MFC r341759, r341796, r341839, r341989, r346591:
The following five MFCs update wpa 2.6 --> 2.8.
r341759:
MFV r341618: Update wpa 2.6 --> 2.7.
r341796:
Clean stale wpa dependencies and objects after r341759
The wpa update added some source files with the same name as a file in
another directory (found via .PATH in the previous version). Having a
stale entry in a .depend file means the new file won't be built, so test
for this case and if found remove all of wpa's dependency files.
Sponsored by: The FreeBSD Foundation
r341839:
Set default ciphers.
Submitted by: jkim@
r341989:
Makefile.inc1: update stale wpa dependency removal statement
Only stale .depend files are removed; do not mention object files.
r346591:
Update wpa_supplicant/hostapd 2.7 --> 2.8
Upstream documents the following advisories:
- https://w1.fi/security/2019-1/sae-side-channel-attacks.txt
- https://w1.fi/security/2019-2/eap-pwd-side-channel-attack.txt
- https://w1.fi/security/2019-3/sae-confirm-missing-state-validation.txt
- https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt
- https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-\ with-unexpected-fragment.txt
Security: CVE-2019-9494, VU#871675, CVE-2019-9495, CVE-2019-9496,
CVE-2019-9497, CVE-2019-9498, CVE-2019-9499
Relnotes: yes