From 09748a352729762dacb8e6171752aaa6d03df85d Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Mon, 16 Oct 2017 14:15:08 -0400
Subject: gnu: wpa-supplicant: Fix "KRACK" key reinstallation attacks [security
 fixes].

Fixes CVE-2017-{13078,13079,13080,13081,13082,13087,13088}.

See these announcements for more information:
https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
https://www.krackattacks.com/

* gnu/packages/patches/wpa-supplicant-CVE-2017-13082.patch,
gnu/packages/patches/wpa-supplicant-fix-key-reuse.patch,
gnu/packages/patches/wpa-supplicant-fix-nonce-reuse.patch
gnu/packages/patches/wpa-supplicant-fix-zeroed-keys.patch,
gnu/packages/patches/wpa-supplicant-krack-followups.patch: New files.
* gnu/packages/admin.scm (wpa-supplicant-minimal)[source]: Use them.
* gnu/local.mk (dist_patch_DATA): Add them.
---
 gnu/packages/admin.scm | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'gnu/packages/admin.scm')

diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index bc8dc48f0e..23024fc363 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -902,6 +902,11 @@ commands and their arguments.")
                     "http://w1.fi/releases/wpa_supplicant-"
                     version
                     ".tar.gz"))
+              (patches (search-patches "wpa-supplicant-CVE-2017-13082.patch"
+                                       "wpa-supplicant-fix-key-reuse.patch"
+                                       "wpa-supplicant-fix-zeroed-keys.patch"
+                                       "wpa-supplicant-fix-nonce-reuse.patch"
+                                       "wpa-supplicant-krack-followups.patch"))
               (sha256
                (base32
                 "0l0l5gz3d5j9bqjsbjlfcv4w4jwndllp9fmyai4x9kg6qhs6v4xl"))))
-- 
cgit v1.2.3