Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: b7f55b30f5f7
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 1901446a9694
Choose a head ref
  • 3 commits
  • 1 file changed
  • 2 contributors

Commits on Jun 9, 2020

  1. hostapd: apply patches for CVE-2020-12695 

    https://w1.fi/security/2020-1/upnp-subscribe-misbehavior-wps-ap.txt

Fixes: CVE-2020-12695
    @mweinelt
    mweinelt committed Jun 9, 2020
    Copy the full SHA
    1c14b52 View commit details

Commits on Jun 10, 2020

  1. hostapd: add hexa as maintainer

    @mweinelt
    mweinelt committed Jun 10, 2020
    Copy the full SHA
    c898b5c View commit details

Commits on Jun 12, 2020

  1. Merge pull request #89919 from mweinelt/hostapd 

    hostapd: apply patches for CVE-2020-12695
    @flokli
    flokli authored Jun 12, 2020

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    1901446 View commit details
Showing with 20 additions and 1 deletion.
  1. +20 −1 pkgs/os-specific/linux/hostapd/default.nix
21 changes: 20 additions & 1 deletion pkgs/os-specific/linux/hostapd/default.nix
View file
Original file line number Diff line number Diff line change
@@ -19,11 +19,30 @@ stdenv.mkDerivation rec {
url = "https://raw.githubusercontent.com/openwrt/openwrt/master/package/network/services/hostapd/patches/300-noscan.patch";
sha256 = "04wg4yjc19wmwk6gia067z99gzzk9jacnwxh5wyia7k5wg71yj5k";
})
# AP mode PMF disconnection protection bypass (CVE.2019-16275), can be removed >= 2.10
# https://w1.fi/security/2019-7/
(fetchurl {
name = "CVE-2019-16275.patch";
url = "https://w1.fi/security/2019-7/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch";
sha256 = "15xjyy7crb557wxpx898b5lnyblxghlij0xby5lmj9hpwwss34dz";
})
# Fixes for UPnP SUBSCRIBE misbehavior in hostapd WPS AP (CVE-2020-12695), can be removed >= 2.10
# https://w1.fi/security/2020-1/
(fetchurl {
name = "CVE-2020-12695_0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch";
url = "https://w1.fi/security/2020-1/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch";
sha256 = "1mrbhicqb34jlw1nid5hk2vnjbvfhvp7r5iblaj4l6vgc6fmp6id";
})
(fetchurl {
name = "CVE-2020-12695_0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch";
url = "https://w1.fi/security/2020-1/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch";
sha256 = "1pk08b06b24is50bis3rr56xjd3b5kxdcdk8bx39n9vna9db7zj9";
})
(fetchurl {
name = "CVE-2020-12695_0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch";
url = "https://w1.fi/security/2020-1/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch";
sha256 = "12npqp2skgrj934wwkqicgqksma0fxz09di29n1b5fm5i4njl8d8";
})
];

outputs = [ "out" "man" ];
@@ -80,7 +99,7 @@ stdenv.mkDerivation rec {
repositories.git = "git://w1.fi/hostap.git";
description = "A user space daemon for access point and authentication servers";
license = licenses.gpl2;
maintainers = with maintainers; [ phreedom ninjatrappeur ];
maintainers = with maintainers; [ phreedom ninjatrappeur hexa ];
platforms = platforms.linux;
};
}