[Buildroot] [PATCH 06/10] package/hostapd: ignore CVE-2021-30004 when using openssl
Matt Weber
matthew.weber at rockwellcollins.com
Wed Apr 21 20:42:31 UTC 2021
The CVE can be ignored when the internal TLS impl isn't used.
https://security-tracker.debian.org/tracker/CVE-2021-30004
"Issue only affects the "internal" TLS implementation
(CONFIG_TLS=internal)"
Signed-off-by: Matthew Weber <matthew.weber at rockwellcollins.com>
---
package/hostapd/hostapd.mk | 2 ++
1 file changed, 2 insertions(+)
diff --git a/package/hostapd/hostapd.mk b/package/hostapd/hostapd.mk
index efeefd8b35..2995545d18 100644
--- a/package/hostapd/hostapd.mk
+++ b/package/hostapd/hostapd.mk
@@ -38,6 +38,8 @@ ifeq ($(BR2_PACKAGE_LIBOPENSSL),y)
HOSTAPD_DEPENDENCIES += host-pkgconf libopenssl
HOSTAPD_LIBS += `$(PKG_CONFIG_HOST_BINARY) --libs openssl`
HOSTAPD_CONFIG_EDITS += 's/\#\(CONFIG_TLS=openssl\)/\1/'
+# Issue only affects the "internal" TLS implementation
+HOSTAPD_IGNORE_CVES += CVE-2021-30004
else
HOSTAPD_CONFIG_DISABLE += CONFIG_EAP_PWD CONFIG_EAP_TEAP
HOSTAPD_CONFIG_EDITS += 's/\#\(CONFIG_TLS=\).*/\1internal/'
--
2.17.1
More information about the buildroot
mailing list