qemu: fix CVE-2021-3527, CVE-2021-3682, CVE-2021-3713

Backport patches for 6.0.0
2021-10-27 22:15:38 -07:00 · 2021-10-27 22:15:38 -07:00 · e2110b6a0a
parent 06b49ba179
commit e2110b6a0a
1 changed files with 20 additions and 0 deletions
--- a/pkgs/applications/virtualization/qemu/default.nix
+++ b/pkgs/applications/virtualization/qemu/default.nix
@ -96,6 +96,26 @@ stdenv.mkDerivation rec {
      url = "https://gitlab.com/qemu-project/qemu/-/commit/9f22893adcb02580aee5968f32baa2cd109b3ec2.patch";
      sha256 = "1vkhm9vl671y4cra60b6704339qk1h5dyyb3dfvmvpsvfyh2pm7n";
    })
+    (fetchpatch {
+      name = "CVE-2021-3527-patch1.patch";
+      url = "https://gitlab.com/qemu-project/qemu/-/commit/05a40b172e4d691371534828078be47e7fff524c.patch";
+      sha256 = "19hwwyb3vh7pli921dx74i4bgpnlc7s43jma5mqzfp6wc158g5zl";
+    })
+    (fetchpatch {
+      name = "CVE-2021-3527-patch2.patch";
+      url = "https://gitlab.com/qemu-project/qemu/-/commit/7ec54f9eb62b5d177e30eb8b1cad795a5f8d8986.patch";
+      sha256 = "1qakkb7i4gx3x4rrp7500yxqrcnvc2h6a8g916csynscbprlvl97";
+    })
+    (fetchpatch {
+      name = "CVE-2021-3682.patch";
+      url = "https://gitlab.com/qemu-project/qemu/-/commit/5e796671e6b8d5de4b0b423dce1b3eba144a92c9.patch";
+      sha256 = "0g87arqvjff1vzgzb87h67ws51y033slhzlqx1yy4fw9dzkszj9k";
+    })
+    (fetchpatch {
+      name = "CVE-2021-3713.patch";
+      url = "https://gitlab.com/qemu-project/qemu/-/commit/13b250b12ad3c59114a6a17d59caf073ce45b33a.patch";
+      sha256 = "0lkzfc7gdlvj4rz9wk07fskidaqysmx8911g914ds1jnczgk71mf";
+    })
  ] ++ optional nixosTestRunner ./force-uid0-on-9p.patch
    ++ optionals stdenv.hostPlatform.isMusl [
    (fetchpatch {