| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: wpa_supplicant | Distribution: openSUSE Tumbleweed |
| Version: 2.11 | Vendor: openSUSE |
| Release: 2.1 | Build date: Fri Sep 20 12:37:22 2024 |
| Group: Unspecified | Build host: reproducible |
| Size: 6290462 | Source RPM: wpa_supplicant-2.11-2.1.src.rpm |
| Packager: https://bugs.opensuse.org | |
| Url: https://w1.fi/wpa_supplicant | |
| Summary: WPA supplicant implementation | |
wpa_supplicant is an implementation of the WPA Supplicant component, i.e., the part that runs in the client stations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11 authentication/association of the wlan driver.
BSD-3-Clause AND GPL-2.0-or-later
* Fri Sep 20 2024 Clemens Famulla-Conrad <cfamullaconrad@suse.com>
- Revert "Mark authorization completed on driver indication
during 4-way HS offload" because of WPA2-PSK/WPA-SAE connection
problems with brcmfmac wifi hardware. (bsc#1230797)
[+ Revert-Mark-authorization-completed-on-driver-indica.patch]
* Wed Sep 11 2024 Clemens Famulla-Conrad <cfamullaconrad@suse.com>
- update to v2.11:
* Wi-Fi Easy Connect
- add support for DPP release 3
- allow Configurator parameters to be provided during config exchange
* HE/IEEE 802.11ax/Wi-Fi 6
- various fixes
* EHT/IEEE 802.11be/Wi-Fi 7
- add preliminary support
* SAE: add support for fetching the password from a RADIUS server
* support OpenSSL 3.0 API changes
* support background radar detection and CAC with some additional
drivers
* support RADIUS ACL/PSK check during 4-way handshake (wpa_psk_radius=3)
* EAP-SIM/AKA: support IMSI privacy
* improve 4-way handshake operations
- use Secure=1 in message 3 during PTK rekeying
* OCV: do not check Frequency Segment 1 Channel Number for 160 MHz cases
to avoid interoperability issues
* support new SAE AKM suites with variable length keys
* support new AKM for 802.1X/EAP with SHA384
* extend PASN support for secure ranging
* FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP)
- this is based on additional details being added in the IEEE 802.11
standard
- the new implementation is not backwards compatible
* improved ACS to cover additional channel types/bandwidths
* extended Multiple BSSID support
* fix beacon protection with FT protocol (incorrect BIGTK was provided)
* support unsynchronized service discovery (USD)
* add preliminary support for RADIUS/TLS
* add support for explicit SSID protection in 4-way handshake
(a mitigation for CVE-2023-52424; disabled by default for now, can be
enabled with ssid_protection=1)
* fix SAE H2E rejected groups validation to avoid downgrade attacks
* use stricter validation for some RADIUS messages
* a large number of other fixes, cleanup, and extensions
- refresh patches:
wpa_supplicant-dump-certificate-as-PEM-in-debug-mode.diff
wpa_supplicant-sigusr1-changes-debuglevel.patch
- drop patches:
CVE-2023-52160.patch
dbus-Fix-property-DebugShowKeys-and-DebugTimestamp.patch
* Thu Feb 15 2024 Clemens Famulla-Conrad <cfamullaconrad@suse.com>
- Add CVE-2023-52160.patch - Bypassing WiFi Authentication (bsc#1219975)
* Tue May 16 2023 Callum Farmer <gmbr3@opensuse.org>
- Change ctrl_interface from /var/run to %_rundir (/run)
* Thu Sep 01 2022 Stefan Schubert <schubi@suse.com>
- Migration to /usr/etc: Saving user changed configuration files
in /etc and restoring them while an RPM update.
* Tue Jul 05 2022 Clemens Famulla-Conrad <cfamullaconrad@suse.com>
- Add dbus-Fix-property-DebugShowKeys-and-DebugTimestamp.patch
(bsc#1201219)
* Tue Jun 21 2022 Stefan Schubert <schubi@suse.com>
- Removed %config flag for files in /usr directory.
* Tue Jun 21 2022 Stefan Schubert <schubi@suse.com>
- Moved logrotate files from user specific directory /etc/logrotate.d
to vendor specific directory /usr/etc/logrotate.d.
* Mon Jun 20 2022 Clemens Famulla-Conrad <cfamullaconrad@suse.com>
- Remove Revert-DBus-Add-sae-to-interface-key_mgmt-capabilities.patch
Fixed in NetworkManager (glfo#NetworkManager/NetworkManager#a0988868).
Wifi cards, wich do not support PMF/BIP ciphers, should not use
SAE as key management. (bsc#1195312)
* Wed Jun 08 2022 Callum Farmer <gmbr3@opensuse.org>
- Move the dbus-1 system.d file to /usr (bsc#1200342)
* Sat Feb 05 2022 Hans-Peter Jansen <hpj@urpla.net>
- Apply Revert-DBus-Add-sae-to-interface-key_mgmt-capabilities.patch
to fix connect with AVM FB, if WPA3 transition mode is activated,
e.g. Wifi -> Security: is WPA2 + WPA3, alt. switch to WPA2 (CCMP)
(bsc#1195312)
* Tue Feb 01 2022 Dirk Müller <dmueller@suse.com>
- drop restore-old-dbus-interface.patch, wicked has been
switching to the new dbus interface in version 0.6.66.
- drop wpa_supplicant-getrandom.patch : glibc has been updated
so the getrandom() wrapper is now there
- config:
* enable QCA vendor extensions to nl80211
* enable EAP-EKE
* Support HT overrides
* WPA3-Enterprise
* TLS v1.1 and TLS v1.2
* Fast Session Transfer (FST)
* Automatic Channel Selection
* Multi Band Operation
* Fast Initial Link Setup
* Mesh Networking (IEEE 802.11s)
* Mon Jan 31 2022 Dirk Müller <dmueller@suse.com>
- config:
* Reenable Fast BSS Transition (likely fixing bsc#1195312)
* Enable OCV, security feature that prevents MITM
multi-channel attacks
* Enable OWE for better hotspot support
* Sun Jan 23 2022 Dirk Müller <dmueller@suse.com>
- update to 2.10.0:
* SAE changes
- improved protection against side channel attacks
[https://w1.fi/security/2022-1/]
- added support for the hash-to-element mechanism (sae_pwe=1 or
sae_pwe=2); this is currently disabled by default, but will likely
get enabled by default in the future
- fixed PMKSA caching with OKC
- added support for SAE-PK
* EAP-pwd changes
- improved protection against side channel attacks
[https://w1.fi/security/2022-1/]
* fixed P2P provision discovery processing of a specially constructed
invalid frame
[https://w1.fi/security/2021-1/]
* fixed P2P group information processing of a specially constructed
invalid frame
[https://w1.fi/security/2020-2/]
* fixed PMF disconnection protection bypass in AP mode
[https://w1.fi/security/2019-7/]
* added support for using OpenSSL 3.0
* increased the maximum number of EAP message exchanges (mainly to
support cases with very large certificates)
* fixed various issues in experimental support for EAP-TEAP peer
* added support for DPP release 2 (Wi-Fi Device Provisioning Protocol)
* a number of MKA/MACsec fixes and extensions
* added support for SAE (WPA3-Personal) AP mode configuration
* added P2P support for EDMG (IEEE 802.11ay) channels
* fixed EAP-FAST peer with TLS GCM/CCM ciphers
* improved throughput estimation and BSS selection
* dropped support for libnl 1.1
* added support for nl80211 control port for EAPOL frame TX/RX
* fixed OWE key derivation with groups 20 and 21; this breaks backwards
compatibility for these groups while the default group 19 remains
backwards compatible
* added support for Beacon protection
* added support for Extended Key ID for pairwise keys
* removed WEP support from the default build (CONFIG_WEP=y can be used
to enable it, if really needed)
* added a build option to remove TKIP support (CONFIG_NO_TKIP=y)
* added support for Transition Disable mechanism to allow the AP to
automatically disable transition mode to improve security
* extended D-Bus interface
* added support for PASN
* added a file-based backend for external password storage to allow
secret information to be moved away from the main configuration file
without requiring external tools
* added EAP-TLS peer support for TLS 1.3 (disabled by default for now)
* added support for SCS, MSCS, DSCP policy
* changed driver interface selection to default to automatic fallback
to other compiled in options
* a large number of other fixes, cleanup, and extensions
- drop wpa_supplicant-p2p_iname_size.diff, CVE-2021-30004.patch,
CVE-2021-27803.patch, CVE-2021-0326.patch, CVE-2019-16275.patch:
upstream
- refresh config from 2.10 defconfig, re-enable CONFIG_WEP
* Mon Jan 10 2022 Johannes Segitz <jsegitz@suse.com>
- Added hardening to systemd service(s) (bsc#1181400). Modified:
* wpa_supplicant.service
* Tue Apr 06 2021 Clemens Famulla-Conrad <cfamullaconrad@suse.com>
- Add CVE-2021-30004.patch -- forging attacks may occur because
AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c
(bsc#1184348)
* Wed Mar 03 2021 Clemens Famulla-Conrad <cfamullaconrad@suse.com>
- Fix systemd device ready dependencies in wpa_supplicant@.service file.
(see: https://forums.opensuse.org/showthread.php/547186-wpa_supplicant-service-fails-on-boot-succeeds-on-restart?p=2982844#post2982844)
* Sat Feb 27 2021 Clemens Famulla-Conrad <cfamullaconrad@suse.com>
- Add CVE-2021-27803.patch -- P2P provision discovery processing vulnerability
(bsc#1182805)
* Thu Feb 04 2021 Clemens Famulla-Conrad <cfamullaconrad@suse.com>
- Add CVE-2021-0326.patch -- P2P group information processing vulnerability
(bsc#1181777)
/etc/wpa_supplicant /etc/wpa_supplicant/wpa_supplicant.conf /run/wpa_supplicant /usr/etc/logrotate.d/wpa_supplicant /usr/lib/systemd/system/dbus-fi.epitest.hostap.WPASupplicant.service /usr/lib/systemd/system/dbus-fi.w1.wpa_supplicant1.service /usr/lib/systemd/system/wpa_supplicant.service /usr/lib/systemd/system/wpa_supplicant@.service /usr/sbin/eapol_test /usr/sbin/rcwpa_supplicant /usr/sbin/wpa_cli /usr/sbin/wpa_passphrase /usr/sbin/wpa_supplicant /usr/share/dbus-1/system-services /usr/share/dbus-1/system-services/fi.epitest.hostap.WPASupplicant.service /usr/share/dbus-1/system-services/fi.w1.wpa_supplicant1.service /usr/share/dbus-1/system.d/wpa_supplicant.conf /usr/share/doc/packages/wpa_supplicant /usr/share/doc/packages/wpa_supplicant/ChangeLog /usr/share/doc/packages/wpa_supplicant/README /usr/share/doc/packages/wpa_supplicant/examples /usr/share/doc/packages/wpa_supplicant/examples/60_wpa_supplicant /usr/share/doc/packages/wpa_supplicant/examples/dbus-listen-preq.py /usr/share/doc/packages/wpa_supplicant/examples/dpp-nfc.py /usr/share/doc/packages/wpa_supplicant/examples/dpp-qrcode.py /usr/share/doc/packages/wpa_supplicant/examples/ieee8021x.conf /usr/share/doc/packages/wpa_supplicant/examples/openCryptoki.conf /usr/share/doc/packages/wpa_supplicant/examples/p2p /usr/share/doc/packages/wpa_supplicant/examples/p2p-action-udhcp.sh /usr/share/doc/packages/wpa_supplicant/examples/p2p-action.sh /usr/share/doc/packages/wpa_supplicant/examples/p2p-nfc.py /usr/share/doc/packages/wpa_supplicant/examples/p2p/p2p_connect.py /usr/share/doc/packages/wpa_supplicant/examples/p2p/p2p_disconnect.py /usr/share/doc/packages/wpa_supplicant/examples/p2p/p2p_find.py /usr/share/doc/packages/wpa_supplicant/examples/p2p/p2p_flush.py /usr/share/doc/packages/wpa_supplicant/examples/p2p/p2p_group_add.py /usr/share/doc/packages/wpa_supplicant/examples/p2p/p2p_invite.py /usr/share/doc/packages/wpa_supplicant/examples/p2p/p2p_listen.py /usr/share/doc/packages/wpa_supplicant/examples/p2p/p2p_stop_find.py /usr/share/doc/packages/wpa_supplicant/examples/plaintext.conf /usr/share/doc/packages/wpa_supplicant/examples/udhcpd-p2p.conf /usr/share/doc/packages/wpa_supplicant/examples/wep.conf /usr/share/doc/packages/wpa_supplicant/examples/wpa-psk-tkip.conf /usr/share/doc/packages/wpa_supplicant/examples/wpa2-eap-ccmp.conf /usr/share/doc/packages/wpa_supplicant/examples/wpas-dbus-new-getall.py /usr/share/doc/packages/wpa_supplicant/examples/wpas-dbus-new-signals.py /usr/share/doc/packages/wpa_supplicant/examples/wpas-dbus-new-wps.py /usr/share/doc/packages/wpa_supplicant/examples/wpas-dbus-new.py /usr/share/doc/packages/wpa_supplicant/examples/wps-ap-cli /usr/share/doc/packages/wpa_supplicant/examples/wps-nfc.py /usr/share/doc/packages/wpa_supplicant/todo.txt /usr/share/doc/packages/wpa_supplicant/wpa_supplicant.conf /usr/share/licenses/wpa_supplicant /usr/share/licenses/wpa_supplicant/COPYING /usr/share/man/man5/wpa_supplicant.conf.5.gz /usr/share/man/man8/eapol_test.8.gz /usr/share/man/man8/wpa_background.8.gz /usr/share/man/man8/wpa_cli.8.gz /usr/share/man/man8/wpa_passphrase.8.gz /usr/share/man/man8/wpa_supplicant.8.gz
Generated by rpm2html 1.8.1
Fabrice Bellet, Wed Nov 13 00:41:02 2024