rpm/wpa_supplicant
SHA256
1
0
Fork 0
forked from pool/wpa_supplicant
Code Pull Requests Activity

OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/wpa_supplicant?expand=0&rev=1

Browse Source
This commit is contained in:
OBS User unknown 2007-01-15 23:41:30 +00:00 committed by Git OBS Bridge
commit 8fc165dcc0
12 changed files with 1114 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
.osc

28
config Normal file
View File

@ -0,0 +1,28 @@
CONFIG_DRIVER_HOSTAP=y
CONFIG_DRIVER_PRISM54=y
# CONFIG_DRIVER_HERMES
# CONFIG_DRIVER_MADWIFI gets dynamically added when needed
CONFIG_DRIVER_ATMEL=y
CONFIG_DRIVER_WEXT=y
CONFIG_DRIVER_NDISWRAPPER=y
CONFIG_DRIVER_IPW=y
CONFIG_DRIVER_WIRED=y
CONFIG_WIRELESS_EXTENSION=y
CONFIG_IEEE8021X_EAPOL=y
CONFIG_EAP_MD5=y
CONFIG_MSCHAPV2=y
CONFIG_EAP_TLS=y
CONFIG_EAP_PEAP=y
CONFIG_EAP_TTLS=y
CONFIG_EAP_GTC=y
CONFIG_EAP_OTP=y
CONFIG_EAP_PSK=y
CONFIG_EAP_PAX=y
CONFIG_EAP_LEAP=y
CONFIG_PKCS12=y
CONFIG_SMARTCARD=y
CONFIG_CTRL_IFACE=y
CONFIG_READLINE=y
#CONFIG_PCSC
#CONFIG_EAP_SIM
#CONFIG_EAP_AKA

0
ready Normal file
View File

3
wpa_supplicant-0.4.9.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:3d85a5f73596e13cfedc692c861b7ee18de8bc93ab78f73939813db2dd72f471
size 373470

31
wpa_supplicant-ctrl-iface-ap-scan.patch Normal file
View File

@ -0,0 +1,31 @@
--- ctrl_iface.c.orig 2005-11-07 23:12:50.000000000 -0500
+++ ctrl_iface.c 2006-01-09 11:26:55.000000000 -0500
@@ -930,6 +930,18 @@
}
+static int wpa_supplicant_ctrl_iface_ap_scan(struct wpa_supplicant *wpa_s,
+ char *cmd)
+{
+ int ap_scan = atoi (cmd);
+
+ if (ap_scan < 0 || ap_scan > 2)
+ return -1;
+ wpa_s->conf->ap_scan = ap_scan;
+ return 0;
+}
+
+
static void wpa_supplicant_ctrl_iface_receive(int sock, void *eloop_ctx,
void *sock_ctx)
{
@@ -1064,6 +1076,9 @@
} else if (strncmp(buf, "GET_CAPABILITY ", 15) == 0) {
reply_len = wpa_supplicant_ctrl_iface_get_capability(
wpa_s, buf + 15, reply, reply_size);
+ } else if (strncmp(buf, "AP_SCAN ", 8) == 0) {
+ if (wpa_supplicant_ctrl_iface_ap_scan(wpa_s, buf + 8))
+ reply_len = -1;
} else {
memcpy(reply, "UNKNOWN COMMAND\n", 16);
reply_len = 16;

13
wpa_supplicant-driver-ssid-len.patch Normal file
View File

@ -0,0 +1,13 @@
--- wpa_supplicant.c.ssid-len 2006-01-10 00:13:09.000000000 -0500
+++ wpa_supplicant.c 2006-01-10 00:16:26.000000000 -0500
@@ -1429,6 +1429,10 @@
}
ssid_len = res;
+ /* Some drivers NULL the end and add one to the length */
+ if (ssid[ssid_len - 1] == '\0')
+ ssid_len--;
+
if (wpa_drv_get_bssid(wpa_s, bssid) < 0) {
wpa_printf(MSG_WARNING, "Could not read BSSID from driver.");
return NULL;

28
wpa_supplicant-iw_encode_temp.diff Normal file
View File

@ -0,0 +1,28 @@
Index: wpa_supplicant-0.4.8/driver_wext.c
===================================================================
--- wpa_supplicant-0.4.8.orig/driver_wext.c 2006-07-13 11:23:05.000000000 +0200
+++ wpa_supplicant-0.4.8/driver_wext.c 2006-07-13 11:23:57.000000000 +0200
@@ -1280,6 +1280,7 @@ static int wpa_driver_wext_set_key_ext(v
memset(&iwr, 0, sizeof(iwr));
strncpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
iwr.u.encoding.flags = key_idx + 1;
+ iwr.u.encoding.flags |= IW_ENCODE_TEMP;
if (alg == WPA_ALG_NONE)
iwr.u.encoding.flags |= IW_ENCODE_DISABLED;
iwr.u.encoding.pointer = (caddr_t) ext;
@@ -1401,6 +1402,7 @@ int wpa_driver_wext_set_key(void *priv,
memset(&iwr, 0, sizeof(iwr));
strncpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
iwr.u.encoding.flags = key_idx + 1;
+ iwr.u.encoding.flags |= IW_ENCODE_TEMP;
if (alg == WPA_ALG_NONE)
iwr.u.encoding.flags |= IW_ENCODE_DISABLED;
iwr.u.encoding.pointer = (caddr_t) key;
@@ -1415,6 +1417,7 @@ int wpa_driver_wext_set_key(void *priv,
memset(&iwr, 0, sizeof(iwr));
strncpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
iwr.u.encoding.flags = key_idx + 1;
+ iwr.u.encoding.flags |= IW_ENCODE_TEMP;
iwr.u.encoding.pointer = (caddr_t) NULL;
iwr.u.encoding.length = 0;
if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) {

13
wpa_supplicant-wep_key_fix.dif Normal file
View File

@ -0,0 +1,13 @@
Index: wpa_supplicant-0.4.8/driver_wext.c
===================================================================
--- wpa_supplicant-0.4.8.orig/driver_wext.c
+++ wpa_supplicant-0.4.8/driver_wext.c
@@ -1415,7 +1415,7 @@ int wpa_driver_wext_set_key(void *priv,
memset(&iwr, 0, sizeof(iwr));
strncpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
iwr.u.encoding.flags = key_idx + 1;
- iwr.u.encoding.pointer = (caddr_t) key;
+ iwr.u.encoding.pointer = (caddr_t) NULL;
iwr.u.encoding.length = 0;
if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) {
perror("ioctl[SIOCSIWENCODE] (set_tx)");

434
wpa_supplicant.changes Normal file
View File

@ -0,0 +1,434 @@
-------------------------------------------------------------------
Mon Nov 6 16:29:14 CET 2006 - jg@suse.de
- set IW_ENCODE_TEMP flag (needed to use dynamic WEP with airo
driver, bug 185528)
-------------------------------------------------------------------
Fri Oct 6 11:52:37 CEST 2006 - jg@suse.de
- update to 0.4.9:
* fixed EAPOL re-authentication for sessions that used PMKSA
caching
* reject WPA/WPA2 message 3/4 if it does not include any valid
WPA/RSN IE
* driver_wext: added support for WE-21 change to SSID configuration
* driver_wext: fixed privacy configuration for static WEP keys mode
[Bug 140]
* driver_wext: added fallback to use SIOCSIWENCODE for setting
auth_alg if the driver does not support SIOCSIWAUTH
-------------------------------------------------------------------
Fri Mar 24 19:08:20 CET 2006 - jg@suse.de
- fixed static WEP key usage (bug 144268)
-------------------------------------------------------------------
Thu Feb 16 10:04:31 CET 2006 - jg@suse.de
- update to 0.4.8 (bug 151151)
* added support for EAP-FAST key derivation using other ciphers than
RC4-128-SHA for authentication and AES128-SHA for provisioning
* fixed EAP-SIM and EAP-AKA pseudonym and fast re-authentication to
decrypt AT_ENCR_DATA attributes correctly
* added support for configuring CA certificate as DER file and as a
configuration blob
* fixed private key configuration as configuration blob and added
support for using PKCS#12 as a blob
* added support for loading trusted CA certificates from Windows
certificate store: ca_cert="cert_store://<name>", where <name> is
likely CA (Intermediate CA certificates) or ROOT (root certificates)
* fixed TLS library deinitialization after RSN pre-authentication not
to disable TLS library for normal authentication
* fixed PMKSA cache processing not to trigger deauthentication if the
current PMKSA cache entry is replaced with a valid new entry
* fixed PC/SC initialization for ap_scan != 1 modes (this fixes
EAP-SIM and EAP-AKA with real SIM/USIM card when using ap_scan=0 or
ap_scan=2)
* do not try to use USIM APDUs when initializing PC/SC for SIM card
access for a network that has not enabled EAP-AKA
-------------------------------------------------------------------
Sun Feb 5 18:34:21 CET 2006 - ro@suse.de
- removed km_wlan from BuildRequires
-------------------------------------------------------------------
Wed Jan 25 21:42:51 CET 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
-------------------------------------------------------------------
Tue Jan 17 19:32:07 CET 2006 - rml@suse.de
- Add patch (from upstream) fixing bad drivers that NULL out
the SSID and send the wrong length.
-------------------------------------------------------------------
Tue Jan 10 12:27:27 CET 2006 - jg@suse.de
- added AP scan mode selection via control interface (patch
from rml@novell.com)
-------------------------------------------------------------------
Mon Nov 21 12:41:52 CET 2005 - jg@suse.de
- update to 0.4.7, changes (shortened):
* l2_packet_pcap: fixed wired IEEE 802.1X authentication with
libpcap and WinPcap to receive frames sent to PAE group address
* disable EAP state machine when IEEE 802.1X authentication is
not used in order to get rid of bogus "EAP failed" messages
* fixed OpenSSL error reporting to go through all pending errors
to avoid confusing reports of old errors being reported at
later point during handshake
* fixed configuration file updating to not write empty variables
(e.g., proto or key_mgmt) that the file parser would not accept
* fixed ADD_NETWORK ctrl_iface command to use the same default
values for variables as empty network definitions read from
config file would get
* fixed EAP state machine to not discard EAP-Failure messages in
many cases (e.g., during TLS handshake)
* fixed a infinite loop in private key reading if the configured
file cannot be parsed successfully
* driver_madwifi: added support for madwifi-ng
* wpa_gui: do not display password/PSK field contents
* wpa_gui: added CA certificate configuration
* use longer timeout for IEEE 802.11 association to avoid problems
with drivers that may take more than five second to associate
- dropped obsolete madwifi patch
- dropped obsolete copy of wireless.h
- updated config file
- use $RPM_OPT_FLAGS and %jobs
- created subpackage wpa_supplicant-gui containing wpa_gui
-------------------------------------------------------------------
Tue Nov 8 15:22:13 CET 2005 - jg@suse.de
- do not build as root
-------------------------------------------------------------------
Fri Nov 4 18:16:50 CET 2005 - jg@suse.de
- added support for madwifi-ng
- compiling against Wireless Extensions v19
- removed obsolete config option CONFIG_XSUPPLICANT_IFACE
-------------------------------------------------------------------
Fri Oct 28 12:25:59 CEST 2005 - jg@suse.de
- update to 0.4.6, changes (shortened):
* allow fallback to WPA, if mixed WPA+WPA2 networks have mismatch
in RSN IE, but WPA IE would match with wpa_supplicant
configuration
* added support for named configuration blobs in order to avoid
having to use file system for external files (e.g., certificates)
* fixed RSN pre-authentication
* driver_madwifi: set IEEE80211_KEY_GROUP flag for group keys to
make sure the driver configures broadcast decryption correctly
* added ca_path (and ca_path2) configuration variables that can be
used to configure OpenSSL CA path, e.g., /etc/ssl/certs, for
using the system-wide trusted CA list
* added support for starting wpa_supplicant without a configuration
file
* added global control interface that can be optionally used for
adding and removing network interfaces dynamically
* wpa_gui:
- try to save configuration whenever something is modified
- added WEP key configuration
- added possibility to edit the current network configuration
* driver_ndis: fixed driver polling not to increase frequency on
each received EAPOL frame due to incorrectly cancelled timeout
* fixed driver_wext.c to filter wireless events based on ifindex
to avoid interfaces receiving events from other interfaces
* delay sending initial EAPOL-Start couple of seconds to speed
up authentication for the most common case of Authenticator
starting EAP authentication immediately after association
-------------------------------------------------------------------
Thu Oct 13 16:40:44 CEST 2005 - jg@suse.de
- update to 0.4.5, changes (shortened):
* added a workaround for clearing keys with ndiswrapper to allow
roaming from WPA enabled AP to plaintext one
* l2_packet_linux: use socket type SOCK_DGRAM instead of SOCK_RAW
for PF_PACKET in order to prepare for network devices that do
not use Ethernet headers (e.g., network stack with native IEEE
802.11 frames)
* use receipt of EAPOL-Key frame as a lower layer success indication
for EAP state machine to allow recovery from dropped EAP-Success
frame
* driver_wext: add support for WE-19
* added support for multiple configuration backends (CONFIG_BACKEND
option); currently, only 'file' is supported (i.e., the format used
in wpa_supplicant.conf)
* added support for updating configuration ('wpa_cli save_config')
* added GET_NETWORK ctrl_iface command
-------------------------------------------------------------------
Mon Aug 29 15:26:27 CEST 2005 - jg@suse.de
- update to 0.4.4 (bug 112977), changes (shortened):
* replaced OpenSSL patch for EAP-FAST support
(openssl-tls-extensions.patch) with a more generic and correct
patch
* allow non-WPA modes (e.g., IEEE 802.1X with dynamic WEP) to be
used with drivers that do not support WPA
* added support for enabling/disabling networks from the list of
all configured networks
* added support for adding and removing network from the current
configuration
* added support for setting network configuration parameters
through the control interface
* fixed parsing of strings that include both " and # within double
quoted area (e.g., "start"#end")
* removed interface for external EAPOL/EAP supplicant
* fixed build with CONFIG_DNET_PCAP=y on Linux
* l2_packet: moved different implementations into separate files
* added support for using ap_scan=2 mode with multiple network
blocks
* fixed a potential issue in RSN pre-authentication ending up using
freed memory if pre-authentication times out
* added support for querying private key password (EAP-TLS) through
the control interface (wpa_cli/wpa_gui) if one is not included in
the configuration file
* driver_broadcom: fixed couple of memory leaks in scan result
processing
* EAP-PAX is now registered as EAP type 46
* fixed EAP-PAX MAC calculation
* fixed EAP-PAX CK and ICK key derivation
* added support for using password with EAP-PAX
* added support for arbitrary driver interface parameters through the
configuration file with a new driver_param field
* added possibility to override l2_packet module with driver
interface API (new send_eapol handler)
* fixed ctrl_interface_group processing for the case where gid is
entered as a number, not group name
* driver_test: added support for testing hostapd with wpa_supplicant
by using test driver interface without any kernel drivers or
network cards
* added support for EAP-MSCHAPv2 password retries within the same
EAP authentication session
* added support for password changes with EAP-MSCHAPv2
* added support for reading additional certificates from PKCS#12
files and adding them to the certificate chain
* fixed association with IEEE 802.1X (no WPA) when dynamic WEP keys
were used
* display EAP Notification messages to user through control
interface with "CTRL-EVENT-EAP-NOTIFICATION" prefix
* added 'disconnect' command to control interface for setting
wpa_supplicant in state where it will not associate before
'reassociate' command has been used
* added support for getting scan results through control interface
* added support for wired authentication (IEEE 802.1X on wired
Ethernet); driver interface 'wired'
* added support for sending TLS alerts
* added support for 'any' SSID wildcard; if ssid is not configured or
is set to an empty string, any SSID will be accepted for non-WPA AP
* added support for asking PIN (for SIM) from frontends (e.g.,
wpa_cli);
* added support for using external devices (e.g., a smartcard) for
private key operations in EAP-TLS (CONFIG_SMARTCARD=y in .config);
* added experimental support for EAP-PAX
* added monitor mode for wpa_cli
-------------------------------------------------------------------
Mon Jul 11 15:46:53 CEST 2005 - jg@suse.de
- update to 0.3.9, changes:
* modified the EAP workaround that accepts EAP-Success with
incorrect Identifier to be even less strict about verification
in order to interoperate with some authentication servers
* fixed RSN IE in 4-Way Handshake message 2/4 for the case where
Authenticator rejects PMKSA caching attempt and the driver is
not using assoc_info events
* fixed a possible double free in EAP-TTLS fast-reauthentication
when identity or password is entered through control interface
* added -P<pid file> argument for wpa_supplicant to write the
current process id into a file
* driver_madwifi: fixed association in plaintext mode
* driver_madwifi: added preliminary support for compiling against
'BSD' branch of madwifi CVS tree
* added EAP workaround for PEAPv1 session resumption: allow outer,
i.e., not tunneled, EAP-Success to terminate session since; this
can be disabled with eap_workaround=0
* driver_ipw: updated driver structures to match with ipw2200-1.0.4
(note: ipw2100-1.1.0 is likely to require an update to work with
this)
* driver_broadcom: fixed couple of memory leaks in scan result
processing
- removed pidfile patch in favour of the new upstream
implementation
-------------------------------------------------------------------
Mon Mar 21 11:36:26 CET 2005 - jg@suse.de
- creating directory /var/run/wpa_supplicant when needed (bug 74023)
-------------------------------------------------------------------
Mon Feb 14 09:58:59 CET 2005 - jg@suse.de
- update to 0.3.8, changes:
* fixed EAPOL-Key validation to drop packets with invalid Key
Data Length; such frames could have crashed wpa_supplicant due
to buffer overflow
-------------------------------------------------------------------
Mon Feb 7 17:00:37 CET 2005 - jg@suse.de
- update to 0.3.7-pre, changes:
* fixed WPA/RSN IE verification in message 3 of 4-Way Handshake
when using drivers that take care of AP selection (e.g., when
using ap_scan=2)
* fixed reprocessing of pending request after ctrl_iface requests
for identity/password/otp
* fixed ctrl_iface requests for identity/password/otp in Phase 2
of EAP-PEAP and EAP-TTLS
* all drivers using driver_wext: set interface up and select
Managed mode when starting wpa_supplicant; set interface down
when exiting
* renamed driver_ipw2100.c to driver_ipw.c since it now supports
both ipw2100 and ipw2200
* fixed a busy loop introduced in v0.3.5 for scan result
processing when no matching AP is found
* added a workaround for an interoperability issue with a Cisco AP
when using WPA2-PSK
* fixed non-WPA IEEE 802.1X to use the same authentication timeout
as WPA with IEEE 802.1X
* fixed issues with 64-bit CPUs and SHA1 cleanup in previous
version (e.g., segfault when processing EAPOL-Key frames)
* fixed EAP workaround and fast reauthentication configuration for
RSN pre-authentication
* added support for blacklisting APs that fail or timeout
authentication in ap_scan=1 mode so that all APs are tried in
cases where the ones with strongest signal level are failing
authentication
* fixed CA certificate loading after a failed EAP-TLS/PEAP/TTLS
authentication attempt
* added preliminary support for IBSS (ad-hoc) mode configuration
* added optional support for GNU Readline and History Libraries
for wpa_cli (CONFIG_READLINE)
* added couple of workarounds for interoperability issues with a
Cisco AP when using WPA2
* fixed private key loading for cases where passphrase is not set
* improved recovery from PMKID mismatches by requesting full EAP
authentication in case of failed PMKSA caching attempt
* driver_ndis: added support for NDIS NdisMIncidateStatus() events
* driver_ndis: use ADD_WEP/REMOVE_WEP when configuring WEP keys
* added support for driver interfaces to replace the interface
name based on driver/OS specific mapping, e.g., in case of
driver_ndis, this allows the beginning of the adapter
description to be used as the interface name
* driver_ndis: enable radio before starting scanning, disable
radio when exiting
* added KEY_MGMT_802_1X_NO_WPA as a new key_mgmt type so that
driver interface can distinguish plaintext and IEEE 802.1X
(no WPA) authentication
* fixed static WEP key configuration to use broadcast/default type
for all keys
* driver_ndis: added legacy WPA capability detection for non-WPA2
drivers
* added support for setting static WEP keys for IEEE 802.1X
without dynamic WEP keying (eapol_flags=0)
* added support for reading PKCS#12 (PFX) files (as a replacement
for PEM/DER) to get certificate and private key (CONFIG_PKCS12)
* added new ap_scan mode, ap_scan=2, for drivers that take care of
association, but need to be configured with security policy and
SSID, e.g., ndiswrapper and NDIS driver
-------------------------------------------------------------------
Thu Jan 13 12:32:51 CET 2005 - jg@suse.de
- update to 0.2.6, changes:
* added driver interface for Intel ipw2100 driver
* fixed a bug in PMKSA cache processing: skip sending of
EAPOL-Start only if there is a PMKSA cache entry for the
current AP
* fixed error handling for case where reading of scan results
fails: must schedule a new scan or wpa_supplicant will remain
waiting forever
* set pairwise/group cipher suite for non-WPA IEEE 802.1X to
WEP-104 if keys are not configured to be used; this fixes
IEEE 802.1X mode with drivers that use this information to
configure whether Privacy bit can be in Beacon frames
(e.g., ndiswrapper)
* improved downgrade attack detection in IE verification of
msg 3/4: verify both WPA and RSN IEs, if present, not only the
selected one; reject the AP if an RSN IE is found in msg 3/4,
but not in Beacon or Probe Response frame, and RSN is enabled in
wpa_supplicant configuration
* fixed WPA msg 3/4 processing to allow Key Data field contain
other IEs than just one WPA IE
* modified association event handler to set portEnabled = FALSE
before clearing port Valid in order to reset EAP state machine
and avoid problems with new authentication getting ignored because
of state machines ending up in AUTHENTICATED/SUCCESS state based
on old information
- removed obsolete ipw2100 patch
- added wpa_supplicant.fig to filelist
-------------------------------------------------------------------
Fri Oct 22 12:47:44 CEST 2004 - jg@suse.de
- update to 0.2.5, changes:
* wpa_cli: fixed parsing of -p <path> command line argument
* fixed parsing of wep_tx_keyidx
* fixed couple of errors in PCSC handling that could have caused
random-looking errors for EAP-SIM
* PEAPv1: fixed tunneled EAP-Success reply handling to reply with
TLS ACK, not tunneled EAP-Success
* PEAPv1: added support for terminating PEAP authentication on
tunneled EAP-Success message
* PEAPv1: changed phase1 option peaplabel to use default to 0, i.e.,
to the old label for key derivation; previously, the default was 1,
but it looks like most existing PEAPv1 implementations use the old
label which is thus more suitable default option
* changed SSID configuration in driver_wext.c (used by many driver
interfaces) to use ssid_len+1 as the length for SSID since some
Linux drivers expect this
* fixed couple of unaligned reads in scan result parsing to fix WPA
connection on some platforms (e.g., ARM)
- disabled madwifi support on ppc
-------------------------------------------------------------------
Wed Sep 29 00:36:22 CEST 2004 - jg@suse.de
- added support for ipw2100 driver
-------------------------------------------------------------------
Tue Aug 31 16:57:27 CEST 2004 - jg@suse.de
- added support for writing pid-file
-------------------------------------------------------------------
Mon Aug 2 18:52:39 CEST 2004 - jg@suse.de
- fixed build on non-x86 platforms
-------------------------------------------------------------------
Mon Aug 2 17:35:57 CEST 2004 - jg@suse.de
- update to version 0.2.4, important changes:
- support for new EAP authentication methods:
EAP-TTLS/EAP-MD5-Challenge
EAP-TTLS/EAP-GTC
EAP-TTLS/EAP-MSCHAPv2
EAP-TTLS/EAP-TLS
EAP-TTLS/MSCHAPv2
EAP-TTLS/MSCHAP
EAP-TTLS/PAP
EAP-TTLS/CHAP
EAP-PEAP/TLS
EAP-PEAP/GTC
EAP-PEAP/MD5-Challenge
EAP-GTC
EAP-TTLS/EAP-OTP, EAP-PEAPv0/OTP, EAP-PEAPv1/OTP, EAP-OTP
- support for ATMEL AT76C5XXX driver
- support for madwifi driver
- lots of minor changes, see ChangeLog
- added km_wlan to needforbuild (driver source of madwifi is
needed)
-------------------------------------------------------------------
Thu Jun 17 14:40:13 CEST 2004 - jg@suse.de
- Initial package

84
wpa_supplicant.dif Normal file
View File

@ -0,0 +1,84 @@
Index: Makefile
===================================================================
--- Makefile.orig
+++ Makefile
@@ -6,6 +6,8 @@ ifndef CFLAGS
CFLAGS = -MMD -O2 -Wall -g
endif
+MADWIFI_SOURCE=$(shell echo /usr/include/madwifi-*)
+
# Include directories for CVS version
CFLAGS += -I. -I../utils -I../hostapd
@@ -79,7 +81,7 @@ CONFIG_WIRELESS_EXTENSION=y
endif
ifdef CONFIG_DRIVER_MADWIFI
-CFLAGS += -DCONFIG_DRIVER_MADWIFI
+CFLAGS += -DCONFIG_DRIVER_MADWIFI -I$(MADWIFI_SOURCE)
OBJS_d += driver_madwifi.o
CONFIG_WIRELESS_EXTENSION=y
endif
Index: driver_atmel.c
===================================================================
--- driver_atmel.c.orig
+++ driver_atmel.c
@@ -44,6 +44,7 @@
#include <unistd.h>
#include <string.h>
#include <sys/ioctl.h>
+#include <sys/socket.h>
#include <errno.h>
#include "wireless_copy.h"
Index: driver_hostap.c
===================================================================
--- driver_hostap.c.orig
+++ driver_hostap.c
@@ -17,6 +17,7 @@
#include <unistd.h>
#include <string.h>
#include <sys/ioctl.h>
+#include <sys/socket.h>
#include <errno.h>
#include "wireless_copy.h"
Index: driver_prism54.c
===================================================================
--- driver_prism54.c.orig
+++ driver_prism54.c
@@ -18,6 +18,7 @@
#include <unistd.h>
#include <string.h>
#include <sys/ioctl.h>
+#include <sys/socket.h>
#include <errno.h>
#include "wireless_copy.h"
Index: driver_madwifi.c
===================================================================
--- driver_madwifi.c.orig
+++ driver_madwifi.c
@@ -18,7 +18,9 @@
#include <unistd.h>
#include <string.h>
#include <sys/ioctl.h>
+#include <sys/socket.h>
#include <errno.h>
+#include <sys/socket.h>
#include "common.h"
#include "driver.h"
Index: driver_ipw.c
===================================================================
--- driver_ipw.c.orig
+++ driver_ipw.c
@@ -19,6 +19,7 @@
#include <unistd.h>
#include <string.h>
#include <sys/ioctl.h>
+#include <sys/socket.h>
#include <errno.h>
#include "wireless_copy.h"

456
wpa_supplicant.spec Normal file
View File

@ -0,0 +1,456 @@
#
# spec file for package wpa_supplicant (Version 0.4.9)
#
# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
# package are under the same license as the package itself.
#
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
# norootforbuild
Name: wpa_supplicant
BuildRequires: libdrm-devel libjpeg-devel openssl-devel qt3-devel readline-devel update-desktop-files
%ifarch %ix86 x86_64
BuildRequires: madwifi-devel
%endif
URL: http://hostap.epitest.fi/
Version: 0.4.9
Release: 16
License: BSD License and BSD-like, GNU General Public License (GPL) - all versions
Group: Productivity/Networking/Other
Summary: WPA supplicant implementation
Source: http://hostap.epitest.fi/releases/wpa_supplicant-%{version}.tar.bz2
Source1: config
Patch0: wpa_supplicant.dif
Patch1: wpa_supplicant-ctrl-iface-ap-scan.patch
Patch2: wpa_supplicant-driver-ssid-len.patch
Patch3: wpa_supplicant-wep_key_fix.dif
Patch4: wpa_supplicant-iw_encode_temp.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
wpa_supplicant is an implementation of the WPA Supplicant component,
i.e., the part that runs in the client stations. It implements key
negotiation with a WPA Authenticator and it controls the roaming and
IEEE 802.11 authentication/association of the wlan driver.
Authors:
--------
Jouni Malinen <jkmaline@cc.hut.fi>
%package gui
Summary: WPA supplicant graphical front-end
Requires: wpa_supplicant
Group: System/Monitoring
%description gui
This package contains a graphical front-end to wpa_supplicant, an
implementation of the WPA Supplicant component.
Authors:
--------
Jouni Malinen <jkmaline@cc.hut.fi>
%prep
%setup -n wpa_supplicant-%{version}
%patch0
%patch1
%patch2
%patch3 -p1
%patch4 -p1
cp %{SOURCE1} .config
%build
%ifarch %ix86 x86_64
echo CONFIG_DRIVER_MADWIFI=y >>.config
%endif
CFLAGS="$RPM_OPT_FLAGS" make %{?jobs:-j%jobs}
cd wpa_gui
/usr/lib/qt3/bin/qmake
make %{?jobs:-j%jobs}
%install
mkdir -p %{buildroot}%{_sbindir}
install -m 755 wpa_cli %{buildroot}%{_sbindir}
install -m 755 wpa_passphrase %{buildroot}%{_sbindir}
install -m 755 wpa_supplicant %{buildroot}%{_sbindir}
install -m 755 wpa_gui/wpa_gui %{buildroot}%{_sbindir}
%files
%defattr(-,root,root)
%doc ChangeLog COPYING README todo.txt doc/wpa_supplicant.fig examples wpa_supplicant.conf
%{_sbindir}/wpa_cli
%{_sbindir}/wpa_passphrase
%{_sbindir}/wpa_supplicant
%files gui
%defattr(-,root,root)
/usr/sbin/wpa_gui
%changelog -n wpa_supplicant
* Mon Nov 06 2006 - jg@suse.de
- set IW_ENCODE_TEMP flag (needed to use dynamic WEP with airo
driver, bug 185528)
* Fri Oct 06 2006 - jg@suse.de
- update to 0.4.9:
* fixed EAPOL re-authentication for sessions that used PMKSA
caching
* reject WPA/WPA2 message 3/4 if it does not include any valid
WPA/RSN IE
* driver_wext: added support for WE-21 change to SSID configuration
* driver_wext: fixed privacy configuration for static WEP keys mode
[Bug 140]
* driver_wext: added fallback to use SIOCSIWENCODE for setting
auth_alg if the driver does not support SIOCSIWAUTH
* Fri Mar 24 2006 - jg@suse.de
- fixed static WEP key usage (bug 144268)
* Thu Feb 16 2006 - jg@suse.de
- update to 0.4.8 (bug 151151)
* added support for EAP-FAST key derivation using other ciphers than
RC4-128-SHA for authentication and AES128-SHA for provisioning
* fixed EAP-SIM and EAP-AKA pseudonym and fast re-authentication to
decrypt AT_ENCR_DATA attributes correctly
* added support for configuring CA certificate as DER file and as a
configuration blob
* fixed private key configuration as configuration blob and added
support for using PKCS#12 as a blob
* added support for loading trusted CA certificates from Windows
certificate store: ca_cert="cert_store://<name>", where <name> is
likely CA (Intermediate CA certificates) or ROOT (root certificates)
* fixed TLS library deinitialization after RSN pre-authentication not
to disable TLS library for normal authentication
* fixed PMKSA cache processing not to trigger deauthentication if the
current PMKSA cache entry is replaced with a valid new entry
* fixed PC/SC initialization for ap_scan != 1 modes (this fixes
EAP-SIM and EAP-AKA with real SIM/USIM card when using ap_scan=0 or
ap_scan=2)
* do not try to use USIM APDUs when initializing PC/SC for SIM card
access for a network that has not enabled EAP-AKA
* Sun Feb 05 2006 - ro@suse.de
- removed km_wlan from BuildRequires
* Wed Jan 25 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
* Tue Jan 17 2006 - rml@suse.de
- Add patch (from upstream) fixing bad drivers that NULL out
the SSID and send the wrong length.
* Tue Jan 10 2006 - jg@suse.de
- added AP scan mode selection via control interface (patch
from rml@novell.com)
* Mon Nov 21 2005 - jg@suse.de
- update to 0.4.7, changes (shortened):
* l2_packet_pcap: fixed wired IEEE 802.1X authentication with
libpcap and WinPcap to receive frames sent to PAE group address
* disable EAP state machine when IEEE 802.1X authentication is
not used in order to get rid of bogus "EAP failed" messages
* fixed OpenSSL error reporting to go through all pending errors
to avoid confusing reports of old errors being reported at
later point during handshake
* fixed configuration file updating to not write empty variables
(e.g., proto or key_mgmt) that the file parser would not accept
* fixed ADD_NETWORK ctrl_iface command to use the same default
values for variables as empty network definitions read from
config file would get
* fixed EAP state machine to not discard EAP-Failure messages in
many cases (e.g., during TLS handshake)
* fixed a infinite loop in private key reading if the configured
file cannot be parsed successfully
* driver_madwifi: added support for madwifi-ng
* wpa_gui: do not display password/PSK field contents
* wpa_gui: added CA certificate configuration
* use longer timeout for IEEE 802.11 association to avoid problems
with drivers that may take more than five second to associate
- dropped obsolete madwifi patch
- dropped obsolete copy of wireless.h
- updated config file
- use $RPM_OPT_FLAGS and %%jobs
- created subpackage wpa_supplicant-gui containing wpa_gui
* Tue Nov 08 2005 - jg@suse.de
- do not build as root
* Fri Nov 04 2005 - jg@suse.de
- added support for madwifi-ng
- compiling against Wireless Extensions v19
- removed obsolete config option CONFIG_XSUPPLICANT_IFACE
* Fri Oct 28 2005 - jg@suse.de
- update to 0.4.6, changes (shortened):
* allow fallback to WPA, if mixed WPA+WPA2 networks have mismatch
in RSN IE, but WPA IE would match with wpa_supplicant
configuration
* added support for named configuration blobs in order to avoid
having to use file system for external files (e.g., certificates)
* fixed RSN pre-authentication
* driver_madwifi: set IEEE80211_KEY_GROUP flag for group keys to
make sure the driver configures broadcast decryption correctly
* added ca_path (and ca_path2) configuration variables that can be
used to configure OpenSSL CA path, e.g., /etc/ssl/certs, for
using the system-wide trusted CA list
* added support for starting wpa_supplicant without a configuration
file
* added global control interface that can be optionally used for
adding and removing network interfaces dynamically
* wpa_gui:
- try to save configuration whenever something is modified
- added WEP key configuration
- added possibility to edit the current network configuration
* driver_ndis: fixed driver polling not to increase frequency on
each received EAPOL frame due to incorrectly cancelled timeout
* fixed driver_wext.c to filter wireless events based on ifindex
to avoid interfaces receiving events from other interfaces
* delay sending initial EAPOL-Start couple of seconds to speed
up authentication for the most common case of Authenticator
starting EAP authentication immediately after association
* Thu Oct 13 2005 - jg@suse.de
- update to 0.4.5, changes (shortened):
* added a workaround for clearing keys with ndiswrapper to allow
roaming from WPA enabled AP to plaintext one
* l2_packet_linux: use socket type SOCK_DGRAM instead of SOCK_RAW
for PF_PACKET in order to prepare for network devices that do
not use Ethernet headers (e.g., network stack with native IEEE
802.11 frames)
* use receipt of EAPOL-Key frame as a lower layer success indication
for EAP state machine to allow recovery from dropped EAP-Success
frame
* driver_wext: add support for WE-19
* added support for multiple configuration backends (CONFIG_BACKEND
option); currently, only 'file' is supported (i.e., the format used
in wpa_supplicant.conf)
* added support for updating configuration ('wpa_cli save_config')
* added GET_NETWORK ctrl_iface command
* Mon Aug 29 2005 - jg@suse.de
- update to 0.4.4 (bug 112977), changes (shortened):
* replaced OpenSSL patch for EAP-FAST support
(openssl-tls-extensions.patch) with a more generic and correct
patch
* allow non-WPA modes (e.g., IEEE 802.1X with dynamic WEP) to be
used with drivers that do not support WPA
* added support for enabling/disabling networks from the list of
all configured networks
* added support for adding and removing network from the current
configuration
* added support for setting network configuration parameters
through the control interface
* fixed parsing of strings that include both " and # within double
quoted area (e.g., "start"#end")
* removed interface for external EAPOL/EAP supplicant
* fixed build with CONFIG_DNET_PCAP=y on Linux
* l2_packet: moved different implementations into separate files
* added support for using ap_scan=2 mode with multiple network
blocks
* fixed a potential issue in RSN pre-authentication ending up using
freed memory if pre-authentication times out
* added support for querying private key password (EAP-TLS) through
the control interface (wpa_cli/wpa_gui) if one is not included in
the configuration file
* driver_broadcom: fixed couple of memory leaks in scan result
processing
* EAP-PAX is now registered as EAP type 46
* fixed EAP-PAX MAC calculation
* fixed EAP-PAX CK and ICK key derivation
* added support for using password with EAP-PAX
* added support for arbitrary driver interface parameters through the
configuration file with a new driver_param field
* added possibility to override l2_packet module with driver
interface API (new send_eapol handler)
* fixed ctrl_interface_group processing for the case where gid is
entered as a number, not group name
* driver_test: added support for testing hostapd with wpa_supplicant
by using test driver interface without any kernel drivers or
network cards
* added support for EAP-MSCHAPv2 password retries within the same
EAP authentication session
* added support for password changes with EAP-MSCHAPv2
* added support for reading additional certificates from PKCS#12
files and adding them to the certificate chain
* fixed association with IEEE 802.1X (no WPA) when dynamic WEP keys
were used
* display EAP Notification messages to user through control
interface with "CTRL-EVENT-EAP-NOTIFICATION" prefix
* added 'disconnect' command to control interface for setting
wpa_supplicant in state where it will not associate before
'reassociate' command has been used
* added support for getting scan results through control interface
* added support for wired authentication (IEEE 802.1X on wired
Ethernet); driver interface 'wired'
* added support for sending TLS alerts
* added support for 'any' SSID wildcard; if ssid is not configured or
is set to an empty string, any SSID will be accepted for non-WPA AP
* added support for asking PIN (for SIM) from frontends (e.g.,
wpa_cli);
* added support for using external devices (e.g., a smartcard) for
private key operations in EAP-TLS (CONFIG_SMARTCARD=y in .config);
* added experimental support for EAP-PAX
* added monitor mode for wpa_cli
* Mon Jul 11 2005 - jg@suse.de
- update to 0.3.9, changes:
* modified the EAP workaround that accepts EAP-Success with
incorrect Identifier to be even less strict about verification
in order to interoperate with some authentication servers
* fixed RSN IE in 4-Way Handshake message 2/4 for the case where
Authenticator rejects PMKSA caching attempt and the driver is
not using assoc_info events
* fixed a possible double free in EAP-TTLS fast-reauthentication
when identity or password is entered through control interface
* added -P<pid file> argument for wpa_supplicant to write the
current process id into a file
* driver_madwifi: fixed association in plaintext mode
* driver_madwifi: added preliminary support for compiling against
'BSD' branch of madwifi CVS tree
* added EAP workaround for PEAPv1 session resumption: allow outer,
i.e., not tunneled, EAP-Success to terminate session since; this
can be disabled with eap_workaround=0
* driver_ipw: updated driver structures to match with ipw2200-1.0.4
(note: ipw2100-1.1.0 is likely to require an update to work with
this)
* driver_broadcom: fixed couple of memory leaks in scan result
processing
- removed pidfile patch in favour of the new upstream
implementation
* Mon Mar 21 2005 - jg@suse.de
- creating directory /var/run/wpa_supplicant when needed (bug 74023)
* Mon Feb 14 2005 - jg@suse.de
- update to 0.3.8, changes:
* fixed EAPOL-Key validation to drop packets with invalid Key
Data Length; such frames could have crashed wpa_supplicant due
to buffer overflow
* Mon Feb 07 2005 - jg@suse.de
- update to 0.3.7-pre, changes:
* fixed WPA/RSN IE verification in message 3 of 4-Way Handshake
when using drivers that take care of AP selection (e.g., when
using ap_scan=2)
* fixed reprocessing of pending request after ctrl_iface requests
for identity/password/otp
* fixed ctrl_iface requests for identity/password/otp in Phase 2
of EAP-PEAP and EAP-TTLS
* all drivers using driver_wext: set interface up and select
Managed mode when starting wpa_supplicant; set interface down
when exiting
* renamed driver_ipw2100.c to driver_ipw.c since it now supports
both ipw2100 and ipw2200
* fixed a busy loop introduced in v0.3.5 for scan result
processing when no matching AP is found
* added a workaround for an interoperability issue with a Cisco AP
when using WPA2-PSK
* fixed non-WPA IEEE 802.1X to use the same authentication timeout
as WPA with IEEE 802.1X
* fixed issues with 64-bit CPUs and SHA1 cleanup in previous
version (e.g., segfault when processing EAPOL-Key frames)
* fixed EAP workaround and fast reauthentication configuration for
RSN pre-authentication
* added support for blacklisting APs that fail or timeout
authentication in ap_scan=1 mode so that all APs are tried in
cases where the ones with strongest signal level are failing
authentication
* fixed CA certificate loading after a failed EAP-TLS/PEAP/TTLS
authentication attempt
* added preliminary support for IBSS (ad-hoc) mode configuration
* added optional support for GNU Readline and History Libraries
for wpa_cli (CONFIG_READLINE)
* added couple of workarounds for interoperability issues with a
Cisco AP when using WPA2
* fixed private key loading for cases where passphrase is not set
* improved recovery from PMKID mismatches by requesting full EAP
authentication in case of failed PMKSA caching attempt
* driver_ndis: added support for NDIS NdisMIncidateStatus() events
* driver_ndis: use ADD_WEP/REMOVE_WEP when configuring WEP keys
* added support for driver interfaces to replace the interface
name based on driver/OS specific mapping, e.g., in case of
driver_ndis, this allows the beginning of the adapter
description to be used as the interface name
* driver_ndis: enable radio before starting scanning, disable
radio when exiting
* added KEY_MGMT_802_1X_NO_WPA as a new key_mgmt type so that
driver interface can distinguish plaintext and IEEE 802.1X
(no WPA) authentication
* fixed static WEP key configuration to use broadcast/default type
for all keys
* driver_ndis: added legacy WPA capability detection for non-WPA2
drivers
* added support for setting static WEP keys for IEEE 802.1X
without dynamic WEP keying (eapol_flags=0)
* added support for reading PKCS#12 (PFX) files (as a replacement
for PEM/DER) to get certificate and private key (CONFIG_PKCS12)
* added new ap_scan mode, ap_scan=2, for drivers that take care of
association, but need to be configured with security policy and
SSID, e.g., ndiswrapper and NDIS driver
* Thu Jan 13 2005 - jg@suse.de
- update to 0.2.6, changes:
* added driver interface for Intel ipw2100 driver
* fixed a bug in PMKSA cache processing: skip sending of
EAPOL-Start only if there is a PMKSA cache entry for the
current AP
* fixed error handling for case where reading of scan results
fails: must schedule a new scan or wpa_supplicant will remain
waiting forever
* set pairwise/group cipher suite for non-WPA IEEE 802.1X to
WEP-104 if keys are not configured to be used; this fixes
IEEE 802.1X mode with drivers that use this information to
configure whether Privacy bit can be in Beacon frames
(e.g., ndiswrapper)
* improved downgrade attack detection in IE verification of
msg 3/4: verify both WPA and RSN IEs, if present, not only the
selected one; reject the AP if an RSN IE is found in msg 3/4,
but not in Beacon or Probe Response frame, and RSN is enabled in
wpa_supplicant configuration
* fixed WPA msg 3/4 processing to allow Key Data field contain
other IEs than just one WPA IE
* modified association event handler to set portEnabled = FALSE
before clearing port Valid in order to reset EAP state machine
and avoid problems with new authentication getting ignored because
of state machines ending up in AUTHENTICATED/SUCCESS state based
on old information
- removed obsolete ipw2100 patch
- added wpa_supplicant.fig to filelist
* Fri Oct 22 2004 - jg@suse.de
- update to 0.2.5, changes:
* wpa_cli: fixed parsing of -p <path> command line argument
* fixed parsing of wep_tx_keyidx
* fixed couple of errors in PCSC handling that could have caused
random-looking errors for EAP-SIM
* PEAPv1: fixed tunneled EAP-Success reply handling to reply with
TLS ACK, not tunneled EAP-Success
* PEAPv1: added support for terminating PEAP authentication on
tunneled EAP-Success message
* PEAPv1: changed phase1 option peaplabel to use default to 0, i.e.,
to the old label for key derivation; previously, the default was 1,
but it looks like most existing PEAPv1 implementations use the old
label which is thus more suitable default option
* changed SSID configuration in driver_wext.c (used by many driver
interfaces) to use ssid_len+1 as the length for SSID since some
Linux drivers expect this
* fixed couple of unaligned reads in scan result parsing to fix WPA
connection on some platforms (e.g., ARM)
- disabled madwifi support on ppc
* Wed Sep 29 2004 - jg@suse.de
- added support for ipw2100 driver
* Tue Aug 31 2004 - jg@suse.de
- added support for writing pid-file
* Mon Aug 02 2004 - jg@suse.de
- fixed build on non-x86 platforms
* Mon Aug 02 2004 - jg@suse.de
- update to version 0.2.4, important changes:
- support for new EAP authentication methods:
EAP-TTLS/EAP-MD5-Challenge
EAP-TTLS/EAP-GTC
EAP-TTLS/EAP-MSCHAPv2
EAP-TTLS/EAP-TLS
EAP-TTLS/MSCHAPv2
EAP-TTLS/MSCHAP
EAP-TTLS/PAP
EAP-TTLS/CHAP
EAP-PEAP/TLS
EAP-PEAP/GTC
EAP-PEAP/MD5-Challenge
EAP-GTC
EAP-TTLS/EAP-OTP, EAP-PEAPv0/OTP, EAP-PEAPv1/OTP, EAP-OTP
- support for ATMEL AT76C5XXX driver
- support for madwifi driver
- lots of minor changes, see ChangeLog
- added km_wlan to needforbuild (driver source of madwifi is
needed)
* Thu Jun 17 2004 - jg@suse.de
- Initial package