diff --git a/config b/config index ad64b9f..9e59b9e 100644 --- a/config +++ b/config @@ -50,16 +50,13 @@ CONFIG_DRIVER_HOSTAP=y #CFLAGS += -I../../include/wireless # Driver interface for madwifi driver +# Deprecated; use CONFIG_DRIVER_WEXT=y instead. #CONFIG_DRIVER_MADWIFI=y # Set include directory to the madwifi source tree #CFLAGS += -I../../madwifi -# Driver interface for Prism54 driver -# (Note: Prism54 is not yet supported, i.e., this will not work as-is and is -# for developers only) -CONFIG_DRIVER_PRISM54=y - # Driver interface for ndiswrapper +# Deprecated; use CONFIG_DRIVER_WEXT=y instead. CONFIG_DRIVER_NDISWRAPPER=y # Driver interface for Atmel driver @@ -74,12 +71,18 @@ CONFIG_DRIVER_ATMEL=y #CFLAGS += -I/opt/WRT54GS/release/src/include # Driver interface for Intel ipw2100/2200 driver +# Deprecated; use CONFIG_DRIVER_WEXT=y instead. #CONFIG_DRIVER_IPW=y # Driver interface for Ralink driver CONFIG_DRIVER_RALINK=y # Driver interface for generic Linux wireless extensions +# Note: WEXT is deprecated in the current Linux kernel version and no new +# functionality is added to it. nl80211-based interface is the new +# replacement for WEXT and its use allows wpa_supplicant to properly control +# the driver to improve existing functionality like roaming and to support new +# functionality. CONFIG_DRIVER_WEXT=y # Driver interface for Linux drivers using the nl80211 kernel interface @@ -89,6 +92,8 @@ CONFIG_DRIVER_NL80211=y #CONFIG_DRIVER_BSD=y #CFLAGS += -I/usr/local/include #LIBS += -L/usr/local/lib +#LIBS_p += -L/usr/local/lib +#LIBS_c += -L/usr/local/lib # Driver interface for Windows NDIS #CONFIG_DRIVER_NDIS=y @@ -115,6 +120,13 @@ CONFIG_DRIVER_WIRED=y # Driver interface for the Broadcom RoboSwitch family #CONFIG_DRIVER_ROBOSWITCH=y +# Driver interface for no driver (e.g., WPS ER only) +#CONFIG_DRIVER_NONE=y + +# Solaris libraries +#LIBS += -lsocket -ldlpi -lnsl +#LIBS_c += -lsocket + # Enable IEEE 802.1X Supplicant (automatically included if any EAP method is # included) CONFIG_IEEE8021X_EAPOL=y @@ -153,6 +165,9 @@ CONFIG_EAP_OTP=y # EAP-PSK (experimental; this is _not_ needed for WPA-PSK) CONFIG_EAP_PSK=y +# EAP-pwd (secure authentication using only a password) +#CONFIG_EAP_PWD=y + # EAP-PAX CONFIG_EAP_PAX=y @@ -182,6 +197,13 @@ CONFIG_EAP_TNC=y # Wi-Fi Protected Setup (WPS) CONFIG_WPS=y +# Enable WSC 2.0 support +CONFIG_WPS2=y +# Enable WPS external registrar functionality +CONFIG_WPS_ER=y +# Disable credentials for an open network by default when acting as a WPS +# registrar. +#CONFIG_WPS_REG_DISABLE_OPEN=y # EAP-IKEv2 CONFIG_EAP_IKEV2=y @@ -216,6 +238,10 @@ CONFIG_CTRL_IFACE=y # the resulting binary. #CONFIG_READLINE=y +# Include internal line edit mode in wpa_cli. This can be used as a replacement +# for GNU Readline to provide limited command line editing and history support. +#CONFIG_WPA_CLI_EDIT=y + # Remove debugging code that is printing out debug message to stdout. # This can be used to reduce the size of the wpa_supplicant considerably # if debugging code is not needed. The size reduction can be around 35% @@ -238,11 +264,6 @@ CONFIG_CTRL_IFACE=y # wpa_passphrase). This saves about 0.5 kB in code size. #CONFIG_NO_WPA_PASSPHRASE=y -# Remove AES extra functions. This can be used to reduce code size by about -# 1.5 kB by removing extra AES modes that are not needed for commonly used -# client configurations (they are needed for some EAP types). -#CONFIG_NO_AES_EXTRAS=y - # Disable scan result processing (ap_mode=1) to save code size by about 1 kB. # This can be used if ap_scan=1 mode is never enabled. #CONFIG_NO_SCAN_PROCESSING=y @@ -302,18 +323,17 @@ CONFIG_IEEE80211W=y # Select TLS implementation # openssl = OpenSSL (default) -# gnutls = GnuTLS (needed for TLS/IA, see also CONFIG_GNUTLS_EXTRA) +# gnutls = GnuTLS # internal = Internal TLSv1 implementation (experimental) # none = Empty template #CONFIG_TLS=openssl -# Whether to enable TLS/IA support, which is required for EAP-TTLSv1. -# You need CONFIG_TLS=gnutls for this to have any effect. Please note that -# even though the core GnuTLS library is released under LGPL, this extra -# library uses GPL and as such, the terms of GPL apply to the combination -# of wpa_supplicant and GnuTLS if this option is enabled. BSD license may not -# apply for distribution of the resulting binary. -#CONFIG_GNUTLS_EXTRA=y +# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1) +# can be enabled to get a stronger construction of messages when block ciphers +# are used. It should be noted that some existing TLS v1.0 -based +# implementation may not be compatible with TLS v1.1 message (ClientHello is +# sent prior to negotiating which version will be used) +#CONFIG_TLSV11=y # If CONFIG_TLS=internal is used, additional library and include paths are # needed for LibTomMath. Alternatively, an integrated, minimal version of @@ -369,22 +389,78 @@ CONFIG_CTRL_IFACE_DBUS_INTRO=y # amount of memory/flash. #CONFIG_DYNAMIC_EAP_METHODS=y -# Include client MLME (management frame processing). -# This can be used to move MLME processing of Linux mac80211 stack into user -# space. Please note that this is currently only available with -# driver_nl80211.c and only with a modified version of Linux kernel and -# wpa_supplicant. -#CONFIG_CLIENT_MLME=y - # IEEE Std 802.11r-2008 (Fast BSS Transition) #CONFIG_IEEE80211R=y # Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt) CONFIG_DEBUG_FILE=y +# Send debug messages to syslog instead of stdout +#CONFIG_DEBUG_SYSLOG=y +# Set syslog facility for debug messages +#CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON + # Enable privilege separation (see README 'Privilege separation' for details) #CONFIG_PRIVSEP=y # Enable mitigation against certain attacks against TKIP by delaying Michael # MIC error reports by a random amount of time between 0 and 60 seconds #CONFIG_DELAYED_MIC_ERROR_REPORT=y + +# Enable tracing code for developer debugging +# This tracks use of memory allocations and other registrations and reports +# incorrect use with a backtrace of call (or allocation) location. +#CONFIG_WPA_TRACE=y +# For BSD, uncomment these. +#LIBS += -lexecinfo +#LIBS_p += -lexecinfo +#LIBS_c += -lexecinfo + +# Use libbfd to get more details for developer debugging +# This enables use of libbfd to get more detailed symbols for the backtraces +# generated by CONFIG_WPA_TRACE=y. +#CONFIG_WPA_TRACE_BFD=y +# For BSD, uncomment these. +#LIBS += -lbfd -liberty -lz +#LIBS_p += -lbfd -liberty -lz +#LIBS_c += -lbfd -liberty -lz + +# wpa_supplicant depends on strong random number generation being available +# from the operating system. os_get_random() function is used to fetch random +# data when needed, e.g., for key generation. On Linux and BSD systems, this +# works by reading /dev/urandom. It should be noted that the OS entropy pool +# needs to be properly initialized before wpa_supplicant is started. This is +# important especially on embedded devices that do not have a hardware random +# number generator and may by default start up with minimal entropy available +# for random number generation. +# +# As a safety net, wpa_supplicant is by default trying to internally collect +# additional entropy for generating random data to mix in with the data fetched +# from the OS. This by itself is not considered to be very strong, but it may +# help in cases where the system pool is not initialized properly. However, it +# is very strongly recommended that the system pool is initialized with enough +# entropy either by using hardware assisted random number generator or by +# storing state over device reboots. +# +# wpa_supplicant can be configured to maintain its own entropy store over +# restarts to enhance random number generation. This is not perfect, but it is +# much more secure than using the same sequence of random numbers after every +# reboot. This can be enabled with -e command line option. The +# specified file needs to be readable and writable by wpa_supplicant. +# +# If the os_get_random() is known to provide strong random data (e.g., on +# Linux/BSD, the board in question is known to have reliable source of random +# data from /dev/urandom), the internal wpa_supplicant random pool can be +# disabled. This will save some in binary size and CPU use. However, this +# should only be considered for builds that are known to be used on devices +# that meet the requirements described above. +#CONFIG_NO_RANDOM_POOL=y + +# IEEE 802.11n (High Throughput) support (mainly for AP mode) +#CONFIG_IEEE80211N=y + +# Interworking (IEEE 802.11u) +# This can be used to enable functionality to improve interworking with +# external networks (GAS/ANQP to learn more about the networks and network +# selection based on available credentials). +#CONFIG_INTERWORKING=y diff --git a/wpa_supplicant-0.7.3.tar.bz2 b/wpa_supplicant-0.7.3.tar.bz2 deleted file mode 100644 index ff0768a..0000000 --- a/wpa_supplicant-0.7.3.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:495bb18e0fd682f143ec46715f6b2d6ce57ddc6f6dbd0d40603f0d2cef458b3a -size 1290000 diff --git a/wpa_supplicant-1.0.tar.bz2 b/wpa_supplicant-1.0.tar.bz2 new file mode 100644 index 0000000..96318f9 --- /dev/null +++ b/wpa_supplicant-1.0.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:469af636416a85f5ffa3771f3a8d1233b5f3322d796d0523dfa7ba99dcddb003 +size 1525773 diff --git a/wpa_supplicant-dbus-events.patch b/wpa_supplicant-dbus-events.patch deleted file mode 100644 index f819e74..0000000 --- a/wpa_supplicant-dbus-events.patch +++ /dev/null @@ -1,62 +0,0 @@ -From b80b5639935d37b95d00f86b57f2844a9c775f57 Mon Sep 17 00:00:00 2001 -From: Dan Williams -Date: Fri, 17 Dec 2010 15:56:01 +0200 -Subject: [PATCH 1/1] dbus: Emit property changed events when adding/removing BSSes - -The supplicant was not emitting property changed events when the BSSs -property changed. - -Signed-off-by: Dan Williams -(cherry picked from commit 1e6288df6b07a353a9246b77e0de2a840b5f2c72) ---- - wpa_supplicant/dbus/dbus_new.c | 6 ++++++ - wpa_supplicant/dbus/dbus_new.h | 1 + - 2 files changed, 7 insertions(+), 0 deletions(-) - -diff --git a/wpa_supplicant/dbus/dbus_new.c b/wpa_supplicant/dbus/dbus_new.c -index bdfbbac..c66640a 100644 ---- a/wpa_supplicant/dbus/dbus_new.c -+++ b/wpa_supplicant/dbus/dbus_new.c -@@ -691,6 +691,10 @@ void wpas_dbus_signal_prop_changed(struct wpa_supplicant *wpa_s, - wpas_dbus_getter_current_network; - prop = "CurrentNetwork"; - break; -+ case WPAS_DBUS_PROP_BSSS: -+ getter = (WPADBusPropertyAccessor) wpas_dbus_getter_bsss; -+ prop = "BSSs"; -+ break; - default: - wpa_printf(MSG_ERROR, "dbus: %s: Unknown Property value %d", - __func__, property); -@@ -1199,6 +1203,7 @@ int wpas_dbus_unregister_bss(struct wpa_supplicant *wpa_s, - } - - wpas_dbus_signal_bss_removed(wpa_s, bss_obj_path); -+ wpas_dbus_signal_prop_changed(wpa_s, WPAS_DBUS_PROP_BSSS); - - return 0; - } -@@ -1263,6 +1268,7 @@ int wpas_dbus_register_bss(struct wpa_supplicant *wpa_s, - } - - wpas_dbus_signal_bss_added(wpa_s, bss_obj_path); -+ wpas_dbus_signal_prop_changed(wpa_s, WPAS_DBUS_PROP_BSSS); - - return 0; - -diff --git a/wpa_supplicant/dbus/dbus_new.h b/wpa_supplicant/dbus/dbus_new.h -index 80ea98c..9cdefcb 100644 ---- a/wpa_supplicant/dbus/dbus_new.h -+++ b/wpa_supplicant/dbus/dbus_new.h -@@ -30,6 +30,7 @@ enum wpas_dbus_prop { - WPAS_DBUS_PROP_STATE, - WPAS_DBUS_PROP_CURRENT_BSS, - WPAS_DBUS_PROP_CURRENT_NETWORK, -+ WPAS_DBUS_PROP_BSSS, - }; - - enum wpas_dbus_bss_prop { --- -1.7.4-rc1 - - diff --git a/wpa_supplicant-probed-cert-dbus-signal.patch b/wpa_supplicant-probed-cert-dbus-signal.patch deleted file mode 100644 index e1f2634..0000000 --- a/wpa_supplicant-probed-cert-dbus-signal.patch +++ /dev/null @@ -1,373 +0,0 @@ -commit ade74830b45466abb41b8e8dbc2f595d8bacb793 -Author: Michael Chang -Date: Tue Jul 5 12:22:32 2011 +0300 - - Add dbus signal for information about server certification - - In general, this patch attemps to extend commit - 00468b4650998144f794762206c695c962c54734 with dbus support. - - This can be used by dbus client to implement subject match text - entry with preset value probed from server. This preset value, if - user accepts it, is remembered and passed to subject_match config - for any future authentication. - - Signed-off-by: Michael Chang - -Index: wpa_supplicant-0.7.3/src/eap_peer/eap.c -=================================================================== ---- wpa_supplicant-0.7.3.orig/src/eap_peer/eap.c -+++ wpa_supplicant-0.7.3/src/eap_peer/eap.c -@@ -1206,6 +1206,13 @@ static void eap_peer_sm_tls_event(void * - data->peer_cert.subject, - cert_hex); - } -+ if (sm->eapol_cb->notify_cert) { -+ sm->eapol_cb->notify_cert(sm->eapol_ctx, -+ data->peer_cert.depth, -+ data->peer_cert.subject, -+ hash_hex, -+ data->peer_cert.cert); -+ } - break; - } - -Index: wpa_supplicant-0.7.3/src/eap_peer/eap.h -=================================================================== ---- wpa_supplicant-0.7.3.orig/src/eap_peer/eap.h -+++ wpa_supplicant-0.7.3/src/eap_peer/eap.h -@@ -221,6 +221,17 @@ struct eapol_callbacks { - */ - void (*eap_param_needed)(void *ctx, const char *field, - const char *txt); -+ -+ /** -+ * notify_cert - Notification of a peer certificate -+ * @ctx: eapol_ctx from eap_peer_sm_init() call -+ * @depth: Depth in certificate chain (0 = server) -+ * @subject: Subject of the peer certificate -+ * @cert_hash: SHA-256 hash of the certificate -+ * @cert: Peer certificate -+ */ -+ void (*notify_cert)(void *ctx, int depth, const char *subject, -+ const char *cert_hash, const struct wpabuf *cert); - }; - - /** -Index: wpa_supplicant-0.7.3/src/eapol_supp/eapol_supp_sm.c -=================================================================== ---- wpa_supplicant-0.7.3.orig/src/eapol_supp/eapol_supp_sm.c -+++ wpa_supplicant-0.7.3/src/eapol_supp/eapol_supp_sm.c -@@ -1810,6 +1810,15 @@ static void eapol_sm_eap_param_needed(vo - #define eapol_sm_eap_param_needed NULL - #endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */ - -+static void eapol_sm_notify_cert(void *ctx, int depth, const char *subject, -+ const char *cert_hash, -+ const struct wpabuf *cert) -+{ -+ struct eapol_sm *sm = ctx; -+ if (sm->ctx->cert_cb) -+ sm->ctx->cert_cb(sm->ctx->ctx, depth, subject, -+ cert_hash, cert); -+} - - static struct eapol_callbacks eapol_cb = - { -@@ -1822,7 +1831,8 @@ static struct eapol_callbacks eapol_cb = - eapol_sm_set_config_blob, - eapol_sm_get_config_blob, - eapol_sm_notify_pending, -- eapol_sm_eap_param_needed -+ eapol_sm_eap_param_needed, -+ eapol_sm_notify_cert - }; - - -Index: wpa_supplicant-0.7.3/src/eapol_supp/eapol_supp_sm.h -=================================================================== ---- wpa_supplicant-0.7.3.orig/src/eapol_supp/eapol_supp_sm.h -+++ wpa_supplicant-0.7.3/src/eapol_supp/eapol_supp_sm.h -@@ -220,6 +220,17 @@ struct eapol_ctx { - * @authorized: Whether the supplicant port is now in authorized state - */ - void (*port_cb)(void *ctx, int authorized); -+ -+ /** -+ * cert_cb - Notification of a peer certificate -+ * @ctx: Callback context (ctx) -+ * @depth: Depth in certificate chain (0 = server) -+ * @subject: Subject of the peer certificate -+ * @cert_hash: SHA-256 hash of the certificate -+ * @cert: Peer certificate -+ */ -+ void (*cert_cb)(void *ctx, int depth, const char *subject, -+ const char *cert_hash, const struct wpabuf *cert); - }; - - -Index: wpa_supplicant-0.7.3/wpa_supplicant/dbus/dbus_new.c -=================================================================== ---- wpa_supplicant-0.7.3.orig/wpa_supplicant/dbus/dbus_new.c -+++ wpa_supplicant-0.7.3/wpa_supplicant/dbus/dbus_new.c -@@ -650,6 +650,53 @@ nomem: - - #endif /* CONFIG_WPS */ - -+void wpas_dbus_signal_certification(struct wpa_supplicant *wpa_s, -+ int depth, const char *subject, -+ const char *cert_hash, -+ const struct wpabuf *cert) -+{ -+ struct wpas_dbus_priv *iface; -+ DBusMessage *msg; -+ DBusMessageIter iter, dict_iter; -+ -+ iface = wpa_s->global->dbus; -+ -+ /* Do nothing if the control interface is not turned on */ -+ if (iface == NULL) -+ return; -+ -+ msg = dbus_message_new_signal(wpa_s->dbus_new_path, -+ WPAS_DBUS_NEW_IFACE_INTERFACE, -+ "Certification"); -+ if (msg == NULL) -+ return; -+ -+ dbus_message_iter_init_append(msg, &iter); -+ if (!wpa_dbus_dict_open_write(&iter, &dict_iter)) -+ goto nomem; -+ -+ if (!wpa_dbus_dict_append_uint32(&dict_iter, "depth", depth) || -+ !wpa_dbus_dict_append_string(&dict_iter, "subject", subject)) -+ goto nomem; -+ -+ if (cert_hash && -+ !wpa_dbus_dict_append_string(&dict_iter, "cert_hash", cert_hash)) -+ goto nomem; -+ -+ if (cert && -+ !wpa_dbus_dict_append_byte_array(&dict_iter, "cert", -+ wpabuf_head(cert), -+ wpabuf_len(cert))) -+ goto nomem; -+ -+ if (!wpa_dbus_dict_close_write(&iter, &dict_iter)) -+ goto nomem; -+ -+ dbus_connection_send(iface->con, msg, NULL); -+ -+nomem: -+ dbus_message_unref(msg); -+} - - /** - * wpas_dbus_signal_prop_changed - Signals change of property -@@ -1488,6 +1535,12 @@ static const struct wpa_dbus_signal_desc - } - }, - #endif /* CONFIG_WPS */ -+ { "Certification", WPAS_DBUS_NEW_IFACE_INTERFACE, -+ { -+ { "certification", "a{sv}", ARG_OUT }, -+ END_ARGS -+ } -+ }, - { NULL, NULL, { END_ARGS } } - }; - -Index: wpa_supplicant-0.7.3/wpa_supplicant/dbus/dbus_new.h -=================================================================== ---- wpa_supplicant-0.7.3.orig/wpa_supplicant/dbus/dbus_new.h -+++ wpa_supplicant-0.7.3/wpa_supplicant/dbus/dbus_new.h -@@ -120,6 +120,10 @@ void wpas_dbus_signal_blob_removed(struc - void wpas_dbus_signal_debug_level_changed(struct wpa_global *global); - void wpas_dbus_signal_debug_timestamp_changed(struct wpa_global *global); - void wpas_dbus_signal_debug_show_keys_changed(struct wpa_global *global); -+void wpas_dbus_signal_certification(struct wpa_supplicant *wpa_s, -+ int depth, const char *subject, -+ const char *cert_hash, -+ const struct wpabuf *cert); - - #else /* CONFIG_CTRL_IFACE_DBUS_NEW */ - -@@ -230,6 +234,14 @@ static inline void wpas_dbus_signal_debu - { - } - -+static inline void wpas_dbus_signal_certification(struct wpa_supplicant *wpa_s, -+ int depth, -+ const char *subject, -+ const char *cert_hash, -+ const struct wpabuf *cert) -+{ -+} -+ - #endif /* CONFIG_CTRL_IFACE_DBUS_NEW */ - - #endif /* CTRL_IFACE_DBUS_H_NEW */ -Index: wpa_supplicant-0.7.3/wpa_supplicant/dbus/dbus_old.c -=================================================================== ---- wpa_supplicant-0.7.3.orig/wpa_supplicant/dbus/dbus_old.c -+++ wpa_supplicant-0.7.3/wpa_supplicant/dbus/dbus_old.c -@@ -547,6 +547,59 @@ void wpa_supplicant_dbus_notify_wps_cred - } - #endif /* CONFIG_WPS */ - -+void wpa_supplicant_dbus_notify_certification(struct wpa_supplicant *wpa_s, -+ int depth, const char *subject, -+ const char *cert_hash, -+ const struct wpabuf *cert) -+{ -+ struct wpas_dbus_priv *iface; -+ DBusMessage *_signal = NULL; -+ const char *hash; -+ const char *cert_hex; -+ int cert_hex_len; -+ -+ /* Do nothing if the control interface is not turned on */ -+ if (wpa_s->global == NULL) -+ return; -+ iface = wpa_s->global->dbus; -+ if (iface == NULL) -+ return; -+ -+ _signal = dbus_message_new_signal(wpa_s->dbus_path, -+ WPAS_DBUS_IFACE_INTERFACE, -+ "Certification"); -+ if (_signal == NULL) { -+ wpa_printf(MSG_ERROR, -+ "dbus: wpa_supplicant_dbus_notify_certification: " -+ "Could not create dbus signal; likely out of " -+ "memory"); -+ return; -+ } -+ -+ hash = cert_hash ? cert_hash : ""; -+ cert_hex = cert ? wpabuf_head(cert) : ""; -+ cert_hex_len = cert ? wpabuf_len(cert) : 0; -+ -+ if (!dbus_message_append_args(_signal, -+ DBUS_TYPE_INT32,&depth, -+ DBUS_TYPE_STRING, &subject, -+ DBUS_TYPE_STRING, &hash, -+ DBUS_TYPE_ARRAY, DBUS_TYPE_BYTE, -+ &cert_hex, cert_hex_len, -+ DBUS_TYPE_INVALID)) { -+ wpa_printf(MSG_ERROR, -+ "dbus: wpa_supplicant_dbus_notify_certification: " -+ "Not enough memory to construct signal"); -+ goto out; -+ } -+ -+ dbus_connection_send(iface->con, _signal, NULL); -+ -+out: -+ dbus_message_unref(_signal); -+ -+} -+ - - /** - * wpa_supplicant_dbus_ctrl_iface_init - Initialize dbus control interface -Index: wpa_supplicant-0.7.3/wpa_supplicant/dbus/dbus_old.h -=================================================================== ---- wpa_supplicant-0.7.3.orig/wpa_supplicant/dbus/dbus_old.h -+++ wpa_supplicant-0.7.3/wpa_supplicant/dbus/dbus_old.h -@@ -82,6 +82,10 @@ void wpa_supplicant_dbus_notify_state_ch - enum wpa_states old_state); - void wpa_supplicant_dbus_notify_wps_cred(struct wpa_supplicant *wpa_s, - const struct wps_credential *cred); -+void wpa_supplicant_dbus_notify_certification(struct wpa_supplicant *wpa_s, -+ int depth, const char *subject, -+ const char *cert_hash, -+ const struct wpabuf *cert); - - char * wpas_dbus_decompose_object_path(const char *path, char **network, - char **bssid); -@@ -114,6 +118,14 @@ wpa_supplicant_dbus_notify_wps_cred(stru - { - } - -+static inline void -+void wpa_supplicant_dbus_notify_certification(struct wpa_supplicant *wpa_s, -+ int depth, const char *subject, -+ const char *cert_hash, -+ const struct wpabuf *cert) -+{ -+} -+ - static inline int - wpas_dbus_register_iface(struct wpa_supplicant *wpa_s) - { -Index: wpa_supplicant-0.7.3/wpa_supplicant/notify.c -=================================================================== ---- wpa_supplicant-0.7.3.orig/wpa_supplicant/notify.c -+++ wpa_supplicant-0.7.3/wpa_supplicant/notify.c -@@ -337,3 +337,15 @@ void wpas_notify_resume(struct wpa_globa - wpa_supplicant_req_scan(wpa_s, 0, 100000); - } - } -+ -+ -+void wpas_notify_certification(struct wpa_supplicant *wpa_s, int depth, -+ const char *subject, const char *cert_hash, -+ const struct wpabuf *cert) -+{ -+ /* notify the old DBus API */ -+ wpa_supplicant_dbus_notify_certification(wpa_s, depth, subject, -+ cert_hash, cert); -+ /* notify the new DBus API */ -+ wpas_dbus_signal_certification(wpa_s, depth, subject, cert_hash, cert); -+} -Index: wpa_supplicant-0.7.3/wpa_supplicant/notify.h -=================================================================== ---- wpa_supplicant-0.7.3.orig/wpa_supplicant/notify.h -+++ wpa_supplicant-0.7.3/wpa_supplicant/notify.h -@@ -78,4 +78,8 @@ void wpas_notify_debug_show_keys_changed - void wpas_notify_suspend(struct wpa_global *global); - void wpas_notify_resume(struct wpa_global *global); - -+void wpas_notify_certification(struct wpa_supplicant *wpa_s, int depth, -+ const char *subject, const char *cert_hash, -+ const struct wpabuf *cert); -+ - #endif /* NOTIFY_H */ -Index: wpa_supplicant-0.7.3/wpa_supplicant/wpas_glue.c -=================================================================== ---- wpa_supplicant-0.7.3.orig/wpa_supplicant/wpas_glue.c -+++ wpa_supplicant-0.7.3/wpa_supplicant/wpas_glue.c -@@ -32,6 +32,7 @@ - #include "wps_supplicant.h" - #include "bss.h" - #include "scan.h" -+#include "notify.h" - - - #ifndef CONFIG_NO_CONFIG_BLOBS -@@ -572,6 +573,16 @@ static void wpa_supplicant_port_cb(void - authorized ? "Authorized" : "Unauthorized"); - wpa_drv_set_supp_port(wpa_s, authorized); - } -+ -+ -+static void wpa_supplicant_cert_cb(void *ctx, int depth, const char *subject, -+ const char *cert_hash, -+ const struct wpabuf *cert) -+{ -+ struct wpa_supplicant *wpa_s = ctx; -+ -+ wpas_notify_certification(wpa_s, depth, subject, cert_hash, cert); -+} - #endif /* IEEE8021X_EAPOL */ - - -@@ -602,6 +613,7 @@ int wpa_supplicant_init_eapol(struct wpa - ctx->eap_param_needed = wpa_supplicant_eap_param_needed; - ctx->port_cb = wpa_supplicant_port_cb; - ctx->cb = wpa_supplicant_eapol_cb; -+ ctx->cert_cb = wpa_supplicant_cert_cb; - ctx->cb_ctx = wpa_s; - wpa_s->eapol = eapol_sm_init(ctx); - if (wpa_s->eapol == NULL) { diff --git a/wpa_supplicant.changes b/wpa_supplicant.changes index af9649f..f274dd8 100644 --- a/wpa_supplicant.changes +++ b/wpa_supplicant.changes @@ -1,3 +1,121 @@ +------------------------------------------------------------------- +Tue May 15 04:35:01 UTC 2012 - glin@suse.com + +- Update to 1.0 + * Delay STA entry removal until Deauth/Disassoc TX status + in AP mode. This allows the driver to use PS buffering of + Deauthentication and Disassociation frames when the STA + is in power save sleep. Only available with drivers that + provide TX status events for Deauth/Disassoc frames + (nl80211). + * Drop oldest unknown BSS table entries first. This makes + it less likely to hit connection issues in environments + with huge number of visible APs. + * Add systemd support. + * Add support for setting the syslog facility from the + config file at build time. + * atheros: Add support for IEEE 802.11w configuration. + * AP mode: Allow enable HT20 if driver supports it, by + setting the config parameter ieee80211n. + * Allow AP mode to disconnect STAs based on low ACK + condition (when the data connection is not working + properly, e.g., due to the STA going outside the range + of the AP). + * nl80211: + - Support GTK rekey offload. + - Support PMKSA candidate events. This adds support for + RSN pre-authentication with nl80211 interface and + drivers that handle roaming internally. + * Improved dbus interface + * New wpa_cli commands to setup the scan interval and + to support P2P and WPS/WPS ER + * AP mode: Add max_num_sta config option, which can be used + to limit the number of stations allowed to connect to the + AP. + * wext: Increase scan timeout from 5 to 10 seconds. + * Allow an external program to manage the BSS blacklist + and display its current contents. + * WPS: + - Add wpa_cli wps_pin get command for generating random + PINs. This can be used in a UI to generate a PIN + without starting WPS (or P2P) operation. + - Set RF bands based on driver capabilities, instead of + hardcoding them. + - Add mechanism for indicating non-standard WPS errors. + - Add wps_ap_pin cli command for wpa_supplicant AP mode. + - Add wps_check_pin cli command for processing PIN from + user input. UIs can use this command to process a PIN + entered by a user and to validate the checksum digit + (if present). + - Cancel WPS operation on PBC session overlap detection. + - New wps_cancel command in wpa_cli will cancel a + pending WPS operation. + - wpa_cli action: Add WPS_EVENT_SUCCESS and + WPS_EVENT_FAIL handlers. + - Trigger WPS config update on Manufacturer, Model Name, + Model Number, and Serial Number changes. + - Fragment size is now configurable for EAP-WSC peer. + Use wpa_cli set wps_fragment_size . + - Disable AP PIN after 10 consecutive failures. Slow down + attacks on failures up to 10. + - Allow AP to start in Enrollee mode without AP PIN for + probing, to be compatible with Windows 7. + - Add Config Error into WPS-FAIL events to provide more + info to the user on how to resolve the issue. + - Label and Display config methods are not allowed to be + enabled at the same time, since it is unclear which + PIN to use if both methods are advertised. + - When controlling multiple interfaces: + - apply WPS commands to all interfaces configured to + use WPS + - apply WPS config changes to all interfaces that use + WPS + - when an attack is detected on any interface, disable + AP PIN on all interfaces + * WPS ER: + - Add special AP Setup Locked mode to allow read only ER. + - Show SetSelectedRegistrar events as ctrl_iface events + - Add wps_er_set_config to enroll a network based on a + local network configuration block instead of having to + (re-)learn the current AP settings with wps_er_learn. + - Allow AP filtering based on IP address, add ctrl_iface + event for learned AP settings, add wps_er_config + command to configure an AP. + * Add support for WPS 2.0 + * TDLS: + - Propogate TDLS related nl80211 capability flags from + kernel and add them as driver capability flags. If the + driver doesn't support capabilities, assume TDLS is + supported internally. When TDLS is explicitly not + supported, disable all user facing TDLS operations. + - Allow TDLS to be disabled at runtime. + - Honor AP TDLS settings that prohibit/allow TDLS. + - Add a special testing feature for changing TDLS + behavior. + - Add support for TDLS 802.11z. + * wlantest: Add a tool wlantest for IEEE802.11 protocol + testing. wlantest can be used to capture frames from a + monitor interface for realtime capturing or from pcap + files for offline analysis. + * bgscan learn: Add new bgscan that learns BSS information + based on previous scans, and uses that information to + dynamically generate the list of channels for background + scans. + * Add a new debug message level for excessive information. + * TLS: Add support for tls_disable_time_checks=1 in client + mode. + * Improved internal TLS + * Add RFKill support by adding an interface state + "disabled". + * Reorder some IEs to get closer to IEEE 802.11 standard. + Move WMM into end of Beacon, Probe Resp and (Re)Assoc + Resp frames. Move HT IEs to be later in (Re)Assoc Resp. + * Wi-Fi Direct support + +- Remove wpa_supplicant-dbus-events.patch (merged upstream) +- Remove wpa_supplicant-probed-cert-dbus-signal.patch (merged + upstream) + ------------------------------------------------------------------- Sat Mar 17 22:30:51 UTC 2012 - dimstar@opensuse.org diff --git a/wpa_supplicant.spec b/wpa_supplicant.spec index 9d47884..0983349 100644 --- a/wpa_supplicant.spec +++ b/wpa_supplicant.spec @@ -29,7 +29,7 @@ BuildRequires: libnl-1_1-devel BuildRequires: libnl-devel %endif Url: http://hostap.epitest.fi/wpa_supplicant/ -Version: 0.7.3 +Version: 1.0 Release: 0 Summary: WPA supplicant implementation License: BSD-3-Clause ; GPL-2.0+ @@ -48,10 +48,7 @@ Patch1: wpa_supplicant-flush-debug-output.patch # is not portable Patch2: wpa_supplicant-sigusr1-changes-debuglevel.patch Patch4: wpa_supplicant-errormsg.patch -# PATCH-FIX-UPSTREAM wpa_supplicant-dbus-events.patch dimstar@opensuse.org -- dbus: Emit property changed events when adding/removing BSSes, taken from git. -Patch5: wpa_supplicant-dbus-events.patch -# PATCH-FIX-UPSTREAM wpa_supplicant-probed-cert-dbus-signal.patch bnc#574266 glin@suse.com -- emit a D-Bus signal when the AP returned the certificate of the RADIUS server -Patch6: wpa_supplicant-probed-cert-dbus-signal.patch +## Patch6: wpa_supplicant-probed-cert-dbus-signal.patch # PATCH-FIX-UPSTREAM wpa_supplicant-gcc47.patch dimstar@opensuse.org -- Fix build with gcc 4.7. Patch7: wpa_supplicant-gcc47.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -90,8 +87,6 @@ cp %{SOURCE1} wpa_supplicant/.config %patch1 -p0 %patch2 -p0 %patch4 -p0 -%patch5 -p1 -%patch6 -p1 %patch7 -p1 %build