From 838e3e223ad82892a6218bd21ca2d2c58014e562 Mon Sep 17 00:00:00 2001 From: Reinhard Tartler Date: Sat, 14 May 2022 03:18:56 +0800 Subject: [PATCH 01/12] Use pkg-config for libpcsclite linkage flags At least in debian, we can rely on pkg-config being available and returning more accurate ldflags. Gbp-Pq: Name 01_use_pkg-config_for_pcsc-lite_module.patch --- wpa_supplicant/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile index f1384d5..98ac987 100644 --- a/wpa_supplicant/Makefile +++ b/wpa_supplicant/Makefile @@ -1017,7 +1017,7 @@ else ifdef CONFIG_OSX LIBS += -framework PCSC else -LIBS += -lpcsclite -lpthread +LIBS += $(shell $(PKG_CONFIG) --libs libpcsclite) endif endif endif From e0028b23a0bcda1df02106df183b87ed747089cc Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Sat, 14 May 2022 03:18:56 +0800 Subject: [PATCH 02/12] Add D-Bus group policy Debian does not use pam_console but uses group membership to control access to D-Bus. Activating both options in the conf file makes it work on Debian and Ubuntu. Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=15;bug=412179 Gbp-Pq: Name 02_dbus_group_policy.patch --- wpa_supplicant/dbus/dbus-wpa_supplicant.conf | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/wpa_supplicant/dbus/dbus-wpa_supplicant.conf b/wpa_supplicant/dbus/dbus-wpa_supplicant.conf index e81b495..a333302 100644 --- a/wpa_supplicant/dbus/dbus-wpa_supplicant.conf +++ b/wpa_supplicant/dbus/dbus-wpa_supplicant.conf @@ -9,6 +9,14 @@ + + + + + + + + From d5671ecd6516d8b2d881fcb6604fa853883486d1 Mon Sep 17 00:00:00 2001 From: Kel Modderman Date: Sat, 14 May 2022 03:18:56 +0800 Subject: [PATCH 03/12] Use full executable path into wpa_gui.desktop Debian specific patch to desktop menu entry, so that we may exec wpa_gui which being in /usr/sbin may not be in the PATH Gbp-Pq: Name 06_wpa_gui_menu_exec_path.patch --- wpa_supplicant/wpa_gui-qt4/wpa_gui.desktop | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wpa_supplicant/wpa_gui-qt4/wpa_gui.desktop b/wpa_supplicant/wpa_gui-qt4/wpa_gui.desktop index ccc7d87..e560f3d 100644 --- a/wpa_supplicant/wpa_gui-qt4/wpa_gui.desktop +++ b/wpa_supplicant/wpa_gui-qt4/wpa_gui.desktop @@ -2,7 +2,7 @@ Version=1.0 Name=wpa_gui Comment=Graphical user interface for wpa_supplicant -Exec=wpa_gui +Exec=/usr/sbin/wpa_gui Icon=wpa_gui GenericName=wpa_supplicant user interface Terminal=false From 53e5534e4086f9b4f717fad986f175c89ac0a038 Mon Sep 17 00:00:00 2001 From: Kel Modderman Date: Sat, 14 May 2022 03:18:56 +0800 Subject: [PATCH 04/12] Tweak D-Bus/systemd service activation configuration files: * log wpa_supplicant messages to syslog * activate control socket interface so that wpa_cli can be used by D-Bus activated wpa_supplicant daemon Gbp-Pq: Name 07_dbus_service_syslog.patch --- wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in | 2 +- wpa_supplicant/systemd/wpa_supplicant.service.in | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in b/wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in index d97ff39..3b0af67 100644 --- a/wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in +++ b/wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in @@ -1,5 +1,5 @@ [D-BUS Service] Name=fi.w1.wpa_supplicant1 -Exec=@BINDIR@/wpa_supplicant -u +Exec=@BINDIR@/wpa_supplicant -u -s -O /run/wpa_supplicant User=root SystemdService=wpa_supplicant.service diff --git a/wpa_supplicant/systemd/wpa_supplicant.service.in b/wpa_supplicant/systemd/wpa_supplicant.service.in index 75a37a8..32516a3 100644 --- a/wpa_supplicant/systemd/wpa_supplicant.service.in +++ b/wpa_supplicant/systemd/wpa_supplicant.service.in @@ -6,7 +6,7 @@ Wants=network.target [Service] Type=dbus BusName=fi.w1.wpa_supplicant1 -ExecStart=@BINDIR@/wpa_supplicant -u +ExecStart=@BINDIR@/wpa_supplicant -u -s -O /run/wpa_supplicant [Install] WantedBy=multi-user.target From a4945d48771d685435953bcbf6c3122aaeccc7ee Mon Sep 17 00:00:00 2001 From: Raphael Geissert Date: Sat, 14 May 2022 03:18:56 +0800 Subject: [PATCH 05/12] Use KDE's KNotify when running under KDE Bug-Debian: http://bugs.debian.org/582793 Gbp-Pq: Name 12_wpa_gui_knotify_support.patch --- wpa_supplicant/wpa_gui-qt4/wpagui.cpp | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/wpa_supplicant/wpa_gui-qt4/wpagui.cpp b/wpa_supplicant/wpa_gui-qt4/wpagui.cpp index a0aa05e..396b121 100644 --- a/wpa_supplicant/wpa_gui-qt4/wpagui.cpp +++ b/wpa_supplicant/wpa_gui-qt4/wpagui.cpp @@ -11,11 +11,14 @@ #endif /* CONFIG_NATIVE_WINDOWS */ #include +#include #include #include #include #include +#include #include +#include #include "wpagui.h" #include "dirent.h" @@ -1415,10 +1418,21 @@ void WpaGui::createTrayIcon(bool trayOnly) void WpaGui::showTrayMessage(QSystemTrayIcon::MessageIcon type, int sec, const QString & msg) { - if (!QSystemTrayIcon::supportsMessages()) + if (isVisible() || !tray_icon || !tray_icon->isVisible() || quietMode) return; - if (isVisible() || !tray_icon || !tray_icon->isVisible() || quietMode) + /* first try to use KDE's notifications system if running under + * a KDE session */ + if (getenv("KDE_FULL_SESSION") != NULL) { + QStringList args; + args << "--passivepopup" << msg << QString::number(sec); + args << "--title" << "wpa_gui"; + + if (QProcess::execute("/usr/bin/kdialog", args) == 0) + return; + } + + if (!QSystemTrayIcon::supportsMessages()) return; tray_icon->showMessage(qAppName(), msg, type, sec * 1000); From f333bbb0037a866ba220811a7a09d40554bcb900 Mon Sep 17 00:00:00 2001 From: Stefan Lippers-Hollmann Date: Sat, 14 May 2022 03:18:56 +0800 Subject: [PATCH 06/12] wpasupplicant: configure driver fallback for networkd Signed-off-by: Stefan Lippers-Hollmann Gbp-Pq: Name networkd-driver-fallback.patch --- wpa_supplicant/systemd/wpa_supplicant.service.arg.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wpa_supplicant/systemd/wpa_supplicant.service.arg.in b/wpa_supplicant/systemd/wpa_supplicant.service.arg.in index 7788b38..cff0b6d 100644 --- a/wpa_supplicant/systemd/wpa_supplicant.service.arg.in +++ b/wpa_supplicant/systemd/wpa_supplicant.service.arg.in @@ -9,7 +9,7 @@ Wants=network.target [Service] Type=simple -ExecStart=@BINDIR@/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-%I.conf -i%I +ExecStart=@BINDIR@/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-%I.conf -Dnl80211,wext -i%I [Install] Alias=multi-user.target.wants/wpa_supplicant@%i.service From 3ef10df2ab6bedd447fec7112e2cd539ac387ac8 Mon Sep 17 00:00:00 2001 From: Stefan Lippers-Hollmann Date: Sat, 14 May 2022 03:18:56 +0800 Subject: [PATCH 07/12] wpa_supplicant: Fix dependency odering when invoked with DBus Make sure that DBus isn't shut down before wpa_supplicant, as that would also bring down wireless links which are still holding open NFS shares. Debian bug: https://bugs.debian.org/785579 systemd upstream bug: https://bugs.freedesktop.org/show_bug.cgi?id=89847 Signed-off-by: Stefan Lippers-Hollmann Gbp-Pq: Name wpa_supplicant_fix-dependency-odering-when-invoked-with-dbus.patch --- wpa_supplicant/systemd/wpa_supplicant.service.in | 1 + 1 file changed, 1 insertion(+) diff --git a/wpa_supplicant/systemd/wpa_supplicant.service.in b/wpa_supplicant/systemd/wpa_supplicant.service.in index 32516a3..bc0688a 100644 --- a/wpa_supplicant/systemd/wpa_supplicant.service.in +++ b/wpa_supplicant/systemd/wpa_supplicant.service.in @@ -1,6 +1,7 @@ [Unit] Description=WPA supplicant Before=network.target +After=dbus.service Wants=network.target [Service] From e5c63b5ab3ca79178d899c1837d87c4ac990ae05 Mon Sep 17 00:00:00 2001 From: Andrej Shadura Date: Sat, 14 May 2022 03:18:56 +0800 Subject: [PATCH 08/12] Enable TLSv1.0 by default OpenSSL 1.1.1 disables TLSv1.0 by default and sets the security level to 2. Some older networks may support for TLSv1.0 and less secure cyphers. Gbp-Pq: Name allow-tlsv1.patch --- src/crypto/tls_openssl.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c index 07d38e4..97a7fd6 100644 --- a/src/crypto/tls_openssl.c +++ b/src/crypto/tls_openssl.c @@ -1035,6 +1035,13 @@ void * tls_init(const struct tls_config *conf) os_free(data); return NULL; } + +#ifndef EAP_SERVER_TLS + /* Enable TLSv1.0 by default to allow connecting to legacy + * networks since Debian OpenSSL is set to minimum TLSv1.2 and SECLEVEL=2. */ + SSL_CTX_set_min_proto_version(ssl, TLS1_VERSION); +#endif + data->ssl = ssl; if (conf) { data->tls_session_lifetime = conf->tls_session_lifetime; From 1e7b193dc1df64990690516d670fe06214bec740 Mon Sep 17 00:00:00 2001 From: Jeremy Nickurak Date: Sat, 14 May 2022 03:18:56 +0800 Subject: [PATCH 09/12] Disable the session ticket TLS extension. Gbp-Pq: Name session-ticket.patch --- src/crypto/tls_openssl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c index 97a7fd6..0e0567f 100644 --- a/src/crypto/tls_openssl.c +++ b/src/crypto/tls_openssl.c @@ -1584,6 +1584,7 @@ struct tls_connection * tls_connection_init(void *ssl_ctx) #ifdef SSL_OP_NO_COMPRESSION options |= SSL_OP_NO_COMPRESSION; #endif /* SSL_OP_NO_COMPRESSION */ + options |= SSL_OP_NO_TICKET; SSL_set_options(conn->ssl, options); #ifdef SSL_OP_ENABLE_MIDDLEBOX_COMPAT /* Hopefully there is no need for middlebox compatibility mechanisms From eb0625608308022c87b7d7987d4527a23270bf41 Mon Sep 17 00:00:00 2001 From: Ubuntu Developers Date: Sat, 14 May 2022 03:18:56 +0800 Subject: [PATCH 10/12] wpa_service_ignore-on-isolate Updated: 2017-11-10 Gbp-Pq: Name wpa_service_ignore-on-isolate.patch --- wpa_supplicant/systemd/wpa_supplicant.service.in | 1 + 1 file changed, 1 insertion(+) diff --git a/wpa_supplicant/systemd/wpa_supplicant.service.in b/wpa_supplicant/systemd/wpa_supplicant.service.in index bc0688a..561ae8f 100644 --- a/wpa_supplicant/systemd/wpa_supplicant.service.in +++ b/wpa_supplicant/systemd/wpa_supplicant.service.in @@ -3,6 +3,7 @@ Description=WPA supplicant Before=network.target After=dbus.service Wants=network.target +IgnoreOnIsolate=true [Service] Type=dbus From d1b434e871e11329f50f50bee4e99c76e15de184 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Thu, 29 Aug 2019 11:52:04 +0300 Subject: [PATCH 11/12] [PATCH] AP: Silently ignore management frame from unexpected source address Do not process any received Management frames with unexpected/invalid SA so that we do not add any state for unexpected STA addresses or end up sending out frames to unexpected destination. This prevents unexpected sequences where an unprotected frame might end up causing the AP to send out a response to another device and that other device processing the unexpected response. In particular, this prevents some potential denial of service cases where the unexpected response frame from the AP might result in a connected station dropping its association. Signed-off-by: Jouni Malinen Gbp-Pq: Name CVE-2019-16275.patch --- src/ap/drv_callbacks.c | 13 +++++++++++++ src/ap/ieee802_11.c | 12 ++++++++++++ 2 files changed, 25 insertions(+) diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c index 3158768..34ca379 100644 --- a/src/ap/drv_callbacks.c +++ b/src/ap/drv_callbacks.c @@ -131,6 +131,19 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr, "hostapd_notif_assoc: Skip event with no address"); return -1; } + + if (is_multicast_ether_addr(addr) || + is_zero_ether_addr(addr) || + os_memcmp(addr, hapd->own_addr, ETH_ALEN) == 0) { + /* Do not process any frames with unexpected/invalid SA so that + * we do not add any state for unexpected STA addresses or end + * up sending out frames to unexpected destination. */ + wpa_printf(MSG_DEBUG, "%s: Invalid SA=" MACSTR + " in received indication - ignore this indication silently", + __func__, MAC2STR(addr)); + return 0; + } + random_add_randomness(addr, ETH_ALEN); hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211, diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c index c85a28d..e706537 100644 --- a/src/ap/ieee802_11.c +++ b/src/ap/ieee802_11.c @@ -4626,6 +4626,18 @@ int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len, fc = le_to_host16(mgmt->frame_control); stype = WLAN_FC_GET_STYPE(fc); + if (is_multicast_ether_addr(mgmt->sa) || + is_zero_ether_addr(mgmt->sa) || + os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) { + /* Do not process any frames with unexpected/invalid SA so that + * we do not add any state for unexpected STA addresses or end + * up sending out frames to unexpected destination. */ + wpa_printf(MSG_DEBUG, "MGMT: Invalid SA=" MACSTR + " in received frame - ignore this frame silently", + MAC2STR(mgmt->sa)); + return 0; + } + if (stype == WLAN_FC_STYPE_BEACON) { handle_beacon(hapd, mgmt, len, fi); return 1; From ebd6824eaab5ec443e6ffbaec07c6b648b250177 Mon Sep 17 00:00:00 2001 From: Ouden Date: Wed, 18 Mar 2020 17:58:37 +0800 Subject: [PATCH 12/12] nl80211: Fix RTM NEW/DELLINK IFLA_IFNAME copy for maximum ifname length If the kernel rtm_newlink or rtm_dellink send the maximum length of ifname (IFNAMSIZ), the event handlers in wpa_driver_nl80211_event_rtm_addlink() and wpa_driver_nl80211_event_rtm_dellink() did not copy the IFLA_IFNAME value. Because the RTA_PAYLOAD (IFLA_IFNAME) length already includes the NULL termination, that equals the IFNAMSIZ. Fix the condition when IFNAME reach maximum size. Signed-off-by: Ouden Gbp-Pq: Name git_realtek_macrand.patch --- src/drivers/driver_nl80211.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c index 0a356ee..47df47f 100644 --- a/src/drivers/driver_nl80211.c +++ b/src/drivers/driver_nl80211.c @@ -1065,7 +1065,7 @@ static void wpa_driver_nl80211_event_rtm_newlink(void *ctx, while (RTA_OK(attr, attrlen)) { switch (attr->rta_type) { case IFLA_IFNAME: - if (RTA_PAYLOAD(attr) >= IFNAMSIZ) + if (RTA_PAYLOAD(attr) > IFNAMSIZ) break; os_memcpy(ifname, RTA_DATA(attr), RTA_PAYLOAD(attr)); ifname[RTA_PAYLOAD(attr)] = '\0'; @@ -1240,7 +1240,7 @@ static void wpa_driver_nl80211_event_rtm_dellink(void *ctx, while (RTA_OK(attr, attrlen)) { switch (attr->rta_type) { case IFLA_IFNAME: - if (RTA_PAYLOAD(attr) >= IFNAMSIZ) + if (RTA_PAYLOAD(attr) > IFNAMSIZ) break; os_memcpy(ifname, RTA_DATA(attr), RTA_PAYLOAD(attr)); ifname[RTA_PAYLOAD(attr)] = '\0';