From d5e31658fa94632c5ebf4781031c50454f74cfbc279568a57505152950c6f941 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ismail=20D=C3=B6nmez?= Date: Thu, 25 Apr 2013 10:55:41 +0000 Subject: [PATCH] Accepting request 173111 from home:gary_lin:branches:hardware - Update to 2.0 - Drop upstreamed wpa_supplicant-libnl3.patch - Disable obsolete Ralink driver OBS-URL: https://build.opensuse.org/request/show/173111 OBS-URL: https://build.opensuse.org/package/show/hardware/wpa_supplicant?expand=0&rev=31 --- config | 65 ++++++++- wpa_supplicant-1.1.tar.bz2 | 3 - wpa_supplicant-2.0.tar.gz | 3 + wpa_supplicant-libnl3.patch | 12 -- wpa_supplicant.changes | 259 ++++++++++++++++++++++++++++++++++++ wpa_supplicant.spec | 8 +- 6 files changed, 326 insertions(+), 24 deletions(-) delete mode 100644 wpa_supplicant-1.1.tar.bz2 create mode 100644 wpa_supplicant-2.0.tar.gz delete mode 100644 wpa_supplicant-libnl3.patch diff --git a/config b/config index ebe9666..89b6fee 100644 --- a/config +++ b/config @@ -75,7 +75,7 @@ CONFIG_DRIVER_ATMEL=y #CONFIG_DRIVER_IPW=y # Driver interface for Ralink driver -CONFIG_DRIVER_RALINK=y +#CONFIG_DRIVER_RALINK=y # Driver interface for generic Linux wireless extensions # Note: WEXT is deprecated in the current Linux kernel version and no new @@ -204,6 +204,8 @@ CONFIG_WPS_ER=y # Disable credentials for an open network by default when acting as a WPS # registrar. #CONFIG_WPS_REG_DISABLE_OPEN=y +# Enable WPS support with NFC config method +#CONFIG_WPS_NFC=y # EAP-IKEv2 CONFIG_EAP_IKEV2=y @@ -220,6 +222,9 @@ CONFIG_SMARTCARD=y # Enable this if EAP-SIM or EAP-AKA is included #CONFIG_PCSC=y +# Support HT overrides (disable HT/HT40, mask MCS rates, etc.) +#CONFIG_HT_OVERRIDES=y + # Development testing #CONFIG_EAPOL_TEST=y @@ -227,6 +232,7 @@ CONFIG_SMARTCARD=y # unix = UNIX domain sockets (default for Linux/*BSD) # udp = UDP sockets using localhost (127.0.0.1) # named_pipe = Windows Named Pipe (default for Windows) +# udp-remote = UDP sockets with remote access (only for tests systems/purpose) # y = use default (backwards compatibility) # If this option is commented out, control interface is not included in the # build. @@ -303,6 +309,9 @@ CONFIG_BACKEND=file # eloop_none = Empty template #CONFIG_ELOOP=eloop +# Should we use poll instead of select? Select is used by default. +#CONFIG_ELOOP_POLL=y + # Select layer 2 packet implementation # linux = Linux packet socket (default) # pcap = libpcap/libdnet/WinPcap @@ -315,9 +324,7 @@ CONFIG_BACKEND=file # PeerKey handshake for Station to Station Link (IEEE 802.11e DLS) CONFIG_PEERKEY=y -# IEEE 802.11w (management frame protection) -# This version is an experimental implementation based on IEEE 802.11w/D1.0 -# draft and is subject to change since the standard has not yet been finalized. +# IEEE 802.11w (management frame protection), also known as PMF # Driver support is also needed for IEEE 802.11w. CONFIG_IEEE80211W=y @@ -335,6 +342,13 @@ CONFIG_IEEE80211W=y # sent prior to negotiating which version will be used) #CONFIG_TLSV11=y +# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2) +# can be enabled to enable use of stronger crypto algorithms. It should be +# noted that some existing TLS v1.0 -based implementation may not be compatible +# with TLS v1.2 message (ClientHello is sent prior to negotiating which version +# will be used) +#CONFIG_TLSV12=y + # If CONFIG_TLS=internal is used, additional library and include paths are # needed for LibTomMath. Alternatively, an integrated, minimal version of # LibTomMath can be used. See beginning of libtommath.c for details on benefits @@ -400,6 +414,12 @@ CONFIG_DEBUG_FILE=y # Set syslog facility for debug messages #CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON +# Add support for sending all debug messages (regardless of debug verbosity) +# to the Linux kernel tracing facility. This helps debug the entire stack by +# making it easy to record everything happening from the driver up into the +# same file, e.g., using trace-cmd. +#CONFIG_DEBUG_LINUX_TRACING=y + # Enable privilege separation (see README 'Privilege separation' for details) #CONFIG_PRIVSEP=y @@ -459,11 +479,48 @@ CONFIG_DEBUG_FILE=y # IEEE 802.11n (High Throughput) support (mainly for AP mode) #CONFIG_IEEE80211N=y +# Wireless Network Management (IEEE Std 802.11v-2011) +# Note: This is experimental and not complete implementation. +#CONFIG_WNM=y + # Interworking (IEEE 802.11u) # This can be used to enable functionality to improve interworking with # external networks (GAS/ANQP to learn more about the networks and network # selection based on available credentials). #CONFIG_INTERWORKING=y +# Hotspot 2.0 +#CONFIG_HS20=y + +# AP mode operations with wpa_supplicant +# This can be used for controlling AP mode operations with wpa_supplicant. It +# should be noted that this is mainly aimed at simple cases like +# WPA2-Personal while more complex configurations like WPA2-Enterprise with an +# external RADIUS server can be supported with hostapd. +#CONFIG_AP=y + +# P2P (Wi-Fi Direct) +# This can be used to enable P2P support in wpa_supplicant. See README-P2P for +# more information on P2P operations. +#CONFIG_P2P=y + +# Autoscan +# This can be used to enable automatic scan support in wpa_supplicant. +# See wpa_supplicant.conf for more information on autoscan usage. +# +# Enabling directly a module will enable autoscan support. +# For exponential module: +#CONFIG_AUTOSCAN_EXPONENTIAL=y +# For periodic module: +#CONFIG_AUTOSCAN_PERIODIC=y + +# Password (and passphrase, etc.) backend for external storage +# These optional mechanisms can be used to add support for storing passwords +# and other secrets in external (to wpa_supplicant) location. This allows, for +# example, operating system specific key storage to be used +# +# External password backend for testing purposes (developer use) +#CONFIG_EXT_PASSWORD_TEST=y + # Enable background scan to improve roaming CONFIG_BGSCAN_SIMPLE=y diff --git a/wpa_supplicant-1.1.tar.bz2 b/wpa_supplicant-1.1.tar.bz2 deleted file mode 100644 index 5785394..0000000 --- a/wpa_supplicant-1.1.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:b4427170270a7fa5c54f90e903e6144982e2f35a546952fc23c98641336ac65d -size 1533617 diff --git a/wpa_supplicant-2.0.tar.gz b/wpa_supplicant-2.0.tar.gz new file mode 100644 index 0000000..821f187 --- /dev/null +++ b/wpa_supplicant-2.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:2c115609fbb5223d51381084a5c944455a8afcda81d584173ff55ba233379e09 +size 2044281 diff --git a/wpa_supplicant-libnl3.patch b/wpa_supplicant-libnl3.patch deleted file mode 100644 index ac807fd..0000000 --- a/wpa_supplicant-libnl3.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up wpa_supplicant-1.0-rc2/src/drivers/drivers.mak.foo wpa_supplicant-1.0-rc2/src/drivers/drivers.mak ---- wpa_supplicant-1.0-rc2/src/drivers/drivers.mak.foo 2012-03-02 16:11:43.176448714 -0600 -+++ wpa_supplicant-1.0-rc2/src/drivers/drivers.mak 2012-03-02 16:12:29.759866341 -0600 -@@ -48,7 +48,7 @@ NEED_RFKILL=y - ifdef CONFIG_LIBNL32 - DRV_LIBS += -lnl-3 - DRV_LIBS += -lnl-genl-3 -- DRV_CFLAGS += -DCONFIG_LIBNL20 -+ DRV_CFLAGS += -DCONFIG_LIBNL20 `pkg-config --cflags libnl-3.0` - else - ifdef CONFIG_LIBNL_TINY - DRV_LIBS += -lnl-tiny diff --git a/wpa_supplicant.changes b/wpa_supplicant.changes index 30744e2..fd68959 100644 --- a/wpa_supplicant.changes +++ b/wpa_supplicant.changes @@ -1,3 +1,262 @@ +------------------------------------------------------------------- +Wed Apr 24 03:48:27 UTC 2013 - glin@suse.com + +- Update to 2.0 + * removed Qt3-based wpa_gui (obsoleted by wpa_qui-qt4) + * removed unmaintained driver wrappers broadcom, iphone, osx, + ralink, hostap, madwifi (hostap and madwifi remain available + for hostapd; their wpa_supplicant functionality is obsoleted + by wext) + * improved debug logging (human readable event names, interface + name included in more entries) + * changed AP mode behavior to enable WPS only for open and + WPA/WPA2-Personal configuration + * improved P2P concurrency operations + - better coordination of concurrent scan and P2P search + operations + - avoid concurrent remain-on-channel operation requests by + canceling previous operations prior to starting a new one + - reject operations that would require multi-channel + concurrency if the driver does not support it + - add parameter to select whether STA or P2P connection is + preferred if the driver cannot support both at the same time + - allow driver to indicate channel changes + - added optional delay= parameter + for p2p_find to avoid taking all radio resources + - use 500 ms p2p_find search delay by default during concurrent + operations + - allow all channels in GO Negotiation if the driver supports + multi-channel concurrency + * added number of small changes to make it easier for static + analyzers to understand the implementation + * fixed number of small bugs (see git logs for more details) + * nl80211: number of updates to use new cfg80211/nl80211 + functionality + - replace monitor interface with nl80211 commands for AP mode + - additional information for driver-based AP SME + - STA entry authorization in RSN IBSS + * EAP-pwd: + - fixed KDF for group 21 and zero-padding + - added support for fragmentation + - increased maximum number of hunting-and-pecking iterations + * avoid excessive Probe Response retries for broadcast Probe + Request frames (only with drivers using wpa_supplicant AP mode + SME/MLME) + * added "GET country" ctrl_iface command + * do not save an invalid network block in wpa_supplicant.conf to + avoid problems reading the file on next start + * send STA connected/disconnected ctrl_iface events to both the + P2P group and parent interfaces + * added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y) + * added "SET pno <1/0>" ctrl_iface command to start/stop + preferred network offload with sched_scan driver command + * merged in number of changes from Android repository for P2P, + nl80211, and build parameters + * changed P2P GO mode configuration to use driver capabilities + to automatically enable HT operations when supported + * added "wpa_cli status wps" command to fetch WPA2-Personal + passhrase for WPS use cases in AP mode + * EAP-AKA: keep pseudonym identity across EAP exchanges to match + EAP-SIM behavior + * improved reassociation behavior in cases where association is + rejected or when an AP disconnects us to handle common load + balancing mechanisms + - try to avoid extra scans when the needed information is + available + * added optional "join" argument for p2p_prov_disc ctrl_iface + command + * added group ifname to P2P-PROV-DISC-* events + * added P2P Device Address to AP-STA-DISCONNECTED event and use + p2p_dev_addr parameter name with AP-STA-CONNECTED + * added workarounds for WPS PBC overlap detection for some P2P + use cases where deployed stations work incorrectly + * optimize WPS connection speed by disconnecting prior to WPS + scan and by using single channel scans when AP channel is + known + * PCSC and SIM/USIM improvements: + - accept 0x67 (Wrong length) as a response to READ RECORD to + fix issues with some USIM cards + - try to read MNC length from SIM/USIM + - build realm according to 3GPP TS 23.003 with identity from + the SIM + - allow T1 protocol to be enabled + * added more WPS and P2P information available through D-Bus + * improve P2P negotiation robustness + - extra waits to get ACK frames through + - longer timeouts for cases where deployed devices have been + identified have issues meeting the specification + requirements + - more retries for some P2P frames + - handle race conditions in GO Negotiation start by both + devices + - ignore unexpected GO Negotiation Response frame + * added support for libnl 3.2 and newer + * added P2P persistent group info to P2P_PEER data + * maintain a list of P2P Clients for persistent group on GO + * AP: increased initial group key handshake retransmit timeout to + 500 ms + * added optional dev_id parameter for p2p_find + * added P2P-FIND-STOPPED ctrl_iface event + * fixed issues in WPA/RSN element validation when roaming with + ap_scan=1 and driver-based BSS selection + * do not expire P2P peer entries while connected with the peer in a + group + * fixed WSC element inclusion in cases where P2P is disabled + * AP: added a WPS workaround for mixed mode AP Settings with + Windows 7 + * EAP-SIM: fixed AT_COUNTER_TOO_SMALL use + * EAP-SIM/AKA: append realm to pseudonym identity + * EAP-SIM/AKA: store pseudonym identity in network configuration + to allow it to persist over multiple EAP sessions and + wpa_supplicant restarts + * EAP-AKA': updated to RFC 5448 (username prefixes changed); + note: this breaks interoperability with older versions + * added support for WFA Hotspot 2.0 + - GAS/ANQP to fetch network information + - credential configuration and automatic network selections + based on credential match with ANQP information + * limited PMKSA cache entries to be used only with the network + context that was used to create them + * improved PMKSA cache expiration to avoid unnecessary + disconnections + * adjusted bgscan_simple fast-scan backoff to avoid too frequent + background scans + * removed ctrl_iface event on P2P PD Response in join-group case + * added option to fetch BSS table entry based on P2P Device + Address ("BSS p2p_dev_addr=") + * added BSS entry age to ctrl_iface BSS command output + * added optional MASK=0xH option for ctrl_iface BSS command to + select which fields are included in the response + * added optional RANGE=ALL|N1-N2 option for ctrl_iface BSS + command to fetch information about several BSSes in one call + * simplified licensing terms by selecting the BSD license as the + only alternative + * added "P2P_SET disallow_freq " ctrl_iface command + to disable channels from P2P use + * added p2p_pref_chan configuration parameter to allow preferred + P2P channels to be specified + * added support for advertising immediate availability of a WPS + credential for P2P use cases + * optimized scan operations for P2P use cases (use single channel + scan for a specific SSID when possible) + * EAP-TTLS: fixed peer challenge generation for MSCHAPv2 + * SME: do not use reassociation after explicit disconnection + request (local or a notification from an AP) + * added support for sending debug info to Linux tracing (-T on + command line) + * added support for using Deauthentication reason code 3 as an + indication of P2P group termination + * added wps_vendor_ext_m1 configuration parameter to allow + vendor specific attributes to be added to WPS M1 + * started using separate TLS library context for tunneled TLS + (EAP-PEAP/TLS, EAP-TTLS/TLS, EAP-FAST/TLS) to support different + CA certificate configuration between Phase 1 and Phase 2 + * added optional "auto" parameter for p2p_connect to request + automatic GO Negotiation vs. join-a-group selection + * added disabled_scan_offload parameter to disable automatic scan + offloading (sched_scan) + * added optional persistent= parameter for + p2p_connect to allow forcing of a specific SSID/passphrase for + GO Negotiation + * added support for OBSS scan requests and 20/40 BSS coexistence + reports + * reject PD Request for unknown group + * removed scripts and notes related to Windows binary releases + (which have not been used starting from 1.x) + * added initial support for WNM operations + - Keep-alive based on BSS max idle period + - WNM-Sleep Mode + - minimal BSS Transition Management processing + * added autoscan module to control scanning behavior while not + connected + - autoscan_periodic and autoscan_exponential modules + * added new WPS NFC ctrl_iface mechanism + - added initial support NFC connection handover + - removed obsoleted WPS_OOB command (including support for + deprecated UFD config_method) + * added optional framework for external password storage + ("ext:") + * wpa_cli: added optional support for controlling wpa_supplicant + remotely over UDP (CONFIG_CTRL_IFACE=udp-remote) for testing + purposes + * wpa_cli: extended tab completion to more commands + * changed SSID output to use printf-escaped strings instead of + masking of non-ASCII characters + - SSID can now be configured in the same format: + ssid=P"abc\x00test" + * removed default ACM=1 from AC_VO and AC_VI + * added optional "ht40" argument for P2P ctrl_iface commands to + allow 40 MHz channels to be requested on the 5 GHz band + * added optional parameters for p2p_invite command to specify + channel when reinvoking a persistent group as the GO + * improved FIPS mode builds with OpenSSL + - "make fips" with CONFIG_FIPS=y to build wpa_supplicant with + the OpenSSL FIPS object module + - replace low level OpenSSL AES API calls to use EVP + - use OpenSSL keying material exporter when possible + - do not export TLS keys in FIPS mode + - remove MD5 from CONFIG_FIPS=y builds + - use OpenSSL function for PKBDF2 passphrase-to-PSK + - use OpenSSL HMAC implementation + - mix RAND_bytes() output into random_get_bytes() to force + OpenSSL DRBG to be used in FIPS mode + - use OpenSSL CMAC implementation + * added mechanism to disable TLS Session Ticket extension + - a workaround for servers that do not support TLS extensions + that was enabled by default in recent OpenSSL versions + - tls_disable_session_ticket=1 + - automatically disable TLS Session Ticket extension by default + when using EAP-TLS/PEAP/TTLS (i.e., only use it with + EAP-FAST) + * changed VENDOR-TEST EAP method to use proper private + enterprise number (this will not interoperate with older + versions) + * disable network block temporarily on authentication failures + * improved WPS AP selection during WPS PIN iteration + * added support for configuring GCMP cipher for IEEE 802.11ad + * added support for Wi-Fi Display extensions + - WFD_SUBELEMENT_SET ctrl_iface command to configure WFD + subelements + - SET wifi_display <0/1> to disable/enable WFD support + - WFD service discovery + - an external program is needed to manage the audio/video + streaming and codecs + * optimized scan result use for network selection + - use the internal BSS table instead of raw scan results + - allow unnecessary scans to be skipped if fresh information + is available (e.g., after GAS/ANQP round for Interworking) + * added support for 256-bit AES with internal TLS implementation + * allow peer to propose channel in P2P invitation process for a + persistent group + * added disallow_aps parameter to allow BSSIDs/SSIDs to be + disallowed from network selection + * re-enable the networks disabled during WPS operations + * allow P2P functionality to be disabled per interface + (p2p_disabled=1) + * added secondary device types into P2P_PEER output + * added an option to disable use of a separate P2P group + interface (p2p_no_group_iface=1) + * fixed P2P Bonjour SD to match entries with both compressed and + not compressed domain name format and support multiple Bonjour + PTR matches for the same key + * use deauthentication instead of disassociation for all + disconnection operations; this removes the now unused + disassociate() wpa_driver_ops callback + * optimized PSK generation on P2P GO by caching results to avoid + multiple PBKDF2 operations + * added okc=1 global configuration parameter to allow OKC to be + enabled by default for all network blocks + * added a workaround for WPS PBC session overlap detection to + avoid interop issues with deployed station implementations + that do not remove active PBC indication from Probe Request + frames properly + * added basic support for 60 GHz band + * extend EAPOL frames processing workaround for roaming cases + (postpone processing of unexpected EAPOL frame until + association event to handle reordered events) +- Drop upstreamed wpa_supplicant-libnl3.patch +- Disable obsolete Ralink driver + ------------------------------------------------------------------- Tue Dec 11 10:16:40 UTC 2012 - glin@suse.com diff --git a/wpa_supplicant.spec b/wpa_supplicant.spec index 991a320..9b053a2 100644 --- a/wpa_supplicant.spec +++ b/wpa_supplicant.spec @@ -1,7 +1,7 @@ # # spec file for package wpa_supplicant # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -30,12 +30,12 @@ BuildRequires: libnl3-devel BuildRequires: libnl-devel %endif Url: http://hostap.epitest.fi/wpa_supplicant/ -Version: 1.1 +Version: 2.0 Release: 0 Summary: WPA supplicant implementation License: BSD-3-Clause and GPL-2.0+ Group: Productivity/Networking/Other -Source: http://hostap.epitest.fi/releases/wpa_supplicant-%{version}.tar.bz2 +Source: http://hostap.epitest.fi/releases/wpa_supplicant-%{version}.tar.gz Source1: config Source2: %{name}.conf Source3: fi.epitest.hostap.WPASupplicant.service @@ -49,7 +49,6 @@ Patch1: wpa_supplicant-flush-debug-output.patch # is not portable Patch2: wpa_supplicant-sigusr1-changes-debuglevel.patch Patch3: wpa_supplicant-errormsg.patch -Patch4: wpa_supplicant-libnl3.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build Requires: logrotate @@ -89,7 +88,6 @@ echo "CONFIG_LIBNL32=y" >> wpa_supplicant/.config %patch1 -p0 %patch2 -p0 %patch3 -p0 -%patch4 -p1 %build cd wpa_supplicant