| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Jeff Kletsky noted in his patch titled:
"utils/spidev_test: Update to current source from upstream Linux"
that the spidev_test utility OpenWrt ships is severly out of date.
Instead of updating the spidev_test.c from the current kernel,
this patch replaces the package building code to utilize the
very file that gets shipped with the kernel we compiling for
anyway much like the "perf" package already does.
Reported-by: Jeff Kletsky <git-commits@allycomm.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
|
| |
|
|
|
|
|
| |
also fixes the annoying repeating syslog
lldp[]: unable to get system name
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
|
| |
|
|
|
|
| |
Support for CDP PD PoE
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This patch updates ath10k-ct to current version.
Changes are:
ath10k-ct: Fix printing PN in peer stats.
Previous logic was incorrect. Also add set-special API to enable
returning PN.
Patches refreshed and tested on 8devices Jalapeno dev board(IPQ4019)
Signed-off-by: Robert Marko <robimarko@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Release notes since last time:
Release notes for wave-1:
2019-04-02: Support some get/set API for eeprom rate power tables.
Mostly backported from 10.2
2019-04-02: Support adaptive-CCA, backported from 10.2
2019-04-02: Support adding eeprom configAddr pairs via the
set-special API. These configAddrs can be used to change
the default register settings for up to 12 registers.
2019-05-03: Fix tx-power settings for 2x2, 3x3 rates.
Original logic I put in back in 2016 set 2x2 and 3x3 lower
than the needed to be when using most NICs (very high
powered NICs would not have been affected I think, not sure
any of those exist though.)
This improves throughput for 2x2 and 3x3 devices,
especially when the signal is weaker.
Release notes for wave-2:
2019-04-08: When setting keys, if high bit of high value of
key_rsc_counter is set to 0x1, then the lower 48 bits will
be used as the PN value. By default, PN is set to 1 each
time the key is set.
2019-04-08: Pack PN into un-used 'excretries' aka
'num_pkt_loss_excess_retry' high 16 bits.
This lets us report peer PN, but *only* if driver has
previously set a PN when setting key (or set-special cmd is
used to enable PN reporting).
This is done so that we know the driver is recent
enough to deal with the PN stat reporting.
2019-04-16: Support specifying tx rate on a per-beacon packet.
See ath10k_wmi_op_gen_beacon_dma and
ath10k_convert_hw_rate_to_rate_info for API details.
Driver needs additional work to actually enable this
feature currently.
2019-04-30: Compile out tx-prefetch caching logic.
It is full of tricky bugs that cause tx hangs.
I fixed at least one, but more remain and I have wasted too
much time on this already.
2019-05-08: Start rate-ctrl at mcs-3 instead of mcs-5.
This significantly helps DHCP happen quickly, probably
because the initial rate being too high would take a while
to ramp down, especially since there are few packets sent
by the time DHCP needs to start.
This bug was triggered by me decreasing retries of 0x1e
(upstream default) to 0x4. But, I think it is better to
start with lower initial MCS instead of always having a
very high retry count.
Tested on 8devices Jalapeno dev board(IPQ4019)
Signed-off-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [neatify]
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Recently, upgrade device autodetection has been added to the mvebu target.
This exposes some shortcomings of the generic export_bootdevice function,
e.g. on the Turris Omnia: export_bootdevice silently reports the root
partition to be the boot device. This makes the sysupgrade process fail at
several places.
Fix this by clearly distinguishing between /proc/cmdline arguments which
specify the boot disk, and those which specify the root partition. Only in
the latter case, strip off the partition, and do it consistently.
root=PARTUUID=<pseudo PARTUUID for MBR> (any partition) and root=/dev/*
(any partition) are accepted.
The root of the problem is that the *existing* export_bootdevice in
/lib/upgrade/common.sh behaves differently, if the kernel is booted with
root=/dev/..., or if it is booted with root=PARTUUID=...
In the former case, it reports back major/minor of the root partition,
in the latter case it reports back major/minor of the complete boot disk.
Targets, which boot with root=/dev/... *and* use export_bootdevice /
export_partdevice, have added workarounds to this behaviour, by specifying
*negative* increments to the export_partdevice function.
Consequently, those targets have to be adapted to use positive increments,
otherwise they are broken by the change to export_bootdevice.
Fixes: 4e8345ff68 ("mvebu: base-files: autodetect upgrade device")
Signed-off-by: Klaus Kudielka <klaus.kudielka@gmail.com>
Tested-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
MT7620 integrated WMAC does not need RT2x00 PCI driver or firmware
Also corrected kmod-eeprom-93cx6 and kmod-lib-crc-itu-t dependencies
according to original Kconfig and lsmod output
This will remove some unnecessary packages from MT7620 target to
save some space
Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[75 characters per line in the commit message]
|
| |
|
|
|
|
| |
1361b97 container: include stdbool.h
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
| |
f6fb700 interface-ip: fine tune IPv6 mtu warning
975a5c4 interface: tidy ipv6 mtu warning
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
| |
9b35439 procd: detect lxc container and behave accordingly
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
| |
Probably glibc too. argp_help takes a char *. not const char *.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
[updated with upstream version of the patch]
|
| |
|
|
|
|
|
| |
This version has important change for tegra boards which is reserving
32MB memory for Linux kernel instead of current 16MB.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of these changes is to introduce a hook for post service
shutdown in a similar fashion to the existing hook service_started. I
found it to be useful to specify a hook that is called once the service
has been stopped and not before the service is stopped like the
stop_service hook does.
The concrete use case I have for this is that I'm running a binary that
takes over the hardware watchdog timer. Said binary unfortunately can
not use ubus directly to tell procd to hand over the watchdog timer so
this has to be done in the service file for the binary in question. In
order to support a clean handover of the watchdog timer back to procd,
the service init script has to dispatch the ubus invocation once the
binary in question has been stopped.
Signed-off-by: Arthur Skowronek <ags@digineo.de>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
[added commit message, use the same form as other hooks]
|
| |
|
|
|
|
|
|
|
|
| |
No target is using kernel 3.18 anymore, remove all the generic
support for kernel 3.18.
The removed packages are depending on kernel 3.18 only and are not used on
any recent kernel.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This target only supports kernel 3.18, which is not supported in OpenWrt
any more for multiple releases. It also looks like there is no active
maintainer for this target.
Remove the code and all the packages which are only used by this target.
To add this target to OpenWrt again port it to a recent and supported
kernel version.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This target only supports kernel 4.1, which is not supported in OpenWrt
any more for multiple releases. It also looks like there is no active
maintainer for this target.
Remove the code and all the packages which are only used by this target.
To add this target to OpenWrt again port it to a recent and supported
kernel version.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This target only supports kernel 3.18, which is not supported in OpenWrt
any more for multiple releases. It also looks like there is no active
maintainer for this target.
Remove the code and all the packages which are only used by this target.
To add this target to OpenWrt again port it to a recent and supported
kernel version.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This target only supports kernel 3.18, which is not supported in OpenWrt
any more for multiple releases. It also looks like there is no active
maintainer for this target.
Remove the code and all the packages which are only used by this target.
To add this target to OpenWrt again port it to a recent and supported
kernel version.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
| |
This should be helpful for implementing service_running() in procd init
scripts.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Acked-by: John Crispin <john@phrozen.org>
|
| |
|
|
|
|
| |
01f3dc8 instance: dump user and group as well
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Sometimes is desirable to run a process with a specific group id
instead of the default one which is derived from passwd entry.
This can be achived now by using procd_set_param group $mygroup.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_SOURCE_VERSION update]
|
| |
|
|
|
|
|
|
|
| |
Optional syslog facility can be set by adding procd_set_param facility
$myfacility.
While at, also add stdout/stderr documentation.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_SOURCE_VERSION update]
|
| |
|
|
|
|
|
|
| |
Currently Auto probing for BMP/BME280 does not work because kernel
module name in the call is not correct.
Package name was used instead of kernel module name.
Signed-off-by: Robert Marko <robimarko@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Some of changes:
* Support for local-name()
* General refactoring
* Better parsing performance
* Fix possible buffer overflow & memleak
* Validation checks
* More commit functions (file, buffer, fd)
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
| |
|
|
|
|
|
| |
cfaed56 procd: add SIGPWR as signal
a30a8fd procd: copy the respawn property of new instance
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Support for RT3883/RT3663 was merged upstream [1]. Use that patch
instead of our original series. The resulting source tree is
exactly identical, this commit is merely reorganizing the patches.
[1]: https://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next.git/commit/?id=d0e61a0f7cca51ce340a5a73595189972122ff25
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
|
|
| |
Add a conditional to the individual package's for the kmods in DEPENDS.
This avoids the need to compile the kernel modules when the crypto
engine packages are not selected. The final binares are not affected by
this.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Tested-by: Rosen Penev <rosenp@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
*Fixes:
-CVE-2019-7150
-CVE-2019-7149
-CVE-2019-7146
-CVE-2019-7665
-CVE-2019-7664
-CVE-2019-7148
*Refresh 003-libintl-compatibility.patch
*Also reset PKG_RELEASE.
Signed-off-by: Jose Olivera <oliverajeo@gmail.com>
|
| |
|
|
|
|
|
| |
struct ieee80211_local needs to be passed in separately instead of
dereferencing the (potentially NULL) sdata
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
9cd701a4f028 ath10k-ct: Add PN get/set API for wave-2 firmware.
5c8a4668323b ath10k-ct: Support over-riding the power ctl table in eeprom
75e2705f31bb ath10k-ct: CCA, eeprom, other changes.
a696e602a0fc ath10k-ct: Attempt to fix-out-of-tree compile for 4.16
a2aec62262df ath10k: Improve beacon tx status for 4.20 kernel.
be5c21a82b15 ath10k-ct: Fix out-of-tree compile for 4.20, pull in stable changes for 4.19
Fixes compile errors when using the 4.20 flavour.
Also the amount of beacon errors seems to have dropped.
Tested on a Mikrotik RB912UAGS-5HPacD
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
| |
|
|
|
|
|
|
|
|
| |
This reverts commit c6aa9ff38870a30dbe6da17e4edad6039fe10ddf.
Further testing has revealed that we will need to allow concurrent
requests after all, especially for situations where CGI processes
initiate further HTTP requests to the local host.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
| |
|
|
| |
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
|
| |
|
|
|
|
|
|
| |
This applies an upstream patch that fixes a OPENSSL_config() bug that
causes SSL initialization to fail when the openssl.cnf file is not
found. The config file is not installed by default.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
4a9d2005 Update manual pages
acf6a922 Bump up version number to 1.38.0, LT revision to 31:3:17
4ff45821 Update AUTHORS
42dce01e Merge branch 'nghttpx-fix-backend-selection-on-retry'
a35059e3 nghttpx: Fix bug that altered authority and path affect backend selection
5a30fafd Merge branch 'nghttpx-fix-chunked-request-stall'
dce91ad3 Merge branch 'nghttpx-dont-log-authorization'
2cff8b43 nghttpx: Fix bug that chunked request stalls
be96654d nghttpx: Don't log authorization request header field value with -LINFO
ce962c3f Merge branch 'update-http-parser'
f931504e Update http-parser to v2.9.1
d978f351 Fix bug that on_header callback is still called after stream is closed
ec519f22 Merge pull request #1270 from baitisj/master
e8b213e3 Bump up version number to 1.38.0-DEV
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
| |
6633efe router: fix dns search list option
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
| |
This can save ~16KBytes size for the ipk
Signed-off-by: Rosy Song <rosysong@rosinson.com>
|
| |
|
|
|
|
|
| |
This includes some USB fixes and early work on FullMAC firmware crash
recovery.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
38bc630 router: use ra_lifetime as lifetime for RA options (FS#2206)
0523bdd router: improve code readibility
0a3b279 Revert "router:"
207f8e0 treewide: align syslog loglevels
f1d7da9 router:
0e048ac treewide: fix compiler warnings
83698f6 CMakeList.txt: enable extra compiler checks
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.
To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Enable engine support by default. Right now, some packages require
this, so it is always enabled by the bots. Many packages will compile
differently when engine support is detected, needing engine symbols from
the libraries.
However, being off by default, a user compiling its own image will fail
to run some popular packages from the official repo.
Note that disabling engines did not work in 1.0.2, so this problem never
showed up before.
NPN support has been removed in major browsers & servers, and has become
a small bloat, so it does not make sense to leave it on by default.
Remove deprecated CONFIG_ENGINE_CRYPTO symbol that is no longer needed.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently the Geode builds fails on following kernel module missing
dependencies:
Package kmod-drm-amdgpu is missing dependencies for the following libraries:
backlight.ko
drm_kms_helper.ko
fb.ko
ttm.ko
So this patch tries to fix the kmod-drm-amdgpu module dependecies.
Fixes: 2f239c0 ("x86: video: add amdgpu DRM kernel package")
Fixes: 2f6918e ("x86: video: add radeon DRM module support")
Tested-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 6e060bd62c85 introduced a dependency to the dialout group.
Adding this group to the "group" file in the base-files package is not
enough to handle this dependency, because after a sysupgrade this entry
will be missing in the "group" file.
To address this problem the dependencies to the required groups needs to
be set in the Makefile of the procd package.
Then, the uci-default script "13_fix_group_user" will add the groups
on first boot-up after a sysupgrade.
Fixes: 6e060bd62c85 ("base-files/hotplug: fix dedicated group for tty devices")
Tested-by: Michael Heimpold <mhei@heimpold.de>
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
|
| |
|
|
|
|
|
|
| |
666c14f system-linux: remove debug tracing
08989e4 interface: add neighbor config support
bfd4de3 interface: fix "if-down" hotplug event handling
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Both targets have their own idea of how to use ehci-fsl.
This patch reverts part of commit
68b8d3b0796d ("kernel: usb: add FSL EHCI package") and moves
ehci-fsl back into kmod-usb2, while also making it hopefully
useable for the mpc85xx target.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
24f9dc7 Iron out all extra compiler warnings
9d8dbc9 Enable extra compiler checks
ff8d356 mbim-proxy support
ccca03f umbim: add registration set support
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
| |
|
|
|
|
|
| |
Add a patch for mwl8k which fixes endless reboot loops on Linksys EA4500
with certain 5G configurations.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
| |
|
|
|
|
|
| |
Add kernel module package for the Freescale USB2 EHCI used on the
mpc85xx platform.
Signed-off-by: David Bauer <mail@david-bauer.net>
|
| |
|
|
|
|
|
|
| |
Replace the patch introduced by commit d0b969eee8 ("mac80211: rt2x00:
do not increment sequence number while re-transmitting") was merged
into wireless-drivers.git. Replace our version with the merged version.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
| |
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
EAP-pwd missing commit validation
Published: April 10, 2019
Identifiers:
- CVE-2019-9497 (EAP-pwd server not checking for reflection attack)
- CVE-2019-9498 (EAP-pwd server missing commit validation for
scalar/element)
- CVE-2019-9499 (EAP-pwd peer missing commit validation for
scalar/element)
Latest version available from: https://w1.fi/security/2019-4/
Vulnerability
EAP-pwd implementation in hostapd (EAP server) and wpa_supplicant (EAP
peer) was discovered not to validate the received scalar and element
values in EAP-pwd-Commit messages properly. This could result in attacks
that would be able to complete EAP-pwd authentication exchange without
the attacker having to know the used password.
A reflection attack is possible against the EAP-pwd server since the
hostapd EAP server did not verify that the EAP-pwd-Commit contains
scalar/element values that differ from the ones the server sent out
itself. This allows the attacker to complete EAP-pwd authentication
without knowing the password, but this does not result in the attacker
being able to derive the session key (MSK), i.e., the attacker would not
be able to complete the following key exchange (e.g., 4-way handshake in
RSN/WPA).
An attack using invalid scalar/element values is possible against both
the EAP-pwd server and peer since hostapd and wpa_supplicant did not
validate these values in the received EAP-pwd-Commit messages. If the
used crypto library does not implement additional checks for the element
(EC point), this could result in attacks where the attacker could use a
specially crafted commit message values to manipulate the exchange to
result in deriving a session key value from a very small set of possible
values. This could further be used to attack the EAP-pwd server in a
practical manner. An attack against the EAP-pwd peer is slightly more
complex, but still consider practical. These invalid scalar/element
attacks could result in the attacker being able to complete
authentication and learn the session key and MSK to allow the key
exchange to be completed as well, i.e., the attacker gaining access to
the network in case of the attack against the EAP server or the attacker
being able to operate a rogue AP in case of the attack against the EAP
peer.
While similar attacks might be applicable against SAE, it should be
noted that the SAE implementation in hostapd and wpa_supplicant does
have the validation steps that were missing from the EAP-pwd
implementation and as such, these attacks do not apply to the current
SAE implementation. Old versions of wpa_supplicant/hostapd did not
include the reflection attack check in the SAE implementation, though,
since that was added in June 2015 for v2.5 (commit 6a58444d27fd 'SAE:
Verify that own/peer commit-scalar and COMMIT-ELEMENT are different').
Vulnerable versions/configurations
All hostapd versions with EAP-pwd support (CONFIG_EAP_PWD=y in the build
configuration and EAP-pwd being enabled in the runtime configuration)
are vulnerable against the reflection attack.
All wpa_supplicant and hostapd versions with EAP-pwd support
(CONFIG_EAP_PWD=y in the build configuration and EAP-pwd being enabled
in the runtime configuration) are vulnerable against the invalid
scalar/element attack when built against a crypto library that does not
have an explicit validation step on imported EC points. The following
list indicates which cases are vulnerable/not vulnerable:
- OpenSSL v1.0.2 or older: vulnerable
- OpenSSL v1.1.0 or newer: not vulnerable
- BoringSSL with commit 38feb990a183 ('Require that EC points are on the
curve.') from September 2015: not vulnerable
- BoringSSL without commit 38feb990a183: vulnerable
- LibreSSL: vulnerable
- wolfssl: vulnerable
Acknowledgments
Thanks to Mathy Vanhoef (New York University Abu Dhabi) for discovering
and reporting the issues and for proposing changes to address them in
the implementation.
Possible mitigation steps
- Merge the following commits to wpa_supplicant/hostapd and rebuild:
CVE-2019-9497:
EAP-pwd server: Detect reflection attacks
CVE-2019-9498:
EAP-pwd server: Verify received scalar and element
EAP-pwd: Check element x,y coordinates explicitly
CVE-2019-9499:
EAP-pwd client: Verify received scalar and element
EAP-pwd: Check element x,y coordinates explicitly
These patches are available from https://w1.fi/security/2019-4/
- Update to wpa_supplicant/hostapd v2.8 or newer, once available
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
[bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
hostapd: fix SAE confirm missing state validation
Published: April 10, 2019
Identifiers:
- CVE-2019-9496 (SAE confirm missing state validation in hostapd/AP)
Latest version available from: https://w1.fi/security/2019-3/
Vulnerability
When hostapd is used to operate an access point with SAE (Simultaneous
Authentication of Equals; also known as WPA3-Personal), an invalid
authentication sequence could result in the hostapd process terminating
due to a NULL pointer dereference when processing SAE confirm
message. This was caused by missing state validation steps when
processing the SAE confirm message in hostapd/AP mode.
Similar cases against the wpa_supplicant SAE station implementation had
already been tested by the hwsim test cases, but those sequences did not
trigger this specific code path in AP mode which is why the issue was
not discovered earlier.
An attacker in radio range of an access point using hostapd in SAE
configuration could use this issue to perform a denial of service attack
by forcing the hostapd process to terminate.
Vulnerable versions/configurations
All hostapd versions with SAE support (CONFIG_SAE=y in the build
configuration and SAE being enabled in the runtime configuration).
Possible mitigation steps
- Merge the following commit to hostapd and rebuild:
SAE: Fix confirm message validation in error cases
These patches are available from https://w1.fi/security/2019-3/
- Update to hostapd v2.8 or newer, once available
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
[bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
