Bug 217907

Summary: [PATCH] net/hostapd: Update to 2.6, fixes multiple vulnerabilities
Product: Ports & Packages Reporter: Craig Leres <leres>
Component: Individual Port(s)Assignee: Kirill Ponomarev <krion>
Status: Closed FIXED    
Severity: Affects Only Me CC: krion
Priority: --- Keywords: patch
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
pach
leres: maintainer-approval+
poudriere build log none

Description Craig Leres freebsd_committer 2017-03-19 01:25:16 UTC
Update to 2.6. Security vulnerabilities fixed:

    - fixed EAP-pwd last fragment validation
      [http://w1.fi/security/2015-7/] (CVE-2015-5314)

    - fixed WPS configuration update vulnerability with malformed passphrase
      [http://w1.fi/security/2016-1/] (CVE-2016-4476)

Detailed changes can be found here:

    https://w1.fi/cgit/hostap/plain/hostapd/ChangeLog

Important: Please delete this obsolete patch file:

    files/patch-src_crypto_tls__openssl.c
Comment 1 Craig Leres freebsd_committer 2017-03-19 01:25:48 UTC
Created attachment 180950 [details]
pach
Comment 2 Craig Leres freebsd_committer 2017-03-19 01:26:06 UTC
Created attachment 180951 [details]
poudriere build log
Comment 3 commit-hook freebsd_committer 2017-03-21 17:50:55 UTC
A commit references this bug:

Author: krion
Date: Tue Mar 21 17:50:36 UTC 2017
New revision: 436625
URL: https://svnweb.freebsd.org/changeset/ports/436625

Log:
  Update net/hostapd to 2.6 and fix multiple vulnerabilities

  PR:		217907
  Submitted by:	maintainer
  Approved by:	mat (mentor)
  Differential Revision: https://reviews.freebsd.org/D10051

Changes:
  head/net/hostapd/Makefile
  head/net/hostapd/distinfo
  head/net/hostapd/files/patch-src-l2_packet-l2_packet_freebsd.c
  head/net/hostapd/files/patch-src_crypto_tls__openssl.c
Comment 4 commit-hook freebsd_committer 2017-03-22 06:52:54 UTC
A commit references this bug:

Author: krion
Date: Wed Mar 22 06:52:30 UTC 2017
New revision: 436678
URL: https://svnweb.freebsd.org/changeset/ports/436678

Log:
  MFH: r436625

  Update net/hostapd to 2.6 and fix multiple vulnerabilities

  PR:		217907
  Submitted by:	maintainer
  Approved by:	mat (mentor)
  Differential Revision: https://reviews.freebsd.org/D10051

  Approved by:	ports-secteam

Changes:
_U  branches/2017Q1/
  branches/2017Q1/net/hostapd/Makefile
  branches/2017Q1/net/hostapd/distinfo
  branches/2017Q1/net/hostapd/files/patch-src-l2_packet-l2_packet_freebsd.c
  branches/2017Q1/net/hostapd/files/patch-src_crypto_tls__openssl.c