{?dist}
+Release:        28%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -15,12 +15,13 @@ Source0:        https://luajit.org/download/LuaJIT-%{srcver}.tar.gz
 # Patches from https://github.com/LuaJit/LuaJIT.git
 # Generated from v2.1 branch against the 2.1.0-beta3 tag using
 # git diff v2.1.0-beta3..v2.1 > luajit-2.1-update.patch
-Patch0: luajit-2.1-update.patch
+Patch0:         luajit-2.1-update.patch
 # Patches from https://github.com/cryptomilk/LuaJIT/commits/v2.1-fedora
 # git format-patch --stdout -l1 --no-renames v2.1..v2.1-fedora > luajit-2.1-fedora.patch
-Patch1: luajit-2.1-fedora.patch
+Patch1:         luajit-2.1-fedora.patch
 Patch2:         CVE-2024-25178.patch
 Patch3:         CVE-2024-25176.patch
+Patch4:         CVE-2024-25177.patch
 
 BuildRequires:  gcc
 BuildRequires:  make
@@ -96,6 +97,9 @@ make check || true
 %{_libdir}/pkgconfig/%{name}.pc
 
 %changelog
+* Tue Aug 05 2025 Kshitiz Godara <kgodara@microsoft.com> - 2.1.0-28
+- Patch for CVE-2024-25177
+
 * Thu Jul 17 2025 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 2.1.0-27
 - Patch for CVE-2024-25178, CVE-2024-25176
 

From ac25985a1526b33b887db4e23f1e457622091e04 Mon Sep 17 00:00:00 2001
From: kgodara912 <kshigodara@outlook.com>
Date: Tue, 12 Aug 2025 23:04:33 +0530
Subject: [PATCH 2/5] Update cgmanifest.json

Updating new reference for LuaJit.
---
 cgmanifest.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cgmanifest.json b/cgmanifest.json
index 8ccfeba0ee3..af021a00e4a 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -12572,7 +12572,7 @@
         "other": {
           "name": "luajit",
           "version": "2.1.0",
-          "downloadUrl": "https://luajit.org/download/LuaJIT-2.1.0-beta3.tar.gz"
+          "downloadUrl": "https://github.com/LuaJIT/LuaJIT/archive/refs/tags/v2.1.0-beta3.tar.gz"
         }
       }
     },

From f3ed5a65d02fb5a8c028242e79507737321d743f Mon Sep 17 00:00:00 2001
From: kgodara912 <kshigodara@outlook.com>
Date: Tue, 12 Aug 2025 23:13:19 +0530
Subject: [PATCH 3/5] Update luajit.spec

Updated source URL with valid upstream reference.
---
 SPECS/luajit/luajit.spec | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/SPECS/luajit/luajit.spec b/SPECS/luajit/luajit.spec
index c719aef3d55..bd985fb0fab 100644
--- a/SPECS/luajit/luajit.spec
+++ b/SPECS/luajit/luajit.spec
@@ -10,7 +10,7 @@ License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
 URL:            https://luajit.org/
-Source0:        https://luajit.org/download/LuaJIT-%{srcver}.tar.gz
+Source0:        https://github.com/LuaJIT/LuaJIT/archive/refs/tags/v2.1.0-beta3.tar.gz#/LuaJIT-%{srcver}_v1.tar.gz
 
 # Patches from https://github.com/LuaJit/LuaJIT.git
 # Generated from v2.1 branch against the 2.1.0-beta3 tag using

From f6f754ee735e910f69adf974a6d62df8c231a8f7 Mon Sep 17 00:00:00 2001
From: kgodara912 <kshigodara@outlook.com>
Date: Tue, 12 Aug 2025 23:13:44 +0530
Subject: [PATCH 4/5] Update luajit.signatures.json

Updated signature file as well.
---
 SPECS/luajit/luajit.signatures.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/SPECS/luajit/luajit.signatures.json b/SPECS/luajit/luajit.signatures.json
index 82005313f82..f80cb42796a 100644
--- a/SPECS/luajit/luajit.signatures.json
+++ b/SPECS/luajit/luajit.signatures.json
@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "LuaJIT-2.1.0-beta3.tar.gz": "1ad2e34b111c802f9d0cdf019e986909123237a28c746b21295b63c9e785d9c3"
+  "LuaJIT-2.1.0-beta3_v1.tar.gz": "1ad2e34b111c802f9d0cdf019e986909123237a28c746b21295b63c9e785d9c3"
  }
-}
\ No newline at end of file
+}

From 37b97923c2d212775b03e11f99d471a4de116415 Mon Sep 17 00:00:00 2001
From: kgodara912 <kshigodara@outlook.com>
Date: Tue, 12 Aug 2025 23:14:42 +0530
Subject: [PATCH 5/5] Update luajit.signatures.json

Updated signature values.
---
 SPECS/luajit/luajit.signatures.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/SPECS/luajit/luajit.signatures.json b/SPECS/luajit/luajit.signatures.json
index f80cb42796a..f6073f69a24 100644
--- a/SPECS/luajit/luajit.signatures.json
+++ b/SPECS/luajit/luajit.signatures.json
@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "LuaJIT-2.1.0-beta3_v1.tar.gz": "1ad2e34b111c802f9d0cdf019e986909123237a28c746b21295b63c9e785d9c3"
+  "LuaJIT-2.1.0-beta3_v1.tar.gz": "409f7fe570d3c16558e594421c47bdd130238323c9d6fd6c83dedd2aaeb082a8"
  }
 }