Merge pull request #105157 from mweinelt/libslirp

libslirp: fix CVE-2020-29129
author: Martin Weinelt <mweinelt@users.noreply.github.com> 2020-11-30 15:56:09 +0100
committer: GitHub <noreply@github.com> 2020-11-30 15:56:09 +0100
commit: 3200eaef747a97099caa819ea50dff6c81b7e0ee (patch)
tree: 59eabb403b1b8d5474332b3b04e771a1c1a39726 /pkgs/applications/virtualization
parent: 676ed31a7d9176f078d931a8bba349c2fc4d63fe (diff)
parent: bd3ce46719031d84d9f01fc4e023c90dabf3edd9 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/pkgs/applications/virtualization/qemu/default.nix b/pkgs/applications/virtualization/qemu/default.nix
index 2bace4f258d7..163a87d7072f 100644
--- a/pkgs/applications/virtualization/qemu/default.nix
+++ b/pkgs/applications/virtualization/qemu/default.nix
@@ -100,6 +100,15 @@ stdenv.mkDerivation rec {
     })
   ];
 
+  # Remove CVE-2020-{29129,29130} for QEMU >5.1.0
+  postPatch = ''
+    (cd slirp && patch -p1 < ${fetchpatch {
+      name = "CVE-2020-29129_CVE-2020-29130.patch";
+      url = "https://gitlab.freedesktop.org/slirp/libslirp/-/commit/2e1dcbc0c2af64fcb17009eaf2ceedd81be2b27f.patch";
+      sha256 = "01vbjqgnc0kp881l5p6b31cyyirhwhavm6x36hlgkymswvl3wh9w";
+    }})
+  '';
+
   hardeningDisable = [ "stackprotector" ];
 
   preConfigure = ''
author	Martin Weinelt <mweinelt@users.noreply.github.com>	2020-11-30 15:56:09 +0100
committer	GitHub <noreply@github.com>	2020-11-30 15:56:09 +0100
commit	3200eaef747a97099caa819ea50dff6c81b7e0ee (patch)
tree	59eabb403b1b8d5474332b3b04e771a1c1a39726 /pkgs/applications/virtualization
parent	676ed31a7d9176f078d931a8bba349c2fc4d63fe (diff)
parent	bd3ce46719031d84d9f01fc4e023c90dabf3edd9 (diff)