about summary refs log tree commit diff
path: root/pkgs/development/interpreters/lua-5/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/development/interpreters/lua-5/default.nix')
-rw-r--r--pkgs/development/interpreters/lua-5/default.nix16
1 files changed, 14 insertions, 2 deletions
diff --git a/pkgs/development/interpreters/lua-5/default.nix b/pkgs/development/interpreters/lua-5/default.nix
index 5230a46afef32..a160ee039f3a0 100644
--- a/pkgs/development/interpreters/lua-5/default.nix
+++ b/pkgs/development/interpreters/lua-5/default.nix
@@ -7,7 +7,17 @@ rec {
     hash = "1yxvjvnbg4nyrdv10bq42gz6dr66pyan28lgzfygqfwy2rv24qgq";
     makeWrapper = makeBinaryWrapper;
 
-    patches = lib.optional stdenv.isDarwin ./5.4.darwin.patch;
+    patches = lib.optional stdenv.isDarwin ./5.4.darwin.patch
+      ++ [
+        (fetchpatch {
+          name = "CVE-2022-28805.patch";
+          url = "https://github.com/lua/lua/commit/1f3c6f4534c6411313361697d98d1145a1f030fa.patch";
+          sha256 = "sha256-YTwoolSnRNJIHFPVijSO6ZDw35BG5oWYralZ8qOb9y8=";
+          stripLen = 1;
+          extraPrefix = "src/";
+          excludes = [ "src/testes/*" ];
+        })
+      ];
   };
 
   lua5_4_compat = lua5_4.override({
@@ -32,7 +42,9 @@ rec {
     sourceVersion = { major = "5"; minor = "2"; patch = "4"; };
     hash = "0jwznq0l8qg9wh5grwg07b5cy3lzngvl5m2nl1ikp6vqssmf9qmr";
     makeWrapper = makeBinaryWrapper;
-    patches = lib.optional stdenv.isDarwin ./5.2.darwin.patch;
+    patches = [
+      ./CVE-2022-28805.patch
+    ] ++ lib.optional stdenv.isDarwin ./5.2.darwin.patch;
   };
 
   lua5_2_compat = lua5_2.override({
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-08-11 08:46:23 +0000