BoomMicrophone/nixpkgs-suyu
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

lua5_2: add patch for CVE-2022-28805

Browse source 
Derived from 1f3c6f4534
This commit is contained in:
Robin Gloster 2022-05-17 14:55:20 +02:00 committed by Maximilian Bosch
parent 549e4afeaa
commit 04d41ba8cc
No known key found for this signature in database
GPG key ID: 091DBF4D1FC46B8E
2 changed files with 13 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
pkgs/development/interpreters/lua-5/CVE-2022-28805.patch Normal file
View file

@ -0,0 +1,10 @@
--- a/src/lparser.c
+++ b/src/lparser.c
@@ -301,6 +301,7 @@
expdesc key;
singlevaraux(fs, ls->envn, var, 1); /* get environment variable */
lua_assert(var->k == VLOCAL || var->k == VUPVAL);
+ luaK_exp2anyregup(fs, var); /* but could be a constant */
codestring(ls, &key, varname); /* key is variable name */
luaK_indexed(fs, var, &key); /* env[varname] */
}

4
pkgs/development/interpreters/lua-5/default.nix
View file

@ -32,7 +32,9 @@ rec {
sourceVersion = { major = "5"; minor = "2"; patch = "4"; };
hash = "0jwznq0l8qg9wh5grwg07b5cy3lzngvl5m2nl1ikp6vqssmf9qmr";
makeWrapper = makeBinaryWrapper;
patches = lib.optional stdenv.isDarwin ./5.2.darwin.patch;
patches = [
./CVE-2022-28805.patch
] ++ lib.optional stdenv.isDarwin ./5.2.darwin.patch;
};
lua5_2_compat = lua5_2.override({