wpa_supplicant: add patch to fix CVE-2018-14526

Fixes #44724.
2018-08-08 22:20:06 +02:00 · 2018-08-08 22:20:06 +02:00 · a81b29ac0b
commit a81b29ac0b
parent 8de02232c5
1 changed files with 8 additions and 1 deletions
--- a/pkgs/os-specific/linux/wpa_supplicant/default.nix
+++ b/pkgs/os-specific/linux/wpa_supplicant/default.nix
@ -80,6 +80,7 @@ stdenv.mkDerivation rec {

  patches = [
    ./build-fix.patch
+
    # KRACKAttack.com
    (fetchurl {
      url = "http://w1.fi/security/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch";
@ -113,6 +114,12 @@ stdenv.mkDerivation rec {
      url = "http://w1.fi/security/2017-1/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch";
      sha256 = "1ca312cixbld70rp12q7h66lnjjxzz0qag0ii2sg6cllgf2hv168";
    })
+
+    # Unauthenticated EAPOL-Key decryption (CVE-2018-14526)
+    (fetchurl {
+      url = "https://w1.fi/security/2018-1/rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch";
+      sha256 = "0z0zxc9wrikmvciyqpdhx0l5v7qsd8c6b5ph9h5rniqllpr3q34n";
+    })
  ];

  postInstall = ''