Date: Mon, 16 Oct 2017 20:08:11 +0000 (UTC) From: Cy Schubert <cy@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r452250 - head/security/wpa_supplicant Message-ID: <201710162008.v9GK8BIZ095425@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: cy Date: Mon Oct 16 20:08:11 2017 New Revision: 452250 URL: https://svnweb.freebsd.org/changeset/ports/452250 Log: Add patch set 2017-1 A vulnerability was found in how a number of implementations can be triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by replaying a specific frame that is used to manage the keys. Such reinstallation of the encryption key can result in two different types of vulnerabilities: disabling replay protection and significantly reducing the security of encryption to the point of allowing frames to be decrypted or some parts of the keys to be determined by an attacker depending on which cipher is used. Security: https://w1.fi/security/2017-1/ \ wpa-packet-number-reuse-with-replayed-messages.txt Security: https://www.krackattacks.com/ MFH: 2017Q4 Modified: head/security/wpa_supplicant/Makefile (contents, props changed) head/security/wpa_supplicant/distinfo (contents, props changed) Modified: head/security/wpa_supplicant/Makefile ============================================================================== --- head/security/wpa_supplicant/Makefile Mon Oct 16 20:05:41 2017 (r452249) +++ head/security/wpa_supplicant/Makefile Mon Oct 16 20:08:11 2017 (r452250) @@ -2,9 +2,19 @@ PORTNAME= wpa_supplicant PORTVERSION= 2.6 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security net MASTER_SITES= https://w1.fi/releases/ +PATCH_SITES= https://w1.fi/security/2017-1/ +PATCHFILES= rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch \ + rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch \ + rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch \ + rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch \ + rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch \ + rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch \ + rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch \ + rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch +PATCH_DIST_STRIP= -p1 MAINTAINER= ports@FreeBSD.org COMMENT= Supplicant (client) for WPA/802.1x protocols Modified: head/security/wpa_supplicant/distinfo ============================================================================== --- head/security/wpa_supplicant/distinfo Mon Oct 16 20:05:41 2017 (r452249) +++ head/security/wpa_supplicant/distinfo Mon Oct 16 20:08:11 2017 (r452250) @@ -1,3 +1,19 @@ -TIMESTAMP = 1478049569 +TIMESTAMP = 1508183403 SHA256 (wpa_supplicant-2.6.tar.gz) = b4936d34c4e6cdd44954beba74296d964bc2c9668ecaa5255e499636fe2b1450 SIZE (wpa_supplicant-2.6.tar.gz) = 2753524 +SHA256 (rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch) = 529113cc81256c6178f3c1cf25dd8d3f33e6d770e4a180bd31c6ab7e4917f40b +SIZE (rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch) = 6218 +SHA256 (rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch) = d86d47ab74170f3648b45b91bce780949ca92b09ab43df065178850ec0c335d7 +SIZE (rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch) = 7883 +SHA256 (rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch) = d4535e36739a0cc7f3585e6bcba3c0bb8fc67cb3e729844e448c5dc751f47e81 +SIZE (rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch) = 6861 +SHA256 (rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch) = 793a54748161b5af430dd9de4a1988d19cb8e85ab29bc2340f886b0297cee20b +SIZE (rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch) = 2566 +SHA256 (rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch) = 147c8abe07606905d16404fb2d2c8849796ca7c85ed8673c09bb50038bcdeb9e +SIZE (rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch) = 1949 +SHA256 (rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch) = 596d4d3b63ea859ed7ea9791b3a21cb11b6173b04c0a14a2afa47edf1666afa6 +SIZE (rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch) = 4309 +SHA256 (rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch) = c5a17af84aec2d88c56ce0da2d6945be398fe7cab5c0c340deb30973900c2736 +SIZE (rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch) = 1649 +SHA256 (rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch) = c8840d857b9432f3b488113c85c1ff5d4a4b8d81078b7033388dae1e990843b1 +SIZE (rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch) = 2750
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201710162008.v9GK8BIZ095425>