mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-12-11 16:23:26 +00:00
Merge pull request #174094 from mayflower/lua-security
lua5_{2,4}: add patch for CVE-2022-28805
This commit is contained in:
commit
98e833fe59
10
pkgs/development/interpreters/lua-5/CVE-2022-28805.patch
Normal file
10
pkgs/development/interpreters/lua-5/CVE-2022-28805.patch
Normal file
@ -0,0 +1,10 @@
|
||||
--- a/src/lparser.c
|
||||
+++ b/src/lparser.c
|
||||
@@ -301,6 +301,7 @@
|
||||
expdesc key;
|
||||
singlevaraux(fs, ls->envn, var, 1); /* get environment variable */
|
||||
lua_assert(var->k == VLOCAL || var->k == VUPVAL);
|
||||
+ luaK_exp2anyregup(fs, var); /* but could be a constant */
|
||||
codestring(ls, &key, varname); /* key is variable name */
|
||||
luaK_indexed(fs, var, &key); /* env[varname] */
|
||||
}
|
@ -7,7 +7,17 @@ rec {
|
||||
hash = "1yxvjvnbg4nyrdv10bq42gz6dr66pyan28lgzfygqfwy2rv24qgq";
|
||||
makeWrapper = makeBinaryWrapper;
|
||||
|
||||
patches = lib.optional stdenv.isDarwin ./5.4.darwin.patch;
|
||||
patches = lib.optional stdenv.isDarwin ./5.4.darwin.patch
|
||||
++ [
|
||||
(fetchpatch {
|
||||
name = "CVE-2022-28805.patch";
|
||||
url = "https://github.com/lua/lua/commit/1f3c6f4534c6411313361697d98d1145a1f030fa.patch";
|
||||
sha256 = "sha256-YTwoolSnRNJIHFPVijSO6ZDw35BG5oWYralZ8qOb9y8=";
|
||||
stripLen = 1;
|
||||
extraPrefix = "src/";
|
||||
excludes = [ "src/testes/*" ];
|
||||
})
|
||||
];
|
||||
};
|
||||
|
||||
lua5_4_compat = lua5_4.override({
|
||||
@ -32,7 +42,9 @@ rec {
|
||||
sourceVersion = { major = "5"; minor = "2"; patch = "4"; };
|
||||
hash = "0jwznq0l8qg9wh5grwg07b5cy3lzngvl5m2nl1ikp6vqssmf9qmr";
|
||||
makeWrapper = makeBinaryWrapper;
|
||||
patches = lib.optional stdenv.isDarwin ./5.2.darwin.patch;
|
||||
patches = [
|
||||
./CVE-2022-28805.patch
|
||||
] ++ lib.optional stdenv.isDarwin ./5.2.darwin.patch;
|
||||
};
|
||||
|
||||
lua5_2_compat = lua5_2.override({
|
||||
|
Loading…
Reference in New Issue
Block a user