Accepting request 40920 from hardware

Copy from hardware/wpa_supplicant based on submit request 40920 from user a_jaeger OBS-URL: https://build.opensuse.org/request/show/40920 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/wpa_supplicant?expand=0&rev=31
2010-05-31 16:17:31 +00:00 · 2010-05-31 16:17:31 +00:00 · 15b9bce3ef
commit 15b9bce3ef
parent 37fa91d627
3 changed files with 61 additions and 1 deletions
--- a/Fix_Fallback_From_Failed_PMKSA_Into_Full_EAP.patch
+++ b/Fix_Fallback_From_Failed_PMKSA_Into_Full_EAP.patch
@ -0,0 +1,52 @@
+commit b4a1256d3660a2b5239062a9b42de79b8a34286a
+Author: Jouni Malinen <j@w1.fi>
+Date:   Sat May 1 17:35:28 2010 +0300
+
+    Fix fallback from failed PMKSA caching into full EAP authentication
+    
+    Commit 83935317a78fb4157eb6e5134527b9311dbf7b8c added forced
+    disconnection in case of 4-way handshake failures. However, it should
+    not have changed the case where the supplicant is requesting fallback
+    to full EAP authentication if the PMKID in EAPOL-Key message 1/4 is
+    not know. This case needs to send an EAPOL-Start frame instead of
+    EAPOL-Key message 2/4.
+    
+    This works around a problem with APs that try to force PMKSA caching
+    even when the client does not include PMKID in (re)association request
+    frame to request it. [Bug 355]
+
+diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
+index 885d173..9439f97 100644
+--- src/rsn_supp/wpa.c
+++ src/rsn_supp/wpa.c
+@@ -231,6 +231,7 @@ static int wpa_supplicant_get_pmk(struct wpa_sm *sm,
+ 			wpa_sm_ether_send(sm, sm->bssid, ETH_P_EAPOL,
+ 					  buf, buflen);
+ 			os_free(buf);
+			return -2;
+ 		}
+ 
+ 		return -1;
+@@ -361,6 +362,7 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
+ 	struct wpa_eapol_ie_parse ie;
+ 	struct wpa_ptk *ptk;
+ 	u8 buf[8];
+	int res;
+ 
+ 	if (wpa_sm_get_network_ctx(sm) == NULL) {
+ 		wpa_printf(MSG_WARNING, "WPA: No SSID info found (msg 1 of "
+@@ -388,7 +390,13 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
+ 	}
+ #endif /* CONFIG_NO_WPA2 */
+ 
+-	if (wpa_supplicant_get_pmk(sm, src_addr, ie.pmkid))
+	res = wpa_supplicant_get_pmk(sm, src_addr, ie.pmkid);
+	if (res == -2) {
+		wpa_printf(MSG_DEBUG, "RSN: Do not reply to msg 1/4 - "
+			   "requesting full EAP authentication");
+		return;
+	}
+	if (res)
+ 		goto failed;
+ 
+ 	if (sm->renew_snonce) {
--- a/wpa_supplicant.changes
+++ b/wpa_supplicant.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Fri May 28 12:49:53 CEST 2010 - vbotka@suse.de
+
+-  Fix fallback from failed PMKSA caching into full EAP authentication
+   (bnc 601501)
+
 -------------------------------------------------------------------
 Sun Jan 31 13:13:46 UTC 2010 - aj@suse.de

--- a/wpa_supplicant.spec
+++ b/wpa_supplicant.spec
@ -22,7 +22,7 @@ Name:           wpa_supplicant
 BuildRequires:  dbus-1-devel libnl-devel libqt4 libqt4-devel openssl-devel pkg-config readline-devel
 Url:            http://hostap.epitest.fi/wpa_supplicant/
 Version:        0.7.1
-Release:        1
+Release:        2
 License:        BSD3c(or similar) ; GPLv2+
 Group:          Productivity/Networking/Other
 Summary:        WPA supplicant implementation
@ -45,6 +45,7 @@ Patch6:         wpa_supplicant-fix_dbus_config.patch
 # roaming is implemented in a clean way this patch should be removed
 Patch8:         wpa_supplicant-roaming.patch
 Patch9:         wpa_supplicant-pkcs11-init-args.patch
+Patch10:        Fix_Fallback_From_Failed_PMKSA_Into_Full_EAP.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Requires:       logrotate

@ -91,6 +92,7 @@ cp %{SOURCE1} wpa_supplicant/.config
 #%patch8 -p2
 # Patch does not apply anymore
 #%patch9 -p2
+%patch10 -p0

 %build
 cd wpa_supplicant