On Thu, Oct 06, 2016 at 12:04:25PM +0100, Marius Bakke wrote: > None of the patches applied, so I assume they are upstream.
To check if the patches are in the 2.6 release, I cloned the Git repo and used `git describe --contains`. The patches helpfully include the Git commit hash, so that commit can be passed to `git describe --contains`. So, for 'wpa-supplicant-CVE-2016-4477-pt4.patch': $ git describe --contains 2a3f56502b52375c3bf113cf92adfa99bad6b488 hostap_2_6~513 So, we see that the commit is reachable from the 2.6 release tag, 513 commits in the past. I think it's a reasonable to assume that upstream releases correspond to the Git tags. I did that for all the patches. I don't think it's enough that the patches don't apply; there could have been incompatible code changes that prevent their application but did not fix the bugs. > Tested locally. Please push if it's good. > > From 28a85174650e5602364290f9b7d1259f4148bcf1 Mon Sep 17 00:00:00 2001 > From: Marius Bakke <mba...@fastmail.com> > Date: Wed, 5 Oct 2016 04:08:46 +0100 > Subject: [PATCH] gnu: wpa-supplicant: Update to 2.6. > > * gnu/packages/admin.scm (wpa-supplicant-minimal)[source]: Update to > 2.6. Remove 'patches' field. > * gnu/packages/patches/wpa-supplicant-CVE-2015-5310.patch, > gnu/packages/patches/wpa-supplicant-CVE-2015-5314.patch, > gnu/packages/patches/wpa-supplicant-CVE-2015-5315.patch, > gnu/packages/patches/wpa-supplicant-CVE-2015-5316.patch, > gnu/packages/patches/wpa-supplicant-CVE-2016-4476.patch, > gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt1.patch, > gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt2.patch, > gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt3.patch, > gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt4.patch: Delete > files. > * gnu/local.mk (dist_patch_DATA): Remove them. Works for me, thanks! Pushed as fc0081213d612dc0b4f5f90d5b775704511a7432
