summary refs log tree commit diff
path: root/pkgs/os-specific/linux/wpa_supplicant
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/os-specific/linux/wpa_supplicant')
-rw-r--r--pkgs/os-specific/linux/wpa_supplicant/default.nix6
1 files changed, 6 insertions, 0 deletions
diff --git a/pkgs/os-specific/linux/wpa_supplicant/default.nix b/pkgs/os-specific/linux/wpa_supplicant/default.nix
index f9198cc8ff4..80eaf04a114 100644
--- a/pkgs/os-specific/linux/wpa_supplicant/default.nix
+++ b/pkgs/os-specific/linux/wpa_supplicant/default.nix
@@ -37,6 +37,12 @@ stdenv.mkDerivation rec {
       url = "https://w1.fi/security/2021-1/0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch";
       sha256 = "04cnds7hmbqc44jasabjvrdnh66i5hwvk2h2m5z94pmgbzncyh3z";
     })
+    # In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c.
+    (fetchpatch {
+      name = "CVE-2021-30004.patch";
+      url = "https://w1.fi/cgit/hostap/patch/?id=a0541334a6394f8237a4393b7372693cd7e96f15";
+      sha256 = "1gbhlz41x1ar1hppnb76pqxj6vimiypy7c4kq6h658637s4am3xg";
+    })
   ];
 
   # TODO: Patch epoll so that the dbus actually responds
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-17 16:20:38 +0000