From 268d3656dbe04fe2eb0423440032dd74937ad427 Mon Sep 17 00:00:00 2001 From: Antoine Eiche Date: Wed, 29 Nov 2017 08:31:28 +0100 Subject: [PATCH] qemu: fix CVE-2017-15118 See https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05045.html --- pkgs/applications/virtualization/qemu/default.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/pkgs/applications/virtualization/qemu/default.nix b/pkgs/applications/virtualization/qemu/default.nix index 66e5928ca15f..2488bb1ae10e 100644 --- a/pkgs/applications/virtualization/qemu/default.nix +++ b/pkgs/applications/virtualization/qemu/default.nix @@ -62,7 +62,12 @@ stdenv.mkDerivation rec { patches = [ ./no-etc-install.patch ] ++ optional nixosTestRunner ./force-uid0-on-9p.patch - ++ optional pulseSupport ./fix-hda-recording.patch; + ++ optional pulseSupport ./fix-hda-recording.patch + ++ [ (fetchpatch { + name = "qemu-CVE-2017-15118.patch"; + url = "http://git.qemu.org/?p=qemu.git;a=patch;h=51ae4f8455c9e32c54770c4ebc25bf86a8128183"; + sha256 = "0f9i096dz3h1i8g92y99vak23rjs1shf7prlcxqizsz0fah7wx7h"; }) + ]; hardeningDisable = [ "stackprotector" ];