Accepting request 345591 from Base:System
- update to upstream release 2.5 - removed 0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch (CVE-2015-1863) because it's fixed in upstream release 2.5 - rebased hostapd-2.4-defconfig.patch -> hostapd-2.5-defconfig.patch ChangeLog for hostapd since 2.4: 2015-09-27 - v2.5 * fixed WPS UPnP vulnerability with HTTP chunked transfer encoding [http://w1.fi/security/2015-2/] (CVE-2015-4141 bsc#930077) * fixed WMM Action frame parser [http://w1.fi/security/2015-3/] (CVE-2015-4142 bsc#930078) * fixed EAP-pwd server missing payload length validation [http://w1.fi/security/2015-4/] (CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, bsc#930079) * fixed validation of WPS and P2P NFC NDEF record payload length [http://w1.fi/security/2015-5/] * nl80211: - fixed vendor command handling to check OUI properly * fixed hlr_auc_gw build with OpenSSL * hlr_auc_gw: allow Milenage RES length to be reduced * disable HT for a station that does not support WMM/QoS * added support for hashed password (NtHash) in EAP-pwd server * fixed and extended dynamic VLAN cases * added EAP-EKE server support for deriving Session-Id * set Acct-Session-Id to a random value to make it more likely to be unique even if the device does not have a proper clock * added more 2.4 GHz channels for 20/40 MHz HT co-ex scan * modified SAE routines to be more robust and PWE generation to be stronger against timing attacks * added support for Brainpool Elliptic Curves with SAE * increases maximum value accepted for cwmin/cwmax OBS-URL: https://build.opensuse.org/request/show/345591 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/hostapd?expand=0&rev=30
This commit is contained in:
Stephan Kulow
Git OBS Bridge
commit
8728db7179
@ -1,42 +0,0 @@
|
||||
From 9ed4eee345f85e3025c33c6e20aa25696e341ccd Mon Sep 17 00:00:00 2001
|
||||
From: Jouni Malinen <jouni@qca.qualcomm.com>
|
||||
Date: Tue, 7 Apr 2015 11:32:11 +0300
|
||||
Subject: [PATCH] P2P: Validate SSID element length before copying it
|
||||
(CVE-2015-1863)
|
||||
|
||||
This fixes a possible memcpy overflow for P2P dev->oper_ssid in
|
||||
p2p_add_device(). The length provided by the peer device (0..255 bytes)
|
||||
was used without proper bounds checking and that could have resulted in
|
||||
arbitrary data of up to 223 bytes being written beyond the end of the
|
||||
dev->oper_ssid[] array (of which about 150 bytes would be beyond the
|
||||
heap allocation) when processing a corrupted management frame for P2P
|
||||
peer discovery purposes.
|
||||
|
||||
This could result in corrupted state in heap, unexpected program
|
||||
behavior due to corrupted P2P peer device information, denial of service
|
||||
due to process crash, exposure of memory contents during GO Negotiation,
|
||||
and potentially arbitrary code execution.
|
||||
|
||||
Thanks to Google security team for reporting this issue and smart
|
||||
hardware research group of Alibaba security team for discovering it.
|
||||
|
||||
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
|
||||
---
|
||||
src/p2p/p2p.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/src/p2p/p2p.c b/src/p2p/p2p.c
|
||||
index f584fae..a45fe73 100644
|
||||
--- a/src/p2p/p2p.c
|
||||
+++ b/src/p2p/p2p.c
|
||||
@@ -778,6 +778,7 @@ int p2p_add_device(struct p2p_data *p2p, const u8 *addr, int freq,
|
||||
if (os_memcmp(addr, p2p_dev_addr, ETH_ALEN) != 0)
|
||||
os_memcpy(dev->interface_addr, addr, ETH_ALEN);
|
||||
if (msg.ssid &&
|
||||
+ msg.ssid[1] <= sizeof(dev->oper_ssid) &&
|
||||
(msg.ssid[1] != P2P_WILDCARD_SSID_LEN ||
|
||||
os_memcmp(msg.ssid + 2, P2P_WILDCARD_SSID, P2P_WILDCARD_SSID_LEN)
|
||||
!= 0)) {
|
||||
--
|
||||
1.9.1
|
||||
|
||||
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:6fe0eb6bd1c9cbd24952ece8586b6f7bd14ab358edfda99794e79b9b9dbd657f
|
||||
size 1658872
|
||||
@ -1,5 +1,5 @@
|
||||
--- hostapd/defconfig.orig 2015-04-23 22:09:41.502518110 +0200
|
||||
+++ hostapd/defconfig 2015-04-23 22:15:09.225421010 +0200
|
||||
--- ./hostapd/defconfig.orig 2015-10-18 15:11:32.152380752 +0200
|
||||
+++ ./hostapd/defconfig 2015-10-18 15:18:07.240441471 +0200
|
||||
@@ -28,7 +28,7 @@
|
||||
#CONFIG_LIBNL20=y
|
||||
|
||||
@ -18,7 +18,7 @@
|
||||
|
||||
# IEEE 802.11F/IAPP
|
||||
CONFIG_IAPP=y
|
||||
@@ -78,50 +78,50 @@
|
||||
@@ -78,53 +78,53 @@
|
||||
CONFIG_EAP_TTLS=y
|
||||
|
||||
# EAP-SIM for the integrated EAP server
|
||||
@ -83,7 +83,11 @@
|
||||
+CONFIG_EAP_TNC=y
|
||||
|
||||
# EAP-EKE for the integrated EAP server
|
||||
#CONFIG_EAP_EKE=y
|
||||
-#CONFIG_EAP_EKE=y
|
||||
+CONFIG_EAP_EKE=y
|
||||
|
||||
# PKCS#12 (PFX) support (used to read private key and certificate file from
|
||||
# a file that usually has extension .p12 or .pfx)
|
||||
@@ -132,27 +132,27 @@
|
||||
|
||||
# RADIUS authentication server. This provides access to the integrated EAP
|
||||
@ -127,7 +131,13 @@
|
||||
|
||||
# Use netlink-based kernel API for VLAN operations instead of ioctl()
|
||||
# Note: This requires libnl 3.1 or newer.
|
||||
@@ -250,11 +250,11 @@
|
||||
@@ -251,16 +251,16 @@
|
||||
# gnutls = GnuTLS
|
||||
# internal = Internal TLSv1 implementation (experimental)
|
||||
# none = Empty template
|
||||
-#CONFIG_TLS=openssl
|
||||
+CONFIG_TLS=openssl
|
||||
|
||||
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
|
||||
# can be enabled to get a stronger construction of messages when block ciphers
|
||||
# are used.
|
||||
@ -141,7 +151,7 @@
|
||||
|
||||
# If CONFIG_TLS=internal is used, additional library and include paths are
|
||||
# needed for LibTomMath. Alternatively, an integrated, minimal version of
|
||||
@@ -275,13 +275,13 @@
|
||||
@@ -281,13 +281,13 @@
|
||||
# Interworking (IEEE 802.11u)
|
||||
# This can be used to enable functionality to improve interworking with
|
||||
# external networks.
|
||||
@ -156,5 +166,5 @@
|
||||
-#CONFIG_SQLITE=y
|
||||
+CONFIG_SQLITE=y
|
||||
|
||||
# Testing options
|
||||
# This can be used to enable some testing options (see also the example
|
||||
# Enable Fast Session Transfer (FST)
|
||||
#CONFIG_FST=y
|
||||
3
hostapd-2.5.tar.gz
Normal file
3
hostapd-2.5.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:8e272d954dc0d7026c264b79b15389ec2b2c555b32970de39f506b9f463ec74a
|
||||
size 1720783
|
||||
@ -1,3 +1,49 @@
|
||||
-------------------------------------------------------------------
|
||||
Sun Oct 18 12:59:02 UTC 2015 - michael@stroeder.com
|
||||
|
||||
- update to upstream release 2.5
|
||||
- removed 0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch
|
||||
(CVE-2015-1863) because it's fixed in upstream release 2.5
|
||||
- rebased hostapd-2.4-defconfig.patch -> hostapd-2.5-defconfig.patch
|
||||
|
||||
ChangeLog for hostapd since 2.4:
|
||||
|
||||
2015-09-27 - v2.5
|
||||
* fixed WPS UPnP vulnerability with HTTP chunked transfer encoding
|
||||
[http://w1.fi/security/2015-2/] (CVE-2015-4141 bsc#930077)
|
||||
* fixed WMM Action frame parser
|
||||
[http://w1.fi/security/2015-3/] (CVE-2015-4142 bsc#930078)
|
||||
* fixed EAP-pwd server missing payload length validation
|
||||
[http://w1.fi/security/2015-4/]
|
||||
(CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, bsc#930079)
|
||||
* fixed validation of WPS and P2P NFC NDEF record payload length
|
||||
[http://w1.fi/security/2015-5/]
|
||||
* nl80211:
|
||||
- fixed vendor command handling to check OUI properly
|
||||
* fixed hlr_auc_gw build with OpenSSL
|
||||
* hlr_auc_gw: allow Milenage RES length to be reduced
|
||||
* disable HT for a station that does not support WMM/QoS
|
||||
* added support for hashed password (NtHash) in EAP-pwd server
|
||||
* fixed and extended dynamic VLAN cases
|
||||
* added EAP-EKE server support for deriving Session-Id
|
||||
* set Acct-Session-Id to a random value to make it more likely to be
|
||||
unique even if the device does not have a proper clock
|
||||
* added more 2.4 GHz channels for 20/40 MHz HT co-ex scan
|
||||
* modified SAE routines to be more robust and PWE generation to be
|
||||
stronger against timing attacks
|
||||
* added support for Brainpool Elliptic Curves with SAE
|
||||
* increases maximum value accepted for cwmin/cwmax
|
||||
* added support for CCMP-256 and GCMP-256 as group ciphers with FT
|
||||
* added Fast Session Transfer (FST) module
|
||||
* removed optional fields from RSNE when using FT with PMF
|
||||
(workaround for interoperability issues with iOS 8.4)
|
||||
* added EAP server support for TLS session resumption
|
||||
* fixed key derivation for Suite B 192-bit AKM (this breaks
|
||||
compatibility with the earlier version)
|
||||
* added mechanism to track unconnected stations and do minimal band
|
||||
steering
|
||||
* number of small fixes
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Apr 23 19:45:41 UTC 2015 - michael@stroeder.com
|
||||
|
||||
|
||||
@ -26,15 +26,13 @@ BuildRequires: pkgconfig(systemd)
|
||||
Summary: Turns Your WLAN Card into a WPA capable Access Point
|
||||
License: GPL-2.0 or BSD-3-Clause
|
||||
Group: Hardware/Wifi
|
||||
Version: 2.4
|
||||
Version: 2.5
|
||||
Release: 0
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
Url: http://w1.fi/
|
||||
Source: http://w1.fi/releases/hostapd-%{version}.tar.gz
|
||||
Source1: hostapd.service
|
||||
Patch0: hostapd-2.4-defconfig.patch
|
||||
# CVE-2015-1863
|
||||
Patch1: 0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch
|
||||
Patch0: hostapd-2.5-defconfig.patch
|
||||
%{?systemd_requires}
|
||||
|
||||
%description
|
||||
@ -49,7 +47,6 @@ authentication via any ethernet driver.
|
||||
%prep
|
||||
%setup -q -n hostapd-%{version}
|
||||
%patch0 -p0
|
||||
%patch1 -p1
|
||||
|
||||
cd hostapd
|
||||
cp defconfig .config
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user