busybox: Add a fix for CVE-2021-28831 (#121578)
This commit is contained in:
parent
32f6c7d949
commit
a376d4944c
|
@ -1,4 +1,4 @@
|
||||||
{ stdenv, lib, buildPackages, fetchurl, fetchFromGitLab
|
{ stdenv, lib, buildPackages, fetchurl, fetchFromGitLab, fetchpatch
|
||||||
, enableStatic ? stdenv.hostPlatform.isStatic
|
, enableStatic ? stdenv.hostPlatform.isStatic
|
||||||
, enableMinimal ? false
|
, enableMinimal ? false
|
||||||
# Allow forcing musl without switching stdenv itself, e.g. for our bootstrapping:
|
# Allow forcing musl without switching stdenv itself, e.g. for our bootstrapping:
|
||||||
|
@ -49,6 +49,9 @@ in
|
||||||
|
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
pname = "busybox";
|
pname = "busybox";
|
||||||
|
# TODO: When bumping to next version, remove the patch
|
||||||
|
# for CVE-2021-28831 (assuming the patch was included in
|
||||||
|
# the next upstream release)
|
||||||
version = "1.32.1";
|
version = "1.32.1";
|
||||||
|
|
||||||
# Note to whoever is updating busybox: please verify that:
|
# Note to whoever is updating busybox: please verify that:
|
||||||
|
@ -64,6 +67,11 @@ stdenv.mkDerivation rec {
|
||||||
|
|
||||||
patches = [
|
patches = [
|
||||||
./busybox-in-store.patch
|
./busybox-in-store.patch
|
||||||
|
(fetchpatch {
|
||||||
|
name = "CVE-2021-28831.patch";
|
||||||
|
url = "https://git.busybox.net/busybox/patch/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd";
|
||||||
|
sha256 = "0y79flfbk45krwn963nnbqc21a88bsz4k4asqwvcnfk2lkciadxm";
|
||||||
|
}) # TODO: Removing when bumping the version
|
||||||
] ++ lib.optional (stdenv.hostPlatform != stdenv.buildPlatform) ./clang-cross.patch;
|
] ++ lib.optional (stdenv.hostPlatform != stdenv.buildPlatform) ./clang-cross.patch;
|
||||||
|
|
||||||
postPatch = "patchShebangs .";
|
postPatch = "patchShebangs .";
|
||||||
|
|
Loading…
Reference in a new issue