commit 04d41ba8cc770aecc76a72b50f09c281d88a5022 · pyrox.dev/nixpkgs

+10

pkgs/development/interpreters/lua-5/CVE-2022-28805.patch

···

       1
       1
       +
       --- a/src/lparser.c

     

       2
       2
       +
       +++ b/src/lparser.c

     

       3
       3
       +
       @@ -301,6 +301,7 @@

     

       4
       4
       +
            expdesc key;

     

       5
       5
       +
            singlevaraux(fs, ls->envn, var, 1);  /* get environment variable */

     

       6
       6
       +
            lua_assert(var->k == VLOCAL || var->k == VUPVAL);

     

       7
       7
       +
       +    luaK_exp2anyregup(fs, var);  /* but could be a constant */

     

       8
       8
       +
            codestring(ls, &key, varname);  /* key is variable name */

     

       9
       9
       +
            luaK_indexed(fs, var, &key);  /* env[varname] */

     

       10
       10
       +
          }

+3 -1

pkgs/development/interpreters/lua-5/default.nix

···

       32
       32
        
           sourceVersion = { major = "5"; minor = "2"; patch = "4"; };

     

       33
       33
        
           hash = "0jwznq0l8qg9wh5grwg07b5cy3lzngvl5m2nl1ikp6vqssmf9qmr";

     

       34
       34
        
           makeWrapper = makeBinaryWrapper;

     

       35
       35
       -
           patches = lib.optional stdenv.isDarwin ./5.2.darwin.patch;

     

       35
       35
       +
           patches = [

     

       36
       36
       +
             ./CVE-2022-28805.patch

     

       37
       37
       +
           ] ++ lib.optional stdenv.isDarwin ./5.2.darwin.patch;

     

       36
       38
        
         };

     

       37
       39
        
       

     

       38
       40
        
         lua5_2_compat = lua5_2.override({