[arch-commits] Commit in wpa_supplicant/trunk (3 files)
Evangelos Foutras
foutrelis at archlinux.org
Fri Nov 27 01:43:26 UTC 2015
Date: Friday, November 27, 2015 @ 02:43:26
Author: foutrelis
Revision: 251979
upgpkg: wpa_supplicant 1:2.5-1
- New upstream release.
- Rebase config file from upstream defconfig (identical options).
Modified:
wpa_supplicant/trunk/PKGBUILD
wpa_supplicant/trunk/config
Deleted:
wpa_supplicant/trunk/0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch
-----------------------------------------------------------------+
0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch | 42 ----------
PKGBUILD | 11 --
config | 21 +++--
3 files changed, 18 insertions(+), 56 deletions(-)
Deleted: 0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch
===================================================================
--- 0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch 2015-11-26 15:36:50 UTC (rev 251978)
+++ 0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch 2015-11-27 01:43:26 UTC (rev 251979)
@@ -1,42 +0,0 @@
-From 9ed4eee345f85e3025c33c6e20aa25696e341ccd Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <jouni at qca.qualcomm.com>
-Date: Tue, 7 Apr 2015 11:32:11 +0300
-Subject: [PATCH] P2P: Validate SSID element length before copying it
- (CVE-2015-1863)
-
-This fixes a possible memcpy overflow for P2P dev->oper_ssid in
-p2p_add_device(). The length provided by the peer device (0..255 bytes)
-was used without proper bounds checking and that could have resulted in
-arbitrary data of up to 223 bytes being written beyond the end of the
-dev->oper_ssid[] array (of which about 150 bytes would be beyond the
-heap allocation) when processing a corrupted management frame for P2P
-peer discovery purposes.
-
-This could result in corrupted state in heap, unexpected program
-behavior due to corrupted P2P peer device information, denial of service
-due to process crash, exposure of memory contents during GO Negotiation,
-and potentially arbitrary code execution.
-
-Thanks to Google security team for reporting this issue and smart
-hardware research group of Alibaba security team for discovering it.
-
-Signed-off-by: Jouni Malinen <jouni at qca.qualcomm.com>
----
- src/p2p/p2p.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/p2p/p2p.c b/src/p2p/p2p.c
-index f584fae..a45fe73 100644
---- a/src/p2p/p2p.c
-+++ b/src/p2p/p2p.c
-@@ -778,6 +778,7 @@ int p2p_add_device(struct p2p_data *p2p, const u8 *addr, int freq,
- if (os_memcmp(addr, p2p_dev_addr, ETH_ALEN) != 0)
- os_memcpy(dev->interface_addr, addr, ETH_ALEN);
- if (msg.ssid &&
-+ msg.ssid[1] <= sizeof(dev->oper_ssid) &&
- (msg.ssid[1] != P2P_WILDCARD_SSID_LEN ||
- os_memcmp(msg.ssid + 2, P2P_WILDCARD_SSID, P2P_WILDCARD_SSID_LEN)
- != 0)) {
---
-2.3.6
-
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2015-11-26 15:36:50 UTC (rev 251978)
+++ PKGBUILD 2015-11-27 01:43:26 UTC (rev 251979)
@@ -2,7 +2,7 @@
# Maintainer: Thomas Bächler <thomas at archlinux.org>
pkgname=wpa_supplicant
-pkgver=2.3
+pkgver=2.5
pkgrel=1
epoch=1
pkgdesc="A utility providing key negotiation for WPA wireless networks"
@@ -13,18 +13,13 @@
license=('GPL')
backup=('etc/wpa_supplicant/wpa_supplicant.conf')
source=("http://w1.fi/releases/${pkgname}-${pkgver}.tar.gz"
- 0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch
config)
-sha256sums=('eaaa5bf3055270e521b2dff64f2d203ec8040f71958b8588269a82c00c9d7b6a'
- 'a026c2ed090fedb73187adce9a122345c3b0ac40cc67e6674b92fbe6a08cbbd1'
- '15be07f0d8003a2239dfba008f09602f1203bbf143004d8979ff4d863153c817')
+sha256sums=('cce55bae483b364eae55c35ba567c279be442ed8bab5b80a3c7fb0d057b9b316'
+ '5163609e133851dfbbee5982954fab22e45bf2c9093e43eb466d8a2c39f8a012')
prepare() {
cd "${srcdir}/${pkgname}-${pkgver}/${pkgname}/"
cp "${srcdir}/config" ./.config
-
- # https://bugs.archlinux.org/task/44695
- patch -d .. -Np1 -i ../0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch
}
build() {
Modified: config
===================================================================
--- config 2015-11-26 15:36:50 UTC (rev 251978)
+++ config 2015-11-27 01:43:26 UTC (rev 251979)
@@ -67,9 +67,6 @@
# wpa_supplicant.
# CONFIG_USE_NDISUIO=y
-# Driver interface for development testing
-#CONFIG_DRIVER_TEST=y
-
# Driver interface for wired Ethernet drivers
CONFIG_DRIVER_WIRED=y
@@ -152,8 +149,6 @@
# Wi-Fi Protected Setup (WPS)
CONFIG_WPS=y
-# Enable WSC 2.0 support
-#CONFIG_WPS2=y
# Enable WPS external registrar functionality
#CONFIG_WPS_ER=y
# Disable credentials for an open network by default when acting as a WPS
@@ -192,8 +187,10 @@
# Select control interface backend for external programs, e.g, wpa_cli:
# unix = UNIX domain sockets (default for Linux/*BSD)
# udp = UDP sockets using localhost (127.0.0.1)
+# udp6 = UDP IPv6 sockets using localhost (::1)
# named_pipe = Windows Named Pipe (default for Windows)
# udp-remote = UDP sockets with remote access (only for tests systems/purpose)
+# udp6-remote = UDP IPv6 sockets with remote access (only for tests purpose)
# y = use default (backwards compatibility)
# If this option is commented out, control interface is not included in the
# build.
@@ -267,6 +264,9 @@
# Should we use poll instead of select? Select is used by default.
#CONFIG_ELOOP_POLL=y
+# Should we use epoll instead of select? Select is used by default.
+#CONFIG_ELOOP_EPOLL=y
+
# Select layer 2 packet implementation
# linux = Linux packet socket (default)
# pcap = libpcap/libdnet/WinPcap
@@ -496,8 +496,17 @@
# External password backend for testing purposes (developer use)
#CONFIG_EXT_PASSWORD_TEST=y
-# Options that are present not in defconfig:
+# Enable Fast Session Transfer (FST)
+#CONFIG_FST=y
+# Enable CLI commands for FST testing
+#CONFIG_FST_TEST=y
+
+# OS X builds. This is only for building eapol_test.
+#CONFIG_OSX=y
+
+# Options that are not present in defconfig:
+
# RSN IBSS/AdHoc support
CONFIG_IBSS_RSN=y
More information about the arch-commits
mailing list