Merge pull request #308218 from LeSuisse/iwd-CVE-2023-52161-23.11

[23.11] iwd: apply patches for CVE-2023-52161 and buffer overflows

1 files changed, 19 insertions, 0 deletions

diff --git a/pkgs/os-specific/linux/iwd/default.nix b/pkgs/os-specific/linux/iwd/default.nix
index 1b983bb90e1e..9394105efe65 100644
--- a/pkgs/os-specific/linux/iwd/default.nix
+++ b/pkgs/os-specific/linux/iwd/default.nix
@@ -1,5 +1,6 @@
 { lib, stdenv
 , fetchgit
+, fetchpatch
 , autoreconfHook
 , pkg-config
 , ell
@@ -20,6 +21,24 @@ stdenv.mkDerivation rec {
     sha256 = "sha256-i+2R8smgLXooApj0Z5e03FybhYgw1X/kIsJkrDzW8y4=";
   };
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2023-52161.patch";
+      url = "https://git.kernel.org/pub/scm/network/wireless/iwd.git/patch/?id=6415420f1c92012f64063c131480ffcef58e60ca";
+      hash = "sha256-bN5mxdWDyKEC2IyyG2vlzTEAL57C4uC7GAJA3jSXJHg=";
+    })
+    (fetchpatch {
+      name = "netdev-buffer-overflow-32-byte-ssid.patch";
+      url = "https://git.kernel.org/pub/scm/network/wireless/iwd.git/patch/?id=8d68b33e763aced6d419df9f6534760d2c890279";
+      hash = "sha256-BSduzwVUTEcqjVwD88qJYgItApcQZwU43u9gbNMDs8I=";
+    })
+    (fetchpatch {
+      name = "erp-buffer-overflow-32-byte-ssid.patch";
+      url = "https://git.kernel.org/pub/scm/network/wireless/iwd.git/patch/?id=bdaae53cf828a1f6ea7a7b57d7d6ebcc7b70ac43";
+      hash = "sha256-K/Ib0azlZ0UlFqcqs+8dSfj0hh0j0dZYpfB9f6tEqc8=";
+    })
+  ];
+
   outputs = [ "out" "man" "doc" ]
     ++ lib.optional (stdenv.hostPlatform == stdenv.buildPlatform) "test";