opensc: patch for CVE-2020-26570, CVE-2020-26572

author: Justin Humm <justin.humm@posteo.de> 2020-10-20 16:38:49 +0200
committer: Justin Humm <justin.humm@posteo.de> 2020-10-20 17:31:26 +0200
commit: c4237e2be1f24ee12721f8e1549fced17bbbd567 (patch)
tree: 22e74c0de62bdb38df7861ef3c83545996fca047 /pkgs/tools/security/opensc
parent: b65f1a4862adf5fd82f91aa807e64ebdbcece6b2 (diff)
1 files changed, 15 insertions, 0 deletions
diff --git a/pkgs/tools/security/opensc/default.nix b/pkgs/tools/security/opensc/default.nix
index 103345abf61b1..a9eea81c4e833 100644
--- a/pkgs/tools/security/opensc/default.nix
+++ b/pkgs/tools/security/opensc/default.nix
@@ -16,6 +16,21 @@ stdenv.mkDerivation rec {
     sha256 = "0mg8qmhww3li1isfgvn5hang1hq58zra057ilvgci88csfziv5lv";
   };
 
+  patches = [
+    (fetchpatch {
+      # https://nvd.nist.gov/vuln/detail/CVE-2020-26570
+      name = "CVE-2020-26570.patch";
+      url = "https://github.com/OpenSC/OpenSC/commit/6903aebfddc466d966c7b865fae34572bf3ed23e.patch";
+      sha256 = "sha256-aB9iCVcdp9zFhZiSv5A399Ttj7NUHRVgXr0EfmMwKN4=";
+    })
+    (fetchpatch {
+      # https://nvd.nist.gov/vuln/detail/CVE-2020-26572
+      name = "CVE-2020-26572.patch";
+      url = "https://github.com/OpenSC/OpenSC/commit/9d294de90d1cc66956389856e60b6944b27b4817.patch";
+      sha256 = "sha256-gKJaR5K+NaXh4NeTkGpzHzHCdpt6n54Hnt1GAq0tA9o=";
+    })
+  ];
+
   nativeBuildInputs = [ pkgconfig autoreconfHook ];
   buildInputs = [
     zlib readline openssl libassuan
author	Justin Humm <justin.humm@posteo.de>	2020-10-20 16:38:49 +0200
committer	Justin Humm <justin.humm@posteo.de>	2020-10-20 17:31:26 +0200
commit	c4237e2be1f24ee12721f8e1549fced17bbbd567 (patch)
tree	22e74c0de62bdb38df7861ef3c83545996fca047 /pkgs/tools/security/opensc
parent	b65f1a4862adf5fd82f91aa807e64ebdbcece6b2 (diff)