[2/2] wpa_supplicant: Update to 2.10
Commit Message
For details see:
https://w1.fi/cgit/hostap/plain/wpa_supplicant/ChangeLog
"2022-01-16 - v2.10
* SAE changes
- improved protection against side channel attacks
[https://w1.fi/security/2022-1/]
- added support for the hash-to-element mechanism (sae_pwe=1 or
sae_pwe=2); this is currently disabled by default, but will likely
get enabled by default in the future
- fixed PMKSA caching with OKC
- added support for SAE-PK
* EAP-pwd changes
- improved protection against side channel attacks
[https://w1.fi/security/2022-1/]
* fixed P2P provision discovery processing of a specially constructed
invalid frame
[https://w1.fi/security/2021-1/]
* fixed P2P group information processing of a specially constructed
invalid frame
[https://w1.fi/security/2020-2/]
* fixed PMF disconnection protection bypass in AP mode
[https://w1.fi/security/2019-7/]
* added support for using OpenSSL 3.0
* increased the maximum number of EAP message exchanges (mainly to
support cases with very large certificates)
* fixed various issues in experimental support for EAP-TEAP peer
* added support for DPP release 2 (Wi-Fi Device Provisioning Protocol)
* a number of MKA/MACsec fixes and extensions
* added support for SAE (WPA3-Personal) AP mode configuration
* added P2P support for EDMG (IEEE 802.11ay) channels
* fixed EAP-FAST peer with TLS GCM/CCM ciphers
* improved throughput estimation and BSS selection
* dropped support for libnl 1.1
* added support for nl80211 control port for EAPOL frame TX/RX
* fixed OWE key derivation with groups 20 and 21; this breaks backwards
compatibility for these groups while the default group 19 remains
backwards compatible
* added support for Beacon protection
* added support for Extended Key ID for pairwise keys
* removed WEP support from the default build (CONFIG_WEP=y can be used
to enable it, if really needed)
* added a build option to remove TKIP support (CONFIG_NO_TKIP=y)
* added support for Transition Disable mechanism to allow the AP to
automatically disable transition mode to improve security
* extended D-Bus interface
* added support for PASN
* added a file-based backend for external password storage to allow
secret information to be moved away from the main configuration file
without requiring external tools
* added EAP-TLS peer support for TLS 1.3 (disabled by default for now)
* added support for SCS, MSCS, DSCP policy
* changed driver interface selection to default to automatic fallback
to other compiled in options
* a large number of other fixes, cleanup, and extensions"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
---
lfs/wpa_supplicant | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)
Comments
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
> For details see:
> https://w1.fi/cgit/hostap/plain/wpa_supplicant/ChangeLog
>
> "2022-01-16 - v2.10
> * SAE changes
> - improved protection against side channel attacks
> [https://w1.fi/security/2022-1/]
> - added support for the hash-to-element mechanism (sae_pwe=1 or
> sae_pwe=2); this is currently disabled by default, but will likely
> get enabled by default in the future
> - fixed PMKSA caching with OKC
> - added support for SAE-PK
> * EAP-pwd changes
> - improved protection against side channel attacks
> [https://w1.fi/security/2022-1/]
> * fixed P2P provision discovery processing of a specially constructed
> invalid frame
> [https://w1.fi/security/2021-1/]
> * fixed P2P group information processing of a specially constructed
> invalid frame
> [https://w1.fi/security/2020-2/]
> * fixed PMF disconnection protection bypass in AP mode
> [https://w1.fi/security/2019-7/]
> * added support for using OpenSSL 3.0
> * increased the maximum number of EAP message exchanges (mainly to
> support cases with very large certificates)
> * fixed various issues in experimental support for EAP-TEAP peer
> * added support for DPP release 2 (Wi-Fi Device Provisioning Protocol)
> * a number of MKA/MACsec fixes and extensions
> * added support for SAE (WPA3-Personal) AP mode configuration
> * added P2P support for EDMG (IEEE 802.11ay) channels
> * fixed EAP-FAST peer with TLS GCM/CCM ciphers
> * improved throughput estimation and BSS selection
> * dropped support for libnl 1.1
> * added support for nl80211 control port for EAPOL frame TX/RX
> * fixed OWE key derivation with groups 20 and 21; this breaks backwards
> compatibility for these groups while the default group 19 remains
> backwards compatible
> * added support for Beacon protection
> * added support for Extended Key ID for pairwise keys
> * removed WEP support from the default build (CONFIG_WEP=y can be used
> to enable it, if really needed)
> * added a build option to remove TKIP support (CONFIG_NO_TKIP=y)
> * added support for Transition Disable mechanism to allow the AP to
> automatically disable transition mode to improve security
> * extended D-Bus interface
> * added support for PASN
> * added a file-based backend for external password storage to allow
> secret information to be moved away from the main configuration file
> without requiring external tools
> * added EAP-TLS peer support for TLS 1.3 (disabled by default for now)
> * added support for SCS, MSCS, DSCP policy
> * changed driver interface selection to default to automatic fallback
> to other compiled in options
> * a large number of other fixes, cleanup, and extensions"
>
> Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
> ---
> lfs/wpa_supplicant | 15 ++++++++-------
> 1 file changed, 8 insertions(+), 7 deletions(-)
>
> diff --git a/lfs/wpa_supplicant b/lfs/wpa_supplicant
> index c64b6aab4..ad9150611 100644
> --- a/lfs/wpa_supplicant
> +++ b/lfs/wpa_supplicant
> @@ -1,7 +1,7 @@
> ###############################################################################
> # #
> # IPFire.org - A linux based firewall #
> -# Copyright (C) 2007-2019 IPFire Team <info@ipfire.org> #
> +# Copyright (C) 2007-2022 IPFire Team <info@ipfire.org> #
> # #
> # This program is free software: you can redistribute it and/or modify #
> # it under the terms of the GNU General Public License as published by #
> @@ -24,13 +24,14 @@
>
> include Config
>
> -VER = 581dfcc
> +VER = 2.10
>
> THISAPP = wpa_supplicant-$(VER)
> -DL_FILE = hostapd-$(VER).tar.gz
> +DL_FILE = $(THISAPP).tar.gz
> DL_FROM = $(URL_IPFIRE)
> -DIR_APP = $(DIR_SRC)/hostap-$(VER)
> +DIR_APP = $(DIR_SRC)/$(THISAPP)
> TARGET = $(DIR_INFO)/$(THISAPP)
> +PROG = wpa_supplicant
>
> ###############################################################################
> # Top-level Rules
> @@ -40,7 +41,7 @@ objects = $(DL_FILE)
>
> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>
> -$(DL_FILE)_MD5 = eed922f2daabe16d74adf2b23455d8bd
> +$(DL_FILE)_MD5 = d26797fcb002898d4ee989179346e1cc
>
> install : $(TARGET)
>
> @@ -73,10 +74,10 @@ $(subst %,%_MD5,$(objects)) :
> $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
> @$(PREBUILD)
> @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
> +
> cd $(DIR_APP)/wpa_supplicant && cp $(DIR_SRC)/config/wpa_supplicant/config ./.config
> cd $(DIR_APP)/wpa_supplicant && sed -e "s/wpa_cli\ dynamic_eap_methods/wpa_cli\ #dynamic_eap_methods/" -i Makefile
> cd $(DIR_APP)/wpa_supplicant && sed -e "s@/usr/local@/usr@g" -i Makefile
> - cd $(DIR_APP)/wpa_supplicant && make $(MAKETUNING)
> - cd $(DIR_APP)/wpa_supplicant && make install
> + cd $(DIR_APP)/wpa_supplicant && make && make install
> @rm -rf $(DIR_APP)
> @$(POSTBUILD)
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2019 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2022 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,13 +24,14 @@
include Config
-VER = 581dfcc
+VER = 2.10
THISAPP = wpa_supplicant-$(VER)
-DL_FILE = hostapd-$(VER).tar.gz
+DL_FILE = $(THISAPP).tar.gz
DL_FROM = $(URL_IPFIRE)
-DIR_APP = $(DIR_SRC)/hostap-$(VER)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
+PROG = wpa_supplicant
###############################################################################
# Top-level Rules
@@ -40,7 +41,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = eed922f2daabe16d74adf2b23455d8bd
+$(DL_FILE)_MD5 = d26797fcb002898d4ee989179346e1cc
install : $(TARGET)
@@ -73,10 +74,10 @@ $(subst %,%_MD5,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+
cd $(DIR_APP)/wpa_supplicant && cp $(DIR_SRC)/config/wpa_supplicant/config ./.config
cd $(DIR_APP)/wpa_supplicant && sed -e "s/wpa_cli\ dynamic_eap_methods/wpa_cli\ #dynamic_eap_methods/" -i Makefile
cd $(DIR_APP)/wpa_supplicant && sed -e "s@/usr/local@/usr@g" -i Makefile
- cd $(DIR_APP)/wpa_supplicant && make $(MAKETUNING)
- cd $(DIR_APP)/wpa_supplicant && make install
+ cd $(DIR_APP)/wpa_supplicant && make && make install
@rm -rf $(DIR_APP)
@$(POSTBUILD)