opensc: patch for CVE-2020-26570, CVE-2020-26572

pkgs/tools/security/opensc/default.nix

@@ -16,6 +16,21 @@ stdenv.mkDerivation rec {
     sha256 = "0mg8qmhww3li1isfgvn5hang1hq58zra057ilvgci88csfziv5lv";
   };
 
+  patches = [
+    (fetchpatch {
+      # https://nvd.nist.gov/vuln/detail/CVE-2020-26570
+      name = "CVE-2020-26570.patch";
+      url = "https://github.com/OpenSC/OpenSC/commit/6903aebfddc466d966c7b865fae34572bf3ed23e.patch";
+      sha256 = "sha256-aB9iCVcdp9zFhZiSv5A399Ttj7NUHRVgXr0EfmMwKN4=";
+    })
+    (fetchpatch {
+      # https://nvd.nist.gov/vuln/detail/CVE-2020-26572
+      name = "CVE-2020-26572.patch";
+      url = "https://github.com/OpenSC/OpenSC/commit/9d294de90d1cc66956389856e60b6944b27b4817.patch";
+      sha256 = "sha256-gKJaR5K+NaXh4NeTkGpzHzHCdpt6n54Hnt1GAq0tA9o=";
+    })
+  ];
+
   nativeBuildInputs = [ pkgconfig autoreconfHook ];
   buildInputs = [
     zlib readline openssl libassuan