Accepting request 20144 from hardware

Copy from hardware/wpa_supplicant based on submit request 20144 from user vbotka

OBS-URL: https://build.opensuse.org/request/show/20144
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/wpa_supplicant?expand=0&rev=26

logrotate.wpa_supplicant

@@ -0,0 +1,10 @@
+/var/log/wpa_supplicant.log {
+    compress
+    dateext
+    maxage 365
+    rotate 99
+    missingok
+    notifempty
+    size +4096k
+    copytruncate
+}

wpa_supplicant.changes

@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Mon Sep  7 19:41:35 UTC 2009 - claes.backstrom@fsfe.org
+
+- Added rotation of log file with logrotate (bnc#508041)
+
 -------------------------------------------------------------------
 Tue May 12 12:28:55 CEST 2009 - dmueller@suse.de
 

wpa_supplicant.spec

@@ -22,14 +22,15 @@ Name:           wpa_supplicant
 BuildRequires:  dbus-1-devel libnl-devel libqt4 libqt4-devel openssl-devel pkg-config readline-devel
 Url:            http://hostap.epitest.fi/wpa_supplicant/
 Version:        0.6.9
-Release:        2
+Release:        3
-License:        BSD 3-Clause; GPL v2 or later
+License:        BSD 3-clause (or similar) ; GPL v2 or later
 Group:          Productivity/Networking/Other
 Summary:        WPA supplicant implementation
 Source:         http://hostap.epitest.fi/releases/wpa_supplicant-%{version}.tar.bz2
 Source1:        config
 Source2:        %{name}.conf
 Source3:        fi.epitest.hostap.WPASupplicant.service
+Source4:        logrotate.wpa_supplicant
 Patch0:         wpa_supplicant-driver-wext-debug.patch
 # wpa_supplicant-flush-debug-output.patch won't go upstream as it might
 # change timings
@@ -47,6 +48,7 @@ Patch7:         wpa_supplicant-fix_dbus_config2.patch
 Patch8:         wpa_supplicant-roaming.patch
 Patch9:         wpa_supplicant-pkcs11-init-args.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
+Requires:       logrotate
 
 %description
 wpa_supplicant is an implementation of the WPA Supplicant component,
@@ -61,7 +63,7 @@ Authors:
     Jouni Malinen <jkmaline@cc.hut.fi>
 
 %package gui
-License:        BSD 3-Clause; GPL v2 or later
+License:        BSD 3-clause (or similar) ; GPL v2 or later
 Summary:        WPA supplicant graphical front-end
 Requires:       wpa_supplicant
 Group:          System/Monitoring
@@ -108,6 +110,8 @@ install -d %{buildroot}/%{_sysconfdir}/%{name}
 install -m 0600 %{SOURCE2} %{buildroot}/%{_sysconfdir}/%{name}
 install -d %{buildroot}/%{_datadir}/dbus-1/system-services
 install -m 0644 %{SOURCE3} %{buildroot}/%{_datadir}/dbus-1/system-services
+install -d %{buildroot}/%{_sysconfdir}/logrotate.d/
+install -m 644 %{SOURCE4} %{buildroot}/%{_sysconfdir}/logrotate.d/wpa_supplicant
 install -d %{buildroot}/%{_localstatedir}/run/%{name}
 install -d %{buildroot}%{_mandir}/man{5,8}
 install -m 0644 wpa_supplicant/doc/docbook/*.8 %{buildroot}%{_mandir}/man8
@@ -123,6 +127,7 @@ install -m 755 wpa_supplicant/wpa_gui-qt4/wpa_gui %{buildroot}%{_sbindir}
 %config %{_sysconfdir}/dbus-1/system.d/%{name}.conf
 %{_datadir}/dbus-1/system-services
 %config %{_sysconfdir}/%{name}/%{name}.conf
+%config(noreplace) %{_sysconfdir}/logrotate.d/wpa_supplicant
 %dir %{_localstatedir}/run/%{name}
 %dir %{_sysconfdir}/%{name}
 %doc %{_mandir}/man8/*
@@ -133,579 +138,3 @@ install -m 755 wpa_supplicant/wpa_gui-qt4/wpa_gui %{buildroot}%{_sbindir}
 /usr/sbin/wpa_gui
 
 %changelog
-* Tue May 12 2009 dmueller@suse.de
-- reenable logfile writing support to make d-bus activation work
-  again (bnc#502957)
-* Tue Apr 07 2009 hschaa@suse.de
-- Enable ralink driver (bnc#481380)
-- Enable nl80211 driver (bnc#485453)
-- Rebase all SUSE patches to 0.6.9
-- Remove upstreamed patches
-- Update to 0.6.9
-  * driver_ndis: add PAE group address to the multicast address list to
-  fix wired IEEE 802.1X authentication
-  * fixed IEEE 802.11r key derivation function to match with the standard
-  (note: this breaks interoperability with previous version) [Bug 303]
-  * increased wpa_cli ping interval to 5 seconds and made this
-  configurable with a new command line options (-G<seconds>)
-  * fixed scan buffer processing with WEXT to handle up to 65535
-  byte result buffer (previously, limited to 32768 bytes)
-  * added support for Wi-Fi Protected Setup (WPS)
-  (wpa_supplicant can now be configured to act as a WPS Enrollee to
-  enroll credentials for a network using PIN and PBC methods; in
-  addition, wpa_supplicant can act as a wireless WPS Registrar to
-  configure an AP); WPS support can be enabled by adding CONFIG_WPS=y
-  into .config and setting the runtime configuration variables in
-  wpa_supplicant.conf (see WPS section in the example configuration
-  file); new wpa_cli commands wps_pin, wps_pbc, and wps_reg are used to
-  manage WPS negotiation; see README-WPS for more details
-  * added support for EAP-AKA' (draft-arkko-eap-aka-kdf)
-  * added support for using driver_test over UDP socket
-  * fixed PEAPv0 Cryptobinding interoperability issue with Windows Server
-  2008 NPS; optional cryptobinding is now enabled (again) by default
-  * fixed PSK editing in wpa_gui
-  * changed EAP-GPSK to use the IANA assigned EAP method type 51
-  * added a Windows installer that includes WinPcap and all the needed
-  DLLs; in addition, it set up the registry automatically so that user
-  will only need start wpa_gui to get prompted to start the wpasvc
-  servide and add a new interface if needed through wpa_gui dialog
-  * updated management frame protection to use IEEE 802.11w/D7.0
-  * added Milenage SIM/USIM emulator for EAP-SIM/EAP-AKA
-  (can be used to simulate test SIM/USIM card with a known private key;
-  enable with CONFIG_SIM_SIMULATOR=y/CONFIG_USIM_SIMULATOR=y in .config
-  and password="Ki:OPc"/password="Ki:OPc:SQN" in network configuration)
-  * added a new network configuration option, wpa_ptk_rekey, that can be
-  used to enforce frequent PTK rekeying, e.g., to mitigate some attacks
-  against TKIP deficiencies
-  * added an optional mitigation mechanism for certain attacks against
-  TKIP by delaying Michael MIC error reports by a random amount of time
-  between 0 and 60 seconds; this can be enabled with a build option
-  CONFIG_DELAYED_MIC_ERROR_REPORT=y in .config
-  * fixed EAP-AKA to use RES Length field in AT_RES as length in bits,
-  not bytes
-  * updated OpenSSL code for EAP-FAST to use an updated version of the
-  session ticket overriding API that was included into the upstream
-  OpenSSL 0.9.9 tree on 2008-11-15 (no additional OpenSSL patch is
-  needed with that version anymore)
-  * updated userspace MLME instructions to match with the current Linux
-  mac80211 implementation; please also note that this can only be used
-  with driver_nl80211.c (the old code from driver_wext.c was removed)
-  * added support (Linux only) for RoboSwitch chipsets (often found in
-  consumer grade routers); driver interface 'roboswitch'
-  * fixed canceling of PMKSA caching when using drivers that generate
-  RSN IE and refuse to drop PMKIDs that wpa_supplicant does not know
-  about
-  * added support for SHA-256 as X.509 certificate digest when using the
-  internal X.509/TLSv1 implementation
-  * updated management frame protection to use IEEE 802.11w/D6.0
-  * added support for using SHA256-based stronger key derivation for WPA2
-  (IEEE 802.11w)
-  * fixed FT (IEEE 802.11r) authentication after a failed association to
-  use correct FTIE
-  * added support for configuring Phase 2 (inner/tunneled) authentication
-  method with wpa_gui-qt4
-  * added support for EAP Sequences in EAP-FAST Phase 2
-  * added support for using TNC with EAP-FAST
-  * added driver_ps3 for the PS3 Linux wireless driver
-  * added support for optional cryptobinding with PEAPv0
-  * fixed the OpenSSL patches (0.9.8g and 0.9.9) for EAP-FAST to
-  allow fallback to full handshake if server rejects PAC-Opaque
-  * added fragmentation support for EAP-TNC
-  * added support for parsing PKCS #8 formatted private keys into the
-  internal TLS implementation (both PKCS #1 RSA key and PKCS #8
-  encapsulated RSA key can now be used)
-  * added option of using faster, but larger, routines in the internal
-  LibTomMath (for internal TLS implementation) to speed up DH and RSA
-  calculations (CONFIG_INTERNAL_LIBTOMMATH_FAST=y)
-  * fixed race condition between disassociation event and group key
-  handshake to avoid getting stuck in incorrect state [Bug 261]
-  * fixed opportunistic key caching (proactive_key_caching)
-* Sun Mar 01 2009 coolo@suse.de
-- fix compilation with gcc 4.4
-* Mon Feb 09 2009 hschaa@suse.de
-- Add wpa_supplicant-respect_no_reply.patch which avoids
-  D-Bus errors if no reply was requested by the caller
-* Wed Jan 28 2009 hschaa@suse.de
-- Avoid unnecessary roaming if the driver (like ipw2100) does not
-  report signal level. This fixes association problems with ipw2100
-  (bnc#469779).
-* Wed Jan 28 2009 hschaa@suse.de
-- Fix dbus configuration again (bnc#470013, bnc#469530)
-* Thu Jan 22 2009 hschaa@suse.de
-- Add fix_dbus_config.patch (bnc#468392)
-* Mon Dec 08 2008 hschaa@suse.de
-- Add patch wpa_supplicant-hide_secrets-2.patch to _not_ print
-  passwords in clear text when started by NM with enabled debug
-  output
-* Mon Nov 10 2008 tambet@novell.com
-- Fix a bug where authentication would always fail using PKCS#11
-  interface from DBus control interface.
-- Add support for PKCS#11 module initialization arguments.
-* Mon Oct 13 2008 hschaa@gmail.com
-- update wpa_supplicant-roaming.patch which enables roaming by
-  default for some cards
-* Thu Oct 09 2008 hschaa@suse.de
-- add patches wpa_supplicant-dont_report_empty_initial_scan.patch
-  and wpa_supplicant-restore_scan_request_setting.patch which
-  speed up the initial association with a network when NM is used
-- Add patch wpa_supplicant-fix_set_mode.patch which fixes an
-  association bug that was triggered when changing the interface
-  mode
-* Mon Sep 29 2008 hschaa@suse.de
-- add roaming capability (FATE 303806)
-* Wed Sep 24 2008 ro@suse.de
-- drop buildreq for madwifi (dropped package)
-* Tue Sep 02 2008 ro@suse.de
-- update to 0.6.4
-  * added support for EAP Sequences in EAP-FAST Phase 2
-  * added support for using TNC with EAP-FAST
-  * added driver_ps3 for the PS3 Linux wireless driver
-  * added support for optional cryptobinding with PEAPv0
-  * fixed the OpenSSL patches (0.9.8g and 0.9.9) for EAP-FAST to
-  allow fallback to full handshake if server rejects PAC-Opaque
-  * added fragmentation support for EAP-TNC
-  * added support for parsing PKCS #8 formatted private keys into the
-  internal TLS implementation (both PKCS #1 RSA key and PKCS #8
-  encapsulated RSA key can now be used)
-  * added option of using faster, but larger, routines in the internal
-  LibTomMath (for internal TLS implementation) to speed up DH and RSA
-  calculations (CONFIG_INTERNAL_LIBTOMMATH_FAST=y)
-  * fixed race condition between disassociation event and group key
-  handshake to avoid getting stuck in incorrect state [Bug 261]
-  * fixed opportunistic key caching (proactive_key_caching)
-* Mon Aug 04 2008 hschaa@suse.de
-- Remove patches that are already upstream
-- Rebase patches to new version
-- Update to 0.6.3
-* Mon May 05 2008 schwab@suse.de
-- Fix mangled error message.
-* Mon Mar 17 2008 hschaa@suse.de
-- Fix system bus activation (bnc#371500)
-* Tue Mar 11 2008 hschaa@suse.de
-- Remove patches that are upstream already
-- Update to version 0.5.10, changes:
-  * added support for Makefile builds to include debug-log-to-a-file
-  functionality (CONFIG_DEBUG_FILE=y and -f<path> on command line)
-  * added network configuration parameter 'frequency' for setting
-  initial channel for IBSS (adhoc) networks
-  * fixed EAP-SIM and EAP-AKA message parser to validate attribute
-  lengths properly to avoid potential crash caused by invalid messages
-  * added driver_wext workaround for race condition between scanning and
-  association with drivers that take very long time to scan all
-  channels (e.g., madwifi with dual-band cards); wpa_supplicant is now
-  using a longer hardcoded timeout for the scan if the driver supports
-  notifications for scan completion (SIOCGIWSCAN event); this helps,
-  e.g., in cases where wpa_supplicant and madwifi driver ended up in
-  loop where the driver did not even try to associate
-  * fixed EAP-SIM not to include AT_NONCE_MT and AT_SELECTED_VERSION
-  attributes in EAP-SIM Start/Response when using fast reauthentication
-  * fixed problems in getting NDIS events from WMI on Windows 2000
-- Changes in 0.5.9:
-  * fixed an integer overflow issue in the ASN.1 parser used by the
-  (experimental) internal TLS implementation to avoid a potential
-  buffer read overflow
-  * fixed a race condition with -W option (wait for a control interface
-  monitor before starting) that could have caused the first messages to
-  be lost
-  * updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest
-  draft (draft-ietf-emu-eap-gpsk-07.txt)
-  * added ctrl_iface RECONNECT (wpa_cli reconnect) command
-  (like reassociate, but only takes effect if already associated)
-  * fixed a possible race condition between wpa_cli reassociate and
-  wpa_cli disconnect
-  * return a non-zero exit code from non-interactive wpa_cli if the
-  command is not recognized or fails
-  * fixed 0.5.8 regressions in BSS selection that prevented wildcard SSID
-  from being used with non-WPA networks and disabled workaround for
-  ignoring bogus WPA/RSN IE in non-WPA configuration
-  * fixed OpenSSL TLS wrapper to clear trusted CA list to allow
-  network blocks to use different trusted CA configurations
-  * fixed a potential EAP state machine loop when mloving from PSK to EAP
-  configuration without restarting wpa_supplicant
-* Thu Jan 31 2008 hschaa@suse.de
-- Fix madwifi support (b.n.c #342670)
-* Tue Dec 18 2007 jg@suse.de
-- Fix two leaks when signalling state and scan results (rh #408141)
-* Wed Nov 14 2007 jg@suse.de
-- enable dbus interface
-- apply fixes from Dan Williams
-- build Qt4 version of wpa_gui
-- dropped gcc 4.3 patch for Qt3 wpa_gui
-* Mon Nov 12 2007 ssommer@suse.de
-- fix build with gcc 4.3
-* Tue Jul 24 2007 jg@suse.de
-- update to version 0.5.8, changes:
-  * updated driver_wext.c to build with the current wireless-dev.git
-  tree and net/d80211 changes
-  * updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest
-  draft (draft-ietf-emu-eap-gpsk-03.txt)
-  * fixed 'make install'
-  * fixed EAP-TTLS implementation not to crash on use of freed memory
-  if TLS library initialization fails
-  * fixed EAP-AKA Notification processing to allow Notification to be
-  processed after AKA Challenge response has been sent
-* Mon Mar 19 2007 jg@suse.de
-- adjusted include path for madwifi
-* Sat Mar 10 2007 dmueller@suse.de
-- update to 0.5.7 (#253396):
-  * ChangeLog is under /usr/share/doc/packages/wpa_supplicant/ChangeLog
-* Mon Nov 06 2006 jg@suse.de
-- set IW_ENCODE_TEMP flag (needed to use dynamic WEP with airo
-  driver, bug 185528)
-* Fri Oct 06 2006 jg@suse.de
-- update to 0.4.9:
-  * fixed EAPOL re-authentication for sessions that used PMKSA
-  caching
-  * reject WPA/WPA2 message 3/4 if it does not include any valid
-  WPA/RSN IE
-  * driver_wext: added support for WE-21 change to SSID configuration
-  * driver_wext: fixed privacy configuration for static WEP keys mode
-  [Bug 140]
-  * driver_wext: added fallback to use SIOCSIWENCODE for setting
-  auth_alg if the driver does not support SIOCSIWAUTH
-* Fri Mar 24 2006 jg@suse.de
-- fixed static WEP key usage (bug 144268)
-* Thu Feb 16 2006 jg@suse.de
-- update to 0.4.8 (bug 151151)
-  * added support for EAP-FAST key derivation using other ciphers than
-  RC4-128-SHA for authentication and AES128-SHA for provisioning
-  * fixed EAP-SIM and EAP-AKA pseudonym and fast re-authentication to
-  decrypt AT_ENCR_DATA attributes correctly
-  * added support for configuring CA certificate as DER file and as a
-  configuration blob
-  * fixed private key configuration as configuration blob and added
-  support for using PKCS#12 as a blob
-  * added support for loading trusted CA certificates from Windows
-  certificate store: ca_cert="cert_store://<name>", where <name> is
-  likely CA (Intermediate CA certificates) or ROOT (root certificates)
-  * fixed TLS library deinitialization after RSN pre-authentication not
-  to disable TLS library for normal authentication
-  * fixed PMKSA cache processing not to trigger deauthentication if the
-  current PMKSA cache entry is replaced with a valid new entry
-  * fixed PC/SC initialization for ap_scan != 1 modes (this fixes
-  EAP-SIM and EAP-AKA with real SIM/USIM card when using ap_scan=0 or
-  ap_scan=2)
-  * do not try to use USIM APDUs when initializing PC/SC for SIM card
-  access for a network that has not enabled EAP-AKA
-* Sun Feb 05 2006 ro@suse.de
-- removed km_wlan from BuildRequires
-* Wed Jan 25 2006 mls@suse.de
-- converted neededforbuild to BuildRequires
-* Tue Jan 17 2006 rml@suse.de
-- Add patch (from upstream) fixing bad drivers that NULL out
-  the SSID and send the wrong length.
-* Tue Jan 10 2006 jg@suse.de
-- added AP scan mode selection via control interface (patch
-  from rml@novell.com)
-* Mon Nov 21 2005 jg@suse.de
-- update to 0.4.7, changes (shortened):
-  * l2_packet_pcap: fixed wired IEEE 802.1X authentication with
-  libpcap and WinPcap to receive frames sent to PAE group address
-  * disable EAP state machine when IEEE 802.1X authentication is
-  not used in order to get rid of bogus "EAP failed" messages
-  * fixed OpenSSL error reporting to go through all pending errors
-  to avoid confusing reports of old errors being reported at
-  later point during handshake
-  * fixed configuration file updating to not write empty variables
-  (e.g., proto or key_mgmt) that the file parser would not accept
-  * fixed ADD_NETWORK ctrl_iface command to use the same default
-  values for variables as empty network definitions read from
-  config file would get
-  * fixed EAP state machine to not discard EAP-Failure messages in
-  many cases (e.g., during TLS handshake)
-  * fixed a infinite loop in private key reading if the configured
-  file cannot be parsed successfully
-  * driver_madwifi: added support for madwifi-ng
-  * wpa_gui: do not display password/PSK field contents
-  * wpa_gui: added CA certificate configuration
-  * use longer timeout for IEEE 802.11 association to avoid problems
-  with drivers that may take more than five second to associate
-- dropped obsolete madwifi patch
-- dropped obsolete copy of wireless.h
-- updated config file
-- use $RPM_OPT_FLAGS and %%jobs
-- created subpackage wpa_supplicant-gui containing wpa_gui
-* Tue Nov 08 2005 jg@suse.de
-- do not build as root
-* Fri Nov 04 2005 jg@suse.de
-- added support for madwifi-ng
-- compiling against Wireless Extensions v19
-- removed obsolete config option CONFIG_XSUPPLICANT_IFACE
-* Fri Oct 28 2005 jg@suse.de
-- update to 0.4.6, changes (shortened):
-  * allow fallback to WPA, if mixed WPA+WPA2 networks have mismatch
-  in RSN IE, but WPA IE would match with wpa_supplicant
-  configuration
-  * added support for named configuration blobs in order to avoid
-  having to use file system for external files (e.g., certificates)
-  * fixed RSN pre-authentication
-  * driver_madwifi: set IEEE80211_KEY_GROUP flag for group keys to
-  make sure the driver configures broadcast decryption correctly
-  * added ca_path (and ca_path2) configuration variables that can be
-  used to configure OpenSSL CA path, e.g., /etc/ssl/certs, for
-  using the system-wide trusted CA list
-  * added support for starting wpa_supplicant without a configuration
-  file
-  * added global control interface that can be optionally used for
-  adding and removing network interfaces dynamically
-  * wpa_gui:
-    - try to save configuration whenever something is modified
-    - added WEP key configuration
-    - added possibility to edit the current network configuration
-  * driver_ndis: fixed driver polling not to increase frequency on
-  each received EAPOL frame due to incorrectly cancelled timeout
-  * fixed driver_wext.c to filter wireless events based on ifindex
-  to avoid interfaces receiving events from other interfaces
-  * delay sending initial EAPOL-Start couple of seconds to speed
-  up authentication for the most common case of Authenticator
-  starting EAP authentication immediately after association
-* Thu Oct 13 2005 jg@suse.de
-- update to 0.4.5, changes (shortened):
-  * added a workaround for clearing keys with ndiswrapper to allow
-  roaming from WPA enabled AP to plaintext one
-  * l2_packet_linux: use socket type SOCK_DGRAM instead of SOCK_RAW
-  for PF_PACKET in order to prepare for network devices that do
-  not use Ethernet headers (e.g., network stack with native IEEE
-  802.11 frames)
-  * use receipt of EAPOL-Key frame as a lower layer success indication
-  for EAP state machine to allow recovery from dropped EAP-Success
-  frame
-  * driver_wext: add support for WE-19
-  * added support for multiple configuration backends (CONFIG_BACKEND
-  option); currently, only 'file' is supported (i.e., the format used
-  in wpa_supplicant.conf)
-  * added support for updating configuration ('wpa_cli save_config')
-  * added GET_NETWORK ctrl_iface command
-* Mon Aug 29 2005 jg@suse.de
-- update to 0.4.4 (bug 112977), changes (shortened):
-  * replaced OpenSSL patch for EAP-FAST support
-  (openssl-tls-extensions.patch) with a more generic and correct
-  patch
-  * allow non-WPA modes (e.g., IEEE 802.1X with dynamic WEP) to be
-  used with drivers that do not support WPA
-  * added support for enabling/disabling networks from the list of
-  all configured networks
-  * added support for adding and removing network from the current
-  configuration
-  * added support for setting network configuration parameters
-  through the control interface
-  * fixed parsing of strings that include both " and # within double
-  quoted area (e.g., "start"#end")
-  * removed interface for external EAPOL/EAP supplicant
-  * fixed build with CONFIG_DNET_PCAP=y on Linux
-  * l2_packet: moved different implementations into separate files
-  * added support for using ap_scan=2 mode with multiple network
-  blocks
-  * fixed a potential issue in RSN pre-authentication ending up using
-  freed memory if pre-authentication times out
-  * added support for querying private key password (EAP-TLS) through
-  the control interface (wpa_cli/wpa_gui) if one is not included in
-  the configuration file
-  * driver_broadcom: fixed couple of memory leaks in scan result
-  processing
-  * EAP-PAX is now registered as EAP type 46
-  * fixed EAP-PAX MAC calculation
-  * fixed EAP-PAX CK and ICK key derivation
-  * added support for using password with EAP-PAX
-  * added support for arbitrary driver interface parameters through the
-  configuration file with a new driver_param field
-  * added possibility to override l2_packet module with driver
-  interface API (new send_eapol handler)
-  * fixed ctrl_interface_group processing for the case where gid is
-  entered as a number, not group name
-  * driver_test: added support for testing hostapd with wpa_supplicant
-  by using test driver interface without any kernel drivers or
-  network cards
-  * added support for EAP-MSCHAPv2 password retries within the same
-  EAP authentication session
-  * added support for password changes with EAP-MSCHAPv2
-  * added support for reading additional certificates from PKCS#12
-  files and adding them to the certificate chain
-  * fixed association with IEEE 802.1X (no WPA) when dynamic WEP keys
-  were used
-  * display EAP Notification messages to user through control
-  interface with "CTRL-EVENT-EAP-NOTIFICATION" prefix
-  * added 'disconnect' command to control interface for setting
-  wpa_supplicant in state where it will not associate before
-  'reassociate' command has been used
-  * added support for getting scan results through control interface
-  * added support for wired authentication (IEEE 802.1X on wired
-  Ethernet); driver interface 'wired'
-  * added support for sending TLS alerts
-  * added support for 'any' SSID wildcard; if ssid is not configured or
-  is set to an empty string, any SSID will be accepted for non-WPA AP
-  * added support for asking PIN (for SIM) from frontends (e.g.,
-  wpa_cli);
-  * added support for using external devices (e.g., a smartcard) for
-  private key operations in EAP-TLS (CONFIG_SMARTCARD=y in .config);
-  * added experimental support for EAP-PAX
-  * added monitor mode for wpa_cli
-* Mon Jul 11 2005 jg@suse.de
-- update to 0.3.9, changes:
-  * modified the EAP workaround that accepts EAP-Success with
-  incorrect Identifier to be even less strict about verification
-  in order to interoperate with some authentication servers
-  * fixed RSN IE in 4-Way Handshake message 2/4 for the case where
-  Authenticator rejects PMKSA caching attempt and the driver is
-  not using assoc_info events
-  * fixed a possible double free in EAP-TTLS fast-reauthentication
-  when identity or password is entered through control interface
-  * added -P<pid file> argument for wpa_supplicant to write the
-  current process id into a file
-  * driver_madwifi: fixed association in plaintext mode
-  * driver_madwifi: added preliminary support for compiling against
-  'BSD' branch of madwifi CVS tree
-  * added EAP workaround for PEAPv1 session resumption: allow outer,
-  i.e., not tunneled, EAP-Success to terminate session since; this
-  can be disabled with eap_workaround=0
-  * driver_ipw: updated driver structures to match with ipw2200-1.0.4
-  (note: ipw2100-1.1.0 is likely to require an update to work with
-  this)
-  * driver_broadcom: fixed couple of memory leaks in scan result
-  processing
-- removed pidfile patch in favour of the new upstream
-  implementation
-* Mon Mar 21 2005 jg@suse.de
-- creating directory /var/run/wpa_supplicant when needed (bug 74023)
-* Mon Feb 14 2005 jg@suse.de
-- update to 0.3.8, changes:
-  * fixed EAPOL-Key validation to drop packets with invalid Key
-  Data Length; such frames could have crashed wpa_supplicant due
-  to buffer overflow
-* Mon Feb 07 2005 jg@suse.de
-- update to 0.3.7-pre, changes:
-  * fixed WPA/RSN IE verification in message 3 of 4-Way Handshake
-  when using drivers that take care of AP selection (e.g., when
-  using ap_scan=2)
-  * fixed reprocessing of pending request after ctrl_iface requests
-  for identity/password/otp
-  * fixed ctrl_iface requests for identity/password/otp in Phase 2
-  of EAP-PEAP and EAP-TTLS
-  * all drivers using driver_wext: set interface up and select
-  Managed mode when starting wpa_supplicant; set interface down
-  when exiting
-  * renamed driver_ipw2100.c to driver_ipw.c since it now supports
-  both ipw2100 and ipw2200
-  * fixed a busy loop introduced in v0.3.5 for scan result
-  processing when no matching AP is found
-  * added a workaround for an interoperability issue with a Cisco AP
-  when using WPA2-PSK
-  * fixed non-WPA IEEE 802.1X to use the same authentication timeout
-  as WPA with IEEE 802.1X
-  * fixed issues with 64-bit CPUs and SHA1 cleanup in previous
-  version (e.g., segfault when processing EAPOL-Key frames)
-  * fixed EAP workaround and fast reauthentication configuration for
-  RSN pre-authentication
-  * added support for blacklisting APs that fail or timeout
-  authentication in ap_scan=1 mode so that all APs are tried in
-  cases where the ones with strongest signal level are failing
-  authentication
-  * fixed CA certificate loading after a failed EAP-TLS/PEAP/TTLS
-  authentication attempt
-  * added preliminary support for IBSS (ad-hoc) mode configuration
-  * added optional support for GNU Readline and History Libraries
-  for wpa_cli (CONFIG_READLINE)
-  * added couple of workarounds for interoperability issues with a
-  Cisco AP when using WPA2
-  * fixed private key loading for cases where passphrase is not set
-  * improved recovery from PMKID mismatches by requesting full EAP
-  authentication in case of failed PMKSA caching attempt
-  * driver_ndis: added support for NDIS NdisMIncidateStatus() events
-  * driver_ndis: use ADD_WEP/REMOVE_WEP when configuring WEP keys
-  * added support for driver interfaces to replace the interface
-  name based on driver/OS specific mapping, e.g., in case of
-  driver_ndis, this allows the beginning of the adapter
-  description to be used as the interface name
-  * driver_ndis: enable radio before starting scanning, disable
-  radio when exiting
-  * added KEY_MGMT_802_1X_NO_WPA as a new key_mgmt type so that
-  driver interface can distinguish plaintext and IEEE 802.1X
-  (no WPA) authentication
-  * fixed static WEP key configuration to use broadcast/default type
-  for all keys
-  * driver_ndis: added legacy WPA capability detection for non-WPA2
-  drivers
-  * added support for setting static WEP keys for IEEE 802.1X
-  without dynamic WEP keying (eapol_flags=0)
-  * added support for reading PKCS#12 (PFX) files (as a replacement
-  for PEM/DER) to get certificate and private key (CONFIG_PKCS12)
-  * added new ap_scan mode, ap_scan=2, for drivers that take care of
-  association, but need to be configured with security policy and
-  SSID, e.g., ndiswrapper and NDIS driver
-* Thu Jan 13 2005 jg@suse.de
-- update to 0.2.6, changes:
-  * added driver interface for Intel ipw2100 driver
-  * fixed a bug in PMKSA cache processing: skip sending of
-  EAPOL-Start only if there is a PMKSA cache entry for the
-  current AP
-  * fixed error handling for case where reading of scan results
-  fails: must schedule a new scan or wpa_supplicant will remain
-  waiting forever
-  * set pairwise/group cipher suite for non-WPA IEEE 802.1X to
-  WEP-104 if keys are not configured to be used; this fixes
-  IEEE 802.1X mode with drivers that use this information to
-  configure whether Privacy bit can be in Beacon frames
-  (e.g., ndiswrapper)
-  * improved downgrade attack detection in IE verification of
-  msg 3/4: verify both WPA and RSN IEs, if present, not only the
-  selected one; reject the AP if an RSN IE is found in msg 3/4,
-  but not in Beacon or Probe Response frame, and RSN is enabled in
-  wpa_supplicant configuration
-  * fixed WPA msg 3/4 processing to allow Key Data field contain
-  other IEs than just one WPA IE
-  * modified association event handler to set portEnabled = FALSE
-  before clearing port Valid in order to reset EAP state machine
-  and avoid problems with new authentication getting ignored because
-  of state machines ending up in AUTHENTICATED/SUCCESS state based
-  on old information
-- removed obsolete ipw2100 patch
-- added wpa_supplicant.fig to filelist
-* Fri Oct 22 2004 jg@suse.de
-- update to 0.2.5, changes:
-  * wpa_cli: fixed parsing of -p <path> command line argument
-  * fixed parsing of wep_tx_keyidx
-  * fixed couple of errors in PCSC handling that could have caused
-  random-looking errors for EAP-SIM
-  * PEAPv1: fixed tunneled EAP-Success reply handling to reply with
-  TLS ACK, not tunneled EAP-Success
-  * PEAPv1: added support for terminating PEAP authentication on
-  tunneled EAP-Success message
-  * PEAPv1: changed phase1 option peaplabel to use default to 0, i.e.,
-  to the old label for key derivation; previously, the default was 1,
-  but it looks like most existing PEAPv1 implementations use the old
-  label which is thus more suitable default option
-  * changed SSID configuration in driver_wext.c (used by many driver
-  interfaces) to use ssid_len+1 as the length for SSID since some
-  Linux drivers expect this
-  * fixed couple of unaligned reads in scan result parsing to fix WPA
-  connection on some platforms (e.g., ARM)
-- disabled madwifi support on ppc
-* Wed Sep 29 2004 jg@suse.de
-- added support for ipw2100 driver
-* Tue Aug 31 2004 jg@suse.de
-- added support for writing pid-file
-* Mon Aug 02 2004 jg@suse.de
-- fixed build on non-x86 platforms
-* Mon Aug 02 2004 jg@suse.de
-- update to version 0.2.4, important changes:
-  - support for new EAP authentication methods:
-  EAP-TTLS/EAP-MD5-Challenge
-  EAP-TTLS/EAP-GTC
-  EAP-TTLS/EAP-MSCHAPv2
-  EAP-TTLS/EAP-TLS
-  EAP-TTLS/MSCHAPv2
-  EAP-TTLS/MSCHAP
-  EAP-TTLS/PAP
-  EAP-TTLS/CHAP
-  EAP-PEAP/TLS
-  EAP-PEAP/GTC
-  EAP-PEAP/MD5-Challenge
-  EAP-GTC
-  EAP-TTLS/EAP-OTP, EAP-PEAPv0/OTP, EAP-PEAPv1/OTP, EAP-OTP
-  - support for ATMEL AT76C5XXX driver
-  - support for madwifi driver
-  - lots of minor changes, see ChangeLog
-- added km_wlan to needforbuild (driver source of madwifi is
-  needed)
-* Thu Jun 17 2004 jg@suse.de
-- Initial package