main/hostapd: various security fixes

CVE-2015-4141
CVE-2015-4142
CVE-2015-4143
CVE-2015-4144
CVE-2015-4145
CVE-2015-4146

ref #4339
ref #4266

1 files changed, 42 insertions, 4 deletions

diff --git a/main/hostapd/APKBUILD b/main/hostapd/APKBUILD
index fdb9709631..69e0b25279 100644
--- a/main/hostapd/APKBUILD
+++ b/main/hostapd/APKBUILD
@@ -10,7 +10,21 @@ depends=
 makedepends="openssl-dev libnl3-dev linux-headers"
 install=
 subpackages="$pkgname-doc"
-patches="CVE-2012-4445.patch musl-fix-types.patch"
+patches="
+	musl-fix-types.patch
+	CVE-2012-4445.patch
+	0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch
+	0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch
+	0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch
+	0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch
+	0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch
+	CVE-2015-1863.patch
+	CVE-2015-4141.patch
+	CVE-2015-4142.patch
+	"
+
+
+
 source="http://hostap.epitest.fi/releases/$pkgname-$pkgver.tar.gz
 	$patches
 	$pkgname.initd
@@ -79,17 +93,41 @@ package() {
 }
 
 md5sums="04578f3f2c3eb1bec1adf30473813912  hostapd-2.4.tar.gz
-0d01d4641e0c33f79c1f4372613655bf  CVE-2012-4445.patch
 7568486221987c93041b4877eced7317  musl-fix-types.patch
+0d01d4641e0c33f79c1f4372613655bf  CVE-2012-4445.patch
+87d611a9b704402f66fa59ba1458928d  0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch
+bafcec421e4f5c6a8383893d029a79e5  0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch
+fa2aed3cf49f7e6c7b17bf9db9a001f5  0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch
+de0fca4d74a1883d15ef5754f13a5226  0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch
+9d854969af23b207f9f3dff38ef78770  0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch
+8e8c34267fefcc4142ee142e5515b5df  CVE-2015-1863.patch
+222ec96a8dc73c41608cc463beac3966  CVE-2015-4141.patch
+d3688697f81ca1e684a79dfa3682a111  CVE-2015-4142.patch
 29b561d4ee34dc22a8a0ae0bf1db5c45  hostapd.initd
 c91382209042defa04e79d0ae841a29e  hostapd.confd"
 sha256sums="6fe0eb6bd1c9cbd24952ece8586b6f7bd14ab358edfda99794e79b9b9dbd657f  hostapd-2.4.tar.gz
-06dc7df2159fb0604191f66d35164caa5927963eebe77b5f2c389bd7590e2a49  CVE-2012-4445.patch
 f296013d432740478f24de7214d07ff897e6e38cbfd01a73a3158014f94fd771  musl-fix-types.patch
+06dc7df2159fb0604191f66d35164caa5927963eebe77b5f2c389bd7590e2a49  CVE-2012-4445.patch
+a204bc37f52e5346780a306c01706689eb46263dedcdcb1eb2f4c0b291a0db93  0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch
+298fc3b89f987922fb2600d0c95e8c868d6da30d24643748afd47bcd30da7b44  0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch
+2fd42fb53be793c54343aa18a84afebe4603aa6ce8b6969ad6b3a8d327c6b142  0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch
+c28ca6303a562809dfd1812f9b918808b3b0f0c52cc43070fd1777e1cfc88f18  0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch
+04ef66fbd5b2167274cd7123d7f7252963b9a9c1ec2f5edf6558a6ad92d47689  0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch
+a3abf75801f02199ff48c316a7b6598860e6ca20ce2fe79b0bec873905e5c8a4  CVE-2015-1863.patch
+eb63d845fdc38b6310c527ad1705b6fe3b74f90e263188da2aca97468cc55142  CVE-2015-4141.patch
+cc6c488afab4ccfdaedd9e224989b5fe713d6b0415ea94579190bd8ba60c9be5  CVE-2015-4142.patch
 cae79127d088c047c1460d5b63eb67da1a830eb725a8c95e50070e516ad02800  hostapd.initd
 6c14e88b14bb9a93d2dca69239d829f435e93180e621319aeed0f3987290dfba  hostapd.confd"
 sha512sums="37e648fe9cce92923ab1d1e23a4267e274c988785d7be5610f1affca425ffa86b438de81e37446926a0f9158d6b67ee83e6396c3f81d571545c973dddbf1ffe3  hostapd-2.4.tar.gz
-619acce84516dead1e03e5da71657ea4c4b6f3ca8271574409773aeb316cbddc88095b50320804f457f001f4f3fe83053e660c008d8409f59bb4d3bfe058b601  CVE-2012-4445.patch
 6ccdca29bc3a6b87d6e3f581c4f4725f0684bb88f39d46f875e9bdb0c41ee5b8be3b7908084c6631bffddece82cb2f2222e159d842944b6f2b7b639ef2de609c  musl-fix-types.patch
+619acce84516dead1e03e5da71657ea4c4b6f3ca8271574409773aeb316cbddc88095b50320804f457f001f4f3fe83053e660c008d8409f59bb4d3bfe058b601  CVE-2012-4445.patch
+9440f8d9d18d20b95d236c1a4467d86dfbbc17d8f26b0caa48d6737c6231d1ff14793c6fc8a1e4508f3ad38c9a5d710fd49b85c7de16634dbe6685af05f44f7c  0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch
+0887017bfdb4632baa49bb849b732eed7eec9a498247fdd5ef8448e4a6df10380c06d68fa706e0b2624c04eb6f5a327cdb71c5c71c3476dc383f889ee7372702  0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch
+341901aa94c44ae725b6d4dddac2a52b6457234189554fc282c9cf5fa0254125d7323553a7b8118f9a3e2020f039267ed4c912f84ac6f2cb12670b40c28ac652  0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch
+b752f91c3d6dcf0784d9cb20a0c7f8de6c837c38ff62cf77b136d9b818890b13f55eeed1d6097f244181b480be953e1bdfb5651116dc5d62a2d02c018e19042a  0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch
+07a21f0cc7d00e17bed8ef5ced36159020a410a4606aa0ca24e47223835ab0cc5fbeed3075c4f17d2ce1aee437eedf9fea8f4b95252b2fa255d54a195637cb6f  0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch
+61f90d06bd42fb7ea17ba147db861303f5b1fdce2cda35492cec578214da5ea5d654a1df99dee4d4a0c07ef3e8b3bfb65ab4b98eff21c2013adf536766136ce1  CVE-2015-1863.patch
+4633a96a91e151407e4c62b74b4e78d37e4fba586278c6ae4340ce149bee0c644a4d62675256839c3130374a4dc7531beaeed8282946e7dcd3faf1ed74bf99be  CVE-2015-4141.patch
+dc561d90f3f329ebb201abbb53eea161603fb2abba6b2fc5c79298d97c84f2d65d401608cd7bb2fb82abf909661c56699bf4bcbf902f6f8c7d5b1853b0277353  CVE-2015-4142.patch
 b54b7c6aa17e5cb86a9b354a516eb2dbefb544df18471339c61d82776de447011a2ac290bea1e6c8beae4b6cebefafb8174683ea42fb773e9e8fe6c679f33ba3  hostapd.initd
 0882263bbd7c0b05bf51f51d66e11a23a0b8ca7da2a3b8a30166d2c5f044c0c134e6bccb1d02c9e81819ca8fb0c0fb55c7121a08fe7233ccaa73ff8ab9a238fe  hostapd.confd"