From c42829d90ac3bd76af8c1d9f7ac96dcb9120d984 Mon Sep 17 00:00:00 2001 From: dogsheng <960055655@qq.com> Date: Wed, 25 Dec 2019 16:10:18 +0800 Subject: [PATCH] Package init --- CVE-2019-11555-1.patch | 47 +++++ CVE-2019-11555-2.patch | 47 +++++ CVE-2019-16275.patch | 73 ++++++++ CVE-2019-9497.patch | 47 +++++ CVE-2019-9498-and-CVE-2019-9499.patch | 258 ++++++++++++++++++++++++++ wpa_supplicant.spec | 18 +- 6 files changed, 488 insertions(+), 2 deletions(-) create mode 100644 CVE-2019-11555-1.patch create mode 100644 CVE-2019-11555-2.patch create mode 100644 CVE-2019-16275.patch create mode 100644 CVE-2019-9497.patch create mode 100644 CVE-2019-9498-and-CVE-2019-9499.patch diff --git a/CVE-2019-11555-1.patch b/CVE-2019-11555-1.patch new file mode 100644 index 0000000..47e0af9 --- /dev/null +++ b/CVE-2019-11555-1.patch @@ -0,0 +1,47 @@ +From d2d1a324ce937628e4d9d9999fe113819b7d4478 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen +Date: Wed, 17 Apr 2019 02:21:20 +0300 +Subject: EAP-pwd peer: Fix reassembly buffer handling + +Unexpected fragment might result in data->inbuf not being allocated +before processing and that could have resulted in NULL pointer +dereference. Fix that by explicitly checking for data->inbuf to be +available before using it. + +Signed-off-by: Jouni Malinen + +backport addr https://w1.fi/cgit/hostap/patch/?id=d2d1a324ce937628e4d9d9999fe113819b7d4478 +--- + src/eap_peer/eap_pwd.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c +index bbe9b40..f8e1afe 100644 +--- a/src/eap_peer/eap_pwd.c ++++ b/src/eap_peer/eap_pwd.c +@@ -888,6 +888,13 @@ eap_pwd_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret, + * buffer and ACK the fragment + */ + if (EAP_PWD_GET_MORE_BIT(lm_exch) || data->in_frag_pos) { ++ if (!data->inbuf) { ++ wpa_printf(MSG_DEBUG, ++ "EAP-pwd: No buffer for reassembly"); ++ ret->methodState = METHOD_DONE; ++ ret->decision = DECISION_FAIL; ++ return NULL; ++ } + data->in_frag_pos += len; + if (data->in_frag_pos > wpabuf_size(data->inbuf)) { + wpa_printf(MSG_INFO, "EAP-pwd: Buffer overflow attack " +@@ -914,7 +921,7 @@ eap_pwd_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret, + /* + * we're buffering and this is the last fragment + */ +- if (data->in_frag_pos) { ++ if (data->in_frag_pos && data->inbuf) { + wpa_printf(MSG_DEBUG, "EAP-pwd: Last fragment, %d bytes", + (int) len); + pos = wpabuf_head_u8(data->inbuf); +-- +2.19.1 + diff --git a/CVE-2019-11555-2.patch b/CVE-2019-11555-2.patch new file mode 100644 index 0000000..43ea67e --- /dev/null +++ b/CVE-2019-11555-2.patch @@ -0,0 +1,47 @@ +From fe76f487e28bdc61940f304f153a954cf36935ea Mon Sep 17 00:00:00 2001 +From: Jouni Malinen +Date: Wed, 17 Apr 2019 01:55:32 +0300 +Subject: EAP-pwd server: Fix reassembly buffer handling + +data->inbuf allocation might fail and if that were to happen, the next +fragment in the exchange could have resulted in NULL pointer +dereference. Unexpected fragment with more bit might also be able to +trigger this. Fix that by explicitly checking for data->inbuf to be +available before using it. + +Signed-off-by: Jouni Malinen + +backport addr https://w1.fi/cgit/hostap/patch/?id=fe76f487e28bdc61940f304f153a954cf36935ea +--- + src/eap_server/eap_server_pwd.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/src/eap_server/eap_server_pwd.c b/src/eap_server/eap_server_pwd.c +index 275bdf8..afad505 100644 +--- a/src/eap_server/eap_server_pwd.c ++++ b/src/eap_server/eap_server_pwd.c +@@ -968,6 +968,12 @@ static void eap_pwd_process(struct eap_sm *sm, void *priv, + * the first and all intermediate fragments have the M bit set + */ + if (EAP_PWD_GET_MORE_BIT(lm_exch) || data->in_frag_pos) { ++ if (!data->inbuf) { ++ wpa_printf(MSG_DEBUG, ++ "EAP-pwd: No buffer for reassembly"); ++ eap_pwd_state(data, FAILURE); ++ return; ++ } + if ((data->in_frag_pos + len) > wpabuf_size(data->inbuf)) { + wpa_printf(MSG_DEBUG, "EAP-pwd: Buffer overflow " + "attack detected! (%d+%d > %d)", +@@ -988,7 +994,7 @@ static void eap_pwd_process(struct eap_sm *sm, void *priv, + * last fragment won't have the M bit set (but we're obviously + * buffering fragments so that's how we know it's the last) + */ +- if (data->in_frag_pos) { ++ if (data->in_frag_pos && data->inbuf) { + pos = wpabuf_head_u8(data->inbuf); + len = data->in_frag_pos; + wpa_printf(MSG_DEBUG, "EAP-pwd: Last fragment, %d bytes", +-- +2.19.1 + diff --git a/CVE-2019-16275.patch b/CVE-2019-16275.patch new file mode 100644 index 0000000..d764a9d --- /dev/null +++ b/CVE-2019-16275.patch @@ -0,0 +1,73 @@ +From 8c07fa9eda13e835f3f968b2e1c9a8be3a851ff9 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen +Date: Thu, 29 Aug 2019 11:52:04 +0300 +Subject: [PATCH] AP: Silently ignore management frame from unexpected source + address + +Do not process any received Management frames with unexpected/invalid SA +so that we do not add any state for unexpected STA addresses or end up +sending out frames to unexpected destination. This prevents unexpected +sequences where an unprotected frame might end up causing the AP to send +out a response to another device and that other device processing the +unexpected response. + +In particular, this prevents some potential denial of service cases +where the unexpected response frame from the AP might result in a +connected station dropping its association. + +Signed-off-by: Jouni Malinen +--- + src/ap/drv_callbacks.c | 13 +++++++++++++ + src/ap/ieee802_11.c | 12 ++++++++++++ + 2 files changed, 25 insertions(+) + +diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c +index 31587685fe3b..34ca379edc3d 100644 +--- a/src/ap/drv_callbacks.c ++++ b/src/ap/drv_callbacks.c +@@ -131,6 +131,19 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr, + "hostapd_notif_assoc: Skip event with no address"); + return -1; + } ++ ++ if (is_multicast_ether_addr(addr) || ++ is_zero_ether_addr(addr) || ++ os_memcmp(addr, hapd->own_addr, ETH_ALEN) == 0) { ++ /* Do not process any frames with unexpected/invalid SA so that ++ * we do not add any state for unexpected STA addresses or end ++ * up sending out frames to unexpected destination. */ ++ wpa_printf(MSG_DEBUG, "%s: Invalid SA=" MACSTR ++ " in received indication - ignore this indication silently", ++ __func__, MAC2STR(addr)); ++ return 0; ++ } ++ + random_add_randomness(addr, ETH_ALEN); + + hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211, +diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c +index c85a28db44b7..e7065372e158 100644 +--- a/src/ap/ieee802_11.c ++++ b/src/ap/ieee802_11.c +@@ -4626,6 +4626,18 @@ int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len, + fc = le_to_host16(mgmt->frame_control); + stype = WLAN_FC_GET_STYPE(fc); + ++ if (is_multicast_ether_addr(mgmt->sa) || ++ is_zero_ether_addr(mgmt->sa) || ++ os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) { ++ /* Do not process any frames with unexpected/invalid SA so that ++ * we do not add any state for unexpected STA addresses or end ++ * up sending out frames to unexpected destination. */ ++ wpa_printf(MSG_DEBUG, "MGMT: Invalid SA=" MACSTR ++ " in received frame - ignore this frame silently", ++ MAC2STR(mgmt->sa)); ++ return 0; ++ } ++ + if (stype == WLAN_FC_STYPE_BEACON) { + handle_beacon(hapd, mgmt, len, fi); + return 1; +-- +2.20.1 + diff --git a/CVE-2019-9497.patch b/CVE-2019-9497.patch new file mode 100644 index 0000000..4e3e1c3 --- /dev/null +++ b/CVE-2019-9497.patch @@ -0,0 +1,47 @@ +From d63edfa90243e9a7de6ae5c275032f2cc79fef95 Mon Sep 17 00:00:00 2001 +From: Mathy Vanhoef +Date: Sun, 31 Mar 2019 17:26:01 +0200 +Subject: EAP-pwd server: Detect reflection attacks + +When processing an EAP-pwd Commit frame, verify that the peer's scalar +and elliptic curve element differ from the one sent by the server. This +prevents reflection attacks where the adversary reflects the scalar and +element sent by the server. (CVE-2019-9497) + +The vulnerability allows an adversary to complete the EAP-pwd handshake +as any user. However, the adversary does not learn the negotiated +session key, meaning the subsequent 4-way handshake would fail. As a +result, this cannot be abused to bypass authentication unless EAP-pwd is +used in non-WLAN cases without any following key exchange that would +require the attacker to learn the MSK. + +Signed-off-by: Mathy Vanhoef + +backport addr https://w1.fi/cgit/hostap/patch/?id=d63edfa90243e9a7de6ae5c275032f2cc79fef95 +--- + src/eap_server/eap_server_pwd.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/src/eap_server/eap_server_pwd.c b/src/eap_server/eap_server_pwd.c +index 64bf708..cb5f682 100644 +--- a/src/eap_server/eap_server_pwd.c ++++ b/src/eap_server/eap_server_pwd.c +@@ -725,6 +725,15 @@ eap_pwd_process_commit_resp(struct eap_sm *sm, struct eap_pwd_data *data, + } + } + ++ /* detect reflection attacks */ ++ if (crypto_bignum_cmp(data->my_scalar, data->peer_scalar) == 0 || ++ crypto_ec_point_cmp(data->grp->group, data->my_element, ++ data->peer_element) == 0) { ++ wpa_printf(MSG_INFO, ++ "EAP-PWD (server): detected reflection attack!"); ++ goto fin; ++ } ++ + /* compute the shared key, k */ + if ((!EC_POINT_mul(data->grp->group, K, NULL, data->grp->pwe, + data->peer_scalar, data->bnctx)) || +-- +2.19.1 + diff --git a/CVE-2019-9498-and-CVE-2019-9499.patch b/CVE-2019-9498-and-CVE-2019-9499.patch new file mode 100644 index 0000000..4929792 --- /dev/null +++ b/CVE-2019-9498-and-CVE-2019-9499.patch @@ -0,0 +1,258 @@ +From 16d4f1069118aa19bfce013493e1ac5783f92f1d Mon Sep 17 00:00:00 2001 +From: Jouni Malinen +Date: Fri, 5 Apr 2019 02:12:50 +0300 +Subject: EAP-pwd: Check element x,y coordinates explicitly + +This adds an explicit check for 0 < x,y < prime based on RFC 5931, +2.8.5.2.2 requirement. The earlier checks might have covered this +implicitly, but it is safer to avoid any dependency on implicit checks +and specific crypto library behavior. (CVE-2019-9498 and CVE-2019-9499) + +Furthermore, this moves the EAP-pwd element and scalar parsing and +validation steps into shared helper functions so that there is no need +to maintain two separate copies of this common functionality between the +server and peer implementations. + +Signed-off-by: Jouni Malinen +backport addr https://w1.fi/cgit/hostap/patch/?id=16d4f1069118aa19bfce013493e1ac5783f92f1d + https://w1.fi/cgit/hostap/patch/?id=70ff850e89fbc8bc7da515321b4d15b5eef70581 + https://w1.fi/cgit/hostap/patch/?id=8ad8585f91823ddcc3728155e288e0f9f872e31a +--- + src/eap_common/eap_pwd_common.c | 106 ++++++++++++++++++++++++++++++++ + src/eap_common/eap_pwd_common.h | 3 + + src/eap_peer/eap_pwd.c | 19 +----- + src/eap_server/eap_server_pwd.c | 19 +----- + 4 files changed, 111 insertions(+), 36 deletions(-) + +diff --git a/src/eap_common/eap_pwd_common.c b/src/eap_common/eap_pwd_common.c +index 67f8f70..ef47db1 100644 +--- a/src/eap_common/eap_pwd_common.c ++++ b/src/eap_common/eap_pwd_common.c +@@ -365,3 +365,109 @@ int compute_keys(EAP_PWD_group *grp, BN_CTX *bnctx, const BIGNUM *k, + + return 1; + } ++ ++ ++static int eap_pwd_element_coord_ok(const struct crypto_bignum *prime, ++ const u8 *buf, size_t len) ++{ ++ struct crypto_bignum *val; ++ int ok = 1; ++ ++ val = crypto_bignum_init_set(buf, len); ++ if (!val || crypto_bignum_is_zero(val) || ++ crypto_bignum_cmp(val, prime) >= 0) ++ ok = 0; ++ crypto_bignum_deinit(val, 0); ++ return ok; ++} ++ ++ ++struct crypto_ec_point * eap_pwd_get_element(EAP_PWD_group *group, ++ const u8 *buf) ++{ ++ struct crypto_ec_point *element; ++ const struct crypto_bignum *prime; ++ size_t prime_len; ++ struct crypto_bignum *cofactor = NULL; ++ ++ prime = crypto_ec_get_prime(group->group); ++ prime_len = crypto_ec_prime_len(group->group); ++ ++ /* RFC 5931, 2.8.5.2.2: 0 < x,y < p */ ++ if (!eap_pwd_element_coord_ok(prime, buf, prime_len) || ++ !eap_pwd_element_coord_ok(prime, buf + prime_len, prime_len)) { ++ wpa_printf(MSG_INFO, "EAP-pwd: Invalid coordinate in element"); ++ return NULL; ++ } ++ ++ element = crypto_ec_point_from_bin(group->group, buf); ++ if (!element) { ++ wpa_printf(MSG_INFO, "EAP-pwd: EC point from element failed"); ++ return NULL; ++ } ++ ++ /* RFC 5931, 2.8.5.2.2: on curve and not the point at infinity */ ++ if (!crypto_ec_point_is_on_curve(group->group, element) || ++ crypto_ec_point_is_at_infinity(group->group, element)) { ++ wpa_printf(MSG_INFO, "EAP-pwd: Invalid element"); ++ goto fail; ++ } ++ ++ cofactor = crypto_bignum_init(); ++ if (!cofactor || crypto_ec_cofactor(group->group, cofactor) < 0) { ++ wpa_printf(MSG_INFO, ++ "EAP-pwd: Unable to get cofactor for curve"); ++ goto fail; ++ } ++ ++ if (!crypto_bignum_is_one(cofactor)) { ++ struct crypto_ec_point *point; ++ int ok = 1; ++ ++ /* check to ensure peer's element is not in a small sub-group */ ++ point = crypto_ec_point_init(group->group); ++ if (!point || ++ crypto_ec_point_mul(group->group, element, ++ cofactor, point) != 0 || ++ crypto_ec_point_is_at_infinity(group->group, point)) ++ ok = 0; ++ crypto_ec_point_deinit(point, 0); ++ ++ if (!ok) { ++ wpa_printf(MSG_INFO, ++ "EAP-pwd: Small sub-group check on peer element failed"); ++ goto fail; ++ } ++ } ++ ++out: ++ crypto_bignum_deinit(cofactor, 0); ++ return element; ++fail: ++ crypto_ec_point_deinit(element, 0); ++ element = NULL; ++ goto out; ++} ++ ++ ++struct crypto_bignum * eap_pwd_get_scalar(EAP_PWD_group *group, const u8 *buf) ++{ ++ struct crypto_bignum *scalar; ++ const struct crypto_bignum *order; ++ size_t order_len; ++ ++ order = crypto_ec_get_order(group->group); ++ order_len = crypto_ec_order_len(group->group); ++ ++ /* RFC 5931, 2.8.5.2: 1 < scalar < r */ ++ scalar = crypto_bignum_init_set(buf, order_len); ++ if (!scalar || crypto_bignum_is_zero(scalar) || ++ crypto_bignum_is_one(scalar) || ++ crypto_bignum_cmp(scalar, order) >= 0) { ++ wpa_printf(MSG_INFO, "EAP-pwd: received scalar is invalid"); ++ crypto_bignum_deinit(scalar, 0); ++ scalar = NULL; ++ } ++ ++ return scalar; ++} +diff --git a/src/eap_common/eap_pwd_common.h b/src/eap_common/eap_pwd_common.h +index a0d717e..01f43eb 100644 +--- a/src/eap_common/eap_pwd_common.h ++++ b/src/eap_common/eap_pwd_common.h +@@ -68,5 +68,8 @@ int compute_keys(EAP_PWD_group *grp, BN_CTX *bnctx, const BIGNUM *k, + struct crypto_hash * eap_pwd_h_init(void); + void eap_pwd_h_update(struct crypto_hash *hash, const u8 *data, size_t len); + void eap_pwd_h_final(struct crypto_hash *hash, u8 *digest); ++struct crypto_ec_point * eap_pwd_get_element(EAP_PWD_group *group, ++ const u8 *buf); ++struct crypto_bignum * eap_pwd_get_scalar(EAP_PWD_group *group, const u8 *buf); + + #endif /* EAP_PWD_COMMON_H */ +diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c +index d2bc981..bbe9b40 100644 +--- a/src/eap_peer/eap_pwd.c ++++ b/src/eap_peer/eap_pwd.c +@@ -358,7 +358,7 @@ eap_pwd_perform_commit_exchange(struct eap_sm *sm, struct eap_pwd_data *data, + const struct wpabuf *reqData, + const u8 *payload, size_t payload_len) + { +- EC_POINT *K = NULL, *point = NULL; ++ EC_POINT *K = NULL; + BIGNUM *mask = NULL, *x = NULL, *y = NULL, *cofactor = NULL; + u16 offset; + u8 *ptr, *scalar = NULL, *element = NULL; +@@ -429,7 +429,6 @@ eap_pwd_perform_commit_exchange(struct eap_sm *sm, struct eap_pwd_data *data, + if (((data->server_scalar = BN_new()) == NULL) || + ((data->k = BN_new()) == NULL) || + ((K = EC_POINT_new(data->grp->group)) == NULL) || +- ((point = EC_POINT_new(data->grp->group)) == NULL) || + ((data->server_element = EC_POINT_new(data->grp->group)) == NULL)) + { + wpa_printf(MSG_INFO, "EAP-PWD (peer): peer data allocation " +@@ -452,21 +451,6 @@ eap_pwd_perform_commit_exchange(struct eap_sm *sm, struct eap_pwd_data *data, + goto fin; + } + +- /* check to ensure server's element is not in a small sub-group */ +- if (BN_cmp(cofactor, BN_value_one())) { +- if (!EC_POINT_mul(data->grp->group, point, NULL, +- data->server_element, cofactor, NULL)) { +- wpa_printf(MSG_INFO, "EAP-PWD (peer): cannot multiply " +- "server element by order!\n"); +- goto fin; +- } +- if (EC_POINT_is_at_infinity(data->grp->group, point)) { +- wpa_printf(MSG_INFO, "EAP-PWD (peer): server element " +- "is at infinity!\n"); +- goto fin; +- } +- } +- + /* compute the shared key, k */ + if ((!EC_POINT_mul(data->grp->group, K, NULL, data->grp->pwe, + data->server_scalar, data->bnctx)) || +@@ -557,7 +541,6 @@ fin: + BN_clear_free(mask); + BN_clear_free(cofactor); + EC_POINT_clear_free(K); +- EC_POINT_clear_free(point); + if (data->outbuf == NULL) + eap_pwd_state(data, FAILURE); + else +diff --git a/src/eap_server/eap_server_pwd.c b/src/eap_server/eap_server_pwd.c +index cb5f682..275bdf8 100644 +--- a/src/eap_server/eap_server_pwd.c ++++ b/src/eap_server/eap_server_pwd.c +@@ -659,7 +659,7 @@ eap_pwd_process_commit_resp(struct eap_sm *sm, struct eap_pwd_data *data, + { + u8 *ptr; + BIGNUM *x = NULL, *y = NULL, *cofactor = NULL; +- EC_POINT *K = NULL, *point = NULL; ++ EC_POINT *K = NULL; + int res = 0; + size_t prime_len, order_len; + +@@ -681,7 +681,6 @@ eap_pwd_process_commit_resp(struct eap_sm *sm, struct eap_pwd_data *data, + ((cofactor = BN_new()) == NULL) || + ((x = BN_new()) == NULL) || + ((y = BN_new()) == NULL) || +- ((point = EC_POINT_new(data->grp->group)) == NULL) || + ((K = EC_POINT_new(data->grp->group)) == NULL) || + ((data->peer_element = EC_POINT_new(data->grp->group)) == NULL)) { + wpa_printf(MSG_INFO, "EAP-PWD (server): peer data allocation " +@@ -710,21 +709,6 @@ eap_pwd_process_commit_resp(struct eap_sm *sm, struct eap_pwd_data *data, + goto fin; + } + +- /* check to ensure peer's element is not in a small sub-group */ +- if (BN_cmp(cofactor, BN_value_one())) { +- if (!EC_POINT_mul(data->grp->group, point, NULL, +- data->peer_element, cofactor, NULL)) { +- wpa_printf(MSG_INFO, "EAP-PWD (server): cannot " +- "multiply peer element by order"); +- goto fin; +- } +- if (EC_POINT_is_at_infinity(data->grp->group, point)) { +- wpa_printf(MSG_INFO, "EAP-PWD (server): peer element " +- "is at infinity!\n"); +- goto fin; +- } +- } +- + /* detect reflection attacks */ + if (crypto_bignum_cmp(data->my_scalar, data->peer_scalar) == 0 || + crypto_ec_point_cmp(data->grp->group, data->my_element, +@@ -777,7 +761,6 @@ eap_pwd_process_commit_resp(struct eap_sm *sm, struct eap_pwd_data *data, + + fin: + EC_POINT_clear_free(K); +- EC_POINT_clear_free(point); + BN_clear_free(cofactor); + BN_clear_free(x); + BN_clear_free(y); +-- +2.19.1 + diff --git a/wpa_supplicant.spec b/wpa_supplicant.spec index c0a47e1..b78c2b6 100644 --- a/wpa_supplicant.spec +++ b/wpa_supplicant.spec @@ -1,7 +1,7 @@ Name: wpa_supplicant Epoch: 1 Version: 2.6 -Release: 19 +Release: 21 Summary: A WPA Supplicant with support for WPA and WPA2 (IEEE 802.11i / RSN) License: BSD Url: https://w1.fi/wpa_supplicant/ @@ -87,9 +87,17 @@ Patch6059: CVE-2019-9494-5.patch Patch6060: CVE-2019-9494-6.patch Patch6061: CVE-2019-9494-7.patch Patch6062: CVE-2019-9494-8.patch +Patch6063: CVE-2019-16275.patch +Patch6064: CVE-2019-9497.patch +Patch6065: CVE-2019-9498-and-CVE-2019-9499.patch +Patch6066: CVE-2019-11555-1.patch +Patch6067: CVE-2019-11555-2.patch BuildRequires: qt-devel >= 4.0 openssl-devel readline-devel dbus-devel libnl3-devel systemd-units docbook-utils -Requires: systemd-sysv systemd +Requires(post): systemd-sysv +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd Obsoletes: libeap < %{epoch}:%{version}-%{release} libeap-devel < %{epoch}:%{version}-%{release} %description @@ -179,6 +187,12 @@ install -m644 %{name}/doc/docbook/*.5 %{buildroot}%{_mandir}/man5 %{_mandir}/man5/* %changelog +* Sat Dec 21 2019 openEuler Buildteam - 1:2.6-21 +- Modify requires + +* Mon Dec 16 2019 openEuler Buildteam - 1:2.6-20 +- fix CVE-2019-16275, CVE-2019-9497, CVE-2019-9498, CVE-2019-9499, CVE-2019-11555 + * Wed Sep 25 2019 huzhiyu - 1:2.6-19 - change patch names legal