Compare commits
No commits in common. "c9-beta" and "c8" have entirely different histories.
@ -1,52 +0,0 @@
|
||||
From 5b093570dca1855c5bf40bcbd8d149fa6f8ea8ff Mon Sep 17 00:00:00 2001
|
||||
Message-Id: <5b093570dca1855c5bf40bcbd8d149fa6f8ea8ff.1650620058.git.davide.caratti@gmail.com>
|
||||
From: Lubomir Rintel <lkundrak@v3.sk>
|
||||
Date: Mon, 7 Mar 2022 09:54:46 +0100
|
||||
Subject: [PATCH] D-Bus: Add 'wep_disabled' capability
|
||||
|
||||
Since commit 200c7693c9a1 ('Make WEP functionality an optional build
|
||||
parameter'), WEP support is optional and, indeed, off by default.
|
||||
|
||||
The distributions are now catching up and disabling WEP in their builds.
|
||||
Unfortunately, there's no indication prior to an attempt to connect to a
|
||||
WEP network that it's not going to work. Add a capability to communicate
|
||||
that.
|
||||
|
||||
Unlike other capabilities, this one is negative. That is, it indicates
|
||||
lack of a WEP support as opposed to its presence. This is necessary
|
||||
because historically there has been no capability to indicate presence
|
||||
of WEP support and therefore NetworkManager (and probably others) just
|
||||
assumes it's there.
|
||||
|
||||
Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
|
||||
Acked-by: Davide Caratti <davide.caratti@gmail.com>
|
||||
---
|
||||
wpa_supplicant/dbus/dbus_new_handlers.c | 5 ++++-
|
||||
1 file changed, 4 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/wpa_supplicant/dbus/dbus_new_handlers.c b/wpa_supplicant/dbus/dbus_new_handlers.c
|
||||
index 1c9ded09a..0b1002bf1 100644
|
||||
--- a/wpa_supplicant/dbus/dbus_new_handlers.c
|
||||
+++ b/wpa_supplicant/dbus/dbus_new_handlers.c
|
||||
@@ -1121,7 +1121,7 @@ dbus_bool_t wpas_dbus_getter_global_capabilities(
|
||||
const struct wpa_dbus_property_desc *property_desc,
|
||||
DBusMessageIter *iter, DBusError *error, void *user_data)
|
||||
{
|
||||
- const char *capabilities[13];
|
||||
+ const char *capabilities[14];
|
||||
size_t num_items = 0;
|
||||
struct wpa_global *global = user_data;
|
||||
struct wpa_supplicant *wpa_s;
|
||||
@@ -1177,6 +1177,9 @@ dbus_bool_t wpas_dbus_getter_global_capabilities(
|
||||
#endif /* CONFIG_SUITEB192 */
|
||||
if (ext_key_id_supported)
|
||||
capabilities[num_items++] = "extended_key_id";
|
||||
+#ifndef CONFIG_WEP
|
||||
+ capabilities[num_items++] = "wep_disabled";
|
||||
+#endif /* !CONFIG_WEP */
|
||||
|
||||
return wpas_dbus_simple_array_property_getter(iter,
|
||||
DBUS_TYPE_STRING,
|
||||
--
|
||||
2.35.1
|
||||
|
@ -1,103 +0,0 @@
|
||||
From 566ce69a8d0e64093309cbde80235aa522fbf84e Mon Sep 17 00:00:00 2001
|
||||
Message-Id: <566ce69a8d0e64093309cbde80235aa522fbf84e.1652450572.git.davide.caratti@gmail.com>
|
||||
From: Jouni Malinen <quic_jouni@quicinc.com>
|
||||
Date: Thu, 5 May 2022 00:07:44 +0300
|
||||
Subject: [PATCH] EAP peer: Workaround for servers that do not support safe TLS
|
||||
renegotiation
|
||||
|
||||
The TLS protocol design for renegotiation was identified to have a
|
||||
significant security flaw in 2009 and an extension to secure this design
|
||||
was published in 2010 (RFC 5746). However, some old RADIUS
|
||||
authentication servers without support for this are still used commonly.
|
||||
|
||||
This is obviously not good from the security view point, but since there
|
||||
are cases where the user of a network service has no realistic means for
|
||||
getting the authentication server upgraded, TLS handshake may still need
|
||||
to be allowed to be able to use the network.
|
||||
|
||||
OpenSSL 3.0 disabled the client side workaround by default and this
|
||||
resulted in issues connection to some networks with insecure
|
||||
authentication servers. With OpenSSL 3.0, the client is now enforcing
|
||||
security by refusing to authenticate with such servers. The pre-3.0
|
||||
behavior of ignoring this issue and leaving security to the server can
|
||||
now be enabled with a new phase1 parameter allow_unsafe_renegotiation=1.
|
||||
This should be used only when having to connect to a network that has an
|
||||
insecure authentication server that cannot be upgraded.
|
||||
|
||||
The old (pre-2010) TLS renegotiation mechanism might open security
|
||||
vulnerabilities if the authentication server were to allow TLS
|
||||
renegotiation to be initiated. While this is unlikely to cause real
|
||||
issues with EAP-TLS, there might be cases where use of PEAP or TTLS with
|
||||
an authentication server that does not support RFC 5746 might result in
|
||||
a security vulnerability.
|
||||
|
||||
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
|
||||
---
|
||||
src/crypto/tls.h | 1 +
|
||||
src/crypto/tls_openssl.c | 5 +++++
|
||||
src/eap_peer/eap_tls_common.c | 4 ++++
|
||||
wpa_supplicant/wpa_supplicant.conf | 5 +++++
|
||||
4 files changed, 15 insertions(+)
|
||||
|
||||
diff --git a/src/crypto/tls.h b/src/crypto/tls.h
|
||||
index ccaac94c9..7ea32ee4a 100644
|
||||
--- a/src/crypto/tls.h
|
||||
+++ b/src/crypto/tls.h
|
||||
@@ -112,6 +112,7 @@ struct tls_config {
|
||||
#define TLS_CONN_ENABLE_TLSv1_1 BIT(15)
|
||||
#define TLS_CONN_ENABLE_TLSv1_2 BIT(16)
|
||||
#define TLS_CONN_TEAP_ANON_DH BIT(17)
|
||||
+#define TLS_CONN_ALLOW_UNSAFE_RENEGOTIATION BIT(18)
|
||||
|
||||
/**
|
||||
* struct tls_connection_params - Parameters for TLS connection
|
||||
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
|
||||
index 388c6b0f4..0d23f44ad 100644
|
||||
--- a/src/crypto/tls_openssl.c
|
||||
+++ b/src/crypto/tls_openssl.c
|
||||
@@ -3081,6 +3081,11 @@ static int tls_set_conn_flags(struct tls_connection *conn, unsigned int flags,
|
||||
SSL_clear_options(ssl, SSL_OP_NO_TICKET);
|
||||
#endif /* SSL_OP_NO_TICKET */
|
||||
|
||||
+#ifdef SSL_OP_LEGACY_SERVER_CONNECT
|
||||
+ if (flags & TLS_CONN_ALLOW_UNSAFE_RENEGOTIATION)
|
||||
+ SSL_set_options(ssl, SSL_OP_LEGACY_SERVER_CONNECT);
|
||||
+#endif /* SSL_OP_LEGACY_SERVER_CONNECT */
|
||||
+
|
||||
#ifdef SSL_OP_NO_TLSv1
|
||||
if (flags & TLS_CONN_DISABLE_TLSv1_0)
|
||||
SSL_set_options(ssl, SSL_OP_NO_TLSv1);
|
||||
diff --git a/src/eap_peer/eap_tls_common.c b/src/eap_peer/eap_tls_common.c
|
||||
index 06c9b211e..6193b4bdb 100644
|
||||
--- a/src/eap_peer/eap_tls_common.c
|
||||
+++ b/src/eap_peer/eap_tls_common.c
|
||||
@@ -102,6 +102,10 @@ static void eap_tls_params_flags(struct tls_connection_params *params,
|
||||
params->flags |= TLS_CONN_SUITEB_NO_ECDH;
|
||||
if (os_strstr(txt, "tls_suiteb_no_ecdh=0"))
|
||||
params->flags &= ~TLS_CONN_SUITEB_NO_ECDH;
|
||||
+ if (os_strstr(txt, "allow_unsafe_renegotiation=1"))
|
||||
+ params->flags |= TLS_CONN_ALLOW_UNSAFE_RENEGOTIATION;
|
||||
+ if (os_strstr(txt, "allow_unsafe_renegotiation=0"))
|
||||
+ params->flags &= ~TLS_CONN_ALLOW_UNSAFE_RENEGOTIATION;
|
||||
}
|
||||
|
||||
|
||||
diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf
|
||||
index a1dc769c9..b5304a77e 100644
|
||||
--- a/wpa_supplicant/wpa_supplicant.conf
|
||||
+++ b/wpa_supplicant/wpa_supplicant.conf
|
||||
@@ -1370,6 +1370,11 @@ fast_reauth=1
|
||||
# tls_suiteb=0 - do not apply Suite B 192-bit constraints on TLS (default)
|
||||
# tls_suiteb=1 - apply Suite B 192-bit constraints on TLS; this is used in
|
||||
# particular when using Suite B with RSA keys of >= 3K (3072) bits
|
||||
+# allow_unsafe_renegotiation=1 - allow connection with a TLS server that does
|
||||
+# not support safe renegotiation (RFC 5746); please note that this
|
||||
+# workaround should be only when having to authenticate with an old
|
||||
+# authentication server that cannot be updated to use secure TLS
|
||||
+# implementation.
|
||||
#
|
||||
# Following certificate/private key fields are used in inner Phase2
|
||||
# authentication when using EAP-TTLS or EAP-PEAP.
|
||||
--
|
||||
2.35.1
|
||||
|
@ -1,106 +0,0 @@
|
||||
From a561d12d24c2c8bb0f825d4a3a55a5e47e845853 Mon Sep 17 00:00:00 2001
|
||||
Message-Id: <a561d12d24c2c8bb0f825d4a3a55a5e47e845853.1652450863.git.davide.caratti@gmail.com>
|
||||
From: Jouni Malinen <quic_jouni@quicinc.com>
|
||||
Date: Wed, 4 May 2022 23:55:38 +0300
|
||||
Subject: [PATCH] EAP peer status notification for server not supporting RFC
|
||||
5746
|
||||
|
||||
Add a notification message to indicate reason for TLS handshake failure
|
||||
due to the server not supporting safe renegotiation (RFC 5746).
|
||||
|
||||
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
|
||||
---
|
||||
src/ap/authsrv.c | 3 +++
|
||||
src/crypto/tls.h | 3 ++-
|
||||
src/crypto/tls_openssl.c | 15 +++++++++++++--
|
||||
src/eap_peer/eap.c | 5 +++++
|
||||
4 files changed, 23 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/ap/authsrv.c b/src/ap/authsrv.c
|
||||
index 516c1da74..fd9c96fad 100644
|
||||
--- a/src/ap/authsrv.c
|
||||
+++ b/src/ap/authsrv.c
|
||||
@@ -169,6 +169,9 @@ static void authsrv_tls_event(void *ctx, enum tls_event ev,
|
||||
wpa_printf(MSG_DEBUG, "authsrv: remote TLS alert: %s",
|
||||
data->alert.description);
|
||||
break;
|
||||
+ case TLS_UNSAFE_RENEGOTIATION_DISABLED:
|
||||
+ /* Not applicable to TLS server */
|
||||
+ break;
|
||||
}
|
||||
}
|
||||
#endif /* EAP_TLS_FUNCS */
|
||||
diff --git a/src/crypto/tls.h b/src/crypto/tls.h
|
||||
index 7ea32ee4a..7a2ee32df 100644
|
||||
--- a/src/crypto/tls.h
|
||||
+++ b/src/crypto/tls.h
|
||||
@@ -22,7 +22,8 @@ enum tls_event {
|
||||
TLS_CERT_CHAIN_SUCCESS,
|
||||
TLS_CERT_CHAIN_FAILURE,
|
||||
TLS_PEER_CERTIFICATE,
|
||||
- TLS_ALERT
|
||||
+ TLS_ALERT,
|
||||
+ TLS_UNSAFE_RENEGOTIATION_DISABLED,
|
||||
};
|
||||
|
||||
/*
|
||||
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
|
||||
index 0d23f44ad..912471ba2 100644
|
||||
--- a/src/crypto/tls_openssl.c
|
||||
+++ b/src/crypto/tls_openssl.c
|
||||
@@ -4443,6 +4443,7 @@ int tls_connection_get_eap_fast_key(void *tls_ctx, struct tls_connection *conn,
|
||||
static struct wpabuf *
|
||||
openssl_handshake(struct tls_connection *conn, const struct wpabuf *in_data)
|
||||
{
|
||||
+ struct tls_context *context = conn->context;
|
||||
int res;
|
||||
struct wpabuf *out_data;
|
||||
|
||||
@@ -4472,7 +4473,19 @@ openssl_handshake(struct tls_connection *conn, const struct wpabuf *in_data)
|
||||
wpa_printf(MSG_DEBUG, "SSL: SSL_connect - want to "
|
||||
"write");
|
||||
else {
|
||||
+ unsigned long error = ERR_peek_last_error();
|
||||
+
|
||||
tls_show_errors(MSG_INFO, __func__, "SSL_connect");
|
||||
+
|
||||
+ if (context->event_cb &&
|
||||
+ ERR_GET_LIB(error) == ERR_LIB_SSL &&
|
||||
+ ERR_GET_REASON(error) ==
|
||||
+ SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED) {
|
||||
+ context->event_cb(
|
||||
+ context->cb_ctx,
|
||||
+ TLS_UNSAFE_RENEGOTIATION_DISABLED,
|
||||
+ NULL);
|
||||
+ }
|
||||
conn->failed++;
|
||||
if (!conn->server && !conn->client_hello_generated) {
|
||||
/* The server would not understand TLS Alert
|
||||
@@ -4495,8 +4508,6 @@ openssl_handshake(struct tls_connection *conn, const struct wpabuf *in_data)
|
||||
if ((conn->flags & TLS_CONN_SUITEB) && !conn->server &&
|
||||
os_strncmp(SSL_get_cipher(conn->ssl), "DHE-", 4) == 0 &&
|
||||
conn->server_dh_prime_len < 3072) {
|
||||
- struct tls_context *context = conn->context;
|
||||
-
|
||||
/*
|
||||
* This should not be reached since earlier cert_cb should have
|
||||
* terminated the handshake. Keep this check here for extra
|
||||
diff --git a/src/eap_peer/eap.c b/src/eap_peer/eap.c
|
||||
index 429b20d3a..729388f4f 100644
|
||||
--- a/src/eap_peer/eap.c
|
||||
+++ b/src/eap_peer/eap.c
|
||||
@@ -2172,6 +2172,11 @@ static void eap_peer_sm_tls_event(void *ctx, enum tls_event ev,
|
||||
eap_notify_status(sm, "remote TLS alert",
|
||||
data->alert.description);
|
||||
break;
|
||||
+ case TLS_UNSAFE_RENEGOTIATION_DISABLED:
|
||||
+ wpa_printf(MSG_INFO,
|
||||
+ "TLS handshake failed due to the server not supporting safe renegotiation (RFC 5746); phase1 parameter allow_unsafe_renegotiation=1 can be used to work around this");
|
||||
+ eap_notify_status(sm, "unsafe server renegotiation", "failure");
|
||||
+ break;
|
||||
}
|
||||
|
||||
os_free(hash_hex);
|
||||
--
|
||||
2.35.1
|
||||
|
47
SOURCES/build-config
Normal file
47
SOURCES/build-config
Normal file
@ -0,0 +1,47 @@
|
||||
CONFIG_CTRL_IFACE=y
|
||||
CONFIG_CTRL_IFACE_DBUS=y
|
||||
CONFIG_CTRL_IFACE_DBUS_NEW=y
|
||||
CONFIG_CTRL_IFACE_DBUS_INTRO=y
|
||||
CONFIG_LIBNL32=y
|
||||
CONFIG_DRIVER_NL80211=y
|
||||
CONFIG_DRIVER_WIRED=y
|
||||
CONFIG_DRIVER_MACSEC_LINUX=y
|
||||
CONFIG_IEEE8021X_EAPOL=y
|
||||
CONFIG_EAP_MD5=y
|
||||
CONFIG_EAP_MSCHAPV2=y
|
||||
CONFIG_EAP_TLS=y
|
||||
CONFIG_EAP_PEAP=y
|
||||
CONFIG_EAP_TTLS=y
|
||||
CONFIG_EAP_FAST=y
|
||||
CONFIG_EAP_GTC=y
|
||||
CONFIG_EAP_OTP=y
|
||||
CONFIG_EAP_AKA=y
|
||||
CONFIG_EAP_PAX=y
|
||||
CONFIG_EAP_LEAP=y
|
||||
CONFIG_EAP_SAKE=y
|
||||
CONFIG_EAP_GPSK=y
|
||||
CONFIG_EAP_GPSK_SHA256=y
|
||||
CONFIG_EAP_TNC=y
|
||||
CONFIG_WPS=y
|
||||
CONFIG_EAP_IKEV2=y
|
||||
CONFIG_PKCS12=y
|
||||
CONFIG_SMARTCARD=y
|
||||
CONFIG_DEBUG_SYSLOG=y
|
||||
CONFIG_DEBUG_FILE=y
|
||||
CONFIG_BACKEND=file
|
||||
CONFIG_PEERKEY=y
|
||||
CONFIG_BGSCAN_SIMPLE=y
|
||||
#CONFIG_FIPS=y
|
||||
CONFIG_AP=y
|
||||
CONFIG_P2P=y
|
||||
CONFIG_IBSS_RSN=y
|
||||
CONFIG_IEEE80211N=y
|
||||
CONFIG_MACSEC=y
|
||||
CONFIG_TLS_DEFAULT_CIPHERS="PROFILE=SYSTEM:3DES"
|
||||
CONFIG_IEEE80211W=y
|
||||
CONFIG_SAE=y
|
||||
CONFIG_OWE=y
|
||||
CONFIG_DPP=y
|
||||
CONFIG_WIFI_DISPLAY=y
|
||||
CONFIG_SUITEB192=y
|
||||
CONFIG_WEP=Y
|
21
SOURCES/rh1542234-remove-wpa_gui.patch
Normal file
21
SOURCES/rh1542234-remove-wpa_gui.patch
Normal file
@ -0,0 +1,21 @@
|
||||
--- a/wpa_supplicant/doc/docbook/Makefile
|
||||
+++ b/wpa_supplicant/doc/docbook/Makefile
|
||||
@@ -2,9 +2,7 @@ all: man html pdf
|
||||
|
||||
FILES += wpa_background
|
||||
FILES += wpa_cli
|
||||
-FILES += wpa_gui
|
||||
FILES += wpa_passphrase
|
||||
-FILES += wpa_priv
|
||||
FILES += wpa_supplicant.conf
|
||||
FILES += wpa_supplicant
|
||||
FILES += eapol_test
|
||||
@@ -21,7 +19,7 @@ pdf:
|
||||
|
||||
|
||||
clean:
|
||||
- rm -f wpa_background.8 wpa_cli.8 wpa_gui.8 wpa_passphrase.8 wpa_priv.8 wpa_supplicant.8 eapol_test.8
|
||||
+ rm -f wpa_background.8 wpa_cli.8 wpa_passphrase.8 wpa_supplicant.8 eapol_test.8
|
||||
rm -f wpa_supplicant.conf.5
|
||||
rm -f manpage.links manpage.refs
|
||||
rm -f $(FILES:%=%.pdf)
|
@ -1,71 +0,0 @@
|
||||
From 72ee1e934e98ea87e4de292958817e724114703e Mon Sep 17 00:00:00 2001
|
||||
From: Lubomir Rintel <lkundrak@v3.sk>
|
||||
Date: Fri, 6 Sep 2019 09:46:00 +0200
|
||||
Subject: [PATCH] defconfig: Fedora configuration
|
||||
|
||||
---
|
||||
wpa_supplicant/defconfig | 16 +++++++++-------
|
||||
1 file changed, 9 insertions(+), 7 deletions(-)
|
||||
|
||||
--- a/wpa_supplicant/defconfig
|
||||
+++ b/wpa_supplicant/defconfig
|
||||
@@ -146,7 +146,7 @@ CONFIG_EAP_PAX=y
|
||||
CONFIG_EAP_LEAP=y
|
||||
|
||||
# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used)
|
||||
-#CONFIG_EAP_AKA=y
|
||||
+CONFIG_EAP_AKA=y
|
||||
|
||||
# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used).
|
||||
# This requires CONFIG_EAP_AKA to be enabled, too.
|
||||
@@ -338,6 +338,7 @@ CONFIG_BACKEND=file
|
||||
# Select which ciphers to use by default with OpenSSL if the user does not
|
||||
# specify them.
|
||||
#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW"
|
||||
+CONFIG_TLS_DEFAULT_CIPHERS="PROFILE=SYSTEM:3DES"
|
||||
|
||||
# If CONFIG_TLS=internal is used, additional library and include paths are
|
||||
# needed for LibTomMath. Alternatively, an integrated, minimal version of
|
||||
@@ -390,7 +391,7 @@ CONFIG_CTRL_IFACE_DBUS_INTRO=y
|
||||
#CONFIG_DYNAMIC_EAP_METHODS=y
|
||||
|
||||
# IEEE Std 802.11r-2008 (Fast BSS Transition) for station mode
|
||||
-CONFIG_IEEE80211R=y
|
||||
+#CONFIG_IEEE80211R=y
|
||||
|
||||
# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt)
|
||||
CONFIG_DEBUG_FILE=y
|
||||
@@ -469,7 +470,7 @@ CONFIG_DEBUG_SYSLOG=y
|
||||
# Should we attempt to use the getrandom(2) call that provides more reliable
|
||||
# yet secure randomness source than /dev/random on Linux 3.17 and newer.
|
||||
# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
|
||||
-#CONFIG_GETRANDOM=y
|
||||
+CONFIG_GETRANDOM=y
|
||||
|
||||
# IEEE 802.11ac (Very High Throughput) support (mainly for AP mode)
|
||||
CONFIG_IEEE80211AC=y
|
||||
@@ -587,7 +588,7 @@ CONFIG_IBSS_RSN=y
|
||||
#CONFIG_PMKSA_CACHE_EXTERNAL=y
|
||||
|
||||
# Mesh Networking (IEEE 802.11s)
|
||||
-#CONFIG_MESH=y
|
||||
+CONFIG_MESH=y
|
||||
|
||||
# Background scanning modules
|
||||
# These can be used to request wpa_supplicant to perform background scanning
|
||||
@@ -601,7 +602,7 @@ CONFIG_BGSCAN_SIMPLE=y
|
||||
|
||||
# Opportunistic Wireless Encryption (OWE)
|
||||
# Experimental implementation of draft-harkins-owe-07.txt
|
||||
-#CONFIG_OWE=y
|
||||
+CONFIG_OWE=y
|
||||
|
||||
# Device Provisioning Protocol (DPP) (also known as Wi-Fi Easy Connect)
|
||||
CONFIG_DPP=y
|
||||
@@ -633,3 +634,6 @@ CONFIG_DPP2=y
|
||||
# design is still subject to change. As such, this should not yet be enabled in
|
||||
# production use.
|
||||
#CONFIG_PASN=y
|
||||
+#
|
||||
+CONFIG_SUITEB192=y
|
||||
+
|
@ -1,43 +1,39 @@
|
||||
%define rcver %{nil}
|
||||
%define snapshot %{nil}
|
||||
|
||||
%global _hardened_build 1
|
||||
%if 0%{?fedora}
|
||||
%bcond_without gui
|
||||
%else
|
||||
%bcond_with gui
|
||||
%endif
|
||||
|
||||
Summary: WPA/WPA2/IEEE 802.1X Supplicant
|
||||
Name: wpa_supplicant
|
||||
Epoch: 1
|
||||
Version: 2.10
|
||||
Release: 4%{?dist}
|
||||
Release: 1%{?dist}
|
||||
License: BSD
|
||||
Source0: http://w1.fi/releases/%{name}-%{version}.tar.gz
|
||||
Source1: wpa_supplicant.conf
|
||||
Source2: wpa_supplicant.service
|
||||
Source3: wpa_supplicant.sysconfig
|
||||
Source4: wpa_supplicant.logrotate
|
||||
Group: System Environment/Base
|
||||
Source0: http://w1.fi/releases/%{name}-%{version}%{rcver}%{snapshot}.tar.gz
|
||||
Source1: build-config
|
||||
Source2: %{name}.conf
|
||||
Source3: %{name}.service
|
||||
Source4: %{name}.sysconfig
|
||||
Source6: %{name}.logrotate
|
||||
|
||||
%define build_gui 0
|
||||
|
||||
# distro specific customization and not suitable for upstream,
|
||||
# Fedora-specific updates to defconfig
|
||||
Patch0: wpa_supplicant-config.patch
|
||||
# works around busted drivers
|
||||
Patch1: wpa_supplicant-assoc-timeout.patch
|
||||
Patch0: wpa_supplicant-assoc-timeout.patch
|
||||
# ensures that debug output gets flushed immediately to help diagnose driver
|
||||
# bugs, not suitable for upstream
|
||||
Patch2: wpa_supplicant-flush-debug-output.patch
|
||||
Patch1: wpa_supplicant-flush-debug-output.patch
|
||||
# quiet an annoying and frequent syslog message
|
||||
Patch3: wpa_supplicant-quiet-scan-results-message.patch
|
||||
# distro specific customization for Qt4 build tools, not suitable for upstream
|
||||
Patch4: wpa_supplicant-gui-qt4.patch
|
||||
# backport fix for bz2063730
|
||||
Patch5: 0001-D-Bus-Add-wep_disabled-capability.patch
|
||||
# backport fix for bz2077973
|
||||
Patch6: 0001-EAP-peer-Workaround-for-servers-that-do-not-support-.patch
|
||||
Patch7: 0001-EAP-peer-status-notification-for-server-not-supporti.patch
|
||||
Patch5: rh1542234-remove-wpa_gui.patch
|
||||
Patch6: wpa_supplicant-gui-qt4.patch
|
||||
|
||||
URL: http://w1.fi/wpa_supplicant/
|
||||
|
||||
%if %with gui
|
||||
%if %{build_gui}
|
||||
BuildRequires: qt-devel >= 4.0
|
||||
%endif
|
||||
BuildRequires: openssl-devel
|
||||
@ -46,7 +42,6 @@ BuildRequires: dbus-devel
|
||||
BuildRequires: libnl3-devel
|
||||
BuildRequires: systemd-units
|
||||
BuildRequires: docbook-utils
|
||||
BuildRequires: gcc
|
||||
Requires(post): systemd-sysv
|
||||
Requires(post): systemd
|
||||
Requires(preun): systemd
|
||||
@ -66,83 +61,81 @@ component that is used in the client stations. It implements key negotiation
|
||||
with a WPA Authenticator and it controls the roaming and IEEE 802.11
|
||||
authentication/association of the wlan driver.
|
||||
|
||||
%if %{build_gui}
|
||||
|
||||
%if %with gui
|
||||
%package gui
|
||||
Summary: Graphical User Interface for %{name}
|
||||
Group: Applications/System
|
||||
|
||||
%description gui
|
||||
Graphical User Interface for wpa_supplicant written using QT
|
||||
|
||||
%endif
|
||||
|
||||
|
||||
%prep
|
||||
%autosetup -p1 -n %{name}-%{version}
|
||||
|
||||
%autosetup -p1 -n %{name}-%{version}%{rcver}%{snapshot}
|
||||
|
||||
%build
|
||||
pushd wpa_supplicant
|
||||
cp defconfig .config
|
||||
export CFLAGS="${CFLAGS:-%optflags} -fPIE -DPIE"
|
||||
export CXXFLAGS="${CXXFLAGS:-%optflags} -fPIE -DPIE"
|
||||
export LDFLAGS="${LDFLAGS:-%optflags} -pie -Wl,-z,now"
|
||||
cp %{SOURCE1} .config
|
||||
CFLAGS="${CFLAGS:-%optflags} -fPIE -DPIE" ; export CFLAGS ;
|
||||
CXXFLAGS="${CXXFLAGS:-%optflags} -fPIE -DPIE" ; export CXXFLAGS ;
|
||||
LDFLAGS="${LDFLAGS:-%optflags} -pie -Wl,-z,now" ; export LDFLAGS ;
|
||||
# yes, BINDIR=_sbindir
|
||||
export BINDIR="%{_sbindir}"
|
||||
export LIBDIR="%{_libdir}"
|
||||
make %{_smp_mflags} V=1
|
||||
%if %with gui
|
||||
make wpa_gui-qt4 %{_smp_mflags} V=1 QTDIR=%{_libdir}/qt4 \
|
||||
QMAKE='%{qmake_qt4}' LRELEASE='%{_qt4_bindir}/lrelease'
|
||||
%endif
|
||||
make eapol_test V=1
|
||||
make -C doc/docbook man V=1
|
||||
%if !%with gui
|
||||
rm doc/docbook/wpa_gui.8
|
||||
BINDIR="%{_sbindir}" ; export BINDIR ;
|
||||
LIBDIR="%{_libdir}" ; export LIBDIR ;
|
||||
make %{_smp_mflags}
|
||||
%if %{build_gui}
|
||||
QTDIR=%{_libdir}/qt4 make wpa_gui-qt4 %{_smp_mflags} QMAKE='%{qmake_qt4}' LRELEASE='%{_qt4_bindir}/lrelease'
|
||||
%endif
|
||||
make eapol_test
|
||||
popd
|
||||
|
||||
pushd wpa_supplicant/doc/docbook
|
||||
make man
|
||||
popd
|
||||
|
||||
%install
|
||||
# config
|
||||
install -D -m 0600 %{SOURCE1} %{buildroot}/%{_sysconfdir}/wpa_supplicant/wpa_supplicant.conf
|
||||
|
||||
# init scripts
|
||||
install -D -m 0644 %{SOURCE2} %{buildroot}/%{_unitdir}/wpa_supplicant.service
|
||||
install -D -m 0644 %{SOURCE3} %{buildroot}/%{_sysconfdir}/sysconfig/wpa_supplicant
|
||||
install -D -m 0644 %{SOURCE4} %{buildroot}/%{_sysconfdir}/logrotate.d/wpa_supplicant
|
||||
install -D -m 0644 %{SOURCE3} %{buildroot}/%{_unitdir}/%{name}.service
|
||||
install -D -m 0644 %{SOURCE4} %{buildroot}/%{_sysconfdir}/sysconfig/%{name}
|
||||
install -D -m 0644 %{SOURCE6} %{buildroot}/%{_sysconfdir}/logrotate.d/%{name}
|
||||
|
||||
# config
|
||||
install -D -m 0600 %{SOURCE2} %{buildroot}/%{_sysconfdir}/%{name}/%{name}.conf
|
||||
|
||||
# binary
|
||||
install -d %{buildroot}/%{_sbindir}
|
||||
install -m 0755 wpa_supplicant/wpa_passphrase %{buildroot}/%{_sbindir}
|
||||
install -m 0755 wpa_supplicant/wpa_cli %{buildroot}/%{_sbindir}
|
||||
install -m 0755 wpa_supplicant/wpa_supplicant %{buildroot}/%{_sbindir}
|
||||
install -m 0755 wpa_supplicant/eapol_test %{buildroot}/%{_sbindir}
|
||||
install -D -m 0644 wpa_supplicant/dbus/dbus-wpa_supplicant.conf \
|
||||
%{buildroot}/%{_sysconfdir}/dbus-1/system.d/wpa_supplicant.conf
|
||||
install -D -m 0644 wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service \
|
||||
%{buildroot}/%{_datadir}/dbus-1/system-services/fi.w1.wpa_supplicant1.service
|
||||
install -m 0755 %{name}/wpa_passphrase %{buildroot}/%{_sbindir}
|
||||
install -m 0755 %{name}/wpa_cli %{buildroot}/%{_sbindir}
|
||||
install -m 0755 %{name}/wpa_supplicant %{buildroot}/%{_sbindir}
|
||||
install -m 0755 %{name}/eapol_test %{buildroot}/%{_sbindir}
|
||||
install -D -m 0644 %{name}/dbus/dbus-wpa_supplicant.conf %{buildroot}/%{_sysconfdir}/dbus-1/system.d/wpa_supplicant.conf
|
||||
install -D -m 0644 %{name}/dbus/fi.w1.wpa_supplicant1.service %{buildroot}/%{_datadir}/dbus-1/system-services/fi.w1.wpa_supplicant1.service
|
||||
|
||||
%if %with gui
|
||||
%if %{build_gui}
|
||||
# gui
|
||||
install -d %{buildroot}/%{_bindir}
|
||||
install -m 0755 wpa_supplicant/wpa_gui-qt4/wpa_gui %{buildroot}/%{_bindir}
|
||||
install -m 0755 %{name}/wpa_gui-qt4/wpa_gui %{buildroot}/%{_bindir}
|
||||
%else
|
||||
rm -f %{name}/doc/docbook/wpa_gui.8
|
||||
%endif
|
||||
|
||||
rm -f %{name}/doc/docbook/wpa_priv.8
|
||||
|
||||
# man pages
|
||||
install -d %{buildroot}%{_mandir}/man{5,8}
|
||||
install -m 0644 wpa_supplicant/doc/docbook/*.8 %{buildroot}%{_mandir}/man8
|
||||
install -m 0644 wpa_supplicant/doc/docbook/*.5 %{buildroot}%{_mandir}/man5
|
||||
install -m 0644 %{name}/doc/docbook/*.8 %{buildroot}%{_mandir}/man8
|
||||
install -m 0644 %{name}/doc/docbook/*.5 %{buildroot}%{_mandir}/man5
|
||||
|
||||
# some cleanup in docs and examples
|
||||
rm -f wpa_supplicant/doc/.cvsignore
|
||||
rm -rf wpa_supplicant/doc/docbook
|
||||
chmod -R 0644 wpa_supplicant/examples/*.py
|
||||
|
||||
rm -f %{name}/doc/.cvsignore
|
||||
rm -rf %{name}/doc/docbook
|
||||
chmod -R 0644 %{name}/examples/*.py
|
||||
|
||||
%post
|
||||
%systemd_post wpa_supplicant.service
|
||||
|
||||
|
||||
%preun
|
||||
%systemd_preun wpa_supplicant.service
|
||||
|
||||
@ -158,163 +151,78 @@ chmod -R 0644 wpa_supplicant/examples/*.py
|
||||
|
||||
|
||||
%files
|
||||
%config(noreplace) %{_sysconfdir}/wpa_supplicant/wpa_supplicant.conf
|
||||
%config(noreplace) %{_sysconfdir}/sysconfig/wpa_supplicant
|
||||
%dir %{_sysconfdir}/logrotate.d
|
||||
%config(noreplace) %{_sysconfdir}/logrotate.d/wpa_supplicant
|
||||
%{_unitdir}/wpa_supplicant.service
|
||||
%{_sysconfdir}/dbus-1/system.d/wpa_supplicant.conf
|
||||
%license COPYING
|
||||
%doc %{name}/ChangeLog README %{name}/eap_testing.txt %{name}/todo.txt %{name}/wpa_supplicant.conf %{name}/examples
|
||||
%config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf
|
||||
%config(noreplace) %{_sysconfdir}/sysconfig/%{name}
|
||||
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
|
||||
%{_unitdir}/%{name}.service
|
||||
%{_sysconfdir}/dbus-1/system.d/%{name}.conf
|
||||
%{_datadir}/dbus-1/system-services/fi.w1.wpa_supplicant1.service
|
||||
%{_sbindir}/wpa_passphrase
|
||||
%{_sbindir}/wpa_supplicant
|
||||
%{_sbindir}/wpa_cli
|
||||
%{_sbindir}/eapol_test
|
||||
%dir %{_sysconfdir}/wpa_supplicant
|
||||
%{_mandir}/man8/wpa_supplicant.8.gz
|
||||
%{_mandir}/man8/wpa_priv.8.gz
|
||||
%{_mandir}/man8/wpa_passphrase.8.gz
|
||||
%{_mandir}/man8/wpa_cli.8.gz
|
||||
%{_mandir}/man8/wpa_background.8.gz
|
||||
%{_mandir}/man8/eapol_test.8.gz
|
||||
%dir %{_sysconfdir}/%{name}
|
||||
%{_mandir}/man8/*
|
||||
%{_mandir}/man5/*
|
||||
%doc README
|
||||
%doc wpa_supplicant/ChangeLog
|
||||
%doc wpa_supplicant/eap_testing.txt
|
||||
%doc wpa_supplicant/todo.txt
|
||||
%doc wpa_supplicant/wpa_supplicant.conf
|
||||
%doc wpa_supplicant/examples
|
||||
%license COPYING
|
||||
|
||||
|
||||
%if %with gui
|
||||
%if %{build_gui}
|
||||
%files gui
|
||||
%{_bindir}/wpa_gui
|
||||
%{_mandir}/man8/wpa_gui.8.gz
|
||||
%endif
|
||||
|
||||
|
||||
%changelog
|
||||
* Fri May 13 2022 Davide Caratti <dcaratti@redhat.com> - 1:2.10-4
|
||||
- Explicitly allow/disallow unsafe legacy renegotiation on configuration base.
|
||||
Resolves: rhbz#2077973
|
||||
|
||||
* Fri Apr 22 2022 Davide Caratti <dcaratti@redhat.com> - 1:2.10-3
|
||||
- Expose 'wep_disabled' capability via D-Bus. Resolves: rhbz#2063730
|
||||
|
||||
* Fri Feb 4 2022 Davide Caratti <dcaratti@redhat.com> - 1:2.10-2
|
||||
- Disable CONFIG_IEEE80211R. Resolves: rhbz#2032539
|
||||
|
||||
* Thu Jan 20 2022 Davide Caratti <dcaratti@redhat.com> - 1:2.10-1
|
||||
- Update to version 2.10. Resolves: rhbz#2042540
|
||||
- Update to version 2.10 (rh #2042104)
|
||||
|
||||
* Mon Nov 22 2021 Davide Caratti <dcaratti@redhat.com> - 1:2.9-17.20211112gitc8b94bc7b347
|
||||
* Thu Dec 9 2021 Davide Caratti <dcaratti@redhat.com> - 1:2.9-6.20211112gitc8b94bc7b347
|
||||
- restore WEP functionality (rh #2028839)
|
||||
|
||||
* Fri Nov 12 2021 Davide Caratti <dcaratti@redhat.com> - 1:2.9-5.20211112gitc8b94bc7b347
|
||||
- Update to latest upstream tree to include support for H2E
|
||||
Resolves: rhbz#2007334
|
||||
Resolves: rhbz#2007333
|
||||
|
||||
* Thu Aug 19 2021 Davide Caratti <dcaratti@redhat.com> - 1:2.9-17
|
||||
- Fix NetworkManager-CI failures with OpenSSL 3.0
|
||||
* Fri Mar 5 2021 Davide Caratti <dcaratti@redhat.com> - 1:2.9-5
|
||||
- P2P: Fix a corner case in peer addition based on PD Request (CVE-2021-27803)
|
||||
- Fix buffer overflow when processing P2P group information (CVE-2021-0326)
|
||||
|
||||
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 1:2.9-16
|
||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||
Related: rhbz#1991688
|
||||
* Fri Jan 15 2021 Davide Caratti <dcaratti@redhat.com> - 1:2.9-4
|
||||
- enable WPA-EAP-SUITE-B-192 (rh #1916394)
|
||||
|
||||
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 1:2.9-15
|
||||
- Rebuilt for RHEL 9 BETA for openssl 3.0
|
||||
Related: rhbz#1971065
|
||||
* Tue Oct 27 2020 Davide Caratti <dcaratti@redhat.com> - 1:2.9-3
|
||||
- fix p2p_listen unexpectedly stopped after 5 seconds (rh #1693684)
|
||||
- allow changing 'bridge' via D-Bus (rh #1888050)
|
||||
- expose OWE configurability via D-Bus (rh #1888718)
|
||||
|
||||
* Thu Jun 3 2021 Davide Caratti <dcaratti@redhat.com> - 1:2.9-14
|
||||
- Disable 'badfuncs' test in rpminspect. Related: rhbz#1967579
|
||||
* Tue Oct 29 2019 Davide Caratti <dcaratti@redhat.com> - 1:2.9-2
|
||||
- Fix AP mode PMF disconnection protection bypass (CVE-2019-16275)
|
||||
- Fix NULL dereference in d-bus handler when P2P control interface is removed (rh #1752780)
|
||||
- enable WIFI_DISPLAY (rh #1755941)
|
||||
|
||||
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1:2.9-13
|
||||
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
|
||||
* Mon Oct 21 2019 Davide Caratti <dcaratti@redhat.com> - 1:2.9-1
|
||||
- Update to 2.9 upstream release
|
||||
- Enable OWE, SAE and DPP (rh #1730169)
|
||||
|
||||
* Mon Mar 1 2021 Davide Caratti <dcaratti@redhat.com> - 1:2.9-12
|
||||
- Fix a corner case in peer addition based on PD Request (CVE-2021-27803)
|
||||
* Thu Feb 07 2019 Davide Caratti <dcaratti@redhat.com> - 1:2.7-2
|
||||
- Enable CI gating (rh #1682340) and add a basic selftest
|
||||
|
||||
* Thu Feb 4 2021 Davide Caratti <dcaratti@redhat.com> - 1:2.9-11
|
||||
- Fix copying of secondary device types for P2P group client (CVE-2021-0326)
|
||||
|
||||
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.9-10
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||
|
||||
* Fri Jan 22 2021 Davide Caratti <dcaratti@redhat.com> - 1:2.9-9
|
||||
- Expose OWE capability on D-Bus
|
||||
- Allow changing interface bridge using D-Bus
|
||||
|
||||
* Thu Dec 17 2020 Antonio Cardace <acardace@redhat.com> - 1:2.9-8
|
||||
- Enable WPA-EAP-SUITE-B-192 cipher suite
|
||||
|
||||
* Thu Dec 17 2020 Davide Caratti <dcaratti@redhat.com> - 1:2.9-7
|
||||
- fix build on ELN target (rh #1902609)
|
||||
|
||||
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.9-6
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
|
||||
* Mon Jun 15 2020 Benjamin Berg <bberg@redhat.com> - 1:2.9-5
|
||||
- fix some issues with P2P operation
|
||||
|
||||
* Thu Apr 23 2020 Davide Caratti <dcaratti@redhat.com> - 1:2.9-4
|
||||
- Enable Tunneled Direct Link Setup (TDLS)
|
||||
|
||||
* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.9-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||
|
||||
* Wed Oct 30 2019 Davide Caratti <dcaratti@redhat.com> - 1:2.9-2
|
||||
- fix AP mode PMF disconnection protection bypass (CVE-2019-16275, rh #1767026)
|
||||
|
||||
* Fri Aug 16 2019 Lubomir Rintel <lkundrak@v3.sk> - 1:2.9-1
|
||||
- Update to version 2.9
|
||||
|
||||
* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.8-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||
|
||||
* Fri May 10 2019 Davide Caratti <dcaratti@redhat.com> - 1:2.8-2
|
||||
- fix changelog for version 2.8-1
|
||||
|
||||
* Thu May 02 2019 Davide Caratti <dcaratti@redhat.com> - 1:2.8-1
|
||||
- Update to 2.8 upstream release, to include latest fix for NULL
|
||||
pointer dereference when EAP-PWD peer receives unexpected EAP
|
||||
fragments (CVE-2019-11555, rh #1701759)
|
||||
|
||||
* Fri Apr 12 2019 Davide Caratti <dcaratti@redhat.com> - 1:2.7-5
|
||||
- fix SAE and EAP_PWD vulnerabilities:
|
||||
CVE-2019-9494 (cache attack against SAE)
|
||||
CVE-2019-9495 (cache attack against EAP-pwd)
|
||||
CVE-2019-9496 (SAE confirm missing state validation in hostapd/AP)
|
||||
CVE-2019-9497 (EAP-pwd server not checking for reflection attack)
|
||||
CVE-2019-9498 (EAP-pwd server missing commit validation for scalar/element)
|
||||
CVE-2019-9499 (EAP-pwd peer missing commit validation for scalar/element)
|
||||
|
||||
* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.7-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||
|
||||
* Mon Jan 21 2019 Lubomir Rintel <lkundrak@v3.sk> - 1:2.7-3
|
||||
- Enable OWE and DPP
|
||||
- Expose SAE support on D-Bus
|
||||
|
||||
* Mon Jan 21 2019 Lubomir Rintel <lkundrak@v3.sk> - 1:2.7-2
|
||||
- Enable MESH & SAE
|
||||
|
||||
* Tue Dec 18 2018 Lubomir Rintel <lkundrak@v3.sk> - 1:2.7-1
|
||||
* Thu Feb 07 2019 Davide Caratti <dcaratti@redhat.com> - 1:2.7-1
|
||||
- Update to 2.7 upstream release
|
||||
|
||||
* Wed Aug 15 2018 Lubomir Rintel <lkundrak@v3.sk> - 1:2.6-20
|
||||
- Expose availability of SHA384 and FT on D-Bus
|
||||
* Mon Sep 10 2018 Davide Caratti <dcaratti@redhat.com> - 1:2.6-17
|
||||
- Fix duplicate Reassociation Request frame dropping (detected by Covscan)
|
||||
|
||||
* Wed Aug 15 2018 Lubomir Rintel <lkundrak@v3.sk> - 1:2.6-19
|
||||
- Drop the broken Pmf D-Bus property patch
|
||||
|
||||
* Wed Aug 8 2018 Davide Caratti <dcaratti@redhat.com> - 1:2.6-18
|
||||
* Fri Aug 31 2018 Davide Caratti <dcaratti@redhat.com> - 1:2.6-16
|
||||
- Ignore unauthenticated encrypted EAPOL-Key data (CVE-2018-14526)
|
||||
|
||||
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.6-17
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||
|
||||
* Fri Jun 22 2018 Davide Caratti <dcaratti@redhat.com> - 1:2.6-16
|
||||
- Fix endoding of NL80211_ATTR_SMPS_MODE (rh#1570903)
|
||||
|
||||
* Fri May 11 2018 Davide Caratti <dcaratti@redhat.com> - 1:2.6-15
|
||||
- Make PMF configurable using D-Bus (rh#1567474)
|
||||
* Thu Jul 12 2018 Davide Caratti <dcaratti@redhat.com> - 1:2.6-15
|
||||
- Disable build of wpa_gui (rh #1542234)
|
||||
- Fix build issue with latest kernel headers (rh #1582604)
|
||||
- Disable WEXT (rh #1537143)
|
||||
- Fix memory leak when macsec MKA/PSK is used (rh #1582511)
|
||||
- Fix authentication failure when the MAC is updated externally (rh #1582508)
|
||||
- Let the kernel discard EAPOL if packet type is PACKET_OTHERHOST (rh #1582501)
|
||||
|
||||
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.6-14
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
||||
|
Loading…
Reference in New Issue
Block a user