Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

wpa_supplicant-2.11-2.1 RPM for x86_64

From OpenSuSE Tumbleweed for x86_64

Name: wpa_supplicant Distribution: openSUSE Tumbleweed
Version: 2.11 Vendor: openSUSE
Release: 2.1 Build date: Fri Sep 20 12:37:22 2024
Group: Unspecified Build host: reproducible
Size: 7252878 Source RPM: wpa_supplicant-2.11-2.1.src.rpm
Packager: https://bugs.opensuse.org
Url: https://w1.fi/wpa_supplicant
Summary: WPA supplicant implementation
wpa_supplicant is an implementation of the WPA Supplicant component,
i.e., the part that runs in the client stations. It implements key
negotiation with a WPA Authenticator and it controls the roaming and
IEEE 802.11 authentication/association of the wlan driver.

Provides

Requires

License

BSD-3-Clause AND GPL-2.0-or-later

Changelog

* Fri Sep 20 2024 Clemens Famulla-Conrad <cfamullaconrad@suse.com>
  - Revert "Mark authorization completed on driver indication
    during 4-way HS offload" because of WPA2-PSK/WPA-SAE connection
    problems with brcmfmac wifi hardware. (bsc#1230797)
    [+ Revert-Mark-authorization-completed-on-driver-indica.patch]
* Wed Sep 11 2024 Clemens Famulla-Conrad <cfamullaconrad@suse.com>
  - update to v2.11:
    * Wi-Fi Easy Connect
    - add support for DPP release 3
    - allow Configurator parameters to be provided during config exchange
    * HE/IEEE 802.11ax/Wi-Fi 6
    - various fixes
    * EHT/IEEE 802.11be/Wi-Fi 7
    - add preliminary support
    * SAE: add support for fetching the password from a RADIUS server
    * support OpenSSL 3.0 API changes
    * support background radar detection and CAC with some additional
      drivers
    * support RADIUS ACL/PSK check during 4-way handshake (wpa_psk_radius=3)
    * EAP-SIM/AKA: support IMSI privacy
    * improve 4-way handshake operations
    - use Secure=1 in message 3 during PTK rekeying
    * OCV: do not check Frequency Segment 1 Channel Number for 160 MHz cases
      to avoid interoperability issues
    * support new SAE AKM suites with variable length keys
    * support new AKM for 802.1X/EAP with SHA384
    * extend PASN support for secure ranging
    * FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP)
    - this is based on additional details being added in the IEEE 802.11
      standard
    - the new implementation is not backwards compatible
    * improved ACS to cover additional channel types/bandwidths
    * extended Multiple BSSID support
    * fix beacon protection with FT protocol (incorrect BIGTK was provided)
    * support unsynchronized service discovery (USD)
    * add preliminary support for RADIUS/TLS
    * add support for explicit SSID protection in 4-way handshake
      (a mitigation for CVE-2023-52424; disabled by default for now, can be
      enabled with ssid_protection=1)
    * fix SAE H2E rejected groups validation to avoid downgrade attacks
    * use stricter validation for some RADIUS messages
    * a large number of other fixes, cleanup, and extensions
  - refresh patches:
      wpa_supplicant-dump-certificate-as-PEM-in-debug-mode.diff
      wpa_supplicant-sigusr1-changes-debuglevel.patch
  - drop patches:
      CVE-2023-52160.patch
      dbus-Fix-property-DebugShowKeys-and-DebugTimestamp.patch
* Thu Feb 15 2024 Clemens Famulla-Conrad <cfamullaconrad@suse.com>
  - Add CVE-2023-52160.patch - Bypassing WiFi Authentication (bsc#1219975)
* Tue May 16 2023 Callum Farmer <gmbr3@opensuse.org>
  - Change ctrl_interface from /var/run to %_rundir (/run)
* Thu Sep 01 2022 Stefan Schubert <schubi@suse.com>
  - Migration to /usr/etc: Saving user changed configuration files
    in /etc and restoring them while an RPM update.
* Tue Jul 05 2022 Clemens Famulla-Conrad <cfamullaconrad@suse.com>
  - Add dbus-Fix-property-DebugShowKeys-and-DebugTimestamp.patch
    (bsc#1201219)
* Tue Jun 21 2022 Stefan Schubert <schubi@suse.com>
  - Removed %config flag for files in /usr directory.
* Tue Jun 21 2022 Stefan Schubert <schubi@suse.com>
  - Moved logrotate files from user specific directory /etc/logrotate.d
    to vendor specific directory /usr/etc/logrotate.d.
* Mon Jun 20 2022 Clemens Famulla-Conrad <cfamullaconrad@suse.com>
  - Remove Revert-DBus-Add-sae-to-interface-key_mgmt-capabilities.patch
    Fixed in NetworkManager (glfo#NetworkManager/NetworkManager#a0988868).
    Wifi cards, wich do not support PMF/BIP ciphers, should not use
    SAE as key management. (bsc#1195312)
* Wed Jun 08 2022 Callum Farmer <gmbr3@opensuse.org>
  - Move the dbus-1 system.d file to /usr (bsc#1200342)
* Sat Feb 05 2022 Hans-Peter Jansen <hpj@urpla.net>
  - Apply Revert-DBus-Add-sae-to-interface-key_mgmt-capabilities.patch
    to fix connect with AVM FB, if WPA3 transition mode is activated,
    e.g. Wifi -> Security: is WPA2 + WPA3, alt. switch to WPA2 (CCMP)
    (bsc#1195312)
* Tue Feb 01 2022 Dirk Müller <dmueller@suse.com>
  - drop restore-old-dbus-interface.patch, wicked has been
    switching to the new dbus interface in version 0.6.66.
  - drop wpa_supplicant-getrandom.patch : glibc has been updated
    so the getrandom() wrapper is now there
  - config:
    * enable QCA vendor extensions to nl80211
    * enable EAP-EKE
    * Support HT overrides
    * WPA3-Enterprise
    * TLS v1.1 and TLS v1.2
    * Fast Session Transfer (FST)
    * Automatic Channel Selection
    * Multi Band Operation
    * Fast Initial Link Setup
    * Mesh Networking (IEEE 802.11s)
* Mon Jan 31 2022 Dirk Müller <dmueller@suse.com>
  - config:
    * Reenable Fast BSS Transition (likely fixing bsc#1195312)
    * Enable OCV, security feature that prevents MITM
      multi-channel attacks
    * Enable OWE for better hotspot support
* Sun Jan 23 2022 Dirk Müller <dmueller@suse.com>
  - update to 2.10.0:
    * SAE changes
    - improved protection against side channel attacks
      [https://w1.fi/security/2022-1/]
    - added support for the hash-to-element mechanism (sae_pwe=1 or
      sae_pwe=2); this is currently disabled by default, but will likely
      get enabled by default in the future
    - fixed PMKSA caching with OKC
    - added support for SAE-PK
    * EAP-pwd changes
    - improved protection against side channel attacks
      [https://w1.fi/security/2022-1/]
    * fixed P2P provision discovery processing of a specially constructed
      invalid frame
      [https://w1.fi/security/2021-1/]
    * fixed P2P group information processing of a specially constructed
      invalid frame
      [https://w1.fi/security/2020-2/]
    * fixed PMF disconnection protection bypass in AP mode
      [https://w1.fi/security/2019-7/]
    * added support for using OpenSSL 3.0
    * increased the maximum number of EAP message exchanges (mainly to
      support cases with very large certificates)
    * fixed various issues in experimental support for EAP-TEAP peer
    * added support for DPP release 2 (Wi-Fi Device Provisioning Protocol)
    * a number of MKA/MACsec fixes and extensions
    * added support for SAE (WPA3-Personal) AP mode configuration
    * added P2P support for EDMG (IEEE 802.11ay) channels
    * fixed EAP-FAST peer with TLS GCM/CCM ciphers
    * improved throughput estimation and BSS selection
    * dropped support for libnl 1.1
    * added support for nl80211 control port for EAPOL frame TX/RX
    * fixed OWE key derivation with groups 20 and 21; this breaks backwards
      compatibility for these groups while the default group 19 remains
      backwards compatible
    * added support for Beacon protection
    * added support for Extended Key ID for pairwise keys
    * removed WEP support from the default build (CONFIG_WEP=y can be used
      to enable it, if really needed)
    * added a build option to remove TKIP support (CONFIG_NO_TKIP=y)
    * added support for Transition Disable mechanism to allow the AP to
      automatically disable transition mode to improve security
    * extended D-Bus interface
    * added support for PASN
    * added a file-based backend for external password storage to allow
      secret information to be moved away from the main configuration file
      without requiring external tools
    * added EAP-TLS peer support for TLS 1.3 (disabled by default for now)
    * added support for SCS, MSCS, DSCP policy
    * changed driver interface selection to default to automatic fallback
      to other compiled in options
    * a large number of other fixes, cleanup, and extensions
  - drop wpa_supplicant-p2p_iname_size.diff, CVE-2021-30004.patch,
      CVE-2021-27803.patch, CVE-2021-0326.patch, CVE-2019-16275.patch:
      upstream
  - refresh config from 2.10 defconfig, re-enable CONFIG_WEP
* Mon Jan 10 2022 Johannes Segitz <jsegitz@suse.com>
  - Added hardening to systemd service(s) (bsc#1181400). Modified:
    * wpa_supplicant.service
* Tue Apr 06 2021 Clemens Famulla-Conrad <cfamullaconrad@suse.com>
  - Add CVE-2021-30004.patch -- forging attacks may occur because
    AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c
    (bsc#1184348)
* Wed Mar 03 2021 Clemens Famulla-Conrad <cfamullaconrad@suse.com>
  - Fix systemd device ready dependencies in wpa_supplicant@.service file.
    (see: https://forums.opensuse.org/showthread.php/547186-wpa_supplicant-service-fails-on-boot-succeeds-on-restart?p=2982844#post2982844)
* Sat Feb 27 2021 Clemens Famulla-Conrad <cfamullaconrad@suse.com>
  - Add CVE-2021-27803.patch -- P2P provision discovery processing vulnerability
    (bsc#1182805)
* Thu Feb 04 2021 Clemens Famulla-Conrad <cfamullaconrad@suse.com>
  - Add CVE-2021-0326.patch -- P2P group information processing vulnerability
    (bsc#1181777)

Files

/etc/wpa_supplicant
/etc/wpa_supplicant/wpa_supplicant.conf
/run/wpa_supplicant
/usr/etc/logrotate.d/wpa_supplicant
/usr/lib/systemd/system/dbus-fi.epitest.hostap.WPASupplicant.service
/usr/lib/systemd/system/dbus-fi.w1.wpa_supplicant1.service
/usr/lib/systemd/system/wpa_supplicant.service
/usr/lib/systemd/system/wpa_supplicant@.service
/usr/sbin/eapol_test
/usr/sbin/rcwpa_supplicant
/usr/sbin/wpa_cli
/usr/sbin/wpa_passphrase
/usr/sbin/wpa_supplicant
/usr/share/dbus-1/system-services
/usr/share/dbus-1/system-services/fi.epitest.hostap.WPASupplicant.service
/usr/share/dbus-1/system-services/fi.w1.wpa_supplicant1.service
/usr/share/dbus-1/system.d/wpa_supplicant.conf
/usr/share/doc/packages/wpa_supplicant
/usr/share/doc/packages/wpa_supplicant/ChangeLog
/usr/share/doc/packages/wpa_supplicant/README
/usr/share/doc/packages/wpa_supplicant/examples
/usr/share/doc/packages/wpa_supplicant/examples/60_wpa_supplicant
/usr/share/doc/packages/wpa_supplicant/examples/dbus-listen-preq.py
/usr/share/doc/packages/wpa_supplicant/examples/dpp-nfc.py
/usr/share/doc/packages/wpa_supplicant/examples/dpp-qrcode.py
/usr/share/doc/packages/wpa_supplicant/examples/ieee8021x.conf
/usr/share/doc/packages/wpa_supplicant/examples/openCryptoki.conf
/usr/share/doc/packages/wpa_supplicant/examples/p2p
/usr/share/doc/packages/wpa_supplicant/examples/p2p-action-udhcp.sh
/usr/share/doc/packages/wpa_supplicant/examples/p2p-action.sh
/usr/share/doc/packages/wpa_supplicant/examples/p2p-nfc.py
/usr/share/doc/packages/wpa_supplicant/examples/p2p/p2p_connect.py
/usr/share/doc/packages/wpa_supplicant/examples/p2p/p2p_disconnect.py
/usr/share/doc/packages/wpa_supplicant/examples/p2p/p2p_find.py
/usr/share/doc/packages/wpa_supplicant/examples/p2p/p2p_flush.py
/usr/share/doc/packages/wpa_supplicant/examples/p2p/p2p_group_add.py
/usr/share/doc/packages/wpa_supplicant/examples/p2p/p2p_invite.py
/usr/share/doc/packages/wpa_supplicant/examples/p2p/p2p_listen.py
/usr/share/doc/packages/wpa_supplicant/examples/p2p/p2p_stop_find.py
/usr/share/doc/packages/wpa_supplicant/examples/plaintext.conf
/usr/share/doc/packages/wpa_supplicant/examples/udhcpd-p2p.conf
/usr/share/doc/packages/wpa_supplicant/examples/wep.conf
/usr/share/doc/packages/wpa_supplicant/examples/wpa-psk-tkip.conf
/usr/share/doc/packages/wpa_supplicant/examples/wpa2-eap-ccmp.conf
/usr/share/doc/packages/wpa_supplicant/examples/wpas-dbus-new-getall.py
/usr/share/doc/packages/wpa_supplicant/examples/wpas-dbus-new-signals.py
/usr/share/doc/packages/wpa_supplicant/examples/wpas-dbus-new-wps.py
/usr/share/doc/packages/wpa_supplicant/examples/wpas-dbus-new.py
/usr/share/doc/packages/wpa_supplicant/examples/wps-ap-cli
/usr/share/doc/packages/wpa_supplicant/examples/wps-nfc.py
/usr/share/doc/packages/wpa_supplicant/todo.txt
/usr/share/doc/packages/wpa_supplicant/wpa_supplicant.conf
/usr/share/licenses/wpa_supplicant
/usr/share/licenses/wpa_supplicant/COPYING
/usr/share/man/man5/wpa_supplicant.conf.5.gz
/usr/share/man/man8/eapol_test.8.gz
/usr/share/man/man8/wpa_background.8.gz
/usr/share/man/man8/wpa_cli.8.gz
/usr/share/man/man8/wpa_passphrase.8.gz
/usr/share/man/man8/wpa_supplicant.8.gz


Generated by rpm2html 1.8.1

Fabrice Bellet, Fri Nov 15 01:09:04 2024