svn commit: r452396 - branches/2017Q4/security/wpa_supplicant

Cy Schubert cy at FreeBSD.org
Thu Oct 19 05:54:40 UTC 2017 

Author: cy
Date: Thu Oct 19 05:54:39 2017
New Revision: 452396
URL: https://svnweb.freebsd.org/changeset/ports/452396

Log:
  MFH: r452249 r452250
  
  Use https site.
  
  Add patch set 2017-1
  
  A vulnerability was found in how a number of implementations can be
  triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by
  replaying a specific frame that is used to manage the keys. Such
  reinstallation of the encryption key can result in two different types
  of vulnerabilities: disabling replay protection and significantly
  reducing the security of encryption to the point of allowing frames to
  be decrypted or some parts of the keys to be determined by an attacker
  depending on which cipher is used.
  
  Security:	https://w1.fi/security/2017-1/ \
  		wpa-packet-number-reuse-with-replayed-messages.txt
  Security:	https://www.krackattacks.com/
  
  Approved by:	portmgr (swills)

Modified:
  branches/2017Q4/security/wpa_supplicant/Makefile
  branches/2017Q4/security/wpa_supplicant/distinfo
Directory Properties:
  branches/2017Q4/   (props changed)

Modified: branches/2017Q4/security/wpa_supplicant/Makefile
==============================================================================
--- branches/2017Q4/security/wpa_supplicant/Makefile	Thu Oct 19 05:52:28 2017	(r452395)
+++ branches/2017Q4/security/wpa_supplicant/Makefile	Thu Oct 19 05:54:39 2017	(r452396)
@@ -2,9 +2,19 @@
 
 PORTNAME=	wpa_supplicant
 PORTVERSION=	2.6
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	security net
-MASTER_SITES=	http://w1.fi/releases/
+MASTER_SITES=	https://w1.fi/releases/
+PATCH_SITES=	https://w1.fi/security/2017-1/
+PATCHFILES=	rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch \
+	rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch \
+	rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch \
+	rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch \
+	rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch \
+	rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch \
+	rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch \
+	rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
+PATCH_DIST_STRIP=	-p1
 
 MAINTAINER=	ports at FreeBSD.org
 COMMENT=	Supplicant (client) for WPA/802.1x protocols

Modified: branches/2017Q4/security/wpa_supplicant/distinfo
==============================================================================
--- branches/2017Q4/security/wpa_supplicant/distinfo	Thu Oct 19 05:52:28 2017	(r452395)
+++ branches/2017Q4/security/wpa_supplicant/distinfo	Thu Oct 19 05:54:39 2017	(r452396)
@@ -1,3 +1,19 @@
-TIMESTAMP = 1478049569
+TIMESTAMP = 1508183403
 SHA256 (wpa_supplicant-2.6.tar.gz) = b4936d34c4e6cdd44954beba74296d964bc2c9668ecaa5255e499636fe2b1450
 SIZE (wpa_supplicant-2.6.tar.gz) = 2753524
+SHA256 (rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch) = 529113cc81256c6178f3c1cf25dd8d3f33e6d770e4a180bd31c6ab7e4917f40b
+SIZE (rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch) = 6218
+SHA256 (rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch) = d86d47ab74170f3648b45b91bce780949ca92b09ab43df065178850ec0c335d7
+SIZE (rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch) = 7883
+SHA256 (rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch) = d4535e36739a0cc7f3585e6bcba3c0bb8fc67cb3e729844e448c5dc751f47e81
+SIZE (rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch) = 6861
+SHA256 (rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch) = 793a54748161b5af430dd9de4a1988d19cb8e85ab29bc2340f886b0297cee20b
+SIZE (rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch) = 2566
+SHA256 (rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch) = 147c8abe07606905d16404fb2d2c8849796ca7c85ed8673c09bb50038bcdeb9e
+SIZE (rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch) = 1949
+SHA256 (rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch) = 596d4d3b63ea859ed7ea9791b3a21cb11b6173b04c0a14a2afa47edf1666afa6
+SIZE (rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch) = 4309
+SHA256 (rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch) = c5a17af84aec2d88c56ce0da2d6945be398fe7cab5c0c340deb30973900c2736
+SIZE (rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch) = 1649
+SHA256 (rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch) = c8840d857b9432f3b488113c85c1ff5d4a4b8d81078b7033388dae1e990843b1
+SIZE (rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch) = 2750

More information about the svn-ports-branches mailing list