Hi! Here's an update to wpa_supplicant-2.3.
Please test as usual (eduroam, etc.) Works for me with wired 802.1x Cheers, David Index: Makefile =================================================================== RCS file: /cvs/ports/security/wpa_supplicant/Makefile,v retrieving revision 1.22 diff -u -p -u -p -r1.22 Makefile --- Makefile 30 Sep 2014 07:18:48 -0000 1.22 +++ Makefile 10 Oct 2014 09:05:54 -0000 @@ -2,8 +2,7 @@ COMMENT= IEEE 802.1X supplicant -DISTNAME= wpa_supplicant-2.2 -REVISION= 2 +DISTNAME= wpa_supplicant-2.3 CATEGORIES= security net HOMEPAGE= http://hostap.epitest.fi/wpa_supplicant/ Index: distinfo =================================================================== RCS file: /cvs/ports/security/wpa_supplicant/distinfo,v retrieving revision 1.5 diff -u -p -u -p -r1.5 distinfo --- distinfo 2 Sep 2014 13:04:34 -0000 1.5 +++ distinfo 10 Oct 2014 09:05:54 -0000 @@ -1,2 +1,2 @@ -SHA256 (wpa_supplicant-2.2.tar.gz) = 4Ni4/WimWWNuq6JGuyyqy/U9ItU7K2uQ60tP7wmTyO0= -SIZE (wpa_supplicant-2.2.tar.gz) = 2382570 +SHA256 (wpa_supplicant-2.3.tar.gz) = 6qpb8wVScOUhst/2Ty0gPsgED3GVi4WIJpqCwAyde2o= +SIZE (wpa_supplicant-2.3.tar.gz) = 2398722 Index: patches/patch-src_rsn_supp_wpa_c =================================================================== RCS file: patches/patch-src_rsn_supp_wpa_c diff -N patches/patch-src_rsn_supp_wpa_c --- patches/patch-src_rsn_supp_wpa_c 5 Sep 2014 13:18:41 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,29 +0,0 @@ -$OpenBSD: patch-src_rsn_supp_wpa_c,v 1.1 2014/09/05 13:18:41 dcoppa Exp $ - -commit b7c61c9d4e968e7254112631a9f6a1a1f8ef6f7f -Author: Jouni Malinen <j...@w1.fi> -Date: Sat Jun 14 00:20:04 2014 +0300 - -Fix validation of EAPOL-Key length with AES key wrap - -The additional eight octet field was removed from keydatalen without -proper validation of the Key Data Length field. It would have been -possible for an invalid EAPOL-Key frame to be processed in a way that -ends up reading beyond the buffer. In theory, this could have also -resulted in writing beyond the EAPOL-Key frame buffer, but that is -unlikely to be feasible due to the AES key wrap validation step on -arbitrary memory contents. - -Signed-off-by: Jouni Malinen <j...@w1.fi> - ---- src/rsn_supp/wpa.c.orig Wed Jun 4 15:26:14 2014 -+++ src/rsn_supp/wpa.c Fri Sep 5 14:33:27 2014 -@@ -1501,7 +1501,7 @@ static int wpa_supplicant_decrypt_key_data(struct wpa_ - ver == WPA_KEY_INFO_TYPE_AES_128_CMAC || - sm->key_mgmt == WPA_KEY_MGMT_OSEN) { - u8 *buf; -- if (keydatalen % 8) { -+ if (keydatalen < 8 || keydatalen % 8) { - wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, - "WPA: Unsupported AES-WRAP len %d", - keydatalen); Index: patches/patch-src_utils_common_c =================================================================== RCS file: patches/patch-src_utils_common_c diff -N patches/patch-src_utils_common_c --- patches/patch-src_utils_common_c 30 Sep 2014 07:18:48 -0000 1.3 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,31 +0,0 @@ -$OpenBSD: patch-src_utils_common_c,v 1.3 2014/09/30 07:18:48 dcoppa Exp $ - -commit a8833b84f46626b6fb9e9f277137f26acc72c64e -Author: Bernhard Walle <bernh...@bwalle.de> -Date: Tue Sep 16 21:20:47 2014 +0200 - -util: Don't use "\e" - -'\e' representing ESC (0x1b) is not C standard, it's an GNU extension. -https://gcc.gnu.org/onlinedocs/gcc/Character-Escapes.html#Character-Escapes - ---- src/utils/common.c.orig Wed Jun 4 15:26:14 2014 -+++ src/utils/common.c Mon Sep 29 16:58:59 2014 -@@ -362,7 +362,7 @@ void printf_encode(char *txt, size_t maxlen, const u8 - *txt++ = '\\'; - *txt++ = '\\'; - break; -- case '\e': -+ case '\033': - *txt++ = '\\'; - *txt++ = 'e'; - break; -@@ -427,7 +427,7 @@ size_t printf_decode(u8 *buf, size_t maxlen, const cha - pos++; - break; - case 'e': -- buf[len++] = '\e'; -+ buf[len++] = '\033'; - pos++; - break; - case 'x': Index: patches/patch-wpa_supplicant_Makefile =================================================================== RCS file: /cvs/ports/security/wpa_supplicant/patches/patch-wpa_supplicant_Makefile,v retrieving revision 1.3 diff -u -p -u -p -r1.3 patch-wpa_supplicant_Makefile --- patches/patch-wpa_supplicant_Makefile 23 Mar 2014 20:02:14 -0000 1.3 +++ patches/patch-wpa_supplicant_Makefile 10 Oct 2014 09:05:54 -0000 @@ -1,6 +1,6 @@ $OpenBSD: patch-wpa_supplicant_Makefile,v 1.3 2014/03/23 20:02:14 kili Exp $ ---- wpa_supplicant/Makefile.orig Tue Feb 4 12:23:35 2014 -+++ wpa_supplicant/Makefile Sun Mar 23 19:45:14 2014 +--- wpa_supplicant/Makefile.orig Thu Oct 9 16:41:31 2014 ++++ wpa_supplicant/Makefile Fri Oct 10 11:02:04 2014 @@ -56,7 +56,7 @@ mkconfig: echo CONFIG_DRIVER_WEXT=y >> .config @@ -10,17 +10,27 @@ $OpenBSD: patch-wpa_supplicant_Makefile, install: $(addprefix $(DESTDIR)$(BINDIR)/,$(BINALL)) $(MAKE) -C ../src install -@@ -118,13 +118,6 @@ CONFIG_ELOOP=eloop - endif +@@ -119,13 +119,6 @@ endif OBJS += ../src/utils/$(CONFIG_ELOOP).o OBJS_c += ../src/utils/$(CONFIG_ELOOP).o -- + -ifeq ($(CONFIG_ELOOP), eloop) -# Using glibc < 2.17 requires -lrt for clock_gettime() -LIBS += -lrt -LIBS_c += -lrt -LIBS_p += -lrt -endif - +- ifdef CONFIG_ELOOP_POLL CFLAGS += -DCONFIG_ELOOP_POLL + endif +@@ -1391,9 +1384,7 @@ OBJS += sme.o + CFLAGS += -DCONFIG_SME + endif + +-ifdef NEED_80211_COMMON + OBJS += ../src/common/ieee802_11_common.o +-endif + + ifdef NEED_EAP_COMMON + OBJS += ../src/eap_common/eap_common.o
