From 5b072a4fc078d567988da3442778f054a76607a9 Mon Sep 17 00:00:00 2001
From: Robert Scott <code@humanleg.org.uk>
Date: Wed, 12 Aug 2020 21:08:15 +0100
Subject: [PATCH] pure-ftpd: add patches for CVE-2020-9274, CVE-2020-9365

Fixes merged to upstream's master but no release yet.
---
 pkgs/servers/ftp/pure-ftpd/default.nix | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/pkgs/servers/ftp/pure-ftpd/default.nix b/pkgs/servers/ftp/pure-ftpd/default.nix
index 020d2967f3e..32e039f546b 100644
--- a/pkgs/servers/ftp/pure-ftpd/default.nix
+++ b/pkgs/servers/ftp/pure-ftpd/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, openssl }:
+{ stdenv, fetchurl, openssl, fetchpatch }:
 
 stdenv.mkDerivation rec {
   name = "pure-ftpd-1.0.49";
@@ -8,6 +8,19 @@ stdenv.mkDerivation rec {
     sha256 = "19cjr262n6h560fi9nm7l1srwf93k34bp8dp1c6gh90bqxcg8yvn";
   };
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2020-9274.patch";
+      url = "https://github.com/jedisct1/pure-ftpd/commit/8d0d42542e2cb7a56d645fbe4d0ef436e38bcefa.patch";
+      sha256 = "1yd84p6bd4rf21hg3kqpi2a02cac6dz5ag4xx3c2dl5vbzhr5a8k";
+    })
+    (fetchpatch {
+      name = "CVE-2020-9365.patch";
+      url = "https://github.com/jedisct1/pure-ftpd/commit/bf6fcd4935e95128cf22af5924cdc8fe5c0579da.patch";
+      sha256 = "003klx7j82qf92qr1dxg32v5r2bhhywplynd3xil1lbcd3s3mqhi";
+    })
+  ];
+
   buildInputs = [ openssl ];
 
   configureFlags = [ "--with-tls" ];