Merge pull request #155266 from mweinelt/hostapd
This commit is contained in:
commit
9739b153f2
2 changed files with 8 additions and 67 deletions
|
@ -1,12 +1,12 @@
|
|||
{ lib, stdenv, fetchurl, fetchpatch, pkg-config, libnl, openssl, sqlite ? null }:
|
||||
{ lib, stdenv, fetchurl, pkg-config, libnl, openssl, sqlite ? null }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "hostapd";
|
||||
version = "2.9";
|
||||
version = "2.10";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://w1.fi/releases/${pname}-${version}.tar.gz";
|
||||
sha256 = "1mrbvg4v7vm7mknf0n29mf88k3s4a4qj6r4d51wq8hmjj1m7s7c8";
|
||||
sha256 = "sha256-IG58eZtnhXLC49EgMCOHhLxKn4IyOwFWtMlGbxSYkV0=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ pkg-config ];
|
||||
|
@ -16,38 +16,8 @@ stdenv.mkDerivation rec {
|
|||
(fetchurl {
|
||||
# Note: fetchurl seems to be unhappy with openwrt git
|
||||
# server's URLs containing semicolons. Using the github mirror instead.
|
||||
url = "https://raw.githubusercontent.com/openwrt/openwrt/master/package/network/services/hostapd/patches/300-noscan.patch";
|
||||
sha256 = "04wg4yjc19wmwk6gia067z99gzzk9jacnwxh5wyia7k5wg71yj5k";
|
||||
})
|
||||
# AP mode PMF disconnection protection bypass (CVE.2019-16275), can be removed >= 2.10
|
||||
# https://w1.fi/security/2019-7/
|
||||
(fetchurl {
|
||||
name = "CVE-2019-16275.patch";
|
||||
url = "https://w1.fi/security/2019-7/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch";
|
||||
sha256 = "15xjyy7crb557wxpx898b5lnyblxghlij0xby5lmj9hpwwss34dz";
|
||||
})
|
||||
# Fixes for UPnP SUBSCRIBE misbehavior in hostapd WPS AP (CVE-2020-12695), can be removed >= 2.10
|
||||
# https://w1.fi/security/2020-1/
|
||||
(fetchurl {
|
||||
name = "CVE-2020-12695_0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch";
|
||||
url = "https://w1.fi/security/2020-1/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch";
|
||||
sha256 = "1mrbhicqb34jlw1nid5hk2vnjbvfhvp7r5iblaj4l6vgc6fmp6id";
|
||||
})
|
||||
(fetchurl {
|
||||
name = "CVE-2020-12695_0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch";
|
||||
url = "https://w1.fi/security/2020-1/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch";
|
||||
sha256 = "1pk08b06b24is50bis3rr56xjd3b5kxdcdk8bx39n9vna9db7zj9";
|
||||
})
|
||||
(fetchurl {
|
||||
name = "CVE-2020-12695_0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch";
|
||||
url = "https://w1.fi/security/2020-1/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch";
|
||||
sha256 = "12npqp2skgrj934wwkqicgqksma0fxz09di29n1b5fm5i4njl8d8";
|
||||
})
|
||||
# In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c.
|
||||
(fetchpatch {
|
||||
name = "CVE-2021-30004.patch";
|
||||
url = "https://w1.fi/cgit/hostap/patch/?id=a0541334a6394f8237a4393b7372693cd7e96f15";
|
||||
sha256 = "1gbhlz41x1ar1hppnb76pqxj6vimiypy7c4kq6h658637s4am3xg";
|
||||
url = "https://raw.githubusercontent.com/openwrt/openwrt/eefed841b05c3cd4c65a78b50ce0934d879e6acf/package/network/services/hostapd/patches/300-noscan.patch";
|
||||
sha256 = "08p5frxhpq1rp2nczkscapwwl8g9nc4fazhjpxic5bcbssc3sb00";
|
||||
})
|
||||
];
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ lib, stdenv, fetchurl, fetchpatch, openssl, pkg-config, libnl
|
||||
{ lib, stdenv, fetchurl, openssl, pkg-config, libnl
|
||||
, nixosTests
|
||||
, withDbus ? true, dbus
|
||||
, withReadline ? true, readline
|
||||
|
@ -8,45 +8,16 @@
|
|||
|
||||
with lib;
|
||||
stdenv.mkDerivation rec {
|
||||
version = "2.9";
|
||||
version = "2.10";
|
||||
|
||||
pname = "wpa_supplicant";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://w1.fi/releases/${pname}-${version}.tar.gz";
|
||||
sha256 = "05qzak1mssnxcgdrafifxh9w86a4ha69qabkg4bsigk499xyxggw";
|
||||
sha256 = "sha256-IN965RVLODA1X4q0JpEjqHr/3qWf50/pKSqR0Nfhey8=";
|
||||
};
|
||||
|
||||
patches = [
|
||||
(fetchurl {
|
||||
name = "CVE-2019-16275.patch";
|
||||
url = "https://w1.fi/security/2019-7/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch";
|
||||
sha256 = "15xjyy7crb557wxpx898b5lnyblxghlij0xby5lmj9hpwwss34dz";
|
||||
})
|
||||
(fetchpatch {
|
||||
# Expose OWE key management capability over DBus, remove >= 2.10
|
||||
name = "dbus-Export-OWE-capability-and-OWE-BSS-key_mgmt.patch";
|
||||
url = "https://w1.fi/cgit/hostap/patch/?id=7800725afb27397f7d6033d4969e2aeb61af4737";
|
||||
sha256 = "0c1la7inf4m5y9gzdjjdnhpkx32pm8vi6m5knih8p77q4mbrdgg8";
|
||||
})
|
||||
# P2P: Fix copying of secondary device types for P2P group client (https://w1.fi/security/2020-2/)
|
||||
(fetchurl {
|
||||
name = "CVE-2021-0326.patch";
|
||||
url = "https://w1.fi/security/2020-2/0001-P2P-Fix-copying-of-secondary-device-types-for-P2P-gr.patch";
|
||||
sha256 = "19f4hx0p547mdx8y8arb3vclwyy4w9c8a6a40ryj7q33730mrmn4";
|
||||
})
|
||||
# P2P: Fix a corner case in peer addition based on PD Request (https://w1.fi/security/2021-1/)
|
||||
(fetchurl {
|
||||
name = "CVE-2021-27803.patch";
|
||||
url = "https://w1.fi/security/2021-1/0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch";
|
||||
sha256 = "04cnds7hmbqc44jasabjvrdnh66i5hwvk2h2m5z94pmgbzncyh3z";
|
||||
})
|
||||
# In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c.
|
||||
(fetchpatch {
|
||||
name = "CVE-2021-30004.patch";
|
||||
url = "https://w1.fi/cgit/hostap/patch/?id=a0541334a6394f8237a4393b7372693cd7e96f15";
|
||||
sha256 = "1gbhlz41x1ar1hppnb76pqxj6vimiypy7c4kq6h658637s4am3xg";
|
||||
})
|
||||
] ++ lib.optionals readOnlyModeSSIDs [
|
||||
# Allow read-only networks
|
||||
./0001-Implement-read-only-mode-for-ssids.patch
|
||||
|
|
Loading…
Reference in a new issue