CaROS/meta-openembedded
3
1
Fork 0
mirror of git://git.openembedded.org/meta-openembedded synced 2026-01-01 13:58:06 +00:00
Code Issues Packages Projects Releases Wiki Activity
9,421 Commits 63 Branches 0 Tags 91 MiB
BitBake 71.9%
C++ 6.9%
Shell 6.5%
C 3.2%
Roff 2.3%
Other 9%
35076e347b
Go to file
Mark Hatle 35076e347b hostapd: fix WPA2 key replay security bug 
Note, hostapd and wpa_supplicant use the same sources.  This commit is based
on Ross Burton's change to OpenEmbedded-core.  Below is Ross's commit message
from OpenEmbedded-Core.

    WPA2 is vulnerable to replay attacks which result in unauthenticated users
    having access to the network.

    * CVE-2017-13077: reinstallation of the pairwise key in the Four-way handshake

    * CVE-2017-13078: reinstallation of the group key in the Four-way handshake

    * CVE-2017-13079: reinstallation of the integrity group key in the Four-way
    handshake

    * CVE-2017-13080: reinstallation of the group key in the Group Key handshake

    * CVE-2017-13081: reinstallation of the integrity group key in the Group Key
    handshake

    * CVE-2017-13082: accepting a retransmitted Fast BSS Transition Reassociation
    Request and reinstalling the pairwise key while processing it

    * CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS)
    PeerKey (TPK) key in the TDLS handshake

    * CVE-2017-13087: reinstallation of the group key (GTK) when processing a
    Wireless Network Management (WNM) Sleep Mode Response frame

    * CVE-2017-13088: reinstallation of the integrity group key (IGTK) when
    processing a Wireless Network Management (WNM) Sleep Mode Response frame

    Backport patches from upstream to resolve these CVEs.

    Signed-off-by: Ross Burton <ross.burton@intel.com>

The hunk:

[PATCH 7/8] WNM: Ignore WNM-Sleep Mode Response without pending request

does not apply to hostapd and was removed from the patch.

Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
(cherry picked from commit ed6b5da874)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-10-16 14:39:31 -07:00
contrib tesseract: upgrade to 3.04 2016-10-21 18:20:43 +02:00
meta-efl lightmediascanner: Define comparison_fn_t if undefined 2017-09-13 17:16:28 -07:00
meta-filesystems logfsprogs: Rename setkey API to _setkey to not conflict with libc 2017-09-13 17:16:28 -07:00
meta-gnome libbonoboui: Fix with with hardening and clang 2017-09-13 17:16:28 -07:00
meta-gpe README: update maintainers list for pyro 2017-05-09 15:59:39 +02:00
meta-initramfs kexec-tools-klibc: Fix build with musl 2017-09-13 17:16:28 -07:00
meta-multimedia kodi: fix build with latest gcc 2017-09-13 17:16:28 -07:00
meta-networking wireshark: update to 2.2.9 2017-09-18 12:06:38 -07:00
meta-oe hostapd: fix WPA2 key replay security bug 2017-10-16 14:39:31 -07:00
meta-perl adduser: use get_perl_version instead of PERLVERSION 2017-09-13 17:16:28 -07:00
meta-python python-pycrypto: Security fix CVE-2013-7459 2017-09-13 17:16:28 -07:00
meta-ruby README: update maintainers list for pyro 2017-05-09 15:59:39 +02:00
meta-systemd README: update maintainers list for pyro 2017-05-09 15:59:39 +02:00
meta-webserver monkey: Link in libexecinfo on musl 2017-09-13 17:16:28 -07:00
meta-xfce imsettings: Fix build with musl 2017-09-13 17:16:28 -07:00
.gitignore gitignore: Ignore Edit backup files, patches, .rej, .orig, .swp 2013-11-24 15:19:27 +01:00
COPYING.MIT add README and license for this layer 2011-02-13 16:47:32 +01:00
README README: add top level readme, update meta-oe one 2011-10-17 09:27:01 +02:00

README 

Collection of layers for the OE-core universe

Please see the respective READMEs in the layer subdirectories