From df6a33a8d4115fcb7edd048f7dbfea054e9477b4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0tetiar?= Date: Mon, 8 Jun 2020 17:35:32 +0200 Subject: hostapd: update to latest Git hostap_2_9-1331-g5a8b366233f5 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bump to latest Git and refresh all patches in order to get fix for "UPnP SUBSCRIBE misbehavior in hostapd WPS AP" (CVE-2020-12695). General security vulnerability in the way the callback URLs in the UPnP SUBSCRIBE command are used were reported (VU#339275, CVE-2020-12695). Some of the described issues may be applicable to the use of UPnP in WPS AP mode functionality for supporting external registrars. Ref: https://w1.fi/security/2020-1/ Signed-off-by: Petr Štetiar --- .../hostapd/patches/015-mesh-do-not-use-offchan-mgmt-tx-on-DFS.patch | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'package/network/services/hostapd/patches/015-mesh-do-not-use-offchan-mgmt-tx-on-DFS.patch') diff --git a/package/network/services/hostapd/patches/015-mesh-do-not-use-offchan-mgmt-tx-on-DFS.patch b/package/network/services/hostapd/patches/015-mesh-do-not-use-offchan-mgmt-tx-on-DFS.patch index 3d623a65b2..7c6f249a0b 100644 --- a/package/network/services/hostapd/patches/015-mesh-do-not-use-offchan-mgmt-tx-on-DFS.patch +++ b/package/network/services/hostapd/patches/015-mesh-do-not-use-offchan-mgmt-tx-on-DFS.patch @@ -17,7 +17,7 @@ Signed-off-by: Peter Oh --- a/src/drivers/driver_nl80211.c +++ b/src/drivers/driver_nl80211.c -@@ -7788,6 +7788,10 @@ static int wpa_driver_nl80211_send_actio +@@ -7789,6 +7789,10 @@ static int wpa_driver_nl80211_send_actio u8 *buf; struct ieee80211_hdr *hdr; int offchanok = 1; @@ -28,7 +28,7 @@ Signed-off-by: Peter Oh if (is_ap_interface(drv->nlmode) && (int) freq == bss->freq && bss->beacon_set) -@@ -7816,6 +7820,21 @@ static int wpa_driver_nl80211_send_actio +@@ -7817,6 +7821,21 @@ static int wpa_driver_nl80211_send_actio os_memset(bss->rand_addr, 0, ETH_ALEN); } -- cgit v1.2.3