diff --git a/wpa_supplicant-Revert-Mark-authorization-completed-on-driver-indica.patch b/wpa_supplicant-Revert-Mark-authorization-completed-on-driver-indica.patch new file mode 100644 index 0000000000000000000000000000000000000000..b42cba1088ddd6379d0fa85c8f94415804171e34 --- /dev/null +++ b/wpa_supplicant-Revert-Mark-authorization-completed-on-driver-indica.patch @@ -0,0 +1,50 @@ +From 2514856652f9a393e505d542cb8f039f8bac10f5 Mon Sep 17 00:00:00 2001 +From: Janne Grunau +Date: Sun, 4 Aug 2024 13:24:42 +0200 +Subject: [PATCH 1/1] Revert "Mark authorization completed on driver indication + during 4-way HS offload" + +This reverts commit 41638606054a09867fe3f9a2b5523aa4678cbfa5. +--- + wpa_supplicant/events.c | 25 ++++++++----------------- + 1 file changed, 8 insertions(+), 17 deletions(-) + +diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c +index 46e7cf1ab..7b3ef7205 100644 +--- a/wpa_supplicant/events.c ++++ b/wpa_supplicant/events.c +@@ -4441,23 +4441,14 @@ static void wpa_supplicant_event_assoc(struct wpa_supplicant *wpa_s, + eapol_sm_notify_eap_success(wpa_s->eapol, true); + } else if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK) && + wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt)) { +- if (already_authorized) { +- /* +- * We are done; the driver will take care of RSN 4-way +- * handshake. +- */ +- wpa_supplicant_cancel_auth_timeout(wpa_s); +- wpa_supplicant_set_state(wpa_s, WPA_COMPLETED); +- eapol_sm_notify_portValid(wpa_s->eapol, true); +- eapol_sm_notify_eap_success(wpa_s->eapol, true); +- } else { +- /* Update port, WPA_COMPLETED state from the +- * EVENT_PORT_AUTHORIZED handler when the driver is done +- * with the 4-way handshake. +- */ +- wpa_msg(wpa_s, MSG_DEBUG, +- "ASSOC INFO: wait for driver port authorized indication"); +- } ++ /* ++ * We are done; the driver will take care of RSN 4-way ++ * handshake. ++ */ ++ wpa_supplicant_cancel_auth_timeout(wpa_s); ++ wpa_supplicant_set_state(wpa_s, WPA_COMPLETED); ++ eapol_sm_notify_portValid(wpa_s->eapol, true); ++ eapol_sm_notify_eap_success(wpa_s->eapol, true); + } else if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X) && + wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) { + /* +-- +2.45.2 + diff --git a/wpa_supplicant-Send-signal-change-as-debug-msg.patch b/wpa_supplicant-Send-signal-change-as-debug-msg.patch new file mode 100644 index 0000000000000000000000000000000000000000..76358758a75df4249e2036ab28fe42e115a1357a --- /dev/null +++ b/wpa_supplicant-Send-signal-change-as-debug-msg.patch @@ -0,0 +1,47 @@ +From c330b5820eefa8e703dbce7278c2a62d9c69166a Mon Sep 17 00:00:00 2001 +From: Kan-Ru Chen +Date: Mon, 23 Dec 2024 08:42:33 +0900 +Subject: Send CTRL-EVENT-SIGNAL-CHANGE message to control interfaces only + +The default logging level for the CTRL-EVENT-SIGNAL-CHANGE message +may be repeated many times and fill the log file or journal. + +For example https://bugzilla.redhat.com/show_bug.cgi?id=2309148 and +the first few results from searching CTRL-EVENT-SIGNAL-CHANGE on the +web contain various complaints and workarounds. + +Change the logging method to wpa_msg_ctrl to avoid sending frequent +messages to the syslog but still allow the message to be consumed by +control interface monitors. + +Signed-off-by: Kan-Ru Chen +--- + wpa_supplicant/events.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c +index 5a1bc6d58..00109a0cd 100644 +--- a/wpa_supplicant/events.c ++++ b/wpa_supplicant/events.c +@@ -6766,12 +6766,12 @@ void wpa_supplicant_event(void *ctx, enum wpa_event_type event, + data->eapol_rx.encrypted); + break; + case EVENT_SIGNAL_CHANGE: +- wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_SIGNAL_CHANGE +- "above=%d signal=%d noise=%d txrate=%lu", +- data->signal_change.above_threshold, +- data->signal_change.data.signal, +- data->signal_change.current_noise, +- data->signal_change.data.current_tx_rate); ++ wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SIGNAL_CHANGE ++ "above=%d signal=%d noise=%d txrate=%lu", ++ data->signal_change.above_threshold, ++ data->signal_change.data.signal, ++ data->signal_change.current_noise, ++ data->signal_change.data.current_tx_rate); + wpa_bss_update_level(wpa_s->current_bss, + data->signal_change.data.signal); + bgscan_notify_signal_change( +-- +cgit v1.2.3-70-g09d2 + diff --git a/wpa_supplicant.spec b/wpa_supplicant.spec index 59869bf310c23ac6ebf6722718fc7d7845af5d43..81a2d02645b1993abfbc32fcc1466d4cac56c8cb 100644 --- a/wpa_supplicant.spec +++ b/wpa_supplicant.spec @@ -1,17 +1,12 @@ -%define anolis_release 1 +%define anolis_release 2 %global _hardened_build 1 Summary: WPA/WPA2/IEEE 802.1X Supplicant Name: wpa_supplicant Epoch: 1 -Version: 2.11 +Version: 2.11 Release: %{anolis_release}%{?dist} License: BSD -Source0: http://w1.fi/releases/%{name}-%{version}.tar.gz -Source1: wpa_supplicant.conf -Source2: wpa_supplicant.service -Source3: wpa_supplicant.sysconfig -Source4: wpa_supplicant.logrotate # Distro specific customization and not suitable for upstream, # Specific updates to defconfig @@ -41,6 +36,8 @@ Patch9: wpa_supplicant-allow-legacy-renegotiation.patch #Patch11: wpa_supplicant-sae-pass-sae-password-on-connect-for-sae-authentication-offload-support.patch # Enable IPv6 (#2095296) Patch12: wpa_supplicant-defconfig-enable-ipv6.patch +Patch13: wpa_supplicant-Send-signal-change-as-debug-msg.patch +Patch14: wpa_supplicant-Revert-Mark-authorization-completed-on-driver-indica.patch # support macsec HW offload #Patch13: wpa_supplicant-MACsec-Support-GCM-AES-256-cipher-suite.patch @@ -52,6 +49,11 @@ Patch12: wpa_supplicant-defconfig-enable-ipv6.patch #Patch17: wpa_supplicant-PEAP-client-Update-Phase-2-authentication-requiremen.patch URL: http://w1.fi/wpa_supplicant/ +Source0: http://w1.fi/releases/wpa_supplicant-2.11.tar.gz +Source1: wpa_supplicant.conf +Source2: wpa_supplicant.service +Source3: wpa_supplicant.sysconfig +Source4: wpa_supplicant.logrotate BuildRequires: openssl-devel BuildRequires: readline-devel @@ -180,6 +182,9 @@ chmod -R 0644 wpa_supplicant/examples/*.py %doc wpa_supplicant/todo.txt %changelog +* Mon Sep 29 2025 wenyuzifang - 1:2.11-2 +- Reduce log spam by sending signal change events only to control interfaces (RHEL-71344) +- Fix connection stalls by restoring immediate completion state for driver-handled 4-way handshakes (RHEL-86951) * Fri Dec 06 2024 mgb01105731 - 1:2.11-1 - update to 2.11 fix CVE-2023-52424