diff options
| author | Graham Christensen <graham@grahamc.com> | 2017-10-16 07:31:01 -0400 |
|---|---|---|
| committer | Graham Christensen <graham@grahamc.com> | 2017-10-16 07:33:44 -0400 |
| commit | ea50efcc67cfa6c8331b54ff33ab791dacd52fe4 (patch) | |
| tree | afd408ace86b62798d82da5bc89d38b13da1b040 /pkgs/os-specific/linux/wpa_supplicant | |
| parent | 629965a53251afa23a60c08c16000b732374b9f9 (diff) | |
| download | nixpkgs-ea50efcc67cfa6c8331b54ff33ab791dacd52fe4.tar nixpkgs-ea50efcc67cfa6c8331b54ff33ab791dacd52fe4.tar.gz nixpkgs-ea50efcc67cfa6c8331b54ff33ab791dacd52fe4.tar.bz2 nixpkgs-ea50efcc67cfa6c8331b54ff33ab791dacd52fe4.tar.lz nixpkgs-ea50efcc67cfa6c8331b54ff33ab791dacd52fe4.tar.xz nixpkgs-ea50efcc67cfa6c8331b54ff33ab791dacd52fe4.tar.zst nixpkgs-ea50efcc67cfa6c8331b54ff33ab791dacd52fe4.zip | |
wpa_supplicant: patch for KRACKAttack
CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake.
CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake.
CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way handshake.
CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake.
CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake.
CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it.
CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake.
CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake.
CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
Diffstat (limited to 'pkgs/os-specific/linux/wpa_supplicant')
| -rw-r--r-- | pkgs/os-specific/linux/wpa_supplicant/default.nix | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/pkgs/os-specific/linux/wpa_supplicant/default.nix b/pkgs/os-specific/linux/wpa_supplicant/default.nix index 25160fb0c95..c2c05a6b99e 100644 --- a/pkgs/os-specific/linux/wpa_supplicant/default.nix +++ b/pkgs/os-specific/linux/wpa_supplicant/default.nix @@ -80,6 +80,39 @@ stdenv.mkDerivation rec { patches = [ ./build-fix.patch + #KRACKAttack.com + (fetchurl { + url = "http://w1.fi/security/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch"; + sha256 = "02zl2x4pxay666yq18g4f3byccrzipfjbky1ydw62v15h76174aj"; + }) + (fetchurl { + url = "http://w1.fi/security/2017-1/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch"; + sha256 = "1mrmqg00x1bqa43dyhxb14msk74lh3kvr4avni43c3qpfjmlfvfq"; + }) + (fetchurl { + url = "http://w1.fi/security/2017-1/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch"; + sha256 = "10byyi8wfpcc8i788ag7ndycd3xvq2iwnssyb3rwf34sfcv5wlyl"; + }) + (fetchurl { + url = "http://w1.fi/security/2017-1/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch"; + sha256 = "02z2rsbh4sw81wsc56xjbblbi76ii0clmpnr1m1szdb1h5s58fkr"; + }) + (fetchurl { + url = "http://w1.fi/security/2017-1/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch"; + sha256 = "17pbrn5h6l5v14y6gn2yr2knqya9i0n2vyq4ck8hasb00yz8lz0l"; + }) + (fetchurl { + url = "http://w1.fi/security/2017-1/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch"; + sha256 = "19mgcqbdyzm4myi182jcn1rn26xi3jib74cpxbbrx1gaccxlsvar"; + }) + (fetchurl { # wpa-supplicant only + url = "http://w1.fi/security/2017-1/rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch"; + sha256 = "0di71j8762dkvr0c7h5mrbkqyfdy8mljvnp0dk2qhbgc9bw7m8f5"; + }) + (fetchurl { + url = "http://w1.fi/security/2017-1/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch"; + sha256 = "1ca312cixbld70rp12q7h66lnjjxzz0qag0ii2sg6cllgf2hv168"; + }) ]; postInstall = '' |