diff options
Diffstat (limited to 'nixpkgs/pkgs/os-specific/linux/busybox/default.nix')
-rw-r--r-- | nixpkgs/pkgs/os-specific/linux/busybox/default.nix | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/nixpkgs/pkgs/os-specific/linux/busybox/default.nix b/nixpkgs/pkgs/os-specific/linux/busybox/default.nix index 7aaedb5b1acd..3feb590eb5d6 100644 --- a/nixpkgs/pkgs/os-specific/linux/busybox/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/busybox/default.nix @@ -50,14 +50,14 @@ in stdenv.mkDerivation rec { pname = "busybox"; - version = "1.34.1"; + version = "1.35.0"; # Note to whoever is updating busybox: please verify that: # nix-build pkgs/stdenv/linux/make-bootstrap-tools.nix -A test # still builds after the update. src = fetchurl { url = "https://busybox.net/downloads/${pname}-${version}.tar.bz2"; - sha256 = "0jfm9fik7nv4w21zqdg830pddgkdjmplmna9yjn9ck1lwn4vsps1"; + sha256 = "sha256-+u6yRMNaNIozT0pZ5EYm7ocPsHtohNaMEK6LwZ+DppQ="; }; hardeningDisable = [ "format" "pie" ] @@ -65,6 +65,21 @@ stdenv.mkDerivation rec { patches = [ ./busybox-in-store.patch + (fetchurl { + name = "CVE-2022-28391.patch"; + url = "https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch?id=ed92963eb55bbc8d938097b9ccb3e221a94653f4"; + sha256 = "sha256-yviw1GV+t9tbHbY7YNxEqPi7xEreiXVqbeRyf8c6Awo="; + }) + (fetchurl { + name = "CVE-2022-28391.patch"; + url = "https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch?id=ed92963eb55bbc8d938097b9ccb3e221a94653f4"; + sha256 = "sha256-vl1wPbsHtXY9naajjnTicQ7Uj3N+EQ8pRNnrdsiow+w="; + }) + (fetchurl { + name = "CVE-2022-30065.patch"; + url = "https://git.alpinelinux.org/aports/plain/main/busybox/CVE-2022-30065.patch?id=4ffd996b3f8298c7dd424b912c245864c816e354"; + sha256 = "sha256-+WSYxI6eF8S0tya/S62f9Nc6jVMnHO0q1OyM69GlNTY="; + }) ] ++ lib.optional (stdenv.hostPlatform != stdenv.buildPlatform) ./clang-cross.patch; separateDebugInfo = true; |