import wpa_supplicant-2.9-5.el8

2021-05-18 02:44:47 -04:00 · 2021-05-18 02:44:47 -04:00 · 5df2827ffe
commit 5df2827ffe
parent 30ca4fa42b
6 changed files with 435 additions and 4 deletions
--- a/SOURCES/build-config
+++ b/SOURCES/build-config
@ -43,3 +43,4 @@ CONFIG_SAE=y
 CONFIG_OWE=y
 CONFIG_DPP=y
 CONFIG_WIFI_DISPLAY=y
+CONFIG_SUITEB192=y
--- a/SOURCES/wpa_supplicant-D-Bus-Allow-changing-an-interface-bridge-via-D-Bus.patch
+++ b/SOURCES/wpa_supplicant-D-Bus-Allow-changing-an-interface-bridge-via-D-Bus.patch
@ -0,0 +1,200 @@
+From 1c58317f56e312576b6872440f125f794e45f991 Mon Sep 17 00:00:00 2001
+Message-Id: <1c58317f56e312576b6872440f125f794e45f991.1602774933.git.davide.caratti@gmail.com>
+From: Beniamino Galvani <bgalvani@redhat.com>
+Date: Wed, 30 Sep 2020 18:34:36 +0200
+Subject: [PATCH] D-Bus: Allow changing an interface bridge via D-Bus
+
+D-Bus clients can call CreateInterface() once and use the resulting
+Interface object to connect multiple times to different networks.
+
+However, if the network interface gets added to a bridge, clients
+currently have to remove the Interface object and create a new one.
+
+Improve this by supporting the change of the BridgeIfname property of
+an existing Interface object.
+
+Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
+---
+ src/rsn_supp/tdls.c                     |  5 +++
+ wpa_supplicant/dbus/dbus_new.c          |  2 +-
+ wpa_supplicant/dbus/dbus_new_handlers.c | 37 ++++++++++++++++
+ wpa_supplicant/dbus/dbus_new_handlers.h |  1 +
+ wpa_supplicant/wpa_supplicant.c         | 59 +++++++++++++++++++++++++
+ wpa_supplicant/wpa_supplicant_i.h       |  2 +
+ 6 files changed, 105 insertions(+), 1 deletion(-)
+
+diff --git a/src/rsn_supp/tdls.c b/src/rsn_supp/tdls.c
+index 7b47e3ac5..eff8cd829 100644
+--- a/src/rsn_supp/tdls.c
+++ b/src/rsn_supp/tdls.c
+@@ -2807,6 +2807,11 @@ int wpa_tdls_init(struct wpa_sm *sm)
+ 	if (sm == NULL)
+ 		return -1;
+ 
+	if (sm->l2_tdls) {
+		l2_packet_deinit(sm->l2_tdls);
+		sm->l2_tdls = NULL;
+	}
+
+ 	sm->l2_tdls = l2_packet_init(sm->bridge_ifname ? sm->bridge_ifname :
+ 				     sm->ifname,
+ 				     sm->own_addr,
+diff --git a/wpa_supplicant/dbus/dbus_new.c b/wpa_supplicant/dbus/dbus_new.c
+index 793a881ef..ab7628f87 100644
+--- a/wpa_supplicant/dbus/dbus_new.c
+++ b/wpa_supplicant/dbus/dbus_new.c
+@@ -3613,7 +3613,7 @@ static const struct wpa_dbus_property_desc wpas_dbus_interface_properties[] = {
+ 	},
+ 	{ "BridgeIfname", WPAS_DBUS_NEW_IFACE_INTERFACE, "s",
+ 	  wpas_dbus_getter_bridge_ifname,
+-	  NULL,
+	  wpas_dbus_setter_bridge_ifname,
+ 	  NULL
+ 	},
+ 	{ "ConfigFile", WPAS_DBUS_NEW_IFACE_INTERFACE, "s",
+diff --git a/wpa_supplicant/dbus/dbus_new_handlers.c b/wpa_supplicant/dbus/dbus_new_handlers.c
+index 34abab752..2cfc87fa8 100644
+--- a/wpa_supplicant/dbus/dbus_new_handlers.c
+++ b/wpa_supplicant/dbus/dbus_new_handlers.c
+@@ -3635,6 +3635,43 @@ dbus_bool_t wpas_dbus_getter_bridge_ifname(
+ }
+ 
+ 
+dbus_bool_t wpas_dbus_setter_bridge_ifname(
+	const struct wpa_dbus_property_desc *property_desc,
+	DBusMessageIter *iter, DBusError *error, void *user_data)
+{
+	struct wpa_supplicant *wpa_s = user_data;
+	const char *bridge_ifname = NULL;
+	const char *msg;
+	int r;
+
+	if (!wpas_dbus_simple_property_setter(iter, error, DBUS_TYPE_STRING,
+					      &bridge_ifname))
+		return FALSE;
+
+	r = wpa_supplicant_update_bridge_ifname(wpa_s, bridge_ifname);
+	if (r != 0) {
+		switch (r) {
+		case -EINVAL:
+			msg = "invalid interface name";
+			break;
+		case -EBUSY:
+			msg = "interface is busy";
+			break;
+		case -EIO:
+			msg = "socket error";
+			break;
+		default:
+			msg = "unknown error";
+			break;
+		}
+		dbus_set_error_const(error, DBUS_ERROR_FAILED, msg);
+		return FALSE;
+	}
+
+	return TRUE;
+}
+
+
+ /**
+  * wpas_dbus_getter_config_file - Get interface configuration file path
+  * @iter: Pointer to incoming dbus message iter
+diff --git a/wpa_supplicant/dbus/dbus_new_handlers.h b/wpa_supplicant/dbus/dbus_new_handlers.h
+index afa26efed..d528c0816 100644
+--- a/wpa_supplicant/dbus/dbus_new_handlers.h
+++ b/wpa_supplicant/dbus/dbus_new_handlers.h
+@@ -167,6 +167,7 @@ DECLARE_ACCESSOR(wpas_dbus_setter_scan_interval);
+ DECLARE_ACCESSOR(wpas_dbus_getter_ifname);
+ DECLARE_ACCESSOR(wpas_dbus_getter_driver);
+ DECLARE_ACCESSOR(wpas_dbus_getter_bridge_ifname);
+DECLARE_ACCESSOR(wpas_dbus_setter_bridge_ifname);
+ DECLARE_ACCESSOR(wpas_dbus_getter_config_file);
+ DECLARE_ACCESSOR(wpas_dbus_getter_current_bss);
+ DECLARE_ACCESSOR(wpas_dbus_getter_current_network);
+diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
+index 39e92fb68..a7e9e459e 100644
+--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
+@@ -4906,6 +4906,65 @@ static void wpa_supplicant_rx_eapol_bridge(void *ctx, const u8 *src_addr,
+ }
+ 
+ 
+int wpa_supplicant_update_bridge_ifname(struct wpa_supplicant *wpa_s,
+					const char *bridge_ifname)
+{
+	if (wpa_s->wpa_state > WPA_SCANNING)
+		return -EBUSY;
+
+	if (bridge_ifname &&
+	    os_strlen(bridge_ifname) >= sizeof(wpa_s->bridge_ifname))
+		return -EINVAL;
+
+	if (!bridge_ifname)
+		bridge_ifname = "";
+
+	if (os_strcmp(wpa_s->bridge_ifname, bridge_ifname) == 0)
+		return 0;
+
+	if (wpa_s->l2_br) {
+		l2_packet_deinit(wpa_s->l2_br);
+		wpa_s->l2_br = NULL;
+	}
+
+	os_strlcpy(wpa_s->bridge_ifname, bridge_ifname,
+		   sizeof(wpa_s->bridge_ifname));
+
+	if (wpa_s->bridge_ifname[0]) {
+		wpa_dbg(wpa_s, MSG_DEBUG,
+			"Receiving packets from bridge interface '%s'",
+			wpa_s->bridge_ifname);
+		wpa_s->l2_br = l2_packet_init_bridge(
+			wpa_s->bridge_ifname, wpa_s->ifname, wpa_s->own_addr,
+			ETH_P_EAPOL, wpa_supplicant_rx_eapol_bridge, wpa_s, 1);
+		if (!wpa_s->l2_br) {
+			wpa_msg(wpa_s, MSG_ERROR,
+				"Failed to open l2_packet connection for the bridge interface '%s'",
+				wpa_s->bridge_ifname);
+			goto fail;
+		}
+	}
+
+#ifdef CONFIG_TDLS
+	if (!wpa_s->p2p_mgmt && wpa_tdls_init(wpa_s->wpa))
+		goto fail;
+#endif /* CONFIG_TDLS */
+
+	return 0;
+fail:
+	wpa_s->bridge_ifname[0] = 0;
+	if (wpa_s->l2_br) {
+		l2_packet_deinit(wpa_s->l2_br);
+		wpa_s->l2_br = NULL;
+	}
+#ifdef CONFIG_TDLS
+	if (!wpa_s->p2p_mgmt)
+		wpa_tdls_init(wpa_s->wpa);
+#endif /* CONFIG_TDLS */
+	return -EIO;
+}
+
+
+ /**
+  * wpa_supplicant_driver_init - Initialize driver interface parameters
+  * @wpa_s: Pointer to wpa_supplicant data
+diff --git a/wpa_supplicant/wpa_supplicant_i.h b/wpa_supplicant/wpa_supplicant_i.h
+index 31a9b7427..eac3491cc 100644
+--- a/wpa_supplicant/wpa_supplicant_i.h
+++ b/wpa_supplicant/wpa_supplicant_i.h
+@@ -1351,6 +1351,8 @@ int wpa_supplicant_reload_configuration(struct wpa_supplicant *wpa_s);
+ const char * wpa_supplicant_state_txt(enum wpa_states state);
+ int wpa_supplicant_update_mac_addr(struct wpa_supplicant *wpa_s);
+ int wpa_supplicant_driver_init(struct wpa_supplicant *wpa_s);
+int wpa_supplicant_update_bridge_ifname(struct wpa_supplicant *wpa_s,
+					const char *bridge_ifname);
+ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
+ 			      struct wpa_bss *bss, struct wpa_ssid *ssid,
+ 			      u8 *wpa_ie, size_t *wpa_ie_len);
+-- 
+2.26.2
+
--- a/SOURCES/wpa_supplicant-P2P-Always-use-global-p2p_long_listen.patch
+++ b/SOURCES/wpa_supplicant-P2P-Always-use-global-p2p_long_listen.patch
@ -0,0 +1,112 @@
+From 9ad3c12dd1bf56824ef8b3425e057e8d1e84e69d Mon Sep 17 00:00:00 2001
+Message-Id: <9ad3c12dd1bf56824ef8b3425e057e8d1e84e69d.1602752483.git.davide.caratti@gmail.com>
+From: Benjamin Berg <bberg@redhat.com>
+Date: Fri, 3 Jan 2020 22:18:51 +0100
+Subject: [PATCH] P2P: Always use global p2p_long_listen
+
+The p2p_long_listen value was set on the control wpa_s struct while in a
+lot of cases it operated on the p2p struct. Explicitly use the global
+p2p_init_wpa_s struct in cases where we might not be operating on it
+already.
+
+Without this, simply starting a p2p_listen operation (e.g., using
+wpa_cli) will not work properly. As the p2p_long_listen is set on the
+controlling interface and wpas_p2p_cancel_remain_on_channel_cb() uses
+p2p_init_wpa_s, it would not actually work. This results in
+wpa_supplicant stopping listening after the maximum remain-on-channel
+time passes when using a separate P2P Device interface.
+
+Signed-off-by: Benjamin Berg <bberg@redhat.com>
+---
+ wpa_supplicant/p2p_supplicant.c | 19 ++++++++++---------
+ 1 file changed, 10 insertions(+), 9 deletions(-)
+
+diff --git a/wpa_supplicant/p2p_supplicant.c b/wpa_supplicant/p2p_supplicant.c
+index 95bacec19..a7d3b7f1d 100644
+--- a/wpa_supplicant/p2p_supplicant.c
+++ b/wpa_supplicant/p2p_supplicant.c
+@@ -2422,7 +2422,7 @@ static void wpas_go_neg_completed(void *ctx, struct p2p_go_neg_results *res)
+ 		wpas_start_wps_enrollee(group_wpa_s, res);
+ 	}
+ 
+-	wpa_s->p2p_long_listen = 0;
+	wpa_s->global->p2p_init_wpa_s->p2p_long_listen = 0;
+ 	eloop_cancel_timeout(wpas_p2p_long_listen_timeout, wpa_s, NULL);
+ 
+ 	eloop_cancel_timeout(wpas_p2p_group_formation_timeout, wpa_s, NULL);
+@@ -4750,7 +4750,8 @@ void wpas_p2p_deinit(struct wpa_supplicant *wpa_s)
+ 	eloop_cancel_timeout(wpas_p2p_psk_failure_removal, wpa_s, NULL);
+ 	eloop_cancel_timeout(wpas_p2p_group_formation_timeout, wpa_s, NULL);
+ 	eloop_cancel_timeout(wpas_p2p_join_scan, wpa_s, NULL);
+-	wpa_s->p2p_long_listen = 0;
+	if (wpa_s->global->p2p_init_wpa_s)
+		wpa_s->global->p2p_init_wpa_s->p2p_long_listen = 0;
+ 	eloop_cancel_timeout(wpas_p2p_long_listen_timeout, wpa_s, NULL);
+ 	eloop_cancel_timeout(wpas_p2p_group_idle_timeout, wpa_s, NULL);
+ 	wpas_p2p_remove_pending_group_interface(wpa_s);
+@@ -5635,7 +5636,7 @@ int wpas_p2p_connect(struct wpa_supplicant *wpa_s, const u8 *peer_addr,
+ 		go_intent = wpa_s->conf->p2p_go_intent;
+ 
+ 	if (!auth)
+-		wpa_s->p2p_long_listen = 0;
+		wpa_s->global->p2p_init_wpa_s->p2p_long_listen = 0;
+ 
+ 	wpa_s->p2p_wps_method = wps_method;
+ 	wpa_s->p2p_persistent_group = !!persistent_group;
+@@ -6952,7 +6953,7 @@ int wpas_p2p_find(struct wpa_supplicant *wpa_s, unsigned int timeout,
+ 		  u8 seek_cnt, const char **seek_string, int freq)
+ {
+ 	wpas_p2p_clear_pending_action_tx(wpa_s);
+-	wpa_s->p2p_long_listen = 0;
+	wpa_s->global->p2p_init_wpa_s->p2p_long_listen = 0;
+ 
+ 	if (wpa_s->global->p2p_disabled || wpa_s->global->p2p == NULL ||
+ 	    wpa_s->p2p_in_provisioning) {
+@@ -6997,7 +6998,7 @@ static void wpas_p2p_scan_res_ignore_search(struct wpa_supplicant *wpa_s,
+ static void wpas_p2p_stop_find_oper(struct wpa_supplicant *wpa_s)
+ {
+ 	wpas_p2p_clear_pending_action_tx(wpa_s);
+-	wpa_s->p2p_long_listen = 0;
+	wpa_s->global->p2p_init_wpa_s->p2p_long_listen = 0;
+ 	eloop_cancel_timeout(wpas_p2p_long_listen_timeout, wpa_s, NULL);
+ 	eloop_cancel_timeout(wpas_p2p_join_scan, wpa_s, NULL);
+ 
+@@ -7023,7 +7024,7 @@ void wpas_p2p_stop_find(struct wpa_supplicant *wpa_s)
+ static void wpas_p2p_long_listen_timeout(void *eloop_ctx, void *timeout_ctx)
+ {
+ 	struct wpa_supplicant *wpa_s = eloop_ctx;
+-	wpa_s->p2p_long_listen = 0;
+	wpa_s->global->p2p_init_wpa_s->p2p_long_listen = 0;
+ }
+ 
+ 
+@@ -7052,7 +7053,7 @@ int wpas_p2p_listen(struct wpa_supplicant *wpa_s, unsigned int timeout)
+ 		timeout = 3600;
+ 	}
+ 	eloop_cancel_timeout(wpas_p2p_long_listen_timeout, wpa_s, NULL);
+-	wpa_s->p2p_long_listen = 0;
+	wpa_s->global->p2p_init_wpa_s->p2p_long_listen = 0;
+ 
+ 	/*
+ 	 * Stop previous find/listen operation to avoid trying to request a new
+@@ -7064,7 +7065,7 @@ int wpas_p2p_listen(struct wpa_supplicant *wpa_s, unsigned int timeout)
+ 
+ 	res = wpas_p2p_listen_start(wpa_s, timeout * 1000);
+ 	if (res == 0 && timeout * 1000 > wpa_s->max_remain_on_chan) {
+-		wpa_s->p2p_long_listen = timeout * 1000;
+		wpa_s->global->p2p_init_wpa_s->p2p_long_listen = timeout * 1000;
+ 		eloop_register_timeout(timeout, 0,
+ 				       wpas_p2p_long_listen_timeout,
+ 				       wpa_s, NULL);
+@@ -7171,7 +7172,7 @@ static void wpas_p2p_group_deinit(struct wpa_supplicant *wpa_s)
+ 
+ int wpas_p2p_reject(struct wpa_supplicant *wpa_s, const u8 *addr)
+ {
+-	wpa_s->p2p_long_listen = 0;
+	wpa_s->global->p2p_init_wpa_s->p2p_long_listen = 0;
+ 
+ 	if (wpa_s->global->p2p_disabled || wpa_s->global->p2p == NULL)
+ 		return -1;
+-- 
+2.26.2
+
--- a/SOURCES/wpa_supplicant-P2P-Fix-copying-of-secondary-device-types-for-P2P-gr.patch
+++ b/SOURCES/wpa_supplicant-P2P-Fix-copying-of-secondary-device-types-for-P2P-gr.patch
@ -0,0 +1,39 @@
+From 947272febe24a8f0ea828b5b2f35f13c3821901e Mon Sep 17 00:00:00 2001
+Message-Id: <947272febe24a8f0ea828b5b2f35f13c3821901e.1612435525.git.davide.caratti@gmail.com>
+From: Jouni Malinen <jouni@codeaurora.org>
+Date: Mon, 9 Nov 2020 11:43:12 +0200
+Subject: [PATCH] P2P: Fix copying of secondary device types for P2P group
+ client
+
+Parsing and copying of WPS secondary device types list was verifying
+that the contents is not too long for the internal maximum in the case
+of WPS messages, but similar validation was missing from the case of P2P
+group information which encodes this information in a different
+attribute. This could result in writing beyond the memory area assigned
+for these entries and corrupting memory within an instance of struct
+p2p_device. This could result in invalid operations and unexpected
+behavior when trying to free pointers from that corrupted memory.
+
+Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27269
+Fixes: e57ae6e19edf ("P2P: Keep track of secondary device types for peers")
+Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
+---
+ src/p2p/p2p.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/p2p/p2p.c b/src/p2p/p2p.c
+index 74b7b52ae..5cbfc217f 100644
+--- a/src/p2p/p2p.c
+++ b/src/p2p/p2p.c
+@@ -453,6 +453,8 @@ static void p2p_copy_client_info(struct p2p_device *dev,
+ 	dev->info.config_methods = cli->config_methods;
+ 	os_memcpy(dev->info.pri_dev_type, cli->pri_dev_type, 8);
+ 	dev->info.wps_sec_dev_type_list_len = 8 * cli->num_sec_dev_types;
+	if (dev->info.wps_sec_dev_type_list_len > WPS_SEC_DEV_TYPE_MAX_LEN)
+		dev->info.wps_sec_dev_type_list_len = WPS_SEC_DEV_TYPE_MAX_LEN;
+ 	os_memcpy(dev->info.wps_sec_dev_type_list, cli->sec_dev_types,
+ 		  dev->info.wps_sec_dev_type_list_len);
+ }
+-- 
+2.29.2
+
--- a/SOURCES/wpa_supplicant-dbus-Export-OWE-capability-and-OWE-BSS-key_mgmt.patch
+++ b/SOURCES/wpa_supplicant-dbus-Export-OWE-capability-and-OWE-BSS-key_mgmt.patch
@ -0,0 +1,62 @@
+From 7800725afb27397f7d6033d4969e2aeb61af4737 Mon Sep 17 00:00:00 2001
+Message-Id: <7800725afb27397f7d6033d4969e2aeb61af4737.1602780273.git.davide.caratti@gmail.com>
+From: Beniamino Galvani <bgalvani@redhat.com>
+Date: Sun, 13 Oct 2019 15:18:54 +0200
+Subject: [PATCH] dbus: Export OWE capability and OWE BSS key_mgmt
+
+Export a new 'owe' capability to indicate that wpa_supplicant was
+built with OWE support and accepts 'key_mgmt=OWE'. Also, support 'owe'
+in the array of BSS' available key managements.
+
+Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
+---
+ wpa_supplicant/dbus/dbus_new_handlers.c | 12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/wpa_supplicant/dbus/dbus_new_handlers.c b/wpa_supplicant/dbus/dbus_new_handlers.c
+index d2c84e5c5..1206c3cde 100644
+--- a/wpa_supplicant/dbus/dbus_new_handlers.c
+++ b/wpa_supplicant/dbus/dbus_new_handlers.c
+@@ -984,8 +984,7 @@ dbus_bool_t wpas_dbus_getter_global_capabilities(
+ 	const struct wpa_dbus_property_desc *property_desc,
+ 	DBusMessageIter *iter, DBusError *error, void *user_data)
+ {
+-	const char *capabilities[10] = { NULL, NULL, NULL, NULL, NULL, NULL,
+-					NULL, NULL, NULL, NULL };
+	const char *capabilities[11];
+ 	size_t num_items = 0;
+ #ifdef CONFIG_FILS
+ 	struct wpa_global *global = user_data;
+@@ -1028,6 +1027,9 @@ dbus_bool_t wpas_dbus_getter_global_capabilities(
+ #ifdef CONFIG_SHA384
+ 	capabilities[num_items++] = "sha384";
+ #endif /* CONFIG_SHA384 */
+#ifdef CONFIG_OWE
+	capabilities[num_items++] = "owe";
+#endif /* CONFIG_OWE */
+ 
+ 	return wpas_dbus_simple_array_property_getter(iter,
+ 						      DBUS_TYPE_STRING,
+@@ -4491,7 +4493,7 @@ static dbus_bool_t wpas_dbus_get_bss_security_prop(
+ 	DBusMessageIter iter_dict, variant_iter;
+ 	const char *group;
+ 	const char *pairwise[5]; /* max 5 pairwise ciphers is supported */
+-	const char *key_mgmt[15]; /* max 15 key managements may be supported */
+	const char *key_mgmt[16]; /* max 16 key managements may be supported */
+ 	int n;
+ 
+ 	if (!dbus_message_iter_open_container(iter, DBUS_TYPE_VARIANT,
+@@ -4544,6 +4546,10 @@ static dbus_bool_t wpas_dbus_get_bss_security_prop(
+ 	if (ie_data->key_mgmt & WPA_KEY_MGMT_FT_SAE)
+ 		key_mgmt[n++] = "ft-sae";
+ #endif /* CONFIG_SAE */
+#ifdef CONFIG_OWE
+	if (ie_data->key_mgmt & WPA_KEY_MGMT_OWE)
+		key_mgmt[n++] = "owe";
+#endif /* CONFIG_OWE */
+ 	if (ie_data->key_mgmt & WPA_KEY_MGMT_NONE)
+ 		key_mgmt[n++] = "wpa-none";
+ 
+-- 
+2.26.2
+
--- a/SPECS/wpa_supplicant.spec
+++ b/SPECS/wpa_supplicant.spec
@ -7,7 +7,7 @@ Summary: WPA/WPA2/IEEE 802.1X Supplicant
 Name: wpa_supplicant
 Epoch: 1
 Version: 2.9
-Release: 2%{?dist}.1
+Release: 5%{?dist}
 License: BSD
 Group: System Environment/Base
 Source0: http://w1.fi/releases/%{name}-%{version}%{rcver}%{snapshot}.tar.gz
@ -34,8 +34,16 @@ Patch6: wpa_supplicant-gui-qt4.patch
 Patch7: wpa_supplicant-p2p-segfault-on-iface-removal.patch
 # fix for CVE-2019-16275
 Patch8: 0001-AP-Silently-ignore-management-frame-from-unexpected-.patch
-# fix for CVE-2021-27803
-Patch9: wpa_supplicant-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch
+# fix for bz1693684
+Patch9: wpa_supplicant-P2P-Always-use-global-p2p_long_listen.patch
+# fix for bz1888050
+Patch10: wpa_supplicant-D-Bus-Allow-changing-an-interface-bridge-via-D-Bus.patch
+# fix for bz1888718
+Patch11: wpa_supplicant-dbus-Export-OWE-capability-and-OWE-BSS-key_mgmt.patch
+# fix for CVE-2021-0326
+Patch12: wpa_supplicant-P2P-Fix-copying-of-secondary-device-types-for-P2P-gr.patch
+# fix for CVE-2021-27803 
+Patch13: wpa_supplicant-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch

 URL: http://w1.fi/wpa_supplicant/

@ -179,8 +187,17 @@ chmod -R 0644 %{name}/examples/*.py
 %endif

 %changelog
-* Thu Mar  4 2021 Davide Caratti <dcaratti@redhat.com> - 1:2.9-2.1
+* Mon Mar  1 2021 Davide Caratti <dcaratti@redhat.com> - 1:2.9-5
 - P2P: Fix a corner case in peer addition based on PD Request (CVE-2021-27803)
+- Fix buffer overflow when processing P2P group information (CVE-2021-0326)
+
+* Fri Jan 15 2021 Davide Caratti <dcaratti@redhat.com> - 1:2.9-4
+- enable WPA-EAP-SUITE-B-192 (rh #1916394)
+
+* Tue Oct 27 2020 Davide Caratti <dcaratti@redhat.com> - 1:2.9-3
+- fix p2p_listen unexpectedly stopped after 5 seconds (rh #1693684)
+- allow changing 'bridge' via D-Bus (rh #1888050)
+- expose OWE configurability via D-Bus (rh #1888718)

 * Tue Oct 29 2019 Davide Caratti <dcaratti@redhat.com> - 1:2.9-2
 - Fix AP mode PMF disconnection protection bypass (CVE-2019-16275)