From b49df2e9489026659b68fa7a1221a5f6fce158e10ab4050002e1614a6690a9de Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Wed, 7 Jan 2015 15:25:20 +0000 Subject: [PATCH 1/2] Accepting request 280052 from home:stroeder:branches:Base:System Update to 2.3, now included original ChangeLog since 2.1. OBS-URL: https://build.opensuse.org/request/show/280052 OBS-URL: https://build.opensuse.org/package/show/Base:System/hostapd?expand=0&rev=28 --- hostapd-2.1-be-host_to_le.patch | 12 -- hostapd-2.1.tar.gz | 3 - ...onfig.patch => hostapd-2.3-defconfig.patch | 30 ++--- hostapd-2.3.tar.gz | 3 + hostapd.changes | 115 ++++++++++++++++++ hostapd.spec | 8 +- 6 files changed, 130 insertions(+), 41 deletions(-) delete mode 100644 hostapd-2.1-be-host_to_le.patch delete mode 100644 hostapd-2.1.tar.gz rename hostapd-2.1-defconfig.patch => hostapd-2.3-defconfig.patch (85%) create mode 100644 hostapd-2.3.tar.gz diff --git a/hostapd-2.1-be-host_to_le.patch b/hostapd-2.1-be-host_to_le.patch deleted file mode 100644 index 148d0aa..0000000 --- a/hostapd-2.1-be-host_to_le.patch +++ /dev/null @@ -1,12 +0,0 @@ -Index: hostapd-2.1/src/utils/common.h -=================================================================== ---- hostapd-2.1.orig/src/utils/common.h -+++ hostapd-2.1/src/utils/common.h -@@ -208,6 +208,7 @@ static inline unsigned int wpa_swap_32(u - #define host_to_le32(n) bswap_32(n) - #define be_to_host32(n) (n) - #define host_to_be32(n) (n) -+#define host_to_le32(n) bswap_32(n) - #define le_to_host64(n) bswap_64(n) - #define host_to_le64(n) bswap_64(n) - #define be_to_host64(n) (n) diff --git a/hostapd-2.1.tar.gz b/hostapd-2.1.tar.gz deleted file mode 100644 index 1c3c63c..0000000 --- a/hostapd-2.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:5c7110f55b6092e5277e26edc961eda2def12b94218129d116f5681e34bb2f88 -size 1490215 diff --git a/hostapd-2.1-defconfig.patch b/hostapd-2.3-defconfig.patch similarity index 85% rename from hostapd-2.1-defconfig.patch rename to hostapd-2.3-defconfig.patch index c1d895f..044b25b 100644 --- a/hostapd-2.1-defconfig.patch +++ b/hostapd-2.3-defconfig.patch @@ -1,6 +1,6 @@ ---- hostapd-2.1.orig/hostapd/defconfig -+++ hostapd-2.1/hostapd/defconfig -@@ -32,7 +32,7 @@ CONFIG_DRIVER_NL80211=y +--- hostapd/defconfig.orig 2015-01-05 20:43:43.726052529 +0100 ++++ hostapd/defconfig 2015-01-05 20:48:46.758264105 +0100 +@@ -32,7 +32,7 @@ #CONFIG_LIBNL20=y # Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored) @@ -9,7 +9,7 @@ # Driver interface for FreeBSD net80211 layer (e.g., Atheros driver) -@@ -43,7 +43,7 @@ CONFIG_DRIVER_NL80211=y +@@ -43,7 +43,7 @@ #LIBS_c += -L/usr/local/lib # Driver interface for no driver (e.g., RADIUS server only) @@ -18,16 +18,7 @@ # IEEE 802.11F/IAPP CONFIG_IAPP=y -@@ -58,7 +58,7 @@ CONFIG_PEERKEY=y - # This version is an experimental implementation based on IEEE 802.11w/D1.0 - # draft and is subject to change since the standard has not yet been finalized. - # Driver support is also needed for IEEE 802.11w. --#CONFIG_IEEE80211W=y -+CONFIG_IEEE80211W=y - - # Integrated EAP server - CONFIG_EAP=y -@@ -82,52 +82,52 @@ CONFIG_EAP_GTC=y +@@ -79,50 +79,50 @@ CONFIG_EAP_TTLS=y # EAP-SIM for the integrated EAP server @@ -76,9 +67,6 @@ # Wi-Fi Protected Setup (WPS) -#CONFIG_WPS=y +CONFIG_WPS=y - # Enable WSC 2.0 support --#CONFIG_WPS2=y -+CONFIG_WPS2=y # Enable UPnP support for external WPS Registrars -#CONFIG_WPS_UPNP=y +CONFIG_WPS_UPNP=y @@ -96,7 +84,7 @@ # EAP-EKE for the integrated EAP server #CONFIG_EAP_EKE=y -@@ -138,27 +138,27 @@ CONFIG_PKCS12=y +@@ -133,27 +133,27 @@ # RADIUS authentication server. This provides access to the integrated EAP # server from external hosts using RADIUS. @@ -130,7 +118,7 @@ # Remove debugging code that is printing out debug messages to stdout. # This can be used to reduce the size of the hostapd considerably if debugging -@@ -186,7 +186,7 @@ CONFIG_IPV6=y +@@ -181,7 +181,7 @@ # Enable support for fully dynamic VLANs. This enables hostapd to # automatically create bridge and VLAN interfaces if necessary. @@ -139,7 +127,7 @@ # Use netlink-based kernel API for VLAN operations instead of ioctl() # Note: This requires libnl 3.1 or newer. -@@ -256,11 +256,11 @@ CONFIG_IPV6=y +@@ -251,11 +251,11 @@ # TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1) # can be enabled to get a stronger construction of messages when block ciphers # are used. @@ -153,7 +141,7 @@ # If CONFIG_TLS=internal is used, additional library and include paths are # needed for LibTomMath. Alternatively, an integrated, minimal version of -@@ -281,13 +281,13 @@ CONFIG_IPV6=y +@@ -276,13 +276,13 @@ # Interworking (IEEE 802.11u) # This can be used to enable functionality to improve interworking with # external networks. diff --git a/hostapd-2.3.tar.gz b/hostapd-2.3.tar.gz new file mode 100644 index 0000000..d5dbd33 --- /dev/null +++ b/hostapd-2.3.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c94c2b76876fad4c80a1063a06f958a2189ba5003475016fa7658a1ca49bb4df +size 1592480 diff --git a/hostapd.changes b/hostapd.changes index 0eb4ec1..c33e3df 100644 --- a/hostapd.changes +++ b/hostapd.changes @@ -1,3 +1,118 @@ +------------------------------------------------------------------- +Mon Jan 5 19:23:24 UTC 2015 - michael@stroeder.com + +- update version 2.3 +- removed patch hostapd-2.1-be-host_to_le.patch because it + seems obsolete + +ChangeLog for hostapd since 2.1: + +2014-10-09 - v2.3 + * fixed number of minor issues identified in static analyzer warnings + * fixed DFS and channel switch operation for multi-BSS cases + * started to use constant time comparison for various password and hash + values to reduce possibility of any externally measurable timing + differences + * extended explicit clearing of freed memory and expired keys to avoid + keeping private data in memory longer than necessary + * added support for number of new RADIUS attributes from RFC 7268 + (Mobility-Domain-Id, WLAN-HESSID, WLAN-Pairwise-Cipher, + WLAN-Group-Cipher, WLAN-AKM-Suite, WLAN-Group-Mgmt-Pairwise-Cipher) + * fixed GET_CONFIG wpa_pairwise_cipher value + * added code to clear bridge FDB entry on station disconnection + * fixed PMKSA cache timeout from Session-Timeout for WPA/WPA2 cases + * fixed OKC PMKSA cache entry fetch to avoid a possible infinite loop + in case the first entry does not match + * fixed hostapd_cli action script execution to use more robust mechanism + (CVE-2014-3686) + +2014-06-04 - v2.2 + * fixed SAE confirm-before-commit validation to avoid a potential + segmentation fault in an unexpected message sequence that could be + triggered remotely + * extended VHT support + - Operating Mode Notification + - Power Constraint element (local_pwr_constraint) + - Spectrum management capability (spectrum_mgmt_required=1) + - fix VHT80 segment picking in ACS + - fix vht_capab 'Maximum A-MPDU Length Exponent' handling + - fix VHT20 + * fixed HT40 co-ex scan for some pri/sec channel switches + * extended HT40 co-ex support to allow dynamic channel width changes + during the lifetime of the BSS + * fixed HT40 co-ex support to check for overlapping 20 MHz BSS + * fixed MSCHAP UTF-8 to UCS-2 conversion for three-byte encoding; + this fixes password with include UTF-8 characters that use + three-byte encoding EAP methods that use NtPasswordHash + * reverted TLS certificate validation step change in v2.1 that rejected + any AAA server certificate with id-kp-clientAuth even if + id-kp-serverAuth EKU was included + * fixed STA validation step for WPS ER commands to prevent a potential + crash if an ER sends an unexpected PutWLANResponse to a station that + is disassociated, but not fully removed + * enforce full EAP authentication after RADIUS Disconnect-Request by + removing the PMKSA cache entry + * added support for NAS-IP-Address, NAS-identifier, and NAS-IPv6-Address + in RADIUS Disconnect-Request + * added mechanism for removing addresses for MAC ACLs by prefixing an + entry with "-" + * Interworking/Hotspot 2.0 enhancements + - support Hotspot 2.0 Release 2 + * OSEN network for online signup connection + * subscription remediation (based on RADIUS server request or + control interface HS20_WNM_NOTIF for testing purposes) + * Hotspot 2.0 release number indication in WFA RADIUS VSA + * deauthentication request (based on RADIUS server request or + control interface WNM_DEAUTH_REQ for testing purposes) + * Session Info URL RADIUS AVP to trigger ESS Disassociation Imminent + * hs20_icon config parameter to configure icon files for OSU + * osu_* config parameters for OSU Providers list + - do not use Interworking filtering rules on Probe Request if + Interworking is disabled to avoid interop issues + * added/fixed nl80211 functionality + - AP interface teardown optimization + - support vendor specific driver command + (VENDOR []) + * fixed PMF protection of Deauthentication frame when this is triggered + by session timeout + * internal TLS implementation enhancements/fixes + - add SHA256-based cipher suites + - add DHE-RSA cipher suites + - fix X.509 validation of PKCS#1 signature to check for extra data + * RADIUS server functionality + - add minimal RADIUS accounting server support (hostapd-as-server); + this is mainly to enable testing coverage with hwsim scripts + - allow authentication log to be written into SQLite databse + - added option for TLS protocol testing of an EAP peer by simulating + various misbehaviors/known attacks + - MAC ACL support for testing purposes + * fixed PTK derivation for CCMP-256 and GCMP-256 + * extended WPS per-station PSK to support ER case + * added option to configure the management group cipher + (group_mgmt_cipher=AES-128-CMAC (default), BIP-GMAC-128, BIP-GMAC-256, + BIP-CMAC-256) + * fixed AP mode default TXOP Limit values for AC_VI and AC_VO (these + were rounded incorrectly) + * added support for postponing FT response in case PMK-R1 needs to be + pulled from R0KH + * added option to advertise 40 MHz intolerant HT capability with + ht_capab=[40-INTOLERANT] + * remove WPS 1.0 only support, i.e., WSC 2.0 support is now enabled + whenever CONFIG_WPS=y is set + * EAP-pwd fixes + - fix possible segmentation fault on EAP method deinit if an invalid + group is negotiated + * fixed RADIUS client retransmit/failover behavior + - there was a potential ctash due to freed memory being accessed + - failover to a backup server mechanism did not work properly + * fixed a possible crash on double DISABLE command when multiple BSSes + are enabled + * fixed a memory leak in SAE random number generation + * fixed GTK rekeying when the station uses FT protocol + * fixed off-by-one bounds checking in printf_encode() + - this could result in deinial of service in some EAP server cases + * various bug fixes + ------------------------------------------------------------------- Tue May 27 19:57:16 UTC 2014 - crrodriguez@opensuse.org diff --git a/hostapd.spec b/hostapd.spec index c8aeb93..c889132 100644 --- a/hostapd.spec +++ b/hostapd.spec @@ -24,14 +24,13 @@ BuildRequires: pkgconfig(systemd) Summary: Turns Your WLAN Card into a WPA capable Access Point License: GPL-2.0 or BSD-3-Clause Group: Hardware/Wifi -Version: 2.1 +Version: 2.3 Release: 0 BuildRoot: %{_tmppath}/%{name}-%{version}-build Url: http://hostap.epitest.fi/ Source: http://hostap.epitest.fi/releases/hostapd-%{version}.tar.gz Source1: hostapd.service -Patch0: hostapd-2.1-defconfig.patch -Patch1: hostapd-2.1-be-host_to_le.patch +Patch0: hostapd-2.3-defconfig.patch %{?systemd_requires} %description @@ -45,8 +44,7 @@ authentication via any ethernet driver. %prep %setup -q -n hostapd-%{version} -%patch0 -p1 -%patch1 -p1 +%patch0 -p0 cd hostapd cp defconfig .config From 83ca20bae184daa2287b68a69c07b9fd446ffdfd6311c01cc71b1afdad682ac0 Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Wed, 7 Jan 2015 15:31:29 +0000 Subject: [PATCH 2/2] - hostapd-2.1-defconfig.patch rediffed and renamed to hostapd-2.3-defconfig.patch OBS-URL: https://build.opensuse.org/package/show/Base:System/hostapd?expand=0&rev=29 --- hostapd.changes | 1 + hostapd.spec | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/hostapd.changes b/hostapd.changes index c33e3df..c3ee1fe 100644 --- a/hostapd.changes +++ b/hostapd.changes @@ -4,6 +4,7 @@ Mon Jan 5 19:23:24 UTC 2015 - michael@stroeder.com - update version 2.3 - removed patch hostapd-2.1-be-host_to_le.patch because it seems obsolete +- hostapd-2.1-defconfig.patch rediffed and renamed to hostapd-2.3-defconfig.patch ChangeLog for hostapd since 2.1: diff --git a/hostapd.spec b/hostapd.spec index c889132..3ce9417 100644 --- a/hostapd.spec +++ b/hostapd.spec @@ -1,7 +1,7 @@ # # spec file for package hostapd # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed