From 2172a023ebd00d83c3e297b358e2d16409555d95 Mon Sep 17 00:00:00 2001
From: Myk Taylor <myk002@yahoo.com>
Date: Thu, 27 Jun 2024 12:25:04 -0700
Subject: [PATCH 1/2] luacov doesn't use io.popen anymore

---
 depends/luacov       |  2 +-
 library/LuaTools.cpp | 12 +++++-------
 2 files changed, 6 insertions(+), 8 deletions(-)

diff --git a/depends/luacov b/depends/luacov
index 99d0682784..d1c80f1a26 160000
--- a/depends/luacov
+++ b/depends/luacov
@@ -1 +1 @@
-Subproject commit 99d06827848583232dd77afb34cd7ab589567086
+Subproject commit d1c80f1a262930c7d1f47733e1687fe412917452
diff --git a/library/LuaTools.cpp b/library/LuaTools.cpp
index 9faf88d522..08b90bd61c 100644
--- a/library/LuaTools.cpp
+++ b/library/LuaTools.cpp
@@ -1898,13 +1898,11 @@ lua_State *DFHack::Lua::Open(color_ostream &out, lua_State *state)
     luaL_setfuncs(state, dfhack_coro_funcs, 0);
     lua_pop(state, 1);
 
-    // remove some io functions (if coverage monitoring, which needs them, is not enabled)
-    if (!getenv("DFHACK_ENABLE_LUACOV")) {
-        lua_getglobal(state, "io");
-        lua_pushnil(state);
-        lua_setfield(state, -2, "popen");
-        lua_pop(state, 1);
-    }
+    // DFHack should not be running external processes (security hardening measure)
+    lua_getglobal(state, "io");
+    lua_pushnil(state);
+    lua_setfield(state, -2, "popen");
+    lua_pop(state, 1);
 
     // replace some os functions
     lua_getglobal(state, "os");

From 0ca0f4d4a69672dd1487ed366f8731850186a1fa Mon Sep 17 00:00:00 2001
From: Myk Taylor <myk002@yahoo.com>
Date: Thu, 27 Jun 2024 13:41:29 -0700
Subject: [PATCH 2/2] update scripts ref

---
 scripts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts b/scripts
index 0b65a490b8..7b9ace22f4 160000
--- a/scripts
+++ b/scripts
@@ -1 +1 @@
-Subproject commit 0b65a490b822eddc9b6dacb9b4a1ef4ac0c5f2e8
+Subproject commit 7b9ace22f420c223d6f401292a8223ffa56e8585