SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for wpa_supplicant-gui-2.10-2.1.x86_64.rpm :

* Thu Sep 01 2022 Stefan Schubert - Migration to /usr/etc: Saving user changed configuration files in /etc and restoring them while an RPM update.
* Tue Jul 05 2022 Clemens Famulla-Conrad - Add dbus-Fix-property-DebugShowKeys-and-DebugTimestamp.patch (bsc#1201219)
* Tue Jun 21 2022 Stefan Schubert - Removed %config flag for files in /usr directory.
* Tue Jun 21 2022 Stefan Schubert - Moved logrotate files from user specific directory /etc/logrotate.d to vendor specific directory /usr/etc/logrotate.d.
* Mon Jun 20 2022 Clemens Famulla-Conrad - Remove Revert-DBus-Add-sae-to-interface-key_mgmt-capabilities.patch Fixed in NetworkManager (glfo#NetworkManager/NetworkManager#a0988868). Wifi cards, wich do not support PMF/BIP ciphers, should not use SAE as key management. (bsc#1195312)
* Wed Jun 08 2022 Callum Farmer - Move the dbus-1 system.d file to /usr (bsc#1200342)
* Sat Feb 05 2022 Hans-Peter Jansen - Apply Revert-DBus-Add-sae-to-interface-key_mgmt-capabilities.patch to fix connect with AVM FB, if WPA3 transition mode is activated, e.g. Wifi -> Security: is WPA2 + WPA3, alt. switch to WPA2 (CCMP) (bsc#1195312)
* Tue Feb 01 2022 Dirk Müller - drop restore-old-dbus-interface.patch, wicked has been switching to the new dbus interface in version 0.6.66.- drop wpa_supplicant-getrandom.patch : glibc has been updated so the getrandom() wrapper is now there- config:
* enable QCA vendor extensions to nl80211
* enable EAP-EKE
* Support HT overrides
* WPA3-Enterprise
* TLS v1.1 and TLS v1.2
* Fast Session Transfer (FST)
* Automatic Channel Selection
* Multi Band Operation
* Fast Initial Link Setup
* Mesh Networking (IEEE 802.11s)
* Mon Jan 31 2022 Dirk Müller - config:
* Reenable Fast BSS Transition (likely fixing bsc#1195312)
* Enable OCV, security feature that prevents MITM multi-channel attacks
* Enable OWE for better hotspot support
* Sun Jan 23 2022 Dirk Müller - update to 2.10.0:
* SAE changes - improved protection against side channel attacks [https://w1.fi/security/2022-1/] - added support for the hash-to-element mechanism (sae_pwe=1 or sae_pwe=2); this is currently disabled by default, but will likely get enabled by default in the future - fixed PMKSA caching with OKC - added support for SAE-PK
* EAP-pwd changes - improved protection against side channel attacks [https://w1.fi/security/2022-1/]
* fixed P2P provision discovery processing of a specially constructed invalid frame [https://w1.fi/security/2021-1/]
* fixed P2P group information processing of a specially constructed invalid frame [https://w1.fi/security/2020-2/]
* fixed PMF disconnection protection bypass in AP mode [https://w1.fi/security/2019-7/]
* added support for using OpenSSL 3.0
* increased the maximum number of EAP message exchanges (mainly to support cases with very large certificates)
* fixed various issues in experimental support for EAP-TEAP peer
* added support for DPP release 2 (Wi-Fi Device Provisioning Protocol)
* a number of MKA/MACsec fixes and extensions
* added support for SAE (WPA3-Personal) AP mode configuration
* added P2P support for EDMG (IEEE 802.11ay) channels
* fixed EAP-FAST peer with TLS GCM/CCM ciphers
* improved throughput estimation and BSS selection
* dropped support for libnl 1.1
* added support for nl80211 control port for EAPOL frame TX/RX
* fixed OWE key derivation with groups 20 and 21; this breaks backwards compatibility for these groups while the default group 19 remains backwards compatible
* added support for Beacon protection
* added support for Extended Key ID for pairwise keys
* removed WEP support from the default build (CONFIG_WEP=y can be used to enable it, if really needed)
* added a build option to remove TKIP support (CONFIG_NO_TKIP=y)
* added support for Transition Disable mechanism to allow the AP to automatically disable transition mode to improve security
* extended D-Bus interface
* added support for PASN
* added a file-based backend for external password storage to allow secret information to be moved away from the main configuration file without requiring external tools
* added EAP-TLS peer support for TLS 1.3 (disabled by default for now)
* added support for SCS, MSCS, DSCP policy
* changed driver interface selection to default to automatic fallback to other compiled in options
* a large number of other fixes, cleanup, and extensions- drop wpa_supplicant-p2p_iname_size.diff, CVE-2021-30004.patch, CVE-2021-27803.patch, CVE-2021-0326.patch, CVE-2019-16275.patch: upstream- refresh config from 2.10 defconfig, re-enable CONFIG_WEP
* Mon Jan 10 2022 Johannes Segitz - Added hardening to systemd service(s) (bsc#1181400). Modified:
* wpa_supplicant.service
* Tue Apr 06 2021 Clemens Famulla-Conrad - Add CVE-2021-30004.patch -- forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c (bsc#1184348)
* Wed Mar 03 2021 Clemens Famulla-Conrad - Fix systemd device ready dependencies in wpa_supplicantAATT.service file. (see: https://forums.opensuse.org/showthread.php/547186-wpa_supplicant-service-fails-on-boot-succeeds-on-restart?p=2982844#post2982844)
* Sat Feb 27 2021 Clemens Famulla-Conrad - Add CVE-2021-27803.patch -- P2P provision discovery processing vulnerability (bsc#1182805)
* Thu Feb 04 2021 Clemens Famulla-Conrad - Add CVE-2021-0326.patch -- P2P group information processing vulnerability (bsc#1181777)
* Tue Oct 06 2020 Florian - Add wpa_supplicant-p2p_iname_size.diff -- Limit P2P_DEVICE name to appropriate ifname size (https://patchwork.ozlabs.org/project/hostap/patch/20200825062902.124600-1-benjaminAATTsipsolutions.net/)
* Tue Sep 22 2020 Clemens Famulla-Conrad - Fix spec file for SLE12, use make %{?_smp_mflags} instead of %make_build
* Tue Sep 22 2020 Jonathan Kang - Enable SAE support(jsc#SLE-14992).
* Thu Apr 23 2020 Clemens Famulla-Conrad - Add CVE-2019-16275.patch -- AP mode PMF disconnection protection bypass (bsc#1150934)
* Fri Apr 17 2020 Bernhard Wiedemann - Add restore-old-dbus-interface.patch to fix wicked wlan (boo#1156920)- Restore fi.epitest.hostap.WPASupplicant.service (bsc#1167331)
* Thu Mar 26 2020 Clemens Famulla-Conrad - With v2.9 fi.epitest.hostap.WPASupplicant.service is obsolete (bsc#1167331)
* Thu Mar 26 2020 Илья Индиго - Change wpa_supplicant.service to ensure wpa_supplicant gets started before network. Fix WLAN config on boot with wicked. (boo#1166933)
* Fri Feb 28 2020 Tomáš Chvátal - Adjust the service to start after network.target wrt bsc#1165266
* Mon Nov 04 2019 Tomáš Chvátal - Update to 2.9 release:
* SAE changes - disable use of groups using Brainpool curves - improved protection against side channel attacks [https://w1.fi/security/2019-6/]
* EAP-pwd changes - disable use of groups using Brainpool curves - allow the set of groups to be configured (eap_pwd_groups) - improved protection against side channel attacks [https://w1.fi/security/2019-6/]
* fixed FT-EAP initial mobility domain association using PMKSA caching (disabled by default for backwards compatibility; can be enabled with ft_eap_pmksa_caching=1)
* fixed a regression in OpenSSL 1.1+ engine loading
* added validation of RSNE in (Re)Association Response frames
* fixed DPP bootstrapping URI parser of channel list
* extended EAP-SIM/AKA fast re-authentication to allow use with FILS
* extended ca_cert_blob to support PEM format
* improved robustness of P2P Action frame scheduling
* added support for EAP-SIM/AKA using anonymousAATTrealm identity
* fixed Hotspot 2.0 credential selection based on roaming consortium to ignore credentials without a specific EAP method
* added experimental support for EAP-TEAP peer (RFC 7170)
* added experimental support for EAP-TLS peer with TLS v1.3
* fixed a regression in WMM parameter configuration for a TDLS peer
* fixed a regression in operation with drivers that offload 802.1X 4-way handshake
* fixed an ECDH operation corner case with OpenSSL
* SAE changes - added support for SAE Password Identifier - changed default configuration to enable only groups 19, 20, 21 (i.e., disable groups 25 and 26) and disable all unsuitable groups completely based on REVmd changes - do not regenerate PWE unnecessarily when the AP uses the anti-clogging token mechanisms - fixed some association cases where both SAE and FT-SAE were enabled on both the station and the selected AP - started to prefer FT-SAE over SAE AKM if both are enabled - started to prefer FT-SAE over FT-PSK if both are enabled - fixed FT-SAE when SAE PMKSA caching is used - reject use of unsuitable groups based on new implementation guidance in REVmd (allow only FFC groups with prime >= 3072 bits and ECC groups with prime >= 256) - minimize timing and memory use differences in PWE derivation [https://w1.fi/security/2019-1/] (CVE-2019-9494, bsc#1131868)
* EAP-pwd changes - minimize timing and memory use differences in PWE derivation [https://w1.fi/security/2019-2/] (CVE-2019-9495, bsc#1131870) - verify server scalar/element [https://w1.fi/security/2019-4/] (CVE-2019-9497, CVE-2019-9498, CVE-2019-9499, bsc#1131874, bsc#1131872, bsc#1131871, bsc#1131644) - fix message reassembly issue with unexpected fragment [https://w1.fi/security/2019-5/] (CVE-2019-11555, bsc#1133640) - enforce rand,mask generation rules more strictly - fix a memory leak in PWE derivation - disallow ECC groups with a prime under 256 bits (groups 25, 26, and 27) - SAE/EAP-pwd side-channel attack update [https://w1.fi/security/2019-6/] (CVE-2019-13377, bsc#1144443)
* fixed CONFIG_IEEE80211R=y (FT) build without CONFIG_FILS=y
* Hotspot 2.0 changes - do not indicate release number that is higher than the one AP supports - added support for release number 3 - enable PMF automatically for network profiles created from credentials
* fixed OWE network profile saving
* fixed DPP network profile saving
* added support for RSN operating channel validation (CONFIG_OCV=y and network profile parameter ocv=1)
* added Multi-AP backhaul STA support
* fixed build with LibreSSL
* number of MKA/MACsec fixes and extensions
* extended domain_match and domain_suffix_match to allow list of values
* fixed dNSName matching in domain_match and domain_suffix_match when using wolfSSL
* started to prefer FT-EAP-SHA384 over WPA-EAP-SUITE-B-192 AKM if both are enabled
* extended nl80211 Connect and external authentication to support SAE, FT-SAE, FT-EAP-SHA384
* fixed KEK2 derivation for FILS+FT
* extended client_cert file to allow loading of a chain of PEM encoded certificates
* extended beacon reporting functionality
* extended D-Bus interface with number of new properties
* fixed a regression in FT-over-DS with mac80211-based drivers
* OpenSSL: allow systemwide policies to be overridden
* extended driver flags indication for separate 802.1X and PSK 4-way handshake offload capability
* added support for random P2P Device/Interface Address use
* extended PEAP to derive EMSK to enable use with ERP/FILS
* extended WPS to allow SAE configuration to be added automatically for PSK (wps_cred_add_sae=1)
* removed support for the old D-Bus interface (CONFIG_CTRL_IFACE_DBUS)
* extended domain_match and domain_suffix_match to allow list of values
* added a RSN workaround for misbehaving PMF APs that advertise IGTK/BIP KeyID using incorrect byte order
* fixed PTK rekeying with FILS and FT
* fixed WPA packet number reuse with replayed messages and key reinstallation [https://w1.fi/security/2017-1/] (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)
* fixed unauthenticated EAPOL-Key decryption in wpa_supplicant [https://w1.fi/security/2018-1/] (CVE-2018-14526)
* added support for FILS (IEEE 802.11ai) shared key authentication
* added support for OWE (Opportunistic Wireless Encryption, RFC 8110; and transition mode defined by WFA)
* added support for DPP (Wi-Fi Device Provisioning Protocol)
* added support for RSA 3k key case with Suite B 192-bit level
* fixed Suite B PMKSA caching not to update PMKID during each 4-way handshake
* fixed EAP-pwd pre-processing with PasswordHashHash
* added EAP-pwd client support for salted passwords
* fixed a regression in TDLS prohibited bit validation
* started to use estimated throughput to avoid undesired signal strength based roaming decision
* MACsec/MKA: - new macsec_linux driver interface support for the Linux kernel macsec module - number of fixes and extensions
* added support for external persistent storage of PMKSA cache (PMKSA_GET/PMKSA_ADD control interface commands; and MESH_PMKSA_GET/MESH_PMKSA_SET for the mesh case)
* fixed mesh channel configuration pri/sec switch case
* added support for beacon report
* large number of other fixes, cleanup, and extensions
* added support for randomizing local address for GAS queries (gas_rand_mac_addr parameter)
* fixed EAP-SIM/AKA/AKA\' ext auth cases within TLS tunnel
* added option for using random WPS UUID (auto_uuid=1)
* added SHA256-hash support for OCSP certificate matching
* fixed EAP-AKA\' to add AT_KDF into Synchronization-Failure
* fixed a regression in RSN pre-authentication candidate selection
* added option to configure allowed group management cipher suites (group_mgmt network profile parameter)
* removed all PeerKey functionality
* fixed nl80211 AP and mesh mode configuration regression with Linux 4.15 and newer
* added ap_isolate configuration option for AP mode
* added support for nl80211 to offload 4-way handshake into the driver
* added support for using wolfSSL cryptographic library
* SAE - added support for configuring SAE password separately of the WPA2 PSK/passphrase - fixed PTK and EAPOL-Key integrity and key-wrap algorithm selection for SAE; note: this is not backwards compatible, i.e., both the AP and station side implementations will need to be update at the same time to maintain interoperability - added support for Password Identifier - fixed FT-SAE PMKID matching
* Hotspot 2.0 - added support for fetching of Operator Icon Metadata ANQP-element - added support for Roaming Consortium Selection element - added support for Terms and Conditions - added support for OSEN connection in a shared RSN BSS - added support for fetching Venue URL information
* added support for using OpenSSL 1.1.1
* FT - disabled PMKSA caching with FT since it is not fully functional - added support for SHA384 based AKM - added support for BIP ciphers BIP-CMAC-256, BIP-GMAC-128, BIP-GMAC-256 in addition to previously supported BIP-CMAC-128 - fixed additional IE inclusion in Reassociation Request frame when using FT protocol- Drop merged patches:
* rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
* rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
* rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
* rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch
* rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
* rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch
* rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
* rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
* rebased-v2.6-0009-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch
* wpa_supplicant-bnc-1099835-fix-private-key-password.patch
* wpa_supplicant-bnc-1099835-clear-default_passwd_cb.patch
* wpa_supplicant-log-file-permission.patch
* wpa_supplicant-log-file-cloexec.patch
* wpa_supplicant-git-fa67debf4c6ddbc881a212b175faa6d5d0d90c8c.patch
* wpa_supplicant-git-f5b74b966c942feb95a8ddbb7d130540b15b796d.patch- Rebase patches:
* wpa_supplicant-getrandom.patch
* Mon Jul 29 2019 Илья Индиго - Refresh spec-file via spec-cleaner and manual optimizations.
* Change URL and Source0 to actual project homepage.
* Remove macro %{?systemd_requires} and rm (not needed).
* Add %autopatch macro.
* Add %make_build macro.- Chenged patch wpa_supplicant-flush-debug-output.patch (to -p1).- Changed service-files for start after network (systemd-networkd).
* Fri Nov 02 2018 Илья Индиго - Refresh spec-file: add %license tag.
* Tue Oct 16 2018 Karol Babioch - Renamed patches: - wpa-supplicant-log-file-permission.patch -> wpa_supplicant-log-file-permission.patch - wpa-supplicant-log-file-cloexec.patch -> wpa_supplicant-log-file-cloexec.patch- wpa_supplicant-log-file-permission.patch: Using O_WRONLY flag- Enabled timestamps in log files (bsc#1080798)
* Mon Oct 15 2018 roAATTsuse.de- compile eapol_test binary to allow testing via radius proxy and server (note: this does not match CONFIG_EAPOL_TEST which sets -Werror and activates an assert call inside the code of wpa_supplicant) (bsc#1111873), (fate#326725)- add patch to fix wrong operator precedence in ieee802_11.c wpa_supplicant-git-fa67debf4c6ddbc881a212b175faa6d5d0d90c8c.patch- add patch to avoid redefinition of __bitwise macro wpa_supplicant-git-f5b74b966c942feb95a8ddbb7d130540b15b796d.patch
* Fri Oct 12 2018 Karol Babioch - Added wpa-supplicant-log-file-permission.patch: Fixes the default file permissions of the debug log file to more sane values, i.e. it is no longer world-readable (bsc#1098854).- Added wpa-supplicant-log-file-cloexec.patch: Open the debug log file with O_CLOEXEC, which will prevent file descriptor leaking to child processes (bsc#1098854).
* Thu Oct 11 2018 Karol Babioch - Added rebased-v2.6-0009-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch: Ignore unauthenticated encrypted EAPOL-Key data (CVE-2018-14526, bsc#1104205).
* Fri Sep 21 2018 Karol Babioch - Enabled PWD as EAP method. This allows for password-based authentication, which is easier to setup than most of the other methods, and is used by the Eduroam network (bsc#1109209).
* Fri Jul 20 2018 roAATTsuse.de- add two patches from upstream to fix reading private key passwords from the configuration file (bsc#1099835) - add patch for git 89971d8b1e328a2f79699c953625d1671fd40384 wpa_supplicant-bnc-1099835-clear-default_passwd_cb.patch - add patch for git f665c93e1d28fbab3d9127a8c3985cc32940824f wpa_supplicant-bnc-1099835-fix-private-key-password.patch
  
ICM