mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-07-16 04:17:25 +00:00
35076e347b
Note, hostapd and wpa_supplicant use the same sources. This commit is based
on Ross Burton's change to OpenEmbedded-core. Below is Ross's commit message
from OpenEmbedded-Core.
WPA2 is vulnerable to replay attacks which result in unauthenticated users
having access to the network.
* CVE-2017-13077: reinstallation of the pairwise key in the Four-way handshake
* CVE-2017-13078: reinstallation of the group key in the Four-way handshake
* CVE-2017-13079: reinstallation of the integrity group key in the Four-way
handshake
* CVE-2017-13080: reinstallation of the group key in the Group Key handshake
* CVE-2017-13081: reinstallation of the integrity group key in the Group Key
handshake
* CVE-2017-13082: accepting a retransmitted Fast BSS Transition Reassociation
Request and reinstalling the pairwise key while processing it
* CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS)
PeerKey (TPK) key in the TDLS handshake
* CVE-2017-13087: reinstallation of the group key (GTK) when processing a
Wireless Network Management (WNM) Sleep Mode Response frame
* CVE-2017-13088: reinstallation of the integrity group key (IGTK) when
processing a Wireless Network Management (WNM) Sleep Mode Response frame
Backport patches from upstream to resolve these CVEs.
Signed-off-by: Ross Burton <ross.burton@intel.com>
The hunk:
[PATCH 7/8] WNM: Ignore WNM-Sleep Mode Response without pending request
does not apply to hostapd and was removed from the patch.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
(cherry picked from commit ed6b5da874)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
49 lines
1.5 KiB
BlitzBasic
49 lines
1.5 KiB
BlitzBasic
HOMEPAGE = "http://w1.fi/hostapd/"
|
|
SECTION = "kernel/userland"
|
|
LICENSE = "GPLv2 | BSD"
|
|
LIC_FILES_CHKSUM = "file://${B}/README;md5=8aa4e8c78b59b12016c4cb2d0a8db350"
|
|
DEPENDS = "libnl openssl"
|
|
SUMMARY = "User space daemon for extended IEEE 802.11 management"
|
|
|
|
inherit update-rc.d systemd
|
|
INITSCRIPT_NAME = "hostapd"
|
|
|
|
SYSTEMD_SERVICE_${PN} = "hostapd.service"
|
|
SYSTEMD_AUTO_ENABLE_${PN} = "disable"
|
|
|
|
SRC_URI = " \
|
|
http://w1.fi/releases/hostapd-${PV}.tar.gz \
|
|
file://defconfig \
|
|
file://init \
|
|
file://hostapd.service \
|
|
file://key-replay-cve-multiple.patch \
|
|
"
|
|
|
|
S = "${WORKDIR}/hostapd-${PV}"
|
|
B = "${WORKDIR}/hostapd-${PV}/hostapd"
|
|
|
|
do_configure() {
|
|
install -m 0644 ${WORKDIR}/defconfig ${B}/.config
|
|
}
|
|
|
|
do_compile() {
|
|
export CFLAGS="-MMD -O2 -Wall -g -I${STAGING_INCDIR}/libnl3"
|
|
make
|
|
}
|
|
|
|
do_install() {
|
|
install -d ${D}${sbindir} ${D}${sysconfdir}/init.d ${D}${systemd_unitdir}/system/
|
|
install -m 0644 ${B}/hostapd.conf ${D}${sysconfdir}
|
|
install -m 0755 ${B}/hostapd ${D}${sbindir}
|
|
install -m 0755 ${B}/hostapd_cli ${D}${sbindir}
|
|
install -m 755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/hostapd
|
|
install -m 0644 ${WORKDIR}/hostapd.service ${D}${systemd_unitdir}/system/
|
|
sed -i -e 's,@SBINDIR@,${sbindir},g' -e 's,@SYSCONFDIR@,${sysconfdir},g' ${D}${systemd_unitdir}/system/hostapd.service
|
|
}
|
|
|
|
CONFFILES_${PN} += "${sysconfdir}/hostapd.conf"
|
|
|
|
SRC_URI[md5sum] = "eaa56dce9bd8f1d195eb62596eab34c7"
|
|
SRC_URI[sha256sum] = "01526b90c1d23bec4b0f052039cc4456c2fd19347b4d830d1d58a0a6aea7117d"
|
|
|