MirrorHub/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-18 15:56:50 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

qemu: add patches for CVE-2020-7039 and CVE-2020-7211

Browse source 
Fixes #78762
This commit is contained in:
Andrew Dunham 2020-02-01 14:27:05 -08:00
parent a6e9b59633
commit ef3addb1cb
1 changed files with 31 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
pkgs/applications/virtualization/qemu/default.nix
View file

@ -84,6 +84,37 @@ stdenv.mkDerivation rec {
stripLen = 1;
extraPrefix = "slirp/";
})
# patches listed at: https://nvd.nist.gov/vuln/detail/CVE-2020-7039
(fetchpatch {
name = "CVE-2020-7039-1.patch";
url = "https://git.qemu.org/?p=libslirp.git;a=patch;h=2655fffed7a9e765bcb4701dd876e9dab975f289";
sha256 = "1jh0k3lg3553c2x1kq1kl3967jabhba5gm584wjpmr5mjqk3lnz1";
stripLen = 1;
extraPrefix = "slirp/";
excludes = ["slirp/CHANGELOG.md"];
})
(fetchpatch {
name = "CVE-2020-7039-2.patch";
url = "https://git.qemu.org/?p=libslirp.git;a=patch;h=82ebe9c370a0e2970fb5695aa19aa5214a6a1c80";
sha256 = "08ccxcmrhzknnzd1a1q2brszv3a7h02n26r73kpli10b0hn12r2l";
stripLen = 1;
extraPrefix = "slirp/";
})
(fetchpatch {
name = "CVE-2020-7039-3.patch";
url = "https://git.qemu.org/?p=libslirp.git;a=patch;h=ce131029d6d4a405cb7d3ac6716d03e58fb4a5d9";
sha256 = "18ypj9an2jmsmdn58853rbz42r10587h7cz5fdws2x4635778ibd";
stripLen = 1;
extraPrefix = "slirp/";
})
# patches listed at: https://nvd.nist.gov/vuln/detail/CVE-2020-7211
(fetchpatch {
name = "CVE-2020-7211.patch";
url = "https://git.qemu.org/?p=libslirp.git;a=patch;h=14ec36e107a8c9af7d0a80c3571fe39b291ff1d4";
sha256 = "1lc8zabqs580iqrsr5k7zwgkx6qjmja7apwfbc36lkvnrxwfzmrc";
stripLen = 1;
extraPrefix = "slirp/";
})
] ++ optional nixosTestRunner ./force-uid0-on-9p.patch
++ optionals stdenv.hostPlatform.isMusl [
(fetchpatch {