From patchwork Wed Jan 19 20:20:26 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Leo Famulari X-Patchwork-Id: 36637 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 0376E27BBEA; Wed, 19 Jan 2022 20:21:20 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 392BD27BBE9 for ; Wed, 19 Jan 2022 20:21:19 +0000 (GMT) Received: from localhost ([::1]:42868 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nAHSI-0004Ld-9e for patchwork@mira.cbaines.net; Wed, 19 Jan 2022 15:21:18 -0500 Received: from eggs.gnu.org ([209.51.188.92]:60534) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nAHS4-0004JV-1H for guix-patches@gnu.org; Wed, 19 Jan 2022 15:21:05 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:34423) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1nAHS2-0002Y4-Ln for guix-patches@gnu.org; Wed, 19 Jan 2022 15:21:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1nAHS2-0001za-JZ for guix-patches@gnu.org; Wed, 19 Jan 2022 15:21:02 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#53373] [PATCH] gnu: hostapd, wpa-wupplicant: Update to 2.10 [security fixes]. Resent-From: Leo Famulari Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 19 Jan 2022 20:21:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 53373 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 53373@debbugs.gnu.org X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.16426236447603 (code B ref -1); Wed, 19 Jan 2022 20:21:02 +0000 Received: (at submit) by debbugs.gnu.org; 19 Jan 2022 20:20:44 +0000 Received: from localhost ([127.0.0.1]:55559 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nAHRg-0001yW-Aq for submit@debbugs.gnu.org; Wed, 19 Jan 2022 15:20:44 -0500 Received: from lists.gnu.org ([209.51.188.17]:44512) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nAHRd-0001yL-Nh for submit@debbugs.gnu.org; Wed, 19 Jan 2022 15:20:39 -0500 Received: from eggs.gnu.org ([209.51.188.92]:60494) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nAHRd-0004F3-6g for guix-patches@gnu.org; Wed, 19 Jan 2022 15:20:37 -0500 Received: from wout1-smtp.messagingengine.com ([64.147.123.24]:49671) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nAHRZ-0002Vr-Hx for guix-patches@gnu.org; Wed, 19 Jan 2022 15:20:36 -0500 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.west.internal (Postfix) with ESMTP id 0580F32024A0; Wed, 19 Jan 2022 15:20:30 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute5.internal (MEProxy); Wed, 19 Jan 2022 15:20:31 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=from:to:subject:date:message-id:mime-version :content-transfer-encoding; s=mesmtp; bh=SMWy3z5iVO+l/ksGjn3l/Gz gjGHReafXo3COyIAM1YM=; b=pqNwjyzucCvQM0xhwGVazZjgtsOBKbQfVnlumEW A177FS0zP+JT8FTKlqdFu2GHEW66e1qe7e5zvPwlBb45sM/f2vfoVGQfgKaqUAMS bTH6luvOMXuxOW5EgFAAnG0zxYSMKw3brRAnLkvwPKXHiG27ANdhNLmrq1n0mhT8 VqD8= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:date:from :message-id:mime-version:subject:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=SMWy3z5iVO+l/ksGj n3l/GzgjGHReafXo3COyIAM1YM=; b=I9sFYy0o6HddN2GvAnluLruQRwrff6elm 6HPEwAClrTP63gSEcRjKPOj8cTMB6h2M9UTzWtXfaaQpRRnc4gfxqJYdA0Ysxi/f HDcJQmGM4d1jzwesHaeYLVfGBaHSF4PZiOoX2mOl+/1abeEuhYs09KuTy2RNtxtO LvOJTbUwoBSB/W3mHYZQx1LqiP4V2mBrvJ9wCBE2iS75VsB2usIld61WocgZI3s8 3LoRr403zkHmJcngghXCllCbLoXSVVv0sbLRk0+tXHvL0EimFwWVSt4qsKIa15Yw hQtvmY9xtL59TmTk5SrdAx/p+zkravI5ePDM8Q5RhsHj81ZIhklMQ== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvvddrudeigdejiecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhephffvufffkffoggfgsedtkeertdertd dtnecuhfhrohhmpefnvghoucfhrghmuhhlrghrihcuoehlvghosehfrghmuhhlrghrihdr nhgrmhgvqeenucggtffrrghtthgvrhhnpeeujeelvdelvdegtdeufeduvedvvddtkeffke dugeejieeivdelgfdukeekhffhfeenucffohhmrghinhepfidurdhfihenucevlhhushht vghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehlvghosehfrghmuhhlrg hrihdrnhgrmhgv X-ME-Proxy: Received: by mail.messagingengine.com (Postfix) with ESMTPA for ; Wed, 19 Jan 2022 15:20:30 -0500 (EST) From: Leo Famulari Date: Wed, 19 Jan 2022 15:20:26 -0500 Message-Id: X-Mailer: git-send-email 2.34.0 MIME-Version: 1.0 Received-SPF: pass client-ip=64.147.123.24; envelope-from=leo@famulari.name; helo=wout1-smtp.messagingengine.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches See the upstream advisory for more information on the security fixes contained in these updates: https://w1.fi/security/2022-1/sae-eap-pwd-side-channel-attack-update-2.txt * gnu/packages/admin.scm (wpa-supplicant-minimal): Update to 2.10. [source]: Remove obsolete patches "wpa-supplicant-CVE-2021-27803.patch" and "wpa-supplicant-CVE-2021-30004.patch". (hostapd): Update to 2.10. [source]: Remove obsolete patches "wpa-supplicant-CVE-2021-27803.patch" and "wpa-supplicant-CVE-2021-30004.patch". * gnu/packages/patches/wpa-supplicant-CVE-2021-27803.patch, gnu/packages/patches/wpa-supplicant-CVE-2021-30004.patch: Delete files. * gnu/local.mk (dist_patch_DATA): Remove them. --- gnu/local.mk | 2 - gnu/packages/admin.scm | 9 +- .../wpa-supplicant-CVE-2021-27803.patch | 50 -------- .../wpa-supplicant-CVE-2021-30004.patch | 115 ------------------ 4 files changed, 3 insertions(+), 173 deletions(-) delete mode 100644 gnu/packages/patches/wpa-supplicant-CVE-2021-27803.patch delete mode 100644 gnu/packages/patches/wpa-supplicant-CVE-2021-30004.patch diff --git a/gnu/local.mk b/gnu/local.mk index 3a954f8bf9..4313bf7650 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1950,8 +1950,6 @@ dist_patch_DATA = \ %D%/packages/patches/wordnet-CVE-2008-2149.patch \ %D%/packages/patches/wordnet-CVE-2008-3908-pt1.patch \ %D%/packages/patches/wordnet-CVE-2008-3908-pt2.patch \ - %D%/packages/patches/wpa-supplicant-CVE-2021-27803.patch \ - %D%/packages/patches/wpa-supplicant-CVE-2021-30004.patch \ %D%/packages/patches/x265-arm-flags.patch \ %D%/packages/patches/xdg-desktop-portal-wlr-harcoded-length.patch\ %D%/packages/patches/xf86-video-ark-remove-mibstore.patch \ diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm index 4f84e29499..ed66e358ea 100644 --- a/gnu/packages/admin.scm +++ b/gnu/packages/admin.scm @@ -1841,7 +1841,7 @@ (define-public opendoas (define-public wpa-supplicant-minimal (package (name "wpa-supplicant-minimal") - (version "2.9") + (version "2.10") (source (origin (method url-fetch) (uri (string-append @@ -1849,7 +1849,7 @@ (define-public wpa-supplicant-minimal version ".tar.gz")) (sha256 (base32 - "05qzak1mssnxcgdrafifxh9w86a4ha69qabkg4bsigk499xyxggw")) + "0bvvw7bx149a57llzrwzlpggyym84f8jdd4abwsk0f2b2pjpmpr0")) (modules '((guix build utils))) (snippet '(begin @@ -1857,10 +1857,7 @@ (define-public wpa-supplicant-minimal ;; Disable D-Bus to save ~14MiB on the closure size. (("^CONFIG_CTRL_IFACE_DBUS" line _) (string-append "#" line))) - #t)) - (patches - (search-patches "wpa-supplicant-CVE-2021-27803.patch" - "wpa-supplicant-CVE-2021-30004.patch")))) + #t)))) (build-system gnu-build-system) (arguments `(#:phases diff --git a/gnu/packages/patches/wpa-supplicant-CVE-2021-27803.patch b/gnu/packages/patches/wpa-supplicant-CVE-2021-27803.patch deleted file mode 100644 index 1942bb3d55..0000000000 --- a/gnu/packages/patches/wpa-supplicant-CVE-2021-27803.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 8460e3230988ef2ec13ce6b69b687e941f6cdb32 Mon Sep 17 00:00:00 2001 -From: Jouni Malinen -Date: Tue, 8 Dec 2020 23:52:50 +0200 -Subject: [PATCH] P2P: Fix a corner case in peer addition based on PD Request - -p2p_add_device() may remove the oldest entry if there is no room in the -peer table for a new peer. This would result in any pointer to that -removed entry becoming stale. A corner case with an invalid PD Request -frame could result in such a case ending up using (read+write) freed -memory. This could only by triggered when the peer table has reached its -maximum size and the PD Request frame is received from the P2P Device -Address of the oldest remaining entry and the frame has incorrect P2P -Device Address in the payload. - -Fix this by fetching the dev pointer again after having called -p2p_add_device() so that the stale pointer cannot be used. - -Fixes: 17bef1e97a50 ("P2P: Add peer entry based on Provision Discovery Request") -Signed-off-by: Jouni Malinen ---- - src/p2p/p2p_pd.c | 12 +++++------- - 1 file changed, 5 insertions(+), 7 deletions(-) - -diff --git a/src/p2p/p2p_pd.c b/src/p2p/p2p_pd.c -index 3994ec03f86b..05fd593494ef 100644 ---- a/src/p2p/p2p_pd.c -+++ b/src/p2p/p2p_pd.c -@@ -595,14 +595,12 @@ void p2p_process_prov_disc_req(struct p2p_data *p2p, const u8 *sa, - goto out; - } - -+ dev = p2p_get_device(p2p, sa); - if (!dev) { -- dev = p2p_get_device(p2p, sa); -- if (!dev) { -- p2p_dbg(p2p, -- "Provision Discovery device not found " -- MACSTR, MAC2STR(sa)); -- goto out; -- } -+ p2p_dbg(p2p, -+ "Provision Discovery device not found " -+ MACSTR, MAC2STR(sa)); -+ goto out; - } - } else if (msg.wfd_subelems) { - wpabuf_free(dev->info.wfd_subelems); --- -2.25.1 - diff --git a/gnu/packages/patches/wpa-supplicant-CVE-2021-30004.patch b/gnu/packages/patches/wpa-supplicant-CVE-2021-30004.patch deleted file mode 100644 index 8c8ba93355..0000000000 --- a/gnu/packages/patches/wpa-supplicant-CVE-2021-30004.patch +++ /dev/null @@ -1,115 +0,0 @@ -From a0541334a6394f8237a4393b7372693cd7e96f15 Mon Sep 17 00:00:00 2001 -From: Jouni Malinen -Date: Sat, 13 Mar 2021 18:19:31 +0200 -Subject: ASN.1: Validate DigestAlgorithmIdentifier parameters - -The supported hash algorithms do not use AlgorithmIdentifier parameters. -However, there are implementations that include NULL parameters in -addition to ones that omit the parameters. Previous implementation did -not check the parameters value at all which supported both these cases, -but did not reject any other unexpected information. - -Use strict validation of digest algorithm parameters and reject any -unexpected value when validating a signature. This is needed to prevent -potential forging attacks. - -Signed-off-by: Jouni Malinen ---- - src/tls/pkcs1.c | 21 +++++++++++++++++++++ - src/tls/x509v3.c | 20 ++++++++++++++++++++ - 2 files changed, 41 insertions(+) - -diff --git a/src/tls/pkcs1.c b/src/tls/pkcs1.c -index bbdb0d7..5761dfe 100644 ---- a/src/tls/pkcs1.c -+++ b/src/tls/pkcs1.c -@@ -244,6 +244,8 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk, - os_free(decrypted); - return -1; - } -+ wpa_hexdump(MSG_MSGDUMP, "PKCS #1: DigestInfo", -+ hdr.payload, hdr.length); - - pos = hdr.payload; - end = pos + hdr.length; -@@ -265,6 +267,8 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk, - os_free(decrypted); - return -1; - } -+ wpa_hexdump(MSG_MSGDUMP, "PKCS #1: DigestAlgorithmIdentifier", -+ hdr.payload, hdr.length); - da_end = hdr.payload + hdr.length; - - if (asn1_get_oid(hdr.payload, hdr.length, &oid, &next)) { -@@ -273,6 +277,23 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk, - os_free(decrypted); - return -1; - } -+ wpa_hexdump(MSG_MSGDUMP, "PKCS #1: Digest algorithm parameters", -+ next, da_end - next); -+ -+ /* -+ * RFC 5754: The correct encoding for the SHA2 algorithms would be to -+ * omit the parameters, but there are implementation that encode these -+ * as a NULL element. Allow these two cases and reject anything else. -+ */ -+ if (da_end > next && -+ (asn1_get_next(next, da_end - next, &hdr) < 0 || -+ !asn1_is_null(&hdr) || -+ hdr.payload + hdr.length != da_end)) { -+ wpa_printf(MSG_DEBUG, -+ "PKCS #1: Unexpected digest algorithm parameters"); -+ os_free(decrypted); -+ return -1; -+ } - - if (!asn1_oid_equal(&oid, hash_alg)) { - char txt[100], txt2[100]; -diff --git a/src/tls/x509v3.c b/src/tls/x509v3.c -index a8944dd..df337ec 100644 ---- a/src/tls/x509v3.c -+++ b/src/tls/x509v3.c -@@ -1964,6 +1964,7 @@ int x509_check_signature(struct x509_certificate *issuer, - os_free(data); - return -1; - } -+ wpa_hexdump(MSG_MSGDUMP, "X509: DigestInfo", hdr.payload, hdr.length); - - pos = hdr.payload; - end = pos + hdr.length; -@@ -1985,6 +1986,8 @@ int x509_check_signature(struct x509_certificate *issuer, - os_free(data); - return -1; - } -+ wpa_hexdump(MSG_MSGDUMP, "X509: DigestAlgorithmIdentifier", -+ hdr.payload, hdr.length); - da_end = hdr.payload + hdr.length; - - if (asn1_get_oid(hdr.payload, hdr.length, &oid, &next)) { -@@ -1992,6 +1995,23 @@ int x509_check_signature(struct x509_certificate *issuer, - os_free(data); - return -1; - } -+ wpa_hexdump(MSG_MSGDUMP, "X509: Digest algorithm parameters", -+ next, da_end - next); -+ -+ /* -+ * RFC 5754: The correct encoding for the SHA2 algorithms would be to -+ * omit the parameters, but there are implementation that encode these -+ * as a NULL element. Allow these two cases and reject anything else. -+ */ -+ if (da_end > next && -+ (asn1_get_next(next, da_end - next, &hdr) < 0 || -+ !asn1_is_null(&hdr) || -+ hdr.payload + hdr.length != da_end)) { -+ wpa_printf(MSG_DEBUG, -+ "X509: Unexpected digest algorithm parameters"); -+ os_free(data); -+ return -1; -+ } - - if (x509_sha1_oid(&oid)) { - if (signature->oid.oid[6] != 5 /* sha-1WithRSAEncryption */) { --- -cgit v0.12 -