commit f49d8beff03ed96044382dbe04b53d05959fd8a2

tjh.dev / nixpkgs

Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)

Merge #63205: dhcpcd: apply security fixes (release-19.03)

CVE-2019-11577
CVE-2019-11578
CVE-2019-11579
CVE-2019-11766
I checked the commit hashes agree with those linked from nvd.nist.gov

Vladimír Čunát 6 years ago f49d8bef cc828291

+39 -1

1 changed file

expand all

unified split

pkgs

tools

networking

dhcpcd

default.nix

+39 -1

pkgs/tools/networking/dhcpcd/default.nix

··· 1 - { stdenv, fetchurl, pkgconfig, udev, runtimeShellPackage, runtimeShell }: 1 + { stdenv, fetchurl, pkgconfig, udev, runtimeShellPackage, runtimeShell, fetchpatch }: 2 2 3 3 stdenv.mkDerivation rec { 4 4 # when updating this to >=7, check, see previous reverts: ··· 9 9 url = "mirror://roy/dhcpcd/${name}.tar.xz"; 10 10 sha256 = "0h94g5nl9bg3x3qaajqaz6izl6mlvyjgp93nifnlfb7r7n3j8yd2"; 11 11 }; 12 + 13 + patches = [ 14 + (fetchpatch { 15 + url = "https://roy.marples.name/cgit/dhcpcd.git/patch/?id=8d11b33f6c60e2db257130fa383ba76b6018bcf6"; 16 + name = "CVE-2019-11577.patch"; 17 + sha256 = "1fivwydjr5ijnfbwfrqi65d4qa27nwmqsqc5fhzhfpq7xidslv47"; 18 + }) 19 + (fetchpatch { 20 + url = "https://roy.marples.name/cgit/dhcpcd.git/patch/?id=7121040790b611ca3fbc400a1bbcd4364ef57233"; 21 + name = "CVE-2019-11578-1.patch"; 22 + sha256 = "01vhdly78sld8cgaxfc441hliqm097lzfc9mlyv6q8c869bi3mk4"; 23 + }) 24 + (fetchpatch { 25 + url = "https://roy.marples.name/cgit/dhcpcd.git/patch/?id=aee631aadeef4283c8a749c1caf77823304acf5e"; 26 + name = "CVE-2019-11578-2.patch"; 27 + sha256 = "1ar1pmbbh47rd7rz66mdy640iwir4rspqczw2nfx2yjxx3s00j3k"; 28 + }) 29 + (fetchpatch { 30 + url = "https://roy.marples.name/cgit/dhcpcd.git/patch/?id=cfde89ab66cb4e5957b1c4b68ad6a9449e2784da"; 31 + name = "CVE-2019-11578-3.patch"; 32 + sha256 = "0ibgjhh51fii9wg92nvvy431d3r7nms8anki1h2fjzyqcmidhzm9"; 33 + }) 34 + (fetchpatch { 35 + url = "https://roy.marples.name/cgit/dhcpcd.git/patch/?id=4b67f6f1038fd4ad5ca7734eaaeba1b2ec4816b8"; 36 + name = "CVE-2019-11579.patch"; 37 + sha256 = "0ir2c2206hxxq33mkp6n8hn254w3idgap2i0fh5h5c4bp6yg286i"; 38 + }) 39 + (fetchpatch { 40 + url = "https://roy.marples.name/cgit/dhcpcd.git/patch/?id=c1ebeaafeb324bac997984abdcee2d4e8b61a8a8"; 41 + name = "CVE-2019-11766-1.patch"; 42 + sha256 = "0ksph40jmpvlchgriq84yn7lkh84159is6k49sq3m3lv0acdg9w5"; 43 + }) 44 + (fetchpatch { 45 + url = "https://roy.marples.name/cgit/dhcpcd.git/patch/?id=896ef4a54b0578985e5e1360b141593f1d62837b"; 46 + name = "CVE-2019-11766-2.patch"; 47 + sha256 = "1miycp2drz1g5knhn5kk104amrfjz8nfbk68si8ap1wk755p8xvx"; 48 + }) 49 + ]; 12 50 13 51 nativeBuildInputs = [ pkgconfig ]; 14 52 buildInputs = [