wpa_supplicant: fix WPA2 key replay security bug

WPA2 is vulnerable to replay attacks which result in unauthenticated users having access to the network. * CVE-2017-13077: reinstallation of the pairwise key in the Four-way handshake * CVE-2017-13078: reinstallation of the group key in the Four-way handshake * CVE-2017-13079: reinstallation of the integrity group key in the Four-way handshake * CVE-2017-13080: reinstallation of the group key in the Group Key handshake * CVE-2017-13081: reinstallation of the integrity group key in the Group Key handshake * CVE-2017-13082: accepting a retransmitted Fast BSS Transition Reassociation Request and reinstalling the pairwise key while processing it * CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake * CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame * CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame Backport patches from upstream to resolve these CVEs. (From OE-Core rev: 1c46e201ef486395ec047f29af272f8c3dfd9611) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Ross Burton <ross.burton@intel.com> 2017-10-16 17:03:04 +0100
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2017-10-16 23:46:38 +0100
commit: de57fd8d9bd889d25c5fd79e7c2ec3a894062a93 (patch)
tree: 1e5e3228354ccce7ad9021ca32b244733e4264b8 /meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb
parent: 96967261993f8b583b51cdeccbb1fd06042d2192 (diff)
download: poky-de57fd8d9bd889d25c5fd79e7c2ec3a894062a93.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb
index 5215b002a4..d6d4206a58 100644
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb
@@ -24,6 +24,7 @@ SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz  \
           file://wpa_supplicant.conf \
           file://wpa_supplicant.conf-sane \
           file://99_wpa_supplicant \
+           file://key-replay-cve-multiple.patch \
          "
 SRC_URI[md5sum] = "091569eb4440b7d7f2b4276dbfc03c3c"
 SRC_URI[sha256sum] = "b4936d34c4e6cdd44954beba74296d964bc2c9668ecaa5255e499636fe2b1450"
author	Ross Burton <ross.burton@intel.com>	2017-10-16 17:03:04 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2017-10-16 23:46:38 +0100
commit	de57fd8d9bd889d25c5fd79e7c2ec3a894062a93 (patch)
tree	1e5e3228354ccce7ad9021ca32b244733e4264b8 /meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb
parent	96967261993f8b583b51cdeccbb1fd06042d2192 (diff)
download	poky-de57fd8d9bd889d25c5fd79e7c2ec3a894062a93.tar.gz

diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb index 5215b002a4..d6d4206a58 100644 --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb +++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb
@@ -24,6 +24,7 @@ SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz \
24	file://wpa_supplicant.conf \	24	file://wpa_supplicant.conf \
25	file://wpa_supplicant.conf-sane \	25	file://wpa_supplicant.conf-sane \
26	file://99_wpa_supplicant \	26	file://99_wpa_supplicant \
		27	file://key-replay-cve-multiple.patch \
27	"	28	"
28	SRC_URI[md5sum] = "091569eb4440b7d7f2b4276dbfc03c3c"	29	SRC_URI[md5sum] = "091569eb4440b7d7f2b4276dbfc03c3c"
29	SRC_URI[sha256sum] = "b4936d34c4e6cdd44954beba74296d964bc2c9668ecaa5255e499636fe2b1450"	30	SRC_URI[sha256sum] = "b4936d34c4e6cdd44954beba74296d964bc2c9668ecaa5255e499636fe2b1450"