notbugAs an Amazon Associate I earn from qualifying purchases.
Want a good read? Try FreeBSD Mastery: Jails (IT Mastery Book 15)
Ukraine
non port: security/wpa_supplicant/distinfo
SVNWeb

Number of commits found: 16

Mon, 17 Jan 2022
[ 17:00 Cy Schubert (cy) search for other commits by this committer ]    commit hash:d3564c5610c4d94d97971a6b7e45a7c3e45454ee  d3564c5 
security/wpa_supplicant: Update to 2.10

The long awaited hostapd 2.10 is finally here.
Wed, 17 Mar 2021
[ 02:32 cy search for other commits by this committer ] Original commit   Revision:568629
security/wpa_supplicant: fix for P2P provision vulnerability

Latest version available from: https://w1.fi/security/2021-1/

Vulnerability

A vulnerability was discovered in how wpa_supplicant processes P2P
(Wi-Fi Direct) provision discovery requests. Under a corner case
condition, an invalid Provision Discovery Request frame could end up
reaching a state where the oldest peer entry needs to be removed. With
a suitably constructed invalid frame, this could result in use
(read+write) of freed memory. This can result in an attacker within
radio range of the device running P2P discovery being able to cause
unexpected behavior, including termination of the wpa_supplicant process
and potentially code execution.
(Only the first 15 lines of the commit message are shown above View all of this commit message)
Tue, 9 Jun 2020
[ 05:48 cy search for other commits by this committer ] Original commit   Revision:538281
UPnP SUBSCRIBE misbehavior in hostapd WPS AP

As published by our hostapd  upstream

Vulnerability

General security vulnerability in the way the callback URLs in the UPnP
SUBSCRIBE command are used were reported (VU#339275, CVE-2020-12695).
Some of the described issues may be applicable to the use of UPnP in WPS
AP mode functionality for supporting external registrars.

Such issues could allow a device connected to the local network (i.e., a
device that has been authorized to transmit packets in the network in
which the AP is located) could trigger the AP to initiate a HTTP
(TCP/IP) connection to an arbitrary URL, including connections to
(Only the first 15 lines of the commit message are shown above View all of this commit message)
Thu, 22 Aug 2019
[ 03:33 cy search for other commits by this committer ] Original commit   Revision:509576
Update 2.8 --> 2.9
Mon, 22 Apr 2019
[ 15:56 cy search for other commits by this committer ] Original commit   Revision:499654
Update wpa_supplicant/hostapd 2.7 --> 2.8
Thu, 6 Dec 2018
[ 20:11 cy search for other commits by this committer ] Original commit   Revision:486779
Update 2.6 --> 2.7
Tue, 14 Aug 2018
[ 20:21 cy search for other commits by this committer ] Original commit   Revision:477202
WPA: Ignore unauthenticated encrypted EAPOL-Key data

Ignore unauthenticated encrypted EAPOL-Key data in supplicant
processing. When using WPA2, these are frames that have the Encrypted
flag set, but not the MIC flag.

When using WPA2, EAPOL-Key frames that had the Encrypted flag set but
not the MIC flag, had their data field decrypted without first verifying
the MIC. In case the data field was encrypted using RC4 (i.e., when
negotiating TKIP as the pairwise cipher), this meant that
unauthenticated but decrypted data would then be processed. An adversary
could abuse this as a decryption oracle to recover sensitive information
in the data field of EAPOL-Key messages (e.g., the group key).
(CVE-2018-14526)

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>

Security:	CVE-2018-14526
Security:	VuXML: 6bedc863-9fbe-11e8-945f-206a8a720317
Mon, 16 Oct 2017
[ 20:08 cy search for other commits by this committer ] Original commit   Revision:452250
Add patch set 2017-1

A vulnerability was found in how a number of implementations can be
triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by
replaying a specific frame that is used to manage the keys. Such
reinstallation of the encryption key can result in two different types
of vulnerabilities: disabling replay protection and significantly
reducing the security of encryption to the point of allowing frames to
be decrypted or some parts of the keys to be determined by an attacker
depending on which cipher is used.

Security:	https://w1.fi/security/2017-1/ \
		wpa-packet-number-reuse-with-replayed-messages.txt
Security:	https://www.krackattacks.com/
MFH:		2017Q4
Thu, 17 Nov 2016
[ 17:43 jrm search for other commits by this committer ] Original commit   Revision:426292 (Only the first 10 of 15 ports in this commit are shown above. View all ports for this commit)
security/wpa_supplicant: Update to version 2.6 and patch for LibreSSL support

Port changes:
- Remove patches that have been incorporated upstream
- Add patches for LibreSSL support

Approved by:	AMDmi3 (mentor)
Differential Revision:	https://reviews.freebsd.org/D8451
Sun, 11 Oct 2015
[ 22:52 marino search for other commits by this committer ] Original commit   Revision:399108
security/wpa_supplicant: Upgrade version 2.4 => 2.5
Mon, 16 Mar 2015
[ 20:45 marino search for other commits by this committer ] Original commit   Revision:381444 (Only the first 10 of 14 ports in this commit are shown above. View all ports for this commit)
security/wpa_supplicant: Upgrade version 2.3 => 2.4

See http://w1.fi/cgit/hostap/plain/wpa_supplicant/ChangeLog for list
of changes since version 2.3.
Sun, 12 Oct 2014
[ 21:20 marino search for other commits by this committer ] Original commit   Revision:370742 (Only the first 10 of 22 ports in this commit are shown above. View all ports for this commit)
Revive security/wpa_supplicant after 6.5 years => version 2.3

This port was retired at version 0.3.8 because wpa_supplicant is
part of FreeBSD base.  However, the last few releases have had a period
of only a few months, so the base is always going to be behind.  DragonFly
is also affected, so I'm bringing the port back at the latest version.

It features the same patches as FreeBSD including the conversion to use
libutil's pidfile routines.  There are some additional patches for
DragonFly support and to fix some bugs from the 9 Oct 2014 release.

The WPA Supplicant build system has been converted to ports options, and
there are dozens of them.  I've set the defaults to match the
configuration in base and verified that it builds with all options
selected at once.
Fri, 25 Apr 2008
[ 23:21 pav search for other commits by this committer ] Original commit 
- Remove, it's ancient and newer version is included in base of all supported
  releases

Suggested by:   sam
Fri, 11 Nov 2005
[ 19:03 brooks search for other commits by this committer ] Original commit  (Only the first 10 of 16 ports in this commit are shown above. View all ports for this commit)
add SHA256
Wed, 16 Feb 2005
[ 07:03 brooks search for other commits by this committer ] Original commit 
- Update to 0.3.8.  See ChangeLog for details.
- Install sample config file in etc/wpa_supplication.conf.sample instead
  of DOCSDIR.
- Obey PREFIX.
- Follow move of binaries from bin to sbin.

Committed from a laptop running this version against an AP with WPA-PSK
and AES encription.

Submitted by:   Yamamoto Shigeru <shigeru at iij dot ad dot jp>
PR:             75609 (by Rong-En Fan <rafan at infor dot org>)
Sun, 12 Dec 2004
[ 22:23 imp search for other commits by this committer ] Original commit 
WPA supplicant daemon for 802.11 networks.

Submitted by: sam

Number of commits found: 16