openwrt/package/network/services/hostapd/patches
Hauke Mehrtens b463a13881 hostapd: fix multiple security problems
This fixes the following security problems:
* CVE-2019-9494:  cache attack against SAE
* CVE-2019-9495:  cache attack against EAP-pwd
* CVE-2019-9496:  SAE confirm missing state validation in hostapd/AP
* CVE-2019-9497:  EAP-pwd server not checking for reflection attack)
* CVE-2019-9498:  EAP-pwd server missing commit validation for scalar/element
* CVE-2019-9499:  EAP-pwd peer missing commit validation for scalar/element
* CVE-2019-11555: EAP-pwd message reassembly issue with unexpected fragment

Most of these problems are not relevant for normal users, SAE is only
used in ieee80211s mesh mode and EAP-pwd is normally not activated.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-06-21 10:29:23 +02:00
..
000-0001-Reduce-undesired-logging-of-ACL-rejection.patch hostapd: fix MAC filter related log spam 2018-12-18 17:22:04 +01:00
000-0002-Drop-logging-priority-for-handle_auth_cb.patch hostapd: fix MAC filter related log spam 2018-12-18 17:22:04 +01:00
001-mesh-factor-out-mesh-join-function.patch hostapd: update packaging and patches 2018-12-18 09:05:58 +01:00
002-mesh-factor-out-rsn-initialization.patch hostapd: update packaging and patches 2018-12-18 09:05:58 +01:00
003-mesh-relocate-RSN-init-function.patch hostapd: update packaging and patches 2018-12-18 09:05:58 +01:00
004-mesh-use-setup-completion-callback-to-complete-mesh-.patch hostapd: update packaging and patches 2018-12-18 09:05:58 +01:00
005-mesh-reflect-country-setting-to-mesh-configuration.patch hostapd: update packaging and patches 2018-12-18 09:05:58 +01:00
006-mesh-inform-kernel-driver-DFS-handler-in-userspace.patch hostapd: update packaging and patches 2018-12-18 09:05:58 +01:00
007-mesh-apply-channel-attributes-before-running-Mesh.patch hostapd: update packaging and patches 2018-12-18 09:05:58 +01:00
008-mesh-set-interface-type-to-mesh-before-setting-inter.patch hostapd: update packaging and patches 2018-12-18 09:05:58 +01:00
009-mesh-set-mesh-center-frequency.patch hostapd: update packaging and patches 2018-12-18 09:05:58 +01:00
010-mesh-consider-mesh-interface-on-dfs-event-handler.patch hostapd: update packaging and patches 2018-12-18 09:05:58 +01:00
011-mesh-Allow-DFS-channels-to-be-selected-if-dfs-is-ena.patch hostapd: update packaging and patches 2018-12-18 09:05:58 +01:00
012-mesh-allow-mesh-to-send-channel-switch-request.patch hostapd: update packaging and patches 2018-12-18 09:05:58 +01:00
013-mesh-do-not-allow-pri-sec-channel-switch.patch hostapd: update packaging and patches 2018-12-18 09:05:58 +01:00
014-mesh-do-not-allow-scan-result-to-swap-pri-sec.patch hostapd: update packaging and patches 2018-12-18 09:05:58 +01:00
015-mesh-do-not-use-offchan-mgmt-tx-on-DFS.patch hostapd: update packaging and patches 2018-12-18 09:05:58 +01:00
016-mesh-fix-channel-switch-error-during-CAC.patch hostapd: update packaging and patches 2018-12-18 09:05:58 +01:00
017-mesh-use-right-interface-context-to-send-DFS-event-m.patch hostapd: update packaging and patches 2018-12-18 09:05:58 +01:00
018-mesh-make-forwarding-configurable.patch hostapd: update packaging and patches 2018-12-18 09:05:58 +01:00
022-mesh-fix-crash-with-CONFIG_TAXONOMY-enabled.patch hostapd: update packaging and patches 2018-12-18 09:05:58 +01:00
031-mesh-add-VHT_CHANWIDTH_USE_HT-to-max_oper_chwidth.patch hostapd: update packaging and patches 2018-12-18 09:05:58 +01:00
032-mesh-implement-use-of-VHT20-config-in-mesh-mode.patch hostapd: update packaging and patches 2018-12-18 09:05:58 +01:00
033-mesh-fix-parsing-of-max_oper_chwidth.patch hostapd: update to git HEAD of 2018-05-21, allow build against wolfssl 2018-12-18 08:13:22 +01:00
060-0001-EAP-pwd-Move-EC-group-initialization-to-earlier-step.patch hostapd: fix multiple security problems 2019-06-21 10:29:23 +02:00
060-0002-EAP-pwd-Mask-timing-of-PWE-derivation.patch hostapd: fix multiple security problems 2019-06-21 10:29:23 +02:00
061-0001-OpenSSL-Use-constant-time-operations-for-private-big.patch hostapd: fix multiple security problems 2019-06-21 10:29:23 +02:00
061-0002-Add-helper-functions-for-constant-time-operations.patch hostapd: fix multiple security problems 2019-06-21 10:29:23 +02:00
061-0003-OpenSSL-Use-constant-time-selection-for-crypto_bignu.patch hostapd: fix multiple security problems 2019-06-21 10:29:23 +02:00
061-0005-SAE-Minimize-timing-differences-in-PWE-derivation.patch hostapd: fix multiple security problems 2019-06-21 10:29:23 +02:00
061-0006-SAE-Avoid-branches-in-is_quadratic_residue_blind.patch hostapd: fix multiple security problems 2019-06-21 10:29:23 +02:00
061-0007-SAE-Mask-timing-of-MODP-groups-22-23-24.patch hostapd: fix multiple security problems 2019-06-21 10:29:23 +02:00
061-0008-SAE-Use-const_time-selection-for-PWE-in-FFC.patch hostapd: fix multiple security problems 2019-06-21 10:29:23 +02:00
061-0009-SAE-Use-constant-time-operations-in-sae_test_pwd_see.patch hostapd: fix multiple security problems 2019-06-21 10:29:23 +02:00
062-0004-EAP-pwd-Use-constant-time-and-memory-access-for-find.patch hostapd: fix multiple security problems 2019-06-21 10:29:23 +02:00
063-0010-SAE-Fix-confirm-message-validation-in-error-cases.patch hostapd: fix multiple security problems 2019-06-21 10:29:23 +02:00
064-0011-EAP-pwd-server-Verify-received-scalar-and-element.patch hostapd: fix multiple security problems 2019-06-21 10:29:23 +02:00
064-0012-EAP-pwd-server-Detect-reflection-attacks.patch hostapd: fix multiple security problems 2019-06-21 10:29:23 +02:00
064-0013-EAP-pwd-client-Verify-received-scalar-and-element.patch hostapd: fix multiple security problems 2019-06-21 10:29:23 +02:00
064-0014-EAP-pwd-Check-element-x-y-coordinates-explicitly.patch hostapd: fix multiple security problems 2019-06-21 10:29:23 +02:00
065-0001-EAP-pwd-server-Fix-reassembly-buffer-handling.patch hostapd: fix multiple security problems 2019-06-21 10:29:23 +02:00
065-0003-EAP-pwd-peer-Fix-reassembly-buffer-handling.patch hostapd: fix multiple security problems 2019-06-21 10:29:23 +02:00
100-daemonize_fix.patch hostapd: update to version 2017-08-24 2017-10-07 05:46:04 +03:00
110-no_eapol_fix.patch hostapd: update packaging and patches 2018-12-18 09:05:58 +01:00
120-disable_bridge_packet_workaround.patch hostapd: update to git snapshot of 2018-04-09 2018-04-13 03:27:01 +02:00
200-multicall.patch hostapd: update packaging and patches 2018-12-18 09:05:58 +01:00
300-noscan.patch hostapd: update to git HEAD of 2018-05-21, allow build against wolfssl 2018-12-18 08:13:22 +01:00
301-mesh-noscan.patch hostapd: update packaging and patches 2018-12-18 09:05:58 +01:00
310-rescan_immediately.patch hostapd: update packaging and patches 2018-12-18 09:05:58 +01:00
320-optional_rfkill.patch hostapd: update to version 2016-12-15 2016-12-20 16:24:21 +01:00
330-nl80211_fix_set_freq.patch hostapd: update to git snapshot of 2018-04-09 2018-04-13 03:27:01 +02:00
340-reload_freq_change.patch hostapd: update to git HEAD of 2018-05-21, allow build against wolfssl 2018-12-18 08:13:22 +01:00
350-nl80211_del_beacon_bss.patch hostapd: update packaging and patches 2018-12-18 09:05:58 +01:00
360-ctrl_iface_reload.patch hostapd: update to git HEAD of 2018-05-21, allow build against wolfssl 2018-12-18 08:13:22 +01:00
370-ap_sta_support.patch hostapd: update packaging and patches 2018-12-18 09:05:58 +01:00
380-disable_ctrl_iface_mib.patch hostapd: update to git HEAD of 2018-05-21, allow build against wolfssl 2018-12-18 08:13:22 +01:00
381-hostapd_cli_UNKNOWN-COMMAND.patch hostapd: make cli treat UNKNOWN COMMAND as failing 2018-12-18 09:43:58 +01:00
390-wpa_ie_cap_workaround.patch hostapd: update to git snapshot of 2018-04-09 2018-04-13 03:27:01 +02:00
400-wps_single_auth_enc_type.patch hostapd: update to git snapshot of 2018-03-26 2018-03-27 19:25:32 +02:00
410-limit_debug_messages.patch hostapd: backport support for sending debug messages to the syslog 2017-01-30 06:52:02 +01:00
420-indicate-features.patch hostapd: update to git snapshot of 2018-03-26 2018-03-27 19:25:32 +02:00
430-hostapd_cli_ifdef.patch hostapd: add support for client taxonomy in the full config 2018-12-18 17:22:04 +01:00
431-wpa_cli_ifdef.patch hostapd: update to version 2016-09-05 2016-09-08 15:28:38 +02:00
432-missing-typedef.patch hostapd: fix compilation error in wext backend 2016-06-15 19:10:32 +02:00
450-scan_wait.patch hostapd: update to git snapshot of 2018-03-26 2018-03-27 19:25:32 +02:00
460-wpa_supplicant-add-new-config-params-to-be-used-with.patch hostapd: update packaging and patches 2018-12-18 09:05:58 +01:00
461-driver_nl80211-use-new-parameters-during-ibss-join.patch hostapd: update to git snapshot of 2018-04-09 2018-04-13 03:27:01 +02:00
463-add-mcast_rate-to-11s.patch hostapd: update packaging and patches 2018-12-18 09:05:58 +01:00
464-fix-mesh-obss-check.patch hostapd: update packaging and patches 2018-12-18 09:05:58 +01:00
470-survey_data_fallback.patch hostapd: update to version 2017-08-24 2017-10-07 05:46:04 +03:00
600-ubus_support.patch hostapd: fix MAC filter related log spam 2018-12-18 17:22:04 +01:00
700-fix-openssl11.patch hostapd: Fix compile with OpenSSL 1.1.0 + no deprecated APIs 2018-12-18 11:28:13 +01:00
0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch hostapd: update to git HEAD of 2018-05-21, allow build against wolfssl 2018-12-18 08:13:22 +01:00