Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
f16c72ecb3
NetBSD/external
History
christos f16c72ecb3 Apply patch by Jouni Malinen. We don't have CONFIG_EAP_PWD enabled so we are 
not affected:

EAP-pwd peer error path failure on unexpected Confirm message

Published: November 10, 2015
Identifier: CVE-2015-5316
Latest version available from: http://w1.fi/security/2015-8/

Vulnerability

A vulnerability was found in EAP-pwd peer implementation used in
wpa_supplicant. If an EAP-pwd Confirm message is received unexpectedly
before the Identity exchange, the error path processing ended up
dereferencing a NULL pointer and terminating the process.

For wpa_supplicant with EAP-pwd enabled in a network configuration
profile, this could allow a denial of service attack by an attacker
within radio range.

Vulnerable versions/configurations

wpa_supplicant v2.3-v2.5 with CONFIG_EAP_PWD=y in the build
configuration (wpa_supplicant/.config) and EAP-pwd enabled in a network
profile at runtime.

Possible mitigation steps

- Merge the following commits and rebuild wpa_supplicant:

  EAP-pwd peer: Fix error path for unexpected Confirm message

  This patch is available from http://w1.fi/security/2015-8/

- Update to wpa_supplicant v2.6 or newer, once available

- Remove CONFIG_EAP_PWD=y from build configuration

- Disable EAP-pwd in runtime configuration
2015-11-10 18:39:40 +00:00
..
apache2 Add support for parsing IPv6 nameservers found in resolv.conf. 2015-10-15 16:14:40 +00:00
atheros
broadcom/rpi-firmware/dist New RPI and RPI2 firmware from 2015-03-04 23:01:55 +00:00
bsd Apply patch by Jouni Malinen. We don't have CONFIG_EAP_PWD enabled so we are 2015-11-10 18:39:40 +00:00
cddl make too many struct or union members non-fatal. 2015-10-21 13:43:49 +00:00
gpl2 Don't use %m in format strings sent to printf. 2015-11-09 00:53:57 +00:00
gpl3 We've never supported executable stack notes in any archs so don't add one. 2015-11-08 17:13:01 +00:00
historical PR/50199 - fix for strftime called with empty string. 2015-11-03 14:15:08 +00:00
ibm-public Resolve conflicts from last import 2015-09-12 08:23:23 +00:00
intel-fw-eula Import ipw2200-fw-3.1 2014-03-15 15:23:22 +00:00
intel-fw-public iwm(4) works now, but 2.4GHz only. 2015-02-13 18:57:46 +00:00
lgpl3 RISC-V configury. 2014-09-19 17:23:57 +00:00
mit change MKDEPFLAGS from 2015-11-07 20:45:03 +00:00
public-domain Update for tzdata2015f: 2015-08-11 18:10:13 +00:00
realtek Added rtwn(4) for Realtek RTL8188CE/RTL8192CE PCIe 802.11b/g/n wireless network 2015-08-27 14:04:07 +00:00
zlib/pigz From: Joachim Henke 2015-04-07 17:48:13 +00:00
Makefile
README

README 

$NetBSD: README,v 1.15 2012/06/14 04:14:36 riz Exp $

Organization of Sources:

This directory hierarchy is using an organization that separates
source for programs that we have obtained from external third
parties (where NetBSD is not the primary maintainer) from the
system source.

The hierarchy is grouped by license, and then package per license,
and is organized as follows:

	external/

	    Makefile
			Descend into the license sub-directories.

	    <license>/
			Per-license sub-directories.

		Makefile
			Descend into the package sub-directories.

		<package>/
			Per-package sub-directories.

		    Makefile
			Build the package.
			
		    dist/
			The third-party source for a given package.

		    bin/
		    lib/
		    sbin/
			BSD makefiles "reach over" from these into
			"../dist/".

This arrangement allows for packages to be easily disabled or
excised as necessary, either on a per-license or per-package basis.

The licenses currently used are:

	apache2		Apache 2.0 license.
			http://www.opensource.org/licenses/apache2.0.php

	atheros		Atheros License.

	bsd		BSD (or equivalent) licensed software, possibly with
			the "advertising clause".
			http://www.opensource.org/licenses/bsd-license.php

	cddl		Common Development and Distribution License (the sun
			license which is based on the Mozilla Public License
			version 1.1).
			http://www.opensource.org/licenses/cddl1.php

	gpl2		GNU Public License, version 2 (or earlier).
			http://www.opensource.org/licenses/gpl-2.0.php

	gpl3		GNU Public License, version 3.
			http://www.opensource.org/licenses/gpl-3.0.html

	historical	Lucent's old license:
			http://www.opensource.org/licenses/historical.php
			
	ibm-public	IBM's public license:
			http://www.opensource.org/licenses/ibmpl.php

	intel-fw-eula	Intel firmware license with redistribution
			restricted to OEM.

	intel-fw-public	Intel firmware license permitting redistribution with
			terms similar to BSD licensed software.

	intel-public	Intel license permitting redistribution with
			terms similar to BSD licensed software.

	mit		MIT (X11) style license.
			http://www.opensource.org/licenses/mit-license.php

	public-domain	Non-license for code that has been explicitly put
			into the Public Domain.

	realtek		RealTek license.

	zlib		Zlib (BSD-like) license.
			http://www.zlib.net/zlib_license.html

If a package has components covered by different licenses
(for example, GPL2 and the LGPL), use the <license> subdirectory
for the more restrictive license.

If a package allows the choice of a license to use, we'll
generally use the less restrictive license.

If in doubt about where a package should be located, please
contact <core@NetBSD.org> for advice.


Migration Strategy:


Eventually src/dist (and associated framework in other base source
directories) and src/gnu will be migrated to this hierarchy.


Maintenance Strategy:

The sources under src/external/<license>/<package>/dist/ are
generally a combination of a published distribution plus changes
that we submit to the maintainers and that are not yet published
by them.

Make sure all changes made to the external sources are submitted
to the appropriate maintainer, but only after coordinating with
the NetBSD maintainers.