| Age | Commit message (Collapse) | Author | Files |
|---|
|
Ignore unauthenticated encrypted EAPOL-Key data in supplicant
processing. When using WPA2, these are frames that have the Encrypted
flag set, but not the MIC flag.
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
When switch PATCHTOOL to patch, applying 'key-replay-cve-multiple.patch' failed:
checking file src/ap/ieee802_11.c
checking file src/ap/wpa_auth.c
checking file src/ap/wpa_auth.h
checking file src/ap/wpa_auth_ft.c
checking file src/ap/wpa_auth_i.h
checking file src/common/wpa_common.h
checking file src/rsn_supp/wpa.c
checking file src/rsn_supp/wpa_i.h
checking file src/rsn_supp/wpa.c
Hunk #1 FAILED at 709.
Hunk #2 FAILED at 757.
Hunk #3 succeeded at 840 (offset -12 lines).
Hunk #4 FAILED at 868.
Hunk #5 FAILED at 900.
Hunk #6 FAILED at 924.
Hunk #7 succeeded at 1536 (offset -38 lines).
Hunk #8 FAILED at 2386.
Hunk #9 FAILED at 2920.
Hunk #10 succeeded at 2940 (offset -46 lines).
Hunk #11 FAILED at 2998.
8 out of 11 hunks FAILED
checking file src/rsn_supp/wpa_i.h
Hunk #1 FAILED at 32.
1 out of 1 hunk FAILED
checking file src/common/wpa_common.h
Hunk #1 succeeded at 215 with fuzz 1.
checking file src/rsn_supp/wpa.c
checking file src/rsn_supp/wpa_i.h
checking file src/ap/wpa_auth.c
Hunk #1 succeeded at 1898 (offset -3 lines).
Hunk #2 succeeded at 2470 (offset -3 lines).
checking file src/rsn_supp/tdls.c
checking file wpa_supplicant/wnm_sta.c
checking file src/rsn_supp/wpa.c
Hunk #1 succeeded at 2378 (offset -62 lines).
checking file src/rsn_supp/wpa_ft.c
checking file src/rsn_supp/wpa_i.h
Hunk #1 succeeded at 123 (offset -5 lines).
So split the wpa-supplicant/key-replay-cve-multiple to 8 patches.
Signed-off-by: Hong Liu <hongl.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The WPA_COMMON_CTRL_IFACE definition is missing, which leads to obvious
problems since there is no way to access the ctrl socket. So add it in.
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
WPA2 is vulnerable to replay attacks which result in unauthenticated users
having access to the network.
* CVE-2017-13077: reinstallation of the pairwise key in the Four-way handshake
* CVE-2017-13078: reinstallation of the group key in the Four-way handshake
* CVE-2017-13079: reinstallation of the integrity group key in the Four-way
handshake
* CVE-2017-13080: reinstallation of the group key in the Group Key handshake
* CVE-2017-13081: reinstallation of the integrity group key in the Group Key
handshake
* CVE-2017-13082: accepting a retransmitted Fast BSS Transition Reassociation
Request and reinstalling the pairwise key while processing it
* CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS)
PeerKey (TPK) key in the TDLS handshake
* CVE-2017-13087: reinstallation of the group key (GTK) when processing a
Wireless Network Management (WNM) Sleep Mode Response frame
* CVE-2017-13088: reinstallation of the integrity group key (IGTK) when
processing a Wireless Network Management (WNM) Sleep Mode Response frame
Backport patches from upstream to resolve these CVEs.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
It is used in NVD database CVE's like:
https://nvd.nist.gov/vuln/detail/CVE-2015-1863
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Missing dependency uncovered after recipe specific sysroots were enabled.
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
1)Upgrade wpa-supplicant from 2.5 to 2.6.
2)Delete 5 patches below, since they are integrated upstream.
0001-Reject-psk-parameter-set-with-invalid-passphrase-cha.patch
0001-WPS-Reject-a-Credential-with-invalid-passphrase.patch
0002-Reject-SET_CRED-commands-with-newline-characters-in-.patch
0002-Remove-newlines-from-wpa_supplicant-config-network-o.patch
0003-Reject-SET-commands-with-newline-characters-in-the-s.patch
3)License checksum changes are not related to license changes.
(From OE-Core rev: 878d411eb53e96bf78e902cc2345eccda8807bfc)
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add CVE-2016-4477 patch for avoiding \n and \r characters in passphrase
parameters, which allows remote attackers to cause a denial of service
(daemon outage) via a crafted WPS operation.
Patches came from http://w1.fi/security/2016-1/
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Add CVE-2016-4476 patch for avoiding \n and \r characters in passphrase
parameters, which allows remote attackers to cause a denial of service
(daemon outage) via a crafted WPS operation.
Patches came from http://w1.fi/security/2016-1/
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
wpa-supplicant: upgrade to 2.5
1. upgrade to 2.5
2. remove eight patches since they have been applied in 2.5
3. update SRC_URI, HOMEPAGE and BUGTRACKER to use w1.fi instead
Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The original commit "wpa-supplicant: Fix CVE-2015-4142" included the
patch file but didn't apply it into the recipe, so the backport has
not been effective.
Reported-by: Adam Moore <adam.moore@savantsystems.com>
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
CVE-2015-4145, CVE-2015-4146
wpa-supplicant: backport patch to fix CVE-2015-4141,
CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146
Backport patch to fix CVE-2015-4141, CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146.
This patch is originally from:
For CVE-2015-4141:
http://w1.fi/security/2015-2/0001-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch
For CVE-2015-4143:
http://w1.fi/security/2015-4/0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch
http://w1.fi/security/2015-4/0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch
For CVE-2015-4144 and CVE-2015-4145:
http://w1.fi/security/2015-4/0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch
http://w1.fi/security/2015-4/0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch
For CVE-2015-4146:
http://w1.fi/security/2015-4/0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch
Signed-off-by: Fan Xin <fan.xin at jp.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
wpa-supplicant: backport patch to fix CVE-2015-4142
Backport patch to fix CVE-2015-4142. This patch is originally from:
http://w1.fi/security/2015-3/0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch
Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The D-Bus config is not systemd-specific. It is required for the D-Bus
communication to be operational.
This reverts commit e658ee16dc026b96f67a4c9666d3eb7bf7027de3.
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
1. upgrade to 2.4
2. update the checksum, and license checksum since date in it is changed
3. Backport a patch to fix CVE-2015-1863
4. remove two deprecated patches
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Makes it more portable
Change-Id: I033787934cd91243ce8f8ce3a974a157aa5cfd6a
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The SystemD D-Bus configuration should only to be installed when
SystemD support is enabled.
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(See patch refrenced from OE-core rev: 1c3beda0015da9a0fec2581af7645c9ea122c7e3)
Modifies do_configure to inject DRV_CFLAGS variable into wpa_supplicant/.config which is then included during make of drivers.
Signed-off-by: Justin Capella <justincapella@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
- P2P WiFi improvements;
- Bug fixes.
Signed-off-by: Cristian Iorga <cristian.iorga@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Due to the split level nature of the wpa_suppliant sources, the standard
clean methods don't work. This change ensures it picks up on changes to
configuration.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fixed when rebuild:
make: *** No rule to make target `/path/to/old//sysroots/qemux86-64/usr/lib/dbus-1.0/include/dbus/dbus-arch-deps.h', needed by `dbus/dbus_old.o'. Stop.
The .d files save the path of the dependencies files which may not exist
when rebuild, we can remove them to make the rebuild work.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Select between openssl or gnutls as ssl implementation via
PACKAGECONFIG instead of explicitly adding both via DEPENDS.
Signed-off-by: Yasir-Khan <yasir_khan@mentor.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
- P2P enhancements/fixes;
- Interworking/Hotspot 2.0 enhancements;
- Internal TLS implementation enhancements/fixes;
- D-Bus interface extensions/fixes;
- various bug fixes.
Signed-off-by: Cristian Iorga <cristian.iorga@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
gnutls doesn't depend on libgcrypt anymore but
wpa-supplicant does. So add it as a dependencie.
Signed-off-by: Valentin Popa <valentin.popa@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
The base_contains is kept as a compatibility method and we ought to
not use it in OE-Core so we can remove it from base metadata in
future.
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
- USE {BP} variable;
- Updated naming scheme;
- Updated copyright owners.
- Update defconfig file, is now in
sync with current version;
as such, more functionality can
be enabled for wpa-supplicant.
- removed register-autoscan-correctly.patch,
included in upstream.
Signed-off-by: Cristian Iorga <cristian.iorga@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Building of wpa-supplicant failed due to missing dependency on openssl:
crypto_openssl.c:10:30: fatal error: openssl/opensslv.h: No such file or directory
Signed-off-by: Mikhail Durnev <Mikhail_Durnev@mentor.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Exiting explicitly in pkg_postinst makes it impossible to use the
update-rc.d class in a .bbappend because the link creation is appended
to the pkg_postinst script.
Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
A lot of our recipes had short one-line DESCRIPTION values and no
SUMMARY value set. In this case it's much better to just set SUMMARY
since DESCRIPTION is defaulted from SUMMARY anyway and then the SUMMARY
is at least useful. I also took the opportunity to fix up a lot of the
new SUMMARY values, making them concisely explain the function of the
recipe / package where possible.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
|
|
Without this option wifi support in connman will fail:
src/technology.c:technology_get() No matching drivers found for wifi
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Details can be found in the connman documentation:
https://git.kernel.org/cgit/network/connman/connman.git/tree/README#n280
Signed-off-by: Simon Busch <morphis@gravedo.de>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
See https://lists.connman.net/pipermail/connman/2013-July/014871.html for details about
the issue with connman and http://lists.shmoo.com/pipermail/hostap/2013-July/028167.html
about the upstream submission of the patch.
Signed-off-by: Simon Busch <morphis@gravedo.de>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Even if we define EXTRA_CFLAGS, but it never work, since the source codes
donot refer it, and CFLAGS is given a fixed value.
Signed-off-by: Roy.Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
After installing Avahi we need DBus to reload it's configuration. In a
pure-systemd image there isn't a DBus init script to reload, so cut out the
middleman and just sent SIGHUP to all running dbus-daemon processes instead.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Removes hardcoded include path -I/usr/include/libnl3. OE's include
path gets injected by do_configure.
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Copy from WORKDIR first, then modify. Improves consistency
between successive invocations of do_configure.
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
This makes it possible to apply patches to ../src.
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Signed-off-by: Radu Moisan <radu.moisan@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
- as of February 11, 2012, the project has chosen to use only
the BSD license option for future distribution
- wpa-supplicant-1.0 dir was not version specific,
as such it is generic now
Signed-off-by: Constantin Musca <constantinx.musca@intel.com>
Signed-off-by: Cristian Iorga <cristian.iorga@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The dbus service files include a reference to wpa_supplicant.service, but if it
does not exist the dbus-daemon warns:
[system] Activating via systemd: service name='fi.w1.wpa_supplicant1' unit='wpa_supplicant.service'
[system] Activation via systemd failed for unit 'wpa_supplicant.service': Unit wpa_supplicant.service failed to load: No such file or directory. See system logs and 'systemctl status wpa_supplicant.service' for details.
If this happens, wpa_supplicant is not run automatically.
Signed-off-by: Stan Hu <stanhu@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* Updated the configuration file for libnl-3
* Added python include dir path to configuration file
Signed-off-by: Mihai Prica <mihai.prica@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
The recipe exports $BINDIR as ${sbindir} and the build system uses this when
writing the DBus service file, so sedding it and replacing $base_sbindir with
$sbindir (/sbin and /usr/sbin) isn't useful when it ends up as
/usr/usr/sbin/wpa_supplicant.
[YOCTO: #3202]
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
README file is changed.
Some phrases were reformulated, but the semanthics are the same.
Copyright has been renewed.
Both licenses (GPL v2 and BSD) have been added explicitly.
wpa_supplicant.c is changed regarding licenses body.
Copyright has been renewed.
Signed-off-by: Cristian Iorga <cristian.iorga@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* e.g. when upgrading in chroot
Configuring wpa-supplicant.
Reloading system message bus config: Failed to open connection to system message bus: Failed to connect to socket /var/run/dbus/system_bus_socket: Connection refused
but that shouldn't be fatal
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
* first we install ${WORKDIR}/wpa_supplicant.conf-sane
install -m 600 ${WORKDIR}/wpa_supplicant.conf-sane ${D}${sysconfdir}/wpa_supplicant.conf
and a bit later in do_install we were overwritting it with ${WORKDIR}/wpa_supplicant.conf
install -m 644 ${WORKDIR}/wpa_supplicant.conf ${D}${sysconfdir}
* notice that this patch also changes .conf permissions from 644 back to 600
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
* wpa-passphrase has its own package, but commit
4a4c568e25a08e9f222d723f9819582c9f895c58 broke it.
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
* wpa_passphrase doesn't require special privileges.
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
* defconfig, init.sh, wpa_supplicant-0.5.7-always-scan.patch,
wpa_supplicant-fix-deprecated-dbus-function.patch and
wpa_supplicant_default.conf are not used by the recipe.
* default-sane gets installed but is unused.
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
