Merge pull request #249403 from risicle/ris-opensc-CVE-2023-2977

opensc: add patch for CVE-2023-2977
2024-12-03 04:13:01 +00:00 · 2023-08-16 19:52:35 +01:00 · 2023-08-16 19:52:35 +01:00 · 4bd28e0bba
commit 4bd28e0bba
parent e3465f467b a80126137c
1 changed files with 9 additions and 0 deletions
--- a/pkgs/tools/security/opensc/default.nix
+++ b/pkgs/tools/security/opensc/default.nix
@ -1,5 +1,6 @@
 { lib, stdenv, fetchFromGitHub, autoreconfHook, pkg-config, zlib, readline, openssl
 , libiconv, pcsclite, libassuan, libXt
+, fetchpatch
 , docbook_xsl, libxslt, docbook_xml_dtd_412
 , Carbon, PCSC, buildPackages
 , withApplePCSC ? stdenv.isDarwin
@ -16,6 +17,14 @@ stdenv.mkDerivation rec {
    sha256 = "sha256-Yo8dwk7+d6q+hi7DmJ0GJM6/pmiDOiyEm/tEBSbCU8k=";
  };

+  patches = [
+    (fetchpatch {
+      name = "CVE-2023-2977.patch";
+      url = "https://github.com/OpenSC/OpenSC/commit/81944d1529202bd28359bede57c0a15deb65ba8a.patch";
+      hash = "sha256-rCeYYKPtv3pii5zgDP5x9Kl2r98p3uxyBSCYlPJZR/s=";
+    })
+  ];
+
  nativeBuildInputs = [ pkg-config autoreconfHook ];
  buildInputs = [
    zlib readline openssl libassuan