security/wpa_supplicant: sync with upstream
Taken from: HardenedBSD
This commit is contained in:
Franco Fichtner
parent
2b3e050a13
commit
9eeec8ebf7
7 changed files with 42 additions and 118 deletions
|
|
@ -1,24 +1,11 @@
|
|||
# $FreeBSD$
|
||||
|
||||
PORTNAME= wpa_supplicant
|
||||
PORTVERSION= 2.6
|
||||
PORTREVISION= 3
|
||||
PORTVERSION= 2.7
|
||||
CATEGORIES= security net
|
||||
MASTER_SITES= https://w1.fi/releases/
|
||||
|
||||
PATCH_SITES= https://w1.fi/security/2017-1/:2017_1 \
|
||||
https://w1.fi/security/2018-1/:2018_1
|
||||
|
||||
PATCHFILES= rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch:2017_1 \
|
||||
rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch:2017_1 \
|
||||
rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch:2017_1 \
|
||||
rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch:2017_1 \
|
||||
rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch:2017_1 \
|
||||
rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch:2017_1 \
|
||||
rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch:2017_1 \
|
||||
rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch:2017_1 \
|
||||
rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch:2018_1
|
||||
PATCH_DIST_STRIP= -p1
|
||||
PATCH_SITES= https://w1.fi/security/2018-1/:2018_1
|
||||
|
||||
MAINTAINER= cy@FreeBSD.org
|
||||
COMMENT= Supplicant (client) for WPA/802.1x protocols
|
||||
|
|
|
|||
|
|
@ -1,21 +1,3 @@
|
|||
TIMESTAMP = 1533786430
|
||||
SHA256 (wpa_supplicant-2.6.tar.gz) = b4936d34c4e6cdd44954beba74296d964bc2c9668ecaa5255e499636fe2b1450
|
||||
SIZE (wpa_supplicant-2.6.tar.gz) = 2753524
|
||||
SHA256 (rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch) = 529113cc81256c6178f3c1cf25dd8d3f33e6d770e4a180bd31c6ab7e4917f40b
|
||||
SIZE (rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch) = 6218
|
||||
SHA256 (rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch) = d86d47ab74170f3648b45b91bce780949ca92b09ab43df065178850ec0c335d7
|
||||
SIZE (rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch) = 7883
|
||||
SHA256 (rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch) = d4535e36739a0cc7f3585e6bcba3c0bb8fc67cb3e729844e448c5dc751f47e81
|
||||
SIZE (rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch) = 6861
|
||||
SHA256 (rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch) = 793a54748161b5af430dd9de4a1988d19cb8e85ab29bc2340f886b0297cee20b
|
||||
SIZE (rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch) = 2566
|
||||
SHA256 (rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch) = 147c8abe07606905d16404fb2d2c8849796ca7c85ed8673c09bb50038bcdeb9e
|
||||
SIZE (rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch) = 1949
|
||||
SHA256 (rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch) = 596d4d3b63ea859ed7ea9791b3a21cb11b6173b04c0a14a2afa47edf1666afa6
|
||||
SIZE (rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch) = 4309
|
||||
SHA256 (rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch) = c5a17af84aec2d88c56ce0da2d6945be398fe7cab5c0c340deb30973900c2736
|
||||
SIZE (rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch) = 1649
|
||||
SHA256 (rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch) = c8840d857b9432f3b488113c85c1ff5d4a4b8d81078b7033388dae1e990843b1
|
||||
SIZE (rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch) = 2750
|
||||
SHA256 (rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch) = 960c3cf2a514479b0b4cf09665186a1a9f5d28e8b05dec23db75c6cc13eb1f7c
|
||||
SIZE (rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch) = 1999
|
||||
TIMESTAMP = 1544072988
|
||||
SHA256 (wpa_supplicant-2.7.tar.gz) = 76ea6b06b7a2ea8e6d9eb1a9166166f1656e6d48c7508914f592100c95c73074
|
||||
SIZE (wpa_supplicant-2.7.tar.gz) = 3093713
|
||||
|
|
|
|||
|
|
@ -1,14 +0,0 @@
|
|||
--- src/l2_packet/l2_packet_freebsd.c.orig 2015-03-15 17:30:39 UTC
|
||||
+++ src/l2_packet/l2_packet_freebsd.c
|
||||
@@ -8,7 +8,10 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
-#if defined(__APPLE__) || defined(__GLIBC__)
|
||||
+#if defined(__FreeBSD__) \
|
||||
+ || defined(__DragonFly__) \
|
||||
+ || defined(__APPLE__) \
|
||||
+ || defined(__GLIBC__)
|
||||
#include <net/bpf.h>
|
||||
#endif /* __APPLE__ */
|
||||
#include <pcap.h>
|
||||
25
security/wpa_supplicant/files/patch-src_common_dhcp.h
Normal file
25
security/wpa_supplicant/files/patch-src_common_dhcp.h
Normal file
|
|
@ -0,0 +1,25 @@
|
|||
--- src/common/dhcp.h.orig 2018-12-02 11:34:59.000000000 -0800
|
||||
+++ src/common/dhcp.h 2018-12-06 00:01:11.429254000 -0800
|
||||
@@ -9,6 +9,22 @@
|
||||
#ifndef DHCP_H
|
||||
#define DHCP_H
|
||||
|
||||
+/*
|
||||
+ * Translate Linux to FreeBSD
|
||||
+ */
|
||||
+#define iphdr ip
|
||||
+#define ihl ip_hl
|
||||
+#define verson ip_v
|
||||
+#define tos ip_tos
|
||||
+#define tot_len ip_len
|
||||
+#define id ip_id
|
||||
+#define frag_off ip_off
|
||||
+#define ttl ip_ttl
|
||||
+#define protocol ip_p
|
||||
+#define check ip_sum
|
||||
+#define saddr ip_src
|
||||
+#define daddr ip_dst
|
||||
+
|
||||
#include <netinet/ip.h>
|
||||
#if __FAVOR_BSD
|
||||
#include <netinet/udp.h>
|
||||
|
|
@ -1,30 +0,0 @@
|
|||
--- src/crypto/crypto_openssl.c.orig 2016-10-02 18:51:11 UTC
|
||||
+++ src/crypto/crypto_openssl.c
|
||||
@@ -33,7 +33,8 @@
|
||||
#include "aes_wrap.h"
|
||||
#include "crypto.h"
|
||||
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
|
||||
+ (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L)
|
||||
/* Compatibility wrappers for older versions. */
|
||||
|
||||
static HMAC_CTX * HMAC_CTX_new(void)
|
||||
@@ -611,7 +612,7 @@ void crypto_cipher_deinit(struct crypto_
|
||||
|
||||
void * dh5_init(struct wpabuf **priv, struct wpabuf **publ)
|
||||
{
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
DH *dh;
|
||||
struct wpabuf *pubkey = NULL, *privkey = NULL;
|
||||
size_t publen, privlen;
|
||||
@@ -712,7 +713,7 @@ err:
|
||||
|
||||
void * dh5_init_fixed(const struct wpabuf *priv, const struct wpabuf *publ)
|
||||
{
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
DH *dh;
|
||||
|
||||
dh = DH_new();
|
||||
|
|
@ -1,38 +0,0 @@
|
|||
--- src/crypto/tls_openssl.c.orig 2016-10-02 18:51:11 UTC
|
||||
+++ src/crypto/tls_openssl.c
|
||||
@@ -59,7 +59,7 @@ typedef int stack_index_t;
|
||||
#endif /* SSL_set_tlsext_status_type */
|
||||
|
||||
#if (OPENSSL_VERSION_NUMBER < 0x10100000L || \
|
||||
- defined(LIBRESSL_VERSION_NUMBER)) && \
|
||||
+ (defined(LIBRESSL_VERSION_NUMBER)) && LIBRESSL_VERSION_NUMBER < 0x20700000L) && \
|
||||
!defined(BORINGSSL_API_VERSION)
|
||||
/*
|
||||
* SSL_get_client_random() and SSL_get_server_random() were added in OpenSSL
|
||||
@@ -919,7 +919,7 @@ void * tls_init(const struct tls_config
|
||||
}
|
||||
#endif /* OPENSSL_FIPS */
|
||||
#endif /* CONFIG_FIPS */
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
SSL_load_error_strings();
|
||||
SSL_library_init();
|
||||
#ifndef OPENSSL_NO_SHA256
|
||||
@@ -1043,7 +1043,7 @@ void tls_deinit(void *ssl_ctx)
|
||||
|
||||
tls_openssl_ref_count--;
|
||||
if (tls_openssl_ref_count == 0) {
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
ENGINE_cleanup();
|
||||
#endif /* OPENSSL_NO_ENGINE */
|
||||
@@ -3976,7 +3976,7 @@ int tls_connection_set_params(void *tls_
|
||||
engine_id = "pkcs11";
|
||||
|
||||
#if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST)
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
if (params->flags & TLS_CONN_EAP_FAST) {
|
||||
wpa_printf(MSG_DEBUG,
|
||||
"OpenSSL: Use TLSv1_method() for EAP-FAST");
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
--- src/l2_packet/l2_packet_freebsd.c.orig 2018-12-02 11:34:59.000000000 -0800
|
||||
+++ src/l2_packet/l2_packet_freebsd.c 2018-12-05 23:18:27.612433000 -0800
|
||||
@@ -8,7 +8,8 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
-#if defined(__APPLE__) || defined(__GLIBC__)
|
||||
+#include <sys/param.h>
|
||||
+#if defined(__APPLE__) || defined(__GLIBC__) || defined(__FreeBSD_version)
|
||||
#include <net/bpf.h>
|
||||
#endif /* __APPLE__ */
|
||||
#include <pcap.h>
|
||||
Loading…
Add table
Reference in a new issue