#
1.8 |
|
01-Mar-2021 |
christos |
Merge local changes from v2.7 -> v2.9 for wpa_supplicant and hostapd
|
Revision tags: netbsd-9-1-RELEASE phil-wifi-20200421 phil-wifi-20200411 is-mlppp-base phil-wifi-20200406 netbsd-9-0-RELEASE netbsd-9-0-RC2 netbsd-9-0-RC1 phil-wifi-20191119 netbsd-9-base phil-wifi-20190609 pgoyette-compat-20190127 pgoyette-compat-20190118
|
#
1.7 |
|
04-Jan-2019 |
christos |
merge conflicts.
|
Revision tags: netbsd-8-2-RELEASE netbsd-8-1-RELEASE netbsd-8-1-RC1 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 pgoyette-compat-0728 netbsd-8-0-RELEASE phil-wifi-base pgoyette-compat-0625 netbsd-8-0-RC2 pgoyette-compat-0521 pgoyette-compat-0502 pgoyette-compat-0422 netbsd-8-0-RC1 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base matt-nb8-mediatek-base perseant-stdc-iso10646-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1 pgoyette-localcount-20170320 bouyer-socketcan-base pgoyette-localcount-20170107
|
#
1.6 |
|
21-Nov-2016 |
christos |
branches: 1.6.12; 1.6.14; Merge conflicts.
|
Revision tags: pgoyette-localcount-20161104 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base
|
#
1.5 |
|
03-May-2016 |
christos |
branches: 1.5.2; http://w1.fi/security/2016-1/0004-Reject-SET_CRED-commands-with-newline-characters-in-.patch Many of the global configuration parameters are written as strings without filtering and if there is an embedded newline character in the value, unexpected configuration file data might be written.
This fixes an issue where wpa_supplicant could have updated the configuration file global parameter with arbitrary data from the control interface or D-Bus interface. While those interfaces are supposed to be accessible only for trusted users/applications, it may be possible that an untrusted user has access to a management software component that does not validate the value of a parameter before passing it to wpa_supplicant.
This could allow such an untrusted user to inject almost arbitrary data into the configuration file. Such configuration file could result in wpa_supplicant trying to load a library (e.g., opensc_engine_path, pkcs11_engine_path, pkcs11_module_path, load_dynamic_eap) from user controlled location when starting again. This would allow code from that library to be executed under the wpa_supplicant process privileges.
|
#
1.4 |
|
03-May-2016 |
christos |
http://w1.fi/security/2016-1/0004-Reject-SET_CRED-commands-with-newline-characters-in-.patch Most of the cred block parameters are written as strings without filtering and if there is an embedded newline character in the value, unexpected configuration file data might be written.
This fixes an issue where wpa_supplicant could have updated the configuration file cred parameter with arbitrary data from the control interface or D-Bus interface. While those interfaces are supposed to be accessible only for trusted users/applications, it may be possible that an untrusted user has access to a management software component that does not validate the credential value before passing it to wpa_supplicant.
This could allow such an untrusted user to inject almost arbitrary data into the configuration file. Such configuration file could result in wpa_supplicant trying to load a library (e.g., opensc_engine_path, pkcs11_engine_path, pkcs11_module_path, load_dynamic_eap) from user controlled location when starting again. This would allow code from that library to be executed under the wpa_supplicant process privileges.
|
#
1.3 |
|
03-May-2016 |
christos |
http://w1.fi/security/2016-1/0003-Remove-newlines-from-wpa_supplicant-config-network-o.patch Spurious newlines output while writing the config file can corrupt the wpa_supplicant configuration. Avoid writing these for the network block parameters. This is a generic filter that cover cases that may not have been explicitly addressed with a more specific commit to avoid control characters in the psk parameter.
|
#
1.2 |
|
03-May-2016 |
christos |
http://w1.fi/security/2016-1/0002-Reject-psk-parameter-set-with-invalid-passphrase-cha.patch WPA/WPA2-Personal passphrase is not allowed to include control characters. Reject a passphrase configuration attempt if that passphrase includes an invalid passphrase.
This fixes an issue where wpa_supplicant could have updated the configuration file psk parameter with arbitrary data from the control interface or D-Bus interface. While those interfaces are supposed to be accessible only for trusted users/applications, it may be possible that an untrusted user has access to a management software component that does not validate the passphrase value before passing it to wpa_supplicant.
This could allow such an untrusted user to inject up to 63 characters of almost arbitrary data into the configuration file. Such configuration file could result in wpa_supplicant trying to load a library (e.g., opensc_engine_path, pkcs11_engine_path, pkcs11_module_path, load_dynamic_eap) from user controlled location when starting again. This would allow code from that library to be executed under the wpa_supplicant process privileges.
|
#
1.1 |
|
04-Aug-2010 |
christos |
branches: 1.1.1; Initial revision
|
Revision tags: pgoyette-compat-20190127 pgoyette-compat-20190118
|
#
1.7 |
|
04-Jan-2019 |
christos |
merge conflicts.
|
Revision tags: pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 pgoyette-compat-0728 netbsd-8-0-RELEASE phil-wifi-base pgoyette-compat-0625 netbsd-8-0-RC2 pgoyette-compat-0521 pgoyette-compat-0502 pgoyette-compat-0422 netbsd-8-0-RC1 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base matt-nb8-mediatek-base perseant-stdc-iso10646-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1 pgoyette-localcount-20170320 bouyer-socketcan-base pgoyette-localcount-20170107
|
#
1.6 |
|
21-Nov-2016 |
christos |
branches: 1.6.12; Merge conflicts.
|
Revision tags: pgoyette-localcount-20161104 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base
|
#
1.5 |
|
03-May-2016 |
christos |
branches: 1.5.2; http://w1.fi/security/2016-1/0004-Reject-SET_CRED-commands-with-newline-characters-in-.patch Many of the global configuration parameters are written as strings without filtering and if there is an embedded newline character in the value, unexpected configuration file data might be written.
This fixes an issue where wpa_supplicant could have updated the configuration file global parameter with arbitrary data from the control interface or D-Bus interface. While those interfaces are supposed to be accessible only for trusted users/applications, it may be possible that an untrusted user has access to a management software component that does not validate the value of a parameter before passing it to wpa_supplicant.
This could allow such an untrusted user to inject almost arbitrary data into the configuration file. Such configuration file could result in wpa_supplicant trying to load a library (e.g., opensc_engine_path, pkcs11_engine_path, pkcs11_module_path, load_dynamic_eap) from user controlled location when starting again. This would allow code from that library to be executed under the wpa_supplicant process privileges.
|
#
1.4 |
|
03-May-2016 |
christos |
http://w1.fi/security/2016-1/0004-Reject-SET_CRED-commands-with-newline-characters-in-.patch Most of the cred block parameters are written as strings without filtering and if there is an embedded newline character in the value, unexpected configuration file data might be written.
This fixes an issue where wpa_supplicant could have updated the configuration file cred parameter with arbitrary data from the control interface or D-Bus interface. While those interfaces are supposed to be accessible only for trusted users/applications, it may be possible that an untrusted user has access to a management software component that does not validate the credential value before passing it to wpa_supplicant.
This could allow such an untrusted user to inject almost arbitrary data into the configuration file. Such configuration file could result in wpa_supplicant trying to load a library (e.g., opensc_engine_path, pkcs11_engine_path, pkcs11_module_path, load_dynamic_eap) from user controlled location when starting again. This would allow code from that library to be executed under the wpa_supplicant process privileges.
|
#
1.3 |
|
03-May-2016 |
christos |
http://w1.fi/security/2016-1/0003-Remove-newlines-from-wpa_supplicant-config-network-o.patch Spurious newlines output while writing the config file can corrupt the wpa_supplicant configuration. Avoid writing these for the network block parameters. This is a generic filter that cover cases that may not have been explicitly addressed with a more specific commit to avoid control characters in the psk parameter.
|
#
1.2 |
|
03-May-2016 |
christos |
http://w1.fi/security/2016-1/0002-Reject-psk-parameter-set-with-invalid-passphrase-cha.patch WPA/WPA2-Personal passphrase is not allowed to include control characters. Reject a passphrase configuration attempt if that passphrase includes an invalid passphrase.
This fixes an issue where wpa_supplicant could have updated the configuration file psk parameter with arbitrary data from the control interface or D-Bus interface. While those interfaces are supposed to be accessible only for trusted users/applications, it may be possible that an untrusted user has access to a management software component that does not validate the passphrase value before passing it to wpa_supplicant.
This could allow such an untrusted user to inject up to 63 characters of almost arbitrary data into the configuration file. Such configuration file could result in wpa_supplicant trying to load a library (e.g., opensc_engine_path, pkcs11_engine_path, pkcs11_module_path, load_dynamic_eap) from user controlled location when starting again. This would allow code from that library to be executed under the wpa_supplicant process privileges.
|
#
1.1 |
|
04-Aug-2010 |
christos |
branches: 1.1.1; Initial revision
|
#
1.6 |
|
21-Nov-2016 |
christos |
Merge conflicts.
|
Revision tags: pgoyette-localcount-20161104 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base
|
#
1.5 |
|
03-May-2016 |
christos |
http://w1.fi/security/2016-1/0004-Reject-SET_CRED-commands-with-newline-characters-in-.patch Many of the global configuration parameters are written as strings without filtering and if there is an embedded newline character in the value, unexpected configuration file data might be written.
This fixes an issue where wpa_supplicant could have updated the configuration file global parameter with arbitrary data from the control interface or D-Bus interface. While those interfaces are supposed to be accessible only for trusted users/applications, it may be possible that an untrusted user has access to a management software component that does not validate the value of a parameter before passing it to wpa_supplicant.
This could allow such an untrusted user to inject almost arbitrary data into the configuration file. Such configuration file could result in wpa_supplicant trying to load a library (e.g., opensc_engine_path, pkcs11_engine_path, pkcs11_module_path, load_dynamic_eap) from user controlled location when starting again. This would allow code from that library to be executed under the wpa_supplicant process privileges.
|
#
1.4 |
|
03-May-2016 |
christos |
http://w1.fi/security/2016-1/0004-Reject-SET_CRED-commands-with-newline-characters-in-.patch Most of the cred block parameters are written as strings without filtering and if there is an embedded newline character in the value, unexpected configuration file data might be written.
This fixes an issue where wpa_supplicant could have updated the configuration file cred parameter with arbitrary data from the control interface or D-Bus interface. While those interfaces are supposed to be accessible only for trusted users/applications, it may be possible that an untrusted user has access to a management software component that does not validate the credential value before passing it to wpa_supplicant.
This could allow such an untrusted user to inject almost arbitrary data into the configuration file. Such configuration file could result in wpa_supplicant trying to load a library (e.g., opensc_engine_path, pkcs11_engine_path, pkcs11_module_path, load_dynamic_eap) from user controlled location when starting again. This would allow code from that library to be executed under the wpa_supplicant process privileges.
|
#
1.3 |
|
03-May-2016 |
christos |
http://w1.fi/security/2016-1/0003-Remove-newlines-from-wpa_supplicant-config-network-o.patch Spurious newlines output while writing the config file can corrupt the wpa_supplicant configuration. Avoid writing these for the network block parameters. This is a generic filter that cover cases that may not have been explicitly addressed with a more specific commit to avoid control characters in the psk parameter.
|
#
1.2 |
|
03-May-2016 |
christos |
http://w1.fi/security/2016-1/0002-Reject-psk-parameter-set-with-invalid-passphrase-cha.patch WPA/WPA2-Personal passphrase is not allowed to include control characters. Reject a passphrase configuration attempt if that passphrase includes an invalid passphrase.
This fixes an issue where wpa_supplicant could have updated the configuration file psk parameter with arbitrary data from the control interface or D-Bus interface. While those interfaces are supposed to be accessible only for trusted users/applications, it may be possible that an untrusted user has access to a management software component that does not validate the passphrase value before passing it to wpa_supplicant.
This could allow such an untrusted user to inject up to 63 characters of almost arbitrary data into the configuration file. Such configuration file could result in wpa_supplicant trying to load a library (e.g., opensc_engine_path, pkcs11_engine_path, pkcs11_module_path, load_dynamic_eap) from user controlled location when starting again. This would allow code from that library to be executed under the wpa_supplicant process privileges.
|
#
1.1 |
|
04-Aug-2010 |
christos |
branches: 1.1.1; Initial revision
|