From c512180f9c175c1fae1387b3879ede6d55d0dbe0 Mon Sep 17 00:00:00 2001
From: Franz Pletz <fpletz@fnordicwalking.de>
Date: Sat, 11 Mar 2017 08:04:43 +0100
Subject: [PATCH] qemu: add patches for multiple CVEs

New upstream patch function and patches for fixing a bug in the patch for
CVE-2017-5667 and the following security issues:

  * CVE-2016-7907
  * CVE-2016-9602
  * CVE-2016-10155
  * CVE-2017-2620
  * CVE-2017-2630
  * CVE-2017-5525
  * CVE-2017-5526
  * CVE-2017-5579
  * CVE-2017-5856
  * CVE-2017-5857
  * CVE-2017-5987
  * CVE-2017-6058
---
 .../virtualization/qemu/default.nix           | 95 ++++++++++++++-----
 1 file changed, 73 insertions(+), 22 deletions(-)

diff --git a/pkgs/applications/virtualization/qemu/default.nix b/pkgs/applications/virtualization/qemu/default.nix
index 8d462395ce07..10973e8c9152 100644
--- a/pkgs/applications/virtualization/qemu/default.nix
+++ b/pkgs/applications/virtualization/qemu/default.nix
@@ -54,38 +54,89 @@ stdenv.mkDerivation rec {
 
   enableParallelBuilding = true;
 
-  patches = [
+  patches = let
+    upstreamPatch = name: commit: sha256: fetchurl {
+      name = "${name}.patch";
+      url = "http://git.qemu-project.org/?p=qemu.git;a=patch;h=${commit}";
+      inherit sha256;
+    };
+  in [
     ./no-etc-install.patch
 
+    # bugfixes
+    (upstreamPatch "qemu-vnc-no-disconnect" "537848ee62195fc06c328b1cd64f4218f404a7f1"
+      "1pf4ghfl6mx6yw3qzy384kvdf0ch9qbh4n32c8d5dwq98lgxavqs")
+
+    (upstreamPatch "qemu-fix-win7-xhci" "7da76e12cc5cc902dda4c168d8d608fd4e61cbc5"
+      "0m1ggbxziy7vqz9007ypzg23cni8cc4db36wlnhxz0kdpq70c6x0")
+
+    (upstreamPatch "qemu-xhci-free-completed-transfers" "f94d18d6c6df388fde196d3ab252f57e33843a8b"
+      "0lk19qss6ky7cqnvis54742cr2z0vl8c64chhch0kp6n83hray9x")
+
+    # security fixes from debian
     (fetchurl {
-      name = "CVE-2017-2615.patch";
-      url = "http://git.qemu-project.org/?p=qemu.git;a=patch;h=62d4c6bd5263bb8413a06c80144fc678df6dfb64";
-      sha256 = "0miph2x4d474issa44hmc542zxmkc7lsr4ncb7pwarq6j7v52l8h";
+      name = "CVE-2016-9602.patch";
+      url = "https://anonscm.debian.org/cgit/pkg-qemu/qemu.git/plain/debian/patches/9pfs-symlink-attack-fixes-CVE-2016-9602.patch?h=debian/qemu_2.8%2bdfsg-3";
+      sha256 = "0f7m1k3hbw9v0dwqn53ds36s7s334vlidvbn0682s9r2sq0sjlkv";
     })
 
     (fetchurl {
-      name = "CVE-2017-5667.patch";
-      url = "http://git.qemu-project.org/?p=qemu.git;a=patch;h=42922105beb14c2fc58185ea022b9f72fb5465e9";
-      sha256 = "049vq70is3fj9bf4ysfj3s44iz93qhyqn6xijck32w1x6yyzqyx4";
-     })
+      name = "CVE-2017-2630.patch";
+      url = "https://anonscm.debian.org/cgit/pkg-qemu/qemu.git/plain/debian/patches/nbd_client-fix-drop_sync-CVE-2017-2630.patch?h=debian/qemu_2.8%2bdfsg-3";
+      sha256 = "1gdxaari53iwgj3gyczz30rhg8lj6xqycxym4snw9z5vmkyj1bbq";
+    })
 
     (fetchurl {
-      name = "CVE-2017-5898.patch";
-      url = "http://git.qemu-project.org/?p=qemu.git;a=patch;h=c7dfbf322595ded4e70b626bf83158a9f3807c6a";
-      sha256 = "1y2j0qw04s8fl0cs8i619y08kj75lxn3c0y19g710fzpk3rq8dvn";
-     })
+      name = "CVE-2017-6058.patch";
+      url = "https://anonscm.debian.org/cgit/pkg-qemu/qemu.git/plain/debian/patches/vmxnet3-fix-memory-corruption-on-vlan-header-stripping-CVE-2017-6058.patch?h=debian/qemu_2.8%2bdfsg-3";
+      sha256 = "0w8az2cr116mnijxjd4aprl8dvfdj76gm7ddajmngdslxiax601f";
+    })
 
-    (fetchurl {
-      name = "CVE-2017-5931.patch";
-      url = "http://git.qemu-project.org/?p=qemu.git;a=patch;h=a08aaff811fb194950f79711d2afe5a892ae03a4";
-      sha256 = "0hlih9jhbb1mb174hvxs7pf7lgcs7s9g705ri9rliw7wrhqdpja5";
-     })
+    # security fixes from upstream
+    (upstreamPatch "CVE-2016-7907" "81f17e0d435c3db3a3e67e0d32ebf9c98973211f"
+      "0dzghbm3jmnyw34kd40a6akrr1cpizd9hdzqmhlc2ljab7pr1rcb")
 
-    (fetchurl {
-      name = "CVE-2017-5973.patch";
-      url = "http://git.qemu-project.org/?p=qemu.git;a=patch;h=f89b60f6e5fee3923bedf80e82b4e5efc1bb156b";
-      sha256 = "06niyighjxb4p5z2as3mqfmrwrzn4sq47j7raipbq9gnda7x9sw6";
-     })
+    (upstreamPatch "CVE-2016-10155" "eb7a20a3616085d46aa6b4b4224e15587ec67e6e"
+      "1xk00fyls0hdza11dyfrnzcn6gibmmcrwy7sxgp6iizp6wgzi3vw")
+
+    (upstreamPatch "CVE-2017-2615" "62d4c6bd5263bb8413a06c80144fc678df6dfb64"
+      "0miph2x4d474issa44hmc542zxmkc7lsr4ncb7pwarq6j7v52l8h")
+
+    (upstreamPatch "CVE-2017-2620" "92f2b88cea48c6aeba8de568a45f2ed958f3c298"
+      "1kz12qmvfccy7xilsrxahbs67jycv4zjfbijxivadvx9klxs1n58")
+
+    (upstreamPatch "CVE-2017-5525" "12351a91da97b414eec8cdb09f1d9f41e535a401"
+      "190b4aqr35p4lb3rjarknfi1ip1c9zizliqp1dd6frx4364y5yp2")
+
+    (upstreamPatch "CVE-2017-5526" "069eb7b2b8fc47c7cb52e5a4af23ea98d939e3da"
+      "05xgzd3zldk3x2vqpjag9z5ilhdkpkyh633fb5kvnz8scns6v86f")
+
+    (upstreamPatch "CVE-2017-5579" "8409dc884a201bf74b30a9d232b6bbdd00cb7e2b"
+      "0lbcyhif1kdcy8my0bv8aqr2f421kmljcch3plrjzj9pgcm4sv83")
+
+    (upstreamPatch "CVE-2017-5667" "42922105beb14c2fc58185ea022b9f72fb5465e9"
+      "049vq70is3fj9bf4ysfj3s44iz93qhyqn6xijck32w1x6yyzqyx4")
+
+    (upstreamPatch "CVE-2017-5667-fix" "913a87885f589d263e682c2eb6637c6e14538061"
+      "0nm1k2r9n6r86dvjr16hxak2vcsinj7ijlqw5i6f4y5h2sh37wr5")
+
+    (upstreamPatch "CVE-2017-5856" "765a707000e838c30b18d712fe6cb3dd8e0435f3"
+      "03pjkn8l8rp9ip5h5rm1dp0nrwd43nmgpwamz4z1vy3rli1z3yjw")
+
+    (upstreamPatch "CVE-2017-5857" "5e8e3c4c75c199aa1017db816fca02be2a9f8798"
+      "1kz14rmxf049zl5m27apzpbvy8dk0g47n9gnwy0nm70g65rl1dh8")
+
+    (upstreamPatch "CVE-2017-5898" "c7dfbf322595ded4e70b626bf83158a9f3807c6a"
+      "1y2j0qw04s8fl0cs8i619y08kj75lxn3c0y19g710fzpk3rq8dvn")
+
+    (upstreamPatch "CVE-2017-5931" "a08aaff811fb194950f79711d2afe5a892ae03a4"
+      "0hlih9jhbb1mb174hvxs7pf7lgcs7s9g705ri9rliw7wrhqdpja5")
+
+    (upstreamPatch "CVE-2017-5973" "f89b60f6e5fee3923bedf80e82b4e5efc1bb156b"
+      "06niyighjxb4p5z2as3mqfmrwrzn4sq47j7raipbq9gnda7x9sw6")
+
+    (upstreamPatch "CVE-2017-5987" "6e86d90352adf6cb08295255220295cf23c4286e"
+      "09yfxf93cisx8rhm0h48ib1ibwfs420k5pqpz8dnz33nci9567jm")
 
   ] ++ optional nixosTestRunner ./force-uid0-on-9p.patch;