rpms/wpa_supplicant
7
0
Fork 0
Code Issues Pull Requests Releases Activity
171 Commits 7 Branches 27 Tags 528 KiB
ce782e83be
Commit Graph

171 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Davide Caratti
ce782e83be Fix AP mode PMF disconnection protection bypass 
CVE-2019-16275

Upstream advisory: http://w1.fi/security/2019-7/ap-mode-pmf-disconnection-protection-bypass.txt

Signed-off-by: Davide Caratti <dcaratti@redhat.com>
 2019-10-30 16:30:04 +01:00
Davide Caratti
04921b87bf move wpa_gui.8.gz in the correct '%files' section 
Fixes: #1788386

Signed-off-by: Davide Caratti <dcaratti@redhat.com>
 2019-09-06 11:26:01 +02:00
Lubomir Rintel
1881d76730 SPEC file cleanup 2019-09-06 10:01:42 +02:00
Lubomir Rintel
f64f838413 Use defconfig to configure the supplicant 
This aligns the upstream configuration with ours, clearly highlighting
the differencies.
 2019-09-06 10:01:08 +02:00
Vladimír Beneš
972ffde62b tests: fix link to gitlab.freedesktop.org 2019-09-05 16:26:46 +02:00
Vladimír Beneš
c1cfbbae49 tests: add tests yml definition file 
Test basic wpa_supplicant features by using NetworkManager's wifi
and 802.1x integration tests from:

https://gitlab.freedesktop.org/NetworkManager/NetworkManager-ci
 2019-09-05 14:46:34 +02:00
Lubomir Rintel
908d38195b Update to version 2.9 2019-08-16 12:28:02 +02:00
Fedora Release Engineering
d6bd533fa7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2019-07-27 03:42:17 +00:00
Davide Caratti
9a03ae212b bump release to 2.8-2 
Signed-off-by: Davide Caratti <dcaratti@redhat.com>
 2019-05-10 18:37:28 +02:00
Davide Caratti
aa74d75567 fix incorrect information in v2.8.1 changelog 
Signed-off-by: Davide Caratti <dcaratti@redhat.com>
 2019-05-10 16:42:07 +02:00
Davide Caratti
10a177082a Update to 2.8 upstream release 
Signed-off-by: Davide Caratti <dcaratti@redhat.com>
 2019-05-02 11:30:10 +02:00
Davide Caratti
f3c614c6af fix SAE and EAP_PWD vulnerabilities 
CVE-2019-9494 (cache attack against SAE)
CVE-2019-9495 (cache attack against EAP-pwd)
CVE-2019-9496 (SAE confirm missing state validation in hostapd/AP)
CVE-2019-9497 (EAP-pwd server not checking for reflection attack)
CVE-2019-9498 (EAP-pwd server missing commit validation for scalar/element)
CVE-2019-9499 (EAP-pwd peer missing commit validation for scalar/element)

Signed-off-by: Davide Caratti <dcaratti@redhat.com>
 2019-04-12 12:14:43 +02:00
Fedora Release Engineering
ba7c0cc053 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2019-02-03 11:55:38 +00:00
Igor Gnatenko
73d3132b66 Remove obsolete Group tag 
References: https://fedoraproject.org/wiki/Changes/Remove_Group_Tag
 2019-01-28 20:24:55 +01:00
Lubomir Rintel
b324e38db0 Expose support of SAE key management on D-Bus 
Also do a new build once the WPA3 features are turned on.
 2019-01-22 13:05:32 +01:00
Lubomir Rintel
f0fc5fbf86 Enable opportunistic encryption 
Replaces open authentication in WPA3.
 2019-01-22 13:05:07 +01:00
Lubomir Rintel
5731b54061 Enable DPP 
This replaces WPS with WPA3.
 2019-01-22 13:05:07 +01:00
Lubomir Rintel
966d547f69 Enable MESH & SAE 2019-01-21 16:07:22 +01:00
Lubomir Rintel
522250ddd7 Synchronize the configuration with defconfig 
This makes it easier to track upstream changes.
 2019-01-21 15:50:27 +01:00
Lubomir Rintel
064b725fbd Update to 2.7 upstream release 
Also, drop the non-aggressive roaming patch. There doesn't seem to be
much reason to deviate from upstream here.

Modernize the spec a bit by using %autosetup.
 2018-12-18 17:31:58 +01:00
Lubomir Rintel
6671a4f075 Expose availability of SHA384 and FT on D-Bus 2018-11-29 15:19:05 +01:00
Lubomir Rintel
4356e0b173 Make the builds verbose 2018-11-29 15:08:54 +01:00
Lubomir Rintel
7f96e673cc Drop the broken Pmf D-Bus property patch 
There already is a Pmf property. And NetworkManager doesn't need it
anyways.

More here: http://lists.infradead.org/pipermail/hostap/2018-August/038754.html
 2018-08-15 14:45:49 +02:00
Davide Caratti
1a3463cc4a Ignore unauthenticated encrypted EAPOL-Key data 
CVE-2018-14526
Upstream advisory: https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt
 2018-08-08 19:27:52 +02:00
Fedora Release Engineering
ce8fa396fd - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2018-07-14 08:59:20 +00:00
Davide Caratti
7c4f7fa0c7 fix wrong encoding of NL80211_ATTR_SMPS_MODE 
https://bugzilla.redhat.com/show_bug.cgi?id=1570903
 2018-06-22 16:50:28 +02:00
Davide Caratti
f50b348f99 make PMF configurable using D-Bus 
https://bugzilla.redhat.com/show_bug.cgi?id=1567474
 2018-05-11 18:56:57 +02:00
Fedora Release Engineering
e36192aacc - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2018-02-09 21:09:00 +00:00
Davide Caratti
fc0458e34d Don't restart wpa_supplicant.service on package upgrade (rh #1535233) 
https://bugzilla.redhat.com/show_bug.cgi?id=1535233
 2018-01-16 23:12:49 +01:00
Jiří Klimeš
4d5c88f31d Enable Fast BSS Transition for station mode (rh #1372928) 
https://bugzilla.redhat.com/show_bug.cgi?id=1372928
 2017-11-01 13:09:19 +01:00
Jiří Klimeš
dadca54170 Fix crash when using MACsec without loaded macsec.ko (rh #1497640) 
https://bugzilla.redhat.com/show_bug.cgi?id=1497640
 2017-11-01 12:58:14 +01:00
Lubomir Rintel
fbf8c1b456 Fix the "Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2" issues 
Upstream advisory: https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
Details and the paper: https://www.krackattacks.com/

- hostapd: Avoid key reinstallation in FT handshake (CVE-2017-13082)
- Fix PTK rekeying to generate a new ANonce
- Prevent reinstallation of an already in-use group key and extend
  protection of GTK/IGTK reinstallation of WNM-Sleep Mode cases
  (CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081,
  CVE-2017-13087, CVE-2017-13088)
- Prevent installation of an all-zero TK
- TDLS: Reject TPK-TK reconfiguration
- WNM: Ignore WNM-Sleep Mode Response without pending request
- FT: Do not allow multiple Reassociation Response frames
 2017-10-16 13:09:02 +02:00
Lubomir Rintel
f5828996b2 Fix a bogus changelog date 2017-10-16 13:08:19 +02:00
Fedora Release Engineering
ca7cba89e1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild 2017-08-03 10:22:58 +00:00
Fedora Release Engineering
9273785be3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild 2017-07-27 21:45:30 +00:00
Beniamino Galvani
3060fdc1de OpenSSL: fix private key password callback (rh #1465138) 2017-07-17 19:04:32 +02:00
Beniamino Galvani
750ee3c11d OpenSSL: use system ciphers by default (rh#1462262) 2017-07-17 19:04:32 +02:00
Beniamino Galvani
68b720b838 nl80211: Fix race condition in detecting MAC change (rh #1451834) 2017-05-17 17:27:19 +02:00
Davide Caratti
e688ea7718 macsec: fix segmentation fault and coverity scans (rh#1428937) 2017-04-11 19:08:00 +02:00
Thomas Haller
18d8fa3c44 enable IEEE 802.11w (management frame protection, PMF) (rh#909499) 2017-03-13 14:01:14 +01:00
Davide Caratti
fb7f6658b8 backport support for IEEE 802.1AE (macsec) 2017-03-03 15:27:28 +01:00
Fedora Release Engineering
e0ed12b18c - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild 2017-02-11 17:32:07 +00:00
Jiří Klimeš
73183ae44c Enable Wi-Fi Display support for Miracast (rh #1395682) 
Patch by: Jonathan Dieter <jdieter@lesbg.com>

https://bugzilla.redhat.com/show_bug.cgi?id=1395682
 2017-01-27 12:26:42 +01:00
Lubomir Rintel
d0ad4f7e1d Update to version 2.6 2016-11-22 15:55:13 +01:00
Lubomir Rintel
022452e0f6 Don't own a directory in /run/ 2016-03-21 14:10:47 +01:00
Fedora Release Engineering
f03bcb0261 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild 2016-02-05 03:09:06 +00:00
Lubomir Rintel
20b650e1cf Really synchronize the service file with upstream 2015-11-16 18:26:53 +01:00
Lubomir Rintel
cd31a2e606 Sync the .service file with the tree 2015-11-03 10:20:13 +01:00
Lukáš Nykrýn
70ad8a7849 Scriptlets replaced with new systemd macros (rh #850369) 2015-11-03 10:06:34 +01:00
Lubomir Rintel
dfd04df55b Enable syslog by default 
This gives more relevant data to journal than logging in stdout. Also, pid file
is no longer needed, since we're a Type=dbus service.

The flat logging file is removed since it's not needed when we're logging into
journal. We probably can remove the logrotate file too.

The -u argument is moved into the service file as we can't really remove it
without changing the service's Type.
 2015-10-31 22:12:37 +01:00