From a81b29ac0b622d172f5b5d1034b334331253ee96 Mon Sep 17 00:00:00 2001
From: Franz Pletz <fpletz@fnordicwalking.de>
Date: Wed, 8 Aug 2018 22:20:06 +0200
Subject: wpa_supplicant: add patch to fix CVE-2018-14526

Fixes #44724.
---
 pkgs/os-specific/linux/wpa_supplicant/default.nix | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'pkgs/os-specific/linux/wpa_supplicant')

diff --git a/pkgs/os-specific/linux/wpa_supplicant/default.nix b/pkgs/os-specific/linux/wpa_supplicant/default.nix
index add7c648856..3b19b7bff54 100644
--- a/pkgs/os-specific/linux/wpa_supplicant/default.nix
+++ b/pkgs/os-specific/linux/wpa_supplicant/default.nix
@@ -80,7 +80,8 @@ stdenv.mkDerivation rec {
 
   patches = [
     ./build-fix.patch
-    #KRACKAttack.com
+
+    # KRACKAttack.com
     (fetchurl {
       url = "http://w1.fi/security/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch";
       sha256 = "02zl2x4pxay666yq18g4f3byccrzipfjbky1ydw62v15h76174aj";
@@ -113,6 +114,12 @@ stdenv.mkDerivation rec {
       url = "http://w1.fi/security/2017-1/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch";
       sha256 = "1ca312cixbld70rp12q7h66lnjjxzz0qag0ii2sg6cllgf2hv168";
     })
+
+    # Unauthenticated EAPOL-Key decryption (CVE-2018-14526)
+    (fetchurl {
+      url = "https://w1.fi/security/2018-1/rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch";
+      sha256 = "0z0zxc9wrikmvciyqpdhx0l5v7qsd8c6b5ph9h5rniqllpr3q34n";
+    })
   ];
 
   postInstall = ''
-- 
cgit 1.4.1