diff options
author | Maximilian Bosch <maximilian@mbosch.me> | 2021-07-18 21:51:37 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-07-18 21:51:37 +0200 |
commit | 651fd8be1034903f13213d09976d26688daf2191 (patch) | |
tree | c09dfa6eac6a216b5378111c65312cf78b2d187c /pkgs/applications/virtualization | |
parent | 5f4b3ceeebb39ad862714c9a5f7b86483e35bf04 (diff) | |
parent | cddea297f28ab67d1f2bf0902bfdcc95ec29a8a0 (diff) | |
download | nixpkgs-651fd8be1034903f13213d09976d26688daf2191.tar nixpkgs-651fd8be1034903f13213d09976d26688daf2191.tar.gz nixpkgs-651fd8be1034903f13213d09976d26688daf2191.tar.bz2 nixpkgs-651fd8be1034903f13213d09976d26688daf2191.tar.lz nixpkgs-651fd8be1034903f13213d09976d26688daf2191.tar.xz nixpkgs-651fd8be1034903f13213d09976d26688daf2191.tar.zst nixpkgs-651fd8be1034903f13213d09976d26688daf2191.zip |
Merge pull request #130554 from risicle/ris-qemu-CVE-2021-3546
qemu: add patches for CVE-2021-3545, CVE-2021-3546
Diffstat (limited to 'pkgs/applications/virtualization')
-rw-r--r-- | pkgs/applications/virtualization/qemu/default.nix | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/pkgs/applications/virtualization/qemu/default.nix b/pkgs/applications/virtualization/qemu/default.nix index 7fd01a8ffa9..3c9e7ae8c52 100644 --- a/pkgs/applications/virtualization/qemu/default.nix +++ b/pkgs/applications/virtualization/qemu/default.nix @@ -86,6 +86,16 @@ stdenv.mkDerivation rec { patches = [ ./fix-qemu-ga.patch ./9p-ignore-noatime.patch + (fetchpatch { + name = "CVE-2021-3545.patch"; + url = "https://gitlab.com/qemu-project/qemu/-/commit/121841b25d72d13f8cad554363138c360f1250ea.patch"; + sha256 = "13dgfd8dmxcalh2nvb68iv0kyv4xxrvpdqdxf1h3bjr4451glag1"; + }) + (fetchpatch { + name = "CVE-2021-3546.patch"; + url = "https://gitlab.com/qemu-project/qemu/-/commit/9f22893adcb02580aee5968f32baa2cd109b3ec2.patch"; + sha256 = "1vkhm9vl671y4cra60b6704339qk1h5dyyb3dfvmvpsvfyh2pm7n"; + }) ] ++ optional nixosTestRunner ./force-uid0-on-9p.patch ++ optionals stdenv.hostPlatform.isMusl [ (fetchpatch { |