From patchwork Wed Apr 21 20:42:31 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matt Weber X-Patchwork-Id: 1468867 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=2605:bc80:3010::133; helo=smtp2.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=rockwellcollins.com header.i=@rockwellcollins.com header.a=rsa-sha256 header.s=hrcrc2020 header.b=iZ9TXC0s; dkim-atps=neutral Received: from smtp2.osuosl.org (smtp2.osuosl.org [IPv6:2605:bc80:3010::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4FQXZs2kRTz9sVq for ; Thu, 22 Apr 2021 06:43:49 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id E0CFB403A1; Wed, 21 Apr 2021 20:43:46 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VEKPXn0j3CO7; Wed, 21 Apr 2021 20:43:46 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by smtp2.osuosl.org (Postfix) with ESMTP id 3276740516; Wed, 21 Apr 2021 20:43:45 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by ash.osuosl.org (Postfix) with ESMTP id 72E531BF46D for ; Wed, 21 Apr 2021 20:42:41 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id 61B8183BB7 for ; Wed, 21 Apr 2021 20:42:40 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Authentication-Results: smtp1.osuosl.org (amavisd-new); dkim=pass (2048-bit key) header.d=rockwellcollins.com Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fRml0BKcmw9x for ; Wed, 21 Apr 2021 20:42:39 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 Received: from ch3vs05.rockwellcollins.com (ch3vs05.rockwellcollins.com [205.175.226.130]) by smtp1.osuosl.org (Postfix) with ESMTPS id 83A4683BBC for ; Wed, 21 Apr 2021 20:42:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rockwellcollins.com; s=hrcrc2020; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=u1AUhyTGvJmZ0he4GOEW5C2uZUfcI+E3tKYvrWoCR1E=; b=iZ9TXC0sOhIpKYmKSQZXm11CDMCCehySg1FI4tsyQVb/wgsEgQg+ha1P qNcHNNzNtO987vZghhCZQZbtFAKYbeMnUGC57LFjo0qYnrmathhHOof22 QJjJoxV7fhXDCpEJenMRPt7q3Til2CSfAzabPTMYrkbjN1M84Tn7b61UV vKQ82LHisMuCcjjfwzGmHa93GOcm2jGTXlItfd+KNA712tj3amT2b4XJU /FAtOHgU7fp8pzVb4dMgW/8rsQpBAAChPIqvK0eq5pZGAJU9XfDE8W75u ASrHy09d1CGr7o9LkEa1hKgwZ+01PpsBk0LuXn2ALmP5S1NxcBrCmRHjR w==; IronPort-SDR: ugdD+oEcR2XbwXXf1+eazfj6D4wgI9sDrurhjSgyfFle/MoPf8OVYV7xnI9y8tbePQrg5ySgG0 yXtut03xAAPDH1xfVUwH5PluseH4qWx3MoyNIlqVs6OSc8Gv9RGYTd88USONsUSSJ3oyTi69Gi HLgPlDohpMgPR4L79+zRHcPX1kK4loenw/b+YFNKuhiujO2gwXlfyxUGV8JfSMT9noLVXBOXqN isTae/rKr76zVgf5dWgimsLGfb/0eHiuGKezhblutxPpM8SdPNXhyDQe7AhK6yGLfQLTxZHbK2 AMc= Received: from ofwch3n02.rockwellcollins.com (HELO crulimr02.rockwellcollins.com) ([205.175.226.14]) by ch3vs05.rockwellcollins.com with ESMTP; 21 Apr 2021 15:42:37 -0500 X-Received: from biscuits.rockwellcollins.com (biscuits.rockwellcollins.lab [10.148.119.137]) by crulimr02.rockwellcollins.com (Postfix) with ESMTP id 5D11F608BC; Wed, 21 Apr 2021 15:42:37 -0500 (CDT) From: Matt Weber To: buildroot@buildroot.org Date: Wed, 21 Apr 2021 15:42:31 -0500 Message-Id: <20210421204235.5956-7-matthew.weber@rockwellcollins.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210421204235.5956-1-matthew.weber@rockwellcollins.com> References: <20210421204235.5956-1-matthew.weber@rockwellcollins.com> Subject: [Buildroot] [PATCH 06/10] package/hostapd: ignore CVE-2021-30004 when using openssl X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Matt Weber MIME-Version: 1.0 Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" The CVE can be ignored when the internal TLS impl isn't used. https://security-tracker.debian.org/tracker/CVE-2021-30004 "Issue only affects the "internal" TLS implementation (CONFIG_TLS=internal)" Signed-off-by: Matthew Weber --- package/hostapd/hostapd.mk | 2 ++ 1 file changed, 2 insertions(+) diff --git a/package/hostapd/hostapd.mk b/package/hostapd/hostapd.mk index efeefd8b35..2995545d18 100644 --- a/package/hostapd/hostapd.mk +++ b/package/hostapd/hostapd.mk @@ -38,6 +38,8 @@ ifeq ($(BR2_PACKAGE_LIBOPENSSL),y) HOSTAPD_DEPENDENCIES += host-pkgconf libopenssl HOSTAPD_LIBS += `$(PKG_CONFIG_HOST_BINARY) --libs openssl` HOSTAPD_CONFIG_EDITS += 's/\#\(CONFIG_TLS=openssl\)/\1/' +# Issue only affects the "internal" TLS implementation +HOSTAPD_IGNORE_CVES += CVE-2021-30004 else HOSTAPD_CONFIG_DISABLE += CONFIG_EAP_PWD CONFIG_EAP_TEAP HOSTAPD_CONFIG_EDITS += 's/\#\(CONFIG_TLS=\).*/\1internal/'