Version in base suite: 2.7+git20190128+0c1e29f-6+deb10u1 Base version: wpa_2.7+git20190128+0c1e29f-6+deb10u1 Target version: wpa_2.7+git20190128+0c1e29f-6+deb10u2 Base file: /srv/ftp-master.debian.org/ftp/pool/main/w/wpa/wpa_2.7+git20190128+0c1e29f-6+deb10u1.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/w/wpa/wpa_2.7+git20190128+0c1e29f-6+deb10u2.dsc changelog | 13 + patches/series | 3 patches/upstream-fixes/0001-wpa_supplicant-Do-not-try-to-detect-PSK-mismatch-dur.patch | 28 +++ patches/upstream-fixes/0003-check-for-ft-support.patch | 83 ++++++++++ patches/upstream-fixes/0006-nl80211-fix-RTM-NEW-DELLINK-IFLA_IFNAME.patch | 45 +++++ 5 files changed, 172 insertions(+) diff -Nru wpa-2.7+git20190128+0c1e29f/debian/changelog wpa-2.7+git20190128+0c1e29f/debian/changelog --- wpa-2.7+git20190128+0c1e29f/debian/changelog 2019-09-17 09:58:08.000000000 +0000 +++ wpa-2.7+git20190128+0c1e29f/debian/changelog 2020-03-24 10:26:58.000000000 +0000 @@ -1,3 +1,16 @@ +wpa (2:2.7+git20190128+0c1e29f-6+deb10u2) buster; urgency=medium + + * Apply upstream patches: + - Do not try to detect PSK mismatch during PTK rekeying. + Fixes the 4-way WPA handshake in some situations. + - Check for FT support when selecting FT suites. + Closes: #942164. + - Fix RTM NEW/DELLINK IFLA_IFNAME copy for maximum ifname length. + Fixes the MAC randomisation issue with some cards. + LP: #1867908. + + -- Andrej Shadura Tue, 24 Mar 2020 11:26:58 +0100 + wpa (2:2.7+git20190128+0c1e29f-6+deb10u1) buster-security; urgency=medium * SECURITY UPDATE: diff -Nru wpa-2.7+git20190128+0c1e29f/debian/patches/series wpa-2.7+git20190128+0c1e29f/debian/patches/series --- wpa-2.7+git20190128+0c1e29f/debian/patches/series 2019-09-17 09:58:08.000000000 +0000 +++ wpa-2.7+git20190128+0c1e29f/debian/patches/series 2020-03-24 10:26:58.000000000 +0000 @@ -33,3 +33,6 @@ 2019-6/0005-EAP-pwd-Run-through-prf-result-processing-even-if-it.patch 2019-6/0006-dragonfly-Disable-use-of-groups-using-Brainpool-curv.patch 2019-7/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch +upstream-fixes/0001-wpa_supplicant-Do-not-try-to-detect-PSK-mismatch-dur.patch +upstream-fixes/0003-check-for-ft-support.patch +upstream-fixes/0006-nl80211-fix-RTM-NEW-DELLINK-IFLA_IFNAME.patch diff -Nru wpa-2.7+git20190128+0c1e29f/debian/patches/upstream-fixes/0001-wpa_supplicant-Do-not-try-to-detect-PSK-mismatch-dur.patch wpa-2.7+git20190128+0c1e29f/debian/patches/upstream-fixes/0001-wpa_supplicant-Do-not-try-to-detect-PSK-mismatch-dur.patch --- wpa-2.7+git20190128+0c1e29f/debian/patches/upstream-fixes/0001-wpa_supplicant-Do-not-try-to-detect-PSK-mismatch-dur.patch 1970-01-01 00:00:00.000000000 +0000 +++ wpa-2.7+git20190128+0c1e29f/debian/patches/upstream-fixes/0001-wpa_supplicant-Do-not-try-to-detect-PSK-mismatch-dur.patch 2020-03-24 10:26:58.000000000 +0000 @@ -0,0 +1,28 @@ +From 84877f253d3dfff2ba70e8226b622ba2d088b054 Mon Sep 17 00:00:00 2001 +From: Alexander Wetzel +Date: Fri, 20 Dec 2019 20:21:26 +0100 +Subject: [PATCH] wpa_supplicant: Do not try to detect PSK mismatch during PTK + rekeying + +When a PTK rekey fails it can't be caused by a PSK mismatch. Report a +possible PSK mismatch only during the initial 4-way handshake to avoid +incorrect reports. + +Signed-off-by: Alexander Wetzel +--- + wpa_supplicant/events.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/wpa_supplicant/events.c ++++ b/wpa_supplicant/events.c +@@ -2999,8 +2999,9 @@ static int could_be_psk_mismatch(struct wpa_supplicant *wpa_s, u16 reason_code, + int locally_generated) + { + if (wpa_s->wpa_state != WPA_4WAY_HANDSHAKE || ++ !wpa_s->new_connection || + !wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt)) +- return 0; /* Not in 4-way handshake with PSK */ ++ return 0; /* Not in initial 4-way handshake with PSK */ + + /* + * It looks like connection was lost while trying to go through PSK diff -Nru wpa-2.7+git20190128+0c1e29f/debian/patches/upstream-fixes/0003-check-for-ft-support.patch wpa-2.7+git20190128+0c1e29f/debian/patches/upstream-fixes/0003-check-for-ft-support.patch --- wpa-2.7+git20190128+0c1e29f/debian/patches/upstream-fixes/0003-check-for-ft-support.patch 1970-01-01 00:00:00.000000000 +0000 +++ wpa-2.7+git20190128+0c1e29f/debian/patches/upstream-fixes/0003-check-for-ft-support.patch 2020-03-24 10:26:58.000000000 +0000 @@ -0,0 +1,83 @@ +From 23dc196fde951b3d508f367a603cddffbd053490 Mon Sep 17 00:00:00 2001 +From: Matthew Wang +Date: Mon, 3 Feb 2020 17:12:05 -0800 +Subject: Check for FT support when selecting FT suites + +A driver supports FT if it either supports SME or the +NL80211_CMD_UPDATE_FT_IES command. When selecting AKM suites, +wpa_supplicant currently doesn't take into account whether or not either +of those conditions are met. This can cause association failures, e.g., +when an AP supports both WPA-EAP and FT-EAP but the driver doesn't +support FT (wpa_supplicant will decide to do FT-EAP since it is unaware +the driver doesn't support it). This change allows an FT suite to be +selected only when the driver also supports FT. + +Signed-off-by: Matthew Wang +Reviewed-by: Brian Norris +--- + src/drivers/driver.h | 2 ++ + src/drivers/driver_nl80211_capa.c | 7 +++++++ + wpa_supplicant/wpa_supplicant.c | 5 +++++ + 3 files changed, 14 insertions(+) + +diff --git a/src/drivers/driver.h b/src/drivers/driver.h +index 23423d9..1b2969e 100644 +--- a/src/drivers/driver.h ++++ b/src/drivers/driver.h +@@ -1618,6 +1618,8 @@ struct wpa_driver_capa { + #define WPA_DRIVER_FLAGS_FTM_RESPONDER 0x0100000000000000ULL + /** Driver support 4-way handshake offload for WPA-Personal */ + #define WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK 0x0200000000000000ULL ++/** Driver supports UPDATE_FT_IES command */ ++#define WPA_DRIVER_FLAGS_UPDATE_FT_IES 0x1000000000000000ULL + u64 flags; + + #define FULL_AP_CLIENT_STATE_SUPP(drv_flags) \ +diff --git a/src/drivers/driver_nl80211_capa.c b/src/drivers/driver_nl80211_capa.c +index 37eeb5e..01fb5cf 100644 +--- a/src/drivers/driver_nl80211_capa.c ++++ b/src/drivers/driver_nl80211_capa.c +@@ -78,6 +78,7 @@ struct wiphy_info_data { + unsigned int wmm_ac_supported:1; + unsigned int mac_addr_rand_scan_supported:1; + unsigned int mac_addr_rand_sched_scan_supported:1; ++ unsigned int update_ft_ies_supported:1; + }; + + +@@ -243,6 +244,9 @@ static void wiphy_info_supp_cmds(struct wiphy_info_data *info, + case NL80211_CMD_SET_QOS_MAP: + info->set_qos_map_supported = 1; + break; ++ case NL80211_CMD_UPDATE_FT_IES: ++ info->update_ft_ies_supported = 1; ++ break; + } + } + } +@@ -904,6 +908,9 @@ static int wpa_driver_nl80211_get_info(struct wpa_driver_nl80211_data *drv, + drv->capa.max_sched_scan_plan_iterations = 0; + } + ++ if (info->update_ft_ies_supported) ++ drv->capa.flags |= WPA_DRIVER_FLAGS_UPDATE_FT_IES; ++ + return 0; + } + +diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c +index e0ee553..3430c62 100644 +--- a/wpa_supplicant/wpa_supplicant.c ++++ b/wpa_supplicant/wpa_supplicant.c +@@ -1386,6 +1386,11 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s, + if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE)) + sel &= ~(WPA_KEY_MGMT_SAE | WPA_KEY_MGMT_FT_SAE); + #endif /* CONFIG_SAE */ ++#ifdef CONFIG_IEEE80211R ++ if (!(wpa_s->drv_flags & (WPA_DRIVER_FLAGS_SME | ++ WPA_DRIVER_FLAGS_UPDATE_FT_IES))) ++ sel &= ~WPA_KEY_MGMT_FT; ++#endif /* CONFIG_IEEE80211R */ + if (0) { + #ifdef CONFIG_SUITEB192 + } else if (sel & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) { diff -Nru wpa-2.7+git20190128+0c1e29f/debian/patches/upstream-fixes/0006-nl80211-fix-RTM-NEW-DELLINK-IFLA_IFNAME.patch wpa-2.7+git20190128+0c1e29f/debian/patches/upstream-fixes/0006-nl80211-fix-RTM-NEW-DELLINK-IFLA_IFNAME.patch --- wpa-2.7+git20190128+0c1e29f/debian/patches/upstream-fixes/0006-nl80211-fix-RTM-NEW-DELLINK-IFLA_IFNAME.patch 1970-01-01 00:00:00.000000000 +0000 +++ wpa-2.7+git20190128+0c1e29f/debian/patches/upstream-fixes/0006-nl80211-fix-RTM-NEW-DELLINK-IFLA_IFNAME.patch 2020-03-24 10:26:58.000000000 +0000 @@ -0,0 +1,45 @@ +From 7546c489a95a033c78331915fcdfa0e6fd74d563 Mon Sep 17 00:00:00 2001 +From: Ouden +Date: Wed, 18 Mar 2020 17:58:37 +0800 +Subject: nl80211: Fix RTM NEW/DELLINK IFLA_IFNAME copy for maximum ifname + length + +If the kernel rtm_newlink or rtm_dellink send the maximum length of +ifname (IFNAMSIZ), the event handlers in +wpa_driver_nl80211_event_rtm_addlink() and +wpa_driver_nl80211_event_rtm_dellink() did not copy the IFLA_IFNAME +value. Because the RTA_PAYLOAD (IFLA_IFNAME) length already includes the +NULL termination, that equals the IFNAMSIZ. + +Fix the condition when IFNAME reach maximum size. + +Signed-off-by: Ouden +--- + src/drivers/driver_nl80211.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c +index efcd69a..c071cc0 100644 +--- a/src/drivers/driver_nl80211.c ++++ b/src/drivers/driver_nl80211.c +@@ -1047,7 +1047,7 @@ static void wpa_driver_nl80211_event_rtm_newlink(void *ctx, + while (RTA_OK(attr, attrlen)) { + switch (attr->rta_type) { + case IFLA_IFNAME: +- if (RTA_PAYLOAD(attr) >= IFNAMSIZ) ++ if (RTA_PAYLOAD(attr) > IFNAMSIZ) + break; + os_memcpy(ifname, RTA_DATA(attr), RTA_PAYLOAD(attr)); + ifname[RTA_PAYLOAD(attr)] = '\0'; +@@ -1222,7 +1222,7 @@ static void wpa_driver_nl80211_event_rtm_dellink(void *ctx, + while (RTA_OK(attr, attrlen)) { + switch (attr->rta_type) { + case IFLA_IFNAME: +- if (RTA_PAYLOAD(attr) >= IFNAMSIZ) ++ if (RTA_PAYLOAD(attr) > IFNAMSIZ) + break; + os_memcpy(ifname, RTA_DATA(attr), RTA_PAYLOAD(attr)); + ifname[RTA_PAYLOAD(attr)] = '\0'; +-- +cgit v0.12 +