summaryrefslogtreecommitdiffstats
path: root/meta-oe/recipes-connectivity/hostapd/hostapd_2.6.bb
Commit message (Collapse)AuthorAgeFilesLines
* hostapd: fix CVE-2018-14526Andrej Valek2018-09-051-0/+1
| | | | | | | | | Ignore unauthenticated encrypted EAPOL-Key data in supplicant processing. When using WPA2, these are frames that have the Encrypted flag set, but not the MIC flag. Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* hostapd: fix the bug for PATCHTOOL = "patch"Zheng Ruoqin2018-05-291-1/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When switch PATCHTOOL to patch, the key-replay-cve-multiple.patch can't be apply with "--dry-run" as follows: checking file src/ap/ieee802_11.c checking file src/ap/wpa_auth.c checking file src/ap/wpa_auth.h checking file src/ap/wpa_auth_ft.c checking file src/ap/wpa_auth_i.h checking file src/common/wpa_common.h checking file src/rsn_supp/wpa.c checking file src/rsn_supp/wpa_i.h checking file src/rsn_supp/wpa.c Hunk #1 FAILED at 709. Hunk #2 FAILED at 757. Hunk #3 succeeded at 840 (offset -12 lines). Hunk #4 FAILED at 868. Hunk #5 FAILED at 900. Hunk #6 FAILED at 924. Hunk #7 succeeded at 1536 (offset -38 lines). Hunk #8 FAILED at 2386. Hunk #9 FAILED at 2920. Hunk #10 succeeded at 2940 (offset -46 lines). Hunk #11 FAILED at 2998. 8 out of 11 hunks FAILED checking file src/rsn_supp/wpa_i.h Hunk #1 FAILED at 32. 1 out of 1 hunk FAILED checking file src/common/wpa_common.h Hunk #1 succeeded at 215 with fuzz 1. checking file src/rsn_supp/wpa.c checking file src/rsn_supp/wpa_i.h checking file src/ap/wpa_auth.c Hunk #1 succeeded at 1898 (offset -3 lines). Hunk #2 succeeded at 2470 (offset -3 lines). checking file src/rsn_supp/tdls.c checking file src/rsn_supp/wpa.c Hunk #1 succeeded at 2378 (offset -62 lines). checking file src/rsn_supp/wpa_ft.c checking file src/rsn_supp/wpa_i.h Hunk #1 succeeded at 123 (offset -5 lines). So split the key-replay-cve-multiple.patch to 7 patches. Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* hostapd: fix LICENSE + misc recipe updatesAndre McCurdy2018-04-081-19/+20
| | | | | | | | | | | | | | | According to the COPYING file in the top level of the hostapd source tree, hostapd was re-licensed from dual BSD/GPLv2 to BSD only in February 2012. This change has apparently gone unnoticed for the past 6 years, but fix it now. Also use pkg-config to find libnl headers (instead of hardcoding), append to base do_configure (instead of over-riding), respect OE's default CFLAGS (instead of ignoring) and make some minor formatting tweaks to bring the recipe more in line with the OE Styleguide. Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* hostapd: not compatible with openssl-no-weak-ciphersSlater, Joseph2018-03-211-1/+4
| | | | | | | Use CONFLICT_DISTRO_FEATURES to not build if des is not supported. Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* hostapd: fix WPA2 key replay security bugMark Hatle2017-10-161-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Note, hostapd and wpa_supplicant use the same sources. This commit is based on Ross Burton's change to OpenEmbedded-core. Below is Ross's commit message from OpenEmbedded-Core. WPA2 is vulnerable to replay attacks which result in unauthenticated users having access to the network. * CVE-2017-13077: reinstallation of the pairwise key in the Four-way handshake * CVE-2017-13078: reinstallation of the group key in the Four-way handshake * CVE-2017-13079: reinstallation of the integrity group key in the Four-way handshake * CVE-2017-13080: reinstallation of the group key in the Group Key handshake * CVE-2017-13081: reinstallation of the integrity group key in the Group Key handshake * CVE-2017-13082: accepting a retransmitted Fast BSS Transition Reassociation Request and reinstalling the pairwise key while processing it * CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake * CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame * CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame Backport patches from upstream to resolve these CVEs. Signed-off-by: Ross Burton <ross.burton@intel.com> The hunk: [PATCH 7/8] WNM: Ignore WNM-Sleep Mode Response without pending request does not apply to hostapd and was removed from the patch. Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* hostapd: 2.5 -> 2.6Huang Qiyu2017-04-261-0/+47
1) Upgrade hostapd from 2.5 to 2.6. 2) License checksum changed,since the copyright years were updated. 2) Delete patch "0001-WPS-Reject-a-Credential-with-invalid-passphrase.patch", since it is integrated upstream. Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-08-10 05:24:24 +0000