From a4e6261173a18d9e0cb2f02b73fb7fbae91ecaaf Mon Sep 17 00:00:00 2001
From: Marek Mahut <marek.mahut@satoshilabs.com>
Date: Sat, 15 Jun 2019 23:54:01 +0200
Subject: [PATCH] qemu: CVE-2019-12155

---
 pkgs/applications/virtualization/qemu/default.nix | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/pkgs/applications/virtualization/qemu/default.nix b/pkgs/applications/virtualization/qemu/default.nix
index 25651a359d63..459d1a396b3a 100644
--- a/pkgs/applications/virtualization/qemu/default.nix
+++ b/pkgs/applications/virtualization/qemu/default.nix
@@ -78,6 +78,11 @@ stdenv.mkDerivation rec {
     ./no-etc-install.patch
     ./fix-qemu-ga.patch
     ./9p-ignore-noatime.patch
+    (fetchpatch {
+      url = "https://git.qemu.org/?p=qemu.git;a=patch;h=d52680fc932efb8a2f334cc6993e705ed1e31e99";
+      name = "CVE-2019-12155.patch";
+      sha256 = "0h2q71mcz3gvlrbfkqcgla74jdg73hvzcrwr4max2ckpxx8x9207";
+    })
   ] ++ optional nixosTestRunner ./force-uid0-on-9p.patch
     ++ optionals stdenv.hostPlatform.isMusl [
     (fetchpatch {