From 559687498b4d0777802067a6929cfdb758b8fabb Mon Sep 17 00:00:00 2001 From: Pierre Bourdon Date: Wed, 2 Oct 2019 21:16:56 +0200 Subject: [PATCH] wpa_supplicant: apply patch for CVE-2019-16275 --- pkgs/os-specific/linux/wpa_supplicant/default.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/pkgs/os-specific/linux/wpa_supplicant/default.nix b/pkgs/os-specific/linux/wpa_supplicant/default.nix index 69525c92ede9..f0abc1660817 100644 --- a/pkgs/os-specific/linux/wpa_supplicant/default.nix +++ b/pkgs/os-specific/linux/wpa_supplicant/default.nix @@ -13,6 +13,14 @@ stdenv.mkDerivation rec { sha256 = "05qzak1mssnxcgdrafifxh9w86a4ha69qabkg4bsigk499xyxggw"; }; + patches = [ + (fetchurl { + name = "CVE-2019-16275.patch"; + url = "https://w1.fi/security/2019-7/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch"; + sha256 = "15xjyy7crb557wxpx898b5lnyblxghlij0xby5lmj9hpwwss34dz"; + }) + ]; + # TODO: Patch epoll so that the dbus actually responds # TODO: Figure out how to get privsep working, currently getting SIGBUS extraConfig = ''