Commit 22b0c44e authored by Gustavo Zacarias's avatar Gustavo Zacarias Committed by Peter Korsgaard
Browse files

aircrack-ng: security bump to version 1.2-rc1 



Fixes:
CVE-2014-8321 - gps_tracer stack overflow
CVE-2014-8322 - tcp_test length parameter inconsistency
CVE-2014-8323 - buddy-ng missing check in data format
CVE-2014-8324 - net_get missing check for invalid values

Previous CVE patch dropped since the fix is upstream.
Also add hash file.

Drop iw runtime dep since it's only one of many required by airmon-zc (a
script) which require a ton of conditionals for just that tool.
It will tell somewhat nicely if they're missing. These would be:

awk - from busybox or gawk
ethtool
grep - from busybox or grep
ip or ifconfig - from busybox, iproute2 or net-tools
iw
lspci - from pciutils (needs full variant)
lsusb - from usbutils (needs full variant)
modprobe/modinfo - from busybox or kmod
uname - from busybox or coreutils

[Peter: drop double -lpthread from sqlite conditional]
Signed-off-by: default avatarGustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: default avatarPeter Korsgaard <peter@korsgaard.com>
parent 4cefe929

package/aircrack-ng/0001-Makefile-use-pkg-config-to-find-libpcre-it-s-more-cros.patch

0 → 100644
+39 −0
Original line number Diff line number Diff line 
From 98149c7664e99cc8ce9c9b1abf2fa90d9cd68e0d Mon Sep 17 00:00:00 2001

From: Gustavo Zacarias <gustavo@zacarias.com.ar>

Date: Wed, 5 Nov 2014 09:38:12 -0300

Subject: [PATCH] Makefile: use pkg-config to find libpcre, it's more

 cross-compile friendly



Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>

---

Status: Upstream http://trac.aircrack-ng.org/ticket/1526



diff --git a/common.mak b/common.mak

index 6e5694b..d875708 100644

--- a/common.mak

+++ b/common.mak

@@ -39,7 +39,7 @@ PCRE            = true

 endif

 

 ifeq ($(PCRE), true)

-COMMON_CFLAGS += $(shell pcre-config --cflags) -DHAVE_PCRE

+COMMON_CFLAGS += $(shell $(PKG_CONFIG) --cflags libpcre) -DHAVE_PCRE

 endif

 

 ifeq ($(OSNAME), cygwin)

diff --git a/src/Makefile b/src/Makefile

index f9217f9..14350b6 100644

--- a/src/Makefile

+++ b/src/Makefile

@@ -16,7 +16,7 @@ BINFILES        = aircrack-ng$(EXE) airdecap-ng$(EXE) packetforge-ng$(EXE) \

 

 LIBPCRE		=

 ifeq ($(PCRE), true)

-	LIBPCRE	= $(shell pcre-config --libs)

+	LIBPCRE = $(shell $(PKG_CONFIG) --libs libpcre)

 endif

 

 ifneq ($(OSNAME), cygwin) #There is yet no libpcap support for windows, so we skip the crawler

-- 

2.0.4

package/aircrack-ng/0002-Optionally-use-LIBPCAP-for-required-libpcap-libraries.patch

0 → 100644
+33 −0
Original line number Diff line number Diff line 
From 1abf7a6aad3d7931de2c01b578f62986b75de2f5 Mon Sep 17 00:00:00 2001

From: Gustavo Zacarias <gustavo@zacarias.com.ar>

Date: Tue, 11 Nov 2014 16:23:42 -0300

Subject: [PATCH] Optionally use LIBPCAP for required libpcap libraries



Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>

---

Status: Reported http://trac.aircrack-ng.org/ticket/1528



diff --git a/src/Makefile b/src/Makefile

index 14350b6..7bd4271 100644

--- a/src/Makefile

+++ b/src/Makefile

@@ -23,6 +23,7 @@ ifneq ($(OSNAME), cygwin) #There is yet no libpcap support for windows, so we sk

 	HAVE_PCAP	= $(shell ld -lpcap 2> /dev/null && echo yes)

 	ifeq ($(HAVE_PCAP), yes) #cannot link with -lpcap, skip crawler

 		BINFILES	+= besside-ng-crawler$(EXE)

+		LIBPCAP		= -lpcap

 	endif

 endif

 

@@ -168,7 +169,7 @@ besside-ng$(EXE): $(OBJS_BS) $(LIBOSD)

 	$(CC) $(CFLAGS) $(LDFLAGS) $(OBJS_BS) -o $(@) $(LIBS) $(LIBSSL) -lz $(LIBPCRE)

 

 besside-ng-crawler$(EXE): $(OBJS_BC)

-	$(CC) $(CFLAGS) $(LDFLAGS) $(OBJS_BC) -o $(@) -lpcap

+	$(CC) $(CFLAGS) $(LDFLAGS) $(OBJS_BC) -o $(@) $(LIBPCAP)

 

 makeivs-ng$(EXE): $(OBJS_MI)

 	$(CC) $(CFLAGS) $(LDFLAGS) $(OBJS_MI) -o $(@) $(LDFLAGS)

-- 

2.0.4

package/aircrack-ng/Config.in

+4 −1
Original line number Diff line number Diff line
@@ -2,8 +2,11 @@ config BR2_PACKAGE_AIRCRACK_NG 
	bool "aircrack-ng"

	depends on BR2_LARGEFILE

	depends on BR2_USE_MMU # uses fork()

	# libnl has issues when linking statically

	# they need fixing in libnl itself

	select BR2_PACKAGE_LIBNL if !BR2_PREFER_STATIC_LIB

	select BR2_PACKAGE_OPENSSL

	select BR2_PACKAGE_IW # runtime

	select BR2_PACKAGE_ZLIB

	depends on BR2_TOOLCHAIN_HAS_THREADS

	help

	  A set of tools for auditing wireless networks

package/aircrack-ng/aircrack-ng-01-CVE-2010-1159.patch

deleted100644 → 0
+0 −24
Original line number Diff line number Diff line 
Fix for buffer overflow CVE-2010-1159.



Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>



--- a/src/airodump-ng.c

+++ b/src/airodump-ng.c

@@ -2126,7 +2126,7 @@

                     st_cur->wpa.eapol_size = ( h80211[z + 2] << 8 )

                             +   h80211[z + 3] + 4;

 

-                    if ((int)pkh.len - z < st_cur->wpa.eapol_size  || st_cur->wpa.eapol_size == 0)

+                    if (caplen - z < st_cur->wpa.eapol_size  || st_cur->wpa.eapol_size == 0 || caplen - z < 81 + 16 || st_cur->wpa.eapol_size > 256)

 					{

 						// Ignore the packet trying to crash us.

                     	goto write_packet;

@@ -2158,7 +2158,7 @@

                     st_cur->wpa.eapol_size = ( h80211[z + 2] << 8 )

                             +   h80211[z + 3] + 4;

 

-                    if ((int)pkh.len - z < st_cur->wpa.eapol_size  || st_cur->wpa.eapol_size == 0)

+		    if (caplen - z < st_cur->wpa.eapol_size  || st_cur->wpa.eapol_size == 0 || caplen - z < 81 + 16 || st_cur->wpa.eapol_size > 256)

 					{

 						// Ignore the packet trying to crash us.

                     	goto write_packet;

package/aircrack-ng/aircrack-ng.hash

0 → 100644
+3 −0
Original line number Diff line number Diff line 
# From http://www.aircrack-ng.org/downloads.html

sha1	b5ff7d0fffb72095311bbe8824ab98aaac62db8f	aircrack-ng-1.2-rc1.tar.gz

md5	c2f8648c92f7e46051c86c618d4fb0d5	aircrack-ng-1.2-rc1.tar.gz