Files
Mark Hatle 35076e347b hostapd: fix WPA2 key replay security bug
Note, hostapd and wpa_supplicant use the same sources.  This commit is based
on Ross Burton's change to OpenEmbedded-core.  Below is Ross's commit message
from OpenEmbedded-Core.

    WPA2 is vulnerable to replay attacks which result in unauthenticated users
    having access to the network.

    * CVE-2017-13077: reinstallation of the pairwise key in the Four-way handshake

    * CVE-2017-13078: reinstallation of the group key in the Four-way handshake

    * CVE-2017-13079: reinstallation of the integrity group key in the Four-way
    handshake

    * CVE-2017-13080: reinstallation of the group key in the Group Key handshake

    * CVE-2017-13081: reinstallation of the integrity group key in the Group Key
    handshake

    * CVE-2017-13082: accepting a retransmitted Fast BSS Transition Reassociation
    Request and reinstalling the pairwise key while processing it

    * CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS)
    PeerKey (TPK) key in the TDLS handshake

    * CVE-2017-13087: reinstallation of the group key (GTK) when processing a
    Wireless Network Management (WNM) Sleep Mode Response frame

    * CVE-2017-13088: reinstallation of the integrity group key (IGTK) when
    processing a Wireless Network Management (WNM) Sleep Mode Response frame

    Backport patches from upstream to resolve these CVEs.

    Signed-off-by: Ross Burton <ross.burton@intel.com>

The hunk:

[PATCH 7/8] WNM: Ignore WNM-Sleep Mode Response without pending request

does not apply to hostapd and was removed from the patch.

Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
(cherry picked from commit ed6b5da874)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-10-16 14:39:31 -07:00

49 lines
1.5 KiB
BlitzBasic

HOMEPAGE = "http://w1.fi/hostapd/"
SECTION = "kernel/userland"
LICENSE = "GPLv2 | BSD"
LIC_FILES_CHKSUM = "file://${B}/README;md5=8aa4e8c78b59b12016c4cb2d0a8db350"
DEPENDS = "libnl openssl"
SUMMARY = "User space daemon for extended IEEE 802.11 management"
inherit update-rc.d systemd
INITSCRIPT_NAME = "hostapd"
SYSTEMD_SERVICE_${PN} = "hostapd.service"
SYSTEMD_AUTO_ENABLE_${PN} = "disable"
SRC_URI = " \
http://w1.fi/releases/hostapd-${PV}.tar.gz \
file://defconfig \
file://init \
file://hostapd.service \
file://key-replay-cve-multiple.patch \
"
S = "${WORKDIR}/hostapd-${PV}"
B = "${WORKDIR}/hostapd-${PV}/hostapd"
do_configure() {
install -m 0644 ${WORKDIR}/defconfig ${B}/.config
}
do_compile() {
export CFLAGS="-MMD -O2 -Wall -g -I${STAGING_INCDIR}/libnl3"
make
}
do_install() {
install -d ${D}${sbindir} ${D}${sysconfdir}/init.d ${D}${systemd_unitdir}/system/
install -m 0644 ${B}/hostapd.conf ${D}${sysconfdir}
install -m 0755 ${B}/hostapd ${D}${sbindir}
install -m 0755 ${B}/hostapd_cli ${D}${sbindir}
install -m 755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/hostapd
install -m 0644 ${WORKDIR}/hostapd.service ${D}${systemd_unitdir}/system/
sed -i -e 's,@SBINDIR@,${sbindir},g' -e 's,@SYSCONFDIR@,${sysconfdir},g' ${D}${systemd_unitdir}/system/hostapd.service
}
CONFFILES_${PN} += "${sysconfdir}/hostapd.conf"
SRC_URI[md5sum] = "eaa56dce9bd8f1d195eb62596eab34c7"
SRC_URI[sha256sum] = "01526b90c1d23bec4b0f052039cc4456c2fd19347b4d830d1d58a0a6aea7117d"