openconnect: patch CVE-2020-12105 & CVE-2020-12823

- https://nvd.nist.gov/vuln/detail/CVE-2020-12105 - https://nvd.nist.gov/vuln/detail/CVE-2020-12823
NixOS · Jul 10, 2020 · 58f5c23 · 58f5c23
1 parent 02a83b1
commit 58f5c23
Showing 1 changed file with 14 additions and 1 deletion.
diff --git a/pkgs/tools/networking/openconnect/default.nix b/pkgs/tools/networking/openconnect/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, pkgconfig, openssl ? null, gnutls ? null, gmp, libxml2, stoken, zlib, fetchgit, darwin } :
+{ stdenv, fetchurl, fetchpatch, pkgconfig, openssl ? null, gnutls ? null, gmp, libxml2, stoken, zlib, fetchgit, darwin } :
 
 assert (openssl != null) == (gnutls == null);
 
@@ -19,6 +19,19 @@ in stdenv.mkDerivation rec {
     sha256 = "14i9q727c2zc9xhzp1a9hz3gzb5lwgsslbhircm84dnbs192jp1k";
   };
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2020-12105.patch";
+      url = "https://gitlab.com/openconnect/openconnect/-/merge_requests/96.patch";
+      sha256 = "19ra55jql2f2sim9kkgybrm4abz28iax92iwpijiipz5lk2jz0ai";
+    })
+    (fetchpatch {
+      name = "CVE-2020-12823.patch";
+      url = "https://gitlab.com/openconnect/openconnect/-/merge_requests/108.patch";
+      sha256 = "1ycw0b7wbj6byb151vlyywr0y3x0prsyxal5gdds5xcsdr5s9va3";
+    })
+  ];
+
   outputs = [ "out" "dev" ];
 
   configureFlags = [