1 files changed, 8 insertions, 1 deletions

diff --git a/pkgs/os-specific/linux/wpa_supplicant/default.nix b/pkgs/os-specific/linux/wpa_supplicant/default.nix
index add7c648856..3b19b7bff54 100644
--- a/pkgs/os-specific/linux/wpa_supplicant/default.nix
+++ b/pkgs/os-specific/linux/wpa_supplicant/default.nix
@@ -80,7 +80,8 @@ stdenv.mkDerivation rec {
 
   patches = [
     ./build-fix.patch
-    #KRACKAttack.com
+
+    # KRACKAttack.com
     (fetchurl {
       url = "http://w1.fi/security/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch";
       sha256 = "02zl2x4pxay666yq18g4f3byccrzipfjbky1ydw62v15h76174aj";
@@ -113,6 +114,12 @@ stdenv.mkDerivation rec {
       url = "http://w1.fi/security/2017-1/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch";
       sha256 = "1ca312cixbld70rp12q7h66lnjjxzz0qag0ii2sg6cllgf2hv168";
     })
+
+    # Unauthenticated EAPOL-Key decryption (CVE-2018-14526)
+    (fetchurl {
+      url = "https://w1.fi/security/2018-1/rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch";
+      sha256 = "0z0zxc9wrikmvciyqpdhx0l5v7qsd8c6b5ph9h5rniqllpr3q34n";
+    })
   ];
 
   postInstall = ''