Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: pu
Hi, I'd like to upload a fix for #655972 [1] to stable, which fixes CVE-2012-2736. The security team contacted me about this issue and doesn't consider it important enough for a stable-security upload but would like to see it addressed via a regular stable upload. Full debdiff is attached. Please let me know if I can proceed with the upload. Cheers, Michael -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (200, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash
diff --git a/debian/changelog b/debian/changelog index 3d344b3..2a5697e 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,12 @@ +network-manager (0.8.1-6+squeeze2) stable; urgency=low + + * debian/patches/84-CVE-2012-2736.patch + - Disable Ad-Hoc WPA connections as the kernel is broken for Ad-Hoc WPA, + and creates the connections as open connections instead. + - Fixes CVE-2012-2736. (Closes: #655972) + + -- Michael Biebl <bi...@debian.org> Wed, 22 Aug 2012 20:57:08 +0200 + network-manager (0.8.1-6+squeeze1) stable; urgency=low * debian/patches/82-core-handle-device-removal.patch diff --git a/debian/patches/84-CVE-2012-2736.patch b/debian/patches/84-CVE-2012-2736.patch new file mode 100644 index 0000000..4548ec9 --- /dev/null +++ b/debian/patches/84-CVE-2012-2736.patch @@ -0,0 +1,165 @@ +Description: disable WPA-secured adhoc wireless networks +Origin: backport, http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=69247a00eacd00617acbf1dfcee8497437b8ad39 +Origin: backport, http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=8126947e088462439740d18e9a2e77005d499ce1 +Origin: backport, http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=47f9eb80d81c5e4a2761e1507ba47ce8bae493db +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/905748 +Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655972 + +Index: network-manager/libnm-util/nm-utils.c +=================================================================== +--- network-manager.orig/libnm-util/nm-utils.c 2012-08-22 13:22:20.060415083 +0200 ++++ network-manager/libnm-util/nm-utils.c 2012-08-22 20:51:21.661305882 +0200 +@@ -1216,6 +1216,8 @@ + } + break; + case NMU_SEC_WPA_PSK: ++ if (adhoc) ++ return FALSE; /* FIXME: Kernel WPA Ad-Hoc support is buggy */ + if (!(wifi_caps & NM_WIFI_DEVICE_CAP_WPA)) + return FALSE; + if (have_ap) { +@@ -1232,6 +1234,8 @@ + } + break; + case NMU_SEC_WPA2_PSK: ++ if (adhoc) ++ return FALSE; /* FIXME: Kernel WPA Ad-Hoc support is buggy */ + if (!(wifi_caps & NM_WIFI_DEVICE_CAP_RSN)) + return FALSE; + if (have_ap) { +Index: network-manager/src/nm-device-wifi.c +=================================================================== +--- network-manager.orig/src/nm-device-wifi.c 2012-08-22 13:22:20.104415512 +0200 ++++ network-manager/src/nm-device-wifi.c 2012-08-22 20:51:21.673306001 +0200 +@@ -1201,6 +1201,36 @@ + } + + static gboolean ++is_adhoc_wpa (NMConnection *connection) ++{ ++ NMSettingWireless *s_wifi; ++ NMSettingWirelessSecurity *s_wsec; ++ const char *mode, *key_mgmt; ++ ++ /* The kernel doesn't support Ad-Hoc WPA connections well at this time, ++ * and turns them into open networks. It's been this way since at least ++ * 2.6.30 or so; until that's fixed, disable WPA-protected Ad-Hoc networks. ++ */ ++ ++ s_wifi = NM_SETTING_WIRELESS (nm_connection_get_setting (connection, NM_TYPE_SETTING_WIRELESS)); ++ g_return_val_if_fail (s_wifi != NULL, FALSE); ++ ++ mode = nm_setting_wireless_get_mode (s_wifi); ++ if (g_strcmp0 (mode, "adhoc") != 0) ++ return FALSE; ++ ++ s_wsec = NM_SETTING_WIRELESS_SECURITY (nm_connection_get_setting (connection, NM_TYPE_SETTING_WIRELESS_SECURITY)); ++ if (!s_wsec) ++ return FALSE; ++ ++ key_mgmt = nm_setting_wireless_security_get_key_mgmt (s_wsec); ++ if (g_strcmp0 (key_mgmt, "wpa-none") != 0) ++ return FALSE; ++ ++ return TRUE; ++} ++ ++static gboolean + real_check_connection_compatible (NMDevice *device, + NMConnection *connection, + GError **error) +@@ -1237,6 +1267,14 @@ + return FALSE; + } + ++ if (is_adhoc_wpa (connection)) { ++ g_set_error_literal (error, ++ NM_WIFI_ERROR, ++ NM_WIFI_ERROR_CONNECTION_INCOMPATIBLE, ++ "WPA Ad-Hoc disabled due to kernel bugs"); ++ return FALSE; ++ } ++ + // FIXME: check channel/freq/band against bands the hardware supports + // FIXME: check encryption against device capabilities + // FIXME: check bitrate against device capabilities +@@ -3027,6 +3065,16 @@ + connection = nm_act_request_get_connection (req); + g_return_val_if_fail (connection != NULL, NM_ACT_STAGE_RETURN_FAILURE); + ++ /* The kernel doesn't support Ad-Hoc WPA connections well at this time, ++ * and turns them into open networks. It's been this way since at least ++ * 2.6.30 or so; until that's fixed, disable WPA-protected Ad-Hoc networks. ++ */ ++ if (is_adhoc_wpa (connection)) { ++ nm_warning ("Ad-Hoc WPA disabled due to kernel bugs"); ++ *reason = NM_DEVICE_STATE_REASON_SUPPLICANT_CONFIG_FAILED; ++ return NM_ACT_STAGE_RETURN_FAILURE; ++ } ++ + /* Find a compatible AP in the scan list */ + for (iter = priv->ap_list; iter; iter = g_slist_next (iter)) { + NMAccessPoint *candidate = NM_AP (iter->data); +Index: network-manager/src/system-settings/nm-sysconfig-settings.c +=================================================================== +--- network-manager.orig/src/system-settings/nm-sysconfig-settings.c 2012-08-22 13:22:20.112415589 +0200 ++++ network-manager/src/system-settings/nm-sysconfig-settings.c 2012-08-22 20:51:21.697306240 +0200 +@@ -683,6 +683,38 @@ + g_object_unref (pk_result); + } + ++/* FIXME: remove if/when kernel supports adhoc wpa */ ++static gboolean ++is_adhoc_wpa (NMConnection *connection) ++{ ++ NMSettingWireless *s_wifi; ++ NMSettingWirelessSecurity *s_wsec; ++ const char *mode, *key_mgmt; ++ ++ /* The kernel doesn't support Ad-Hoc WPA connections well at this time, ++ * and turns them into open networks. It's been this way since at least ++ * 2.6.30 or so; until that's fixed, disable WPA-protected Ad-Hoc networks. ++ */ ++ ++ s_wifi = NM_SETTING_WIRELESS (nm_connection_get_setting (connection, NM_TYPE_SETTING_WIRELESS)); ++ if (!s_wifi) ++ return FALSE; ++ ++ mode = nm_setting_wireless_get_mode (s_wifi); ++ if (g_strcmp0 (mode, "adhoc") != 0) ++ return FALSE; ++ ++ s_wsec = NM_SETTING_WIRELESS_SECURITY (nm_connection_get_setting (connection, NM_TYPE_SETTING_WIRELESS_SECURITY)); ++ if (!s_wsec) ++ return FALSE; ++ ++ key_mgmt = nm_setting_wireless_security_get_key_mgmt (s_wsec); ++ if (g_strcmp0 (key_mgmt, "wpa-none") != 0) ++ return FALSE; ++ ++ return TRUE; ++} ++ + static void + add_connection (NMSettingsService *service, + NMConnection *connection, +@@ -695,6 +727,19 @@ + PolkitCall *call; + GError *error = NULL; + ++ /* The kernel doesn't support Ad-Hoc WPA connections well at this time, ++ * and turns them into open networks. It's been this way since at least ++ * 2.6.30 or so; until that's fixed, disable WPA-protected Ad-Hoc networks. ++ */ ++ if (is_adhoc_wpa (connection)) { ++ error = g_error_new_literal (NM_SYSCONFIG_SETTINGS_ERROR, ++ NM_SYSCONFIG_SETTINGS_ERROR_ADD_NOT_SUPPORTED, ++ "WPA Ad-Hoc disabled due to kernel bugs"); ++ callback (NM_SETTINGS_INTERFACE (service), error, user_data); ++ g_error_free (error); ++ return; ++ } ++ + /* Do any of the plugins support adding? */ + if (!get_plugin (self, NM_SYSTEM_CONFIG_INTERFACE_CAP_MODIFY_CONNECTIONS)) { + error = g_error_new_literal (NM_SYSCONFIG_SETTINGS_ERROR, diff --git a/debian/patches/series b/debian/patches/series index 610d86d..b7b4ab0 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -7,3 +7,4 @@ 51-normalized-keys.patch 82-core-handle-device-removal.patch 83-dnsmasq-send-no-config-file-instead-of-a-bogus-one.patch +84-CVE-2012-2736.patch
