[arch-commits] Commit in wpa_supplicant/repos/testing-x86_64 (14 files)
Date: Saturday, February 22, 2020 @ 18:18:24 Author: heftig Revision: 376053 archrelease: copy trunk to testing-x86_64 Added: wpa_supplicant/repos/testing-x86_64/CVE-2019-16275.patch (from rev 376052, wpa_supplicant/trunk/CVE-2019-16275.patch) wpa_supplicant/repos/testing-x86_64/PKGBUILD (from rev 376052, wpa_supplicant/trunk/PKGBUILD) wpa_supplicant/repos/testing-x86_64/config (from rev 376052, wpa_supplicant/trunk/config) wpa_supplicant/repos/testing-x86_64/roam-properties.patch (from rev 376052, wpa_supplicant/trunk/roam-properties.patch) wpa_supplicant/repos/testing-x86_64/systemd.patch (from rev 376052, wpa_supplicant/trunk/systemd.patch) wpa_supplicant/repos/testing-x86_64/tls.patch (from rev 376052, wpa_supplicant/trunk/tls.patch) wpa_supplicant/repos/testing-x86_64/wpa_supplicant.install (from rev 376052, wpa_supplicant/trunk/wpa_supplicant.install) Deleted: wpa_supplicant/repos/testing-x86_64/CVE-2019-16275.patch wpa_supplicant/repos/testing-x86_64/PKGBUILD wpa_supplicant/repos/testing-x86_64/config wpa_supplicant/repos/testing-x86_64/roam-properties.patch wpa_supplicant/repos/testing-x86_64/systemd.patch wpa_supplicant/repos/testing-x86_64/tls.patch wpa_supplicant/repos/testing-x86_64/wpa_supplicant.install + CVE-2019-16275.patch | 146 +++--- PKGBUILD | 156 - config | 161 +- roam-properties.patch | 176 +++ systemd.patch | 58 +++ tls.patch | 52 ++--- wpa_supplicant.install | 14 +-- 7 files changed, 381 insertions(+), 382 deletions(-) Deleted: CVE-2019-16275.patch === --- CVE-2019-16275.patch2020-02-22 18:18:09 UTC (rev 376052) +++ CVE-2019-16275.patch2020-02-22 18:18:24 UTC (rev 376053) @@ -1,73 +0,0 @@ -From 8c07fa9eda13e835f3f968b2e1c9a8be3a851ff9 Mon Sep 17 00:00:00 2001 -From: Jouni Malinen -Date: Thu, 29 Aug 2019 11:52:04 +0300 -Subject: [PATCH] AP: Silently ignore management frame from unexpected source - address - -Do not process any received Management frames with unexpected/invalid SA -so that we do not add any state for unexpected STA addresses or end up -sending out frames to unexpected destination. This prevents unexpected -sequences where an unprotected frame might end up causing the AP to send -out a response to another device and that other device processing the -unexpected response. - -In particular, this prevents some potential denial of service cases -where the unexpected response frame from the AP might result in a -connected station dropping its association. - -Signed-off-by: Jouni Malinen - src/ap/drv_callbacks.c | 13 + - src/ap/ieee802_11.c| 12 - 2 files changed, 25 insertions(+) - -diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c -index 31587685fe3b..34ca379edc3d 100644 a/src/ap/drv_callbacks.c -+++ b/src/ap/drv_callbacks.c -@@ -131,6 +131,19 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr, - "hostapd_notif_assoc: Skip event with no address"); - return -1; - } -+ -+ if (is_multicast_ether_addr(addr) || -+ is_zero_ether_addr(addr) || -+ os_memcmp(addr, hapd->own_addr, ETH_ALEN) == 0) { -+ /* Do not process any frames with unexpected/invalid SA so that -+ * we do not add any state for unexpected STA addresses or end -+ * up sending out frames to unexpected destination. */ -+ wpa_printf(MSG_DEBUG, "%s: Invalid SA=" MACSTR -+ " in received indication - ignore this indication silently", -+ __func__, MAC2STR(addr)); -+ return 0; -+ } -+ - random_add_randomness(addr, ETH_ALEN); - - hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211, -diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c -index c85a28db44b7..e7065372e158 100644 a/src/ap/ieee802_11.c -+++ b/src/ap/ieee802_11.c -@@ -4626,6 +4626,18 @@ int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len, - fc = le_to_host16(mgmt->frame_control); - stype = WLAN_FC_GET_STYPE(fc); - -+ if (is_multicast_ether_addr(mgmt->sa) || -+ is_zero_ether_addr(mgmt->sa) || -+ os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) { -+ /* Do not process any frames with unexpected/invalid SA so that -+ * we do not add any state for unexpected STA addresses or end -+ * up sending out frames to unexpected destination. */ -+ wpa_printf(MSG_DEBUG, "MGMT: Invalid SA=" MACSTR -+ " in received frame - ignore this frame silently", -+
[arch-commits] Commit in wpa_supplicant/repos/testing-x86_64 (24 files)
Date: Thursday, January 3, 2019 @ 14:45:27 Author: bpiotrowski Revision: 342902 archrelease: copy trunk to testing-x86_64 Added: wpa_supplicant/repos/testing-x86_64/0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch (from rev 342901, wpa_supplicant/trunk/0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch) wpa_supplicant/repos/testing-x86_64/0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch (from rev 342901, wpa_supplicant/trunk/0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch) wpa_supplicant/repos/testing-x86_64/0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch (from rev 342901, wpa_supplicant/trunk/0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch) wpa_supplicant/repos/testing-x86_64/0004-Prevent-installation-of-an-all-zero-TK.patch (from rev 342901, wpa_supplicant/trunk/0004-Prevent-installation-of-an-all-zero-TK.patch) wpa_supplicant/repos/testing-x86_64/0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch (from rev 342901, wpa_supplicant/trunk/0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch) wpa_supplicant/repos/testing-x86_64/0006-TDLS-Reject-TPK-TK-reconfiguration.patch (from rev 342901, wpa_supplicant/trunk/0006-TDLS-Reject-TPK-TK-reconfiguration.patch) wpa_supplicant/repos/testing-x86_64/0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch (from rev 342901, wpa_supplicant/trunk/0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch) wpa_supplicant/repos/testing-x86_64/0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch (from rev 342901, wpa_supplicant/trunk/0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch) wpa_supplicant/repos/testing-x86_64/0009-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch (from rev 342901, wpa_supplicant/trunk/0009-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch) wpa_supplicant/repos/testing-x86_64/PKGBUILD (from rev 342901, wpa_supplicant/trunk/PKGBUILD) wpa_supplicant/repos/testing-x86_64/config (from rev 342901, wpa_supplicant/trunk/config) wpa_supplicant/repos/testing-x86_64/wpa_supplicant.install (from rev 342901, wpa_supplicant/trunk/wpa_supplicant.install) Deleted: wpa_supplicant/repos/testing-x86_64/0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch wpa_supplicant/repos/testing-x86_64/0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch wpa_supplicant/repos/testing-x86_64/0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch wpa_supplicant/repos/testing-x86_64/0004-Prevent-installation-of-an-all-zero-TK.patch wpa_supplicant/repos/testing-x86_64/0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch wpa_supplicant/repos/testing-x86_64/0006-TDLS-Reject-TPK-TK-reconfiguration.patch wpa_supplicant/repos/testing-x86_64/0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch wpa_supplicant/repos/testing-x86_64/0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch wpa_supplicant/repos/testing-x86_64/0009-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch wpa_supplicant/repos/testing-x86_64/PKGBUILD wpa_supplicant/repos/testing-x86_64/config wpa_supplicant/repos/testing-x86_64/wpa_supplicant.install -+ 0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch | 348 +++--- 0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch | 500 +- 0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch | 368 +++ 0004-Prevent-installation-of-an-all-zero-TK.patch | 158 +-- 0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch| 128 +- 0006-TDLS-Reject-TPK-TK-reconfiguration.patch | 264 ++--- 0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch | 86 - 0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch | 164 +-- 0009-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch | 88 - PKGBUILD| 180 +-- config | 92 - wpa_supplicant.install | 14 12 files changed, 1195 insertions(+), 1195 deletions(-) Deleted: 0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch === --- 0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch 2019-01-03 14:45:03 UTC (rev 342901) +++ 0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch 2019-01-03 14:45:27 UTC (rev 342902) @@ -1,174 +0,0 @@ -From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001 -From: Mathy Vanhoef -Date: Fri, 14 Jul 2017 15:15:35 +0200 -Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake - -Do not reinstall TK to the driver during Reassociation Response frame
[arch-commits] Commit in wpa_supplicant/repos/testing-x86_64 (24 files)
Date: Thursday, January 3, 2019 @ 14:45:03 Author: bpiotrowski Revision: 342901 archrelease: copy trunk to testing-x86_64 Added: wpa_supplicant/repos/testing-x86_64/0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch (from rev 342900, wpa_supplicant/trunk/0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch) wpa_supplicant/repos/testing-x86_64/0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch (from rev 342900, wpa_supplicant/trunk/0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch) wpa_supplicant/repos/testing-x86_64/0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch (from rev 342900, wpa_supplicant/trunk/0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch) wpa_supplicant/repos/testing-x86_64/0004-Prevent-installation-of-an-all-zero-TK.patch (from rev 342900, wpa_supplicant/trunk/0004-Prevent-installation-of-an-all-zero-TK.patch) wpa_supplicant/repos/testing-x86_64/0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch (from rev 342900, wpa_supplicant/trunk/0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch) wpa_supplicant/repos/testing-x86_64/0006-TDLS-Reject-TPK-TK-reconfiguration.patch (from rev 342900, wpa_supplicant/trunk/0006-TDLS-Reject-TPK-TK-reconfiguration.patch) wpa_supplicant/repos/testing-x86_64/0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch (from rev 342900, wpa_supplicant/trunk/0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch) wpa_supplicant/repos/testing-x86_64/0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch (from rev 342900, wpa_supplicant/trunk/0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch) wpa_supplicant/repos/testing-x86_64/0009-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch (from rev 342900, wpa_supplicant/trunk/0009-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch) wpa_supplicant/repos/testing-x86_64/PKGBUILD (from rev 342900, wpa_supplicant/trunk/PKGBUILD) wpa_supplicant/repos/testing-x86_64/config (from rev 342900, wpa_supplicant/trunk/config) wpa_supplicant/repos/testing-x86_64/wpa_supplicant.install (from rev 342900, wpa_supplicant/trunk/wpa_supplicant.install) Deleted: wpa_supplicant/repos/testing-x86_64/0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch wpa_supplicant/repos/testing-x86_64/0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch wpa_supplicant/repos/testing-x86_64/0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch wpa_supplicant/repos/testing-x86_64/0004-Prevent-installation-of-an-all-zero-TK.patch wpa_supplicant/repos/testing-x86_64/0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch wpa_supplicant/repos/testing-x86_64/0006-TDLS-Reject-TPK-TK-reconfiguration.patch wpa_supplicant/repos/testing-x86_64/0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch wpa_supplicant/repos/testing-x86_64/0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch wpa_supplicant/repos/testing-x86_64/0009-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch wpa_supplicant/repos/testing-x86_64/PKGBUILD wpa_supplicant/repos/testing-x86_64/config wpa_supplicant/repos/testing-x86_64/wpa_supplicant.install -+ 0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch | 348 +++--- 0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch | 500 +- 0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch | 368 +++ 0004-Prevent-installation-of-an-all-zero-TK.patch | 158 +-- 0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch| 128 +- 0006-TDLS-Reject-TPK-TK-reconfiguration.patch | 264 ++--- 0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch | 86 - 0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch | 164 +-- 0009-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch | 88 - PKGBUILD| 180 +-- config | 92 - wpa_supplicant.install | 14 12 files changed, 1195 insertions(+), 1195 deletions(-) Deleted: 0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch === --- 0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch 2019-01-03 14:39:54 UTC (rev 342900) +++ 0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch 2019-01-03 14:45:03 UTC (rev 342901) @@ -1,174 +0,0 @@ -From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001 -From: Mathy Vanhoef -Date: Fri, 14 Jul 2017 15:15:35 +0200 -Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake - -Do not reinstall TK to the driver during Reassociation Response frame
[arch-commits] Commit in wpa_supplicant/repos (testing-x86_64)
Date: Monday, March 7, 2011 @ 18:29:13 Author: heftig Revision: 112951 archrelease: copy trunk to testing-x86_64 Added: wpa_supplicant/repos/testing-x86_64/
[arch-commits] Commit in wpa_supplicant/repos (testing-x86_64)
Date: Monday, September 13, 2010 @ 14:09:13 Author: thomas Revision: 90604 archrelease: copy trunk to testing-x86_64 Added: wpa_supplicant/repos/testing-x86_64/
[arch-commits] Commit in wpa_supplicant/repos (testing-x86_64)
Date: Wednesday, March 31, 2010 @ 22:03:40 Author: pierre Revision: 75195 archrelease: copy trunk to testing-x86_64 Added: wpa_supplicant/repos/testing-x86_64/
[arch-commits] Commit in wpa_supplicant/repos (testing-x86_64)
Date: Sunday, January 31, 2010 @ 08:32:09 Author: thomas Revision: 66530 archrelease: new repo testing-x86_64 Added: wpa_supplicant/repos/testing-x86_64/
[arch-commits] Commit in wpa_supplicant/repos (testing-x86_64)
Date: Sunday, January 31, 2010 @ 08:32:15 Author: thomas Revision: 66532 Initialized merge tracking via svnmerge with revisions 1-66529 from svn+ssh://gerolde.archlinux.org/srv/svn-packages/wpa_supplicant/trunk Modified: wpa_supplicant/repos/testing-x86_64/ (properties) Property changes on: wpa_supplicant/repos/testing-x86_64 ___ Added: svnmerge-integrated + /wpa_supplicant/trunk:1-66529