Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

lua-5.3: add patch for CVE-2019-6706 #73859

Merged
merged 1 commit into from Nov 21, 2019

Conversation

ckauhaus
Copy link
Contributor

Motivation for this change

Security patch taken from http://launchpadlibrarian.net/417853567/lua5.3_5.3.3-1_5.3.3-1ubuntu0.18.10.1.diff.gz and adapted to our needs.

Re #54799

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests) -> nixos/tests/rspamd.nix calls lua
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nix-review --run "nix-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after) -> minimal
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.
Notify maintainers

-> Has lua a maintainer?

@teto
Copy link
Member

teto commented Nov 21, 2019

@GrahamcOfBorg build lua5_3

@teto
Copy link
Member

teto commented Nov 21, 2019

@7c6f434c and I often deal with lua stuff. We could add ourselves to interpreters/lua-5/interpreter.nix ?

As for the PR LGTM

@7c6f434c 7c6f434c merged commit bad2bed into NixOS:master Nov 21, 2019
@7c6f434c
Copy link
Member

@teto well, you are currently much more of Lua maintainer than I am.

@ckauhaus ckauhaus deleted the lua-5.3-CVE-2019-6706 branch November 21, 2019 22:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants