diff options
author | Martin Weinelt <hexa@darmstadt.ccc.de> | 2021-04-13 19:32:22 +0200 |
---|---|---|
committer | Martin Weinelt <hexa@darmstadt.ccc.de> | 2021-04-13 19:32:22 +0200 |
commit | 4480a056c93c1197eb4ff8f93d763b041098c4e5 (patch) | |
tree | 558cc934ba033795e50a274475348f58c338266f /pkgs/os-specific | |
parent | 9f9ab6fffc3b87d7640d58f849fe1121e9f00fa0 (diff) |
hostapd: add patch for CVE-2021-30004
In wpa_supplicant and hostapd 2.9, forging attacks may occur because
AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and
tls/x509v3.c.
Fixes: CVE-2021-30004
Diffstat (limited to 'pkgs/os-specific')
-rw-r--r-- | pkgs/os-specific/linux/hostapd/default.nix | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/pkgs/os-specific/linux/hostapd/default.nix b/pkgs/os-specific/linux/hostapd/default.nix index 2b018c0267a6..5d4edc4f7e76 100644 --- a/pkgs/os-specific/linux/hostapd/default.nix +++ b/pkgs/os-specific/linux/hostapd/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchurl, pkg-config, libnl, openssl, sqlite ? null }: +{ lib, stdenv, fetchurl, fetchpatch, pkg-config, libnl, openssl, sqlite ? null }: stdenv.mkDerivation rec { pname = "hostapd"; @@ -43,6 +43,12 @@ stdenv.mkDerivation rec { url = "https://w1.fi/security/2020-1/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch"; sha256 = "12npqp2skgrj934wwkqicgqksma0fxz09di29n1b5fm5i4njl8d8"; }) + # In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c. + (fetchpatch { + name = "CVE-2021-30004.patch"; + url = "https://w1.fi/cgit/hostap/patch/?id=a0541334a6394f8237a4393b7372693cd7e96f15"; + sha256 = "1gbhlz41x1ar1hppnb76pqxj6vimiypy7c4kq6h658637s4am3xg"; + }) ]; outputs = [ "out" "man" ]; |