Ubuntu
wpa package

Merge lp:~logan/ubuntu/raring/wpa/debian-merge into lp:ubuntu/raring/wpa

  1. Raring (13.04)
  2. debian-merge
  3. Merge into raring
Proposed by Logan Rosen
Status: Merged
Merge reported by: James Page
Merged at revision: not available
Proposed branch: lp:~logan/ubuntu/raring/wpa/debian-merge
Merge into: lp:ubuntu/raring/wpa
Diff against target: 175 lines (+86/-4)
9 files modified
.pc/applied-patches (+1/-0)
debian/changelog (+27/-0)
debian/config/wpasupplicant/kfreebsd (+2/-2)
debian/config/wpasupplicant/linux (+2/-2)
debian/control (+1/-0)
debian/patches/EAP-TLS-server_fix-TLS-Message-length-validation.patch (+43/-0)
debian/patches/series (+1/-0)
debian/wpasupplicant.docs (+1/-0)
src/eap_server/eap_server_tls_common.c (+8/-0)
To merge this branch: bzr merge lp:~logan/ubuntu/raring/wpa/debian-merge
Reviewer Review Type Date Requested Status
James Page Approve
Ubuntu branches Pending
Review via email: mp+137260@code.launchpad.net
To post a comment you must log in.
Revision history for this message
James Page (james-page) wrote :

Uploaded - thanks!

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file '.pc/applied-patches'
2--- .pc/applied-patches 2012-09-12 15:57:50 +0000
3+++ .pc/applied-patches 2012-11-30 16:58:20 +0000
4@@ -8,3 +8,4 @@
5 libnl3-includes.patch
6 dbus-activation-cmdline.patch
7 session-ticket.patch
8+EAP-TLS-server_fix-TLS-Message-length-validation.patch
9
10=== modified file 'debian/changelog'
11--- debian/changelog 2012-09-12 15:57:50 +0000
12+++ debian/changelog 2012-11-30 16:58:20 +0000
13@@ -1,3 +1,30 @@
14+wpa (1.0-3ubuntu1) raring; urgency=low
15+
16+ * Merge from Debian unstable. Remaining changes:
17+ - Enable CONFIG_IBSS_RSN, so that we can turn back on "secure" adhoc
18+ support in NetworkManager using IBSS RSN (WPA2).
19+ - debian/wpasupplicant.postinst, debian/hostapd.postinst: Only move
20+ sendsigs.omit.d/*.pid if the target isn't the same as the source (as is
21+ the case when /lib/init/rw is a symlink to /run)
22+ - debian/patches/dbus-activation-cmdline.patch: have wpasupplicant create
23+ a pid file in /run/sendsigs.omit.d when activated by DBus.
24+ - debian/patches/session-ticket.patch: disable the TLS Session Ticket
25+ extension to fix auth with 802.1x PEAP on some hardware.
26+
27+ -- Logan Rosen <logatronico@gmail.com> Fri, 30 Nov 2012 11:49:00 -0500
28+
29+wpa (1.0-3) unstable; urgency=high
30+
31+ * ship forgotten README-P2P.
32+ * revert to GNU readline for wpa_cli, instead of using the internal readline
33+ implementation added in wpa 1~. Prefer libreadline-gplv2-dev, because libnl
34+ is GPL-2 (only) - switching back to the internal readline implementation is
35+ targeted for wheezy+1 (Closes: #677993, #678077).
36+ * Fix DoS via specially crafted EAP-TLS messages with longer message
37+ length than TLS data length (CVE-2012-4445, DSA 2557-1, Closes: #689990).
38+
39+ -- Stefan Lippers-Hollmann <s.l-h@gmx.de> Mon, 08 Oct 2012 17:48:04 +0200
40+
41 wpa (1.0-2ubuntu5) quantal; urgency=low
42
43 * debian/patches/session-ticket.patch: disable the TLS Session Ticket
44
45=== modified file 'debian/config/wpasupplicant/kfreebsd'
46--- debian/config/wpasupplicant/kfreebsd 2012-04-21 15:59:32 +0000
47+++ debian/config/wpasupplicant/kfreebsd 2012-11-30 16:58:20 +0000
48@@ -238,11 +238,11 @@
49 # When building a wpa_cli binary for distribution, please note that these
50 # libraries are licensed under GPL and as such, BSD license may not apply for
51 # the resulting binary.
52-#CONFIG_READLINE=y
53+CONFIG_READLINE=y
54
55 # Include internal line edit mode in wpa_cli. This can be used as a replacement
56 # for GNU Readline to provide limited command line editing and history support.
57-CONFIG_WPA_CLI_EDIT=y
58+#CONFIG_WPA_CLI_EDIT=y
59
60 # Remove debugging code that is printing out debug message to stdout.
61 # This can be used to reduce the size of the wpa_supplicant considerably
62
63=== modified file 'debian/config/wpasupplicant/linux'
64--- debian/config/wpasupplicant/linux 2012-09-07 15:49:45 +0000
65+++ debian/config/wpasupplicant/linux 2012-11-30 16:58:20 +0000
66@@ -237,11 +237,11 @@
67 # When building a wpa_cli binary for distribution, please note that these
68 # libraries are licensed under GPL and as such, BSD license may not apply for
69 # the resulting binary.
70-#CONFIG_READLINE=y
71+CONFIG_READLINE=y
72
73 # Include internal line edit mode in wpa_cli. This can be used as a replacement
74 # for GNU Readline to provide limited command line editing and history support.
75-CONFIG_WPA_CLI_EDIT=y
76+#CONFIG_WPA_CLI_EDIT=y
77
78 # Remove debugging code that is printing out debug message to stdout.
79 # This can be used to reduce the size of the wpa_supplicant considerably
80
81=== modified file 'debian/control'
82--- debian/control 2012-05-25 14:07:55 +0000
83+++ debian/control 2012-11-30 16:58:20 +0000
84@@ -17,6 +17,7 @@
85 libnl-genl-3-dev (>= 3.2.3-2~) [linux-any],
86 libpcap-dev [kfreebsd-any],
87 libbsd-dev [kfreebsd-any],
88+ libreadline-gplv2-dev,
89 pkg-config,
90 qt4-qmake,
91 docbook-to-man,
92
93=== added file 'debian/patches/EAP-TLS-server_fix-TLS-Message-length-validation.patch'
94--- debian/patches/EAP-TLS-server_fix-TLS-Message-length-validation.patch 1970-01-01 00:00:00 +0000
95+++ debian/patches/EAP-TLS-server_fix-TLS-Message-length-validation.patch 2012-11-30 16:58:20 +0000
96@@ -0,0 +1,43 @@
97+From: Jouni Malinen <j@w1.fi>
98+Date: Sun, 7 Oct 2012 17:06:29 +0000 (+0300)
99+Subject: EAP-TLS server: Fix TLS Message Length validation
100+X-Git-Url: http://w1.fi/gitweb/gitweb.cgi?p=hostap.git;a=commitdiff_plain;h=586c446e0ff42ae00315b014924ec669023bd8de
101+
102+EAP-TLS server: Fix TLS Message Length validation
103+
104+EAP-TLS/PEAP/TTLS/FAST server implementation did not validate TLS
105+Message Length value properly and could end up trying to store more
106+information into the message buffer than the allocated size if the first
107+fragment is longer than the indicated size. This could result in hostapd
108+process terminating in wpabuf length validation. Fix this by rejecting
109+messages that have invalid TLS Message Length value.
110+
111+This would affect cases that use the internal EAP authentication server
112+in hostapd either directly with IEEE 802.1X or when using hostapd as a
113+RADIUS authentication server and when receiving an incorrectly
114+constructed EAP-TLS message. Cases where hostapd uses an external
115+authentication are not affected.
116+
117+Thanks to Timo Warns for finding and reporting this issue.
118+
119+Signed-hostap: Jouni Malinen <j@w1.fi>
120+intended-for: hostap-1
121+---
122+
123+--- a/src/eap_server/eap_server_tls_common.c
124++++ b/src/eap_server/eap_server_tls_common.c
125+@@ -224,6 +224,14 @@ static int eap_server_tls_process_fragme
126+ return -1;
127+ }
128+
129++ if (len > message_length) {
130++ wpa_printf(MSG_INFO, "SSL: Too much data (%d bytes) in "
131++ "first fragment of frame (TLS Message "
132++ "Length %d bytes)",
133++ (int) len, (int) message_length);
134++ return -1;
135++ }
136++
137+ data->tls_in = wpabuf_alloc(message_length);
138+ if (data->tls_in == NULL) {
139+ wpa_printf(MSG_DEBUG, "SSL: No memory for message");
140
141=== modified file 'debian/patches/series'
142--- debian/patches/series 2012-09-12 15:57:50 +0000
143+++ debian/patches/series 2012-11-30 16:58:20 +0000
144@@ -8,3 +8,4 @@
145 libnl3-includes.patch
146 dbus-activation-cmdline.patch
147 session-ticket.patch
148+EAP-TLS-server_fix-TLS-Message-length-validation.patch
149
150=== modified file 'debian/wpasupplicant.docs'
151--- debian/wpasupplicant.docs 2012-04-21 15:59:32 +0000
152+++ debian/wpasupplicant.docs 2012-11-30 16:58:20 +0000
153@@ -1,2 +1,3 @@
154 wpa_supplicant/README
155 wpa_supplicant/README-WPS
156+wpa_supplicant/README-P2P
157
158=== modified file 'src/eap_server/eap_server_tls_common.c'
159--- src/eap_server/eap_server_tls_common.c 2012-04-21 15:59:32 +0000
160+++ src/eap_server/eap_server_tls_common.c 2012-11-30 16:58:20 +0000
161@@ -224,6 +224,14 @@
162 return -1;
163 }
164
165+ if (len > message_length) {
166+ wpa_printf(MSG_INFO, "SSL: Too much data (%d bytes) in "
167+ "first fragment of frame (TLS Message "
168+ "Length %d bytes)",
169+ (int) len, (int) message_length);
170+ return -1;
171+ }
172+
173 data->tls_in = wpabuf_alloc(message_length);
174 if (data->tls_in == NULL) {
175 wpa_printf(MSG_DEBUG, "SSL: No memory for message");

Subscribers

People subscribed via source and target branches

to all changes: