74c854bd51
Fixes the following security issue: - wpa_supplicant P2P group information processing vulnerability (no CVE yet) A vulnerability was discovered in how wpa_supplicant processing P2P (Wi-Fi Direct) group information from active group owners. The actual parsing of that information validates field lengths appropriately, but processing of the parsed information misses a length check when storing a copy of the secondary device types. This can result in writing attacker controlled data into the peer entry after the area assigned for the secondary device type. The overflow can result in corrupting pointers for heap allocations. This can result in an attacker within radio range of the device running P2P discovery being able to cause unexpected behavior, including termination of the wpa_supplicant process and potentially arbitrary code execution. For more details, see the advisory: https://w1.fi/security/2020-2/wpa_supplicant-p2p-group-info-processing-vulnerability.txt Signed-off-by: Peter Korsgaard <peter@korsgaard.com> [yann.morin.1998@free.fr: keep _PATCH near _VERSION and _SITE] Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
242 lines
7.9 KiB
Makefile
242 lines
7.9 KiB
Makefile
################################################################################
|
|
#
|
|
# wpa_supplicant
|
|
#
|
|
################################################################################
|
|
|
|
WPA_SUPPLICANT_VERSION = 2.9
|
|
WPA_SUPPLICANT_SITE = http://w1.fi/releases
|
|
WPA_SUPPLICANT_PATCH = \
|
|
https://w1.fi/security/2020-2/0001-P2P-Fix-copying-of-secondary-device-types-for-P2P-gr.patch
|
|
WPA_SUPPLICANT_LICENSE = BSD-3-Clause
|
|
WPA_SUPPLICANT_LICENSE_FILES = README
|
|
WPA_SUPPLICANT_CPE_ID_VENDOR = w1.fi
|
|
WPA_SUPPLICANT_CONFIG = $(WPA_SUPPLICANT_DIR)/wpa_supplicant/.config
|
|
WPA_SUPPLICANT_SUBDIR = wpa_supplicant
|
|
WPA_SUPPLICANT_DBUS_OLD_SERVICE = fi.epitest.hostap.WPASupplicant
|
|
WPA_SUPPLICANT_DBUS_NEW_SERVICE = fi.w1.wpa_supplicant1
|
|
WPA_SUPPLICANT_CFLAGS = $(TARGET_CFLAGS) -I$(STAGING_DIR)/usr/include/libnl3/
|
|
WPA_SUPPLICANT_LDFLAGS = $(TARGET_LDFLAGS)
|
|
WPA_SUPPLICANT_SELINUX_MODULES = networkmanager
|
|
|
|
# 0001-AP-Silently-ignore-management-frame-from-unexpected-.patch
|
|
WPA_SUPPLICANT_IGNORE_CVES += CVE-2019-16275
|
|
|
|
# install the wpa_client library
|
|
WPA_SUPPLICANT_INSTALL_STAGING = YES
|
|
|
|
WPA_SUPPLICANT_CONFIG_EDITS =
|
|
|
|
# Add support for simple background scan
|
|
WPA_SUPPLICANT_CONFIG_SET = CONFIG_BGSCAN_SIMPLE
|
|
|
|
WPA_SUPPLICANT_CONFIG_ENABLE = \
|
|
CONFIG_IEEE80211AC \
|
|
CONFIG_IEEE80211N \
|
|
CONFIG_IEEE80211R \
|
|
CONFIG_INTERNAL_LIBTOMMATH \
|
|
CONFIG_DEBUG_FILE \
|
|
CONFIG_MATCH_IFACE
|
|
|
|
WPA_SUPPLICANT_CONFIG_DISABLE = \
|
|
CONFIG_SMARTCARD
|
|
|
|
# libnl-3 needs -lm (for rint) and -lpthread if linking statically
|
|
# And library order matters hence stick -lnl-3 first since it's appended
|
|
# in the wpa_supplicant Makefiles as in LIBS+=-lnl-3 ... thus failing
|
|
ifeq ($(BR2_PACKAGE_WPA_SUPPLICANT_NL80211),y)
|
|
ifeq ($(BR2_STATIC_LIBS),y)
|
|
WPA_SUPPLICANT_LIBS += -lnl-3 -lm -lpthread
|
|
endif
|
|
WPA_SUPPLICANT_DEPENDENCIES += host-pkgconf libnl
|
|
WPA_SUPPLICANT_CONFIG_ENABLE += CONFIG_LIBNL32
|
|
else
|
|
WPA_SUPPLICANT_CONFIG_DISABLE += CONFIG_DRIVER_NL80211
|
|
endif
|
|
|
|
# Trailing underscore on purpose to not enable CONFIG_EAPOL_TEST
|
|
ifeq ($(BR2_PACKAGE_WPA_SUPPLICANT_EAP),y)
|
|
WPA_SUPPLICANT_CONFIG_ENABLE += CONFIG_EAP_
|
|
# uses dlopen()
|
|
ifeq ($(BR2_STATIC_LIBS),y)
|
|
WPA_SUPPLICANT_CONFIG_DISABLE += CONFIG_EAP_TNC
|
|
endif
|
|
else
|
|
WPA_SUPPLICANT_CONFIG_DISABLE += CONFIG_EAP
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_WPA_SUPPLICANT_HOTSPOT),y)
|
|
WPA_SUPPLICANT_CONFIG_ENABLE += CONFIG_HS20 \
|
|
CONFIG_INTERWORKING
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_WPA_SUPPLICANT_AP_SUPPORT),y)
|
|
WPA_SUPPLICANT_CONFIG_ENABLE += \
|
|
CONFIG_AP \
|
|
CONFIG_P2P
|
|
else
|
|
WPA_SUPPLICANT_CONFIG_DISABLE += \
|
|
CONFIG_AP \
|
|
CONFIG_P2P
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_WPA_SUPPLICANT_WIFI_DISPLAY),y)
|
|
WPA_SUPPLICANT_CONFIG_ENABLE += CONFIG_WIFI_DISPLAY
|
|
else
|
|
WPA_SUPPLICANT_CONFIG_DISABLE += CONFIG_WIFI_DISPLAY
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_WPA_SUPPLICANT_MESH_NETWORKING),y)
|
|
WPA_SUPPLICANT_CONFIG_SET += CONFIG_MESH
|
|
WPA_SUPPLICANT_CONFIG_ENABLE += CONFIG_IEEE80211W
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_WPA_SUPPLICANT_AUTOSCAN),y)
|
|
WPA_SUPPLICANT_CONFIG_ENABLE += \
|
|
CONFIG_AUTOSCAN_EXPONENTIAL \
|
|
CONFIG_AUTOSCAN_PERIODIC
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_WPA_SUPPLICANT_WPS),y)
|
|
WPA_SUPPLICANT_CONFIG_ENABLE += CONFIG_WPS
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_WPA_SUPPLICANT_WPA3),y)
|
|
WPA_SUPPLICANT_CONFIG_ENABLE += \
|
|
CONFIG_DPP \
|
|
CONFIG_SAE \
|
|
CONFIG_OWE
|
|
else
|
|
WPA_SUPPLICANT_CONFIG_DISABLE += \
|
|
CONFIG_DPP \
|
|
CONFIG_SAE \
|
|
CONFIG_OWE
|
|
endif
|
|
|
|
# Try to use openssl if it's already available
|
|
ifeq ($(BR2_PACKAGE_LIBOPENSSL),y)
|
|
WPA_SUPPLICANT_DEPENDENCIES += host-pkgconf libopenssl
|
|
WPA_SUPPLICANT_LIBS += `$(PKG_CONFIG_HOST_BINARY) --libs openssl`
|
|
WPA_SUPPLICANT_CONFIG_EDITS += 's/\#\(CONFIG_TLS=openssl\)/\1/'
|
|
else
|
|
WPA_SUPPLICANT_CONFIG_DISABLE += CONFIG_EAP_PWD CONFIG_EAP_TEAP
|
|
WPA_SUPPLICANT_CONFIG_EDITS += 's/\#\(CONFIG_TLS=\).*/\1internal/'
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_WPA_SUPPLICANT_DBUS),y)
|
|
WPA_SUPPLICANT_DEPENDENCIES += host-pkgconf dbus
|
|
WPA_SUPPLICANT_MAKE_ENV = \
|
|
PKG_CONFIG_SYSROOT_DIR="$(STAGING_DIR)" \
|
|
PKG_CONFIG_PATH="$(STAGING_DIR)/usr/lib/pkgconfig"
|
|
WPA_SUPPLICANT_CONFIG_ENABLE += CONFIG_CTRL_IFACE_DBUS_NEW
|
|
define WPA_SUPPLICANT_INSTALL_DBUS_NEW
|
|
$(INSTALL) -m 0644 -D \
|
|
$(@D)/wpa_supplicant/dbus/$(WPA_SUPPLICANT_DBUS_NEW_SERVICE).service \
|
|
$(TARGET_DIR)/usr/share/dbus-1/system-services/$(WPA_SUPPLICANT_DBUS_NEW_SERVICE).service
|
|
endef
|
|
|
|
ifeq ($(BR2_PACKAGE_WPA_SUPPLICANT_DBUS_INTROSPECTION),y)
|
|
WPA_SUPPLICANT_CONFIG_ENABLE += CONFIG_CTRL_IFACE_DBUS_INTRO
|
|
endif
|
|
|
|
else
|
|
WPA_SUPPLICANT_CONFIG_DISABLE += CONFIG_CTRL_IFACE_DBUS_NEW
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_WPA_SUPPLICANT_DEBUG_SYSLOG),y)
|
|
WPA_SUPPLICANT_CONFIG_ENABLE += CONFIG_DEBUG_SYSLOG
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_READLINE),y)
|
|
WPA_SUPPLICANT_DEPENDENCIES += readline
|
|
WPA_SUPPLICANT_CONFIG_ENABLE += CONFIG_READLINE
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_WPA_SUPPLICANT_WPA_CLIENT_SO),y)
|
|
WPA_SUPPLICANT_CONFIG_SET += CONFIG_BUILD_WPA_CLIENT_SO
|
|
define WPA_SUPPLICANT_INSTALL_WPA_CLIENT_SO
|
|
$(INSTALL) -m 0644 -D $(@D)/$(WPA_SUPPLICANT_SUBDIR)/libwpa_client.so \
|
|
$(TARGET_DIR)/usr/lib/libwpa_client.so
|
|
$(INSTALL) -m 0644 -D $(@D)/src/common/wpa_ctrl.h \
|
|
$(TARGET_DIR)/usr/include/wpa_ctrl.h
|
|
endef
|
|
define WPA_SUPPLICANT_INSTALL_STAGING_WPA_CLIENT_SO
|
|
$(INSTALL) -m 0644 -D $(@D)/$(WPA_SUPPLICANT_SUBDIR)/libwpa_client.so \
|
|
$(STAGING_DIR)/usr/lib/libwpa_client.so
|
|
$(INSTALL) -m 0644 -D $(@D)/src/common/wpa_ctrl.h \
|
|
$(STAGING_DIR)/usr/include/wpa_ctrl.h
|
|
endef
|
|
endif
|
|
|
|
define WPA_SUPPLICANT_CONFIGURE_CMDS
|
|
cp $(@D)/wpa_supplicant/defconfig $(WPA_SUPPLICANT_CONFIG)
|
|
sed -i $(patsubst %,-e 's/^#\(%\)/\1/',$(WPA_SUPPLICANT_CONFIG_ENABLE)) \
|
|
$(patsubst %,-e 's/^\(%\)/#\1/',$(WPA_SUPPLICANT_CONFIG_DISABLE)) \
|
|
$(patsubst %,-e '1i%=y',$(WPA_SUPPLICANT_CONFIG_SET)) \
|
|
$(patsubst %,-e %,$(WPA_SUPPLICANT_CONFIG_EDITS)) \
|
|
$(WPA_SUPPLICANT_CONFIG)
|
|
endef
|
|
|
|
# LIBS for wpa_supplicant, LIBS_c for wpa_cli, LIBS_p for wpa_passphrase
|
|
define WPA_SUPPLICANT_BUILD_CMDS
|
|
$(TARGET_MAKE_ENV) CFLAGS="$(WPA_SUPPLICANT_CFLAGS)" \
|
|
LDFLAGS="$(TARGET_LDFLAGS)" BINDIR=/usr/sbin \
|
|
LIBS="$(WPA_SUPPLICANT_LIBS)" LIBS_c="$(WPA_SUPPLICANT_LIBS)" \
|
|
LIBS_p="$(WPA_SUPPLICANT_LIBS)" \
|
|
$(MAKE) CC="$(TARGET_CC)" -C $(@D)/$(WPA_SUPPLICANT_SUBDIR)
|
|
endef
|
|
|
|
ifeq ($(BR2_PACKAGE_WPA_SUPPLICANT_CLI),y)
|
|
define WPA_SUPPLICANT_INSTALL_CLI
|
|
$(INSTALL) -m 0755 -D $(@D)/$(WPA_SUPPLICANT_SUBDIR)/wpa_cli \
|
|
$(TARGET_DIR)/usr/sbin/wpa_cli
|
|
endef
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_WPA_SUPPLICANT_PASSPHRASE),y)
|
|
define WPA_SUPPLICANT_INSTALL_PASSPHRASE
|
|
$(INSTALL) -m 0755 -D $(@D)/$(WPA_SUPPLICANT_SUBDIR)/wpa_passphrase \
|
|
$(TARGET_DIR)/usr/sbin/wpa_passphrase
|
|
endef
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_DBUS),y)
|
|
define WPA_SUPPLICANT_INSTALL_DBUS
|
|
$(INSTALL) -m 0644 -D \
|
|
$(@D)/wpa_supplicant/dbus/dbus-wpa_supplicant.conf \
|
|
$(TARGET_DIR)/etc/dbus-1/system.d/wpa_supplicant.conf
|
|
$(WPA_SUPPLICANT_INSTALL_DBUS_OLD)
|
|
$(WPA_SUPPLICANT_INSTALL_DBUS_NEW)
|
|
endef
|
|
endif
|
|
|
|
define WPA_SUPPLICANT_INSTALL_STAGING_CMDS
|
|
$(WPA_SUPPLICANT_INSTALL_STAGING_WPA_CLIENT_SO)
|
|
endef
|
|
|
|
define WPA_SUPPLICANT_INSTALL_TARGET_CMDS
|
|
$(INSTALL) -m 0755 -D $(@D)/$(WPA_SUPPLICANT_SUBDIR)/wpa_supplicant \
|
|
$(TARGET_DIR)/usr/sbin/wpa_supplicant
|
|
$(INSTALL) -m 644 -D package/wpa_supplicant/wpa_supplicant.conf \
|
|
$(TARGET_DIR)/etc/wpa_supplicant.conf
|
|
$(WPA_SUPPLICANT_INSTALL_CLI)
|
|
$(WPA_SUPPLICANT_INSTALL_PASSPHRASE)
|
|
$(WPA_SUPPLICANT_INSTALL_DBUS)
|
|
$(WPA_SUPPLICANT_INSTALL_WPA_CLIENT_SO)
|
|
endef
|
|
|
|
define WPA_SUPPLICANT_INSTALL_INIT_SYSTEMD
|
|
$(INSTALL) -m 0644 -D $(@D)/$(WPA_SUPPLICANT_SUBDIR)/systemd/wpa_supplicant.service \
|
|
$(TARGET_DIR)/usr/lib/systemd/system/wpa_supplicant.service
|
|
$(INSTALL) -m 0644 -D $(@D)/$(WPA_SUPPLICANT_SUBDIR)/systemd/wpa_supplicant@.service \
|
|
$(TARGET_DIR)/usr/lib/systemd/system/wpa_supplicant@.service
|
|
$(INSTALL) -m 0644 -D $(@D)/$(WPA_SUPPLICANT_SUBDIR)/systemd/wpa_supplicant-nl80211@.service \
|
|
$(TARGET_DIR)/usr/lib/systemd/system/wpa_supplicant-nl80211@.service
|
|
$(INSTALL) -m 0644 -D $(@D)/$(WPA_SUPPLICANT_SUBDIR)/systemd/wpa_supplicant-wired@.service \
|
|
$(TARGET_DIR)/usr/lib/systemd/system/wpa_supplicant-wired@.service
|
|
$(INSTALL) -D -m 644 $(WPA_SUPPLICANT_PKGDIR)/50-wpa_supplicant.preset \
|
|
$(TARGET_DIR)/usr/lib/systemd/system-preset/50-wpa_supplicant.preset
|
|
endef
|
|
|
|
$(eval $(generic-package))
|