summaryrefslogtreecommitdiffstats
path: root/slackware64-current/source/n/wpa_supplicant
diff options
context:
space:
mode:
authorAdrien Nader <adrien@notk.org>2017-10-18 22:40:07 +0200
committerAdrien Nader <adrien@notk.org>2017-10-18 22:40:07 +0200
commite99a1b19e8ae4b19ce00840b2f6d3c3540a27110 (patch)
treee5011b7e95353b1316d0547c23473060cb81fae4 /slackware64-current/source/n/wpa_supplicant
parent36954e2bc8145a8eec36fd1b6039be2c433e38c9 (diff)
Wed Oct 18 18:21:18 UTC 2017
ap/cups-2.2.5-x86_64-1.txz: Upgraded. n/wpa_supplicant-2.6-x86_64-2.txz: Rebuilt. This update includes patches to mitigate the WPA2 protocol issues known as "KRACK" (Key Reinstallation AttaCK), which may be used to decrypt data, hijack TCP connections, and to forge and inject packets. This is the list of vulnerabilities that are addressed here: CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake. CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake. CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way handshake. CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake. CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake. CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it. CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake. CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake. CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame. CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame. For more information, see: https://www.krackattacks.com/ https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13084 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088 (* Security fix *) x/libXfont2-2.0.2-x86_64-1.txz: Upgraded. This update is a collection of minor fixes since 2.0.1, including CVE-2017-13720 and CVE-2017-13722. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13720 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13722 (* Security fix *) x/libXres-1.2.0-x86_64-1.txz: Upgraded. Integer overflows may allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XResQueryClients and (2) XResQueryClientResources functions. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1988 (* Security fix *) x/xorg-server-1.19.5-x86_64-1.txz: Upgraded. This update fixes integer overflows and other possible security issues. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12176 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12177 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12178 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12179 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12180 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12181 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12182 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12183 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12184 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12185 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12186 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12187 (* Security fix *) x/xorg-server-xephyr-1.19.5-x86_64-1.txz: Upgraded. x/xorg-server-xnest-1.19.5-x86_64-1.txz: Upgraded. x/xorg-server-xvfb-1.19.5-x86_64-1.txz: Upgraded.
Diffstat (limited to 'slackware64-current/source/n/wpa_supplicant')
-rw-r--r--slackware64-current/source/n/wpa_supplicant/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch.gz1
-rw-r--r--slackware64-current/source/n/wpa_supplicant/2017-1/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch.gz1
-rw-r--r--slackware64-current/source/n/wpa_supplicant/2017-1/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch.gz1
-rw-r--r--slackware64-current/source/n/wpa_supplicant/2017-1/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch.gz1
-rw-r--r--slackware64-current/source/n/wpa_supplicant/2017-1/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch.gz1
-rw-r--r--slackware64-current/source/n/wpa_supplicant/2017-1/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch.gz1
-rw-r--r--slackware64-current/source/n/wpa_supplicant/2017-1/rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch.gz1
-rw-r--r--slackware64-current/source/n/wpa_supplicant/2017-1/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch.gz1
-rw-r--r--slackware64-current/source/n/wpa_supplicant/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt226
-rwxr-xr-xslackware64-current/source/n/wpa_supplicant/wpa_supplicant.SlackBuild11
10 files changed, 244 insertions, 1 deletions
diff --git a/slackware64-current/source/n/wpa_supplicant/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch.gz b/slackware64-current/source/n/wpa_supplicant/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch.gz
new file mode 100644
index 000000000..8aca32904
--- /dev/null
+++ b/slackware64-current/source/n/wpa_supplicant/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch.gz
@@ -0,0 +1 @@
+5d02731898fb422e1e756db35ffda84203f5b27b
diff --git a/slackware64-current/source/n/wpa_supplicant/2017-1/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch.gz b/slackware64-current/source/n/wpa_supplicant/2017-1/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch.gz
new file mode 100644
index 000000000..9309f8e62
--- /dev/null
+++ b/slackware64-current/source/n/wpa_supplicant/2017-1/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch.gz
@@ -0,0 +1 @@
+15c779bc4af8b8cf2bd2ba0ca78128bfb233af9b
diff --git a/slackware64-current/source/n/wpa_supplicant/2017-1/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch.gz b/slackware64-current/source/n/wpa_supplicant/2017-1/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch.gz
new file mode 100644
index 000000000..7a358c555
--- /dev/null
+++ b/slackware64-current/source/n/wpa_supplicant/2017-1/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch.gz
@@ -0,0 +1 @@
+6d7c6b1630b5f0a700bfd714ff8998aa219036a1
diff --git a/slackware64-current/source/n/wpa_supplicant/2017-1/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch.gz b/slackware64-current/source/n/wpa_supplicant/2017-1/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch.gz
new file mode 100644
index 000000000..932afc95a
--- /dev/null
+++ b/slackware64-current/source/n/wpa_supplicant/2017-1/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch.gz
@@ -0,0 +1 @@
+8a4b8de901ef35a676bcffa0ba70174c997ee9cf
diff --git a/slackware64-current/source/n/wpa_supplicant/2017-1/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch.gz b/slackware64-current/source/n/wpa_supplicant/2017-1/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch.gz
new file mode 100644
index 000000000..128273544
--- /dev/null
+++ b/slackware64-current/source/n/wpa_supplicant/2017-1/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch.gz
@@ -0,0 +1 @@
+01bea3a524f9a28b2c2663e3122937d789aac61f
diff --git a/slackware64-current/source/n/wpa_supplicant/2017-1/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch.gz b/slackware64-current/source/n/wpa_supplicant/2017-1/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch.gz
new file mode 100644
index 000000000..f2a573daa
--- /dev/null
+++ b/slackware64-current/source/n/wpa_supplicant/2017-1/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch.gz
@@ -0,0 +1 @@
+84ff76fbfedd6eb04d5246af745dda9aa685154c
diff --git a/slackware64-current/source/n/wpa_supplicant/2017-1/rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch.gz b/slackware64-current/source/n/wpa_supplicant/2017-1/rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch.gz
new file mode 100644
index 000000000..cc84bd6a8
--- /dev/null
+++ b/slackware64-current/source/n/wpa_supplicant/2017-1/rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch.gz
@@ -0,0 +1 @@
+faab7a10bb48880f498a6170181da1b551320187
diff --git a/slackware64-current/source/n/wpa_supplicant/2017-1/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch.gz b/slackware64-current/source/n/wpa_supplicant/2017-1/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch.gz
new file mode 100644
index 000000000..41fa504a6
--- /dev/null
+++ b/slackware64-current/source/n/wpa_supplicant/2017-1/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch.gz
@@ -0,0 +1 @@
+6860387ef57bb94727efa824063c8dcc6bfae69e
diff --git a/slackware64-current/source/n/wpa_supplicant/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt b/slackware64-current/source/n/wpa_supplicant/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
new file mode 100644
index 000000000..5ccb5098c
--- /dev/null
+++ b/slackware64-current/source/n/wpa_supplicant/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
@@ -0,0 +1,226 @@
+WPA packet number reuse with replayed messages and key reinstallation
+
+Published: October 16, 2017
+Identifiers:
+- CERT case ID: VU#228519
+- CVE-2017-13077
+- CVE-2017-13078
+- CVE-2017-13079
+- CVE-2017-13080
+- CVE-2017-13081
+- CVE-2017-13082
+- CVE-2017-13084 (not applicable)
+- CVE-2017-13086
+- CVE-2017-13087
+- CVE-2017-13088
+Latest version available from: https://w1.fi/security/2017-1/
+
+
+Vulnerability
+
+A vulnerability was found in how a number of implementations can be
+triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by
+replaying a specific frame that is used to manage the keys. Such
+reinstallation of the encryption key can result in two different types
+of vulnerabilities: disabling replay protection and significantly
+reducing the security of encryption to the point of allowing frames to
+be decrypted or some parts of the keys to be determined by an attacker
+depending on which cipher is used.
+
+This document focuses on the cases that apply to systems using hostapd
+(AP) or wpa_supplicant (station), but it should be noted that the
+generic vulnerability itself is applicable to other implementations and
+may have different impact in other cases.
+
+This vulnerability can in theory apply to any case where a TK (the
+pairwise/unicast encryption key used with TKIP, CCMP, GCMP), a GTK
+(group/multicast encryption key), or an IGTK (group management frame
+integrity protection key) is configured by the Authentication/Supplicant
+component to the WLAN driver/firmware taking care of the TX/RX path and
+encryption/decryption of frames.
+
+If the same key is configured multiple times, it is likely that the
+transmit and receive packet numbers (PN, IPN, RSC/TSC, etc.) are cleared
+to a smaller value (zero in case of pairwise keys, zero or at least a
+smaller value than the last used value in case of group keys). When this
+happens with the same key, this breaks replay protection on RX side and
+can result in reuse of packet numbers on TX side. The former may allow
+replaying of previously delivered packets (without the attacker being
+able to decrypt them or modify their contents) while the latter may
+result in more severe issues on the TX side due to resulting CCM nonce
+replay and related issues with GCMP and TKIP. The TX side issue may make
+it significantly easier for the attacker to decrypt frames and determine
+some parts of the keys (e.g., a Michael MIC key in case of TKIP).
+
+Impact on AP/hostapd
+
+On the AP side, this generic issue has been determined to be applicable
+in the case where hostapd is used to operate an RSN/WPA2 network with FT
+(Fast BSS Transition from IEEE 802.11r) enabled. Replaying of the
+Reassociation Request frame can be used to get the AP reinstalling the
+TK which results in the AP accepting previously delivered unicast frames
+from the station and the AP reusing previously used packet numbers
+(local TX packet number gets reset to zero). This latter issue on the TX
+side can result in CCM nonce reuse which invalidates CCMP security
+properties. In case of TKIP this can result in the attacker being able
+to determine part of the TK more easily and with GCMP, result in similar
+issues.
+
+It should be noted that the AP side issue with FT would be close to
+applying to FILS authentication (from IEEE 802.11ai) in hostapd with
+replaying of (Re)Association Request frames. However, due to a different
+handling of the repeated association processing with FILS, this would
+actually result in the station getting immediately disconnected which
+prevents this attack in practice. In addition, the FILS implementation
+in the current hostapd version is still experimental and documented as
+being discouraged in production use cases.
+
+Another area of potentially reduced security was identified when looking
+into these issues. When AP/Authenticator implementation in hostapd is
+requested to rekey the PTK without performing EAP reauthentication
+(either through local periodic rekeying or due to a request from an
+association station), the ANonce value does not get updated. This
+results in the new 4-way handshake depending on the station/supplicant
+side generating a new, unique (for the current PMK/PSK) SNonce for the
+PTK derivation to result in a new key. While a properly working
+supplicant would do so, if there is a supplicant implementation that
+does not, this combination could result in deriving the same PTK
+again. When the TK from that PTK gets configured in the driver, this
+would result in reinstalling the same key and the same issues as
+described above for the FT protocol case.
+
+Impact on station/wpa_supplicant
+
+On the station side, this generic issue has been determined to be
+applicable in the cases where wpa_supplicant processes a group key (GTK
+or IGTK) update from the AP. An attacker that is able to limit access
+to frame delivery may be able to extract two update messages and deliver
+those to the station with significant time delay between them. When
+wpa_supplicant processes the second message, it may end up reinstalling
+the same key to the driver and when doing this, clear the RX packet
+number to an old value. This would allow the attacker to replay all
+group-addressed frames that the AP sent between the time the key update
+message was originally sent and the time when the attacker forwarded the
+second frame to the station. The attacker would not be able to decrypt
+or modify the frames based on this vulnerability, though. There is an
+exception to this with older wpa_supplicant versions as noted below in
+version specific notes.
+
+For the current wpa_supplicant version (v2.6), there is also an
+additional EAPOL-Key replay sequence where an additional forged
+EAPOL-Key message can be used to bypass the existing protection for the
+pairwise key reconfiguration in a manner that ends up configuring a
+known TK that an attacker could use to decrypt any frame sent by the
+station and to inject arbitrary unicast frames. Similar issues are
+reachable in older versions as noted below.
+
+PeerKey / TDLS PeerKey
+
+As far as the related CVE-2017-13084 (reinstallation of the STK key in
+the PeerKey handshake) is concerned, it should be noted that PeerKey
+implementation in wpa_supplicant is not fully functional and the actual
+installation of the key into the driver does not work. As such, this
+item is not applicable in practice. Furthermore, the PeerKey handshake
+for IEEE 802.11e DLS is obsolete and not known to have been deployed.
+
+As far as the TDLS PeerKey handshake is concerned (CVE-2017-13086),
+wpa_supplicant implementation is already rejecting TPK M2 retries, so
+the reconfiguration issue cannot apply for it. For TPK M3, there is a
+theoretical impact. However, if that frame is replayed, the current
+wpa_supplicant implementation ends up tearing down the TDLS link
+immediately and as such, there is no real window for performing the
+attack. Furthermore, TPK M3 goes through the AP path and if RSN is used
+there, that frame has replay protection, so the attacker could not
+perform the attack. If the AP path were to use WEP, the frame could be
+replayed, though. That said, if WEP is used on the AP path, it would be
+fair to assume that there is no security in the network, so a new attack
+vector would be of small additional value.
+
+With older wpa_supplicant versions, it may be possible for an attacker
+to cause TPK M2 to be retransmitted with delay that would be able to
+trigger reinstallation of TK on the peer receiving TPK M2
+(CVE-2017-13086). This may open a short window for the attack with v2.3,
+v2.4, and v2.5; and a longer window with older versions.
+
+Vulnerable versions/configurations
+
+For the AP/Authenticator TK (unicast) reinstallation in FT protocol
+(CVE-2017-13082):
+
+hostapd v0.7.2 and newer with FT enabled (i.e., practically all versions
+that include full FT implementation). FT needs to be enabled in the
+runtime configuration to make this applicable.
+
+For the AP/Authenticator missing ANonce during PTK rekeying:
+
+All hostapd versions.
+
+For the station/Supplicant side GTK/IGTK reinstallation and TK
+configuration:
+
+All wpa_supplicant versions. The impact on older versions can be more
+severe due to earlier changes in this area: v2.3 and older can also
+reinstall the pairwise key and as such have similar impact as the AP FT
+case (CVE-2017-13077); v2.4 and v2.5 end up configuring an all-zero TK
+which breaks the normal data path, but could allow an attacker to
+decrypt all following frames from the station and to inject arbitrary
+frames to the station. In addition, a different message sequence
+involving 4-way handshake can result in configuration of an all-zero TK
+in v2.6 and the current snapshot of the development repository as of the
+publication of this advisory.
+
+
+Acknowledgments
+
+Thanks to Mathy Vanhoef of the imec-DistriNet research group of KU
+Leuven for discovering and reporting this issue. Thanks to John A. Van
+Boxtel for finding additional issues related to this topic.
+
+
+Possible mitigation steps
+
+- For AP/hostapd and FT replay issue (CVE-2017-13082), it is possible to
+ prevent the issue temporarily by disabling FT in runtime
+ configuration, if needed before being able to update the
+ implementations.
+
+- Merge the following commits to hostapd/wpa_supplicant and rebuild them:
+
+ hostapd and replayed FT reassociation request frame (CVE-2017-13082):
+ hostapd: Avoid key reinstallation in FT handshake
+
+ hostapd PTK rekeying and ANonce update:
+ Fix PTK rekeying to generate a new ANonce
+
+ wpa_supplicant and GTK/IGTK rekeying (CVE-2017-13078, CVE-2017-13079,
+ CVE-2017-13080, CVE-2017-13081, CVE-2017-13087, CVE-2017-13088):
+ Prevent reinstallation of an already in-use group key
+ Extend protection of GTK/IGTK reinstallation of WNM-Sleep Mode cases
+
+ wpa_supplicant (v2.6 or newer snapshot) and known TK issue:
+ Prevent installation of an all-zero TK
+
+ Additional protection steps for wpa_supplicant:
+ TDLS: Reject TPK-TK reconfiguration
+ WNM: Ignore WNM-Sleep Mode Response without pending request
+ FT: Do not allow multiple Reassociation Response frames
+
+ These patches are available from https://w1.fi/security/2017-1/
+ (both against the snapshot of hostap.git master branch and rebased on
+ top of the v2.6 release)
+
+ For the TDLS TPK M2 retransmission issue (CVE-2017-13086) with older
+ wpa_supplicant versions, consider updating to the latest version or
+ merge in a commit that is present in v2.6:
+ https://w1.fi/cgit/hostap/commit/?id=dabdef9e048b17b22b1c025ad592922eab30dda8
+ ('TDLS: Ignore incoming TDLS Setup Response retries')
+
+- Update to hostapd/wpa_supplicant v2.7 or newer, once available
+ * it should be noted that there are number of additional changes in
+ the related areas of the implementation to provide extra layer of
+ protection for potential unknown issues; these changes are not
+ included in this advisory as they have not been identified to be
+ critical for preventing any of the identified security
+ vulnerabilities; however, users of hostapd/wpa_supplicant are
+ encouraged to consider merging such changes even if not fully
+ moving to v2.7
diff --git a/slackware64-current/source/n/wpa_supplicant/wpa_supplicant.SlackBuild b/slackware64-current/source/n/wpa_supplicant/wpa_supplicant.SlackBuild
index 8657c4a6d..48ea82a96 100755
--- a/slackware64-current/source/n/wpa_supplicant/wpa_supplicant.SlackBuild
+++ b/slackware64-current/source/n/wpa_supplicant/wpa_supplicant.SlackBuild
@@ -23,7 +23,7 @@
PKGNAM=wpa_supplicant
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-1}
+BUILD=${BUILD:-2}
SRCVERSION=$(printf $VERSION | tr _ -)
@@ -77,6 +77,15 @@ find . \
-exec chmod 644 {} \;
+zcat $CWD/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch.gz | patch -p1 || exit 1
+zcat $CWD/2017-1/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch.gz | patch -p1 || exit 1
+zcat $CWD/2017-1/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch.gz | patch -p1 || exit 1
+zcat $CWD/2017-1/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch.gz | patch -p1 || exit 1
+zcat $CWD/2017-1/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch.gz | patch -p1 || exit 1
+zcat $CWD/2017-1/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch.gz | patch -p1 || exit 1
+zcat $CWD/2017-1/rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch.gz | patch -p1 || exit 1
+zcat $CWD/2017-1/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch.gz | patch -p1 || exit 1
+
# Fixup various paths in the dbus service file
cat $CWD/patches/dbus-service-file-args.diff | patch -p1 --verbose || exit 1