217907 – [PATCH] net/hostapd: Update to 2.6, fixes multiple vulnerabilities

Bug 217907 - [PATCH] net/hostapd: Update to 2.6, fixes multiple vulnerabilities

Summary: [PATCH] net/hostapd: Update to 2.6, fixes multiple vulnerabilities

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	Kirill Ponomarev

URL:
Keywords:	patch

Depends on:
Blocks:

Reported:	2017-03-19 01:25 UTC by Craig Leres
Modified:	2017-03-22 06:52 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
pach (759 bytes, patch) 2017-03-19 01:25 UTC, Craig Leres	leres: maintainer-approval+	Details \| Diff
poudriere build log (12.92 KB, text/plain) 2017-03-19 01:26 UTC, Craig Leres	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Craig Leres freebsd_committer

2017-03-19 01:25:16 UTC

Update to 2.6. Security vulnerabilities fixed:

    - fixed EAP-pwd last fragment validation
      [http://w1.fi/security/2015-7/] (CVE-2015-5314)

    - fixed WPS configuration update vulnerability with malformed passphrase
      [http://w1.fi/security/2016-1/] (CVE-2016-4476)

Detailed changes can be found here:

    https://w1.fi/cgit/hostap/plain/hostapd/ChangeLog

Important: Please delete this obsolete patch file:

    files/patch-src_crypto_tls__openssl.c

Comment 1 Craig Leres freebsd_committer

2017-03-19 01:25:48 UTC

Created attachment 180950 [details]
pach

Comment 2 Craig Leres freebsd_committer

2017-03-19 01:26:06 UTC

Created attachment 180951 [details]
poudriere build log

Comment 3 commit-hook freebsd_committer

2017-03-21 17:50:55 UTC

A commit references this bug:

Author: krion
Date: Tue Mar 21 17:50:36 UTC 2017
New revision: 436625
URL: https://svnweb.freebsd.org/changeset/ports/436625

Log:
  Update net/hostapd to 2.6 and fix multiple vulnerabilities

  PR:		217907
  Submitted by:	maintainer
  Approved by:	mat (mentor)
  Differential Revision: https://reviews.freebsd.org/D10051

Changes:
  head/net/hostapd/Makefile
  head/net/hostapd/distinfo
  head/net/hostapd/files/patch-src-l2_packet-l2_packet_freebsd.c
  head/net/hostapd/files/patch-src_crypto_tls__openssl.c

Comment 4 commit-hook freebsd_committer

2017-03-22 06:52:54 UTC

A commit references this bug:

Author: krion
Date: Wed Mar 22 06:52:30 UTC 2017
New revision: 436678
URL: https://svnweb.freebsd.org/changeset/ports/436678

Log:
  MFH: r436625

  Update net/hostapd to 2.6 and fix multiple vulnerabilities

  PR:		217907
  Submitted by:	maintainer
  Approved by:	mat (mentor)
  Differential Revision: https://reviews.freebsd.org/D10051

  Approved by:	ports-secteam

Changes:
_U  branches/2017Q1/
  branches/2017Q1/net/hostapd/Makefile
  branches/2017Q1/net/hostapd/distinfo
  branches/2017Q1/net/hostapd/files/patch-src-l2_packet-l2_packet_freebsd.c
  branches/2017Q1/net/hostapd/files/patch-src_crypto_tls__openssl.c