summary refs log tree commit diff
path: root/pkgs/os-specific/linux/hostapd/default.nix
diff options
context:
space:
mode:
authorAlyssa Ross <hi@alyssa.is>2020-08-25 16:53:05 +0000
committerAlyssa Ross <hi@alyssa.is>2020-08-25 16:53:05 +0000
commitb0849305d63df6cc0acfe199cec3a997ad3c5a75 (patch)
tree6ff64291dec94a85c6e523a3f78da127a7daa1dd /pkgs/os-specific/linux/hostapd/default.nix
parentc901f337b8fed63ba0bb53674950ce4c7bf94dcd (diff)
parent7e07d142e78656c5f16b18d81ee4eb9444c9b93d (diff)
downloadnixpkgs-b0849305d63df6cc0acfe199cec3a997ad3c5a75.tar
nixpkgs-b0849305d63df6cc0acfe199cec3a997ad3c5a75.tar.gz
nixpkgs-b0849305d63df6cc0acfe199cec3a997ad3c5a75.tar.bz2
nixpkgs-b0849305d63df6cc0acfe199cec3a997ad3c5a75.tar.lz
nixpkgs-b0849305d63df6cc0acfe199cec3a997ad3c5a75.tar.xz
nixpkgs-b0849305d63df6cc0acfe199cec3a997ad3c5a75.tar.zst
nixpkgs-b0849305d63df6cc0acfe199cec3a997ad3c5a75.zip
Merge remote-tracking branch 'nixpkgs/master' into master
Diffstat (limited to 'pkgs/os-specific/linux/hostapd/default.nix')
-rw-r--r--pkgs/os-specific/linux/hostapd/default.nix21


1 files changed, 20 insertions, 1 deletions
diff --git a/pkgs/os-specific/linux/hostapd/default.nix b/pkgs/os-specific/linux/hostapd/default.nix
index 8152655d457..991dcbe2615 100644
--- a/pkgs/os-specific/linux/hostapd/default.nix
+++ b/pkgs/os-specific/linux/hostapd/default.nix
@@ -19,11 +19,30 @@ stdenv.mkDerivation rec {
       url = "https://raw.githubusercontent.com/openwrt/openwrt/master/package/network/services/hostapd/patches/300-noscan.patch";
       sha256 = "04wg4yjc19wmwk6gia067z99gzzk9jacnwxh5wyia7k5wg71yj5k";
     })
+    # AP mode PMF disconnection protection bypass (CVE.2019-16275), can be removed >= 2.10
+    # https://w1.fi/security/2019-7/
     (fetchurl {
       name = "CVE-2019-16275.patch";
       url = "https://w1.fi/security/2019-7/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch";
       sha256 = "15xjyy7crb557wxpx898b5lnyblxghlij0xby5lmj9hpwwss34dz";
     })
+    # Fixes for UPnP SUBSCRIBE misbehavior in hostapd WPS AP (CVE-2020-12695), can be removed >= 2.10
+    # https://w1.fi/security/2020-1/
+    (fetchurl {
+      name = "CVE-2020-12695_0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch";
+      url = "https://w1.fi/security/2020-1/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch";
+      sha256 = "1mrbhicqb34jlw1nid5hk2vnjbvfhvp7r5iblaj4l6vgc6fmp6id";
+    })
+    (fetchurl {
+      name = "CVE-2020-12695_0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch";
+      url = "https://w1.fi/security/2020-1/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch";
+      sha256 = "1pk08b06b24is50bis3rr56xjd3b5kxdcdk8bx39n9vna9db7zj9";
+    })
+    (fetchurl {
+      name = "CVE-2020-12695_0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch";
+      url = "https://w1.fi/security/2020-1/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch";
+      sha256 = "12npqp2skgrj934wwkqicgqksma0fxz09di29n1b5fm5i4njl8d8";
+    })
   ];
 
   outputs = [ "out" "man" ];
@@ -80,7 +99,7 @@ stdenv.mkDerivation rec {
     repositories.git = "git://w1.fi/hostap.git";
     description = "A user space daemon for access point and authentication servers";
     license = licenses.gpl2;
-    maintainers = with maintainers; [ phreedom ninjatrappeur ];
+    maintainers = with maintainers; [ phreedom ninjatrappeur hexa ];
     platforms = platforms.linux;
   };
 }

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-25 17:50:04 +0000