Accepting request 121024 from home:gary_lin:branches:hardware

Update to version 1.0 OBS-URL: https://build.opensuse.org/request/show/121024 OBS-URL: https://build.opensuse.org/package/show/hardware/wpa_supplicant?expand=0&rev=25
2012-05-15 08:40:08 +00:00 · 2012-05-15 08:40:08 +00:00 · 253c42541f
commit 253c42541f
parent 59121738c9
7 changed files with 224 additions and 470 deletions
--- a/126
+++ b/126
@ -50,16 +50,13 @@ CONFIG_DRIVER_HOSTAP=y
 #CFLAGS += -I../../include/wireless
 # Driver interface for madwifi driver
 # Deprecated; use CONFIG_DRIVER_WEXT=y instead.
 #CONFIG_DRIVER_MADWIFI=y
 # Set include directory to the madwifi source tree
 #CFLAGS += -I../../madwifi
 # Driver interface for Prism54 driver
 # (Note: Prism54 is not yet supported, i.e., this will not work as-is and is
 # for developers only)
 CONFIG_DRIVER_PRISM54=y
 # Driver interface for ndiswrapper
 # Deprecated; use CONFIG_DRIVER_WEXT=y instead.
 CONFIG_DRIVER_NDISWRAPPER=y
 # Driver interface for Atmel driver
@ -74,12 +71,18 @@ CONFIG_DRIVER_ATMEL=y
 #CFLAGS += -I/opt/WRT54GS/release/src/include
 # Driver interface for Intel ipw2100/2200 driver
 # Deprecated; use CONFIG_DRIVER_WEXT=y instead.
 #CONFIG_DRIVER_IPW=y
 # Driver interface for Ralink driver
 CONFIG_DRIVER_RALINK=y
 # Driver interface for generic Linux wireless extensions
 # Note: WEXT is deprecated in the current Linux kernel version and no new
 # functionality is added to it. nl80211-based interface is the new
 # replacement for WEXT and its use allows wpa_supplicant to properly control
 # the driver to improve existing functionality like roaming and to support new
 # functionality.
 CONFIG_DRIVER_WEXT=y
 # Driver interface for Linux drivers using the nl80211 kernel interface
@ -89,6 +92,8 @@ CONFIG_DRIVER_NL80211=y
 #CONFIG_DRIVER_BSD=y
 #CFLAGS += -I/usr/local/include
 #LIBS += -L/usr/local/lib
 #LIBS_p += -L/usr/local/lib
 #LIBS_c += -L/usr/local/lib
 # Driver interface for Windows NDIS
 #CONFIG_DRIVER_NDIS=y
@ -115,6 +120,13 @@ CONFIG_DRIVER_WIRED=y
 # Driver interface for the Broadcom RoboSwitch family
 #CONFIG_DRIVER_ROBOSWITCH=y
 # Driver interface for no driver (e.g., WPS ER only)
 #CONFIG_DRIVER_NONE=y
 # Solaris libraries
 #LIBS += -lsocket -ldlpi -lnsl
 #LIBS_c += -lsocket
 # Enable IEEE 802.1X Supplicant (automatically included if any EAP method is
 # included)
 CONFIG_IEEE8021X_EAPOL=y
@ -153,6 +165,9 @@ CONFIG_EAP_OTP=y
 # EAP-PSK (experimental; this is _not_ needed for WPA-PSK)
 CONFIG_EAP_PSK=y
 # EAP-pwd (secure authentication using only a password)
 #CONFIG_EAP_PWD=y
 # EAP-PAX
 CONFIG_EAP_PAX=y
@ -182,6 +197,13 @@ CONFIG_EAP_TNC=y
 # Wi-Fi Protected Setup (WPS)
 CONFIG_WPS=y
 # Enable WSC 2.0 support
 CONFIG_WPS2=y
 # Enable WPS external registrar functionality
 CONFIG_WPS_ER=y
 # Disable credentials for an open network by default when acting as a WPS
 # registrar.
 #CONFIG_WPS_REG_DISABLE_OPEN=y
 # EAP-IKEv2
 CONFIG_EAP_IKEV2=y
@ -216,6 +238,10 @@ CONFIG_CTRL_IFACE=y
 # the resulting binary.
 #CONFIG_READLINE=y
 # Include internal line edit mode in wpa_cli. This can be used as a replacement
 # for GNU Readline to provide limited command line editing and history support.
 #CONFIG_WPA_CLI_EDIT=y
 # Remove debugging code that is printing out debug message to stdout.
 # This can be used to reduce the size of the wpa_supplicant considerably
 # if debugging code is not needed. The size reduction can be around 35%
@ -238,11 +264,6 @@ CONFIG_CTRL_IFACE=y
 # wpa_passphrase). This saves about 0.5 kB in code size.
 #CONFIG_NO_WPA_PASSPHRASE=y
 # Remove AES extra functions. This can be used to reduce code size by about
 # 1.5 kB by removing extra AES modes that are not needed for commonly used
 # client configurations (they are needed for some EAP types).
 #CONFIG_NO_AES_EXTRAS=y
 # Disable scan result processing (ap_mode=1) to save code size by about 1 kB.
 # This can be used if ap_scan=1 mode is never enabled.
 #CONFIG_NO_SCAN_PROCESSING=y
@ -302,18 +323,17 @@ CONFIG_IEEE80211W=y
 # Select TLS implementation
 # openssl = OpenSSL (default)
-# gnutls = GnuTLS (needed for TLS/IA, see also CONFIG_GNUTLS_EXTRA)
+# gnutls = GnuTLS
 # internal = Internal TLSv1 implementation (experimental)
 # none = Empty template
 #CONFIG_TLS=openssl
-# Whether to enable TLS/IA support, which is required for EAP-TTLSv1.
+# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
-# You need CONFIG_TLS=gnutls for this to have any effect. Please note that
+# can be enabled to get a stronger construction of messages when block ciphers
-# even though the core GnuTLS library is released under LGPL, this extra
+# are used. It should be noted that some existing TLS v1.0 -based
-# library uses GPL and as such, the terms of GPL apply to the combination
+# implementation may not be compatible with TLS v1.1 message (ClientHello is
-# of wpa_supplicant and GnuTLS if this option is enabled. BSD license may not
+# sent prior to negotiating which version will be used)
-# apply for distribution of the resulting binary.
+#CONFIG_TLSV11=y
 #CONFIG_GNUTLS_EXTRA=y
 # If CONFIG_TLS=internal is used, additional library and include paths are
 # needed for LibTomMath. Alternatively, an integrated, minimal version of
@ -369,22 +389,78 @@ CONFIG_CTRL_IFACE_DBUS_INTRO=y
 # amount of memory/flash.
 #CONFIG_DYNAMIC_EAP_METHODS=y
 # Include client MLME (management frame processing).
 # This can be used to move MLME processing of Linux mac80211 stack into user
 # space. Please note that this is currently only available with
 # driver_nl80211.c and only with a modified version of Linux kernel and
 # wpa_supplicant.
 #CONFIG_CLIENT_MLME=y
 # IEEE Std 802.11r-2008 (Fast BSS Transition)
 #CONFIG_IEEE80211R=y
 # Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt)
 CONFIG_DEBUG_FILE=y
 # Send debug messages to syslog instead of stdout
 #CONFIG_DEBUG_SYSLOG=y
 # Set syslog facility for debug messages
 #CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON
 # Enable privilege separation (see README 'Privilege separation' for details)
 #CONFIG_PRIVSEP=y
 # Enable mitigation against certain attacks against TKIP by delaying Michael
 # MIC error reports by a random amount of time between 0 and 60 seconds
 #CONFIG_DELAYED_MIC_ERROR_REPORT=y
 # Enable tracing code for developer debugging
 # This tracks use of memory allocations and other registrations and reports
 # incorrect use with a backtrace of call (or allocation) location.
 #CONFIG_WPA_TRACE=y
 # For BSD, uncomment these.
 #LIBS += -lexecinfo
 #LIBS_p += -lexecinfo
 #LIBS_c += -lexecinfo
 # Use libbfd to get more details for developer debugging
 # This enables use of libbfd to get more detailed symbols for the backtraces
 # generated by CONFIG_WPA_TRACE=y.
 #CONFIG_WPA_TRACE_BFD=y
 # For BSD, uncomment these.
 #LIBS += -lbfd -liberty -lz
 #LIBS_p += -lbfd -liberty -lz
 #LIBS_c += -lbfd -liberty -lz
 # wpa_supplicant depends on strong random number generation being available
 # from the operating system. os_get_random() function is used to fetch random
 # data when needed, e.g., for key generation. On Linux and BSD systems, this
 # works by reading /dev/urandom. It should be noted that the OS entropy pool
 # needs to be properly initialized before wpa_supplicant is started. This is
 # important especially on embedded devices that do not have a hardware random
 # number generator and may by default start up with minimal entropy available
 # for random number generation.
 #
 # As a safety net, wpa_supplicant is by default trying to internally collect
 # additional entropy for generating random data to mix in with the data fetched
 # from the OS. This by itself is not considered to be very strong, but it may
 # help in cases where the system pool is not initialized properly. However, it
 # is very strongly recommended that the system pool is initialized with enough
 # entropy either by using hardware assisted random number generator or by
 # storing state over device reboots.
 #
 # wpa_supplicant can be configured to maintain its own entropy store over
 # restarts to enhance random number generation. This is not perfect, but it is
 # much more secure than using the same sequence of random numbers after every
 # reboot. This can be enabled with -e<entropy file> command line option. The
 # specified file needs to be readable and writable by wpa_supplicant.
 #
 # If the os_get_random() is known to provide strong random data (e.g., on
 # Linux/BSD, the board in question is known to have reliable source of random
 # data from /dev/urandom), the internal wpa_supplicant random pool can be
 # disabled. This will save some in binary size and CPU use. However, this
 # should only be considered for builds that are known to be used on devices
 # that meet the requirements described above.
 #CONFIG_NO_RANDOM_POOL=y
 # IEEE 802.11n (High Throughput) support (mainly for AP mode)
 #CONFIG_IEEE80211N=y
 # Interworking (IEEE 802.11u)
 # This can be used to enable functionality to improve interworking with
 # external networks (GAS/ANQP to learn more about the networks and network
 # selection based on available credentials).
 #CONFIG_INTERWORKING=y
--- a/wpa_supplicant-0.7.3.tar.bz2
+++ b/wpa_supplicant-0.7.3.tar.bz2
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:495bb18e0fd682f143ec46715f6b2d6ce57ddc6f6dbd0d40603f0d2cef458b3a
 size 1290000
--- a/wpa_supplicant-1.0.tar.bz2
+++ b/wpa_supplicant-1.0.tar.bz2
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:469af636416a85f5ffa3771f3a8d1233b5f3322d796d0523dfa7ba99dcddb003
 size 1525773
--- a/wpa_supplicant-dbus-events.patch
+++ b/wpa_supplicant-dbus-events.patch
@ -1,62 +0,0 @@
 From b80b5639935d37b95d00f86b57f2844a9c775f57 Mon Sep 17 00:00:00 2001
 From: Dan Williams <dcbw@redhat.com>
 Date: Fri, 17 Dec 2010 15:56:01 +0200
 Subject: [PATCH 1/1] dbus: Emit property changed events when adding/removing BSSes
 The supplicant was not emitting property changed events when the BSSs
 property changed.
 Signed-off-by: Dan Williams <dcbw@redhat.com>
 (cherry picked from commit 1e6288df6b07a353a9246b77e0de2a840b5f2c72)
 ---
 wpa_supplicant/dbus/dbus_new.c |    6 ++++++
 wpa_supplicant/dbus/dbus_new.h |    1 +
 2 files changed, 7 insertions(+), 0 deletions(-)
 diff --git a/wpa_supplicant/dbus/dbus_new.c b/wpa_supplicant/dbus/dbus_new.c
 index bdfbbac..c66640a 100644
 --- a/wpa_supplicant/dbus/dbus_new.c
 +++ b/wpa_supplicant/dbus/dbus_new.c
@@ -691,6 +691,10 @@ void wpas_dbus_signal_prop_changed(struct wpa_supplicant *wpa_s,
 			wpas_dbus_getter_current_network;
 		prop = "CurrentNetwork";
 		break;
 +	case WPAS_DBUS_PROP_BSSS:
 +		getter = (WPADBusPropertyAccessor) wpas_dbus_getter_bsss;
 +		prop = "BSSs";
 +		break;
 	default:
 		wpa_printf(MSG_ERROR, "dbus: %s: Unknown Property value %d",
 			   __func__, property);
@@ -1199,6 +1203,7 @@ int wpas_dbus_unregister_bss(struct wpa_supplicant *wpa_s,
 	}
 	wpas_dbus_signal_bss_removed(wpa_s, bss_obj_path);
 +	wpas_dbus_signal_prop_changed(wpa_s, WPAS_DBUS_PROP_BSSS);
 	return 0;
 }
@@ -1263,6 +1268,7 @@ int wpas_dbus_register_bss(struct wpa_supplicant *wpa_s,
 	}
 	wpas_dbus_signal_bss_added(wpa_s, bss_obj_path);
 +	wpas_dbus_signal_prop_changed(wpa_s, WPAS_DBUS_PROP_BSSS);
 	return 0;
 diff --git a/wpa_supplicant/dbus/dbus_new.h b/wpa_supplicant/dbus/dbus_new.h
 index 80ea98c..9cdefcb 100644
 --- a/wpa_supplicant/dbus/dbus_new.h
 +++ b/wpa_supplicant/dbus/dbus_new.h
@@ -30,6 +30,7 @@ enum wpas_dbus_prop {
 	WPAS_DBUS_PROP_STATE,
 	WPAS_DBUS_PROP_CURRENT_BSS,
 	WPAS_DBUS_PROP_CURRENT_NETWORK,
 +	WPAS_DBUS_PROP_BSSS,
 };
 enum wpas_dbus_bss_prop {
 -- 
 1.7.4-rc1
--- a/wpa_supplicant-probed-cert-dbus-signal.patch
+++ b/wpa_supplicant-probed-cert-dbus-signal.patch
@ -1,373 +0,0 @@
 commit ade74830b45466abb41b8e8dbc2f595d8bacb793
 Author: Michael Chang <mchang@novell.com>
 Date:   Tue Jul 5 12:22:32 2011 +0300
    Add dbus signal for information about server certification
    In general, this patch attemps to extend commit
    00468b4650998144f794762206c695c962c54734 with dbus support.
    This can be used by dbus client to implement subject match text
    entry with preset value probed from server. This preset value, if
    user accepts it, is remembered and passed to subject_match config
    for any future authentication.
    Signed-off-by: Michael Chang <mchang@novell.com>
 Index: wpa_supplicant-0.7.3/src/eap_peer/eap.c
 ===================================================================
 --- wpa_supplicant-0.7.3.orig/src/eap_peer/eap.c
 +++ wpa_supplicant-0.7.3/src/eap_peer/eap.c
@@ -1206,6 +1206,13 @@ static void eap_peer_sm_tls_event(void *
 				     data->peer_cert.subject,
 				     cert_hex);
 		}
 +		if (sm->eapol_cb->notify_cert) {
 +			sm->eapol_cb->notify_cert(sm->eapol_ctx,
 +						  data->peer_cert.depth,
 +						  data->peer_cert.subject,
 +						  hash_hex,
 +						  data->peer_cert.cert);
 +		}
 		break;
 	}
 Index: wpa_supplicant-0.7.3/src/eap_peer/eap.h
 ===================================================================
 --- wpa_supplicant-0.7.3.orig/src/eap_peer/eap.h
 +++ wpa_supplicant-0.7.3/src/eap_peer/eap.h
@@ -221,6 +221,17 @@ struct eapol_callbacks {
 	 */
 	void (*eap_param_needed)(void *ctx, const char *field,
 				 const char *txt);
 +
 +	/**
 +	 * notify_cert - Notification of a peer certificate
 +	 * @ctx: eapol_ctx from eap_peer_sm_init() call
 +	 * @depth: Depth in certificate chain (0 = server)
 +	 * @subject: Subject of the peer certificate
 +	 * @cert_hash: SHA-256 hash of the certificate
 +	 * @cert: Peer certificate
 +	 */
 +	void (*notify_cert)(void *ctx, int depth, const char *subject,
 +			    const char *cert_hash, const struct wpabuf *cert);
 };
 /**
 Index: wpa_supplicant-0.7.3/src/eapol_supp/eapol_supp_sm.c
 ===================================================================
 --- wpa_supplicant-0.7.3.orig/src/eapol_supp/eapol_supp_sm.c
 +++ wpa_supplicant-0.7.3/src/eapol_supp/eapol_supp_sm.c
@@ -1810,6 +1810,15 @@ static void eapol_sm_eap_param_needed(vo
 #define eapol_sm_eap_param_needed NULL
 #endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
 +static void eapol_sm_notify_cert(void *ctx, int depth, const char *subject,
 +				 const char *cert_hash,
 +				 const struct wpabuf *cert)
 +{
 +	struct eapol_sm *sm = ctx;
 +	if (sm->ctx->cert_cb)
 +		sm->ctx->cert_cb(sm->ctx->ctx, depth, subject,
 +				 cert_hash, cert);
 +}
 static struct eapol_callbacks eapol_cb =
 {
@@ -1822,7 +1831,8 @@ static struct eapol_callbacks eapol_cb =
 	eapol_sm_set_config_blob,
 	eapol_sm_get_config_blob,
 	eapol_sm_notify_pending,
 -	eapol_sm_eap_param_needed
 +	eapol_sm_eap_param_needed,
 +	eapol_sm_notify_cert
 };
 Index: wpa_supplicant-0.7.3/src/eapol_supp/eapol_supp_sm.h
 ===================================================================
 --- wpa_supplicant-0.7.3.orig/src/eapol_supp/eapol_supp_sm.h
 +++ wpa_supplicant-0.7.3/src/eapol_supp/eapol_supp_sm.h
@@ -220,6 +220,17 @@ struct eapol_ctx {
 	 * @authorized: Whether the supplicant port is now in authorized state
 	 */
 	void (*port_cb)(void *ctx, int authorized);
 +
 +	/**
 +	 * cert_cb - Notification of a peer certificate
 +	 * @ctx: Callback context (ctx)
 +	 * @depth: Depth in certificate chain (0 = server)
 +	 * @subject: Subject of the peer certificate
 +	 * @cert_hash: SHA-256 hash of the certificate
 +	 * @cert: Peer certificate
 +	 */
 +	void (*cert_cb)(void *ctx, int depth, const char *subject,
 +			const char *cert_hash, const struct wpabuf *cert);
 };
 Index: wpa_supplicant-0.7.3/wpa_supplicant/dbus/dbus_new.c
 ===================================================================
 --- wpa_supplicant-0.7.3.orig/wpa_supplicant/dbus/dbus_new.c
 +++ wpa_supplicant-0.7.3/wpa_supplicant/dbus/dbus_new.c
@@ -650,6 +650,53 @@ nomem:
 #endif /* CONFIG_WPS */
 +void wpas_dbus_signal_certification(struct wpa_supplicant *wpa_s,
 +				    int depth, const char *subject,
 +				    const char *cert_hash,
 +				    const struct wpabuf *cert)
 +{
 +	struct wpas_dbus_priv *iface;
 +	DBusMessage *msg;
 +	DBusMessageIter iter, dict_iter;
 +
 +	iface = wpa_s->global->dbus;
 +
 +	/* Do nothing if the control interface is not turned on */
 +	if (iface == NULL)
 +		return;
 +
 +	msg = dbus_message_new_signal(wpa_s->dbus_new_path,
 +				      WPAS_DBUS_NEW_IFACE_INTERFACE,
 +				      "Certification");
 +	if (msg == NULL)
 +		return;
 +
 +	dbus_message_iter_init_append(msg, &iter);
 +	if (!wpa_dbus_dict_open_write(&iter, &dict_iter))
 +		goto nomem;
 +
 +	if (!wpa_dbus_dict_append_uint32(&dict_iter, "depth", depth) ||
 +	    !wpa_dbus_dict_append_string(&dict_iter, "subject", subject))
 +		goto nomem;
 +
 +	if (cert_hash &&
 +	    !wpa_dbus_dict_append_string(&dict_iter, "cert_hash", cert_hash))
 +		goto nomem;
 +
 +	if (cert &&
 +	    !wpa_dbus_dict_append_byte_array(&dict_iter, "cert",
 +					     wpabuf_head(cert),
 +					     wpabuf_len(cert)))
 +		goto nomem;
 +
 +	if (!wpa_dbus_dict_close_write(&iter, &dict_iter))
 +		goto nomem;
 +
 +	dbus_connection_send(iface->con, msg, NULL);
 +
 +nomem:
 +	dbus_message_unref(msg);
 +}
 /**
  * wpas_dbus_signal_prop_changed - Signals change of property
@@ -1488,6 +1535,12 @@ static const struct wpa_dbus_signal_desc
 	  }
 	},
 #endif /* CONFIG_WPS */
 +	{ "Certification", WPAS_DBUS_NEW_IFACE_INTERFACE,
 +	  {
 +		  { "certification", "a{sv}", ARG_OUT },
 +		  END_ARGS
 +	  }
 +	},
 	{ NULL, NULL, { END_ARGS } }
 };
 Index: wpa_supplicant-0.7.3/wpa_supplicant/dbus/dbus_new.h
 ===================================================================
 --- wpa_supplicant-0.7.3.orig/wpa_supplicant/dbus/dbus_new.h
 +++ wpa_supplicant-0.7.3/wpa_supplicant/dbus/dbus_new.h
@@ -120,6 +120,10 @@ void wpas_dbus_signal_blob_removed(struc
 void wpas_dbus_signal_debug_level_changed(struct wpa_global *global);
 void wpas_dbus_signal_debug_timestamp_changed(struct wpa_global *global);
 void wpas_dbus_signal_debug_show_keys_changed(struct wpa_global *global);
 +void wpas_dbus_signal_certification(struct wpa_supplicant *wpa_s,
 +				    int depth, const char *subject,
 +				    const char *cert_hash,
 +				    const struct wpabuf *cert);
 #else /* CONFIG_CTRL_IFACE_DBUS_NEW */
@@ -230,6 +234,14 @@ static inline void wpas_dbus_signal_debu
 {
 }
 +static inline void wpas_dbus_signal_certification(struct wpa_supplicant *wpa_s,
 +						  int depth,
 +						  const char *subject,
 +						  const char *cert_hash,
 +						  const struct wpabuf *cert)
 +{
 +}
 +
 #endif /* CONFIG_CTRL_IFACE_DBUS_NEW */
 #endif /* CTRL_IFACE_DBUS_H_NEW */
 Index: wpa_supplicant-0.7.3/wpa_supplicant/dbus/dbus_old.c
 ===================================================================
 --- wpa_supplicant-0.7.3.orig/wpa_supplicant/dbus/dbus_old.c
 +++ wpa_supplicant-0.7.3/wpa_supplicant/dbus/dbus_old.c
@@ -547,6 +547,59 @@ void wpa_supplicant_dbus_notify_wps_cred
 }
 #endif /* CONFIG_WPS */
 +void wpa_supplicant_dbus_notify_certification(struct wpa_supplicant *wpa_s,
 +					      int depth, const char *subject,
 +					      const char *cert_hash,
 +					      const struct wpabuf *cert)
 +{
 +	struct wpas_dbus_priv *iface;
 +	DBusMessage *_signal = NULL;
 +	const char *hash;
 +	const char *cert_hex;
 +	int cert_hex_len;
 +
 +	/* Do nothing if the control interface is not turned on */
 +	if (wpa_s->global == NULL)
 +		return;
 +	iface = wpa_s->global->dbus;
 +	if (iface == NULL)
 +		return;
 +
 +	_signal = dbus_message_new_signal(wpa_s->dbus_path,
 +					  WPAS_DBUS_IFACE_INTERFACE,
 +					  "Certification");
 +	if (_signal == NULL) {
 +		wpa_printf(MSG_ERROR,
 +		           "dbus: wpa_supplicant_dbus_notify_certification: "
 +		           "Could not create dbus signal; likely out of "
 +		           "memory");
 +		return;
 +	}
 +
 +	hash = cert_hash ? cert_hash : "";
 +	cert_hex = cert ? wpabuf_head(cert) : "";
 +	cert_hex_len = cert ? wpabuf_len(cert) : 0;
 +
 +	if (!dbus_message_append_args(_signal,
 +				      DBUS_TYPE_INT32,&depth,
 +				      DBUS_TYPE_STRING, &subject,
 +	                              DBUS_TYPE_STRING, &hash,
 +	                              DBUS_TYPE_ARRAY, DBUS_TYPE_BYTE,
 +				      &cert_hex, cert_hex_len,
 +	                              DBUS_TYPE_INVALID)) {
 +		wpa_printf(MSG_ERROR,
 +		           "dbus: wpa_supplicant_dbus_notify_certification: "
 +		           "Not enough memory to construct signal");
 +		goto out;
 +	}
 +
 +	dbus_connection_send(iface->con, _signal, NULL);
 +
 +out:
 +	dbus_message_unref(_signal);
 +
 +}
 +
 /**
  * wpa_supplicant_dbus_ctrl_iface_init - Initialize dbus control interface
 Index: wpa_supplicant-0.7.3/wpa_supplicant/dbus/dbus_old.h
 ===================================================================
 --- wpa_supplicant-0.7.3.orig/wpa_supplicant/dbus/dbus_old.h
 +++ wpa_supplicant-0.7.3/wpa_supplicant/dbus/dbus_old.h
@@ -82,6 +82,10 @@ void wpa_supplicant_dbus_notify_state_ch
 					     enum wpa_states old_state);
 void wpa_supplicant_dbus_notify_wps_cred(struct wpa_supplicant *wpa_s,
 					 const struct wps_credential *cred);
 +void wpa_supplicant_dbus_notify_certification(struct wpa_supplicant *wpa_s,
 +					      int depth, const char *subject,
 +					      const char *cert_hash,
 +					      const struct wpabuf *cert);
 char * wpas_dbus_decompose_object_path(const char *path, char **network,
                                        char **bssid);
@@ -114,6 +118,14 @@ wpa_supplicant_dbus_notify_wps_cred(stru
 {
 }
 +static inline void
 +void wpa_supplicant_dbus_notify_certification(struct wpa_supplicant *wpa_s,
 +					      int depth, const char *subject,
 +					      const char *cert_hash,
 +					      const struct wpabuf *cert)
 +{
 +}
 +
 static inline int
 wpas_dbus_register_iface(struct wpa_supplicant *wpa_s)
 {
 Index: wpa_supplicant-0.7.3/wpa_supplicant/notify.c
 ===================================================================
 --- wpa_supplicant-0.7.3.orig/wpa_supplicant/notify.c
 +++ wpa_supplicant-0.7.3/wpa_supplicant/notify.c
@@ -337,3 +337,15 @@ void wpas_notify_resume(struct wpa_globa
 			wpa_supplicant_req_scan(wpa_s, 0, 100000);
 	}
 }
 +
 +
 +void wpas_notify_certification(struct wpa_supplicant *wpa_s, int depth,
 +			       const char *subject, const char *cert_hash,
 +			       const struct wpabuf *cert)
 +{
 +	/* notify the old DBus API */
 +	wpa_supplicant_dbus_notify_certification(wpa_s, depth, subject,
 +						 cert_hash, cert);
 +	/* notify the new DBus API */
 +	wpas_dbus_signal_certification(wpa_s, depth, subject, cert_hash, cert);
 +}
 Index: wpa_supplicant-0.7.3/wpa_supplicant/notify.h
 ===================================================================
 --- wpa_supplicant-0.7.3.orig/wpa_supplicant/notify.h
 +++ wpa_supplicant-0.7.3/wpa_supplicant/notify.h
@@ -78,4 +78,8 @@ void wpas_notify_debug_show_keys_changed
 void wpas_notify_suspend(struct wpa_global *global);
 void wpas_notify_resume(struct wpa_global *global);
 +void wpas_notify_certification(struct wpa_supplicant *wpa_s, int depth,
 +			       const char *subject, const char *cert_hash,
 +			       const struct wpabuf *cert);
 +
 #endif /* NOTIFY_H */
 Index: wpa_supplicant-0.7.3/wpa_supplicant/wpas_glue.c
 ===================================================================
 --- wpa_supplicant-0.7.3.orig/wpa_supplicant/wpas_glue.c
 +++ wpa_supplicant-0.7.3/wpa_supplicant/wpas_glue.c
@@ -32,6 +32,7 @@
 #include "wps_supplicant.h"
 #include "bss.h"
 #include "scan.h"
 +#include "notify.h"
 #ifndef CONFIG_NO_CONFIG_BLOBS
@@ -572,6 +573,16 @@ static void wpa_supplicant_port_cb(void
 		   authorized ? "Authorized" : "Unauthorized");
 	wpa_drv_set_supp_port(wpa_s, authorized);
 }
 +
 +
 +static void wpa_supplicant_cert_cb(void *ctx, int depth, const char *subject,
 +				   const char *cert_hash,
 +				   const struct wpabuf *cert)
 +{
 +	struct wpa_supplicant *wpa_s = ctx;
 +
 +	wpas_notify_certification(wpa_s, depth, subject, cert_hash, cert);
 +}
 #endif /* IEEE8021X_EAPOL */
@@ -602,6 +613,7 @@ int wpa_supplicant_init_eapol(struct wpa
 	ctx->eap_param_needed = wpa_supplicant_eap_param_needed;
 	ctx->port_cb = wpa_supplicant_port_cb;
 	ctx->cb = wpa_supplicant_eapol_cb;
 +	ctx->cert_cb = wpa_supplicant_cert_cb;
 	ctx->cb_ctx = wpa_s;
 	wpa_s->eapol = eapol_sm_init(ctx);
 	if (wpa_s->eapol == NULL) {
--- a/wpa_supplicant.changes
+++ b/wpa_supplicant.changes
@ -1,3 +1,121 @@
 -------------------------------------------------------------------
 Tue May 15 04:35:01 UTC 2012 - glin@suse.com
 - Update to 1.0
        * Delay STA entry removal until Deauth/Disassoc TX status
          in AP mode. This allows the driver to use PS buffering of
          Deauthentication and Disassociation frames when the STA
          is in power save sleep. Only available with drivers that
          provide TX status events for Deauth/Disassoc frames
          (nl80211).
        * Drop oldest unknown BSS table entries first. This makes
          it less likely to hit connection issues in environments
          with huge number of visible APs.
        * Add systemd support.
        * Add support for setting the syslog facility from the
          config file at build time.
        * atheros: Add support for IEEE 802.11w configuration.
        * AP mode: Allow enable HT20 if driver supports it, by
          setting the config parameter ieee80211n.
        * Allow AP mode to disconnect STAs based on low ACK
          condition (when the data connection is not working
          properly, e.g., due to the STA going outside the range
          of the AP).
        * nl80211:
         - Support GTK rekey offload.
         - Support PMKSA candidate events. This adds support for
           RSN pre-authentication with nl80211 interface and
           drivers that handle roaming internally.
        * Improved dbus interface
        * New wpa_cli commands to setup the scan interval and
          to support P2P and WPS/WPS ER
        * AP mode: Add max_num_sta config option, which can be used
          to limit the number of stations allowed to connect to the
          AP.
        * wext: Increase scan timeout from 5 to 10 seconds.
        * Allow an external program to manage the BSS blacklist
          and display its current contents.
        * WPS:
          - Add wpa_cli wps_pin get command for generating random
            PINs. This can be used in a UI to generate a PIN
            without starting WPS (or P2P) operation.
          - Set RF bands based on driver capabilities, instead of
            hardcoding them.
          - Add mechanism for indicating non-standard WPS errors.
          - Add wps_ap_pin cli command for wpa_supplicant AP mode.
          - Add wps_check_pin cli command for processing PIN from
            user input. UIs can use this command to process a PIN
            entered by a user and to validate the checksum digit
            (if present).
          - Cancel WPS operation on PBC session overlap detection.
          - New wps_cancel command in wpa_cli will cancel a
            pending WPS operation.
          - wpa_cli action: Add WPS_EVENT_SUCCESS and
            WPS_EVENT_FAIL handlers.
          - Trigger WPS config update on Manufacturer, Model Name,
            Model Number, and Serial Number changes.
          - Fragment size is now configurable for EAP-WSC peer.
            Use wpa_cli set wps_fragment_size <val>.
          - Disable AP PIN after 10 consecutive failures. Slow down
            attacks on failures up to 10.
          - Allow AP to start in Enrollee mode without AP PIN for
            probing, to be compatible with Windows 7.
          - Add Config Error into WPS-FAIL events to provide more
            info to the user on how to resolve the issue.
          - Label and Display config methods are not allowed to be
            enabled at the same time, since it is unclear which
            PIN to use if both methods are advertised.
          - When controlling multiple interfaces:
            - apply WPS commands to all interfaces configured to
              use WPS
            - apply WPS config changes to all interfaces that use
              WPS
            - when an attack is detected on any interface, disable
              AP PIN on all interfaces
        * WPS ER:
          - Add special AP Setup Locked mode to allow read only ER.
          - Show SetSelectedRegistrar events as ctrl_iface events
          - Add wps_er_set_config to enroll a network based on a
            local network configuration block instead of having to
            (re-)learn the current AP settings with wps_er_learn.
          - Allow AP filtering based on IP address, add ctrl_iface
            event for learned AP settings, add wps_er_config
            command to configure an AP.
        * Add support for WPS 2.0
        * TDLS:
          - Propogate TDLS related nl80211 capability flags from
            kernel and add them as driver capability flags. If the
            driver doesn't support capabilities, assume TDLS is
            supported internally. When TDLS is explicitly not
            supported, disable all user facing TDLS operations.
          - Allow TDLS to be disabled at runtime.
          - Honor AP TDLS settings that prohibit/allow TDLS.
          - Add a special testing feature for changing TDLS
            behavior.
          - Add support for TDLS 802.11z.
        * wlantest: Add a tool wlantest for IEEE802.11 protocol
          testing. wlantest can be used to capture frames from a
          monitor interface for realtime capturing or from pcap
          files for offline analysis.
        * bgscan learn: Add new bgscan that learns BSS information
          based on previous scans, and uses that information to
          dynamically generate the list of channels for background
          scans.
        * Add a new debug message level for excessive information.
        * TLS: Add support for tls_disable_time_checks=1 in client
          mode.
        * Improved internal TLS
        * Add RFKill support by adding an interface state
          "disabled".
        * Reorder some IEs to get closer to IEEE 802.11 standard.
          Move WMM into end of Beacon, Probe Resp and (Re)Assoc
          Resp frames. Move HT IEs to be later in (Re)Assoc Resp.
        * Wi-Fi Direct support
 - Remove wpa_supplicant-dbus-events.patch (merged upstream)
 - Remove wpa_supplicant-probed-cert-dbus-signal.patch (merged
  upstream)
 -------------------------------------------------------------------
 Sat Mar 17 22:30:51 UTC 2012 - dimstar@opensuse.org
--- a/wpa_supplicant.spec
+++ b/wpa_supplicant.spec
@ -29,7 +29,7 @@ BuildRequires:  libnl-1_1-devel
 BuildRequires:  libnl-devel
 %endif
 Url:            http://hostap.epitest.fi/wpa_supplicant/
-Version:        0.7.3
+Version:        1.0
 Release:        0
 Summary:        WPA supplicant implementation
 License:        BSD-3-Clause ; GPL-2.0+
@ -48,10 +48,7 @@ Patch1:         wpa_supplicant-flush-debug-output.patch
 # is not portable
 Patch2:         wpa_supplicant-sigusr1-changes-debuglevel.patch
 Patch4:         wpa_supplicant-errormsg.patch
-# PATCH-FIX-UPSTREAM wpa_supplicant-dbus-events.patch dimstar@opensuse.org -- dbus: Emit property changed events when adding/removing BSSes, taken from git.
+## Patch6:         wpa_supplicant-probed-cert-dbus-signal.patch
 Patch5:         wpa_supplicant-dbus-events.patch
 # PATCH-FIX-UPSTREAM wpa_supplicant-probed-cert-dbus-signal.patch bnc#574266 glin@suse.com -- emit a D-Bus signal when the AP returned the certificate of the RADIUS server
 Patch6:         wpa_supplicant-probed-cert-dbus-signal.patch
 # PATCH-FIX-UPSTREAM wpa_supplicant-gcc47.patch dimstar@opensuse.org -- Fix build with gcc 4.7.
 Patch7:         wpa_supplicant-gcc47.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
@ -90,8 +87,6 @@ cp %{SOURCE1} wpa_supplicant/.config
 %patch1 -p0
 %patch2 -p0
 %patch4 -p0
 %patch5 -p1
 %patch6 -p1
 %patch7 -p1
 %build