Bug 212779

Summary: [PATCH] net/hostapd: Update to 2.5
Product: Ports & Packages Reporter: Craig Leres <leres>
Component: Individual Port(s)Assignee: Guido Falsi <madpilot>
Status: Closed FIXED    
Severity: Affects Only Me CC: madpilot
Priority: --- Keywords: patch
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
patch
leres: maintainer-approval+
poudriere build log (10.3-RELEASE) leres: maintainer-approval+

Description Craig Leres freebsd_committer 2016-09-17 22:35:02 UTC
Created attachment 174892 [details]
patch

Update to 2.5. Upstream changes:

    - fixed WPS UPnP vulnerability with HTTP chunked transfer encoding
      [http://w1.fi/security/2015-2/] (CVE-2015-4141)
    - fixed WMM Action frame parser
      [http://w1.fi/security/2015-3/] (CVE-2015-4142)
    - fixed EAP-pwd server missing payload length validation
      [http://w1.fi/security/2015-4/]
      (CVE-2015-4143, CVE-2015-4144, CVE-2015-4145)
    - fixed validation of WPS and P2P NFC NDEF record payload length
      [http://w1.fi/security/2015-5/]

Important: Please delete these obsolete patch files:

    files/patch-src_ap_wmm.c
    files/patch-src_drivers_driver__bsd.c
    files/patch-src_eap__peer_eap__pwd.c
    files/patch-src_eap__server_eap__server__pwd.c
    files/patch-src_wps_httpread.c
Comment 1 Craig Leres freebsd_committer 2016-09-17 22:36:16 UTC
Created attachment 174893 [details]
poudriere build log (10.3-RELEASE)
Comment 2 Guido Falsi freebsd_committer 2016-09-20 10:10:52 UTC
Hi,

You patch works fine, but since it fixes security vulnerabilities you should also update the vuxml file.

Documentation about this can be found here:

https://www.freebsd.org/doc/en_US.ISO8859-1/books/porters-handbook/security-notify.html

Are you able to attach a further patch for the vuxml file I can review and commit together with these fixes?

If not I will do that but I will need some more time.

Thanks!
Comment 3 Guido Falsi freebsd_committer 2016-09-23 18:10:42 UTC
Now had time to look at vuxml and found out the entries are already there, so I'm committing this soon.

Sorry for the delay!
Comment 4 commit-hook freebsd_committer 2016-09-23 18:20:37 UTC
A commit references this bug:

Author: madpilot
Date: Fri Sep 23 18:20:11 UTC 2016
New revision: 422688
URL: https://svnweb.freebsd.org/changeset/ports/422688

Log:
  Update to 2.5

  PR:		212779
  Submitted by:	leres at ee.lbl.gov (maintainer)

Changes:
  head/net/hostapd/Makefile
  head/net/hostapd/distinfo
  head/net/hostapd/files/patch-src_ap_wmm.c
  head/net/hostapd/files/patch-src_drivers_driver__bsd.c
  head/net/hostapd/files/patch-src_eap__peer_eap__pwd.c
  head/net/hostapd/files/patch-src_eap__server_eap__server__pwd.c
  head/net/hostapd/files/patch-src_utils_os.h
  head/net/hostapd/files/patch-src_utils_os__unix.c
  head/net/hostapd/files/patch-src_wps_httpread.c
Comment 5 Guido Falsi freebsd_committer 2016-09-23 18:21:07 UTC
Committed. Thanks!