From bc63738c6f5fa0e8da611a1035cea251f99c13fc Mon Sep 17 00:00:00 2001 From: Antoine Eiche Date: Thu, 29 Dec 2016 00:47:38 +0100 Subject: [PATCH] qemu: fix CVE-2016-9921 and CVE-2016-9922 --- pkgs/applications/virtualization/qemu/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pkgs/applications/virtualization/qemu/default.nix b/pkgs/applications/virtualization/qemu/default.nix index 21a859a71816..eb1672101263 100644 --- a/pkgs/applications/virtualization/qemu/default.nix +++ b/pkgs/applications/virtualization/qemu/default.nix @@ -143,6 +143,11 @@ stdenv.mkDerivation rec { url = "http://git.qemu.org/?p=qemu.git;a=patch;h=791f97758e223de3290592d169f8e6339c281714"; sha256 = "0952mpc81h42k5kqsw42prnw5vw86r3j88wk5z4sr1xd1sg428d6"; }) + (fetchpatch { + name = "qemu-CVE-2016-9921_9922.patch"; + url = "http://git.qemu.org/?p=qemu.git;a=commit;h=4299b90e9ba9ce5ca9024572804ba751aa1a7e70"; + sha256 = "0mdqa9w1p6cmli6976v4wi0sw9r4p5prkj7lzfd1877wk11c9c73"; + }) ] ++ optional nixosTestRunner ./force-uid0-on-9p.patch; hardeningDisable = [ "stackprotector" ];