diff options
| author | Christian Kauhaus <kc@flyingcircus.io> | 2019-11-21 10:53:10 +0100 |
|---|---|---|
| committer | Christian Kauhaus <kc@flyingcircus.io> | 2019-11-21 11:10:45 +0100 |
| commit | 9a1e9258f689df835acd4d89c5e960f128ecb41c (patch) | |
| tree | b18285162a4eb796b996bfb2440385f89f8d8838 /pkgs | |
| parent | 6cffb5072f9ad20d3ddaa54469d9b38f8720291c (diff) | |
| download | nixlib-9a1e9258f689df835acd4d89c5e960f128ecb41c.tar nixlib-9a1e9258f689df835acd4d89c5e960f128ecb41c.tar.gz nixlib-9a1e9258f689df835acd4d89c5e960f128ecb41c.tar.bz2 nixlib-9a1e9258f689df835acd4d89c5e960f128ecb41c.tar.lz nixlib-9a1e9258f689df835acd4d89c5e960f128ecb41c.tar.xz nixlib-9a1e9258f689df835acd4d89c5e960f128ecb41c.tar.zst nixlib-9a1e9258f689df835acd4d89c5e960f128ecb41c.zip | |
lua-5.3: add patch for CVE-2019-6706
Taken from http://launchpadlibrarian.net/417853567/lua5.3_5.3.3-1_5.3.3-1ubuntu0.18.10.1.diff.gz and adapted to our needs. Re #54799
Diffstat (limited to 'pkgs')
| -rw-r--r-- | pkgs/development/interpreters/lua-5/CVE-2019-6706.patch | 22 | ||||
| -rw-r--r-- | pkgs/development/interpreters/lua-5/default.nix | 7 |
2 files changed, 27 insertions, 2 deletions
diff --git a/pkgs/development/interpreters/lua-5/CVE-2019-6706.patch b/pkgs/development/interpreters/lua-5/CVE-2019-6706.patch new file mode 100644 index 000000000000..89e81b7eb68b --- /dev/null +++ b/pkgs/development/interpreters/lua-5/CVE-2019-6706.patch @@ -0,0 +1,22 @@ +--- a/src/lapi.c ++++ b/src/lapi.c +@@ -1285,14 +1285,14 @@ LUA_API void *lua_upvalueid (lua_State * + + LUA_API void lua_upvaluejoin (lua_State *L, int fidx1, int n1, + int fidx2, int n2) { +- LClosure *f1; +- UpVal **up1 = getupvalref(L, fidx1, n1, &f1); ++ UpVal **up1 = getupvalref(L, fidx1, n1, NULL); /* the last parameter not needed */ + UpVal **up2 = getupvalref(L, fidx2, n2, NULL); ++ if (*up1 == *up2) return; /* Already joined */ ++ (*up2)->refcount++; ++ if (upisopen(*up2)) (*up2)->u.open.touched = 1; ++ luaC_upvalbarrier(L, *up2); + luaC_upvdeccount(L, *up1); + *up1 = *up2; +- (*up1)->refcount++; +- if (upisopen(*up1)) (*up1)->u.open.touched = 1; +- luaC_upvalbarrier(L, *up1); + } + + diff --git a/pkgs/development/interpreters/lua-5/default.nix b/pkgs/development/interpreters/lua-5/default.nix index 1398e66d9a5b..7e79ff8f117a 100644 --- a/pkgs/development/interpreters/lua-5/default.nix +++ b/pkgs/development/interpreters/lua-5/default.nix @@ -1,5 +1,5 @@ # similar to interpreters/python/default.nix -{ stdenv, lib, callPackage, fetchurl }: +{ stdenv, lib, callPackage, fetchurl, fetchpatch }: let dsoPatch51 = fetchurl { url = "https://projects.archlinux.org/svntogit/packages.git/plain/trunk/lua-arch.patch?h=packages/lua51"; @@ -18,7 +18,10 @@ in rec { lua5_3 = callPackage ./interpreter.nix { sourceVersion = { major = "5"; minor = "3"; patch = "5"; }; hash = "0c2eed3f960446e1a3e4b9a1ca2f3ff893b6ce41942cf54d5dd59ab4b3b058ac"; - patches = lib.optionals stdenv.isDarwin [ ./5.2.darwin.patch ] ; + patches = + lib.optionals stdenv.isDarwin [ ./5.2.darwin.patch ] ++ [ + ./CVE-2019-6706.patch + ]; postConfigure = lib.optionalString (!stdenv.isDarwin) '' cat ${./lua-5.3-dso.make} >> src/Makefile sed -e 's/ALL_T *= */& $(LUA_SO)/' -i src/Makefile |