From a08b85f477ed3351025b1b57213297271b9eda47 Mon Sep 17 00:00:00 2001
From: Will Dietz <w@wdtz.org>
Date: Mon, 31 Jan 2022 15:49:20 -0600
Subject: [PATCH] samurai: apply upstream CVE fixes (security) CVE-2021-30218
 CVE-2021-30219

---
 .../tools/build-managers/samurai/default.nix      | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/pkgs/development/tools/build-managers/samurai/default.nix b/pkgs/development/tools/build-managers/samurai/default.nix
index 1fb4206d5ce..cd058bfc263 100644
--- a/pkgs/development/tools/build-managers/samurai/default.nix
+++ b/pkgs/development/tools/build-managers/samurai/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchFromGitHub }:
+{ lib, stdenv, fetchFromGitHub, fetchpatch }:
 
 stdenv.mkDerivation rec {
   pname = "samurai";
@@ -13,6 +13,19 @@ stdenv.mkDerivation rec {
 
   makeFlags = [ "DESTDIR=" "PREFIX=${placeholder "out"}" ];
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2021-30218.patch";
+      url = "https://github.com/michaelforney/samurai/commit/e84b6d99c85043fa1ba54851ee500540ec206918.patch";
+      sha256 = "sha256-hyndwj6st4rwOJ35Iu0qL12dR5E6CBvsulvR27PYKMw=";
+    })
+    (fetchpatch {
+      name = "CVE-2021-30219.patch";
+      url = "https://github.com/michaelforney/samurai/commit/d2af3bc375e2a77139c3a28d6128c60cd8d08655.patch";
+      sha256 = "sha256-rcdwKjHeq5Oaga9wezdHSg/7ljkynfbnkBc2ciMW5so=";
+    })
+  ];
+
   meta = with lib; {
     description = "ninja-compatible build tool written in C";
     homepage = "https://github.com/michaelforney/samurai";