diff options
| author | Andreas Rammhold <andreas@rammhold.de> | 2017-11-09 12:11:35 +0100 |
|---|---|---|
| committer | Vladimír Čunát <vcunat@gmail.com> | 2017-11-11 13:32:29 +0100 |
| commit | 17fae2499a12722f945105e26b1aabc745d642d0 (patch) | |
| tree | ee81d96c7f597933c836e5f9ed6431b7749dbed0 /pkgs/os-specific/linux/busybox | |
| parent | 73bec97674389da0ab5a31ad7789efc0df8596f5 (diff) | |
| download | nixlib-17fae2499a12722f945105e26b1aabc745d642d0.tar nixlib-17fae2499a12722f945105e26b1aabc745d642d0.tar.gz nixlib-17fae2499a12722f945105e26b1aabc745d642d0.tar.bz2 nixlib-17fae2499a12722f945105e26b1aabc745d642d0.tar.lz nixlib-17fae2499a12722f945105e26b1aabc745d642d0.tar.xz nixlib-17fae2499a12722f945105e26b1aabc745d642d0.tar.zst nixlib-17fae2499a12722f945105e26b1aabc745d642d0.zip | |
busybox: fix CVE-2017-1587{34}
Diffstat (limited to 'pkgs/os-specific/linux/busybox')
| -rw-r--r-- | pkgs/os-specific/linux/busybox/default.nix | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/pkgs/os-specific/linux/busybox/default.nix b/pkgs/os-specific/linux/busybox/default.nix index 6c9c43e4e5a9..0030f60000d2 100644 --- a/pkgs/os-specific/linux/busybox/default.nix +++ b/pkgs/os-specific/linux/busybox/default.nix @@ -1,4 +1,4 @@ -{ stdenv, lib, buildPackages, fetchurl +{ stdenv, lib, buildPackages, fetchurl, fetchpatch , enableStatic ? false , enableMinimal ? false , useMusl ? false, musl @@ -39,7 +39,19 @@ stdenv.mkDerivation rec { hardeningDisable = [ "format" ] ++ lib.optionals enableStatic [ "fortify" ]; - patches = [ ./busybox-in-store.patch ]; + patches = [ + ./busybox-in-store.patch + (fetchpatch { + name = "CVE-2017-15873.patch"; + url = "https://git.busybox.net/busybox/patch/?id=0402cb32df015d9372578e3db27db47b33d5c7b0"; + sha256 = "1s3xqifd0dww19mbnzrks0i1az0qwd884sxjzrx33d6a9jxv4dzn"; + }) + (fetchpatch { + name = "CVE-2017-15874.patch"; + url = "https://git.busybox.net/busybox/patch/?id=9ac42c500586fa5f10a1f6d22c3f797df11b1f6b"; + sha256 = "0169p4ylz9zd14ghhb39yfjvbdca2kb21pphylfh9ny7i484ahql"; + }) + ]; configurePhase = '' export KCONFIG_NOTIMESTAMP=1 |