Merge #63205: dhcpcd: apply security fixes (release-19.03)

CVE-2019-11577 CVE-2019-11578 CVE-2019-11579 CVE-2019-11766 I checked the commit hashes agree with those linked from nvd.nist.gov
author: Vladimír Čunát <v@cunat.cz> 2019-06-23 09:54:46 +0200
committer: Vladimír Čunát <v@cunat.cz> 2019-06-23 10:23:31 +0200
commit: f49d8beff03ed96044382dbe04b53d05959fd8a2 (patch)
tree: 330a9a0ceddc75187d77e3f15ff0fa1d2d651ddd
parent: linux_4_{14,19}: restore __kernel_fpu_{begin,restore} (#63665) (diff)
parent: dhcpcd: CVE-2019-11577 CVE-2019-11578 CVE-2019-11579 CVE-2019-11766 (diff)
download: nixpkgs-f49d8beff03ed96044382dbe04b53d05959fd8a2.tar.gz
1 files changed, 39 insertions, 1 deletions
diff --git a/pkgs/tools/networking/dhcpcd/default.nix b/pkgs/tools/networking/dhcpcd/default.nix
index 04652ea868d0..cdf103c8ccd6 100644
--- a/pkgs/tools/networking/dhcpcd/default.nix
+++ b/pkgs/tools/networking/dhcpcd/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, pkgconfig, udev, runtimeShellPackage, runtimeShell }:
+{ stdenv, fetchurl, pkgconfig, udev, runtimeShellPackage, runtimeShell, fetchpatch }:
 
 stdenv.mkDerivation rec {
   # when updating this to >=7, check, see previous reverts:
@@ -10,6 +10,44 @@ stdenv.mkDerivation rec {
     sha256 = "0h94g5nl9bg3x3qaajqaz6izl6mlvyjgp93nifnlfb7r7n3j8yd2";
   };
 
+  patches = [
+    (fetchpatch {
+        url = "https://roy.marples.name/cgit/dhcpcd.git/patch/?id=8d11b33f6c60e2db257130fa383ba76b6018bcf6";
+        name = "CVE-2019-11577.patch";
+        sha256 = "1fivwydjr5ijnfbwfrqi65d4qa27nwmqsqc5fhzhfpq7xidslv47";
+    })
+    (fetchpatch {
+        url = "https://roy.marples.name/cgit/dhcpcd.git/patch/?id=7121040790b611ca3fbc400a1bbcd4364ef57233";
+        name = "CVE-2019-11578-1.patch";
+        sha256 = "01vhdly78sld8cgaxfc441hliqm097lzfc9mlyv6q8c869bi3mk4";
+    })
+    (fetchpatch {
+        url = "https://roy.marples.name/cgit/dhcpcd.git/patch/?id=aee631aadeef4283c8a749c1caf77823304acf5e";
+        name = "CVE-2019-11578-2.patch";
+        sha256 = "1ar1pmbbh47rd7rz66mdy640iwir4rspqczw2nfx2yjxx3s00j3k";
+    })
+    (fetchpatch {
+        url = "https://roy.marples.name/cgit/dhcpcd.git/patch/?id=cfde89ab66cb4e5957b1c4b68ad6a9449e2784da";
+        name = "CVE-2019-11578-3.patch";
+        sha256 = "0ibgjhh51fii9wg92nvvy431d3r7nms8anki1h2fjzyqcmidhzm9";
+    })
+    (fetchpatch {
+        url = "https://roy.marples.name/cgit/dhcpcd.git/patch/?id=4b67f6f1038fd4ad5ca7734eaaeba1b2ec4816b8";
+        name = "CVE-2019-11579.patch";
+        sha256 = "0ir2c2206hxxq33mkp6n8hn254w3idgap2i0fh5h5c4bp6yg286i";
+    })
+    (fetchpatch {
+        url = "https://roy.marples.name/cgit/dhcpcd.git/patch/?id=c1ebeaafeb324bac997984abdcee2d4e8b61a8a8";
+        name = "CVE-2019-11766-1.patch";
+        sha256 = "0ksph40jmpvlchgriq84yn7lkh84159is6k49sq3m3lv0acdg9w5";
+    })
+    (fetchpatch {
+        url = "https://roy.marples.name/cgit/dhcpcd.git/patch/?id=896ef4a54b0578985e5e1360b141593f1d62837b";
+        name = "CVE-2019-11766-2.patch";
+        sha256 = "1miycp2drz1g5knhn5kk104amrfjz8nfbk68si8ap1wk755p8xvx";
+    })
+	];
+
   nativeBuildInputs = [ pkgconfig ];
   buildInputs = [
     udev
author	Vladimír Čunát <v@cunat.cz>	2019-06-23 09:54:46 +0200
committer	Vladimír Čunát <v@cunat.cz>	2019-06-23 10:23:31 +0200
commit	f49d8beff03ed96044382dbe04b53d05959fd8a2 (patch)
tree	330a9a0ceddc75187d77e3f15ff0fa1d2d651ddd
parent	linux_4_{14,19}: restore __kernel_fpu_{begin,restore} (#63665) (diff)
parent	dhcpcd: CVE-2019-11577 CVE-2019-11578 CVE-2019-11579 CVE-2019-11766 (diff)
download	nixpkgs-f49d8beff03ed96044382dbe04b53d05959fd8a2.tar.gz