pyrox.dev
qemu: patch security issues in 9pfs
CVE-2016-7116, others have no ID assigned, yet.
Fixes from 2.7 tree.
+21
-4
pkgs/applications/virtualization/qemu/default.nix
+21
-4
pkgs/applications/virtualization/qemu/default.nix
···
1
-
{ stdenv, fetchurl, python, zlib, pkgconfig, glib, ncurses, perl, pixman
2
-
, vde2, alsaLib, texinfo, libuuid, flex, bison, lzo, snappy
3
-
, libaio, gnutls, nettle
1
+
{ stdenv, fetchurl, fetchpatch, python, zlib, pkgconfig, glib
2
+
, ncurses, perl, pixman, vde2, alsaLib, texinfo, libuuid, flex
3
+
, bison, lzo, snappy, libaio, gnutls, nettle
4
4
, makeWrapper
5
5
, attr, libcap, libcap_ng
6
6
, CoreServices, Cocoa, rez, setfile
···
45
45
46
46
enableParallelBuilding = true;
47
47
48
-
patches = [ ./no-etc-install.patch ];
48
+
patches = [
49
+
./no-etc-install.patch
50
+
(fetchpatch {
51
+
url = "http://git.qemu.org/?p=qemu.git;a=patch;h=fff39a7ad09da07ef490de05c92c91f22f8002f2";
52
+
name = "9pfs-forbid-illegal-path-names.patch";
53
+
sha256 = "081j85p6m7s1cfh3aq1i2av2fsiarlri9gs939s0wvc6pdyb4b70";
54
+
})
55
+
(fetchpatch {
56
+
url = "http://git.qemu.org/?p=qemu.git;a=patch;h=805b5d98c649d26fc44d2d7755a97f18e62b438a";
57
+
name = "9pfs-forbid-.-and-..-in-file-names.patch";
58
+
sha256 = "0km6knll492dx745gx37bi6dhmz08cmjiyf479ajkykp0aljii24";
59
+
})
60
+
(fetchpatch {
61
+
url = "http://git.qemu.org/?p=qemu.git;a=patch;h=56f101ecce0eafd09e2daf1c4eeb1377d6959261";
62
+
name = "9pfs-directory-traversal-CVE-2016-7116.patch";
63
+
sha256 = "06pr070qj19w5mjxr36bcqxmgpiczncigqsbwfc8ncjhm1h7dmry";
64
+
})
65
+
];
49
66
50
67
configureFlags =
51
68
[ "--smbd=smbd" # use `smbd' from $PATH