aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity/wpa-supplicant
AgeCommit message (Collapse)Author
2017-11-03wpa_supplicant: fix WPA2 key replay security bugjethroRoss Burton
WPA2 is vulnerable to replay attacks which result in unauthenticated users having access to the network. * CVE-2017-13077: reinstallation of the pairwise key in the Four-way handshake * CVE-2017-13078: reinstallation of the group key in the Four-way handshake * CVE-2017-13079: reinstallation of the integrity group key in the Four-way handshake * CVE-2017-13080: reinstallation of the group key in the Group Key handshake * CVE-2017-13081: reinstallation of the integrity group key in the Group Key handshake * CVE-2017-13082: accepting a retransmitted Fast BSS Transition Reassociation Request and reinstalling the pairwise key while processing it * CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake * CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame * CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame Backport patches from upstream to resolve these CVEs. Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-03-03wpa-supplicant: Fix CVE-2015-8041Hongxu Jia
Backport patch from http://w1.fi/security/2015-5/ and rebase for wpa-supplicant 2.4 Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Not needed in master since the upgrade to 2.5 Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-08-11wpa-supplicant: Fix CVE-2015-4142Otavio Salvador
The original commit "wpa-supplicant: Fix CVE-2015-4142" included the patch file but didn't apply it into the recipe, so the backport has not been effective. Reported-by: Adam Moore <adam.moore@savantsystems.com> Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Ross Burton <ross.burton@intel.com>
2015-08-09wpa-supplicant: Fix CVE-2015-4141, CVE-2015-4143, CVE-2015-4144, ↵Fan Xin
CVE-2015-4145, CVE-2015-4146 wpa-supplicant: backport patch to fix CVE-2015-4141, CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146 Backport patch to fix CVE-2015-4141, CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146. This patch is originally from: For CVE-2015-4141: http://w1.fi/security/2015-2/0001-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch For CVE-2015-4143: http://w1.fi/security/2015-4/0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch http://w1.fi/security/2015-4/0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch For CVE-2015-4144 and CVE-2015-4145: http://w1.fi/security/2015-4/0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch http://w1.fi/security/2015-4/0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch For CVE-2015-4146: http://w1.fi/security/2015-4/0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch Signed-off-by: Fan Xin <fan.xin at jp.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-07-01wpa-supplicant: Fix CVE-2015-4142fan.xin
wpa-supplicant: backport patch to fix CVE-2015-4142 Backport patch to fix CVE-2015-4142. This patch is originally from: http://w1.fi/security/2015-3/0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-06-24wpa-supplicant: Revert "Make SystemD D-Bus config conditional"Otavio Salvador
The D-Bus config is not systemd-specific. It is required for the D-Bus communication to be operational. This reverts commit e658ee16dc026b96f67a4c9666d3eb7bf7027de3. Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-05-27wpa-supplicant: upgrade to 2.4Yue Tao
1. upgrade to 2.4 2. update the checksum, and license checksum since date in it is changed 3. Backport a patch to fix CVE-2015-1863 4. remove two deprecated patches Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-04-08wpa-supplicant: Replace non-standard base defines with c99 compliant onesKhem Raj
Makes it more portable Change-Id: I033787934cd91243ce8f8ce3a974a157aa5cfd6a Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-03-29wpa-supplicant: Make SystemD D-Bus config conditionalOtavio Salvador
The SystemD D-Bus configuration should only to be installed when SystemD support is enabled. Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-12-30wpa-supplicant: avoid host contamination of drivers by libnl3Justin Capella
(See patch refrenced from OE-core rev: 1c3beda0015da9a0fec2581af7645c9ea122c7e3) Modifies do_configure to inject DRV_CFLAGS variable into wpa_supplicant/.config which is then included during make of drivers. Signed-off-by: Justin Capella <justincapella@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-11-12wpa-supplicant: upgrade to 2.3Cristian Iorga
- P2P WiFi improvements; - Bug fixes. Signed-off-by: Cristian Iorga <cristian.iorga@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-10-30wpa_supplicant: Improve rebuild handlingRichard Purdie
Due to the split level nature of the wpa_suppliant sources, the standard clean methods don't work. This change ensures it picks up on changes to configuration. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-10-10wpa-supplicant: fix for rebuildRobert Yang
Fixed when rebuild: make: *** No rule to make target `/path/to/old//sysroots/qemux86-64/usr/lib/dbus-1.0/include/dbus/dbus-arch-deps.h', needed by `dbus/dbus_old.o'. Stop. The .d files save the path of the dependencies files which may not exist when rebuild, we can remove them to make the rebuild work. Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-08-11wpa-supplicant: use PACKAGECONFIG for ssl selectionYasir-Khan
Select between openssl or gnutls as ssl implementation via PACKAGECONFIG instead of explicitly adding both via DEPENDS. Signed-off-by: Yasir-Khan <yasir_khan@mentor.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-06-17wpa-supplicant: upgrade to 2.2Cristian Iorga
- P2P enhancements/fixes; - Interworking/Hotspot 2.0 enhancements; - Internal TLS implementation enhancements/fixes; - D-Bus interface extensions/fixes; - various bug fixes. Signed-off-by: Cristian Iorga <cristian.iorga@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-05-06wpa-supplicant: add libgcrypt as a dependencieValentin Popa
gnutls doesn't depend on libgcrypt anymore but wpa-supplicant does. So add it as a dependencie. Signed-off-by: Valentin Popa <valentin.popa@intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-04-25Globally replace 'base_contains' calls with 'bb.utils.contains'Otavio Salvador
The base_contains is kept as a compatibility method and we ought to not use it in OE-Core so we can remove it from base metadata in future. Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-02-28wpa-supplicant: upgrade to 2.1Cristian Iorga
- USE {BP} variable; - Updated naming scheme; - Updated copyright owners. - Update defconfig file, is now in sync with current version; as such, more functionality can be enabled for wpa-supplicant. - removed register-autoscan-correctly.patch, included in upstream. Signed-off-by: Cristian Iorga <cristian.iorga@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-01-28wpa-supplicant: Add dependency on opensslMikhail Durnev
Building of wpa-supplicant failed due to missing dependency on openssl: crypto_openssl.c:10:30: fatal error: openssl/opensslv.h: No such file or directory Signed-off-by: Mikhail Durnev <Mikhail_Durnev@mentor.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-01-16wpa-supplicant-2.0: don't exit in pkg_postinstAlexandre Belloni
Exiting explicitly in pkg_postinst makes it impossible to use the update-rc.d class in a .bbappend because the link creation is appended to the pkg_postinst script. Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-01-02Replace one-line DESCRIPTION with SUMMARYPaul Eggleton
A lot of our recipes had short one-line DESCRIPTION values and no SUMMARY value set. In this case it's much better to just set SUMMARY since DESCRIPTION is defaulted from SUMMARY anyway and then the SUMMARY is at least useful. I also took the opportunity to fix up a lot of the new SUMMARY values, making them concisely explain the function of the recipe / package where possible. Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
2013-11-12wpa-supplicant: enable CONFIG_CTRL_IFACE_DBUS_NEWSteve Sakoman
Without this option wifi support in connman will fail: src/technology.c:technology_get() No matching drivers found for wifi Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2013-07-27wpa-supplicant: enable required configuration options for connmanSimon Busch
Details can be found in the connman documentation: https://git.kernel.org/cgit/network/connman/connman.git/tree/README#n280 Signed-off-by: Simon Busch <morphis@gravedo.de> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2013-07-18wpa-supplicant: backport patch to fix dbus interface for autoscan functionalitySimon Busch
See https://lists.connman.net/pipermail/connman/2013-July/014871.html for details about the issue with connman and http://lists.shmoo.com/pipermail/hostap/2013-July/028167.html about the upstream submission of the patch. Signed-off-by: Simon Busch <morphis@gravedo.de> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2013-06-13wpa-supplicant: Enable EXTRA_CFLAGSRoy.Li
Even if we define EXTRA_CFLAGS, but it never work, since the source codes donot refer it, and CFLAGS is given a fixed value. Signed-off-by: Roy.Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2013-04-16wpa-supplicant: don't call DBus init script directlyRoss Burton
After installing Avahi we need DBus to reload it's configuration. In a pure-systemd image there isn't a DBus init script to reload, so cut out the middleman and just sent SIGHUP to all running dbus-daemon processes instead. Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2013-03-12wpa-supplicant: avoid host contamination by libnl3Andreas Oberritter
Removes hardcoded include path -I/usr/include/libnl3. OE's include path gets injected by do_configure. Signed-off-by: Andreas Oberritter <obi@opendreambox.org> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2013-03-12wpa-supplicant: reorder do_configureAndreas Oberritter
Copy from WORKDIR first, then modify. Improves consistency between successive invocations of do_configure. Signed-off-by: Andreas Oberritter <obi@opendreambox.org> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2013-03-12wpa-supplicant: change S to point to the top-level directoryAndreas Oberritter
This makes it possible to apply patches to ../src. Signed-off-by: Andreas Oberritter <obi@opendreambox.org> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2013-02-11wpa-supplicant: Enabling with systemdRadu Moisan
Signed-off-by: Radu Moisan <radu.moisan@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2013-01-25wpa-supplicant: upgrade to 2.0Constantin Musca
- as of February 11, 2012, the project has chosen to use only the BSD license option for future distribution - wpa-supplicant-1.0 dir was not version specific, as such it is generic now Signed-off-by: Constantin Musca <constantinx.musca@intel.com> Signed-off-by: Cristian Iorga <cristian.iorga@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2013-01-09wpa-supplicant: Include wpa_supplicant.service file in package for dbus to workStan Hu
The dbus service files include a reference to wpa_supplicant.service, but if it does not exist the dbus-daemon warns: [system] Activating via systemd: service name='fi.w1.wpa_supplicant1' unit='wpa_supplicant.service' [system] Activation via systemd failed for unit 'wpa_supplicant.service': Unit wpa_supplicant.service failed to load: No such file or directory. See system logs and 'systemctl status wpa_supplicant.service' for details. If this happens, wpa_supplicant is not run automatically. Signed-off-by: Stan Hu <stanhu@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2012-12-06wpa-supplicant: configured to work with libnl 3.2.14Mihai Prica
* Updated the configuration file for libnl-3 * Added python include dir path to configuration file Signed-off-by: Mihai Prica <mihai.prica@intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2012-10-03wpa-supplicant: don't break the DBus service fileRoss Burton
The recipe exports $BINDIR as ${sbindir} and the build system uses this when writing the DBus service file, so sedding it and replacing $base_sbindir with $sbindir (/sbin and /usr/sbin) isn't useful when it ends up as /usr/usr/sbin/wpa_supplicant. [YOCTO: #3202] Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2012-08-17wpa-supplicant: fix paths in dbus/systemd *.service filesAndreas Müller
Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2012-07-19wpa-supplicant: upgrade to 1.0Cristian Iorga
README file is changed. Some phrases were reformulated, but the semanthics are the same. Copyright has been renewed. Both licenses (GPL v2 and BSD) have been added explicitly. wpa_supplicant.c is changed regarding licenses body. Copyright has been renewed. Signed-off-by: Cristian Iorga <cristian.iorga@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2012-05-25wpa-supplicant: don't let postinst fail when dbus-1 reload failsMartin Jansa
* e.g. when upgrading in chroot Configuring wpa-supplicant. Reloading system message bus config: Failed to open connection to system message bus: Failed to connect to socket /var/run/dbus/system_bus_socket: Connection refused but that shouldn't be fatal Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2012-05-25wpa-supplicant: add wpa_supplicant.conf to CONFFILES and don't install it twiceMartin Jansa
* first we install ${WORKDIR}/wpa_supplicant.conf-sane install -m 600 ${WORKDIR}/wpa_supplicant.conf-sane ${D}${sysconfdir}/wpa_supplicant.conf and a bit later in do_install we were overwritting it with ${WORKDIR}/wpa_supplicant.conf install -m 644 ${WORKDIR}/wpa_supplicant.conf ${D}${sysconfdir} * notice that this patch also changes .conf permissions from 644 back to 600 Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2012-05-24wpa-supplicant: fix packaging error since last commitAndreas Oberritter
* wpa-passphrase has its own package, but commit 4a4c568e25a08e9f222d723f9819582c9f895c58 broke it. Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
2012-04-24wpa-supplicant: move wpa_passphrase to bindirAndreas Oberritter
* wpa_passphrase doesn't require special privileges. Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
2012-04-24wpa-supplicant: remove unused filesAndreas Oberritter
* defconfig, init.sh, wpa_supplicant-0.5.7-always-scan.patch, wpa_supplicant-fix-deprecated-dbus-function.patch and wpa_supplicant_default.conf are not used by the recipe. * default-sane gets installed but is unused. Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
2012-03-22Fix common typoes "existant", "dependant" and variationsRobert P. J. Day
Fix a couple common typoes, all contained within comments so there should be no effect on functionality. Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2012-03-02wpa-supplicant: fix breakage during rebuildSteve Sakoman
Install phase currently edits files in $S with sed. This causes breakage if install is run a second time (due to sstate hash rebuild for example) The result is hidden build breakage, in particular /usr/share/dbus-1/system-services/fi.w1.wpa_supplicant1.service now contains: Exec=/usr/usr/sbin/wpa_supplicant -u rather than: Exec=/usr/sbin/wpa_supplicant -u This patch does the sed edit after the files are copied to $D, which should be safe. Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2012-02-26More quoting fixesMartin Jansa
* We have various variables which are either not quoted at all or are half quoted. This patch fixes the bad exmaples so everything is consistent. Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2012-01-17wpa-supplicant: Compile without CONFIG_GNUTLS_EXTRA (PR BUMP)Andrei Gherzan
CONFIG_GNUTLS_EXTRA is needed as support for TLS/IA which was designed to be used in the EAP-TTLSv1. As we don't see any requirement for that protocol today we decided to remove it from wpa-supplicant .config file. This change includes PR bump. [YOCTO #1845] Signed-off-by: Andrei Gherzan <andrei@gherzan.ro>
2012-01-03wpa-supplicant - pulls GPLv3 license rpm in a non-GPLv3 build (libgnutls-extra)Andrei Gherzan
Two different defconfigs are chosen, one for "with GPLv3 build" and one for "without". In this way, libgnutls-extra is not pulled in a non-GPLv3 build. [YOCTO #1845] Signed-off-by: Andrei Gherzan <andrei@gherzan.ro>
2011-11-11wpa-supplicant: Avoid blocking the post install script at cross rootfs time.Mark Hatle
We only want to reload dbus, if we're install on the target -- not on the host. Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
2011-06-29wpa-supplicant: remove the 0.6.10 version.Dongxiao Xu
Remove the 0.6.10 version since now 0.7.3 is the latest stable version. Signed-off-by: Dongxiao Xu <dongxiao.xu@intel.com>
2011-05-12recipes: add Upstream-Status for multiple recipesDongxiao Xu
hostap: add upstream status for hostap-fw-load.patch lrzsz: add upstream status for lrzsz's patches bluez: add upstream status for bluez's patches bluez-dtl1-workaround: add upstream status for COPYING.patch libgsmd: add upstream status for gsm's patches. gypsy: add upstream status for gypsy's patch libpcap: add upstream status for libpcap's patches ppp: add upstream status for ppp's patches libtelepathy: add upstream status for libtelepathy's patches telepathy-python: add upstream status for telepahty-python's patches wireless-tools: add upstream status for wireless-tools's patches wpa-supplicant: add upstream status for wpa-supplicant zeroconf: add upstream status for zeroconf's patch glibc: add upstream status for glibc's patches dpkg: add upstream status for dpkg's patches makedevs: add upstream status for makedevs's patch opkg: add upstream status for opkg's patches opkg-utils: add upstream status for opkg-utils's patch minicom: add upstream status for minicom patches rpcbind: add upstream status for rpcbind's patch which: add upstream status for which's patch clutter-gst: add upstream status for clutter-gst's patches flac: add upstream status for flac's patches gst-ffmpeg: add upstream status for gst-ffmpeg's patch liba52: add upstream status for liba52's patch libid3tag: add upstream status for libid3tag libmusicbrainz: add upstream status for libmusicbrainz's patch pulseaudio: add upstream status for pulseaudio patches db: add upstream status for db's patch neon: add upstream status for neon's patch taglib: add upstream status for taglib's patches libetpan: add upstream status for libetpan's patch libopensync: add upstream status for libopensync's patches libopensync-plugin-evolution2: add upstream status for its patch libopensync-plugin-syncml: add upstream status for its patch libsyncml: add upstream status for libsyncml's patch empathy: add upstream status for empathy's patch wv: add upstream status for wv's patch xournal: add upstream status for xournal's patch Signed-off-by: Dongxiao Xu <dongxiao.xu@intel.com>
2011-02-14wpa-supplicant: change dbus interfaceDongxiao Xu
The new interface "fi.w1.wpa_supplicant1" is used in latest connman, thus add it in the wpa_supplicant default configuration. Besides, enable netlink support with libnl 2.0 mode. [BUGID #603] Signed-off-by: Dongxiao Xu <dongxiao.xu@intel.com>