diff options
| author | Marius Bakke <mbakke@fastmail.com> | 2016-10-05 04:08:46 +0100 |
|---|---|---|
| committer | Leo Famulari <leo@famulari.name> | 2016-10-09 17:37:36 -0400 |
| commit | fc0081213d612dc0b4f5f90d5b775704511a7432 (patch) | |
| tree | 3cce73b98b2d001e878d740f20b3e12951928c75 /gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt4.patch | |
| parent | 6f9d5b2e8c861c3a1243937a26400f8394946346 (diff) | |
| download | guix-fc0081213d612dc0b4f5f90d5b775704511a7432.tar guix-fc0081213d612dc0b4f5f90d5b775704511a7432.tar.gz | |
gnu: wpa-supplicant: Update to 2.6.
* gnu/packages/admin.scm (wpa-supplicant-minimal)[source]: Update to
2.6. Remove 'patches' field.
* gnu/packages/patches/wpa-supplicant-CVE-2015-5310.patch,
gnu/packages/patches/wpa-supplicant-CVE-2015-5314.patch,
gnu/packages/patches/wpa-supplicant-CVE-2015-5315.patch,
gnu/packages/patches/wpa-supplicant-CVE-2015-5316.patch,
gnu/packages/patches/wpa-supplicant-CVE-2016-4476.patch,
gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt1.patch,
gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt2.patch,
gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt3.patch,
gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt4.patch: Delete
files.
* gnu/local.mk (dist_patch_DATA): Remove them.
Signed-off-by: Leo Famulari <leo@famulari.name>
Diffstat (limited to 'gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt4.patch')
| -rw-r--r-- | gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt4.patch | 50 |
1 files changed, 0 insertions, 50 deletions
diff --git a/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt4.patch b/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt4.patch deleted file mode 100644 index 5f42aa9219..0000000000 --- a/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt4.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 2a3f56502b52375c3bf113cf92adfa99bad6b488 Mon Sep 17 00:00:00 2001 -From: Jouni Malinen <jouni@qca.qualcomm.com> -Date: Tue, 5 Apr 2016 23:55:48 +0300 -Subject: [PATCH 5/5] Reject SET commands with newline characters in the - string values - -Many of the global configuration parameters are written as strings -without filtering and if there is an embedded newline character in the -value, unexpected configuration file data might be written. - -This fixes an issue where wpa_supplicant could have updated the -configuration file global parameter with arbitrary data from the control -interface or D-Bus interface. While those interfaces are supposed to be -accessible only for trusted users/applications, it may be possible that -an untrusted user has access to a management software component that -does not validate the value of a parameter before passing it to -wpa_supplicant. - -This could allow such an untrusted user to inject almost arbitrary data -into the configuration file. Such configuration file could result in -wpa_supplicant trying to load a library (e.g., opensc_engine_path, -pkcs11_engine_path, pkcs11_module_path, load_dynamic_eap) from user -controlled location when starting again. This would allow code from that -library to be executed under the wpa_supplicant process privileges. - -Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com> ---- - wpa_supplicant/config.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c -index 69152ef..d9a1603 100644 ---- a/wpa_supplicant/config.c -+++ b/wpa_supplicant/config.c -@@ -3764,6 +3764,12 @@ static int wpa_global_config_parse_str(const struct global_parse_data *data, - return -1; - } - -+ if (has_newline(pos)) { -+ wpa_printf(MSG_ERROR, "Line %d: invalid %s value with newline", -+ line, data->name); -+ return -1; -+ } -+ - tmp = os_strdup(pos); - if (tmp == NULL) - return -1; --- -1.9.1 - |