692062 – net-wireless/wpa_supplicant-2.9 version bump

Bug 692062 - net-wireless/wpa_supplicant-2.9 version bump

Summary: net-wireless/wpa_supplicant-2.9 version bump

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Rick Farina (Zero_Chaos)

URL:	http://lists.infradead.org/pipermail/...
Whiteboard:
Keywords:	PullRequest

Depends on:
Blocks:

Reported:	2019-08-13 10:38 UTC by Lars Wendler (Polynomial-C) (RETIRED)
Modified:	2019-08-16 15:56 UTC (History)
CC List:	0 users

See Also:	692060 https://github.com/gentoo/gentoo/pull/12167
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev

2019-08-13 10:38:24 UTC

wpa_supplicant:
* SAE changes
  - disable use of groups using Brainpool curves
  - improved protection against side channel attacks
  [https://w1.fi/security/2019-6/]
* EAP-pwd changes
  - disable use of groups using Brainpool curves
  - allow the set of groups to be configured (eap_pwd_groups)
  - improved protection against side channel attacks
  [https://w1.fi/security/2019-6/]
* fixed FT-EAP initial mobility domain association using PMKSA caching
  (disabled by default for backwards compatibility; can be enabled
  with ft_eap_pmksa_caching=1)
* fixed a regression in OpenSSL 1.1+ engine loading
* added validation of RSNE in (Re)Association Response frames
* fixed DPP bootstrapping URI parser of channel list
* extended EAP-SIM/AKA fast re-authentication to allow use with FILS
* extended ca_cert_blob to support PEM format
* improved robustness of P2P Action frame scheduling
* added support for EAP-SIM/AKA using anonymous at realm identity
* fixed Hotspot 2.0 credential selection based on roaming consortium
  to ignore credentials without a specific EAP method
* added experimental support for EAP-TEAP peer (RFC 7170)
* added experimental support for EAP-TLS peer with TLS v1.3
* fixed a regression in WMM parameter configuration for a TDLS peer
* fixed a regression in operation with drivers that offload 802.1X
  4-way handshake
* fixed an ECDH operation corner case with OpenSSL

Comment 1 Larry the Git Cow gentoo-dev

2019-08-16 15:56:50 UTC

The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=39a43a7c4c0256848f5b5934eab38bb73699506b

commit 39a43a7c4c0256848f5b5934eab38bb73699506b
Author:     Conrad Kostecki <conrad@kostecki.com>
AuthorDate: 2019-08-15 12:22:29 +0000
Commit:     Rick Farina <zerochaos@gentoo.org>
CommitDate: 2019-08-16 15:53:34 +0000

    net-wireless/wpa_supplicant: bump to version 2.9
    
    Also allowing privsep only without macsec.
    According to upstream, it's not a valid combination, when you do enable
    macsec and privsep together.
    
    Upstream says:
    CONFIG_PRIVSEP=y does not have sufficient support for the new driver
    interface functions used for MACsec, so this combination cannot be used
    at least for now.
    
    Instead of creating a new desktop file, the shipped one is used.
    
    Closes: https://bugs.gentoo.org/615872
    Closes: https://bugs.gentoo.org/684442
    Closes: https://bugs.gentoo.org/692062
    Package-Manager: Portage-2.3.71, Repoman-2.3.17
    Signed-off-by: Conrad Kostecki <conrad@kostecki.com>
    Signed-off-by: Rick Farina <zerochaos@gentoo.org>

 net-wireless/wpa_supplicant/Manifest               |   1 +
 .../wpa_supplicant/wpa_supplicant-2.9.ebuild       | 458 +++++++++++++++++++++
 2 files changed, 459 insertions(+)