Hello community,
here is the log from the commit of package wpa_supplicant for openSUSE:Factory checked in at 2016-03-01 09:39:14
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/wpa_supplicant (Old)
and /work/SRC/openSUSE:Factory/.wpa_supplicant.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "wpa_supplicant"
Changes:
--------
--- /work/SRC/openSUSE:Factory/wpa_supplicant/wpa_supplicant.changes 2015-05-10 10:56:19.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.wpa_supplicant.new/wpa_supplicant.changes 2016-03-01 09:39:21.000000000 +0100
@@ -1,0 +2,110 @@
+Fri Feb 26 21:10:55 UTC 2016 - crrodriguez@opensuse.org
+
+- Revert CONFIG_ELOOP_EPOLL=y, it is broken in combination
+ with CONFIG_DBUS=yes.
+
+-------------------------------------------------------------------
+Sat Feb 20 16:56:01 UTC 2016 - crrodriguez@opensuse.org
+
+- spec: Compile the GUI against QT5 in 13.2 and later.
+
+-------------------------------------------------------------------
+Thu Feb 18 15:36:23 UTC 2016 - crrodriguez@opensuse.org
+
+- Previous update did not include version 2.5 tarball
+ or changed the version number in spec, only the changelog
+ and removed patches.
+- config: set CONFIG_NO_RANDOM_POOL=y, we have a reliable·
+ random number generator by using /dev/urandom, no need to
+ keep an internal random number pool which draws entropy from
+ /dev/random.
+- config: prefer using epoll(7) instead of select(2)
+ by setting CONFIG_ELOOP_EPOLL=y
+- wpa_supplicant-getrandom.patch: Prefer to use the getrandom(2)
+ system call to collect entropy. if it is not present disable
+ buffering when reading /dev/urandom, otherwise each os_get_random()
+ call will request BUFSIZ of entropy instead of the few needed bytes.
+
+-------------------------------------------------------------------
+Wed Feb 17 13:47:43 UTC 2016 - lnussel@suse.de
+
+- add aliases for both provided dbus names to avoid systemd stopping the
+ service when switching runlevels (boo#966535)
+
+-------------------------------------------------------------------
+Thu Feb 4 10:18:54 UTC 2016 - michael@stroeder.com
+
+- removed obsolete security patches:
+ * 0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch
+ * 0001-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch
+ * 0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch
+ * 0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch
+ * wpa_s-D-Bus-Fix-operations-when-P2P-management-interface-is-used.patch
+ * 0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch
+ * 0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch
+ * 0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch
+ * 0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch
+- Update to upstream release 2.5
+ * fixed P2P validation of SSID element length before copying it
+ [http://w1.fi/security/2015-1/] (CVE-2015-1863)
+ * fixed WPS UPnP vulnerability with HTTP chunked transfer encoding
+ [http://w1.fi/security/2015-2/] (CVE-2015-4141)
+ * fixed WMM Action frame parser (AP mode)
+ [http://w1.fi/security/2015-3/] (CVE-2015-4142)
+ * fixed EAP-pwd peer missing payload length validation
+ [http://w1.fi/security/2015-4/]
+ (CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146)
+ * fixed validation of WPS and P2P NFC NDEF record payload length
+ [http://w1.fi/security/2015-5/]
+ * nl80211:
+ - added VHT configuration for IBSS
+ - fixed vendor command handling to check OUI properly
+ - allow driver-based roaming to change ESS
+ * added AVG_BEACON_RSSI to SIGNAL_POLL output
+ * wpa_cli: added tab completion for number of commands
+ * removed unmaintained and not yet completed SChannel/CryptoAPI support
+ * modified Extended Capabilities element use in Probe Request frames to
+ include all cases if any of the values are non-zero
+ * added support for dynamically creating/removing a virtual interface
+ with interface_add/interface_remove
+ * added support for hashed password (NtHash) in EAP-pwd peer
+ * added support for memory-only PSK/passphrase (mem_only_psk=1 and
+ CTRL-REQ/RSP-PSK_PASSPHRASE)
+ * P2P
+ - optimize scan frequencies list when re-joining a persistent group
+ - fixed number of sequences with nl80211 P2P Device interface
+ - added operating class 125 for P2P use cases (this allows 5 GHz
+ channels 161 and 169 to be used if they are enabled in the current
+ regulatory domain)
+ - number of fixes to P2PS functionality
+ - do not allow 40 MHz co-ex PRI/SEC switch to force MCC
+ - extended support for preferred channel listing
+ * D-Bus:
+ - fixed WPS property of fi.w1.wpa_supplicant1.BSS interface
+ - fixed PresenceRequest to use group interface
+ - added new signals: FindStopped, WPS pbc-overlap,
+ GroupFormationFailure, WPS timeout, InvitationReceived
+ - added new methods: WPS Cancel, P2P Cancel, Reconnect, RemoveClient
+ - added manufacturer info
+ * added EAP-EKE peer support for deriving Session-Id
+ * added wps_priority configuration parameter to set the default priority
+ for all network profiles added by WPS
+ * added support to request a scan with specific SSIDs with the SCAN
+ command (optional "ssid <hexdump>" arguments)
+ * removed support for WEP40/WEP104 as a group cipher with WPA/WPA2
+ * fixed SAE group selection in an error case
+ * modified SAE routines to be more robust and PWE generation to be
+ stronger against timing attacks
+ * added support for Brainpool Elliptic Curves with SAE
+ * added support for CCMP-256 and GCMP-256 as group ciphers with FT
+ * fixed BSS selection based on estimated throughput
+ * added option to disable TLSv1.0 with OpenSSL
+ (phase1="tls_disable_tlsv1_0=1")
+ * added Fast Session Transfer (FST) module
+ * fixed OpenSSL PKCS#12 extra certificate handling
+ * fixed key derivation for Suite B 192-bit AKM (this breaks
+ compatibility with the earlier version)
+ * added RSN IE to Mesh Peering Open/Confirm frames
+ * number of small fixes
+
+-------------------------------------------------------------------
Old:
----
0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch
0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch
0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch
0001-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch
0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch
0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch
0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch
0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch
wpa_s-D-Bus-Fix-operations-when-P2P-management-interface-is-used.patch
wpa_supplicant-2.4.tar.gz
New:
----
wpa_supplicant-2.5.tar.gz
wpa_supplicant-getrandom.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ wpa_supplicant.spec ++++++
--- /var/tmp/diff_new_pack.vqEcVk/_old 2016-03-01 09:39:23.000000000 +0100
+++ /var/tmp/diff_new_pack.vqEcVk/_new 2016-03-01 09:39:23.000000000 +0100
@@ -1,7 +1,7 @@
#
# spec file for package wpa_supplicant
#
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -16,24 +16,16 @@
#
-Name: wpa_supplicant
-BuildRequires: dbus-1-devel
-BuildRequires: libqt4
-BuildRequires: libqt4-devel
-BuildRequires: openssl-devel
-BuildRequires: pkg-config
-BuildRequires: readline-devel
-%if 0%{?suse_version} > 1230
-BuildRequires: systemd-rpm-macros
-%systemd_requires
+%if ! %{defined _rundir}
+%define _rundir %{_localstatedir}/run
%endif
-BuildRequires: libnl3-devel
-Url: http://hostap.epitest.fi/wpa_supplicant/
-Version: 2.4
+Name: wpa_supplicant
+Version: 2.5
Release: 0
Summary: WPA supplicant implementation
License: BSD-3-Clause and GPL-2.0+
Group: Productivity/Networking/Other
+Url: http://hostap.epitest.fi/wpa_supplicant/
Source: http://hostap.epitest.fi/releases/wpa_supplicant-%{version}.tar.gz
Source1: config
Source2: %{name}.conf
@@ -47,29 +39,26 @@
# wpa_supplicant-sigusr1-changes-debuglevel.patch won't go upstream as it
# is not portable
Patch2: wpa_supplicant-sigusr1-changes-debuglevel.patch
-Patch3: 0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch
-Patch4: wpa_supplicant-alloc_size.patch
-# PATCH-FIX-UPSTREAM wpa_s-D-Bus-Fix-operations-when-P2P-management-interface-is-used.patch arch#44740 zaitor@opensuse.org -- Fix Segmentation fault in wpa_supplicant. Patch taken from upstream master git.
-Patch5: wpa_s-D-Bus-Fix-operations-when-P2P-management-interface-is-used.patch
-# PATCH-FIX-UPSTREAM 0001-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch bnc#930077
-Patch6: 0001-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch
-# PATCH-FIX-UPSTREAM 0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch bnc#930078
-Patch7: 0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch
-# PATCH-FIX-UPSTREAM 0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch bnc#930079
-Patch8: 0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch
-# PATCH-FIX-UPSTREAM 0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch bnc#930079
-Patch9: 0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch
-# PATCH-FIX-UPSTREAM 0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch bnc#930079
-Patch10: 0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch
-# PATCH-FIX-UPSTREAM 0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch bnc#930079
-Patch11: 0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch
-# PATCH-FIX-UPSTREAM 0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch bnc#930079
-Patch12: 0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch
-
-BuildRoot: %{_tmppath}/%{name}-%{version}-build
+Patch3: wpa_supplicant-alloc_size.patch
+Patch4: wpa_supplicant-getrandom.patch
+BuildRequires: dbus-1-devel
+BuildRequires: libnl3-devel
+%if 0%{?suse_version} < 1320
+BuildRequires: libqt4
+BuildRequires: libqt4-devel
+%else
+BuildRequires: pkgconfig(Qt5Core)
+BuildRequires: pkgconfig(Qt5Gui)
+BuildRequires: pkgconfig(Qt5Widgets)
+%endif
+BuildRequires: openssl-devel
+BuildRequires: pkg-config
+BuildRequires: readline-devel
Requires: logrotate
-%if ! %{defined _rundir}
-%define _rundir %{_localstatedir}/run
+BuildRoot: %{_tmppath}/%{name}-%{version}-build
+%if 0%{?suse_version} > 1230
+BuildRequires: systemd-rpm-macros
+%systemd_requires
%endif
%description
@@ -78,11 +67,6 @@
negotiation with a WPA Authenticator and it controls the roaming and
IEEE 802.11 authentication/association of the wlan driver.
-
-Authors:
---------
- Jouni Malinen