Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: wpa_supplicant | Distribution: openSUSE Tumbleweed |
Version: 2.11 | Vendor: openSUSE |
Release: 2.1 | Build date: Fri Sep 20 12:37:22 2024 |
Group: Unspecified | Build host: reproducible |
Size: 7252878 | Source RPM: wpa_supplicant-2.11-2.1.src.rpm |
Packager: https://bugs.opensuse.org | |
Url: https://w1.fi/wpa_supplicant | |
Summary: WPA supplicant implementation |
wpa_supplicant is an implementation of the WPA Supplicant component, i.e., the part that runs in the client stations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11 authentication/association of the wlan driver.
BSD-3-Clause AND GPL-2.0-or-later
* Fri Sep 20 2024 Clemens Famulla-Conrad <cfamullaconrad@suse.com> - Revert "Mark authorization completed on driver indication during 4-way HS offload" because of WPA2-PSK/WPA-SAE connection problems with brcmfmac wifi hardware. (bsc#1230797) [+ Revert-Mark-authorization-completed-on-driver-indica.patch] * Wed Sep 11 2024 Clemens Famulla-Conrad <cfamullaconrad@suse.com> - update to v2.11: * Wi-Fi Easy Connect - add support for DPP release 3 - allow Configurator parameters to be provided during config exchange * HE/IEEE 802.11ax/Wi-Fi 6 - various fixes * EHT/IEEE 802.11be/Wi-Fi 7 - add preliminary support * SAE: add support for fetching the password from a RADIUS server * support OpenSSL 3.0 API changes * support background radar detection and CAC with some additional drivers * support RADIUS ACL/PSK check during 4-way handshake (wpa_psk_radius=3) * EAP-SIM/AKA: support IMSI privacy * improve 4-way handshake operations - use Secure=1 in message 3 during PTK rekeying * OCV: do not check Frequency Segment 1 Channel Number for 160 MHz cases to avoid interoperability issues * support new SAE AKM suites with variable length keys * support new AKM for 802.1X/EAP with SHA384 * extend PASN support for secure ranging * FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP) - this is based on additional details being added in the IEEE 802.11 standard - the new implementation is not backwards compatible * improved ACS to cover additional channel types/bandwidths * extended Multiple BSSID support * fix beacon protection with FT protocol (incorrect BIGTK was provided) * support unsynchronized service discovery (USD) * add preliminary support for RADIUS/TLS * add support for explicit SSID protection in 4-way handshake (a mitigation for CVE-2023-52424; disabled by default for now, can be enabled with ssid_protection=1) * fix SAE H2E rejected groups validation to avoid downgrade attacks * use stricter validation for some RADIUS messages * a large number of other fixes, cleanup, and extensions - refresh patches: wpa_supplicant-dump-certificate-as-PEM-in-debug-mode.diff wpa_supplicant-sigusr1-changes-debuglevel.patch - drop patches: CVE-2023-52160.patch dbus-Fix-property-DebugShowKeys-and-DebugTimestamp.patch * Thu Feb 15 2024 Clemens Famulla-Conrad <cfamullaconrad@suse.com> - Add CVE-2023-52160.patch - Bypassing WiFi Authentication (bsc#1219975) * Tue May 16 2023 Callum Farmer <gmbr3@opensuse.org> - Change ctrl_interface from /var/run to %_rundir (/run) * Thu Sep 01 2022 Stefan Schubert <schubi@suse.com> - Migration to /usr/etc: Saving user changed configuration files in /etc and restoring them while an RPM update. * Tue Jul 05 2022 Clemens Famulla-Conrad <cfamullaconrad@suse.com> - Add dbus-Fix-property-DebugShowKeys-and-DebugTimestamp.patch (bsc#1201219) * Tue Jun 21 2022 Stefan Schubert <schubi@suse.com> - Removed %config flag for files in /usr directory. * Tue Jun 21 2022 Stefan Schubert <schubi@suse.com> - Moved logrotate files from user specific directory /etc/logrotate.d to vendor specific directory /usr/etc/logrotate.d. * Mon Jun 20 2022 Clemens Famulla-Conrad <cfamullaconrad@suse.com> - Remove Revert-DBus-Add-sae-to-interface-key_mgmt-capabilities.patch Fixed in NetworkManager (glfo#NetworkManager/NetworkManager#a0988868). Wifi cards, wich do not support PMF/BIP ciphers, should not use SAE as key management. (bsc#1195312) * Wed Jun 08 2022 Callum Farmer <gmbr3@opensuse.org> - Move the dbus-1 system.d file to /usr (bsc#1200342) * Sat Feb 05 2022 Hans-Peter Jansen <hpj@urpla.net> - Apply Revert-DBus-Add-sae-to-interface-key_mgmt-capabilities.patch to fix connect with AVM FB, if WPA3 transition mode is activated, e.g. Wifi -> Security: is WPA2 + WPA3, alt. switch to WPA2 (CCMP) (bsc#1195312) * Tue Feb 01 2022 Dirk Müller <dmueller@suse.com> - drop restore-old-dbus-interface.patch, wicked has been switching to the new dbus interface in version 0.6.66. - drop wpa_supplicant-getrandom.patch : glibc has been updated so the getrandom() wrapper is now there - config: * enable QCA vendor extensions to nl80211 * enable EAP-EKE * Support HT overrides * WPA3-Enterprise * TLS v1.1 and TLS v1.2 * Fast Session Transfer (FST) * Automatic Channel Selection * Multi Band Operation * Fast Initial Link Setup * Mesh Networking (IEEE 802.11s) * Mon Jan 31 2022 Dirk Müller <dmueller@suse.com> - config: * Reenable Fast BSS Transition (likely fixing bsc#1195312) * Enable OCV, security feature that prevents MITM multi-channel attacks * Enable OWE for better hotspot support * Sun Jan 23 2022 Dirk Müller <dmueller@suse.com> - update to 2.10.0: * SAE changes - improved protection against side channel attacks [https://w1.fi/security/2022-1/] - added support for the hash-to-element mechanism (sae_pwe=1 or sae_pwe=2); this is currently disabled by default, but will likely get enabled by default in the future - fixed PMKSA caching with OKC - added support for SAE-PK * EAP-pwd changes - improved protection against side channel attacks [https://w1.fi/security/2022-1/] * fixed P2P provision discovery processing of a specially constructed invalid frame [https://w1.fi/security/2021-1/] * fixed P2P group information processing of a specially constructed invalid frame [https://w1.fi/security/2020-2/] * fixed PMF disconnection protection bypass in AP mode [https://w1.fi/security/2019-7/] * added support for using OpenSSL 3.0 * increased the maximum number of EAP message exchanges (mainly to support cases with very large certificates) * fixed various issues in experimental support for EAP-TEAP peer * added support for DPP release 2 (Wi-Fi Device Provisioning Protocol) * a number of MKA/MACsec fixes and extensions * added support for SAE (WPA3-Personal) AP mode configuration * added P2P support for EDMG (IEEE 802.11ay) channels * fixed EAP-FAST peer with TLS GCM/CCM ciphers * improved throughput estimation and BSS selection * dropped support for libnl 1.1 * added support for nl80211 control port for EAPOL frame TX/RX * fixed OWE key derivation with groups 20 and 21; this breaks backwards compatibility for these groups while the default group 19 remains backwards compatible * added support for Beacon protection * added support for Extended Key ID for pairwise keys * removed WEP support from the default build (CONFIG_WEP=y can be used to enable it, if really needed) * added a build option to remove TKIP support (CONFIG_NO_TKIP=y) * added support for Transition Disable mechanism to allow the AP to automatically disable transition mode to improve security * extended D-Bus interface * added support for PASN * added a file-based backend for external password storage to allow secret information to be moved away from the main configuration file without requiring external tools * added EAP-TLS peer support for TLS 1.3 (disabled by default for now) * added support for SCS, MSCS, DSCP policy * changed driver interface selection to default to automatic fallback to other compiled in options * a large number of other fixes, cleanup, and extensions - drop wpa_supplicant-p2p_iname_size.diff, CVE-2021-30004.patch, CVE-2021-27803.patch, CVE-2021-0326.patch, CVE-2019-16275.patch: upstream - refresh config from 2.10 defconfig, re-enable CONFIG_WEP * Mon Jan 10 2022 Johannes Segitz <jsegitz@suse.com> - Added hardening to systemd service(s) (bsc#1181400). Modified: * wpa_supplicant.service * Tue Apr 06 2021 Clemens Famulla-Conrad <cfamullaconrad@suse.com> - Add CVE-2021-30004.patch -- forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c (bsc#1184348) * Wed Mar 03 2021 Clemens Famulla-Conrad <cfamullaconrad@suse.com> - Fix systemd device ready dependencies in wpa_supplicant@.service file. (see: https://forums.opensuse.org/showthread.php/547186-wpa_supplicant-service-fails-on-boot-succeeds-on-restart?p=2982844#post2982844) * Sat Feb 27 2021 Clemens Famulla-Conrad <cfamullaconrad@suse.com> - Add CVE-2021-27803.patch -- P2P provision discovery processing vulnerability (bsc#1182805) * Thu Feb 04 2021 Clemens Famulla-Conrad <cfamullaconrad@suse.com> - Add CVE-2021-0326.patch -- P2P group information processing vulnerability (bsc#1181777)
/etc/wpa_supplicant /etc/wpa_supplicant/wpa_supplicant.conf /run/wpa_supplicant /usr/etc/logrotate.d/wpa_supplicant /usr/lib/systemd/system/dbus-fi.epitest.hostap.WPASupplicant.service /usr/lib/systemd/system/dbus-fi.w1.wpa_supplicant1.service /usr/lib/systemd/system/wpa_supplicant.service /usr/lib/systemd/system/wpa_supplicant@.service /usr/sbin/eapol_test /usr/sbin/rcwpa_supplicant /usr/sbin/wpa_cli /usr/sbin/wpa_passphrase /usr/sbin/wpa_supplicant /usr/share/dbus-1/system-services /usr/share/dbus-1/system-services/fi.epitest.hostap.WPASupplicant.service /usr/share/dbus-1/system-services/fi.w1.wpa_supplicant1.service /usr/share/dbus-1/system.d/wpa_supplicant.conf /usr/share/doc/packages/wpa_supplicant /usr/share/doc/packages/wpa_supplicant/ChangeLog /usr/share/doc/packages/wpa_supplicant/README /usr/share/doc/packages/wpa_supplicant/examples /usr/share/doc/packages/wpa_supplicant/examples/60_wpa_supplicant /usr/share/doc/packages/wpa_supplicant/examples/dbus-listen-preq.py /usr/share/doc/packages/wpa_supplicant/examples/dpp-nfc.py /usr/share/doc/packages/wpa_supplicant/examples/dpp-qrcode.py /usr/share/doc/packages/wpa_supplicant/examples/ieee8021x.conf /usr/share/doc/packages/wpa_supplicant/examples/openCryptoki.conf /usr/share/doc/packages/wpa_supplicant/examples/p2p /usr/share/doc/packages/wpa_supplicant/examples/p2p-action-udhcp.sh /usr/share/doc/packages/wpa_supplicant/examples/p2p-action.sh /usr/share/doc/packages/wpa_supplicant/examples/p2p-nfc.py /usr/share/doc/packages/wpa_supplicant/examples/p2p/p2p_connect.py /usr/share/doc/packages/wpa_supplicant/examples/p2p/p2p_disconnect.py /usr/share/doc/packages/wpa_supplicant/examples/p2p/p2p_find.py /usr/share/doc/packages/wpa_supplicant/examples/p2p/p2p_flush.py /usr/share/doc/packages/wpa_supplicant/examples/p2p/p2p_group_add.py /usr/share/doc/packages/wpa_supplicant/examples/p2p/p2p_invite.py /usr/share/doc/packages/wpa_supplicant/examples/p2p/p2p_listen.py /usr/share/doc/packages/wpa_supplicant/examples/p2p/p2p_stop_find.py /usr/share/doc/packages/wpa_supplicant/examples/plaintext.conf /usr/share/doc/packages/wpa_supplicant/examples/udhcpd-p2p.conf /usr/share/doc/packages/wpa_supplicant/examples/wep.conf /usr/share/doc/packages/wpa_supplicant/examples/wpa-psk-tkip.conf /usr/share/doc/packages/wpa_supplicant/examples/wpa2-eap-ccmp.conf /usr/share/doc/packages/wpa_supplicant/examples/wpas-dbus-new-getall.py /usr/share/doc/packages/wpa_supplicant/examples/wpas-dbus-new-signals.py /usr/share/doc/packages/wpa_supplicant/examples/wpas-dbus-new-wps.py /usr/share/doc/packages/wpa_supplicant/examples/wpas-dbus-new.py /usr/share/doc/packages/wpa_supplicant/examples/wps-ap-cli /usr/share/doc/packages/wpa_supplicant/examples/wps-nfc.py /usr/share/doc/packages/wpa_supplicant/todo.txt /usr/share/doc/packages/wpa_supplicant/wpa_supplicant.conf /usr/share/licenses/wpa_supplicant /usr/share/licenses/wpa_supplicant/COPYING /usr/share/man/man5/wpa_supplicant.conf.5.gz /usr/share/man/man8/eapol_test.8.gz /usr/share/man/man8/wpa_background.8.gz /usr/share/man/man8/wpa_cli.8.gz /usr/share/man/man8/wpa_passphrase.8.gz /usr/share/man/man8/wpa_supplicant.8.gz
Generated by rpm2html 1.8.1
Fabrice Bellet, Fri Nov 15 01:09:04 2024