diff --git a/SOURCES/build-config b/SOURCES/build-config index e259f30..6d7aa43 100644 --- a/SOURCES/build-config +++ b/SOURCES/build-config @@ -43,3 +43,4 @@ CONFIG_SAE=y CONFIG_OWE=y CONFIG_DPP=y CONFIG_WIFI_DISPLAY=y +CONFIG_SUITEB192=y diff --git a/SOURCES/wpa_supplicant-D-Bus-Allow-changing-an-interface-bridge-via-D-Bus.patch b/SOURCES/wpa_supplicant-D-Bus-Allow-changing-an-interface-bridge-via-D-Bus.patch new file mode 100644 index 0000000..4da577e --- /dev/null +++ b/SOURCES/wpa_supplicant-D-Bus-Allow-changing-an-interface-bridge-via-D-Bus.patch @@ -0,0 +1,200 @@ +From 1c58317f56e312576b6872440f125f794e45f991 Mon Sep 17 00:00:00 2001 +Message-Id: <1c58317f56e312576b6872440f125f794e45f991.1602774933.git.davide.caratti@gmail.com> +From: Beniamino Galvani +Date: Wed, 30 Sep 2020 18:34:36 +0200 +Subject: [PATCH] D-Bus: Allow changing an interface bridge via D-Bus + +D-Bus clients can call CreateInterface() once and use the resulting +Interface object to connect multiple times to different networks. + +However, if the network interface gets added to a bridge, clients +currently have to remove the Interface object and create a new one. + +Improve this by supporting the change of the BridgeIfname property of +an existing Interface object. + +Signed-off-by: Beniamino Galvani +--- + src/rsn_supp/tdls.c | 5 +++ + wpa_supplicant/dbus/dbus_new.c | 2 +- + wpa_supplicant/dbus/dbus_new_handlers.c | 37 ++++++++++++++++ + wpa_supplicant/dbus/dbus_new_handlers.h | 1 + + wpa_supplicant/wpa_supplicant.c | 59 +++++++++++++++++++++++++ + wpa_supplicant/wpa_supplicant_i.h | 2 + + 6 files changed, 105 insertions(+), 1 deletion(-) + +diff --git a/src/rsn_supp/tdls.c b/src/rsn_supp/tdls.c +index 7b47e3ac5..eff8cd829 100644 +--- a/src/rsn_supp/tdls.c ++++ b/src/rsn_supp/tdls.c +@@ -2807,6 +2807,11 @@ int wpa_tdls_init(struct wpa_sm *sm) + if (sm == NULL) + return -1; + ++ if (sm->l2_tdls) { ++ l2_packet_deinit(sm->l2_tdls); ++ sm->l2_tdls = NULL; ++ } ++ + sm->l2_tdls = l2_packet_init(sm->bridge_ifname ? sm->bridge_ifname : + sm->ifname, + sm->own_addr, +diff --git a/wpa_supplicant/dbus/dbus_new.c b/wpa_supplicant/dbus/dbus_new.c +index 793a881ef..ab7628f87 100644 +--- a/wpa_supplicant/dbus/dbus_new.c ++++ b/wpa_supplicant/dbus/dbus_new.c +@@ -3613,7 +3613,7 @@ static const struct wpa_dbus_property_desc wpas_dbus_interface_properties[] = { + }, + { "BridgeIfname", WPAS_DBUS_NEW_IFACE_INTERFACE, "s", + wpas_dbus_getter_bridge_ifname, +- NULL, ++ wpas_dbus_setter_bridge_ifname, + NULL + }, + { "ConfigFile", WPAS_DBUS_NEW_IFACE_INTERFACE, "s", +diff --git a/wpa_supplicant/dbus/dbus_new_handlers.c b/wpa_supplicant/dbus/dbus_new_handlers.c +index 34abab752..2cfc87fa8 100644 +--- a/wpa_supplicant/dbus/dbus_new_handlers.c ++++ b/wpa_supplicant/dbus/dbus_new_handlers.c +@@ -3635,6 +3635,43 @@ dbus_bool_t wpas_dbus_getter_bridge_ifname( + } + + ++dbus_bool_t wpas_dbus_setter_bridge_ifname( ++ const struct wpa_dbus_property_desc *property_desc, ++ DBusMessageIter *iter, DBusError *error, void *user_data) ++{ ++ struct wpa_supplicant *wpa_s = user_data; ++ const char *bridge_ifname = NULL; ++ const char *msg; ++ int r; ++ ++ if (!wpas_dbus_simple_property_setter(iter, error, DBUS_TYPE_STRING, ++ &bridge_ifname)) ++ return FALSE; ++ ++ r = wpa_supplicant_update_bridge_ifname(wpa_s, bridge_ifname); ++ if (r != 0) { ++ switch (r) { ++ case -EINVAL: ++ msg = "invalid interface name"; ++ break; ++ case -EBUSY: ++ msg = "interface is busy"; ++ break; ++ case -EIO: ++ msg = "socket error"; ++ break; ++ default: ++ msg = "unknown error"; ++ break; ++ } ++ dbus_set_error_const(error, DBUS_ERROR_FAILED, msg); ++ return FALSE; ++ } ++ ++ return TRUE; ++} ++ ++ + /** + * wpas_dbus_getter_config_file - Get interface configuration file path + * @iter: Pointer to incoming dbus message iter +diff --git a/wpa_supplicant/dbus/dbus_new_handlers.h b/wpa_supplicant/dbus/dbus_new_handlers.h +index afa26efed..d528c0816 100644 +--- a/wpa_supplicant/dbus/dbus_new_handlers.h ++++ b/wpa_supplicant/dbus/dbus_new_handlers.h +@@ -167,6 +167,7 @@ DECLARE_ACCESSOR(wpas_dbus_setter_scan_interval); + DECLARE_ACCESSOR(wpas_dbus_getter_ifname); + DECLARE_ACCESSOR(wpas_dbus_getter_driver); + DECLARE_ACCESSOR(wpas_dbus_getter_bridge_ifname); ++DECLARE_ACCESSOR(wpas_dbus_setter_bridge_ifname); + DECLARE_ACCESSOR(wpas_dbus_getter_config_file); + DECLARE_ACCESSOR(wpas_dbus_getter_current_bss); + DECLARE_ACCESSOR(wpas_dbus_getter_current_network); +diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c +index 39e92fb68..a7e9e459e 100644 +--- a/wpa_supplicant/wpa_supplicant.c ++++ b/wpa_supplicant/wpa_supplicant.c +@@ -4906,6 +4906,65 @@ static void wpa_supplicant_rx_eapol_bridge(void *ctx, const u8 *src_addr, + } + + ++int wpa_supplicant_update_bridge_ifname(struct wpa_supplicant *wpa_s, ++ const char *bridge_ifname) ++{ ++ if (wpa_s->wpa_state > WPA_SCANNING) ++ return -EBUSY; ++ ++ if (bridge_ifname && ++ os_strlen(bridge_ifname) >= sizeof(wpa_s->bridge_ifname)) ++ return -EINVAL; ++ ++ if (!bridge_ifname) ++ bridge_ifname = ""; ++ ++ if (os_strcmp(wpa_s->bridge_ifname, bridge_ifname) == 0) ++ return 0; ++ ++ if (wpa_s->l2_br) { ++ l2_packet_deinit(wpa_s->l2_br); ++ wpa_s->l2_br = NULL; ++ } ++ ++ os_strlcpy(wpa_s->bridge_ifname, bridge_ifname, ++ sizeof(wpa_s->bridge_ifname)); ++ ++ if (wpa_s->bridge_ifname[0]) { ++ wpa_dbg(wpa_s, MSG_DEBUG, ++ "Receiving packets from bridge interface '%s'", ++ wpa_s->bridge_ifname); ++ wpa_s->l2_br = l2_packet_init_bridge( ++ wpa_s->bridge_ifname, wpa_s->ifname, wpa_s->own_addr, ++ ETH_P_EAPOL, wpa_supplicant_rx_eapol_bridge, wpa_s, 1); ++ if (!wpa_s->l2_br) { ++ wpa_msg(wpa_s, MSG_ERROR, ++ "Failed to open l2_packet connection for the bridge interface '%s'", ++ wpa_s->bridge_ifname); ++ goto fail; ++ } ++ } ++ ++#ifdef CONFIG_TDLS ++ if (!wpa_s->p2p_mgmt && wpa_tdls_init(wpa_s->wpa)) ++ goto fail; ++#endif /* CONFIG_TDLS */ ++ ++ return 0; ++fail: ++ wpa_s->bridge_ifname[0] = 0; ++ if (wpa_s->l2_br) { ++ l2_packet_deinit(wpa_s->l2_br); ++ wpa_s->l2_br = NULL; ++ } ++#ifdef CONFIG_TDLS ++ if (!wpa_s->p2p_mgmt) ++ wpa_tdls_init(wpa_s->wpa); ++#endif /* CONFIG_TDLS */ ++ return -EIO; ++} ++ ++ + /** + * wpa_supplicant_driver_init - Initialize driver interface parameters + * @wpa_s: Pointer to wpa_supplicant data +diff --git a/wpa_supplicant/wpa_supplicant_i.h b/wpa_supplicant/wpa_supplicant_i.h +index 31a9b7427..eac3491cc 100644 +--- a/wpa_supplicant/wpa_supplicant_i.h ++++ b/wpa_supplicant/wpa_supplicant_i.h +@@ -1351,6 +1351,8 @@ int wpa_supplicant_reload_configuration(struct wpa_supplicant *wpa_s); + const char * wpa_supplicant_state_txt(enum wpa_states state); + int wpa_supplicant_update_mac_addr(struct wpa_supplicant *wpa_s); + int wpa_supplicant_driver_init(struct wpa_supplicant *wpa_s); ++int wpa_supplicant_update_bridge_ifname(struct wpa_supplicant *wpa_s, ++ const char *bridge_ifname); + int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s, + struct wpa_bss *bss, struct wpa_ssid *ssid, + u8 *wpa_ie, size_t *wpa_ie_len); +-- +2.26.2 + diff --git a/SOURCES/wpa_supplicant-P2P-Always-use-global-p2p_long_listen.patch b/SOURCES/wpa_supplicant-P2P-Always-use-global-p2p_long_listen.patch new file mode 100644 index 0000000..f967fb9 --- /dev/null +++ b/SOURCES/wpa_supplicant-P2P-Always-use-global-p2p_long_listen.patch @@ -0,0 +1,112 @@ +From 9ad3c12dd1bf56824ef8b3425e057e8d1e84e69d Mon Sep 17 00:00:00 2001 +Message-Id: <9ad3c12dd1bf56824ef8b3425e057e8d1e84e69d.1602752483.git.davide.caratti@gmail.com> +From: Benjamin Berg +Date: Fri, 3 Jan 2020 22:18:51 +0100 +Subject: [PATCH] P2P: Always use global p2p_long_listen + +The p2p_long_listen value was set on the control wpa_s struct while in a +lot of cases it operated on the p2p struct. Explicitly use the global +p2p_init_wpa_s struct in cases where we might not be operating on it +already. + +Without this, simply starting a p2p_listen operation (e.g., using +wpa_cli) will not work properly. As the p2p_long_listen is set on the +controlling interface and wpas_p2p_cancel_remain_on_channel_cb() uses +p2p_init_wpa_s, it would not actually work. This results in +wpa_supplicant stopping listening after the maximum remain-on-channel +time passes when using a separate P2P Device interface. + +Signed-off-by: Benjamin Berg +--- + wpa_supplicant/p2p_supplicant.c | 19 ++++++++++--------- + 1 file changed, 10 insertions(+), 9 deletions(-) + +diff --git a/wpa_supplicant/p2p_supplicant.c b/wpa_supplicant/p2p_supplicant.c +index 95bacec19..a7d3b7f1d 100644 +--- a/wpa_supplicant/p2p_supplicant.c ++++ b/wpa_supplicant/p2p_supplicant.c +@@ -2422,7 +2422,7 @@ static void wpas_go_neg_completed(void *ctx, struct p2p_go_neg_results *res) + wpas_start_wps_enrollee(group_wpa_s, res); + } + +- wpa_s->p2p_long_listen = 0; ++ wpa_s->global->p2p_init_wpa_s->p2p_long_listen = 0; + eloop_cancel_timeout(wpas_p2p_long_listen_timeout, wpa_s, NULL); + + eloop_cancel_timeout(wpas_p2p_group_formation_timeout, wpa_s, NULL); +@@ -4750,7 +4750,8 @@ void wpas_p2p_deinit(struct wpa_supplicant *wpa_s) + eloop_cancel_timeout(wpas_p2p_psk_failure_removal, wpa_s, NULL); + eloop_cancel_timeout(wpas_p2p_group_formation_timeout, wpa_s, NULL); + eloop_cancel_timeout(wpas_p2p_join_scan, wpa_s, NULL); +- wpa_s->p2p_long_listen = 0; ++ if (wpa_s->global->p2p_init_wpa_s) ++ wpa_s->global->p2p_init_wpa_s->p2p_long_listen = 0; + eloop_cancel_timeout(wpas_p2p_long_listen_timeout, wpa_s, NULL); + eloop_cancel_timeout(wpas_p2p_group_idle_timeout, wpa_s, NULL); + wpas_p2p_remove_pending_group_interface(wpa_s); +@@ -5635,7 +5636,7 @@ int wpas_p2p_connect(struct wpa_supplicant *wpa_s, const u8 *peer_addr, + go_intent = wpa_s->conf->p2p_go_intent; + + if (!auth) +- wpa_s->p2p_long_listen = 0; ++ wpa_s->global->p2p_init_wpa_s->p2p_long_listen = 0; + + wpa_s->p2p_wps_method = wps_method; + wpa_s->p2p_persistent_group = !!persistent_group; +@@ -6952,7 +6953,7 @@ int wpas_p2p_find(struct wpa_supplicant *wpa_s, unsigned int timeout, + u8 seek_cnt, const char **seek_string, int freq) + { + wpas_p2p_clear_pending_action_tx(wpa_s); +- wpa_s->p2p_long_listen = 0; ++ wpa_s->global->p2p_init_wpa_s->p2p_long_listen = 0; + + if (wpa_s->global->p2p_disabled || wpa_s->global->p2p == NULL || + wpa_s->p2p_in_provisioning) { +@@ -6997,7 +6998,7 @@ static void wpas_p2p_scan_res_ignore_search(struct wpa_supplicant *wpa_s, + static void wpas_p2p_stop_find_oper(struct wpa_supplicant *wpa_s) + { + wpas_p2p_clear_pending_action_tx(wpa_s); +- wpa_s->p2p_long_listen = 0; ++ wpa_s->global->p2p_init_wpa_s->p2p_long_listen = 0; + eloop_cancel_timeout(wpas_p2p_long_listen_timeout, wpa_s, NULL); + eloop_cancel_timeout(wpas_p2p_join_scan, wpa_s, NULL); + +@@ -7023,7 +7024,7 @@ void wpas_p2p_stop_find(struct wpa_supplicant *wpa_s) + static void wpas_p2p_long_listen_timeout(void *eloop_ctx, void *timeout_ctx) + { + struct wpa_supplicant *wpa_s = eloop_ctx; +- wpa_s->p2p_long_listen = 0; ++ wpa_s->global->p2p_init_wpa_s->p2p_long_listen = 0; + } + + +@@ -7052,7 +7053,7 @@ int wpas_p2p_listen(struct wpa_supplicant *wpa_s, unsigned int timeout) + timeout = 3600; + } + eloop_cancel_timeout(wpas_p2p_long_listen_timeout, wpa_s, NULL); +- wpa_s->p2p_long_listen = 0; ++ wpa_s->global->p2p_init_wpa_s->p2p_long_listen = 0; + + /* + * Stop previous find/listen operation to avoid trying to request a new +@@ -7064,7 +7065,7 @@ int wpas_p2p_listen(struct wpa_supplicant *wpa_s, unsigned int timeout) + + res = wpas_p2p_listen_start(wpa_s, timeout * 1000); + if (res == 0 && timeout * 1000 > wpa_s->max_remain_on_chan) { +- wpa_s->p2p_long_listen = timeout * 1000; ++ wpa_s->global->p2p_init_wpa_s->p2p_long_listen = timeout * 1000; + eloop_register_timeout(timeout, 0, + wpas_p2p_long_listen_timeout, + wpa_s, NULL); +@@ -7171,7 +7172,7 @@ static void wpas_p2p_group_deinit(struct wpa_supplicant *wpa_s) + + int wpas_p2p_reject(struct wpa_supplicant *wpa_s, const u8 *addr) + { +- wpa_s->p2p_long_listen = 0; ++ wpa_s->global->p2p_init_wpa_s->p2p_long_listen = 0; + + if (wpa_s->global->p2p_disabled || wpa_s->global->p2p == NULL) + return -1; +-- +2.26.2 + diff --git a/SOURCES/wpa_supplicant-P2P-Fix-copying-of-secondary-device-types-for-P2P-gr.patch b/SOURCES/wpa_supplicant-P2P-Fix-copying-of-secondary-device-types-for-P2P-gr.patch new file mode 100644 index 0000000..77a5eb9 --- /dev/null +++ b/SOURCES/wpa_supplicant-P2P-Fix-copying-of-secondary-device-types-for-P2P-gr.patch @@ -0,0 +1,39 @@ +From 947272febe24a8f0ea828b5b2f35f13c3821901e Mon Sep 17 00:00:00 2001 +Message-Id: <947272febe24a8f0ea828b5b2f35f13c3821901e.1612435525.git.davide.caratti@gmail.com> +From: Jouni Malinen +Date: Mon, 9 Nov 2020 11:43:12 +0200 +Subject: [PATCH] P2P: Fix copying of secondary device types for P2P group + client + +Parsing and copying of WPS secondary device types list was verifying +that the contents is not too long for the internal maximum in the case +of WPS messages, but similar validation was missing from the case of P2P +group information which encodes this information in a different +attribute. This could result in writing beyond the memory area assigned +for these entries and corrupting memory within an instance of struct +p2p_device. This could result in invalid operations and unexpected +behavior when trying to free pointers from that corrupted memory. + +Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27269 +Fixes: e57ae6e19edf ("P2P: Keep track of secondary device types for peers") +Signed-off-by: Jouni Malinen +--- + src/p2p/p2p.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/p2p/p2p.c b/src/p2p/p2p.c +index 74b7b52ae..5cbfc217f 100644 +--- a/src/p2p/p2p.c ++++ b/src/p2p/p2p.c +@@ -453,6 +453,8 @@ static void p2p_copy_client_info(struct p2p_device *dev, + dev->info.config_methods = cli->config_methods; + os_memcpy(dev->info.pri_dev_type, cli->pri_dev_type, 8); + dev->info.wps_sec_dev_type_list_len = 8 * cli->num_sec_dev_types; ++ if (dev->info.wps_sec_dev_type_list_len > WPS_SEC_DEV_TYPE_MAX_LEN) ++ dev->info.wps_sec_dev_type_list_len = WPS_SEC_DEV_TYPE_MAX_LEN; + os_memcpy(dev->info.wps_sec_dev_type_list, cli->sec_dev_types, + dev->info.wps_sec_dev_type_list_len); + } +-- +2.29.2 + diff --git a/SOURCES/wpa_supplicant-dbus-Export-OWE-capability-and-OWE-BSS-key_mgmt.patch b/SOURCES/wpa_supplicant-dbus-Export-OWE-capability-and-OWE-BSS-key_mgmt.patch new file mode 100644 index 0000000..30a07e4 --- /dev/null +++ b/SOURCES/wpa_supplicant-dbus-Export-OWE-capability-and-OWE-BSS-key_mgmt.patch @@ -0,0 +1,62 @@ +From 7800725afb27397f7d6033d4969e2aeb61af4737 Mon Sep 17 00:00:00 2001 +Message-Id: <7800725afb27397f7d6033d4969e2aeb61af4737.1602780273.git.davide.caratti@gmail.com> +From: Beniamino Galvani +Date: Sun, 13 Oct 2019 15:18:54 +0200 +Subject: [PATCH] dbus: Export OWE capability and OWE BSS key_mgmt + +Export a new 'owe' capability to indicate that wpa_supplicant was +built with OWE support and accepts 'key_mgmt=OWE'. Also, support 'owe' +in the array of BSS' available key managements. + +Signed-off-by: Beniamino Galvani +--- + wpa_supplicant/dbus/dbus_new_handlers.c | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) + +diff --git a/wpa_supplicant/dbus/dbus_new_handlers.c b/wpa_supplicant/dbus/dbus_new_handlers.c +index d2c84e5c5..1206c3cde 100644 +--- a/wpa_supplicant/dbus/dbus_new_handlers.c ++++ b/wpa_supplicant/dbus/dbus_new_handlers.c +@@ -984,8 +984,7 @@ dbus_bool_t wpas_dbus_getter_global_capabilities( + const struct wpa_dbus_property_desc *property_desc, + DBusMessageIter *iter, DBusError *error, void *user_data) + { +- const char *capabilities[10] = { NULL, NULL, NULL, NULL, NULL, NULL, +- NULL, NULL, NULL, NULL }; ++ const char *capabilities[11]; + size_t num_items = 0; + #ifdef CONFIG_FILS + struct wpa_global *global = user_data; +@@ -1028,6 +1027,9 @@ dbus_bool_t wpas_dbus_getter_global_capabilities( + #ifdef CONFIG_SHA384 + capabilities[num_items++] = "sha384"; + #endif /* CONFIG_SHA384 */ ++#ifdef CONFIG_OWE ++ capabilities[num_items++] = "owe"; ++#endif /* CONFIG_OWE */ + + return wpas_dbus_simple_array_property_getter(iter, + DBUS_TYPE_STRING, +@@ -4491,7 +4493,7 @@ static dbus_bool_t wpas_dbus_get_bss_security_prop( + DBusMessageIter iter_dict, variant_iter; + const char *group; + const char *pairwise[5]; /* max 5 pairwise ciphers is supported */ +- const char *key_mgmt[15]; /* max 15 key managements may be supported */ ++ const char *key_mgmt[16]; /* max 16 key managements may be supported */ + int n; + + if (!dbus_message_iter_open_container(iter, DBUS_TYPE_VARIANT, +@@ -4544,6 +4546,10 @@ static dbus_bool_t wpas_dbus_get_bss_security_prop( + if (ie_data->key_mgmt & WPA_KEY_MGMT_FT_SAE) + key_mgmt[n++] = "ft-sae"; + #endif /* CONFIG_SAE */ ++#ifdef CONFIG_OWE ++ if (ie_data->key_mgmt & WPA_KEY_MGMT_OWE) ++ key_mgmt[n++] = "owe"; ++#endif /* CONFIG_OWE */ + if (ie_data->key_mgmt & WPA_KEY_MGMT_NONE) + key_mgmt[n++] = "wpa-none"; + +-- +2.26.2 + diff --git a/SPECS/wpa_supplicant.spec b/SPECS/wpa_supplicant.spec index c38315b..18d7e03 100644 --- a/SPECS/wpa_supplicant.spec +++ b/SPECS/wpa_supplicant.spec @@ -7,7 +7,7 @@ Summary: WPA/WPA2/IEEE 802.1X Supplicant Name: wpa_supplicant Epoch: 1 Version: 2.9 -Release: 2%{?dist}.1 +Release: 5%{?dist} License: BSD Group: System Environment/Base Source0: http://w1.fi/releases/%{name}-%{version}%{rcver}%{snapshot}.tar.gz @@ -34,8 +34,16 @@ Patch6: wpa_supplicant-gui-qt4.patch Patch7: wpa_supplicant-p2p-segfault-on-iface-removal.patch # fix for CVE-2019-16275 Patch8: 0001-AP-Silently-ignore-management-frame-from-unexpected-.patch -# fix for CVE-2021-27803 -Patch9: wpa_supplicant-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch +# fix for bz1693684 +Patch9: wpa_supplicant-P2P-Always-use-global-p2p_long_listen.patch +# fix for bz1888050 +Patch10: wpa_supplicant-D-Bus-Allow-changing-an-interface-bridge-via-D-Bus.patch +# fix for bz1888718 +Patch11: wpa_supplicant-dbus-Export-OWE-capability-and-OWE-BSS-key_mgmt.patch +# fix for CVE-2021-0326 +Patch12: wpa_supplicant-P2P-Fix-copying-of-secondary-device-types-for-P2P-gr.patch +# fix for CVE-2021-27803 +Patch13: wpa_supplicant-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch URL: http://w1.fi/wpa_supplicant/ @@ -179,8 +187,17 @@ chmod -R 0644 %{name}/examples/*.py %endif %changelog -* Thu Mar 4 2021 Davide Caratti - 1:2.9-2.1 +* Mon Mar 1 2021 Davide Caratti - 1:2.9-5 - P2P: Fix a corner case in peer addition based on PD Request (CVE-2021-27803) +- Fix buffer overflow when processing P2P group information (CVE-2021-0326) + +* Fri Jan 15 2021 Davide Caratti - 1:2.9-4 +- enable WPA-EAP-SUITE-B-192 (rh #1916394) + +* Tue Oct 27 2020 Davide Caratti - 1:2.9-3 +- fix p2p_listen unexpectedly stopped after 5 seconds (rh #1693684) +- allow changing 'bridge' via D-Bus (rh #1888050) +- expose OWE configurability via D-Bus (rh #1888718) * Tue Oct 29 2019 Davide Caratti - 1:2.9-2 - Fix AP mode PMF disconnection protection bypass (CVE-2019-16275)