Created attachment 157337 [details] Apply upstream patches from http://w1.fi/security/ for 2015-2, 2015-3, and 2015-4 Apply security patches from the following upstream security advisories: 2015-2 - WPS UPnP vulnerability with HTTP chunked transfer encoding 2015-3 - Integer underflow in AP mode WMM Action frame processing 2015-4 - EAP-pwd missing payload length validation Upstream Source: http://w1.fi/security/ CVEs: CVE-2015-4141 CVE-2015-4142 CVE-2015-4143 CVE-2015-4144 CVE-2015-4145 CVE-2015-4146 Reference: http://openwall.com/lists/oss-security/2015/05/31/6
Created attachment 157338 [details] Poudriere testport build logs from 10.1-RELEASE amd64 Based on the security advisories, the following options were turned on to ensure they got hit at compile time: P2P=on WPS_ER=on PWD=on Also 'testport' build tested on the following releases (info from `poudriere jail -l`) 8.4-RELEASE-p28 amd64 8.4-RELEASE-p28 i386 9.3-RELEASE-p14 amd64 9.3-RELEASE-p14 i386 10.1-RELEASE-p10 amd64 10.1-RELEASE-p10 i386 11.0-CURRENT r282869 amd64 11.0-CURRENT r282869 i386
Created attachment 157339 [details] security/vuxml entry for PR200568 and 200567 John, Attach vuxml entry covers both this PR and PR 200567 for net/hostapd. Same upstream and same advisories so I put it all in the same entry. Change log: - Document CVE-2015-4141, CVE-2015-4142, CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, and CVE-2015-4146 for hostapd and wpa_supplicant Validation Steps: # make validate /bin/sh /usr/ports/security/vuxml/files/tidy.sh "/usr/ports/security/vuxml/files/tidy.xsl" "/usr/ports/security/vuxml/vuln.xml" > "/usr/ports/security/vuxml/vuln.xml.tidy" >>> Validating... /usr/local/bin/xmllint --valid --noout /usr/ports/security/vuxml/vuln.xml >>> Successful. Checking if tidy differs... ... seems okay Checking for space/tab... ... seems okay /usr/local/bin/python2.7 /usr/ports/security/vuxml/files/extra-validation.py /usr/ports/security/vuxml/vuln.xml # env PKG_DBDIR=/usr/ports/security/vuxml pkg audit wpa_supplicant-2.4_2 wpa_supplicant-2.4_2 is vulnerable: hostapd and wpa_supplicant -- multiple vulnerabilities CVE: CVE-2015-4146 CVE: CVE-2015-4145 CVE: CVE-2015-4144 CVE: CVE-2015-4143 CVE: CVE-2015-4142 CVE: CVE-2015-4141 WWW: http://vuxml.FreeBSD.org/freebsd/bbc0db92-084c-11e5-bb90-002590263bf5.html 1 problem(s) in the installed packages found. # env PKG_DBDIR=/usr/ports/security/vuxml pkg audit wpa_supplicant-2.4_3 0 problem(s) in the installed packages found. # env PKG_DBDIR=/usr/ports/security/vuxml pkg audit hostapd-2.4 hostapd-2.4 is vulnerable: hostapd and wpa_supplicant -- multiple vulnerabilities CVE: CVE-2015-4146 CVE: CVE-2015-4145 CVE: CVE-2015-4144 CVE: CVE-2015-4143 CVE: CVE-2015-4142 CVE: CVE-2015-4141 WWW: http://vuxml.FreeBSD.org/freebsd/bbc0db92-084c-11e5-bb90-002590263bf5.html 1 problem(s) in the installed packages found. # env PKG_DBDIR=/usr/ports/security/vuxml pkg audit hostapd-2.4_1 0 problem(s) in the installed packages found.
Given the attached vuxml, change log for the port: - Apply upstream patches for security advisories 2015-2, 2015-3, and 2015-4 PR: 200568 Security: bbc0db92-084c-11e5-bb90-002590263bf5 Security: CVE-2015-4141 Security: CVE-2015-4142 Security: CVE-2015-4143 Security: CVE-2015-4144 Security: CVE-2015-4145 Security: CVE-2015-4146 Submitted by: Jason Unovitch <jason unovitch gmail com> MFH: 2015Q2
A commit references this bug: Author: marino Date: Tue Jun 2 09:35:25 UTC 2015 New revision: 388312 URL: https://svnweb.freebsd.org/changeset/ports/388312 Log: security/wpa_supplicant: Address 3 latest security advisories These are combined upstream patches 2015-2, 2015-3, 2015-4 They address the following security advisories: * CVE-2015-4141 * CVE-2015-4142 * CVE-2015-4143 * CVE-2015-4144 * CVE-2015-4145 * CVE-2015-4146 These advisories also apply to net/hostapd PR: 200568 Submitted by: Jason Unovitch Changes: head/security/wpa_supplicant/Makefile head/security/wpa_supplicant/files/patch-src_ap_wmm.c head/security/wpa_supplicant/files/patch-src_eap__peer_eap__pwd.c head/security/wpa_supplicant/files/patch-src_eap__server_eap__server__pwd.c head/security/wpa_supplicant/files/patch-src_wps_httpread.c
A commit references this bug: Author: marino Date: Tue Jun 2 09:44:26 UTC 2015 New revision: 388313 URL: https://svnweb.freebsd.org/changeset/ports/388313 Log: security/vuxml: multiple vulnerabilities of wpa_supplicant and hostapd Security: CVE-2015-4141 Security: CVE-2015-4142 Security: CVE-2015-4143 Security: CVE-2015-4144 Security: CVE-2015-4145 Security: CVE-2015-4146 PR: 200568 Changes: head/security/vuxml/vuln.xml
excellent work, couldn't have been done better. Thanks!
(In reply to John Marino from comment #6) Thanks John! Only followup that comes to mind... Play catch up with an MFH to 2012Q2 for r384705 and r384729 for the earlier wpa_supplicant CVE along with the recent r388312 for wpa_supplicant and r388314 for hostapd.