theba: use wpa_supplicant 2.3.

pkgs/wpa_supplicant/0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch

@@ -0,0 +1,42 @@
+From 9ed4eee345f85e3025c33c6e20aa25696e341ccd Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <jouni@qca.qualcomm.com>
+Date: Tue, 7 Apr 2015 11:32:11 +0300
+Subject: [PATCH] P2P: Validate SSID element length before copying it
+ (CVE-2015-1863)
+
+This fixes a possible memcpy overflow for P2P dev->oper_ssid in
+p2p_add_device(). The length provided by the peer device (0..255 bytes)
+was used without proper bounds checking and that could have resulted in
+arbitrary data of up to 223 bytes being written beyond the end of the
+dev->oper_ssid[] array (of which about 150 bytes would be beyond the
+heap allocation) when processing a corrupted management frame for P2P
+peer discovery purposes.
+
+This could result in corrupted state in heap, unexpected program
+behavior due to corrupted P2P peer device information, denial of service
+due to process crash, exposure of memory contents during GO Negotiation,
+and potentially arbitrary code execution.
+
+Thanks to Google security team for reporting this issue and smart
+hardware research group of Alibaba security team for discovering it.
+
+Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
+---
+ src/p2p/p2p.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/p2p/p2p.c b/src/p2p/p2p.c
+index f584fae..a45fe73 100644
+--- a/src/p2p/p2p.c
++++ b/src/p2p/p2p.c
+@@ -778,6 +778,7 @@ int p2p_add_device(struct p2p_data *p2p, const u8 *addr, int freq,
+ 	if (os_memcmp(addr, p2p_dev_addr, ETH_ALEN) != 0)
+ 		os_memcpy(dev->interface_addr, addr, ETH_ALEN);
+ 	if (msg.ssid &&
++	    msg.ssid[1] <= sizeof(dev->oper_ssid) &&
+ 	    (msg.ssid[1] != P2P_WILDCARD_SSID_LEN ||
+ 	     os_memcmp(msg.ssid + 2, P2P_WILDCARD_SSID, P2P_WILDCARD_SSID_LEN)
+ 	     != 0)) {
+-- 
+1.9.1
+

pkgs/wpa_supplicant/default.nix

@@ -0,0 +1,61 @@
+{ stdenv, fetchurl, lib, openssl, dbus_libs, pkgconfig, libnl
+, readlineSupport ? true, readline
+}:
+
+assert readlineSupport -> readline != null;
+
+stdenv.mkDerivation rec {
+  version = "2.3";
+
+  name = "wpa_supplicant-${version}";
+
+  src = fetchurl {
+    url = "http://hostap.epitest.fi/releases/${name}.tar.gz";
+    sha256 = "0skvkl6c10ls4s48b2wmf47h9j1y40nlzxnzn8hyaw2j0prmpapa";
+  };
+
+  extraConfig =
+    ''
+      CONFIG_DEBUG_SYSLOG=y
+      CONFIG_CTRL_IFACE_DBUS=y
+      CONFIG_CTRL_IFACE_DBUS_NEW=y
+      CONFIG_CTRL_IFACE_DBUS_INTRO=y
+      CONFIG_DRIVER_NL80211=y
+      CONFIG_LIBNL32=y
+      ${stdenv.lib.optionalString readlineSupport "CONFIG_READLINE=y"}
+    '';
+
+  preBuild = ''
+    cd wpa_supplicant
+    cp -v defconfig .config
+    echo "$extraConfig" >> .config
+    cat .config
+    substituteInPlace Makefile --replace /usr/local $out
+    export NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE -I$(echo "${libnl}"/include/libnl*/)"
+  '';
+
+  buildInputs = [ openssl dbus_libs libnl ]
+    ++ lib.optional readlineSupport readline;
+
+  nativeBuildInputs = [ pkgconfig ];
+
+  patches = [ ./0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch ];
+
+  postInstall = ''
+    mkdir -p $out/share/man/man5 $out/share/man/man8
+    cp -v "doc/docbook/"*.5 $out/share/man/man5/
+    cp -v "doc/docbook/"*.8 $out/share/man/man8/
+    mkdir -p $out/etc/dbus-1/system.d $out/share/dbus-1/system-services $out/etc/systemd/system
+    cp -v "dbus/"*service $out/share/dbus-1/system-services
+    sed -e "s@/sbin/wpa_supplicant@$out&@" -i "$out/share/dbus-1/system-services/"*
+    cp -v dbus/dbus-wpa_supplicant.conf $out/etc/dbus-1/system.d
+    cp -v "systemd/"*.service $out/etc/systemd/system
+  '';
+
+  meta = {
+    homepage = http://hostap.epitest.fi/wpa_supplicant/;
+    description = "A tool for connecting to WPA and WPA2-protected wireless networks";
+    maintainers = with stdenv.lib.maintainers; [marcweber urkud];
+    platforms = stdenv.lib.platforms.linux;
+  };
+}

theba.nix

@@ -43,4 +43,8 @@
 
   services.xserver.vaapiDrivers = [ pkgs.vaapiIntel ];
 
+  nixpkgs.config.packageOverrides = pkgs: rec {
+    wpa_supplicant = pkgs.callPackage ./pkgs/wpa_supplicant { };
+  };
+
 }