[pkg-wpa-devel] [wpa] 01/03: Merge more changes from Ubuntu.
Andrew Shadura
andrewsh at debian.org
Mon Aug 8 11:18:00 UTC 2016
This is an automated email from the git hooks/post-receive script.
andrewsh pushed a commit to branch debian/sid
in repository wpa.
commit e1257b7a63fc0f91bddf07ab1f3b344254362533
Merge: 9f24093 418e299
Author: Andrew Shadura <andrewsh at debian.org>
Date: Fri Aug 5 19:53:24 2016 +0200
Merge more changes from Ubuntu.
debian/changelog | 17 +-
debian/ifupdown/functions.sh | 13 +-
...ject-a-Credential-with-invalid-passphrase.patch | 8 +-
...ines-from-wpa_supplicant-config-network-o.patch | 8 +-
...CRED-commands-with-newline-characters-in-.patch | 4 +-
...commands-with-newline-characters-in-the-s.patch | 2 +-
.../patches/dbus-fix-operations-for-p2p-mgmt.patch | 32 +-
debian/patches/series | 3 -
.../wpasupplicant_band_selection_8b2b718d.patch | 23 --
.../wpasupplicant_band_selection_a1b790eb.patch | 361 ---------------------
.../wpasupplicant_band_selection_f0d0a5d2.patch | 156 ---------
debian/system-sleep/wpasupplicant | 9 +
debian/wpasupplicant.install | 1 +
13 files changed, 53 insertions(+), 584 deletions(-)
diff --cc debian/changelog
index 0b326aa,5ccf97c..9b83078
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,108 -1,99 +1,123 @@@
-wpa (2.4-0ubuntu7) yakkety; urgency=medium
+wpa (2.4-1) UNRELEASED; urgency=medium
+ [ Ricardo Salveti de Araujo ]
+ * debian/patches/dbus-fix-operations-for-p2p-mgmt.patch: fix operations
+ when P2P management interface is used (LP: #1482439)
+
+ [ Stefan Lippers-Hollmann ]
+ * NOT RELEASED YET
+ * wpasupplicant: install systemd unit (Closes: #766746).
+ * wpasupplicant: configure driver fallback for networkd.
+ * import changelogs from the security queues.
+ * move previous patch for CVE-2015-1863 into a new subdirectory,
+ debian/patches/2015-1/.
+ * replace the Debian specific patch "wpasupplicant: fix systemd unit
+ dependencies" with a backport of its official upstream change "systemd:
+ Order wpa_supplicant before network.target".
+ * fix dependency odering when invoked with DBus, by making sure that DBus
+ isn't shut down before wpa_supplicant, as that would also bring down
+ wireless links which are still holding open NFS shares. Thanks to Facundo
+ Gaich <facugaich at gmail.com> and Michael Biebl <biebl at debian.org>
+ (Closes: #785579).
+ * import NMU changelogs and integrate NMU changes.
+ * Add patches to address CVE-2016-4476 and CVE-2016-4477, thanks to Salvatore
+ Bonaccorso <carnil at debian.org> (Closes: #823411):
+ - WPS: Reject a Credential with invalid passphrase
+ - Reject psk parameter set with invalid passphrase character
+ - Remove newlines from wpa_supplicant config network output
+ - Reject SET_CRED commands with newline characters in the string values
+ - Reject SET commands with newline characters in the string values
+ * use --buildsystem=qmake_qt4 (available since dh 8.9.1) for debhelper
+ (Closes: #823171).
+ * fix clean target, by splitting the find call into individual searches.
+ * building wpa in a current unstable chroot using debhelper >= 9.20151219
+ will introduce automatic dbgsym packages, thereby indirectly providing
+ the requested debug packages for stretch and upwards (Closes: #729934).
+ Don't add a versioned build-dependency in order to avoid unnecessary
+ complications with backports.
+ * change Vcs-Browser location to prefer https, but keep the unsecure tag for
+ Vcs-Svn, as there is no option allowing to pull from the svn+ssh://
+ location without an alioth account, this only makes lintian partially happy
+ in regards to vcs-field-uses-insecure-uri.
+ * debian/*: fix spelling errors noticed by lintian.
+ * drop the obsolete Debian menu entry for wpa_gui, according to the tech-ctte
+ decision on #741573.
+ * fix debian/get-orig-source for wpa 2.6~.
+ * add debian/watch file for the custom tarball generation.
+
- -- Stefan Lippers-Hollmann <s.l-h at gmx.de> Wed, 19 Aug 2015 03:00:19 +0200
++ [ Paul Donohue ]
+ * debian/ifupdown/functions.sh: Fix handling for "wpa-roam". Call ifquery
+ instead of directly parsing /run/*/ifstate files to work with current
+ ifupdown. (Closes: #545766, LP: #1545363)
+
- -- Paul Donohue <ubuntu at PaulSD.com> Fri, 01 Jul 2016 09:16:21 +0200
-
-wpa (2.4-0ubuntu6) xenial; urgency=medium
-
- * debian/patches/wpasupplicant_band_selection_aa517ae2.patch: add the last
- missing 5 GHz band selection related cherry-pick from Debian that was not
- included in wpa 2.4 (LP: #1517040)
-
- -- Timo Jyrinki <timo-jyrinki at ubuntu.com> Tue, 19 Jan 2016 12:36:00 +0200
-
-wpa (2.4-0ubuntu5) xenial; urgency=medium
-
- * SECURITY UPDATE: unauthorized WNM Sleep Mode GTK control
- - debian/patches/CVE-2015-5310.patch: Ignore Key Data in WNM Sleep Mode
- Response frame if no PMF in use in wpa_supplicant/wnm_sta.c.
- - CVE-2015-5310
- * SECURITY UPDATE: EAP-pwd missing last fragment length validation
- - debian/patches/CVE-2015-5315-1.patch: Fix last fragment length
- validation in src/eap_peer/eap_pwd.c.
- - debian/patches/CVE-2015-5315-2.patch: Fix last fragment length
- validation in src/eap_server/eap_server_pwd.c.
- - CVE-2015-5315
- * SECURITY UPDATE: EAP-pwd peer error path failure on unexpected Confirm
- message
- - debian/patches/CVE-2015-5316.patch: fix error path in
- src/eap_peer/eap_pwd.c.
- - CVE-2015-5316
- * SECURITY UPDATE: denial of service in NDEF record parser
- - debian/patches/CVE-2015-8041.patch: validate payload lengths in
- src/wps/ndef.c.
- - CVE-2015-8041
-
- -- Marc Deslauriers <marc.deslauriers at ubuntu.com> Tue, 10 Nov 2015 13:38:25 -0500
-
-wpa (2.4-0ubuntu4) xenial; urgency=medium
-
++ [ Martin Pitt ]
+ * Add debian/system-sleep/wpasupplicant: Call wpa_cli suspend/resume
+ before/after suspend, like the pm-utils hook. In some cases this brings
+ back missing Wifi connection after resuming. (LP: #1422143)
+
- -- Martin Pitt <martin.pitt at ubuntu.com> Mon, 26 Oct 2015 14:24:30 +0100
-
-wpa (2.4-0ubuntu3) wily; urgency=medium
-
- * debian/patches/dbus-fix-operations-for-p2p-mgmt.patch: fix operations
- when P2P management interface is used (LP: #1482439)
-
- -- Ricardo Salveti de Araujo <rsalveti at rsalveti.net> Wed, 07 Oct 2015 10:21:39 -0300
-
-wpa (2.4-0ubuntu2) wily; urgency=medium
-
- * debian/config/wpasupplicant/linux:
- - Reduce the delta to Debian by removing the double setting of CONFIG_AP
- and CONFIG_P2P. The only actual delta is CONFIG_ANDROID_HAL.
-
- -- Timo Jyrinki <timo-jyrinki at ubuntu.com> Mon, 03 Aug 2015 22:03:51 +0300
-
-wpa (2.4-0ubuntu1) wily; urgency=medium
-
- * New upstream release.
- * Merge with Debian unstable; remaining changes:
- - debian/patches/session-ticket.patch: disable the TLS Session Ticket
- extension to fix auth with 802.1x PEAP on some hardware.
- - debian/patches/android_hal_fw_path_change.patch: add a DBus method for
- requesting a firmware change when working with the Android HAL; this is
- used to set a device in P2P or AP mode; conditional to CONFIG_ANDROID_HAL
- being enabled.
- - debian/config/wpasupplicant/linux: enable CONFIG_ANDROID_HAL.
- - debian/control: Build-Depends on android-headers to get the required wifi
- headers for the HAL support.
- - debian/patches/dbus-available-sta.patch: Make the list of connected
- stations available on DBus for hotspot mode; along with some of the
- station properties, such as rx/tx packets, bytes, capabilities, etc.
- - debian/patches/CVE-2015-4141.patch: check chunk size: src/wps/httpread.c
- - CVE-2015-4141
- - debian/patches/CVE-2015-4142.patch: check length in src/ap/wmm.c.
- - CVE-2015-4142
- - debian/patches/CVE-2015-4143-4146.patch: check lengths in
- src/eap_peer/eap_pwd.c, src/eap_server/eap_server_pwd.c.
- - CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146
- - debian/config/wpasupplicant/linux:
- - Enable CONFIG_AP_MODE (AP mode support) (LP: #1209511).
- - Enable CONFIG_P2P (Wi-Fi Direct support).
- * debian/patches/wpa_supplicant-MACsec-fix-build-failure-for-IEEE8021.patch,
- debian/patches/include-ieee802_11_common.c-in-wpa_supplicant-build-.patch,
- d/p/hostapd_fix-hostapd-operation-without-hw_mode-driver-data.patch:
- dropped patches included upstream.
- * Refreshed all patches.
-
- -- Mathieu Trudel-Lapierre <mathieu-tl at ubuntu.com> Mon, 27 Jul 2015 17:29:24 -0400
++ [ Andrew Shadura ]
++ * New upstream release (Closes: #806889).
++ * Refresh patches, drop patches applied upstream.
++ * Fix pkcs11 OpenSSL engine initialisation (Closes: #827253).
++
++ -- Andrew Shadura <andrewsh at debian.org> Sun, 31 Jul 2016 18:05:59 +0300
+
+wpa (2.3-2.4) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Add patches to address CVE-2016-4476 and CVE-2016-4477, thanks to
+ Salvatore Bonaccorso <carnil at debian.org> (Closes: #823411):
+ - WPS: Reject a Credential with invalid passphrase
+ - Reject psk parameter set with invalid passphrase character
+ - Remove newlines from wpa_supplicant config network output
+ - Reject SET_CRED commands with newline characters in the string values
+ - Reject SET commands with newline characters in the string values
+ * Refresh patches to apply cleanly.
+
+ -- Andrew Shadura <andrewsh at debian.org> Thu, 21 Jul 2016 09:01:51 +0200
+
+wpa (2.3-2.3) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * Add patch to address CVE-2015-5310.
+ CVE-2015-5310: wpa_supplicant unauthorized WNM Sleep Mode GTK control.
+ (Closes: #804707)
+ * Add patches to address CVE-2015-5314 and CVE-2015-5315.
+ CVE-2015-5314: hostapd: EAP-pwd missing last fragment length validation.
+ CVE-2015-5315: wpa_supplicant: EAP-pwd missing last fragment length
+ validation. (Closes: #804708)
+ * Add patch to address CVE-2015-5316.
+ CVE-2015-5316: EAP-pwd peer error path failure on unexpected Confirm
+ message. (Closes: #804710)
+
+ -- Salvatore Bonaccorso <carnil at debian.org> Thu, 12 Nov 2015 20:54:12 +0100
+
+wpa (2.3-2.2) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * Add patch to address CVE-2015-4141.
+ CVE-2015-4141: WPS UPnP vulnerability with HTTP chunked transfer
+ encoding. (Closes: #787372)
+ * Add patch to address CVE-2015-4142.
+ CVE-2015-4142: Integer underflow in AP mode WMM Action frame processing.
+ (Closes: #787373)
+ * Add patches to address CVE-2015-414{3,4,5,6}
+ CVE-2015-4143 CVE-2015-4144 CVE-2015-4145 CVE-2015-4146: EAP-pwd missing
+ payload length validation. (Closes: #787371)
+ * Add patch to address 2015-5 vulnerability.
+ NFC: Fix payload length validation in NDEF record parser (Closes: #795740)
+ * Thanks to Julian Wollrath <jwollrath at web.de> for the initial debdiff
+ provided in #787371.
+
+ -- Salvatore Bonaccorso <carnil at debian.org> Sat, 31 Oct 2015 14:13:50 +0100
+
+wpa (2.3-2.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Import four patches from upstream git (wpasupplicant_band_selection_*.patch),
+ manually unfuzzed, to improve 2.4/5 GHz band selection. (Closes: #795722)
+
+ -- Steinar H. Gunderson <sesse at debian.org> Sun, 30 Aug 2015 14:47:56 +0200
wpa (2.3-2) unstable; urgency=high
diff --cc debian/patches/2016-1/0001-WPS-Reject-a-Credential-with-invalid-passphrase.patch
index de866d1,0000000..c132643
mode 100644,000000..100644
--- a/debian/patches/2016-1/0001-WPS-Reject-a-Credential-with-invalid-passphrase.patch
+++ b/debian/patches/2016-1/0001-WPS-Reject-a-Credential-with-invalid-passphrase.patch
@@@ -1,73 -1,0 +1,73 @@@
+From ecbb0b3dc122b0d290987cf9c84010bbe53e1022 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <jouni at qca.qualcomm.com>
+Date: Fri, 4 Mar 2016 17:20:18 +0200
+Subject: [PATCH 1/5] WPS: Reject a Credential with invalid passphrase
+
+WPA/WPA2-Personal passphrase is not allowed to include control
+characters. Reject a Credential received from a WPS Registrar both as
+STA (Credential) and AP (AP Settings) if the credential is for WPAPSK or
+WPA2PSK authentication type and includes an invalid passphrase.
+
+This fixes an issue where hostapd or wpa_supplicant could have updated
+the configuration file PSK/passphrase parameter with arbitrary data from
+an external device (Registrar) that may not be fully trusted. Should
+such data include a newline character, the resulting configuration file
+could become invalid and fail to be parsed.
+
+Signed-off-by: Jouni Malinen <jouni at qca.qualcomm.com>
+---
+ src/utils/common.c | 12 ++++++++++++
+ src/utils/common.h | 1 +
+ src/wps/wps_attr_process.c | 10 ++++++++++
+ 3 files changed, 23 insertions(+)
+
+--- a/src/utils/common.c
++++ b/src/utils/common.c
- @@ -593,6 +593,18 @@ int find_first_bit(u32 value)
++@@ -671,6 +671,18 @@
+ }
+
+
++int has_ctrl_char(const u8 *data, size_t len)
++{
++ size_t i;
++
++ for (i = 0; i < len; i++) {
++ if (data[i] < 32 || data[i] == 127)
++ return 1;
++ }
++ return 0;
++}
++
++
+ size_t merge_byte_arrays(u8 *res, size_t res_len,
+ const u8 *src1, size_t src1_len,
+ const u8 *src2, size_t src2_len)
+--- a/src/utils/common.h
++++ b/src/utils/common.h
- @@ -493,6 +493,7 @@ const char * wpa_ssid_txt(const u8 *ssid
++@@ -501,6 +501,7 @@
+
+ char * wpa_config_parse_string(const char *value, size_t *len);
+ int is_hex(const u8 *data, size_t len);
++int has_ctrl_char(const u8 *data, size_t len);
- int find_first_bit(u32 value);
+ size_t merge_byte_arrays(u8 *res, size_t res_len,
+ const u8 *src1, size_t src1_len,
++ const u8 *src2, size_t src2_len);
+--- a/src/wps/wps_attr_process.c
++++ b/src/wps/wps_attr_process.c
- @@ -229,6 +229,16 @@ static int wps_workaround_cred_key(struc
++@@ -229,6 +229,16 @@
+ cred->key_len--;
+ #endif /* CONFIG_WPS_STRICT */
+ }
++
++
++ if (cred->auth_type & (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK) &&
++ (cred->key_len < 8 || has_ctrl_char(cred->key, cred->key_len))) {
++ wpa_printf(MSG_INFO, "WPS: Reject credential with invalid WPA/WPA2-Personal passphrase");
++ wpa_hexdump_ascii_key(MSG_INFO, "WPS: Network Key",
++ cred->key, cred->key_len);
++ return -1;
++ }
++
+ return 0;
+ }
+
diff --cc debian/patches/2016-1/0003-Remove-newlines-from-wpa_supplicant-config-network-o.patch
index 30a4dd1,0000000..3fdda05
mode 100644,000000..100644
--- a/debian/patches/2016-1/0003-Remove-newlines-from-wpa_supplicant-config-network-o.patch
+++ b/debian/patches/2016-1/0003-Remove-newlines-from-wpa_supplicant-config-network-o.patch
@@@ -1,73 -1,0 +1,73 @@@
+From 0fe5a234240a108b294a87174ad197f6b5cb38e9 Mon Sep 17 00:00:00 2001
+From: Paul Stewart <pstew at google.com>
+Date: Thu, 3 Mar 2016 15:40:19 -0800
+Subject: [PATCH 3/5] Remove newlines from wpa_supplicant config network
+ output
+
+Spurious newlines output while writing the config file can corrupt the
+wpa_supplicant configuration. Avoid writing these for the network block
+parameters. This is a generic filter that cover cases that may not have
+been explicitly addressed with a more specific commit to avoid control
+characters in the psk parameter.
+
+Signed-off-by: Paul Stewart <pstew at google.com>
+---
+ src/utils/common.c | 11 +++++++++++
+ src/utils/common.h | 1 +
+ wpa_supplicant/config.c | 15 +++++++++++++--
+ 3 files changed, 25 insertions(+), 2 deletions(-)
+
+--- a/src/utils/common.c
++++ b/src/utils/common.c
- @@ -605,6 +605,17 @@ int has_ctrl_char(const u8 *data, size_t
++@@ -683,6 +683,17 @@
+ }
+
+
++int has_newline(const char *str)
++{
++ while (*str) {
++ if (*str == '\n' || *str == '\r')
++ return 1;
++ str++;
++ }
++ return 0;
++}
++
++
+ size_t merge_byte_arrays(u8 *res, size_t res_len,
+ const u8 *src1, size_t src1_len,
+ const u8 *src2, size_t src2_len)
+--- a/src/utils/common.h
++++ b/src/utils/common.h
- @@ -494,6 +494,7 @@ const char * wpa_ssid_txt(const u8 *ssid
++@@ -502,6 +502,7 @@
+ char * wpa_config_parse_string(const char *value, size_t *len);
+ int is_hex(const u8 *data, size_t len);
+ int has_ctrl_char(const u8 *data, size_t len);
++int has_newline(const char *str);
- int find_first_bit(u32 value);
+ size_t merge_byte_arrays(u8 *res, size_t res_len,
+ const u8 *src1, size_t src1_len,
++ const u8 *src2, size_t src2_len);
+--- a/wpa_supplicant/config.c
++++ b/wpa_supplicant/config.c
- @@ -2375,8 +2375,19 @@ char * wpa_config_get(struct wpa_ssid *s
++@@ -2592,8 +2592,19 @@
+
+ for (i = 0; i < NUM_SSID_FIELDS; i++) {
+ const struct parse_data *field = &ssid_fields[i];
+- if (os_strcmp(var, field->name) == 0)
+- return field->writer(field, ssid);
++ if (os_strcmp(var, field->name) == 0) {
++ char *ret = field->writer(field, ssid);
++
++ if (ret && has_newline(ret)) {
++ wpa_printf(MSG_ERROR,
++ "Found newline in value for %s; not returning it",
++ var);
++ os_free(ret);
++ ret = NULL;
++ }
++
++ return ret;
++ }
+ }
+
+ return NULL;
diff --cc debian/patches/2016-1/0004-Reject-SET_CRED-commands-with-newline-characters-in-.patch
index b0920ab,0000000..8b1fd35
mode 100644,000000..100644
--- a/debian/patches/2016-1/0004-Reject-SET_CRED-commands-with-newline-characters-in-.patch
+++ b/debian/patches/2016-1/0004-Reject-SET_CRED-commands-with-newline-characters-in-.patch
@@@ -1,57 -1,0 +1,57 @@@
+From b166cd84a77a6717be9600bf95378a0055d6f5a5 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <jouni at qca.qualcomm.com>
+Date: Tue, 5 Apr 2016 23:33:10 +0300
+Subject: [PATCH 4/5] Reject SET_CRED commands with newline characters in the
+ string values
+
+Most of the cred block parameters are written as strings without
+filtering and if there is an embedded newline character in the value,
+unexpected configuration file data might be written.
+
+This fixes an issue where wpa_supplicant could have updated the
+configuration file cred parameter with arbitrary data from the control
+interface or D-Bus interface. While those interfaces are supposed to be
+accessible only for trusted users/applications, it may be possible that
+an untrusted user has access to a management software component that
+does not validate the credential value before passing it to
+wpa_supplicant.
+
+This could allow such an untrusted user to inject almost arbitrary data
+into the configuration file. Such configuration file could result in
+wpa_supplicant trying to load a library (e.g., opensc_engine_path,
+pkcs11_engine_path, pkcs11_module_path, load_dynamic_eap) from user
+controlled location when starting again. This would allow code from that
+library to be executed under the wpa_supplicant process privileges.
+
+Signed-off-by: Jouni Malinen <jouni at qca.qualcomm.com>
+---
+ wpa_supplicant/config.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+--- a/wpa_supplicant/config.c
++++ b/wpa_supplicant/config.c
- @@ -2572,6 +2572,8 @@ int wpa_config_set_cred(struct wpa_cred
++@@ -2789,6 +2789,8 @@
+
+ if (os_strcmp(var, "password") == 0 &&
+ os_strncmp(value, "ext:", 4) == 0) {
++ if (has_newline(value))
++ return -1;
+ str_clear_free(cred->password);
+ cred->password = os_strdup(value);
+ cred->ext_password = 1;
- @@ -2622,9 +2624,14 @@ int wpa_config_set_cred(struct wpa_cred
++@@ -2839,9 +2841,14 @@
+ }
+
+ val = wpa_config_parse_string(value, &len);
+- if (val == NULL) {
++ if (val == NULL ||
++ (os_strcmp(var, "excluded_ssid") != 0 &&
++ os_strcmp(var, "roaming_consortium") != 0 &&
++ os_strcmp(var, "required_roaming_consortium") != 0 &&
++ has_newline(val))) {
+ wpa_printf(MSG_ERROR, "Line %d: invalid field '%s' string "
+ "value '%s'.", line, var, value);
++ os_free(val);
+ return -1;
+ }
+
diff --cc debian/patches/2016-1/0005-Reject-SET-commands-with-newline-characters-in-the-s.patch
index 5dec5c0,0000000..7c3aa50
mode 100644,000000..100644
--- a/debian/patches/2016-1/0005-Reject-SET-commands-with-newline-characters-in-the-s.patch
+++ b/debian/patches/2016-1/0005-Reject-SET-commands-with-newline-characters-in-the-s.patch
@@@ -1,45 -1,0 +1,45 @@@
+From 2a3f56502b52375c3bf113cf92adfa99bad6b488 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <jouni at qca.qualcomm.com>
+Date: Tue, 5 Apr 2016 23:55:48 +0300
+Subject: [PATCH 5/5] Reject SET commands with newline characters in the
+ string values
+
+Many of the global configuration parameters are written as strings
+without filtering and if there is an embedded newline character in the
+value, unexpected configuration file data might be written.
+
+This fixes an issue where wpa_supplicant could have updated the
+configuration file global parameter with arbitrary data from the control
+interface or D-Bus interface. While those interfaces are supposed to be
+accessible only for trusted users/applications, it may be possible that
+an untrusted user has access to a management software component that
+does not validate the value of a parameter before passing it to
+wpa_supplicant.
+
+This could allow such an untrusted user to inject almost arbitrary data
+into the configuration file. Such configuration file could result in
+wpa_supplicant trying to load a library (e.g., opensc_engine_path,
+pkcs11_engine_path, pkcs11_module_path, load_dynamic_eap) from user
+controlled location when starting again. This would allow code from that
+library to be executed under the wpa_supplicant process privileges.
+
+Signed-off-by: Jouni Malinen <jouni at qca.qualcomm.com>
+---
+ wpa_supplicant/config.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/wpa_supplicant/config.c
++++ b/wpa_supplicant/config.c
- @@ -3418,6 +3418,12 @@ static int wpa_global_config_parse_str(c
++@@ -3649,6 +3649,12 @@
+ return -1;
+ }
+
++ if (has_newline(pos)) {
++ wpa_printf(MSG_ERROR, "Line %d: invalid %s value with newline",
++ line, data->name);
++ return -1;
++ }
++
+ tmp = os_strdup(pos);
+ if (tmp == NULL)
+ return -1;
diff --cc debian/patches/dbus-fix-operations-for-p2p-mgmt.patch
index 049645f,049645f..90b939a
--- a/debian/patches/dbus-fix-operations-for-p2p-mgmt.patch
+++ b/debian/patches/dbus-fix-operations-for-p2p-mgmt.patch
@@@ -25,11 -25,11 +25,9 @@@ BugLink: https://bugs.launchpad.net/ubu
---
(limited to 'wpa_supplicant/dbus/dbus_new_handlers.c')
--diff --git a/wpa_supplicant/dbus/dbus_new_handlers.c b/wpa_supplicant/dbus/dbus_new_handlers.c
--index d695d1b..3f5fd0a 100644
--- a/wpa_supplicant/dbus/dbus_new_handlers.c
+++ b/wpa_supplicant/dbus/dbus_new_handlers.c
--@@ -157,7 +157,8 @@ static struct wpa_supplicant * get_iface_by_dbus_path(
++@@ -157,7 +157,8 @@
struct wpa_supplicant *wpa_s;
for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
@@@ -39,7 -39,7 +37,7 @@@
return wpa_s;
}
return NULL;
--@@ -600,7 +601,7 @@ DBusMessage * wpas_dbus_handler_create_interface(DBusMessage *message,
++@@ -600,7 +601,7 @@
iface.bridge_ifname = bridge_ifname;
/* Otherwise, have wpa_supplicant attach to it. */
wpa_s = wpa_supplicant_add_iface(global, &iface, NULL);
@@@ -48,7 -48,7 +46,7 @@@
const char *path = wpa_s->dbus_new_path;
reply = dbus_message_new_method_return(message);
--@@ -684,7 +685,7 @@ DBusMessage * wpas_dbus_handler_get_interface(DBusMessage *message,
++@@ -684,7 +685,7 @@
DBUS_TYPE_INVALID);
wpa_s = wpa_supplicant_get_iface(global, ifname);
@@@ -57,7 -57,7 +55,7 @@@
return wpas_dbus_error_iface_unknown(message);
path = wpa_s->dbus_new_path;
--@@ -876,8 +877,10 @@ dbus_bool_t wpas_dbus_getter_interfaces(DBusMessageIter *iter,
++@@ -876,8 +877,10 @@
unsigned int i = 0, num = 0;
dbus_bool_t success;
@@@ -70,7 -70,7 +68,7 @@@
paths = os_calloc(num, sizeof(char *));
if (!paths) {
--@@ -885,8 +888,10 @@ dbus_bool_t wpas_dbus_getter_interfaces(DBusMessageIter *iter,
++@@ -885,8 +888,10 @@
return FALSE;
}
@@@ -83,7 -83,7 +81,7 @@@
success = wpas_dbus_simple_array_property_getter(iter,
DBUS_TYPE_OBJECT_PATH,
--@@ -1478,7 +1483,8 @@ DBusMessage * wpas_dbus_handler_add_network(DBusMessage *message,
++@@ -1478,7 +1483,8 @@
dbus_message_iter_init(message, &iter);
@@@ -93,7 -93,7 +91,7 @@@
if (ssid == NULL) {
wpa_printf(MSG_ERROR, "%s[dbus]: can't add new interface.",
__func__);
--@@ -1602,7 +1608,7 @@ DBusMessage * wpas_dbus_handler_remove_network(DBusMessage *message,
++@@ -1602,7 +1608,7 @@
iface = wpas_dbus_new_decompose_object_path(op,
WPAS_DBUS_NEW_NETWORKS_PART,
&net_id);
@@@ -102,7 -102,7 +100,7 @@@
os_strcmp(iface, wpa_s->dbus_new_path) != 0) {
reply = wpas_dbus_error_invalid_args(message, op);
goto out;
--@@ -1715,7 +1721,7 @@ DBusMessage * wpas_dbus_handler_select_network(DBusMessage *message,
++@@ -1715,7 +1721,7 @@
iface = wpas_dbus_new_decompose_object_path(op,
WPAS_DBUS_NEW_NETWORKS_PART,
&net_id);
@@@ -111,7 -111,7 +109,7 @@@
os_strcmp(iface, wpa_s->dbus_new_path) != 0) {
reply = wpas_dbus_error_invalid_args(message, op);
goto out;
--@@ -1773,7 +1779,7 @@ DBusMessage * wpas_dbus_handler_network_reply(DBusMessage *message,
++@@ -1773,7 +1779,7 @@
iface = wpas_dbus_new_decompose_object_path(op,
WPAS_DBUS_NEW_NETWORKS_PART,
&net_id);
@@@ -120,7 -120,7 +118,7 @@@
os_strcmp(iface, wpa_s->dbus_new_path) != 0) {
reply = wpas_dbus_error_invalid_args(message, op);
goto out;
--@@ -2266,12 +2272,14 @@ DBusMessage * wpas_dbus_handler_set_pkcs11_engine_and_module_path(
++@@ -2266,12 +2272,14 @@
message, DBUS_ERROR_FAILED,
"Reinit of the EAPOL state machine with the new PKCS #11 engine and module path failed.");
@@@ -141,7 -141,7 +139,7 @@@
return NULL;
}
--@@ -3024,7 +3032,7 @@ dbus_bool_t wpas_dbus_getter_current_bss(DBusMessageIter *iter,
++@@ -3024,7 +3032,7 @@
struct wpa_supplicant *wpa_s = user_data;
char path_buf[WPAS_DBUS_OBJECT_PATH_MAX], *bss_obj_path = path_buf;
@@@ -150,7 -150,7 +148,7 @@@
os_snprintf(bss_obj_path, WPAS_DBUS_OBJECT_PATH_MAX,
"%s/" WPAS_DBUS_NEW_BSSIDS_PART "/%u",
wpa_s->dbus_new_path, wpa_s->current_bss->id);
--@@ -3052,7 +3060,7 @@ dbus_bool_t wpas_dbus_getter_current_network(DBusMessageIter *iter,
++@@ -3052,7 +3060,7 @@
struct wpa_supplicant *wpa_s = user_data;
char path_buf[WPAS_DBUS_OBJECT_PATH_MAX], *net_obj_path = path_buf;
@@@ -159,7 -159,7 +157,7 @@@
os_snprintf(net_obj_path, WPAS_DBUS_OBJECT_PATH_MAX,
"%s/" WPAS_DBUS_NEW_NETWORKS_PART "/%u",
wpa_s->dbus_new_path, wpa_s->current_ssid->id);
--@@ -3140,6 +3148,12 @@ dbus_bool_t wpas_dbus_getter_bsss(DBusMessageIter *iter, DBusError *error,
++@@ -3140,6 +3148,12 @@
unsigned int i = 0;
dbus_bool_t success = FALSE;
@@@ -172,7 -172,7 +170,7 @@@
paths = os_calloc(wpa_s->num_bss, sizeof(char *));
if (!paths) {
dbus_set_error_const(error, DBUS_ERROR_NO_MEMORY, "no memory");
--@@ -3191,6 +3205,12 @@ dbus_bool_t wpas_dbus_getter_networks(DBusMessageIter *iter, DBusError *error,
++@@ -3191,6 +3205,12 @@
unsigned int i = 0, num = 0;
dbus_bool_t success = FALSE;
@@@ -185,7 -185,7 +183,7 @@@
for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
if (!network_is_persistent_group(ssid))
num++;
--@@ -4104,7 +4124,7 @@ void wpas_dbus_signal_preq(struct wpa_supplicant *wpa_s,
++@@ -4102,7 +4122,7 @@
struct wpas_dbus_priv *priv = wpa_s->global->dbus;
/* Do nothing if the control interface is not turned on */
diff --cc debian/patches/series
index c04fd1b,9a38a2a..9dec43c
--- a/debian/patches/series
+++ b/debian/patches/series
@@@ -4,29 -4,18 +4,26 @@@
07_dbus_service_syslog.patch
12_wpa_gui_knotify_support.patch
wpa_gui_desktop_add-keywords-entry.patch
- wpasupplicant_band_selection_f0d0a5d2.patch
- wpasupplicant_band_selection_a1b790eb.patch
- wpasupplicant_band_selection_8b2b718d.patch
-wpasupplicant_fix-systemd-unit-dependencies.patch
-wpasupplicant_P2P-Validate-SSID-element-length-before-copying-it-C.patch
-session-ticket.patch
-dbus-available-sta.patch
-CVE-2015-4141.patch
-CVE-2015-4142.patch
-CVE-2015-4143-4146.patch
-android_hal_fw_path_change.patch
-dbus-fix-operations-for-p2p-mgmt.patch
-CVE-2015-5310.patch
-CVE-2015-5315-1.patch
-CVE-2015-5315-2.patch
-CVE-2015-5316.patch
-CVE-2015-8041.patch
wpasupplicant_band_selection_aa517ae2.patch
+2015-1/0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch
+2015-2/0001-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch
+2015-3/0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch
+2015-4/0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch
+2015-4/0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch
+2015-4/0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch
+2015-4/0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch
+2015-4/0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch
+2015-5/0001-NFC-Fix-payload-length-validation-in-NDEF-record-par.patch
+2015-6/backported-WNM-Ignore-Key-Data-in-WNM-Sleep-Mode-Response-frame.patch
+2015-7/0001-EAP-pwd-server-Fix-last-fragment-length-validation.patch
+2015-7/0001-EAP-pwd-peer-Fix-last-fragment-length-validation.patch
+2015-8/0001-EAP-pwd-peer-Fix-error-path-for-unexpected-Confirm-m.patch
+systemd_order-wpa_supplicant-before-network.target.patch
+networkd-driver-fallback.patch
+wpa_supplicant_fix-dependency-odering-when-invoked-with-dbus.patch
+2016-1/0001-WPS-Reject-a-Credential-with-invalid-passphrase.patch
+2016-1/0002-Reject-psk-parameter-set-with-invalid-passphrase-cha.patch
+2016-1/0003-Remove-newlines-from-wpa_supplicant-config-network-o.patch
+2016-1/0004-Reject-SET_CRED-commands-with-newline-characters-in-.patch
+2016-1/0005-Reject-SET-commands-with-newline-characters-in-the-s.patch
+dbus-fix-operations-for-p2p-mgmt.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/collab-maint/wpa.git
More information about the Pkg-wpa-devel
mailing list