From b1da7c4c044cb12fe99f7b16f65ae229d9e77b0b Mon Sep 17 00:00:00 2001
From: Thomas Gerbet <thomas@gerbet.me>
Date: Wed, 1 May 2024 11:00:18 +0200
Subject: iwd: apply patches for CVE-2023-52161 and buffer overflows

---
 pkgs/os-specific/linux/iwd/default.nix | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/pkgs/os-specific/linux/iwd/default.nix b/pkgs/os-specific/linux/iwd/default.nix
index 1b983bb90e1e7..9394105efe652 100644
--- a/pkgs/os-specific/linux/iwd/default.nix
+++ b/pkgs/os-specific/linux/iwd/default.nix
@@ -1,5 +1,6 @@
 { lib, stdenv
 , fetchgit
+, fetchpatch
 , autoreconfHook
 , pkg-config
 , ell
@@ -20,6 +21,24 @@ stdenv.mkDerivation rec {
     sha256 = "sha256-i+2R8smgLXooApj0Z5e03FybhYgw1X/kIsJkrDzW8y4=";
   };
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2023-52161.patch";
+      url = "https://git.kernel.org/pub/scm/network/wireless/iwd.git/patch/?id=6415420f1c92012f64063c131480ffcef58e60ca";
+      hash = "sha256-bN5mxdWDyKEC2IyyG2vlzTEAL57C4uC7GAJA3jSXJHg=";
+    })
+    (fetchpatch {
+      name = "netdev-buffer-overflow-32-byte-ssid.patch";
+      url = "https://git.kernel.org/pub/scm/network/wireless/iwd.git/patch/?id=8d68b33e763aced6d419df9f6534760d2c890279";
+      hash = "sha256-BSduzwVUTEcqjVwD88qJYgItApcQZwU43u9gbNMDs8I=";
+    })
+    (fetchpatch {
+      name = "erp-buffer-overflow-32-byte-ssid.patch";
+      url = "https://git.kernel.org/pub/scm/network/wireless/iwd.git/patch/?id=bdaae53cf828a1f6ea7a7b57d7d6ebcc7b70ac43";
+      hash = "sha256-K/Ib0azlZ0UlFqcqs+8dSfj0hh0j0dZYpfB9f6tEqc8=";
+    })
+  ];
+
   outputs = [ "out" "man" "doc" ]
     ++ lib.optional (stdenv.hostPlatform == stdenv.buildPlatform) "test";
 
-- 
cgit 1.4.1