qemu: add patches for CVE-2021-3545 & CVE-2021-3546

(cherry picked from commit cddea297f28ab67d1f2bf0902bfdcc95ec29a8a0)
2021-07-18 14:35:50 +01:00 · 2021-07-18 14:35:50 +01:00 · f3414d7d2b
parent 8ee0dfbfd3
commit f3414d7d2b
1 changed files with 10 additions and 0 deletions
--- a/pkgs/applications/virtualization/qemu/default.nix
+++ b/pkgs/applications/virtualization/qemu/default.nix
@ -86,6 +86,16 @@ stdenv.mkDerivation rec {
  patches = [
    ./fix-qemu-ga.patch
    ./9p-ignore-noatime.patch
+    (fetchpatch {
+      name = "CVE-2021-3545.patch";
+      url = "https://gitlab.com/qemu-project/qemu/-/commit/121841b25d72d13f8cad554363138c360f1250ea.patch";
+      sha256 = "13dgfd8dmxcalh2nvb68iv0kyv4xxrvpdqdxf1h3bjr4451glag1";
+    })
+    (fetchpatch {
+      name = "CVE-2021-3546.patch";
+      url = "https://gitlab.com/qemu-project/qemu/-/commit/9f22893adcb02580aee5968f32baa2cd109b3ec2.patch";
+      sha256 = "1vkhm9vl671y4cra60b6704339qk1h5dyyb3dfvmvpsvfyh2pm7n";
+    })
  ] ++ optional nixosTestRunner ./force-uid0-on-9p.patch
    ++ optionals stdenv.hostPlatform.isMusl [
    (fetchpatch {