From 998e1489d07acf7955617b61751e7fe843622c96 Mon Sep 17 00:00:00 2001 From: eschwartz Date: Mon, 22 Mar 2021 18:08:18 +0000 Subject: [PATCH] upgpkg: busybox 1.32.1-4: backport fix for CVE-2021-28831; resolves FS#70075 git-svn-id: file:///srv/repos/svn-community/svn@899033 9fca08f4-af9d-4005-b8df-a31f2cc04f65 --- trunk/PKGBUILD | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/trunk/PKGBUILD b/trunk/PKGBUILD index c1eef3811b3f..b4952059148d 100644 --- a/trunk/PKGBUILD +++ b/trunk/PKGBUILD @@ -4,7 +4,7 @@ pkgname=busybox pkgver=1.32.1 -pkgrel=3 +pkgrel=4 pkgdesc="Utilities for rescue and embedded systems" arch=("x86_64") url="https://www.busybox.net" @@ -13,20 +13,24 @@ makedepends=("ncurses" "musl" "kernel-headers-musl") validpgpkeys=('C9E9416F76E610DBD09D040F47B70C55ACC9965B') source=("$url/downloads/$pkgname-$pkgver.tar.bz2"{,.sig} '0001-ash-fix-unset_var-pattern-repl.patch' + "CVE-2021-28831.patch::https://git.busybox.net/busybox/patch/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd" "config") sha256sums=('9d57c4bd33974140fd4111260468af22856f12f5b5ef7c70c8d9b75c712a0dee' 'SKIP' '4e4fb268c51e378a3ad0a12f903a601a136d31cae8b684a51ebabbc9a6cf9250' + '108096d1eee47136756e7250ac136aea926c4edaabe707fda1404022806f160b' '0b1df86c2fd0c8869c67096777960bddf7db2c54efab5ad890fc83e1b3cbf027') b2sums=('b0258345d40628d8c12b4cc5c3efdb318cfb469e029242942cdad22aeec5142963291a746fbac450b43a4a1f2f7e9204442456691fa98f18eeaa58c70d714caf' 'SKIP' '6ce36c1e467c55b3405af58b19636daaf1ead2a5a630ed93c0e86912ecccbce359df3061718f99f08204e705eb1352c00801af3f4241e470f7d64ef6367f3c7e' + '1d70db3703e235c5f577f46753be456d45e40f2786ee3a152ebab667e122d31bc687c5ba41697ffb2eeb6aaa48d1b70465633c69e43573269668b10d099d59b0' '1ad361dd163e589aa85822834b7e5ec421c1fc7bfab1e481520a8d90ee920c2f1a07709871f864173c3cfb6eacf60f54a4e2adba4e061ae1a9a883e368f1893e') prepare() { cd "$srcdir/$pkgname-$pkgver" patch -Np1 < ../0001-ash-fix-unset_var-pattern-repl.patch + patch -p1 -i ../CVE-2021-28831.patch } build() {