--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: buster-pu: package wpa/2:2.7+git20190128+0c1e29f-6+deb10u2
- From: Andrej Shadura <andrewsh@debian.org>
- Date: Tue, 24 Mar 2020 11:33:57 +0100
- Message-id: <158504603706.17237.3860362144198803911.reportbug@nuevo>
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hi,
I’m proposing to upload a couple of upstream patches improving Wi-Fi
connectivity in some cases especially on certain hardware.
For two of them, the relevant issues are #942164 and LP: #1867908.
Please find the attached debdiff for more details.
- --
Cheers,
Andrej
-----BEGIN PGP SIGNATURE-----
iQFIBAEBCAAyFiEEeuS9ZL8A0js0NGiOXkCM2RzYOdIFAl554hMUHGFuZHJld3No
QGRlYmlhbi5vcmcACgkQXkCM2RzYOdJ+eQf/ZlI2pdTxUhP/9z9f0qrHxe8g3zcH
y0OX0okehcIokgUbR0PIsiLVrfNM+n9cnfUHGCs5+4fLmMRnBH9WFqfeKbWiXuKl
FsyXtHalKumbLHyN5fKUlu9jzyw7I2GTqLMmNlZroUWyPa3vndJPVY3FJp4KUMrM
aBRaG5TDEvbHXUhwajXaDLpkznVdkc+q+iUHLpO4iOQbGwUiKtktIcywMpsZjeNO
owU1J2mkRIANS/tf23JrvWgm4y3A2kXWcUftfkgcZ5b5MKix6SlRvnn69frjyQUY
ym4T/1wRg4KUm41BjqAZNrBF/4ZuLa4ME7DNYHo+Bksw5K3DNnWT5muu6w==
=InIw
-----END PGP SIGNATURE-----
diff --git a/debian/changelog b/debian/changelog
index df8e632..d308eaa 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,16 @@
+wpa (2:2.7+git20190128+0c1e29f-6+deb10u2) buster; urgency=medium
+
+ * Apply upstream patches:
+ - Do not try to detect PSK mismatch during PTK rekeying.
+ Fixes the 4-way WPA handshake in some situations.
+ - Check for FT support when selecting FT suites.
+ Closes: #942164.
+ - Fix RTM NEW/DELLINK IFLA_IFNAME copy for maximum ifname length.
+ Fixes the MAC randomisation issue with some cards.
+ LP: #1867908.
+
+ -- Andrej Shadura <andrewsh@debian.org> Tue, 24 Mar 2020 11:26:58 +0100
+
wpa (2:2.7+git20190128+0c1e29f-6+deb10u1) buster-security; urgency=medium
* SECURITY UPDATE:
diff --git a/debian/patches/series b/debian/patches/series
index 8056df6..6e716ec 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -33,3 +33,6 @@ fix-ENGINE-support-with-openssl-1.1.patch
2019-6/0005-EAP-pwd-Run-through-prf-result-processing-even-if-it.patch
2019-6/0006-dragonfly-Disable-use-of-groups-using-Brainpool-curv.patch
2019-7/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch
+upstream-fixes/0001-wpa_supplicant-Do-not-try-to-detect-PSK-mismatch-dur.patch
+upstream-fixes/0003-check-for-ft-support.patch
+upstream-fixes/0006-nl80211-fix-RTM-NEW-DELLINK-IFLA_IFNAME.patch
diff --git a/debian/patches/upstream-fixes/0001-wpa_supplicant-Do-not-try-to-detect-PSK-mismatch-dur.patch b/debian/patches/upstream-fixes/0001-wpa_supplicant-Do-not-try-to-detect-PSK-mismatch-dur.patch
new file mode 100644
index 0000000..da07f76
--- /dev/null
+++ b/debian/patches/upstream-fixes/0001-wpa_supplicant-Do-not-try-to-detect-PSK-mismatch-dur.patch
@@ -0,0 +1,28 @@
+From 84877f253d3dfff2ba70e8226b622ba2d088b054 Mon Sep 17 00:00:00 2001
+From: Alexander Wetzel <alexander@wetzel-home.de>
+Date: Fri, 20 Dec 2019 20:21:26 +0100
+Subject: [PATCH] wpa_supplicant: Do not try to detect PSK mismatch during PTK
+ rekeying
+
+When a PTK rekey fails it can't be caused by a PSK mismatch. Report a
+possible PSK mismatch only during the initial 4-way handshake to avoid
+incorrect reports.
+
+Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
+---
+ wpa_supplicant/events.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/wpa_supplicant/events.c
++++ b/wpa_supplicant/events.c
+@@ -2999,8 +2999,9 @@ static int could_be_psk_mismatch(struct wpa_supplicant *wpa_s, u16 reason_code,
+ int locally_generated)
+ {
+ if (wpa_s->wpa_state != WPA_4WAY_HANDSHAKE ||
++ !wpa_s->new_connection ||
+ !wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt))
+- return 0; /* Not in 4-way handshake with PSK */
++ return 0; /* Not in initial 4-way handshake with PSK */
+
+ /*
+ * It looks like connection was lost while trying to go through PSK
diff --git a/debian/patches/upstream-fixes/0003-check-for-ft-support.patch b/debian/patches/upstream-fixes/0003-check-for-ft-support.patch
new file mode 100644
index 0000000..ca4b514
--- /dev/null
+++ b/debian/patches/upstream-fixes/0003-check-for-ft-support.patch
@@ -0,0 +1,83 @@
+From 23dc196fde951b3d508f367a603cddffbd053490 Mon Sep 17 00:00:00 2001
+From: Matthew Wang <matthewmwang@chromium.org>
+Date: Mon, 3 Feb 2020 17:12:05 -0800
+Subject: Check for FT support when selecting FT suites
+
+A driver supports FT if it either supports SME or the
+NL80211_CMD_UPDATE_FT_IES command. When selecting AKM suites,
+wpa_supplicant currently doesn't take into account whether or not either
+of those conditions are met. This can cause association failures, e.g.,
+when an AP supports both WPA-EAP and FT-EAP but the driver doesn't
+support FT (wpa_supplicant will decide to do FT-EAP since it is unaware
+the driver doesn't support it). This change allows an FT suite to be
+selected only when the driver also supports FT.
+
+Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
+Reviewed-by: Brian Norris <briannorris@chromium.org>
+---
+ src/drivers/driver.h | 2 ++
+ src/drivers/driver_nl80211_capa.c | 7 +++++++
+ wpa_supplicant/wpa_supplicant.c | 5 +++++
+ 3 files changed, 14 insertions(+)
+
+diff --git a/src/drivers/driver.h b/src/drivers/driver.h
+index 9bdf880..d23e436 100644
+--- a/src/drivers/driver.h
++++ b/src/drivers/driver.h
+@@ -1659,6 +1659,8 @@
+ #define WPA_DRIVER_FLAGS_FTM_RESPONDER 0x0100000000000000ULL
+ /** Driver support 4-way handshake offload for WPA-Personal */
+ #define WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK 0x0200000000000000ULL
++/** Driver supports UPDATE_FT_IES command */
++#define WPA_DRIVER_FLAGS_UPDATE_FT_IES 0x1000000000000000ULL
+ u64 flags;
+
+ #define FULL_AP_CLIENT_STATE_SUPP(drv_flags) \
+diff --git a/src/drivers/driver_nl80211_capa.c b/src/drivers/driver_nl80211_capa.c
+index 31e7cbf..6968e8e 100644
+--- a/src/drivers/driver_nl80211_capa.c
++++ b/src/drivers/driver_nl80211_capa.c
+@@ -78,6 +78,7 @@ struct wiphy_info_data {
+ unsigned int wmm_ac_supported:1;
+ unsigned int mac_addr_rand_scan_supported:1;
+ unsigned int mac_addr_rand_sched_scan_supported:1;
++ unsigned int update_ft_ies_supported:1;
+ };
+
+
+@@ -243,6 +244,9 @@ static void wiphy_info_supp_cmds(struct wiphy_info_data *info,
+ case NL80211_CMD_SET_QOS_MAP:
+ info->set_qos_map_supported = 1;
+ break;
++ case NL80211_CMD_UPDATE_FT_IES:
++ info->update_ft_ies_supported = 1;
++ break;
+ }
+ }
+ }
+@@ -901,6 +905,9 @@ static int wpa_driver_nl80211_get_info(struct wpa_driver_nl80211_data *drv,
+ drv->capa.max_sched_scan_plan_iterations = 0;
+ }
+
++ if (info->update_ft_ies_supported)
++ drv->capa.flags |= WPA_DRIVER_FLAGS_UPDATE_FT_IES;
++
+ return 0;
+ }
+
+diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
+index 09f971c..24a7a28 100644
+--- a/wpa_supplicant/wpa_supplicant.c
++++ b/wpa_supplicant/wpa_supplicant.c
+@@ -1410,6 +1410,11 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
+ if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE))
+ sel &= ~(WPA_KEY_MGMT_SAE | WPA_KEY_MGMT_FT_SAE);
+ #endif /* CONFIG_SAE */
++#ifdef CONFIG_IEEE80211R
++ if (!(wpa_s->drv_flags & (WPA_DRIVER_FLAGS_SME |
++ WPA_DRIVER_FLAGS_UPDATE_FT_IES)))
++ sel &= ~WPA_KEY_MGMT_FT;
++#endif /* CONFIG_IEEE80211R */
+ if (0) {
+ #ifdef CONFIG_IEEE80211R
+ #ifdef CONFIG_SHA384
diff --git a/debian/patches/upstream-fixes/0006-nl80211-fix-RTM-NEW-DELLINK-IFLA_IFNAME.patch b/debian/patches/upstream-fixes/0006-nl80211-fix-RTM-NEW-DELLINK-IFLA_IFNAME.patch
new file mode 100644
index 0000000..4321cba
--- /dev/null
+++ b/debian/patches/upstream-fixes/0006-nl80211-fix-RTM-NEW-DELLINK-IFLA_IFNAME.patch
@@ -0,0 +1,45 @@
+From 7546c489a95a033c78331915fcdfa0e6fd74d563 Mon Sep 17 00:00:00 2001
+From: Ouden <Ouden.Biz@gmail.com>
+Date: Wed, 18 Mar 2020 17:58:37 +0800
+Subject: nl80211: Fix RTM NEW/DELLINK IFLA_IFNAME copy for maximum ifname
+ length
+
+If the kernel rtm_newlink or rtm_dellink send the maximum length of
+ifname (IFNAMSIZ), the event handlers in
+wpa_driver_nl80211_event_rtm_addlink() and
+wpa_driver_nl80211_event_rtm_dellink() did not copy the IFLA_IFNAME
+value. Because the RTA_PAYLOAD (IFLA_IFNAME) length already includes the
+NULL termination, that equals the IFNAMSIZ.
+
+Fix the condition when IFNAME reach maximum size.
+
+Signed-off-by: Ouden <Ouden.Biz@gmail.com>
+---
+ src/drivers/driver_nl80211.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
+index efcd69a..c071cc0 100644
+--- a/src/drivers/driver_nl80211.c
++++ b/src/drivers/driver_nl80211.c
+@@ -1047,7 +1047,7 @@ static void wpa_driver_nl80211_event_rtm_newlink(void *ctx,
+ while (RTA_OK(attr, attrlen)) {
+ switch (attr->rta_type) {
+ case IFLA_IFNAME:
+- if (RTA_PAYLOAD(attr) >= IFNAMSIZ)
++ if (RTA_PAYLOAD(attr) > IFNAMSIZ)
+ break;
+ os_memcpy(ifname, RTA_DATA(attr), RTA_PAYLOAD(attr));
+ ifname[RTA_PAYLOAD(attr)] = '\0';
+@@ -1222,7 +1222,7 @@ static void wpa_driver_nl80211_event_rtm_dellink(void *ctx,
+ while (RTA_OK(attr, attrlen)) {
+ switch (attr->rta_type) {
+ case IFLA_IFNAME:
+- if (RTA_PAYLOAD(attr) >= IFNAMSIZ)
++ if (RTA_PAYLOAD(attr) > IFNAMSIZ)
+ break;
+ os_memcpy(ifname, RTA_DATA(attr), RTA_PAYLOAD(attr));
+ ifname[RTA_PAYLOAD(attr)] = '\0';
+--
+cgit v0.12
+
--- End Message ---