qemu: Apply patch for CVE-2014-0150, CVE-2014-2894

pkgs/applications/virtualization/qemu/cve-2014-0150.patch

@@ -0,0 +1,14 @@
+
+diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
+index 439477b..33bd233 100644
+--- a/hw/net/virtio-net.c
++++ b/hw/net/virtio-net.c
+ <at>  <at>  -677,7 +677,7  <at>  <at>  static int virtio_net_handle_mac(VirtIONet *n, uint8_t cmd,
+         goto error;
+     }
+
+-    if (in_use + mac_data.entries <= MAC_TABLE_ENTRIES) {
++    if (mac_data.entries <= MAC_TABLE_ENTRIES - in_use) {
+         s = iov_to_buf(iov, iov_cnt, 0, &macs[in_use * ETH_ALEN],
+                        mac_data.entries * ETH_ALEN);
+         if (s != mac_data.entries * ETH_ALEN) {

pkgs/applications/virtualization/qemu/cve-2014-2894.patch

@@ -0,0 +1,14 @@
+
+diff --git a/hw/ide/core.c b/hw/ide/core.c
+index e1dfe54..c943a4d 100644
+--- a/hw/ide/core.c
++++ b/hw/ide/core.c
+@@ -1602,7 +1602,7 @@ static bool cmd_smart(IDEState *s, uint8_t cmd)
+         case 2: /* extended self test */
+             s->smart_selftest_count++;
+             if (s->smart_selftest_count > 21) {
+-                s->smart_selftest_count = 0;
++                s->smart_selftest_count = 1;
+             }
+             n = 2 + (s->smart_selftest_count - 1) * 24;
+             s->smart_selftest_data[n] = s->sector;

pkgs/applications/virtualization/qemu/default.nix

@@ -17,6 +17,8 @@ stdenv.mkDerivation rec {
     sha256 = "1x5y06zhp0gc97g1sb98vf7dkawg63xywv0mbnpfnbi20jh452fn";
   };
 
+  patches = [ ./cve-2014-0150.patch ./cve-2014-2894.patch ];
+
   buildInputs =
     [ python zlib pkgconfig glib ncurses perl pixman attr libcap
       vde2 alsaLib texinfo libuuid flex bison makeWrapper