Miroirs/slackware-current
1
0
Fork 0
mirror of git://slackware.nl/current.git synced 2024-12-26 09:58:59 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Wed Dec 29 02:42:32 UTC 2021

Browse source 
l/libgsf-1.14.48-x86_64-1.txz:  Upgraded.
l/netpbm-10.97.00-x86_64-1.txz:  Upgraded.
n/wpa_supplicant-2.9-x86_64-8.txz:  Rebuilt.
  This update fixes the following security issues:
  AP mode PMF disconnection protection bypass.
  UPnP SUBSCRIBE misbehavior in hostapd WPS AP.
  P2P group information processing vulnerability.
  P2P provision discovery processing vulnerability.
  ASN.1: Validate DigestAlgorithmIdentifier parameters.
  Flush pending control interface message for an interface to be removed.
  These issues could result in a denial-of-service, privilege escalation,
  arbitrary code execution, or other unexpected behavior.
  Thanks to nobodino for pointing out the patches.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0326
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0535
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12695
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16275
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27803
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30004
  (* Security fix *)
xap/seamonkey-2.53.10.2-x86_64-1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.seamonkey-project.org/releases/seamonkey2.53.10.2
  (* Security fix *)
This commit is contained in:
Patrick J Volkerding 2021-12-29 02:42:32 +00:00 committed by Eric Hameleers
parent ac00706594
commit 58eb3d5294
14 changed files with 916 additions and 64 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

40
ChangeLog.rss
View file

@ -11,9 +11,45 @@
<description>Tracking Slackware development in git.</description>
<language>en-us</language>
<id xmlns="http://www.w3.org/2005/Atom">urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f</id>
<pubDate>Mon, 27 Dec 2021 23:06:00 GMT</pubDate>
<lastBuildDate>Tue, 28 Dec 2021 07:59:46 GMT</lastBuildDate>
<pubDate>Wed, 29 Dec 2021 02:42:32 GMT</pubDate>
<lastBuildDate>Wed, 29 Dec 2021 07:59:45 GMT</lastBuildDate>
<generator>maintain_current_git.sh v 1.13</generator>
<item>
<title>Wed, 29 Dec 2021 02:42:32 GMT</title>
<pubDate>Wed, 29 Dec 2021 02:42:32 GMT</pubDate>
<link>https://git.slackware.nl/current/tag/?h=20211229024232</link>
<guid isPermaLink="false">20211229024232</guid>
<description>
<![CDATA[<pre>
l/libgsf-1.14.48-x86_64-1.txz: Upgraded.
l/netpbm-10.97.00-x86_64-1.txz: Upgraded.
n/wpa_supplicant-2.9-x86_64-8.txz: Rebuilt.
This update fixes the following security issues:
AP mode PMF disconnection protection bypass.
UPnP SUBSCRIBE misbehavior in hostapd WPS AP.
P2P group information processing vulnerability.
P2P provision discovery processing vulnerability.
ASN.1: Validate DigestAlgorithmIdentifier parameters.
Flush pending control interface message for an interface to be removed.
These issues could result in a denial-of-service, privilege escalation,
arbitrary code execution, or other unexpected behavior.
Thanks to nobodino for pointing out the patches.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0326
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0535
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12695
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16275
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27803
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30004
(* Security fix *)
xap/seamonkey-2.53.10.2-x86_64-1.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.seamonkey-project.org/releases/seamonkey2.53.10.2
(* Security fix *)
</pre>]]>
</description>
</item>
<item>
<title>Mon, 27 Dec 2021 23:06:00 GMT</title>
<pubDate>Mon, 27 Dec 2021 23:06:00 GMT</pubDate>

28
ChangeLog.txt
View file

@ -1,3 +1,31 @@
Wed Dec 29 02:42:32 UTC 2021
l/libgsf-1.14.48-x86_64-1.txz: Upgraded.
l/netpbm-10.97.00-x86_64-1.txz: Upgraded.
n/wpa_supplicant-2.9-x86_64-8.txz: Rebuilt.
This update fixes the following security issues:
AP mode PMF disconnection protection bypass.
UPnP SUBSCRIBE misbehavior in hostapd WPS AP.
P2P group information processing vulnerability.
P2P provision discovery processing vulnerability.
ASN.1: Validate DigestAlgorithmIdentifier parameters.
Flush pending control interface message for an interface to be removed.
These issues could result in a denial-of-service, privilege escalation,
arbitrary code execution, or other unexpected behavior.
Thanks to nobodino for pointing out the patches.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0326
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0535
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12695
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16275
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27803
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30004
(* Security fix *)
xap/seamonkey-2.53.10.2-x86_64-1.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.seamonkey-project.org/releases/seamonkey2.53.10.2
(* Security fix *)
+--------------------------+
Mon Dec 27 23:06:00 UTC 2021
The --enable-systemd-logind change to xorg-server that caused resume from
suspend regressions (and others) has been reverted, and in retrospect it was

94
FILELIST.TXT
View file

@ -1,20 +1,20 @@
Mon Dec 27 23:10:35 UTC 2021
Wed Dec 29 02:54:03 UTC 2021
Here is the file list for this directory. If you are using a
mirror site and find missing or extra files in the disk
subdirectories, please have the archive administrator refresh
the mirror.
drwxr-xr-x 12 root root 4096 2021-12-27 23:06 .
drwxr-xr-x 12 root root 4096 2021-12-29 02:42 .
-rw-r--r-- 1 root root 10064 2016-06-30 18:39 ./ANNOUNCE.14_2
-rw-r--r-- 1 root root 15573 2021-12-07 17:35 ./CHANGES_AND_HINTS.TXT
-rw-r--r-- 1 root root 1091989 2021-12-24 20:44 ./CHECKSUMS.md5
-rw-r--r-- 1 root root 163 2021-12-24 20:44 ./CHECKSUMS.md5.asc
-rw-r--r-- 1 root root 1093004 2021-12-27 23:10 ./CHECKSUMS.md5
-rw-r--r-- 1 root root 163 2021-12-27 23:10 ./CHECKSUMS.md5.asc
-rw-r--r-- 1 root root 17976 1994-06-10 02:28 ./COPYING
-rw-r--r-- 1 root root 35147 2007-06-30 04:21 ./COPYING3
-rw-r--r-- 1 root root 19573 2016-06-23 20:08 ./COPYRIGHT.TXT
-rw-r--r-- 1 root root 616 2006-10-02 04:37 ./CRYPTO_NOTICE.TXT
-rw-r--r-- 1 root root 1814410 2021-12-27 23:06 ./ChangeLog.txt
-rw-r--r-- 1 root root 1815824 2021-12-29 02:42 ./ChangeLog.txt
drwxr-xr-x 3 root root 4096 2013-03-20 22:17 ./EFI
drwxr-xr-x 2 root root 4096 2021-12-22 19:27 ./EFI/BOOT
-rw-r--r-- 1 root root 1187840 2021-06-15 19:16 ./EFI/BOOT/bootx64.efi
@ -25,9 +25,9 @@ drwxr-xr-x 2 root root 4096 2021-12-22 19:27 ./EFI/BOOT
-rwxr-xr-x 1 root root 2504 2019-07-05 18:54 ./EFI/BOOT/make-grub.sh
-rw-r--r-- 1 root root 10722 2013-09-21 19:02 ./EFI/BOOT/osdetect.cfg
-rw-r--r-- 1 root root 1273 2013-08-12 21:08 ./EFI/BOOT/tools.cfg
-rw-r--r-- 1 root root 1421752 2021-12-24 20:43 ./FILELIST.TXT
-rw-r--r-- 1 root root 1423205 2021-12-27 23:10 ./FILELIST.TXT
-rw-r--r-- 1 root root 1572 2012-08-29 18:27 ./GPG-KEY
-rw-r--r-- 1 root root 863771 2021-12-27 23:10 ./PACKAGES.TXT
-rw-r--r-- 1 root root 863771 2021-12-29 02:53 ./PACKAGES.TXT
-rw-r--r-- 1 root root 8564 2016-06-28 21:33 ./README.TXT
-rw-r--r-- 1 root root 3635 2021-12-22 19:15 ./README.initrd
-rw-r--r-- 1 root root 34412 2017-12-01 17:44 ./README_CRYPT.TXT
@ -743,11 +743,11 @@ drwxr-xr-x 2 root root 4096 2012-09-20 18:06 ./patches
-rw-r--r-- 1 root root 575 2012-09-20 18:06 ./patches/FILE_LIST
-rw-r--r-- 1 root root 14 2012-09-20 18:06 ./patches/MANIFEST.bz2
-rw-r--r-- 1 root root 224 2012-09-20 18:06 ./patches/PACKAGES.TXT
drwxr-xr-x 17 root root 4096 2021-12-27 23:10 ./slackware64
-rw-r--r-- 1 root root 337209 2021-12-27 23:10 ./slackware64/CHECKSUMS.md5
-rw-r--r-- 1 root root 163 2021-12-27 23:10 ./slackware64/CHECKSUMS.md5.asc
-rw-r--r-- 1 root root 418225 2021-12-27 23:09 ./slackware64/FILE_LIST
-rw-r--r-- 1 root root 4162005 2021-12-27 23:09 ./slackware64/MANIFEST.bz2
drwxr-xr-x 17 root root 4096 2021-12-29 02:53 ./slackware64
-rw-r--r-- 1 root root 337209 2021-12-29 02:53 ./slackware64/CHECKSUMS.md5
-rw-r--r-- 1 root root 163 2021-12-29 02:53 ./slackware64/CHECKSUMS.md5.asc
-rw-r--r-- 1 root root 418225 2021-12-29 02:52 ./slackware64/FILE_LIST
-rw-r--r-- 1 root root 4157052 2021-12-29 02:52 ./slackware64/MANIFEST.bz2
lrwxrwxrwx 1 root root 15 2009-08-23 23:34 ./slackware64/PACKAGES.TXT -> ../PACKAGES.TXT
drwxr-xr-x 2 root root 32768 2021-12-22 19:30 ./slackware64/a
-rw-r--r-- 1 root root 327 2021-07-17 17:47 ./slackware64/a/aaa_base-15.0-x86_64-1.txt
@ -2741,7 +2741,7 @@ drwxr-xr-x 2 root root 86016 2021-12-27 23:09 ./slackware64/kde
-rw-r--r-- 1 root root 296 2021-12-10 06:34 ./slackware64/kde/zeroconf-ioslave-21.12.0-x86_64-1.txt
-rw-r--r-- 1 root root 50236 2021-12-10 06:34 ./slackware64/kde/zeroconf-ioslave-21.12.0-x86_64-1.txz
-rw-r--r-- 1 root root 163 2021-12-10 06:34 ./slackware64/kde/zeroconf-ioslave-21.12.0-x86_64-1.txz.asc
drwxr-xr-x 2 root root 81920 2021-12-27 23:09 ./slackware64/l
drwxr-xr-x 2 root root 81920 2021-12-29 02:51 ./slackware64/l
-rw-r--r-- 1 root root 329 2021-02-13 05:56 ./slackware64/l/GConf-3.2.6-x86_64-7.txt
-rw-r--r-- 1 root root 928148 2021-02-13 05:56 ./slackware64/l/GConf-3.2.6-x86_64-7.txz
-rw-r--r-- 1 root root 163 2021-02-13 05:56 ./slackware64/l/GConf-3.2.6-x86_64-7.txz.asc
@ -3254,9 +3254,9 @@ drwxr-xr-x 2 root root 81920 2021-12-27 23:09 ./slackware64/l
-rw-r--r-- 1 root root 517 2021-11-11 16:26 ./slackware64/l/libgpod-0.8.3-x86_64-11.txt
-rw-r--r-- 1 root root 306516 2021-11-11 16:26 ./slackware64/l/libgpod-0.8.3-x86_64-11.txz
-rw-r--r-- 1 root root 163 2021-11-11 16:26 ./slackware64/l/libgpod-0.8.3-x86_64-11.txz.asc
-rw-r--r-- 1 root root 336 2021-02-13 07:03 ./slackware64/l/libgsf-1.14.47-x86_64-3.txt
-rw-r--r-- 1 root root 320488 2021-02-13 07:03 ./slackware64/l/libgsf-1.14.47-x86_64-3.txz
-rw-r--r-- 1 root root 163 2021-02-13 07:03 ./slackware64/l/libgsf-1.14.47-x86_64-3.txz.asc
-rw-r--r-- 1 root root 336 2021-12-28 19:31 ./slackware64/l/libgsf-1.14.48-x86_64-1.txt
-rw-r--r-- 1 root root 325760 2021-12-28 19:31 ./slackware64/l/libgsf-1.14.48-x86_64-1.txz
-rw-r--r-- 1 root root 163 2021-12-28 19:31 ./slackware64/l/libgsf-1.14.48-x86_64-1.txz.asc
-rw-r--r-- 1 root root 342 2021-09-09 01:34 ./slackware64/l/libgtop-2.40.0-x86_64-5.txt
-rw-r--r-- 1 root root 196192 2021-09-09 01:34 ./slackware64/l/libgtop-2.40.0-x86_64-5.txz
-rw-r--r-- 1 root root 163 2021-09-09 01:34 ./slackware64/l/libgtop-2.40.0-x86_64-5.txz.asc
@ -3538,9 +3538,9 @@ drwxr-xr-x 2 root root 81920 2021-12-27 23:09 ./slackware64/l
-rw-r--r-- 1 root root 345 2021-09-22 04:09 ./slackware64/l/neon-0.32.1-x86_64-1.txt
-rw-r--r-- 1 root root 215068 2021-09-22 04:09 ./slackware64/l/neon-0.32.1-x86_64-1.txz
-rw-r--r-- 1 root root 163 2021-09-22 04:09 ./slackware64/l/neon-0.32.1-x86_64-1.txz.asc
-rw-r--r-- 1 root root 271 2021-12-22 19:07 ./slackware64/l/netpbm-10.96.06-x86_64-1.txt
-rw-r--r-- 1 root root 2093100 2021-12-22 19:07 ./slackware64/l/netpbm-10.96.06-x86_64-1.txz
-rw-r--r-- 1 root root 163 2021-12-22 19:07 ./slackware64/l/netpbm-10.96.06-x86_64-1.txz.asc
-rw-r--r-- 1 root root 271 2021-12-28 19:36 ./slackware64/l/netpbm-10.97.00-x86_64-1.txt
-rw-r--r-- 1 root root 2098804 2021-12-28 19:36 ./slackware64/l/netpbm-10.97.00-x86_64-1.txz
-rw-r--r-- 1 root root 163 2021-12-28 19:36 ./slackware64/l/netpbm-10.97.00-x86_64-1.txz.asc
-rw-r--r-- 1 root root 423 2021-11-03 01:01 ./slackware64/l/newt-0.52.21-x86_64-7.txt
-rw-r--r-- 1 root root 114448 2021-11-03 01:01 ./slackware64/l/newt-0.52.21-x86_64-7.txz
-rw-r--r-- 1 root root 163 2021-11-03 01:01 ./slackware64/l/newt-0.52.21-x86_64-7.txz.asc
@ -3878,7 +3878,7 @@ drwxr-xr-x 2 root root 81920 2021-12-27 23:09 ./slackware64/l
-rw-r--r-- 1 root root 463 2021-12-21 17:10 ./slackware64/l/zstd-1.5.1-x86_64-1.txt
-rw-r--r-- 1 root root 436008 2021-12-21 17:10 ./slackware64/l/zstd-1.5.1-x86_64-1.txz
-rw-r--r-- 1 root root 163 2021-12-21 17:10 ./slackware64/l/zstd-1.5.1-x86_64-1.txz.asc
drwxr-xr-x 2 root root 32768 2021-12-27 23:09 ./slackware64/n
drwxr-xr-x 2 root root 32768 2021-12-29 02:51 ./slackware64/n
-rw-r--r-- 1 root root 357 2021-11-26 19:25 ./slackware64/n/ModemManager-1.18.4-x86_64-1.txt
-rw-r--r-- 1 root root 2127700 2021-11-26 19:25 ./slackware64/n/ModemManager-1.18.4-x86_64-1.txz
-rw-r--r-- 1 root root 163 2021-11-26 19:25 ./slackware64/n/ModemManager-1.18.4-x86_64-1.txz.asc
@ -4334,9 +4334,9 @@ drwxr-xr-x 2 root root 32768 2021-12-27 23:09 ./slackware64/n
-rw-r--r-- 1 root root 677 2021-03-18 23:31 ./slackware64/n/wireless_tools-30.pre9-x86_64-5.txt
-rw-r--r-- 1 root root 134520 2021-03-18 23:31 ./slackware64/n/wireless_tools-30.pre9-x86_64-5.txz
-rw-r--r-- 1 root root 163 2021-03-18 23:31 ./slackware64/n/wireless_tools-30.pre9-x86_64-5.txz.asc
-rw-r--r-- 1 root root 600 2021-06-09 18:58 ./slackware64/n/wpa_supplicant-2.9-x86_64-7.txt
-rw-r--r-- 1 root root 1250264 2021-06-09 18:58 ./slackware64/n/wpa_supplicant-2.9-x86_64-7.txz
-rw-r--r-- 1 root root 163 2021-06-09 18:58 ./slackware64/n/wpa_supplicant-2.9-x86_64-7.txz.asc
-rw-r--r-- 1 root root 600 2021-12-28 20:00 ./slackware64/n/wpa_supplicant-2.9-x86_64-8.txt
-rw-r--r-- 1 root root 1250444 2021-12-28 20:00 ./slackware64/n/wpa_supplicant-2.9-x86_64-8.txz
-rw-r--r-- 1 root root 163 2021-12-28 20:00 ./slackware64/n/wpa_supplicant-2.9-x86_64-8.txz.asc
-rw-r--r-- 1 root root 406 2021-02-13 12:33 ./slackware64/n/yptools-4.2.3-x86_64-3.txt
-rw-r--r-- 1 root root 189168 2021-02-13 12:33 ./slackware64/n/yptools-4.2.3-x86_64-3.txz
-rw-r--r-- 1 root root 163 2021-02-13 12:33 ./slackware64/n/yptools-4.2.3-x86_64-3.txz.asc
@ -5339,7 +5339,7 @@ drwxr-xr-x 2 root root 65536 2021-12-27 23:09 ./slackware64/x
-rw-r--r-- 1 root root 213 2021-02-13 13:14 ./slackware64/x/xwud-1.0.5-x86_64-4.txt
-rw-r--r-- 1 root root 25428 2021-02-13 13:14 ./slackware64/x/xwud-1.0.5-x86_64-4.txz
-rw-r--r-- 1 root root 163 2021-02-13 13:14 ./slackware64/x/xwud-1.0.5-x86_64-4.txz.asc
drwxr-xr-x 2 root root 16384 2021-12-27 23:09 ./slackware64/xap
drwxr-xr-x 2 root root 16384 2021-12-29 02:51 ./slackware64/xap
-rw-r--r-- 1 root root 625 2021-04-18 18:11 ./slackware64/xap/MPlayer-20210418-x86_64-1.txt
-rw-r--r-- 1 root root 2738724 2021-04-18 18:11 ./slackware64/xap/MPlayer-20210418-x86_64-1.txz
-rw-r--r-- 1 root root 163 2021-04-18 18:11 ./slackware64/xap/MPlayer-20210418-x86_64-1.txz.asc
@ -5443,9 +5443,9 @@ drwxr-xr-x 2 root root 16384 2021-12-27 23:09 ./slackware64/xap
-rw-r--r-- 1 root root 359 2021-02-15 20:28 ./slackware64/xap/sane-1.0.32-x86_64-1.txt
-rw-r--r-- 1 root root 3407020 2021-02-15 20:28 ./slackware64/xap/sane-1.0.32-x86_64-1.txz
-rw-r--r-- 1 root root 163 2021-02-15 20:28 ./slackware64/xap/sane-1.0.32-x86_64-1.txz.asc
-rw-r--r-- 1 root root 392 2021-12-13 03:17 ./slackware64/xap/seamonkey-2.53.10.1-x86_64-1.txt
-rw-r--r-- 1 root root 38101600 2021-12-13 03:17 ./slackware64/xap/seamonkey-2.53.10.1-x86_64-1.txz
-rw-r--r-- 1 root root 163 2021-12-13 03:17 ./slackware64/xap/seamonkey-2.53.10.1-x86_64-1.txz.asc
-rw-r--r-- 1 root root 392 2021-12-28 18:07 ./slackware64/xap/seamonkey-2.53.10.2-x86_64-1.txt
-rw-r--r-- 1 root root 38096188 2021-12-28 18:07 ./slackware64/xap/seamonkey-2.53.10.2-x86_64-1.txz
-rw-r--r-- 1 root root 163 2021-12-28 18:07 ./slackware64/xap/seamonkey-2.53.10.2-x86_64-1.txz.asc
-rw-r--r-- 1 root root 602 2021-02-13 13:41 ./slackware64/xap/seyon-2.20c-x86_64-6.txt
-rw-r--r-- 1 root root 116916 2021-02-13 13:41 ./slackware64/xap/seyon-2.20c-x86_64-6.txz
-rw-r--r-- 1 root root 163 2021-02-13 13:41 ./slackware64/xap/seyon-2.20c-x86_64-6.txz.asc
@ -5606,11 +5606,11 @@ drwxr-xr-x 2 root root 4096 2021-02-15 19:33 ./slackware64/y
-rw-r--r-- 1 root root 1486956 2021-02-13 13:56 ./slackware64/y/nethack-3.6.6-x86_64-3.txz
-rw-r--r-- 1 root root 163 2021-02-13 13:56 ./slackware64/y/nethack-3.6.6-x86_64-3.txz.asc
-rw-r--r-- 1 root root 26 2020-12-30 21:55 ./slackware64/y/tagfile
drwxr-xr-x 18 root root 4096 2021-12-27 23:10 ./source
-rw-r--r-- 1 root root 581785 2021-12-27 23:10 ./source/CHECKSUMS.md5
-rw-r--r-- 1 root root 163 2021-12-27 23:10 ./source/CHECKSUMS.md5.asc
-rw-r--r-- 1 root root 810169 2021-12-27 23:10 ./source/FILE_LIST
-rw-r--r-- 1 root root 23323949 2021-12-27 23:10 ./source/MANIFEST.bz2
drwxr-xr-x 18 root root 4096 2021-12-29 02:54 ./source
-rw-r--r-- 1 root root 582775 2021-12-29 02:54 ./source/CHECKSUMS.md5
-rw-r--r-- 1 root root 163 2021-12-29 02:54 ./source/CHECKSUMS.md5.asc
-rw-r--r-- 1 root root 811280 2021-12-29 02:53 ./source/FILE_LIST
-rw-r--r-- 1 root root 23298433 2021-12-29 02:53 ./source/MANIFEST.bz2
-rw-r--r-- 1 root root 1314 2006-10-02 04:40 ./source/README.TXT
drwxr-xr-x 122 root root 4096 2021-11-11 20:15 ./source/a
-rw-r--r-- 1 root root 1591 2021-04-06 18:09 ./source/a/FTBFSlog
@ -10630,9 +10630,9 @@ drwxr-xr-x 2 root root 4096 2021-04-18 18:14 ./source/l/libgpod
-rw-r--r-- 1 root root 666488 2013-09-04 11:24 ./source/l/libgpod/libgpod-0.8.3.tar.xz
-rwxr-xr-x 1 root root 4727 2021-11-11 16:26 ./source/l/libgpod/libgpod.SlackBuild
-rw-r--r-- 1 root root 972 2018-02-27 06:12 ./source/l/libgpod/slack-desc
drwxr-xr-x 2 root root 4096 2021-02-13 05:31 ./source/l/libgsf
-rw-r--r-- 1 root root 691448 2020-03-23 23:15 ./source/l/libgsf/libgsf-1.14.47.tar.xz
-rwxr-xr-x 1 root root 4211 2021-02-13 05:31 ./source/l/libgsf/libgsf.SlackBuild
drwxr-xr-x 2 root root 4096 2021-12-28 19:30 ./source/l/libgsf
-rw-r--r-- 1 root root 701760 2021-12-28 01:13 ./source/l/libgsf/libgsf-1.14.48.tar.xz
-rwxr-xr-x 1 root root 4211 2021-12-28 19:30 ./source/l/libgsf/libgsf.SlackBuild
-rw-r--r-- 1 root root 790 2018-02-27 06:12 ./source/l/libgsf/slack-desc
drwxr-xr-x 2 root root 4096 2021-02-13 05:31 ./source/l/libgtop
-rw-r--r-- 1 root root 741155 2019-03-11 09:03 ./source/l/libgtop/libgtop-2.40.0.tar.lz
@ -11110,8 +11110,8 @@ drwxr-xr-x 2 root root 4096 2021-09-22 04:09 ./source/l/neon
-rwxr-xr-x 1 root root 4451 2021-09-21 02:45 ./source/l/neon/neon.SlackBuild
-rw-r--r-- 1 root root 31 2020-04-18 18:41 ./source/l/neon/neon.url
-rw-r--r-- 1 root root 797 2020-04-18 18:41 ./source/l/neon/slack-desc
drwxr-xr-x 2 root root 4096 2021-12-22 19:07 ./source/l/netpbm
-rw-r--r-- 1 root root 3209709 2021-12-22 19:06 ./source/l/netpbm/netpbm-10.96.06.tar.lz
drwxr-xr-x 2 root root 4096 2021-12-28 19:36 ./source/l/netpbm
-rw-r--r-- 1 root root 3221590 2021-12-28 19:31 ./source/l/netpbm/netpbm-10.97.00.tar.lz
-rw-r--r-- 1 root root 381 2019-04-17 08:07 ./source/l/netpbm/netpbm-CAN-2005-2471.patch.gz
-rw-r--r-- 1 root root 382 2019-04-17 08:07 ./source/l/netpbm/netpbm-CVE-2017-2587.patch.gz
-rw-r--r-- 1 root root 284 2019-04-17 08:07 ./source/l/netpbm/netpbm-bmptopnm.patch.gz
@ -11760,7 +11760,7 @@ drwxr-xr-x 2 root root 4096 2021-12-21 17:10 ./source/l/zstd
-rw-r--r-- 1 root root 325 2018-12-30 04:38 ./source/l/zstd/zstd.dont.link.pzstd.to.static.libzstd.a.diff.gz
-rw-r--r-- 1 root root 33 2018-11-08 01:06 ./source/l/zstd/zstd.url
-rwxr-xr-x 1 root root 14547 2021-02-14 06:12 ./source/make_world.sh
drwxr-xr-x 156 root root 4096 2021-11-11 17:47 ./source/n
drwxr-xr-x 156 root root 4096 2021-12-28 20:15 ./source/n
-rw-r--r-- 1 root root 1448 2021-01-17 00:09 ./source/n/FTBFSlog
drwxr-xr-x 2 root root 4096 2021-11-26 19:24 ./source/n/ModemManager
-rw-r--r-- 1 root root 2510768 2021-11-26 09:45 ./source/n/ModemManager/ModemManager-1.18.4.tar.xz
@ -12839,7 +12839,7 @@ drwxr-xr-x 2 root root 4096 2017-11-14 23:02 ./source/n/wireless_tools/scr
-rwxr-xr-x 1 root root 4055 2021-03-10 04:16 ./source/n/wireless_tools/wireless_tools.SlackBuild
-rw-r--r-- 1 root root 227 2005-07-14 05:20 ./source/n/wireless_tools/wireless_tools.nowhine.diff.gz
-rw-r--r-- 1 root root 59 2018-12-31 19:59 ./source/n/wireless_tools/wireless_tools.url
drwxr-xr-x 4 root root 4096 2021-06-09 18:33 ./source/n/wpa_supplicant
drwxr-xr-x 4 root root 4096 2021-12-29 02:47 ./source/n/wpa_supplicant
-rw-r--r-- 1 root root 2080 2005-08-06 20:17 ./source/n/wpa_supplicant/README.slackware
drwxr-xr-x 2 root root 4096 2021-06-09 18:33 ./source/n/wpa_supplicant/config
-rw-r--r-- 1 root root 22874 2021-06-09 18:33 ./source/n/wpa_supplicant/config/dot.config
@ -12848,14 +12848,22 @@ drwxr-xr-x 2 root root 4096 2021-06-09 18:33 ./source/n/wpa_supplicant/con
-rw-r--r-- 1 root root 65 2012-05-06 07:08 ./source/n/wpa_supplicant/config/wpa_supplicant.conf
-rw-r--r-- 1 root root 100 2012-05-06 07:05 ./source/n/wpa_supplicant/config/wpa_supplicant.logrotate
-rw-r--r-- 1 root root 284 2012-05-06 07:31 ./source/n/wpa_supplicant/doinst.sh.gz
drwxr-xr-x 2 root root 4096 2019-04-22 18:35 ./source/n/wpa_supplicant/patches
drwxr-xr-x 2 root root 4096 2021-12-28 19:59 ./source/n/wpa_supplicant/patches
-rw-r--r-- 1 root root 1234 2019-09-11 10:33 ./source/n/wpa_supplicant/patches/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch.gz
-rw-r--r-- 1 root root 985 2021-02-25 18:45 ./source/n/wpa_supplicant/patches/0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch.gz
-rw-r--r-- 1 root root 947 2021-02-03 23:00 ./source/n/wpa_supplicant/patches/0001-P2P-Fix-copying-of-secondary-device-types-for-P2P-gr.patch.gz
-rw-r--r-- 1 root root 2441 2020-06-08 14:15 ./source/n/wpa_supplicant/patches/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch.gz
-rw-r--r-- 1 root root 1237 2020-06-08 14:15 ./source/n/wpa_supplicant/patches/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch.gz
-rw-r--r-- 1 root root 884 2020-06-08 14:15 ./source/n/wpa_supplicant/patches/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch.gz
-rw-r--r-- 1 root root 2301 2021-12-28 19:51 ./source/n/wpa_supplicant/patches/8ca330bd709bf7c000dfda5b1edbc0cbeabb8b55.patch.gz
-rw-r--r-- 1 root root 1288 2021-12-28 19:50 ./source/n/wpa_supplicant/patches/a0541334a6394f8237a4393b7372693cd7e96f15.patch.gz
-rw-r--r-- 1 root root 454 2018-12-15 14:31 ./source/n/wpa_supplicant/patches/allow-tlsv1.patch.gz
-rw-r--r-- 1 root root 589 2018-12-18 16:36 ./source/n/wpa_supplicant/patches/wpa_supplicant-flush-debug-output.patch.gz
-rw-r--r-- 1 root root 687 2018-12-18 16:36 ./source/n/wpa_supplicant/patches/wpa_supplicant-gui-qt4.patch.gz
-rw-r--r-- 1 root root 625 2018-12-18 16:36 ./source/n/wpa_supplicant/patches/wpa_supplicant-quiet-scan-results-message.patch.gz
-rw-r--r-- 1 root root 1061 2018-12-06 20:13 ./source/n/wpa_supplicant/slack-desc
-rw-r--r-- 1 root root 2168678 2019-08-07 14:28 ./source/n/wpa_supplicant/wpa_supplicant-2.9.tar.lz
-rwxr-xr-x 1 root root 6201 2021-06-09 18:33 ./source/n/wpa_supplicant/wpa_supplicant.SlackBuild
-rwxr-xr-x 1 root root 7172 2021-12-28 19:58 ./source/n/wpa_supplicant/wpa_supplicant.SlackBuild
drwxr-xr-x 2 root root 4096 2021-02-13 05:32 ./source/n/yptools
-rw-r--r-- 1 root root 616 2000-11-24 23:39 ./source/n/yptools/nsswitch.conf-nis.gz
-rw-r--r-- 1 root root 1355 2017-11-19 02:09 ./source/n/yptools/rc.yp.gz
@ -14738,13 +14746,13 @@ drwxr-xr-x 2 root root 4096 2021-02-15 20:27 ./source/xap/sane
-rwxr-xr-x 1 root root 6139 2021-02-15 20:27 ./source/xap/sane/sane.SlackBuild
-rw-r--r-- 1 root root 40 2020-05-17 19:09 ./source/xap/sane/sane.url
-rw-r--r-- 1 root root 811 2020-05-17 19:09 ./source/xap/sane/slack-desc
drwxr-xr-x 3 root root 4096 2021-12-13 03:02 ./source/xap/seamonkey
drwxr-xr-x 3 root root 4096 2021-12-28 17:51 ./source/xap/seamonkey
drwxr-xr-x 2 root root 4096 2016-07-03 18:05 ./source/xap/seamonkey/autoconf
-rw-r--r-- 1 root root 5869 2016-07-03 18:04 ./source/xap/seamonkey/autoconf/autoconf-2.13-consolidated_fixes-1.patch.gz
-rw-r--r-- 1 root root 300116 1999-01-15 21:03 ./source/xap/seamonkey/autoconf/autoconf-2.13.tar.xz
-rwxr-xr-x 1 root root 2632 2016-07-03 18:50 ./source/xap/seamonkey/autoconf/autoconf.build
-rw-r--r-- 1 root root 248 2019-09-08 19:23 ./source/xap/seamonkey/doinst.sh.gz
-rw-r--r-- 1 root root 284543840 2021-12-12 23:41 ./source/xap/seamonkey/seamonkey-2.53.10.1.source.tar.xz
-rw-r--r-- 1 root root 284350364 2021-12-28 02:23 ./source/xap/seamonkey/seamonkey-2.53.10.2.source.tar.xz
-rw-r--r-- 1 root root 12796 2006-02-09 03:17 ./source/xap/seamonkey/seamonkey-icon.png
-rw-r--r-- 1 root root 185 2006-02-09 03:40 ./source/xap/seamonkey/seamonkey-mail-icon.png
-rw-r--r-- 1 root root 211 2021-07-13 20:11 ./source/xap/seamonkey/seamonkey-mail.desktop

8
recompress.sh
View file

@ -545,7 +545,15 @@ gzip ./source/n/nc/nc-110-21.diff
gzip ./source/n/nc/nc.diff
gzip ./source/n/wpa_supplicant/patches/wpa_supplicant-quiet-scan-results-message.patch
gzip ./source/n/wpa_supplicant/patches/wpa_supplicant-gui-qt4.patch
gzip ./source/n/wpa_supplicant/patches/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch
gzip ./source/n/wpa_supplicant/patches/wpa_supplicant-flush-debug-output.patch
gzip ./source/n/wpa_supplicant/patches/a0541334a6394f8237a4393b7372693cd7e96f15.patch
gzip ./source/n/wpa_supplicant/patches/0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch
gzip ./source/n/wpa_supplicant/patches/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch
gzip ./source/n/wpa_supplicant/patches/8ca330bd709bf7c000dfda5b1edbc0cbeabb8b55.patch
gzip ./source/n/wpa_supplicant/patches/0001-P2P-Fix-copying-of-secondary-device-types-for-P2P-gr.patch
gzip ./source/n/wpa_supplicant/patches/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch
gzip ./source/n/wpa_supplicant/patches/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch
gzip ./source/n/wpa_supplicant/patches/allow-tlsv1.patch
gzip ./source/n/wpa_supplicant/doinst.sh
gzip ./source/n/php/php-fpm.conf.diff

2
source/l/libgsf/libgsf.SlackBuild
View file

@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=libgsf
VERSION=${VERSION:-$(echo libgsf-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
BUILD=${BUILD:-3}
BUILD=${BUILD:-1}
NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}

73
source/n/wpa_supplicant/patches/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch Normal file
View file

@ -0,0 +1,73 @@
From 8c07fa9eda13e835f3f968b2e1c9a8be3a851ff9 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Thu, 29 Aug 2019 11:52:04 +0300
Subject: [PATCH] AP: Silently ignore management frame from unexpected source
address
Do not process any received Management frames with unexpected/invalid SA
so that we do not add any state for unexpected STA addresses or end up
sending out frames to unexpected destination. This prevents unexpected
sequences where an unprotected frame might end up causing the AP to send
out a response to another device and that other device processing the
unexpected response.
In particular, this prevents some potential denial of service cases
where the unexpected response frame from the AP might result in a
connected station dropping its association.
Signed-off-by: Jouni Malinen <j@w1.fi>
---
src/ap/drv_callbacks.c | 13 +++++++++++++
src/ap/ieee802_11.c | 12 ++++++++++++
2 files changed, 25 insertions(+)
diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c
index 31587685fe3b..34ca379edc3d 100644
--- a/src/ap/drv_callbacks.c
+++ b/src/ap/drv_callbacks.c
@@ -131,6 +131,19 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr,
"hostapd_notif_assoc: Skip event with no address");
return -1;
}
+
+ if (is_multicast_ether_addr(addr) ||
+ is_zero_ether_addr(addr) ||
+ os_memcmp(addr, hapd->own_addr, ETH_ALEN) == 0) {
+ /* Do not process any frames with unexpected/invalid SA so that
+ * we do not add any state for unexpected STA addresses or end
+ * up sending out frames to unexpected destination. */
+ wpa_printf(MSG_DEBUG, "%s: Invalid SA=" MACSTR
+ " in received indication - ignore this indication silently",
+ __func__, MAC2STR(addr));
+ return 0;
+ }
+
random_add_randomness(addr, ETH_ALEN);
hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,
diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index c85a28db44b7..e7065372e158 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -4626,6 +4626,18 @@ int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len,
fc = le_to_host16(mgmt->frame_control);
stype = WLAN_FC_GET_STYPE(fc);
+ if (is_multicast_ether_addr(mgmt->sa) ||
+ is_zero_ether_addr(mgmt->sa) ||
+ os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) {
+ /* Do not process any frames with unexpected/invalid SA so that
+ * we do not add any state for unexpected STA addresses or end
+ * up sending out frames to unexpected destination. */
+ wpa_printf(MSG_DEBUG, "MGMT: Invalid SA=" MACSTR
+ " in received frame - ignore this frame silently",
+ MAC2STR(mgmt->sa));
+ return 0;
+ }
+
if (stype == WLAN_FC_STYPE_BEACON) {
handle_beacon(hapd, mgmt, len, fi);
return 1;
--
2.20.1

50
source/n/wpa_supplicant/patches/0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch Normal file
View file

@ -0,0 +1,50 @@
From 8460e3230988ef2ec13ce6b69b687e941f6cdb32 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <jouni@codeaurora.org>
Date: Tue, 8 Dec 2020 23:52:50 +0200
Subject: [PATCH] P2P: Fix a corner case in peer addition based on PD Request
p2p_add_device() may remove the oldest entry if there is no room in the
peer table for a new peer. This would result in any pointer to that
removed entry becoming stale. A corner case with an invalid PD Request
frame could result in such a case ending up using (read+write) freed
memory. This could only by triggered when the peer table has reached its
maximum size and the PD Request frame is received from the P2P Device
Address of the oldest remaining entry and the frame has incorrect P2P
Device Address in the payload.
Fix this by fetching the dev pointer again after having called
p2p_add_device() so that the stale pointer cannot be used.
Fixes: 17bef1e97a50 ("P2P: Add peer entry based on Provision Discovery Request")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
---
src/p2p/p2p_pd.c | 12 +++++-------
1 file changed, 5 insertions(+), 7 deletions(-)
diff --git a/src/p2p/p2p_pd.c b/src/p2p/p2p_pd.c
index 3994ec03f86b..05fd593494ef 100644
--- a/src/p2p/p2p_pd.c
+++ b/src/p2p/p2p_pd.c
@@ -595,14 +595,12 @@ void p2p_process_prov_disc_req(struct p2p_data *p2p, const u8 *sa,
goto out;
}
+ dev = p2p_get_device(p2p, sa);
if (!dev) {
- dev = p2p_get_device(p2p, sa);
- if (!dev) {
- p2p_dbg(p2p,
- "Provision Discovery device not found "
- MACSTR, MAC2STR(sa));
- goto out;
- }
+ p2p_dbg(p2p,
+ "Provision Discovery device not found "
+ MACSTR, MAC2STR(sa));
+ goto out;
}
} else if (msg.wfd_subelems) {
wpabuf_free(dev->info.wfd_subelems);
--
2.25.1

38
source/n/wpa_supplicant/patches/0001-P2P-Fix-copying-of-secondary-device-types-for-P2P-gr.patch Normal file
View file

@ -0,0 +1,38 @@
From 947272febe24a8f0ea828b5b2f35f13c3821901e Mon Sep 17 00:00:00 2001
From: Jouni Malinen <jouni@codeaurora.org>
Date: Mon, 9 Nov 2020 11:43:12 +0200
Subject: [PATCH] P2P: Fix copying of secondary device types for P2P group
client
Parsing and copying of WPS secondary device types list was verifying
that the contents is not too long for the internal maximum in the case
of WPS messages, but similar validation was missing from the case of P2P
group information which encodes this information in a different
attribute. This could result in writing beyond the memory area assigned
for these entries and corrupting memory within an instance of struct
p2p_device. This could result in invalid operations and unexpected
behavior when trying to free pointers from that corrupted memory.
Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27269
Fixes: e57ae6e19edf ("P2P: Keep track of secondary device types for peers")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
---
src/p2p/p2p.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/p2p/p2p.c b/src/p2p/p2p.c
index 74b7b52ae05c..5cbfc217fc1f 100644
--- a/src/p2p/p2p.c
+++ b/src/p2p/p2p.c
@@ -453,6 +453,8 @@ static void p2p_copy_client_info(struct p2p_device *dev,
dev->info.config_methods = cli->config_methods;
os_memcpy(dev->info.pri_dev_type, cli->pri_dev_type, 8);
dev->info.wps_sec_dev_type_list_len = 8 * cli->num_sec_dev_types;
+ if (dev->info.wps_sec_dev_type_list_len > WPS_SEC_DEV_TYPE_MAX_LEN)
+ dev->info.wps_sec_dev_type_list_len = WPS_SEC_DEV_TYPE_MAX_LEN;
os_memcpy(dev->info.wps_sec_dev_type_list, cli->sec_dev_types,
dev->info.wps_sec_dev_type_list_len);
}
--
2.25.1

150
source/n/wpa_supplicant/patches/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch Normal file
View file

@ -0,0 +1,150 @@
From 5b78c8f961f25f4dc22d6f2b77ddd06d712cec63 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <jouni@codeaurora.org>
Date: Wed, 3 Jun 2020 23:17:35 +0300
Subject: [PATCH 1/3] WPS UPnP: Do not allow event subscriptions with URLs to
other networks
The UPnP Device Architecture 2.0 specification errata ("UDA errata
16-04-2020.docx") addresses a problem with notifications being allowed
to go out to other domains by disallowing such cases. Do such filtering
for the notification callback URLs to avoid undesired connections to
external networks based on subscriptions that any device in the local
network could request when WPS support for external registrars is
enabled (the upnp_iface parameter in hostapd configuration).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
---
src/wps/wps_er.c | 2 +-
src/wps/wps_upnp.c | 38 ++++++++++++++++++++++++++++++++++++--
src/wps/wps_upnp_i.h | 3 ++-
3 files changed, 39 insertions(+), 4 deletions(-)
diff --git a/src/wps/wps_er.c b/src/wps/wps_er.c
index 6bded14327f8..31d2e50e4cff 100644
--- a/src/wps/wps_er.c
+++ b/src/wps/wps_er.c
@@ -1298,7 +1298,7 @@ wps_er_init(struct wps_context *wps, const char *ifname, const char *filter)
"with %s", filter);
}
if (get_netif_info(er->ifname, &er->ip_addr, &er->ip_addr_text,
- er->mac_addr)) {
+ NULL, er->mac_addr)) {
wpa_printf(MSG_INFO, "WPS UPnP: Could not get IP/MAC address "
"for %s. Does it have IP address?", er->ifname);
wps_er_deinit(er, NULL, NULL);
diff --git a/src/wps/wps_upnp.c b/src/wps/wps_upnp.c
index 6e10e4bc0c3f..7d4b7439940e 100644
--- a/src/wps/wps_upnp.c
+++ b/src/wps/wps_upnp.c
@@ -303,6 +303,14 @@ static void subscr_addr_free_all(struct subscription *s)
}
+static int local_network_addr(struct upnp_wps_device_sm *sm,
+ struct sockaddr_in *addr)
+{
+ return (addr->sin_addr.s_addr & sm->netmask.s_addr) ==
+ (sm->ip_addr & sm->netmask.s_addr);
+}
+
+
/* subscr_addr_add_url -- add address(es) for one url to subscription */
static void subscr_addr_add_url(struct subscription *s, const char *url,
size_t url_len)
@@ -381,6 +389,7 @@ static void subscr_addr_add_url(struct subscription *s, const char *url,
for (rp = result; rp; rp = rp->ai_next) {
struct subscr_addr *a;
+ struct sockaddr_in *addr = (struct sockaddr_in *) rp->ai_addr;
/* Limit no. of address to avoid denial of service attack */
if (dl_list_len(&s->addr_list) >= MAX_ADDR_PER_SUBSCRIPTION) {
@@ -389,6 +398,13 @@ static void subscr_addr_add_url(struct subscription *s, const char *url,
break;
}
+ if (!local_network_addr(s->sm, addr)) {
+ wpa_printf(MSG_INFO,
+ "WPS UPnP: Ignore a delivery URL that points to another network %s",
+ inet_ntoa(addr->sin_addr));
+ continue;
+ }
+
a = os_zalloc(sizeof(*a) + alloc_len);
if (a == NULL)
break;
@@ -890,11 +906,12 @@ static int eth_get(const char *device, u8 ea[ETH_ALEN])
* @net_if: Selected network interface name
* @ip_addr: Buffer for returning IP address in network byte order
* @ip_addr_text: Buffer for returning a pointer to allocated IP address text
+ * @netmask: Buffer for returning netmask or %NULL if not needed
* @mac: Buffer for returning MAC address
* Returns: 0 on success, -1 on failure
*/
int get_netif_info(const char *net_if, unsigned *ip_addr, char **ip_addr_text,
- u8 mac[ETH_ALEN])
+ struct in_addr *netmask, u8 mac[ETH_ALEN])
{
struct ifreq req;
int sock = -1;
@@ -920,6 +937,19 @@ int get_netif_info(const char *net_if, unsigned *ip_addr, char **ip_addr_text,
in_addr.s_addr = *ip_addr;
os_snprintf(*ip_addr_text, 16, "%s", inet_ntoa(in_addr));
+ if (netmask) {
+ os_memset(&req, 0, sizeof(req));
+ os_strlcpy(req.ifr_name, net_if, sizeof(req.ifr_name));
+ if (ioctl(sock, SIOCGIFNETMASK, &req) < 0) {
+ wpa_printf(MSG_ERROR,
+ "WPS UPnP: SIOCGIFNETMASK failed: %d (%s)",
+ errno, strerror(errno));
+ goto fail;
+ }
+ addr = (struct sockaddr_in *) &req.ifr_netmask;
+ netmask->s_addr = addr->sin_addr.s_addr;
+ }
+
#ifdef __linux__
os_strlcpy(req.ifr_name, net_if, sizeof(req.ifr_name));
if (ioctl(sock, SIOCGIFHWADDR, &req) < 0) {
@@ -1026,11 +1056,15 @@ static int upnp_wps_device_start(struct upnp_wps_device_sm *sm, char *net_if)
/* Determine which IP and mac address we're using */
if (get_netif_info(net_if, &sm->ip_addr, &sm->ip_addr_text,
- sm->mac_addr)) {
+ &sm->netmask, sm->mac_addr)) {
wpa_printf(MSG_INFO, "WPS UPnP: Could not get IP/MAC address "
"for %s. Does it have IP address?", net_if);
goto fail;
}
+ wpa_printf(MSG_DEBUG, "WPS UPnP: Local IP address %s netmask %s hwaddr "
+ MACSTR,
+ sm->ip_addr_text, inet_ntoa(sm->netmask),
+ MAC2STR(sm->mac_addr));
/* Listen for incoming TCP connections so that others
* can fetch our "xml files" from us.
diff --git a/src/wps/wps_upnp_i.h b/src/wps/wps_upnp_i.h
index e87a93232df1..6ead7b4e9a30 100644
--- a/src/wps/wps_upnp_i.h
+++ b/src/wps/wps_upnp_i.h
@@ -128,6 +128,7 @@ struct upnp_wps_device_sm {
u8 mac_addr[ETH_ALEN]; /* mac addr of network i.f. we use */
char *ip_addr_text; /* IP address of network i.f. we use */
unsigned ip_addr; /* IP address of network i.f. we use (host order) */
+ struct in_addr netmask;
int multicast_sd; /* send multicast messages over this socket */
int ssdp_sd; /* receive discovery UPD packets on socket */
int ssdp_sd_registered; /* nonzero if we must unregister */
@@ -158,7 +159,7 @@ struct subscription * subscription_find(struct upnp_wps_device_sm *sm,
const u8 uuid[UUID_LEN]);
void subscr_addr_delete(struct subscr_addr *a);
int get_netif_info(const char *net_if, unsigned *ip_addr, char **ip_addr_text,
- u8 mac[ETH_ALEN]);
+ struct in_addr *netmask, u8 mac[ETH_ALEN]);
/* wps_upnp_ssdp.c */
void msearchreply_state_machine_stop(struct advertisement_state_machine *a);
--
2.20.1

59
source/n/wpa_supplicant/patches/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch Normal file
View file

@ -0,0 +1,59 @@
From f7d268864a2660b7239b9a8ff5ad37faeeb751ba Mon Sep 17 00:00:00 2001
From: Jouni Malinen <jouni@codeaurora.org>
Date: Wed, 3 Jun 2020 22:41:02 +0300
Subject: [PATCH 2/3] WPS UPnP: Fix event message generation using a long URL
path
More than about 700 character URL ended up overflowing the wpabuf used
for building the event notification and this resulted in the wpabuf
buffer overflow checks terminating the hostapd process. Fix this by
allocating the buffer to be large enough to contain the full URL path.
However, since that around 700 character limit has been the practical
limit for more than ten years, start explicitly enforcing that as the
limit or the callback URLs since any longer ones had not worked before
and there is no need to enable them now either.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
---
src/wps/wps_upnp.c | 9 +++++++--
src/wps/wps_upnp_event.c | 3 ++-
2 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/src/wps/wps_upnp.c b/src/wps/wps_upnp.c
index 7d4b7439940e..ab685d52ecab 100644
--- a/src/wps/wps_upnp.c
+++ b/src/wps/wps_upnp.c
@@ -328,9 +328,14 @@ static void subscr_addr_add_url(struct subscription *s, const char *url,
int rerr;
size_t host_len, path_len;
- /* url MUST begin with http: */
- if (url_len < 7 || os_strncasecmp(url, "http://", 7))
+ /* URL MUST begin with HTTP scheme. In addition, limit the length of
+ * the URL to 700 characters which is around the limit that was
+ * implicitly enforced for more than 10 years due to a bug in
+ * generating the event messages. */
+ if (url_len < 7 || os_strncasecmp(url, "http://", 7) || url_len > 700) {
+ wpa_printf(MSG_DEBUG, "WPS UPnP: Reject an unacceptable URL");
goto fail;
+ }
url += 7;
url_len -= 7;
diff --git a/src/wps/wps_upnp_event.c b/src/wps/wps_upnp_event.c
index d7e6edcc6503..08a23612f338 100644
--- a/src/wps/wps_upnp_event.c
+++ b/src/wps/wps_upnp_event.c
@@ -147,7 +147,8 @@ static struct wpabuf * event_build_message(struct wps_event_ *e)
struct wpabuf *buf;
char *b;
- buf = wpabuf_alloc(1000 + wpabuf_len(e->data));
+ buf = wpabuf_alloc(1000 + os_strlen(e->addr->path) +
+ wpabuf_len(e->data));
if (buf == NULL)
return NULL;
wpabuf_printf(buf, "NOTIFY %s HTTP/1.1\r\n", e->addr->path);
--
2.20.1

47
source/n/wpa_supplicant/patches/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch Normal file
View file

@ -0,0 +1,47 @@
From 85aac526af8612c21b3117dadc8ef5944985b476 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <jouni@codeaurora.org>
Date: Thu, 4 Jun 2020 21:24:04 +0300
Subject: [PATCH 3/3] WPS UPnP: Handle HTTP initiation failures for events more
properly
While it is appropriate to try to retransmit the event to another
callback URL on a failure to initiate the HTTP client connection, there
is no point in trying the exact same operation multiple times in a row.
Replve the event_retry() calls with event_addr_failure() for these cases
to avoid busy loops trying to repeat the same failing operation.
These potential busy loops would go through eloop callbacks, so the
process is not completely stuck on handling them, but unnecessary CPU
would be used to process the continues retries that will keep failing
for the same reason.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
---
src/wps/wps_upnp_event.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/wps/wps_upnp_event.c b/src/wps/wps_upnp_event.c
index 08a23612f338..c0d9e41d9a38 100644
--- a/src/wps/wps_upnp_event.c
+++ b/src/wps/wps_upnp_event.c
@@ -294,7 +294,7 @@ static int event_send_start(struct subscription *s)
buf = event_build_message(e);
if (buf == NULL) {
- event_retry(e, 0);
+ event_addr_failure(e);
return -1;
}
@@ -302,7 +302,7 @@ static int event_send_start(struct subscription *s)
event_http_cb, e);
if (e->http_event == NULL) {
wpabuf_free(buf);
- event_retry(e, 0);
+ event_addr_failure(e);
return -1;
}
--
2.20.1

230
source/n/wpa_supplicant/patches/8ca330bd709bf7c000dfda5b1edbc0cbeabb8b55.patch Normal file
View file

@ -0,0 +1,230 @@
From 8ca330bd709bf7c000dfda5b1edbc0cbeabb8b55 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <jouni@codeaurora.org>
Date: Fri, 5 Feb 2021 00:28:17 +0200
Subject: Flush pending control interface message for an interface to be
removed
wpa_supplicant_ctrl_iface_deinit() was executed only if the
per-interface control interface initialization had been completed. This
is not the case if driver initialization fails and that could result in
leaving behind references to the freed wpa_s instance in a corner case
where control interface messages ended up getting queued.
Fix this by calling wpa_supplicant_ctrl_iface_deinit() in all cases to
cancel the potential eloop timeout for wpas_ctrl_msg_queue_timeout with
the reference to the wpa_s pointer. In addition, flush any pending
message from the global queue for this interface since such a message
cannot be of use after this and there is no need to leave them in the
queue until the global control interface gets deinitialized.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
---
wpa_supplicant/ctrl_iface.h | 10 +++++---
wpa_supplicant/ctrl_iface_named_pipe.c | 5 +++-
wpa_supplicant/ctrl_iface_udp.c | 6 ++++-
wpa_supplicant/ctrl_iface_unix.c | 43 +++++++++++++++++++++++++++++++++-
wpa_supplicant/eapol_test.c | 6 ++---
wpa_supplicant/preauth_test.c | 6 ++---
wpa_supplicant/wpa_supplicant.c | 10 ++++----
7 files changed, 66 insertions(+), 20 deletions(-)
diff --git a/wpa_supplicant/ctrl_iface.h b/wpa_supplicant/ctrl_iface.h
index 510668d..dfbd25a 100644
--- a/wpa_supplicant/ctrl_iface.h
+++ b/wpa_supplicant/ctrl_iface.h
@@ -70,14 +70,17 @@ wpa_supplicant_ctrl_iface_init(struct wpa_supplicant *wpa_s);
/**
* wpa_supplicant_ctrl_iface_deinit - Deinitialize control interface
+ * @wpa_s: Pointer to wpa_supplicant data
* @priv: Pointer to private data from wpa_supplicant_ctrl_iface_init()
*
* Deinitialize the control interface that was initialized with
- * wpa_supplicant_ctrl_iface_init().
+ * wpa_supplicant_ctrl_iface_init() and any data related to the wpa_s instance.
+ * @priv may be %NULL if the control interface has not yet been initialized.
*
* Required to be implemented in each control interface backend.
*/
-void wpa_supplicant_ctrl_iface_deinit(struct ctrl_iface_priv *priv);
+void wpa_supplicant_ctrl_iface_deinit(struct wpa_supplicant *wpa_s,
+ struct ctrl_iface_priv *priv);
/**
* wpa_supplicant_ctrl_iface_wait - Wait for ctrl_iface monitor
@@ -128,7 +131,8 @@ wpa_supplicant_ctrl_iface_init(struct wpa_supplicant *wpa_s)
}
static inline void
-wpa_supplicant_ctrl_iface_deinit(struct ctrl_iface_priv *priv)
+wpa_supplicant_ctrl_iface_deinit(struct wpa_supplicant *wpa_s,
+ struct ctrl_iface_priv *priv)
{
}
diff --git a/wpa_supplicant/ctrl_iface_named_pipe.c b/wpa_supplicant/ctrl_iface_named_pipe.c
index 79ff787..bddc041 100644
--- a/wpa_supplicant/ctrl_iface_named_pipe.c
+++ b/wpa_supplicant/ctrl_iface_named_pipe.c
@@ -462,8 +462,11 @@ wpa_supplicant_ctrl_iface_init(struct wpa_supplicant *wpa_s)
}
-void wpa_supplicant_ctrl_iface_deinit(struct ctrl_iface_priv *priv)
+void wpa_supplicant_ctrl_iface_deinit(struct wpa_supplicant *wpa_s,
+ struct ctrl_iface_priv *priv)
{
+ if (!priv)
+ return;
while (priv->ctrl_dst)
ctrl_close_pipe(priv->ctrl_dst);
if (priv->sec_attr_set)
diff --git a/wpa_supplicant/ctrl_iface_udp.c b/wpa_supplicant/ctrl_iface_udp.c
index 1512080..1cbf7fa 100644
--- a/wpa_supplicant/ctrl_iface_udp.c
+++ b/wpa_supplicant/ctrl_iface_udp.c
@@ -490,8 +490,12 @@ fail:
}
-void wpa_supplicant_ctrl_iface_deinit(struct ctrl_iface_priv *priv)
+void wpa_supplicant_ctrl_iface_deinit(struct wpa_supplicant *wpa_s,
+ struct ctrl_iface_priv *priv)
{
+ if (!priv)
+ return;
+
if (priv->sock > -1) {
eloop_unregister_read_sock(priv->sock);
if (priv->ctrl_dst) {
diff --git a/wpa_supplicant/ctrl_iface_unix.c b/wpa_supplicant/ctrl_iface_unix.c
index 953fd2c..639573d 100644
--- a/wpa_supplicant/ctrl_iface_unix.c
+++ b/wpa_supplicant/ctrl_iface_unix.c
@@ -800,12 +800,52 @@ static int wpas_ctrl_iface_reinit(struct wpa_supplicant *wpa_s,
}
-void wpa_supplicant_ctrl_iface_deinit(struct ctrl_iface_priv *priv)
+static void
+wpas_global_ctrl_iface_flush_queued_msg(struct wpa_global *global,
+ struct wpa_supplicant *wpa_s)
+{
+ struct ctrl_iface_global_priv *gpriv;
+ struct ctrl_iface_msg *msg, *prev_msg;
+ unsigned int count = 0;
+
+ if (!global || !global->ctrl_iface)
+ return;
+
+ gpriv = global->ctrl_iface;
+ dl_list_for_each_safe(msg, prev_msg, &gpriv->msg_queue,
+ struct ctrl_iface_msg, list) {
+ if (msg->wpa_s == wpa_s) {
+ count++;
+ dl_list_del(&msg->list);
+ os_free(msg);
+ }
+ }
+
+ if (count) {
+ wpa_printf(MSG_DEBUG,
+ "CTRL: Dropped %u pending message(s) for interface that is being removed",
+ count);
+ }
+}
+
+
+void wpa_supplicant_ctrl_iface_deinit(struct wpa_supplicant *wpa_s,
+ struct ctrl_iface_priv *priv)
{
struct wpa_ctrl_dst *dst, *prev;
struct ctrl_iface_msg *msg, *prev_msg;
struct ctrl_iface_global_priv *gpriv;
+ if (!priv) {
+ /* Control interface has not yet been initialized, so there is
+ * nothing to deinitialize here. However, there might be a
+ * pending message for this interface, so get rid of any such
+ * entry before completing interface removal. */
+ wpas_global_ctrl_iface_flush_queued_msg(wpa_s->global, wpa_s);
+ eloop_cancel_timeout(wpas_ctrl_msg_queue_timeout, wpa_s, NULL);
+ return;
+ }
+
if (priv->sock > -1) {
char *fname;
char *buf, *dir = NULL;
@@ -877,6 +917,7 @@ free_dst:
}
}
}
+ wpas_global_ctrl_iface_flush_queued_msg(wpa_s->global, wpa_s);
eloop_cancel_timeout(wpas_ctrl_msg_queue_timeout, priv->wpa_s, NULL);
os_free(priv);
}
diff --git a/wpa_supplicant/eapol_test.c b/wpa_supplicant/eapol_test.c
index d137ad6..e256ac5 100644
--- a/wpa_supplicant/eapol_test.c
+++ b/wpa_supplicant/eapol_test.c
@@ -674,10 +674,8 @@ static void test_eapol_clean(struct eapol_test_data *e,
os_free(e->radius_conf);
e->radius_conf = NULL;
scard_deinit(wpa_s->scard);
- if (wpa_s->ctrl_iface) {
- wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
- wpa_s->ctrl_iface = NULL;
- }
+ wpa_supplicant_ctrl_iface_deinit(wpa_s, wpa_s->ctrl_iface);
+ wpa_s->ctrl_iface = NULL;
ext_password_deinit(wpa_s->ext_pw);
wpa_s->ext_pw = NULL;
diff --git a/wpa_supplicant/preauth_test.c b/wpa_supplicant/preauth_test.c
index de49948..97c16fb 100644
--- a/wpa_supplicant/preauth_test.c
+++ b/wpa_supplicant/preauth_test.c
@@ -193,10 +193,8 @@ static void test_eapol_clean(struct wpa_supplicant *wpa_s)
pmksa_candidate_free(wpa_s->wpa);
wpa_sm_deinit(wpa_s->wpa);
scard_deinit(wpa_s->scard);
- if (wpa_s->ctrl_iface) {
- wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
- wpa_s->ctrl_iface = NULL;
- }
+ wpa_supplicant_ctrl_iface_deinit(wpa_s, wpa_s->ctrl_iface);
+ wpa_s->ctrl_iface = NULL;
wpa_config_free(wpa_s->conf);
}
diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index 90e8a46..835b335 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -1158,8 +1158,8 @@ int wpa_supplicant_reload_configuration(struct wpa_supplicant *wpa_s)
os_strcmp(conf->ctrl_interface,
wpa_s->conf->ctrl_interface) != 0);
- if (reconf_ctrl && wpa_s->ctrl_iface) {
- wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
+ if (reconf_ctrl) {
+ wpa_supplicant_ctrl_iface_deinit(wpa_s, wpa_s->ctrl_iface);
wpa_s->ctrl_iface = NULL;
}
@@ -6748,10 +6748,8 @@ static void wpa_supplicant_deinit_iface(struct wpa_supplicant *wpa_s,
if (terminate)
wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING);
- if (wpa_s->ctrl_iface) {
- wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
- wpa_s->ctrl_iface = NULL;
- }
+ wpa_supplicant_ctrl_iface_deinit(wpa_s, wpa_s->ctrl_iface);
+ wpa_s->ctrl_iface = NULL;
#ifdef CONFIG_MESH
if (wpa_s->ifmsh) {
--
cgit v0.12

115
source/n/wpa_supplicant/patches/a0541334a6394f8237a4393b7372693cd7e96f15.patch Normal file
View file

@ -0,0 +1,115 @@
From a0541334a6394f8237a4393b7372693cd7e96f15 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sat, 13 Mar 2021 18:19:31 +0200
Subject: ASN.1: Validate DigestAlgorithmIdentifier parameters
The supported hash algorithms do not use AlgorithmIdentifier parameters.
However, there are implementations that include NULL parameters in
addition to ones that omit the parameters. Previous implementation did
not check the parameters value at all which supported both these cases,
but did not reject any other unexpected information.
Use strict validation of digest algorithm parameters and reject any
unexpected value when validating a signature. This is needed to prevent
potential forging attacks.
Signed-off-by: Jouni Malinen <j@w1.fi>
---
src/tls/pkcs1.c | 21 +++++++++++++++++++++
src/tls/x509v3.c | 20 ++++++++++++++++++++
2 files changed, 41 insertions(+)
diff --git a/src/tls/pkcs1.c b/src/tls/pkcs1.c
index bbdb0d7..5761dfe 100644
--- a/src/tls/pkcs1.c
+++ b/src/tls/pkcs1.c
@@ -244,6 +244,8 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk,
os_free(decrypted);
return -1;
}
+ wpa_hexdump(MSG_MSGDUMP, "PKCS #1: DigestInfo",
+ hdr.payload, hdr.length);
pos = hdr.payload;
end = pos + hdr.length;
@@ -265,6 +267,8 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk,
os_free(decrypted);
return -1;
}
+ wpa_hexdump(MSG_MSGDUMP, "PKCS #1: DigestAlgorithmIdentifier",
+ hdr.payload, hdr.length);
da_end = hdr.payload + hdr.length;
if (asn1_get_oid(hdr.payload, hdr.length, &oid, &next)) {
@@ -273,6 +277,23 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk,
os_free(decrypted);
return -1;
}
+ wpa_hexdump(MSG_MSGDUMP, "PKCS #1: Digest algorithm parameters",
+ next, da_end - next);
+
+ /*
+ * RFC 5754: The correct encoding for the SHA2 algorithms would be to
+ * omit the parameters, but there are implementation that encode these
+ * as a NULL element. Allow these two cases and reject anything else.
+ */
+ if (da_end > next &&
+ (asn1_get_next(next, da_end - next, &hdr) < 0 ||
+ !asn1_is_null(&hdr) ||
+ hdr.payload + hdr.length != da_end)) {
+ wpa_printf(MSG_DEBUG,
+ "PKCS #1: Unexpected digest algorithm parameters");
+ os_free(decrypted);
+ return -1;
+ }
if (!asn1_oid_equal(&oid, hash_alg)) {
char txt[100], txt2[100];
diff --git a/src/tls/x509v3.c b/src/tls/x509v3.c
index a8944dd..df337ec 100644
--- a/src/tls/x509v3.c
+++ b/src/tls/x509v3.c
@@ -1964,6 +1964,7 @@ int x509_check_signature(struct x509_certificate *issuer,
os_free(data);
return -1;
}
+ wpa_hexdump(MSG_MSGDUMP, "X509: DigestInfo", hdr.payload, hdr.length);
pos = hdr.payload;
end = pos + hdr.length;
@@ -1985,6 +1986,8 @@ int x509_check_signature(struct x509_certificate *issuer,
os_free(data);
return -1;
}
+ wpa_hexdump(MSG_MSGDUMP, "X509: DigestAlgorithmIdentifier",
+ hdr.payload, hdr.length);
da_end = hdr.payload + hdr.length;
if (asn1_get_oid(hdr.payload, hdr.length, &oid, &next)) {
@@ -1992,6 +1995,23 @@ int x509_check_signature(struct x509_certificate *issuer,
os_free(data);
return -1;
}
+ wpa_hexdump(MSG_MSGDUMP, "X509: Digest algorithm parameters",
+ next, da_end - next);
+
+ /*
+ * RFC 5754: The correct encoding for the SHA2 algorithms would be to
+ * omit the parameters, but there are implementation that encode these
+ * as a NULL element. Allow these two cases and reject anything else.
+ */
+ if (da_end > next &&
+ (asn1_get_next(next, da_end - next, &hdr) < 0 ||
+ !asn1_is_null(&hdr) ||
+ hdr.payload + hdr.length != da_end)) {
+ wpa_printf(MSG_DEBUG,
+ "X509: Unexpected digest algorithm parameters");
+ os_free(data);
+ return -1;
+ }
if (x509_sha1_oid(&oid)) {
if (signature->oid.oid[6] != 5 /* sha-1WithRSAEncryption */) {
--
cgit v0.12

46
source/n/wpa_supplicant/wpa_supplicant.SlackBuild
View file

@ -1,31 +1,31 @@
#!/bin/bash
# Copyright 2004-2008 Eric Hameleers, Eindhoven, NL
# Copyright 2008-2020 Patrick J. Volkerding, Sebeka, MN, USA
# Permission to use, copy, modify, and distribute this software for
# any purpose with or without fee is hereby granted, provided that
# the above copyright notice and this permission notice appear in all
# copies.
# Copyright 2008-2021 Patrick J. Volkerding, Sebeka, MN, USA
# All rights reserved.
#
# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
# Redistribution and use of this script, with or without modification, is
# permitted provided that the following conditions are met:
#
# 1. Redistributions of this script must retain the above copyright
# notice, this list of conditions and the following disclaimer.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
# IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR
# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
# OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
# -----------------------------------------------------------------------------
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=wpa_supplicant
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
BUILD=${BUILD:-7}
BUILD=${BUILD:-8}
SRCVERSION=$(printf $VERSION | tr _ -)
@ -89,6 +89,16 @@ zcat $CWD/patches/wpa_supplicant-flush-debug-output.patch.gz | patch -p1 --verbo
zcat $CWD/patches/wpa_supplicant-gui-qt4.patch.gz | patch -p1 --verbose || exit 1
zcat $CWD/patches/wpa_supplicant-quiet-scan-results-message.patch.gz | patch -p1 --verbose || exit 1
# Security fixes for CVE-2021-0326 CVE-2021-0535 CVE-2020-12695 CVE-2019-16275 CVE-2021-27803 CVE-2021-30004:
zcat $CWD/patches/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch.gz | patch -p1 --verbose || exit 1
zcat $CWD/patches/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch.gz | patch -p1 --verbose || exit 1
zcat $CWD/patches/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch.gz | patch -p1 --verbose || exit 1
zcat $CWD/patches/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch.gz | patch -p1 --verbose || exit 1
zcat $CWD/patches/0001-P2P-Fix-copying-of-secondary-device-types-for-P2P-gr.patch.gz | patch -p1 --verbose || exit 1
zcat $CWD/patches/0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch.gz | patch -p1 --verbose || exit 1
zcat $CWD/patches/a0541334a6394f8237a4393b7372693cd7e96f15.patch.gz | patch -p1 --verbose || exit 1
zcat $CWD/patches/8ca330bd709bf7c000dfda5b1edbc0cbeabb8b55.patch.gz | patch -p1 --verbose || exit 1
# Allow legacy tls to avoid breaking WPA2-Enterprise:
zcat $CWD/patches/allow-tlsv1.patch.gz | patch -p1 --verbose || exit 1