diff options
author | wangmy <wangmy@fujitsu.com> | 2022-01-25 21:19:02 +0800 |
---|---|---|
committer | Khem Raj <raj.khem@gmail.com> | 2022-01-25 10:56:04 -0800 |
commit | 16bda7854217d4665e98a736476c117ad2d26802 (patch) | |
tree | 557f3ea13b7252a70082df06bbaeb3318f5bffff /meta-oe/recipes-connectivity/hostapd/hostapd/0001-Prepare-for-CVE-2021-30004.patch.patch | |
parent | 985385ff73c2d06bf72f2c41805c823437d44ecb (diff) | |
download | meta-openembedded-16bda7854217d4665e98a736476c117ad2d26802.tar.gz |
hostapd: upgrade 2.9 -> 2.10
0001-Prepare-for-CVE-2021-30004.patch.patch
CVE-2019-16275.patch
CVE-2019-5061.patch
CVE-2021-0326.patch
CVE-2021-27803.patch
CVE-2021-30004.patch
removed since they're included in 2.10
License-Update: year updated to 2022.
Changelog:
=========
* SAE changes
- improved protection against side channel attacks
[https://w1.fi/security/2022-1/]
- added option send SAE Confirm immediately (sae_config_immediate=1)
after SAE Commit
- added support for the hash-to-element mechanism (sae_pwe=1 or
sae_pwe=2)
- fixed PMKSA caching with OKC
- added support for SAE-PK
* EAP-pwd changes
- improved protection against side channel attacks
[https://w1.fi/security/2022-1/]
* fixed WPS UPnP SUBSCRIBE handling of invalid operations
[https://w1.fi/security/2020-1/]
* fixed PMF disconnection protection bypass
[https://w1.fi/security/2019-7/]
* added support for using OpenSSL 3.0
* fixed various issues in experimental support for EAP-TEAP server
* added configuration (max_auth_rounds, max_auth_rounds_short) to
increase the maximum number of EAP message exchanges (mainly to
support cases with very large certificates) for the EAP server
* added support for DPP release 2 (Wi-Fi Device Provisioning Protocol)
* extended HE (IEEE 802.11ax) support, including 6 GHz support
* removed obsolete IAPP functionality
* fixed EAP-FAST server with TLS GCM/CCM ciphers
* dropped support for libnl 1.1
* added support for nl80211 control port for EAPOL frame TX/RX
* fixed OWE key derivation with groups 20 and 21; this breaks backwards
compatibility for these groups while the default group 19 remains
backwards compatible; owe_ptk_workaround=1 can be used to enabled a
a workaround for the group 20/21 backwards compatibility
* added support for Beacon protection
* added support for Extended Key ID for pairwise keys
* removed WEP support from the default build (CONFIG_WEP=y can be used
to enable it, if really needed)
* added a build option to remove TKIP support (CONFIG_NO_TKIP=y)
* added support for Transition Disable mechanism to allow the AP to
automatically disable transition mode to improve security
* added support for PASN
* added EAP-TLS server support for TLS 1.3 (disabled by default for now)
* a large number of other fixes, cleanup, and extensions
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Diffstat (limited to 'meta-oe/recipes-connectivity/hostapd/hostapd/0001-Prepare-for-CVE-2021-30004.patch.patch')
-rw-r--r-- | meta-oe/recipes-connectivity/hostapd/hostapd/0001-Prepare-for-CVE-2021-30004.patch.patch | 45 |
1 files changed, 0 insertions, 45 deletions
diff --git a/meta-oe/recipes-connectivity/hostapd/hostapd/0001-Prepare-for-CVE-2021-30004.patch.patch b/meta-oe/recipes-connectivity/hostapd/hostapd/0001-Prepare-for-CVE-2021-30004.patch.patch deleted file mode 100644 index 1bedb4f753..0000000000 --- a/meta-oe/recipes-connectivity/hostapd/hostapd/0001-Prepare-for-CVE-2021-30004.patch.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 14fab0772db19297c82dd1b8612c9335369dce41 Mon Sep 17 00:00:00 2001 -From: Alexander Vickberg <wickbergster@gmail.com> -Date: Mon, 17 May 2021 17:54:13 +0200 -Subject: [PATCH] Prepare for CVE-2021-30004.patch - -Without this building fails for CONFIG_TLS=internal - -Signed-off-by: Alexander Vickberg <wickbergster@gmail.com> ---- - src/tls/asn1.h | 6 ++++++ - src/utils/includes.h | 1 + - 2 files changed, 7 insertions(+) - -diff --git a/src/tls/asn1.h b/src/tls/asn1.h -index 6bd7df5..77b94ef 100644 ---- a/src/tls/asn1.h -+++ b/src/tls/asn1.h -@@ -66,6 +66,12 @@ void asn1_oid_to_str(const struct asn1_oid *oid, char *buf, size_t len); - unsigned long asn1_bit_string_to_long(const u8 *buf, size_t len); - int asn1_oid_equal(const struct asn1_oid *a, const struct asn1_oid *b); - -+static inline bool asn1_is_null(const struct asn1_hdr *hdr) -+{ -+ return hdr->class == ASN1_CLASS_UNIVERSAL && -+ hdr->tag == ASN1_TAG_NULL; -+} -+ - extern struct asn1_oid asn1_sha1_oid; - extern struct asn1_oid asn1_sha256_oid; - -diff --git a/src/utils/includes.h b/src/utils/includes.h -index 75513fc..741fc9c 100644 ---- a/src/utils/includes.h -+++ b/src/utils/includes.h -@@ -18,6 +18,7 @@ - - #include <stdlib.h> - #include <stddef.h> -+#include <stdbool.h> - #include <stdio.h> - #include <stdarg.h> - #include <string.h> --- -2.25.1 - |