svn commit: r452396 - branches/2017Q4/security/wpa_supplicant
Cy Schubert
cy at FreeBSD.org
Thu Oct 19 05:54:40 UTC 2017
Author: cy
Date: Thu Oct 19 05:54:39 2017
New Revision: 452396
URL: https://svnweb.freebsd.org/changeset/ports/452396
Log:
MFH: r452249 r452250
Use https site.
Add patch set 2017-1
A vulnerability was found in how a number of implementations can be
triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by
replaying a specific frame that is used to manage the keys. Such
reinstallation of the encryption key can result in two different types
of vulnerabilities: disabling replay protection and significantly
reducing the security of encryption to the point of allowing frames to
be decrypted or some parts of the keys to be determined by an attacker
depending on which cipher is used.
Security: https://w1.fi/security/2017-1/ \
wpa-packet-number-reuse-with-replayed-messages.txt
Security: https://www.krackattacks.com/
Approved by: portmgr (swills)
Modified:
branches/2017Q4/security/wpa_supplicant/Makefile
branches/2017Q4/security/wpa_supplicant/distinfo
Directory Properties:
branches/2017Q4/ (props changed)
Modified: branches/2017Q4/security/wpa_supplicant/Makefile
==============================================================================
--- branches/2017Q4/security/wpa_supplicant/Makefile Thu Oct 19 05:52:28 2017 (r452395)
+++ branches/2017Q4/security/wpa_supplicant/Makefile Thu Oct 19 05:54:39 2017 (r452396)
@@ -2,9 +2,19 @@
PORTNAME= wpa_supplicant
PORTVERSION= 2.6
-PORTREVISION= 1
+PORTREVISION= 2
CATEGORIES= security net
-MASTER_SITES= http://w1.fi/releases/
+MASTER_SITES= https://w1.fi/releases/
+PATCH_SITES= https://w1.fi/security/2017-1/
+PATCHFILES= rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch \
+ rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch \
+ rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch \
+ rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch \
+ rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch \
+ rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch \
+ rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch \
+ rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
+PATCH_DIST_STRIP= -p1
MAINTAINER= ports at FreeBSD.org
COMMENT= Supplicant (client) for WPA/802.1x protocols
Modified: branches/2017Q4/security/wpa_supplicant/distinfo
==============================================================================
--- branches/2017Q4/security/wpa_supplicant/distinfo Thu Oct 19 05:52:28 2017 (r452395)
+++ branches/2017Q4/security/wpa_supplicant/distinfo Thu Oct 19 05:54:39 2017 (r452396)
@@ -1,3 +1,19 @@
-TIMESTAMP = 1478049569
+TIMESTAMP = 1508183403
SHA256 (wpa_supplicant-2.6.tar.gz) = b4936d34c4e6cdd44954beba74296d964bc2c9668ecaa5255e499636fe2b1450
SIZE (wpa_supplicant-2.6.tar.gz) = 2753524
+SHA256 (rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch) = 529113cc81256c6178f3c1cf25dd8d3f33e6d770e4a180bd31c6ab7e4917f40b
+SIZE (rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch) = 6218
+SHA256 (rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch) = d86d47ab74170f3648b45b91bce780949ca92b09ab43df065178850ec0c335d7
+SIZE (rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch) = 7883
+SHA256 (rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch) = d4535e36739a0cc7f3585e6bcba3c0bb8fc67cb3e729844e448c5dc751f47e81
+SIZE (rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch) = 6861
+SHA256 (rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch) = 793a54748161b5af430dd9de4a1988d19cb8e85ab29bc2340f886b0297cee20b
+SIZE (rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch) = 2566
+SHA256 (rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch) = 147c8abe07606905d16404fb2d2c8849796ca7c85ed8673c09bb50038bcdeb9e
+SIZE (rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch) = 1949
+SHA256 (rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch) = 596d4d3b63ea859ed7ea9791b3a21cb11b6173b04c0a14a2afa47edf1666afa6
+SIZE (rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch) = 4309
+SHA256 (rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch) = c5a17af84aec2d88c56ce0da2d6945be398fe7cab5c0c340deb30973900c2736
+SIZE (rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch) = 1649
+SHA256 (rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch) = c8840d857b9432f3b488113c85c1ff5d4a4b8d81078b7033388dae1e990843b1
+SIZE (rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch) = 2750
More information about the svn-ports-branches
mailing list