From 984271bde32afa5367d7522a37574504fc7e8628 Mon Sep 17 00:00:00 2001
From: Martin Weinelt <hexa@darmstadt.ccc.de>
Date: Fri, 27 Nov 2020 16:45:35 +0100
Subject: [PATCH] libslirp: fix CVE-2020-29129, CVE-2020-29130

Fixes out-of-bounds access while processing ARP/NCSI packets.

Fixes: CVE-2020-29129, CVE-2020-29130
---
 pkgs/development/libraries/libslirp/default.nix | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/pkgs/development/libraries/libslirp/default.nix b/pkgs/development/libraries/libslirp/default.nix
index 0413d8a8abc..2f3abbaff50 100644
--- a/pkgs/development/libraries/libslirp/default.nix
+++ b/pkgs/development/libraries/libslirp/default.nix
@@ -1,5 +1,6 @@
 { stdenv
 , fetchFromGitLab
+, fetchpatch
 , meson
 , ninja
 , pkg-config
@@ -18,6 +19,15 @@ stdenv.mkDerivation rec {
     sha256 = "0pzgjj2x2vrjshrzrl2x39xp5lgwg4b4y9vs8xvadh1ycl10v3fv";
   };
 
+  patches = [
+    # remove >4.3.1
+    (fetchpatch {
+      name = "CVE-2020-29129_CVE-2020-29130.patch";
+      url = "https://gitlab.freedesktop.org/slirp/libslirp/-/commit/2e1dcbc0c2af64fcb17009eaf2ceedd81be2b27f.patch";
+      sha256 = "01vbjqgnc0kp881l5p6b31cyyirhwhavm6x36hlgkymswvl3wh9w";
+    })
+  ];
+
   nativeBuildInputs = [ meson ninja pkg-config ];
 
   buildInputs = [ glib ];