gnu: wpa-supplicant: Fix "KRACK" key reinstallation attacks [security fixes].

Fixes CVE-2017-{13078,13079,13080,13081,13082,13087,13088}.

See these announcements for more information:
https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
https://www.krackattacks.com/

* gnu/packages/patches/wpa-supplicant-CVE-2017-13082.patch,
gnu/packages/patches/wpa-supplicant-fix-key-reuse.patch,
gnu/packages/patches/wpa-supplicant-fix-nonce-reuse.patch
gnu/packages/patches/wpa-supplicant-fix-zeroed-keys.patch,
gnu/packages/patches/wpa-supplicant-krack-followups.patch: New files.
* gnu/packages/admin.scm (wpa-supplicant-minimal)[source]: Use them.
* gnu/local.mk (dist_patch_DATA): Add them.

1 files changed, 5 insertions, 0 deletions

diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index bc8dc48f0e..23024fc363 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -902,6 +902,11 @@ commands and their arguments.")
                     "http://w1.fi/releases/wpa_supplicant-"
                     version
                     ".tar.gz"))
+              (patches (search-patches "wpa-supplicant-CVE-2017-13082.patch"
+                                       "wpa-supplicant-fix-key-reuse.patch"
+                                       "wpa-supplicant-fix-zeroed-keys.patch"
+                                       "wpa-supplicant-fix-nonce-reuse.patch"
+                                       "wpa-supplicant-krack-followups.patch"))
               (sha256
                (base32
                 "0l0l5gz3d5j9bqjsbjlfcv4w4jwndllp9fmyai4x9kg6qhs6v4xl"))))