diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c
index 3158768..34ca379 100644
--- a/src/ap/drv_callbacks.c
+++ b/src/ap/drv_callbacks.c
@@ -131,6 +131,19 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr,
"hostapd_notif_assoc: Skip event with no address");
return -1;
}
+
+ if (is_multicast_ether_addr(addr) ||
+ is_zero_ether_addr(addr) ||
+ os_memcmp(addr, hapd->own_addr, ETH_ALEN) == 0) {
+ /* Do not process any frames with unexpected/invalid SA so that
+ * we do not add any state for unexpected STA addresses or end
+ * up sending out frames to unexpected destination. */
+ wpa_printf(MSG_DEBUG, "%s: Invalid SA=" MACSTR
+ " in received indication - ignore this indication silently",
+ __func__, MAC2STR(addr));
+ return 0;
+ }
+
random_add_randomness(addr, ETH_ALEN);
hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,
diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index c85a28d..e706537 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -4626,6 +4626,18 @@ int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len,
fc = le_to_host16(mgmt->frame_control);
stype = WLAN_FC_GET_STYPE(fc);
+ if (is_multicast_ether_addr(mgmt->sa) ||
+ is_zero_ether_addr(mgmt->sa) ||
+ os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) {
+ /* Do not process any frames with unexpected/invalid SA so that
+ * we do not add any state for unexpected STA addresses or end
+ * up sending out frames to unexpected destination. */
+ wpa_printf(MSG_DEBUG, "MGMT: Invalid SA=" MACSTR
+ " in received frame - ignore this frame silently",
+ MAC2STR(mgmt->sa));
+ return 0;
+ }
+
if (stype == WLAN_FC_STYPE_BEACON) {
handle_beacon(hapd, mgmt, len, fi);
return 1;
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index 07d38e4..0e0567f 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -1035,6 +1035,13 @@ void * tls_init(const struct tls_config *conf)
os_free(data);
return NULL;
}
+
+#ifndef EAP_SERVER_TLS
+ /* Enable TLSv1.0 by default to allow connecting to legacy
+ * networks since Debian OpenSSL is set to minimum TLSv1.2 and SECLEVEL=2. */
+ SSL_CTX_set_min_proto_version(ssl, TLS1_VERSION);
+#endif
+
data->ssl = ssl;
if (conf) {
data->tls_session_lifetime = conf->tls_session_lifetime;
@@ -1577,6 +1584,7 @@ struct tls_connection * tls_connection_init(void *ssl_ctx)
#ifdef SSL_OP_NO_COMPRESSION
options |= SSL_OP_NO_COMPRESSION;
#endif /* SSL_OP_NO_COMPRESSION */
+ options |= SSL_OP_NO_TICKET;
SSL_set_options(conn->ssl, options);
#ifdef SSL_OP_ENABLE_MIDDLEBOX_COMPAT
/* Hopefully there is no need for middlebox compatibility mechanisms
diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
index 0a356ee..47df47f 100644
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -1065,7 +1065,7 @@ static void wpa_driver_nl80211_event_rtm_newlink(void *ctx,
while (RTA_OK(attr, attrlen)) {
switch (attr->rta_type) {
case IFLA_IFNAME:
- if (RTA_PAYLOAD(attr) >= IFNAMSIZ)
+ if (RTA_PAYLOAD(attr) > IFNAMSIZ)
break;
os_memcpy(ifname, RTA_DATA(attr), RTA_PAYLOAD(attr));
ifname[RTA_PAYLOAD(attr)] = '\0';
@@ -1240,7 +1240,7 @@ static void wpa_driver_nl80211_event_rtm_dellink(void *ctx,
while (RTA_OK(attr, attrlen)) {
switch (attr->rta_type) {
case IFLA_IFNAME:
- if (RTA_PAYLOAD(attr) >= IFNAMSIZ)
+ if (RTA_PAYLOAD(attr) > IFNAMSIZ)
break;
os_memcpy(ifname, RTA_DATA(attr), RTA_PAYLOAD(attr));
ifname[RTA_PAYLOAD(attr)] = '\0';
diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile
index f1384d5..98ac987 100644
--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
@@ -1017,7 +1017,7 @@ else
ifdef CONFIG_OSX
LIBS += -framework PCSC
else
-LIBS += -lpcsclite -lpthread
+LIBS += $(shell $(PKG_CONFIG) --libs libpcsclite)
endif
endif
endif
diff --git a/wpa_supplicant/dbus/dbus-wpa_supplicant.conf b/wpa_supplicant/dbus/dbus-wpa_supplicant.conf
index e81b495..a333302 100644
--- a/wpa_supplicant/dbus/dbus-wpa_supplicant.conf
+++ b/wpa_supplicant/dbus/dbus-wpa_supplicant.conf
@@ -9,6 +9,14 @@
+
+
+
+
+
+
+
+
diff --git a/wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in b/wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in
index d97ff39..3b0af67 100644
--- a/wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in
+++ b/wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in
@@ -1,5 +1,5 @@
[D-BUS Service]
Name=fi.w1.wpa_supplicant1
-Exec=@BINDIR@/wpa_supplicant -u
+Exec=@BINDIR@/wpa_supplicant -u -s -O /run/wpa_supplicant
User=root
SystemdService=wpa_supplicant.service
diff --git a/wpa_supplicant/systemd/wpa_supplicant.service.arg.in b/wpa_supplicant/systemd/wpa_supplicant.service.arg.in
index 7788b38..cff0b6d 100644
--- a/wpa_supplicant/systemd/wpa_supplicant.service.arg.in
+++ b/wpa_supplicant/systemd/wpa_supplicant.service.arg.in
@@ -9,7 +9,7 @@ Wants=network.target
[Service]
Type=simple
-ExecStart=@BINDIR@/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-%I.conf -i%I
+ExecStart=@BINDIR@/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-%I.conf -Dnl80211,wext -i%I
[Install]
Alias=multi-user.target.wants/wpa_supplicant@%i.service
diff --git a/wpa_supplicant/systemd/wpa_supplicant.service.in b/wpa_supplicant/systemd/wpa_supplicant.service.in
index 75a37a8..561ae8f 100644
--- a/wpa_supplicant/systemd/wpa_supplicant.service.in
+++ b/wpa_supplicant/systemd/wpa_supplicant.service.in
@@ -1,12 +1,14 @@
[Unit]
Description=WPA supplicant
Before=network.target
+After=dbus.service
Wants=network.target
+IgnoreOnIsolate=true
[Service]
Type=dbus
BusName=fi.w1.wpa_supplicant1
-ExecStart=@BINDIR@/wpa_supplicant -u
+ExecStart=@BINDIR@/wpa_supplicant -u -s -O /run/wpa_supplicant
[Install]
WantedBy=multi-user.target
diff --git a/wpa_supplicant/wpa_gui-qt4/wpa_gui.desktop b/wpa_supplicant/wpa_gui-qt4/wpa_gui.desktop
index ccc7d87..e560f3d 100644
--- a/wpa_supplicant/wpa_gui-qt4/wpa_gui.desktop
+++ b/wpa_supplicant/wpa_gui-qt4/wpa_gui.desktop
@@ -2,7 +2,7 @@
Version=1.0
Name=wpa_gui
Comment=Graphical user interface for wpa_supplicant
-Exec=wpa_gui
+Exec=/usr/sbin/wpa_gui
Icon=wpa_gui
GenericName=wpa_supplicant user interface
Terminal=false
diff --git a/wpa_supplicant/wpa_gui-qt4/wpagui.cpp b/wpa_supplicant/wpa_gui-qt4/wpagui.cpp
index a0aa05e..396b121 100644
--- a/wpa_supplicant/wpa_gui-qt4/wpagui.cpp
+++ b/wpa_supplicant/wpa_gui-qt4/wpagui.cpp
@@ -11,11 +11,14 @@
#endif /* CONFIG_NATIVE_WINDOWS */
#include
+#include
#include
#include
#include
#include
+#include
#include
+#include
#include "wpagui.h"
#include "dirent.h"
@@ -1415,10 +1418,21 @@ void WpaGui::createTrayIcon(bool trayOnly)
void WpaGui::showTrayMessage(QSystemTrayIcon::MessageIcon type, int sec,
const QString & msg)
{
- if (!QSystemTrayIcon::supportsMessages())
+ if (isVisible() || !tray_icon || !tray_icon->isVisible() || quietMode)
return;
- if (isVisible() || !tray_icon || !tray_icon->isVisible() || quietMode)
+ /* first try to use KDE's notifications system if running under
+ * a KDE session */
+ if (getenv("KDE_FULL_SESSION") != NULL) {
+ QStringList args;
+ args << "--passivepopup" << msg << QString::number(sec);
+ args << "--title" << "wpa_gui";
+
+ if (QProcess::execute("/usr/bin/kdialog", args) == 0)
+ return;
+ }
+
+ if (!QSystemTrayIcon::supportsMessages())
return;
tray_icon->showMessage(qAppName(), msg, type, sec * 1000);