Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: c75de8bc12cc
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 1475cc7c7300
Choose a head ref
  • 2 commits
  • 1 file changed
  • 2 contributors

Commits on Sep 28, 2019

  1. qemu: add patches for CVE-2019-13164 & CVE-2019-14378

    @risicle
    risicle committed Sep 28, 2019
    Copy the full SHA
    38a4dc2 View commit details

Commits on Oct 27, 2019

  1. Merge pull request #69925 from risicle/ris-qemu-CVEs-r19.09 

    [19.09] qemu: add patches for CVE-2019-13164 & CVE-2019-14378
    Christian Kauhaus authored Oct 27, 2019
    Copy the full SHA
    1475cc7 View commit details
Showing with 10 additions and 0 deletions.
  1. +10 −0 pkgs/applications/virtualization/qemu/default.nix
10 changes: 10 additions & 0 deletions pkgs/applications/virtualization/qemu/default.nix
View file
Original file line number Diff line number Diff line change
@@ -83,6 +83,16 @@ stdenv.mkDerivation rec {
name = "CVE-2019-12155.patch";
sha256 = "0h2q71mcz3gvlrbfkqcgla74jdg73hvzcrwr4max2ckpxx8x9207";
})
(fetchpatch {
url = "https://sources.debian.org/data/main/q/qemu/1:3.1+dfsg-8+deb10u2/debian/patches/slirp-fix-heap-overflow-in-ip_reass-on-big-packet-input-CVE-2019-14378.patch";
sha256 = "0f3jabl6x6slpnz5pg6fv1k9vfmrkd482z9vqm3adn6mka8lfimb";
extraPrefix = "slirp/src/";
stripLen = 2;
})
(fetchpatch {
url = "https://sources.debian.org/data/main/q/qemu/1:3.1+dfsg-8+deb10u2/debian/patches/qemu-bridge-helper-restrict-interface-name-to-IFNAMSIZ-CVE-2019-13164.patch";
sha256 = "1ypcdlpg3nap0kg9xkrgrqw33j5ah4j7l4i2cp6d5ap8vrw9nn3l";
})
] ++ optional nixosTestRunner ./force-uid0-on-9p.patch
++ optionals stdenv.hostPlatform.isMusl [
(fetchpatch {