lua5_2: add patch for CVE-2022-28805

Derived from https://github.com/lua/lua/commit/1f3c6f4534c6411313361697d98d1145a1f030fa
author: Robin Gloster <mail@glob.in> 2022-05-17 14:55:20 +0200
committer: Maximilian Bosch <maximilian@mbosch.me> 2022-05-30 21:04:16 +0200
commit: 04d41ba8cc770aecc76a72b50f09c281d88a5022 (patch)
tree: 84bac3c55043ad8150056363bf071751b9635bcf /pkgs/development/interpreters/lua-5/CVE-2022-28805.patch
parent: 549e4afeaa8b5fad9728bc0043e97e46149a7093 (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/pkgs/development/interpreters/lua-5/CVE-2022-28805.patch b/pkgs/development/interpreters/lua-5/CVE-2022-28805.patch
new file mode 100644
index 0000000000000..bcf16acbea422
--- /dev/null
+++ b/pkgs/development/interpreters/lua-5/CVE-2022-28805.patch
@@ -0,0 +1,10 @@
+--- a/src/lparser.c
++++ b/src/lparser.c
+@@ -301,6 +301,7 @@
+     expdesc key;
+     singlevaraux(fs, ls->envn, var, 1);  /* get environment variable */
+     lua_assert(var->k == VLOCAL || var->k == VUPVAL);
++    luaK_exp2anyregup(fs, var);  /* but could be a constant */
+     codestring(ls, &key, varname);  /* key is variable name */
+     luaK_indexed(fs, var, &key);  /* env[varname] */
+   }
author	Robin Gloster <mail@glob.in>	2022-05-17 14:55:20 +0200
committer	Maximilian Bosch <maximilian@mbosch.me>	2022-05-30 21:04:16 +0200
commit	04d41ba8cc770aecc76a72b50f09c281d88a5022 (patch)
tree	84bac3c55043ad8150056363bf071751b9635bcf /pkgs/development/interpreters/lua-5/CVE-2022-28805.patch
parent	549e4afeaa8b5fad9728bc0043e97e46149a7093 (diff)