| Age | Commit message (Collapse) | Author |
|---|
|
Fixes the following security vulnerabilities:
EAP-pwd implementation in hostapd (EAP server) and wpa_supplicant (EAP
peer) was discovered not to validate fragmentation reassembly state
properly for a case where an unexpected fragment could be received. This
could result in process termination due to NULL pointer dereference.
For details, see the advisory:
https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
Use pkg-config to find openssl dependencies such as lz or latomic
Fix build on sparc v8 (even if there is no autobuilder failures yet)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
|
|
Fixes the following security vulnerabilities:
- CVE-2019-9494 (cache attack against SAE)
For details, see the advisory:
https://w1.fi/security/2019-1/sae-side-channel-attacks.txt
- CVE-2019-9495 (cache attack against EAP-pwd)
For details, see the advisory:
https://w1.fi/security/2019-2/eap-pwd-side-channel-attack.txt
- CVE-2019-9496 (SAE confirm missing state validation in hostapd/AP)
For details, see the advisory:
https://w1.fi/security/2019-3/sae-confirm-missing-state-validation.txt
- CVE-2019-9497 (EAP-pwd server not checking for reflection attack)
- CVE-2019-9498 (EAP-pwd server missing commit validation for scalar/element)
- CVE-2019-9499 (EAP-pwd peer missing commit validation for scalar/element)
For details, see the advisory:
https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt
Notice that SAE is not currently enabled in Buildroot, but the patches are
included here anyway for completeness.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
|
|
Added license hash, removed patches included in new version.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
|
|
Get rid of netlink dependency if the options selected allow that.
Signed-off-by: Alexander Mukhin <alexander.i.mukhin@gmail.com>
Reviewed-by: Sam Voss <sam.voss@rockwellcollins.com>
[Thomas/Arnout: use a if BR2_PACKAGE_HOSTAPD_VLAN .. endif block.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
|
|
According to hostapd's defconfig file, ACS is currently only supported
through the nl80211 driver. Search through the source code also confirms
that ACS machinery is present in the nl80211 driver only.
Although hostapd can be built with ACS enabled and nl80211 disabled, an
attempt to use ACS with other drivers by setting a wireless channel to 0
results in a runtime failure (driver doesn't accept this value). So we
might save a user from selecting a meaningless combination by making ACS
dependent on nl80211.
Signed-off-by: Alexander Mukhin <alexander.i.mukhin@gmail.com>
Reviewed-by: Sam Voss <sam.voss@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
|
|
Add support for the wired driver. Add configuration options to select
which drivers to build. Select DRIVER_NONE if no other drivers enabled
(this may be the case when building hostapd as a standalone RADIUS
server).
Update makefile logic and apply wireless-specific options only if at
least one wireless driver enabled. Otherwise, an attempt to build a
wired-only or RADIUS-only hostapd will fail.
Signed-off-by: Alexander Mukhin <alexander.i.mukhin@gmail.com>
Reviewed-by: Sam Voss <sam.voss@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
|
|
Add configuration options for hostapd to select which kind
of VLAN support to build.
Signed-off-by: Alexander Mukhin <alexander.i.mukhin@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
|
Changed HOSTAPD_PATCH= to HOSTAPD_PATCH+= to keep previously added
patches.
Signed-off-by: Alexander Mukhin <alexander.i.mukhin@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
|
Since kernel drivers for Realtek wireless chips use non-standard
interfaces, upstream hostapd does not support them. One have to apply
an external patch for hostapd to work with these chips. See:
https://github.com/pritambaral/hostapd-rtl871xdrv
A configuration option is added to enable support for Realtek chips,
and it's turned off by default.
Signed-off-by: Alexander Mukhin <alexander.i.mukhin@gmail.com>
Tested-by: Angelo Compagnucci <angelo.compagnucci@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
|
hostapd will not build with LibreSSL without patches, so let's support
only OpenSSL.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
|
Fixes CVE-2017-13082
http://lists.infradead.org/pipermail/hostap/2017-October/037989.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
hostapd project URL has been changed to w1.fi/hostapd.
The old domain epitest.fi has expired.
Signed-off-by: Alexander Mukhin <alexander.i.mukhin@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
|
Occurrences were searched using [1]:
check-package --include-only TrailingBackslash $(find * -type f)
and manually removed.
[1] http://patchwork.ozlabs.org/patch/729669/
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
|
We want to use SPDX identifier for license string as much as possible.
SPDX short identifier for BSD-3c is BSD-3-Clause.
This change is done using following command.
find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/BSD-3c/BSD-3-Clause/g'
Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
|
Remove all patches as they are applied to or were fetched from upstream.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
For convenience it's nice to have default hostapd.conf installed
on target automatically as a good starting point.
Otherwise user has to create it manually from scratch.
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>i
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
|
Add upstream patch fixing CVE-2016-2447: psk configuration parameter update
allowing arbitrary data to be written.
See http://w1.fi/security/2016-1/psk-parameter-config-update.txt for details.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
Add two patches to fix build issues with the musl libc.
The first patch "0003-vlan-fix-musl-build-error" fixes the undefined __caddr_t
build error. __caddr_t is a legacy BSD type and should be avoided in modern
implementations.
The second patch "0004-vlan-fix-musl-libc-conflict-with-Linux-kernel-header"
fixes a typical musl libc header conflict with the Linux kernel header. We avoid
including the conflicting Linux header file by defining the needed macros
directly in the needing hostapd source file.
Fixes:
http://autobuild.buildroot.net/results/c26/c265cfada20621a631e9d118b9633df80b0e4864/
http://autobuild.buildroot.net/results/658/658c5e2fe6e3a4ad74ca47c926426e95eac0b9ec/
http://autobuild.buildroot.net/results/578/5787805b3e1487c4f85c3a367ed88e8730078b8e/
http://autobuild.buildroot.net/results/42d/42d8be008dcb07e9ec26ce10c797deb43ed86568/
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
|
hostapd is licensed under BSD-3c only and not dual licensed.
Quoting from COPYING file
This software was previously distributed under BSD/GPL v2 dual license
terms that allowed either of those license alternatives to be
selected. As of February 11, 2012, the project has chosen to use only
the BSD license option for future distribution. As such, the GPL v2
license option is no longer used.
Reviewed-by: Abhimanyu Vishwakarma <Abhimanyu.Vishwakarma@imgtec.com>
Signed-off-by: Rahul Bedarkar <rahul.bedarkar@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
|
Make ACS (Automatic Channel Selection) support in hostapd optional.
There's a clash of standard vs. propietary solutions, hence when hostapd
has builtin ACS support (standard) and it's enabled (channel=0 in the
config) this will preclude the propietary driver from using ACS (it
won't work at all).
See:
http://e2e.ti.com/support/wireless_connectivity/f/307/p/465333/1669270
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
Fixes:
CVE-2015-5314 - hostapd: EAP-pwd missing last fragment length validation
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
|
Remove upstream patches.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
This commit adds patches for three different upstream security advisories. No
CVE numbers stated.
http://w1.fi/security/2015-2/wps-upnp-http-chunked-transfer-encoding.txt
http://w1.fi/security/2015-3/integer-underflow-in-ap-mode-wmm-action-frame.txt
http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
Now that IPv6 is mandatory remove package dependencies and conditionals
for it.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
|
This commit doesn't touch infra packages.
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
|
Also:
- remove patches: merged upstream
- update hash
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
|
Add a dependancy on host-pkgconf.
Signed-off-by: Romain Naour <romain.naour@openwide.fr>
Reported-by: Jörg Krause <jkrause@posteo.de>
Cc: Jörg Krause <jkrause@posteo.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
|
Since a while, the semantic of BR2_PREFER_STATIC_LIB has been changed
from "prefer static libraries when possible" to "use only static
libraries". The former semantic didn't make much sense, since the user
had absolutely no control/idea of which package would use static
libraries, and which packages would not. Therefore, for quite some
time, we have been starting to enforce that BR2_PREFER_STATIC_LIB
should really build everything with static libraries.
As a consequence, this patch renames BR2_PREFER_STATIC_LIB to
BR2_STATIC_LIBS, and adjust the Config.in option accordingly.
This also helps preparing the addition of other options to select
shared, shared+static or just static.
Note that we have verified that this commit can be reproduced by
simply doing a global rename of BR2_PREFER_STATIC_LIB to
BR2_STATIC_LIBS plus adding BR2_PREFER_STATIC_LIB to Config.in.legacy.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
|
|
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
hostapd calls fork() since last version bump.
Fixes:
http://autobuild.buildroot.net/results/945/94543b865db2ff5da34434fdcdf15ea7db73f392/
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
Fix CVE-2014-3686: wpa_cli and hostapd_cli action script execution vulnerability
(http://w1.fi/security/2014-1/wpacli-action-scripts.txt)
Signed-off-by: Jörg Krause <jkrause@posteo.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
Fixes:
http://autobuild.buildroot.org/results/dcb/dcbdc25cd5b46917c8f740d492db7512021462fa/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
|
Should have no functional change.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
Drop upstream patch.
CONFIG_IEEE80211W is now enabled by default.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Acked-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
Fixes #7166
hostapd crashes with segfault when using RT5370. This is because the driver
reports Beacon RX prior to hostapd having completed the AP mode setup.
This upstream commit fixes it.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
A rebase of Samuel Martin's http://patchwork.ozlabs.org/patch/312320/
hostapd doesn't use pkg-config and upstream likely wouldn't take a patch
to do so (hostapd/wpa_supplicant are used in android builds, and it
doesn't use any auto* stuff either) so pass it in LIBS since we
always build openssl with libz support.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
|
Rework .config file editing as was done for wpa_supplicant and bump to
version 2.1 which includes 802.11ac and ACS support.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
|
libnl-3 uses threads and this isn't accounted for in hostapd (or
libnl-3*.pc files for that matter - hostapd doesn't use pkg-config
anyway).
Since linking order matters for static scenarios also throw in -lnl-3
into LIBS first since it gets appended to in hostapd makefiles to add
libnl-3.
Fixes:
http://autobuild.buildroot.net/results/d4a/d4a9f44effeb08eda6c4b32764274ae81d185d5e/
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
This patch lines up the comments in Config.in files that clarify which
toolchain options the package depends on.
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
|
|
802.11ac support isn't enabled on purpose since it's broken on some
architectures.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
|
|
hostapd isn't API compatible with gnutls3 so remove support.
It's probably hardly used since openssl is far more common, and hostapd
can use its internal routines if it's not available.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
|
|
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
|
|
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
|
|
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
|
|
Fixes
http://autobuild.buildroot.net/results/813602e91ad4022957b3bc8d285ddb2b05d3b875/build-end.log
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
|
Also remove the redundant $(call ...).
This is a purely mechanical change, performed with
find package linux toolchain boot -name \*.mk | \
xargs sed -i -e 's/$(eval $(call GENTARGETS))/$(eval $(generic-package))/' \
-e 's/$(eval $(call AUTOTARGETS))/$(eval $(autotools-package))/' \
-e 's/$(eval $(call CMAKETARGETS))/$(eval $(cmake-package))/'
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
|
Enable IEEE 802.11u (interworking).
Also enable new supported EAP methods.
Switch from echo to sed where possible for a cleaner .config output
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
|
|
Bump to version 1.0
Also convert to gentargets.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
|
