Merge pull request #182834 from mayflower/security-fixes

Security fixes

pkgs/applications/editors/vim/common.nix

@@ -1,12 +1,12 @@
 { lib, fetchFromGitHub }:
 rec {
-  version = "9.0.0001";
+  version = "9.0.0057";
 
   src = fetchFromGitHub {
     owner = "vim";
     repo = "vim";
     rev = "v${version}";
-    sha256 = "sha256-WnMm3q5Stn3s33rxQt76goURSa1Rq+jMVWYiS+uJTX0=";
+    sha256 = "sha256-KEEuWRxattBrOAC0dWnWGRVqyOIEMe34ivMvSeuxKyA";
   };
 
   enableParallelBuilding = true;

pkgs/applications/virtualization/qemu/default.nix

@@ -121,6 +121,11 @@ stdenv.mkDerivation rec {
       url = "https://gitlab.com/qemu/qemu/-/commit/f5643914a9e8f79c606a76e6a9d7ea82a3fc3e65.patch";
       sha256 = "sha256-8i13wU135h+YxoXFtkXweBN3hMslpWoNoeQ7Ydmn3V4=";
     })
+    (fetchpatch {
+      name = "CVE-2022-35414.patch";
+      url = "https://gitlab.com/qemu-project/qemu/-/commit/418ade7849ce7641c0f7333718caf5091a02fd4c.patch";
+      sha256 = "sha256-zQHDXedIXZBnabv4+3TA4z5mY1+KZiPmqUbhaSkGLgA=";
+    })
   ]
   ++ lib.optional nixosTestRunner ./force-uid0-on-9p.patch;
 

pkgs/tools/misc/grub/2.0x.nix

@@ -67,7 +67,7 @@ stdenv.mkDerivation rec {
 
     # Pull upstream patch to fix linkage against binutils-2.36.
     (fetchpatch {
-      name = "binutils-2.36";
+      name = "binutils-2.36.patch";
       url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=b98275138bf4fc250a1c362dfd2c8b1cf2421701";
       sha256 = "001m058bsl2pcb0ii84jfm5ias8zgzabrfy6k2cc9w6w1y51ii82";
     })