svn commit: r452250 - head/security/wpa_supplicant

Cy Schubert cy at FreeBSD.org
Mon Oct 16 20:08:12 UTC 2017 

Author: cy
Date: Mon Oct 16 20:08:11 2017
New Revision: 452250
URL: https://svnweb.freebsd.org/changeset/ports/452250

Log:
  Add patch set 2017-1
  
  A vulnerability was found in how a number of implementations can be
  triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by
  replaying a specific frame that is used to manage the keys. Such
  reinstallation of the encryption key can result in two different types
  of vulnerabilities: disabling replay protection and significantly
  reducing the security of encryption to the point of allowing frames to
  be decrypted or some parts of the keys to be determined by an attacker
  depending on which cipher is used.
  
  Security:	https://w1.fi/security/2017-1/ \
  		wpa-packet-number-reuse-with-replayed-messages.txt
  Security:	https://www.krackattacks.com/
  MFH:		2017Q4

Modified:
  head/security/wpa_supplicant/Makefile   (contents, props changed)
  head/security/wpa_supplicant/distinfo   (contents, props changed)

Modified: head/security/wpa_supplicant/Makefile
==============================================================================
--- head/security/wpa_supplicant/Makefile	Mon Oct 16 20:05:41 2017	(r452249)
+++ head/security/wpa_supplicant/Makefile	Mon Oct 16 20:08:11 2017	(r452250)
@@ -2,9 +2,19 @@
 
 PORTNAME=	wpa_supplicant
 PORTVERSION=	2.6
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	security net
 MASTER_SITES=	https://w1.fi/releases/
+PATCH_SITES=	https://w1.fi/security/2017-1/
+PATCHFILES=	rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch \
+	rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch \
+	rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch \
+	rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch \
+	rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch \
+	rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch \
+	rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch \
+	rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
+PATCH_DIST_STRIP=	-p1
 
 MAINTAINER=	ports at FreeBSD.org
 COMMENT=	Supplicant (client) for WPA/802.1x protocols

Modified: head/security/wpa_supplicant/distinfo
==============================================================================
--- head/security/wpa_supplicant/distinfo	Mon Oct 16 20:05:41 2017	(r452249)
+++ head/security/wpa_supplicant/distinfo	Mon Oct 16 20:08:11 2017	(r452250)
@@ -1,3 +1,19 @@
-TIMESTAMP = 1478049569
+TIMESTAMP = 1508183403
 SHA256 (wpa_supplicant-2.6.tar.gz) = b4936d34c4e6cdd44954beba74296d964bc2c9668ecaa5255e499636fe2b1450
 SIZE (wpa_supplicant-2.6.tar.gz) = 2753524
+SHA256 (rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch) = 529113cc81256c6178f3c1cf25dd8d3f33e6d770e4a180bd31c6ab7e4917f40b
+SIZE (rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch) = 6218
+SHA256 (rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch) = d86d47ab74170f3648b45b91bce780949ca92b09ab43df065178850ec0c335d7
+SIZE (rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch) = 7883
+SHA256 (rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch) = d4535e36739a0cc7f3585e6bcba3c0bb8fc67cb3e729844e448c5dc751f47e81
+SIZE (rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch) = 6861
+SHA256 (rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch) = 793a54748161b5af430dd9de4a1988d19cb8e85ab29bc2340f886b0297cee20b
+SIZE (rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch) = 2566
+SHA256 (rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch) = 147c8abe07606905d16404fb2d2c8849796ca7c85ed8673c09bb50038bcdeb9e
+SIZE (rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch) = 1949
+SHA256 (rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch) = 596d4d3b63ea859ed7ea9791b3a21cb11b6173b04c0a14a2afa47edf1666afa6
+SIZE (rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch) = 4309
+SHA256 (rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch) = c5a17af84aec2d88c56ce0da2d6945be398fe7cab5c0c340deb30973900c2736
+SIZE (rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch) = 1649
+SHA256 (rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch) = c8840d857b9432f3b488113c85c1ff5d4a4b8d81078b7033388dae1e990843b1
+SIZE (rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch) = 2750

More information about the svn-ports-all mailing list