Narcissus/shredos.x86_64
2
0
Fork 1
mirror of https://github.com/PartialVolume/shredos.x86_64.git synced 2026-02-20 09:35:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Upgrade buildroot to 2023.05 (from 2021.08.2), kernel is upgraded to 6.3 (from 5.13.19).

Browse Source
This commit is contained in:
PartialVolume
2023-07-05 19:35:21 +01:00
parent 654cfca2bf
commit 2ad6760d0f
8544 changed files with 208276 additions and 109881 deletions
Download Patch File Download Diff File Expand all files Collapse all files

77
package/hostapd/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch
View File

@@ -1,77 +0,0 @@
From 8c07fa9eda13e835f3f968b2e1c9a8be3a851ff9 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Thu, 29 Aug 2019 11:52:04 +0300
Subject: [PATCH] AP: Silently ignore management frame from unexpected source
address
Do not process any received Management frames with unexpected/invalid SA
so that we do not add any state for unexpected STA addresses or end up
sending out frames to unexpected destination. This prevents unexpected
sequences where an unprotected frame might end up causing the AP to send
out a response to another device and that other device processing the
unexpected response.
In particular, this prevents some potential denial of service cases
where the unexpected response frame from the AP might result in a
connected station dropping its association.
Signed-off-by: Jouni Malinen <j@w1.fi>
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Retrieved from:
https://w1.fi/security/2019-7/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch]
---
src/ap/drv_callbacks.c | 13 +++++++++++++
src/ap/ieee802_11.c | 12 ++++++++++++
2 files changed, 25 insertions(+)
diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c
index 31587685fe3b..34ca379edc3d 100644
--- a/src/ap/drv_callbacks.c
+++ b/src/ap/drv_callbacks.c
@@ -131,6 +131,19 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr,
"hostapd_notif_assoc: Skip event with no address");
return -1;
}
+
+ if (is_multicast_ether_addr(addr) ||
+ is_zero_ether_addr(addr) ||
+ os_memcmp(addr, hapd->own_addr, ETH_ALEN) == 0) {
+ /* Do not process any frames with unexpected/invalid SA so that
+ * we do not add any state for unexpected STA addresses or end
+ * up sending out frames to unexpected destination. */
+ wpa_printf(MSG_DEBUG, "%s: Invalid SA=" MACSTR
+ " in received indication - ignore this indication silently",
+ __func__, MAC2STR(addr));
+ return 0;
+ }
+
random_add_randomness(addr, ETH_ALEN);
hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,
diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index c85a28db44b7..e7065372e158 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -4626,6 +4626,18 @@ int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len,
fc = le_to_host16(mgmt->frame_control);
stype = WLAN_FC_GET_STYPE(fc);
+ if (is_multicast_ether_addr(mgmt->sa) ||
+ is_zero_ether_addr(mgmt->sa) ||
+ os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) {
+ /* Do not process any frames with unexpected/invalid SA so that
+ * we do not add any state for unexpected STA addresses or end
+ * up sending out frames to unexpected destination. */
+ wpa_printf(MSG_DEBUG, "MGMT: Invalid SA=" MACSTR
+ " in received frame - ignore this frame silently",
+ MAC2STR(mgmt->sa));
+ return 0;
+ }
+
if (stype == WLAN_FC_STYPE_BEACON) {
handle_beacon(hapd, mgmt, len, fi);
return 1;
--
2.20.1

102
package/hostapd/0001-use-a-less-generic-name-for-IEEE802.11-CRC-32-routin.patch Normal file
View File

@@ -0,0 +1,102 @@
From 9896d8c116f054cebc49928404018a75c9b892cb Mon Sep 17 00:00:00 2001
From: Sergey Matyukevich <geomatsi@gmail.com>
Date: Fri, 16 Sep 2022 23:18:50 +0300
Subject: [PATCH] hostapd: use a less generic name for IEEE802.11 CRC-32 routine
Hostapd uses 'crc32' name for IEEE802.11 CRC-32 routine. This name is
too generic. Buildroot autobuilder detected build configuration that
failed to build due to the naming conflict: static linking with openssl
using zlib-ng as a zlib provider, e.g. see:
- http://autobuild.buildroot.net/results/9901df820d3afa4cde78e8ad6d62cb8ce7e69fdb/
- http://autobuild.buildroot.net/results/ac19975f0bf77f4a8ca574c374092ba81cd5a332/
Use a less generic name ieee80211_crc32 for IEEE802.11 CRC-32 routine
to avoid such naming conflicts.
Upstream: https://w1.fi/cgit/hostap/commit/?id=0c7b3814ca6070a8e930dea09fde08b4058a4ca6
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
---
hostapd/config_file.c | 4 ++--
src/ap/hostapd.c | 3 ++-
src/ap/neighbor_db.c | 2 +-
src/utils/crc32.c | 2 +-
src/utils/crc32.h | 2 +-
5 files changed, 7 insertions(+), 6 deletions(-)
diff --git a/hostapd/config_file.c b/hostapd/config_file.c
index b14728d1b..b38a84647 100644
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@@ -2407,7 +2407,7 @@ static int hostapd_config_fill(struct hostapd_config *conf,
}
os_memcpy(ssid->ssid, pos, ssid->ssid_len);
ssid->ssid_set = 1;
- ssid->short_ssid = crc32(ssid->ssid, ssid->ssid_len);
+ ssid->short_ssid = ieee80211_crc32(ssid->ssid, ssid->ssid_len);
} else if (os_strcmp(buf, "ssid2") == 0) {
struct hostapd_ssid *ssid = &bss->ssid;
size_t slen;
@@ -2421,7 +2421,7 @@ static int hostapd_config_fill(struct hostapd_config *conf,
os_memcpy(ssid->ssid, str, slen);
ssid->ssid_len = slen;
ssid->ssid_set = 1;
- ssid->short_ssid = crc32(ssid->ssid, ssid->ssid_len);
+ ssid->short_ssid = ieee80211_crc32(ssid->ssid, ssid->ssid_len);
os_free(str);
} else if (os_strcmp(buf, "utf8_ssid") == 0) {
bss->ssid.utf8_ssid = atoi(pos) > 0;
diff --git a/src/ap/hostapd.c b/src/ap/hostapd.c
index 4b88641a2..56c8fb90e 100644
--- a/src/ap/hostapd.c
+++ b/src/ap/hostapd.c
@@ -1230,7 +1230,8 @@ static int hostapd_setup_bss(struct hostapd_data *hapd, int first)
* Short SSID calculation is identical to FCS and it is defined in
* IEEE P802.11-REVmd/D3.0, 9.4.2.170.3 (Calculating the Short-SSID).
*/
- conf->ssid.short_ssid = crc32(conf->ssid.ssid, conf->ssid.ssid_len);
+ conf->ssid.short_ssid = ieee80211_crc32(conf->ssid.ssid,
+ conf->ssid.ssid_len);
if (!hostapd_drv_none(hapd)) {
wpa_printf(MSG_DEBUG, "Using interface %s with hwaddr " MACSTR
diff --git a/src/ap/neighbor_db.c b/src/ap/neighbor_db.c
index 229edd2a9..ef17634c3 100644
--- a/src/ap/neighbor_db.c
+++ b/src/ap/neighbor_db.c
@@ -136,7 +136,7 @@ int hostapd_neighbor_set(struct hostapd_data *hapd, const u8 *bssid,
os_memcpy(entry->bssid, bssid, ETH_ALEN);
os_memcpy(&entry->ssid, ssid, sizeof(entry->ssid));
- entry->short_ssid = crc32(ssid->ssid, ssid->ssid_len);
+ entry->short_ssid = ieee80211_crc32(ssid->ssid, ssid->ssid_len);
entry->nr = wpabuf_dup(nr);
if (!entry->nr)
diff --git a/src/utils/crc32.c b/src/utils/crc32.c
index 12d9e2a70..371254994 100644
--- a/src/utils/crc32.c
+++ b/src/utils/crc32.c
@@ -72,7 +72,7 @@ static const u32 crc32_table[256] = {
};
-u32 crc32(const u8 *frame, size_t frame_len)
+u32 ieee80211_crc32(const u8 *frame, size_t frame_len)
{
size_t i;
u32 crc;
diff --git a/src/utils/crc32.h b/src/utils/crc32.h
index dc31399be..71a19dc5f 100644
--- a/src/utils/crc32.h
+++ b/src/utils/crc32.h
@@ -9,6 +9,6 @@
#ifndef CRC32_H
#define CRC32_H
-u32 crc32(const u8 *frame, size_t frame_len);
+u32 ieee80211_crc32(const u8 *frame, size_t frame_len);
#endif /* CRC32_H */
--
2.37.1

116
package/hostapd/0002-ASN.1-Validate-DigestAlgorithmIdentifier-parameters.patch
View File

@@ -1,116 +0,0 @@
From a0541334a6394f8237a4393b7372693cd7e96f15 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sat, 13 Mar 2021 18:19:31 +0200
Subject: [PATCH] ASN.1: Validate DigestAlgorithmIdentifier parameters
The supported hash algorithms do not use AlgorithmIdentifier parameters.
However, there are implementations that include NULL parameters in
addition to ones that omit the parameters. Previous implementation did
not check the parameters value at all which supported both these cases,
but did not reject any other unexpected information.
Use strict validation of digest algorithm parameters and reject any
unexpected value when validating a signature. This is needed to prevent
potential forging attacks.
Signed-off-by: Jouni Malinen <j@w1.fi>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
src/tls/pkcs1.c | 21 +++++++++++++++++++++
src/tls/x509v3.c | 20 ++++++++++++++++++++
2 files changed, 41 insertions(+)
diff --git a/src/tls/pkcs1.c b/src/tls/pkcs1.c
index bbdb0d72d..5761dfed0 100644
--- a/src/tls/pkcs1.c
+++ b/src/tls/pkcs1.c
@@ -244,6 +244,8 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk,
os_free(decrypted);
return -1;
}
+ wpa_hexdump(MSG_MSGDUMP, "PKCS #1: DigestInfo",
+ hdr.payload, hdr.length);
pos = hdr.payload;
end = pos + hdr.length;
@@ -265,6 +267,8 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk,
os_free(decrypted);
return -1;
}
+ wpa_hexdump(MSG_MSGDUMP, "PKCS #1: DigestAlgorithmIdentifier",
+ hdr.payload, hdr.length);
da_end = hdr.payload + hdr.length;
if (asn1_get_oid(hdr.payload, hdr.length, &oid, &next)) {
@@ -273,6 +277,23 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk,
os_free(decrypted);
return -1;
}
+ wpa_hexdump(MSG_MSGDUMP, "PKCS #1: Digest algorithm parameters",
+ next, da_end - next);
+
+ /*
+ * RFC 5754: The correct encoding for the SHA2 algorithms would be to
+ * omit the parameters, but there are implementation that encode these
+ * as a NULL element. Allow these two cases and reject anything else.
+ */
+ if (da_end > next &&
+ (asn1_get_next(next, da_end - next, &hdr) < 0 ||
+ !asn1_is_null(&hdr) ||
+ hdr.payload + hdr.length != da_end)) {
+ wpa_printf(MSG_DEBUG,
+ "PKCS #1: Unexpected digest algorithm parameters");
+ os_free(decrypted);
+ return -1;
+ }
if (!asn1_oid_equal(&oid, hash_alg)) {
char txt[100], txt2[100];
diff --git a/src/tls/x509v3.c b/src/tls/x509v3.c
index a8944dd2f..df337ec4d 100644
--- a/src/tls/x509v3.c
+++ b/src/tls/x509v3.c
@@ -1964,6 +1964,7 @@ int x509_check_signature(struct x509_certificate *issuer,
os_free(data);
return -1;
}
+ wpa_hexdump(MSG_MSGDUMP, "X509: DigestInfo", hdr.payload, hdr.length);
pos = hdr.payload;
end = pos + hdr.length;
@@ -1985,6 +1986,8 @@ int x509_check_signature(struct x509_certificate *issuer,
os_free(data);
return -1;
}
+ wpa_hexdump(MSG_MSGDUMP, "X509: DigestAlgorithmIdentifier",
+ hdr.payload, hdr.length);
da_end = hdr.payload + hdr.length;
if (asn1_get_oid(hdr.payload, hdr.length, &oid, &next)) {
@@ -1992,6 +1995,23 @@ int x509_check_signature(struct x509_certificate *issuer,
os_free(data);
return -1;
}
+ wpa_hexdump(MSG_MSGDUMP, "X509: Digest algorithm parameters",
+ next, da_end - next);
+
+ /*
+ * RFC 5754: The correct encoding for the SHA2 algorithms would be to
+ * omit the parameters, but there are implementation that encode these
+ * as a NULL element. Allow these two cases and reject anything else.
+ */
+ if (da_end > next &&
+ (asn1_get_next(next, da_end - next, &hdr) < 0 ||
+ !asn1_is_null(&hdr) ||
+ hdr.payload + hdr.length != da_end)) {
+ wpa_printf(MSG_DEBUG,
+ "X509: Unexpected digest algorithm parameters");
+ os_free(data);
+ return -1;
+ }
if (x509_sha1_oid(&oid)) {
if (signature->oid.oid[6] != 5 /* sha-1WithRSAEncryption */) {
--
2.20.1

32
package/hostapd/0003-Include-stdbool.h-to-allow-C99-bool-to-be-used.patch
View File

@@ -1,32 +0,0 @@
From 99cf89555313056d3a8fa54b21d02dc880b363e1 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <jouni@codeaurora.org>
Date: Mon, 20 Apr 2020 20:29:31 +0300
Subject: [PATCH] Include stdbool.h to allow C99 bool to be used
We have practically started requiring some C99 features, so might as
well finally go ahead and bring in the C99 bool as well.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
[geomatsi@gmail.com: backport from upstream]
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
[yann.morin.1998@free.fr: keep upstream sha1 in header, drop numbering]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
---
src/utils/includes.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/utils/includes.h b/src/utils/includes.h
index 75513fc8c..741fc9c14 100644
--- a/src/utils/includes.h
+++ b/src/utils/includes.h
@@ -18,6 +18,7 @@
#include <stdlib.h>
#include <stddef.h>
+#include <stdbool.h>
#include <stdio.h>
#include <stdarg.h>
#include <string.h>
--
2.25.1

37
package/hostapd/0004-ASN.1-Add-helper-functions-for-recognizing-tag-value.patch
View File

@@ -1,37 +0,0 @@
From 9a990e8c4eb92dd64e0ec483599820e45c35ac23 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sat, 13 Mar 2021 23:14:23 +0200
Subject: [PATCH] ASN.1: Add helper functions for recognizing tag values
Signed-off-by: Jouni Malinen <j@w1.fi>
[geomatsi@gmail.com: backport asn1_is_null() from upstream 9a990e8c4eb9]
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
[yann.morin.1998@free.fr:
- reformat, keep the upstream sha1 and title,
- drop numbering
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
---
src/tls/asn1.h | 102 +++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 102 insertions(+)
diff --git a/src/tls/asn1.h b/src/tls/asn1.h
index de3430adb..a4d1be473 100644
--- a/src/tls/asn1.h
+++ b/src/tls/asn1.h
@@ -66,6 +66,12 @@ struct wpabuf * asn1_build_alg_id(const struct asn1_oid *oid,
unsigned long asn1_bit_string_to_long(const u8 *buf, size_t len);
int asn1_oid_equal(const struct asn1_oid *a, const struct asn1_oid *b);
+static inline bool asn1_is_null(const struct asn1_hdr *hdr)
+{
+ return hdr->class == ASN1_CLASS_UNIVERSAL &&
+ hdr->tag == ASN1_TAG_NULL;
+}
+
extern struct asn1_oid asn1_sha1_oid;
extern struct asn1_oid asn1_sha256_oid;
--
2.25.1

8
package/hostapd/hostapd.hash
View File

@@ -1,7 +1,3 @@
# Locally calculated
sha256 881d7d6a90b2428479288d64233151448f8990ab4958e0ecaca7eeb3c9db2bd7 hostapd-2.9.tar.gz
sha256 2d9a5b9d616f1b4aa4a22b967cee866e2f69b798b0b46803a7928c8559842bd7 0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch
sha256 49feb35a5276279b465f6836d6fa2c6b34d94dc979e8b840d1918865c04260de 0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch
sha256 a8212a2d89a5bab2824d22b6047e7740553df163114fcec94832bfa9c5c5d78a 0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch
sha256 7f40cfec5faf5e927ea9028ab9392cd118685bde7229ad24210caf0a8f6e9611 0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch
sha256 9da5dd0776da266b180b915e460ff75c6ff729aca1196ab396529510f24f3761 README
sha256 206e7c799b678572c2e3d12030238784bc4a9f82323b0156b4c9466f1498915d hostapd-2.10.tar.gz
sha256 af01e1d1ee065a1054d20ebe8a78a016f1fb1133b73e6a9d50801b165bb280c7 README

43
package/hostapd/hostapd.mk
View File

@@ -4,34 +4,17 @@
#
################################################################################
HOSTAPD_VERSION = 2.9
HOSTAPD_VERSION = 2.10
HOSTAPD_SITE = http://w1.fi/releases
HOSTAPD_SUBDIR = hostapd
HOSTAPD_CONFIG = $(HOSTAPD_DIR)/$(HOSTAPD_SUBDIR)/.config
HOSTAPD_PATCH = \
https://w1.fi/security/2020-1/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch \
https://w1.fi/security/2020-1/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch \
https://w1.fi/security/2020-1/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch \
https://w1.fi/security/2021-1/0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch
HOSTAPD_DEPENDENCIES = host-pkgconf
HOSTAPD_CFLAGS = $(TARGET_CFLAGS)
HOSTAPD_LICENSE = BSD-3-Clause
HOSTAPD_LICENSE_FILES = README
# 0001-AP-Silently-ignore-management-frame-from-unexpected-.patch
HOSTAPD_IGNORE_CVES += CVE-2019-16275
# 0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch
HOSTAPD_IGNORE_CVES += CVE-2020-12695
# 0002-ASN.1-Validate-DigestAlgorithmIdentifier-parameters.patch
HOSTAPD_IGNORE_CVES += CVE-2021-30004
# 0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch
HOSTAPD_IGNORE_CVES += CVE-2021-27803
HOSTAPD_CPE_ID_VENDOR = w1.fi
HOSTAPD_CONFIG_SET =
HOSTAPD_SELINUX_MODULES = hostapd
HOSTAPD_CONFIG_ENABLE = \
CONFIG_INTERNAL_LIBTOMMATH \
@@ -70,6 +53,7 @@ endif
ifeq ($(BR2_PACKAGE_HOSTAPD_HAS_WIFI_DRIVERS),y)
HOSTAPD_CONFIG_ENABLE += \
CONFIG_HS20 \
CONFIG_IEEE80211AX \
CONFIG_IEEE80211AC \
CONFIG_IEEE80211N \
CONFIG_IEEE80211R \
@@ -99,13 +83,16 @@ HOSTAPD_CONFIG_ENABLE += CONFIG_WPS
endif
ifeq ($(BR2_PACKAGE_HOSTAPD_WPA3),y)
HOSTAPD_CONFIG_SET += \
CONFIG_DPP \
CONFIG_SAE
HOSTAPD_CONFIG_ENABLE += \
CONFIG_DPP \
CONFIG_SAE \
CONFIG_SAE_PK \
CONFIG_OWE
else
HOSTAPD_CONFIG_DISABLE += \
CONFIG_DPP \
CONFIG_SAE \
CONFIG_SAE_PK \
CONFIG_OWE
endif
@@ -114,8 +101,9 @@ HOSTAPD_CONFIG_ENABLE += CONFIG_NO_VLAN
endif
ifeq ($(BR2_PACKAGE_HOSTAPD_VLAN_DYNAMIC),y)
HOSTAPD_CONFIG_ENABLE += CONFIG_FULL_DYNAMIC_VLAN
HOSTAPD_CONFIG_SET += NEED_LINUX_IOCTL
HOSTAPD_CONFIG_ENABLE += \
CONFIG_FULL_DYNAMIC_VLAN \
NEED_LINUX_IOCTL
endif
ifeq ($(BR2_PACKAGE_HOSTAPD_VLAN_NETLINK),y)
@@ -139,9 +127,14 @@ define HOSTAPD_CONFIGURE_CMDS
cp $(@D)/hostapd/defconfig $(HOSTAPD_CONFIG)
sed -i $(patsubst %,-e 's/^#\(%\)/\1/',$(HOSTAPD_CONFIG_ENABLE)) \
$(patsubst %,-e 's/^\(%\)/#\1/',$(HOSTAPD_CONFIG_DISABLE)) \
$(patsubst %,-e '1i%=y',$(HOSTAPD_CONFIG_SET)) \
$(patsubst %,-e %,$(HOSTAPD_CONFIG_EDITS)) \
$(HOSTAPD_CONFIG)
# set requested configuration options not listed in hostapd defconfig
for s in $(HOSTAPD_CONFIG_ENABLE) ; do \
if ! grep -q "^$${s}" $(HOSTAPD_CONFIG); then \
echo "$${s}=y" >> $(HOSTAPD_CONFIG) ; \
fi \
done
endef
define HOSTAPD_BUILD_CMDS