import wpa_supplicant-2.9-3.el8

SOURCES/wpa_supplicant-D-Bus-Allow-changing-an-interface-bridge-via-D-Bus.patch

@@ -0,0 +1,200 @@
+From 1c58317f56e312576b6872440f125f794e45f991 Mon Sep 17 00:00:00 2001
+Message-Id: <1c58317f56e312576b6872440f125f794e45f991.1602774933.git.davide.caratti@gmail.com>
+From: Beniamino Galvani <bgalvani@redhat.com>
+Date: Wed, 30 Sep 2020 18:34:36 +0200
+Subject: [PATCH] D-Bus: Allow changing an interface bridge via D-Bus
+
+D-Bus clients can call CreateInterface() once and use the resulting
+Interface object to connect multiple times to different networks.
+
+However, if the network interface gets added to a bridge, clients
+currently have to remove the Interface object and create a new one.
+
+Improve this by supporting the change of the BridgeIfname property of
+an existing Interface object.
+
+Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
+---
+ src/rsn_supp/tdls.c                     |  5 +++
+ wpa_supplicant/dbus/dbus_new.c          |  2 +-
+ wpa_supplicant/dbus/dbus_new_handlers.c | 37 ++++++++++++++++
+ wpa_supplicant/dbus/dbus_new_handlers.h |  1 +
+ wpa_supplicant/wpa_supplicant.c         | 59 +++++++++++++++++++++++++
+ wpa_supplicant/wpa_supplicant_i.h       |  2 +
+ 6 files changed, 105 insertions(+), 1 deletion(-)
+
+diff --git a/src/rsn_supp/tdls.c b/src/rsn_supp/tdls.c
+index 7b47e3ac5..eff8cd829 100644
+--- a/src/rsn_supp/tdls.c
++++ b/src/rsn_supp/tdls.c
+@@ -2807,6 +2807,11 @@ int wpa_tdls_init(struct wpa_sm *sm)
+ 	if (sm == NULL)
+ 		return -1;
+ 
++	if (sm->l2_tdls) {
++		l2_packet_deinit(sm->l2_tdls);
++		sm->l2_tdls = NULL;
++	}
++
+ 	sm->l2_tdls = l2_packet_init(sm->bridge_ifname ? sm->bridge_ifname :
+ 				     sm->ifname,
+ 				     sm->own_addr,
+diff --git a/wpa_supplicant/dbus/dbus_new.c b/wpa_supplicant/dbus/dbus_new.c
+index 793a881ef..ab7628f87 100644
+--- a/wpa_supplicant/dbus/dbus_new.c
++++ b/wpa_supplicant/dbus/dbus_new.c
+@@ -3613,7 +3613,7 @@ static const struct wpa_dbus_property_desc wpas_dbus_interface_properties[] = {
+ 	},
+ 	{ "BridgeIfname", WPAS_DBUS_NEW_IFACE_INTERFACE, "s",
+ 	  wpas_dbus_getter_bridge_ifname,
+-	  NULL,
++	  wpas_dbus_setter_bridge_ifname,
+ 	  NULL
+ 	},
+ 	{ "ConfigFile", WPAS_DBUS_NEW_IFACE_INTERFACE, "s",
+diff --git a/wpa_supplicant/dbus/dbus_new_handlers.c b/wpa_supplicant/dbus/dbus_new_handlers.c
+index 34abab752..2cfc87fa8 100644
+--- a/wpa_supplicant/dbus/dbus_new_handlers.c
++++ b/wpa_supplicant/dbus/dbus_new_handlers.c
+@@ -3635,6 +3635,43 @@ dbus_bool_t wpas_dbus_getter_bridge_ifname(
+ }
+ 
+ 
++dbus_bool_t wpas_dbus_setter_bridge_ifname(
++	const struct wpa_dbus_property_desc *property_desc,
++	DBusMessageIter *iter, DBusError *error, void *user_data)
++{
++	struct wpa_supplicant *wpa_s = user_data;
++	const char *bridge_ifname = NULL;
++	const char *msg;
++	int r;
++
++	if (!wpas_dbus_simple_property_setter(iter, error, DBUS_TYPE_STRING,
++					      &bridge_ifname))
++		return FALSE;
++
++	r = wpa_supplicant_update_bridge_ifname(wpa_s, bridge_ifname);
++	if (r != 0) {
++		switch (r) {
++		case -EINVAL:
++			msg = "invalid interface name";
++			break;
++		case -EBUSY:
++			msg = "interface is busy";
++			break;
++		case -EIO:
++			msg = "socket error";
++			break;
++		default:
++			msg = "unknown error";
++			break;
++		}
++		dbus_set_error_const(error, DBUS_ERROR_FAILED, msg);
++		return FALSE;
++	}
++
++	return TRUE;
++}
++
++
+ /**
+  * wpas_dbus_getter_config_file - Get interface configuration file path
+  * @iter: Pointer to incoming dbus message iter
+diff --git a/wpa_supplicant/dbus/dbus_new_handlers.h b/wpa_supplicant/dbus/dbus_new_handlers.h
+index afa26efed..d528c0816 100644
+--- a/wpa_supplicant/dbus/dbus_new_handlers.h
++++ b/wpa_supplicant/dbus/dbus_new_handlers.h
+@@ -167,6 +167,7 @@ DECLARE_ACCESSOR(wpas_dbus_setter_scan_interval);
+ DECLARE_ACCESSOR(wpas_dbus_getter_ifname);
+ DECLARE_ACCESSOR(wpas_dbus_getter_driver);
+ DECLARE_ACCESSOR(wpas_dbus_getter_bridge_ifname);
++DECLARE_ACCESSOR(wpas_dbus_setter_bridge_ifname);
+ DECLARE_ACCESSOR(wpas_dbus_getter_config_file);
+ DECLARE_ACCESSOR(wpas_dbus_getter_current_bss);
+ DECLARE_ACCESSOR(wpas_dbus_getter_current_network);
+diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
+index 39e92fb68..a7e9e459e 100644
+--- a/wpa_supplicant/wpa_supplicant.c
++++ b/wpa_supplicant/wpa_supplicant.c
+@@ -4906,6 +4906,65 @@ static void wpa_supplicant_rx_eapol_bridge(void *ctx, const u8 *src_addr,
+ }
+ 
+ 
++int wpa_supplicant_update_bridge_ifname(struct wpa_supplicant *wpa_s,
++					const char *bridge_ifname)
++{
++	if (wpa_s->wpa_state > WPA_SCANNING)
++		return -EBUSY;
++
++	if (bridge_ifname &&
++	    os_strlen(bridge_ifname) >= sizeof(wpa_s->bridge_ifname))
++		return -EINVAL;
++
++	if (!bridge_ifname)
++		bridge_ifname = "";
++
++	if (os_strcmp(wpa_s->bridge_ifname, bridge_ifname) == 0)
++		return 0;
++
++	if (wpa_s->l2_br) {
++		l2_packet_deinit(wpa_s->l2_br);
++		wpa_s->l2_br = NULL;
++	}
++
++	os_strlcpy(wpa_s->bridge_ifname, bridge_ifname,
++		   sizeof(wpa_s->bridge_ifname));
++
++	if (wpa_s->bridge_ifname[0]) {
++		wpa_dbg(wpa_s, MSG_DEBUG,
++			"Receiving packets from bridge interface '%s'",
++			wpa_s->bridge_ifname);
++		wpa_s->l2_br = l2_packet_init_bridge(
++			wpa_s->bridge_ifname, wpa_s->ifname, wpa_s->own_addr,
++			ETH_P_EAPOL, wpa_supplicant_rx_eapol_bridge, wpa_s, 1);
++		if (!wpa_s->l2_br) {
++			wpa_msg(wpa_s, MSG_ERROR,
++				"Failed to open l2_packet connection for the bridge interface '%s'",
++				wpa_s->bridge_ifname);
++			goto fail;
++		}
++	}
++
++#ifdef CONFIG_TDLS
++	if (!wpa_s->p2p_mgmt && wpa_tdls_init(wpa_s->wpa))
++		goto fail;
++#endif /* CONFIG_TDLS */
++
++	return 0;
++fail:
++	wpa_s->bridge_ifname[0] = 0;
++	if (wpa_s->l2_br) {
++		l2_packet_deinit(wpa_s->l2_br);
++		wpa_s->l2_br = NULL;
++	}
++#ifdef CONFIG_TDLS
++	if (!wpa_s->p2p_mgmt)
++		wpa_tdls_init(wpa_s->wpa);
++#endif /* CONFIG_TDLS */
++	return -EIO;
++}
++
++
+ /**
+  * wpa_supplicant_driver_init - Initialize driver interface parameters
+  * @wpa_s: Pointer to wpa_supplicant data
+diff --git a/wpa_supplicant/wpa_supplicant_i.h b/wpa_supplicant/wpa_supplicant_i.h
+index 31a9b7427..eac3491cc 100644
+--- a/wpa_supplicant/wpa_supplicant_i.h
++++ b/wpa_supplicant/wpa_supplicant_i.h
+@@ -1351,6 +1351,8 @@ int wpa_supplicant_reload_configuration(struct wpa_supplicant *wpa_s);
+ const char * wpa_supplicant_state_txt(enum wpa_states state);
+ int wpa_supplicant_update_mac_addr(struct wpa_supplicant *wpa_s);
+ int wpa_supplicant_driver_init(struct wpa_supplicant *wpa_s);
++int wpa_supplicant_update_bridge_ifname(struct wpa_supplicant *wpa_s,
++					const char *bridge_ifname);
+ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
+ 			      struct wpa_bss *bss, struct wpa_ssid *ssid,
+ 			      u8 *wpa_ie, size_t *wpa_ie_len);
+-- 
+2.26.2
+

SOURCES/wpa_supplicant-P2P-Always-use-global-p2p_long_listen.patch

@@ -0,0 +1,112 @@
+From 9ad3c12dd1bf56824ef8b3425e057e8d1e84e69d Mon Sep 17 00:00:00 2001
+Message-Id: <9ad3c12dd1bf56824ef8b3425e057e8d1e84e69d.1602752483.git.davide.caratti@gmail.com>
+From: Benjamin Berg <bberg@redhat.com>
+Date: Fri, 3 Jan 2020 22:18:51 +0100
+Subject: [PATCH] P2P: Always use global p2p_long_listen
+
+The p2p_long_listen value was set on the control wpa_s struct while in a
+lot of cases it operated on the p2p struct. Explicitly use the global
+p2p_init_wpa_s struct in cases where we might not be operating on it
+already.
+
+Without this, simply starting a p2p_listen operation (e.g., using
+wpa_cli) will not work properly. As the p2p_long_listen is set on the
+controlling interface and wpas_p2p_cancel_remain_on_channel_cb() uses
+p2p_init_wpa_s, it would not actually work. This results in
+wpa_supplicant stopping listening after the maximum remain-on-channel
+time passes when using a separate P2P Device interface.
+
+Signed-off-by: Benjamin Berg <bberg@redhat.com>
+---
+ wpa_supplicant/p2p_supplicant.c | 19 ++++++++++---------
+ 1 file changed, 10 insertions(+), 9 deletions(-)
+
+diff --git a/wpa_supplicant/p2p_supplicant.c b/wpa_supplicant/p2p_supplicant.c
+index 95bacec19..a7d3b7f1d 100644
+--- a/wpa_supplicant/p2p_supplicant.c
++++ b/wpa_supplicant/p2p_supplicant.c
+@@ -2422,7 +2422,7 @@ static void wpas_go_neg_completed(void *ctx, struct p2p_go_neg_results *res)
+ 		wpas_start_wps_enrollee(group_wpa_s, res);
+ 	}
+ 
+-	wpa_s->p2p_long_listen = 0;
++	wpa_s->global->p2p_init_wpa_s->p2p_long_listen = 0;
+ 	eloop_cancel_timeout(wpas_p2p_long_listen_timeout, wpa_s, NULL);
+ 
+ 	eloop_cancel_timeout(wpas_p2p_group_formation_timeout, wpa_s, NULL);
+@@ -4750,7 +4750,8 @@ void wpas_p2p_deinit(struct wpa_supplicant *wpa_s)
+ 	eloop_cancel_timeout(wpas_p2p_psk_failure_removal, wpa_s, NULL);
+ 	eloop_cancel_timeout(wpas_p2p_group_formation_timeout, wpa_s, NULL);
+ 	eloop_cancel_timeout(wpas_p2p_join_scan, wpa_s, NULL);
+-	wpa_s->p2p_long_listen = 0;
++	if (wpa_s->global->p2p_init_wpa_s)
++		wpa_s->global->p2p_init_wpa_s->p2p_long_listen = 0;
+ 	eloop_cancel_timeout(wpas_p2p_long_listen_timeout, wpa_s, NULL);
+ 	eloop_cancel_timeout(wpas_p2p_group_idle_timeout, wpa_s, NULL);
+ 	wpas_p2p_remove_pending_group_interface(wpa_s);
+@@ -5635,7 +5636,7 @@ int wpas_p2p_connect(struct wpa_supplicant *wpa_s, const u8 *peer_addr,
+ 		go_intent = wpa_s->conf->p2p_go_intent;
+ 
+ 	if (!auth)
+-		wpa_s->p2p_long_listen = 0;
++		wpa_s->global->p2p_init_wpa_s->p2p_long_listen = 0;
+ 
+ 	wpa_s->p2p_wps_method = wps_method;
+ 	wpa_s->p2p_persistent_group = !!persistent_group;
+@@ -6952,7 +6953,7 @@ int wpas_p2p_find(struct wpa_supplicant *wpa_s, unsigned int timeout,
+ 		  u8 seek_cnt, const char **seek_string, int freq)
+ {
+ 	wpas_p2p_clear_pending_action_tx(wpa_s);
+-	wpa_s->p2p_long_listen = 0;
++	wpa_s->global->p2p_init_wpa_s->p2p_long_listen = 0;
+ 
+ 	if (wpa_s->global->p2p_disabled || wpa_s->global->p2p == NULL ||
+ 	    wpa_s->p2p_in_provisioning) {
+@@ -6997,7 +6998,7 @@ static void wpas_p2p_scan_res_ignore_search(struct wpa_supplicant *wpa_s,
+ static void wpas_p2p_stop_find_oper(struct wpa_supplicant *wpa_s)
+ {
+ 	wpas_p2p_clear_pending_action_tx(wpa_s);
+-	wpa_s->p2p_long_listen = 0;
++	wpa_s->global->p2p_init_wpa_s->p2p_long_listen = 0;
+ 	eloop_cancel_timeout(wpas_p2p_long_listen_timeout, wpa_s, NULL);
+ 	eloop_cancel_timeout(wpas_p2p_join_scan, wpa_s, NULL);
+ 
+@@ -7023,7 +7024,7 @@ void wpas_p2p_stop_find(struct wpa_supplicant *wpa_s)
+ static void wpas_p2p_long_listen_timeout(void *eloop_ctx, void *timeout_ctx)
+ {
+ 	struct wpa_supplicant *wpa_s = eloop_ctx;
+-	wpa_s->p2p_long_listen = 0;
++	wpa_s->global->p2p_init_wpa_s->p2p_long_listen = 0;
+ }
+ 
+ 
+@@ -7052,7 +7053,7 @@ int wpas_p2p_listen(struct wpa_supplicant *wpa_s, unsigned int timeout)
+ 		timeout = 3600;
+ 	}
+ 	eloop_cancel_timeout(wpas_p2p_long_listen_timeout, wpa_s, NULL);
+-	wpa_s->p2p_long_listen = 0;
++	wpa_s->global->p2p_init_wpa_s->p2p_long_listen = 0;
+ 
+ 	/*
+ 	 * Stop previous find/listen operation to avoid trying to request a new
+@@ -7064,7 +7065,7 @@ int wpas_p2p_listen(struct wpa_supplicant *wpa_s, unsigned int timeout)
+ 
+ 	res = wpas_p2p_listen_start(wpa_s, timeout * 1000);
+ 	if (res == 0 && timeout * 1000 > wpa_s->max_remain_on_chan) {
+-		wpa_s->p2p_long_listen = timeout * 1000;
++		wpa_s->global->p2p_init_wpa_s->p2p_long_listen = timeout * 1000;
+ 		eloop_register_timeout(timeout, 0,
+ 				       wpas_p2p_long_listen_timeout,
+ 				       wpa_s, NULL);
+@@ -7171,7 +7172,7 @@ static void wpas_p2p_group_deinit(struct wpa_supplicant *wpa_s)
+ 
+ int wpas_p2p_reject(struct wpa_supplicant *wpa_s, const u8 *addr)
+ {
+-	wpa_s->p2p_long_listen = 0;
++	wpa_s->global->p2p_init_wpa_s->p2p_long_listen = 0;
+ 
+ 	if (wpa_s->global->p2p_disabled || wpa_s->global->p2p == NULL)
+ 		return -1;
+-- 
+2.26.2
+

SOURCES/wpa_supplicant-dbus-Export-OWE-capability-and-OWE-BSS-key_mgmt.patch

@@ -0,0 +1,62 @@
+From 7800725afb27397f7d6033d4969e2aeb61af4737 Mon Sep 17 00:00:00 2001
+Message-Id: <7800725afb27397f7d6033d4969e2aeb61af4737.1602780273.git.davide.caratti@gmail.com>
+From: Beniamino Galvani <bgalvani@redhat.com>
+Date: Sun, 13 Oct 2019 15:18:54 +0200
+Subject: [PATCH] dbus: Export OWE capability and OWE BSS key_mgmt
+
+Export a new 'owe' capability to indicate that wpa_supplicant was
+built with OWE support and accepts 'key_mgmt=OWE'. Also, support 'owe'
+in the array of BSS' available key managements.
+
+Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
+---
+ wpa_supplicant/dbus/dbus_new_handlers.c | 12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/wpa_supplicant/dbus/dbus_new_handlers.c b/wpa_supplicant/dbus/dbus_new_handlers.c
+index d2c84e5c5..1206c3cde 100644
+--- a/wpa_supplicant/dbus/dbus_new_handlers.c
++++ b/wpa_supplicant/dbus/dbus_new_handlers.c
+@@ -984,8 +984,7 @@ dbus_bool_t wpas_dbus_getter_global_capabilities(
+ 	const struct wpa_dbus_property_desc *property_desc,
+ 	DBusMessageIter *iter, DBusError *error, void *user_data)
+ {
+-	const char *capabilities[10] = { NULL, NULL, NULL, NULL, NULL, NULL,
+-					NULL, NULL, NULL, NULL };
++	const char *capabilities[11];
+ 	size_t num_items = 0;
+ #ifdef CONFIG_FILS
+ 	struct wpa_global *global = user_data;
+@@ -1028,6 +1027,9 @@ dbus_bool_t wpas_dbus_getter_global_capabilities(
+ #ifdef CONFIG_SHA384
+ 	capabilities[num_items++] = "sha384";
+ #endif /* CONFIG_SHA384 */
++#ifdef CONFIG_OWE
++	capabilities[num_items++] = "owe";
++#endif /* CONFIG_OWE */
+ 
+ 	return wpas_dbus_simple_array_property_getter(iter,
+ 						      DBUS_TYPE_STRING,
+@@ -4491,7 +4493,7 @@ static dbus_bool_t wpas_dbus_get_bss_security_prop(
+ 	DBusMessageIter iter_dict, variant_iter;
+ 	const char *group;
+ 	const char *pairwise[5]; /* max 5 pairwise ciphers is supported */
+-	const char *key_mgmt[15]; /* max 15 key managements may be supported */
++	const char *key_mgmt[16]; /* max 16 key managements may be supported */
+ 	int n;
+ 
+ 	if (!dbus_message_iter_open_container(iter, DBUS_TYPE_VARIANT,
+@@ -4544,6 +4546,10 @@ static dbus_bool_t wpas_dbus_get_bss_security_prop(
+ 	if (ie_data->key_mgmt & WPA_KEY_MGMT_FT_SAE)
+ 		key_mgmt[n++] = "ft-sae";
+ #endif /* CONFIG_SAE */
++#ifdef CONFIG_OWE
++	if (ie_data->key_mgmt & WPA_KEY_MGMT_OWE)
++		key_mgmt[n++] = "owe";
++#endif /* CONFIG_OWE */
+ 	if (ie_data->key_mgmt & WPA_KEY_MGMT_NONE)
+ 		key_mgmt[n++] = "wpa-none";
+ 
+-- 
+2.26.2
+

SPECS/wpa_supplicant.spec

@@ -7,7 +7,7 @@ Summary: WPA/WPA2/IEEE 802.1X Supplicant
 Name: wpa_supplicant
 Epoch: 1
 Version: 2.9
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: BSD
 Group: System Environment/Base
 Source0: http://w1.fi/releases/%{name}-%{version}%{rcver}%{snapshot}.tar.gz
@@ -34,6 +34,12 @@ Patch6: wpa_supplicant-gui-qt4.patch
 Patch7: wpa_supplicant-p2p-segfault-on-iface-removal.patch
 # fix for CVE-2019-16275
 Patch8: 0001-AP-Silently-ignore-management-frame-from-unexpected-.patch
+# fix for bz1693684
+Patch9: wpa_supplicant-P2P-Always-use-global-p2p_long_listen.patch
+# fix for bz1888050
+Patch10: wpa_supplicant-D-Bus-Allow-changing-an-interface-bridge-via-D-Bus.patch
+# fix for bz1888718
+Patch11: wpa_supplicant-dbus-Export-OWE-capability-and-OWE-BSS-key_mgmt.patch
 
 URL: http://w1.fi/wpa_supplicant/
 
@@ -177,6 +183,11 @@ chmod -R 0644 %{name}/examples/*.py
 %endif
 
 %changelog
+* Thu Oct 27 2020 Davide Caratti <dcaratti@redhat.com> - 1:2.9-3
+- fix p2p_listen unexpectedly stopped after 5 seconds (rh #1693684)
+- allow changing 'bridge' via D-Bus (rh #1888050)
+- expose OWE configurability via D-Bus (rh #1888718)
+
 * Tue Oct 29 2019 Davide Caratti <dcaratti@redhat.com> - 1:2.9-2
 - Fix AP mode PMF disconnection protection bypass (CVE-2019-16275)
 - Fix NULL dereference in d-bus handler when P2P control interface is removed (rh #1752780)