SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for wpa_supplicant-gui-2.11-193.2.x86_64.rpm :

* Fri Sep 20 2024 Clemens Famulla-Conrad - Revert \"Mark authorization completed on driver indication during 4-way HS offload\" because of WPA2-PSK/WPA-SAE connection problems with brcmfmac wifi hardware. (bsc#1230797) [+ Revert-Mark-authorization-completed-on-driver-indica.patch]
* Wed Sep 11 2024 Clemens Famulla-Conrad - update to v2.11:
* Wi-Fi Easy Connect - add support for DPP release 3 - allow Configurator parameters to be provided during config exchange
* HE/IEEE 802.11ax/Wi-Fi 6 - various fixes
* EHT/IEEE 802.11be/Wi-Fi 7 - add preliminary support
* SAE: add support for fetching the password from a RADIUS server
* support OpenSSL 3.0 API changes
* support background radar detection and CAC with some additional drivers
* support RADIUS ACL/PSK check during 4-way handshake (wpa_psk_radius=3)
* EAP-SIM/AKA: support IMSI privacy
* improve 4-way handshake operations - use Secure=1 in message 3 during PTK rekeying
* OCV: do not check Frequency Segment 1 Channel Number for 160 MHz cases to avoid interoperability issues
* support new SAE AKM suites with variable length keys
* support new AKM for 802.1X/EAP with SHA384
* extend PASN support for secure ranging
* FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP) - this is based on additional details being added in the IEEE 802.11 standard - the new implementation is not backwards compatible
* improved ACS to cover additional channel types/bandwidths
* extended Multiple BSSID support
* fix beacon protection with FT protocol (incorrect BIGTK was provided)
* support unsynchronized service discovery (USD)
* add preliminary support for RADIUS/TLS
* add support for explicit SSID protection in 4-way handshake (a mitigation for CVE-2023-52424; disabled by default for now, can be enabled with ssid_protection=1)
* fix SAE H2E rejected groups validation to avoid downgrade attacks
* use stricter validation for some RADIUS messages
* a large number of other fixes, cleanup, and extensions- refresh patches: wpa_supplicant-dump-certificate-as-PEM-in-debug-mode.diff wpa_supplicant-sigusr1-changes-debuglevel.patch- drop patches: CVE-2023-52160.patch dbus-Fix-property-DebugShowKeys-and-DebugTimestamp.patch
* Thu Feb 15 2024 Clemens Famulla-Conrad - Add CVE-2023-52160.patch - Bypassing WiFi Authentication (bsc#1219975)
* Tue May 16 2023 Callum Farmer - Change ctrl_interface from /var/run to %_rundir (/run)
* Thu Sep 01 2022 Stefan Schubert - Migration to /usr/etc: Saving user changed configuration files in /etc and restoring them while an RPM update.
* Tue Jul 05 2022 Clemens Famulla-Conrad - Add dbus-Fix-property-DebugShowKeys-and-DebugTimestamp.patch (bsc#1201219)
* Tue Jun 21 2022 Stefan Schubert - Removed %config flag for files in /usr directory.
* Tue Jun 21 2022 Stefan Schubert - Moved logrotate files from user specific directory /etc/logrotate.d to vendor specific directory /usr/etc/logrotate.d.
* Mon Jun 20 2022 Clemens Famulla-Conrad - Remove Revert-DBus-Add-sae-to-interface-key_mgmt-capabilities.patch Fixed in NetworkManager (glfo#NetworkManager/NetworkManager#a0988868). Wifi cards, wich do not support PMF/BIP ciphers, should not use SAE as key management. (bsc#1195312)
* Wed Jun 08 2022 Callum Farmer - Move the dbus-1 system.d file to /usr (bsc#1200342)
* Sat Feb 05 2022 Hans-Peter Jansen - Apply Revert-DBus-Add-sae-to-interface-key_mgmt-capabilities.patch to fix connect with AVM FB, if WPA3 transition mode is activated, e.g. Wifi -> Security: is WPA2 + WPA3, alt. switch to WPA2 (CCMP) (bsc#1195312)
* Tue Feb 01 2022 Dirk Müller - drop restore-old-dbus-interface.patch, wicked has been switching to the new dbus interface in version 0.6.66.- drop wpa_supplicant-getrandom.patch : glibc has been updated so the getrandom() wrapper is now there- config:
* enable QCA vendor extensions to nl80211
* enable EAP-EKE
* Support HT overrides
* WPA3-Enterprise
* TLS v1.1 and TLS v1.2
* Fast Session Transfer (FST)
* Automatic Channel Selection
* Multi Band Operation
* Fast Initial Link Setup
* Mesh Networking (IEEE 802.11s)
* Mon Jan 31 2022 Dirk Müller - config:
* Reenable Fast BSS Transition (likely fixing bsc#1195312)
* Enable OCV, security feature that prevents MITM multi-channel attacks
* Enable OWE for better hotspot support
* Sun Jan 23 2022 Dirk Müller - update to 2.10.0:
* SAE changes - improved protection against side channel attacks [https://w1.fi/security/2022-1/] - added support for the hash-to-element mechanism (sae_pwe=1 or sae_pwe=2); this is currently disabled by default, but will likely get enabled by default in the future - fixed PMKSA caching with OKC - added support for SAE-PK
* EAP-pwd changes - improved protection against side channel attacks [https://w1.fi/security/2022-1/]
* fixed P2P provision discovery processing of a specially constructed invalid frame [https://w1.fi/security/2021-1/]
* fixed P2P group information processing of a specially constructed invalid frame [https://w1.fi/security/2020-2/]
* fixed PMF disconnection protection bypass in AP mode [https://w1.fi/security/2019-7/]
* added support for using OpenSSL 3.0
* increased the maximum number of EAP message exchanges (mainly to support cases with very large certificates)
* fixed various issues in experimental support for EAP-TEAP peer
* added support for DPP release 2 (Wi-Fi Device Provisioning Protocol)
* a number of MKA/MACsec fixes and extensions
* added support for SAE (WPA3-Personal) AP mode configuration
* added P2P support for EDMG (IEEE 802.11ay) channels
* fixed EAP-FAST peer with TLS GCM/CCM ciphers
* improved throughput estimation and BSS selection
* dropped support for libnl 1.1
* added support for nl80211 control port for EAPOL frame TX/RX
* fixed OWE key derivation with groups 20 and 21; this breaks backwards compatibility for these groups while the default group 19 remains backwards compatible
* added support for Beacon protection
* added support for Extended Key ID for pairwise keys
* removed WEP support from the default build (CONFIG_WEP=y can be used to enable it, if really needed)
* added a build option to remove TKIP support (CONFIG_NO_TKIP=y)
* added support for Transition Disable mechanism to allow the AP to automatically disable transition mode to improve security
* extended D-Bus interface
* added support for PASN
* added a file-based backend for external password storage to allow secret information to be moved away from the main configuration file without requiring external tools
* added EAP-TLS peer support for TLS 1.3 (disabled by default for now)
* added support for SCS, MSCS, DSCP policy
* changed driver interface selection to default to automatic fallback to other compiled in options
* a large number of other fixes, cleanup, and extensions- drop wpa_supplicant-p2p_iname_size.diff, CVE-2021-30004.patch, CVE-2021-27803.patch, CVE-2021-0326.patch, CVE-2019-16275.patch: upstream- refresh config from 2.10 defconfig, re-enable CONFIG_WEP
* Mon Jan 10 2022 Johannes Segitz - Added hardening to systemd service(s) (bsc#1181400). Modified:
* wpa_supplicant.service
* Tue Apr 06 2021 Clemens Famulla-Conrad - Add CVE-2021-30004.patch -- forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c (bsc#1184348)
* Wed Mar 03 2021 Clemens Famulla-Conrad - Fix systemd device ready dependencies in wpa_supplicantAATT.service file. (see: https://forums.opensuse.org/showthread.php/547186-wpa_supplicant-service-fails-on-boot-succeeds-on-restart?p=2982844#post2982844)
* Sat Feb 27 2021 Clemens Famulla-Conrad - Add CVE-2021-27803.patch -- P2P provision discovery processing vulnerability (bsc#1182805)
* Thu Feb 04 2021 Clemens Famulla-Conrad - Add CVE-2021-0326.patch -- P2P group information processing vulnerability (bsc#1181777)
  
ICM