Commit Graph

82 Commits

Author SHA1 Message Date
Peter Korsgaard
8d07baab43 Merge branch 'next'
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-06-07 17:14:37 +02:00
Sam Voss
93b8d601bc package/hostapd: add upstream patch to fix CVE-2021-27803
Fixes the following:

- CVE-2021-27803: A vulnerability was discovered in how p2p/p2p_pd.c in
wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision
discovery requests. It could result in denial of service or other impact
(potentially execution of arbitrary code), for an attacker within radio
range.

Signed-off-by: Sam Voss <sam.voss@collins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-06-01 21:47:51 +02:00
Yann E. MORIN
c2a1f906d6 package/{hostapd,wpa_supplicant}: alphabetical order to select openssl features
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-27 17:35:52 +02:00
Sergey Matyukevich
a92e4f992b package/hostapd: enable DES in openssl
Hostapd/wpa_supplicant crypto backend assumes that openssl always
provides DES support. However DES support in openssl has become
optional since  commit a83d41867c ("package/libopenssl: add
option to enable some features").

Select openssl DES support in hostapd Kconfig to avoid
build failures.

Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-26 23:31:49 +02:00
Sergey Matyukevich
bbf123d9ca package/hostapd: enable MD4 in openssl
Hostapd assumes that openssl always provides MD4 support. However MD4
support in openssl has become optional since  commit a83d41867c
("package/libopenssl: add option to enable some features").

Select openssl MD4 support in hostapd Kconfig to avoid build failures.

Fixes:
http://autobuild.buildroot.net/results/09ce1d8009da98cd2a3f2c8488abaa9f060a9d6b/

Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-22 21:58:31 +02:00
Sergey Matyukevich
75496165dc package/hostapd: fix build with CVE-2021-30004 changes
Commit d65586f45a ("package/hostapd: add upstream patch to fix
CVE-2021-30004") added security patch from hostapd upstream without
required ASN.1 helpers. Backport and adapt two commits from the
hostapd upstream to add missing headers and helpers.

Fixes:
http://autobuild.buildroot.net/results/8f56cf556efbf447633ce873a21635f5adbc3cd2/

Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
[yann.morin.1998@free.fr: slightly reformat the patches]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-20 11:10:57 +02:00
Peter Korsgaard
d65586f45a package/hostapd: add upstream patch to fix CVE-2021-30004
Fixes the following security issue for the internal TLS backend:

- CVE-2021-30004: In wpa_supplicant and hostapd 2.9, forging attacks may
  occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c
  and tls/x509v3.c.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-28 12:11:43 +02:00
Matt Weber
3d3348fd03 package/hostapd: ignore CVE-2021-30004 when using openssl
The CVE can be ignored when the internal TLS impl isn't used.

https://security-tracker.debian.org/tracker/CVE-2021-30004
 "Issue only affects the "internal" TLS implementation
 (CONFIG_TLS=internal)"

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-24 11:28:02 +02:00
Yann E. MORIN
8ecb041c87 Revert "package/libopenssl does not support riscv32"
Now that we have a backport from upstream with a proper fix for the
build on riscv32 *and* a proper implementationfor 64-bit time structs,
we can re-activate the build on riscv32.

This partially reverts commit c72be5dd2f.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Alistair Francis <alistair.francis@wdc.com>
Cc: Matthew Weber <matthew.weber@rockwellcollins.com>
Cc: Mark Corbin <mark@dibsco.co.uk>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-03-11 21:22:10 +01:00
Yann E. MORIN
c72be5dd2f package/libopenssl does not support riscv32
riscv32 is (surprise!) a 32-bit architecture. But it has been Y2038-safe
from its inception. As such, there are no legacy binaries that may use
the 32-bit time syscalls, and thus they are not available on riscv32.

Code that directly calls to the syscalls without using the C libraries
wrappers thus need to handle this case by themselves. That's what
upstream tried to do with:
    5b5e2985f3

We initially carried that patch with 2bb26c1a1d (package/libopenssl:
fix build on riscv32).

However, as Arnd Bergmann puts it [0]:

    The patch looks wrong to me: __NR_io_pgetevents_time64 must be used
    whenever time_t is 64-bit wide on a 32-bit architecture, while
    __NR_io_getevents/__NR_io_pgetevents must be used when time_t is the
    same width as 'long'.

    Checking whether __NR_io_getevents is defined is wrong for all
    architectures other than riscv

And Arnd agrees that patch should be reverted [1] [2] (there are further
comments in that stream, that are worth reading).

As such, we've reverted 2bb26c1a1d with 6cfb4ad7f7.

This means we have no working solution to enable openssl on riscv32 for
now. So, rather than fail the build, or backport a dysfunctional patch,
let's just forbid openssl on riscv32.

Drop the default from the choice selection; it was anyway superfluous:
the default of a choice, if left unspecified, is the first entry of the
choice. Also, having a default means we'd have to also propagate the
dependencies of the defaulted-to symbol, which is yet a little bit more
maintenance. Since the chances we get a third implementation of openssl
are pretty slim (very, very slim), reasoning about what is the default
is still very easy.

When propagating dependencies to tpm2-tss' users, we've tried to keep
the architecture dependency toward the top when possible, and otherwise
we've added it together with existing arch dependencies (MMU).

While at it, drop a useless redundant comment in ibm-sw-tpm2: if we
select FORCE_LIBOPENSSL, it is obvious that's because libressl is not
supported... Besides none of the other users of FORCE_LIBOPENSSL have
such a comment.

Fixes:
    http://autobuild.buildroot.org/results/eb9/eb9a64d4ffae8569b5225083f282cf87ffa7c681/
    ...
    http://autobuild.buildroot.org/results/07e/07e413b24ba8adc9558c80267ce16dda339bf032/

[0] 5b5e2985f3 (commitcomment-44782859)
[1] 5b5e2985f3 (commitcomment-47826509)
[2] 5b5e2985f3 (commitcomment-47830530)

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Matthew Weber <matthew.weber@rockwellcollins.com>
Cc: Mark Corbin <mark@dibsco.co.uk>
2021-03-04 22:53:08 +01:00
Matt Weber
63332c33aa package: provide CPE ID details for numerous packages
This patch adds CPE ID information for a significant number of
packages.

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-04 21:43:54 +01:00
Peter Korsgaard
9b020359b1 package/hostapd: add upstream 2020-1 security patches
Fixes the following security vulnerabilities:

CVE-2020-12695: The Open Connectivity Foundation UPnP specification before
2020-04-17 does not forbid the acceptance of a subscription request with a
delivery URL on a different network segment than the fully qualified
event-subscription URL, aka the CallStranger issue.

For details, see the advisory:
https://w1.fi/security/2020-1/upnp-subscribe-misbehavior-wps-ap.txt

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-08-24 22:38:51 +02:00
Fabrice Fontaine
749fbab0bb package/hostapd: fix CVE-2019-16275
hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect
indication of disconnection in certain situations because source address
validation is mishandled. This is a denial of service that should have
been prevented by PMF (aka management frame protection). The attacker
must send a crafted 802.11 frame from a location that is within the
802.11 communications range.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-04-02 21:53:23 +02:00
Sergey Matyukevich
47d14e3b1c package/hostapd: disable TEAP for internal TLS implementation
Hostapd TEAP support fails to build when internal TLS implementation
is selected. TEAP is still an experimental feature that is not
recommmended for production use. Currently it should not be used for
anything else than experimentation and interoperability testing.

Disable TEAP when internal TLS implementation is selected. Those
who needs experimenting with TEAP are encouraged to enable openssl
in their buildroot configuration.

Fixes:
http://autobuild.buildroot.net/results/f88/f880b1a430ebd6f97885103a622f1a4d9ec6de3a

Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2019-10-11 23:38:37 +02:00
Sergey Matyukevich
319ff11dda package/hostapd: enable Linux ioctls for VLANs
Hostapd v2.9 follows the approach taken by bridge-utils and attempts
to use new bridge ioctls whenever possible. New bridge calls are
enabled in hostapd build using NEED_LINUX_IOCTL configuration option.
That switch is enabled for all the practical configurations excluding
wired driver. However it is required to support dynamic VLANs in
any configuration.

Enable NEED_LINUX_IOCTL hostapd configuration option whenever
dynamic VLANs support is requested in buildroot.

Fixes:
http://autobuild.buildroot.net/results/71a/71aa92578622a266b4bed92b66a65438bc32cbd6

Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2019-10-11 23:38:37 +02:00
Sergey Matyukevich
90878dcc8d package/hostapd: add Config.in option for WPA3 support
New hostapd v2.9 supports WPA3 features such as OWE, SAE, DPP.
Those features are disabled by default in defconfig, so no
dependency from openssl is requried unless WPA3 support
is enabled.

This patch adds Config.in option for WPA3 support in hostapd.
When this option is selected, libopenssl is also selected and
WPA3 features including OWE, SAE, DPP are enabled in hostapd
.config file. When this option is deselected, then WPA3
options are disabled.

Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2019-09-21 17:55:41 +02:00
Alexander Mukhin
b35ac6fac9 package/hostapd: remove support for Realtek drivers
After hostapd update to 2.9, the patch provided no longer works,
although applies. Moreover, AP support for Realtek chips is broken
anyway in kernels > 4.9.

Signed-off-by: Alexander Mukhin <alexander.i.mukhin@gmail.com>
[Thomas: add Config.in.legacy handling]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-09-07 14:36:23 +02:00
Bernd Kuhls
9aca253656 package/hostapd: security bump version to 2.9
Fixes https://w1.fi/security/2019-6/

Release notes:
http://lists.infradead.org/pipermail/hostap/2019-April/039979.html
http://lists.infradead.org/pipermail/hostap/2019-August/040373.html

This release includes all patches from https://w1.fi/security/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-28 14:33:15 +02:00
Jared Bents
9cb9e7ca42 package/hostapd: add debug information options
hostapd 2.7 added compile time options to include
redirecting the output from stdout to a file or syslog
like wpa_supplicant

Signed-off-by: Jared Bents <jared.bents@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2019-07-11 16:01:29 +02:00
Peter Korsgaard
b3adfacdb1 package/hostapd: add upstream 2019-5 security patches
Fixes the following security vulnerabilities:

EAP-pwd implementation in hostapd (EAP server) and wpa_supplicant (EAP
peer) was discovered not to validate fragmentation reassembly state
properly for a case where an unexpected fragment could be received. This
could result in process termination due to NULL pointer dereference.

For details, see the advisory:
https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-27 14:24:36 +02:00
Fabrice Fontaine
d1455b91f8 package/hostapd: fix static build with openssl and atomic
Use pkg-config to find openssl dependencies such as lz or latomic

Fix build on sparc v8 (even if there is no autobuilder failures yet)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2019-04-13 16:25:25 +02:00
Peter Korsgaard
736f344755 package/hostapd: add upstream 2019-1, 2, 3, 4 security patches
Fixes the following security vulnerabilities:

- CVE-2019-9494 (cache attack against SAE)

For details, see the advisory:
https://w1.fi/security/2019-1/sae-side-channel-attacks.txt

- CVE-2019-9495 (cache attack against EAP-pwd)

For details, see the advisory:
https://w1.fi/security/2019-2/eap-pwd-side-channel-attack.txt

- CVE-2019-9496 (SAE confirm missing state validation in hostapd/AP)

For details, see the advisory:
https://w1.fi/security/2019-3/sae-confirm-missing-state-validation.txt

- CVE-2019-9497 (EAP-pwd server not checking for reflection attack)
- CVE-2019-9498 (EAP-pwd server missing commit validation for scalar/element)
- CVE-2019-9499 (EAP-pwd peer missing commit validation for scalar/element)

For details, see the advisory:
https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt

Notice that SAE is not currently enabled in Buildroot, but the patches are
included here anyway for completeness.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-04-11 18:25:28 +02:00
Bernd Kuhls
eb7489dc79 package/hostapd: bump version to 2.7
Added license hash, removed patches included in new version.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-12-16 12:24:14 +01:00
Alexander Mukhin
47cc1600a0 hostapd: drop default dependency on netlink
Get rid of netlink dependency if the options selected allow that.

Signed-off-by: Alexander Mukhin <alexander.i.mukhin@gmail.com>
Reviewed-by: Sam Voss <sam.voss@rockwellcollins.com>
[Thomas/Arnout: use a if BR2_PACKAGE_HOSTAPD_VLAN .. endif block.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-04-02 18:32:07 +02:00
Alexander Mukhin
87a941462d hostapd: make ACS dependent on nl80211
According to hostapd's defconfig file, ACS is currently only supported
through the nl80211 driver. Search through the source code also confirms
that ACS machinery is present in the nl80211 driver only.

Although hostapd can be built with ACS enabled and nl80211 disabled, an
attempt to use ACS with other drivers by setting a wireless channel to 0
results in a runtime failure (driver doesn't accept this value). So we
might save a user from selecting a meaningless combination by making ACS
dependent on nl80211.

Signed-off-by: Alexander Mukhin <alexander.i.mukhin@gmail.com>
Reviewed-by: Sam Voss <sam.voss@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-04-02 18:30:52 +02:00
Alexander Mukhin
90d73e5f66 hostapd: select driver support
Add support for the wired driver. Add configuration options to select
which drivers to build. Select DRIVER_NONE if no other drivers enabled
(this may be the case when building hostapd as a standalone RADIUS
server).

Update makefile logic and apply wireless-specific options only if at
least one wireless driver enabled. Otherwise, an attempt to build a
wired-only or RADIUS-only hostapd will fail.

Signed-off-by: Alexander Mukhin <alexander.i.mukhin@gmail.com>
Reviewed-by: Sam Voss <sam.voss@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-04-02 18:30:41 +02:00
Alexander Mukhin
b5c97568c6 hostapd: select VLAN support
Add configuration options for hostapd to select which kind
of VLAN support to build.

Signed-off-by: Alexander Mukhin <alexander.i.mukhin@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-12-29 22:31:46 +01:00
Alexander Mukhin
9e252c9575 hostapd: keep previous patches when DRIVER_RTW set
Changed HOSTAPD_PATCH= to HOSTAPD_PATCH+= to keep previously added
patches.

Signed-off-by: Alexander Mukhin <alexander.i.mukhin@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-11-25 13:21:50 +01:00
Alexander Mukhin
5a0cfbded0 hostapd: add support for Realtek driver
Since kernel drivers for Realtek wireless chips use non-standard
interfaces, upstream hostapd does not support them. One have to apply
an external patch for hostapd to work with these chips. See:
https://github.com/pritambaral/hostapd-rtl871xdrv

A configuration option is added to enable support for Realtek chips,
and it's turned off by default.

Signed-off-by: Alexander Mukhin <alexander.i.mukhin@gmail.com>
Tested-by: Angelo Compagnucci <angelo.compagnucci@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-11-24 21:45:17 +01:00
Thomas Petazzoni
42b5fb0571 hostapd: supports only the real OpenSSL, not LibreSSL
hostapd will not build with LibreSSL without patches, so let's support
only OpenSSL.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-21 21:28:13 +02:00
Peter Korsgaard
5259c5c805 hostapd: add upstream security fixes
Fixes CVE-2017-13082

http://lists.infradead.org/pipermail/hostap/2017-October/037989.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-17 21:39:54 +02:00
Alexander Mukhin
8a2396b90a hostapd: fix upstream URL
hostapd project URL has been changed to w1.fi/hostapd.
The old domain epitest.fi has expired.

Signed-off-by: Alexander Mukhin <alexander.i.mukhin@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-10 23:34:39 +02:00
Ricardo Martincoski
4ef04c476c package: remove trailing backslash
Occurrences were searched using [1]:
check-package --include-only TrailingBackslash $(find * -type f)
and manually removed.

[1] http://patchwork.ozlabs.org/patch/729669/

Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-06 22:41:45 +02:00
Rahul Bedarkar
9f59b378a3 boot, package: use SPDX short identifier for BSD-3c
We want to use SPDX identifier for license string as much as possible.
SPDX short identifier for BSD-3c is BSD-3-Clause.

This change is done using following command.
find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/BSD-3c/BSD-3-Clause/g'

Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-01 15:26:57 +02:00
Jörg Krause
9f03a7aeec package/hostapd: bump to version 2.6
Remove all patches as they are applied to or were fetched from upstream.

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-10-13 08:03:37 +02:00
Alexey Brodkin
13f364daaf hostapd: Install default hostapd.conf on target
For convenience it's nice to have default hostapd.conf installed
on target automatically as a good starting point.

Otherwise user has to create it manually from scratch.

Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>i
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-07-07 11:48:51 +02:00
Baruch Siach
1297fc980b hostapd: add security fix
Add upstream patch fixing CVE-2016-2447: psk configuration parameter update
allowing arbitrary data to be written.

See http://w1.fi/security/2016-1/psk-parameter-config-update.txt for details.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-05-03 09:30:47 +02:00
Jörg Krause
599b3a9f59 hostapd: fix musl issues
Add two patches to fix build issues with the musl libc.

The first patch "0003-vlan-fix-musl-build-error" fixes the undefined __caddr_t
build error. __caddr_t is a legacy BSD type and should be avoided in modern
implementations.

The second patch "0004-vlan-fix-musl-libc-conflict-with-Linux-kernel-header"
fixes a typical musl libc header conflict with the Linux kernel header. We avoid
including the conflicting Linux header file by defining the needed macros
directly in the needing hostapd source file.

Fixes:
http://autobuild.buildroot.net/results/c26/c265cfada20621a631e9d118b9633df80b0e4864/
http://autobuild.buildroot.net/results/658/658c5e2fe6e3a4ad74ca47c926426e95eac0b9ec/
http://autobuild.buildroot.net/results/578/5787805b3e1487c4f85c3a367ed88e8730078b8e/
http://autobuild.buildroot.net/results/42d/42d8be008dcb07e9ec26ce10c797deb43ed86568/

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-03-09 00:01:02 +01:00
Rahul Bedarkar
52f845742f hostapd: correct legal info
hostapd is licensed under BSD-3c only and not dual licensed.

Quoting from COPYING file
 This software was previously distributed under BSD/GPL v2 dual license
 terms that allowed either of those license alternatives to be
 selected. As of February 11, 2012, the project has chosen to use only
 the BSD license option for future distribution. As such, the GPL v2
 license option is no longer used.

Reviewed-by: Abhimanyu Vishwakarma <Abhimanyu.Vishwakarma@imgtec.com>
Signed-off-by: Rahul Bedarkar <rahul.bedarkar@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-02-25 22:27:44 +01:00
Gustavo Zacarias
5919b1ef8b hostapd: make ACS optional
Make ACS (Automatic Channel Selection) support in hostapd optional.
There's a clash of standard vs. propietary solutions, hence when hostapd
has builtin ACS support (standard) and it's enabled (channel=0 in the
config) this will preclude the propietary driver from using ACS (it
won't work at all).

See:
http://e2e.ti.com/support/wireless_connectivity/f/307/p/465333/1669270

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-12-03 21:38:50 +01:00
Gustavo Zacarias
bcf98fe65b hostapd: add security patches
Fixes:
CVE-2015-5314 - hostapd: EAP-pwd missing last fragment length validation

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-11-11 15:19:18 +01:00
Baruch Siach
1639a7ebfa hostapd: bump to version 2.5
Remove upstream patches.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-09-30 00:24:43 +02:00
Baruch Siach
476c6c6e09 hostapd: apply upstream security patches
This commit adds patches for three different upstream security advisories. No
CVE numbers stated.

http://w1.fi/security/2015-2/wps-upnp-http-chunked-transfer-encoding.txt
http://w1.fi/security/2015-3/integer-underflow-in-ap-mode-wmm-action-frame.txt
http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-05-04 20:51:32 +02:00
Gustavo Zacarias
79ce08bbdc packages: remove non-IPv6 dependencies and tweaks
Now that IPv6 is mandatory remove package dependencies and conditionals
for it.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-04-22 23:06:35 +02:00
Jerzy Grzegorek
bd8c733fb4 packages: indentation cleanup
This commit doesn't touch infra packages.

Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-03-31 13:57:41 +02:00
Jörg Krause
dd505a7e51 package/hostapd: bump to version 2.4
Also:
- remove patches: merged upstream
- update hash

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-03-16 16:09:04 +01:00
Romain Naour
e787c333e4 package/hostapd: use correct include path for libnl-3.0
Add a dependancy on host-pkgconf.

Signed-off-by: Romain Naour <romain.naour@openwide.fr>
Reported-by: Jörg Krause <jkrause@posteo.de>
Cc: Jörg Krause <jkrause@posteo.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-12-20 16:11:53 +01:00
Thomas Petazzoni
665e13c85e Rename BR2_PREFER_STATIC_LIB to BR2_STATIC_LIBS
Since a while, the semantic of BR2_PREFER_STATIC_LIB has been changed
from "prefer static libraries when possible" to "use only static
libraries". The former semantic didn't make much sense, since the user
had absolutely no control/idea of which package would use static
libraries, and which packages would not. Therefore, for quite some
time, we have been starting to enforce that BR2_PREFER_STATIC_LIB
should really build everything with static libraries.

As a consequence, this patch renames BR2_PREFER_STATIC_LIB to
BR2_STATIC_LIBS, and adjust the Config.in option accordingly.

This also helps preparing the addition of other options to select
shared, shared+static or just static.

Note that we have verified that this commit can be reproduced by
simply doing a global rename of BR2_PREFER_STATIC_LIB to
BR2_STATIC_LIBS plus adding BR2_PREFER_STATIC_LIB to Config.in.legacy.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
2014-12-11 22:48:13 +01:00
Gustavo Zacarias
ee1b691e0a hostapd: add hash
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-10-14 17:27:46 +02:00
Baruch Siach
21870ba6c0 hostapd: needs MMU
hostapd calls fork() since last version bump.

Fixes:
http://autobuild.buildroot.net/results/945/94543b865db2ff5da34434fdcdf15ea7db73f392/

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-10-13 08:08:42 +02:00