GNU bug report logs -
#53373
[PATCH] gnu: hostapd, wpa-wupplicant: Update to 2.10 [security fixes].
Previous Next
Reported by: Leo Famulari <leo <at> famulari.name>
Date: Wed, 19 Jan 2022 20:21:02 UTC
Severity: normal
Tags: patch
Done: Tobias Geerinckx-Rice <me <at> tobias.gr>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 53373 in the body.
You can then email your comments to 53373 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#53373; Package
guix-patches.
(Wed, 19 Jan 2022 20:21:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Leo Famulari <leo <at> famulari.name>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Wed, 19 Jan 2022 20:21:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
See the upstream advisory for more information on the security fixes
contained in these updates:
https://w1.fi/security/2022-1/sae-eap-pwd-side-channel-attack-update-2.txt
* gnu/packages/admin.scm (wpa-supplicant-minimal): Update to 2.10.
[source]: Remove obsolete patches "wpa-supplicant-CVE-2021-27803.patch"
and "wpa-supplicant-CVE-2021-30004.patch".
(hostapd): Update to 2.10.
[source]: Remove obsolete patches "wpa-supplicant-CVE-2021-27803.patch"
and "wpa-supplicant-CVE-2021-30004.patch".
* gnu/packages/patches/wpa-supplicant-CVE-2021-27803.patch,
gnu/packages/patches/wpa-supplicant-CVE-2021-30004.patch: Delete files.
* gnu/local.mk (dist_patch_DATA): Remove them.
---
gnu/local.mk | 2 -
gnu/packages/admin.scm | 9 +-
.../wpa-supplicant-CVE-2021-27803.patch | 50 --------
.../wpa-supplicant-CVE-2021-30004.patch | 115 ------------------
4 files changed, 3 insertions(+), 173 deletions(-)
delete mode 100644 gnu/packages/patches/wpa-supplicant-CVE-2021-27803.patch
delete mode 100644 gnu/packages/patches/wpa-supplicant-CVE-2021-30004.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index 3a954f8bf9..4313bf7650 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1950,8 +1950,6 @@ dist_patch_DATA = \
%D%/packages/patches/wordnet-CVE-2008-2149.patch \
%D%/packages/patches/wordnet-CVE-2008-3908-pt1.patch \
%D%/packages/patches/wordnet-CVE-2008-3908-pt2.patch \
- %D%/packages/patches/wpa-supplicant-CVE-2021-27803.patch \
- %D%/packages/patches/wpa-supplicant-CVE-2021-30004.patch \
%D%/packages/patches/x265-arm-flags.patch \
%D%/packages/patches/xdg-desktop-portal-wlr-harcoded-length.patch\
%D%/packages/patches/xf86-video-ark-remove-mibstore.patch \
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index 4f84e29499..ed66e358ea 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -1841,7 +1841,7 @@ (define-public opendoas
(define-public wpa-supplicant-minimal
(package
(name "wpa-supplicant-minimal")
- (version "2.9")
+ (version "2.10")
(source (origin
(method url-fetch)
(uri (string-append
@@ -1849,7 +1849,7 @@ (define-public wpa-supplicant-minimal
version ".tar.gz"))
(sha256
(base32
- "05qzak1mssnxcgdrafifxh9w86a4ha69qabkg4bsigk499xyxggw"))
+ "0bvvw7bx149a57llzrwzlpggyym84f8jdd4abwsk0f2b2pjpmpr0"))
(modules '((guix build utils)))
(snippet
'(begin
@@ -1857,10 +1857,7 @@ (define-public wpa-supplicant-minimal
;; Disable D-Bus to save ~14MiB on the closure size.
(("^CONFIG_CTRL_IFACE_DBUS" line _)
(string-append "#" line)))
- #t))
- (patches
- (search-patches "wpa-supplicant-CVE-2021-27803.patch"
- "wpa-supplicant-CVE-2021-30004.patch"))))
+ #t))))
(build-system gnu-build-system)
(arguments
`(#:phases
diff --git a/gnu/packages/patches/wpa-supplicant-CVE-2021-27803.patch b/gnu/packages/patches/wpa-supplicant-CVE-2021-27803.patch
deleted file mode 100644
index 1942bb3d55..0000000000
--- a/gnu/packages/patches/wpa-supplicant-CVE-2021-27803.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 8460e3230988ef2ec13ce6b69b687e941f6cdb32 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <jouni <at> codeaurora.org>
-Date: Tue, 8 Dec 2020 23:52:50 +0200
-Subject: [PATCH] P2P: Fix a corner case in peer addition based on PD Request
-
-p2p_add_device() may remove the oldest entry if there is no room in the
-peer table for a new peer. This would result in any pointer to that
-removed entry becoming stale. A corner case with an invalid PD Request
-frame could result in such a case ending up using (read+write) freed
-memory. This could only by triggered when the peer table has reached its
-maximum size and the PD Request frame is received from the P2P Device
-Address of the oldest remaining entry and the frame has incorrect P2P
-Device Address in the payload.
-
-Fix this by fetching the dev pointer again after having called
-p2p_add_device() so that the stale pointer cannot be used.
-
-Fixes: 17bef1e97a50 ("P2P: Add peer entry based on Provision Discovery Request")
-Signed-off-by: Jouni Malinen <jouni <at> codeaurora.org>
----
- src/p2p/p2p_pd.c | 12 +++++-------
- 1 file changed, 5 insertions(+), 7 deletions(-)
-
-diff --git a/src/p2p/p2p_pd.c b/src/p2p/p2p_pd.c
-index 3994ec03f86b..05fd593494ef 100644
---- a/src/p2p/p2p_pd.c
-+++ b/src/p2p/p2p_pd.c
-@@ -595,14 +595,12 @@ void p2p_process_prov_disc_req(struct p2p_data *p2p, const u8 *sa,
- goto out;
- }
-
-+ dev = p2p_get_device(p2p, sa);
- if (!dev) {
-- dev = p2p_get_device(p2p, sa);
-- if (!dev) {
-- p2p_dbg(p2p,
-- "Provision Discovery device not found "
-- MACSTR, MAC2STR(sa));
-- goto out;
-- }
-+ p2p_dbg(p2p,
-+ "Provision Discovery device not found "
-+ MACSTR, MAC2STR(sa));
-+ goto out;
- }
- } else if (msg.wfd_subelems) {
- wpabuf_free(dev->info.wfd_subelems);
---
-2.25.1
-
diff --git a/gnu/packages/patches/wpa-supplicant-CVE-2021-30004.patch b/gnu/packages/patches/wpa-supplicant-CVE-2021-30004.patch
deleted file mode 100644
index 8c8ba93355..0000000000
--- a/gnu/packages/patches/wpa-supplicant-CVE-2021-30004.patch
+++ /dev/null
@@ -1,115 +0,0 @@
-From a0541334a6394f8237a4393b7372693cd7e96f15 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j <at> w1.fi>
-Date: Sat, 13 Mar 2021 18:19:31 +0200
-Subject: ASN.1: Validate DigestAlgorithmIdentifier parameters
-
-The supported hash algorithms do not use AlgorithmIdentifier parameters.
-However, there are implementations that include NULL parameters in
-addition to ones that omit the parameters. Previous implementation did
-not check the parameters value at all which supported both these cases,
-but did not reject any other unexpected information.
-
-Use strict validation of digest algorithm parameters and reject any
-unexpected value when validating a signature. This is needed to prevent
-potential forging attacks.
-
-Signed-off-by: Jouni Malinen <j <at> w1.fi>
----
- src/tls/pkcs1.c | 21 +++++++++++++++++++++
- src/tls/x509v3.c | 20 ++++++++++++++++++++
- 2 files changed, 41 insertions(+)
-
-diff --git a/src/tls/pkcs1.c b/src/tls/pkcs1.c
-index bbdb0d7..5761dfe 100644
---- a/src/tls/pkcs1.c
-+++ b/src/tls/pkcs1.c
-@@ -244,6 +244,8 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk,
- os_free(decrypted);
- return -1;
- }
-+ wpa_hexdump(MSG_MSGDUMP, "PKCS #1: DigestInfo",
-+ hdr.payload, hdr.length);
-
- pos = hdr.payload;
- end = pos + hdr.length;
-@@ -265,6 +267,8 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk,
- os_free(decrypted);
- return -1;
- }
-+ wpa_hexdump(MSG_MSGDUMP, "PKCS #1: DigestAlgorithmIdentifier",
-+ hdr.payload, hdr.length);
- da_end = hdr.payload + hdr.length;
-
- if (asn1_get_oid(hdr.payload, hdr.length, &oid, &next)) {
-@@ -273,6 +277,23 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk,
- os_free(decrypted);
- return -1;
- }
-+ wpa_hexdump(MSG_MSGDUMP, "PKCS #1: Digest algorithm parameters",
-+ next, da_end - next);
-+
-+ /*
-+ * RFC 5754: The correct encoding for the SHA2 algorithms would be to
-+ * omit the parameters, but there are implementation that encode these
-+ * as a NULL element. Allow these two cases and reject anything else.
-+ */
-+ if (da_end > next &&
-+ (asn1_get_next(next, da_end - next, &hdr) < 0 ||
-+ !asn1_is_null(&hdr) ||
-+ hdr.payload + hdr.length != da_end)) {
-+ wpa_printf(MSG_DEBUG,
-+ "PKCS #1: Unexpected digest algorithm parameters");
-+ os_free(decrypted);
-+ return -1;
-+ }
-
- if (!asn1_oid_equal(&oid, hash_alg)) {
- char txt[100], txt2[100];
-diff --git a/src/tls/x509v3.c b/src/tls/x509v3.c
-index a8944dd..df337ec 100644
---- a/src/tls/x509v3.c
-+++ b/src/tls/x509v3.c
-@@ -1964,6 +1964,7 @@ int x509_check_signature(struct x509_certificate *issuer,
- os_free(data);
- return -1;
- }
-+ wpa_hexdump(MSG_MSGDUMP, "X509: DigestInfo", hdr.payload, hdr.length);
-
- pos = hdr.payload;
- end = pos + hdr.length;
-@@ -1985,6 +1986,8 @@ int x509_check_signature(struct x509_certificate *issuer,
- os_free(data);
- return -1;
- }
-+ wpa_hexdump(MSG_MSGDUMP, "X509: DigestAlgorithmIdentifier",
-+ hdr.payload, hdr.length);
- da_end = hdr.payload + hdr.length;
-
- if (asn1_get_oid(hdr.payload, hdr.length, &oid, &next)) {
-@@ -1992,6 +1995,23 @@ int x509_check_signature(struct x509_certificate *issuer,
- os_free(data);
- return -1;
- }
-+ wpa_hexdump(MSG_MSGDUMP, "X509: Digest algorithm parameters",
-+ next, da_end - next);
-+
-+ /*
-+ * RFC 5754: The correct encoding for the SHA2 algorithms would be to
-+ * omit the parameters, but there are implementation that encode these
-+ * as a NULL element. Allow these two cases and reject anything else.
-+ */
-+ if (da_end > next &&
-+ (asn1_get_next(next, da_end - next, &hdr) < 0 ||
-+ !asn1_is_null(&hdr) ||
-+ hdr.payload + hdr.length != da_end)) {
-+ wpa_printf(MSG_DEBUG,
-+ "X509: Unexpected digest algorithm parameters");
-+ os_free(data);
-+ return -1;
-+ }
-
- if (x509_sha1_oid(&oid)) {
- if (signature->oid.oid[6] != 5 /* sha-1WithRSAEncryption */) {
---
-cgit v0.12
-
--
2.34.0
Reply sent
to
Tobias Geerinckx-Rice <me <at> tobias.gr>:
You have taken responsibility.
(Wed, 19 Jan 2022 20:40:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Leo Famulari <leo <at> famulari.name>:
bug acknowledged by developer.
(Wed, 19 Jan 2022 20:40:02 GMT)
Full text and
rfc822 format available.
Message #10 received at 53373-done <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Leo,
Leo Famulari 写道:
> * gnu/packages/admin.scm (wpa-supplicant-minimal): Update to
> 2.10.
Thanks! I pushed it as d331bd0a39fd3604581e3c5f15875b7733aad495
since
> (hostapd): Update to 2.10.
I broke that part :-) In retrospect, I didn't, the patch applied
perfectly.
Kind regards,
T G-R
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#53373; Package
guix-patches.
(Wed, 19 Jan 2022 20:54:01 GMT)
Full text and
rfc822 format available.
Message #13 received at 53373-done <at> debbugs.gnu.org (full text, mbox):
On Wed, Jan 19, 2022 at 09:37:09PM +0100, Tobias Geerinckx-Rice wrote:
> Leo,
>
> Leo Famulari 写道:
> > * gnu/packages/admin.scm (wpa-supplicant-minimal): Update to 2.10.
>
> Thanks! I pushed it as d331bd0a39fd3604581e3c5f15875b7733aad495 since
>
> > (hostapd): Update to 2.10.
>
> I broke that part :-) In retrospect, I didn't, the patch applied perfectly.
Thanks for taking care of it!
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Thu, 17 Feb 2022 12:24:08 GMT)
Full text and
rfc822 format available.
This bug report was last modified 3 years and 174 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.