[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#954838: buster-pu: package wpa/2:2.7+git20190128+0c1e29f-6+deb10u2

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi,

I’m proposing to upload a couple of upstream patches improving Wi-Fi
connectivity in some cases especially on certain hardware.

For two of them, the relevant issues are #942164 and LP: #1867908.

Please find the attached debdiff for more details.

- -- 
Cheers,
  Andrej

-----BEGIN PGP SIGNATURE-----

iQFIBAEBCAAyFiEEeuS9ZL8A0js0NGiOXkCM2RzYOdIFAl554hMUHGFuZHJld3No
QGRlYmlhbi5vcmcACgkQXkCM2RzYOdJ+eQf/ZlI2pdTxUhP/9z9f0qrHxe8g3zcH
y0OX0okehcIokgUbR0PIsiLVrfNM+n9cnfUHGCs5+4fLmMRnBH9WFqfeKbWiXuKl
FsyXtHalKumbLHyN5fKUlu9jzyw7I2GTqLMmNlZroUWyPa3vndJPVY3FJp4KUMrM
aBRaG5TDEvbHXUhwajXaDLpkznVdkc+q+iUHLpO4iOQbGwUiKtktIcywMpsZjeNO
owU1J2mkRIANS/tf23JrvWgm4y3A2kXWcUftfkgcZ5b5MKix6SlRvnn69frjyQUY
ym4T/1wRg4KUm41BjqAZNrBF/4ZuLa4ME7DNYHo+Bksw5K3DNnWT5muu6w==
=InIw
-----END PGP SIGNATURE-----

diff --git a/debian/changelog b/debian/changelog
index df8e632..d308eaa 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,16 @@
+wpa (2:2.7+git20190128+0c1e29f-6+deb10u2) buster; urgency=medium
+
+  * Apply upstream patches:
+    - Do not try to detect PSK mismatch during PTK rekeying.
+      Fixes the 4-way WPA handshake in some situations.
+    - Check for FT support when selecting FT suites.
+      Closes: #942164.
+    - Fix RTM NEW/DELLINK IFLA_IFNAME copy for maximum ifname length.
+      Fixes the MAC randomisation issue with some cards.
+      LP: #1867908.
+
+ -- Andrej Shadura <andrewsh@debian.org>  Tue, 24 Mar 2020 11:26:58 +0100
+
 wpa (2:2.7+git20190128+0c1e29f-6+deb10u1) buster-security; urgency=medium
 
   * SECURITY UPDATE:
diff --git a/debian/patches/series b/debian/patches/series
index 8056df6..6e716ec 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -33,3 +33,6 @@ fix-ENGINE-support-with-openssl-1.1.patch
 2019-6/0005-EAP-pwd-Run-through-prf-result-processing-even-if-it.patch
 2019-6/0006-dragonfly-Disable-use-of-groups-using-Brainpool-curv.patch
 2019-7/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch
+upstream-fixes/0001-wpa_supplicant-Do-not-try-to-detect-PSK-mismatch-dur.patch
+upstream-fixes/0003-check-for-ft-support.patch
+upstream-fixes/0006-nl80211-fix-RTM-NEW-DELLINK-IFLA_IFNAME.patch
diff --git a/debian/patches/upstream-fixes/0001-wpa_supplicant-Do-not-try-to-detect-PSK-mismatch-dur.patch b/debian/patches/upstream-fixes/0001-wpa_supplicant-Do-not-try-to-detect-PSK-mismatch-dur.patch
new file mode 100644
index 0000000..da07f76
--- /dev/null
+++ b/debian/patches/upstream-fixes/0001-wpa_supplicant-Do-not-try-to-detect-PSK-mismatch-dur.patch
@@ -0,0 +1,28 @@
+From 84877f253d3dfff2ba70e8226b622ba2d088b054 Mon Sep 17 00:00:00 2001
+From: Alexander Wetzel <alexander@wetzel-home.de>
+Date: Fri, 20 Dec 2019 20:21:26 +0100
+Subject: [PATCH] wpa_supplicant: Do not try to detect PSK mismatch during PTK
+ rekeying
+
+When a PTK rekey fails it can't be caused by a PSK mismatch. Report a
+possible PSK mismatch only during the initial 4-way handshake to avoid
+incorrect reports.
+
+Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
+---
+ wpa_supplicant/events.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/wpa_supplicant/events.c
++++ b/wpa_supplicant/events.c
+@@ -2999,8 +2999,9 @@ static int could_be_psk_mismatch(struct wpa_supplicant *wpa_s, u16 reason_code,
+ 				 int locally_generated)
+ {
+ 	if (wpa_s->wpa_state != WPA_4WAY_HANDSHAKE ||
++	    !wpa_s->new_connection ||
+ 	    !wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt))
+-		return 0; /* Not in 4-way handshake with PSK */
++		return 0; /* Not in initial 4-way handshake with PSK */
+ 
+ 	/*
+ 	 * It looks like connection was lost while trying to go through PSK
diff --git a/debian/patches/upstream-fixes/0003-check-for-ft-support.patch b/debian/patches/upstream-fixes/0003-check-for-ft-support.patch
new file mode 100644
index 0000000..ca4b514
--- /dev/null
+++ b/debian/patches/upstream-fixes/0003-check-for-ft-support.patch
@@ -0,0 +1,83 @@
+From 23dc196fde951b3d508f367a603cddffbd053490 Mon Sep 17 00:00:00 2001
+From: Matthew Wang <matthewmwang@chromium.org>
+Date: Mon, 3 Feb 2020 17:12:05 -0800
+Subject: Check for FT support when selecting FT suites
+
+A driver supports FT if it either supports SME or the
+NL80211_CMD_UPDATE_FT_IES command. When selecting AKM suites,
+wpa_supplicant currently doesn't take into account whether or not either
+of those conditions are met. This can cause association failures, e.g.,
+when an AP supports both WPA-EAP and FT-EAP but the driver doesn't
+support FT (wpa_supplicant will decide to do FT-EAP since it is unaware
+the driver doesn't support it). This change allows an FT suite to be
+selected only when the driver also supports FT.
+
+Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
+Reviewed-by: Brian Norris <briannorris@chromium.org>
+---
+ src/drivers/driver.h              | 2 ++
+ src/drivers/driver_nl80211_capa.c | 7 +++++++
+ wpa_supplicant/wpa_supplicant.c   | 5 +++++
+ 3 files changed, 14 insertions(+)
+
+diff --git a/src/drivers/driver.h b/src/drivers/driver.h
+index 9bdf880..d23e436 100644
+--- a/src/drivers/driver.h
++++ b/src/drivers/driver.h
+@@ -1659,6 +1659,8 @@
+ #define WPA_DRIVER_FLAGS_FTM_RESPONDER		0x0100000000000000ULL
+ /** Driver support 4-way handshake offload for WPA-Personal */
+ #define WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK	0x0200000000000000ULL
++/** Driver supports UPDATE_FT_IES command */
++#define WPA_DRIVER_FLAGS_UPDATE_FT_IES		0x1000000000000000ULL
+ 	u64 flags;
+ 
+ #define FULL_AP_CLIENT_STATE_SUPP(drv_flags) \
+diff --git a/src/drivers/driver_nl80211_capa.c b/src/drivers/driver_nl80211_capa.c
+index 31e7cbf..6968e8e 100644
+--- a/src/drivers/driver_nl80211_capa.c
++++ b/src/drivers/driver_nl80211_capa.c
+@@ -78,6 +78,7 @@ struct wiphy_info_data {
+ 	unsigned int wmm_ac_supported:1;
+ 	unsigned int mac_addr_rand_scan_supported:1;
+ 	unsigned int mac_addr_rand_sched_scan_supported:1;
++	unsigned int update_ft_ies_supported:1;
+ };
+ 
+ 
+@@ -243,6 +244,9 @@ static void wiphy_info_supp_cmds(struct wiphy_info_data *info,
+ 		case NL80211_CMD_SET_QOS_MAP:
+ 			info->set_qos_map_supported = 1;
+ 			break;
++		case NL80211_CMD_UPDATE_FT_IES:
++			info->update_ft_ies_supported = 1;
++			break;
+ 		}
+ 	}
+ }
+@@ -901,6 +905,9 @@ static int wpa_driver_nl80211_get_info(struct wpa_driver_nl80211_data *drv,
+ 		drv->capa.max_sched_scan_plan_iterations = 0;
+ 	}
+ 
++	if (info->update_ft_ies_supported)
++		drv->capa.flags |= WPA_DRIVER_FLAGS_UPDATE_FT_IES;
++
+ 	return 0;
+ }
+ 
+diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
+index 09f971c..24a7a28 100644
+--- a/wpa_supplicant/wpa_supplicant.c
++++ b/wpa_supplicant/wpa_supplicant.c
+@@ -1410,6 +1410,11 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
+ 	if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE))
+ 		sel &= ~(WPA_KEY_MGMT_SAE | WPA_KEY_MGMT_FT_SAE);
+ #endif /* CONFIG_SAE */
++#ifdef CONFIG_IEEE80211R
++	if (!(wpa_s->drv_flags & (WPA_DRIVER_FLAGS_SME |
++				  WPA_DRIVER_FLAGS_UPDATE_FT_IES)))
++		sel &= ~WPA_KEY_MGMT_FT;
++#endif /* CONFIG_IEEE80211R */
+ 	if (0) {
+ #ifdef CONFIG_IEEE80211R
+ #ifdef CONFIG_SHA384
diff --git a/debian/patches/upstream-fixes/0006-nl80211-fix-RTM-NEW-DELLINK-IFLA_IFNAME.patch b/debian/patches/upstream-fixes/0006-nl80211-fix-RTM-NEW-DELLINK-IFLA_IFNAME.patch
new file mode 100644
index 0000000..4321cba
--- /dev/null
+++ b/debian/patches/upstream-fixes/0006-nl80211-fix-RTM-NEW-DELLINK-IFLA_IFNAME.patch
@@ -0,0 +1,45 @@
+From 7546c489a95a033c78331915fcdfa0e6fd74d563 Mon Sep 17 00:00:00 2001
+From: Ouden <Ouden.Biz@gmail.com>
+Date: Wed, 18 Mar 2020 17:58:37 +0800
+Subject: nl80211: Fix RTM NEW/DELLINK IFLA_IFNAME copy for maximum ifname
+ length
+
+If the kernel rtm_newlink or rtm_dellink send the maximum length of
+ifname (IFNAMSIZ), the event handlers in
+wpa_driver_nl80211_event_rtm_addlink() and
+wpa_driver_nl80211_event_rtm_dellink() did not copy the IFLA_IFNAME
+value. Because the RTA_PAYLOAD (IFLA_IFNAME) length already includes the
+NULL termination, that equals the IFNAMSIZ.
+
+Fix the condition when IFNAME reach maximum size.
+
+Signed-off-by: Ouden <Ouden.Biz@gmail.com>
+---
+ src/drivers/driver_nl80211.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
+index efcd69a..c071cc0 100644
+--- a/src/drivers/driver_nl80211.c
++++ b/src/drivers/driver_nl80211.c
+@@ -1047,7 +1047,7 @@ static void wpa_driver_nl80211_event_rtm_newlink(void *ctx,
+ 	while (RTA_OK(attr, attrlen)) {
+ 		switch (attr->rta_type) {
+ 		case IFLA_IFNAME:
+-			if (RTA_PAYLOAD(attr) >= IFNAMSIZ)
++			if (RTA_PAYLOAD(attr) > IFNAMSIZ)
+ 				break;
+ 			os_memcpy(ifname, RTA_DATA(attr), RTA_PAYLOAD(attr));
+ 			ifname[RTA_PAYLOAD(attr)] = '\0';
+@@ -1222,7 +1222,7 @@ static void wpa_driver_nl80211_event_rtm_dellink(void *ctx,
+ 	while (RTA_OK(attr, attrlen)) {
+ 		switch (attr->rta_type) {
+ 		case IFLA_IFNAME:
+-			if (RTA_PAYLOAD(attr) >= IFNAMSIZ)
++			if (RTA_PAYLOAD(attr) > IFNAMSIZ)
+ 				break;
+ 			os_memcpy(ifname, RTA_DATA(attr), RTA_PAYLOAD(attr));
+ 			ifname[RTA_PAYLOAD(attr)] = '\0';
+-- 
+cgit v0.12
+
Reply to: