From 3bfe6bfca2fbe5f7f6c9d640172d482bfdcec815 Mon Sep 17 00:00:00 2001
From: Robert Scott <code@humanleg.org.uk>
Date: Tue, 30 Aug 2022 19:57:55 +0100
Subject: [PATCH] openscad: add patches for CVE-2022-0496 & CVE-2022-0497

---
 pkgs/applications/graphics/openscad/default.nix | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/pkgs/applications/graphics/openscad/default.nix b/pkgs/applications/graphics/openscad/default.nix
index 98afab94f3d1..646594d4afba 100644
--- a/pkgs/applications/graphics/openscad/default.nix
+++ b/pkgs/applications/graphics/openscad/default.nix
@@ -1,5 +1,6 @@
 { lib, stdenv
 , fetchFromGitHub
+, fetchpatch
 , qtbase
 , qtmultimedia
 , qscintilla
@@ -42,6 +43,19 @@ mkDerivation rec {
     sha256 = "sha256-2tOLqpFt5klFPxHNONnHVzBKEFWn4+ufx/MU+eYbliA=";
   };
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2022-0496.patch";
+      url = "https://github.com/openscad/openscad/commit/00a4692989c4e2f191525f73f24ad8727bacdf41.patch";
+      sha256 = "sha256-q3SLj2b5aM/IQ8vIDj4iVcwCajgyJ5juNV/KN35uxfI=";
+    })
+    (fetchpatch {
+      name = "CVE-2022-0497.patch";
+      url = "https://github.com/openscad/openscad/commit/84addf3c1efbd51d8ff424b7da276400bbfa1a4b.patch";
+      sha256 = "sha256-KNEVu10E2d4G2x+FJcuHo2tjD8ygMRuhUcW9NbN98bM=";
+    })
+  ];
+
   nativeBuildInputs = [ bison flex pkg-config gettext qmake ];
 
   buildInputs = [