Bug 212779 - [PATCH] net/hostapd: Update to 2.5
Summary: [PATCH] net/hostapd: Update to 2.5
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Guido Falsi
URL:
Keywords: patch
Depends on:
Blocks:
 
Reported: 2016-09-17 22:35 UTC by Craig Leres
Modified: 2016-09-23 18:21 UTC (History)
1 user (show)

See Also:

Attachments
patch (1.80 KB, text/plain)
2016-09-17 22:35 UTC, Craig Leres 		leres: maintainer-approval+
Details
poudriere build log (10.3-RELEASE) (15.76 KB, text/plain)
2016-09-17 22:36 UTC, Craig Leres 		leres: maintainer-approval+
Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Craig Leres freebsd_committer freebsd_triage 2016-09-17 22:35:02 UTC 
Created attachment 174892 [details]
patch

Update to 2.5. Upstream changes:

    - fixed WPS UPnP vulnerability with HTTP chunked transfer encoding
      [http://w1.fi/security/2015-2/] (CVE-2015-4141)
    - fixed WMM Action frame parser
      [http://w1.fi/security/2015-3/] (CVE-2015-4142)
    - fixed EAP-pwd server missing payload length validation
      [http://w1.fi/security/2015-4/]
      (CVE-2015-4143, CVE-2015-4144, CVE-2015-4145)
    - fixed validation of WPS and P2P NFC NDEF record payload length
      [http://w1.fi/security/2015-5/]

Important: Please delete these obsolete patch files:

    files/patch-src_ap_wmm.c
    files/patch-src_drivers_driver__bsd.c
    files/patch-src_eap__peer_eap__pwd.c
    files/patch-src_eap__server_eap__server__pwd.c
    files/patch-src_wps_httpread.c
Comment 1 Craig Leres freebsd_committer freebsd_triage 2016-09-17 22:36:16 UTC 
Created attachment 174893 [details]
poudriere build log (10.3-RELEASE)
Comment 2 Guido Falsi freebsd_committer freebsd_triage 2016-09-20 10:10:52 UTC 
Hi,

You patch works fine, but since it fixes security vulnerabilities you should also update the vuxml file.

Documentation about this can be found here:

https://www.freebsd.org/doc/en_US.ISO8859-1/books/porters-handbook/security-notify.html

Are you able to attach a further patch for the vuxml file I can review and commit together with these fixes?

If not I will do that but I will need some more time.

Thanks!
Comment 3 Guido Falsi freebsd_committer freebsd_triage 2016-09-23 18:10:42 UTC 
Now had time to look at vuxml and found out the entries are already there, so I'm committing this soon.

Sorry for the delay!
Comment 4 commit-hook freebsd_committer freebsd_triage 2016-09-23 18:20:37 UTC 
A commit references this bug:

Author: madpilot
Date: Fri Sep 23 18:20:11 UTC 2016
New revision: 422688
URL: https://svnweb.freebsd.org/changeset/ports/422688

Log:
  Update to 2.5

  PR:		212779
  Submitted by:	leres at ee.lbl.gov (maintainer)

Changes:
  head/net/hostapd/Makefile
  head/net/hostapd/distinfo
  head/net/hostapd/files/patch-src_ap_wmm.c
  head/net/hostapd/files/patch-src_drivers_driver__bsd.c
  head/net/hostapd/files/patch-src_eap__peer_eap__pwd.c
  head/net/hostapd/files/patch-src_eap__server_eap__server__pwd.c
  head/net/hostapd/files/patch-src_utils_os.h
  head/net/hostapd/files/patch-src_utils_os__unix.c
  head/net/hostapd/files/patch-src_wps_httpread.c
Comment 5 Guido Falsi freebsd_committer freebsd_triage 2016-09-23 18:21:07 UTC 
Committed. Thanks!