aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.5.bb
AgeCommit message (Collapse)Author
2017-10-16wpa_supplicant: fix WPA2 key replay security bugkrogoth-nextRoss Burton
WPA2 is vulnerable to replay attacks which result in unauthenticated users having access to the network. * CVE-2017-13077: reinstallation of the pairwise key in the Four-way handshake * CVE-2017-13078: reinstallation of the group key in the Four-way handshake * CVE-2017-13079: reinstallation of the integrity group key in the Four-way handshake * CVE-2017-13080: reinstallation of the group key in the Group Key handshake * CVE-2017-13081: reinstallation of the integrity group key in the Group Key handshake * CVE-2017-13082: accepting a retransmitted Fast BSS Transition Reassociation Request and reinstalling the pairwise key while processing it * CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake * CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame * CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame Backport patches from upstream to resolve these CVEs. Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-09-27wpa_supplicant: Security Advisory-CVE-2016-4477Zhixiong Chi
Add CVE-2016-4477 patch for avoiding \n and \r characters in passphrase parameters, which allows remote attackers to cause a denial of service (daemon outage) via a crafted WPS operation. Patches came from http://w1.fi/security/2016-1/ (From OE-Core rev: d4d4ed5f31c687b2b2b716ff0fb8ca6c7aa29853) Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com>
2016-09-27wpa_supplicant: Security Advisory-CVE-2016-4476Zhixiong Chi
Add CVE-2016-4476 patch for avoiding \n and \r characters in passphrase parameters, which allows remote attackers to cause a denial of service (daemon outage) via a crafted WPS operation. Patches came from http://w1.fi/security/2016-1/ (From OE-Core rev: ed610b68f7e19644c89d7131e34c990a02403c62) Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com>
2016-02-11wpa-supplicant: Only depend on libgcrypt when neededJussi Kukkonen
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2015-12-01wpa-supplicant: upgrade to 2.5Fan Xin
wpa-supplicant: upgrade to 2.5 1. upgrade to 2.5 2. remove eight patches since they have been applied in 2.5 3. update SRC_URI, HOMEPAGE and BUGTRACKER to use w1.fi instead Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com>