diff options
| author | Wanja Schulze <rajaschu@googlemail.com> | 2018-04-04 00:46:44 +0200 |
|---|---|---|
| committer | Andreas Blaesius <andi@unlegacy-android.org> | 2018-04-14 19:07:07 +0200 |
| commit | 9d6f5164547add1ed7e2f11826362be11f7bc0e4 (patch) | |
| tree | ecd715cba4ee45ade60a90b5104512285cc74b0d /gps/gps.conf_AS_SUPL | |
| parent | e0e0d5b4b4e81fafd4bc1c96744b367ce3e73f6e (diff) | |
| download | android_device_common-cm-13.0.tar.gz android_device_common-cm-13.0.tar.bz2 android_device_common-cm-13.0.zip | |
Switch to a secure gps connectionHEADreplicant-6.0-0004-transitionreplicant-6.0-0004-rc6replicant-6.0-0004-rc5-transitionreplicant-6.0-0004-rc5replicant-6.0-0004-rc4replicant-6.0-0004-rc3replicant-6.0-0004-rc2replicant-6.0-0004-rc1replicant-6.0-0004cm-13.0
Because the XTRA and XTRA2 data files are served over HTTP without SSL,
this allows an attacker to mount a MITM attack on the network level and
modify the GPS assistance data while in transit.
Informations and fix taken from:
https://wwws.nightwatchcybersecurity.com/2016/12/05/cve-2016-5341/
Change-Id: I4b2c16acc7316c56d6d50d824bf951b248df16e0
(cherry picked from commit cf37f0af1e3daf34771fc051d9d6d60122e8e7a8)
Diffstat (limited to 'gps/gps.conf_AS_SUPL')
| -rw-r--r-- | gps/gps.conf_AS_SUPL | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/gps/gps.conf_AS_SUPL b/gps/gps.conf_AS_SUPL index a0e2a7d..ddd2be3 100644 --- a/gps/gps.conf_AS_SUPL +++ b/gps/gps.conf_AS_SUPL @@ -1,5 +1,5 @@ -XTRA_SERVER_1=http://xtra1.gpsonextra.net/xtra.bin -XTRA_SERVER_2=http://xtra2.gpsonextra.net/xtra.bin -XTRA_SERVER_3=http://xtra3.gpsonextra.net/xtra.bin +XTRA_SERVER_1=https://xtrapath1.izatcloud.net/xtra.bin +XTRA_SERVER_2=https://xtrapath2.izatcloud.net/xtra.bin +XTRA_SERVER_3=https://xtrapath3.izatcloud.net/xtra.bin SUPL_HOST=supl.google.com SUPL_PORT=7276 |