From 72065739ec0c24fdf21bba7d653b1ba05179b8d4 Mon Sep 17 00:00:00 2001
From: Patrick J Volkerding <volkerdi@slackware.com>
Date: Wed, 28 Feb 2024 18:36:48 +0000
Subject: Wed Feb 28 18:36:48 UTC 2024

d/parallel-20240222-noarch-1.txz:  Upgraded.
kde/krita-5.2.2-x86_64-4.txz:  Rebuilt.
  Recompiled against libunibreak-6.0.
l/accountsservice-23.13.9-x86_64-1.txz:  Upgraded.
  Thanks to reddog83.
l/libass-0.17.1-x86_64-2.txz:  Rebuilt.
  Recompiled against libunibreak-6.0.
l/libunibreak-6.0-x86_64-1.txz:  Upgraded.
  Shared library .so-version bump.
l/orc-0.4.38-x86_64-1.txz:  Upgraded.
l/python-requests-2.31.0-x86_64-1.txz:  Upgraded.
l/python-urllib3-2.2.1-x86_64-1.txz:  Upgraded.
l/qt6-6.6.2_20240210_15b7e743-x86_64-1.txz:  Added.
n/wpa_supplicant-2.10-x86_64-3.txz:  Rebuilt.
  Patched the implementation of PEAP in wpa_supplicant to prevent an
  authentication bypass. For a successful attack, wpa_supplicant must be
  configured to not verify the network's TLS certificate during Phase 1
  authentication, and an eap_peap_decrypt vulnerability can then be abused
  to skip Phase 2 authentication. The attack vector is sending an EAP-TLV
  Success packet instead of starting Phase 2. This allows an adversary to
  impersonate Enterprise Wi-Fi networks.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-52160
  (* Security fix *)
xap/gparted-1.6.0-x86_64-1.txz:  Upgraded.
---
 source/n/wpa_supplicant/wpa_supplicant.SlackBuild | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'source/n/wpa_supplicant/wpa_supplicant.SlackBuild')

diff --git a/source/n/wpa_supplicant/wpa_supplicant.SlackBuild b/source/n/wpa_supplicant/wpa_supplicant.SlackBuild
index 2f1a718eb..f99324697 100755
--- a/source/n/wpa_supplicant/wpa_supplicant.SlackBuild
+++ b/source/n/wpa_supplicant/wpa_supplicant.SlackBuild
@@ -25,7 +25,7 @@ cd $(dirname $0) ; CWD=$(pwd)
 
 PKGNAM=wpa_supplicant
 VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-2}
+BUILD=${BUILD:-3}
 
 SRCVERSION=$(printf $VERSION | tr _ -)
 
@@ -91,6 +91,9 @@ zcat $CWD/patches/wpa_supplicant-quiet-scan-results-message.patch.gz | patch -p1
 # Allow legacy tls to avoid breaking WPA2-Enterprise:
 zcat $CWD/patches/allow-tlsv1.patch.gz | patch -p1 --verbose || exit 1
 
+# CVE-2023-52160:
+zcat $CWD/patches/8e6485a1bcb0baffdea9e55255a81270b768439c.patch.gz | patch -p1 --verbose || exit 1
+
 cd wpa_supplicant
 
 # Create the configuration file for building wpa_supplicant:
-- 
cgit v1.2.3-65-gdbad