subject:"\[arch\-commits\] Commit in hostapd\/trunk \(9 files\)"

[arch-commits] Commit in hostapd/trunk (9 files)

2018-12-05 Thread Sergej Pupykin via arch-commits

Date: Wednesday, December 5, 2018 @ 09:35:50
  Author: spupykin
Revision: 411318

upgpkg: hostapd 2.7-1

Modified:
  hostapd/trunk/PKGBUILD
  hostapd/trunk/hostapd-2.3-noscan.patch
Deleted:
  hostapd/trunk/0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
  hostapd/trunk/0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
  hostapd/trunk/0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
  hostapd/trunk/0004-Prevent-installation-of-an-all-zero-TK.patch
  hostapd/trunk/0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
  hostapd/trunk/0006-TDLS-Reject-TPK-TK-reconfiguration.patch
  hostapd/trunk/0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch

-+
 0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch |  174 --
 0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch |  250 
--
 0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch |  184 ---
 0004-Prevent-installation-of-an-all-zero-TK.patch   |   79 ---
 0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch|   64 --
 0006-TDLS-Reject-TPK-TK-reconfiguration.patch   |  132 -
 0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch |   82 ---
 PKGBUILD|   26 -
 hostapd-2.3-noscan.patch|   10 
 9 files changed, 11 insertions(+), 990 deletions(-)

Deleted: 0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
===
--- 0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch 2018-12-05 
09:27:49 UTC (rev 411317)
+++ 0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch 2018-12-05 
09:35:50 UTC (rev 411318)
@@ -1,174 +0,0 @@
-From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001
-From: Mathy Vanhoef 
-Date: Fri, 14 Jul 2017 15:15:35 +0200
-Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake
-
-Do not reinstall TK to the driver during Reassociation Response frame
-processing if the first attempt of setting the TK succeeded. This avoids
-issues related to clearing the TX/RX PN that could result in reusing
-same PN values for transmitted frames (e.g., due to CCM nonce reuse and
-also hitting replay protection on the receiver) and accepting replayed
-frames on RX side.
-
-This issue was introduced by the commit
-0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in
-authenticator') which allowed wpa_ft_install_ptk() to be called multiple
-times with the same PTK. While the second configuration attempt is
-needed with some drivers, it must be done only if the first attempt
-failed.
-
-Signed-off-by: Mathy Vanhoef 

- src/ap/ieee802_11.c  | 16 +---
- src/ap/wpa_auth.c| 11 +++
- src/ap/wpa_auth.h|  3 ++-
- src/ap/wpa_auth_ft.c | 10 ++
- src/ap/wpa_auth_i.h  |  1 +
- 5 files changed, 37 insertions(+), 4 deletions(-)
-
-diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
-index 4e04169..333035f 100644
 a/src/ap/ieee802_11.c
-+++ b/src/ap/ieee802_11.c
-@@ -1841,6 +1841,7 @@ static int add_associated_sta(struct hostapd_data *hapd,
- {
-   struct ieee80211_ht_capabilities ht_cap;
-   struct ieee80211_vht_capabilities vht_cap;
-+  int set = 1;
- 
-   /*
-* Remove the STA entry to ensure the STA PS state gets cleared and
-@@ -1848,9 +1849,18 @@ static int add_associated_sta(struct hostapd_data *hapd,
-* FT-over-the-DS, where a station re-associates back to the same AP but
-* skips the authentication flow, or if working with a driver that
-* does not support full AP client state.
-+   *
-+   * Skip this if the STA has already completed FT reassociation and the
-+   * TK has been configured since the TX/RX PN must not be reset to 0 for
-+   * the same key.
-*/
--  if (!sta->added_unassoc)
-+  if (!sta->added_unassoc &&
-+  (!(sta->flags & WLAN_STA_AUTHORIZED) ||
-+   !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) {
-   hostapd_drv_sta_remove(hapd, sta->addr);
-+  wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED);
-+  set = 0;
-+  }
- 
- #ifdef CONFIG_IEEE80211N
-   if (sta->flags & WLAN_STA_HT)
-@@ -1873,11 +1883,11 @@ static int add_associated_sta(struct hostapd_data 
*hapd,
-   sta->flags & WLAN_STA_VHT ? _cap : NULL,
-   sta->flags | WLAN_STA_ASSOC, sta->qosinfo,
-   sta->vht_opmode, sta->p2p_ie ? 1 : 0,
--  sta->added_unassoc)) {
-+  set)) {
-   hostapd_logger(hapd, sta->addr,
-  HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE,
-  "Could not %s STA to kernel driver",
--

[arch-commits] Commit in hostapd/trunk (9 files)

2017-10-16 Thread Levente Polyak

Date: Monday, October 16, 2017 @ 11:20:17
  Author: anthraxx
Revision: 263056

upgpkg: hostapd 2.6-6 (security update)

https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt

Added:
  hostapd/trunk/0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
  hostapd/trunk/0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
  hostapd/trunk/0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
  hostapd/trunk/0004-Prevent-installation-of-an-all-zero-TK.patch
  hostapd/trunk/0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
  hostapd/trunk/0006-TDLS-Reject-TPK-TK-reconfiguration.patch
  hostapd/trunk/0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
Modified:
  hostapd/trunk/PKGBUILD
Deleted:
  hostapd/trunk/hostapd.install

-+
 0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch |  174 ++
 0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch |  250 
++
 0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch |  184 +++
 0004-Prevent-installation-of-an-all-zero-TK.patch   |   79 +++
 0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch|   64 ++
 0006-TDLS-Reject-TPK-TK-reconfiguration.patch   |  132 +
 0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch |   82 +++
 PKGBUILD|   43 +
 hostapd.install |3 
 9 files changed, 996 insertions(+), 15 deletions(-)

Added: 0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
===
--- 0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch 
(rev 0)
+++ 0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch 2017-10-16 
11:20:17 UTC (rev 263056)
@@ -0,0 +1,174 @@
+From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001
+From: Mathy Vanhoef 
+Date: Fri, 14 Jul 2017 15:15:35 +0200
+Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake
+
+Do not reinstall TK to the driver during Reassociation Response frame
+processing if the first attempt of setting the TK succeeded. This avoids
+issues related to clearing the TX/RX PN that could result in reusing
+same PN values for transmitted frames (e.g., due to CCM nonce reuse and
+also hitting replay protection on the receiver) and accepting replayed
+frames on RX side.
+
+This issue was introduced by the commit
+0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in
+authenticator') which allowed wpa_ft_install_ptk() to be called multiple
+times with the same PTK. While the second configuration attempt is
+needed with some drivers, it must be done only if the first attempt
+failed.
+
+Signed-off-by: Mathy Vanhoef 
+---
+ src/ap/ieee802_11.c  | 16 +---
+ src/ap/wpa_auth.c| 11 +++
+ src/ap/wpa_auth.h|  3 ++-
+ src/ap/wpa_auth_ft.c | 10 ++
+ src/ap/wpa_auth_i.h  |  1 +
+ 5 files changed, 37 insertions(+), 4 deletions(-)
+
+diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
+index 4e04169..333035f 100644
+--- a/src/ap/ieee802_11.c
 b/src/ap/ieee802_11.c
+@@ -1841,6 +1841,7 @@ static int add_associated_sta(struct hostapd_data *hapd,
+ {
+   struct ieee80211_ht_capabilities ht_cap;
+   struct ieee80211_vht_capabilities vht_cap;
++  int set = 1;
+ 
+   /*
+* Remove the STA entry to ensure the STA PS state gets cleared and
+@@ -1848,9 +1849,18 @@ static int add_associated_sta(struct hostapd_data *hapd,
+* FT-over-the-DS, where a station re-associates back to the same AP but
+* skips the authentication flow, or if working with a driver that
+* does not support full AP client state.
++   *
++   * Skip this if the STA has already completed FT reassociation and the
++   * TK has been configured since the TX/RX PN must not be reset to 0 for
++   * the same key.
+*/
+-  if (!sta->added_unassoc)
++  if (!sta->added_unassoc &&
++  (!(sta->flags & WLAN_STA_AUTHORIZED) ||
++   !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) {
+   hostapd_drv_sta_remove(hapd, sta->addr);
++  wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED);
++  set = 0;
++  }
+ 
+ #ifdef CONFIG_IEEE80211N
+   if (sta->flags & WLAN_STA_HT)
+@@ -1873,11 +1883,11 @@ static int add_associated_sta(struct hostapd_data 
*hapd,
+   sta->flags & WLAN_STA_VHT ? _cap : NULL,
+   sta->flags | WLAN_STA_ASSOC, sta->qosinfo,
+   sta->vht_opmode, sta->p2p_ie ? 1 : 0,
+-  sta->added_unassoc)) {
++  set)) {
+   hostapd_logger(hapd, sta->addr,
+

[arch-commits] Commit in hostapd/trunk (9 files)

[arch-commits] Commit in hostapd/trunk (9 files)

2 matches

Site Navigation

Mail list logo

Footer information