* [bug#53373] [PATCH] gnu: hostapd, wpa-wupplicant: Update to 2.10 [security fixes].
@ 2022-01-19 20:20 Leo Famulari
2022-01-19 20:37 ` bug#53373: " Tobias Geerinckx-Rice via Guix-patches via
0 siblings, 1 reply; 3+ messages in thread
From: Leo Famulari @ 2022-01-19 20:20 UTC (permalink / raw)
To: 53373
See the upstream advisory for more information on the security fixes
contained in these updates:
https://w1.fi/security/2022-1/sae-eap-pwd-side-channel-attack-update-2.txt
* gnu/packages/admin.scm (wpa-supplicant-minimal): Update to 2.10.
[source]: Remove obsolete patches "wpa-supplicant-CVE-2021-27803.patch"
and "wpa-supplicant-CVE-2021-30004.patch".
(hostapd): Update to 2.10.
[source]: Remove obsolete patches "wpa-supplicant-CVE-2021-27803.patch"
and "wpa-supplicant-CVE-2021-30004.patch".
* gnu/packages/patches/wpa-supplicant-CVE-2021-27803.patch,
gnu/packages/patches/wpa-supplicant-CVE-2021-30004.patch: Delete files.
* gnu/local.mk (dist_patch_DATA): Remove them.
---
gnu/local.mk | 2 -
gnu/packages/admin.scm | 9 +-
.../wpa-supplicant-CVE-2021-27803.patch | 50 --------
.../wpa-supplicant-CVE-2021-30004.patch | 115 ------------------
4 files changed, 3 insertions(+), 173 deletions(-)
delete mode 100644 gnu/packages/patches/wpa-supplicant-CVE-2021-27803.patch
delete mode 100644 gnu/packages/patches/wpa-supplicant-CVE-2021-30004.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index 3a954f8bf9..4313bf7650 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1950,8 +1950,6 @@ dist_patch_DATA = \
%D%/packages/patches/wordnet-CVE-2008-2149.patch \
%D%/packages/patches/wordnet-CVE-2008-3908-pt1.patch \
%D%/packages/patches/wordnet-CVE-2008-3908-pt2.patch \
- %D%/packages/patches/wpa-supplicant-CVE-2021-27803.patch \
- %D%/packages/patches/wpa-supplicant-CVE-2021-30004.patch \
%D%/packages/patches/x265-arm-flags.patch \
%D%/packages/patches/xdg-desktop-portal-wlr-harcoded-length.patch\
%D%/packages/patches/xf86-video-ark-remove-mibstore.patch \
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index 4f84e29499..ed66e358ea 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -1841,7 +1841,7 @@ (define-public opendoas
(define-public wpa-supplicant-minimal
(package
(name "wpa-supplicant-minimal")
- (version "2.9")
+ (version "2.10")
(source (origin
(method url-fetch)
(uri (string-append
@@ -1849,7 +1849,7 @@ (define-public wpa-supplicant-minimal
version ".tar.gz"))
(sha256
(base32
- "05qzak1mssnxcgdrafifxh9w86a4ha69qabkg4bsigk499xyxggw"))
+ "0bvvw7bx149a57llzrwzlpggyym84f8jdd4abwsk0f2b2pjpmpr0"))
(modules '((guix build utils)))
(snippet
'(begin
@@ -1857,10 +1857,7 @@ (define-public wpa-supplicant-minimal
;; Disable D-Bus to save ~14MiB on the closure size.
(("^CONFIG_CTRL_IFACE_DBUS" line _)
(string-append "#" line)))
- #t))
- (patches
- (search-patches "wpa-supplicant-CVE-2021-27803.patch"
- "wpa-supplicant-CVE-2021-30004.patch"))))
+ #t))))
(build-system gnu-build-system)
(arguments
`(#:phases
diff --git a/gnu/packages/patches/wpa-supplicant-CVE-2021-27803.patch b/gnu/packages/patches/wpa-supplicant-CVE-2021-27803.patch
deleted file mode 100644
index 1942bb3d55..0000000000
--- a/gnu/packages/patches/wpa-supplicant-CVE-2021-27803.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 8460e3230988ef2ec13ce6b69b687e941f6cdb32 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <jouni@codeaurora.org>
-Date: Tue, 8 Dec 2020 23:52:50 +0200
-Subject: [PATCH] P2P: Fix a corner case in peer addition based on PD Request
-
-p2p_add_device() may remove the oldest entry if there is no room in the
-peer table for a new peer. This would result in any pointer to that
-removed entry becoming stale. A corner case with an invalid PD Request
-frame could result in such a case ending up using (read+write) freed
-memory. This could only by triggered when the peer table has reached its
-maximum size and the PD Request frame is received from the P2P Device
-Address of the oldest remaining entry and the frame has incorrect P2P
-Device Address in the payload.
-
-Fix this by fetching the dev pointer again after having called
-p2p_add_device() so that the stale pointer cannot be used.
-
-Fixes: 17bef1e97a50 ("P2P: Add peer entry based on Provision Discovery Request")
-Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
----
- src/p2p/p2p_pd.c | 12 +++++-------
- 1 file changed, 5 insertions(+), 7 deletions(-)
-
-diff --git a/src/p2p/p2p_pd.c b/src/p2p/p2p_pd.c
-index 3994ec03f86b..05fd593494ef 100644
---- a/src/p2p/p2p_pd.c
-+++ b/src/p2p/p2p_pd.c
-@@ -595,14 +595,12 @@ void p2p_process_prov_disc_req(struct p2p_data *p2p, const u8 *sa,
- goto out;
- }
-
-+ dev = p2p_get_device(p2p, sa);
- if (!dev) {
-- dev = p2p_get_device(p2p, sa);
-- if (!dev) {
-- p2p_dbg(p2p,
-- "Provision Discovery device not found "
-- MACSTR, MAC2STR(sa));
-- goto out;
-- }
-+ p2p_dbg(p2p,
-+ "Provision Discovery device not found "
-+ MACSTR, MAC2STR(sa));
-+ goto out;
- }
- } else if (msg.wfd_subelems) {
- wpabuf_free(dev->info.wfd_subelems);
---
-2.25.1
-
diff --git a/gnu/packages/patches/wpa-supplicant-CVE-2021-30004.patch b/gnu/packages/patches/wpa-supplicant-CVE-2021-30004.patch
deleted file mode 100644
index 8c8ba93355..0000000000
--- a/gnu/packages/patches/wpa-supplicant-CVE-2021-30004.patch
+++ /dev/null
@@ -1,115 +0,0 @@
-From a0541334a6394f8237a4393b7372693cd7e96f15 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Sat, 13 Mar 2021 18:19:31 +0200
-Subject: ASN.1: Validate DigestAlgorithmIdentifier parameters
-
-The supported hash algorithms do not use AlgorithmIdentifier parameters.
-However, there are implementations that include NULL parameters in
-addition to ones that omit the parameters. Previous implementation did
-not check the parameters value at all which supported both these cases,
-but did not reject any other unexpected information.
-
-Use strict validation of digest algorithm parameters and reject any
-unexpected value when validating a signature. This is needed to prevent
-potential forging attacks.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/tls/pkcs1.c | 21 +++++++++++++++++++++
- src/tls/x509v3.c | 20 ++++++++++++++++++++
- 2 files changed, 41 insertions(+)
-
-diff --git a/src/tls/pkcs1.c b/src/tls/pkcs1.c
-index bbdb0d7..5761dfe 100644
---- a/src/tls/pkcs1.c
-+++ b/src/tls/pkcs1.c
-@@ -244,6 +244,8 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk,
- os_free(decrypted);
- return -1;
- }
-+ wpa_hexdump(MSG_MSGDUMP, "PKCS #1: DigestInfo",
-+ hdr.payload, hdr.length);
-
- pos = hdr.payload;
- end = pos + hdr.length;
-@@ -265,6 +267,8 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk,
- os_free(decrypted);
- return -1;
- }
-+ wpa_hexdump(MSG_MSGDUMP, "PKCS #1: DigestAlgorithmIdentifier",
-+ hdr.payload, hdr.length);
- da_end = hdr.payload + hdr.length;
-
- if (asn1_get_oid(hdr.payload, hdr.length, &oid, &next)) {
-@@ -273,6 +277,23 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk,
- os_free(decrypted);
- return -1;
- }
-+ wpa_hexdump(MSG_MSGDUMP, "PKCS #1: Digest algorithm parameters",
-+ next, da_end - next);
-+
-+ /*
-+ * RFC 5754: The correct encoding for the SHA2 algorithms would be to
-+ * omit the parameters, but there are implementation that encode these
-+ * as a NULL element. Allow these two cases and reject anything else.
-+ */
-+ if (da_end > next &&
-+ (asn1_get_next(next, da_end - next, &hdr) < 0 ||
-+ !asn1_is_null(&hdr) ||
-+ hdr.payload + hdr.length != da_end)) {
-+ wpa_printf(MSG_DEBUG,
-+ "PKCS #1: Unexpected digest algorithm parameters");
-+ os_free(decrypted);
-+ return -1;
-+ }
-
- if (!asn1_oid_equal(&oid, hash_alg)) {
- char txt[100], txt2[100];
-diff --git a/src/tls/x509v3.c b/src/tls/x509v3.c
-index a8944dd..df337ec 100644
---- a/src/tls/x509v3.c
-+++ b/src/tls/x509v3.c
-@@ -1964,6 +1964,7 @@ int x509_check_signature(struct x509_certificate *issuer,
- os_free(data);
- return -1;
- }
-+ wpa_hexdump(MSG_MSGDUMP, "X509: DigestInfo", hdr.payload, hdr.length);
-
- pos = hdr.payload;
- end = pos + hdr.length;
-@@ -1985,6 +1986,8 @@ int x509_check_signature(struct x509_certificate *issuer,
- os_free(data);
- return -1;
- }
-+ wpa_hexdump(MSG_MSGDUMP, "X509: DigestAlgorithmIdentifier",
-+ hdr.payload, hdr.length);
- da_end = hdr.payload + hdr.length;
-
- if (asn1_get_oid(hdr.payload, hdr.length, &oid, &next)) {
-@@ -1992,6 +1995,23 @@ int x509_check_signature(struct x509_certificate *issuer,
- os_free(data);
- return -1;
- }
-+ wpa_hexdump(MSG_MSGDUMP, "X509: Digest algorithm parameters",
-+ next, da_end - next);
-+
-+ /*
-+ * RFC 5754: The correct encoding for the SHA2 algorithms would be to
-+ * omit the parameters, but there are implementation that encode these
-+ * as a NULL element. Allow these two cases and reject anything else.
-+ */
-+ if (da_end > next &&
-+ (asn1_get_next(next, da_end - next, &hdr) < 0 ||
-+ !asn1_is_null(&hdr) ||
-+ hdr.payload + hdr.length != da_end)) {
-+ wpa_printf(MSG_DEBUG,
-+ "X509: Unexpected digest algorithm parameters");
-+ os_free(data);
-+ return -1;
-+ }
-
- if (x509_sha1_oid(&oid)) {
- if (signature->oid.oid[6] != 5 /* sha-1WithRSAEncryption */) {
---
-cgit v0.12
-
--
2.34.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* bug#53373: [PATCH] gnu: hostapd, wpa-wupplicant: Update to 2.10 [security fixes].
2022-01-19 20:20 [bug#53373] [PATCH] gnu: hostapd, wpa-wupplicant: Update to 2.10 [security fixes] Leo Famulari
@ 2022-01-19 20:37 ` Tobias Geerinckx-Rice via Guix-patches via
2022-01-19 20:53 ` [bug#53373] " Leo Famulari
0 siblings, 1 reply; 3+ messages in thread
From: Tobias Geerinckx-Rice via Guix-patches via @ 2022-01-19 20:37 UTC (permalink / raw)
To: Leo Famulari; +Cc: 53373-done
[-- Attachment #1: Type: text/plain, Size: 322 bytes --]
Leo,
Leo Famulari 写道:
> * gnu/packages/admin.scm (wpa-supplicant-minimal): Update to
> 2.10.
Thanks! I pushed it as d331bd0a39fd3604581e3c5f15875b7733aad495
since
> (hostapd): Update to 2.10.
I broke that part :-) In retrospect, I didn't, the patch applied
perfectly.
Kind regards,
T G-R
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 247 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* [bug#53373] [PATCH] gnu: hostapd, wpa-wupplicant: Update to 2.10 [security fixes].
2022-01-19 20:37 ` bug#53373: " Tobias Geerinckx-Rice via Guix-patches via
@ 2022-01-19 20:53 ` Leo Famulari
0 siblings, 0 replies; 3+ messages in thread
From: Leo Famulari @ 2022-01-19 20:53 UTC (permalink / raw)
To: Tobias Geerinckx-Rice; +Cc: 53373-done
On Wed, Jan 19, 2022 at 09:37:09PM +0100, Tobias Geerinckx-Rice wrote:
> Leo,
>
> Leo Famulari 写道:
> > * gnu/packages/admin.scm (wpa-supplicant-minimal): Update to 2.10.
>
> Thanks! I pushed it as d331bd0a39fd3604581e3c5f15875b7733aad495 since
>
> > (hostapd): Update to 2.10.
>
> I broke that part :-) In retrospect, I didn't, the patch applied perfectly.
Thanks for taking care of it!
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-01-19 20:54 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-01-19 20:20 [bug#53373] [PATCH] gnu: hostapd, wpa-wupplicant: Update to 2.10 [security fixes] Leo Famulari
2022-01-19 20:37 ` bug#53373: " Tobias Geerinckx-Rice via Guix-patches via
2022-01-19 20:53 ` [bug#53373] " Leo Famulari
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.