From c4237e2be1f24ee12721f8e1549fced17bbbd567 Mon Sep 17 00:00:00 2001
From: Justin Humm <justin.humm@posteo.de>
Date: Tue, 20 Oct 2020 16:38:49 +0200
Subject: [PATCH] opensc: patch for CVE-2020-26570, CVE-2020-26572

---
 pkgs/tools/security/opensc/default.nix | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/pkgs/tools/security/opensc/default.nix b/pkgs/tools/security/opensc/default.nix
index 103345abf61..a9eea81c4e8 100644
--- a/pkgs/tools/security/opensc/default.nix
+++ b/pkgs/tools/security/opensc/default.nix
@@ -16,6 +16,21 @@ stdenv.mkDerivation rec {
     sha256 = "0mg8qmhww3li1isfgvn5hang1hq58zra057ilvgci88csfziv5lv";
   };
 
+  patches = [
+    (fetchpatch {
+      # https://nvd.nist.gov/vuln/detail/CVE-2020-26570
+      name = "CVE-2020-26570.patch";
+      url = "https://github.com/OpenSC/OpenSC/commit/6903aebfddc466d966c7b865fae34572bf3ed23e.patch";
+      sha256 = "sha256-aB9iCVcdp9zFhZiSv5A399Ttj7NUHRVgXr0EfmMwKN4=";
+    })
+    (fetchpatch {
+      # https://nvd.nist.gov/vuln/detail/CVE-2020-26572
+      name = "CVE-2020-26572.patch";
+      url = "https://github.com/OpenSC/OpenSC/commit/9d294de90d1cc66956389856e60b6944b27b4817.patch";
+      sha256 = "sha256-gKJaR5K+NaXh4NeTkGpzHzHCdpt6n54Hnt1GAq0tA9o=";
+    })
+  ];
+
   nativeBuildInputs = [ pkgconfig autoreconfHook ];
   buildInputs = [
     zlib readline openssl libassuan