pyrox.dev
busybox: apply Alpine's patch for tar TOCTOU (#431370)
+4
pkgs/os-specific/linux/busybox/default.nix
+4
pkgs/os-specific/linux/busybox/default.nix
···
106
url = "https://git.alpinelinux.org/aports/plain/main/busybox/CVE-2023-42364-CVE-2023-42365.patch?id=8a4bf5971168bf48201c05afda7bee0fbb188e13";
107
hash = "sha256-nQPgT9eA1asCo38Z9X7LR9My0+Vz5YBPba3ARV3fWcc=";
108
})
109
]
110
++ lib.optional (stdenv.hostPlatform != stdenv.buildPlatform) ./clang-cross.patch;
111
···
106
url = "https://git.alpinelinux.org/aports/plain/main/busybox/CVE-2023-42364-CVE-2023-42365.patch?id=8a4bf5971168bf48201c05afda7bee0fbb188e13";
107
hash = "sha256-nQPgT9eA1asCo38Z9X7LR9My0+Vz5YBPba3ARV3fWcc=";
108
})
109
+
(fetchurl {
110
+
url = "https://git.alpinelinux.org/aports/plain/main/busybox/0001-tar-fix-TOCTOU-symlink-race-condition.patch?id=9e42dea5fba84a8afad1f1910b7d3884128a567e";
111
+
hash = "sha256-GmXQhwB1/IPVjXXpGi5RjRvuGJgIMIb7lQKB63m306g=";
112
+
})
113
]
114
++ lib.optional (stdenv.hostPlatform != stdenv.buildPlatform) ./clang-cross.patch;
115