diff --git a/.gitignore b/.gitignore index 7c50424..02b3832 100644 --- a/.gitignore +++ b/.gitignore @@ -17,3 +17,4 @@ wpa_supplicant-0.6.8.tar.gz /wpa_supplicant-2.3.tar.gz /wpa_supplicant-2.4.tar.gz /wpa_supplicant-2.5.tar.gz +/wpa_supplicant-2.6.tar.gz diff --git a/0001-wpa_supplicant-don-t-do-deny-send_interface-.-in-dbu.patch b/0001-wpa_supplicant-don-t-do-deny-send_interface-.-in-dbu.patch deleted file mode 100644 index 824c171..0000000 --- a/0001-wpa_supplicant-don-t-do-deny-send_interface-.-in-dbu.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 64fee7148a434e4ee89d95a7c374a36d29a6f6f3 Mon Sep 17 00:00:00 2001 -From: Lubomir Rintel -Date: Fri, 16 Oct 2015 19:12:15 +0200 -Subject: [PATCH] wpa_supplicant: don't do in - dbus service file - -It does more than intended; apart from denying messages to that particular -interface it also denies all messages non-qualified with an interface globally. -From the dbus-daemon manual: - - Be careful with send_interface/receive_interface, because the - interface field in messages is optional. In particular, do NOT - specify ! This will cause - no-interface messages to be blocked for all services, which is almost - certainly not what you intended. Always use rules of the form: - -We can just safely remove those rules, since we're sufficiently protected -by the send_destination matches and method calls are disallowed by default -anyway. - -Signed-off-by: Lubomir Rintel ---- - wpa_supplicant/dbus/dbus-wpa_supplicant.conf | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/wpa_supplicant/dbus/dbus-wpa_supplicant.conf b/wpa_supplicant/dbus/dbus-wpa_supplicant.conf -index c091234..382dcb3 100644 ---- a/wpa_supplicant/dbus/dbus-wpa_supplicant.conf -+++ b/wpa_supplicant/dbus/dbus-wpa_supplicant.conf -@@ -17,11 +17,9 @@ - - - -- - - - -- - - - --- -2.4.3 - diff --git a/rh1241907-NFC-Fix-payload-length-validation-in-NDEF-record-par.patch b/rh1241907-NFC-Fix-payload-length-validation-in-NDEF-record-par.patch deleted file mode 100644 index c792cb6..0000000 --- a/rh1241907-NFC-Fix-payload-length-validation-in-NDEF-record-par.patch +++ /dev/null @@ -1,63 +0,0 @@ -From df9079e72760ceb7ebe7fb11538200c516bdd886 Mon Sep 17 00:00:00 2001 -From: Jouni Malinen -Date: Tue, 7 Jul 2015 21:57:28 +0300 -Subject: [PATCH] NFC: Fix payload length validation in NDEF record parser - -It was possible for the 32-bit record->total_length value to end up -wrapping around due to integer overflow if the longer form of payload -length field is used and record->payload_length gets a value close to -2^32. This could result in ndef_parse_record() accepting a too large -payload length value and the record type filter reading up to about 20 -bytes beyond the end of the buffer and potentially killing the process. -This could also result in an attempt to allocate close to 2^32 bytes of -heap memory and if that were to succeed, a buffer read overflow of the -same length which would most likely result in the process termination. -In case of record->total_length ending up getting the value 0, there -would be no buffer read overflow, but record parsing would result in an -infinite loop in ndef_parse_records(). - -Any of these error cases could potentially be used for denial of service -attacks over NFC by using a malformed NDEF record on an NFC Tag or -sending them during NFC connection handover if the application providing -the NDEF message to hostapd/wpa_supplicant did no validation of the -received records. While such validation is likely done in the NFC stack -that needs to parse the NFC messages before further processing, -hostapd/wpa_supplicant better be prepared for any data being included -here. - -Fix this by validating record->payload_length value in a way that -detects integer overflow. (CID 122668) - -Signed-off-by: Jouni Malinen ---- - src/wps/ndef.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -(Adapted for 2.4 sources in Fedora. -- JWL) - -diff --git a/src/wps/ndef.c b/src/wps/ndef.c -index 5604b0a..50d018f 100644 ---- a/src/wps/ndef.c -+++ b/src/wps/ndef.c -@@ -48,6 +48,8 @@ static int ndef_parse_record(const u8 *data, u32 size, - if (size < 6) - return -1; - record->payload_length = ntohl(*(u32 *)pos); -+ if (record->payload_length > size - 6) -+ return -1; - pos += sizeof(u32); - } - -@@ -68,7 +70,8 @@ static int ndef_parse_record(const u8 *data, u32 size, - pos += record->payload_length; - - record->total_length = pos - data; -- if (record->total_length > size) -+ if (record->total_length > size || -+ record->total_length < record->payload_length) - return -1; - return 0; - } --- -1.9.1 - diff --git a/rh837402-less-aggressive-roaming.patch b/rh837402-less-aggressive-roaming.patch index 29f827b..d6fea85 100644 --- a/rh837402-less-aggressive-roaming.patch +++ b/rh837402-less-aggressive-roaming.patch @@ -1,7 +1,20 @@ -diff -up wpa_supplicant-0.7.3/wpa_supplicant/events.c.foo wpa_supplicant-0.7.3/wpa_supplicant/events.c ---- wpa_supplicant-0.7.3/wpa_supplicant/events.c.foo 2012-06-12 12:03:36.172962193 -0500 -+++ wpa_supplicant-0.7.3/wpa_supplicant/events.c 2012-06-12 12:03:51.388771973 -0500 -@@ -871,16 +871,14 @@ static int wpa_supplicant_need_to_roam(s +From b82d45d4bbd5c160fa97a8c5355243c78a55bf14 Mon Sep 17 00:00:00 2001 +From: Dan Williams +Date: Tue, 22 Nov 2016 15:50:01 +0100 +Subject: [PATCH 2/2] Less aggressive roaming; signal strength is wildly + variable + +dcbw states (2015-04): "upstream doesn't like that patch so it's been discussed +and I think rejected." +--- + wpa_supplicant/events.c | 14 ++++++-------- + 1 file changed, 6 insertions(+), 8 deletions(-) + +diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c +index 72a0412..4dc044c 100644 +--- a/wpa_supplicant/events.c ++++ b/wpa_supplicant/events.c +@@ -1443,16 +1443,14 @@ static int wpa_supplicant_need_to_roam(struct wpa_supplicant *wpa_s, min_diff = 2; if (current_bss->level < 0) { @@ -22,6 +35,8 @@ diff -up wpa_supplicant-0.7.3/wpa_supplicant/events.c.foo wpa_supplicant-0.7.3/w - min_diff = 5; + min_diff = 15; } - if (abs(current_bss->level - selected->level) < min_diff) { - wpa_dbg(wpa_s, MSG_DEBUG, "Skip roam - too small difference " + if (to_5ghz) { + /* Make it easier to move to 5 GHz band */ +-- +2.9.3 diff --git a/sources b/sources index d219c94..72d2900 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -96ff75c3a514f1f324560a2376f13110 wpa_supplicant-2.5.tar.gz +091569eb4440b7d7f2b4276dbfc03c3c wpa_supplicant-2.6.tar.gz diff --git a/wpa_supplicant-quiet-scan-results-message.patch b/wpa_supplicant-quiet-scan-results-message.patch index 6f1c2f3..c646a30 100644 --- a/wpa_supplicant-quiet-scan-results-message.patch +++ b/wpa_supplicant-quiet-scan-results-message.patch @@ -1,11 +1,20 @@ +From 763a4ef660e2bd81f6cdc71a2f29a0a3e71b2ebc Mon Sep 17 00:00:00 2001 +From: Dan Williams +Date: Tue, 22 Nov 2016 15:48:17 +0100 +Subject: [PATCH 1/2] quiet an annoying and frequent syslog message + +--- + wpa_supplicant/events.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c -index d275ca4..fc335c0 100644 +index abe3b47..72a0412 100644 --- a/wpa_supplicant/events.c +++ b/wpa_supplicant/events.c -@@ -1356,11 +1356,11 @@ static int _wpa_supplicant_event_scan_results(struct wpa_supplicant *wpa_s, - wpa_s->own_scan_running, wpa_s->radio->external_scan_running); +@@ -1555,11 +1555,11 @@ static int _wpa_supplicant_event_scan_results(struct wpa_supplicant *wpa_s, if (wpa_s->last_scan_req == MANUAL_SCAN_REQ && - wpa_s->manual_scan_use_id && wpa_s->own_scan_running) { + wpa_s->manual_scan_use_id && wpa_s->own_scan_running && + own_request && !(data && data->scan_info.external_scan)) { - wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SCAN_RESULTS "id=%u", + wpa_msg_ctrl(wpa_s, MSG_DEBUG, WPA_EVENT_SCAN_RESULTS "id=%u", wpa_s->manual_scan_id); @@ -16,3 +25,6 @@ index d275ca4..fc335c0 100644 } wpas_notify_scan_results(wpa_s); +-- +2.9.3 + diff --git a/wpa_supplicant.spec b/wpa_supplicant.spec index c80c69c..2b262d1 100644 --- a/wpa_supplicant.spec +++ b/wpa_supplicant.spec @@ -6,8 +6,8 @@ Summary: WPA/WPA2/IEEE 802.1X Supplicant Name: wpa_supplicant Epoch: 1 -Version: 2.5 -Release: 5%{?dist} +Version: 2.6 +Release: 1%{?dist} License: BSD Group: System Environment/Base Source0: http://w1.fi/releases/%{name}-%{version}%{rcver}%{snapshot}.tar.gz @@ -35,12 +35,6 @@ Patch6: wpa_supplicant-gui-qt4.patch # dcbw states (2015-04): # "upstream doesn't like that patch so it's been discussed and I think rejected" Patch8: rh837402-less-aggressive-roaming.patch -# Fix a security issue - rh #rh1241907 -# http://w1.fi/security/2015-5/0001-NFC-Fix-payload-length-validation-in-NDEF-record-par.patch -Patch11: rh1241907-NFC-Fix-payload-length-validation-in-NDEF-record-par.patch -# Don't override D-Bus policy for other daemons -# http://lists.infradead.org/pipermail/hostap/2015-October/034036.html -Patch12: 0001-wpa_supplicant-don-t-do-deny-send_interface-.-in-dbu.patch URL: http://w1.fi/wpa_supplicant/ @@ -91,7 +85,6 @@ Graphical User Interface for wpa_supplicant written using QT %patch3 -p1 -b .quiet-scan-results-msg %patch6 -p1 -b .qt4 %patch8 -p1 -b .rh837402-less-aggressive-roaming -%patch12 -p1 -b .dbus-policy %build pushd wpa_supplicant @@ -192,6 +185,9 @@ chmod -R 0644 %{name}/examples/*.py %endif %changelog +* Tue Nov 22 2016 Lubomir Rintel - 1:2.6-1 +- Update to version 2.6 + * Fri Feb 05 2016 Fedora Release Engineering - 1:2.5-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild