Merge pull request #79050 from andrew-d/andrew/qemu-CVEs

qemu: add patches for CVE-2020-7039 and CVE-2020-7211
This commit is contained in:
Christian Kauhaus 2020-02-10 16:52:25 +01:00 committed by GitHub
commit edfd964253
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -84,6 +84,37 @@ stdenv.mkDerivation rec {
stripLen = 1; stripLen = 1;
extraPrefix = "slirp/"; extraPrefix = "slirp/";
}) })
# patches listed at: https://nvd.nist.gov/vuln/detail/CVE-2020-7039
(fetchpatch {
name = "CVE-2020-7039-1.patch";
url = "https://git.qemu.org/?p=libslirp.git;a=patch;h=2655fffed7a9e765bcb4701dd876e9dab975f289";
sha256 = "1jh0k3lg3553c2x1kq1kl3967jabhba5gm584wjpmr5mjqk3lnz1";
stripLen = 1;
extraPrefix = "slirp/";
excludes = ["slirp/CHANGELOG.md"];
})
(fetchpatch {
name = "CVE-2020-7039-2.patch";
url = "https://git.qemu.org/?p=libslirp.git;a=patch;h=82ebe9c370a0e2970fb5695aa19aa5214a6a1c80";
sha256 = "08ccxcmrhzknnzd1a1q2brszv3a7h02n26r73kpli10b0hn12r2l";
stripLen = 1;
extraPrefix = "slirp/";
})
(fetchpatch {
name = "CVE-2020-7039-3.patch";
url = "https://git.qemu.org/?p=libslirp.git;a=patch;h=ce131029d6d4a405cb7d3ac6716d03e58fb4a5d9";
sha256 = "18ypj9an2jmsmdn58853rbz42r10587h7cz5fdws2x4635778ibd";
stripLen = 1;
extraPrefix = "slirp/";
})
# patches listed at: https://nvd.nist.gov/vuln/detail/CVE-2020-7211
(fetchpatch {
name = "CVE-2020-7211.patch";
url = "https://git.qemu.org/?p=libslirp.git;a=patch;h=14ec36e107a8c9af7d0a80c3571fe39b291ff1d4";
sha256 = "1lc8zabqs580iqrsr5k7zwgkx6qjmja7apwfbc36lkvnrxwfzmrc";
stripLen = 1;
extraPrefix = "slirp/";
})
] ++ optional nixosTestRunner ./force-uid0-on-9p.patch ] ++ optional nixosTestRunner ./force-uid0-on-9p.patch
++ optionals stdenv.hostPlatform.isMusl [ ++ optionals stdenv.hostPlatform.isMusl [
(fetchpatch { (fetchpatch {