summaryrefslogtreecommitdiffstats
path: root/meta-oe/recipes-connectivity/hostapd/hostapd_2.9.bb
Commit message (Collapse)AuthorAgeFilesLines
* hostapd: upgrade 2.9 -> 2.10wangmy2022-01-251-57/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 0001-Prepare-for-CVE-2021-30004.patch.patch CVE-2019-16275.patch CVE-2019-5061.patch CVE-2021-0326.patch CVE-2021-27803.patch CVE-2021-30004.patch removed since they're included in 2.10 License-Update: year updated to 2022. Changelog: ========= * SAE changes - improved protection against side channel attacks [https://w1.fi/security/2022-1/] - added option send SAE Confirm immediately (sae_config_immediate=1) after SAE Commit - added support for the hash-to-element mechanism (sae_pwe=1 or sae_pwe=2) - fixed PMKSA caching with OKC - added support for SAE-PK * EAP-pwd changes - improved protection against side channel attacks [https://w1.fi/security/2022-1/] * fixed WPS UPnP SUBSCRIBE handling of invalid operations [https://w1.fi/security/2020-1/] * fixed PMF disconnection protection bypass [https://w1.fi/security/2019-7/] * added support for using OpenSSL 3.0 * fixed various issues in experimental support for EAP-TEAP server * added configuration (max_auth_rounds, max_auth_rounds_short) to increase the maximum number of EAP message exchanges (mainly to support cases with very large certificates) for the EAP server * added support for DPP release 2 (Wi-Fi Device Provisioning Protocol) * extended HE (IEEE 802.11ax) support, including 6 GHz support * removed obsolete IAPP functionality * fixed EAP-FAST server with TLS GCM/CCM ciphers * dropped support for libnl 1.1 * added support for nl80211 control port for EAPOL frame TX/RX * fixed OWE key derivation with groups 20 and 21; this breaks backwards compatibility for these groups while the default group 19 remains backwards compatible; owe_ptk_workaround=1 can be used to enabled a a workaround for the group 20/21 backwards compatibility * added support for Beacon protection * added support for Extended Key ID for pairwise keys * removed WEP support from the default build (CONFIG_WEP=y can be used to enable it, if really needed) * added a build option to remove TKIP support (CONFIG_NO_TKIP=y) * added support for Transition Disable mechanism to allow the AP to automatically disable transition mode to improve security * added support for PASN * added EAP-TLS server support for TLS 1.3 (disabled by default for now) * a large number of other fixes, cleanup, and extensions Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Convert to new override syntaxMartin Jansa2021-08-031-4/+4
| | | | | | | | | | This is the result of automated script (0.9.1) conversion: oe-core/scripts/contrib/convert-overrides.py . converting the metadata to use ":" as the override character instead of "_". Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* hostapd: fix building with CONFIG_TLS=internalAlexander Vickberg2021-05-171-0/+1
| | | | | | | | | The patch recently added for CVE-2021-30004 broke compilation with CONFIG_TLS=internal. This adds the necessary function to let it compile again. Signed-off-by: Alexander Vickberg <wickbergster@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* hostapd: fix CVE-2021-30004Stefan Ghinea2021-04-131-0/+1
| | | | | | | | | | | | | | | In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c. References: https://nvd.nist.gov/vuln/detail/CVE-2021-30004 Upstream patches: https://w1.fi/cgit/hostap/commit/?id=a0541334a6394f8237a4393b7372693cd7e96f15 Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* hostapd: fix CVE-2021-0326 and CVE-2021-27803Mingli Yu2021-04-081-0/+2
| | | | | | | Backport 2 patches to fix two CVEs. Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* hostapd: fix CVE-2019-5061Mingli Yu2021-03-221-0/+1
| | | | | | | | | Backport a patch to fix CVE-2019-5061. Reference: https://security-tracker.debian.org/tracker/CVE-2019-5061 Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* hostapd: CVE-2019-16275.patchWang Mingyu2020-04-211-0/+1
| | | | | | | | | | security Advisory References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16275 Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* recipes: rename distro_features_check to features_checkDenys Dmytriyenko2019-11-211-1/+1
| | | | | | | Avoid warning due to the class rename in OE-Core. Signed-off-by: Denys Dmytriyenko <denys@ti.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* hostapd: upgrade 2.8 -> 2.9Yuan Chao2019-08-091-0/+51
Signed-off-by: Yuan Chao <yuanc.fnst@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>