From: Peter Korsgaard <peter@korsgaard.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH 1/2] wpa_supplicant: add upstream security fixes
Date: Mon, 16 Oct 2017 13:19:20 +0200 [thread overview]
Message-ID: <20171016111921.627-1-peter@korsgaard.com> (raw)
Fixes CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081,
CVE-2017-13087, CVE-2017-13088:
http://lists.infradead.org/pipermail/hostap/2017-October/037989.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/wpa_supplicant/wpa_supplicant.hash | 6 ++++++
package/wpa_supplicant/wpa_supplicant.mk | 7 +++++++
2 files changed, 13 insertions(+)
diff --git a/package/wpa_supplicant/wpa_supplicant.hash b/package/wpa_supplicant/wpa_supplicant.hash
index 22b2e8ddd8..b522661fe0 100644
--- a/package/wpa_supplicant/wpa_supplicant.hash
+++ b/package/wpa_supplicant/wpa_supplicant.hash
@@ -1,2 +1,8 @@
# Locally calculated
sha256 b4936d34c4e6cdd44954beba74296d964bc2c9668ecaa5255e499636fe2b1450 wpa_supplicant-2.6.tar.gz
+sha256 d86d47ab74170f3648b45b91bce780949ca92b09ab43df065178850ec0c335d7 rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
+sha256 d4535e36739a0cc7f3585e6bcba3c0bb8fc67cb3e729844e448c5dc751f47e81 rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
+sha256 793a54748161b5af430dd9de4a1988d19cb8e85ab29bc2340f886b0297cee20b rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch
+sha256 596d4d3b63ea859ed7ea9791b3a21cb11b6173b04c0a14a2afa47edf1666afa6 rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch
+sha256 c5a17af84aec2d88c56ce0da2d6945be398fe7cab5c0c340deb30973900c2736 rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
+sha256 c8840d857b9432f3b488113c85c1ff5d4a4b8d81078b7033388dae1e990843b1 rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
diff --git a/package/wpa_supplicant/wpa_supplicant.mk b/package/wpa_supplicant/wpa_supplicant.mk
index 2e8b82cebe..67b502d6ef 100644
--- a/package/wpa_supplicant/wpa_supplicant.mk
+++ b/package/wpa_supplicant/wpa_supplicant.mk
@@ -6,6 +6,13 @@
WPA_SUPPLICANT_VERSION = 2.6
WPA_SUPPLICANT_SITE = http://hostap.epitest.fi/releases
+WPA_SUPPLICANT_PATCH = \
+ http://w1.fi/security/2017-1/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch \
+ http://w1.fi/security/2017-1/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch \
+ http://w1.fi/security/2017-1/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch \
+ http://w1.fi/security/2017-1/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch \
+ http://w1.fi/security/2017-1/rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch \
+ http://w1.fi/security/2017-1/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
WPA_SUPPLICANT_LICENSE = BSD-3-Clause
WPA_SUPPLICANT_LICENSE_FILES = README
WPA_SUPPLICANT_CONFIG = $(WPA_SUPPLICANT_DIR)/wpa_supplicant/.config
--
2.11.0
next reply other threads:[~2017-10-16 11:19 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-16 11:19 Peter Korsgaard [this message]
2017-10-16 11:19 ` [Buildroot] [PATCH 2/2] hostapd: add upstream security fixes Peter Korsgaard
2017-10-17 19:40 ` Peter Korsgaard
2017-10-19 15:05 ` Peter Korsgaard
2017-10-17 7:23 ` [Buildroot] [PATCH 1/2] wpa_supplicant: " Jörg Krause
2017-10-17 8:18 ` Peter Korsgaard
2017-10-17 8:26 ` Jörg Krause
2017-10-17 19:40 ` Peter Korsgaard
2017-10-19 15:05 ` Peter Korsgaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171016111921.627-1-peter@korsgaard.com \
--to=peter@korsgaard.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox