Commit graph

98 commits

Author SHA1 Message Date
misuzu
edba976506
wpa_supplicant: allow disabling pcsclite dependency (#128182)
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
2021-06-27 18:36:16 +02:00
Maximilian Bosch
84670bf681
wpa_supplicant: review fixes 2021-04-16 13:28:26 +02:00
Maximilian Bosch
08ced9d67f
nixos/wpa_supplicant: make new behavior opt-in 2021-04-16 13:18:46 +02:00
Maximilian Bosch
de0a39166b
wpa_supplicant: allow both imperative and declarative networks
For a while now it's possible to specify an additional config file in
`wpa_supplicant`[1]. In contrast to the file specified via `-c` this was
supposed to be used for immutable settings and not e.g. additional
networks.

However I'm a little bit unhappy about the fact that one has to choose
between a fully imperative setup and a fully declarative one where the
one would have to write credentials for e.g. WPA2-enterprise networks
into the store.

The primary problem with the current state of `wpa_supplicant` is that
if the `SAVE_CONFIG` command is invoked (e.g. via `wpa_cli`), all known
networks will be written to `/etc/wpa_supplicant.conf` and thus all
declarative networks would get out of sync with the declarative
settings.

To work around this, I had to change the following things:

* The `networking.wireless`-module now uses `-I` for declarative config,
  so the user-controlled mode can be used along with the
  `networks`-option.

* I added an `ro`-field to the `ssid`-struct in the
  `wpa_supplicant`-sources. This will be set to `1` for each network
  specified in the config passed via `-I`.

  Whenever config is written to the disk, those networks will be
  skipped, so changes to declarative networks are only temporary.

[1] https://w1.fi/cgit/hostap/commit/wpa_supplicant?id=e6304cad47251e88d073553042f1ea7805a858d1
2021-04-16 13:18:25 +02:00
Martin Weinelt
9f9ab6fffc wpa_supplicant: add patch for CVE-2021-30004
In wpa_supplicant and hostapd 2.9, forging attacks may occur because
AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and
tls/x509v3.c.

Fixes: CVE-2021-30004
2021-04-13 18:45:44 +02:00
Tim Steinbach
67f3319fb7
wpa_supplicant: Enable bgscan 'learn' module 2021-04-04 12:41:14 -04:00
Martin Weinelt
6a0b4ab7be
wpa_supplicant: add CVE-ID for P2P provision discovery proccessing vuln. 2021-02-27 13:11:35 +01:00
Martin Weinelt
a77380a689
wpa_supplicant: update homepage
The old one still exists but is not getting updated anymore.
2021-02-25 21:26:56 +01:00
Martin Weinelt
0dd3c094ee
wpa_supplicant: fix for security advisory 2021-1
A vulnerability was discovered in how wpa_supplicant processes P2P
(Wi-Fi Direct) provision discovery requests. Under a corner case
condition, an invalid Provision Discovery Request frame could end up
reaching a state where the oldest peer entry needs to be removed. With
a suitably constructed invalid frame, this could result in use
(read+write) of freed memory. This can result in an attacker within
radio range of the device running P2P discovery being able to cause
unexpected behavior, including termination of the wpa_supplicant process
and potentially code execution.

https://w1.fi/security/2021-1/
2021-02-25 20:57:49 +01:00
Martin Weinelt
95164dc11b
wpa_supplicant: fix for security advisory 2020-2
A vulnerability was discovered in how wpa_supplicant processing P2P
(Wi-Fi Direct) group information from active group owners. The actual
parsing of that information validates field lengths appropriately, but
processing of the parsed information misses a length check when storing
a copy of the secondary device types. This can result in writing
attacker controlled data into the peer entry after the area assigned for
the secondary device type. The overflow can result in corrupting
pointers for heap allocations. This can result in an attacker within
radio range of the device running P2P discovery being able to cause
unexpected behavior, including termination of the wpa_supplicant process
and potentially arbitrary code execution.

https://w1.fi/security/2020-2/wpa_supplicant-p2p-group-info-processing-vulnerability.txt

Fixes: CVE-2021-0326
2021-02-04 00:31:38 +01:00
Martin Weinelt
28f8b5f5f3 wpa_supplicant: backport support for OWE
The wpa_supplicant upstream is slow to push out new releases and has
been asked several times to do so. Support for Opportunistic Wireless
Encryption has been on master since late 2019 and still hasn't made it
into a release yet.

This backports a rather simple patchset to enable OWE key management
and exposes it also via DBus, so it can be used from Network-Manager.
2021-02-01 00:20:07 +01:00
Pavol Rusnak
a6ce00c50c
treewide: remove stdenv where not needed 2021-01-25 18:31:47 +01:00
Jonathan Ringer
9bb3fccb5b treewide: pkgs.pkgconfig -> pkgs.pkg-config, move pkgconfig to alias.nix
continuation of #109595

pkgconfig was aliased in 2018, however, it remained in
all-packages.nix due to its wide usage. This cleans
up the remaining references to pkgs.pkgsconfig and
moves the entry to aliases.nix.

python3Packages.pkgconfig remained unchanged because
it's the canonical name of the upstream package
on pypi.
2021-01-19 01:16:25 -08:00
Ben Siraphob
16d91ee628 pkgs/os-specific: stdenv.lib -> lib 2021-01-17 23:26:08 +07:00
Profpatsch
4a7f99d55d treewide: with stdenv.lib; in meta -> with lib;
Part of: https://github.com/NixOS/nixpkgs/issues/108938

meta = with stdenv.lib;

is a widely used pattern. We want to slowly remove
the `stdenv.lib` indirection and encourage people
to use `lib` directly. Thus let’s start with the meta
field.

This used a rewriting script to mostly automatically
replace all occurances of this pattern, and add the
`lib` argument to the package header if it doesn’t
exist yet.

The script in its current form is available at
https://cs.tvl.fyi/depot@2f807d7f141068d2d60676a89213eaa5353ca6e0/-/blob/users/Profpatsch/nixpkgs-rewriter/default.nix
2021-01-11 10:38:22 +01:00
Daiderd Jordan
7b3a2963d1
treewide: replace base64 encoded hashes 2020-06-03 18:35:19 +02:00
Jan Tojnar
219382bf28
wpa_supplicant_gui: fix build with Inkscape 1.0 2020-05-17 08:40:30 +02:00
Michael Reilly
84cf00f980
treewide: Per RFC45, remove all unquoted URLs 2020-04-10 17:54:53 +01:00
c0bw3b
9367367dfd Treewide: fix URL permanent redirects
Permanent redirects on homepages and/or source URLs
as reported by Repology
2019-11-16 01:41:23 +01:00
Florian Klink
ac1aeb4fbb
wpa_supplicant: apply patch for CVE-2019-16275 (#70266)
wpa_supplicant: apply patch for CVE-2019-16275
2019-10-14 23:00:05 +02:00
Tor Hedin Brønner
67effde499
wpa_supplicant: install d-bus conf correctly to share/dbus/system.d
Fixes 40dda7383b which inadvertently installed to
a file as the directory didn't exist.

Also blocked up the postInstall script for readability.
2019-10-14 18:57:44 +02:00
Pierre Bourdon
559687498b
wpa_supplicant: apply patch for CVE-2019-16275 2019-10-02 21:24:23 +02:00
worldofpeace
40dda7383b wpa_supplicant: Move D-Bus conf file to share/dbus-1/system.d
Since D-Bus 1.9.18 configuration files installed by third-party should
go in share/dbus-1/system.d. The old location is for sysadmin overrides.
2019-09-16 13:59:46 -04:00
Vladimír Čunát
2e6bf42a22
Merge branch 'master' into staging-next
There ver very many conflicts, basically all due to
name -> pname+version.  Fortunately, almost everything was auto-resolved
by kdiff3, and for now I just fixed up a couple evaluation problems,
as verified by the tarball job.  There might be some fallback to these
conflicts, but I believe it should be minimal.

Hydra nixpkgs: ?compare=1538299
2019-08-24 08:55:37 +02:00
R. RyanTM
a5f2040b0d wpa_supplicant: 2.8 -> 2.9
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/wpa_supplicant/versions
2019-08-20 23:30:06 -07:00
volth
46420bbaa3 treewide: name -> pname (easy cases) (#66585)
treewide replacement of

stdenv.mkDerivation rec {
  name = "*-${version}";
  version = "*";

to pname
2019-08-15 13:41:18 +01:00
Dominik Xaver Hörl
40970f1096 wpa_supplicant/gui: fix qt wrapping
Import mkDerivation explicitly instead of using stdenv.mkDerivation, to
allow proper wrapping.
2019-08-07 11:59:35 +02:00
volth
f3282c8d1e treewide: remove unused variables (#63177)
* treewide: remove unused variables

* making ofborg happy
2019-06-16 19:59:05 +00:00
Will Dietz
10dde5a1cc wpa_supplicant: patch already applied :) 2019-04-22 15:39:47 -05:00
Will Dietz
1448b0583b wpa_supplicant: 2.7 -> 2.8 2019-04-22 15:34:26 -05:00
Pierre Bourdon
3f0a59314c wpa_supplicant: 2.6 -> 2.7 (#55926) 2019-02-24 00:47:11 +01:00
Jörg Thalheim
b5c1deca8a
treewide: remove wkennington as maintainer
He prefers to contribute to his own nixpkgs fork triton.
Since he is still marked as maintainer in many packages
this leaves the wrong impression he still maintains those.
2019-01-26 10:05:32 +00:00
Linus Heckemann
6845ebbff1 wpa_supplicant: improve manpage
Now points to the store path of the sample config rather than
/usr/share/doc.
2018-11-23 18:01:19 +01:00
Linus Heckemann
1a7f21f398 wpa_supplicant: copy sample config into output 2018-11-23 18:01:19 +01:00
Markus Kowalewski
b3d114e6f9
wpa_gui: add license + homepage 2018-08-30 22:03:07 +02:00
Franz Pletz
a81b29ac0b
wpa_supplicant: add patch to fix CVE-2018-14526
Fixes #44724.
2018-08-08 22:20:06 +02:00
volth
52f53c69ce pkgs/*: remove unreferenced function arguments 2018-07-21 02:48:04 +00:00
Matthew Bauer
76999cc40e treewide: remove aliases in nixpkgs
This makes the command ‘nix-env -qa -f. --arg config '{skipAliases =
true;}'’ work in Nixpkgs.

Misc...

- qtikz: use libsForQt5.callPackage

  This ensures we get the right poppler.

- rewrites:

  docbook5_xsl -> docbook_xsl_ns
  docbook_xml_xslt -> docbook_xsl

diffpdf: fixup
2018-07-18 23:25:20 -04:00
Jan Tojnar
3784fd5e46
pcsclite: split package 2018-06-29 04:40:54 +02:00
Graham Christensen
ea50efcc67
wpa_supplicant: patch for KRACKAttack
CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake.
    CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake.
    CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way handshake.
    CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake.
    CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake.
    CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it.
    CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake.
    CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake.
    CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
    CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
2017-10-16 07:33:44 -04:00
Maximilian Güntner
daf07c9d62
hostapd/wpa_supplicant: update urls 2017-09-17 13:46:11 +02:00
Carl Sverre
6b62b566a1 wpa_supplicant: Enable BGSCAN module
Compile wpa_supplicant with the BGSCAN module enabled. This allows the
user to configure an SSID to use the bgscan module.  This module causes
wpa_supplicant to periodically perform a background scan for additional
access points and switch to the one with the highest signal.  This scan
can be kicked off when the current connection drops below a target
threshold signal strength.
2017-08-03 21:37:24 -07:00
Thomas Tuegel
210f688802
qt5: rename qmakeHook to qmake 2017-06-18 08:41:57 -05:00
Jörg Thalheim
95f6bece88
wpa_supplicant: upgrade to qt5
also inkscape removal patch, as it introduced a bug: #25320
fixes #25320 #25325
2017-05-01 21:23:22 +02:00
Vladimír Čunát
96d41e393d
treewide: purge maintainers.urkud
It's sad, but he's been inactive for the last five years.
Keeping such people in meta.maintainers is counter-productive.
2017-03-27 19:52:29 +02:00
Moritz Ulrich
7e4c7d6af0 wpa_supplicant_gui: Add forgotten patch. 2016-10-30 22:29:44 +01:00
Moritz Ulrich
19bdc31ed6 wpa_supplicant_gui: Replace inkscape with imagemagick in build process. 2016-10-30 22:28:08 +01:00
Tim Steinbach
b86310fccf wpa_supplicant: 2.5 -> 2.6 (#19913) 2016-10-27 13:57:56 +02:00
Tuomas Tynkkynen
603dcd6263 treewide: Make explicit that 'dev' output of libnl is used 2016-05-19 10:00:43 +02:00
Nikolay Amiantov
e282d36143 wpa_supplicant_gui: move to qmake4Hook 2016-04-20 18:55:54 +03:00