Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package wpa_supplicant for openSUSE:Factory checked in at 2022-02-10 23:11:30 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/wpa_supplicant (Old) and /work/SRC/openSUSE:Factory/.wpa_supplicant.new.1956 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "wpa_supplicant" Thu Feb 10 23:11:30 2022 rev:91 rq:952645 version:2.10 Changes: -------- --- /work/SRC/openSUSE:Factory/wpa_supplicant/wpa_supplicant.changes 2022-01-26 21:26:56.894007398 +0100 +++ /work/SRC/openSUSE:Factory/.wpa_supplicant.new.1956/wpa_supplicant.changes 2022-02-10 23:11:35.684135163 +0100 @@ -1,0 +2,36 @@ +Sat Feb 5 09:28:52 UTC 2022 - Hans-Peter Jansen <[email protected]> + +- Apply Revert-DBus-Add-sae-to-interface-key_mgmt-capabilities.patch + to fix connect with AVM FB, if WPA3 transition mode is activated, + e.g. Wifi -> Security: is WPA2 + WPA3, alt. switch to WPA2 (CCMP) + (bsc#1195312) + +------------------------------------------------------------------- +Tue Feb 1 19:41:41 UTC 2022 - Dirk M??ller <[email protected]> + +- drop restore-old-dbus-interface.patch, wicked has been + switching to the new dbus interface in version 0.6.66. +- drop wpa_supplicant-getrandom.patch : glibc has been updated + so the getrandom() wrapper is now there +- config: + * enable QCA vendor extensions to nl80211 + * enable EAP-EKE + * Support HT overrides + * WPA3-Enterprise + * TLS v1.1 and TLS v1.2 + * Fast Session Transfer (FST) + * Automatic Channel Selection + * Multi Band Operation + * Fast Initial Link Setup + * Mesh Networking (IEEE 802.11s) + +------------------------------------------------------------------- +Mon Jan 31 19:42:36 UTC 2022 - Dirk M??ller <[email protected]> + +- config: + * Reenable Fast BSS Transition (likely fixing bsc#1195312) + * Enable OCV, security feature that prevents MITM + multi-channel attacks + * Enable OWE for better hotspot support + +------------------------------------------------------------------- Old: ---- restore-old-dbus-interface.patch wpa_supplicant-getrandom.patch New: ---- Revert-DBus-Add-sae-to-interface-key_mgmt-capabilities.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ wpa_supplicant.spec ++++++ --- /var/tmp/diff_new_pack.TY83sd/_old 2022-02-10 23:11:36.640137585 +0100 +++ /var/tmp/diff_new_pack.TY83sd/_new 2022-02-10 23:11:36.644137595 +0100 @@ -37,9 +37,8 @@ # is not portable Patch2: wpa_supplicant-sigusr1-changes-debuglevel.patch Patch3: wpa_supplicant-alloc_size.patch -Patch4: wpa_supplicant-getrandom.patch Patch5: wpa_supplicant-dump-certificate-as-PEM-in-debug-mode.diff -Patch6: restore-old-dbus-interface.patch +Patch7: Revert-DBus-Add-sae-to-interface-key_mgmt-capabilities.patch BuildRequires: pkgconfig BuildRequires: readline-devel BuildRequires: systemd-rpm-macros ++++++ Revert-DBus-Add-sae-to-interface-key_mgmt-capabilities.patch ++++++ >From 7a9c36722511ce4df88b76cceceb241d6c6a151e Mon Sep 17 00:00:00 2001 From: Brian Norris <[email protected]> Date: Fri, 28 Feb 2020 15:50:47 -0800 Subject: [PATCH] DBus: Add "sae" to interface key_mgmt capabilities This will be present when the driver supports SAE and it's included in the wpa_supplicant build. Signed-off-by: Brian Norris <[email protected]> --- doc/dbus.doxygen | 2 +- wpa_supplicant/dbus/dbus_new_handlers.c | 6 ------ 2 files changed, 1 insertion(+), 7 deletions(-) diff --git b/wpa_supplicant/dbus/dbus_new_handlers.c a/wpa_supplicant/dbus/dbus_new_handlers.c index c842c50e9..55c5dbc99 100644 --- b/wpa_supplicant/dbus/dbus_new_handlers.c +++ a/wpa_supplicant/dbus/dbus_new_handlers.c @@ -2798,12 +2798,6 @@ dbus_bool_t wpas_dbus_getter_capabilities( goto nomem; #endif /* CONFIG_WPS */ -#ifdef CONFIG_SAE - if ((capa.key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_SAE) && - !wpa_dbus_dict_string_array_add_element(&iter_array, "sae")) - goto nomem; -#endif /* CONFIG_SAE */ - #ifdef CONFIG_OWE if ((capa.key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_OWE) && !wpa_dbus_dict_string_array_add_element(&iter_array, "owe")) -- 2.34.1 ++++++ config ++++++ --- /var/tmp/diff_new_pack.TY83sd/_old 2022-02-10 23:11:36.732137817 +0100 +++ /var/tmp/diff_new_pack.TY83sd/_new 2022-02-10 23:11:36.736137828 +0100 @@ -32,7 +32,7 @@ CONFIG_DRIVER_NL80211=y # QCA vendor extensions to nl80211 -#CONFIG_DRIVER_NL80211_QCA=y +CONFIG_DRIVER_NL80211_QCA=y # driver_nl80211.c requires libnl. If you are compiling it yourself # you may need to point hostapd to your version of libnl. @@ -83,7 +83,7 @@ #CONFIG_DRIVER_ROBOSWITCH=y # Driver interface for no driver (e.g., WPS ER only) -#CONFIG_DRIVER_NONE=y +CONFIG_DRIVER_NONE=y # Solaris libraries #LIBS += -lsocket -ldlpi -lnsl @@ -172,7 +172,7 @@ CONFIG_WPS_ER=y # Disable credentials for an open network by default when acting as a WPS # registrar. -#CONFIG_WPS_REG_DISABLE_OPEN=y +CONFIG_WPS_REG_DISABLE_OPEN=y # Enable WPS support with NFC config method CONFIG_WPS_NFC=y @@ -180,7 +180,7 @@ CONFIG_EAP_IKEV2=y # EAP-EKE -#CONFIG_EAP_EKE=y +CONFIG_EAP_EKE=y # MACsec CONFIG_MACSEC=y @@ -198,10 +198,10 @@ #CONFIG_PCSC=y # Support HT overrides (disable HT/HT40, mask MCS rates, etc.) -#CONFIG_HT_OVERRIDES=y +CONFIG_HT_OVERRIDES=y # Support VHT overrides (disable VHT, mask MCS rates, etc.) -#CONFIG_VHT_OVERRIDES=y +CONFIG_VHT_OVERRIDES=y # Development testing #CONFIG_EAPOL_TEST=y @@ -248,6 +248,10 @@ # Simultaneous Authentication of Equals (SAE), WPA3-Personal CONFIG_SAE=y +# WPA3-Enterprise (SuiteB-192) +CONFIG_SUITEB=y +CONFIG_SUITEB192=y + # Disable scan result processing (ap_scan=1) to save code size by about 1 kB. # This can be used if ap_scan=1 mode is never enabled. #CONFIG_NO_SCAN_PROCESSING=y @@ -279,12 +283,12 @@ # unix = UNIX/POSIX like systems (default) # win32 = Windows systems # none = Empty template -#CONFIG_OS=unix +CONFIG_OS=unix # Select event loop implementation # eloop = select() loop (default) # eloop_win = Windows events and WaitForMultipleObject() loop -#CONFIG_ELOOP=eloop +CONFIG_ELOOP=eloop # Should we use poll instead of select? Select is used by default. #CONFIG_ELOOP_POLL=y @@ -302,7 +306,7 @@ # winpcap = WinPcap with receive thread # ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y) # none = Empty template -#CONFIG_L2_PACKET=linux +CONFIG_L2_PACKET=linux # Disable Linux packet socket workaround applicable for station interface # in a bridge for EAPOL frames. This should be uncommented only if the kernel @@ -311,7 +315,7 @@ #CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y # Support Operating Channel Validation -#CONFIG_OCV=y +CONFIG_OCV=y # Select TLS implementation # openssl = OpenSSL (default) @@ -319,25 +323,25 @@ # internal = Internal TLSv1 implementation (experimental) # linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental) # none = Empty template -#CONFIG_TLS=openssl +CONFIG_TLS=openssl # TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1) # can be enabled to get a stronger construction of messages when block ciphers # are used. It should be noted that some existing TLS v1.0 -based # implementation may not be compatible with TLS v1.1 message (ClientHello is # sent prior to negotiating which version will be used) -#CONFIG_TLSV11=y +CONFIG_TLSV11=y # TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2) # can be enabled to enable use of stronger crypto algorithms. It should be # noted that some existing TLS v1.0 -based implementation may not be compatible # with TLS v1.2 message (ClientHello is sent prior to negotiating which version # will be used) -#CONFIG_TLSV12=y +CONFIG_TLSV12=y # Select which ciphers to use by default with OpenSSL if the user does not # specify them. -#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW" +CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT@SECLEVEL=1" # If CONFIG_TLS=internal is used, additional library and include paths are # needed for LibTomMath. Alternatively, an integrated, minimal version of @@ -361,10 +365,6 @@ #CONFIG_NDIS_EVENTS_INTEGRATED=y #PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib" -# Add support for old DBus control interface -# (fi.epitest.hostap.WPASupplicant) -CONFIG_CTRL_IFACE_DBUS=y - # Add support for new DBus control interface # (fi.w1.wpa_supplicant1) CONFIG_CTRL_IFACE_DBUS_NEW=y @@ -395,6 +395,7 @@ # IEEE Std 802.11r-2008 (Fast BSS Transition) for station mode # CONFIG_IEEE80211R=y +CONFIG_IEEE80211R=y # Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt) CONFIG_DEBUG_FILE=y @@ -419,7 +420,7 @@ # Enable mitigation against certain attacks against TKIP by delaying Michael # MIC error reports by a random amount of time between 0 and 60 seconds -#CONFIG_DELAYED_MIC_ERROR_REPORT=y +CONFIG_DELAYED_MIC_ERROR_REPORT=y # Enable tracing code for developer debugging # This tracks use of memory allocations and other registrations and reports @@ -473,7 +474,7 @@ # Should we attempt to use the getrandom(2) call that provides more reliable # yet secure randomness source than /dev/random on Linux 3.17 and newer. # Requires glibc 2.25 to build, falls back to /dev/random if unavailable. -#CONFIG_GETRANDOM=y +CONFIG_GETRANDOM=y # IEEE 802.11ac (Very High Throughput) support (mainly for AP mode) CONFIG_IEEE80211AC=y @@ -523,9 +524,9 @@ # # Enabling directly a module will enable autoscan support. # For exponential module: -#CONFIG_AUTOSCAN_EXPONENTIAL=y +CONFIG_AUTOSCAN_EXPONENTIAL=y # For periodic module: -#CONFIG_AUTOSCAN_PERIODIC=y +CONFIG_AUTOSCAN_PERIODIC=y # Password (and passphrase, etc.) backend for external storage # These optional mechanisms can be used to add support for storing passwords @@ -538,7 +539,7 @@ #CONFIG_EXT_PASSWORD_FILE=y # Enable Fast Session Transfer (FST) -#CONFIG_FST=y +CONFIG_FST=y # Enable CLI commands for FST testing #CONFIG_FST_TEST=y @@ -570,15 +571,15 @@ # # For more details refer to: # http://wireless.kernel.org/en/users/Documentation/acs -#CONFIG_ACS=y +CONFIG_ACS=y # Support Multi Band Operation -#CONFIG_MBO=y +CONFIG_MBO=y # Fast Initial Link Setup (FILS) (IEEE 802.11ai) -#CONFIG_FILS=y +CONFIG_FILS=y # FILS shared key authentication with PFS -#CONFIG_FILS_SK_PFS=y +CONFIG_FILS_SK_PFS=y # Support RSN on IBSS networks # This is needed to be able to use mode=1 network profile with proto=RSN and @@ -591,7 +592,7 @@ #CONFIG_PMKSA_CACHE_EXTERNAL=y # Mesh Networking (IEEE 802.11s) -#CONFIG_MESH=y +CONFIG_MESH=y # Background scanning modules # These can be used to request wpa_supplicant to perform background scanning @@ -605,7 +606,7 @@ # Opportunistic Wireless Encryption (OWE) # Experimental implementation of draft-harkins-owe-07.txt -#CONFIG_OWE=y +CONFIG_OWE=y # Device Provisioning Protocol (DPP) (also known as Wi-Fi Easy Connect) CONFIG_DPP=y
