mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-12-25 13:58:15 -05:00
gnu: wpa-wupplicant: Update to 2.10 [security fixes].
See the upstream advisory for more information on the security fixes contained in these updates: https://w1.fi/security/2022-1/sae-eap-pwd-side-channel-attack-update-2.txt * gnu/packages/admin.scm (wpa-supplicant-minimal): Update to 2.10. [source]: Remove obsolete patches. * gnu/packages/patches/wpa-supplicant-CVE-2021-27803.patch, gnu/packages/patches/wpa-supplicant-CVE-2021-30004.patch: Delete files. * gnu/local.mk (dist_patch_DATA): Remove them. Signed-off-by: Tobias Geerinckx-Rice <me@tobias.gr>
This commit is contained in:
parent
ab4cdfe7c2
commit
d331bd0a39
4 changed files with 3 additions and 173 deletions
|
@ -1950,8 +1950,6 @@ dist_patch_DATA = \
|
||||||
%D%/packages/patches/wordnet-CVE-2008-2149.patch \
|
%D%/packages/patches/wordnet-CVE-2008-2149.patch \
|
||||||
%D%/packages/patches/wordnet-CVE-2008-3908-pt1.patch \
|
%D%/packages/patches/wordnet-CVE-2008-3908-pt1.patch \
|
||||||
%D%/packages/patches/wordnet-CVE-2008-3908-pt2.patch \
|
%D%/packages/patches/wordnet-CVE-2008-3908-pt2.patch \
|
||||||
%D%/packages/patches/wpa-supplicant-CVE-2021-27803.patch \
|
|
||||||
%D%/packages/patches/wpa-supplicant-CVE-2021-30004.patch \
|
|
||||||
%D%/packages/patches/x265-arm-flags.patch \
|
%D%/packages/patches/x265-arm-flags.patch \
|
||||||
%D%/packages/patches/xdg-desktop-portal-wlr-harcoded-length.patch\
|
%D%/packages/patches/xdg-desktop-portal-wlr-harcoded-length.patch\
|
||||||
%D%/packages/patches/xf86-video-ark-remove-mibstore.patch \
|
%D%/packages/patches/xf86-video-ark-remove-mibstore.patch \
|
||||||
|
|
|
@ -1841,7 +1841,7 @@ (define-public opendoas
|
||||||
(define-public wpa-supplicant-minimal
|
(define-public wpa-supplicant-minimal
|
||||||
(package
|
(package
|
||||||
(name "wpa-supplicant-minimal")
|
(name "wpa-supplicant-minimal")
|
||||||
(version "2.9")
|
(version "2.10")
|
||||||
(source (origin
|
(source (origin
|
||||||
(method url-fetch)
|
(method url-fetch)
|
||||||
(uri (string-append
|
(uri (string-append
|
||||||
|
@ -1849,7 +1849,7 @@ (define-public wpa-supplicant-minimal
|
||||||
version ".tar.gz"))
|
version ".tar.gz"))
|
||||||
(sha256
|
(sha256
|
||||||
(base32
|
(base32
|
||||||
"05qzak1mssnxcgdrafifxh9w86a4ha69qabkg4bsigk499xyxggw"))
|
"0bvvw7bx149a57llzrwzlpggyym84f8jdd4abwsk0f2b2pjpmpr0"))
|
||||||
(modules '((guix build utils)))
|
(modules '((guix build utils)))
|
||||||
(snippet
|
(snippet
|
||||||
'(begin
|
'(begin
|
||||||
|
@ -1857,10 +1857,7 @@ (define-public wpa-supplicant-minimal
|
||||||
;; Disable D-Bus to save ~14MiB on the closure size.
|
;; Disable D-Bus to save ~14MiB on the closure size.
|
||||||
(("^CONFIG_CTRL_IFACE_DBUS" line _)
|
(("^CONFIG_CTRL_IFACE_DBUS" line _)
|
||||||
(string-append "#" line)))
|
(string-append "#" line)))
|
||||||
#t))
|
#t))))
|
||||||
(patches
|
|
||||||
(search-patches "wpa-supplicant-CVE-2021-27803.patch"
|
|
||||||
"wpa-supplicant-CVE-2021-30004.patch"))))
|
|
||||||
(build-system gnu-build-system)
|
(build-system gnu-build-system)
|
||||||
(arguments
|
(arguments
|
||||||
`(#:phases
|
`(#:phases
|
||||||
|
|
|
@ -1,50 +0,0 @@
|
||||||
From 8460e3230988ef2ec13ce6b69b687e941f6cdb32 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Jouni Malinen <jouni@codeaurora.org>
|
|
||||||
Date: Tue, 8 Dec 2020 23:52:50 +0200
|
|
||||||
Subject: [PATCH] P2P: Fix a corner case in peer addition based on PD Request
|
|
||||||
|
|
||||||
p2p_add_device() may remove the oldest entry if there is no room in the
|
|
||||||
peer table for a new peer. This would result in any pointer to that
|
|
||||||
removed entry becoming stale. A corner case with an invalid PD Request
|
|
||||||
frame could result in such a case ending up using (read+write) freed
|
|
||||||
memory. This could only by triggered when the peer table has reached its
|
|
||||||
maximum size and the PD Request frame is received from the P2P Device
|
|
||||||
Address of the oldest remaining entry and the frame has incorrect P2P
|
|
||||||
Device Address in the payload.
|
|
||||||
|
|
||||||
Fix this by fetching the dev pointer again after having called
|
|
||||||
p2p_add_device() so that the stale pointer cannot be used.
|
|
||||||
|
|
||||||
Fixes: 17bef1e97a50 ("P2P: Add peer entry based on Provision Discovery Request")
|
|
||||||
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
|
|
||||||
---
|
|
||||||
src/p2p/p2p_pd.c | 12 +++++-------
|
|
||||||
1 file changed, 5 insertions(+), 7 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/p2p/p2p_pd.c b/src/p2p/p2p_pd.c
|
|
||||||
index 3994ec03f86b..05fd593494ef 100644
|
|
||||||
--- a/src/p2p/p2p_pd.c
|
|
||||||
+++ b/src/p2p/p2p_pd.c
|
|
||||||
@@ -595,14 +595,12 @@ void p2p_process_prov_disc_req(struct p2p_data *p2p, const u8 *sa,
|
|
||||||
goto out;
|
|
||||||
}
|
|
||||||
|
|
||||||
+ dev = p2p_get_device(p2p, sa);
|
|
||||||
if (!dev) {
|
|
||||||
- dev = p2p_get_device(p2p, sa);
|
|
||||||
- if (!dev) {
|
|
||||||
- p2p_dbg(p2p,
|
|
||||||
- "Provision Discovery device not found "
|
|
||||||
- MACSTR, MAC2STR(sa));
|
|
||||||
- goto out;
|
|
||||||
- }
|
|
||||||
+ p2p_dbg(p2p,
|
|
||||||
+ "Provision Discovery device not found "
|
|
||||||
+ MACSTR, MAC2STR(sa));
|
|
||||||
+ goto out;
|
|
||||||
}
|
|
||||||
} else if (msg.wfd_subelems) {
|
|
||||||
wpabuf_free(dev->info.wfd_subelems);
|
|
||||||
--
|
|
||||||
2.25.1
|
|
||||||
|
|
|
@ -1,115 +0,0 @@
|
||||||
From a0541334a6394f8237a4393b7372693cd7e96f15 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Jouni Malinen <j@w1.fi>
|
|
||||||
Date: Sat, 13 Mar 2021 18:19:31 +0200
|
|
||||||
Subject: ASN.1: Validate DigestAlgorithmIdentifier parameters
|
|
||||||
|
|
||||||
The supported hash algorithms do not use AlgorithmIdentifier parameters.
|
|
||||||
However, there are implementations that include NULL parameters in
|
|
||||||
addition to ones that omit the parameters. Previous implementation did
|
|
||||||
not check the parameters value at all which supported both these cases,
|
|
||||||
but did not reject any other unexpected information.
|
|
||||||
|
|
||||||
Use strict validation of digest algorithm parameters and reject any
|
|
||||||
unexpected value when validating a signature. This is needed to prevent
|
|
||||||
potential forging attacks.
|
|
||||||
|
|
||||||
Signed-off-by: Jouni Malinen <j@w1.fi>
|
|
||||||
---
|
|
||||||
src/tls/pkcs1.c | 21 +++++++++++++++++++++
|
|
||||||
src/tls/x509v3.c | 20 ++++++++++++++++++++
|
|
||||||
2 files changed, 41 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/src/tls/pkcs1.c b/src/tls/pkcs1.c
|
|
||||||
index bbdb0d7..5761dfe 100644
|
|
||||||
--- a/src/tls/pkcs1.c
|
|
||||||
+++ b/src/tls/pkcs1.c
|
|
||||||
@@ -244,6 +244,8 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk,
|
|
||||||
os_free(decrypted);
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
+ wpa_hexdump(MSG_MSGDUMP, "PKCS #1: DigestInfo",
|
|
||||||
+ hdr.payload, hdr.length);
|
|
||||||
|
|
||||||
pos = hdr.payload;
|
|
||||||
end = pos + hdr.length;
|
|
||||||
@@ -265,6 +267,8 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk,
|
|
||||||
os_free(decrypted);
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
+ wpa_hexdump(MSG_MSGDUMP, "PKCS #1: DigestAlgorithmIdentifier",
|
|
||||||
+ hdr.payload, hdr.length);
|
|
||||||
da_end = hdr.payload + hdr.length;
|
|
||||||
|
|
||||||
if (asn1_get_oid(hdr.payload, hdr.length, &oid, &next)) {
|
|
||||||
@@ -273,6 +277,23 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk,
|
|
||||||
os_free(decrypted);
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
+ wpa_hexdump(MSG_MSGDUMP, "PKCS #1: Digest algorithm parameters",
|
|
||||||
+ next, da_end - next);
|
|
||||||
+
|
|
||||||
+ /*
|
|
||||||
+ * RFC 5754: The correct encoding for the SHA2 algorithms would be to
|
|
||||||
+ * omit the parameters, but there are implementation that encode these
|
|
||||||
+ * as a NULL element. Allow these two cases and reject anything else.
|
|
||||||
+ */
|
|
||||||
+ if (da_end > next &&
|
|
||||||
+ (asn1_get_next(next, da_end - next, &hdr) < 0 ||
|
|
||||||
+ !asn1_is_null(&hdr) ||
|
|
||||||
+ hdr.payload + hdr.length != da_end)) {
|
|
||||||
+ wpa_printf(MSG_DEBUG,
|
|
||||||
+ "PKCS #1: Unexpected digest algorithm parameters");
|
|
||||||
+ os_free(decrypted);
|
|
||||||
+ return -1;
|
|
||||||
+ }
|
|
||||||
|
|
||||||
if (!asn1_oid_equal(&oid, hash_alg)) {
|
|
||||||
char txt[100], txt2[100];
|
|
||||||
diff --git a/src/tls/x509v3.c b/src/tls/x509v3.c
|
|
||||||
index a8944dd..df337ec 100644
|
|
||||||
--- a/src/tls/x509v3.c
|
|
||||||
+++ b/src/tls/x509v3.c
|
|
||||||
@@ -1964,6 +1964,7 @@ int x509_check_signature(struct x509_certificate *issuer,
|
|
||||||
os_free(data);
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
+ wpa_hexdump(MSG_MSGDUMP, "X509: DigestInfo", hdr.payload, hdr.length);
|
|
||||||
|
|
||||||
pos = hdr.payload;
|
|
||||||
end = pos + hdr.length;
|
|
||||||
@@ -1985,6 +1986,8 @@ int x509_check_signature(struct x509_certificate *issuer,
|
|
||||||
os_free(data);
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
+ wpa_hexdump(MSG_MSGDUMP, "X509: DigestAlgorithmIdentifier",
|
|
||||||
+ hdr.payload, hdr.length);
|
|
||||||
da_end = hdr.payload + hdr.length;
|
|
||||||
|
|
||||||
if (asn1_get_oid(hdr.payload, hdr.length, &oid, &next)) {
|
|
||||||
@@ -1992,6 +1995,23 @@ int x509_check_signature(struct x509_certificate *issuer,
|
|
||||||
os_free(data);
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
+ wpa_hexdump(MSG_MSGDUMP, "X509: Digest algorithm parameters",
|
|
||||||
+ next, da_end - next);
|
|
||||||
+
|
|
||||||
+ /*
|
|
||||||
+ * RFC 5754: The correct encoding for the SHA2 algorithms would be to
|
|
||||||
+ * omit the parameters, but there are implementation that encode these
|
|
||||||
+ * as a NULL element. Allow these two cases and reject anything else.
|
|
||||||
+ */
|
|
||||||
+ if (da_end > next &&
|
|
||||||
+ (asn1_get_next(next, da_end - next, &hdr) < 0 ||
|
|
||||||
+ !asn1_is_null(&hdr) ||
|
|
||||||
+ hdr.payload + hdr.length != da_end)) {
|
|
||||||
+ wpa_printf(MSG_DEBUG,
|
|
||||||
+ "X509: Unexpected digest algorithm parameters");
|
|
||||||
+ os_free(data);
|
|
||||||
+ return -1;
|
|
||||||
+ }
|
|
||||||
|
|
||||||
if (x509_sha1_oid(&oid)) {
|
|
||||||
if (signature->oid.oid[6] != 5 /* sha-1WithRSAEncryption */) {
|
|
||||||
--
|
|
||||||
cgit v0.12
|
|
||||||
|
|
Loading…
Reference in a new issue