From 16e956cc5fd6f972ae27f9b970f2b39e14d73d452848660f5bf983e2b0e8aea1 Mon Sep 17 00:00:00 2001 From: OBS User autobuild Date: Thu, 10 Sep 2009 10:52:36 +0000 Subject: [PATCH] Accepting request 20144 from hardware Copy from hardware/wpa_supplicant based on submit request 20144 from user vbotka OBS-URL: https://build.opensuse.org/request/show/20144 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/wpa_supplicant?expand=0&rev=26 --- logrotate.wpa_supplicant | 10 + wpa_supplicant.changes | 5 + wpa_supplicant.spec | 587 +-------------------------------------- 3 files changed, 23 insertions(+), 579 deletions(-) create mode 100644 logrotate.wpa_supplicant diff --git a/logrotate.wpa_supplicant b/logrotate.wpa_supplicant new file mode 100644 index 0000000..afb8824 --- /dev/null +++ b/logrotate.wpa_supplicant @@ -0,0 +1,10 @@ +/var/log/wpa_supplicant.log { + compress + dateext + maxage 365 + rotate 99 + missingok + notifempty + size +4096k + copytruncate +} diff --git a/wpa_supplicant.changes b/wpa_supplicant.changes index 49ac8c5..0c789c9 100644 --- a/wpa_supplicant.changes +++ b/wpa_supplicant.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Mon Sep 7 19:41:35 UTC 2009 - claes.backstrom@fsfe.org + +- Added rotation of log file with logrotate (bnc#508041) + ------------------------------------------------------------------- Tue May 12 12:28:55 CEST 2009 - dmueller@suse.de diff --git a/wpa_supplicant.spec b/wpa_supplicant.spec index e5718c5..d18118b 100644 --- a/wpa_supplicant.spec +++ b/wpa_supplicant.spec @@ -22,14 +22,15 @@ Name: wpa_supplicant BuildRequires: dbus-1-devel libnl-devel libqt4 libqt4-devel openssl-devel pkg-config readline-devel Url: http://hostap.epitest.fi/wpa_supplicant/ Version: 0.6.9 -Release: 2 -License: BSD 3-Clause; GPL v2 or later +Release: 3 +License: BSD 3-clause (or similar) ; GPL v2 or later Group: Productivity/Networking/Other Summary: WPA supplicant implementation Source: http://hostap.epitest.fi/releases/wpa_supplicant-%{version}.tar.bz2 Source1: config Source2: %{name}.conf Source3: fi.epitest.hostap.WPASupplicant.service +Source4: logrotate.wpa_supplicant Patch0: wpa_supplicant-driver-wext-debug.patch # wpa_supplicant-flush-debug-output.patch won't go upstream as it might # change timings @@ -47,6 +48,7 @@ Patch7: wpa_supplicant-fix_dbus_config2.patch Patch8: wpa_supplicant-roaming.patch Patch9: wpa_supplicant-pkcs11-init-args.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build +Requires: logrotate %description wpa_supplicant is an implementation of the WPA Supplicant component, @@ -61,7 +63,7 @@ Authors: Jouni Malinen %package gui -License: BSD 3-Clause; GPL v2 or later +License: BSD 3-clause (or similar) ; GPL v2 or later Summary: WPA supplicant graphical front-end Requires: wpa_supplicant Group: System/Monitoring @@ -108,6 +110,8 @@ install -d %{buildroot}/%{_sysconfdir}/%{name} install -m 0600 %{SOURCE2} %{buildroot}/%{_sysconfdir}/%{name} install -d %{buildroot}/%{_datadir}/dbus-1/system-services install -m 0644 %{SOURCE3} %{buildroot}/%{_datadir}/dbus-1/system-services +install -d %{buildroot}/%{_sysconfdir}/logrotate.d/ +install -m 644 %{SOURCE4} %{buildroot}/%{_sysconfdir}/logrotate.d/wpa_supplicant install -d %{buildroot}/%{_localstatedir}/run/%{name} install -d %{buildroot}%{_mandir}/man{5,8} install -m 0644 wpa_supplicant/doc/docbook/*.8 %{buildroot}%{_mandir}/man8 @@ -123,6 +127,7 @@ install -m 755 wpa_supplicant/wpa_gui-qt4/wpa_gui %{buildroot}%{_sbindir} %config %{_sysconfdir}/dbus-1/system.d/%{name}.conf %{_datadir}/dbus-1/system-services %config %{_sysconfdir}/%{name}/%{name}.conf +%config(noreplace) %{_sysconfdir}/logrotate.d/wpa_supplicant %dir %{_localstatedir}/run/%{name} %dir %{_sysconfdir}/%{name} %doc %{_mandir}/man8/* @@ -133,579 +138,3 @@ install -m 755 wpa_supplicant/wpa_gui-qt4/wpa_gui %{buildroot}%{_sbindir} /usr/sbin/wpa_gui %changelog -* Tue May 12 2009 dmueller@suse.de -- reenable logfile writing support to make d-bus activation work - again (bnc#502957) -* Tue Apr 07 2009 hschaa@suse.de -- Enable ralink driver (bnc#481380) -- Enable nl80211 driver (bnc#485453) -- Rebase all SUSE patches to 0.6.9 -- Remove upstreamed patches -- Update to 0.6.9 - * driver_ndis: add PAE group address to the multicast address list to - fix wired IEEE 802.1X authentication - * fixed IEEE 802.11r key derivation function to match with the standard - (note: this breaks interoperability with previous version) [Bug 303] - * increased wpa_cli ping interval to 5 seconds and made this - configurable with a new command line options (-G) - * fixed scan buffer processing with WEXT to handle up to 65535 - byte result buffer (previously, limited to 32768 bytes) - * added support for Wi-Fi Protected Setup (WPS) - (wpa_supplicant can now be configured to act as a WPS Enrollee to - enroll credentials for a network using PIN and PBC methods; in - addition, wpa_supplicant can act as a wireless WPS Registrar to - configure an AP); WPS support can be enabled by adding CONFIG_WPS=y - into .config and setting the runtime configuration variables in - wpa_supplicant.conf (see WPS section in the example configuration - file); new wpa_cli commands wps_pin, wps_pbc, and wps_reg are used to - manage WPS negotiation; see README-WPS for more details - * added support for EAP-AKA' (draft-arkko-eap-aka-kdf) - * added support for using driver_test over UDP socket - * fixed PEAPv0 Cryptobinding interoperability issue with Windows Server - 2008 NPS; optional cryptobinding is now enabled (again) by default - * fixed PSK editing in wpa_gui - * changed EAP-GPSK to use the IANA assigned EAP method type 51 - * added a Windows installer that includes WinPcap and all the needed - DLLs; in addition, it set up the registry automatically so that user - will only need start wpa_gui to get prompted to start the wpasvc - servide and add a new interface if needed through wpa_gui dialog - * updated management frame protection to use IEEE 802.11w/D7.0 - * added Milenage SIM/USIM emulator for EAP-SIM/EAP-AKA - (can be used to simulate test SIM/USIM card with a known private key; - enable with CONFIG_SIM_SIMULATOR=y/CONFIG_USIM_SIMULATOR=y in .config - and password="Ki:OPc"/password="Ki:OPc:SQN" in network configuration) - * added a new network configuration option, wpa_ptk_rekey, that can be - used to enforce frequent PTK rekeying, e.g., to mitigate some attacks - against TKIP deficiencies - * added an optional mitigation mechanism for certain attacks against - TKIP by delaying Michael MIC error reports by a random amount of time - between 0 and 60 seconds; this can be enabled with a build option - CONFIG_DELAYED_MIC_ERROR_REPORT=y in .config - * fixed EAP-AKA to use RES Length field in AT_RES as length in bits, - not bytes - * updated OpenSSL code for EAP-FAST to use an updated version of the - session ticket overriding API that was included into the upstream - OpenSSL 0.9.9 tree on 2008-11-15 (no additional OpenSSL patch is - needed with that version anymore) - * updated userspace MLME instructions to match with the current Linux - mac80211 implementation; please also note that this can only be used - with driver_nl80211.c (the old code from driver_wext.c was removed) - * added support (Linux only) for RoboSwitch chipsets (often found in - consumer grade routers); driver interface 'roboswitch' - * fixed canceling of PMKSA caching when using drivers that generate - RSN IE and refuse to drop PMKIDs that wpa_supplicant does not know - about - * added support for SHA-256 as X.509 certificate digest when using the - internal X.509/TLSv1 implementation - * updated management frame protection to use IEEE 802.11w/D6.0 - * added support for using SHA256-based stronger key derivation for WPA2 - (IEEE 802.11w) - * fixed FT (IEEE 802.11r) authentication after a failed association to - use correct FTIE - * added support for configuring Phase 2 (inner/tunneled) authentication - method with wpa_gui-qt4 - * added support for EAP Sequences in EAP-FAST Phase 2 - * added support for using TNC with EAP-FAST - * added driver_ps3 for the PS3 Linux wireless driver - * added support for optional cryptobinding with PEAPv0 - * fixed the OpenSSL patches (0.9.8g and 0.9.9) for EAP-FAST to - allow fallback to full handshake if server rejects PAC-Opaque - * added fragmentation support for EAP-TNC - * added support for parsing PKCS #8 formatted private keys into the - internal TLS implementation (both PKCS #1 RSA key and PKCS #8 - encapsulated RSA key can now be used) - * added option of using faster, but larger, routines in the internal - LibTomMath (for internal TLS implementation) to speed up DH and RSA - calculations (CONFIG_INTERNAL_LIBTOMMATH_FAST=y) - * fixed race condition between disassociation event and group key - handshake to avoid getting stuck in incorrect state [Bug 261] - * fixed opportunistic key caching (proactive_key_caching) -* Sun Mar 01 2009 coolo@suse.de -- fix compilation with gcc 4.4 -* Mon Feb 09 2009 hschaa@suse.de -- Add wpa_supplicant-respect_no_reply.patch which avoids - D-Bus errors if no reply was requested by the caller -* Wed Jan 28 2009 hschaa@suse.de -- Avoid unnecessary roaming if the driver (like ipw2100) does not - report signal level. This fixes association problems with ipw2100 - (bnc#469779). -* Wed Jan 28 2009 hschaa@suse.de -- Fix dbus configuration again (bnc#470013, bnc#469530) -* Thu Jan 22 2009 hschaa@suse.de -- Add fix_dbus_config.patch (bnc#468392) -* Mon Dec 08 2008 hschaa@suse.de -- Add patch wpa_supplicant-hide_secrets-2.patch to _not_ print - passwords in clear text when started by NM with enabled debug - output -* Mon Nov 10 2008 tambet@novell.com -- Fix a bug where authentication would always fail using PKCS#11 - interface from DBus control interface. -- Add support for PKCS#11 module initialization arguments. -* Mon Oct 13 2008 hschaa@gmail.com -- update wpa_supplicant-roaming.patch which enables roaming by - default for some cards -* Thu Oct 09 2008 hschaa@suse.de -- add patches wpa_supplicant-dont_report_empty_initial_scan.patch - and wpa_supplicant-restore_scan_request_setting.patch which - speed up the initial association with a network when NM is used -- Add patch wpa_supplicant-fix_set_mode.patch which fixes an - association bug that was triggered when changing the interface - mode -* Mon Sep 29 2008 hschaa@suse.de -- add roaming capability (FATE 303806) -* Wed Sep 24 2008 ro@suse.de -- drop buildreq for madwifi (dropped package) -* Tue Sep 02 2008 ro@suse.de -- update to 0.6.4 - * added support for EAP Sequences in EAP-FAST Phase 2 - * added support for using TNC with EAP-FAST - * added driver_ps3 for the PS3 Linux wireless driver - * added support for optional cryptobinding with PEAPv0 - * fixed the OpenSSL patches (0.9.8g and 0.9.9) for EAP-FAST to - allow fallback to full handshake if server rejects PAC-Opaque - * added fragmentation support for EAP-TNC - * added support for parsing PKCS #8 formatted private keys into the - internal TLS implementation (both PKCS #1 RSA key and PKCS #8 - encapsulated RSA key can now be used) - * added option of using faster, but larger, routines in the internal - LibTomMath (for internal TLS implementation) to speed up DH and RSA - calculations (CONFIG_INTERNAL_LIBTOMMATH_FAST=y) - * fixed race condition between disassociation event and group key - handshake to avoid getting stuck in incorrect state [Bug 261] - * fixed opportunistic key caching (proactive_key_caching) -* Mon Aug 04 2008 hschaa@suse.de -- Remove patches that are already upstream -- Rebase patches to new version -- Update to 0.6.3 -* Mon May 05 2008 schwab@suse.de -- Fix mangled error message. -* Mon Mar 17 2008 hschaa@suse.de -- Fix system bus activation (bnc#371500) -* Tue Mar 11 2008 hschaa@suse.de -- Remove patches that are upstream already -- Update to version 0.5.10, changes: - * added support for Makefile builds to include debug-log-to-a-file - functionality (CONFIG_DEBUG_FILE=y and -f on command line) - * added network configuration parameter 'frequency' for setting - initial channel for IBSS (adhoc) networks - * fixed EAP-SIM and EAP-AKA message parser to validate attribute - lengths properly to avoid potential crash caused by invalid messages - * added driver_wext workaround for race condition between scanning and - association with drivers that take very long time to scan all - channels (e.g., madwifi with dual-band cards); wpa_supplicant is now - using a longer hardcoded timeout for the scan if the driver supports - notifications for scan completion (SIOCGIWSCAN event); this helps, - e.g., in cases where wpa_supplicant and madwifi driver ended up in - loop where the driver did not even try to associate - * fixed EAP-SIM not to include AT_NONCE_MT and AT_SELECTED_VERSION - attributes in EAP-SIM Start/Response when using fast reauthentication - * fixed problems in getting NDIS events from WMI on Windows 2000 -- Changes in 0.5.9: - * fixed an integer overflow issue in the ASN.1 parser used by the - (experimental) internal TLS implementation to avoid a potential - buffer read overflow - * fixed a race condition with -W option (wait for a control interface - monitor before starting) that could have caused the first messages to - be lost - * updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest - draft (draft-ietf-emu-eap-gpsk-07.txt) - * added ctrl_iface RECONNECT (wpa_cli reconnect) command - (like reassociate, but only takes effect if already associated) - * fixed a possible race condition between wpa_cli reassociate and - wpa_cli disconnect - * return a non-zero exit code from non-interactive wpa_cli if the - command is not recognized or fails - * fixed 0.5.8 regressions in BSS selection that prevented wildcard SSID - from being used with non-WPA networks and disabled workaround for - ignoring bogus WPA/RSN IE in non-WPA configuration - * fixed OpenSSL TLS wrapper to clear trusted CA list to allow - network blocks to use different trusted CA configurations - * fixed a potential EAP state machine loop when mloving from PSK to EAP - configuration without restarting wpa_supplicant -* Thu Jan 31 2008 hschaa@suse.de -- Fix madwifi support (b.n.c #342670) -* Tue Dec 18 2007 jg@suse.de -- Fix two leaks when signalling state and scan results (rh #408141) -* Wed Nov 14 2007 jg@suse.de -- enable dbus interface -- apply fixes from Dan Williams -- build Qt4 version of wpa_gui -- dropped gcc 4.3 patch for Qt3 wpa_gui -* Mon Nov 12 2007 ssommer@suse.de -- fix build with gcc 4.3 -* Tue Jul 24 2007 jg@suse.de -- update to version 0.5.8, changes: - * updated driver_wext.c to build with the current wireless-dev.git - tree and net/d80211 changes - * updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest - draft (draft-ietf-emu-eap-gpsk-03.txt) - * fixed 'make install' - * fixed EAP-TTLS implementation not to crash on use of freed memory - if TLS library initialization fails - * fixed EAP-AKA Notification processing to allow Notification to be - processed after AKA Challenge response has been sent -* Mon Mar 19 2007 jg@suse.de -- adjusted include path for madwifi -* Sat Mar 10 2007 dmueller@suse.de -- update to 0.5.7 (#253396): - * ChangeLog is under /usr/share/doc/packages/wpa_supplicant/ChangeLog -* Mon Nov 06 2006 jg@suse.de -- set IW_ENCODE_TEMP flag (needed to use dynamic WEP with airo - driver, bug 185528) -* Fri Oct 06 2006 jg@suse.de -- update to 0.4.9: - * fixed EAPOL re-authentication for sessions that used PMKSA - caching - * reject WPA/WPA2 message 3/4 if it does not include any valid - WPA/RSN IE - * driver_wext: added support for WE-21 change to SSID configuration - * driver_wext: fixed privacy configuration for static WEP keys mode - [Bug 140] - * driver_wext: added fallback to use SIOCSIWENCODE for setting - auth_alg if the driver does not support SIOCSIWAUTH -* Fri Mar 24 2006 jg@suse.de -- fixed static WEP key usage (bug 144268) -* Thu Feb 16 2006 jg@suse.de -- update to 0.4.8 (bug 151151) - * added support for EAP-FAST key derivation using other ciphers than - RC4-128-SHA for authentication and AES128-SHA for provisioning - * fixed EAP-SIM and EAP-AKA pseudonym and fast re-authentication to - decrypt AT_ENCR_DATA attributes correctly - * added support for configuring CA certificate as DER file and as a - configuration blob - * fixed private key configuration as configuration blob and added - support for using PKCS#12 as a blob - * added support for loading trusted CA certificates from Windows - certificate store: ca_cert="cert_store://", where is - likely CA (Intermediate CA certificates) or ROOT (root certificates) - * fixed TLS library deinitialization after RSN pre-authentication not - to disable TLS library for normal authentication - * fixed PMKSA cache processing not to trigger deauthentication if the - current PMKSA cache entry is replaced with a valid new entry - * fixed PC/SC initialization for ap_scan != 1 modes (this fixes - EAP-SIM and EAP-AKA with real SIM/USIM card when using ap_scan=0 or - ap_scan=2) - * do not try to use USIM APDUs when initializing PC/SC for SIM card - access for a network that has not enabled EAP-AKA -* Sun Feb 05 2006 ro@suse.de -- removed km_wlan from BuildRequires -* Wed Jan 25 2006 mls@suse.de -- converted neededforbuild to BuildRequires -* Tue Jan 17 2006 rml@suse.de -- Add patch (from upstream) fixing bad drivers that NULL out - the SSID and send the wrong length. -* Tue Jan 10 2006 jg@suse.de -- added AP scan mode selection via control interface (patch - from rml@novell.com) -* Mon Nov 21 2005 jg@suse.de -- update to 0.4.7, changes (shortened): - * l2_packet_pcap: fixed wired IEEE 802.1X authentication with - libpcap and WinPcap to receive frames sent to PAE group address - * disable EAP state machine when IEEE 802.1X authentication is - not used in order to get rid of bogus "EAP failed" messages - * fixed OpenSSL error reporting to go through all pending errors - to avoid confusing reports of old errors being reported at - later point during handshake - * fixed configuration file updating to not write empty variables - (e.g., proto or key_mgmt) that the file parser would not accept - * fixed ADD_NETWORK ctrl_iface command to use the same default - values for variables as empty network definitions read from - config file would get - * fixed EAP state machine to not discard EAP-Failure messages in - many cases (e.g., during TLS handshake) - * fixed a infinite loop in private key reading if the configured - file cannot be parsed successfully - * driver_madwifi: added support for madwifi-ng - * wpa_gui: do not display password/PSK field contents - * wpa_gui: added CA certificate configuration - * use longer timeout for IEEE 802.11 association to avoid problems - with drivers that may take more than five second to associate -- dropped obsolete madwifi patch -- dropped obsolete copy of wireless.h -- updated config file -- use $RPM_OPT_FLAGS and %%jobs -- created subpackage wpa_supplicant-gui containing wpa_gui -* Tue Nov 08 2005 jg@suse.de -- do not build as root -* Fri Nov 04 2005 jg@suse.de -- added support for madwifi-ng -- compiling against Wireless Extensions v19 -- removed obsolete config option CONFIG_XSUPPLICANT_IFACE -* Fri Oct 28 2005 jg@suse.de -- update to 0.4.6, changes (shortened): - * allow fallback to WPA, if mixed WPA+WPA2 networks have mismatch - in RSN IE, but WPA IE would match with wpa_supplicant - configuration - * added support for named configuration blobs in order to avoid - having to use file system for external files (e.g., certificates) - * fixed RSN pre-authentication - * driver_madwifi: set IEEE80211_KEY_GROUP flag for group keys to - make sure the driver configures broadcast decryption correctly - * added ca_path (and ca_path2) configuration variables that can be - used to configure OpenSSL CA path, e.g., /etc/ssl/certs, for - using the system-wide trusted CA list - * added support for starting wpa_supplicant without a configuration - file - * added global control interface that can be optionally used for - adding and removing network interfaces dynamically - * wpa_gui: - - try to save configuration whenever something is modified - - added WEP key configuration - - added possibility to edit the current network configuration - * driver_ndis: fixed driver polling not to increase frequency on - each received EAPOL frame due to incorrectly cancelled timeout - * fixed driver_wext.c to filter wireless events based on ifindex - to avoid interfaces receiving events from other interfaces - * delay sending initial EAPOL-Start couple of seconds to speed - up authentication for the most common case of Authenticator - starting EAP authentication immediately after association -* Thu Oct 13 2005 jg@suse.de -- update to 0.4.5, changes (shortened): - * added a workaround for clearing keys with ndiswrapper to allow - roaming from WPA enabled AP to plaintext one - * l2_packet_linux: use socket type SOCK_DGRAM instead of SOCK_RAW - for PF_PACKET in order to prepare for network devices that do - not use Ethernet headers (e.g., network stack with native IEEE - 802.11 frames) - * use receipt of EAPOL-Key frame as a lower layer success indication - for EAP state machine to allow recovery from dropped EAP-Success - frame - * driver_wext: add support for WE-19 - * added support for multiple configuration backends (CONFIG_BACKEND - option); currently, only 'file' is supported (i.e., the format used - in wpa_supplicant.conf) - * added support for updating configuration ('wpa_cli save_config') - * added GET_NETWORK ctrl_iface command -* Mon Aug 29 2005 jg@suse.de -- update to 0.4.4 (bug 112977), changes (shortened): - * replaced OpenSSL patch for EAP-FAST support - (openssl-tls-extensions.patch) with a more generic and correct - patch - * allow non-WPA modes (e.g., IEEE 802.1X with dynamic WEP) to be - used with drivers that do not support WPA - * added support for enabling/disabling networks from the list of - all configured networks - * added support for adding and removing network from the current - configuration - * added support for setting network configuration parameters - through the control interface - * fixed parsing of strings that include both " and # within double - quoted area (e.g., "start"#end") - * removed interface for external EAPOL/EAP supplicant - * fixed build with CONFIG_DNET_PCAP=y on Linux - * l2_packet: moved different implementations into separate files - * added support for using ap_scan=2 mode with multiple network - blocks - * fixed a potential issue in RSN pre-authentication ending up using - freed memory if pre-authentication times out - * added support for querying private key password (EAP-TLS) through - the control interface (wpa_cli/wpa_gui) if one is not included in - the configuration file - * driver_broadcom: fixed couple of memory leaks in scan result - processing - * EAP-PAX is now registered as EAP type 46 - * fixed EAP-PAX MAC calculation - * fixed EAP-PAX CK and ICK key derivation - * added support for using password with EAP-PAX - * added support for arbitrary driver interface parameters through the - configuration file with a new driver_param field - * added possibility to override l2_packet module with driver - interface API (new send_eapol handler) - * fixed ctrl_interface_group processing for the case where gid is - entered as a number, not group name - * driver_test: added support for testing hostapd with wpa_supplicant - by using test driver interface without any kernel drivers or - network cards - * added support for EAP-MSCHAPv2 password retries within the same - EAP authentication session - * added support for password changes with EAP-MSCHAPv2 - * added support for reading additional certificates from PKCS#12 - files and adding them to the certificate chain - * fixed association with IEEE 802.1X (no WPA) when dynamic WEP keys - were used - * display EAP Notification messages to user through control - interface with "CTRL-EVENT-EAP-NOTIFICATION" prefix - * added 'disconnect' command to control interface for setting - wpa_supplicant in state where it will not associate before - 'reassociate' command has been used - * added support for getting scan results through control interface - * added support for wired authentication (IEEE 802.1X on wired - Ethernet); driver interface 'wired' - * added support for sending TLS alerts - * added support for 'any' SSID wildcard; if ssid is not configured or - is set to an empty string, any SSID will be accepted for non-WPA AP - * added support for asking PIN (for SIM) from frontends (e.g., - wpa_cli); - * added support for using external devices (e.g., a smartcard) for - private key operations in EAP-TLS (CONFIG_SMARTCARD=y in .config); - * added experimental support for EAP-PAX - * added monitor mode for wpa_cli -* Mon Jul 11 2005 jg@suse.de -- update to 0.3.9, changes: - * modified the EAP workaround that accepts EAP-Success with - incorrect Identifier to be even less strict about verification - in order to interoperate with some authentication servers - * fixed RSN IE in 4-Way Handshake message 2/4 for the case where - Authenticator rejects PMKSA caching attempt and the driver is - not using assoc_info events - * fixed a possible double free in EAP-TTLS fast-reauthentication - when identity or password is entered through control interface - * added -P argument for wpa_supplicant to write the - current process id into a file - * driver_madwifi: fixed association in plaintext mode - * driver_madwifi: added preliminary support for compiling against - 'BSD' branch of madwifi CVS tree - * added EAP workaround for PEAPv1 session resumption: allow outer, - i.e., not tunneled, EAP-Success to terminate session since; this - can be disabled with eap_workaround=0 - * driver_ipw: updated driver structures to match with ipw2200-1.0.4 - (note: ipw2100-1.1.0 is likely to require an update to work with - this) - * driver_broadcom: fixed couple of memory leaks in scan result - processing -- removed pidfile patch in favour of the new upstream - implementation -* Mon Mar 21 2005 jg@suse.de -- creating directory /var/run/wpa_supplicant when needed (bug 74023) -* Mon Feb 14 2005 jg@suse.de -- update to 0.3.8, changes: - * fixed EAPOL-Key validation to drop packets with invalid Key - Data Length; such frames could have crashed wpa_supplicant due - to buffer overflow -* Mon Feb 07 2005 jg@suse.de -- update to 0.3.7-pre, changes: - * fixed WPA/RSN IE verification in message 3 of 4-Way Handshake - when using drivers that take care of AP selection (e.g., when - using ap_scan=2) - * fixed reprocessing of pending request after ctrl_iface requests - for identity/password/otp - * fixed ctrl_iface requests for identity/password/otp in Phase 2 - of EAP-PEAP and EAP-TTLS - * all drivers using driver_wext: set interface up and select - Managed mode when starting wpa_supplicant; set interface down - when exiting - * renamed driver_ipw2100.c to driver_ipw.c since it now supports - both ipw2100 and ipw2200 - * fixed a busy loop introduced in v0.3.5 for scan result - processing when no matching AP is found - * added a workaround for an interoperability issue with a Cisco AP - when using WPA2-PSK - * fixed non-WPA IEEE 802.1X to use the same authentication timeout - as WPA with IEEE 802.1X - * fixed issues with 64-bit CPUs and SHA1 cleanup in previous - version (e.g., segfault when processing EAPOL-Key frames) - * fixed EAP workaround and fast reauthentication configuration for - RSN pre-authentication - * added support for blacklisting APs that fail or timeout - authentication in ap_scan=1 mode so that all APs are tried in - cases where the ones with strongest signal level are failing - authentication - * fixed CA certificate loading after a failed EAP-TLS/PEAP/TTLS - authentication attempt - * added preliminary support for IBSS (ad-hoc) mode configuration - * added optional support for GNU Readline and History Libraries - for wpa_cli (CONFIG_READLINE) - * added couple of workarounds for interoperability issues with a - Cisco AP when using WPA2 - * fixed private key loading for cases where passphrase is not set - * improved recovery from PMKID mismatches by requesting full EAP - authentication in case of failed PMKSA caching attempt - * driver_ndis: added support for NDIS NdisMIncidateStatus() events - * driver_ndis: use ADD_WEP/REMOVE_WEP when configuring WEP keys - * added support for driver interfaces to replace the interface - name based on driver/OS specific mapping, e.g., in case of - driver_ndis, this allows the beginning of the adapter - description to be used as the interface name - * driver_ndis: enable radio before starting scanning, disable - radio when exiting - * added KEY_MGMT_802_1X_NO_WPA as a new key_mgmt type so that - driver interface can distinguish plaintext and IEEE 802.1X - (no WPA) authentication - * fixed static WEP key configuration to use broadcast/default type - for all keys - * driver_ndis: added legacy WPA capability detection for non-WPA2 - drivers - * added support for setting static WEP keys for IEEE 802.1X - without dynamic WEP keying (eapol_flags=0) - * added support for reading PKCS#12 (PFX) files (as a replacement - for PEM/DER) to get certificate and private key (CONFIG_PKCS12) - * added new ap_scan mode, ap_scan=2, for drivers that take care of - association, but need to be configured with security policy and - SSID, e.g., ndiswrapper and NDIS driver -* Thu Jan 13 2005 jg@suse.de -- update to 0.2.6, changes: - * added driver interface for Intel ipw2100 driver - * fixed a bug in PMKSA cache processing: skip sending of - EAPOL-Start only if there is a PMKSA cache entry for the - current AP - * fixed error handling for case where reading of scan results - fails: must schedule a new scan or wpa_supplicant will remain - waiting forever - * set pairwise/group cipher suite for non-WPA IEEE 802.1X to - WEP-104 if keys are not configured to be used; this fixes - IEEE 802.1X mode with drivers that use this information to - configure whether Privacy bit can be in Beacon frames - (e.g., ndiswrapper) - * improved downgrade attack detection in IE verification of - msg 3/4: verify both WPA and RSN IEs, if present, not only the - selected one; reject the AP if an RSN IE is found in msg 3/4, - but not in Beacon or Probe Response frame, and RSN is enabled in - wpa_supplicant configuration - * fixed WPA msg 3/4 processing to allow Key Data field contain - other IEs than just one WPA IE - * modified association event handler to set portEnabled = FALSE - before clearing port Valid in order to reset EAP state machine - and avoid problems with new authentication getting ignored because - of state machines ending up in AUTHENTICATED/SUCCESS state based - on old information -- removed obsolete ipw2100 patch -- added wpa_supplicant.fig to filelist -* Fri Oct 22 2004 jg@suse.de -- update to 0.2.5, changes: - * wpa_cli: fixed parsing of -p command line argument - * fixed parsing of wep_tx_keyidx - * fixed couple of errors in PCSC handling that could have caused - random-looking errors for EAP-SIM - * PEAPv1: fixed tunneled EAP-Success reply handling to reply with - TLS ACK, not tunneled EAP-Success - * PEAPv1: added support for terminating PEAP authentication on - tunneled EAP-Success message - * PEAPv1: changed phase1 option peaplabel to use default to 0, i.e., - to the old label for key derivation; previously, the default was 1, - but it looks like most existing PEAPv1 implementations use the old - label which is thus more suitable default option - * changed SSID configuration in driver_wext.c (used by many driver - interfaces) to use ssid_len+1 as the length for SSID since some - Linux drivers expect this - * fixed couple of unaligned reads in scan result parsing to fix WPA - connection on some platforms (e.g., ARM) -- disabled madwifi support on ppc -* Wed Sep 29 2004 jg@suse.de -- added support for ipw2100 driver -* Tue Aug 31 2004 jg@suse.de -- added support for writing pid-file -* Mon Aug 02 2004 jg@suse.de -- fixed build on non-x86 platforms -* Mon Aug 02 2004 jg@suse.de -- update to version 0.2.4, important changes: - - support for new EAP authentication methods: - EAP-TTLS/EAP-MD5-Challenge - EAP-TTLS/EAP-GTC - EAP-TTLS/EAP-MSCHAPv2 - EAP-TTLS/EAP-TLS - EAP-TTLS/MSCHAPv2 - EAP-TTLS/MSCHAP - EAP-TTLS/PAP - EAP-TTLS/CHAP - EAP-PEAP/TLS - EAP-PEAP/GTC - EAP-PEAP/MD5-Challenge - EAP-GTC - EAP-TTLS/EAP-OTP, EAP-PEAPv0/OTP, EAP-PEAPv1/OTP, EAP-OTP - - support for ATMEL AT76C5XXX driver - - support for madwifi driver - - lots of minor changes, see ChangeLog -- added km_wlan to needforbuild (driver source of madwifi is - needed) -* Thu Jun 17 2004 jg@suse.de -- Initial package