337832 |
15-Aug-2018 |
delphij |
Fix unauthenticated EAPOL-Key decryption vulnerability. [SA-18:11.hostapd]
Approved by: so |
324739 |
19-Oct-2017 |
gordon |
Update wpa_supplicant/hostapd for 2017-01 vulnerability release.
Note this is a different patchset than what was applied to head and stable/11 due to the much older version of wpa_supplicant/hostapd in stable/10.
hostapd: Avoid key reinstallation in FT handshake Prevent reinstallation of an already in-use group key Extend protection of GTK/IGTK reinstallation of WNM-Sleep Mode cases Fix TK configuration to the driver in EAPOL-Key 3/4 retry case Prevent installation of an all-zero TK Fix PTK rekeying to generate a new ANonce TDLS: Reject TPK-TK reconfiguration WNM: Ignore Key Data in WNM Sleep Mode Response frame if no PMF in use WNM: Ignore WNM-Sleep Mode Response if WNM-Sleep Mode has not been used WNM: Ignore WNM-Sleep Mode Response without pending request FT: Do not allow multiple Reassociation Response frames TDLS: Ignore incoming TDLS Setup Response retries
Submitted by: jhb Obtained from: https://w1.fi/security/2017-01/ (against later version) Security: FreeBSD-SA-17:07 Security: CERT VU#228519 Security: CVE-2017-13077 Security: CVE-2017-13078 Security: CVE-2017-13079 Security: CVE-2017-13080 Security: CVE-2017-13081 Security: CVE-2017-13082 Security: CVE-2017-13086 Security: CVE-2017-13087 Security: CVE-2017-13088 Differential Revision: https://reviews.freebsd.org/D12724 |
264390 |
12-Apr-2014 |
rpaulo |
MFC r263925 Enable all cryptocaps because net80211 can do software encryption. |
259073 |
07-Dec-2013 |
peter |
Hoist all the mergeinfo up to the root in preparation for enforcing merges to the root only. All MFC's were rerecorded to the root.
Going forward, if an MFC includes mergeinfo, it will need to be made to the root and committed from the root. Merges with --ignore-ancestry or diff | patch can go anywhere.
The mergeinfo in HEAD is in a bad state from years of neglect and manual tampering and this was branched into 10.x. This confuses the coalescing code and prevents it from doing its job.
Approved by: re (gjb, implicit) |
256281 |
10-Oct-2013 |
gjb |
Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
254062 |
07-Aug-2013 |
rpaulo |
Fix previous commit: both flags must be set.
|
254021 |
07-Aug-2013 |
rpaulo |
Make sure IFM_AVALID is also set when checking ifm_status.
Submitted by: yongari
|
254019 |
07-Aug-2013 |
rpaulo |
Fix a timing issue with the wired driver.
After configuring the interface, wait for the link to become active. Many ethernet drivers reset the chip when we set multicast filters (causing significant delays due to link re-negotiation) and, by the time we start sending packets, they are discared instead of going to the ether.
Tested by: dumbbell
|
253040 |
08-Jul-2013 |
hiren |
Move to MSG_DEBUG to print it via syslog only when requested.
Reviewed by: rpaulo, adrian Approved by: sbruno (mentor)
|
252734 |
04-Jul-2013 |
rpaulo |
Delete .gitignore files.
|
252733 |
04-Jul-2013 |
rpaulo |
Restore the dbus directory that was not meant to be deleted in r252729.
|
252729 |
04-Jul-2013 |
rpaulo |
Remove unused files / directories.
|
252726 |
04-Jul-2013 |
rpaulo |
Merge hostapd / wpa_supplicant 2.0.
Reviewed by: adrian (driver_bsd + usr.sbin/wpa)
|
251848 |
17-Jun-2013 |
pluknet |
Import change e4ac6417c7504e1c55ec556ce908974c04e29e3c from upstream wpa:
From: Guy Eilam <guy@wizery.com> Date: Mon, 21 Feb 2011 20:44:46 +0000 (+0200) Subject: utils: Corrected a typo in header's name definition
utils: Corrected a typo in header's name definition
Corrected a typo in the BASE64_H definition that might cause the header file to be included more than once.
Signed-off-by: Guy Eilam <guy@wizery.com>
Submitted by: <dt71@gmx.com> MFC after: 3 days
|
246875 |
16-Feb-2013 |
dim |
Import change 40eebf235370b6fe6353784ccf01ab92eed062a5 from upstream wpa:
From: Jouni Malinen <j@w1.fi> Date: Fri, 15 Jul 2011 13:42:06 +0300 Subject: [PATCH] MD5: Fix clearing of temporary stack memory to use correct length
sizeof of the structure instead of the pointer was supposed to be used here. Fix this to clear the full structure at the end of MD5Final().
Found by: clang ToT Reviewed by: rpaulo MFC after: 3 days
|
243419 |
23-Nov-2012 |
cperciva |
MFS security patches which seem to have accidentally not reached HEAD:
Fix insufficient message length validation for EAP-TLS messages.
Fix Linux compatibility layer input validation error.
Security: FreeBSD-SA-12:07.hostapd Security: FreeBSD-SA-12:08.linux Security: CVE-2012-4445, CVE-2012-4576 With hat: so@
|
223758 |
04-Jul-2011 |
attilio |
With retirement of cpumask_t and usage of cpuset_t for representing a mask of CPUs, pc_other_cpus and pc_cpumask become highly inefficient.
Remove them and replace their usage with custom pc_cpuid magic (as, atm, pc_cpumask can be easilly represented by (1 << pc_cpuid) and pc_other_cpus by (all_cpus & ~(1 << pc_cpuid))).
This change is not targeted for MFC because of struct pcpu members removal and dependency by cpumask_t retirement.
MD review by: marcel, marius, alc Tested by: pluknet MD testing by: marcel, marius, gonzo, andreast
|
222813 |
07-Jun-2011 |
attilio |
etire the cpumask_t type and replace it with cpuset_t usage.
This is intended to fix the bug where cpu mask objects are capped to 32. MAXCPU, then, can now arbitrarely bumped to whatever value. Anyway, as long as several structures in the kernel are statically allocated and sized as MAXCPU, it is suggested to keep it as low as possible for the time being.
Technical notes on this commit itself: - More functions to handle with cpuset_t objects are introduced. The most notable are cpusetobj_ffs() (which calculates a ffs(3) for a cpuset_t object), cpusetobj_strprint() (which prepares a string representing a cpuset_t object) and cpusetobj_strscan() (which creates a valid cpuset_t starting from a string representation). - pc_cpumask and pc_other_cpus are target to be removed soon. With the moving from cpumask_t to cpuset_t they are now inefficient and not really useful. Anyway, for the time being, please note that access to pcpu datas is protected by sched_pin() in order to avoid migrating the CPU while reading more than one (possible) word - Please note that size of cpuset_t objects may differ between kernel and userland. While this is not directly related to the patch itself, it is good to understand that concept and possibly use the patch as a reference on how to deal with cpuset_t objects in userland, when accessing kernland members. - KTR_CPUMASK is changed and now is represented through a string, to be set as the example reported in NOTES.
Please additively note that no MAXCPU is bumped in this patch, but private testing has been done until to MAXCPU=128 on a real 8x8x2(htt) machine (amd64).
Please note that the FreeBSD version is not yet bumped because of the upcoming pcpu changes. However, note that this patch is not targeted for MFC.
People to thank for the time spent on this patch: - sbruno, pluknet and Nicholas Esborn (nick AT desert DOT net) tested several revision of the patches and really helped in improving stability of this work. - marius fixed several bugs in the sparc64 implementation and reviewed patches related to ktr. - jeff and jhb discussed the basic approach followed. - kib and marcel made targeted review on some specific part of the patch. - marius, art, nwhitehorn and andreast reviewed MD specific part of the patch. - marius, andreast, gonzo, nwhitehorn and jceel tested MD specific implementations of the patch. - Other people have made contributions on other patches that have been already committed and have been listed separately.
Companies that should be mentioned for having participated at several degrees: - Yahoo! for having offered the machines used for testing on big count of CPUs. - The FreeBSD Foundation for having sponsored my devsummit attendance, which has been instrumental. - Sandvine for having offered offices and infrastructure during development.
(I really hope I didn't forget anyone, if it happened I apologize in advance).
|
214736 |
03-Nov-2010 |
rpaulo |
Remove unused files.
|
214734 |
03-Nov-2010 |
rpaulo |
Merge wpa_supplicant and hostapd 0.7.3.
|
209160 |
14-Jun-2010 |
rpaulo |
Remove unused files.
|
209158 |
14-Jun-2010 |
rpaulo |
MFV hostapd & wpa_supplicant 0.6.10.
|
209137 |
13-Jun-2010 |
rpaulo |
Bootstrap mergeinfo in preparation for import.
|
207736 |
07-May-2010 |
mckusick |
Merger of the quota64 project into head.
This joint work of Dag-Erling Smørgrav and myself updates the FFS quota system to support both traditional 32-bit and new 64-bit quotas (for those of you who want to put 2+Tb quotas on your users).
By default quotas are not compiled into the kernel. To include them in your kernel configuration you need to specify:
options QUOTA # Enable FFS quotas
If you are already running with the current 32-bit quotas, they should continue to work just as they have in the past. If you wish to convert to using 64-bit quotas, use `quotacheck -c 64'; if you wish to revert from 64-bit quotas back to 32-bit quotas, use `quotacheck -c 32'.
There is a new library of functions to simplify the use of the quota system, do `man quotafile' for details. If your application is currently using the quotactl(2), it is highly recommended that you convert your application to use the quotafile interface. Note that existing binaries will continue to work.
Special thanks to John Kozubik of rsync.net for getting me interested in pursuing 64-bit quota support and for funding part of my development time on this project.
|
189902 |
17-Mar-2009 |
dougb |
Add some notes and clarify a few sections: 1. Add a note to double-check the man page 2. Remove windows-specific items in the ctrl_interface section 3. Add a note that ap_scan must be set to 1 for use with wlan 4. Clarify the wording for scan_ssid related to APs that hide ssid 5. Clarify the wording for the priority option
|
189841 |
15-Mar-2009 |
sam |
remove gcc-ism; tsinfo isn't used anyway
|
189775 |
13-Mar-2009 |
sam |
fix portability; linux does not have sa_len/sun_len
|
189266 |
02-Mar-2009 |
sam |
bring along mergeinfo
Submitted by: mlaier
|
189262 |
02-Mar-2009 |
sam |
bring in local changes for: CONFIG_DEBUG_SYSLOG CONFIG_TERMINATE_ONLASTIF EAP_SERVER
|
189261 |
02-Mar-2009 |
sam |
connect vendor wpa area to contrib
|
189254 |
01-Mar-2009 |
sam |
remove unused bits
|
189251 |
01-Mar-2009 |
sam |
import wpa_supplicant+hostapd 0.6.8
|