opensc: patch for CVE-2020-26570, CVE-2020-26572

erictapen · erictapen · commit b94c22f71724 · 2020-10-20T17:34:35.000+02:00
(cherry picked from commit c4237e2)
diff --git a/pkgs/tools/security/opensc/default.nix b/pkgs/tools/security/opensc/default.nix
@@ -16,6 +16,21 @@ stdenv.mkDerivation rec {
     sha256 = "0mg8qmhww3li1isfgvn5hang1hq58zra057ilvgci88csfziv5lv";
   };
 
+  patches = [
+    (fetchpatch {
+      # https://nvd.nist.gov/vuln/detail/CVE-2020-26570
+      name = "CVE-2020-26570.patch";
+      url = "https://github.com/OpenSC/OpenSC/commit/6903aebfddc466d966c7b865fae34572bf3ed23e.patch";
+      sha256 = "sha256-aB9iCVcdp9zFhZiSv5A399Ttj7NUHRVgXr0EfmMwKN4=";
+    })
+    (fetchpatch {
+      # https://nvd.nist.gov/vuln/detail/CVE-2020-26572
+      name = "CVE-2020-26572.patch";
+      url = "https://github.com/OpenSC/OpenSC/commit/9d294de90d1cc66956389856e60b6944b27b4817.patch";
+      sha256 = "sha256-gKJaR5K+NaXh4NeTkGpzHzHCdpt6n54Hnt1GAq0tA9o=";
+    })
+  ];
+
   nativeBuildInputs = [ pkgconfig autoreconfHook ];
   buildInputs = [
     zlib readline openssl libassuan
