wpa_supplicant/Makefile | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 use pkg-config for libpcsclite linkage flags

At least in debian, we can rely on pkg-config being available and
returning more accurate ldflags.

wpa_supplicant/dbus/dbus-wpa_supplicant.conf | 8 8 + 0 - 0 !
1 file changed, 8 insertions(+)

 add d-bus group policy

Debian does not use pam_console but uses group membership
to control access to D-Bus. Activating both options in the conf file
makes it work on Debian and Ubuntu.

Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=15;bug=412179

wpa_supplicant/wpa_gui-qt4/wpa_gui.desktop | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 use full executable path into wpa_gui.desktop

Debian specific patch to desktop menu entry, so that we may exec
wpa_gui which being in /usr/sbin may not be in the PATH

wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in | 2 1 + 1 - 0 !
wpa_supplicant/systemd/wpa_supplicant.service.in | 2 1 + 1 - 0 !
2 files changed, 2 insertions(+), 2 deletions(-)

 tweak d-bus/systemd service activation configuration files:

 * log wpa_supplicant messages to syslog
 * activate control socket interface so that wpa_cli can be used by D-Bus
   activated wpa_supplicant daemon

wpa_supplicant/wpa_gui-qt4/wpagui.cpp | 18 16 + 2 - 0 !
1 file changed, 16 insertions(+), 2 deletions(-)

 use kde's knotify when running under kde

Bug-Debian: http://bugs.debian.org/582793

wpa_supplicant/systemd/wpa_supplicant.service.arg.in | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 wpasupplicant: configure driver fallback for networkd

Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>

wpa_supplicant/systemd/wpa_supplicant.service.in | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 wpa_supplicant: fix dependency odering when invoked with dbus

Make sure that DBus isn't shut down before wpa_supplicant, as that would
also bring down wireless links which are still holding open NFS shares.

Debian bug: https://bugs.debian.org/785579
systemd upstream bug: https://bugs.freedesktop.org/show_bug.cgi?id=89847

Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>

src/crypto/tls_openssl.c | 7 7 + 0 - 0 !
1 file changed, 7 insertions(+)

 enable tlsv1.0 by default

OpenSSL 1.1.1 disables TLSv1.0 by default and sets the security level to 2.
Some older networks may support for TLSv1.0 and less secure cyphers.

wpa_supplicant/Makefile | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 disable -werror for eapol_test

This may make sense for the upstream, but we just want to build
the tool to be useful to our users; dealing with build errors due
to issues normally manifesting themselves as warnings is burdening
for Debian and its downstreams.

wpa_supplicant/systemd/wpa_supplicant.service.in | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 add ignoreonisolate=yes to keep wpa-supplicant running while systemctl isolate
Date: Mon, 13 Mar 2017 13:46:12 -0400

> Add IgnoreOnIsolate=yes so that when switching "runlevels" in
> oem-config will not kill off wpa and cause wireless to be
> unavailable on first boot. (LP: #1576024)

Also happens when running systemctl isolate default.target:

> NM should be detecting that wpasupplicant is not running and start
> it -- this should already have been working by way of wpasupplicant
> being dbus-activated.
[...]
> It seems to me like IgnoreOnIsolate for wpasupplicant would be the
> right thing to do, or to figure out why it isn't being properly
> started when NM tries to use it.

Bug-Ubuntu: https://bugs.launchpad.net/bugs/1576024

src/ap/drv_callbacks.c | 13 13 + 0 - 0 !
src/ap/ieee802_11.c | 12 12 + 0 - 0 !
2 files changed, 25 insertions(+)

 ap: silently ignore management frame from unexpected source address

Do not process any received Management frames with unexpected/invalid SA
so that we do not add any state for unexpected STA addresses or end up
sending out frames to unexpected destination. This prevents unexpected
sequences where an unprotected frame might end up causing the AP to send
out a response to another device and that other device processing the
unexpected response.

In particular, this prevents some potential denial of service cases
where the unexpected response frame from the AP might result in a
connected station dropping its association.

Signed-off-by: Jouni Malinen <j@w1.fi>

src/wps/wps_er.c | 2 1 + 1 - 0 !
src/wps/wps_upnp.c | 38 36 + 2 - 0 !
src/wps/wps_upnp_i.h | 3 2 + 1 - 0 !
3 files changed, 39 insertions(+), 4 deletions(-)

 [patch 1/3] wps upnp: do not allow event subscriptions with urls to
 other networks

The UPnP Device Architecture 2.0 specification errata ("UDA errata
16-04-2020.docx") addresses a problem with notifications being allowed
to go out to other domains by disallowing such cases. Do such filtering
for the notification callback URLs to avoid undesired connections to
external networks based on subscriptions that any device in the local
network could request when WPS support for external registrars is
enabled (the upnp_iface parameter in hostapd configuration).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

src/wps/wps_upnp.c | 9 7 + 2 - 0 !
src/wps/wps_upnp_event.c | 3 2 + 1 - 0 !
2 files changed, 9 insertions(+), 3 deletions(-)

 [patch 2/3] wps upnp: fix event message generation using a long url
 path

More than about 700 character URL ended up overflowing the wpabuf used
for building the event notification and this resulted in the wpabuf
buffer overflow checks terminating the hostapd process. Fix this by
allocating the buffer to be large enough to contain the full URL path.
However, since that around 700 character limit has been the practical
limit for more than ten years, start explicitly enforcing that as the
limit or the callback URLs since any longer ones had not worked before
and there is no need to enable them now either.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

src/wps/wps_upnp_event.c | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 [patch 3/3] wps upnp: handle http initiation failures for events
 more properly

While it is appropriate to try to retransmit the event to another
callback URL on a failure to initiate the HTTP client connection, there
is no point in trying the exact same operation multiple times in a row.
Replve the event_retry() calls with event_addr_failure() for these cases
to avoid busy loops trying to repeat the same failing operation.

These potential busy loops would go through eloop callbacks, so the
process is not completely stuck on handling them, but unnecessary CPU
would be used to process the continues retries that will keep failing
for the same reason.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

wpa_supplicant/events.c | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

 wpa_supplicant: do not try to detect psk mismatch during ptk
 rekeying

When a PTK rekey fails it can't be caused by a PSK mismatch. Report a
possible PSK mismatch only during the initial 4-way handshake to avoid
incorrect reports.

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>

src/utils/trace.c | 11 11 + 0 - 0 !
1 file changed, 11 insertions(+)

 trace: handle binutils bfd.h breakage
Date: Wed, 15 Jan 2020 10:10:03 +0100
Message-Id: <1579079403-Ieb75a110fccf593e92e6e0d83bf02ba2e0c86d96@changeid>

Some things in bfd.h that we use were renamed, and in the
case of bfd_get_section_vma() a parameter was dropped.
Work around this.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>

src/drivers/driver.h | 2 2 + 0 - 0 !
src/drivers/driver_nl80211_capa.c | 7 7 + 0 - 0 !
wpa_supplicant/wpa_supplicant.c | 5 5 + 0 - 0 !
3 files changed, 14 insertions(+)

 check for ft support when selecting ft suites

A driver supports FT if it either supports SME or the
NL80211_CMD_UPDATE_FT_IES command. When selecting AKM suites,
wpa_supplicant currently doesn't take into account whether or not either
of those conditions are met. This can cause association failures, e.g.,
when an AP supports both WPA-EAP and FT-EAP but the driver doesn't
support FT (wpa_supplicant will decide to do FT-EAP since it is unaware
the driver doesn't support it). This change allows an FT suite to be
selected only when the driver also supports FT.

Signed-off-by: Matthew Wang <matthewmwang@chromium.org>

hostapd/main.c | 5 3 + 2 - 0 !
hs20/server/hs20_spp_server.c | 2 1 + 1 - 0 !
wpa_supplicant/dbus/dbus_new.c | 4 2 + 2 - 0 !
wpa_supplicant/eapol_test.c | 2 1 + 1 - 0 !
wpa_supplicant/interworking.c | 2 1 + 1 - 0 !
wpa_supplicant/wpa_priv.c | 5 3 + 2 - 0 !
wpa_supplicant/wpa_supplicant.c | 2 1 + 1 - 0 !
7 files changed, 12 insertions(+), 10 deletions(-)

 fix version_str printf() calls in case the postfix strings include %

Do not use VERSION_STR directly as the format string to printf() since
it is possible for that string to contain '%'.

Signed-off-by: Didier Raboud <odyx@debian.org>

src/common/wpa_ctrl.h | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

 common: provide the bit() macro locally
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit

wpa_ctrl.h can be installed separately with libwpa_client, so
utils/common.h wont be available to its users.

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

src/drivers/driver_nl80211.c | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 nl80211: fix rtm new/dellink ifla_ifname copy for maximum ifname
 length

If the kernel rtm_newlink or rtm_dellink send the maximum length of
ifname (IFNAMSIZ), the event handlers in
wpa_driver_nl80211_event_rtm_addlink() and
wpa_driver_nl80211_event_rtm_dellink() did not copy the IFLA_IFNAME
value. Because the RTA_PAYLOAD (IFLA_IFNAME) length already includes the
NULL termination, that equals the IFNAMSIZ.

Fix the condition when IFNAME reach maximum size.

Signed-off-by: Ouden <Ouden.Biz@gmail.com>

src/ap/hostapd.c | 18 16 + 2 - 0 !
1 file changed, 16 insertions(+), 2 deletions(-)

 move deauthentication at ap start to be after beacon configuration

This allows nl80211-based drivers to get the frame out. The old earlier
location resulted in the driver operation getting rejected before the
kernel was not ready to transmit the frame in the BSS context of the AP
interface that has not yet been started.

While getting this broadcast Deauthentication frame transmitted at the
BSS start is not critical, it is one more chance of getting any
previously associated station notified of their previous association not
being valid anymore had they missed previous notifications in cases
where the AP is stopped and restarted.

Signed-off-by: Jouni Malinen <j@w1.fi>

src/ap/ieee802_11.c | 5 5 + 0 - 0 !
1 file changed, 5 insertions(+)

 ignore management frames while ap interface is not fully enabled

It is possible for drivers to report received Management frames while AP
is going through initial setup (e.g., during ACS or DFS CAC). hostapd
and the driver is not yet ready for actually sending out responses to
such frames at this point and as such, it is better to explicitly ignore
such received frames rather than try to process them and have the
response (e.g., a Probe Response frame) getting dropped by the driver as
an invalid or getting out with some incorrect information.

Signed-off-by: Jouni Malinen <j@w1.fi>

wpa_supplicant/dbus/dbus_new_introspect.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 d-bus: increase introspection buffer size

It was apparently possible to hit the 20000 octet limit in some cases,
so increase the limit to avoid process termination due to insufficient
room for preparing a response to Introspect calls.

Signed-off-by: Jouni Malinen <j@w1.fi>

wpa_supplicant/p2p_supplicant.c | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

 p2p: limit p2p_device name to appropriate ifname size

Otherwise the WPA_IF_P2P_DEVICE cannot be created if the base ifname is
long enough. As this is not a netdev device, it is acceptable if the
name is not completely unique. As such, simply insert a NUL byte at the
appropriate place.

Signed-off-by: Benjamin Berg <bberg@redhat.com>

wpa_supplicant/dbus/dbus_new.c | 48 24 + 24 - 0 !
1 file changed, 24 insertions(+), 24 deletions(-)

 dbus: move roam metrics to the correct interface

These properties were in the wpas_dbus_bss_properties array when they
should have been in the wpas_dbus_interface_properties array. Move them
to the right place. This is the logical location for these properties
and it matches both the other parts of the implementation (e.g., being
in enum wpas_dbus_prop, not in enum wpas_dbus_bss_prop) and what
was originally documented for the interface in dbus.doxygen.

Fixes: 2bbad1c7c9cb ("dbus: Export roam time, roam complete, and session length")
Fixes: 80d06d0ca9f3 ("dbus: Export BSS Transition Management status")
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>

src/drivers/driver_nl80211_capa.c | 5 4 + 1 - 0 !
1 file changed, 4 insertions(+), 1 deletion(-)

 nl80211: unbreak mode processing due to presence of s1g band

If kernel advertises a band with channels < 2.4 GHz
hostapd/wpa_supplicant gets confused and assumes this is an IEEE
802.11b, corrupting the real IEEE 802.11b band info.

Signed-off-by: Thomas Pedersen <thomas@adapt-ip.com>

src/rsn_supp/tdls.c | 5 5 + 0 - 0 !
wpa_supplicant/dbus/dbus_new.c | 2 1 + 1 - 0 !
wpa_supplicant/dbus/dbus_new_handlers.c | 37 37 + 0 - 0 !
wpa_supplicant/dbus/dbus_new_handlers.h | 1 1 + 0 - 0 !
wpa_supplicant/wpa_supplicant.c | 59 59 + 0 - 0 !
wpa_supplicant/wpa_supplicant_i.h | 2 2 + 0 - 0 !
6 files changed, 105 insertions(+), 1 deletion(-)

 d-bus: allow changing an interface bridge via d-bus

D-Bus clients can call CreateInterface() once and use the resulting

src/ap/wps_hostapd.c | 21 12 + 9 - 0 !
1 file changed, 12 insertions(+), 9 deletions(-)

 wps: use helper variables to clean up code

This is in preparation of larger changes in hostapd_update_wps() to keep
the commits more readable.

Signed-off-by: Raphal Mlotte <raphael.melotte@mind.be>

src/ap/wps_hostapd.c | 82 82 + 0 - 0 !
src/wps/wps.h | 5 5 + 0 - 0 !
src/wps/wps_registrar.c | 29 29 + 0 - 0 !
3 files changed, 116 insertions(+)

 wps: reconfigure credentials on hostapd config reload

When new credentials are configured and hostapd is reconfigured using
SIGHUP (or RELOAD on the ctrl_iface), also update the WPS credentials.

Before these changes, when WPS is triggered the Registar always serves
the credentials that were configured when hostapd started.

Signed-off-by: Raphal Mlotte <raphael.melotte@mind.be>

hostapd/config_file.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 hostapd: fix error message for radius_accept_attr config option

Error message contained wrong config option.

Signed-off-by: Pali Rohr <pali@kernel.org>

src/p2p/p2p.c | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 p2p: fix copying of secondary device types for p2p group client

src/p2p/p2p_pd.c | 12 5 + 7 - 0 !
1 file changed, 5 insertions(+), 7 deletions(-)

 [patch] p2p: fix a corner case in peer addition based on pd request

p2p_add_device() may remove the oldest entry if there is no room in the
peer table for a new peer. This would result in any pointer to that
removed entry becoming stale. A corner case with an invalid PD Request
frame could result in such a case ending up using (read+write) freed
memory. This could only by triggered when the peer table has reached its
maximum size and the PD Request frame is received from the P2P Device
Address of the oldest remaining entry and the frame has incorrect P2P
Device Address in the payload.

Fix this by fetching the dev pointer again after having called
p2p_add_device() so that the stale pointer cannot be used.

Fixes: 17bef1e97a50 ("P2P: Add peer entry based on Provision Discovery Request")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>