CaROS/meta-openembedded
3
1
Fork 0
mirror of git://git.openembedded.org/meta-openembedded synced 2026-01-01 13:58:06 +00:00
Code Issues Packages Projects Releases Wiki Activity
35076e347b
meta-openembedded/meta-oe
History
Mark Hatle 35076e347b hostapd: fix WPA2 key replay security bug 
Note, hostapd and wpa_supplicant use the same sources.  This commit is based
on Ross Burton's change to OpenEmbedded-core.  Below is Ross's commit message
from OpenEmbedded-Core.

    WPA2 is vulnerable to replay attacks which result in unauthenticated users
    having access to the network.

    * CVE-2017-13077: reinstallation of the pairwise key in the Four-way handshake

    * CVE-2017-13078: reinstallation of the group key in the Four-way handshake

    * CVE-2017-13079: reinstallation of the integrity group key in the Four-way
    handshake

    * CVE-2017-13080: reinstallation of the group key in the Group Key handshake

    * CVE-2017-13081: reinstallation of the integrity group key in the Group Key
    handshake

    * CVE-2017-13082: accepting a retransmitted Fast BSS Transition Reassociation
    Request and reinstalling the pairwise key while processing it

    * CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS)
    PeerKey (TPK) key in the TDLS handshake

    * CVE-2017-13087: reinstallation of the group key (GTK) when processing a
    Wireless Network Management (WNM) Sleep Mode Response frame

    * CVE-2017-13088: reinstallation of the integrity group key (IGTK) when
    processing a Wireless Network Management (WNM) Sleep Mode Response frame

    Backport patches from upstream to resolve these CVEs.

    Signed-off-by: Ross Burton <ross.burton@intel.com>

The hunk:

[PATCH 7/8] WNM: Ignore WNM-Sleep Mode Response without pending request

does not apply to hostapd and was removed from the patch.

Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
(cherry picked from commit ed6b5da874)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-10-16 14:39:31 -07:00
..
classes gitver: skip packages instead of panic()ing if ${GITVER} fails to expand 2017-09-13 17:16:28 -07:00
conf meta_oe_security_flags.inc: Disable PIE for libdevmapper 2017-05-04 09:18:58 +02:00
licenses acpitests: Fix license issue 2016-05-10 20:18:57 +02:00
recipes-benchmark iperf3: Fix missing stdint.h and do not link with -pg 2017-09-13 17:16:28 -07:00
recipes-bsp/pointercal pointercal: move recipe from oe-core 2016-09-26 08:29:10 +02:00
recipes-connectivity hostapd: fix WPA2 key replay security bug 2017-10-16 14:39:31 -07:00
recipes-core libdbus-c++: Add -pthread to linker flags 2017-09-13 17:16:28 -07:00
recipes-devtools glade: Fix format string warnings with clang 2017-09-13 17:16:28 -07:00
recipes-extended corosync: Fix build with musl 2017-09-13 17:16:28 -07:00
recipes-gnome recipes: add removal date to PNBLACKLIST messages 2017-04-05 19:36:45 +02:00
recipes-graphics fbida: Fix build with libjpeg-turbo 2017-09-13 17:16:28 -07:00
recipes-kernel crash: Pass optimization flags to configure via CC 2017-09-13 17:16:28 -07:00
recipes-multimedia a2jmidid: Link with libexecinfo on musl 2017-09-13 17:16:28 -07:00
recipes-navigation orrery: Fix build with hardening flags 2017-09-13 17:16:28 -07:00
recipes-sato/claws-mail recipes: add removal date to PNBLACKLIST messages 2017-04-05 19:36:45 +02:00
recipes-support tbb: fix compile issue 2017-09-17 11:17:31 -07:00
recipes-test fwts: upgrade to 17.03.00 release 2017-03-31 13:26:01 +02:00
site rp-pppoe: Port from oe.dev 2011-07-26 21:51:39 +02:00
COPYING.MIT
README README: update maintainers list for pyro 2017-05-09 15:59:39 +02:00

README 

This layer depends on:

URI: git://github.com/openembedded/oe-core.git
branch: pyro
revision: HEAD

Send pull requests to openembedded-devel@lists.openembedded.org with '[meta-oe][pyro]' in the subject'

When sending single patches, please use something like:
'git send-email -M -1 --to openembedded-devel@lists.openembedded.org --subject-prefix=meta-oe][pyro][PATCH'

You are encouraged to fork the mirror on github https://github.com/openembedded/meta-oe/ to share your patches, this is preferred for patch sets consisting of more than one patch. Other services like gitorious, repo.or.cz or self hosted setups are of course accepted as well, 'git fetch <remote>' works the same on all of them. We recommend github because it is free, easy to use, has been proven to be reliable and has a really good web GUI.

pyro Branch Maintainer:
Armin Kuster <akuster808@gmail.com>