From 90482284fa1265ebfcdf16d763d61dacc72bc834 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sun, 16 Jan 2022 22:59:12 +0100 Subject: [PATCH] hostapd: 2.9 -> 2.10 --- pkgs/os-specific/linux/hostapd/default.nix | 40 +++------------------- 1 file changed, 5 insertions(+), 35 deletions(-) diff --git a/pkgs/os-specific/linux/hostapd/default.nix b/pkgs/os-specific/linux/hostapd/default.nix index 268e178aad08..8124da489aee 100644 --- a/pkgs/os-specific/linux/hostapd/default.nix +++ b/pkgs/os-specific/linux/hostapd/default.nix @@ -1,12 +1,12 @@ -{ lib, stdenv, fetchurl, fetchpatch, pkg-config, libnl, openssl, sqlite ? null }: +{ lib, stdenv, fetchurl, pkg-config, libnl, openssl, sqlite ? null }: stdenv.mkDerivation rec { pname = "hostapd"; - version = "2.9"; + version = "2.10"; src = fetchurl { url = "https://w1.fi/releases/${pname}-${version}.tar.gz"; - sha256 = "1mrbvg4v7vm7mknf0n29mf88k3s4a4qj6r4d51wq8hmjj1m7s7c8"; + sha256 = "sha256-IG58eZtnhXLC49EgMCOHhLxKn4IyOwFWtMlGbxSYkV0="; }; nativeBuildInputs = [ pkg-config ]; @@ -16,38 +16,8 @@ stdenv.mkDerivation rec { (fetchurl { # Note: fetchurl seems to be unhappy with openwrt git # server's URLs containing semicolons. Using the github mirror instead. - url = "https://raw.githubusercontent.com/openwrt/openwrt/master/package/network/services/hostapd/patches/300-noscan.patch"; - sha256 = "04wg4yjc19wmwk6gia067z99gzzk9jacnwxh5wyia7k5wg71yj5k"; - }) - # AP mode PMF disconnection protection bypass (CVE.2019-16275), can be removed >= 2.10 - # https://w1.fi/security/2019-7/ - (fetchurl { - name = "CVE-2019-16275.patch"; - url = "https://w1.fi/security/2019-7/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch"; - sha256 = "15xjyy7crb557wxpx898b5lnyblxghlij0xby5lmj9hpwwss34dz"; - }) - # Fixes for UPnP SUBSCRIBE misbehavior in hostapd WPS AP (CVE-2020-12695), can be removed >= 2.10 - # https://w1.fi/security/2020-1/ - (fetchurl { - name = "CVE-2020-12695_0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch"; - url = "https://w1.fi/security/2020-1/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch"; - sha256 = "1mrbhicqb34jlw1nid5hk2vnjbvfhvp7r5iblaj4l6vgc6fmp6id"; - }) - (fetchurl { - name = "CVE-2020-12695_0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch"; - url = "https://w1.fi/security/2020-1/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch"; - sha256 = "1pk08b06b24is50bis3rr56xjd3b5kxdcdk8bx39n9vna9db7zj9"; - }) - (fetchurl { - name = "CVE-2020-12695_0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch"; - url = "https://w1.fi/security/2020-1/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch"; - sha256 = "12npqp2skgrj934wwkqicgqksma0fxz09di29n1b5fm5i4njl8d8"; - }) - # In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c. - (fetchpatch { - name = "CVE-2021-30004.patch"; - url = "https://w1.fi/cgit/hostap/patch/?id=a0541334a6394f8237a4393b7372693cd7e96f15"; - sha256 = "1gbhlz41x1ar1hppnb76pqxj6vimiypy7c4kq6h658637s4am3xg"; + url = "https://raw.githubusercontent.com/openwrt/openwrt/eefed841b05c3cd4c65a78b50ce0934d879e6acf/package/network/services/hostapd/patches/300-noscan.patch"; + sha256 = "08p5frxhpq1rp2nczkscapwwl8g9nc4fazhjpxic5bcbssc3sb00"; }) ];