summary refs log tree commit diff
path: root/pkgs/os-specific/linux/busybox/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/os-specific/linux/busybox/default.nix')
-rw-r--r--pkgs/os-specific/linux/busybox/default.nix16
1 files changed, 14 insertions, 2 deletions
diff --git a/pkgs/os-specific/linux/busybox/default.nix b/pkgs/os-specific/linux/busybox/default.nix
index 6c9c43e4e5a..0030f60000d 100644
--- a/pkgs/os-specific/linux/busybox/default.nix
+++ b/pkgs/os-specific/linux/busybox/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, lib, buildPackages, fetchurl
+{ stdenv, lib, buildPackages, fetchurl, fetchpatch
 , enableStatic ? false
 , enableMinimal ? false
 , useMusl ? false, musl
@@ -39,7 +39,19 @@ stdenv.mkDerivation rec {
 
   hardeningDisable = [ "format" ] ++ lib.optionals enableStatic [ "fortify" ];
 
-  patches = [ ./busybox-in-store.patch ];
+  patches = [
+    ./busybox-in-store.patch 
+    (fetchpatch {
+      name = "CVE-2017-15873.patch";
+      url = "https://git.busybox.net/busybox/patch/?id=0402cb32df015d9372578e3db27db47b33d5c7b0";
+      sha256 = "1s3xqifd0dww19mbnzrks0i1az0qwd884sxjzrx33d6a9jxv4dzn";
+    })
+    (fetchpatch {
+      name = "CVE-2017-15874.patch";
+      url = "https://git.busybox.net/busybox/patch/?id=9ac42c500586fa5f10a1f6d22c3f797df11b1f6b";
+      sha256 = "0169p4ylz9zd14ghhb39yfjvbdca2kb21pphylfh9ny7i484ahql";
+    })
+  ];
 
   configurePhase = ''
     export KCONFIG_NOTIMESTAMP=1
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-09 22:48:03 +0000