Commit Graph

223028 Commits

Author SHA1 Message Date
sternenseemann b5f9eb06b5
ocamlPackages.mirage-time(-unix): init at 2.0.1 2020-04-25 14:50:57 +02:00
Martin Weinelt 3e9f3a3ebd
hostapd: apply patch for CVE-2019-16275
AP mode PMF disconnection protection bypass

Published: September 11, 2019
Identifiers:
- CVE-2019-16275
Latest version available from: https://w1.fi/security/2019-7/

Vulnerability

hostapd (and wpa_supplicant when controlling AP mode) did not perform
sufficient source address validation for some received Management frames
and this could result in ending up sending a frame that caused
associated stations to incorrectly believe they were disconnected from
the network even if management frame protection (also known as PMF) was
negotiated for the association. This could be considered to be a denial
of service vulnerability since PMF is supposed to protect from this type
of issues. It should be noted that if PMF is not enabled, there would be
no protocol level protection against this type of denial service
attacks.

An attacker in radio range of the access point could inject a specially
constructed unauthenticated IEEE 802.11 frame to the access point to
cause associated stations to be disconnected and require a reconnection
to the network.

Vulnerable versions/configurations

All hostapd and wpa_supplicants versions with PMF support
(CONFIG_IEEE80211W=y) and a runtime configuration enabled AP mode with
PMF being enabled (optional or required). In addition, this would be
applicable only when using user space based MLME/SME in AP mode, i.e.,
when hostapd (or wpa_supplicant when controlling AP mode) would process
authentication and association management frames. This condition would
be applicable mainly with drivers that use mac80211.

Possible mitigation steps

- Merge the following commit to wpa_supplicant/hostapd and rebuild:

  AP: Silently ignore management frame from unexpected source address

  This patch is available from https://w1.fi/security/2019-7/

- Update to wpa_supplicant/hostapd v2.10 or newer, once available
2020-04-25 14:35:20 +02:00
markuskowa bc675971da
Merge pull request #85279 from r-ryantm/auto-update/pwsafe
pwsafe: 1.09.0 -> 3.52.0
2020-04-25 14:26:11 +02:00
Jörg Thalheim 21ec1f5ead
wireguard: 1.0.20200401 -> 1.0.20200413 2020-04-25 11:16:10 +01:00
Jörg Thalheim 77dc7ef908
wireguard-tools: reference tests 2020-04-25 11:16:10 +01:00
Maximilian Bosch 61c95a2eec
iwd: 1.6 -> 1.7 2020-04-25 12:13:01 +02:00
Maximilian Bosch 74fcd4f2d6
ell: 0.30 -> 0.31 2020-04-25 12:12:54 +02:00
Maximilian Bosch a194de9a9d
diffoscope: 138 -> 142 2020-04-25 12:07:38 +02:00
Maximilian Bosch aefb4d3dc9
dmenu-wayland: 2020-02-28 -> 2020-04-03 2020-04-25 12:07:38 +02:00
Piotr Bogdan 3acee22791
tartube: init at 2.0.016 2020-04-25 11:40:57 +02:00
Mario Rodas ccfdcf16f4
bat: 0.14.0 -> 0.15.0
Changelog: https://github.com/sharkdp/bat/releases/tag/v0.15.0
2020-04-25 04:20:00 -05:00
Mario Rodas 69bb53604e
cloud-nuke: 0.1.7 -> 0.1.18 2020-04-25 04:20:00 -05:00
Mario Rodas b9c221ccd8
awsweeper: 0.6.0 -> 0.7.0 2020-04-25 04:20:00 -05:00
Bruno Bigras 6478e659da httplz: 1.8.0 -> 1.9.2 2020-04-25 04:10:37 -04:00
lewo fcf547d0e2
Merge pull request #85813 from johnae/fix-k3s-systemd-units
The systemd unit for k3s should differ between agents and servers
2020-04-25 09:45:49 +02:00
sternenseemann 79e6d13a4a ocamlPackages.cow: 2.2.0 -> 2.4.0 2020-04-25 09:45:22 +02:00
Rouven Czerwinski bc8e1f3ad5 pipewire: patch for SIGILL in fmt-ops
Hydra run tests are failing with SIGILL, see [1] , import the upstream
patch to fix the issue. Presumably not all hydra runners have the same
instruction extensions, this should fix the tests on those without AVX2.

[1]: https://hydra.nixos.org/build/117012754
2020-04-25 08:28:50 +02:00
Frederik Rietdijk 93a9ac696b playonlinux: fix build 2020-04-25 08:00:03 +02:00
Frederik Rietdijk 6f873e98f4 Python integration tests: disable for older python 3 versions
because the package that is used as part of the test does not support
older versions.
2020-04-25 07:59:37 +02:00
Frederik Rietdijk 71171b3225 Python tests: test venv from a nix env with Python 3.8
This test was disabled because it did not function yet, however,
apparently it does with 3.8.
2020-04-25 07:59:37 +02:00
Ryan Mulligan e7460e9412
Merge pull request #84309 from r-ryantm/auto-update/micronaut
micronaut: 1.3.2 -> 1.3.4
2020-04-24 21:42:42 -07:00
Konrad Borowski df81d9a41c clementineUnfree: update homepage link to use HTTPS 2020-04-24 19:44:59 -07:00
Konrad Borowski 1e802d70af clementine: update homepage link to use HTTPS 2020-04-24 19:44:59 -07:00
Konrad Borowski f527f9db3a snakemake: update homepage link to use HTTPS 2020-04-24 19:44:59 -07:00
Konrad Borowski 5054133224 serviio: update homepage link to use HTTPS 2020-04-24 19:44:59 -07:00
Konrad Borowski 1659c302dd scribusUnstable: update homepage link to use HTTPS 2020-04-24 19:44:59 -07:00
Konrad Borowski 6d8e791b28 rtptools: update homepage link to use HTTPS 2020-04-24 19:44:59 -07:00
Konrad Borowski 7a29abc75c restya-board: update homepage link to use HTTPS 2020-04-24 19:44:59 -07:00
Konrad Borowski 40dd2c27c6 rink: update homepage link to use HTTPS 2020-04-24 19:44:59 -07:00
Konrad Borowski 56a7c4f056 remarkjs: update homepage link to use HTTPS 2020-04-24 19:44:59 -07:00
Konrad Borowski f284354712 rambox: update homepage link to use HTTPS 2020-04-24 19:44:59 -07:00
Konrad Borowski 77ab79cb4b pythonPackages.untangle: update homepage link to use HTTPS 2020-04-24 19:44:59 -07:00
Konrad Borowski 41268500ae pythonPackages.subdownloader: update homepage link to use HTTPS 2020-04-24 19:44:59 -07:00
Konrad Borowski 2f49365ab9 pythonPackages.scikitlearn: update homepage link to use HTTPS 2020-04-24 19:44:59 -07:00
Konrad Borowski ed1136b879 pythonPackages.geopandas: update homepage link to use HTTPS 2020-04-24 19:44:59 -07:00
Konrad Borowski a55b6f1d06 pythonPackages.evernote: update homepage link to use HTTPS 2020-04-24 19:44:59 -07:00
Konrad Borowski e538248f69 pythonPackages.certifi: update homepage link to use HTTPS 2020-04-24 19:44:59 -07:00
Konrad Borowski 79a11bd310 pcg-c: update homepage link to use HTTPS 2020-04-24 19:44:59 -07:00
Konrad Borowski cedcfede5e p0f: update homepage link to use HTTPS 2020-04-24 19:44:59 -07:00
Konrad Borowski 5fac10ccb1 lv2: update homepage link to use HTTPS 2020-04-24 19:44:59 -07:00
Konrad Borowski 308636a84c lirc: update homepage link to use HTTPS 2020-04-24 19:44:59 -07:00
Konrad Borowski 25180cd2d5 pgf: update homepage link to use HTTPS 2020-04-24 19:44:59 -07:00
Konrad Borowski 47dc4104d4 libpgf: update homepage link to use HTTPS 2020-04-24 19:44:59 -07:00
Konrad Borowski cfa5b41053 elm-instrument: update homepage link to use HTTPS 2020-04-24 19:44:59 -07:00
Konrad Borowski 16b7e0c909 darling-dmg: update homepage link to use HTTPS 2020-04-24 19:44:59 -07:00
Konrad Borowski 4f62d1f0b0 ciopfs: update homepage link to use HTTPS 2020-04-24 19:44:59 -07:00
Konrad Borowski 8998be8efb AgdaStdlib: update homepage link to use HTTPS 2020-04-24 19:44:59 -07:00
Konrad Borowski 02af438989 libdislocator: update homepage link to use HTTPS 2020-04-24 19:44:59 -07:00
Konrad Borowski 58d59e58d2 afl: update homepage link to use HTTPS 2020-04-24 19:44:59 -07:00
Lily Ballard 19b77d4ad1 jazzy: 0.13.1 -> 0.13.3 2020-04-24 19:40:00 -07:00