Commit Graph

81 Commits

Author SHA1 Message Date
Martin Weinelt
9f9ab6fffc wpa_supplicant: add patch for CVE-2021-30004
In wpa_supplicant and hostapd 2.9, forging attacks may occur because
AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and
tls/x509v3.c.

Fixes: CVE-2021-30004
2021-04-13 18:45:44 +02:00
Tim Steinbach
67f3319fb7
wpa_supplicant: Enable bgscan 'learn' module 2021-04-04 12:41:14 -04:00
Martin Weinelt
6a0b4ab7be
wpa_supplicant: add CVE-ID for P2P provision discovery proccessing vuln. 2021-02-27 13:11:35 +01:00
Martin Weinelt
a77380a689
wpa_supplicant: update homepage
The old one still exists but is not getting updated anymore.
2021-02-25 21:26:56 +01:00
Martin Weinelt
0dd3c094ee
wpa_supplicant: fix for security advisory 2021-1
A vulnerability was discovered in how wpa_supplicant processes P2P
(Wi-Fi Direct) provision discovery requests. Under a corner case
condition, an invalid Provision Discovery Request frame could end up
reaching a state where the oldest peer entry needs to be removed. With
a suitably constructed invalid frame, this could result in use
(read+write) of freed memory. This can result in an attacker within
radio range of the device running P2P discovery being able to cause
unexpected behavior, including termination of the wpa_supplicant process
and potentially code execution.

https://w1.fi/security/2021-1/
2021-02-25 20:57:49 +01:00
Martin Weinelt
95164dc11b
wpa_supplicant: fix for security advisory 2020-2
A vulnerability was discovered in how wpa_supplicant processing P2P
(Wi-Fi Direct) group information from active group owners. The actual
parsing of that information validates field lengths appropriately, but
processing of the parsed information misses a length check when storing
a copy of the secondary device types. This can result in writing
attacker controlled data into the peer entry after the area assigned for
the secondary device type. The overflow can result in corrupting
pointers for heap allocations. This can result in an attacker within
radio range of the device running P2P discovery being able to cause
unexpected behavior, including termination of the wpa_supplicant process
and potentially arbitrary code execution.

https://w1.fi/security/2020-2/wpa_supplicant-p2p-group-info-processing-vulnerability.txt

Fixes: CVE-2021-0326
2021-02-04 00:31:38 +01:00
Martin Weinelt
28f8b5f5f3 wpa_supplicant: backport support for OWE
The wpa_supplicant upstream is slow to push out new releases and has
been asked several times to do so. Support for Opportunistic Wireless
Encryption has been on master since late 2019 and still hasn't made it
into a release yet.

This backports a rather simple patchset to enable OWE key management
and exposes it also via DBus, so it can be used from Network-Manager.
2021-02-01 00:20:07 +01:00
Jonathan Ringer
9bb3fccb5b treewide: pkgs.pkgconfig -> pkgs.pkg-config, move pkgconfig to alias.nix
continuation of #109595

pkgconfig was aliased in 2018, however, it remained in
all-packages.nix due to its wide usage. This cleans
up the remaining references to pkgs.pkgsconfig and
moves the entry to aliases.nix.

python3Packages.pkgconfig remained unchanged because
it's the canonical name of the upstream package
on pypi.
2021-01-19 01:16:25 -08:00
Ben Siraphob
16d91ee628 pkgs/os-specific: stdenv.lib -> lib 2021-01-17 23:26:08 +07:00
Profpatsch
4a7f99d55d treewide: with stdenv.lib; in meta -> with lib;
Part of: https://github.com/NixOS/nixpkgs/issues/108938

meta = with stdenv.lib;

is a widely used pattern. We want to slowly remove
the `stdenv.lib` indirection and encourage people
to use `lib` directly. Thus let’s start with the meta
field.

This used a rewriting script to mostly automatically
replace all occurances of this pattern, and add the
`lib` argument to the package header if it doesn’t
exist yet.

The script in its current form is available at
https://cs.tvl.fyi/depot@2f807d7f141068d2d60676a89213eaa5353ca6e0/-/blob/users/Profpatsch/nixpkgs-rewriter/default.nix
2021-01-11 10:38:22 +01:00
Michael Reilly
84cf00f980
treewide: Per RFC45, remove all unquoted URLs 2020-04-10 17:54:53 +01:00
c0bw3b
9367367dfd Treewide: fix URL permanent redirects
Permanent redirects on homepages and/or source URLs
as reported by Repology
2019-11-16 01:41:23 +01:00
Florian Klink
ac1aeb4fbb
wpa_supplicant: apply patch for CVE-2019-16275 (#70266)
wpa_supplicant: apply patch for CVE-2019-16275
2019-10-14 23:00:05 +02:00
Tor Hedin Brønner
67effde499
wpa_supplicant: install d-bus conf correctly to share/dbus/system.d
Fixes 40dda7383b which inadvertently installed to
a file as the directory didn't exist.

Also blocked up the postInstall script for readability.
2019-10-14 18:57:44 +02:00
Pierre Bourdon
559687498b
wpa_supplicant: apply patch for CVE-2019-16275 2019-10-02 21:24:23 +02:00
worldofpeace
40dda7383b wpa_supplicant: Move D-Bus conf file to share/dbus-1/system.d
Since D-Bus 1.9.18 configuration files installed by third-party should
go in share/dbus-1/system.d. The old location is for sysadmin overrides.
2019-09-16 13:59:46 -04:00
Vladimír Čunát
2e6bf42a22
Merge branch 'master' into staging-next
There ver very many conflicts, basically all due to
name -> pname+version.  Fortunately, almost everything was auto-resolved
by kdiff3, and for now I just fixed up a couple evaluation problems,
as verified by the tarball job.  There might be some fallback to these
conflicts, but I believe it should be minimal.

Hydra nixpkgs: ?compare=1538299
2019-08-24 08:55:37 +02:00
R. RyanTM
a5f2040b0d wpa_supplicant: 2.8 -> 2.9
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/wpa_supplicant/versions
2019-08-20 23:30:06 -07:00
volth
46420bbaa3 treewide: name -> pname (easy cases) (#66585)
treewide replacement of

stdenv.mkDerivation rec {
  name = "*-${version}";
  version = "*";

to pname
2019-08-15 13:41:18 +01:00
volth
f3282c8d1e treewide: remove unused variables (#63177)
* treewide: remove unused variables

* making ofborg happy
2019-06-16 19:59:05 +00:00
Will Dietz
10dde5a1cc wpa_supplicant: patch already applied :) 2019-04-22 15:39:47 -05:00
Will Dietz
1448b0583b wpa_supplicant: 2.7 -> 2.8 2019-04-22 15:34:26 -05:00
Pierre Bourdon
3f0a59314c wpa_supplicant: 2.6 -> 2.7 (#55926) 2019-02-24 00:47:11 +01:00
Jörg Thalheim
b5c1deca8a
treewide: remove wkennington as maintainer
He prefers to contribute to his own nixpkgs fork triton.
Since he is still marked as maintainer in many packages
this leaves the wrong impression he still maintains those.
2019-01-26 10:05:32 +00:00
Linus Heckemann
6845ebbff1 wpa_supplicant: improve manpage
Now points to the store path of the sample config rather than
/usr/share/doc.
2018-11-23 18:01:19 +01:00
Linus Heckemann
1a7f21f398 wpa_supplicant: copy sample config into output 2018-11-23 18:01:19 +01:00
Franz Pletz
a81b29ac0b
wpa_supplicant: add patch to fix CVE-2018-14526
Fixes #44724.
2018-08-08 22:20:06 +02:00
volth
52f53c69ce pkgs/*: remove unreferenced function arguments 2018-07-21 02:48:04 +00:00
Matthew Bauer
76999cc40e treewide: remove aliases in nixpkgs
This makes the command ‘nix-env -qa -f. --arg config '{skipAliases =
true;}'’ work in Nixpkgs.

Misc...

- qtikz: use libsForQt5.callPackage

  This ensures we get the right poppler.

- rewrites:

  docbook5_xsl -> docbook_xsl_ns
  docbook_xml_xslt -> docbook_xsl

diffpdf: fixup
2018-07-18 23:25:20 -04:00
Jan Tojnar
3784fd5e46
pcsclite: split package 2018-06-29 04:40:54 +02:00
Graham Christensen
ea50efcc67
wpa_supplicant: patch for KRACKAttack
CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake.
    CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake.
    CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way handshake.
    CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake.
    CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake.
    CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it.
    CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake.
    CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake.
    CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
    CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
2017-10-16 07:33:44 -04:00
Maximilian Güntner
daf07c9d62
hostapd/wpa_supplicant: update urls 2017-09-17 13:46:11 +02:00
Carl Sverre
6b62b566a1 wpa_supplicant: Enable BGSCAN module
Compile wpa_supplicant with the BGSCAN module enabled. This allows the
user to configure an SSID to use the bgscan module.  This module causes
wpa_supplicant to periodically perform a background scan for additional
access points and switch to the one with the highest signal.  This scan
can be kicked off when the current connection drops below a target
threshold signal strength.
2017-08-03 21:37:24 -07:00
Vladimír Čunát
96d41e393d
treewide: purge maintainers.urkud
It's sad, but he's been inactive for the last five years.
Keeping such people in meta.maintainers is counter-productive.
2017-03-27 19:52:29 +02:00
Tim Steinbach
b86310fccf wpa_supplicant: 2.5 -> 2.6 (#19913) 2016-10-27 13:57:56 +02:00
Tuomas Tynkkynen
603dcd6263 treewide: Make explicit that 'dev' output of libnl is used 2016-05-19 10:00:43 +02:00
Robin Gloster
501d49ebc4 wpa_supplicant: add patch to build with libressl 2.3 2015-12-23 22:08:33 +00:00
Domen Kožar
07405ee187 Merge pull request #9463 from khumba/nm-connection-sharing
Fix NetworkManager connection sharing
2015-11-06 11:16:50 +01:00
Lengyel Balázs
c67efeb616 wpa_supplicant: 2.4 -> 2.5 2015-09-28 13:29:01 +02:00
Bryan Gardiner
3d93890c7e
wpa_supplicant: enable AP mode for NetworkManager connection sharing 2015-09-07 14:04:34 -07:00
William A. Kennington III
282d03befa Merge branch 'master.upstream' into staging.upstream 2015-06-22 10:57:36 -07:00
Vladimír Čunát
783af9a960 wpa_supplicant: disable TLS-1.2 for now (fixes #8332) 2015-06-22 17:33:49 +02:00
Vladimír Čunát
61596bf405 Merge #8363: pure-darwin stdenv 2015-06-18 22:38:08 +02:00
Pascal Wittmann
7c4a0eaa53 wpa_supplicant: fix CVE-2015-4143
see http://www.openwall.com/lists/oss-security/2015/05/09/6
2015-06-16 17:28:35 +02:00
Eelco Dolstra
592d4af9cf wpa_supplicant: Fix build
There is no wpa_priv. Another case of #7524.

http://hydra.nixos.org/build/22211118
2015-05-15 11:11:15 +02:00
Michael Alan Dorman
d3e0850989 Add wpa_supplicant p2p patch.
wpa_supplicant 2.4 appears to have a serious bug that makes impossible
to use wifi for some number of people.

(See https://bbs.archlinux.org/viewtopic.php?id=196584 for an example)

It was resolved in a patch for the to-be-released 2.5 which it seemed
worth it to cherry-pick here.
2015-05-08 11:02:01 -04:00
William A. Kennington III
4ae59b199a wpa_supplicant: 2.3 -> 2.4 2015-04-24 15:02:25 -07:00
Joachim Schiele
e3e8aebdc1 wpa-supplicant: CVE-2015-1863 (close #7526)
http://w1.fi/security/2015-1/
2015-04-23 20:23:47 +02:00
Michael Raskin
299abee9ab Update wpa_supplicant 2014-10-12 12:34:16 +04:00
Vladimír Čunát
18de3952b8 wpa_supplicant: update 2.1 -> 2.2, drop a patch
Fixes #3238.
2014-07-16 10:30:38 +02:00