pyrox.dev / nixpkgs
lol
fork atom

busybox: Add a fix for CVE-2021-28831 (#121578)

Tethys Svensson a376d494 32f6c7d9

options
unified split
Changed files
+9 -1
pkgs
os-specific
linux
busybox
default.nix
+9 -1
pkgs/os-specific/linux/busybox/default.nix 
···

       
1

       

       
-

       
{ stdenv, lib, buildPackages, fetchurl, fetchFromGitLab


     

       

       
1

       
+

       
{ stdenv, lib, buildPackages, fetchurl, fetchFromGitLab, fetchpatch


     

       
2

       
2

       
 

       
, enableStatic ? stdenv.hostPlatform.isStatic


     

       
3

       
3

       
 

       
, enableMinimal ? false


     

       
4

       
4

       
 

       
# Allow forcing musl without switching stdenv itself, e.g. for our bootstrapping:


     
···

       
49

       
49

       
 

       



     

       
50

       
50

       
 

       
stdenv.mkDerivation rec {


     

       
51

       
51

       
 

       
  pname = "busybox";


     

       

       
52

       
+

       
  # TODO: When bumping to next version, remove the patch


     

       

       
53

       
+

       
  # for CVE-2021-28831 (assuming the patch was included in


     

       

       
54

       
+

       
  # the next upstream release)


     

       
52

       
55

       
 

       
  version = "1.32.1";


     

       
53

       
56

       
 

       



     

       
54

       
57

       
 

       
  # Note to whoever is updating busybox: please verify that:


     
···

       
64

       
67

       
 

       



     

       
65

       
68

       
 

       
  patches = [


     

       
66

       
69

       
 

       
    ./busybox-in-store.patch


     

       

       
70

       
+

       
    (fetchpatch {


     

       

       
71

       
+

       
      name = "CVE-2021-28831.patch";


     

       

       
72

       
+

       
      url = "https://git.busybox.net/busybox/patch/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd";


     

       

       
73

       
+

       
      sha256 = "0y79flfbk45krwn963nnbqc21a88bsz4k4asqwvcnfk2lkciadxm";


     

       

       
74

       
+

       
    }) # TODO: Removing when bumping the version


     

       
67

       
75

       
 

       
  ] ++ lib.optional (stdenv.hostPlatform != stdenv.buildPlatform) ./clang-cross.patch;


     

       
68

       
76

       
 

       



     

       
69

       
77

       
 

       
  postPatch = "patchShebangs .";