[Buildroot] [PATCH v2 1/1] package/hostapd: fix build with CVE-2021-30004 changes
Sergey Matyukevich
geomatsi at gmail.com
Thu May 20 13:45:41 UTC 2021
Hello Yann,
> > Commit d65586f45a22 ("package/hostapd: add upstream patch to fix
> > CVE-2021-30004") added security patch from hostapd upstream without
> > required ASN.1 helpers. Backport and adapt two commits from the
> > hostapd upstream to add missing headers and helpers.
> >
> > Fixes:
> > http://autobuild.buildroot.net/results/8f56cf556efbf447633ce873a21635f5adbc3cd2/
> >
> > Signed-off-by: Sergey Matyukevich <geomatsi at gmail.com>
>
> Applied to master, thanks.
>
> I've slightly adapated the commits, as we do nmot want the numbering in
> the patches, and I took the opportunity to slightly update the
> backports.
>
> While at it, I noticed that wpa_supplicant is also impacted by
> CVE-2021-30004, and we have backported a few patches too:
>
> a8fbe67b9b16 package/wpa_supplicant: add upstream patch to fix CVE-2021-30004
>
> And those patches also contain references to asn1_is_null(). I could not
> find any autobuilder issu about that, though... Could you check if we
> also need to carry similar patches for wpa_supplicant, please?
Yes, wpa_supplicant also fails in a similar configuration.
I will check the same fix and send a patch.
Regards,
Sergey
More information about the buildroot
mailing list