Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: cc828291966d
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: f49d8beff03e
Choose a head ref
  • 2 commits
  • 1 file changed
  • 2 contributors

Commits on Jun 16, 2019

  1. dhcpcd: CVE-2019-11577 CVE-2019-11578 CVE-2019-11579 CVE-2019-11766

    @mmahut
    mmahut committed Jun 16, 2019

    Verified

    This commit was signed with the committer’s verified signature. The key has expired.
    dtzWill Will Dietz
    GPG key ID: EBB0EA4124809D02
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    4683727 View commit details

Commits on Jun 23, 2019

  1. Merge #63205: dhcpcd: apply security fixes (release-19.03) 

    CVE-2019-11577
CVE-2019-11578
CVE-2019-11579
CVE-2019-11766
I checked the commit hashes agree with those linked from nvd.nist.gov
    @vcunat
    vcunat committed Jun 23, 2019

    Verified

    This commit was signed with the committer’s verified signature.
    vcunat Vladimír Čunát
    GPG key ID: E747DF1F9575A3AA
    Verified
    Learn about vigilant mode
    Copy the full SHA
    f49d8be View commit details
Showing with 39 additions and 1 deletion.
  1. +39 −1 pkgs/tools/networking/dhcpcd/default.nix
40 changes: 39 additions & 1 deletion pkgs/tools/networking/dhcpcd/default.nix
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{ stdenv, fetchurl, pkgconfig, udev, runtimeShellPackage, runtimeShell }:
{ stdenv, fetchurl, pkgconfig, udev, runtimeShellPackage, runtimeShell, fetchpatch }:

stdenv.mkDerivation rec {
# when updating this to >=7, check, see previous reverts:
@@ -10,6 +10,44 @@ stdenv.mkDerivation rec {
sha256 = "0h94g5nl9bg3x3qaajqaz6izl6mlvyjgp93nifnlfb7r7n3j8yd2";
};

patches = [
(fetchpatch {
url = "https://roy.marples.name/cgit/dhcpcd.git/patch/?id=8d11b33f6c60e2db257130fa383ba76b6018bcf6";
name = "CVE-2019-11577.patch";
sha256 = "1fivwydjr5ijnfbwfrqi65d4qa27nwmqsqc5fhzhfpq7xidslv47";
})
(fetchpatch {
url = "https://roy.marples.name/cgit/dhcpcd.git/patch/?id=7121040790b611ca3fbc400a1bbcd4364ef57233";
name = "CVE-2019-11578-1.patch";
sha256 = "01vhdly78sld8cgaxfc441hliqm097lzfc9mlyv6q8c869bi3mk4";
})
(fetchpatch {
url = "https://roy.marples.name/cgit/dhcpcd.git/patch/?id=aee631aadeef4283c8a749c1caf77823304acf5e";
name = "CVE-2019-11578-2.patch";
sha256 = "1ar1pmbbh47rd7rz66mdy640iwir4rspqczw2nfx2yjxx3s00j3k";
})
(fetchpatch {
url = "https://roy.marples.name/cgit/dhcpcd.git/patch/?id=cfde89ab66cb4e5957b1c4b68ad6a9449e2784da";
name = "CVE-2019-11578-3.patch";
sha256 = "0ibgjhh51fii9wg92nvvy431d3r7nms8anki1h2fjzyqcmidhzm9";
})
(fetchpatch {
url = "https://roy.marples.name/cgit/dhcpcd.git/patch/?id=4b67f6f1038fd4ad5ca7734eaaeba1b2ec4816b8";
name = "CVE-2019-11579.patch";
sha256 = "0ir2c2206hxxq33mkp6n8hn254w3idgap2i0fh5h5c4bp6yg286i";
})
(fetchpatch {
url = "https://roy.marples.name/cgit/dhcpcd.git/patch/?id=c1ebeaafeb324bac997984abdcee2d4e8b61a8a8";
name = "CVE-2019-11766-1.patch";
sha256 = "0ksph40jmpvlchgriq84yn7lkh84159is6k49sq3m3lv0acdg9w5";
})
(fetchpatch {
url = "https://roy.marples.name/cgit/dhcpcd.git/patch/?id=896ef4a54b0578985e5e1360b141593f1d62837b";
name = "CVE-2019-11766-2.patch";
sha256 = "1miycp2drz1g5knhn5kk104amrfjz8nfbk68si8ap1wk755p8xvx";
})
];

nativeBuildInputs = [ pkgconfig ];
buildInputs = [
udev