Bug 217907 - [PATCH] net/hostapd: Update to 2.6, fixes multiple vulnerabilities
Summary: [PATCH] net/hostapd: Update to 2.6, fixes multiple vulnerabilities
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Kirill Ponomarev
URL:
Keywords: patch
Depends on:
Blocks:
 
Reported: 2017-03-19 01:25 UTC by leres
Modified: 2017-03-22 06:52 UTC (History)
1 user (show)

See Also:


Attachments
pach (759 bytes, patch)
2017-03-19 01:25 UTC, leres
leres: maintainer-approval+
Details | Diff
poudriere build log (12.92 KB, text/plain)
2017-03-19 01:26 UTC, leres
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description leres 2017-03-19 01:25:16 UTC
Update to 2.6. Security vulnerabilities fixed:

    - fixed EAP-pwd last fragment validation
      [http://w1.fi/security/2015-7/] (CVE-2015-5314)

    - fixed WPS configuration update vulnerability with malformed passphrase
      [http://w1.fi/security/2016-1/] (CVE-2016-4476)

Detailed changes can be found here:

    https://w1.fi/cgit/hostap/plain/hostapd/ChangeLog

Important: Please delete this obsolete patch file:

    files/patch-src_crypto_tls__openssl.c
Comment 1 leres 2017-03-19 01:25:48 UTC
Created attachment 180950 [details]
pach
Comment 2 leres 2017-03-19 01:26:06 UTC
Created attachment 180951 [details]
poudriere build log
Comment 3 commit-hook freebsd_committer 2017-03-21 17:50:55 UTC
A commit references this bug:

Author: krion
Date: Tue Mar 21 17:50:36 UTC 2017
New revision: 436625
URL: https://svnweb.freebsd.org/changeset/ports/436625

Log:
  Update net/hostapd to 2.6 and fix multiple vulnerabilities

  PR:		217907
  Submitted by:	maintainer
  Approved by:	mat (mentor)
  Differential Revision: https://reviews.freebsd.org/D10051

Changes:
  head/net/hostapd/Makefile
  head/net/hostapd/distinfo
  head/net/hostapd/files/patch-src-l2_packet-l2_packet_freebsd.c
  head/net/hostapd/files/patch-src_crypto_tls__openssl.c
Comment 4 commit-hook freebsd_committer 2017-03-22 06:52:54 UTC
A commit references this bug:

Author: krion
Date: Wed Mar 22 06:52:30 UTC 2017
New revision: 436678
URL: https://svnweb.freebsd.org/changeset/ports/436678

Log:
  MFH: r436625

  Update net/hostapd to 2.6 and fix multiple vulnerabilities

  PR:		217907
  Submitted by:	maintainer
  Approved by:	mat (mentor)
  Differential Revision: https://reviews.freebsd.org/D10051

  Approved by:	ports-secteam

Changes:
_U  branches/2017Q1/
  branches/2017Q1/net/hostapd/Makefile
  branches/2017Q1/net/hostapd/distinfo
  branches/2017Q1/net/hostapd/files/patch-src-l2_packet-l2_packet_freebsd.c
  branches/2017Q1/net/hostapd/files/patch-src_crypto_tls__openssl.c