From 47da8a0463d86cf3b0202759903b5dfc4c26fbcd Mon Sep 17 00:00:00 2001 From: Adam Williamson Date: Apr 23 2015 17:06:50 +0000 Subject: new release 2.4, backport CVE-2015-1863 fix, drop libeap --- diff --git a/.gitignore b/.gitignore index 605a7da..2a36f05 100644 --- a/.gitignore +++ b/.gitignore @@ -15,3 +15,4 @@ wpa_supplicant-0.6.8.tar.gz /wpa_supplicant-1.1.tar.gz /wpa_supplicant-2.0.tar.gz /wpa_supplicant-2.3.tar.gz +/wpa_supplicant-2.4.tar.gz diff --git a/0001-Add-os_exec-helper-to-run-external-programs.patch b/0001-Add-os_exec-helper-to-run-external-programs.patch deleted file mode 100644 index 4b774bd..0000000 --- a/0001-Add-os_exec-helper-to-run-external-programs.patch +++ /dev/null @@ -1,143 +0,0 @@ -From 89de07a9442072f88d49869d8ecd8d42bae050a0 Mon Sep 17 00:00:00 2001 -From: Jouni Malinen -Date: Mon, 6 Oct 2014 16:27:44 +0300 -Subject: [PATCH 1/2] Add os_exec() helper to run external programs - -Signed-off-by: Jouni Malinen ---- - src/utils/os.h | 9 +++++++++ - src/utils/os_unix.c | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++++ - src/utils/os_win32.c | 6 ++++++ - 3 files changed, 70 insertions(+) - -diff --git a/src/utils/os.h b/src/utils/os.h -index f196209..b9247d8 100644 ---- a/src/utils/os.h -+++ b/src/utils/os.h -@@ -597,14 +597,23 @@ size_t os_strlcpy(char *dest, const char *src, size_t siz); - * Returns: Total length of the target string (length of src) (not including - * NUL-termination) - * - * This function matches in behavior with the strlcpy(3) function in OpenBSD. - */ - size_t os_strlcpy(char *dest, const char *src, size_t siz); - -+/** -+ * os_exec - Execute an external program -+ * @program: Path to the program -+ * @arg: Command line argument string -+ * @wait_completion: Whether to wait until the program execution completes -+ * Returns: 0 on success, -1 on error -+ */ -+int os_exec(const char *program, const char *arg, int wait_completion); -+ - - #ifdef OS_REJECT_C_LIB_FUNCTIONS - #define malloc OS_DO_NOT_USE_malloc - #define realloc OS_DO_NOT_USE_realloc - #define free OS_DO_NOT_USE_free - #define memcpy OS_DO_NOT_USE_memcpy - #define memmove OS_DO_NOT_USE_memmove -diff --git a/src/utils/os_unix.c b/src/utils/os_unix.c -index 7498967..523a4d0 100644 ---- a/src/utils/os_unix.c -+++ b/src/utils/os_unix.c -@@ -5,14 +5,15 @@ - * This software may be distributed under the terms of the BSD license. - * See README for more details. - */ - - #include "includes.h" - - #include -+#include - - #ifdef ANDROID - #include - #include - #include - #endif /* ANDROID */ - -@@ -550,7 +551,61 @@ char * os_strdup(const char *s) - return NULL; - os_memcpy(d, s, len); - d[len] = '\0'; - return d; - } - - #endif /* WPA_TRACE */ -+ -+ -+int os_exec(const char *program, const char *arg, int wait_completion) -+{ -+ pid_t pid; -+ int pid_status; -+ -+ pid = fork(); -+ if (pid < 0) { -+ perror("fork"); -+ return -1; -+ } -+ -+ if (pid == 0) { -+ /* run the external command in the child process */ -+ const int MAX_ARG = 30; -+ char *_program, *_arg, *pos; -+ char *argv[MAX_ARG + 1]; -+ int i; -+ -+ _program = os_strdup(program); -+ _arg = os_strdup(arg); -+ -+ argv[0] = _program; -+ -+ i = 1; -+ pos = _arg; -+ while (i < MAX_ARG && pos && *pos) { -+ while (*pos == ' ') -+ pos++; -+ if (*pos == '\0') -+ break; -+ argv[i++] = pos; -+ pos = os_strchr(pos, ' '); -+ if (pos) -+ *pos++ = '\0'; -+ } -+ argv[i] = NULL; -+ -+ execv(program, argv); -+ perror("execv"); -+ os_free(_program); -+ os_free(_arg); -+ exit(0); -+ return -1; -+ } -+ -+ if (wait_completion) { -+ /* wait for the child process to complete in the parent */ -+ waitpid(pid, &pid_status, 0); -+ } -+ -+ return 0; -+} -diff --git a/src/utils/os_win32.c b/src/utils/os_win32.c -index 55937de..57ee132 100644 ---- a/src/utils/os_win32.c -+++ b/src/utils/os_win32.c -@@ -254,7 +254,13 @@ int os_memcmp_const(const void *a, const void *b, size_t len) - *dest = '\0'; - while (*s++) - ; /* determine total src string length */ - } - - return s - src - 1; - } -+ -+ -+int os_exec(const char *program, const char *arg, int wait_completion) -+{ -+ return -1; -+} --- -1.9.3 - diff --git a/0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch b/0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch new file mode 100644 index 0000000..626a753 --- /dev/null +++ b/0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch @@ -0,0 +1,42 @@ +From 9ed4eee345f85e3025c33c6e20aa25696e341ccd Mon Sep 17 00:00:00 2001 +From: Jouni Malinen +Date: Tue, 7 Apr 2015 11:32:11 +0300 +Subject: [PATCH] P2P: Validate SSID element length before copying it + (CVE-2015-1863) + +This fixes a possible memcpy overflow for P2P dev->oper_ssid in +p2p_add_device(). The length provided by the peer device (0..255 bytes) +was used without proper bounds checking and that could have resulted in +arbitrary data of up to 223 bytes being written beyond the end of the +dev->oper_ssid[] array (of which about 150 bytes would be beyond the +heap allocation) when processing a corrupted management frame for P2P +peer discovery purposes. + +This could result in corrupted state in heap, unexpected program +behavior due to corrupted P2P peer device information, denial of service +due to process crash, exposure of memory contents during GO Negotiation, +and potentially arbitrary code execution. + +Thanks to Google security team for reporting this issue and smart +hardware research group of Alibaba security team for discovering it. + +Signed-off-by: Jouni Malinen +--- + src/p2p/p2p.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/p2p/p2p.c b/src/p2p/p2p.c +index f584fae..a45fe73 100644 +--- a/src/p2p/p2p.c ++++ b/src/p2p/p2p.c +@@ -778,6 +778,7 @@ int p2p_add_device(struct p2p_data *p2p, const u8 *addr, int freq, + if (os_memcmp(addr, p2p_dev_addr, ETH_ALEN) != 0) + os_memcpy(dev->interface_addr, addr, ETH_ALEN); + if (msg.ssid && ++ msg.ssid[1] <= sizeof(dev->oper_ssid) && + (msg.ssid[1] != P2P_WILDCARD_SSID_LEN || + os_memcmp(msg.ssid + 2, P2P_WILDCARD_SSID, P2P_WILDCARD_SSID_LEN) + != 0)) { +-- +2.3.5 + diff --git a/0002-wpa_cli-Use-os_exec-for-action-script-execution.patch b/0002-wpa_cli-Use-os_exec-for-action-script-execution.patch deleted file mode 100644 index 2ff9301..0000000 --- a/0002-wpa_cli-Use-os_exec-for-action-script-execution.patch +++ /dev/null @@ -1,67 +0,0 @@ -From c5f258de76dbb67fb64beab39a99e5c5711f41fe Mon Sep 17 00:00:00 2001 -From: Jouni Malinen -Date: Mon, 6 Oct 2014 17:25:52 +0300 -Subject: [PATCH 2/2] wpa_cli: Use os_exec() for action script execution - -Use os_exec() to run the action script operations to avoid undesired -command line processing for control interface event strings. Previously, -it could have been possible for some of the event strings to include -unsanitized data which is not suitable for system() use. (CVE-2014-3686) - -Signed-off-by: Jouni Malinen ---- - wpa_supplicant/wpa_cli.c | 25 ++++++++----------------- - 1 file changed, 8 insertions(+), 17 deletions(-) - -diff --git a/wpa_supplicant/wpa_cli.c b/wpa_supplicant/wpa_cli.c -index 18b9b77..fe30b41 100644 ---- a/wpa_supplicant/wpa_cli.c -+++ b/wpa_supplicant/wpa_cli.c -@@ -3155,36 +3155,27 @@ static int str_match(const char *a, const char *b) - return os_strncmp(a, b, os_strlen(b)) == 0; - } - - - static int wpa_cli_exec(const char *program, const char *arg1, - const char *arg2) - { -- char *cmd; -+ char *arg; - size_t len; - int res; -- int ret = 0; - -- len = os_strlen(program) + os_strlen(arg1) + os_strlen(arg2) + 3; -- cmd = os_malloc(len); -- if (cmd == NULL) -+ len = os_strlen(arg1) + os_strlen(arg2) + 2; -+ arg = os_malloc(len); -+ if (arg == NULL) - return -1; -- res = os_snprintf(cmd, len, "%s %s %s", program, arg1, arg2); -- if (res < 0 || (size_t) res >= len) { -- os_free(cmd); -- return -1; -- } -- cmd[len - 1] = '\0'; --#ifndef _WIN32_WCE -- if (system(cmd) < 0) -- ret = -1; --#endif /* _WIN32_WCE */ -- os_free(cmd); -+ os_snprintf(arg, len, "%s %s", arg1, arg2); -+ res = os_exec(program, arg, 1); -+ os_free(arg); - -- return ret; -+ return res; - } - - - static void wpa_cli_action_process(const char *msg) - { - const char *pos; - char *copy = NULL, *id, *pos2; --- -1.9.3 - diff --git a/libnl3-includes.patch b/libnl3-includes.patch deleted file mode 100644 index 7effbc3..0000000 --- a/libnl3-includes.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/src/drivers/drivers.mak b/src/drivers/drivers.mak -index cdb913e..e9fc83c 100644 ---- a/src/drivers/drivers.mak -+++ b/src/drivers/drivers.mak -@@ -35,7 +35,7 @@ NEED_RFKILL=y - ifdef CONFIG_LIBNL32 - DRV_LIBS += -lnl-3 - DRV_LIBS += -lnl-genl-3 -- DRV_CFLAGS += -DCONFIG_LIBNL20 -I/usr/include/libnl3 -+ DRV_CFLAGS += -DCONFIG_LIBNL20 `pkg-config --cflags libnl-3.0` - ifdef CONFIG_LIBNL3_ROUTE - DRV_LIBS += -lnl-route-3 - DRV_CFLAGS += -DCONFIG_LIBNL3_ROUTE diff --git a/rh1032758-fix-pmksa-cache-entry-clearing.patch b/rh1032758-fix-pmksa-cache-entry-clearing.patch deleted file mode 100644 index 91fdc12..0000000 --- a/rh1032758-fix-pmksa-cache-entry-clearing.patch +++ /dev/null @@ -1,150 +0,0 @@ -From 4033935dd9098938838d6d7934ceb65f92a1fa3c Mon Sep 17 00:00:00 2001 -From: Jouni Malinen -Date: Wed, 22 May 2013 13:24:30 +0300 -Subject: [PATCH] Fix OKC-based PMKSA cache entry clearing - -Commit c3fea272747f738f5723fc577371fe03711d988f added a call to clear -all other PMKSA cache entries for the same network if the PMKSA cache -entry of the current AP changed. This was needed to fix OKC cases since -the other APs would likely use the new PMK in the future. However, this -ended up clearing entries in cases where that is not desired and this -resulted in needing additional full EAP authentication with networks -that did not support OKC if wpa_supplicant was configured to try to use -it. - -Make PMKSA cache entry flushing more limited so that the other entries -are removed only if they used the old PMK that was replaced for the -current AP and only if that PMK had previously been used successfully -(i.e., opportunistic flag was already cleared back to 0 in -wpa_supplicant_key_neg_complete()). This is still enough to fix the -issue described in that older commit while not causing problems for -standard PMKSA caching operations even if OKC is enabled in -wpa_supplicant configuration. - -Signed-hostap: Jouni Malinen ---- - src/rsn_supp/pmksa_cache.c | 27 ++++++++++++++++++++------- - src/rsn_supp/pmksa_cache.h | 3 ++- - src/rsn_supp/wpa.c | 2 +- - 3 files changed, 23 insertions(+), 9 deletions(-) - -diff --git a/src/rsn_supp/pmksa_cache.c b/src/rsn_supp/pmksa_cache.c -index df67583..93056ea 100644 ---- a/src/rsn_supp/pmksa_cache.c -+++ b/src/rsn_supp/pmksa_cache.c -@@ -160,25 +160,31 @@ pmksa_cache_add(struct rsn_pmksa_cache *pmksa, const u8 *pmk, size_t pmk_len, - os_free(entry); - return pos; - } - if (prev == NULL) - pmksa->pmksa = pos->next; - else - prev->next = pos->next; -- wpa_printf(MSG_DEBUG, "RSN: Replace PMKSA entry for " -- "the current AP"); -- pmksa_cache_free_entry(pmksa, pos, PMKSA_REPLACE); - - /* - * If OKC is used, there may be other PMKSA cache - * entries based on the same PMK. These needs to be - * flushed so that a new entry can be created based on -- * the new PMK. -+ * the new PMK. Only clear other entries if they have a -+ * matching PMK and this PMK has been used successfully -+ * with the current AP, i.e., if opportunistic flag has -+ * been cleared in wpa_supplicant_key_neg_complete(). - */ -- pmksa_cache_flush(pmksa, network_ctx); -+ wpa_printf(MSG_DEBUG, "RSN: Replace PMKSA entry for " -+ "the current AP and any PMKSA cache entry " -+ "that was based on the old PMK"); -+ if (!pos->opportunistic) -+ pmksa_cache_flush(pmksa, network_ctx, pos->pmk, -+ pos->pmk_len); -+ pmksa_cache_free_entry(pmksa, pos, PMKSA_REPLACE); - break; - } - prev = pos; - pos = pos->next; - } - - if (pmksa->pmksa_count >= pmksa_cache_max_entries && pmksa->pmksa) { -@@ -231,23 +237,30 @@ pmksa_cache_add(struct rsn_pmksa_cache *pmksa, const u8 *pmk, size_t pmk_len, - } - - - /** - * pmksa_cache_flush - Flush PMKSA cache entries for a specific network - * @pmksa: Pointer to PMKSA cache data from pmksa_cache_init() - * @network_ctx: Network configuration context or %NULL to flush all entries -+ * @pmk: PMK to match for or %NYLL to match all PMKs -+ * @pmk_len: PMK length - */ --void pmksa_cache_flush(struct rsn_pmksa_cache *pmksa, void *network_ctx) -+void pmksa_cache_flush(struct rsn_pmksa_cache *pmksa, void *network_ctx, -+ const u8 *pmk, size_t pmk_len) - { - struct rsn_pmksa_cache_entry *entry, *prev = NULL, *tmp; - int removed = 0; - - entry = pmksa->pmksa; - while (entry) { -- if (entry->network_ctx == network_ctx || network_ctx == NULL) { -+ if ((entry->network_ctx == network_ctx || -+ network_ctx == NULL) && -+ (pmk == NULL || -+ (pmk_len == entry->pmk_len && -+ os_memcmp(pmk, entry->pmk, pmk_len) == 0))) { - wpa_printf(MSG_DEBUG, "RSN: Flush PMKSA cache entry " - "for " MACSTR, MAC2STR(entry->aa)); - if (prev) - prev->next = entry->next; - else - pmksa->pmksa = entry->next; - tmp = entry; -diff --git a/src/rsn_supp/pmksa_cache.h b/src/rsn_supp/pmksa_cache.h -index 6f3dfb3..d5aa229 100644 ---- a/src/rsn_supp/pmksa_cache.h -+++ b/src/rsn_supp/pmksa_cache.h -@@ -62,15 +62,16 @@ struct rsn_pmksa_cache_entry * pmksa_cache_get_current(struct wpa_sm *sm); - void pmksa_cache_clear_current(struct wpa_sm *sm); - int pmksa_cache_set_current(struct wpa_sm *sm, const u8 *pmkid, - const u8 *bssid, void *network_ctx, - int try_opportunistic); - struct rsn_pmksa_cache_entry * - pmksa_cache_get_opportunistic(struct rsn_pmksa_cache *pmksa, - void *network_ctx, const u8 *aa); --void pmksa_cache_flush(struct rsn_pmksa_cache *pmksa, void *network_ctx); -+void pmksa_cache_flush(struct rsn_pmksa_cache *pmksa, void *network_ctx, -+ const u8 *pmk, size_t pmk_len); - - #else /* IEEE8021X_EAPOL and !CONFIG_NO_WPA2 */ - - static inline struct rsn_pmksa_cache * - pmksa_cache_init(void (*free_cb)(struct rsn_pmksa_cache_entry *entry, - void *ctx, int reason), - void *ctx, struct wpa_sm *sm) -diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c -index e50404c..365a710 100644 ---- a/src/rsn_supp/wpa.c -+++ b/src/rsn_supp/wpa.c -@@ -2618,15 +2618,15 @@ void wpa_sm_update_replay_ctr(struct wpa_sm *sm, const u8 *replay_ctr) - os_memcpy(sm->rx_replay_counter, replay_ctr, WPA_REPLAY_COUNTER_LEN); - } - - - void wpa_sm_pmksa_cache_flush(struct wpa_sm *sm, void *network_ctx) - { - #ifndef CONFIG_NO_WPA2 -- pmksa_cache_flush(sm->pmksa, network_ctx); -+ pmksa_cache_flush(sm->pmksa, network_ctx, NULL, 0); - #endif /* CONFIG_NO_WPA2 */ - } - - - #ifdef CONFIG_WNM - int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf) - { --- -1.8.3.1 - diff --git a/rh948453-man-page.patch b/rh948453-man-page.patch deleted file mode 100644 index 06e95ca..0000000 --- a/rh948453-man-page.patch +++ /dev/null @@ -1,397 +0,0 @@ -diff -up wpa_supplicant-2.0/wpa_supplicant/doc/docbook/eapol_test.sgml.man-page wpa_supplicant-2.0/wpa_supplicant/doc/docbook/eapol_test.sgml ---- wpa_supplicant-2.0/wpa_supplicant/doc/docbook/eapol_test.sgml.man-page 2014-01-20 16:40:02.340869189 -0600 -+++ wpa_supplicant-2.0/wpa_supplicant/doc/docbook/eapol_test.sgml 2014-01-20 16:40:02.340869189 -0600 -@@ -0,0 +1,205 @@ -+ -+ -+ -+ -+ eapol_test -+ 8 -+ -+ -+ eapol_test -+ -+ EAP peer and RADIUS client testing -+ -+ -+ -+ -+ eapol_test -+ -nWS -+ -cconfig file -+ -aserver IP address -+ -Aclient IP address -+ -pUDP port -+ -sshared secret -+ -rre-authentications -+ -ttimeout -+ -CConnect-Info -+ -MMAC address -+ -ofile -+ -Nattr spec -+ -+ -+ eapol_test scard -+ -+ -+ eapol_test sim -+ PIN -+ num triplets -+ -+ -+ -+ -+ Overview -+ -+ eapol_test is a program that links together the same EAP -+ peer implementation that wpa_supplicant is using and the RADIUS -+ authentication client code from hostapd. In addition, it has -+ minimal glue code to combine these two components in similar -+ ways to IEEE 802.1X/EAPOL Authenticator state machines. In other -+ words, it integrates IEEE 802.1X Authenticator (normally, an -+ access point) and IEEE 802.1X Supplicant (normally, a wireless -+ client) together to generate a single program that can be used to -+ test EAP methods without having to setup an access point and a -+ wireless client. -+ -+ The main uses for eapol_test are in interoperability testing -+ of EAP methods against RADIUS servers and in development testing -+ for new EAP methods. It can be easily used to automate EAP testing -+ for interoperability and regression since the program can be run -+ from shell scripts without require additional test components apart -+ from a RADIUS server. For example, the automated EAP tests described -+ in eap_testing.txt are implemented with eapol_test. Similarly, -+ eapol_test could be used to implement an automated regression -+ test suite for a RADIUS authentication server. -+ -+ -+ As an example: -+ -+
-+eapol_test -ctest.conf -a127.0.0.1 -p1812 -ssecret -r1 -+
-+ -+ tries to complete EAP authentication based on the network -+ configuration from test.conf against the RADIUS server running -+ on the local host. A re-authentication is triggered to test fast -+ re-authentication. The configuration file uses the same format for -+ network blocks as wpa_supplicant. -+ -+ -+ -+ Command Arguments -+ -+ -+ -c configuration file path -+ -+ A configuration to use. The configuration should -+ use the same format for network blocks as wpa_supplicant. -+ -+ -+ -+ -+ -a AS address -+ -+ IP address of the authentication server. The -+ default is '127.0.0.1'. -+ -+ -+ -+ -A client address -+ -+ IP address of the client. The default is to -+ select an address automatically. -+ -+ -+ -+ -p AS port -+ -+ UDP port of the authentication server. The -+ default is '1812'. -+ -+ -+ -+ -s AS secret -+ -+ Shared secret with the authentication server. -+ The default is 'radius'. -+ -+ -+ -+ -r count -+ -+ Number of reauthentications. -+ -+ -+ -+ -t timeout -+ -+ Timeout in seconds. The default is 30. -+ -+ -+ -+ -C info -+ -+ RADIUS Connect-Info. The default is -+ 'CONNECT 11Mbps 802.11b'. -+ -+ -+ -+ -+ -M mac address -+ -+ Client MAC address (Calling-Station-Id). The -+ default is '02:00:00:00:00:01'. -+ -+ -+ -+ -o file -+ -+ Location to write out server certificate. -+ -+ -+ -+ -+ -N attr spec -+ -+ Send arbitrary attribute specific by -+ attr_id:syntax:value, or attr_id alone. attr_id should be the numeric -+ ID of the attribute, and syntax should be one of 's' (string), -+ 'd' (integer), or 'x' (octet string). The value is the attribute value -+ to send. When attr_id is given alone, NULL is used as the attribute -+ value. Multiple attributes can be specified by using the option -+ several times. -+ -+ -+ -+ -n -+ -+ Indicates that no MPPE keys are expected. -+ -+ -+ -+ -+ -W -+ -+ Wait for a control interface monitor before starting. -+ -+ -+ -+ -+ -S -+ -+ Save configuration after authentication. -+ -+ -+ -+ -+ -+ -+ See Also -+ -+ -+ wpa_supplicant -+ 8 -+ -+ -+ -+ -+ Legal -+ wpa_supplicant is copyright (c) 2003-2012, -+ Jouni Malinen j@w1.fi and -+ contributors. -+ All Rights Reserved. -+ -+ This program is licensed under the BSD license (the one with -+ advertisement clause removed). -+ -+ -diff -up wpa_supplicant-2.0/wpa_supplicant/doc/docbook/Makefile.man-page wpa_supplicant-2.0/wpa_supplicant/doc/docbook/Makefile ---- wpa_supplicant-2.0/wpa_supplicant/doc/docbook/Makefile.man-page 2013-01-12 09:42:53.000000000 -0600 -+++ wpa_supplicant-2.0/wpa_supplicant/doc/docbook/Makefile 2014-01-20 16:40:02.342869164 -0600 -@@ -1,4 +1,4 @@ --all: man html pdf -+all: man - - FILES += wpa_background - FILES += wpa_cli -@@ -7,6 +7,7 @@ FILES += wpa_passphrase - FILES += wpa_priv - FILES += wpa_supplicant.conf - FILES += wpa_supplicant -+FILES += eapol_test - - man: - for i in $(FILES); do docbook2man $$i.sgml; done -@@ -20,7 +21,7 @@ pdf: - - - clean: -- rm -f wpa_background.8 wpa_cli.8 wpa_gui.8 wpa_passphrase.8 wpa_priv.8 wpa_supplicant.8 -+ rm -f wpa_background.8 wpa_cli.8 wpa_gui.8 wpa_passphrase.8 wpa_priv.8 wpa_supplicant.8 eapol_test.8 - rm -f wpa_supplicant.conf.5 - rm -f manpage.links manpage.refs - rm -f $(FILES:%=%.pdf) -diff -up wpa_supplicant-2.0/wpa_supplicant/doc/docbook/wpa_cli.sgml.man-page wpa_supplicant-2.0/wpa_supplicant/doc/docbook/wpa_cli.sgml ---- wpa_supplicant-2.0/wpa_supplicant/doc/docbook/wpa_cli.sgml.man-page 2013-01-12 09:42:53.000000000 -0600 -+++ wpa_supplicant-2.0/wpa_supplicant/doc/docbook/wpa_cli.sgml 2014-01-20 16:40:02.339869202 -0600 -@@ -15,10 +15,12 @@ - - wpa_cli - -p path to ctrl sockets -+ -g path to global ctrl_interface socket - -i ifname - -hvB - -a action file - -P pid file -+ -G ping interval - command ... - - -@@ -111,6 +113,14 @@ CTRL-REQ-OTP-2:Challenge 1235663 needed - - - -+ -g control socket path -+ -+ Connect to the global control socket at the -+ indicated path rather than an interface-specific control -+ socket. -+ -+ -+ - -i ifname - - Specify the interface that is being -@@ -161,6 +171,13 @@ CTRL-REQ-OTP-2:Challenge 1235663 needed - - - -+ -G ping interval -+ -+ Set the interval (in seconds) at which -+ wpa_cli pings the supplicant. -+ -+ -+ - command - - Run a command. The available commands are -diff -up wpa_supplicant-2.0/wpa_supplicant/doc/docbook/wpa_supplicant.sgml.man-page wpa_supplicant-2.0/wpa_supplicant/doc/docbook/wpa_supplicant.sgml ---- wpa_supplicant-2.0/wpa_supplicant/doc/docbook/wpa_supplicant.sgml.man-page 2013-01-12 09:42:53.000000000 -0600 -+++ wpa_supplicant-2.0/wpa_supplicant/doc/docbook/wpa_supplicant.sgml 2014-01-20 16:40:02.339869202 -0600 -@@ -12,7 +12,7 @@ - - - wpa_supplicant -- -BddfhKLqqtuvW -+ -BddfhKLqqsTtuvW - -iifname - -cconfig file - -Ddriver -@@ -344,9 +344,20 @@ - - - -+ -e entropy file -+ -+ File for wpa_supplicant to use to -+ maintain its internal entropy store in over restarts. -+ -+ -+ -+ - -f output file - -- Log output to specified file instead of stdout. -+ Log output to specified file instead of stdout. (This -+ is only available if wpa_supplicant was -+ built with the CONFIG_DEBUG_FILE -+ option.) - - - -@@ -387,6 +398,22 @@ - - - -+ -o override driver -+ -+ Override the driver parameter for new -+ interfaces. -+ -+ -+ -+ -+ -O override ctrl_interface -+ -+ Override the ctrl_interface parameter for new -+ interfaces. -+ -+ -+ -+ - -p - - Driver parameters. (Per interface) -@@ -409,10 +436,40 @@ - - - -+ -s -+ -+ Log output to syslog instead of stdout. (This is only -+ available if wpa_supplicant was built -+ with the CONFIG_DEBUG_SYSLOG -+ option.) -+ -+ -+ -+ -+ -T -+ -+ Log output to Linux tracing in addition to any other -+ destinations. (This is only available -+ if wpa_supplicant was built with -+ the CONFIG_DEBUG_LINUX_TRACING -+ option.) -+ -+ -+ -+ -+ -t -+ -+ Include timestamp in debug messages. -+ -+ -+ -+ - -u - -- Enabled DBus control interface. If enabled, interface -- definitions may be omitted. -+ Enable DBus control interface. If enabled, interface -+ definitions may be omitted. (This is only available -+ if wpa_supplicant was built with -+ the CONFIG_DBUS option.) - - - -diff -up wpa_supplicant-2.0/wpa_supplicant/main.c.man-page wpa_supplicant-2.0/wpa_supplicant/main.c ---- wpa_supplicant-2.0/wpa_supplicant/main.c.man-page 2013-01-12 09:42:53.000000000 -0600 -+++ wpa_supplicant-2.0/wpa_supplicant/main.c 2014-01-20 16:40:02.340869189 -0600 -@@ -23,11 +23,11 @@ static void usage(void) - int i; - printf("%s\n\n%s\n" - "usage:\n" -- " wpa_supplicant [-BddhKLqqstuvW] [-P] " -+ " wpa_supplicant [-BddhKLqqtvW] [-P] " - "[-g] \\\n" - " -i -c [-C] [-D] " - "[-p] \\\n" -- " [-b] [-f] [-e] " -+ " [-b] [-e] " - "\\\n" - " [-o] [-O] \\\n" - " [-N -i -c [-C] " diff --git a/sources b/sources index 94e6f38..ae17477 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -f2ed8fef72cf63d8d446a2d0a6da630a wpa_supplicant-2.3.tar.gz +f0037dbe03897dcaf2ad2722e659095d wpa_supplicant-2.4.tar.gz diff --git a/wpa_supplicant-2.3-generate-libeap-peer.patch b/wpa_supplicant-2.3-generate-libeap-peer.patch deleted file mode 100644 index d76343b..0000000 --- a/wpa_supplicant-2.3-generate-libeap-peer.patch +++ /dev/null @@ -1,402 +0,0 @@ -From 818ac0e07c9eaf4bc0026bda7d42718afcf1f92d Mon Sep 17 00:00:00 2001 -From: Inaky Perez-Gonzalez -Date: Sat, 2 Oct 2010 00:11:51 -0700 -Subject: [PATCH] eap_peer: create a libeap library, with header files and - pkg-config [v2] - -This adds infrastructe in src/eap_peer to make libeap.so and install -the needed header files and pkg-config files. - -Now, this is quite dirty and probably not what we want in the long -term, but serves as an starting point: - - - we don't build from the wpa_supplicant directory because the - objects the .so have to be built with -fPIC. So if you need to - build both the binary and the library: - - make -C wpa_supplicant - make -C src/eap_peer clean - make -C src/eap_peer - - As I said, it's dirty -- we'd need either wpa_supplicant linking - against the library properly (but that seems not to be desirable) - or a multiple object build approach ala automake. - - - need to use 'override CFLAGS' in src/eap_peer/Makefile, otherwise - any CFLAGS setting will kill the build infrastructure. I miss - AM_CFLAGS. - - - adds 'eap_register_methods()' that will register every compiled in - method. - -Signed-off-by: Inaky Perez-Gonzalez ---- - src/eap_peer/Makefile | 198 +++++++++++++++++++++++++++++++++++++++++++-- - src/eap_peer/eap_methods.c | 114 ++++++++++++++++++++++++++ - src/eap_peer/eap_methods.h | 1 + - src/eap_peer/libeap0.pc | 10 +++ - 4 files changed, 315 insertions(+), 8 deletions(-) - create mode 100644 src/eap_peer/libeap0.pc - -diff --git a/src/eap_peer/Makefile b/src/eap_peer/Makefile -index f79519b..cedd89f 100644 ---- a/src/eap_peer/Makefile -+++ b/src/eap_peer/Makefile -@@ -1,11 +1,193 @@ --all: -- @echo Nothing to be made. -+LIBEAP_NAME = libeap -+LIBEAP_CURRENT = 0 -+LIBEAP_REVISION = 0 -+LIBEAP_AGE = 0 -+ -+LIBEAP = $(LIBEAP_NAME).so.$(LIBEAP_CURRENT).$(LIBEAP_REVISION).$(LIBEAP_AGE) -+LIBEAP_SO = $(LIBEAP_NAME).so.$(LIBEAP_CURRENT) -+ -+.PHONY: all clean install uninstall -+ -+all: $(LIBEAP) -+ -+ifndef CC -+CC=gcc -+endif -+ -+ifndef CFLAGS -+CFLAGS = -MMD -O0 -Wall -g -+endif -+ -+CONFIG_TLS=openssl -+ -+INCLUDE_INSTALL_DIR=/usr/include/eap_peer -+ -+ifndef LIB -+LIB = lib -+endif -+ -+# Got to use override all across the board, otherwise a 'make -+# CFLAGS=XX' will kill us because the command line's CFLAGS will -+# overwrite Make's and we'll loose all the infrastructure it sets. -+override CFLAGS += -I. -I.. -I../crypto -I../utils -I../common -+ -+# at least for now, need to include config_ssid.h and config_blob.h from -+# wpa_supplicant directory -+override CFLAGS += -I ../../wpa_supplicant -+ -+OBJS_both += ../utils/common.o -+OBJS_both += ../utils/eloop.o -+OBJS_both += ../utils/os_unix.o -+OBJS_both += ../utils/wpa_debug.o -+OBJS_both += ../utils/base64.o -+OBJS_both += ../utils/wpabuf.o -+OBJS_both += ../crypto/md5.o -+OBJS_both += ../crypto/sha1-tlsprf.o -+OBJS_both += ../crypto/aes-encblock.o -+OBJS_both += ../crypto/aes-wrap.o -+OBJS_both += ../crypto/aes-ctr.o -+OBJS_both += ../crypto/aes-eax.o -+OBJS_both += ../crypto/aes-omac1.o -+OBJS_both += ../crypto/ms_funcs.o -+OBJS_both += ../crypto/sha256.o -+OBJS_both += ../crypto/random.o -+ -+ -+OBJS_both += ../eap_common/eap_peap_common.o -+OBJS_both += ../eap_common/eap_psk_common.o -+OBJS_both += ../eap_common/eap_pax_common.o -+OBJS_both += ../eap_common/eap_sake_common.o -+OBJS_both += ../eap_common/eap_gpsk_common.o -+OBJS_both += ../eap_common/chap.o -+ -+OBJS_peer += ../eap_peer/eap_tls.o -+OBJS_peer += ../eap_peer/eap_peap.o -+OBJS_peer += ../eap_peer/eap_ttls.o -+OBJS_peer += ../eap_peer/eap_md5.o -+OBJS_peer += ../eap_peer/eap_mschapv2.o -+OBJS_peer += ../eap_peer/mschapv2.o -+OBJS_peer += ../eap_peer/eap_otp.o -+OBJS_peer += ../eap_peer/eap_gtc.o -+OBJS_peer += ../eap_peer/eap_leap.o -+OBJS_peer += ../eap_peer/eap_psk.o -+OBJS_peer += ../eap_peer/eap_pax.o -+OBJS_peer += ../eap_peer/eap_sake.o -+OBJS_peer += ../eap_peer/eap_gpsk.o -+OBJS_peer += ../eap_peer/eap.o -+OBJS_peer += ../eap_common/eap_common.o -+OBJS_peer += ../eap_peer/eap_methods.o -+OBJS_peer += ../eap_peer/eap_tls_common.o -+ -+override CFLAGS += -DEAP_TLS -+override CFLAGS += -DEAP_PEAP -+override CFLAGS += -DEAP_TTLS -+override CFLAGS += -DEAP_MD5 -+override CFLAGS += -DEAP_MSCHAPv2 -+override CFLAGS += -DEAP_GTC -+override CFLAGS += -DEAP_OTP -+override CFLAGS += -DEAP_LEAP -+override CFLAGS += -DEAP_PSK -+override CFLAGS += -DEAP_PAX -+override CFLAGS += -DEAP_SAKE -+override CFLAGS += -DEAP_GPSK -DEAP_GPSK_SHA256 -+override CFLAGS += -DEAP_TLS_FUNCS -+ -+override CFLAGS += -DIEEE8021X_EAPOL -+ -+ifeq ($(CONFIG_TLS), openssl) -+override CFLAGS += -DEAP_TLS_OPENSSL -+OBJS_both += ../crypto/tls_openssl.o -+OBJS_both += ../crypto/crypto_openssl.o -+LIBS += -lssl -lcrypto -+override CFLAGS += -DINTERNAL_SHA256 -+else -+OBJS_both += ../crypto/sha1.o -+endif -+ -+ifeq ($(CONFIG_TLS), internal) -+OBJS_both += ../crypto/tls_internal.o -+OBJS_both += ../tls/tlsv1_common.o ../../tls/tlsv1_record.o -+OBJS_both += ../tls/tlsv1_cred.o -+OBJS_both += ../tls/asn1.o ../../tls/x509v3.o -+OBJS_both += ../crypto/crypto_internal.o ../../tls/rsa.o ../../tls/bignum.o -+ -+OBJS_peer += ../tls/tlsv1_client.o -+OBJS_peer += ../tls/tlsv1_client_write.o ../../tls/tlsv1_client_read.o -+override CFLAGS += -DCONFIG_TLS_INTERNAL_CLIENT -+ -+OBJS_server += ../tls/tlsv1_server.o -+OBJS_server += ../tls/tlsv1_server_write.o ../../tls/tlsv1_server_read.o -+override CFLAGS += -DCONFIG_TLS_INTERNAL_SERVER -+ -+override CFLAGS += -DCONFIG_TLS_INTERNAL -+override CFLAGS += -DCONFIG_CRYPTO_INTERNAL -+override CFLAGS += -DCONFIG_INTERNAL_X509 -+override CFLAGS += -DINTERNAL_AES -+override CFLAGS += -DINTERNAL_SHA1 -+override CFLAGS += -DINTERNAL_SHA256 -+override CFLAGS += -DINTERNAL_MD5 -+override CFLAGS += -DINTERNAL_MD4 -+override CFLAGS += -DINTERNAL_DES -+ifdef CONFIG_INTERNAL_LIBTOMMATH -+override CFLAGS += -DCONFIG_INTERNAL_LIBTOMMATH -+else -+LIBS += -ltommath -+endif -+endif -+ -+ifndef LDO -+LDO=$(CC) -+endif -+ -+ -+OBJS_lib=$(OBJS_both) $(OBJS_peer) -+ -+ #$(OBJS_server) -+ -+override CFLAGS += -fPIC -DPIC -+LDFLAGS += -shared -+ -+$(LIBEAP): $(OBJS_lib) -+ $(LDO) $(LDFLAGS) $(OBJS_lib) -Wl,-soname -Wl,$(LIBEAP_SO) -o $(LIBEAP) $(LIBS) -+ -+ -+UTIL_HEADERS = ../utils/includes.h ../utils/common.h \ -+ ../utils/wpabuf.h ../utils/build_config.h \ -+ ../utils/os.h ../utils/wpa_debug.h -+COMMON_HEADERS = ../common/defs.h -+EAP_COMMON_HEADERS = ../eap_common/eap_defs.h -+MAIN_HEADERS = eap.h eap_methods.h eap_config.h -+CRYPTO_HEADERS = ../crypto/tls.h -+ -+install: -+ -+ mkdir -p $(DESTDIR)/usr/$(LIB) -+# copy the lib file to std lib location -+ cp $(LIBEAP) $(DESTDIR)/usr/$(LIB) -+ ln -fs $(LIBEAP_SO) $(DESTDIR)/usr/$(LIB)/$(LIBEAP_NAME).so -+ -+# copy the headers reqd by apps using eap peer library in its own subfolder under /usr/include -+ mkdir -p \ -+ $(DESTDIR)/$(INCLUDE_INSTALL_DIR)/eap_common \ -+ $(DESTDIR)/$(INCLUDE_INSTALL_DIR)/common \ -+ $(DESTDIR)/$(INCLUDE_INSTALL_DIR)/util \ -+ $(DESTDIR)/$(INCLUDE_INSTALL_DIR)/crypto -+ install -m 0644 $(EAP_COMMON_HEADERS) $(DESTDIR)/$(INCLUDE_INSTALL_DIR)/eap_common -+ install -m 0644 $(COMMON_HEADERS) $(DESTDIR)/$(INCLUDE_INSTALL_DIR)/common -+ install -m 0644 $(CRYPTO_HEADERS) $(DESTDIR)/$(INCLUDE_INSTALL_DIR)/crypto -+ install -m 0644 $(UTIL_HEADERS) $(DESTDIR)/$(INCLUDE_INSTALL_DIR)/util -+ install -m 0644 $(MAIN_HEADERS) $(DESTDIR)/$(INCLUDE_INSTALL_DIR)/ -+ -+ mkdir -p $(DESTDIR)/usr/$(LIB)/pkgconfig -+ cp libeap0.pc $(DESTDIR)/usr/$(LIB)/pkgconfig -+ -+uninstall: -+ -+ rm $(DESTDIR)/usr/$(LIB)/$(LIBEAP) -+ rm -fr $(DESTDIR)/$(INCLUDE_INSTALL_DIR) -+ rm -f $(DESTDIR)/usr/$(LIB)/pkgconfig/libeap0.pc - - clean: -- rm -f *~ *.o *.so *.d *.gcno *.gcda *.gcov -+ rm -f *~ *.o *.so *.d *.gcno *.gcda *.gcov libeap.a $(LIBEAP) $(OBJS_lib) - --install: -- if ls *.so >/dev/null 2>&1; then \ -- install -d $(DESTDIR)$(LIBDIR)/wpa_supplicant && \ -- cp *.so $(DESTDIR)$(LIBDIR)/wpa_supplicant \ -- ; fi -+-include $(OBJS:%.o=%.d) -diff --git a/src/eap_peer/eap_methods.c b/src/eap_peer/eap_methods.c -index 83a1457..95a41e6 100644 ---- a/src/eap_peer/eap_methods.c -+++ b/src/eap_peer/eap_methods.c -@@ -336,6 +336,120 @@ int eap_peer_method_register(struct eap_method *method) - - - /** -+ * eap_peer_register_methods - Register all known EAP peer methods -+ * -+ * This function is called at program start to register all compiled -+ * in EAP peer methods. -+ */ -+int eap_peer_register_methods(void) -+{ -+ int ret = 0; -+ -+#ifdef EAP_MD5 -+ if (ret == 0) -+ ret = eap_peer_md5_register(); -+#endif /* EAP_MD5 */ -+ -+#ifdef EAP_TLS -+ if (ret == 0) -+ ret = eap_peer_tls_register(); -+#endif /* EAP_TLS */ -+ -+#ifdef EAP_MSCHAPv2 -+ if (ret == 0) -+ ret = eap_peer_mschapv2_register(); -+#endif /* EAP_MSCHAPv2 */ -+ -+#ifdef EAP_PEAP -+ if (ret == 0) -+ ret = eap_peer_peap_register(); -+#endif /* EAP_PEAP */ -+ -+#ifdef EAP_TTLS -+ if (ret == 0) -+ ret = eap_peer_ttls_register(); -+#endif /* EAP_TTLS */ -+ -+#ifdef EAP_GTC -+ if (ret == 0) -+ ret = eap_peer_gtc_register(); -+#endif /* EAP_GTC */ -+ -+#ifdef EAP_OTP -+ if (ret == 0) -+ ret = eap_peer_otp_register(); -+#endif /* EAP_OTP */ -+ -+#ifdef EAP_SIM -+ if (ret == 0) -+ ret = eap_peer_sim_register(); -+#endif /* EAP_SIM */ -+ -+#ifdef EAP_LEAP -+ if (ret == 0) -+ ret = eap_peer_leap_register(); -+#endif /* EAP_LEAP */ -+ -+#ifdef EAP_PSK -+ if (ret == 0) -+ ret = eap_peer_psk_register(); -+#endif /* EAP_PSK */ -+ -+#ifdef EAP_AKA -+ if (ret == 0) -+ ret = eap_peer_aka_register(); -+#endif /* EAP_AKA */ -+ -+#ifdef EAP_AKA_PRIME -+ if (ret == 0) -+ ret = eap_peer_aka_prime_register(); -+#endif /* EAP_AKA_PRIME */ -+ -+#ifdef EAP_FAST -+ if (ret == 0) -+ ret = eap_peer_fast_register(); -+#endif /* EAP_FAST */ -+ -+#ifdef EAP_PAX -+ if (ret == 0) -+ ret = eap_peer_pax_register(); -+#endif /* EAP_PAX */ -+ -+#ifdef EAP_SAKE -+ if (ret == 0) -+ ret = eap_peer_sake_register(); -+#endif /* EAP_SAKE */ -+ -+#ifdef EAP_GPSK -+ if (ret == 0) -+ ret = eap_peer_gpsk_register(); -+#endif /* EAP_GPSK */ -+ -+#ifdef EAP_WSC -+ if (ret == 0) -+ ret = eap_peer_wsc_register(); -+#endif /* EAP_WSC */ -+ -+#ifdef EAP_IKEV2 -+ if (ret == 0) -+ ret = eap_peer_ikev2_register(); -+#endif /* EAP_IKEV2 */ -+ -+#ifdef EAP_VENDOR_TEST -+ if (ret == 0) -+ ret = eap_peer_vendor_test_register(); -+#endif /* EAP_VENDOR_TEST */ -+ -+#ifdef EAP_TNC -+ if (ret == 0) -+ ret = eap_peer_tnc_register(); -+#endif /* EAP_TNC */ -+ -+ return ret; -+} -+ -+ -+/** - * eap_peer_unregister_methods - Unregister EAP peer methods - * - * This function is called at program termination to unregister all EAP peer -diff --git a/src/eap_peer/eap_methods.h b/src/eap_peer/eap_methods.h -index e35c919..da14e42 100644 ---- a/src/eap_peer/eap_methods.h -+++ b/src/eap_peer/eap_methods.h -@@ -26,6 +26,7 @@ EapType eap_peer_get_type(const char *name, int *vendor); - const char * eap_get_name(int vendor, EapType type); - size_t eap_get_names(char *buf, size_t buflen); - char ** eap_get_names_as_string_array(size_t *num); -+int eap_peer_register_methods(void); - void eap_peer_unregister_methods(void); - - #else /* IEEE8021X_EAPOL */ -diff --git a/src/eap_peer/libeap0.pc b/src/eap_peer/libeap0.pc -new file mode 100644 -index 0000000..594fa2c ---- /dev/null -+++ b/src/eap_peer/libeap0.pc -@@ -0,0 +1,10 @@ -+prefix=/usr -+exec_prefix=/usr -+libdir=/usr/lib -+includedir=${prefix}/include/eap_peer -+ -+Name: libeap0 -+Description: EAP Peer Library API -+Version: 0.7.2 -+Libs: -L${libdir} -leap -+Cflags: -I${includedir} --- -1.9.3 - diff --git a/wpa_supplicant-openssl-more-algs.patch b/wpa_supplicant-openssl-more-algs.patch index b44c463..d798a09 100644 --- a/wpa_supplicant-openssl-more-algs.patch +++ b/wpa_supplicant-openssl-more-algs.patch @@ -1,16 +1,16 @@ -diff -up wpa_supplicant-0.7.3/src/crypto/tls_openssl.c.more-openssl-algs wpa_supplicant-0.7.3/src/crypto/tls_openssl.c ---- wpa_supplicant-0.7.3/src/crypto/tls_openssl.c.more-openssl-algs 2010-09-07 10:43:39.000000000 -0500 -+++ wpa_supplicant-0.7.3/src/crypto/tls_openssl.c 2010-12-08 10:01:02.967664004 -0600 -@@ -710,6 +710,11 @@ void * tls_init(const struct tls_config +diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c +index 52db8fc..c5c10f7 100644 +--- a/src/crypto/tls_openssl.c ++++ b/src/crypto/tls_openssl.c +@@ -770,6 +770,11 @@ void * tls_init(const struct tls_config *conf) #endif /* OPENSSL_FIPS */ #endif /* CONFIG_FIPS */ SSL_load_error_strings(); -+ /* Only add potentially weak hashes and encryption algorithms -+ * when FIPS mode is not enabled. -+ */ -+ if (!conf || !conf->fips_mode) -+ OpenSSL_add_all_algorithms(); ++ /* Only add potentially weak hashes and encryption algorithms ++ * when FIPS mode is not enabled. ++ */ ++ if (!conf || !conf->fips_mode) ++ OpenSSL_add_all_algorithms(); SSL_library_init(); - #if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) && !defined(OPENSSL_NO_SHA256) + #ifndef OPENSSL_NO_SHA256 EVP_add_digest(EVP_sha256()); - diff --git a/wpa_supplicant-quiet-scan-results-message.patch b/wpa_supplicant-quiet-scan-results-message.patch index 6ce32ac..6f1c2f3 100644 --- a/wpa_supplicant-quiet-scan-results-message.patch +++ b/wpa_supplicant-quiet-scan-results-message.patch @@ -1,9 +1,9 @@ diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c -index 49d32c2..f1d1f92 100644 +index d275ca4..fc335c0 100644 --- a/wpa_supplicant/events.c +++ b/wpa_supplicant/events.c -@@ -1328,11 +1328,11 @@ static int _wpa_supplicant_event_scan_results(struct wpa_supplicant *wpa_s, - wpa_s->own_scan_running, wpa_s->external_scan_running); +@@ -1356,11 +1356,11 @@ static int _wpa_supplicant_event_scan_results(struct wpa_supplicant *wpa_s, + wpa_s->own_scan_running, wpa_s->radio->external_scan_running); if (wpa_s->last_scan_req == MANUAL_SCAN_REQ && wpa_s->manual_scan_use_id && wpa_s->own_scan_running) { - wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SCAN_RESULTS "id=%u", diff --git a/wpa_supplicant.spec b/wpa_supplicant.spec index 0da0473..aaf4f2a 100644 --- a/wpa_supplicant.spec +++ b/wpa_supplicant.spec @@ -6,8 +6,8 @@ Summary: WPA/WPA2/IEEE 802.1X Supplicant Name: wpa_supplicant Epoch: 1 -Version: 2.3 -Release: 2%{?dist} +Version: 2.4 +Release: 1%{?dist} License: BSD Group: System Environment/Base Source0: http://w1.fi/releases/%{name}-%{version}%{rcver}%{snapshot}.tar.gz @@ -18,11 +18,6 @@ Source4: %{name}.sysconfig Source6: %{name}.logrotate %define build_gui 1 -%define build_libeap 1 -%if 0%{?rhel} >= 1 -%define build_gui 0 -%define build_libeap 0 -%endif # distro specific customization and not suitable for upstream, # works around busted drivers @@ -34,27 +29,18 @@ Patch1: wpa_supplicant-flush-debug-output.patch Patch2: wpa_supplicant-dbus-service-file-args.patch # quiet an annoying and frequent syslog message Patch3: wpa_supplicant-quiet-scan-results-message.patch -# allow more private key encryption algorithms +# allow more private key encryption algorithms. is this really a good idea? +# seems to be related to RHBZ #538851, see comment #12 Patch5: wpa_supplicant-openssl-more-algs.patch # distro specific customization for Qt4 build tools, not suitable for upstream Patch6: wpa_supplicant-gui-qt4.patch -# Fix libnl3 includes path -Patch7: libnl3-includes.patch # Less aggressive roaming; signal strength is wildly variable +# dcbw states (2015-04): +# "upstream doesn't like that patch so it's been discussed and I think rejected" Patch8: rh837402-less-aggressive-roaming.patch -# Add missing command-line options to man page, also filed upstream -Patch9: rh948453-man-page.patch -# Don't evict current AP from PMKSA cache when it's large -Patch10: rh1032758-fix-pmksa-cache-entry-clearing.patch -# CVE-2014-3686 -Patch11: 0001-Add-os_exec-helper-to-run-external-programs.patch -Patch12: 0002-wpa_cli-Use-os_exec-for-action-script-execution.patch - -%if %{build_libeap} -# Dirty hack for WiMAX -# http://linuxwimax.org/Download?action=AttachFile&do=get&target=wpa-1.5-README.txt -Patch100: wpa_supplicant-2.3-generate-libeap-peer.patch -%endif +# CVE-2015-1863, backport from upstream master, will be in 2.5 +# http://w1.fi/cgit/hostap/commit/?id=9ed4eee345f85e3025c33c6e20aa25696e341ccd +Patch9: 0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch URL: http://w1.fi/wpa_supplicant/ @@ -71,6 +57,13 @@ Requires(post): systemd-sysv Requires(post): systemd-units Requires(preun): systemd-units Requires(postun): systemd-units +# libeap used to be built from wpa_supplicant with some fairly horrible +# hackery, solely for use by WiMAX. We dropped all WiMAX support around +# F21. This is here so people don't wind up with obsolete libeap packages +# lying around. If it's ever resurrected for any reason, this needs +# dropping. +Obsoletes: libeap < %{epoch}:%{version}-%{release} +Obsoletes: libeap-devel < %{epoch}:%{version}-%{release} %description wpa_supplicant is a WPA Supplicant for Linux, BSD and Windows with support @@ -90,25 +83,6 @@ Graphical User Interface for wpa_supplicant written using QT %endif -%if %{build_libeap} -%package -n libeap -Summary: EAP peer library -Group: System Environment/Libraries - -%description -n libeap -This package contains the runtime EAP peer library. Don't use this -unless you know what you're doing. - -%package -n libeap-devel -Summary: Header files for EAP peer library -Group: Development/Libraries -Requires: libeap = %{epoch}:%{version}-%{release} - -%description -n libeap-devel -This package contains header files for using the EAP peer library. -Don't use this unless you know what you're doing. -%endif - %prep %setup -q -n %{name}-%{version}%{rcver} %patch0 -p1 -b .assoc-timeout @@ -117,8 +91,8 @@ Don't use this unless you know what you're doing. %patch3 -p1 -b .quiet-scan-results-msg %patch5 -p1 -b .more-openssl-algs %patch6 -p1 -b .qt4 -%patch7 -p1 -b .libnl3 %patch8 -p1 -b .rh837402-less-aggressive-roaming +%patch9 -p1 -b .cve-2015-1863 %build pushd wpa_supplicant @@ -178,25 +152,6 @@ rm -f %{name}/doc/.cvsignore rm -rf %{name}/doc/docbook chmod -R 0644 %{name}/examples/*.py -%if %{build_libeap} -# HAAACK -patch -p1 -b --suffix .wimax < %{PATCH100} -pushd wpa_supplicant - make clean - - CFLAGS="${CFLAGS:-%optflags} -fPIC -DPIC" ; export CFLAGS ; - CXXFLAGS="${CXXFLAGS:-%optflags} -fPIC -DPIC" ; export CXXFLAGS ; - LDFLAGS="${LDFLAGS:-%optflags} -Wl,-z,now" ; export LDFLAGS ; - # yes, BINDIR=_sbindir - BINDIR="%{_sbindir}" ; export BINDIR ; - LIBDIR="%{_libdir}" ; export LIBDIR ; - - make V=1 -C ../src/eap_peer - make DESTDIR=%{buildroot} LIB=%{_lib} -C ../src/eap_peer install - sed -i -e 's|libdir=/usr/lib|libdir=%{_libdir}|g' %{buildroot}/%{_libdir}/pkgconfig/*.pc -popd -%endif - %post if [ $1 -eq 1 ] ; then # Initial installation @@ -251,22 +206,16 @@ fi %{_bindir}/wpa_gui %endif -%if %{build_libeap} -%files -n libeap -%{_libdir}/libeap.so.0* - -%files -n libeap-devel -%{_includedir}/eap_peer -%{_libdir}/libeap.so -%{_libdir}/pkgconfig/*.pc - -%post -n libeap -p /sbin/ldconfig - -%postun -n libeap -p /sbin/ldconfig -%endif - %changelog -* Mon Nov 01 2014 Orion Poplawski - 1:2.3-2 +* Thu Apr 23 2015 Adam Williamson - 1:2.4-1 +- new release 2.4 +- add some info on a couple of patches +- drop some patches merged or superseded upstream +- rediff other patches +- drop libeap hackery (we dropped the kernel drivers anyhow) +- backport fix for CVE-2015-1863 + +* Sat Nov 01 2014 Orion Poplawski - 1:2.3-2 - Do not install wpa_supplicant.service as executable (bug #803980) * Thu Oct 30 2014 Lubomir Rintel - 1:2.3-1