From 18451cb59a89470d587d7265c95d4d9b2938d75d Mon Sep 17 00:00:00 2001
From: Ryan Burns <rtburns@protonmail.com>
Date: Wed, 27 Oct 2021 21:34:32 -0700
Subject: qemu: fix CVE-2021-3713

Backport patch from 6.2.0-rc0
---
 pkgs/applications/virtualization/qemu/default.nix | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'pkgs/applications/virtualization')

diff --git a/pkgs/applications/virtualization/qemu/default.nix b/pkgs/applications/virtualization/qemu/default.nix
index 224969cc2649c..4e0f459ac287f 100644
--- a/pkgs/applications/virtualization/qemu/default.nix
+++ b/pkgs/applications/virtualization/qemu/default.nix
@@ -92,6 +92,11 @@ stdenv.mkDerivation rec {
       sha256 = "09xz06g57wxbacic617pq9c0qb7nly42gif0raplldn5lw964xl2";
       revert = true;
     })
+    (fetchpatch {
+      name = "CVE-2021-3713.patch"; # remove with next release
+      url = "https://gitlab.com/qemu-project/qemu/-/commit/13b250b12ad3c59114a6a17d59caf073ce45b33a.patch";
+      sha256 = "0lkzfc7gdlvj4rz9wk07fskidaqysmx8911g914ds1jnczgk71mf";
+    })
   ] ++ lib.optional nixosTestRunner ./force-uid0-on-9p.patch
     ++ lib.optionals stdenv.hostPlatform.isMusl [
     (fetchpatch {
-- 
cgit 1.4.1