[arch-commits] Commit in wpa_supplicant/repos (13 files)
Date: Thursday, January 10, 2019 @ 15:25:22
Author: foutrelis
Revision: 343489
archrelease: copy trunk to staging-x86_64
Added:
wpa_supplicant/repos/staging-x86_64/
wpa_supplicant/repos/staging-x86_64/0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
(from rev 343488,
wpa_supplicant/trunk/0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch)
wpa_supplicant/repos/staging-x86_64/0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
(from rev 343488,
wpa_supplicant/trunk/0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch)
wpa_supplicant/repos/staging-x86_64/0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
(from rev 343488,
wpa_supplicant/trunk/0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch)
wpa_supplicant/repos/staging-x86_64/0004-Prevent-installation-of-an-all-zero-TK.patch
(from rev 343488,
wpa_supplicant/trunk/0004-Prevent-installation-of-an-all-zero-TK.patch)
wpa_supplicant/repos/staging-x86_64/0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
(from rev 343488,
wpa_supplicant/trunk/0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch)
wpa_supplicant/repos/staging-x86_64/0006-TDLS-Reject-TPK-TK-reconfiguration.patch
(from rev 343488,
wpa_supplicant/trunk/0006-TDLS-Reject-TPK-TK-reconfiguration.patch)
wpa_supplicant/repos/staging-x86_64/0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
(from rev 343488,
wpa_supplicant/trunk/0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch)
wpa_supplicant/repos/staging-x86_64/0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
(from rev 343488,
wpa_supplicant/trunk/0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch)
wpa_supplicant/repos/staging-x86_64/0009-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch
(from rev 343488,
wpa_supplicant/trunk/0009-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch)
wpa_supplicant/repos/staging-x86_64/PKGBUILD
(from rev 343488, wpa_supplicant/trunk/PKGBUILD)
wpa_supplicant/repos/staging-x86_64/config
(from rev 343488, wpa_supplicant/trunk/config)
wpa_supplicant/repos/staging-x86_64/wpa_supplicant.install
(from rev 343488, wpa_supplicant/trunk/wpa_supplicant.install)
-+
0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch | 174 ++
0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch | 250
++
0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch | 184 +++
0004-Prevent-installation-of-an-all-zero-TK.patch | 79 +++
0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch| 64 ++
0006-TDLS-Reject-TPK-TK-reconfiguration.patch | 132 +
0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch | 43 +
0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch | 82 +++
0009-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch | 44 +
PKGBUILD| 90 +++
config | 46 +
wpa_supplicant.install |7
12 files changed, 1195 insertions(+)
Copied:
wpa_supplicant/repos/staging-x86_64/0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
(from rev 343488,
wpa_supplicant/trunk/0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch)
===
--- staging-x86_64/0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
(rev 0)
+++ staging-x86_64/0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
2019-01-10 15:25:22 UTC (rev 343489)
@@ -0,0 +1,174 @@
+From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001
+From: Mathy Vanhoef
+Date: Fri, 14 Jul 2017 15:15:35 +0200
+Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake
+
+Do not reinstall TK to the driver during Reassociation Response frame
+processing if the first attempt of setting the TK succeeded. This avoids
+issues related to clearing the TX/RX PN that could result in reusing
+same PN values for transmitted frames (e.g., due to CCM nonce reuse and
+also hitting replay protection on the receiver) and accepting replayed
+frames on RX side.
+
+This issue was introduced by the commit
+0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in
+authenticator') which allowed wpa_ft_install_ptk() to be called multiple
+times with the same PTK. While the second configuration attempt is
+needed with some drivers, it must be done only if the first attempt
+failed.
+
+Signed-off-by: Mathy Vanhoef
+---
+ src/ap/ieee802_11.c | 16 +---
+ src/ap/wpa_auth.c| 11 +++
+ src/ap/wpa_auth.h| 3 ++-
+ src/ap/wpa_auth_ft.c | 10 ++
+
[arch-commits] Commit in wpa_supplicant/repos (13 files)
Date: Thursday, January 3, 2019 @ 14:39:54
Author: bpiotrowski
Revision: 342900
archrelease: copy trunk to testing-x86_64
Added:
wpa_supplicant/repos/testing-x86_64/
wpa_supplicant/repos/testing-x86_64/0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
(from rev 342899,
wpa_supplicant/trunk/0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch)
wpa_supplicant/repos/testing-x86_64/0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
(from rev 342899,
wpa_supplicant/trunk/0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch)
wpa_supplicant/repos/testing-x86_64/0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
(from rev 342899,
wpa_supplicant/trunk/0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch)
wpa_supplicant/repos/testing-x86_64/0004-Prevent-installation-of-an-all-zero-TK.patch
(from rev 342899,
wpa_supplicant/trunk/0004-Prevent-installation-of-an-all-zero-TK.patch)
wpa_supplicant/repos/testing-x86_64/0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
(from rev 342899,
wpa_supplicant/trunk/0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch)
wpa_supplicant/repos/testing-x86_64/0006-TDLS-Reject-TPK-TK-reconfiguration.patch
(from rev 342899,
wpa_supplicant/trunk/0006-TDLS-Reject-TPK-TK-reconfiguration.patch)
wpa_supplicant/repos/testing-x86_64/0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
(from rev 342899,
wpa_supplicant/trunk/0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch)
wpa_supplicant/repos/testing-x86_64/0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
(from rev 342899,
wpa_supplicant/trunk/0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch)
wpa_supplicant/repos/testing-x86_64/0009-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch
(from rev 342899,
wpa_supplicant/trunk/0009-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch)
wpa_supplicant/repos/testing-x86_64/PKGBUILD
(from rev 342899, wpa_supplicant/trunk/PKGBUILD)
wpa_supplicant/repos/testing-x86_64/config
(from rev 342899, wpa_supplicant/trunk/config)
wpa_supplicant/repos/testing-x86_64/wpa_supplicant.install
(from rev 342899, wpa_supplicant/trunk/wpa_supplicant.install)
-+
0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch | 174 ++
0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch | 250
++
0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch | 184 +++
0004-Prevent-installation-of-an-all-zero-TK.patch | 79 +++
0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch| 64 ++
0006-TDLS-Reject-TPK-TK-reconfiguration.patch | 132 +
0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch | 43 +
0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch | 82 +++
0009-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch | 44 +
PKGBUILD| 90 +++
config | 46 +
wpa_supplicant.install |7
12 files changed, 1195 insertions(+)
Copied:
wpa_supplicant/repos/testing-x86_64/0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
(from rev 342899,
wpa_supplicant/trunk/0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch)
===
--- testing-x86_64/0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
(rev 0)
+++ testing-x86_64/0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
2019-01-03 14:39:54 UTC (rev 342900)
@@ -0,0 +1,174 @@
+From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001
+From: Mathy Vanhoef
+Date: Fri, 14 Jul 2017 15:15:35 +0200
+Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake
+
+Do not reinstall TK to the driver during Reassociation Response frame
+processing if the first attempt of setting the TK succeeded. This avoids
+issues related to clearing the TX/RX PN that could result in reusing
+same PN values for transmitted frames (e.g., due to CCM nonce reuse and
+also hitting replay protection on the receiver) and accepting replayed
+frames on RX side.
+
+This issue was introduced by the commit
+0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in
+authenticator') which allowed wpa_ft_install_ptk() to be called multiple
+times with the same PTK. While the second configuration attempt is
+needed with some drivers, it must be done only if the first attempt
+failed.
+
+Signed-off-by: Mathy Vanhoef
+---
+ src/ap/ieee802_11.c | 16 +---
+ src/ap/wpa_auth.c| 11 +++
+ src/ap/wpa_auth.h| 3 ++-
+ src/ap/wpa_auth_ft.c | 10 ++
+
[arch-commits] Commit in wpa_supplicant/repos (13 files)
Date: Friday, August 10, 2018 @ 14:22:45
Author: bpiotrowski
Revision: 331338
archrelease: copy trunk to testing-x86_64
Added:
wpa_supplicant/repos/testing-x86_64/
wpa_supplicant/repos/testing-x86_64/0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
(from rev 331337,
wpa_supplicant/trunk/0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch)
wpa_supplicant/repos/testing-x86_64/0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
(from rev 331337,
wpa_supplicant/trunk/0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch)
wpa_supplicant/repos/testing-x86_64/0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
(from rev 331337,
wpa_supplicant/trunk/0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch)
wpa_supplicant/repos/testing-x86_64/0004-Prevent-installation-of-an-all-zero-TK.patch
(from rev 331337,
wpa_supplicant/trunk/0004-Prevent-installation-of-an-all-zero-TK.patch)
wpa_supplicant/repos/testing-x86_64/0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
(from rev 331337,
wpa_supplicant/trunk/0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch)
wpa_supplicant/repos/testing-x86_64/0006-TDLS-Reject-TPK-TK-reconfiguration.patch
(from rev 331337,
wpa_supplicant/trunk/0006-TDLS-Reject-TPK-TK-reconfiguration.patch)
wpa_supplicant/repos/testing-x86_64/0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
(from rev 331337,
wpa_supplicant/trunk/0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch)
wpa_supplicant/repos/testing-x86_64/0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
(from rev 331337,
wpa_supplicant/trunk/0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch)
wpa_supplicant/repos/testing-x86_64/0009-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch
(from rev 331337,
wpa_supplicant/trunk/0009-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch)
wpa_supplicant/repos/testing-x86_64/PKGBUILD
(from rev 331337, wpa_supplicant/trunk/PKGBUILD)
wpa_supplicant/repos/testing-x86_64/config
(from rev 331337, wpa_supplicant/trunk/config)
wpa_supplicant/repos/testing-x86_64/wpa_supplicant.install
(from rev 331337, wpa_supplicant/trunk/wpa_supplicant.install)
-+
0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch | 174 ++
0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch | 250
++
0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch | 184 +++
0004-Prevent-installation-of-an-all-zero-TK.patch | 79 +++
0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch| 64 ++
0006-TDLS-Reject-TPK-TK-reconfiguration.patch | 132 +
0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch | 43 +
0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch | 82 +++
0009-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch | 44 +
PKGBUILD| 91 +++
config | 46 +
wpa_supplicant.install |7
12 files changed, 1196 insertions(+)
Copied:
wpa_supplicant/repos/testing-x86_64/0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
(from rev 331337,
wpa_supplicant/trunk/0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch)
===
--- testing-x86_64/0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
(rev 0)
+++ testing-x86_64/0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
2018-08-10 14:22:45 UTC (rev 331338)
@@ -0,0 +1,174 @@
+From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001
+From: Mathy Vanhoef
+Date: Fri, 14 Jul 2017 15:15:35 +0200
+Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake
+
+Do not reinstall TK to the driver during Reassociation Response frame
+processing if the first attempt of setting the TK succeeded. This avoids
+issues related to clearing the TX/RX PN that could result in reusing
+same PN values for transmitted frames (e.g., due to CCM nonce reuse and
+also hitting replay protection on the receiver) and accepting replayed
+frames on RX side.
+
+This issue was introduced by the commit
+0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in
+authenticator') which allowed wpa_ft_install_ptk() to be called multiple
+times with the same PTK. While the second configuration attempt is
+needed with some drivers, it must be done only if the first attempt
+failed.
+
+Signed-off-by: Mathy Vanhoef
+---
+ src/ap/ieee802_11.c | 16 +---
+ src/ap/wpa_auth.c| 11 +++
+ src/ap/wpa_auth.h| 3 ++-
+ src/ap/wpa_auth_ft.c | 10 ++
+ src/ap/wpa_auth_i.h
