From 5a7ee34c7c1e4fdf1f7a70e4f6232a7141abc312a20444f76452be8faa90b195 Mon Sep 17 00:00:00 2001
From: Marcus Meissner <meissner@suse.com>
Date: Fri, 23 Oct 2015 20:42:34 +0000
Subject: [PATCH] Accepting request 339613 from
 home:stroeder:branches:Base:System

update to upstream release 2.5 (successfully tested on armv6l with WPA2/PSK)

OBS-URL: https://build.opensuse.org/request/show/339613
OBS-URL: https://build.opensuse.org/package/show/Base:System/hostapd?expand=0&rev=34
---
 hostapd-2.4.tar.gz                            |  3 --
 ...onfig.patch => hostapd-2.5-defconfig.patch | 26 +++++++----
 hostapd-2.5.tar.gz                            |  3 ++
 hostapd.changes                               | 45 +++++++++++++++++++
 hostapd.spec                                  |  7 +--
 5 files changed, 68 insertions(+), 16 deletions(-)
 delete mode 100644 hostapd-2.4.tar.gz
 rename hostapd-2.4-defconfig.patch => hostapd-2.5-defconfig.patch (88%)
 create mode 100644 hostapd-2.5.tar.gz

diff --git a/hostapd-2.4.tar.gz b/hostapd-2.4.tar.gz
deleted file mode 100644
index 5eadfea..0000000
--- a/hostapd-2.4.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:6fe0eb6bd1c9cbd24952ece8586b6f7bd14ab358edfda99794e79b9b9dbd657f
-size 1658872
diff --git a/hostapd-2.4-defconfig.patch b/hostapd-2.5-defconfig.patch
similarity index 88%
rename from hostapd-2.4-defconfig.patch
rename to hostapd-2.5-defconfig.patch
index 90a84f4..7c15a43 100644
--- a/hostapd-2.4-defconfig.patch
+++ b/hostapd-2.5-defconfig.patch
@@ -1,5 +1,5 @@
---- hostapd/defconfig.orig	2015-04-23 22:09:41.502518110 +0200
-+++ hostapd/defconfig	2015-04-23 22:15:09.225421010 +0200
+--- ./hostapd/defconfig.orig	2015-10-18 15:11:32.152380752 +0200
++++ ./hostapd/defconfig	2015-10-18 15:18:07.240441471 +0200
 @@ -28,7 +28,7 @@
  #CONFIG_LIBNL20=y
  
@@ -18,7 +18,7 @@
  
  # IEEE 802.11F/IAPP
  CONFIG_IAPP=y
-@@ -78,50 +78,50 @@
+@@ -78,53 +78,53 @@
  CONFIG_EAP_TTLS=y
  
  # EAP-SIM for the integrated EAP server
@@ -83,7 +83,11 @@
 +CONFIG_EAP_TNC=y
  
  # EAP-EKE for the integrated EAP server
- #CONFIG_EAP_EKE=y
+-#CONFIG_EAP_EKE=y
++CONFIG_EAP_EKE=y
+ 
+ # PKCS#12 (PFX) support (used to read private key and certificate file from
+ # a file that usually has extension .p12 or .pfx)
 @@ -132,27 +132,27 @@
  
  # RADIUS authentication server. This provides access to the integrated EAP
@@ -127,7 +131,13 @@
  
  # Use netlink-based kernel API for VLAN operations instead of ioctl()
  # Note: This requires libnl 3.1 or newer.
-@@ -250,11 +250,11 @@
+@@ -251,16 +251,16 @@
+ # gnutls = GnuTLS
+ # internal = Internal TLSv1 implementation (experimental)
+ # none = Empty template
+-#CONFIG_TLS=openssl
++CONFIG_TLS=openssl
+ 
  # TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
  # can be enabled to get a stronger construction of messages when block ciphers
  # are used.
@@ -141,7 +151,7 @@
  
  # If CONFIG_TLS=internal is used, additional library and include paths are
  # needed for LibTomMath. Alternatively, an integrated, minimal version of
-@@ -275,13 +275,13 @@
+@@ -281,13 +281,13 @@
  # Interworking (IEEE 802.11u)
  # This can be used to enable functionality to improve interworking with
  # external networks.
@@ -156,5 +166,5 @@
 -#CONFIG_SQLITE=y
 +CONFIG_SQLITE=y
  
- # Testing options
- # This can be used to enable some testing options (see also the example
+ # Enable Fast Session Transfer (FST)
+ #CONFIG_FST=y
diff --git a/hostapd-2.5.tar.gz b/hostapd-2.5.tar.gz
new file mode 100644
index 0000000..93f6acd
--- /dev/null
+++ b/hostapd-2.5.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:8e272d954dc0d7026c264b79b15389ec2b2c555b32970de39f506b9f463ec74a
+size 1720783
diff --git a/hostapd.changes b/hostapd.changes
index 6af69cc..0c43770 100644
--- a/hostapd.changes
+++ b/hostapd.changes
@@ -1,3 +1,48 @@
+-------------------------------------------------------------------
+Sun Oct 18 12:59:02 UTC 2015 - michael@stroeder.com
+
+- update to upstream release 2.5
+- removed 0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch
+  (CVE-2015-1863) because it's fixed in upstream release 2.5
+
+ChangeLog for hostapd since 2.4:
+
+2015-09-27 - v2.5
+	* fixed WPS UPnP vulnerability with HTTP chunked transfer encoding
+	  [http://w1.fi/security/2015-2/] (CVE-2015-4141)
+	* fixed WMM Action frame parser
+	  [http://w1.fi/security/2015-3/] (CVE-2015-4142)
+	* fixed EAP-pwd server missing payload length validation
+	  [http://w1.fi/security/2015-4/]
+	  (CVE-2015-4143, CVE-2015-4144, CVE-2015-4145)
+	* fixed validation of WPS and P2P NFC NDEF record payload length
+	  [http://w1.fi/security/2015-5/]
+	* nl80211:
+	  - fixed vendor command handling to check OUI properly
+	* fixed hlr_auc_gw build with OpenSSL
+	* hlr_auc_gw: allow Milenage RES length to be reduced
+	* disable HT for a station that does not support WMM/QoS
+	* added support for hashed password (NtHash) in EAP-pwd server
+	* fixed and extended dynamic VLAN cases
+	* added EAP-EKE server support for deriving Session-Id
+	* set Acct-Session-Id to a random value to make it more likely to be
+	  unique even if the device does not have a proper clock
+	* added more 2.4 GHz channels for 20/40 MHz HT co-ex scan
+	* modified SAE routines to be more robust and PWE generation to be
+	  stronger against timing attacks
+	* added support for Brainpool Elliptic Curves with SAE
+	* increases maximum value accepted for cwmin/cwmax
+	* added support for CCMP-256 and GCMP-256 as group ciphers with FT
+	* added Fast Session Transfer (FST) module
+	* removed optional fields from RSNE when using FT with PMF
+	  (workaround for interoperability issues with iOS 8.4)
+	* added EAP server support for TLS session resumption
+	* fixed key derivation for Suite B 192-bit AKM (this breaks
+	  compatibility with the earlier version)
+	* added mechanism to track unconnected stations and do minimal band
+	  steering
+	* number of small fixes
+
 -------------------------------------------------------------------
 Thu Apr 23 19:45:41 UTC 2015 - michael@stroeder.com
 
diff --git a/hostapd.spec b/hostapd.spec
index aa57f9e..0c71584 100644
--- a/hostapd.spec
+++ b/hostapd.spec
@@ -26,15 +26,13 @@ BuildRequires:  pkgconfig(systemd)
 Summary:        Turns Your WLAN Card into a WPA capable Access Point
 License:        GPL-2.0 or BSD-3-Clause
 Group:          Hardware/Wifi
-Version:        2.4
+Version:        2.5
 Release:        0
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Url:            http://w1.fi/
 Source:         http://w1.fi/releases/hostapd-%{version}.tar.gz
 Source1:        hostapd.service
-Patch0:         hostapd-2.4-defconfig.patch
-# CVE-2015-1863
-Patch1:         0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch
+Patch0:         hostapd-2.5-defconfig.patch
 %{?systemd_requires}
 
 %description
@@ -49,7 +47,6 @@ authentication via any ethernet driver.
 %prep
 %setup -q -n hostapd-%{version}
 %patch0 -p0
-%patch1 -p1
 
 cd hostapd
 cp defconfig .config