connman: update 1.41 -> 1.42

Drop backports. 0001-vpn-Adding-support-for-latest-pppd-2.5.0-release.patch is partially dropped, as upstream hasn't included the newly added header into the tarball (issue addressed after the release). (From OE-Core rev: eeb686876dc560b5f0fab6f37a2def3d78bb55db) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2026-05-31 00:39:46 +00:00 · 2023-09-06 18:56:19 +02:00
parent 84ba56a144
commit dee8fc6a97
7 changed files with 4 additions and 553 deletions
@@ -1,63 +0,0 @@
 From 99e2c16ea1cced34a5dc450d76287a1c3e762138 Mon Sep 17 00:00:00 2001
 From: Daniel Wagner <wagi@monom.org>
 Date: Tue, 11 Apr 2023 08:12:56 +0200
 Subject: [PATCH] gdhcp: Verify and sanitize packet length first
 Avoid overwriting the read packet length after the initial test. Thus
 move all the length checks which depends on the total length first
 and do not use the total lenght from the IP packet afterwards.
 Fixes CVE-2023-28488
 Reported by Polina Smirnova <moe.hwr@gmail.com>
 CVE: CVE-2023-28488
 Upstream-Status: Backport
 Signed-off-by: Ross Burton <ross.burton@arm.com>
 ---
 gdhcp/client.c | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)
 diff --git a/gdhcp/client.c b/gdhcp/client.c
 index 7efa7e45..82017692 100644
 --- a/gdhcp/client.c
 +++ b/gdhcp/client.c
@@ -1319,9 +1319,9 @@ static bool sanity_check(struct ip_udp_dhcp_packet *packet, int bytes)
 static int dhcp_recv_l2_packet(struct dhcp_packet *dhcp_pkt, int fd,
 				struct sockaddr_in *dst_addr)
 {
 -	int bytes;
 	struct ip_udp_dhcp_packet packet;
 	uint16_t check;
 +	int bytes, tot_len;
 	memset(&packet, 0, sizeof(packet));
@@ -1329,15 +1329,17 @@ static int dhcp_recv_l2_packet(struct dhcp_packet *dhcp_pkt, int fd,
 	if (bytes < 0)
 		return -1;
 -	if (bytes < (int) (sizeof(packet.ip) + sizeof(packet.udp)))
 -		return -1;
 -
 -	if (bytes < ntohs(packet.ip.tot_len))
 +	tot_len = ntohs(packet.ip.tot_len);
 +	if (bytes > tot_len) {
 +		/* ignore any extra garbage bytes */
 +		bytes = tot_len;
 +	} else if (bytes < tot_len) {
 		/* packet is bigger than sizeof(packet), we did partial read */
 		return -1;
 +	}
 -	/* ignore any extra garbage bytes */
 -	bytes = ntohs(packet.ip.tot_len);
 +	if (bytes < (int) (sizeof(packet.ip) + sizeof(packet.udp)))
 +		return -1;
 	if (!sanity_check(&packet, bytes))
 		return -1;
 -- 
 2.34.1
@@ -1,4 +1,4 @@
-From 5f373f373f5baccc282dce257b7b16c8bb4a82c4 Mon Sep 17 00:00:00 2001
+From af55a6a414d32c12f9ef3cab778385a361e1ad6d Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Eivind=20N=C3=A6ss?= <eivnaes@yahoo.com>
 Date: Sat, 25 Mar 2023 20:51:52 +0000
 Subject: [PATCH] vpn: Adding support for latest pppd 2.5.0 release
@@ -11,82 +11,12 @@ Adding a libppp-compat.h file to mask for any differences in the version.
 Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=a48864a2e5d2a725dfc6eef567108bc13b43857f]
 Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
 ---
 configure.ac            |  42 ++++++++-----
 scripts/libppp-compat.h | 127 ++++++++++++++++++++++++++++++++++++++++
- scripts/libppp-plugin.c |  15 +++--
+ 1 file changed, 127 insertions(+)
 3 files changed, 161 insertions(+), 23 deletions(-)
 create mode 100644 scripts/libppp-compat.h
 diff --git a/configure.ac b/configure.ac
 index a573cef..f34bb38 100644
 --- a/configure.ac
 +++ b/configure.ac
@@ -135,14 +135,6 @@ AC_ARG_ENABLE(l2tp,
 	AC_HELP_STRING([--enable-l2tp], [enable l2tp support]),
 			[enable_l2tp=${enableval}], [enable_l2tp="no"])
 if (test "${enable_l2tp}" != "no"); then
 -	if (test -z "${path_pppd}"); then
 -		AC_PATH_PROG(PPPD, [pppd], [/usr/sbin/pppd], $PATH:/sbin:/usr/sbin)
 -	else
 -		PPPD="${path_pppd}"
 -		AC_SUBST(PPPD)
 -	fi
 -	AC_CHECK_HEADERS(pppd/pppd.h, dummy=yes,
 -			AC_MSG_ERROR(ppp header files are required))
 	if (test -z "${path_l2tp}"); then
 		AC_PATH_PROG(L2TP, [xl2tpd], [/usr/sbin/xl2tpd], $PATH:/sbin:/usr/sbin)
 	else
@@ -160,6 +152,18 @@ AC_ARG_ENABLE(pptp,
 	AC_HELP_STRING([--enable-pptp], [enable pptp support]),
 			[enable_pptp=${enableval}], [enable_pptp="no"])
 if (test "${enable_pptp}" != "no"); then
 +	if (test -z "${path_pptp}"); then
 +		AC_PATH_PROG(PPTP, [pptp], [/usr/sbin/pptp], $PATH:/sbin:/usr/sbin)
 +	else
 +		PPTP="${path_pptp}"
 +		AC_SUBST(PPTP)
 +	fi
 +fi
 +AM_CONDITIONAL(PPTP, test "${enable_pptp}" != "no")
 +AM_CONDITIONAL(PPTP_BUILTIN, test "${enable_pptp}" = "builtin")
 +
 +if (test "${enable_pptp}" != "no" || test "${enable_l2tp}" != "no"); then
 +
 	if (test -z "${path_pppd}"); then
 		AC_PATH_PROG(PPPD, [pppd], [/usr/sbin/pppd], $PATH:/sbin:/usr/sbin)
 	else
@@ -168,15 +172,23 @@ if (test "${enable_pptp}" != "no"); then
 	fi
 	AC_CHECK_HEADERS(pppd/pppd.h, dummy=yes,
 			AC_MSG_ERROR(ppp header files are required))
 -	if (test -z "${path_pptp}"); then
 -		AC_PATH_PROG(PPTP, [pptp], [/usr/sbin/pptp], $PATH:/sbin:/usr/sbin)
 -	else
 -		PPTP="${path_pptp}"
 -		AC_SUBST(PPTP)
 +	AC_CHECK_HEADERS([pppd/chap.h pppd/chap-new.h pppd/chap_ms.h])
 +
 +	PKG_CHECK_EXISTS([pppd],
 +	    [AS_VAR_SET([pppd_pkgconfig_support],[yes])])
 +
 +	PPPD_VERSION=2.4.9
 +	if test x"$pppd_pkgconfig_support" = xyes; then
 +	    PPPD_VERSION=`$PKG_CONFIG --modversion pppd`
 	fi
 +
 +	AC_DEFINE_UNQUOTED([PPP_VERSION(x,y,z)],
 +	    [((x & 0xFF) << 16 | (y & 0xFF) << 8 | (z & 0xFF) << 0)],
 +	    [Macro to help determine the particular version of pppd])
 +	PPP_VERSION=$(echo $PPPD_VERSION | sed -e "s/\./\,/g")
 +	AC_DEFINE_UNQUOTED(WITH_PPP_VERSION, PPP_VERSION($PPP_VERSION),
 +	    [The real version of pppd represented as an int])
 fi
 -AM_CONDITIONAL(PPTP, test "${enable_pptp}" != "no")
 -AM_CONDITIONAL(PPTP_BUILTIN, test "${enable_pptp}" = "builtin")
 AC_CHECK_HEADERS(resolv.h, dummy=yes,
 	AC_MSG_ERROR(resolver header files are required))
 diff --git a/scripts/libppp-compat.h b/scripts/libppp-compat.h
 new file mode 100644
 index 0000000..eee1d09
@@ -220,55 +150,3 @@ index 0000000..eee1d09
 +
 +#endif /* #if WITH_PPP_VERSION < PPP_VERSION(2,5,0) */
 +#endif /* #if__LIBPPP_COMPAT_H__ */
 diff --git a/scripts/libppp-plugin.c b/scripts/libppp-plugin.c
 index 0dd8b47..61641b5 100644
 --- a/scripts/libppp-plugin.c
 +++ b/scripts/libppp-plugin.c
@@ -29,14 +29,13 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <fcntl.h>
 -#include <pppd/pppd.h>
 -#include <pppd/fsm.h>
 -#include <pppd/ipcp.h>
 #include <netinet/in.h>
 #include <arpa/inet.h>
 #include <dbus/dbus.h>
 +#include "libppp-compat.h"
 +
 #define INET_ADDRES_LEN (INET_ADDRSTRLEN + 5)
 #define INET_DNS_LEN	(2*INET_ADDRSTRLEN + 9)
@@ -47,7 +46,7 @@ static char *path;
 static DBusConnection *connection;
 static int prev_phase;
 -char pppd_version[] = VERSION;
 +char pppd_version[] = PPPD_VERSION;
 int plugin_init(void);
@@ -170,7 +169,7 @@ static void ppp_up(void *data, int arg)
 			DBUS_TYPE_STRING_AS_STRING DBUS_TYPE_STRING_AS_STRING
 			DBUS_DICT_ENTRY_END_CHAR_AS_STRING, &dict);
 -	append(&dict, "INTERNAL_IFNAME", ifname);
 +	append(&dict, "INTERNAL_IFNAME", ppp_ifname());
 	inet_ntop(AF_INET, &ipcp_gotoptions[0].ouraddr, buf, INET_ADDRSTRLEN);
 	append(&dict, "INTERNAL_IP4_ADDRESS", buf);
@@ -309,9 +308,9 @@ int plugin_init(void)
 	chap_check_hook = ppp_have_secret;
 	pap_check_hook = ppp_have_secret;
 -	add_notifier(&ip_up_notifier, ppp_up, NULL);
 -	add_notifier(&phasechange, ppp_phase_change, NULL);
 -	add_notifier(&exitnotify, ppp_exit, connection);
 +	ppp_add_notify(NF_IP_UP, ppp_up, NULL);
 +	ppp_add_notify(NF_PHASE_CHANGE, ppp_phase_change, NULL);
 +	ppp_add_notify(NF_EXIT, ppp_exit, connection);
 	return 0;
 }
@@ -18,14 +18,6 @@ diff --git a/gweb/gresolv.c b/gweb/gresolv.c
 index 954e7cf..2a9bc51 100644
 --- a/gweb/gresolv.c
 +++ b/gweb/gresolv.c
@@ -36,6 +36,7 @@
 #include <arpa/inet.h>
 #include <arpa/nameser.h>
 #include <net/if.h>
 +#include <ctype.h>
 #include "gresolv.h"
@@ -878,8 +879,6 @@ GResolv *g_resolv_new(int index)
 	resolv->index = index;
 	resolv->nameserver_list = NULL;
@@ -1,37 +0,0 @@
 From d1a5ede5d255bde8ef707f8441b997563b9312bd Mon Sep 17 00:00:00 2001
 From: Nathan Crandall <ncrandall@tesla.com>
 Date: Tue, 12 Jul 2022 08:56:34 +0200
 Subject: gweb: Fix OOB write in received_data()
 There is a mismatch of handling binary vs. C-string data with memchr
 and strlen, resulting in pos, count, and bytes_read to become out of
 sync and result in a heap overflow.  Instead, do not treat the buffer
 as an ASCII C-string. We calculate the count based on the return value
 of memchr, instead of strlen.
 Fixes: CVE-2022-32292
 CVE: CVE-2022-32292
 Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=d1a5ede5d255bde8ef707f8441b997563b9312bd]
 Signed-off-by: Khem Raj <raj.khem@gmail.com>
 ---
 gweb/gweb.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/gweb/gweb.c b/gweb/gweb.c
 index 12fcb1d8..13c6c5f2 100644
 --- a/gweb/gweb.c
 +++ b/gweb/gweb.c
@@ -918,7 +918,7 @@ static gboolean received_data(GIOChannel *channel, GIOCondition cond,
 		}
 		*pos = '\0';
 -		count = strlen((char *) ptr);
 +		count = pos - ptr;
 		if (count > 0 && ptr[count - 1] == '\r') {
 			ptr[--count] = '\0';
 			bytes_read--;
 -- 
 cgit 
@@ -1,141 +0,0 @@
 From 72343929836de80727a27d6744c869dff045757c Mon Sep 17 00:00:00 2001
 From: Daniel Wagner <wagi@monom.org>
 Date: Tue, 5 Jul 2022 08:32:12 +0200
 Subject: wispr: Add reference counter to portal context
 Track the connman_wispr_portal_context live time via a
 refcounter. This only adds the infrastructure to do proper reference
 counting.
 Fixes: CVE-2022-32293
 CVE: CVE-2022-32293
 Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=416bfaff988882c553c672e5bfc2d4f648d29e8a]
 Signed-off-by: Khem Raj <raj.khem@gmail.com>
 ---
 src/wispr.c | 52 ++++++++++++++++++++++++++++++++++++++++++----------
 1 file changed, 42 insertions(+), 10 deletions(-)
 diff --git a/src/wispr.c b/src/wispr.c
 index a07896ca..bde7e63b 100644
 --- a/src/wispr.c
 +++ b/src/wispr.c
@@ -56,6 +56,7 @@ struct wispr_route {
 };
 struct connman_wispr_portal_context {
 +	int refcount;
 	struct connman_service *service;
 	enum connman_ipconfig_type type;
 	struct connman_wispr_portal *wispr_portal;
@@ -97,6 +98,11 @@ static char *online_check_ipv4_url = NULL;
 static char *online_check_ipv6_url = NULL;
 static bool enable_online_to_ready_transition = false;
 +#define wispr_portal_context_ref(wp_context) \
 +	wispr_portal_context_ref_debug(wp_context, __FILE__, __LINE__, __func__)
 +#define wispr_portal_context_unref(wp_context) \
 +	wispr_portal_context_unref_debug(wp_context, __FILE__, __LINE__, __func__)
 +
 static void connman_wispr_message_init(struct connman_wispr_message *msg)
 {
 	DBG("");
@@ -162,9 +168,6 @@ static void free_connman_wispr_portal_context(
 {
 	DBG("context %p", wp_context);
 -	if (!wp_context)
 -		return;
 -
 	if (wp_context->wispr_portal) {
 		if (wp_context->wispr_portal->ipv4_context == wp_context)
 			wp_context->wispr_portal->ipv4_context = NULL;
@@ -201,9 +204,38 @@ static void free_connman_wispr_portal_context(
 	g_free(wp_context);
 }
 +static struct connman_wispr_portal_context *
 +wispr_portal_context_ref_debug(struct connman_wispr_portal_context *wp_context,
 +			const char *file, int line, const char *caller)
 +{
 +	DBG("%p ref %d by %s:%d:%s()", wp_context,
 +		wp_context->refcount + 1, file, line, caller);
 +
 +	__sync_fetch_and_add(&wp_context->refcount, 1);
 +
 +	return wp_context;
 +}
 +
 +static void wispr_portal_context_unref_debug(
 +		struct connman_wispr_portal_context *wp_context,
 +		const char *file, int line, const char *caller)
 +{
 +	if (!wp_context)
 +		return;
 +
 +	DBG("%p ref %d by %s:%d:%s()", wp_context,
 +		wp_context->refcount - 1, file, line, caller);
 +
 +	if (__sync_fetch_and_sub(&wp_context->refcount, 1) != 1)
 +		return;
 +
 +	free_connman_wispr_portal_context(wp_context);
 +}
 +
 static struct connman_wispr_portal_context *create_wispr_portal_context(void)
 {
 -	return g_try_new0(struct connman_wispr_portal_context, 1);
 +	return wispr_portal_context_ref(
 +		g_new0(struct connman_wispr_portal_context, 1));
 }
 static void free_connman_wispr_portal(gpointer data)
@@ -215,8 +247,8 @@ static void free_connman_wispr_portal(gpointer data)
 	if (!wispr_portal)
 		return;
 -	free_connman_wispr_portal_context(wispr_portal->ipv4_context);
 -	free_connman_wispr_portal_context(wispr_portal->ipv6_context);
 +	wispr_portal_context_unref(wispr_portal->ipv4_context);
 +	wispr_portal_context_unref(wispr_portal->ipv6_context);
 	g_free(wispr_portal);
 }
@@ -452,7 +484,7 @@ static void portal_manage_status(GWebResult *result,
 		connman_info("Client-Timezone: %s", str);
 	if (!enable_online_to_ready_transition)
 -		free_connman_wispr_portal_context(wp_context);
 +		wispr_portal_context_unref(wp_context);
 	__connman_service_ipconfig_indicate_state(service,
 					CONNMAN_SERVICE_STATE_ONLINE, type);
@@ -616,7 +648,7 @@ static void wispr_portal_request_wispr_login(struct connman_service *service,
 				return;
 		}
 -		free_connman_wispr_portal_context(wp_context);
 +		wispr_portal_context_unref(wp_context);
 		return;
 	}
@@ -952,7 +984,7 @@ static int wispr_portal_detect(struct connman_wispr_portal_context *wp_context)
 		if (wp_context->token == 0) {
 			err = -EINVAL;
 -			free_connman_wispr_portal_context(wp_context);
 +			wispr_portal_context_unref(wp_context);
 		}
 	} else if (wp_context->timeout == 0) {
 		wp_context->timeout = g_idle_add(no_proxy_callback, wp_context);
@@ -1001,7 +1033,7 @@ int __connman_wispr_start(struct connman_service *service,
 	/* If there is already an existing context, we wipe it */
 	if (wp_context)
 -		free_connman_wispr_portal_context(wp_context);
 +		wispr_portal_context_unref(wp_context);
 	wp_context = create_wispr_portal_context();
 	if (!wp_context)
 -- 
 cgit 
@@ -1,174 +0,0 @@
 From 416bfaff988882c553c672e5bfc2d4f648d29e8a Mon Sep 17 00:00:00 2001
 From: Daniel Wagner <wagi@monom.org>
 Date: Tue, 5 Jul 2022 09:11:09 +0200
 Subject: wispr: Update portal context references
 Maintain proper portal context references to avoid UAF.
 Fixes: CVE-2022-32293
 CVE: CVE-2022-32293
 Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=72343929836de80727a27d6744c869dff045757c]
 Signed-off-by: Khem Raj <raj.khem@gmail.com>
 ---
 src/wispr.c | 34 ++++++++++++++++++++++------------
 1 file changed, 22 insertions(+), 12 deletions(-)
 diff --git a/src/wispr.c b/src/wispr.c
 index bde7e63b..84bed33f 100644
 --- a/src/wispr.c
 +++ b/src/wispr.c
@@ -105,8 +105,6 @@ static bool enable_online_to_ready_transition = false;
 static void connman_wispr_message_init(struct connman_wispr_message *msg)
 {
 -	DBG("");
 -
 	msg->has_error = false;
 	msg->current_element = NULL;
@@ -166,8 +164,6 @@ static void free_wispr_routes(struct connman_wispr_portal_context *wp_context)
 static void free_connman_wispr_portal_context(
 		struct connman_wispr_portal_context *wp_context)
 {
 -	DBG("context %p", wp_context);
 -
 	if (wp_context->wispr_portal) {
 		if (wp_context->wispr_portal->ipv4_context == wp_context)
 			wp_context->wispr_portal->ipv4_context = NULL;
@@ -483,9 +479,6 @@ static void portal_manage_status(GWebResult *result,
 				&str))
 		connman_info("Client-Timezone: %s", str);
 -	if (!enable_online_to_ready_transition)
 -		wispr_portal_context_unref(wp_context);
 -
 	__connman_service_ipconfig_indicate_state(service,
 					CONNMAN_SERVICE_STATE_ONLINE, type);
@@ -546,14 +539,17 @@ static void wispr_portal_request_portal(
 {
 	DBG("");
 +	wispr_portal_context_ref(wp_context);
 	wp_context->request_id = g_web_request_get(wp_context->web,
 					wp_context->status_url,
 					wispr_portal_web_result,
 					wispr_route_request,
 					wp_context);
 -	if (wp_context->request_id == 0)
 +	if (wp_context->request_id == 0) {
 		wispr_portal_error(wp_context);
 +		wispr_portal_context_unref(wp_context);
 +	}
 }
 static bool wispr_input(const guint8 **data, gsize *length,
@@ -618,13 +614,15 @@ static void wispr_portal_browser_reply_cb(struct connman_service *service,
 		return;
 	if (!authentication_done) {
 -		wispr_portal_error(wp_context);
 		free_wispr_routes(wp_context);
 +		wispr_portal_error(wp_context);
 +		wispr_portal_context_unref(wp_context);
 		return;
 	}
 	/* Restarting the test */
 	__connman_service_wispr_start(service, wp_context->type);
 +	wispr_portal_context_unref(wp_context);
 }
 static void wispr_portal_request_wispr_login(struct connman_service *service,
@@ -700,11 +698,13 @@ static bool wispr_manage_message(GWebResult *result,
 		wp_context->wispr_result = CONNMAN_WISPR_RESULT_LOGIN;
 +		wispr_portal_context_ref(wp_context);
 		if (__connman_agent_request_login_input(wp_context->service,
 					wispr_portal_request_wispr_login,
 -					wp_context) != -EINPROGRESS)
 +					wp_context) != -EINPROGRESS) {
 			wispr_portal_error(wp_context);
 -		else
 +			wispr_portal_context_unref(wp_context);
 +		} else
 			return true;
 		break;
@@ -753,6 +753,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data)
 		if (length > 0) {
 			g_web_parser_feed_data(wp_context->wispr_parser,
 								chunk, length);
 +			wispr_portal_context_unref(wp_context);
 			return true;
 		}
@@ -770,6 +771,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data)
 	switch (status) {
 	case 000:
 +		wispr_portal_context_ref(wp_context);
 		__connman_agent_request_browser(wp_context->service,
 				wispr_portal_browser_reply_cb,
 				wp_context->status_url, wp_context);
@@ -781,11 +783,14 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data)
 		if (g_web_result_get_header(result, "X-ConnMan-Status",
 						&str)) {
 			portal_manage_status(result, wp_context);
 +			wispr_portal_context_unref(wp_context);
 			return false;
 -		} else
 +		} else {
 +			wispr_portal_context_ref(wp_context);
 			__connman_agent_request_browser(wp_context->service,
 					wispr_portal_browser_reply_cb,
 					wp_context->redirect_url, wp_context);
 +		}
 		break;
 	case 300:
@@ -798,6 +803,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data)
 			!g_web_result_get_header(result, "Location",
 							&redirect)) {
 +			wispr_portal_context_ref(wp_context);
 			__connman_agent_request_browser(wp_context->service,
 					wispr_portal_browser_reply_cb,
 					wp_context->status_url, wp_context);
@@ -808,6 +814,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data)
 		wp_context->redirect_url = g_strdup(redirect);
 +		wispr_portal_context_ref(wp_context);
 		wp_context->request_id = g_web_request_get(wp_context->web,
 				redirect, wispr_portal_web_result,
 				wispr_route_request, wp_context);
@@ -820,6 +827,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data)
 		break;
 	case 505:
 +		wispr_portal_context_ref(wp_context);
 		__connman_agent_request_browser(wp_context->service,
 				wispr_portal_browser_reply_cb,
 				wp_context->status_url, wp_context);
@@ -832,6 +840,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data)
 	wp_context->request_id = 0;
 done:
 	wp_context->wispr_msg.message_type = -1;
 +	wispr_portal_context_unref(wp_context);
 	return false;
 }
@@ -890,6 +899,7 @@ static void proxy_callback(const char *proxy, void *user_data)
 					xml_wispr_parser_callback, wp_context);
 	wispr_portal_request_portal(wp_context);
 +	wispr_portal_context_unref(wp_context);
 }
 static gboolean no_proxy_callback(gpointer user_data)
 -- 
 cgit 
@@ -5,16 +5,12 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
           file://0001-connman.service-stop-systemd-resolved-when-we-use-co.patch \
           file://connman \
           file://no-version-scripts.patch \
           file://CVE-2022-32293_p1.patch \
           file://CVE-2022-32293_p2.patch \
           file://CVE-2022-32292.patch \
           file://0001-gdhcp-Verify-and-sanitize-packet-length-first.patch \
           file://0001-vpn-Adding-support-for-latest-pppd-2.5.0-release.patch \
           "
 SRC_URI:append:libc-musl = " file://0002-resolve-musl-does-not-implement-res_ninit.patch"
-SRC_URI[sha256sum] = "79fb40f4fdd5530c45aa8e592fb16ba23d3674f3a98cf10b89a6576f198de589"
+SRC_URI[sha256sum] = "a3e6bae46fc081ef2e9dae3caa4f7649de892c3de622c20283ac0ca81423c2aa"
 RRECOMMENDS:${PN} = "connman-conf"
 RCONFLICTS:${PN} = "networkmanager"