Accepting request 280170 from Base:System

- update version 2.3
- removed patch hostapd-2.1-be-host_to_le.patch because it
  seems obsolete
- hostapd-2.1-defconfig.patch rediffed and renamed to hostapd-2.3-defconfig.patch
ChangeLog for hostapd since 2.1:
2014-10-09 - v2.3
	* fixed number of minor issues identified in static analyzer warnings
	* fixed DFS and channel switch operation for multi-BSS cases
	* started to use constant time comparison for various password and hash
	  values to reduce possibility of any externally measurable timing
	  differences
	* extended explicit clearing of freed memory and expired keys to avoid
	  keeping private data in memory longer than necessary
	* added support for number of new RADIUS attributes from RFC 7268
	  (Mobility-Domain-Id, WLAN-HESSID, WLAN-Pairwise-Cipher,
	  WLAN-Group-Cipher, WLAN-AKM-Suite, WLAN-Group-Mgmt-Pairwise-Cipher)
	* fixed GET_CONFIG wpa_pairwise_cipher value
	* added code to clear bridge FDB entry on station disconnection
	* fixed PMKSA cache timeout from Session-Timeout for WPA/WPA2 cases
	* fixed OKC PMKSA cache entry fetch to avoid a possible infinite loop
	  in case the first entry does not match
	* fixed hostapd_cli action script execution to use more robust mechanism
	  (CVE-2014-3686)
2014-06-04 - v2.2
	* fixed SAE confirm-before-commit validation to avoid a potential
	  segmentation fault in an unexpected message sequence that could be
	  triggered remotely
	* extended VHT support
	  - Operating Mode Notification
	  - Power Constraint element (local_pwr_constraint)

OBS-URL: https://build.opensuse.org/request/show/280170
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/hostapd?expand=0&rev=28

hostapd-2.1-be-host_to_le.patch

@@ -1,12 +0,0 @@
-Index: hostapd-2.1/src/utils/common.h
-===================================================================
---- hostapd-2.1.orig/src/utils/common.h
-+++ hostapd-2.1/src/utils/common.h
-@@ -208,6 +208,7 @@ static inline unsigned int wpa_swap_32(u
- #define host_to_le32(n) bswap_32(n)
- #define be_to_host32(n) (n)
- #define host_to_be32(n) (n)
-+#define host_to_le32(n) bswap_32(n)
- #define le_to_host64(n) bswap_64(n)
- #define host_to_le64(n) bswap_64(n)
- #define be_to_host64(n) (n)

hostapd-2.1.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:5c7110f55b6092e5277e26edc961eda2def12b94218129d116f5681e34bb2f88
-size 1490215

hostapd-2.3-defconfig.patch

@@ -1,6 +1,6 @@
---- hostapd-2.1.orig/hostapd/defconfig
-+++ hostapd-2.1/hostapd/defconfig
-@@ -32,7 +32,7 @@ CONFIG_DRIVER_NL80211=y
+--- hostapd/defconfig.orig	2015-01-05 20:43:43.726052529 +0100
++++ hostapd/defconfig	2015-01-05 20:48:46.758264105 +0100
+@@ -32,7 +32,7 @@
  #CONFIG_LIBNL20=y
  
  # Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
@@ -9,7 +9,7 @@
  
  
  # Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
-@@ -43,7 +43,7 @@ CONFIG_DRIVER_NL80211=y
+@@ -43,7 +43,7 @@
  #LIBS_c += -L/usr/local/lib
  
  # Driver interface for no driver (e.g., RADIUS server only)
@@ -18,16 +18,7 @@
  
  # IEEE 802.11F/IAPP
  CONFIG_IAPP=y
-@@ -58,7 +58,7 @@ CONFIG_PEERKEY=y
- # This version is an experimental implementation based on IEEE 802.11w/D1.0
- # draft and is subject to change since the standard has not yet been finalized.
- # Driver support is also needed for IEEE 802.11w.
--#CONFIG_IEEE80211W=y
-+CONFIG_IEEE80211W=y
- 
- # Integrated EAP server
- CONFIG_EAP=y
-@@ -82,52 +82,52 @@ CONFIG_EAP_GTC=y
+@@ -79,50 +79,50 @@
  CONFIG_EAP_TTLS=y
  
  # EAP-SIM for the integrated EAP server
@@ -76,9 +67,6 @@
  # Wi-Fi Protected Setup (WPS)
 -#CONFIG_WPS=y
 +CONFIG_WPS=y
- # Enable WSC 2.0 support
--#CONFIG_WPS2=y
-+CONFIG_WPS2=y
  # Enable UPnP support for external WPS Registrars
 -#CONFIG_WPS_UPNP=y
 +CONFIG_WPS_UPNP=y
@@ -96,7 +84,7 @@
  
  # EAP-EKE for the integrated EAP server
  #CONFIG_EAP_EKE=y
-@@ -138,27 +138,27 @@ CONFIG_PKCS12=y
+@@ -133,27 +133,27 @@
  
  # RADIUS authentication server. This provides access to the integrated EAP
  # server from external hosts using RADIUS.
@@ -130,7 +118,7 @@
  
  # Remove debugging code that is printing out debug messages to stdout.
  # This can be used to reduce the size of the hostapd considerably if debugging
-@@ -186,7 +186,7 @@ CONFIG_IPV6=y
+@@ -181,7 +181,7 @@
  
  # Enable support for fully dynamic VLANs. This enables hostapd to
  # automatically create bridge and VLAN interfaces if necessary.
@@ -139,7 +127,7 @@
  
  # Use netlink-based kernel API for VLAN operations instead of ioctl()
  # Note: This requires libnl 3.1 or newer.
-@@ -256,11 +256,11 @@ CONFIG_IPV6=y
+@@ -251,11 +251,11 @@
  # TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
  # can be enabled to get a stronger construction of messages when block ciphers
  # are used.
@@ -153,7 +141,7 @@
  
  # If CONFIG_TLS=internal is used, additional library and include paths are
  # needed for LibTomMath. Alternatively, an integrated, minimal version of
-@@ -281,13 +281,13 @@ CONFIG_IPV6=y
+@@ -276,13 +276,13 @@
  # Interworking (IEEE 802.11u)
  # This can be used to enable functionality to improve interworking with
  # external networks.

hostapd-2.3.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c94c2b76876fad4c80a1063a06f958a2189ba5003475016fa7658a1ca49bb4df
+size 1592480

hostapd.changes

@@ -1,3 +1,119 @@
+-------------------------------------------------------------------
+Mon Jan  5 19:23:24 UTC 2015 - michael@stroeder.com
+
+- update version 2.3
+- removed patch hostapd-2.1-be-host_to_le.patch because it
+  seems obsolete
+- hostapd-2.1-defconfig.patch rediffed and renamed to hostapd-2.3-defconfig.patch
+
+ChangeLog for hostapd since 2.1:
+
+2014-10-09 - v2.3
+	* fixed number of minor issues identified in static analyzer warnings
+	* fixed DFS and channel switch operation for multi-BSS cases
+	* started to use constant time comparison for various password and hash
+	  values to reduce possibility of any externally measurable timing
+	  differences
+	* extended explicit clearing of freed memory and expired keys to avoid
+	  keeping private data in memory longer than necessary
+	* added support for number of new RADIUS attributes from RFC 7268
+	  (Mobility-Domain-Id, WLAN-HESSID, WLAN-Pairwise-Cipher,
+	  WLAN-Group-Cipher, WLAN-AKM-Suite, WLAN-Group-Mgmt-Pairwise-Cipher)
+	* fixed GET_CONFIG wpa_pairwise_cipher value
+	* added code to clear bridge FDB entry on station disconnection
+	* fixed PMKSA cache timeout from Session-Timeout for WPA/WPA2 cases
+	* fixed OKC PMKSA cache entry fetch to avoid a possible infinite loop
+	  in case the first entry does not match
+	* fixed hostapd_cli action script execution to use more robust mechanism
+	  (CVE-2014-3686)
+
+2014-06-04 - v2.2
+	* fixed SAE confirm-before-commit validation to avoid a potential
+	  segmentation fault in an unexpected message sequence that could be
+	  triggered remotely
+	* extended VHT support
+	  - Operating Mode Notification
+	  - Power Constraint element (local_pwr_constraint)
+	  - Spectrum management capability (spectrum_mgmt_required=1)
+	  - fix VHT80 segment picking in ACS
+	  - fix vht_capab 'Maximum A-MPDU Length Exponent' handling
+	  - fix VHT20
+	* fixed HT40 co-ex scan for some pri/sec channel switches
+	* extended HT40 co-ex support to allow dynamic channel width changes
+	  during the lifetime of the BSS
+	* fixed HT40 co-ex support to check for overlapping 20 MHz BSS
+	* fixed MSCHAP UTF-8 to UCS-2 conversion for three-byte encoding;
+	  this fixes password with include UTF-8 characters that use
+	  three-byte encoding EAP methods that use NtPasswordHash
+	* reverted TLS certificate validation step change in v2.1 that rejected
+	  any AAA server certificate with id-kp-clientAuth even if
+	  id-kp-serverAuth EKU was included
+	* fixed STA validation step for WPS ER commands to prevent a potential
+	  crash if an ER sends an unexpected PutWLANResponse to a station that
+	  is disassociated, but not fully removed
+	* enforce full EAP authentication after RADIUS Disconnect-Request by
+	  removing the PMKSA cache entry
+	* added support for NAS-IP-Address, NAS-identifier, and NAS-IPv6-Address
+	  in RADIUS Disconnect-Request
+	* added mechanism for removing addresses for MAC ACLs by prefixing an
+	  entry with "-"
+	* Interworking/Hotspot 2.0 enhancements
+	  - support Hotspot 2.0 Release 2
+	    * OSEN network for online signup connection
+	    * subscription remediation (based on RADIUS server request or
+	      control interface HS20_WNM_NOTIF for testing purposes)
+	    * Hotspot 2.0 release number indication in WFA RADIUS VSA
+	    * deauthentication request (based on RADIUS server request or
+	      control interface WNM_DEAUTH_REQ for testing purposes)
+	    * Session Info URL RADIUS AVP to trigger ESS Disassociation Imminent
+	    * hs20_icon config parameter to configure icon files for OSU
+	    * osu_* config parameters for OSU Providers list
+	  - do not use Interworking filtering rules on Probe Request if
+	    Interworking is disabled to avoid interop issues
+	* added/fixed nl80211 functionality
+	  - AP interface teardown optimization
+	  - support vendor specific driver command
+	    (VENDOR <vendor id> <sub command id> [<hex formatted data>])
+	* fixed PMF protection of Deauthentication frame when this is triggered
+	  by session timeout
+	* internal TLS implementation enhancements/fixes
+	  - add SHA256-based cipher suites
+	  - add DHE-RSA cipher suites
+	  - fix X.509 validation of PKCS#1 signature to check for extra data
+	* RADIUS server functionality
+	  - add minimal RADIUS accounting server support (hostapd-as-server);
+	    this is mainly to enable testing coverage with hwsim scripts
+	  - allow authentication log to be written into SQLite databse
+	  - added option for TLS protocol testing of an EAP peer by simulating
+	    various misbehaviors/known attacks
+	  - MAC ACL support for testing purposes
+	* fixed PTK derivation for CCMP-256 and GCMP-256
+	* extended WPS per-station PSK to support ER case
+	* added option to configure the management group cipher
+	  (group_mgmt_cipher=AES-128-CMAC (default), BIP-GMAC-128, BIP-GMAC-256,
+	  BIP-CMAC-256)
+	* fixed AP mode default TXOP Limit values for AC_VI and AC_VO (these
+	  were rounded incorrectly)
+	* added support for postponing FT response in case PMK-R1 needs to be
+	  pulled from R0KH
+	* added option to advertise 40 MHz intolerant HT capability with
+	  ht_capab=[40-INTOLERANT]
+	* remove WPS 1.0 only support, i.e., WSC 2.0 support is now enabled
+	  whenever CONFIG_WPS=y is set
+	* EAP-pwd fixes
+	  - fix possible segmentation fault on EAP method deinit if an invalid
+	    group is negotiated
+	* fixed RADIUS client retransmit/failover behavior
+	  - there was a potential ctash due to freed memory being accessed
+	  - failover to a backup server mechanism did not work properly
+	* fixed a possible crash on double DISABLE command when multiple BSSes
+	  are enabled
+	* fixed a memory leak in SAE random number generation
+	* fixed GTK rekeying when the station uses FT protocol
+	* fixed off-by-one bounds checking in printf_encode()
+	  - this could result in deinial of service in some EAP server cases
+	* various bug fixes
+
 -------------------------------------------------------------------
 Tue May 27 19:57:16 UTC 2014 - crrodriguez@opensuse.org
 

hostapd.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package hostapd
 #
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -24,14 +24,13 @@ BuildRequires:  pkgconfig(systemd)
 Summary:        Turns Your WLAN Card into a WPA capable Access Point
 License:        GPL-2.0 or BSD-3-Clause
 Group:          Hardware/Wifi
-Version:        2.1
+Version:        2.3
 Release:        0
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Url:            http://hostap.epitest.fi/
 Source:         http://hostap.epitest.fi/releases/hostapd-%{version}.tar.gz
 Source1:        hostapd.service
-Patch0:         hostapd-2.1-defconfig.patch
-Patch1:         hostapd-2.1-be-host_to_le.patch
+Patch0:         hostapd-2.3-defconfig.patch
 %{?systemd_requires}
 
 %description
@@ -45,8 +44,7 @@ authentication via any ethernet driver.
 
 %prep
 %setup -q -n hostapd-%{version}
-%patch0 -p1
-%patch1 -p1
+%patch0 -p0
 
 cd hostapd
 cp defconfig .config