From 15cb79e48ed6056af542ced6cc41e6b32664c05b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= <vcunat@gmail.com>
Date: Tue, 9 Sep 2014 21:42:09 +0200
Subject: [PATCH] lua-5.1: fix CVE-2014-5461 by upstream+Debian patch

---
 pkgs/development/interpreters/lua-5/5.1.nix | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/pkgs/development/interpreters/lua-5/5.1.nix b/pkgs/development/interpreters/lua-5/5.1.nix
index 1b05cb8f778..444ecbc787a 100644
--- a/pkgs/development/interpreters/lua-5/5.1.nix
+++ b/pkgs/development/interpreters/lua-5/5.1.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, readline }:
+{ stdenv, fetchurl, fetchpatch, readline }:
 
 let
   dsoPatch = fetchurl {
@@ -18,7 +18,13 @@ stdenv.mkDerivation rec {
 
   buildInputs = [ readline ];
 
-  patches = if stdenv.isDarwin then [ ./5.1.darwin.patch ] else [ dsoPatch ];
+  patches = (if stdenv.isDarwin then [ ./5.1.darwin.patch ] else [ dsoPatch ])
+    ++ [(fetchpatch {
+      name = "CVE-2014-5461.patch";
+      url = "http://anonscm.debian.org/cgit/pkg-lua/lua5.1.git/plain/debian/patches/"
+        + "0004-Fix-stack-overflow-in-vararg-functions.patch?id=b75a2014db2ad65683521f7bb295bfa37b48b389";
+      sha256 = "05i5vh53d9i6dy11ibg9i9qpwz5hdm0s8bkx1d9cfcvy80cm4c7f";
+    })];
 
   configurePhase =
     if stdenv.isDarwin