lua5_4: fix CVE-2022-28805

author: Robin Gloster <mail@glob.in> 2022-05-12 16:00:09 +0200
committer: Maximilian Bosch <maximilian@mbosch.me> 2022-05-30 21:04:17 +0200
commit: 5a7d0b6b34e1414c7fe1e9ddd4c8407e03510bff (patch)
tree: b00b2e09090567adf9e56416319fabbdceb897b7 /pkgs/development/interpreters/lua-5
parent: 04d41ba8cc770aecc76a72b50f09c281d88a5022 (diff)
1 files changed, 11 insertions, 1 deletions
diff --git a/pkgs/development/interpreters/lua-5/default.nix b/pkgs/development/interpreters/lua-5/default.nix
index 40aa429d8e277..a160ee039f3a0 100644
--- a/pkgs/development/interpreters/lua-5/default.nix
+++ b/pkgs/development/interpreters/lua-5/default.nix
@@ -7,7 +7,17 @@ rec {
     hash = "1yxvjvnbg4nyrdv10bq42gz6dr66pyan28lgzfygqfwy2rv24qgq";
     makeWrapper = makeBinaryWrapper;
 
-    patches = lib.optional stdenv.isDarwin ./5.4.darwin.patch;
+    patches = lib.optional stdenv.isDarwin ./5.4.darwin.patch
+      ++ [
+        (fetchpatch {
+          name = "CVE-2022-28805.patch";
+          url = "https://github.com/lua/lua/commit/1f3c6f4534c6411313361697d98d1145a1f030fa.patch";
+          sha256 = "sha256-YTwoolSnRNJIHFPVijSO6ZDw35BG5oWYralZ8qOb9y8=";
+          stripLen = 1;
+          extraPrefix = "src/";
+          excludes = [ "src/testes/*" ];
+        })
+      ];
   };
 
   lua5_4_compat = lua5_4.override({
author	Robin Gloster <mail@glob.in>	2022-05-12 16:00:09 +0200
committer	Maximilian Bosch <maximilian@mbosch.me>	2022-05-30 21:04:17 +0200
commit	5a7d0b6b34e1414c7fe1e9ddd4c8407e03510bff (patch)
tree	b00b2e09090567adf9e56416319fabbdceb897b7 /pkgs/development/interpreters/lua-5
parent	04d41ba8cc770aecc76a72b50f09c281d88a5022 (diff)