d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
206b73d042
freebsd-dev/contrib
History
Cy Schubert 206b73d042 MFV r346563: 
Update wpa 2.8 --> 2.9

hostapd:
* SAE changes
  - disable use of groups using Brainpool curves
  - improved protection against side channel attacks
  [https://w1.fi/security/2019-6/]
* EAP-pwd changes
  - disable use of groups using Brainpool curves
  - improved protection against side channel attacks
  [https://w1.fi/security/2019-6/]
* fixed FT-EAP initial mobility domain association using PMKSA caching
* added configuration of airtime policy
* fixed FILS to and RSNE into (Re)Association Response frames
* fixed DPP bootstrapping URI parser of channel list
* added support for regulatory WMM limitation (for ETSI)
* added support for MACsec Key Agreement using IEEE 802.1X/PSK
* added experimental support for EAP-TEAP server (RFC 7170)
* added experimental support for EAP-TLS server with TLS v1.3
* added support for two server certificates/keys (RSA/ECC)
* added AKMSuiteSelector into "STA <addr>" control interface data to
  determine with AKM was used for an association
* added eap_sim_id parameter to allow EAP-SIM/AKA server pseudonym and
  fast reauthentication use to be disabled
* fixed an ECDH operation corner case with OpenSSL

wpa_supplicant:
* SAE changes
  - disable use of groups using Brainpool curves
  - improved protection against side channel attacks
  [https://w1.fi/security/2019-6/]
* EAP-pwd changes
  - disable use of groups using Brainpool curves
  - allow the set of groups to be configured (eap_pwd_groups)
  - improved protection against side channel attacks
  [https://w1.fi/security/2019-6/]
* fixed FT-EAP initial mobility domain association using PMKSA caching
  (disabled by default for backwards compatibility; can be enabled
  with ft_eap_pmksa_caching=1)
* fixed a regression in OpenSSL 1.1+ engine loading
* added validation of RSNE in (Re)Association Response frames
* fixed DPP bootstrapping URI parser of channel list
* extended EAP-SIM/AKA fast re-authentication to allow use with FILS
* extended ca_cert_blob to support PEM format
* improved robustness of P2P Action frame scheduling
* added support for EAP-SIM/AKA using anonymous@realm identity
* fixed Hotspot 2.0 credential selection based on roaming consortium
  to ignore credentials without a specific EAP method
* added experimental support for EAP-TEAP peer (RFC 7170)
* added experimental support for EAP-TLS peer with TLS v1.3
* fixed a regression in WMM parameter configuration for a TDLS peer
* fixed a regression in operation with drivers that offload 802.1X
  4-way handshake
* fixed an ECDH operation corner case with OpenSSL

MFC after:	1 week
Security:	https://w1.fi/security/2019-6/\
		sae-eap-pwd-side-channel-attack-update.txt
2019-08-22 18:52:30 +00:00
..
amd Fix two mismatches between function declaration and definition. 2019-07-16 16:03:08 +00:00
apr
apr-util
atf
bearssl Add libbearssl 2019-02-26 05:59:22 +00:00
binutils as: add deprecation notice to the man page 2019-08-01 19:01:27 +00:00
blacklist Fixup syslog() call that should have used logging function pointer 2019-03-18 15:45:06 +00:00
bmake Merge bmake-20181221 2018-12-23 01:05:52 +00:00
bsnmp bsnmp: add asn1 message length validation 2019-08-06 16:09:06 +00:00
byacc
bzip2 Upgrade to Bzip2 version 1.0.8. 2019-08-11 06:26:03 +00:00
capsicum-test Integrate capsicum-test into the FreeBSD test suite 2019-04-01 21:24:50 +00:00
com_err
compiler-rt Upgrade our copies of clang, llvm, lld, lldb, compiler-rt, libc++, 2019-06-12 21:10:37 +00:00
cortex-strings
dialog Update libdialog to 1.3-20180621 2018-10-20 20:49:46 +00:00
diff
dma Make dma(8) buildable. 2018-09-19 06:42:05 +00:00
dtc
ee
elftoolchain Merge r3780 from elftoolchain. 2019-08-07 16:22:25 +00:00
expat Un-break build libexpact. 2018-11-04 18:24:11 +00:00
file [PowerPC64] Add ABI flags to 'file' magic 2019-06-28 15:52:40 +00:00
flex Terminate filter_create_ext() args with NULL, not 0. 2018-08-08 22:45:30 +00:00
gcc powerpc: Transition to Secure-PLT, like most other OSs 2019-06-25 00:40:44 +00:00
gcclibs
gdb Commit forgotten change in gdb allowing to use libedit 2018-02-06 12:17:03 +00:00
gdtoa
googletest Import proof-of-concept for handling GTEST_SKIP() in Environment::SetUp 2019-04-01 18:07:48 +00:00
gperf
hyperv/tools
ipfilter Fix a typo. 2019-06-28 04:52:24 +00:00
jemalloc Pick 57553c3b1a5592dc4c03f3c6831d9b794e523865 from upstream: 2018-11-14 13:06:48 +00:00
ldns Regenerate: remove GOST, enable DANE-TA now that we have OpenSSL 1.1.1. 2018-10-11 08:14:31 +00:00
ldns-host
less MFV r349535: less v551. 2019-06-29 18:41:40 +00:00
libarchive MFV r349454: 2019-06-28 22:41:17 +00:00
libbegemot Update bsnmp to version 1.13. This does not bring user-visible changes. 2018-07-03 08:44:40 +00:00
libc-pwcache
libc-vis
libc++ Pull in r368867 from upstream libc++ trunk (by Marshall Clow): 2019-08-20 17:39:32 +00:00
libcxxrt Merge libcxxrt master f96846efbfd508f66d91fcbbef5dd808947c7f6d. 2019-07-26 16:55:06 +00:00
libdivsufsort
libevent libevent: eliminate in-tree usage of arc4random_addrandom 2018-09-25 17:41:48 +00:00
libexecinfo
libgnuregex
libpcap Re-apply r190640. 2018-05-31 09:11:21 +00:00
libstdc++
libucl
libunwind Merge llvm, clang, compiler-rt, libc++, libunwind, lld, lldb and openmp 2019-07-20 15:26:21 +00:00
libxo Fix expected output after r347207 2019-05-08 18:46:12 +00:00
llvm [PPC64] Backport fix for missing IRELATIVE relocations 2019-07-31 16:22:05 +00:00
lua MFV r337586: lua: Update to 5.3.5 2018-08-14 18:58:01 +00:00
mandoc Update mandoc to cvs snapshot 2019-07-23 2019-07-26 10:00:33 +00:00
mknod
mtree
ncurses
netbsd-tests Update pthread_cond_timedwait() test to current NetBSD 2019-08-16 13:10:08 +00:00
netcat
ngatm
ntp MFV r344878: 2019-03-07 13:36:00 +00:00
nvi vi: fix UTF-8 detection. 2018-11-26 15:33:55 +00:00
ofed Add ConnectX-6 DX HCA ID to libmlx5. 2019-05-08 11:04:09 +00:00
one-true-awk Another partial revert of r301289. 2019-06-03 05:25:22 +00:00
openbsm Create new EINTEGRITY error with message "Integrity check failed". 2019-01-17 06:35:45 +00:00
opencsd/decoder Import OpenCSD -- an ARM CoreSight(tm) Trace Decode Library. 2018-04-04 12:55:31 +00:00
openmp Upgrade our copies of clang, llvm, lld, lldb, compiler-rt, libc++, 2019-07-06 18:02:29 +00:00
openpam Upgrade to OpenPAM Tabebuia. 2019-02-25 18:41:16 +00:00
openresolv
opie Revert r328492: 2018-01-28 03:16:54 +00:00
pam_modules/pam_passwdqc
pf Fix escaping, otherwise Dx gets translated as the macro for DragonFly. 2018-08-11 00:08:59 +00:00
pjdfstest
pnpinfo
processor-trace Import Intel Processor Trace decoder library from 2018-03-19 18:59:15 +00:00
sendmail Make sendmail work with OpenSSL 1.1 API. Taken from the ports tree. 2018-10-01 20:55:01 +00:00
serf MFV r339226 (peter): Record merge of serf-1.3.9. 2018-10-08 15:16:04 +00:00
smbfs smbutil(1): Improve mdoc formatting. 2018-11-14 15:15:07 +00:00
sqlite3 MFV r350080: 2019-07-18 00:27:28 +00:00
subversion Update svn-1.9.7 to 1.10.0. 2018-05-08 04:52:52 +00:00
tcp_wrappers Remove a duplicate global (rfc931_timeout). 2019-07-17 23:43:14 +00:00
tcpdump tcpdump: disable Capsicum if -E option is provided. 2019-04-16 04:12:41 +00:00
tcsh
telnet telnet: remove 3rd clause from Berkeley copyrights 2019-08-15 13:27:57 +00:00
tnftp Switch the default pager for most commands to less 2018-08-08 19:24:20 +00:00
traceroute The variable names in the description of the port number usage is 2019-06-20 12:38:41 +00:00
tzcode Remove no longer relevant comment, as suggested by imp@. 2018-10-30 15:44:16 +00:00
tzdata Import tzdata 2019b 2019-07-02 01:12:23 +00:00
unbound Upgrade Unbound to 1.9.2. 2019-07-04 08:40:10 +00:00
unvis
vis
wpa MFV r346563: 2019-08-22 18:52:30 +00:00
xz Clamp tuklib_physmem() return value to SIZE_T_MAX. 2019-01-06 23:59:04 +00:00