From owner-svn-ports-head@freebsd.org Tue Aug 14 20:22:01 2018 Return-Path: Delivered-To: svn-ports-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 03A2F105BCA4; Tue, 14 Aug 2018 20:22:01 +0000 (UTC) (envelope-from cy@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 9739686954; Tue, 14 Aug 2018 20:22:00 +0000 (UTC) (envelope-from cy@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 6B36E205CA; Tue, 14 Aug 2018 20:21:59 +0000 (UTC) (envelope-from cy@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w7EKLxt4011302; Tue, 14 Aug 2018 20:21:59 GMT (envelope-from cy@FreeBSD.org) Received: (from cy@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w7EKLwAj011300; Tue, 14 Aug 2018 20:21:58 GMT (envelope-from cy@FreeBSD.org) Message-Id: <201808142021.w7EKLwAj011300@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: cy set sender to cy@FreeBSD.org using -f From: Cy Schubert Date: Tue, 14 Aug 2018 20:21:58 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r477202 - head/security/wpa_supplicant X-SVN-Group: ports-head X-SVN-Commit-Author: cy X-SVN-Commit-Paths: head/security/wpa_supplicant X-SVN-Commit-Revision: 477202 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Aug 2018 20:22:01 -0000 Author: cy Date: Tue Aug 14 20:21:58 2018 New Revision: 477202 URL: https://svnweb.freebsd.org/changeset/ports/477202 Log: WPA: Ignore unauthenticated encrypted EAPOL-Key data Ignore unauthenticated encrypted EAPOL-Key data in supplicant processing. When using WPA2, these are frames that have the Encrypted flag set, but not the MIC flag. When using WPA2, EAPOL-Key frames that had the Encrypted flag set but not the MIC flag, had their data field decrypted without first verifying the MIC. In case the data field was encrypted using RC4 (i.e., when negotiating TKIP as the pairwise cipher), this meant that unauthenticated but decrypted data would then be processed. An adversary could abuse this as a decryption oracle to recover sensitive information in the data field of EAPOL-Key messages (e.g., the group key). (CVE-2018-14526) Signed-off-by: Mathy Vanhoef Security: CVE-2018-14526 Security: VuXML: 6bedc863-9fbe-11e8-945f-206a8a720317 Modified: head/security/wpa_supplicant/Makefile (contents, props changed) head/security/wpa_supplicant/distinfo (contents, props changed) Modified: head/security/wpa_supplicant/Makefile ============================================================================== --- head/security/wpa_supplicant/Makefile Tue Aug 14 20:21:52 2018 (r477201) +++ head/security/wpa_supplicant/Makefile Tue Aug 14 20:21:58 2018 (r477202) @@ -2,10 +2,11 @@ PORTNAME= wpa_supplicant PORTVERSION= 2.6 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= security net MASTER_SITES= https://w1.fi/releases/ -PATCH_SITES= https://w1.fi/security/2017-1/ +PATCH_SITES= https://w1.fi/security/2017-1/ \ + https://w1.fi/security/2018-1/ PATCHFILES= rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch \ rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch \ rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch \ @@ -13,7 +14,8 @@ PATCHFILES= rebased-v2.6-0001-hostapd-Avoid-key-reinst rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch \ rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch \ rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch \ - rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch + rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch \ + rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch PATCH_DIST_STRIP= -p1 MAINTAINER= cy@FreeBSD.org Modified: head/security/wpa_supplicant/distinfo ============================================================================== --- head/security/wpa_supplicant/distinfo Tue Aug 14 20:21:52 2018 (r477201) +++ head/security/wpa_supplicant/distinfo Tue Aug 14 20:21:58 2018 (r477202) @@ -1,4 +1,4 @@ -TIMESTAMP = 1508183403 +TIMESTAMP = 1533786430 SHA256 (wpa_supplicant-2.6.tar.gz) = b4936d34c4e6cdd44954beba74296d964bc2c9668ecaa5255e499636fe2b1450 SIZE (wpa_supplicant-2.6.tar.gz) = 2753524 SHA256 (rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch) = 529113cc81256c6178f3c1cf25dd8d3f33e6d770e4a180bd31c6ab7e4917f40b @@ -17,3 +17,5 @@ SHA256 (rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Re SIZE (rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch) = 1649 SHA256 (rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch) = c8840d857b9432f3b488113c85c1ff5d4a4b8d81078b7033388dae1e990843b1 SIZE (rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch) = 2750 +SHA256 (rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch) = 960c3cf2a514479b0b4cf09665186a1a9f5d28e8b05dec23db75c6cc13eb1f7c +SIZE (rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch) = 1999