samurai: apply upstream CVE fixes (security)

CVE-2021-30218 CVE-2021-30219

1 files changed, 14 insertions, 1 deletions

diff --git a/pkgs/development/tools/build-managers/samurai/default.nix b/pkgs/development/tools/build-managers/samurai/default.nix
index 1fb4206d5ce..cd058bfc263 100644
--- a/pkgs/development/tools/build-managers/samurai/default.nix
+++ b/pkgs/development/tools/build-managers/samurai/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchFromGitHub }:
+{ lib, stdenv, fetchFromGitHub, fetchpatch }:
 
 stdenv.mkDerivation rec {
   pname = "samurai";
@@ -13,6 +13,19 @@ stdenv.mkDerivation rec {
 
   makeFlags = [ "DESTDIR=" "PREFIX=${placeholder "out"}" ];
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2021-30218.patch";
+      url = "https://github.com/michaelforney/samurai/commit/e84b6d99c85043fa1ba54851ee500540ec206918.patch";
+      sha256 = "sha256-hyndwj6st4rwOJ35Iu0qL12dR5E6CBvsulvR27PYKMw=";
+    })
+    (fetchpatch {
+      name = "CVE-2021-30219.patch";
+      url = "https://github.com/michaelforney/samurai/commit/d2af3bc375e2a77139c3a28d6128c60cd8d08655.patch";
+      sha256 = "sha256-rcdwKjHeq5Oaga9wezdHSg/7ljkynfbnkBc2ciMW5so=";
+    })
+  ];
+
   meta = with lib; {
     description = "ninja-compatible build tool written in C";
     homepage = "https://github.com/michaelforney/samurai";