diff options
| author | Marius Bakke <mbakke@fastmail.com> | 2016-10-05 04:08:46 +0100 |
|---|---|---|
| committer | Leo Famulari <leo@famulari.name> | 2016-10-09 17:37:36 -0400 |
| commit | fc0081213d612dc0b4f5f90d5b775704511a7432 (patch) | |
| tree | 3cce73b98b2d001e878d740f20b3e12951928c75 /gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt1.patch | |
| parent | 6f9d5b2e8c861c3a1243937a26400f8394946346 (diff) | |
| download | guix-fc0081213d612dc0b4f5f90d5b775704511a7432.tar guix-fc0081213d612dc0b4f5f90d5b775704511a7432.tar.gz | |
gnu: wpa-supplicant: Update to 2.6.
* gnu/packages/admin.scm (wpa-supplicant-minimal)[source]: Update to
2.6. Remove 'patches' field.
* gnu/packages/patches/wpa-supplicant-CVE-2015-5310.patch,
gnu/packages/patches/wpa-supplicant-CVE-2015-5314.patch,
gnu/packages/patches/wpa-supplicant-CVE-2015-5315.patch,
gnu/packages/patches/wpa-supplicant-CVE-2015-5316.patch,
gnu/packages/patches/wpa-supplicant-CVE-2016-4476.patch,
gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt1.patch,
gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt2.patch,
gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt3.patch,
gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt4.patch: Delete
files.
* gnu/local.mk (dist_patch_DATA): Remove them.
Signed-off-by: Leo Famulari <leo@famulari.name>
Diffstat (limited to 'gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt1.patch')
| -rw-r--r-- | gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt1.patch | 51 |
1 files changed, 0 insertions, 51 deletions
diff --git a/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt1.patch b/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt1.patch deleted file mode 100644 index 507a96e47c..0000000000 --- a/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt1.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 73e4abb24a936014727924d8b0b2965edfc117dd Mon Sep 17 00:00:00 2001 -From: Jouni Malinen <jouni@qca.qualcomm.com> -Date: Fri, 4 Mar 2016 18:46:41 +0200 -Subject: [PATCH 2/5] Reject psk parameter set with invalid passphrase - character - -WPA/WPA2-Personal passphrase is not allowed to include control -characters. Reject a passphrase configuration attempt if that passphrase -includes an invalid passphrase. - -This fixes an issue where wpa_supplicant could have updated the -configuration file psk parameter with arbitrary data from the control -interface or D-Bus interface. While those interfaces are supposed to be -accessible only for trusted users/applications, it may be possible that -an untrusted user has access to a management software component that -does not validate the passphrase value before passing it to -wpa_supplicant. - -This could allow such an untrusted user to inject up to 63 characters of -almost arbitrary data into the configuration file. Such configuration -file could result in wpa_supplicant trying to load a library (e.g., -opensc_engine_path, pkcs11_engine_path, pkcs11_module_path, -load_dynamic_eap) from user controlled location when starting again. -This would allow code from that library to be executed under the -wpa_supplicant process privileges. - -Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com> ---- - wpa_supplicant/config.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c -index b1c7870..fdd9643 100644 ---- a/wpa_supplicant/config.c -+++ b/wpa_supplicant/config.c -@@ -478,6 +478,12 @@ static int wpa_config_parse_psk(const struct parse_data *data, - } - wpa_hexdump_ascii_key(MSG_MSGDUMP, "PSK (ASCII passphrase)", - (u8 *) value, len); -+ if (has_ctrl_char((u8 *) value, len)) { -+ wpa_printf(MSG_ERROR, -+ "Line %d: Invalid passphrase character", -+ line); -+ return -1; -+ } - if (ssid->passphrase && os_strlen(ssid->passphrase) == len && - os_memcmp(ssid->passphrase, value, len) == 0) { - /* No change to the previously configured value */ --- -1.9.1 - |