svn commit: r452257 - head/net/hostapd

Cy Schubert cy at FreeBSD.org
Tue Oct 17 01:30:49 UTC 2017 

Author: cy
Date: Tue Oct 17 01:30:47 2017
New Revision: 452257
URL: https://svnweb.freebsd.org/changeset/ports/452257

Log:
  Add patch set 2017-1.
  
  A vulnerability was found in how a number of implementations can be
  triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by
  replaying a specific frame that is used to manage the keys. Such
  reinstallation of the encryption key can result in two different types
  of vulnerabilities: disabling replay protection and significantly
  reducing the security of encryption to the point of allowing frames to
  be decrypted or some parts of the keys to be determined by an attacker
  depending on which cipher is used.
  
  Approved by:	leres (maintainer)
  Security:	https://w1.fi/security/2017-1/ \
  		wpa-packet-number-reuse-with-replayed-messages.txt
  Security:	https://www.krackattacks.com/
  MFH:		2017Q4
  Differential Revision:	D12691

Modified:
  head/net/hostapd/Makefile   (contents, props changed)
  head/net/hostapd/distinfo   (contents, props changed)

Modified: head/net/hostapd/Makefile
==============================================================================
--- head/net/hostapd/Makefile	Tue Oct 17 01:30:44 2017	(r452256)
+++ head/net/hostapd/Makefile	Tue Oct 17 01:30:47 2017	(r452257)
@@ -3,8 +3,18 @@
 
 PORTNAME=	hostapd
 PORTVERSION=	2.6
+PORTREVISION=	1
 CATEGORIES=	net
 MASTER_SITES=	https://w1.fi/releases/
+PATCH_SITES=	https://w1.fi/security/2017-1/
+PATCHFILES=	rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch \
+	rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch \
+	rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch \
+	rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch \
+	rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch \
+	rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch \
+	rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
+PATCH_DIST_STRIP=	-p1
 
 MAINTAINER=	leres at FreeBSD.org
 COMMENT=	IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator

Modified: head/net/hostapd/distinfo
==============================================================================
--- head/net/hostapd/distinfo	Tue Oct 17 01:30:44 2017	(r452256)
+++ head/net/hostapd/distinfo	Tue Oct 17 01:30:47 2017	(r452257)
@@ -1,3 +1,17 @@
-TIMESTAMP = 1489911667
+TIMESTAMP = 1508200169
 SHA256 (hostapd-2.6.tar.gz) = 01526b90c1d23bec4b0f052039cc4456c2fd19347b4d830d1d58a0a6aea7117d
 SIZE (hostapd-2.6.tar.gz) = 1822341
+SHA256 (rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch) = 529113cc81256c6178f3c1cf25dd8d3f33e6d770e4a180bd31c6ab7e4917f40b
+SIZE (rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch) = 6218
+SHA256 (rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch) = d86d47ab74170f3648b45b91bce780949ca92b09ab43df065178850ec0c335d7
+SIZE (rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch) = 7883
+SHA256 (rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch) = d4535e36739a0cc7f3585e6bcba3c0bb8fc67cb3e729844e448c5dc751f47e81
+SIZE (rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch) = 6861
+SHA256 (rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch) = 793a54748161b5af430dd9de4a1988d19cb8e85ab29bc2340f886b0297cee20b
+SIZE (rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch) = 2566
+SHA256 (rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch) = 147c8abe07606905d16404fb2d2c8849796ca7c85ed8673c09bb50038bcdeb9e
+SIZE (rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch) = 1949
+SHA256 (rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch) = 596d4d3b63ea859ed7ea9791b3a21cb11b6173b04c0a14a2afa47edf1666afa6
+SIZE (rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch) = 4309
+SHA256 (rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch) = c8840d857b9432f3b488113c85c1ff5d4a4b8d81078b7033388dae1e990843b1
+SIZE (rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch) = 2750

More information about the svn-ports-all mailing list