From ef3addb1cbeaa7ab576ed0ae5fb6c8e85cfc2994 Mon Sep 17 00:00:00 2001
From: Andrew Dunham <andrew@du.nham.ca>
Date: Sat, 1 Feb 2020 14:27:05 -0800
Subject: [PATCH] qemu: add patches for CVE-2020-7039 and CVE-2020-7211

Fixes #78762
---
 .../virtualization/qemu/default.nix           | 31 +++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/pkgs/applications/virtualization/qemu/default.nix b/pkgs/applications/virtualization/qemu/default.nix
index 67aa36b7827..203ee1c7cc0 100644
--- a/pkgs/applications/virtualization/qemu/default.nix
+++ b/pkgs/applications/virtualization/qemu/default.nix
@@ -84,6 +84,37 @@ stdenv.mkDerivation rec {
       stripLen = 1;
       extraPrefix = "slirp/";
     })
+    # patches listed at: https://nvd.nist.gov/vuln/detail/CVE-2020-7039
+    (fetchpatch {
+      name = "CVE-2020-7039-1.patch";
+      url = "https://git.qemu.org/?p=libslirp.git;a=patch;h=2655fffed7a9e765bcb4701dd876e9dab975f289";
+      sha256 = "1jh0k3lg3553c2x1kq1kl3967jabhba5gm584wjpmr5mjqk3lnz1";
+      stripLen = 1;
+      extraPrefix = "slirp/";
+      excludes = ["slirp/CHANGELOG.md"];
+    })
+    (fetchpatch {
+      name = "CVE-2020-7039-2.patch";
+      url = "https://git.qemu.org/?p=libslirp.git;a=patch;h=82ebe9c370a0e2970fb5695aa19aa5214a6a1c80";
+      sha256 = "08ccxcmrhzknnzd1a1q2brszv3a7h02n26r73kpli10b0hn12r2l";
+      stripLen = 1;
+      extraPrefix = "slirp/";
+    })
+    (fetchpatch {
+      name = "CVE-2020-7039-3.patch";
+      url = "https://git.qemu.org/?p=libslirp.git;a=patch;h=ce131029d6d4a405cb7d3ac6716d03e58fb4a5d9";
+      sha256 = "18ypj9an2jmsmdn58853rbz42r10587h7cz5fdws2x4635778ibd";
+      stripLen = 1;
+      extraPrefix = "slirp/";
+    })
+    # patches listed at: https://nvd.nist.gov/vuln/detail/CVE-2020-7211
+    (fetchpatch {
+      name = "CVE-2020-7211.patch";
+      url = "https://git.qemu.org/?p=libslirp.git;a=patch;h=14ec36e107a8c9af7d0a80c3571fe39b291ff1d4";
+      sha256 = "1lc8zabqs580iqrsr5k7zwgkx6qjmja7apwfbc36lkvnrxwfzmrc";
+      stripLen = 1;
+      extraPrefix = "slirp/";
+    })
   ] ++ optional nixosTestRunner ./force-uid0-on-9p.patch
     ++ optionals stdenv.hostPlatform.isMusl [
     (fetchpatch {