From 17fae2499a12722f945105e26b1aabc745d642d0 Mon Sep 17 00:00:00 2001
From: Andreas Rammhold <andreas@rammhold.de>
Date: Thu, 9 Nov 2017 12:11:35 +0100
Subject: busybox: fix CVE-2017-1587{34}

---
 pkgs/os-specific/linux/busybox/default.nix | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

(limited to 'pkgs/os-specific/linux/busybox')

diff --git a/pkgs/os-specific/linux/busybox/default.nix b/pkgs/os-specific/linux/busybox/default.nix
index 6c9c43e4e5a9..0030f60000d2 100644
--- a/pkgs/os-specific/linux/busybox/default.nix
+++ b/pkgs/os-specific/linux/busybox/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, lib, buildPackages, fetchurl
+{ stdenv, lib, buildPackages, fetchurl, fetchpatch
 , enableStatic ? false
 , enableMinimal ? false
 , useMusl ? false, musl
@@ -39,7 +39,19 @@ stdenv.mkDerivation rec {
 
   hardeningDisable = [ "format" ] ++ lib.optionals enableStatic [ "fortify" ];
 
-  patches = [ ./busybox-in-store.patch ];
+  patches = [
+    ./busybox-in-store.patch 
+    (fetchpatch {
+      name = "CVE-2017-15873.patch";
+      url = "https://git.busybox.net/busybox/patch/?id=0402cb32df015d9372578e3db27db47b33d5c7b0";
+      sha256 = "1s3xqifd0dww19mbnzrks0i1az0qwd884sxjzrx33d6a9jxv4dzn";
+    })
+    (fetchpatch {
+      name = "CVE-2017-15874.patch";
+      url = "https://git.busybox.net/busybox/patch/?id=9ac42c500586fa5f10a1f6d22c3f797df11b1f6b";
+      sha256 = "0169p4ylz9zd14ghhb39yfjvbdca2kb21pphylfh9ny7i484ahql";
+    })
+  ];
 
   configurePhase = ''
     export KCONFIG_NOTIMESTAMP=1
-- 
cgit 1.4.1