public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

qemu: fix CVE-2020-29129, CVE-2020-29130 in vendored libslirp

Browse Source 
Fixes out-of-bounds access in libslirp while processing ARP/NCSI packets.

Fixes: CVE-2020-29129, CVE-2020-29130
This commit is contained in:
Martin Weinelt 2020-11-28 02:43:13 +01:00
parent 984271bde3
commit bd3ce46719
No known key found for this signature in database
GPG Key ID: 87C1E9888F856759
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
pkgs/applications/virtualization/qemu/default.nix
View File

@ -100,6 +100,15 @@ stdenv.mkDerivation rec {
}) })
]; ];
# Remove CVE-2020-{29129,29130} for QEMU >5.1.0
postPatch = ''
(cd slirp && patch -p1 < ${fetchpatch {
name = "CVE-2020-29129_CVE-2020-29130.patch";
url = "https://gitlab.freedesktop.org/slirp/libslirp/-/commit/2e1dcbc0c2af64fcb17009eaf2ceedd81be2b27f.patch";
sha256 = "01vbjqgnc0kp881l5p6b31cyyirhwhavm6x36hlgkymswvl3wh9w";
}})
'';
hardeningDisable = [ "stackprotector" ]; hardeningDisable = [ "stackprotector" ];
preConfigure = '' preConfigure = ''