aboutsummaryrefslogtreecommitdiffstats
path: root/meta-oe/recipes-connectivity/hostapd
Commit message (Collapse)AuthorAgeFilesLines
* hostapd: fix CVE-2018-14526Andrej Valek2018-09-052-0/+45
| | | | | | | | | Ignore unauthenticated encrypted EAPOL-Key data in supplicant processing. When using WPA2, these are frames that have the Encrypted flag set, but not the MIC flag. Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* hostapd: fix the bug for PATCHTOOL = "patch"Zheng Ruoqin2018-05-299-985/+993
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When switch PATCHTOOL to patch, the key-replay-cve-multiple.patch can't be apply with "--dry-run" as follows: checking file src/ap/ieee802_11.c checking file src/ap/wpa_auth.c checking file src/ap/wpa_auth.h checking file src/ap/wpa_auth_ft.c checking file src/ap/wpa_auth_i.h checking file src/common/wpa_common.h checking file src/rsn_supp/wpa.c checking file src/rsn_supp/wpa_i.h checking file src/rsn_supp/wpa.c Hunk #1 FAILED at 709. Hunk #2 FAILED at 757. Hunk #3 succeeded at 840 (offset -12 lines). Hunk #4 FAILED at 868. Hunk #5 FAILED at 900. Hunk #6 FAILED at 924. Hunk #7 succeeded at 1536 (offset -38 lines). Hunk #8 FAILED at 2386. Hunk #9 FAILED at 2920. Hunk #10 succeeded at 2940 (offset -46 lines). Hunk #11 FAILED at 2998. 8 out of 11 hunks FAILED checking file src/rsn_supp/wpa_i.h Hunk #1 FAILED at 32. 1 out of 1 hunk FAILED checking file src/common/wpa_common.h Hunk #1 succeeded at 215 with fuzz 1. checking file src/rsn_supp/wpa.c checking file src/rsn_supp/wpa_i.h checking file src/ap/wpa_auth.c Hunk #1 succeeded at 1898 (offset -3 lines). Hunk #2 succeeded at 2470 (offset -3 lines). checking file src/rsn_supp/tdls.c checking file src/rsn_supp/wpa.c Hunk #1 succeeded at 2378 (offset -62 lines). checking file src/rsn_supp/wpa_ft.c checking file src/rsn_supp/wpa_i.h Hunk #1 succeeded at 123 (offset -5 lines). So split the key-replay-cve-multiple.patch to 7 patches. Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* hostapd: fix LICENSE + misc recipe updatesAndre McCurdy2018-04-081-19/+20
| | | | | | | | | | | | | | | According to the COPYING file in the top level of the hostapd source tree, hostapd was re-licensed from dual BSD/GPLv2 to BSD only in February 2012. This change has apparently gone unnoticed for the past 6 years, but fix it now. Also use pkg-config to find libnl headers (instead of hardcoding), append to base do_configure (instead of over-riding), respect OE's default CFLAGS (instead of ignoring) and make some minor formatting tweaks to bring the recipe more in line with the OE Styleguide. Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* hostapd: not compatible with openssl-no-weak-ciphersSlater, Joseph2018-03-211-1/+4
| | | | | | | Use CONFLICT_DISTRO_FEATURES to not build if des is not supported. Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* hostapd: fix WPA2 key replay security bugMark Hatle2017-10-162-0/+985
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Note, hostapd and wpa_supplicant use the same sources. This commit is based on Ross Burton's change to OpenEmbedded-core. Below is Ross's commit message from OpenEmbedded-Core. WPA2 is vulnerable to replay attacks which result in unauthenticated users having access to the network. * CVE-2017-13077: reinstallation of the pairwise key in the Four-way handshake * CVE-2017-13078: reinstallation of the group key in the Four-way handshake * CVE-2017-13079: reinstallation of the integrity group key in the Four-way handshake * CVE-2017-13080: reinstallation of the group key in the Group Key handshake * CVE-2017-13081: reinstallation of the integrity group key in the Group Key handshake * CVE-2017-13082: accepting a retransmitted Fast BSS Transition Reassociation Request and reinstalling the pairwise key while processing it * CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake * CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame * CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame Backport patches from upstream to resolve these CVEs. Signed-off-by: Ross Burton <ross.burton@intel.com> The hunk: [PATCH 7/8] WNM: Ignore WNM-Sleep Mode Response without pending request does not apply to hostapd and was removed from the patch. Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* hostapd: 2.5 -> 2.6Huang Qiyu2017-04-262-90/+4
| | | | | | | | | 1) Upgrade hostapd from 2.5 to 2.6. 2) License checksum changed,since the copyright years were updated. 2) Delete patch "0001-WPS-Reject-a-Credential-with-invalid-passphrase.patch", since it is integrated upstream. Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* hostapd: Security Advisory-CVE-2016-4476Zhixiong Chi2016-10-032-0/+87
| | | | | | | | | | Add CVE-2016-4476 patch for avoiding \n and \r characters in passphrase parameters, which allows remote attackers to cause a denial of service (daemon outage) via a crafted WPS operation. patches came from http://w1.fi/security/2016-1/ Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* hostapd: Fix source and build directoryMariano Lopez2016-01-041-7/+7
| | | | | | | | | | | | | | The current recipe make no difference between the source and the build directory. There are source files outside this directory and isn't possible to patch these files. This changes adds the build directory path to the recipe, now is possible to patch files in other directories, if required. Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* hostapd: upgrade 2.4 -> 2.5fan.xin2015-12-181-4/+4
| | | | | | | | 1. upgrade to 2.5 2. update HOMEPAGE and SRC_URI to use w1.fi instead Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* hostapd: Drop DEFAULT_PREFERRENCE settingOtavio Salvador2015-08-181-2/+0
| | | | | | | | The 2.4 version is the only version available so makes no sense to set it as lower preference. Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* hostapd: Remove add-sysroot-to-gcc.patchOtavio Salvador2015-08-182-41/+0
| | | | | | | | | | | The patch has not been available in the 2.4 version form and thus the recipe was unbuildable. Fix by removing the patch file, which is unused, and the reference for it from the recipe. Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* hostapd: upgrade 2.2 -> 2.4Li xin2015-08-185-3/+3
| | | | | | | | Update the checksum of COPYING,since the date in it has been changed, but the LICENSE has not been changed. Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* hostapd: consider sysroot when search header filesRoy Li2015-07-302-0/+41
| | | | | Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* hostapd: several fixes for init scriptJackie Huang2014-11-241-3/+24
| | | | | | | | | | | | | * restart: The stop may delay a few seconds according to different wireless devices, on debian/ubuntu, the init script directly sleep 8 seconds to wait the stop complete, here we add a delay function (sleep in a loop) to ensure the stop is completed before start. * add status command. * add --oknodo for stop so it will not break restart if there is no running process. Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* hostapd: use ${PN} for SYSTEMD_SERVICEChen Qi2014-09-261-3/+3
| | | | | | | Use ${PN} for SYSTEMD_SERVICE to avoid errors in case of multilib. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* hostapd: add systemd supportChen Qi2014-08-212-3/+19
| | | | | | | | Add hostapd.service file. The file mostly comes from Fedora20. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* hostapd: uprev to 2.2Roy Li2014-07-153-3/+3
| | | | | | | Rename hostap-daemon as hostapd and uprev it to 2.2 Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* recipes: convert remaining SUMMARY/DESCRIPTION cosmetic issuesMatthieu CRAPET2014-02-231-1/+1
| | | | | | | | | | | | | Changes: - rename SUMMARY with length > 80 to DESCRIPTION - rename DESCRIPTION with length < 80 to (non present tag) SUMMARY - drop final point character at the end of SUMMARY string - remove trailing whitespace of SUMMARY line Note: don't bump PR Signed-off-by: Matthieu Crapet <Matthieu.Crapet@ingenico.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* recipes: Remove PR = r0 from all recipesMartin Jansa2013-11-011-1/+0
| | | | | | | | | | | * Remove all PR = "r0" from all .bb files in meta-oe repo. This was done with the command sed -e '/^PR.*=.*r0\"/d' meta*/recipes*/*/*.bb -i * We've switching to the PR server, PR bumps are no longer needed and this saves people either accidentally bumping them or forgetting to remove the lines (r0 is the default anyway). Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* recipes: Unify indentationMartin Jansa2013-04-151-11/+11
| | | | | | | | | | | | | | | | | | | | | | | | | * This change is only aesthetic (unlike indentation in Python tasks). * Some recipes were using tabs. * Some were using 8 spaces. * Some were using mix or different number of spaces. * Make them consistently use 4 spaces everywhere. * Yocto styleguide advises to use tabs (but the only reason to keep tabs is the need to update a lot of recipes). Lately this advice was also merged into the styleguide on the OE wiki. * Using 4 spaces in both types of tasks is better because it's less error prone when someone is not sure if e.g. do_generate_toolchain_file() is Python or shell task and also allows to highlight every tab used in .bb, .inc, .bbappend, .bbclass as potentially bad (shouldn't be used for indenting of multiline variable assignments and cannot be used for Python tasks). * Don't indent closing quote on multiline variables we're quite inconsistent wheater it's first character on line under opening quote or under first non-whitespace character in previous line. Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Acked-by: Koen Kooi <koen@dominion.thruhere.net>
* HostAP-daemon patch to make it compile with libnl 3.2Damien RANNOU2013-01-032-1/+2
| | | | | Signed-off-by: Damien RANNOU <damien.rannou@diateam.net> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* Remove PRIORITYPaul Eggleton2012-10-281-1/+0
| | | | | | We don't set this field in recipes anymore. Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
* Add hostapd 1.0 recipeDenis Carikli2012-07-193-0/+226
This recipe was based on the hostap-daemon_0.7.3.bb recipe in openembedded-classic at commit c1f52c58deee65c7498a3b3e82b4cc3ae5231b0e Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@no-log.org> Signed-off-by: Koen Kooi <koen@dominion.thruhere.net>