diff options
| author | John Ericson <John.Ericson@Obsidian.Systems> | 2019-11-24 17:25:07 +0000 |
|---|---|---|
| committer | John Ericson <John.Ericson@Obsidian.Systems> | 2019-11-24 17:25:07 +0000 |
| commit | d0d5136cce5e0cbe2305c53090bd4bd886114746 (patch) | |
| tree | 70092947536a3c65e215df9df20e571e34652f7a /pkgs/development/interpreters/lua-5 | |
| parent | 9b090ccbca3f7dd26d91db06e96e8bf8282c37ca (diff) | |
| parent | 195c263a812dec532656dcfd5d0360458cdc93fd (diff) | |
| download | nixpkgs-d0d5136cce5e0cbe2305c53090bd4bd886114746.tar nixpkgs-d0d5136cce5e0cbe2305c53090bd4bd886114746.tar.gz nixpkgs-d0d5136cce5e0cbe2305c53090bd4bd886114746.tar.bz2 nixpkgs-d0d5136cce5e0cbe2305c53090bd4bd886114746.tar.lz nixpkgs-d0d5136cce5e0cbe2305c53090bd4bd886114746.tar.xz nixpkgs-d0d5136cce5e0cbe2305c53090bd4bd886114746.tar.zst nixpkgs-d0d5136cce5e0cbe2305c53090bd4bd886114746.zip | |
Merge remote-tracking branch 'upstream/master' into wrapper-pname-support
Diffstat (limited to 'pkgs/development/interpreters/lua-5')
| -rw-r--r-- | pkgs/development/interpreters/lua-5/CVE-2014-5461.patch (renamed from pkgs/development/interpreters/lua-5/5.1.0004-Fix-stack-overflow-in-vararg-functions.patch) | 0 | ||||
| -rw-r--r-- | pkgs/development/interpreters/lua-5/CVE-2019-6706.patch | 22 | ||||
| -rw-r--r-- | pkgs/development/interpreters/lua-5/default.nix | 9 | ||||
| -rw-r--r-- | pkgs/development/interpreters/lua-5/setup-hook.sh | 2 | ||||
| -rw-r--r-- | pkgs/development/interpreters/lua-5/wrapper.nix | 13 |
5 files changed, 34 insertions, 12 deletions
diff --git a/pkgs/development/interpreters/lua-5/5.1.0004-Fix-stack-overflow-in-vararg-functions.patch b/pkgs/development/interpreters/lua-5/CVE-2014-5461.patch index 31d3b8bdee7..31d3b8bdee7 100644 --- a/pkgs/development/interpreters/lua-5/5.1.0004-Fix-stack-overflow-in-vararg-functions.patch +++ b/pkgs/development/interpreters/lua-5/CVE-2014-5461.patch diff --git a/pkgs/development/interpreters/lua-5/CVE-2019-6706.patch b/pkgs/development/interpreters/lua-5/CVE-2019-6706.patch new file mode 100644 index 00000000000..89e81b7eb68 --- /dev/null +++ b/pkgs/development/interpreters/lua-5/CVE-2019-6706.patch @@ -0,0 +1,22 @@ +--- a/src/lapi.c ++++ b/src/lapi.c +@@ -1285,14 +1285,14 @@ LUA_API void *lua_upvalueid (lua_State * + + LUA_API void lua_upvaluejoin (lua_State *L, int fidx1, int n1, + int fidx2, int n2) { +- LClosure *f1; +- UpVal **up1 = getupvalref(L, fidx1, n1, &f1); ++ UpVal **up1 = getupvalref(L, fidx1, n1, NULL); /* the last parameter not needed */ + UpVal **up2 = getupvalref(L, fidx2, n2, NULL); ++ if (*up1 == *up2) return; /* Already joined */ ++ (*up2)->refcount++; ++ if (upisopen(*up2)) (*up2)->u.open.touched = 1; ++ luaC_upvalbarrier(L, *up2); + luaC_upvdeccount(L, *up1); + *up1 = *up2; +- (*up1)->refcount++; +- if (upisopen(*up1)) (*up1)->u.open.touched = 1; +- luaC_upvalbarrier(L, *up1); + } + + diff --git a/pkgs/development/interpreters/lua-5/default.nix b/pkgs/development/interpreters/lua-5/default.nix index 08645dfb77f..7e79ff8f117 100644 --- a/pkgs/development/interpreters/lua-5/default.nix +++ b/pkgs/development/interpreters/lua-5/default.nix @@ -1,5 +1,5 @@ # similar to interpreters/python/default.nix -{ stdenv, lib, callPackage, fetchurl }: +{ stdenv, lib, callPackage, fetchurl, fetchpatch }: let dsoPatch51 = fetchurl { url = "https://projects.archlinux.org/svntogit/packages.git/plain/trunk/lua-arch.patch?h=packages/lua51"; @@ -18,7 +18,10 @@ in rec { lua5_3 = callPackage ./interpreter.nix { sourceVersion = { major = "5"; minor = "3"; patch = "5"; }; hash = "0c2eed3f960446e1a3e4b9a1ca2f3ff893b6ce41942cf54d5dd59ab4b3b058ac"; - patches = lib.optionals stdenv.isDarwin [ ./5.2.darwin.patch ] ; + patches = + lib.optionals stdenv.isDarwin [ ./5.2.darwin.patch ] ++ [ + ./CVE-2019-6706.patch + ]; postConfigure = lib.optionalString (!stdenv.isDarwin) '' cat ${./lua-5.3-dso.make} >> src/Makefile sed -e 's/ALL_T *= */& $(LUA_SO)/' -i src/Makefile @@ -49,7 +52,7 @@ in rec { sourceVersion = { major = "5"; minor = "1"; patch = "5"; }; hash = "2640fc56a795f29d28ef15e13c34a47e223960b0240e8cb0a82d9b0738695333"; patches = (if stdenv.isDarwin then [ ./5.1.darwin.patch ] else [ dsoPatch51 ]) - ++ [ ./5.1.0004-Fix-stack-overflow-in-vararg-functions.patch ]; + ++ [ ./CVE-2014-5461.patch ]; }; luajit_2_0 = import ../luajit/2.0.nix { diff --git a/pkgs/development/interpreters/lua-5/setup-hook.sh b/pkgs/development/interpreters/lua-5/setup-hook.sh index f7e56b62ac9..1c445b82afd 100644 --- a/pkgs/development/interpreters/lua-5/setup-hook.sh +++ b/pkgs/development/interpreters/lua-5/setup-hook.sh @@ -20,7 +20,7 @@ addToLuaSearchPathWithCustomDelimiter() { if [[ ! -d "$topDir" ]]; then return; fi # export only if we haven't already got this dir in the search path - if [[ ${!varName} == *"$absPattern"* ]]; then return; fi + if [[ ${!varName-} == *"$absPattern"* ]]; then return; fi export "${varName}=${!varName:+${!varName};}${absPattern}" } diff --git a/pkgs/development/interpreters/lua-5/wrapper.nix b/pkgs/development/interpreters/lua-5/wrapper.nix index 816744e61cf..53ec2baeb5e 100644 --- a/pkgs/development/interpreters/lua-5/wrapper.nix +++ b/pkgs/development/interpreters/lua-5/wrapper.nix @@ -11,7 +11,7 @@ let env = let paths = requiredLuaModules (extraLibs ++ [ lua ] ); - in buildEnv { + in (buildEnv { name = "${lua.name}-env"; inherit paths; @@ -20,12 +20,6 @@ let # we create wrapper for the binaries in the different packages postBuild = '' - - . "${makeWrapper}/nix-support/setup-hook" - - # get access to lua functions - . ${lua}/nix-support/setup-hook - if [ -L "$out/bin" ]; then unlink "$out/bin" fi @@ -68,5 +62,8 @@ let ''; }; }; - }; + }).overrideAttrs (_: { + # Add extra deps needed for postBuild hook. + nativeBuildInputs = [ makeWrapper lua ]; + }); in env |