Bug 212779 - [PATCH] net/hostapd: Update to 2.5
Summary: [PATCH] net/hostapd: Update to 2.5
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Guido Falsi
URL:
Keywords: patch
Depends on:
Blocks:
 
Reported: 2016-09-17 22:35 UTC by leres
Modified: 2016-09-23 18:21 UTC (History)
1 user (show)

See Also:


Attachments
patch (1.80 KB, text/plain)
2016-09-17 22:35 UTC, leres
leres: maintainer-approval+
Details
poudriere build log (10.3-RELEASE) (15.76 KB, text/plain)
2016-09-17 22:36 UTC, leres
leres: maintainer-approval+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description leres 2016-09-17 22:35:02 UTC
Created attachment 174892 [details]
patch

Update to 2.5. Upstream changes:

    - fixed WPS UPnP vulnerability with HTTP chunked transfer encoding
      [http://w1.fi/security/2015-2/] (CVE-2015-4141)
    - fixed WMM Action frame parser
      [http://w1.fi/security/2015-3/] (CVE-2015-4142)
    - fixed EAP-pwd server missing payload length validation
      [http://w1.fi/security/2015-4/]
      (CVE-2015-4143, CVE-2015-4144, CVE-2015-4145)
    - fixed validation of WPS and P2P NFC NDEF record payload length
      [http://w1.fi/security/2015-5/]

Important: Please delete these obsolete patch files:

    files/patch-src_ap_wmm.c
    files/patch-src_drivers_driver__bsd.c
    files/patch-src_eap__peer_eap__pwd.c
    files/patch-src_eap__server_eap__server__pwd.c
    files/patch-src_wps_httpread.c
Comment 1 leres 2016-09-17 22:36:16 UTC
Created attachment 174893 [details]
poudriere build log (10.3-RELEASE)
Comment 2 Guido Falsi freebsd_committer 2016-09-20 10:10:52 UTC
Hi,

You patch works fine, but since it fixes security vulnerabilities you should also update the vuxml file.

Documentation about this can be found here:

https://www.freebsd.org/doc/en_US.ISO8859-1/books/porters-handbook/security-notify.html

Are you able to attach a further patch for the vuxml file I can review and commit together with these fixes?

If not I will do that but I will need some more time.

Thanks!
Comment 3 Guido Falsi freebsd_committer 2016-09-23 18:10:42 UTC
Now had time to look at vuxml and found out the entries are already there, so I'm committing this soon.

Sorry for the delay!
Comment 4 commit-hook freebsd_committer 2016-09-23 18:20:37 UTC
A commit references this bug:

Author: madpilot
Date: Fri Sep 23 18:20:11 UTC 2016
New revision: 422688
URL: https://svnweb.freebsd.org/changeset/ports/422688

Log:
  Update to 2.5

  PR:		212779
  Submitted by:	leres at ee.lbl.gov (maintainer)

Changes:
  head/net/hostapd/Makefile
  head/net/hostapd/distinfo
  head/net/hostapd/files/patch-src_ap_wmm.c
  head/net/hostapd/files/patch-src_drivers_driver__bsd.c
  head/net/hostapd/files/patch-src_eap__peer_eap__pwd.c
  head/net/hostapd/files/patch-src_eap__server_eap__server__pwd.c
  head/net/hostapd/files/patch-src_utils_os.h
  head/net/hostapd/files/patch-src_utils_os__unix.c
  head/net/hostapd/files/patch-src_wps_httpread.c
Comment 5 Guido Falsi freebsd_committer 2016-09-23 18:21:07 UTC
Committed. Thanks!