From 272829bc547fcb178679fb5e2a3060864f3b8efc Mon Sep 17 00:00:00 2001
From: Robin Gloster <mail@glob.in>
Date: Tue, 19 Jul 2022 14:00:52 +0200
Subject: [PATCH 1/3] grub2: rename patch confusing vulnix

---
 pkgs/tools/misc/grub/2.0x.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkgs/tools/misc/grub/2.0x.nix b/pkgs/tools/misc/grub/2.0x.nix
index 3849e26a01cb..4b4141566c1f 100644
--- a/pkgs/tools/misc/grub/2.0x.nix
+++ b/pkgs/tools/misc/grub/2.0x.nix
@@ -67,7 +67,7 @@ stdenv.mkDerivation rec {
 
     # Pull upstream patch to fix linkage against binutils-2.36.
     (fetchpatch {
-      name = "binutils-2.36";
+      name = "binutils-2.36.patch";
       url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=b98275138bf4fc250a1c362dfd2c8b1cf2421701";
       sha256 = "001m058bsl2pcb0ii84jfm5ias8zgzabrfy6k2cc9w6w1y51ii82";
     })

From 208ff30d77c8cb44807702aef266ceb896838c0c Mon Sep 17 00:00:00 2001
From: Robin Gloster <mail@glob.in>
Date: Mon, 18 Jul 2022 22:53:11 +0200
Subject: [PATCH 2/3] vim: 9.0.0001 -> 9.0.0057

fixes
CVE-2022-2257
CVE-2022-2264
CVE-2022-2284
CVE-2022-2285
CVE-2022-2286
CVE-2022-2287
CVE-2022-2288
CVE-2022-2289
CVE-2022-2304
CVE-2022-2344
CVE-2022-2345
---
 pkgs/applications/editors/vim/common.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/applications/editors/vim/common.nix b/pkgs/applications/editors/vim/common.nix
index ffcfcc373abe..deba360c0db6 100644
--- a/pkgs/applications/editors/vim/common.nix
+++ b/pkgs/applications/editors/vim/common.nix
@@ -1,12 +1,12 @@
 { lib, fetchFromGitHub }:
 rec {
-  version = "9.0.0001";
+  version = "9.0.0057";
 
   src = fetchFromGitHub {
     owner = "vim";
     repo = "vim";
     rev = "v${version}";
-    sha256 = "sha256-WnMm3q5Stn3s33rxQt76goURSa1Rq+jMVWYiS+uJTX0=";
+    sha256 = "sha256-KEEuWRxattBrOAC0dWnWGRVqyOIEMe34ivMvSeuxKyA";
   };
 
   enableParallelBuilding = true;

From b2d221795b355b6646c046077f3a58aedb1efa82 Mon Sep 17 00:00:00 2001
From: Robin Gloster <mail@glob.in>
Date: Mon, 18 Jul 2022 22:44:26 +0200
Subject: [PATCH 3/3] qemu: fix CVE-2022-35414

---
 pkgs/applications/virtualization/qemu/default.nix | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/pkgs/applications/virtualization/qemu/default.nix b/pkgs/applications/virtualization/qemu/default.nix
index fb41e303f537..c3aa3c49553e 100644
--- a/pkgs/applications/virtualization/qemu/default.nix
+++ b/pkgs/applications/virtualization/qemu/default.nix
@@ -121,6 +121,11 @@ stdenv.mkDerivation rec {
       url = "https://gitlab.com/qemu/qemu/-/commit/f5643914a9e8f79c606a76e6a9d7ea82a3fc3e65.patch";
       sha256 = "sha256-8i13wU135h+YxoXFtkXweBN3hMslpWoNoeQ7Ydmn3V4=";
     })
+    (fetchpatch {
+      name = "CVE-2022-35414.patch";
+      url = "https://gitlab.com/qemu-project/qemu/-/commit/418ade7849ce7641c0f7333718caf5091a02fd4c.patch";
+      sha256 = "sha256-zQHDXedIXZBnabv4+3TA4z5mY1+KZiPmqUbhaSkGLgA=";
+    })
   ]
   ++ lib.optional nixosTestRunner ./force-uid0-on-9p.patch;