WPA2 is vulnerable to replay attacks which result in unauthenticated users
having access to the network.
* CVE-2017-13077: reinstallation of the pairwise key in the Four-way handshake
* CVE-2017-13078: reinstallation of the group key in the Four-way handshake
* CVE-2017-13079: reinstallation of the integrity group key in the Four-way
handshake
* CVE-2017-13080: reinstallation of the group key in the Group Key handshake
* CVE-2017-13081: reinstallation of the integrity group key in the Group Key
handshake
* CVE-2017-13082: accepting a retransmitted Fast BSS Transition Reassociation
Request and reinstalling the pairwise key while processing it
* CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS)
PeerKey (TPK) key in the TDLS handshake
* CVE-2017-13087: reinstallation of the group key (GTK) when processing a
Wireless Network Management (WNM) Sleep Mode Response frame
* CVE-2017-13088: reinstallation of the integrity group key (IGTK) when
processing a Wireless Network Management (WNM) Sleep Mode Response frame
Backport patches from upstream to resolve these CVEs.
(From OE-Core rev: 28d2d47f2a4fc3eb649cf58e82bce0525ab0bc74)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
It is used in NVD database CVE's like:
https://nvd.nist.gov/vuln/detail/CVE-2015-1863
(From OE-Core rev: cabacf6ad5a2511f6eb93259a81ab14279fd96bb)
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit cc3882ca2fea2c5a8830311eeb7840ae98da9b3c)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Missing dependency uncovered after recipe specific sysroots were enabled.
(From OE-Core rev: 3173505ba6014271e59fdde2450ecc0d3cd4c8c2)
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
1)Upgrade wpa-supplicant from 2.5 to 2.6.
2)Delete 5 patches below, since they are integrated upstream.
0001-Reject-psk-parameter-set-with-invalid-passphrase-cha.patch
0001-WPS-Reject-a-Credential-with-invalid-passphrase.patch
0002-Reject-SET_CRED-commands-with-newline-characters-in-.patch
0002-Remove-newlines-from-wpa_supplicant-config-network-o.patch
0003-Reject-SET-commands-with-newline-characters-in-the-s.patch
3)License checksum changes are not related to license changes.
(From OE-Core rev: 878d411eb53e96bf78e902cc2345eccda8807bfc)
(From OE-Core rev: 8751dbde2736a4dbea83f6f581fe90f0c60def76)
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add CVE-2016-4477 patch for avoiding \n and \r characters in passphrase
parameters, which allows remote attackers to cause a denial of service
(daemon outage) via a crafted WPS operation.
Patches came from http://w1.fi/security/2016-1/
(From OE-Core rev: d4d4ed5f31c687b2b2b716ff0fb8ca6c7aa29853)
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add CVE-2016-4476 patch for avoiding \n and \r characters in passphrase
parameters, which allows remote attackers to cause a denial of service
(daemon outage) via a crafted WPS operation.
Patches came from http://w1.fi/security/2016-1/
(From OE-Core rev: ed610b68f7e19644c89d7131e34c990a02403c62)
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
wpa-supplicant: upgrade to 2.5
1. upgrade to 2.5
2. remove eight patches since they have been applied in 2.5
3. update SRC_URI, HOMEPAGE and BUGTRACKER to use w1.fi instead
(From OE-Core rev: 80af821d1240a1fc2b32379b75801571db562657)
Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The original commit "wpa-supplicant: Fix CVE-2015-4142" included the
patch file but didn't apply it into the recipe, so the backport has
not been effective.
Reported-by: Adam Moore <adam.moore@savantsystems.com>
(From OE-Core rev: 2a8944b63b7249500f1b6b292ce1a87b82699f3d)
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
wpa-supplicant: backport patch to fix CVE-2015-4142
Backport patch to fix CVE-2015-4142. This patch is originally from:
http://w1.fi/security/2015-3/0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch
(From OE-Core rev: 61f2a6a18dcda22d7b0e236f9150674bff2764a7)
Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The D-Bus config is not systemd-specific. It is required for the D-Bus
communication to be operational.
This reverts commit e658ee16dc026b96f67a4c9666d3eb7bf7027de3.
(From OE-Core rev: 2587b83faabdc8858e8746201805369ed8d53ba8)
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
1. upgrade to 2.4
2. update the checksum, and license checksum since date in it is changed
3. Backport a patch to fix CVE-2015-1863
4. remove two deprecated patches
(From OE-Core rev: fd0880c2b0958b72d641a6821ddd6d6790a92b7a)
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Makes it more portable
Change-Id: I033787934cd91243ce8f8ce3a974a157aa5cfd6a
(From OE-Core rev: 1ee774c8a70d83011a1a4ed5da9ea056ed0f0c96)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The SystemD D-Bus configuration should only to be installed when
SystemD support is enabled.
(From OE-Core rev: e54f2569f4fb880387edc6a99d790b765ae33080)
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(See patch refrenced from OE-core rev: 1c3beda0015da9a0fec2581af7645c9ea122c7e3)
Modifies do_configure to inject DRV_CFLAGS variable into wpa_supplicant/.config which is then included during make of drivers.
(From OE-Core rev: 766dcc69d320052f668945d2207bef723cf8be4b)
Signed-off-by: Justin Capella <justincapella@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Due to the split level nature of the wpa_suppliant sources, the standard
clean methods don't work. This change ensures it picks up on changes to
configuration.
(From OE-Core rev: 9183ce719463b20350d2a3de5ead64b0cc642d6e)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fixed when rebuild:
make: *** No rule to make target `/path/to/old//sysroots/qemux86-64/usr/lib/dbus-1.0/include/dbus/dbus-arch-deps.h', needed by `dbus/dbus_old.o'. Stop.
The .d files save the path of the dependencies files which may not exist
when rebuild, we can remove them to make the rebuild work.
(From OE-Core rev: e336102e59dbbd01fe67121738203563476f9456)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Select between openssl or gnutls as ssl implementation via
PACKAGECONFIG instead of explicitly adding both via DEPENDS.
(From OE-Core rev: 0be9be4055e5b7f649d523a38344d3964dc9fdc4)
Signed-off-by: Yasir-Khan <yasir_khan@mentor.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
gnutls doesn't depend on libgcrypt anymore but
wpa-supplicant does. So add it as a dependencie.
(From OE-Core rev: b5e0e0589dba0e3eb6fa070594c904fec6e6c3a8)
Signed-off-by: Valentin Popa <valentin.popa@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The base_contains is kept as a compatibility method and we ought to
not use it in OE-Core so we can remove it from base metadata in
future.
(From OE-Core rev: d83b16dbf0862be387f84228710cb165c6d2b03b)
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
- USE {BP} variable;
- Updated naming scheme;
- Updated copyright owners.
- Update defconfig file, is now in
sync with current version;
as such, more functionality can
be enabled for wpa-supplicant.
- removed register-autoscan-correctly.patch,
included in upstream.
(From OE-Core rev: 361d334cabdeb9f25788e9f4b84e8cf7b28d26d3)
Signed-off-by: Cristian Iorga <cristian.iorga@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Building of wpa-supplicant failed due to missing dependency on openssl:
crypto_openssl.c:10:30: fatal error: openssl/opensslv.h: No such file or directory
(From OE-Core rev: 9d1cdb59cb9fcbc4927f04a226405766ab3c4fc8)
Signed-off-by: Mikhail Durnev <Mikhail_Durnev@mentor.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Exiting explicitly in pkg_postinst makes it impossible to use the
update-rc.d class in a .bbappend because the link creation is appended
to the pkg_postinst script.
(From OE-Core rev: 758d53d3044f29f3c33ffee3ada88c9edc9f864f)
Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
A lot of our recipes had short one-line DESCRIPTION values and no
SUMMARY value set. In this case it's much better to just set SUMMARY
since DESCRIPTION is defaulted from SUMMARY anyway and then the SUMMARY
is at least useful. I also took the opportunity to fix up a lot of the
new SUMMARY values, making them concisely explain the function of the
recipe / package where possible.
(From OE-Core rev: b8feee3cf21f70ba4ec3b822d2f596d4fc02a292)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Without this option wifi support in connman will fail:
src/technology.c:technology_get() No matching drivers found for wifi
(From OE-Core rev: 403e365e433c54633bcc843b32487a766282226e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Details can be found in the connman documentation:
https://git.kernel.org/cgit/network/connman/connman.git/tree/README#n280
(From OE-Core rev: 2e4d939b6a0061eec22b859a827dedda51b299ba)
Signed-off-by: Simon Busch <morphis@gravedo.de>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Even if we define EXTRA_CFLAGS, but it never work, since the source codes
donot refer it, and CFLAGS is given a fixed value.
(From OE-Core rev: 4a7b5963a9d18924ae0564119f4edeefaca6b415)
Signed-off-by: Roy.Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
After installing Avahi we need DBus to reload it's configuration. In a
pure-systemd image there isn't a DBus init script to reload, so cut out the
middleman and just sent SIGHUP to all running dbus-daemon processes instead.
(From OE-Core rev: d6fb028de172bb649b905b605f6ddc8402af859a)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Copy from WORKDIR first, then modify. Improves consistency
between successive invocations of do_configure.
(From OE-Core rev: 82205345d777f7f34d43e4f81df0fa3bfe409fc4)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This makes it possible to apply patches to ../src.
(From OE-Core rev: 48dbcc8c45d165e67f58a8307dde7594a28cf9bd)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
- as of February 11, 2012, the project has chosen to use only
the BSD license option for future distribution
- wpa-supplicant-1.0 dir was not version specific,
as such it is generic now
(From OE-Core rev: 0f83cb8ca629fbf1af448781f28912bbc75e0d80)
Signed-off-by: Constantin Musca <constantinx.musca@intel.com>
Signed-off-by: Cristian Iorga <cristian.iorga@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The dbus service files include a reference to wpa_supplicant.service, but if it
does not exist the dbus-daemon warns:
[system] Activating via systemd: service name='fi.w1.wpa_supplicant1' unit='wpa_supplicant.service'
[system] Activation via systemd failed for unit 'wpa_supplicant.service': Unit wpa_supplicant.service failed to load: No such file or directory. See system logs and 'systemctl status wpa_supplicant.service' for details.
If this happens, wpa_supplicant is not run automatically.
(From OE-Core rev: 600c07c4391dc44638e9c920c3c402b6588d1259)
Signed-off-by: Stan Hu <stanhu@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Updated the configuration file for libnl-3
* Added python include dir path to configuration file
(From OE-Core rev: e328400ec02300be1ce3c8a9f63d8b30f9fe2136)
Signed-off-by: Mihai Prica <mihai.prica@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The recipe exports $BINDIR as ${sbindir} and the build system uses this when
writing the DBus service file, so sedding it and replacing $base_sbindir with
$sbindir (/sbin and /usr/sbin) isn't useful when it ends up as
/usr/usr/sbin/wpa_supplicant.
[YOCTO: #3202]
(From OE-Core rev: 41388c3ae0f4d9cd07e1599fbe125123c20820f8)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
README file is changed.
Some phrases were reformulated, but the semanthics are the same.
Copyright has been renewed.
Both licenses (GPL v2 and BSD) have been added explicitly.
wpa_supplicant.c is changed regarding licenses body.
Copyright has been renewed.
(From OE-Core rev: 3c02800716aafbc12b15b3dbb3bad0dc3b942cc1)
Signed-off-by: Cristian Iorga <cristian.iorga@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* e.g. when upgrading in chroot
Configuring wpa-supplicant.
Reloading system message bus config: Failed to open connection to system message bus: Failed to connect to socket /var/run/dbus/system_bus_socket: Connection refused
but that shouldn't be fatal
(From OE-Core rev: 96a1b26c62ef33f6d10fe7ac9dcf5f93c683d6e8)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* first we install ${WORKDIR}/wpa_supplicant.conf-sane
install -m 600 ${WORKDIR}/wpa_supplicant.conf-sane ${D}${sysconfdir}/wpa_supplicant.conf
and a bit later in do_install we were overwritting it with ${WORKDIR}/wpa_supplicant.conf
install -m 644 ${WORKDIR}/wpa_supplicant.conf ${D}${sysconfdir}
* notice that this patch also changes .conf permissions from 644 back to 600
(From OE-Core rev: 583fdb62c73851b439bdf0c8e50f74073e566d5a)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* wpa-passphrase has its own package, but commit
4a4c568e25a08e9f222d723f9819582c9f895c58 broke it.
(From OE-Core rev: 7e4fcbb1ceac736c44bffc834f7e8f2b34ac4402)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* defconfig, init.sh, wpa_supplicant-0.5.7-always-scan.patch,
wpa_supplicant-fix-deprecated-dbus-function.patch and
wpa_supplicant_default.conf are not used by the recipe.
* default-sane gets installed but is unused.
(From OE-Core rev: 740b5baa511b40ee7bc3050770b6d5102e00f8f5)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fix a couple common typoes, all contained within comments so there
should be no effect on functionality.
(From OE-Core rev: dc52c3cbf3a7b7242d53019f7643495eb40c0566)
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Install phase currently edits files in $S with sed. This causes breakage
if install is run a second time (due to sstate hash rebuild for example)
The result is hidden build breakage, in particular
/usr/share/dbus-1/system-services/fi.w1.wpa_supplicant1.service now contains:
Exec=/usr/usr/sbin/wpa_supplicant -u
rather than:
Exec=/usr/sbin/wpa_supplicant -u
This patch does the sed edit after the files are copied to $D, which should be safe.
(From OE-Core rev: 857840472705af1c0fbb8db917b4bb6809b929a6)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* We have various variables which are either not quoted at all or are half
quoted. This patch fixes the bad exmaples so everything is consistent.
(From OE-Core rev: 960ee8076e860353a05eb2eb7f825a455c54698d)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton
Mikko Rapeli
Markus Lehtonen
Zheng Ruoqin
Zhixiong Chi
Jussi Kukkonen
Fan Xin
Otavio Salvador
Yue Tao
Khem Raj
Justin Capella
Cristian Iorga
Richard Purdie
Robert Yang
Yasir-Khan
Valentin Popa
Mikhail Durnev
Alexandre Belloni
Paul Eggleton
Steve Sakoman
Simon Busch
Roy.Li
Andreas Oberritter
Radu Moisan
Constantin Musca
Stan Hu
Mihai Prica
Andreas Müller
Martin Jansa
Robert P. J. Day