diff options
| author | Andrew Dunham <andrew@du.nham.ca> | 2020-02-01 14:27:05 -0800 |
|---|---|---|
| committer | Andrew Dunham <andrew@du.nham.ca> | 2020-02-01 16:37:15 -0800 |
| commit | ef3addb1cbeaa7ab576ed0ae5fb6c8e85cfc2994 (patch) | |
| tree | b58efada8b6c96b6e0b81af1cd59f6ae274f90e9 /pkgs/applications/virtualization | |
| parent | a6e9b59633f4c1e615ff69a454720fb3350bd910 (diff) | |
| download | nixpkgs-ef3addb1cbeaa7ab576ed0ae5fb6c8e85cfc2994.tar nixpkgs-ef3addb1cbeaa7ab576ed0ae5fb6c8e85cfc2994.tar.gz nixpkgs-ef3addb1cbeaa7ab576ed0ae5fb6c8e85cfc2994.tar.bz2 nixpkgs-ef3addb1cbeaa7ab576ed0ae5fb6c8e85cfc2994.tar.lz nixpkgs-ef3addb1cbeaa7ab576ed0ae5fb6c8e85cfc2994.tar.xz nixpkgs-ef3addb1cbeaa7ab576ed0ae5fb6c8e85cfc2994.tar.zst nixpkgs-ef3addb1cbeaa7ab576ed0ae5fb6c8e85cfc2994.zip | |
qemu: add patches for CVE-2020-7039 and CVE-2020-7211
Fixes #78762
Diffstat (limited to 'pkgs/applications/virtualization')
| -rw-r--r-- | pkgs/applications/virtualization/qemu/default.nix | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/pkgs/applications/virtualization/qemu/default.nix b/pkgs/applications/virtualization/qemu/default.nix index 67aa36b7827..203ee1c7cc0 100644 --- a/pkgs/applications/virtualization/qemu/default.nix +++ b/pkgs/applications/virtualization/qemu/default.nix @@ -84,6 +84,37 @@ stdenv.mkDerivation rec { stripLen = 1; extraPrefix = "slirp/"; }) + # patches listed at: https://nvd.nist.gov/vuln/detail/CVE-2020-7039 + (fetchpatch { + name = "CVE-2020-7039-1.patch"; + url = "https://git.qemu.org/?p=libslirp.git;a=patch;h=2655fffed7a9e765bcb4701dd876e9dab975f289"; + sha256 = "1jh0k3lg3553c2x1kq1kl3967jabhba5gm584wjpmr5mjqk3lnz1"; + stripLen = 1; + extraPrefix = "slirp/"; + excludes = ["slirp/CHANGELOG.md"]; + }) + (fetchpatch { + name = "CVE-2020-7039-2.patch"; + url = "https://git.qemu.org/?p=libslirp.git;a=patch;h=82ebe9c370a0e2970fb5695aa19aa5214a6a1c80"; + sha256 = "08ccxcmrhzknnzd1a1q2brszv3a7h02n26r73kpli10b0hn12r2l"; + stripLen = 1; + extraPrefix = "slirp/"; + }) + (fetchpatch { + name = "CVE-2020-7039-3.patch"; + url = "https://git.qemu.org/?p=libslirp.git;a=patch;h=ce131029d6d4a405cb7d3ac6716d03e58fb4a5d9"; + sha256 = "18ypj9an2jmsmdn58853rbz42r10587h7cz5fdws2x4635778ibd"; + stripLen = 1; + extraPrefix = "slirp/"; + }) + # patches listed at: https://nvd.nist.gov/vuln/detail/CVE-2020-7211 + (fetchpatch { + name = "CVE-2020-7211.patch"; + url = "https://git.qemu.org/?p=libslirp.git;a=patch;h=14ec36e107a8c9af7d0a80c3571fe39b291ff1d4"; + sha256 = "1lc8zabqs580iqrsr5k7zwgkx6qjmja7apwfbc36lkvnrxwfzmrc"; + stripLen = 1; + extraPrefix = "slirp/"; + }) ] ++ optional nixosTestRunner ./force-uid0-on-9p.patch ++ optionals stdenv.hostPlatform.isMusl [ (fetchpatch { |