svn commit: r452265 - branches/2017Q4/net/hostapd
Cy Schubert
cy at FreeBSD.org
Tue Oct 17 05:49:21 UTC 2017
Author: cy
Date: Tue Oct 17 05:49:19 2017
New Revision: 452265
URL: https://svnweb.freebsd.org/changeset/ports/452265
Log:
MFH: r452256 r452257
Use https site.
Add patch set 2017-1.
A vulnerability was found in how a number of implementations can be
triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by
replaying a specific frame that is used to manage the keys. Such
reinstallation of the encryption key can result in two different types
of vulnerabilities: disabling replay protection and significantly
reducing the security of encryption to the point of allowing frames to
be decrypted or some parts of the keys to be determined by an attacker
depending on which cipher is used.
Approved by: leres (maintainer)
Approved by: ports-secteam (delphij)
Security: https://w1.fi/security/2017-1/ \
wpa-packet-number-reuse-with-replayed-messages.txt
Security: https://www.krackattacks.com/
Differential Revision: D12691
Modified:
branches/2017Q4/net/hostapd/Makefile
branches/2017Q4/net/hostapd/distinfo
Directory Properties:
branches/2017Q4/ (props changed)
Modified: branches/2017Q4/net/hostapd/Makefile
==============================================================================
--- branches/2017Q4/net/hostapd/Makefile Tue Oct 17 05:35:01 2017 (r452264)
+++ branches/2017Q4/net/hostapd/Makefile Tue Oct 17 05:49:19 2017 (r452265)
@@ -3,8 +3,18 @@
PORTNAME= hostapd
PORTVERSION= 2.6
+PORTREVISION= 1
CATEGORIES= net
-MASTER_SITES= http://w1.fi/releases/
+MASTER_SITES= https://w1.fi/releases/
+PATCH_SITES= https://w1.fi/security/2017-1/
+PATCHFILES= rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch \
+ rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch \
+ rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch \
+ rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch \
+ rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch \
+ rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch \
+ rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
+PATCH_DIST_STRIP= -p1
MAINTAINER= leres at FreeBSD.org
COMMENT= IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
Modified: branches/2017Q4/net/hostapd/distinfo
==============================================================================
--- branches/2017Q4/net/hostapd/distinfo Tue Oct 17 05:35:01 2017 (r452264)
+++ branches/2017Q4/net/hostapd/distinfo Tue Oct 17 05:49:19 2017 (r452265)
@@ -1,3 +1,17 @@
-TIMESTAMP = 1489911667
+TIMESTAMP = 1508200169
SHA256 (hostapd-2.6.tar.gz) = 01526b90c1d23bec4b0f052039cc4456c2fd19347b4d830d1d58a0a6aea7117d
SIZE (hostapd-2.6.tar.gz) = 1822341
+SHA256 (rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch) = 529113cc81256c6178f3c1cf25dd8d3f33e6d770e4a180bd31c6ab7e4917f40b
+SIZE (rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch) = 6218
+SHA256 (rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch) = d86d47ab74170f3648b45b91bce780949ca92b09ab43df065178850ec0c335d7
+SIZE (rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch) = 7883
+SHA256 (rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch) = d4535e36739a0cc7f3585e6bcba3c0bb8fc67cb3e729844e448c5dc751f47e81
+SIZE (rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch) = 6861
+SHA256 (rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch) = 793a54748161b5af430dd9de4a1988d19cb8e85ab29bc2340f886b0297cee20b
+SIZE (rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch) = 2566
+SHA256 (rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch) = 147c8abe07606905d16404fb2d2c8849796ca7c85ed8673c09bb50038bcdeb9e
+SIZE (rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch) = 1949
+SHA256 (rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch) = 596d4d3b63ea859ed7ea9791b3a21cb11b6173b04c0a14a2afa47edf1666afa6
+SIZE (rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch) = 4309
+SHA256 (rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch) = c8840d857b9432f3b488113c85c1ff5d4a4b8d81078b7033388dae1e990843b1
+SIZE (rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch) = 2750
More information about the svn-ports-branches
mailing list