Your message dated Thu, 19 Apr 2012 21:19:17 +0000
with message-id <[email protected]>
and subject line Bug#669388: fixed in wicd 1.7.2.2-1
has caused the Debian Bug report #669388,
regarding wicd-daemon: Fix for CVE-2012-2095 invalidates all templates that use
'ca_cert', 'password' and other fields.
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
669388: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669388
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: wicd-daemon
Version: 1.7.2.1-1
Severity: grave
Tags: upstream
Justification: renders package unusable
Hi there,
[tl;dr. wicd 1.7.2 (upstream development revision 751) introduces
a fatal bug that invalidates many connection templates.]
I just upgraded my wicd installation (to Wheezy's 1.7.2) and witnessed
my wireless connection fail. wicd's log file contains entries that read
2012/04/19 13:10:22 :: Trying to set invalid property (or property not
permitted): ca_cert.
2012/04/19 13:10:22 :: Trying to set invalid property (or property not
permitted): password.
2012/04/19 13:10:22 :: Trying to set invalid property (or property not
permitted): identity.
Those settings will accordingly not be reflected in
/etc/wicd/wireless-settings.conf or /var/lib/wicd/configurations/*.
I (quickly :) realized that the changes introduced in reaction to
CVE-2012-2095 where to blame. So, without further ado, I'll point you
the appropriate patch:
http://bazaar.launchpad.net/~wicd-devel/wicd/experimental/revision/751/wicd/wicd-daemon.py
The properties that `self._validProperties` introduces are *nowhere
near* a complete representation of supported wpa_supplicant fields
(which it quite probably should!). Just to be sure, I consulted
wpa_supplicant.conf(5) and found all of the "invalid properties" above
used in examples.
Finally, I applied the patch below to
/usr/share/wicd/daemon/wicd-daemon.py and could 'appily browse again
(thus the bug report :).
I suggest you get this to upstream's attentation as quickly as possible
as quite a few of wicd's own templates are now invalid. Hence the
elevated priority (I *do* hope, I'm not wrong on this ... ).
Thanks!
Regards,
Hagen Fuchs
Trivial proof-of-concept patch (diff -wu wicd-daemon.py*):
--- wicd-daemon.py 2012-04-19 15:35:52.023010442 +0200
+++ wicd-daemon.py.hfuchs 2012-04-19 15:55:04.830971520 +0200
@@ -1087,9 +1087,10 @@
""" Sets property to value in network specified. """
# We don't write script settings here.
if prop.strip() not in self._validProperties:
- print "Trying to set invalid property (or property not " \
- "permitted): "+ prop.strip() + "."
- return False
+ print "I'll allow that - for now! :)"
+ #print "Trying to set invalid property (or property not " \
+ # "permitted): "+ prop.strip() + "."
+ #return False
self.LastScan[netid][prop] = misc.to_unicode(misc.Noneify(value))
@dbus.service.method('org.wicd.daemon.wireless')
--- End Message ---
--- Begin Message ---
Source: wicd
Source-Version: 1.7.2.2-1
We believe that the bug you reported is fixed in the latest version of
wicd, which is due to be installed in the Debian FTP archive:
python-wicd_1.7.2.2-1_all.deb
to main/w/wicd/python-wicd_1.7.2.2-1_all.deb
wicd-cli_1.7.2.2-1_all.deb
to main/w/wicd/wicd-cli_1.7.2.2-1_all.deb
wicd-curses_1.7.2.2-1_all.deb
to main/w/wicd/wicd-curses_1.7.2.2-1_all.deb
wicd-daemon_1.7.2.2-1_all.deb
to main/w/wicd/wicd-daemon_1.7.2.2-1_all.deb
wicd-gtk_1.7.2.2-1_all.deb
to main/w/wicd/wicd-gtk_1.7.2.2-1_all.deb
wicd_1.7.2.2-1.debian.tar.gz
to main/w/wicd/wicd_1.7.2.2-1.debian.tar.gz
wicd_1.7.2.2-1.dsc
to main/w/wicd/wicd_1.7.2.2-1.dsc
wicd_1.7.2.2-1_all.deb
to main/w/wicd/wicd_1.7.2.2-1_all.deb
wicd_1.7.2.2.orig.tar.gz
to main/w/wicd/wicd_1.7.2.2.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
David Paleino <[email protected]> (supplier of updated wicd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 19 Apr 2012 22:47:05 +0200
Source: wicd
Binary: wicd wicd-daemon wicd-gtk wicd-curses wicd-cli python-wicd
Architecture: source all
Version: 1.7.2.2-1
Distribution: unstable
Urgency: high
Maintainer: David Paleino <[email protected]>
Changed-By: David Paleino <[email protected]>
Description:
python-wicd - wired and wireless network manager - Python module
wicd - wired and wireless network manager - metapackage
wicd-cli - wired and wireless network manager - scriptable console client
wicd-curses - wired and wireless network manager - Curses client
wicd-daemon - wired and wireless network manager - daemon
wicd-gtk - wired and wireless network manager - GTK+ client
Closes: 669388
Changes:
wicd (1.7.2.2-1) unstable; urgency=high
.
* New upstream version
- fix bug with encryption templates (Closes: #669388)
Checksums-Sha1:
7d3b929e1b10e686c57d9c72ee268dde41b5661a 1437 wicd_1.7.2.2-1.dsc
fae749dae6362c443c6151709380abb5fb6959fb 435618 wicd_1.7.2.2.orig.tar.gz
b43a3fe7046a793ff1a8e6c441a6f8f5ae131bfd 25164 wicd_1.7.2.2-1.debian.tar.gz
39b4b9cbd95b3e9b102b2dd9e34996bafda6f0b0 15378 wicd_1.7.2.2-1_all.deb
b86b6fd7aad6a31478b7c692d9aabf634c09b0f5 250048 wicd-daemon_1.7.2.2-1_all.deb
9c65125e0b74d54b2d7c0d64ebae92bd2162253f 117838 wicd-gtk_1.7.2.2-1_all.deb
2e52e23ac3bddad1d969475d33fc1720acd6a8b8 44900 wicd-curses_1.7.2.2-1_all.deb
a2b3de51166c8926ccf46cdc5ce6311aea3b9ee4 19006 wicd-cli_1.7.2.2-1_all.deb
419685dfdfb046e023245cbacbb2ae7d4105e9bc 50268 python-wicd_1.7.2.2-1_all.deb
Checksums-Sha256:
5e4f494e2254b772b0c0630edf03c69378ecab302e5dea5ae0dfc48f6e9cedf4 1437
wicd_1.7.2.2-1.dsc
7913f566e729a1494ef98618188569137ca2dcf27d8f3701a949038192a6f85a 435618
wicd_1.7.2.2.orig.tar.gz
b5890f26a90343b84d0b1bbe86dbb52b78e081f5eb8ad9a32f362a6f0b967276 25164
wicd_1.7.2.2-1.debian.tar.gz
34769e9789422626cc722fcaf920d2790c66d6815f29e572b9571cdf46bbffdb 15378
wicd_1.7.2.2-1_all.deb
0193150c26a0617fe4374f017194aa3f3f950de51ea77447d02e3320bd3e5f8b 250048
wicd-daemon_1.7.2.2-1_all.deb
85e87ff7c64a78bb711f30dde4110650d2843c7248d49935d27c424af5acd538 117838
wicd-gtk_1.7.2.2-1_all.deb
58a5fc78bb0ee819625b0411347d620e8ce1201c50182cafd12f0a790a2aef78 44900
wicd-curses_1.7.2.2-1_all.deb
4bf3b3be87c8be4cea7505f77d7d3f72374a711c1717c77506baa17892e30ca0 19006
wicd-cli_1.7.2.2-1_all.deb
b596937ec50fe741699c42146ca0406a754e33fdf9579750f8c3f63bfcf37fa2 50268
python-wicd_1.7.2.2-1_all.deb
Files:
607564e854f11d4fe9a5f7409858fffa 1437 net optional wicd_1.7.2.2-1.dsc
9e579cc14e2ad310280f5f439ff2c0f6 435618 net optional wicd_1.7.2.2.orig.tar.gz
97f77920ae16fb6ef3a0bc997c50c888 25164 net optional
wicd_1.7.2.2-1.debian.tar.gz
0795975306eeae8b24c6b53a76dc802a 15378 net optional wicd_1.7.2.2-1_all.deb
60518330b96171ef74290b779eabd2d4 250048 net optional
wicd-daemon_1.7.2.2-1_all.deb
00bc810f33aca7508d0ea814ce2b08e8 117838 net optional wicd-gtk_1.7.2.2-1_all.deb
f1eac44f87bf38f24febf074824b50ab 44900 net optional
wicd-curses_1.7.2.2-1_all.deb
62f1a641a22051665c3b2fa69e536a7e 19006 net optional wicd-cli_1.7.2.2-1_all.deb
8ec6c8fb71100045e60f6f9f00d5880d 50268 python optional
python-wicd_1.7.2.2-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAk+QewEACgkQ5qqQFxOSsXR/fgCeNc/9i1+U1cAcvmCdsggyayG3
Cm0AoKzLZUYyeatFcTgpjLaQDiA6imBO
=NtWQ
-----END PGP SIGNATURE-----
--- End Message ---
