From a80126137c60faa3cd7f7519a404c2ef1ad0b9b3 Mon Sep 17 00:00:00 2001
From: Robert Scott <code@humanleg.org.uk>
Date: Tue, 15 Aug 2023 22:32:23 +0100
Subject: [PATCH] opensc: add patch for CVE-2023-2977

---
 pkgs/tools/security/opensc/default.nix | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/pkgs/tools/security/opensc/default.nix b/pkgs/tools/security/opensc/default.nix
index 51e9434f82e8..9b5b6fba8b24 100644
--- a/pkgs/tools/security/opensc/default.nix
+++ b/pkgs/tools/security/opensc/default.nix
@@ -1,5 +1,6 @@
 { lib, stdenv, fetchFromGitHub, autoreconfHook, pkg-config, zlib, readline, openssl
 , libiconv, pcsclite, libassuan, libXt
+, fetchpatch
 , docbook_xsl, libxslt, docbook_xml_dtd_412
 , Carbon, PCSC, buildPackages
 , withApplePCSC ? stdenv.isDarwin
@@ -16,6 +17,14 @@ stdenv.mkDerivation rec {
     sha256 = "sha256-Yo8dwk7+d6q+hi7DmJ0GJM6/pmiDOiyEm/tEBSbCU8k=";
   };
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2023-2977.patch";
+      url = "https://github.com/OpenSC/OpenSC/commit/81944d1529202bd28359bede57c0a15deb65ba8a.patch";
+      hash = "sha256-rCeYYKPtv3pii5zgDP5x9Kl2r98p3uxyBSCYlPJZR/s=";
+    })
+  ];
+
   nativeBuildInputs = [ pkg-config autoreconfHook ];
   buildInputs = [
     zlib readline openssl libassuan