Sync from SUSE:SLFO:Main wpa_supplicant revision 8980e3808541423773365aaf60ac7517

dbus-Fix-property-DebugShowKeys-and-DebugTimestamp.patch

@@ -1,46 +0,0 @@
-From 903f0848ce7d67c99eb5a2569aa5c31bcd7adbc1 Mon Sep 17 00:00:00 2001
-From: Clemens Famulla-Conrad <cfamullaconrad@suse.de>
-Date: Tue, 5 Jul 2022 13:04:52 +0200
-Subject: [PATCH] dbus: Fix property DebugShowKeys and DebugTimestamp
-
-It is possible to specify -t or -K multiple times. With this the
-value isn't boolean anymore and we hit a assert in libdbus
-function `dbus_message_iter_append_basic()`, which expect 0 or 1
-for DBUS_TYPE_BOOLEAN.
-
-Signed-off-by: Clemens Famulla-Conrad <cfamullaconrad@suse.de>
----
- wpa_supplicant/dbus/dbus_new_handlers.c | 8 ++++++--
- 1 file changed, 6 insertions(+), 2 deletions(-)
-
-diff --git a/wpa_supplicant/dbus/dbus_new_handlers.c b/wpa_supplicant/dbus/dbus_new_handlers.c
-index 0b1002bf1..de82930e8 100644
---- a/wpa_supplicant/dbus/dbus_new_handlers.c
-+++ b/wpa_supplicant/dbus/dbus_new_handlers.c
-@@ -908,8 +908,10 @@ dbus_bool_t wpas_dbus_getter_debug_timestamp(
- 	const struct wpa_dbus_property_desc *property_desc,
- 	DBusMessageIter *iter, DBusError *error, void *user_data)
- {
-+	dbus_bool_t b = wpa_debug_timestamp ? TRUE : FALSE;
-+
- 	return wpas_dbus_simple_property_getter(iter, DBUS_TYPE_BOOLEAN,
--						&wpa_debug_timestamp, error);
-+						&b, error);
- 
- }
- 
-@@ -927,8 +929,10 @@ dbus_bool_t wpas_dbus_getter_debug_show_keys(
- 	const struct wpa_dbus_property_desc *property_desc,
- 	DBusMessageIter *iter, DBusError *error, void *user_data)
- {
-+	dbus_bool_t b = wpa_debug_timestamp ? TRUE : FALSE;
-+
- 	return wpas_dbus_simple_property_getter(iter, DBUS_TYPE_BOOLEAN,
--						&wpa_debug_show_keys, error);
-+						&b, error);
- 
- }
- 
--- 
-2.35.3
-

wpa_supplicant-dump-certificate-as-PEM-in-debug-mode.diff

@@ -4,16 +4,14 @@ Date: Fri, 16 Sep 2011 11:41:16 +0200
 Subject: [PATCH] dump certificate as PEM in debug mode
 
 ---
- src/crypto/tls_openssl.c | 13 +++++++++++++
- src/utils/wpa_debug.c    |  5 +++++
- src/utils/wpa_debug.h    |  8 ++++++++
+ src/crypto/tls_openssl.c |   13 +++++++++++++
+ src/utils/wpa_debug.c    |    5 +++++
+ src/utils/wpa_debug.h    |    8 ++++++++
  3 files changed, 26 insertions(+)
 
-Index: wpa_supplicant-2.10/src/crypto/tls_openssl.c
-===================================================================
---- wpa_supplicant-2.10.orig/src/crypto/tls_openssl.c
-+++ wpa_supplicant-2.10/src/crypto/tls_openssl.c
-@@ -2361,6 +2361,19 @@ static int tls_verify_cb(int preverify_o
+--- a/src/crypto/tls_openssl.c
++++ b/src/crypto/tls_openssl.c
+@@ -2515,6 +2515,19 @@
  	debug_print_cert(err_cert, buf);
  	X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof(buf));
  
@@ -33,11 +31,9 @@ Index: wpa_supplicant-2.10/src/crypto/tls_openssl.c
  	conn = SSL_get_app_data(ssl);
  	if (conn == NULL)
  		return 0;
-Index: wpa_supplicant-2.10/src/utils/wpa_debug.c
-===================================================================
---- wpa_supplicant-2.10.orig/src/utils/wpa_debug.c
-+++ wpa_supplicant-2.10/src/utils/wpa_debug.c
-@@ -66,6 +66,11 @@ static int wpa_to_android_level(int leve
+--- a/src/utils/wpa_debug.c
++++ b/src/utils/wpa_debug.c
+@@ -66,6 +66,11 @@
  #endif /* CONFIG_DEBUG_FILE */
  
  
@@ -49,11 +45,9 @@ Index: wpa_supplicant-2.10/src/utils/wpa_debug.c
  void wpa_debug_print_timestamp(void)
  {
  #ifndef CONFIG_ANDROID_LOG
-Index: wpa_supplicant-2.10/src/utils/wpa_debug.h
-===================================================================
---- wpa_supplicant-2.10.orig/src/utils/wpa_debug.h
-+++ wpa_supplicant-2.10/src/utils/wpa_debug.h
-@@ -25,6 +25,7 @@ enum {
+--- a/src/utils/wpa_debug.h
++++ b/src/utils/wpa_debug.h
+@@ -25,6 +25,7 @@
  
  #ifdef CONFIG_NO_STDOUT_DEBUG
  
@@ -61,8 +55,8 @@ Index: wpa_supplicant-2.10/src/utils/wpa_debug.h
  #define wpa_debug_print_timestamp() do { } while (0)
  #define wpa_printf(args...) do { } while (0)
  #define wpa_hexdump(l,t,b,le) do { } while (0)
-@@ -51,6 +52,13 @@ void wpa_debug_close_file(void);
- void wpa_debug_setup_stdout(void);
+@@ -52,6 +53,13 @@
+ void wpa_debug_stop_log(void);
  
  /**
 + * wpa_debug_enabled: check whether given debug level is enabled

wpa_supplicant-sigusr1-changes-debuglevel.patch

@@ -2,11 +2,9 @@
  wpa_supplicant/wpa_supplicant.c |   18 ++++++++++++++++++
  1 file changed, 18 insertions(+)
 
-Index: wpa_supplicant-2.10/wpa_supplicant/wpa_supplicant.c
-===================================================================
---- wpa_supplicant-2.10.orig/wpa_supplicant/wpa_supplicant.c
-+++ wpa_supplicant-2.10/wpa_supplicant/wpa_supplicant.c
-@@ -121,6 +121,22 @@ const char *const wpa_supplicant_full_li
+--- a/wpa_supplicant/wpa_supplicant.c
++++ b/wpa_supplicant/wpa_supplicant.c
+@@ -123,6 +123,22 @@
  "\n";
  #endif /* CONFIG_NO_STDOUT_DEBUG */
  
@@ -28,8 +26,8 @@ Index: wpa_supplicant-2.10/wpa_supplicant/wpa_supplicant.c
 +}
  
  static void wpa_bss_tmp_disallow_timeout(void *eloop_ctx, void *timeout_ctx);
- #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
-@@ -7474,6 +7490,8 @@ int wpa_supplicant_run(struct wpa_global
+ static void wpas_verify_ssid_beacon(void *eloop_ctx, void *timeout_ctx);
+@@ -8189,6 +8205,8 @@
  	eloop_register_signal_terminate(wpa_supplicant_terminate, global);
  	eloop_register_signal_reconfig(wpa_supplicant_reconfig, global);
  

wpa_supplicant.changes

@@ -1,3 +1,59 @@
+-------------------------------------------------------------------
+Wed Sep 11 14:44:58 UTC 2024 - Clemens Famulla-Conrad <cfamullaconrad@suse.com>
+
+- update to v2.11:
+  * Wi-Fi Easy Connect
+    - add support for DPP release 3
+    - allow Configurator parameters to be provided during config exchange
+  * HE/IEEE 802.11ax/Wi-Fi 6
+    - various fixes
+  * EHT/IEEE 802.11be/Wi-Fi 7
+    - add preliminary support
+  * SAE: add support for fetching the password from a RADIUS server
+  * support OpenSSL 3.0 API changes
+  * support background radar detection and CAC with some additional
+    drivers
+  * support RADIUS ACL/PSK check during 4-way handshake (wpa_psk_radius=3)
+  * EAP-SIM/AKA: support IMSI privacy
+  * improve 4-way handshake operations
+    - use Secure=1 in message 3 during PTK rekeying
+  * OCV: do not check Frequency Segment 1 Channel Number for 160 MHz cases
+    to avoid interoperability issues
+  * support new SAE AKM suites with variable length keys
+  * support new AKM for 802.1X/EAP with SHA384
+  * extend PASN support for secure ranging
+  * FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP)
+    - this is based on additional details being added in the IEEE 802.11
+      standard
+    - the new implementation is not backwards compatible
+  * improved ACS to cover additional channel types/bandwidths
+  * extended Multiple BSSID support
+  * fix beacon protection with FT protocol (incorrect BIGTK was provided)
+  * support unsynchronized service discovery (USD)
+  * add preliminary support for RADIUS/TLS
+  * add support for explicit SSID protection in 4-way handshake
+    (a mitigation for CVE-2023-52424; disabled by default for now, can be
+    enabled with ssid_protection=1)
+  * fix SAE H2E rejected groups validation to avoid downgrade attacks
+  * use stricter validation for some RADIUS messages
+  * a large number of other fixes, cleanup, and extensions
+- refresh patches:
+    wpa_supplicant-dump-certificate-as-PEM-in-debug-mode.diff
+    wpa_supplicant-sigusr1-changes-debuglevel.patch
+- drop patches:
+    CVE-2023-52160.patch 
+    dbus-Fix-property-DebugShowKeys-and-DebugTimestamp.patch
+
+-------------------------------------------------------------------
+Thu Feb 15 15:48:52 UTC 2024 - Clemens Famulla-Conrad <cfamullaconrad@suse.com>
+
+- Add CVE-2023-52160.patch - Bypassing WiFi Authentication (bsc#1219975)
+
+-------------------------------------------------------------------
+Tue May 16 20:19:37 UTC 2023 - Callum Farmer <gmbr3@opensuse.org>
+
+- Change ctrl_interface from /var/run to %_rundir (/run)
+
 -------------------------------------------------------------------
 Thu Sep  1 13:52:19 UTC 2022 - Stefan Schubert <schubi@suse.com>
 

wpa_supplicant.conf

@@ -1,3 +1,3 @@
-ctrl_interface=/var/run/wpa_supplicant
+ctrl_interface=@RUNSTATEDIR@/wpa_supplicant
 ctrl_interface_group=wheel
 

wpa_supplicant.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package wpa_supplicant
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
 
 
 Name:           wpa_supplicant
-Version:        2.10
+Version:        2.11
 Release:        0
 Summary:        WPA supplicant implementation
 License:        BSD-3-Clause AND GPL-2.0-or-later
@@ -38,7 +38,6 @@ Patch1:         wpa_supplicant-flush-debug-output.patch
 Patch2:         wpa_supplicant-sigusr1-changes-debuglevel.patch
 Patch3:         wpa_supplicant-alloc_size.patch
 Patch5:         wpa_supplicant-dump-certificate-as-PEM-in-debug-mode.diff
-Patch6:         dbus-Fix-property-DebugShowKeys-and-DebugTimestamp.patch
 BuildRequires:  pkgconfig
 BuildRequires:  readline-devel
 BuildRequires:  systemd-rpm-macros
@@ -87,6 +86,7 @@ install -d %{buildroot}%{_datadir}/dbus-1/system.d
 install -m 0644 wpa_supplicant/dbus/dbus-wpa_supplicant.conf %{buildroot}%{_datadir}/dbus-1/system.d/wpa_supplicant.conf
 install -d %{buildroot}/%{_sysconfdir}/%{name}
 install -m 0600 %{SOURCE2} %{buildroot}/%{_sysconfdir}/%{name}
+sed 's-@RUNSTATEDIR@-%{_rundir}-g' -i %{buildroot}/%{_sysconfdir}/%{name}/%{name}.conf
 install -d %{buildroot}/%{_datadir}/dbus-1/system-services
 install -m 0644 %{SOURCE3} %{buildroot}/%{_datadir}/dbus-1/system-services
 install -m 0644 %{SOURCE5} %{buildroot}/%{_datadir}/dbus-1/system-services