From e3e79a6f88c0e491dd932972b32134efa16b55b2b27a0115a79c05dd7cb30d3d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Mon, 30 Sep 2024 10:47:56 +0200 Subject: [PATCH] Sync from SUSE:SLFO:Main wpa_supplicant revision 8980e3808541423773365aaf60ac7517 --- ...rty-DebugShowKeys-and-DebugTimestamp.patch | 46 --------------- wpa_supplicant-2.10.tar.gz | 3 - wpa_supplicant-2.11.tar.gz | 3 + ...dump-certificate-as-PEM-in-debug-mode.diff | 34 +++++------ ...upplicant-sigusr1-changes-debuglevel.patch | 12 ++-- wpa_supplicant.changes | 56 +++++++++++++++++++ wpa_supplicant.conf | 2 +- wpa_supplicant.spec | 6 +- 8 files changed, 82 insertions(+), 80 deletions(-) delete mode 100644 dbus-Fix-property-DebugShowKeys-and-DebugTimestamp.patch delete mode 100644 wpa_supplicant-2.10.tar.gz create mode 100644 wpa_supplicant-2.11.tar.gz diff --git a/dbus-Fix-property-DebugShowKeys-and-DebugTimestamp.patch b/dbus-Fix-property-DebugShowKeys-and-DebugTimestamp.patch deleted file mode 100644 index 4c47707..0000000 --- a/dbus-Fix-property-DebugShowKeys-and-DebugTimestamp.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 903f0848ce7d67c99eb5a2569aa5c31bcd7adbc1 Mon Sep 17 00:00:00 2001 -From: Clemens Famulla-Conrad -Date: Tue, 5 Jul 2022 13:04:52 +0200 -Subject: [PATCH] dbus: Fix property DebugShowKeys and DebugTimestamp - -It is possible to specify -t or -K multiple times. With this the -value isn't boolean anymore and we hit a assert in libdbus -function `dbus_message_iter_append_basic()`, which expect 0 or 1 -for DBUS_TYPE_BOOLEAN. - -Signed-off-by: Clemens Famulla-Conrad ---- - wpa_supplicant/dbus/dbus_new_handlers.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/wpa_supplicant/dbus/dbus_new_handlers.c b/wpa_supplicant/dbus/dbus_new_handlers.c -index 0b1002bf1..de82930e8 100644 ---- a/wpa_supplicant/dbus/dbus_new_handlers.c -+++ b/wpa_supplicant/dbus/dbus_new_handlers.c -@@ -908,8 +908,10 @@ dbus_bool_t wpas_dbus_getter_debug_timestamp( - const struct wpa_dbus_property_desc *property_desc, - DBusMessageIter *iter, DBusError *error, void *user_data) - { -+ dbus_bool_t b = wpa_debug_timestamp ? TRUE : FALSE; -+ - return wpas_dbus_simple_property_getter(iter, DBUS_TYPE_BOOLEAN, -- &wpa_debug_timestamp, error); -+ &b, error); - - } - -@@ -927,8 +929,10 @@ dbus_bool_t wpas_dbus_getter_debug_show_keys( - const struct wpa_dbus_property_desc *property_desc, - DBusMessageIter *iter, DBusError *error, void *user_data) - { -+ dbus_bool_t b = wpa_debug_timestamp ? TRUE : FALSE; -+ - return wpas_dbus_simple_property_getter(iter, DBUS_TYPE_BOOLEAN, -- &wpa_debug_show_keys, error); -+ &b, error); - - } - --- -2.35.3 - diff --git a/wpa_supplicant-2.10.tar.gz b/wpa_supplicant-2.10.tar.gz deleted file mode 100644 index 1c2bd58..0000000 --- a/wpa_supplicant-2.10.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:20df7ae5154b3830355f8ab4269123a87affdea59fe74fe9292a91d0d7e17b2f -size 3511622 diff --git a/wpa_supplicant-2.11.tar.gz b/wpa_supplicant-2.11.tar.gz new file mode 100644 index 0000000..032ca92 --- /dev/null +++ b/wpa_supplicant-2.11.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:912ea06f74e30a8e36fbb68064d6cdff218d8d591db0fc5d75dee6c81ac7fc0a +size 3841433 diff --git a/wpa_supplicant-dump-certificate-as-PEM-in-debug-mode.diff b/wpa_supplicant-dump-certificate-as-PEM-in-debug-mode.diff index 74fb70d..503f53c 100644 --- a/wpa_supplicant-dump-certificate-as-PEM-in-debug-mode.diff +++ b/wpa_supplicant-dump-certificate-as-PEM-in-debug-mode.diff @@ -4,16 +4,14 @@ Date: Fri, 16 Sep 2011 11:41:16 +0200 Subject: [PATCH] dump certificate as PEM in debug mode --- - src/crypto/tls_openssl.c | 13 +++++++++++++ - src/utils/wpa_debug.c | 5 +++++ - src/utils/wpa_debug.h | 8 ++++++++ + src/crypto/tls_openssl.c | 13 +++++++++++++ + src/utils/wpa_debug.c | 5 +++++ + src/utils/wpa_debug.h | 8 ++++++++ 3 files changed, 26 insertions(+) -Index: wpa_supplicant-2.10/src/crypto/tls_openssl.c -=================================================================== ---- wpa_supplicant-2.10.orig/src/crypto/tls_openssl.c -+++ wpa_supplicant-2.10/src/crypto/tls_openssl.c -@@ -2361,6 +2361,19 @@ static int tls_verify_cb(int preverify_o +--- a/src/crypto/tls_openssl.c ++++ b/src/crypto/tls_openssl.c +@@ -2515,6 +2515,19 @@ debug_print_cert(err_cert, buf); X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof(buf)); @@ -33,11 +31,9 @@ Index: wpa_supplicant-2.10/src/crypto/tls_openssl.c conn = SSL_get_app_data(ssl); if (conn == NULL) return 0; -Index: wpa_supplicant-2.10/src/utils/wpa_debug.c -=================================================================== ---- wpa_supplicant-2.10.orig/src/utils/wpa_debug.c -+++ wpa_supplicant-2.10/src/utils/wpa_debug.c -@@ -66,6 +66,11 @@ static int wpa_to_android_level(int leve +--- a/src/utils/wpa_debug.c ++++ b/src/utils/wpa_debug.c +@@ -66,6 +66,11 @@ #endif /* CONFIG_DEBUG_FILE */ @@ -49,11 +45,9 @@ Index: wpa_supplicant-2.10/src/utils/wpa_debug.c void wpa_debug_print_timestamp(void) { #ifndef CONFIG_ANDROID_LOG -Index: wpa_supplicant-2.10/src/utils/wpa_debug.h -=================================================================== ---- wpa_supplicant-2.10.orig/src/utils/wpa_debug.h -+++ wpa_supplicant-2.10/src/utils/wpa_debug.h -@@ -25,6 +25,7 @@ enum { +--- a/src/utils/wpa_debug.h ++++ b/src/utils/wpa_debug.h +@@ -25,6 +25,7 @@ #ifdef CONFIG_NO_STDOUT_DEBUG @@ -61,8 +55,8 @@ Index: wpa_supplicant-2.10/src/utils/wpa_debug.h #define wpa_debug_print_timestamp() do { } while (0) #define wpa_printf(args...) do { } while (0) #define wpa_hexdump(l,t,b,le) do { } while (0) -@@ -51,6 +52,13 @@ void wpa_debug_close_file(void); - void wpa_debug_setup_stdout(void); +@@ -52,6 +53,13 @@ + void wpa_debug_stop_log(void); /** + * wpa_debug_enabled: check whether given debug level is enabled diff --git a/wpa_supplicant-sigusr1-changes-debuglevel.patch b/wpa_supplicant-sigusr1-changes-debuglevel.patch index 8ecdfe9..d0e77e3 100644 --- a/wpa_supplicant-sigusr1-changes-debuglevel.patch +++ b/wpa_supplicant-sigusr1-changes-debuglevel.patch @@ -2,11 +2,9 @@ wpa_supplicant/wpa_supplicant.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) -Index: wpa_supplicant-2.10/wpa_supplicant/wpa_supplicant.c -=================================================================== ---- wpa_supplicant-2.10.orig/wpa_supplicant/wpa_supplicant.c -+++ wpa_supplicant-2.10/wpa_supplicant/wpa_supplicant.c -@@ -121,6 +121,22 @@ const char *const wpa_supplicant_full_li +--- a/wpa_supplicant/wpa_supplicant.c ++++ b/wpa_supplicant/wpa_supplicant.c +@@ -123,6 +123,22 @@ "\n"; #endif /* CONFIG_NO_STDOUT_DEBUG */ @@ -28,8 +26,8 @@ Index: wpa_supplicant-2.10/wpa_supplicant/wpa_supplicant.c +} static void wpa_bss_tmp_disallow_timeout(void *eloop_ctx, void *timeout_ctx); - #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL) -@@ -7474,6 +7490,8 @@ int wpa_supplicant_run(struct wpa_global + static void wpas_verify_ssid_beacon(void *eloop_ctx, void *timeout_ctx); +@@ -8189,6 +8205,8 @@ eloop_register_signal_terminate(wpa_supplicant_terminate, global); eloop_register_signal_reconfig(wpa_supplicant_reconfig, global); diff --git a/wpa_supplicant.changes b/wpa_supplicant.changes index 50eaae3..fbf4efa 100644 --- a/wpa_supplicant.changes +++ b/wpa_supplicant.changes @@ -1,3 +1,59 @@ +------------------------------------------------------------------- +Wed Sep 11 14:44:58 UTC 2024 - Clemens Famulla-Conrad + +- update to v2.11: + * Wi-Fi Easy Connect + - add support for DPP release 3 + - allow Configurator parameters to be provided during config exchange + * HE/IEEE 802.11ax/Wi-Fi 6 + - various fixes + * EHT/IEEE 802.11be/Wi-Fi 7 + - add preliminary support + * SAE: add support for fetching the password from a RADIUS server + * support OpenSSL 3.0 API changes + * support background radar detection and CAC with some additional + drivers + * support RADIUS ACL/PSK check during 4-way handshake (wpa_psk_radius=3) + * EAP-SIM/AKA: support IMSI privacy + * improve 4-way handshake operations + - use Secure=1 in message 3 during PTK rekeying + * OCV: do not check Frequency Segment 1 Channel Number for 160 MHz cases + to avoid interoperability issues + * support new SAE AKM suites with variable length keys + * support new AKM for 802.1X/EAP with SHA384 + * extend PASN support for secure ranging + * FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP) + - this is based on additional details being added in the IEEE 802.11 + standard + - the new implementation is not backwards compatible + * improved ACS to cover additional channel types/bandwidths + * extended Multiple BSSID support + * fix beacon protection with FT protocol (incorrect BIGTK was provided) + * support unsynchronized service discovery (USD) + * add preliminary support for RADIUS/TLS + * add support for explicit SSID protection in 4-way handshake + (a mitigation for CVE-2023-52424; disabled by default for now, can be + enabled with ssid_protection=1) + * fix SAE H2E rejected groups validation to avoid downgrade attacks + * use stricter validation for some RADIUS messages + * a large number of other fixes, cleanup, and extensions +- refresh patches: + wpa_supplicant-dump-certificate-as-PEM-in-debug-mode.diff + wpa_supplicant-sigusr1-changes-debuglevel.patch +- drop patches: + CVE-2023-52160.patch + dbus-Fix-property-DebugShowKeys-and-DebugTimestamp.patch + +------------------------------------------------------------------- +Thu Feb 15 15:48:52 UTC 2024 - Clemens Famulla-Conrad + +- Add CVE-2023-52160.patch - Bypassing WiFi Authentication (bsc#1219975) + +------------------------------------------------------------------- +Tue May 16 20:19:37 UTC 2023 - Callum Farmer + +- Change ctrl_interface from /var/run to %_rundir (/run) + ------------------------------------------------------------------- Thu Sep 1 13:52:19 UTC 2022 - Stefan Schubert diff --git a/wpa_supplicant.conf b/wpa_supplicant.conf index 17eb227..75a8829 100644 --- a/wpa_supplicant.conf +++ b/wpa_supplicant.conf @@ -1,3 +1,3 @@ -ctrl_interface=/var/run/wpa_supplicant +ctrl_interface=@RUNSTATEDIR@/wpa_supplicant ctrl_interface_group=wheel diff --git a/wpa_supplicant.spec b/wpa_supplicant.spec index 564142b..43f4ad3 100644 --- a/wpa_supplicant.spec +++ b/wpa_supplicant.spec @@ -1,7 +1,7 @@ # # spec file for package wpa_supplicant # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: wpa_supplicant -Version: 2.10 +Version: 2.11 Release: 0 Summary: WPA supplicant implementation License: BSD-3-Clause AND GPL-2.0-or-later @@ -38,7 +38,6 @@ Patch1: wpa_supplicant-flush-debug-output.patch Patch2: wpa_supplicant-sigusr1-changes-debuglevel.patch Patch3: wpa_supplicant-alloc_size.patch Patch5: wpa_supplicant-dump-certificate-as-PEM-in-debug-mode.diff -Patch6: dbus-Fix-property-DebugShowKeys-and-DebugTimestamp.patch BuildRequires: pkgconfig BuildRequires: readline-devel BuildRequires: systemd-rpm-macros @@ -87,6 +86,7 @@ install -d %{buildroot}%{_datadir}/dbus-1/system.d install -m 0644 wpa_supplicant/dbus/dbus-wpa_supplicant.conf %{buildroot}%{_datadir}/dbus-1/system.d/wpa_supplicant.conf install -d %{buildroot}/%{_sysconfdir}/%{name} install -m 0600 %{SOURCE2} %{buildroot}/%{_sysconfdir}/%{name} +sed 's-@RUNSTATEDIR@-%{_rundir}-g' -i %{buildroot}/%{_sysconfdir}/%{name}/%{name}.conf install -d %{buildroot}/%{_datadir}/dbus-1/system-services install -m 0644 %{SOURCE3} %{buildroot}/%{_datadir}/dbus-1/system-services install -m 0644 %{SOURCE5} %{buildroot}/%{_datadir}/dbus-1/system-services