Bug#685633: pu: package network-manager/0.8.1-6+squeeze2
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: pu
Hi,
I'd like to upload a fix for #655972 [1] to stable, which fixes
CVE-2012-2736.
The security team contacted me about this issue and doesn't consider it
important enough for a stable-security upload but would like to see it
addressed via a regular stable upload. Full debdiff is attached.
Please let me know if I can proceed with the upload.
Cheers,
Michael
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (200, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff --git a/debian/changelog b/debian/changelog
index 3d344b3..2a5697e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+network-manager (0.8.1-6+squeeze2) stable; urgency=low
+
+ * debian/patches/84-CVE-2012-2736.patch
+ - Disable Ad-Hoc WPA connections as the kernel is broken for Ad-Hoc WPA,
+ and creates the connections as open connections instead.
+ - Fixes CVE-2012-2736. (Closes: #655972)
+
+ -- Michael Biebl <biebl@debian.org> Wed, 22 Aug 2012 20:57:08 +0200
+
network-manager (0.8.1-6+squeeze1) stable; urgency=low
* debian/patches/82-core-handle-device-removal.patch
diff --git a/debian/patches/84-CVE-2012-2736.patch b/debian/patches/84-CVE-2012-2736.patch
new file mode 100644
index 0000000..4548ec9
--- /dev/null
+++ b/debian/patches/84-CVE-2012-2736.patch
@@ -0,0 +1,165 @@
+Description: disable WPA-secured adhoc wireless networks
+Origin: backport, http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=69247a00eacd00617acbf1dfcee8497437b8ad39
+Origin: backport, http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=8126947e088462439740d18e9a2e77005d499ce1
+Origin: backport, http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=47f9eb80d81c5e4a2761e1507ba47ce8bae493db
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/905748
+Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655972
+
+Index: network-manager/libnm-util/nm-utils.c
+===================================================================
+--- network-manager.orig/libnm-util/nm-utils.c 2012-08-22 13:22:20.060415083 +0200
++++ network-manager/libnm-util/nm-utils.c 2012-08-22 20:51:21.661305882 +0200
+@@ -1216,6 +1216,8 @@
+ }
+ break;
+ case NMU_SEC_WPA_PSK:
++ if (adhoc)
++ return FALSE; /* FIXME: Kernel WPA Ad-Hoc support is buggy */
+ if (!(wifi_caps & NM_WIFI_DEVICE_CAP_WPA))
+ return FALSE;
+ if (have_ap) {
+@@ -1232,6 +1234,8 @@
+ }
+ break;
+ case NMU_SEC_WPA2_PSK:
++ if (adhoc)
++ return FALSE; /* FIXME: Kernel WPA Ad-Hoc support is buggy */
+ if (!(wifi_caps & NM_WIFI_DEVICE_CAP_RSN))
+ return FALSE;
+ if (have_ap) {
+Index: network-manager/src/nm-device-wifi.c
+===================================================================
+--- network-manager.orig/src/nm-device-wifi.c 2012-08-22 13:22:20.104415512 +0200
++++ network-manager/src/nm-device-wifi.c 2012-08-22 20:51:21.673306001 +0200
+@@ -1201,6 +1201,36 @@
+ }
+
+ static gboolean
++is_adhoc_wpa (NMConnection *connection)
++{
++ NMSettingWireless *s_wifi;
++ NMSettingWirelessSecurity *s_wsec;
++ const char *mode, *key_mgmt;
++
++ /* The kernel doesn't support Ad-Hoc WPA connections well at this time,
++ * and turns them into open networks. It's been this way since at least
++ * 2.6.30 or so; until that's fixed, disable WPA-protected Ad-Hoc networks.
++ */
++
++ s_wifi = NM_SETTING_WIRELESS (nm_connection_get_setting (connection, NM_TYPE_SETTING_WIRELESS));
++ g_return_val_if_fail (s_wifi != NULL, FALSE);
++
++ mode = nm_setting_wireless_get_mode (s_wifi);
++ if (g_strcmp0 (mode, "adhoc") != 0)
++ return FALSE;
++
++ s_wsec = NM_SETTING_WIRELESS_SECURITY (nm_connection_get_setting (connection, NM_TYPE_SETTING_WIRELESS_SECURITY));
++ if (!s_wsec)
++ return FALSE;
++
++ key_mgmt = nm_setting_wireless_security_get_key_mgmt (s_wsec);
++ if (g_strcmp0 (key_mgmt, "wpa-none") != 0)
++ return FALSE;
++
++ return TRUE;
++}
++
++static gboolean
+ real_check_connection_compatible (NMDevice *device,
+ NMConnection *connection,
+ GError **error)
+@@ -1237,6 +1267,14 @@
+ return FALSE;
+ }
+
++ if (is_adhoc_wpa (connection)) {
++ g_set_error_literal (error,
++ NM_WIFI_ERROR,
++ NM_WIFI_ERROR_CONNECTION_INCOMPATIBLE,
++ "WPA Ad-Hoc disabled due to kernel bugs");
++ return FALSE;
++ }
++
+ // FIXME: check channel/freq/band against bands the hardware supports
+ // FIXME: check encryption against device capabilities
+ // FIXME: check bitrate against device capabilities
+@@ -3027,6 +3065,16 @@
+ connection = nm_act_request_get_connection (req);
+ g_return_val_if_fail (connection != NULL, NM_ACT_STAGE_RETURN_FAILURE);
+
++ /* The kernel doesn't support Ad-Hoc WPA connections well at this time,
++ * and turns them into open networks. It's been this way since at least
++ * 2.6.30 or so; until that's fixed, disable WPA-protected Ad-Hoc networks.
++ */
++ if (is_adhoc_wpa (connection)) {
++ nm_warning ("Ad-Hoc WPA disabled due to kernel bugs");
++ *reason = NM_DEVICE_STATE_REASON_SUPPLICANT_CONFIG_FAILED;
++ return NM_ACT_STAGE_RETURN_FAILURE;
++ }
++
+ /* Find a compatible AP in the scan list */
+ for (iter = priv->ap_list; iter; iter = g_slist_next (iter)) {
+ NMAccessPoint *candidate = NM_AP (iter->data);
+Index: network-manager/src/system-settings/nm-sysconfig-settings.c
+===================================================================
+--- network-manager.orig/src/system-settings/nm-sysconfig-settings.c 2012-08-22 13:22:20.112415589 +0200
++++ network-manager/src/system-settings/nm-sysconfig-settings.c 2012-08-22 20:51:21.697306240 +0200
+@@ -683,6 +683,38 @@
+ g_object_unref (pk_result);
+ }
+
++/* FIXME: remove if/when kernel supports adhoc wpa */
++static gboolean
++is_adhoc_wpa (NMConnection *connection)
++{
++ NMSettingWireless *s_wifi;
++ NMSettingWirelessSecurity *s_wsec;
++ const char *mode, *key_mgmt;
++
++ /* The kernel doesn't support Ad-Hoc WPA connections well at this time,
++ * and turns them into open networks. It's been this way since at least
++ * 2.6.30 or so; until that's fixed, disable WPA-protected Ad-Hoc networks.
++ */
++
++ s_wifi = NM_SETTING_WIRELESS (nm_connection_get_setting (connection, NM_TYPE_SETTING_WIRELESS));
++ if (!s_wifi)
++ return FALSE;
++
++ mode = nm_setting_wireless_get_mode (s_wifi);
++ if (g_strcmp0 (mode, "adhoc") != 0)
++ return FALSE;
++
++ s_wsec = NM_SETTING_WIRELESS_SECURITY (nm_connection_get_setting (connection, NM_TYPE_SETTING_WIRELESS_SECURITY));
++ if (!s_wsec)
++ return FALSE;
++
++ key_mgmt = nm_setting_wireless_security_get_key_mgmt (s_wsec);
++ if (g_strcmp0 (key_mgmt, "wpa-none") != 0)
++ return FALSE;
++
++ return TRUE;
++}
++
+ static void
+ add_connection (NMSettingsService *service,
+ NMConnection *connection,
+@@ -695,6 +727,19 @@
+ PolkitCall *call;
+ GError *error = NULL;
+
++ /* The kernel doesn't support Ad-Hoc WPA connections well at this time,
++ * and turns them into open networks. It's been this way since at least
++ * 2.6.30 or so; until that's fixed, disable WPA-protected Ad-Hoc networks.
++ */
++ if (is_adhoc_wpa (connection)) {
++ error = g_error_new_literal (NM_SYSCONFIG_SETTINGS_ERROR,
++ NM_SYSCONFIG_SETTINGS_ERROR_ADD_NOT_SUPPORTED,
++ "WPA Ad-Hoc disabled due to kernel bugs");
++ callback (NM_SETTINGS_INTERFACE (service), error, user_data);
++ g_error_free (error);
++ return;
++ }
++
+ /* Do any of the plugins support adding? */
+ if (!get_plugin (self, NM_SYSTEM_CONFIG_INTERFACE_CAP_MODIFY_CONNECTIONS)) {
+ error = g_error_new_literal (NM_SYSCONFIG_SETTINGS_ERROR,
diff --git a/debian/patches/series b/debian/patches/series
index 610d86d..b7b4ab0 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -7,3 +7,4 @@
51-normalized-keys.patch
82-core-handle-device-removal.patch
83-dnsmasq-send-no-config-file-instead-of-a-bogus-one.patch
+84-CVE-2012-2736.patch
Reply to: