Date: Tue, 17 Oct 2017 05:49:20 +0000 (UTC) From: Cy Schubert <cy@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r452265 - branches/2017Q4/net/hostapd Message-ID: <201710170549.v9H5nKZj059218@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: cy Date: Tue Oct 17 05:49:19 2017 New Revision: 452265 URL: https://svnweb.freebsd.org/changeset/ports/452265 Log: MFH: r452256 r452257 Use https site. Add patch set 2017-1. A vulnerability was found in how a number of implementations can be triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by replaying a specific frame that is used to manage the keys. Such reinstallation of the encryption key can result in two different types of vulnerabilities: disabling replay protection and significantly reducing the security of encryption to the point of allowing frames to be decrypted or some parts of the keys to be determined by an attacker depending on which cipher is used. Approved by: leres (maintainer) Approved by: ports-secteam (delphij) Security: https://w1.fi/security/2017-1/ \ wpa-packet-number-reuse-with-replayed-messages.txt Security: https://www.krackattacks.com/ Differential Revision: D12691 Modified: branches/2017Q4/net/hostapd/Makefile branches/2017Q4/net/hostapd/distinfo Directory Properties: branches/2017Q4/ (props changed) Modified: branches/2017Q4/net/hostapd/Makefile ============================================================================== --- branches/2017Q4/net/hostapd/Makefile Tue Oct 17 05:35:01 2017 (r452264) +++ branches/2017Q4/net/hostapd/Makefile Tue Oct 17 05:49:19 2017 (r452265) @@ -3,8 +3,18 @@ PORTNAME= hostapd PORTVERSION= 2.6 +PORTREVISION= 1 CATEGORIES= net -MASTER_SITES= http://w1.fi/releases/ +MASTER_SITES= https://w1.fi/releases/ +PATCH_SITES= https://w1.fi/security/2017-1/ +PATCHFILES= rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch \ + rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch \ + rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch \ + rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch \ + rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch \ + rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch \ + rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch +PATCH_DIST_STRIP= -p1 MAINTAINER= leres@FreeBSD.org COMMENT= IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator Modified: branches/2017Q4/net/hostapd/distinfo ============================================================================== --- branches/2017Q4/net/hostapd/distinfo Tue Oct 17 05:35:01 2017 (r452264) +++ branches/2017Q4/net/hostapd/distinfo Tue Oct 17 05:49:19 2017 (r452265) @@ -1,3 +1,17 @@ -TIMESTAMP = 1489911667 +TIMESTAMP = 1508200169 SHA256 (hostapd-2.6.tar.gz) = 01526b90c1d23bec4b0f052039cc4456c2fd19347b4d830d1d58a0a6aea7117d SIZE (hostapd-2.6.tar.gz) = 1822341 +SHA256 (rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch) = 529113cc81256c6178f3c1cf25dd8d3f33e6d770e4a180bd31c6ab7e4917f40b +SIZE (rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch) = 6218 +SHA256 (rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch) = d86d47ab74170f3648b45b91bce780949ca92b09ab43df065178850ec0c335d7 +SIZE (rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch) = 7883 +SHA256 (rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch) = d4535e36739a0cc7f3585e6bcba3c0bb8fc67cb3e729844e448c5dc751f47e81 +SIZE (rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch) = 6861 +SHA256 (rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch) = 793a54748161b5af430dd9de4a1988d19cb8e85ab29bc2340f886b0297cee20b +SIZE (rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch) = 2566 +SHA256 (rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch) = 147c8abe07606905d16404fb2d2c8849796ca7c85ed8673c09bb50038bcdeb9e +SIZE (rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch) = 1949 +SHA256 (rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch) = 596d4d3b63ea859ed7ea9791b3a21cb11b6173b04c0a14a2afa47edf1666afa6 +SIZE (rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch) = 4309 +SHA256 (rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch) = c8840d857b9432f3b488113c85c1ff5d4a4b8d81078b7033388dae1e990843b1 +SIZE (rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch) = 2750
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201710170549.v9H5nKZj059218>