diff options
author | Martin Weinelt <hexa@darmstadt.ccc.de> | 2021-04-13 18:44:35 +0200 |
---|---|---|
committer | Martin Weinelt <hexa@darmstadt.ccc.de> | 2021-04-13 18:45:44 +0200 |
commit | 9f9ab6fffc3b87d7640d58f849fe1121e9f00fa0 (patch) | |
tree | 96a131351e3c85000a334f356941d5acc2f0f4f7 /pkgs/os-specific/linux/wpa_supplicant | |
parent | 4e26958ecafde96043def45a618b1883f63ccea4 (diff) | |
download | nixpkgs-9f9ab6fffc3b87d7640d58f849fe1121e9f00fa0.tar nixpkgs-9f9ab6fffc3b87d7640d58f849fe1121e9f00fa0.tar.gz nixpkgs-9f9ab6fffc3b87d7640d58f849fe1121e9f00fa0.tar.bz2 nixpkgs-9f9ab6fffc3b87d7640d58f849fe1121e9f00fa0.tar.lz nixpkgs-9f9ab6fffc3b87d7640d58f849fe1121e9f00fa0.tar.xz nixpkgs-9f9ab6fffc3b87d7640d58f849fe1121e9f00fa0.tar.zst nixpkgs-9f9ab6fffc3b87d7640d58f849fe1121e9f00fa0.zip |
wpa_supplicant: add patch for CVE-2021-30004
In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c. Fixes: CVE-2021-30004
Diffstat (limited to 'pkgs/os-specific/linux/wpa_supplicant')
-rw-r--r-- | pkgs/os-specific/linux/wpa_supplicant/default.nix | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/pkgs/os-specific/linux/wpa_supplicant/default.nix b/pkgs/os-specific/linux/wpa_supplicant/default.nix index f9198cc8ff4..80eaf04a114 100644 --- a/pkgs/os-specific/linux/wpa_supplicant/default.nix +++ b/pkgs/os-specific/linux/wpa_supplicant/default.nix @@ -37,6 +37,12 @@ stdenv.mkDerivation rec { url = "https://w1.fi/security/2021-1/0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch"; sha256 = "04cnds7hmbqc44jasabjvrdnh66i5hwvk2h2m5z94pmgbzncyh3z"; }) + # In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c. + (fetchpatch { + name = "CVE-2021-30004.patch"; + url = "https://w1.fi/cgit/hostap/patch/?id=a0541334a6394f8237a4393b7372693cd7e96f15"; + sha256 = "1gbhlz41x1ar1hppnb76pqxj6vimiypy7c4kq6h658637s4am3xg"; + }) ]; # TODO: Patch epoll so that the dbus actually responds |