summaryrefslogtreecommitdiffstats
path: root/meta
diff options
context:
space:
mode:
Diffstat (limited to 'meta')
-rw-r--r--meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch47
-rw-r--r--meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-linux_wext-Fix-types-for-musl.patch38
-rw-r--r--meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/fix-libnl3-host-contamination.patch42
-rw-r--r--meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.3.bb2
-rw-r--r--meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.4.bb (renamed from meta/recipes-connectivity/wpa-supplicant/wpa-supplicant.inc)13
5 files changed, 53 insertions, 89 deletions
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch
new file mode 100644
index 0000000000..e108a931c0
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch
@@ -0,0 +1,47 @@
1From 9ed4eee345f85e3025c33c6e20aa25696e341ccd Mon Sep 17 00:00:00 2001
2From: Jouni Malinen <jouni@qca.qualcomm.com>
3Date: Tue, 7 Apr 2015 11:32:11 +0300
4Subject: [PATCH] P2P: Validate SSID element length before copying it
5 (CVE-2015-1863)
6
7This fixes a possible memcpy overflow for P2P dev->oper_ssid in
8p2p_add_device(). The length provided by the peer device (0..255 bytes)
9was used without proper bounds checking and that could have resulted in
10arbitrary data of up to 223 bytes being written beyond the end of the
11dev->oper_ssid[] array (of which about 150 bytes would be beyond the
12heap allocation) when processing a corrupted management frame for P2P
13peer discovery purposes.
14
15This could result in corrupted state in heap, unexpected program
16behavior due to corrupted P2P peer device information, denial of service
17due to process crash, exposure of memory contents during GO Negotiation,
18and potentially arbitrary code execution.
19
20Thanks to Google security team for reporting this issue and smart
21hardware research group of Alibaba security team for discovering it.
22
23Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
24
25Upstream-Status: Backport
26
27Signed-off-by: Yue Tao <yue.tao@windriver.com>
28
29---
30 src/p2p/p2p.c | 1 +
31 1 file changed, 1 insertion(+)
32
33diff --git a/src/p2p/p2p.c b/src/p2p/p2p.c
34index f584fae..a45fe73 100644
35--- a/src/p2p/p2p.c
36+++ b/src/p2p/p2p.c
37@@ -778,6 +778,7 @@ int p2p_add_device(struct p2p_data *p2p, const u8 *addr, int freq,
38 if (os_memcmp(addr, p2p_dev_addr, ETH_ALEN) != 0)
39 os_memcpy(dev->interface_addr, addr, ETH_ALEN);
40 if (msg.ssid &&
41+ msg.ssid[1] <= sizeof(dev->oper_ssid) &&
42 (msg.ssid[1] != P2P_WILDCARD_SSID_LEN ||
43 os_memcmp(msg.ssid + 2, P2P_WILDCARD_SSID, P2P_WILDCARD_SSID_LEN)
44 != 0)) {
45--
461.7.9.5
47
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-linux_wext-Fix-types-for-musl.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-linux_wext-Fix-types-for-musl.patch
deleted file mode 100644
index 49a988b676..0000000000
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-linux_wext-Fix-types-for-musl.patch
+++ /dev/null
@@ -1,38 +0,0 @@
1From 159db445dc4cb0af5f6ad85f3a146ad137db5057 Mon Sep 17 00:00:00 2001
2From: Khem Raj <raj.khem@gmail.com>
3Date: Fri, 3 Apr 2015 20:38:21 -0700
4Subject: [PATCH] linux_wext: Fix types for musl
5
6| ../src/drivers/linux_wext.h:24:9: error: unknown type name '__uint32_t'
7| typedef __uint32_t __u32;
8
9Signed-off-by: Khem Raj <raj.khem@gmail.com>
10Upstream-Status: Pending
11---
12 src/drivers/linux_wext.h | 10 +++++-----
13 1 file changed, 5 insertions(+), 5 deletions(-)
14
15diff --git a/src/drivers/linux_wext.h b/src/drivers/linux_wext.h
16index 55cf955..e66df91 100644
17--- a/src/drivers/linux_wext.h
18+++ b/src/drivers/linux_wext.h
19@@ -21,11 +21,11 @@
20
21 #include <sys/types.h>
22 #include <net/if.h>
23-typedef __uint32_t __u32;
24-typedef __int32_t __s32;
25-typedef __uint16_t __u16;
26-typedef __int16_t __s16;
27-typedef __uint8_t __u8;
28+typedef u_int32_t __u32;
29+typedef int32_t __s32;
30+typedef u_int16_t __u16;
31+typedef int16_t __s16;
32+typedef u_int8_t __u8;
33 #ifndef __user
34 #define __user
35 #endif /* __user */
36--
372.1.4
38
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/fix-libnl3-host-contamination.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/fix-libnl3-host-contamination.patch
deleted file mode 100644
index e899c1655d..0000000000
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/fix-libnl3-host-contamination.patch
+++ /dev/null
@@ -1,42 +0,0 @@
1Upstream-Status: Pending
2
3From 37d6b3dd5a737cd67468e4a58b372bddd924a7be Mon Sep 17 00:00:00 2001
4From: Andreas Oberritter <obi@opendreambox.org>
5Date: Fri, 8 Mar 2013 22:55:19 +0100
6Subject: [PATCH] Revert "build: Use updated libnl3 header paths"
7
8This reverts commit e7ecddf33a446072effbc85a27a078a8e582c89e.
9---
10 src/drivers/drivers.mak | 2 +-
11 src/drivers/drivers.mk | 2 +-
12 2 files changed, 2 insertions(+), 2 deletions(-)
13
14diff --git a/src/drivers/drivers.mak b/src/drivers/drivers.mak
15index 68ff910..1f38f57 100644
16--- a/src/drivers/drivers.mak
17+++ b/src/drivers/drivers.mak
18@@ -35,7 +35,7 @@ NEED_RFKILL=y
19 ifdef CONFIG_LIBNL32
20 DRV_LIBS += -lnl-3
21 DRV_LIBS += -lnl-genl-3
22- DRV_CFLAGS += -DCONFIG_LIBNL20 -I/usr/include/libnl3
23+ DRV_CFLAGS += -DCONFIG_LIBNL20
24 ifdef CONFIG_LIBNL3_ROUTE
25 DRV_LIBS += -lnl-route-3
26 DRV_CFLAGS += -DCONFIG_LIBNL3_ROUTE
27diff --git a/src/drivers/drivers.mk b/src/drivers/drivers.mk
28index db8561a..c93e88d 100644
29--- a/src/drivers/drivers.mk
30+++ b/src/drivers/drivers.mk
31@@ -30,7 +30,7 @@ NEED_RFKILL=y
32 ifdef CONFIG_LIBNL32
33 DRV_LIBS += -lnl-3
34 DRV_LIBS += -lnl-genl-3
35- DRV_CFLAGS += -DCONFIG_LIBNL20 -I/usr/include/libnl3
36+ DRV_CFLAGS += -DCONFIG_LIBNL20
37 ifdef CONFIG_LIBNL3_ROUTE
38 DRV_LIBS += -lnl-route-3
39 DRV_CFLAGS += -DCONFIG_LIBNL3_ROUTE
40--
411.7.10.4
42
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.3.bb b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.3.bb
deleted file mode 100644
index afd0654016..0000000000
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.3.bb
+++ /dev/null
@@ -1,2 +0,0 @@
1require wpa-supplicant.inc
2
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant.inc b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.4.bb
index dae0606876..b7c7033d63 100644
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant.inc
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.4.bb
@@ -3,9 +3,9 @@ HOMEPAGE = "http://hostap.epitest.fi/wpa_supplicant/"
3BUGTRACKER = "http://hostap.epitest.fi/bugz/" 3BUGTRACKER = "http://hostap.epitest.fi/bugz/"
4SECTION = "network" 4SECTION = "network"
5LICENSE = "BSD" 5LICENSE = "BSD"
6LIC_FILES_CHKSUM = "file://COPYING;md5=ab87f20cd7e8c0d0a6539b34d3791d0e \ 6LIC_FILES_CHKSUM = "file://COPYING;md5=36b27801447e0662ee0138d17fe93880 \
7 file://README;beginline=1;endline=56;md5=a07250b28e857455336bb59fc31cb845 \ 7 file://README;beginline=1;endline=56;md5=7f393579f8b109fe91f3b9765d26c7d3 \
8 file://wpa_supplicant/wpa_supplicant.c;beginline=1;endline=12;md5=e8e021e30f3a6ab7c341b66b86626a5a" 8 file://wpa_supplicant/wpa_supplicant.c;beginline=1;endline=12;md5=3430fda79f2ba1dd545f0b3c4d6e4d24 "
9DEPENDS = "dbus libnl libgcrypt" 9DEPENDS = "dbus libnl libgcrypt"
10RRECOMMENDS_${PN} = "wpa-supplicant-passphrase wpa-supplicant-cli" 10RRECOMMENDS_${PN} = "wpa-supplicant-passphrase wpa-supplicant-cli"
11 11
@@ -24,11 +24,10 @@ SRC_URI = "http://hostap.epitest.fi/releases/wpa_supplicant-${PV}.tar.gz \
24 file://wpa_supplicant.conf \ 24 file://wpa_supplicant.conf \
25 file://wpa_supplicant.conf-sane \ 25 file://wpa_supplicant.conf-sane \
26 file://99_wpa_supplicant \ 26 file://99_wpa_supplicant \
27 file://fix-libnl3-host-contamination.patch \ 27 file://0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch \
28 file://0001-linux_wext-Fix-types-for-musl.patch \
29 " 28 "
30SRC_URI[md5sum] = "f2ed8fef72cf63d8d446a2d0a6da630a" 29SRC_URI[md5sum] = "f0037dbe03897dcaf2ad2722e659095d"
31SRC_URI[sha256sum] = "eaaa5bf3055270e521b2dff64f2d203ec8040f71958b8588269a82c00c9d7b6a" 30SRC_URI[sha256sum] = "058dc832c096139a059e6df814080f50251a8d313c21b13364c54a1e70109122"
32 31
33S = "${WORKDIR}/wpa_supplicant-${PV}" 32S = "${WORKDIR}/wpa_supplicant-${PV}"
34 33