X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=lfs%2Fwpa_supplicant;h=32cecfd0004e0e92ad147e70799ca41ba18e7d83;hb=351567966d83908eb3de7108f79c4eab7a37e1e0;hp=1cebaabb3a9b0ae14930ff10f4669b53a0027c1b;hpb=06f451c0beaba72872fa7ab81a043eb92a3f63ee;p=ipfire-2.x.git

diff --git a/lfs/wpa_supplicant b/lfs/wpa_supplicant
index 1cebaabb3a..32cecfd000 100644
--- a/lfs/wpa_supplicant
+++ b/lfs/wpa_supplicant
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2015  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2017  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 2.3
+VER        = 2.6
 
 THISAPP    = wpa_supplicant-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -41,7 +41,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = f2ed8fef72cf63d8d446a2d0a6da630a
+$(DL_FILE)_MD5 = 091569eb4440b7d7f2b4276dbfc03c3c
 
 install : $(TARGET)
 
@@ -51,7 +51,7 @@ download :$(patsubst %,$(DIR_DL)/%,$(objects))
 
 md5 : $(subst %,%_MD5,$(objects))
 
-dist: 
+dist:
 	@$(PAK)
 
 ###############################################################################
@@ -74,6 +74,17 @@ $(subst %,%_MD5,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@$(PREBUILD)
 	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+
+	# Security Patches https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
+	cd $(DIR_APP) && patch -p1 < $(DIR_SRC)/src/patches/wpa_supplicant/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
+	cd $(DIR_APP) && patch -p1 < $(DIR_SRC)/src/patches/wpa_supplicant/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
+	cd $(DIR_APP) && patch -p1 < $(DIR_SRC)/src/patches/wpa_supplicant/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
+	cd $(DIR_APP) && patch -p1 < $(DIR_SRC)/src/patches/wpa_supplicant/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch
+	cd $(DIR_APP) && patch -p1 < $(DIR_SRC)/src/patches/wpa_supplicant/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
+	cd $(DIR_APP) && patch -p1 < $(DIR_SRC)/src/patches/wpa_supplicant/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch
+	cd $(DIR_APP) && patch -p1 < $(DIR_SRC)/src/patches/wpa_supplicant/rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
+	cd $(DIR_APP) && patch -p1 < $(DIR_SRC)/src/patches/wpa_supplicant/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
+
 	cd $(DIR_APP)/wpa_supplicant && cp $(DIR_SRC)/config/wpa_supplicant/config ./.config
 	cd $(DIR_APP)/wpa_supplicant && sed -e "s/wpa_cli\ dynamic_eap_methods/wpa_cli\ #dynamic_eap_methods/" -i Makefile
 	cd $(DIR_APP)/wpa_supplicant && sed -e "s@/usr/local@/usr@g" -i Makefile