From ae491f828709c90bb841a8a7a23db13ed28baa83 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Nov 03 2016 06:00:20 +0000 Subject: import wpa_supplicant-2.0-20.el7 --- diff --git a/SOURCES/0017-rh1085473-nl-event-resubscribe.patch b/SOURCES/0017-rh1085473-nl-event-resubscribe.patch new file mode 100644 index 0000000..24ae9ec --- /dev/null +++ b/SOURCES/0017-rh1085473-nl-event-resubscribe.patch @@ -0,0 +1,86 @@ +From 3a5179e49fbbd5eb3df00e476e380915dd84eb05 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen +Date: Sun, 22 Feb 2015 18:03:42 +0200 +Subject: [PATCH] nl80211: Resubscribe to nl80211 events on global nl_event + socket + +This allows wpa_supplicant to recover from some of the cases where +cfg80211 is unloaded and reloaded without restarting wpa_supplicant. The +netlink socket used for nl80211 events (global->nl_event) seemed to end +up in otherwise functionality state, but with all the event memberships +lost when cfg80211 gets reloaded. + +There does not seem to be any clear way of determining when this has +happened, so it looks simplest to just try to re-subscribe to all the +events whenever an interface is re-enabled or added. + +[lkundrak@v3.sk: 2.0 backport] + +Signed-off-by: Jouni Malinen +(cherry picked from commit f51f54a007e0de1d413dee3523472d3bbeed2ecc) +--- + src/drivers/driver_nl80211.c | 27 +++++++++++++++++++++++++++ + 1 file changed, 27 insertions(+) + +diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c +index 37b6be9..097265c 100644 +--- a/src/drivers/driver_nl80211.c ++++ b/src/drivers/driver_nl80211.c +@@ -184,6 +184,7 @@ struct nl80211_wiphy_data { + }; + + static void nl80211_global_deinit(void *priv); ++static void nl80211_check_global(struct nl80211_global *global); + static void wpa_driver_nl80211_deinit(void *priv); + + struct i802_bss { +@@ -852,6 +853,7 @@ static int wpa_driver_nl80211_own_ifindex(struct wpa_driver_nl80211_data *drv, + return 1; + + if (drv->if_removed && wpa_driver_nl80211_own_ifname(drv, buf, len)) { ++ nl80211_check_global(drv->global); + drv->first_bss.ifindex = if_nametoindex(drv->first_bss.ifname); + wpa_printf(MSG_DEBUG, "nl80211: Update ifindex for a removed " + "interface"); +@@ -2918,6 +2920,30 @@ static int wpa_driver_nl80211_init_nl(struct wpa_driver_nl80211_data *drv) + } + + ++static void nl80211_check_global(struct nl80211_global *global) ++{ ++ const char *groups[] = { "scan", "mlme", "regulatory", "vendor", NULL }; ++ int ret; ++ unsigned int i; ++ ++ /* ++ * Try to re-add memberships to handle case of cfg80211 getting reloaded ++ * and all registration having been cleared. ++ */ ++ ++ for (i = 0; groups[i]; i++) { ++ ret = nl_get_multicast_id(global, "nl80211", groups[i]); ++ if (ret >= 0) ++ ret = nl_socket_add_membership(global->nl_event, ret); ++ if (ret < 0) { ++ wpa_printf(MSG_INFO, ++ "nl80211: Could not re-add multicast membership for %s events: %d (%s)", ++ groups[i], ret, strerror(-ret)); ++ } ++ } ++} ++ ++ + static void wpa_driver_nl80211_rfkill_blocked(void *ctx) + { + wpa_printf(MSG_DEBUG, "nl80211: RFKILL blocked"); +@@ -3137,6 +3163,7 @@ static void * wpa_driver_nl80211_init(void *ctx, const char *ifname, + } + + if (drv->global) { ++ nl80211_check_global(drv->global); + dl_list_add(&drv->global->interfaces, &drv->list); + drv->in_interface_list = 1; + } +-- +2.5.0 + diff --git a/SOURCES/0018-rh1319796-dbus-deny-interface.patch b/SOURCES/0018-rh1319796-dbus-deny-interface.patch new file mode 100644 index 0000000..bee4e76 --- /dev/null +++ b/SOURCES/0018-rh1319796-dbus-deny-interface.patch @@ -0,0 +1,48 @@ +From df9e2c2a55eec199ba2c624897df22bfa48fa318 Mon Sep 17 00:00:00 2001 +From: Lubomir Rintel +Date: Wed, 27 Jan 2016 17:02:07 +0100 +Subject: D-Bus: Don't do in dbus service file + +It does more than intended; apart from denying messages to that +particular interface it also denies all messages non-qualified with an +interface globally. This blocks messages completely unrelated to +wpa_supplicant, such as NetworkManager communication with the VPN +plugins. + +From the dbus-daemon manual: + + Be careful with send_interface/receive_interface, because the + interface field in messages is optional. In particular, do NOT + specify ! This will cause + no-interface messages to be blocked for all services, which is almost + certainly not what you intended. Always use rules of the form: + +We can just safely remove those rules, since we're sufficiently +protected by the send_destination matches and method calls are +disallowed by default anyway. + +Signed-off-by: Lubomir Rintel +--- + wpa_supplicant/dbus/dbus-wpa_supplicant.conf | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/wpa_supplicant/dbus/dbus-wpa_supplicant.conf b/wpa_supplicant/dbus/dbus-wpa_supplicant.conf +index c091234..382dcb3 100644 +--- a/wpa_supplicant/dbus/dbus-wpa_supplicant.conf ++++ b/wpa_supplicant/dbus/dbus-wpa_supplicant.conf +@@ -17,11 +17,9 @@ + + + +- + + + +- + + + +-- +cgit v0.12 + diff --git a/SPECS/wpa_supplicant.spec b/SPECS/wpa_supplicant.spec index 9562599..99e383a 100644 --- a/SPECS/wpa_supplicant.spec +++ b/SPECS/wpa_supplicant.spec @@ -7,7 +7,7 @@ Summary: WPA/WPA2/IEEE 802.1X Supplicant Name: wpa_supplicant Epoch: 1 Version: 2.0 -Release: 17%{?dist} +Release: 20%{?dist} License: BSD Group: System Environment/Base Source0: http://w1.fi/releases/%{name}-%{version}%{rcver}%{snapshot}.tar.gz @@ -52,6 +52,9 @@ Patch14: 0014-rh1178263-cert_in_cb.patch Patch15: 0015-CVE-2015-1863-p2p-ssid.patch # Fix integer underflow in WMM Action frame parser: rh #1221178 Patch16: 0016-rh1221178-fix-int-unferflow-AP-WMM.patch +# Resubscribe to netlink events when cfg80211 module gets removed and added +Patch17: 0017-rh1085473-nl-event-resubscribe.patch +Patch18: 0018-rh1319796-dbus-deny-interface.patch URL: http://w1.fi/wpa_supplicant/ @@ -105,6 +108,8 @@ Graphical User Interface for wpa_supplicant written using QT %patch14 -p1 -b .cert-in-cb %patch15 -p1 -b .CVE-2015-1863 %patch16 -p1 -b .rh1221178-WMM-fix +%patch17 -p1 -b .rh1085473-nl-event-resubscribe +%patch18 -p1 -b .rh1319796-dbus-deny-interface %build pushd wpa_supplicant @@ -128,7 +133,7 @@ popd %install # init scripts -install -D -m 0755 %{SOURCE3} %{buildroot}/%{_unitdir}/%{name}.service +install -D -m 0644 %{SOURCE3} %{buildroot}/%{_unitdir}/%{name}.service install -D -m 0644 %{SOURCE4} %{buildroot}/%{_sysconfdir}/sysconfig/%{name} install -D -m 0644 %{SOURCE6} %{buildroot}/%{_sysconfdir}/logrotate.d/%{name} @@ -219,8 +224,17 @@ fi %endif %changelog +* Mon Mar 21 2016 Lubomir Rintel - 1:2.0-20 +- D-Bus: Don't do in dbus service file (rh #1319796) + +* Mon Jan 11 2016 Lubomir Rintel - 1:2.0-19 +- nl80211: resubscribe to netlink events when cfg80211 gets re-added (rh #1085473) + +* Tue Dec 1 2015 Jiří Klimeš - 1:2.0-18 +- spec: do not install wpa_supplicant.service as executable (rh #1286965) + * Wed May 20 2015 Jiří Klimeš - 1:2.0-17 -- AP WMM: Fix integer underflow in WMM Action frame parser (rh #1221178) (rh #1222015) +- AP WMM: Fix integer underflow in WMM Action frame parser (rh #1221178) (rh #1222016) * Tue Apr 28 2015 Dan Winship - 1:2.0-16 - P2P: Validate SSID element length before copying it (CVE-2015-1863)