diff options
author | Robin Gloster <mail@glob.in> | 2016-08-31 13:25:47 +0200 |
---|---|---|
committer | Robin Gloster <mail@glob.in> | 2016-08-31 13:31:22 +0200 |
commit | 7eaa83a3e9b4641e134a5d7e586ef757dc2d591f (patch) | |
tree | 8b63c51676f09dcb6f36ad54ebdffdde76b2ff0b /pkgs/applications/virtualization | |
parent | 24f36cce50f3a66b5ebced3d51d6eaa446158fe2 (diff) |
qemu: patch security issues in 9pfs
CVE-2016-7116, others have no ID assigned, yet. Fixes from 2.7 tree.
Diffstat (limited to 'pkgs/applications/virtualization')
-rw-r--r-- | pkgs/applications/virtualization/qemu/default.nix | 25 |
1 files changed, 21 insertions, 4 deletions
diff --git a/pkgs/applications/virtualization/qemu/default.nix b/pkgs/applications/virtualization/qemu/default.nix index 4cdb2f7ec7d81..e3b7a95544139 100644 --- a/pkgs/applications/virtualization/qemu/default.nix +++ b/pkgs/applications/virtualization/qemu/default.nix @@ -1,6 +1,6 @@ -{ stdenv, fetchurl, python, zlib, pkgconfig, glib, ncurses, perl, pixman -, vde2, alsaLib, texinfo, libuuid, flex, bison, lzo, snappy -, libaio, gnutls, nettle +{ stdenv, fetchurl, fetchpatch, python, zlib, pkgconfig, glib +, ncurses, perl, pixman, vde2, alsaLib, texinfo, libuuid, flex +, bison, lzo, snappy, libaio, gnutls, nettle , makeWrapper , attr, libcap, libcap_ng , CoreServices, Cocoa, rez, setfile @@ -45,7 +45,24 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; - patches = [ ./no-etc-install.patch ]; + patches = [ + ./no-etc-install.patch + (fetchpatch { + url = "http://git.qemu.org/?p=qemu.git;a=patch;h=fff39a7ad09da07ef490de05c92c91f22f8002f2"; + name = "9pfs-forbid-illegal-path-names.patch"; + sha256 = "081j85p6m7s1cfh3aq1i2av2fsiarlri9gs939s0wvc6pdyb4b70"; + }) + (fetchpatch { + url = "http://git.qemu.org/?p=qemu.git;a=patch;h=805b5d98c649d26fc44d2d7755a97f18e62b438a"; + name = "9pfs-forbid-.-and-..-in-file-names.patch"; + sha256 = "0km6knll492dx745gx37bi6dhmz08cmjiyf479ajkykp0aljii24"; + }) + (fetchpatch { + url = "http://git.qemu.org/?p=qemu.git;a=patch;h=56f101ecce0eafd09e2daf1c4eeb1377d6959261"; + name = "9pfs-directory-traversal-CVE-2016-7116.patch"; + sha256 = "06pr070qj19w5mjxr36bcqxmgpiczncigqsbwfc8ncjhm1h7dmry"; + }) + ]; configureFlags = [ "--smbd=smbd" # use `smbd' from $PATH |