Date: Wed, 17 Mar 2021 02:32:50 +0000 (UTC) From: Cy Schubert <cy@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r568629 - head/security/wpa_supplicant Message-ID: <202103170232.12H2WoLZ062934@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: cy Date: Wed Mar 17 02:32:50 2021 New Revision: 568629 URL: https://svnweb.freebsd.org/changeset/ports/568629 Log: security/wpa_supplicant: fix for P2P provision vulnerability Latest version available from: https://w1.fi/security/2021-1/ Vulnerability A vulnerability was discovered in how wpa_supplicant processes P2P (Wi-Fi Direct) provision discovery requests. Under a corner case condition, an invalid Provision Discovery Request frame could end up reaching a state where the oldest peer entry needs to be removed. With a suitably constructed invalid frame, this could result in use (read+write) of freed memory. This can result in an attacker within radio range of the device running P2P discovery being able to cause unexpected behavior, including termination of the wpa_supplicant process and potentially code execution. Vulnerable versions/configurations wpa_supplicant v1.0-v2.9 with CONFIG_P2P build option enabled An attacker (or a system controlled by the attacker) needs to be within radio range of the vulnerable system to send a set of suitably constructed management frames that trigger the corner case to be reached in the management of the P2P peer table. Note: The P2P option is not default. MFH: 2021Q1 Security: https://w1.fi/security/2021-1/\ wpa_supplicant-p2p-provision-discovery-processing-vulnerability.txt Modified: head/security/wpa_supplicant/Makefile (contents, props changed) head/security/wpa_supplicant/distinfo (contents, props changed) Modified: head/security/wpa_supplicant/Makefile ============================================================================== --- head/security/wpa_supplicant/Makefile Wed Mar 17 02:00:16 2021 (r568628) +++ head/security/wpa_supplicant/Makefile Wed Mar 17 02:32:50 2021 (r568629) @@ -2,14 +2,16 @@ PORTNAME= wpa_supplicant PORTVERSION= 2.9 -PORTREVISION= 9 +PORTREVISION= 10 CATEGORIES= security net MASTER_SITES= https://w1.fi/releases/ -PATCH_SITES= https://w1.fi/security/2020-1/ +PATCH_SITES= https://w1.fi/security/2020-1/ \ + https://w1.fi/security/2021-1/ PATCHFILES= 0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch:-p1 \ 0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch:-p1 \ - 0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch:-p1 + 0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch:-p1 \ + 0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch:-p1 MAINTAINER= cy@FreeBSD.org COMMENT= Supplicant (client) for WPA/802.1x protocols Modified: head/security/wpa_supplicant/distinfo ============================================================================== --- head/security/wpa_supplicant/distinfo Wed Mar 17 02:00:16 2021 (r568628) +++ head/security/wpa_supplicant/distinfo Wed Mar 17 02:32:50 2021 (r568629) @@ -1,4 +1,4 @@ -TIMESTAMP = 1591652317 +TIMESTAMP = 1615939959 SHA256 (wpa_supplicant-2.9.tar.gz) = fcbdee7b4a64bea8177973299c8c824419c413ec2e3a95db63dd6a5dc3541f17 SIZE (wpa_supplicant-2.9.tar.gz) = 3231785 SHA256 (0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch) = 2d9a5b9d616f1b4aa4a22b967cee866e2f69b798b0b46803a7928c8559842bd7 @@ -7,3 +7,5 @@ SHA256 (0002-WPS-UPnP-Fix-event-message-generation-usi SIZE (0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch) = 2284 SHA256 (0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch) = a8212a2d89a5bab2824d22b6047e7740553df163114fcec94832bfa9c5c5d78a SIZE (0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch) = 1553 +SHA256 (0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch) = 7f40cfec5faf5e927ea9028ab9392cd118685bde7229ad24210caf0a8f6e9611 +SIZE (0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch) = 1751
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202103170232.12H2WoLZ062934>