10.4/releng-p11.diff - freebsd-patches - Rivoreo Source Code Repositories

 Index: UPDATING
 ===================================================================
 --- UPDATING	(revision 337395)
 +++ UPDATING	(revision 337829)
 @@ -16,6 +16,15 @@
  stable/10, and then rebuild without this option. The bootstrap process from
  older version of current is a bit fragile.

 +
 +20180814	p11	FreeBSD-SA-18:08.tcp [revised]
 +			FreeBSD-SA-18:11.hostapd
 +
 +	Revise manual pages. [SA-18:08.tcp]
 +
 +	Fixeunauthenticated EAPOL-Key decryption vulnerability.
 +	[SA-18:11.hostapd]
 +
  20180806	p10	FreeBSD-SA-18:08.tcp

  	Fix resource exhaustion in TCP reassembly.
 Index: contrib/wpa/src/rsn_supp/wpa.c
 ===================================================================
 --- contrib/wpa/src/rsn_supp/wpa.c	(revision 337395)
 +++ contrib/wpa/src/rsn_supp/wpa.c	(revision 337829)
 @@ -1829,6 +1829,17 @@

  	if (sm->proto == WPA_PROTO_RSN &&
  	    (key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
 +		/*
 +		 * Only decrypt the Key Data field if the frame's authenticity
 +		 * was verified. When using AES-SIV (FILS), the MIC flag is not
 +		 * set, so this check should only be performed if mic_len != 0
 +		 * which is the case in this code branch.
 +		 */
 +		if (!(key_info & WPA_KEY_INFO_MIC)) {
 +			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
 +				"WPA: Ignore EAPOL-Key with encrypted but unauthenticated data");
 +			goto out;
 +		}
  		if (wpa_supplicant_decrypt_key_data(sm, key, ver))
  			goto out;
  		extra_len = WPA_GET_BE16(key->key_data_length);
 Index: share/man/man4/tcp.4
 ===================================================================
 --- share/man/man4/tcp.4	(revision 337395)
 +++ share/man/man4/tcp.4	(revision 337829)
 @@ -38,7 +38,7 @@
  .\"     From: @(#)tcp.4	8.1 (Berkeley) 6/5/93
  .\" $FreeBSD$
  .\"
 -.Dd October 13, 2014
 +.Dd August 6, 2018
  .Dt TCP 4
  .Os
  .Sh NAME
 Index: sys/conf/newvers.sh
 ===================================================================
 --- sys/conf/newvers.sh	(revision 337395)
 +++ sys/conf/newvers.sh	(revision 337829)
 @@ -32,7 +32,7 @@

  TYPE="FreeBSD"
  REVISION="10.4"
 -BRANCH="RELEASE-p10"
 +BRANCH="RELEASE-p11"
  if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
  	BRANCH=${BRANCH_OVERRIDE}
  fi
	Index: UPDATING
	===================================================================
	--- UPDATING (revision 337395)
	+++ UPDATING (revision 337829)
	@@ -16,6 +16,15 @@
	stable/10, and then rebuild without this option. The bootstrap process from
	older version of current is a bit fragile.

	+
	+20180814 p11 FreeBSD-SA-18:08.tcp [revised]
	+ FreeBSD-SA-18:11.hostapd
	+
	+ Revise manual pages. [SA-18:08.tcp]
	+
	+ Fixeunauthenticated EAPOL-Key decryption vulnerability.
	+ [SA-18:11.hostapd]
	+
	20180806 p10 FreeBSD-SA-18:08.tcp

	Fix resource exhaustion in TCP reassembly.
	Index: contrib/wpa/src/rsn_supp/wpa.c
	===================================================================
	--- contrib/wpa/src/rsn_supp/wpa.c (revision 337395)
	+++ contrib/wpa/src/rsn_supp/wpa.c (revision 337829)
	@@ -1829,6 +1829,17 @@

	if (sm->proto == WPA_PROTO_RSN &&
	(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
	+ /*
	+ * Only decrypt the Key Data field if the frame's authenticity
	+ * was verified. When using AES-SIV (FILS), the MIC flag is not
	+ * set, so this check should only be performed if mic_len != 0
	+ * which is the case in this code branch.
	+ */
	+ if (!(key_info & WPA_KEY_INFO_MIC)) {
	+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
	+ "WPA: Ignore EAPOL-Key with encrypted but unauthenticated data");
	+ goto out;
	+ }
	if (wpa_supplicant_decrypt_key_data(sm, key, ver))
	goto out;
	extra_len = WPA_GET_BE16(key->key_data_length);
	Index: share/man/man4/tcp.4
	===================================================================
	--- share/man/man4/tcp.4 (revision 337395)
	+++ share/man/man4/tcp.4 (revision 337829)
	@@ -38,7 +38,7 @@
	.\" From: @(#)tcp.4 8.1 (Berkeley) 6/5/93
	.\" $FreeBSD$
	.\"
	-.Dd October 13, 2014
	+.Dd August 6, 2018
	.Dt TCP 4
	.Os
	.Sh NAME
	Index: sys/conf/newvers.sh
	===================================================================
	--- sys/conf/newvers.sh (revision 337395)
	+++ sys/conf/newvers.sh (revision 337829)
	@@ -32,7 +32,7 @@

	TYPE="FreeBSD"
	REVISION="10.4"
	-BRANCH="RELEASE-p10"
	+BRANCH="RELEASE-p11"
	if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
	BRANCH=${BRANCH_OVERRIDE}
	fi