[Buildroot] [PATCH 1/1] package/wpa_supplicant: fix build with CVE-2021-30004 changes
Sergey Matyukevich
geomatsi at gmail.com
Thu May 20 21:45:13 UTC 2021
Hello Yann,
> > Commit a8fbe67b9b16 ("package/wpa_supplicant: add upstream patch to fix
> > CVE-2021-30004") added security patch from hostapd upstream without
> > required ASN.1 helpers. Backport and adapt two commits from the
> > hostapd upstream to add missing headers and helpers.
> >
> > Signed-off-by: Sergey Matyukevich <geomatsi at gmail.com>
>
> Applied to master, thanks.
>
> I was surprised, because I saw zero issue about this in our
> autobuilders. But I could trigger one locally with:
>
> BR2_arm=y
> BR2_cortex_a7=y
> BR2_TOOLCHAIN_EXTERNAL=y
> BR2_INIT_NONE=y
> BR2_SYSTEM_BIN_SH_NONE=y
> # BR2_PACKAGE_BUSYBOX is not set
> # BR2_PACKAGE_IFUPDOWN_SCRIPTS is not set
> BR2_PACKAGE_WPA_SUPPLICANT=y
> BR2_PACKAGE_WPA_SUPPLICANT_WEXT=y
> BR2_PACKAGE_WPA_SUPPLICANT_WIRED=y
> BR2_PACKAGE_WPA_SUPPLICANT_IBSS_RSN=y
> BR2_PACKAGE_WPA_SUPPLICANT_AP_SUPPORT=y
> BR2_PACKAGE_WPA_SUPPLICANT_WIFI_DISPLAY=y
> BR2_PACKAGE_WPA_SUPPLICANT_AUTOSCAN=y
> BR2_PACKAGE_WPA_SUPPLICANT_HOTSPOT=y
> BR2_PACKAGE_WPA_SUPPLICANT_DEBUG_SYSLOG=y
> BR2_PACKAGE_WPA_SUPPLICANT_WPS=y
> BR2_PACKAGE_WPA_SUPPLICANT_CLI=y
> BR2_PACKAGE_WPA_SUPPLICANT_WPA_CLIENT_SO=y
> BR2_PACKAGE_WPA_SUPPLICANT_PASSPHRASE=y
> BR2_PACKAGE_WPA_SUPPLICANT_DBUS=y
> BR2_PACKAGE_WPA_SUPPLICANT_DBUS_INTROSPECTION=y
This issue is relevant only for hostapd internal TLS implementation.
So openssl needs to be disabled to make sure that internal TLS is
selected. Probably this is the reason why we didn't observe this
issue more frequenlty in the autobuilder ?
As soon as internal TLS is selected, the following minimal
wpa_supplicant configuration should be enough to trigger:
BR2_PACKAGE_WPA_SUPPLICANT=y
BR2_PACKAGE_WPA_SUPPLICANT_EAP=y
Regards,
Sergey
More information about the buildroot
mailing list