public
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

wpa_supplicant: add patch for CVE-2021-30004 

In wpa_supplicant and hostapd 2.9, forging attacks may occur because
AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and
tls/x509v3.c.

Fixes: CVE-2021-30004
This commit is contained in:
Martin Weinelt 2021-04-13 18:44:35 +02:00
parent 4e26958eca
commit 9f9ab6fffc
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
pkgs/os-specific/linux/wpa_supplicant/default.nix
View File

@ -37,6 +37,12 @@ stdenv.mkDerivation rec {
url = "https://w1.fi/security/2021-1/0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch";
sha256 = "04cnds7hmbqc44jasabjvrdnh66i5hwvk2h2m5z94pmgbzncyh3z";
})
# In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c.
(fetchpatch {
name = "CVE-2021-30004.patch";
url = "https://w1.fi/cgit/hostap/patch/?id=a0541334a6394f8237a4393b7372693cd7e96f15";
sha256 = "1gbhlz41x1ar1hppnb76pqxj6vimiypy7c4kq6h658637s4am3xg";
})
];
# TODO: Patch epoll so that the dbus actually responds