diff options
author | Franz Pletz <fpletz@fnordicwalking.de> | 2017-03-11 13:43:42 +0100 |
---|---|---|
committer | Franz Pletz <fpletz@fnordicwalking.de> | 2017-03-11 13:43:42 +0100 |
commit | 3a4e2376e444fd7664102af00a34c65b47e271ec (patch) | |
tree | c5a2eda5c6196c76ec15201af03ded13fbe1bca7 /pkgs/applications/virtualization/qemu/default.nix | |
parent | e25f8f2e37ab0cb042220939cd9a2360e4851594 (diff) | |
download | nixlib-3a4e2376e444fd7664102af00a34c65b47e271ec.tar nixlib-3a4e2376e444fd7664102af00a34c65b47e271ec.tar.gz nixlib-3a4e2376e444fd7664102af00a34c65b47e271ec.tar.bz2 nixlib-3a4e2376e444fd7664102af00a34c65b47e271ec.tar.lz nixlib-3a4e2376e444fd7664102af00a34c65b47e271ec.tar.xz nixlib-3a4e2376e444fd7664102af00a34c65b47e271ec.tar.zst nixlib-3a4e2376e444fd7664102af00a34c65b47e271ec.zip |
qemu_test: don't apply patch for CVE-2016-9602
Both patches are conflicting. Keeping the vulnerability unpatched in qemu binaries used for nixos test is tolerable.
Diffstat (limited to 'pkgs/applications/virtualization/qemu/default.nix')
-rw-r--r-- | pkgs/applications/virtualization/qemu/default.nix | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/pkgs/applications/virtualization/qemu/default.nix b/pkgs/applications/virtualization/qemu/default.nix index e5620b6ce456..ef3cce4808d1 100644 --- a/pkgs/applications/virtualization/qemu/default.nix +++ b/pkgs/applications/virtualization/qemu/default.nix @@ -78,12 +78,6 @@ stdenv.mkDerivation rec { # security fixes from debian (fetchurl { - name = "CVE-2016-9602.patch"; - url = "https://anonscm.debian.org/cgit/pkg-qemu/qemu.git/plain/debian/patches/9pfs-symlink-attack-fixes-CVE-2016-9602.patch?h=debian/qemu_2.8%2bdfsg-3"; - sha256 = "0f7m1k3hbw9v0dwqn53ds36s7s334vlidvbn0682s9r2sq0sjlkv"; - }) - - (fetchurl { name = "CVE-2017-2630.patch"; url = "https://anonscm.debian.org/cgit/pkg-qemu/qemu.git/plain/debian/patches/nbd_client-fix-drop_sync-CVE-2017-2630.patch?h=debian/qemu_2.8%2bdfsg-3"; sha256 = "1gdxaari53iwgj3gyczz30rhg8lj6xqycxym4snw9z5vmkyj1bbq"; @@ -141,7 +135,13 @@ stdenv.mkDerivation rec { (upstreamPatch "CVE-2017-5987" "6e86d90352adf6cb08295255220295cf23c4286e" "09yfxf93cisx8rhm0h48ib1ibwfs420k5pqpz8dnz33nci9567jm") - ] ++ optional nixosTestRunner ./force-uid0-on-9p.patch; + ] ++ (if nixosTestRunner then [ ./force-uid0-on-9p.patch ] else [ + (fetchurl { + name = "CVE-2016-9602.patch"; + url = "https://anonscm.debian.org/cgit/pkg-qemu/qemu.git/plain/debian/patches/9pfs-symlink-attack-fixes-CVE-2016-9602.patch?h=debian/qemu_2.8%2bdfsg-3"; + sha256 = "0f7m1k3hbw9v0dwqn53ds36s7s334vlidvbn0682s9r2sq0sjlkv"; + }) + ]); hardeningDisable = [ "stackprotector" ]; |