diff options
| author | Mark H Weaver <mhw@netris.org> | 2015-10-08 08:42:13 -0400 |
|---|---|---|
| committer | Mark H Weaver <mhw@netris.org> | 2015-10-08 09:15:30 -0400 |
| commit | e91e28d60c66362b7114d7a3ed7809609f2c1b4b (patch) | |
| tree | 38800abdc57a795673d6b71385703f2ac8421b26 /gnu/packages/patches/wpa-supplicant-2015-3-fix.patch | |
| parent | 797e1401feda5c32c67c2069afdbdc29792dfa78 (diff) | |
| download | guix-e91e28d60c66362b7114d7a3ed7809609f2c1b4b.tar.gz | |
gnu: wpa-supplicant: Update to 2.5.
* gnu/packages/patches/wpa-supplicant-2015-2-fix.patch, gnu/packages/patches/wpa-supplicant-2015-3-fix.patch, gnu/packages/patches/wpa-supplicant-2015-4-fix-pt1.patch, gnu/packages/patches/wpa-supplicant-2015-4-fix-pt2.patch, gnu/packages/patches/wpa-supplicant-2015-4-fix-pt3.patch, gnu/packages/patches/wpa-supplicant-2015-4-fix-pt4.patch, gnu/packages/patches/wpa-supplicant-2015-4-fix-pt5.patch, gnu/packages/patches/wpa-supplicant-2015-5-fix.patch, gnu/packages/patches/wpa-supplicant-CVE-2015-1863.patch: Delete files. * gnu-system.am (dist_patch_DATA): Remove them. * gnu/packages/admin.scm (wpa-supplicant-minimal): Update to 2.5. Remove patches.
Diffstat (limited to 'gnu/packages/patches/wpa-supplicant-2015-3-fix.patch')
| -rw-r--r-- | gnu/packages/patches/wpa-supplicant-2015-3-fix.patch | 43 |
1 files changed, 0 insertions, 43 deletions
diff --git a/gnu/packages/patches/wpa-supplicant-2015-3-fix.patch b/gnu/packages/patches/wpa-supplicant-2015-3-fix.patch deleted file mode 100644 index de042f0c49..0000000000 --- a/gnu/packages/patches/wpa-supplicant-2015-3-fix.patch +++ /dev/null @@ -1,43 +0,0 @@ -Patch copied from http://w1.fi/security/2015-3/ - -From ef566a4d4f74022e1fdb0a2addfe81e6de9f4aae Mon Sep 17 00:00:00 2001 -From: Jouni Malinen <j@w1.fi> -Date: Wed, 29 Apr 2015 02:21:53 +0300 -Subject: [PATCH] AP WMM: Fix integer underflow in WMM Action frame parser - -The length of the WMM Action frame was not properly validated and the -length of the information elements (int left) could end up being -negative. This would result in reading significantly past the stack -buffer while parsing the IEs in ieee802_11_parse_elems() and while doing -so, resulting in segmentation fault. - -This can result in an invalid frame being used for a denial of service -attack (hostapd process killed) against an AP with a driver that uses -hostapd for management frame processing (e.g., all mac80211-based -drivers). - -Thanks to Kostya Kortchinsky of Google security team for discovering and -reporting this issue. - -Signed-off-by: Jouni Malinen <j@w1.fi> ---- - src/ap/wmm.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/src/ap/wmm.c b/src/ap/wmm.c -index 6d4177c..314e244 100644 ---- a/src/ap/wmm.c -+++ b/src/ap/wmm.c -@@ -274,6 +274,9 @@ void hostapd_wmm_action(struct hostapd_data *hapd, - return; - } - -+ if (left < 0) -+ return; /* not a valid WMM Action frame */ -+ - /* extract the tspec info element */ - if (ieee802_11_parse_elems(pos, left, &elems, 1) == ParseFailed) { - hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, --- -1.9.1 - |