Hello community, here is the log from the commit of package wpa_supplicant for openSUSE:Factory checked in at 2012-05-15 17:42:46 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/wpa_supplicant (Old) and /work/SRC/openSUSE:Factory/.wpa_supplicant.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "wpa_supplicant", Maintainer is "GLin@suse.com" Changes: -------- --- /work/SRC/openSUSE:Factory/wpa_supplicant/wpa_supplicant.changes 2012-03-20 11:36:30.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.wpa_supplicant.new/wpa_supplicant.changes 2012-05-15 17:42:49.000000000 +0200 @@ -1,0 +2,118 @@ +Tue May 15 04:35:01 UTC 2012 - glin@suse.com + +- Update to 1.0 + * Delay STA entry removal until Deauth/Disassoc TX status + in AP mode. This allows the driver to use PS buffering of + Deauthentication and Disassociation frames when the STA + is in power save sleep. Only available with drivers that + provide TX status events for Deauth/Disassoc frames + (nl80211). + * Drop oldest unknown BSS table entries first. This makes + it less likely to hit connection issues in environments + with huge number of visible APs. + * Add systemd support. + * Add support for setting the syslog facility from the + config file at build time. + * atheros: Add support for IEEE 802.11w configuration. + * AP mode: Allow enable HT20 if driver supports it, by + setting the config parameter ieee80211n. + * Allow AP mode to disconnect STAs based on low ACK + condition (when the data connection is not working + properly, e.g., due to the STA going outside the range + of the AP). + * nl80211: + - Support GTK rekey offload. + - Support PMKSA candidate events. This adds support for + RSN pre-authentication with nl80211 interface and + drivers that handle roaming internally. + * Improved dbus interface + * New wpa_cli commands to setup the scan interval and + to support P2P and WPS/WPS ER + * AP mode: Add max_num_sta config option, which can be used + to limit the number of stations allowed to connect to the + AP. + * wext: Increase scan timeout from 5 to 10 seconds. + * Allow an external program to manage the BSS blacklist + and display its current contents. + * WPS: + - Add wpa_cli wps_pin get command for generating random + PINs. This can be used in a UI to generate a PIN + without starting WPS (or P2P) operation. + - Set RF bands based on driver capabilities, instead of + hardcoding them. + - Add mechanism for indicating non-standard WPS errors. + - Add wps_ap_pin cli command for wpa_supplicant AP mode. + - Add wps_check_pin cli command for processing PIN from + user input. UIs can use this command to process a PIN + entered by a user and to validate the checksum digit + (if present). + - Cancel WPS operation on PBC session overlap detection. + - New wps_cancel command in wpa_cli will cancel a + pending WPS operation. + - wpa_cli action: Add WPS_EVENT_SUCCESS and + WPS_EVENT_FAIL handlers. + - Trigger WPS config update on Manufacturer, Model Name, + Model Number, and Serial Number changes. + - Fragment size is now configurable for EAP-WSC peer. + Use wpa_cli set wps_fragment_size <val>. + - Disable AP PIN after 10 consecutive failures. Slow down + attacks on failures up to 10. + - Allow AP to start in Enrollee mode without AP PIN for + probing, to be compatible with Windows 7. + - Add Config Error into WPS-FAIL events to provide more + info to the user on how to resolve the issue. + - Label and Display config methods are not allowed to be + enabled at the same time, since it is unclear which + PIN to use if both methods are advertised. + - When controlling multiple interfaces: + - apply WPS commands to all interfaces configured to + use WPS + - apply WPS config changes to all interfaces that use + WPS + - when an attack is detected on any interface, disable + AP PIN on all interfaces + * WPS ER: + - Add special AP Setup Locked mode to allow read only ER. + - Show SetSelectedRegistrar events as ctrl_iface events + - Add wps_er_set_config to enroll a network based on a + local network configuration block instead of having to + (re-)learn the current AP settings with wps_er_learn. + - Allow AP filtering based on IP address, add ctrl_iface + event for learned AP settings, add wps_er_config + command to configure an AP. + * Add support for WPS 2.0 + * TDLS: + - Propogate TDLS related nl80211 capability flags from + kernel and add them as driver capability flags. If the + driver doesn't support capabilities, assume TDLS is + supported internally. When TDLS is explicitly not + supported, disable all user facing TDLS operations. + - Allow TDLS to be disabled at runtime. + - Honor AP TDLS settings that prohibit/allow TDLS. + - Add a special testing feature for changing TDLS + behavior. + - Add support for TDLS 802.11z. + * wlantest: Add a tool wlantest for IEEE802.11 protocol + testing. wlantest can be used to capture frames from a + monitor interface for realtime capturing or from pcap + files for offline analysis. + * bgscan learn: Add new bgscan that learns BSS information + based on previous scans, and uses that information to + dynamically generate the list of channels for background + scans. + * Add a new debug message level for excessive information. + * TLS: Add support for tls_disable_time_checks=1 in client + mode. + * Improved internal TLS + * Add RFKill support by adding an interface state + "disabled". + * Reorder some IEs to get closer to IEEE 802.11 standard. + Move WMM into end of Beacon, Probe Resp and (Re)Assoc + Resp frames. Move HT IEs to be later in (Re)Assoc Resp. + * Wi-Fi Direct support + +- Remove wpa_supplicant-dbus-events.patch (merged upstream) +- Remove wpa_supplicant-probed-cert-dbus-signal.patch (merged + upstream) + +------------------------------------------------------------------- Old: ---- wpa_supplicant-0.7.3.tar.bz2 wpa_supplicant-dbus-events.patch wpa_supplicant-probed-cert-dbus-signal.patch New: ---- wpa_supplicant-1.0.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ wpa_supplicant.spec ++++++ --- /var/tmp/diff_new_pack.cD2eL8/_old 2012-05-15 17:42:51.000000000 +0200 +++ /var/tmp/diff_new_pack.cD2eL8/_new 2012-05-15 17:42:51.000000000 +0200 @@ -29,7 +29,7 @@ BuildRequires: libnl-devel %endif Url: http://hostap.epitest.fi/wpa_supplicant/ -Version: 0.7.3 +Version: 1.0 Release: 0 Summary: WPA supplicant implementation License: BSD-3-Clause ; GPL-2.0+ @@ -47,13 +47,9 @@ # wpa_supplicant-sigusr1-changes-debuglevel.patch won't go upstream as it # is not portable Patch2: wpa_supplicant-sigusr1-changes-debuglevel.patch -Patch4: wpa_supplicant-errormsg.patch -# PATCH-FIX-UPSTREAM wpa_supplicant-dbus-events.patch dimstar@opensuse.org -- dbus: Emit property changed events when adding/removing BSSes, taken from git. -Patch5: wpa_supplicant-dbus-events.patch -# PATCH-FIX-UPSTREAM wpa_supplicant-probed-cert-dbus-signal.patch bnc#574266 glin@suse.com -- emit a D-Bus signal when the AP returned the certificate of the RADIUS server -Patch6: wpa_supplicant-probed-cert-dbus-signal.patch +Patch3: wpa_supplicant-errormsg.patch # PATCH-FIX-UPSTREAM wpa_supplicant-gcc47.patch dimstar@opensuse.org -- Fix build with gcc 4.7. -Patch7: wpa_supplicant-gcc47.patch +Patch4: wpa_supplicant-gcc47.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build Requires: logrotate @@ -89,10 +85,8 @@ %patch0 -p0 %patch1 -p0 %patch2 -p0 -%patch4 -p0 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 +%patch3 -p0 +%patch4 -p1 %build cd wpa_supplicant ++++++ config ++++++ --- /var/tmp/diff_new_pack.cD2eL8/_old 2012-05-15 17:42:51.000000000 +0200 +++ /var/tmp/diff_new_pack.cD2eL8/_new 2012-05-15 17:42:51.000000000 +0200 @@ -50,16 +50,13 @@ #CFLAGS += -I../../include/wireless # Driver interface for madwifi driver +# Deprecated; use CONFIG_DRIVER_WEXT=y instead. #CONFIG_DRIVER_MADWIFI=y # Set include directory to the madwifi source tree #CFLAGS += -I../../madwifi -# Driver interface for Prism54 driver -# (Note: Prism54 is not yet supported, i.e., this will not work as-is and is -# for developers only) -CONFIG_DRIVER_PRISM54=y - # Driver interface for ndiswrapper +# Deprecated; use CONFIG_DRIVER_WEXT=y instead. CONFIG_DRIVER_NDISWRAPPER=y # Driver interface for Atmel driver @@ -74,12 +71,18 @@ #CFLAGS += -I/opt/WRT54GS/release/src/include # Driver interface for Intel ipw2100/2200 driver +# Deprecated; use CONFIG_DRIVER_WEXT=y instead. #CONFIG_DRIVER_IPW=y # Driver interface for Ralink driver CONFIG_DRIVER_RALINK=y # Driver interface for generic Linux wireless extensions +# Note: WEXT is deprecated in the current Linux kernel version and no new +# functionality is added to it. nl80211-based interface is the new +# replacement for WEXT and its use allows wpa_supplicant to properly control +# the driver to improve existing functionality like roaming and to support new +# functionality. CONFIG_DRIVER_WEXT=y # Driver interface for Linux drivers using the nl80211 kernel interface @@ -89,6 +92,8 @@ #CONFIG_DRIVER_BSD=y #CFLAGS += -I/usr/local/include #LIBS += -L/usr/local/lib +#LIBS_p += -L/usr/local/lib +#LIBS_c += -L/usr/local/lib # Driver interface for Windows NDIS #CONFIG_DRIVER_NDIS=y @@ -115,6 +120,13 @@ # Driver interface for the Broadcom RoboSwitch family #CONFIG_DRIVER_ROBOSWITCH=y +# Driver interface for no driver (e.g., WPS ER only) +#CONFIG_DRIVER_NONE=y + +# Solaris libraries +#LIBS += -lsocket -ldlpi -lnsl +#LIBS_c += -lsocket + # Enable IEEE 802.1X Supplicant (automatically included if any EAP method is # included) CONFIG_IEEE8021X_EAPOL=y @@ -153,6 +165,9 @@ # EAP-PSK (experimental; this is _not_ needed for WPA-PSK) CONFIG_EAP_PSK=y +# EAP-pwd (secure authentication using only a password) +#CONFIG_EAP_PWD=y + # EAP-PAX CONFIG_EAP_PAX=y @@ -182,6 +197,13 @@ # Wi-Fi Protected Setup (WPS) CONFIG_WPS=y +# Enable WSC 2.0 support +CONFIG_WPS2=y +# Enable WPS external registrar functionality +CONFIG_WPS_ER=y +# Disable credentials for an open network by default when acting as a WPS +# registrar. +#CONFIG_WPS_REG_DISABLE_OPEN=y # EAP-IKEv2 CONFIG_EAP_IKEV2=y @@ -216,6 +238,10 @@ # the resulting binary. #CONFIG_READLINE=y +# Include internal line edit mode in wpa_cli. This can be used as a replacement +# for GNU Readline to provide limited command line editing and history support. +#CONFIG_WPA_CLI_EDIT=y + # Remove debugging code that is printing out debug message to stdout. # This can be used to reduce the size of the wpa_supplicant considerably # if debugging code is not needed. The size reduction can be around 35% @@ -238,11 +264,6 @@ # wpa_passphrase). This saves about 0.5 kB in code size. #CONFIG_NO_WPA_PASSPHRASE=y -# Remove AES extra functions. This can be used to reduce code size by about -# 1.5 kB by removing extra AES modes that are not needed for commonly used -# client configurations (they are needed for some EAP types). -#CONFIG_NO_AES_EXTRAS=y - # Disable scan result processing (ap_mode=1) to save code size by about 1 kB. # This can be used if ap_scan=1 mode is never enabled. #CONFIG_NO_SCAN_PROCESSING=y @@ -302,18 +323,17 @@ # Select TLS implementation # openssl = OpenSSL (default) -# gnutls = GnuTLS (needed for TLS/IA, see also CONFIG_GNUTLS_EXTRA) +# gnutls = GnuTLS # internal = Internal TLSv1 implementation (experimental) # none = Empty template #CONFIG_TLS=openssl -# Whether to enable TLS/IA support, which is required for EAP-TTLSv1. -# You need CONFIG_TLS=gnutls for this to have any effect. Please note that -# even though the core GnuTLS library is released under LGPL, this extra -# library uses GPL and as such, the terms of GPL apply to the combination -# of wpa_supplicant and GnuTLS if this option is enabled. BSD license may not -# apply for distribution of the resulting binary. -#CONFIG_GNUTLS_EXTRA=y +# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1) +# can be enabled to get a stronger construction of messages when block ciphers +# are used. It should be noted that some existing TLS v1.0 -based +# implementation may not be compatible with TLS v1.1 message (ClientHello is +# sent prior to negotiating which version will be used) +#CONFIG_TLSV11=y # If CONFIG_TLS=internal is used, additional library and include paths are # needed for LibTomMath. Alternatively, an integrated, minimal version of @@ -369,22 +389,78 @@ # amount of memory/flash. #CONFIG_DYNAMIC_EAP_METHODS=y -# Include client MLME (management frame processing). -# This can be used to move MLME processing of Linux mac80211 stack into user -# space. Please note that this is currently only available with -# driver_nl80211.c and only with a modified version of Linux kernel and -# wpa_supplicant. -#CONFIG_CLIENT_MLME=y - # IEEE Std 802.11r-2008 (Fast BSS Transition) #CONFIG_IEEE80211R=y # Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt) CONFIG_DEBUG_FILE=y +# Send debug messages to syslog instead of stdout +#CONFIG_DEBUG_SYSLOG=y +# Set syslog facility for debug messages +#CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON + # Enable privilege separation (see README 'Privilege separation' for details) #CONFIG_PRIVSEP=y # Enable mitigation against certain attacks against TKIP by delaying Michael # MIC error reports by a random amount of time between 0 and 60 seconds #CONFIG_DELAYED_MIC_ERROR_REPORT=y + +# Enable tracing code for developer debugging +# This tracks use of memory allocations and other registrations and reports +# incorrect use with a backtrace of call (or allocation) location. +#CONFIG_WPA_TRACE=y +# For BSD, uncomment these. +#LIBS += -lexecinfo +#LIBS_p += -lexecinfo +#LIBS_c += -lexecinfo + +# Use libbfd to get more details for developer debugging +# This enables use of libbfd to get more detailed symbols for the backtraces +# generated by CONFIG_WPA_TRACE=y. +#CONFIG_WPA_TRACE_BFD=y +# For BSD, uncomment these. +#LIBS += -lbfd -liberty -lz +#LIBS_p += -lbfd -liberty -lz +#LIBS_c += -lbfd -liberty -lz + +# wpa_supplicant depends on strong random number generation being available +# from the operating system. os_get_random() function is used to fetch random +# data when needed, e.g., for key generation. On Linux and BSD systems, this +# works by reading /dev/urandom. It should be noted that the OS entropy pool +# needs to be properly initialized before wpa_supplicant is started. This is +# important especially on embedded devices that do not have a hardware random +# number generator and may by default start up with minimal entropy available +# for random number generation. +# +# As a safety net, wpa_supplicant is by default trying to internally collect +# additional entropy for generating random data to mix in with the data fetched +# from the OS. This by itself is not considered to be very strong, but it may +# help in cases where the system pool is not initialized properly. However, it +# is very strongly recommended that the system pool is initialized with enough +# entropy either by using hardware assisted random number generator or by +# storing state over device reboots. +# +# wpa_supplicant can be configured to maintain its own entropy store over +# restarts to enhance random number generation. This is not perfect, but it is +# much more secure than using the same sequence of random numbers after every +# reboot. This can be enabled with -e<entropy file> command line option. The +# specified file needs to be readable and writable by wpa_supplicant. +# +# If the os_get_random() is known to provide strong random data (e.g., on +# Linux/BSD, the board in question is known to have reliable source of random +# data from /dev/urandom), the internal wpa_supplicant random pool can be +# disabled. This will save some in binary size and CPU use. However, this +# should only be considered for builds that are known to be used on devices +# that meet the requirements described above. +#CONFIG_NO_RANDOM_POOL=y + +# IEEE 802.11n (High Throughput) support (mainly for AP mode) +#CONFIG_IEEE80211N=y + +# Interworking (IEEE 802.11u) +# This can be used to enable functionality to improve interworking with +# external networks (GAS/ANQP to learn more about the networks and network +# selection based on available credentials). +#CONFIG_INTERWORKING=y ++++++ wpa_supplicant-0.7.3.tar.bz2 -> wpa_supplicant-1.0.tar.bz2 ++++++ ++++ 105600 lines of diff (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org