talexander/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Releases Activity

busybox: apply Alpine's patch for tar TOCTOU

Browse Source 
Link: https://lists.busybox.net/pipermail/busybox/2025-August/091665.html
This commit is contained in:
Alyssa Ross 2025-08-06 08:42:05 +02:00
parent 38178ed25d
commit a8f8a8fc30
No known key found for this signature in database
GPG Key ID: 5B459184230FF0A2
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pkgs/os-specific/linux/busybox/default.nix
View File

@ -106,6 +106,10 @@ stdenv.mkDerivation rec {
url = "https://git.alpinelinux.org/aports/plain/main/busybox/CVE-2023-42364-CVE-2023-42365.patch?id=8a4bf5971168bf48201c05afda7bee0fbb188e13"; url = "https://git.alpinelinux.org/aports/plain/main/busybox/CVE-2023-42364-CVE-2023-42365.patch?id=8a4bf5971168bf48201c05afda7bee0fbb188e13";
hash = "sha256-nQPgT9eA1asCo38Z9X7LR9My0+Vz5YBPba3ARV3fWcc="; hash = "sha256-nQPgT9eA1asCo38Z9X7LR9My0+Vz5YBPba3ARV3fWcc=";
}) })
(fetchurl {
url = "https://git.alpinelinux.org/aports/plain/main/busybox/0001-tar-fix-TOCTOU-symlink-race-condition.patch?id=9e42dea5fba84a8afad1f1910b7d3884128a567e";
hash = "sha256-GmXQhwB1/IPVjXXpGi5RjRvuGJgIMIb7lQKB63m306g=";
})
] ]
++ lib.optional (stdenv.hostPlatform != stdenv.buildPlatform) ./clang-cross.patch; ++ lib.optional (stdenv.hostPlatform != stdenv.buildPlatform) ./clang-cross.patch;