Sync from SUSE:SLFO:Main wpa_supplicant revision 8980e3808541423773365aaf60ac7517

2024-09-30 10:47:56 +02:00 · 2024-09-30 10:47:56 +02:00 · e3e79a6f88
commit e3e79a6f88
parent 16194d5a2d
8 changed files with 82 additions and 80 deletions
--- a/dbus-Fix-property-DebugShowKeys-and-DebugTimestamp.patch
+++ b/dbus-Fix-property-DebugShowKeys-and-DebugTimestamp.patch
@ -1,46 +0,0 @@
 From 903f0848ce7d67c99eb5a2569aa5c31bcd7adbc1 Mon Sep 17 00:00:00 2001
 From: Clemens Famulla-Conrad <cfamullaconrad@suse.de>
 Date: Tue, 5 Jul 2022 13:04:52 +0200
 Subject: [PATCH] dbus: Fix property DebugShowKeys and DebugTimestamp
 It is possible to specify -t or -K multiple times. With this the
 value isn't boolean anymore and we hit a assert in libdbus
 function `dbus_message_iter_append_basic()`, which expect 0 or 1
 for DBUS_TYPE_BOOLEAN.
 Signed-off-by: Clemens Famulla-Conrad <cfamullaconrad@suse.de>
 ---
 wpa_supplicant/dbus/dbus_new_handlers.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)
 diff --git a/wpa_supplicant/dbus/dbus_new_handlers.c b/wpa_supplicant/dbus/dbus_new_handlers.c
 index 0b1002bf1..de82930e8 100644
 --- a/wpa_supplicant/dbus/dbus_new_handlers.c
 +++ b/wpa_supplicant/dbus/dbus_new_handlers.c
@@ -908,8 +908,10 @@ dbus_bool_t wpas_dbus_getter_debug_timestamp(
 	const struct wpa_dbus_property_desc *property_desc,
 	DBusMessageIter *iter, DBusError *error, void *user_data)
 {
 +	dbus_bool_t b = wpa_debug_timestamp ? TRUE : FALSE;
 +
 	return wpas_dbus_simple_property_getter(iter, DBUS_TYPE_BOOLEAN,
 -						&wpa_debug_timestamp, error);
 +						&b, error);
 }
@@ -927,8 +929,10 @@ dbus_bool_t wpas_dbus_getter_debug_show_keys(
 	const struct wpa_dbus_property_desc *property_desc,
 	DBusMessageIter *iter, DBusError *error, void *user_data)
 {
 +	dbus_bool_t b = wpa_debug_timestamp ? TRUE : FALSE;
 +
 	return wpas_dbus_simple_property_getter(iter, DBUS_TYPE_BOOLEAN,
 -						&wpa_debug_show_keys, error);
 +						&b, error);
 }
 -- 
 2.35.3
--- a/wpa_supplicant-2.10.tar.gz
+++ b/wpa_supplicant-2.10.tar.gz
--- a/wpa_supplicant-2.11.tar.gz
+++ b/wpa_supplicant-2.11.tar.gz
--- a/wpa_supplicant-dump-certificate-as-PEM-in-debug-mode.diff
+++ b/wpa_supplicant-dump-certificate-as-PEM-in-debug-mode.diff
@ -9,11 +9,9 @@ Subject: [PATCH] dump certificate as PEM in debug mode
 src/utils/wpa_debug.h    |    8 ++++++++
 3 files changed, 26 insertions(+)
-Index: wpa_supplicant-2.10/src/crypto/tls_openssl.c
+--- a/src/crypto/tls_openssl.c
-===================================================================
+++ b/src/crypto/tls_openssl.c
--- wpa_supplicant-2.10.orig/src/crypto/tls_openssl.c
+@@ -2515,6 +2515,19 @@
 +++ wpa_supplicant-2.10/src/crypto/tls_openssl.c
@@ -2361,6 +2361,19 @@ static int tls_verify_cb(int preverify_o
 	debug_print_cert(err_cert, buf);
 	X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof(buf));
@ -33,11 +31,9 @@ Index: wpa_supplicant-2.10/src/crypto/tls_openssl.c
 	conn = SSL_get_app_data(ssl);
 	if (conn == NULL)
 		return 0;
-Index: wpa_supplicant-2.10/src/utils/wpa_debug.c
+--- a/src/utils/wpa_debug.c
-===================================================================
+++ b/src/utils/wpa_debug.c
--- wpa_supplicant-2.10.orig/src/utils/wpa_debug.c
+@@ -66,6 +66,11 @@
 +++ wpa_supplicant-2.10/src/utils/wpa_debug.c
@@ -66,6 +66,11 @@ static int wpa_to_android_level(int leve
 #endif /* CONFIG_DEBUG_FILE */
@ -49,11 +45,9 @@ Index: wpa_supplicant-2.10/src/utils/wpa_debug.c
 void wpa_debug_print_timestamp(void)
 {
 #ifndef CONFIG_ANDROID_LOG
-Index: wpa_supplicant-2.10/src/utils/wpa_debug.h
+--- a/src/utils/wpa_debug.h
-===================================================================
+++ b/src/utils/wpa_debug.h
--- wpa_supplicant-2.10.orig/src/utils/wpa_debug.h
+@@ -25,6 +25,7 @@
 +++ wpa_supplicant-2.10/src/utils/wpa_debug.h
@@ -25,6 +25,7 @@ enum {
 #ifdef CONFIG_NO_STDOUT_DEBUG
@ -61,8 +55,8 @@ Index: wpa_supplicant-2.10/src/utils/wpa_debug.h
 #define wpa_debug_print_timestamp() do { } while (0)
 #define wpa_printf(args...) do { } while (0)
 #define wpa_hexdump(l,t,b,le) do { } while (0)
-@@ -51,6 +52,13 @@ void wpa_debug_close_file(void);
+@@ -52,6 +53,13 @@
- void wpa_debug_setup_stdout(void);
+ void wpa_debug_stop_log(void);
 /**
 + * wpa_debug_enabled: check whether given debug level is enabled
--- a/wpa_supplicant-sigusr1-changes-debuglevel.patch
+++ b/wpa_supplicant-sigusr1-changes-debuglevel.patch
@ -2,11 +2,9 @@
 wpa_supplicant/wpa_supplicant.c |   18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
-Index: wpa_supplicant-2.10/wpa_supplicant/wpa_supplicant.c
+--- a/wpa_supplicant/wpa_supplicant.c
-===================================================================
+++ b/wpa_supplicant/wpa_supplicant.c
--- wpa_supplicant-2.10.orig/wpa_supplicant/wpa_supplicant.c
+@@ -123,6 +123,22 @@
 +++ wpa_supplicant-2.10/wpa_supplicant/wpa_supplicant.c
@@ -121,6 +121,22 @@ const char *const wpa_supplicant_full_li
 "\n";
 #endif /* CONFIG_NO_STDOUT_DEBUG */
@ -28,8 +26,8 @@ Index: wpa_supplicant-2.10/wpa_supplicant/wpa_supplicant.c
 +}
 static void wpa_bss_tmp_disallow_timeout(void *eloop_ctx, void *timeout_ctx);
- #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
+ static void wpas_verify_ssid_beacon(void *eloop_ctx, void *timeout_ctx);
-@@ -7474,6 +7490,8 @@ int wpa_supplicant_run(struct wpa_global
+@@ -8189,6 +8205,8 @@
 	eloop_register_signal_terminate(wpa_supplicant_terminate, global);
 	eloop_register_signal_reconfig(wpa_supplicant_reconfig, global);
--- a/wpa_supplicant.changes
+++ b/wpa_supplicant.changes
@ -1,3 +1,59 @@
 -------------------------------------------------------------------
 Wed Sep 11 14:44:58 UTC 2024 - Clemens Famulla-Conrad <cfamullaconrad@suse.com>
 - update to v2.11:
  * Wi-Fi Easy Connect
    - add support for DPP release 3
    - allow Configurator parameters to be provided during config exchange
  * HE/IEEE 802.11ax/Wi-Fi 6
    - various fixes
  * EHT/IEEE 802.11be/Wi-Fi 7
    - add preliminary support
  * SAE: add support for fetching the password from a RADIUS server
  * support OpenSSL 3.0 API changes
  * support background radar detection and CAC with some additional
    drivers
  * support RADIUS ACL/PSK check during 4-way handshake (wpa_psk_radius=3)
  * EAP-SIM/AKA: support IMSI privacy
  * improve 4-way handshake operations
    - use Secure=1 in message 3 during PTK rekeying
  * OCV: do not check Frequency Segment 1 Channel Number for 160 MHz cases
    to avoid interoperability issues
  * support new SAE AKM suites with variable length keys
  * support new AKM for 802.1X/EAP with SHA384
  * extend PASN support for secure ranging
  * FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP)
    - this is based on additional details being added in the IEEE 802.11
      standard
    - the new implementation is not backwards compatible
  * improved ACS to cover additional channel types/bandwidths
  * extended Multiple BSSID support
  * fix beacon protection with FT protocol (incorrect BIGTK was provided)
  * support unsynchronized service discovery (USD)
  * add preliminary support for RADIUS/TLS
  * add support for explicit SSID protection in 4-way handshake
    (a mitigation for CVE-2023-52424; disabled by default for now, can be
    enabled with ssid_protection=1)
  * fix SAE H2E rejected groups validation to avoid downgrade attacks
  * use stricter validation for some RADIUS messages
  * a large number of other fixes, cleanup, and extensions
 - refresh patches:
    wpa_supplicant-dump-certificate-as-PEM-in-debug-mode.diff
    wpa_supplicant-sigusr1-changes-debuglevel.patch
 - drop patches:
    CVE-2023-52160.patch 
    dbus-Fix-property-DebugShowKeys-and-DebugTimestamp.patch
 -------------------------------------------------------------------
 Thu Feb 15 15:48:52 UTC 2024 - Clemens Famulla-Conrad <cfamullaconrad@suse.com>
 - Add CVE-2023-52160.patch - Bypassing WiFi Authentication (bsc#1219975)
 -------------------------------------------------------------------
 Tue May 16 20:19:37 UTC 2023 - Callum Farmer <gmbr3@opensuse.org>
 - Change ctrl_interface from /var/run to %_rundir (/run)
 -------------------------------------------------------------------
 Thu Sep  1 13:52:19 UTC 2022 - Stefan Schubert <schubi@suse.com>
--- a/wpa_supplicant.conf
+++ b/wpa_supplicant.conf
@ -1,3 +1,3 @@
-ctrl_interface=/var/run/wpa_supplicant
+ctrl_interface=@RUNSTATEDIR@/wpa_supplicant
 ctrl_interface_group=wheel
--- a/wpa_supplicant.spec
+++ b/wpa_supplicant.spec
@ -1,7 +1,7 @@
 #
 # spec file for package wpa_supplicant
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -17,7 +17,7 @@
 Name:           wpa_supplicant
-Version:        2.10
+Version:        2.11
 Release:        0
 Summary:        WPA supplicant implementation
 License:        BSD-3-Clause AND GPL-2.0-or-later
@ -38,7 +38,6 @@ Patch1:         wpa_supplicant-flush-debug-output.patch
 Patch2:         wpa_supplicant-sigusr1-changes-debuglevel.patch
 Patch3:         wpa_supplicant-alloc_size.patch
 Patch5:         wpa_supplicant-dump-certificate-as-PEM-in-debug-mode.diff
 Patch6:         dbus-Fix-property-DebugShowKeys-and-DebugTimestamp.patch
 BuildRequires:  pkgconfig
 BuildRequires:  readline-devel
 BuildRequires:  systemd-rpm-macros
@ -87,6 +86,7 @@ install -d %{buildroot}%{_datadir}/dbus-1/system.d
 install -m 0644 wpa_supplicant/dbus/dbus-wpa_supplicant.conf %{buildroot}%{_datadir}/dbus-1/system.d/wpa_supplicant.conf
 install -d %{buildroot}/%{_sysconfdir}/%{name}
 install -m 0600 %{SOURCE2} %{buildroot}/%{_sysconfdir}/%{name}
 sed 's-@RUNSTATEDIR@-%{_rundir}-g' -i %{buildroot}/%{_sysconfdir}/%{name}/%{name}.conf
 install -d %{buildroot}/%{_datadir}/dbus-1/system-services
 install -m 0644 %{SOURCE3} %{buildroot}/%{_datadir}/dbus-1/system-services
 install -m 0644 %{SOURCE5} %{buildroot}/%{_datadir}/dbus-1/system-services
`@ -1,3 +1,3 @@`
	`ctrl_interface=/var/run/wpa_supplicant`	`ctrl_interface=@RUNSTATEDIR@/wpa_supplicant`
	`ctrl_interface_group=wheel`	`ctrl_interface_group=wheel`