From 559687498b4d0777802067a6929cfdb758b8fabb Mon Sep 17 00:00:00 2001
From: Pierre Bourdon <delroth@gmail.com>
Date: Wed, 2 Oct 2019 21:16:56 +0200
Subject: wpa_supplicant: apply patch for CVE-2019-16275

---
 pkgs/os-specific/linux/wpa_supplicant/default.nix | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'pkgs/os-specific/linux/wpa_supplicant')

diff --git a/pkgs/os-specific/linux/wpa_supplicant/default.nix b/pkgs/os-specific/linux/wpa_supplicant/default.nix
index 69525c92ede..f0abc166081 100644
--- a/pkgs/os-specific/linux/wpa_supplicant/default.nix
+++ b/pkgs/os-specific/linux/wpa_supplicant/default.nix
@@ -13,6 +13,14 @@ stdenv.mkDerivation rec {
     sha256 = "05qzak1mssnxcgdrafifxh9w86a4ha69qabkg4bsigk499xyxggw";
   };
 
+  patches = [
+    (fetchurl {
+      name = "CVE-2019-16275.patch";
+      url = "https://w1.fi/security/2019-7/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch";
+      sha256 = "15xjyy7crb557wxpx898b5lnyblxghlij0xby5lmj9hpwwss34dz";
+    })
+  ];
+
   # TODO: Patch epoll so that the dbus actually responds
   # TODO: Figure out how to get privsep working, currently getting SIGBUS
   extraConfig = ''
-- 
cgit 1.4.1