rpms
/
wpa_supplicant
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

import wpa_supplicant-2.10-4.el9

Browse Source
i9c changed/i9c/wpa_supplicant-2.10-4.el9
MSVSphere Packaging Team 2 years ago
commit 98768c53d0
15 changed files with 1313 additions and 0 deletions
Show Stats Download Patch File Download Diff File

1
.gitignore vendored
Unescape View File

@ -0,0 +1 @@
SOURCES/wpa_supplicant-2.10.tar.gz

1
.wpa_supplicant.metadata
Unescape View File

@ -0,0 +1 @@
e295b07d599da4b99c3836d4402ec5746f77e8e8 SOURCES/wpa_supplicant-2.10.tar.gz

52
SOURCES/0001-D-Bus-Add-wep_disabled-capability.patch
Unescape View File

@ -0,0 +1,52 @@
From 5b093570dca1855c5bf40bcbd8d149fa6f8ea8ff Mon Sep 17 00:00:00 2001
Message-Id: <5b093570dca1855c5bf40bcbd8d149fa6f8ea8ff.1650620058.git.davide.caratti@gmail.com>
From: Lubomir Rintel <lkundrak@v3.sk>
Date: Mon, 7 Mar 2022 09:54:46 +0100
Subject: [PATCH] D-Bus: Add 'wep_disabled' capability
Since commit 200c7693c9a1 ('Make WEP functionality an optional build
parameter'), WEP support is optional and, indeed, off by default.
The distributions are now catching up and disabling WEP in their builds.
Unfortunately, there's no indication prior to an attempt to connect to a
WEP network that it's not going to work. Add a capability to communicate
that.
Unlike other capabilities, this one is negative. That is, it indicates
lack of a WEP support as opposed to its presence. This is necessary
because historically there has been no capability to indicate presence
of WEP support and therefore NetworkManager (and probably others) just
assumes it's there.
Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
Acked-by: Davide Caratti <davide.caratti@gmail.com>
---
wpa_supplicant/dbus/dbus_new_handlers.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/wpa_supplicant/dbus/dbus_new_handlers.c b/wpa_supplicant/dbus/dbus_new_handlers.c
index 1c9ded09a..0b1002bf1 100644
--- a/wpa_supplicant/dbus/dbus_new_handlers.c
+++ b/wpa_supplicant/dbus/dbus_new_handlers.c
@@ -1121,7 +1121,7 @@ dbus_bool_t wpas_dbus_getter_global_capabilities(
const struct wpa_dbus_property_desc *property_desc,
DBusMessageIter *iter, DBusError *error, void *user_data)
{
- const char *capabilities[13];
+ const char *capabilities[14];
size_t num_items = 0;
struct wpa_global *global = user_data;
struct wpa_supplicant *wpa_s;
@@ -1177,6 +1177,9 @@ dbus_bool_t wpas_dbus_getter_global_capabilities(
#endif /* CONFIG_SUITEB192 */
if (ext_key_id_supported)
capabilities[num_items++] = "extended_key_id";
+#ifndef CONFIG_WEP
+ capabilities[num_items++] = "wep_disabled";
+#endif /* !CONFIG_WEP */
return wpas_dbus_simple_array_property_getter(iter,
DBUS_TYPE_STRING,
--
2.35.1

103
SOURCES/0001-EAP-peer-Workaround-for-servers-that-do-not-support-.patch
Unescape View File

@ -0,0 +1,103 @@
From 566ce69a8d0e64093309cbde80235aa522fbf84e Mon Sep 17 00:00:00 2001
Message-Id: <566ce69a8d0e64093309cbde80235aa522fbf84e.1652450572.git.davide.caratti@gmail.com>
From: Jouni Malinen <quic_jouni@quicinc.com>
Date: Thu, 5 May 2022 00:07:44 +0300
Subject: [PATCH] EAP peer: Workaround for servers that do not support safe TLS
renegotiation
The TLS protocol design for renegotiation was identified to have a
significant security flaw in 2009 and an extension to secure this design
was published in 2010 (RFC 5746). However, some old RADIUS
authentication servers without support for this are still used commonly.
This is obviously not good from the security view point, but since there
are cases where the user of a network service has no realistic means for
getting the authentication server upgraded, TLS handshake may still need
to be allowed to be able to use the network.
OpenSSL 3.0 disabled the client side workaround by default and this
resulted in issues connection to some networks with insecure
authentication servers. With OpenSSL 3.0, the client is now enforcing
security by refusing to authenticate with such servers. The pre-3.0
behavior of ignoring this issue and leaving security to the server can
now be enabled with a new phase1 parameter allow_unsafe_renegotiation=1.
This should be used only when having to connect to a network that has an
insecure authentication server that cannot be upgraded.
The old (pre-2010) TLS renegotiation mechanism might open security
vulnerabilities if the authentication server were to allow TLS
renegotiation to be initiated. While this is unlikely to cause real
issues with EAP-TLS, there might be cases where use of PEAP or TTLS with
an authentication server that does not support RFC 5746 might result in
a security vulnerability.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
---
src/crypto/tls.h | 1 +
src/crypto/tls_openssl.c | 5 +++++
src/eap_peer/eap_tls_common.c | 4 ++++
wpa_supplicant/wpa_supplicant.conf | 5 +++++
4 files changed, 15 insertions(+)
diff --git a/src/crypto/tls.h b/src/crypto/tls.h
index ccaac94c9..7ea32ee4a 100644
--- a/src/crypto/tls.h
+++ b/src/crypto/tls.h
@@ -112,6 +112,7 @@ struct tls_config {
#define TLS_CONN_ENABLE_TLSv1_1 BIT(15)
#define TLS_CONN_ENABLE_TLSv1_2 BIT(16)
#define TLS_CONN_TEAP_ANON_DH BIT(17)
+#define TLS_CONN_ALLOW_UNSAFE_RENEGOTIATION BIT(18)
/**
* struct tls_connection_params - Parameters for TLS connection
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index 388c6b0f4..0d23f44ad 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -3081,6 +3081,11 @@ static int tls_set_conn_flags(struct tls_connection *conn, unsigned int flags,
SSL_clear_options(ssl, SSL_OP_NO_TICKET);
#endif /* SSL_OP_NO_TICKET */
+#ifdef SSL_OP_LEGACY_SERVER_CONNECT
+ if (flags & TLS_CONN_ALLOW_UNSAFE_RENEGOTIATION)
+ SSL_set_options(ssl, SSL_OP_LEGACY_SERVER_CONNECT);
+#endif /* SSL_OP_LEGACY_SERVER_CONNECT */
+
#ifdef SSL_OP_NO_TLSv1
if (flags & TLS_CONN_DISABLE_TLSv1_0)
SSL_set_options(ssl, SSL_OP_NO_TLSv1);
diff --git a/src/eap_peer/eap_tls_common.c b/src/eap_peer/eap_tls_common.c
index 06c9b211e..6193b4bdb 100644
--- a/src/eap_peer/eap_tls_common.c
+++ b/src/eap_peer/eap_tls_common.c
@@ -102,6 +102,10 @@ static void eap_tls_params_flags(struct tls_connection_params *params,
params->flags |= TLS_CONN_SUITEB_NO_ECDH;
if (os_strstr(txt, "tls_suiteb_no_ecdh=0"))
params->flags &= ~TLS_CONN_SUITEB_NO_ECDH;
+ if (os_strstr(txt, "allow_unsafe_renegotiation=1"))
+ params->flags |= TLS_CONN_ALLOW_UNSAFE_RENEGOTIATION;
+ if (os_strstr(txt, "allow_unsafe_renegotiation=0"))
+ params->flags &= ~TLS_CONN_ALLOW_UNSAFE_RENEGOTIATION;
}
diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf
index a1dc769c9..b5304a77e 100644
--- a/wpa_supplicant/wpa_supplicant.conf
+++ b/wpa_supplicant/wpa_supplicant.conf
@@ -1370,6 +1370,11 @@ fast_reauth=1
# tls_suiteb=0 - do not apply Suite B 192-bit constraints on TLS (default)
# tls_suiteb=1 - apply Suite B 192-bit constraints on TLS; this is used in
# particular when using Suite B with RSA keys of >= 3K (3072) bits
+# allow_unsafe_renegotiation=1 - allow connection with a TLS server that does
+# not support safe renegotiation (RFC 5746); please note that this
+# workaround should be only when having to authenticate with an old
+# authentication server that cannot be updated to use secure TLS
+# implementation.
#
# Following certificate/private key fields are used in inner Phase2
# authentication when using EAP-TTLS or EAP-PEAP.
--
2.35.1

106
SOURCES/0001-EAP-peer-status-notification-for-server-not-supporti.patch
Unescape View File

@ -0,0 +1,106 @@
From a561d12d24c2c8bb0f825d4a3a55a5e47e845853 Mon Sep 17 00:00:00 2001
Message-Id: <a561d12d24c2c8bb0f825d4a3a55a5e47e845853.1652450863.git.davide.caratti@gmail.com>
From: Jouni Malinen <quic_jouni@quicinc.com>
Date: Wed, 4 May 2022 23:55:38 +0300
Subject: [PATCH] EAP peer status notification for server not supporting RFC
5746
Add a notification message to indicate reason for TLS handshake failure
due to the server not supporting safe renegotiation (RFC 5746).
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
---
src/ap/authsrv.c | 3 +++
src/crypto/tls.h | 3 ++-
src/crypto/tls_openssl.c | 15 +++++++++++++--
src/eap_peer/eap.c | 5 +++++
4 files changed, 23 insertions(+), 3 deletions(-)
diff --git a/src/ap/authsrv.c b/src/ap/authsrv.c
index 516c1da74..fd9c96fad 100644
--- a/src/ap/authsrv.c
+++ b/src/ap/authsrv.c
@@ -169,6 +169,9 @@ static void authsrv_tls_event(void *ctx, enum tls_event ev,
wpa_printf(MSG_DEBUG, "authsrv: remote TLS alert: %s",
data->alert.description);
break;
+ case TLS_UNSAFE_RENEGOTIATION_DISABLED:
+ /* Not applicable to TLS server */
+ break;
}
}
#endif /* EAP_TLS_FUNCS */
diff --git a/src/crypto/tls.h b/src/crypto/tls.h
index 7ea32ee4a..7a2ee32df 100644
--- a/src/crypto/tls.h
+++ b/src/crypto/tls.h
@@ -22,7 +22,8 @@ enum tls_event {
TLS_CERT_CHAIN_SUCCESS,
TLS_CERT_CHAIN_FAILURE,
TLS_PEER_CERTIFICATE,
- TLS_ALERT
+ TLS_ALERT,
+ TLS_UNSAFE_RENEGOTIATION_DISABLED,
};
/*
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index 0d23f44ad..912471ba2 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -4443,6 +4443,7 @@ int tls_connection_get_eap_fast_key(void *tls_ctx, struct tls_connection *conn,
static struct wpabuf *
openssl_handshake(struct tls_connection *conn, const struct wpabuf *in_data)
{
+ struct tls_context *context = conn->context;
int res;
struct wpabuf *out_data;
@@ -4472,7 +4473,19 @@ openssl_handshake(struct tls_connection *conn, const struct wpabuf *in_data)
wpa_printf(MSG_DEBUG, "SSL: SSL_connect - want to "
"write");
else {
+ unsigned long error = ERR_peek_last_error();
+
tls_show_errors(MSG_INFO, __func__, "SSL_connect");
+
+ if (context->event_cb &&
+ ERR_GET_LIB(error) == ERR_LIB_SSL &&
+ ERR_GET_REASON(error) ==
+ SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED) {
+ context->event_cb(
+ context->cb_ctx,
+ TLS_UNSAFE_RENEGOTIATION_DISABLED,
+ NULL);
+ }
conn->failed++;
if (!conn->server && !conn->client_hello_generated) {
/* The server would not understand TLS Alert
@@ -4495,8 +4508,6 @@ openssl_handshake(struct tls_connection *conn, const struct wpabuf *in_data)
if ((conn->flags & TLS_CONN_SUITEB) && !conn->server &&
os_strncmp(SSL_get_cipher(conn->ssl), "DHE-", 4) == 0 &&
conn->server_dh_prime_len < 3072) {
- struct tls_context *context = conn->context;
-
/*
* This should not be reached since earlier cert_cb should have
* terminated the handshake. Keep this check here for extra
diff --git a/src/eap_peer/eap.c b/src/eap_peer/eap.c
index 429b20d3a..729388f4f 100644
--- a/src/eap_peer/eap.c
+++ b/src/eap_peer/eap.c
@@ -2172,6 +2172,11 @@ static void eap_peer_sm_tls_event(void *ctx, enum tls_event ev,
eap_notify_status(sm, "remote TLS alert",
data->alert.description);
break;
+ case TLS_UNSAFE_RENEGOTIATION_DISABLED:
+ wpa_printf(MSG_INFO,
+ "TLS handshake failed due to the server not supporting safe renegotiation (RFC 5746); phase1 parameter allow_unsafe_renegotiation=1 can be used to work around this");
+ eap_notify_status(sm, "unsafe server renegotiation", "failure");
+ break;
}
os_free(hash_hex);
--
2.35.1

16
SOURCES/wpa_supplicant-assoc-timeout.patch
Unescape View File

@ -0,0 +1,16 @@
diff -up wpa_supplicant-0.7.3/wpa_supplicant/wpa_supplicant.c.assoc-timeout wpa_supplicant-0.7.3/wpa_supplicant/wpa_supplicant.c
--- wpa_supplicant-0.7.3/wpa_supplicant/wpa_supplicant.c.assoc-timeout 2010-09-07 10:43:39.000000000 -0500
+++ wpa_supplicant-0.7.3/wpa_supplicant/wpa_supplicant.c 2010-12-07 18:57:45.163457000 -0600
@@ -1262,10 +1262,10 @@ void wpa_supplicant_associate(struct wpa
if (assoc_failed) {
/* give IBSS a bit more time */
- timeout = ssid->mode == WPAS_MODE_IBSS ? 10 : 5;
+ timeout = ssid->mode == WPAS_MODE_IBSS ? 20 : 10;
} else if (wpa_s->conf->ap_scan == 1) {
/* give IBSS a bit more time */
- timeout = ssid->mode == WPAS_MODE_IBSS ? 20 : 10;
+ timeout = ssid->mode == WPAS_MODE_IBSS ? 20 : 20;
}
wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
}

71
SOURCES/wpa_supplicant-config.patch
Unescape View File

@ -0,0 +1,71 @@
From 72ee1e934e98ea87e4de292958817e724114703e Mon Sep 17 00:00:00 2001
From: Lubomir Rintel <lkundrak@v3.sk>
Date: Fri, 6 Sep 2019 09:46:00 +0200
Subject: [PATCH] defconfig: Fedora configuration
---
wpa_supplicant/defconfig | 16 +++++++++-------
1 file changed, 9 insertions(+), 7 deletions(-)
--- a/wpa_supplicant/defconfig
+++ b/wpa_supplicant/defconfig
@@ -146,7 +146,7 @@ CONFIG_EAP_PAX=y
CONFIG_EAP_LEAP=y
# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used)
-#CONFIG_EAP_AKA=y
+CONFIG_EAP_AKA=y
# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used).
# This requires CONFIG_EAP_AKA to be enabled, too.
@@ -338,6 +338,7 @@ CONFIG_BACKEND=file
# Select which ciphers to use by default with OpenSSL if the user does not
# specify them.
#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW"
+CONFIG_TLS_DEFAULT_CIPHERS="PROFILE=SYSTEM:3DES"
# If CONFIG_TLS=internal is used, additional library and include paths are
# needed for LibTomMath. Alternatively, an integrated, minimal version of
@@ -390,7 +391,7 @@ CONFIG_CTRL_IFACE_DBUS_INTRO=y
#CONFIG_DYNAMIC_EAP_METHODS=y
# IEEE Std 802.11r-2008 (Fast BSS Transition) for station mode
-CONFIG_IEEE80211R=y
+#CONFIG_IEEE80211R=y
# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt)
CONFIG_DEBUG_FILE=y
@@ -469,7 +470,7 @@ CONFIG_DEBUG_SYSLOG=y
# Should we attempt to use the getrandom(2) call that provides more reliable
# yet secure randomness source than /dev/random on Linux 3.17 and newer.
# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
-#CONFIG_GETRANDOM=y
+CONFIG_GETRANDOM=y
# IEEE 802.11ac (Very High Throughput) support (mainly for AP mode)
CONFIG_IEEE80211AC=y
@@ -587,7 +588,7 @@ CONFIG_IBSS_RSN=y
#CONFIG_PMKSA_CACHE_EXTERNAL=y
# Mesh Networking (IEEE 802.11s)
-#CONFIG_MESH=y
+CONFIG_MESH=y
# Background scanning modules
# These can be used to request wpa_supplicant to perform background scanning
@@ -601,7 +602,7 @@ CONFIG_BGSCAN_SIMPLE=y
# Opportunistic Wireless Encryption (OWE)
# Experimental implementation of draft-harkins-owe-07.txt
-#CONFIG_OWE=y
+CONFIG_OWE=y
# Device Provisioning Protocol (DPP) (also known as Wi-Fi Easy Connect)
CONFIG_DPP=y
@@ -633,3 +634,6 @@ CONFIG_DPP2=y
# design is still subject to change. As such, this should not yet be enabled in
# production use.
#CONFIG_PASN=y
+#
+CONFIG_SUITEB192=y
+

35
SOURCES/wpa_supplicant-flush-debug-output.patch
Unescape View File

@ -0,0 +1,35 @@
--- a/src/utils/wpa_debug.c
+++ b/src/utils/wpa_debug.c
@@ -79,6 +79,7 @@ void wpa_debug_print_timestamp(void)
if (out_file)
fprintf(out_file, "%ld.%06u: ", (long) tv.sec,
(unsigned int) tv.usec);
+ fflush(out_file);
#endif /* CONFIG_DEBUG_FILE */
if (!out_file && !wpa_debug_syslog)
printf("%ld.%06u: ", (long) tv.sec, (unsigned int) tv.usec);
@@ -230,6 +231,7 @@ void wpa_printf(int level, const char *f
va_start(ap, fmt);
vfprintf(out_file, fmt, ap);
fprintf(out_file, "\n");
+ fflush(out_file);
va_end(ap);
}
#endif /* CONFIG_DEBUG_FILE */
@@ -365,6 +367,7 @@ static void _wpa_hexdump(int level, cons
fprintf(out_file, " [REMOVED]");
}
fprintf(out_file, "\n");
+ fflush(out_file);
}
#endif /* CONFIG_DEBUG_FILE */
if (!wpa_debug_syslog && !out_file) {
@@ -468,6 +471,8 @@ static void _wpa_hexdump_ascii(int level
}
}
file_done:
+ if (out_file)
+ fflush(out_file);
#endif /* CONFIG_DEBUG_FILE */
if (!wpa_debug_syslog && !out_file) {
if (!show) {

36
SOURCES/wpa_supplicant-gui-qt4.patch
Unescape View File

@ -0,0 +1,36 @@
From 9404f356e394604d1d3d6dbffc52abd54260e4d4 Mon Sep 17 00:00:00 2001
From: Lubomir Rintel <lkundrak@v3.sk>
Date: Tue, 27 Oct 2015 08:56:35 +0100
Subject: [PATCH] wpa_supplicant: allow overriding the names of the Qt4 tools
This is useful for distributions that ship different versions of Qt in
different locations.
---
wpa_supplicant/Makefile | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
@@ -35,6 +35,9 @@ export INCDIR ?= /usr/local/include
export BINDIR ?= /usr/local/sbin
PKG_CONFIG ?= pkg-config
+QMAKE ?= qmake
+LRELEASE ?= lrelease
+
CFLAGS += $(EXTRA_CFLAGS)
CFLAGS += -I$(abspath ../src)
CFLAGS += -I$(abspath ../src/utils)
@@ -2039,10 +2042,10 @@ wpa_gui:
@echo "wpa_gui has been removed - see wpa_gui-qt4 for replacement"
wpa_gui-qt4/Makefile:
- qmake -o wpa_gui-qt4/Makefile wpa_gui-qt4/wpa_gui.pro
+ $(QMAKE) -o wpa_gui-qt4/Makefile wpa_gui-qt4/wpa_gui.pro
wpa_gui-qt4/lang/wpa_gui_de.qm: wpa_gui-qt4/lang/wpa_gui_de.ts
- lrelease wpa_gui-qt4/wpa_gui.pro
+ $(LRELEASE) wpa_gui-qt4/wpa_gui.pro
wpa_gui-qt4: wpa_gui-qt4/Makefile wpa_gui-qt4/lang/wpa_gui_de.qm
$(MAKE) -C wpa_gui-qt4

30
SOURCES/wpa_supplicant-quiet-scan-results-message.patch
Unescape View File

@ -0,0 +1,30 @@
From 763a4ef660e2bd81f6cdc71a2f29a0a3e71b2ebc Mon Sep 17 00:00:00 2001
From: Dan Williams <dcbw@redhat.com>
Date: Tue, 22 Nov 2016 15:48:17 +0100
Subject: [PATCH 1/2] quiet an annoying and frequent syslog message
---
wpa_supplicant/events.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
index abe3b47..72a0412 100644
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
@@ -1555,11 +1555,11 @@ static int _wpa_supplicant_event_scan_results(struct wpa_supplicant *wpa_s,
if (wpa_s->last_scan_req == MANUAL_SCAN_REQ &&
wpa_s->manual_scan_use_id && wpa_s->own_scan_running &&
own_request && !(data && data->scan_info.external_scan)) {
- wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SCAN_RESULTS "id=%u",
+ wpa_msg_ctrl(wpa_s, MSG_DEBUG, WPA_EVENT_SCAN_RESULTS "id=%u",
wpa_s->manual_scan_id);
wpa_s->manual_scan_use_id = 0;
} else {
- wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SCAN_RESULTS);
+ wpa_msg_ctrl(wpa_s, MSG_DEBUG, WPA_EVENT_SCAN_RESULTS);
}
wpas_notify_scan_results(wpa_s);
--
2.9.3

3
SOURCES/wpa_supplicant.conf
Unescape View File

@ -0,0 +1,3 @@
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=wheel

6
SOURCES/wpa_supplicant.logrotate
Unescape View File

@ -0,0 +1,6 @@
/var/log/wpa_supplicant.log {
missingok
notifempty
size 30k
create 0600 root root
}

15
SOURCES/wpa_supplicant.service
Unescape View File

@ -0,0 +1,15 @@
[Unit]
Description=WPA supplicant
Before=network.target
Wants=network.target
After=dbus.service
[Service]
Type=dbus
BusName=fi.w1.wpa_supplicant1
EnvironmentFile=-/etc/sysconfig/wpa_supplicant
ExecStart=/usr/sbin/wpa_supplicant -c /etc/wpa_supplicant/wpa_supplicant.conf -u $INTERFACES $DRIVERS $OTHER_ARGS
[Install]
WantedBy=multi-user.target

11
SOURCES/wpa_supplicant.sysconfig
Unescape View File

@ -0,0 +1,11 @@
# Use the flag "-i" before each of your interfaces, like so:
# INTERFACES="-ieth1 -iwlan0"
INTERFACES=""
# Use the flag "-D" before each driver, like so:
# DRIVERS="-Dwext"
DRIVERS=""
# Other arguments
# -s Use syslog logging backend
OTHER_ARGS="-s"

827
SPECS/wpa_supplicant.spec
Unescape View File

@ -0,0 +1,827 @@
%global _hardened_build 1
%if 0%{?fedora}
%bcond_without gui
%else
%bcond_with gui
%endif
Summary: WPA/WPA2/IEEE 802.1X Supplicant
Name: wpa_supplicant
Epoch: 1
Version: 2.10
Release: 4%{?dist}
License: BSD
Source0: http://w1.fi/releases/%{name}-%{version}.tar.gz
Source1: wpa_supplicant.conf
Source2: wpa_supplicant.service
Source3: wpa_supplicant.sysconfig
Source4: wpa_supplicant.logrotate
# distro specific customization and not suitable for upstream,
# Fedora-specific updates to defconfig
Patch0: wpa_supplicant-config.patch
# works around busted drivers
Patch1: wpa_supplicant-assoc-timeout.patch
# ensures that debug output gets flushed immediately to help diagnose driver
# bugs, not suitable for upstream
Patch2: wpa_supplicant-flush-debug-output.patch
# quiet an annoying and frequent syslog message
Patch3: wpa_supplicant-quiet-scan-results-message.patch
# distro specific customization for Qt4 build tools, not suitable for upstream
Patch4: wpa_supplicant-gui-qt4.patch
# backport fix for bz2063730
Patch5: 0001-D-Bus-Add-wep_disabled-capability.patch
# backport fix for bz2077973
Patch6: 0001-EAP-peer-Workaround-for-servers-that-do-not-support-.patch
Patch7: 0001-EAP-peer-status-notification-for-server-not-supporti.patch
URL: http://w1.fi/wpa_supplicant/
%if %with gui
BuildRequires: qt-devel >= 4.0
%endif
BuildRequires: openssl-devel
BuildRequires: readline-devel
BuildRequires: dbus-devel
BuildRequires: libnl3-devel
BuildRequires: systemd-units
BuildRequires: docbook-utils
BuildRequires: gcc
Requires(post): systemd-sysv
Requires(post): systemd
Requires(preun): systemd
Requires(postun): systemd
# libeap used to be built from wpa_supplicant with some fairly horrible
# hackery, solely for use by WiMAX. We dropped all WiMAX support around
# F21. This is here so people don't wind up with obsolete libeap packages
# lying around. If it's ever resurrected for any reason, this needs
# dropping.
Obsoletes: libeap < %{epoch}:%{version}-%{release}
Obsoletes: libeap-devel < %{epoch}:%{version}-%{release}
%description
wpa_supplicant is a WPA Supplicant for Linux, BSD and Windows with support
for WPA and WPA2 (IEEE 802.11i / RSN). Supplicant is the IEEE 802.1X/WPA
component that is used in the client stations. It implements key negotiation
with a WPA Authenticator and it controls the roaming and IEEE 802.11
authentication/association of the wlan driver.
%if %with gui
%package gui
Summary: Graphical User Interface for %{name}
%description gui
Graphical User Interface for wpa_supplicant written using QT
%endif
%prep
%autosetup -p1 -n %{name}-%{version}
%build
pushd wpa_supplicant
cp defconfig .config
export CFLAGS="${CFLAGS:-%optflags} -fPIE -DPIE"
export CXXFLAGS="${CXXFLAGS:-%optflags} -fPIE -DPIE"
export LDFLAGS="${LDFLAGS:-%optflags} -pie -Wl,-z,now"
# yes, BINDIR=_sbindir
export BINDIR="%{_sbindir}"
export LIBDIR="%{_libdir}"
make %{_smp_mflags} V=1
%if %with gui
make wpa_gui-qt4 %{_smp_mflags} V=1 QTDIR=%{_libdir}/qt4 \
QMAKE='%{qmake_qt4}' LRELEASE='%{_qt4_bindir}/lrelease'
%endif
make eapol_test V=1
make -C doc/docbook man V=1
%if !%with gui
rm doc/docbook/wpa_gui.8
%endif
popd
%install
# config
install -D -m 0600 %{SOURCE1} %{buildroot}/%{_sysconfdir}/wpa_supplicant/wpa_supplicant.conf
# init scripts
install -D -m 0644 %{SOURCE2} %{buildroot}/%{_unitdir}/wpa_supplicant.service
install -D -m 0644 %{SOURCE3} %{buildroot}/%{_sysconfdir}/sysconfig/wpa_supplicant
install -D -m 0644 %{SOURCE4} %{buildroot}/%{_sysconfdir}/logrotate.d/wpa_supplicant
# binary
install -d %{buildroot}/%{_sbindir}
install -m 0755 wpa_supplicant/wpa_passphrase %{buildroot}/%{_sbindir}
install -m 0755 wpa_supplicant/wpa_cli %{buildroot}/%{_sbindir}
install -m 0755 wpa_supplicant/wpa_supplicant %{buildroot}/%{_sbindir}
install -m 0755 wpa_supplicant/eapol_test %{buildroot}/%{_sbindir}
install -D -m 0644 wpa_supplicant/dbus/dbus-wpa_supplicant.conf \
%{buildroot}/%{_sysconfdir}/dbus-1/system.d/wpa_supplicant.conf
install -D -m 0644 wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service \
%{buildroot}/%{_datadir}/dbus-1/system-services/fi.w1.wpa_supplicant1.service
%if %with gui
# gui
install -d %{buildroot}/%{_bindir}
install -m 0755 wpa_supplicant/wpa_gui-qt4/wpa_gui %{buildroot}/%{_bindir}
%endif
# man pages
install -d %{buildroot}%{_mandir}/man{5,8}
install -m 0644 wpa_supplicant/doc/docbook/*.8 %{buildroot}%{_mandir}/man8
install -m 0644 wpa_supplicant/doc/docbook/*.5 %{buildroot}%{_mandir}/man5
# some cleanup in docs and examples
rm -f wpa_supplicant/doc/.cvsignore
rm -rf wpa_supplicant/doc/docbook
chmod -R 0644 wpa_supplicant/examples/*.py
%post
%systemd_post wpa_supplicant.service
%preun
%systemd_preun wpa_supplicant.service
%triggerun -- wpa_supplicant < 0.7.3-10
# Save the current service runlevel info
# User must manually run systemd-sysv-convert --apply wpa_supplicant
# to migrate them to systemd targets
/usr/bin/systemd-sysv-convert --save wpa_supplicant >/dev/null 2>&1 ||:
# Run these because the SysV package being removed won't do them
/sbin/chkconfig --del wpa_supplicant >/dev/null 2>&1 || :
/bin/systemctl try-restart wpa_supplicant.service >/dev/null 2>&1 || :
%files
%config(noreplace) %{_sysconfdir}/wpa_supplicant/wpa_supplicant.conf
%config(noreplace) %{_sysconfdir}/sysconfig/wpa_supplicant
%dir %{_sysconfdir}/logrotate.d
%config(noreplace) %{_sysconfdir}/logrotate.d/wpa_supplicant
%{_unitdir}/wpa_supplicant.service
%{_sysconfdir}/dbus-1/system.d/wpa_supplicant.conf
%{_datadir}/dbus-1/system-services/fi.w1.wpa_supplicant1.service
%{_sbindir}/wpa_passphrase
%{_sbindir}/wpa_supplicant
%{_sbindir}/wpa_cli
%{_sbindir}/eapol_test
%dir %{_sysconfdir}/wpa_supplicant
%{_mandir}/man8/wpa_supplicant.8.gz
%{_mandir}/man8/wpa_priv.8.gz
%{_mandir}/man8/wpa_passphrase.8.gz
%{_mandir}/man8/wpa_cli.8.gz
%{_mandir}/man8/wpa_background.8.gz
%{_mandir}/man8/eapol_test.8.gz
%{_mandir}/man5/*
%doc README
%doc wpa_supplicant/ChangeLog
%doc wpa_supplicant/eap_testing.txt
%doc wpa_supplicant/todo.txt
%doc wpa_supplicant/wpa_supplicant.conf
%doc wpa_supplicant/examples
%license COPYING
%if %with gui
%files gui
%{_bindir}/wpa_gui
%{_mandir}/man8/wpa_gui.8.gz
%endif
%changelog
* Wed Mar 15 2023 MSVSphere Packaging Team <packager@msvsphere.ru> - 2.10-4
- Rebuilt for MSVSphere 9.1.
* Fri May 13 2022 Davide Caratti <dcaratti@redhat.com> - 1:2.10-4
- Explicitly allow/disallow unsafe legacy renegotiation on configuration base.
Resolves: rhbz#2077973
* Fri Apr 22 2022 Davide Caratti <dcaratti@redhat.com> - 1:2.10-3
- Expose 'wep_disabled' capability via D-Bus. Resolves: rhbz#2063730
* Fri Feb 4 2022 Davide Caratti <dcaratti@redhat.com> - 1:2.10-2
- Disable CONFIG_IEEE80211R. Resolves: rhbz#2032539
* Thu Jan 20 2022 Davide Caratti <dcaratti@redhat.com> - 1:2.10-1
- Update to version 2.10. Resolves: rhbz#2042540
* Mon Nov 22 2021 Davide Caratti <dcaratti@redhat.com> - 1:2.9-17.20211112gitc8b94bc7b347
- Update to latest upstream tree to include support for H2E
Resolves: rhbz#2007334
* Thu Aug 19 2021 Davide Caratti <dcaratti@redhat.com> - 1:2.9-17
- Fix NetworkManager-CI failures with OpenSSL 3.0
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 1:2.9-16
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 1:2.9-15
- Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065
* Thu Jun 3 2021 Davide Caratti <dcaratti@redhat.com> - 1:2.9-14
- Disable 'badfuncs' test in rpminspect. Related: rhbz#1967579
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1:2.9-13
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Mon Mar 1 2021 Davide Caratti <dcaratti@redhat.com> - 1:2.9-12
- Fix a corner case in peer addition based on PD Request (CVE-2021-27803)
* Thu Feb 4 2021 Davide Caratti <dcaratti@redhat.com> - 1:2.9-11
- Fix copying of secondary device types for P2P group client (CVE-2021-0326)
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.9-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Fri Jan 22 2021 Davide Caratti <dcaratti@redhat.com> - 1:2.9-9
- Expose OWE capability on D-Bus
- Allow changing interface bridge using D-Bus
* Thu Dec 17 2020 Antonio Cardace <acardace@redhat.com> - 1:2.9-8
- Enable WPA-EAP-SUITE-B-192 cipher suite
* Thu Dec 17 2020 Davide Caratti <dcaratti@redhat.com> - 1:2.9-7
- fix build on ELN target (rh #1902609)
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.9-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon Jun 15 2020 Benjamin Berg <bberg@redhat.com> - 1:2.9-5
- fix some issues with P2P operation
* Thu Apr 23 2020 Davide Caratti <dcaratti@redhat.com> - 1:2.9-4
- Enable Tunneled Direct Link Setup (TDLS)
* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.9-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Wed Oct 30 2019 Davide Caratti <dcaratti@redhat.com> - 1:2.9-2
- fix AP mode PMF disconnection protection bypass (CVE-2019-16275, rh #1767026)
* Fri Aug 16 2019 Lubomir Rintel <lkundrak@v3.sk> - 1:2.9-1
- Update to version 2.9
* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.8-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri May 10 2019 Davide Caratti <dcaratti@redhat.com> - 1:2.8-2
- fix changelog for version 2.8-1
* Thu May 02 2019 Davide Caratti <dcaratti@redhat.com> - 1:2.8-1
- Update to 2.8 upstream release, to include latest fix for NULL
pointer dereference when EAP-PWD peer receives unexpected EAP
fragments (CVE-2019-11555, rh #1701759)
* Fri Apr 12 2019 Davide Caratti <dcaratti@redhat.com> - 1:2.7-5
- fix SAE and EAP_PWD vulnerabilities:
CVE-2019-9494 (cache attack against SAE)
CVE-2019-9495 (cache attack against EAP-pwd)
CVE-2019-9496 (SAE confirm missing state validation in hostapd/AP)
CVE-2019-9497 (EAP-pwd server not checking for reflection attack)
CVE-2019-9498 (EAP-pwd server missing commit validation for scalar/element)
CVE-2019-9499 (EAP-pwd peer missing commit validation for scalar/element)
* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.7-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Mon Jan 21 2019 Lubomir Rintel <lkundrak@v3.sk> - 1:2.7-3
- Enable OWE and DPP
- Expose SAE support on D-Bus
* Mon Jan 21 2019 Lubomir Rintel <lkundrak@v3.sk> - 1:2.7-2
- Enable MESH & SAE
* Tue Dec 18 2018 Lubomir Rintel <lkundrak@v3.sk> - 1:2.7-1
- Update to 2.7 upstream release
* Wed Aug 15 2018 Lubomir Rintel <lkundrak@v3.sk> - 1:2.6-20
- Expose availability of SHA384 and FT on D-Bus
* Wed Aug 15 2018 Lubomir Rintel <lkundrak@v3.sk> - 1:2.6-19
- Drop the broken Pmf D-Bus property patch
* Wed Aug 8 2018 Davide Caratti <dcaratti@redhat.com> - 1:2.6-18
- Ignore unauthenticated encrypted EAPOL-Key data (CVE-2018-14526)
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.6-17
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Fri Jun 22 2018 Davide Caratti <dcaratti@redhat.com> - 1:2.6-16
- Fix endoding of NL80211_ATTR_SMPS_MODE (rh#1570903)
* Fri May 11 2018 Davide Caratti <dcaratti@redhat.com> - 1:2.6-15
- Make PMF configurable using D-Bus (rh#1567474)
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.6-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Tue Jan 16 2018 Davide Caratti <dcaratti@redhat.com> - 1:2.6-13
- Don't restart wpa_supplicant.service on package upgrade (rh#1535233)
* Wed Nov 1 2017 Jiří Klimeš <blueowl@centrum.cz> - 1:2.6-12
- Fix crash when using MACsec without loaded macsec.ko (rh #1497640)
- Enable Fast BSS Transition for station mode (rh #1372928)
* Mon Oct 16 2017 Lubomir Rintel <lkundrak@v3.sk> - 1:2.6-11
- hostapd: Avoid key reinstallation in FT handshake (CVE-2017-13082)
- Fix PTK rekeying to generate a new ANonce
- Prevent reinstallation of an already in-use group key and extend
protection of GTK/IGTK reinstallation of WNM-Sleep Mode cases
(CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081,
CVE-2017-13087, CVE-2017-13088)
- Prevent installation of an all-zero TK
- TDLS: Reject TPK-TK reconfiguration
- WNM: Ignore WNM-Sleep Mode Response without pending request
- FT: Do not allow multiple Reassociation Response frames
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.6-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.6-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Mon Jul 17 2017 Beniamino Galvani <bgalvani@redhat.com> - 1:2.6-8
- OpenSSL: use system ciphers by default (rh #1462262)
- OpenSSL: fix private key password callback (rh #1465138)
* Wed May 17 2017 Beniamino Galvani <bgalvani@redhat.com> - 1:2.6-7
- nl80211: Fix race condition in detecting MAC change (rh #1451834)
* Tue Apr 11 2017 Davide Caratti <dcaratti@redhat.com> - 1:2.6-6
- Fix use-after-free when macsec secure channels are deleted
- Fix segmentation fault in case macsec module is not loaded (rh#1428937)
* Mon Mar 13 2017 Thomas Haller <thaller@redhat.com> - 1:2.6-5
- Enable IEEE 802.11w (management frame protection, PMF) (rh#909499)
* Thu Mar 2 2017 Davide Caratti <dcaratti@redhat.com> - 1:2.6-4
- Backport support for IEEE 802.1AE (macsec)
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.6-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Fri Jan 27 2017 Jiří Klimeš <blueowl@centrum.cz> - 1:2.6-2
- Enable Wi-Fi Display support for Miracast (rh #1395682)
* Tue Nov 22 2016 Lubomir Rintel <lkundrak@v3.sk> - 1:2.6-1
- Update to version 2.6
* Fri Feb 05 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.5-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Mon Nov 16 2015 Lubomir Rintel <lkundrak@v3.sk> - 1:2.5-4
- Really synchronize the service file with upstream
* Tue Nov 03 2015 Lukáš Nykrýn <lnykryn@redhat.com> - 1:2.5-3
- Scriptlets replaced with new systemd macros (rh #850369)
* Sat Oct 31 2015 Lubomir Rintel <lkundrak@v3.sk> - 1:2.5-2
- Enable syslog by default
- Drop writing a pid and log file
* Tue Oct 27 2015 Lubomir Rintel <lkundrak@v3.sk> - 1:2.5-1
- Update to version 2.5
* Fri Oct 23 2015 Lubomir Rintel <lkundrak@v3.sk> - 1:2.4-6
- Fix the D-Bus policy
* Sat Oct 3 2015 Ville Skyttä <ville.skytta@iki.fi> - 1:2.4-5
- Don't order service after syslog.target (rh #1055197)
- Mark COPYING as %%license
* Wed Jul 15 2015 Jiří Klimeš <jklimes@redhat.com> - 1:2.4-4
- Fix for NDEF record payload length checking (rh #1241907)
* Tue Jun 16 2015 Jiří Klimeš <jklimes@redhat.com> - 1:2.4-3
- Fix a crash if P2P management interface is used (rh #1231973)
* Thu Apr 23 2015 Dan Williams <dcbw@redhat.com> - 1:2.4-2
- Remove obsolete wpa_supplicant-openssl-more-algs.patch
* Thu Apr 23 2015 Adam Williamson <awilliam@redhat.com> - 1:2.4-1
- new release 2.4
- add some info on a couple of patches
- drop some patches merged or superseded upstream
- rediff other patches
- drop libeap hackery (we dropped the kernel drivers anyhow)
- backport fix for CVE-2015-1863
* Sat Nov 01 2014 Orion Poplawski <orion@cora.nwra.com> - 1:2.3-2
- Do not install wpa_supplicant.service as executable (bug #803980)
* Thu Oct 30 2014 Lubomir Rintel <lkundrak@v3.sk> - 1:2.3-1
- Update to 2.3
* Wed Oct 22 2014 Dan Williams <dcbw@redhat.com> - 1:2.0-12
- Use os_exec() for action script execution (CVE-2014-3686)
* Thu Aug 21 2014 Kevin Fenzi <kevin@scrye.com> - 1:2.0-11
- Rebuild for rpm bug 1131960
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:2.0-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sun Jun 08 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:2.0-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Mon Nov 18 2013 Dan Williams <dcbw@redhat.com> - 1:2.0-8
- Don't disconnect when PMKSA cache gets too large (rh #1016707)
* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:2.0-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Wed Jul 10 2013 Dan Williams <dcbw@redhat.com> - 1:2.0-6
- Enable full RELRO/PIE/PIC for wpa_supplicant and libeap
- Fix changelog dates
* Wed Jul 10 2013 Dan Williams <dcbw@redhat.com> - 1:2.0-5
- Build and package eapol_test (rh #638218)
* Wed Jul 10 2013 Dan Williams <dcbw@redhat.com> - 1:2.0-4
- Disable WiMAX libeap hack for RHEL
* Wed May 15 2013 Dan Williams <dcbw@redhat.com> - 1:2.0-3
- Enable HT (802.11n) for AP mode
* Tue May 7 2013 Dan Williams <dcbw@redhat.com> - 1:2.0-2
- Use hardened build macros and ensure they apply to libeap too
* Mon May 6 2013 Dan Williams <dcbw@redhat.com> - 1:2.0-1
- Update to 2.0
- Be less aggressive when roaming due to signal strength changes (rh #837402)
* Mon Apr 1 2013 Dan Williams <dcbw@redhat.com> - 1:1.1-1
- Update to 1.1
- Be less aggressive when roaming due to signal strength changes
* Fri Feb 15 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:1.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Sun Jan 20 2013 Dan Horák <dan@danny.cz> - 1:1.0-3
- rebuilt again for fixed soname in libnl3
* Sun Jan 20 2013 Kalev Lember <kalevlember@gmail.com> - 1:1.0-2
- Rebuilt for libnl3
* Wed Aug 29 2012 Dan Williams <dcbw@redhat.com> - 1:1.0-1
- Enable lightweight AP mode support
- Enable P2P (WiFi Direct) support
- Enable RSN IBSS/AdHoc support
* Sun Jul 22 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:1.0-0.5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Tue May 1 2012 Dan Williams <dcbw@redhat.com> - 1:1.0-0.4
- Update to wpa_supplicant 1.0-rc3
- Fix systemd target dependencies (rh #815091)
* Fri Mar 2 2012 Dan Williams <dcbw@redhat.com> - 1:1.0-0.3
- Update to latest 1.0 git snapshot
- Rebuild against libnl3
* Thu Feb 2 2012 Dan Williams <dcbw@redhat.com> - 1:1.0-0.2
- Fix driver fallback for non nl80211-based drivers (rh #783712)
* Tue Jan 10 2012 Dan Williams <dcbw@redhat.com> - 1:1.0-0.1
- Update to 1.0-rc1 + git
* Fri Sep 9 2011 Tom Callaway <spot@fedoraproject.org> - 1:0.7.3-11
- add missing systemd scriptlets
* Thu Sep 8 2011 Tom Callaway <spot@fedoraproject.org> - 1:0.7.3-10
- convert to systemd
* Wed Jul 27 2011 Dan Williams <dcbw@redhat.com> - 1:0.7.3-9
- Fix various crashes with D-Bus interface (rh #678625) (rh #725517)
* Tue May 3 2011 Dan Williams <dcbw@redhat.com> - 1:0.7.3-8
- Don't crash when trying to access invalid properties via D-Bus (rh #678625)
* Mon May 2 2011 Dan Williams <dcbw@redhat.com> - 1:0.7.3-7
- Make examples read-only to avoid erroneous python dependency (rh #687952)
* Tue Apr 19 2011 Bill Nottingham <notting@redhat.com> - 1:0.7.3-6
- Fix EAP patch to only apply when building libeap
* Fri Mar 25 2011 Bill Nottingham <notting@redhat.com> - 1:0.7.3-5
- Add libeap/libeap-devel subpackge for WiMAX usage
* Mon Feb 07 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:0.7.3-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Tue Jan 11 2011 Dan Williams <dcbw@redhat.com> - 1:0.7.3-3
- Enable EAP-TNC (rh #659038)
* Wed Dec 15 2010 Dan Williams <dcbw@redhat.com> - 1:0.7.3-2
- Enable the bgscan_simple plugin
* Wed Dec 8 2010 Dan Williams <dcbw@redhat.com> - 1:0.7.3-1
- Update to 0.7.3
- Drop upstreamed and backported patches
- Drop support for Qt3
* Thu Oct 7 2010 Peter Lemenkov <lemenkov@gmail.com> - 1:0.6.8-11
- Added comments to some patches (see rhbz #226544#c17)
- Shortened %%install section a bit
* Thu May 13 2010 Dan Williams <dcbw@redhat.com> - 1:0.6.8-10
- Remove prereq on chkconfig
- Build GUI with qt4 for rawhide (rh #537105)
* Thu May 6 2010 Dan Williams <dcbw@redhat.com> - 1:0.6.8-9
- Fix crash when interfaces are removed (like suspend/resume) (rh #589507)
* Wed Jan 6 2010 Dan Williams <dcbw@redhat.com> - 1:0.6.8-8
- Fix handling of newer PKCS#12 files (rh #541924)
* Sun Nov 29 2009 Dan Williams <dcbw@redhat.com> - 1:0.6.8-7
- Fix supplicant initscript return value (rh #521807)
- Fix race when connecting to WPA-Enterprise/802.1x-enabled access points (rh #508509)
- Don't double-scan when attempting to associate
* Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 1:0.6.8-6
- rebuilt with new openssl
* Mon Jul 27 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:0.6.8-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Wed May 13 2009 Dan Williams <dcbw@redhat.com> - 1:0.6.8-4
- Let D-Bus clients know when the supplicant is scanning
* Tue May 12 2009 Dan Williams <dcbw@redhat.com> - 1:0.6.8-3
- Ensure the supplicant starts and ends with clean driver state
- Handle driver disconnect spammage by forcibly clearing SSID
- Don't switch access points unless the current association is dire (rh #493745)
* Tue May 12 2009 Dan Williams <dcbw@redhat.com> - 1:0.6.8-2
- Avoid creating bogus Ad-Hoc networks when forcing the driver to disconnect (rh #497771)
* Mon Mar 9 2009 Dan Williams <dcbw@redhat.com> - 1:0.6.8-1
- Update to latest upstream release
* Wed Feb 25 2009 Colin Walters <walters@verbum.org> - 1:0.6.7-4
- Add patch from upstream to suppress unrequested replies, this
quiets a dbus warning.
* Fri Feb 6 2009 Dan Williams <dcbw@redhat.com> - 1:0.6.7-3
- Fix scan result retrieval in very dense wifi environments
* Fri Feb 6 2009 Dan Williams <dcbw@redhat.com> - 1:0.6.7-2
- Ensure that drivers don't retry association when they aren't supposed to
* Fri Jan 30 2009 Dan Williams <dcbw@redhat.com> - 1:0.6.7-1
- Fix PEAP connections to Windows Server 2008 authenticators (rh #465022)
- Stop supplicant on uninstall (rh #447843)
- Suppress scan results message in logs (rh #466601)
* Sun Jan 18 2009 Tomas Mraz <tmraz@redhat.com> - 1:0.6.4-3
- rebuild with new openssl
* Wed Oct 15 2008 Dan Williams <dcbw@redhat.com> - 1:0.6.4-2
- Handle encryption keys correctly when switching 802.11 modes (rh #459399)
- Better scanning behavior on resume from suspend/hibernate
- Better interaction with newer kernels and drivers
* Wed Aug 27 2008 Dan Williams <dcbw@redhat.com> - 1:0.6.4-1
- Update to 0.6.4
- Remove 'hostap', 'madwifi', and 'prism54' drivers; use standard 'wext' instead
- Drop upstreamed patches
* Tue Jun 10 2008 Dan Williams <dcbw@redhat.com> - 1:0.6.3-6
- Fix 802.11a frequency bug
- Always schedule specific SSID scans to help find hidden APs
- Properly switch between modes on mac80211 drivers
- Give adhoc connections more time to assocate
* Mon Mar 10 2008 Christopher Aillon <caillon@redhat.com> - 1:0.6.3-5
- BuildRequires qt3-devel
* Sat Mar 8 2008 Dan Williams <dcbw@redhat.com> - 1:0.6.3-4
- Fix log file path in service config file
* Thu Mar 6 2008 Dan Williams <dcbw@redhat.com> - 1:0.6.3-3
- Don't start the supplicant by default when installed (rh #436380)
* Tue Mar 4 2008 Dan Williams <dcbw@redhat.com> - 1:0.6.3-2
- Fix a potential use-after-free in the D-Bus byte array demarshalling code
* Mon Mar 3 2008 Dan Williams <dcbw@redhat.com> - 1:0.6.3-1
- Update to latest development release; remove upstreamed patches
* Fri Feb 22 2008 Dan Williams <dcbw@redhat.com> 1:0.5.7-23
- Fix gcc 4.3 rebuild issues
* Mon Feb 18 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 1:0.5.7-22
- Autorebuild for GCC 4.3
* Tue Dec 25 2007 Dan Williams <dcbw@redhat.com> - 0.5.7-21
- Backport 'frequency' option for Ad-Hoc network configs
* Mon Dec 24 2007 Dan Williams <dcbw@redhat.com> - 0.5.7-20
- Fix LSB initscript header to ensure 'messagebus' is started first (rh #244029)
* Thu Dec 6 2007 Dan Williams <dcbw@redhat.com> - 1:0.5.7-19
- Fix two leaks when signalling state and scan results (rh #408141)
- Add logrotate config file (rh #404181)
- Add new LSB initscript header to initscript with correct deps (rh #244029)
- Move other runtime arguments to /etc/sysconfig/wpa_supplicant
- Start after messagebus service (rh #385191)
- Fix initscript 'condrestart' command (rh #217281)
* Tue Dec 4 2007 Matthias Clasen <mclasen@redhat.com> - 1:0.5.7-18
- Rebuild against new openssl
* Tue Dec 4 2007 Ville Skyttä <ville.skytta at iki.fi> - 1:0.5.7-17
- Group: Application/System -> Applications/System in -gui.
* Tue Nov 13 2007 Dan Williams <dcbw@redhat.com> - 0.5.7-16
- Add IW_ENCODE_TEMP patch for airo driver and Dynamic WEP
- Fix error in wpa_supplicant-0.5.7-ignore-dup-ca-cert-addition.patch that
caused the last error to not be printed
- Fix wpa_supplicant-0.5.7-ignore-dup-ca-cert-addition.patch to ignore
duplicate cert additions for all certs and keys
- Change license to BSD due to linkage against OpenSSL since there is no
OpenSSL exception in the GPLv2 license text that upstream ships
* Sun Oct 28 2007 Dan Williams <dcbw@redhat.com> - 0.5.7-15
- Fix Dynamic WEP associations with mac80211-based drivers
* Sun Oct 28 2007 Dan Williams <dcbw@redhat.com> - 0.5.7-14
- Don't error an association on duplicate CA cert additions
* Wed Oct 24 2007 Dan Williams <dcbw@redhat.com> - 0.5.7-13
- Correctly set the length of blobs added via the D-Bus interface
* Wed Oct 24 2007 Dan Williams <dcbw@redhat.com> - 0.5.7-12
- Fix conversion of byte arrays to strings by ensuring the buffer is NULL
terminated after conversion
* Sat Oct 20 2007 Dan Williams <dcbw@redhat.com> - 0.5.7-11
- Add BLOB support to the D-Bus interface
- Fix D-Bus interface permissions so that only root can use the wpa_supplicant
D-Bus interface
* Tue Oct 9 2007 Dan Williams <dcbw@redhat.com> - 0.5.7-10
- Don't segfault with dbus control interface enabled and invalid network
interface (rh #310531)
* Tue Sep 25 2007 Dan Williams <dcbw@redhat.com> - 0.5.7-9
- Always allow explicit wireless scans triggered from a control interface
* Thu Sep 20 2007 Dan Williams <dcbw@redhat.com> - 0.5.7-8
- Change system bus activation file name to work around D-Bus bug that fails
to launch services unless their .service file is named the same as the
service itself
* Fri Aug 24 2007 Dan Williams <dcbw@redhat.com> - 0.5.7-7
- Make SIGUSR1 change debug level on-the-fly; useful in combination with
the -f switch to log output to /var/log/wpa_supplicant.log
- Stop stripping binaries on install so we get debuginfo packages
- Remove service start requirement for interfaces & devices from sysconfig file,
since wpa_supplicant's D-Bus interface is now turned on
* Fri Aug 17 2007 Dan Williams <dcbw@redhat.com> - 0.5.7-6
- Fix compilation with RPM_OPT_FLAGS (rh #249951)
- Make debug output to logfile a runtime option
* Fri Aug 17 2007 Christopher Aillon <caillon@redhat.com> - 0.5.7-5
- Update the license tag
* Tue Jun 19 2007 Dan Williams <dcbw@redhat.com> - 0.5.7-4
- Fix initscripts to use -Dwext by default, be more verbose on startup
(rh #244511)
* Mon Jun 4 2007 Dan Williams <dcbw@redhat.com> - 0.5.7-3
- Fix buffer overflow by removing syslog patch (#rh242455)
* Mon Apr 9 2007 Dan Williams <dcbw@redhat.com> - 0.5.7-2
- Add patch to send output to syslog
* Thu Mar 15 2007 Dan Williams <dcbw@redhat.com> - 0.5.7-1
- Update to 0.5.7 stable release
* Fri Oct 27 2006 Dan Williams <dcbw@redhat.com> - 0.4.9-1
- Update to 0.4.9 for WE-21 fixes, remove upstreamed patches
- Don't package doc/ because they aren't actually wpa_supplicant user documentation,
and becuase it pulls in perl
* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 0.4.8-10.1
- rebuild
* Thu Apr 27 2006 Dan Williams <dcbw@redhat.com> - 0.4.8-10
- Add fix for madwifi and WEP (wpa_supplicant/hostap bud #140) (#rh190075#)
- Fix up madwifi-ng private ioctl()s for r1331 and later
- Update madwifi headers to r1475
* Tue Apr 25 2006 Dan Williams <dcbw@redhat.com> - 0.4.8-9
- Enable Wired driver, PKCS12, and Smartcard options (#rh189805#)
* Tue Apr 11 2006 Dan Williams <dcbw@redhat.com> - 0.4.8-8
- Fix control interface key obfuscation a bit
* Sun Apr 2 2006 Dan Williams <dcbw@redhat.com> - 0.4.8-7
- Work around older & incorrect drivers that return null-terminated SSIDs
* Mon Mar 27 2006 Dan Williams <dcbw@redhat.com> - 0.4.8-6
- Add patch to make orinoco happy with WEP keys
- Enable Prism54-specific driver
- Disable ipw-specific driver; ipw2x00 should be using WEXT instead
* Fri Mar 3 2006 Dan Williams <dcbw@redhat.com> - 0.4.8-5
- Increase association timeout, mainly for drivers that don't
fully support WPA ioctls yet
* Fri Mar 3 2006 Dan Williams <dcbw@redhat.com> - 0.4.8-4
- Add additional BuildRequires #rh181914#
- Add prereq on chkconfig #rh182905# #rh182906#
- Own /var/run/wpa_supplicant and /etc/wpa_supplicant #rh183696#
* Wed Mar 1 2006 Dan Williams <dcbw@redhat.com> - 0.4.8-3
- Install wpa_passphrase too #rh183480#
* Mon Feb 27 2006 Dan Williams <dcbw@redhat.com> - 0.4.8-2
- Don't expose private data on the control interface unless requested
* Fri Feb 24 2006 Dan Williams <dcbw@redhat.com> - 0.4.8-1
- Downgrade to 0.4.8 stable release rather than a dev release
* Sun Feb 12 2006 Dan Williams <dcbw@redhat.com> - 0.5.1-3
- Documentation cleanup (Terje Rosten <terje.rosten@ntnu.no>)
* Sun Feb 12 2006 Dan Williams <dcbw@redhat.com> - 0.5.1-2
- Move initscript to /etc/rc.d/init.d
* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 0.5.1-1.2
- bump again for double-long bug on ppc(64)
* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 0.5.1-1.1
- rebuilt for new gcc4.1 snapshot and glibc changes
* Sun Feb 5 2006 Dan Williams <dcbw@redhat.com> 0.5.1-1
- Update to 0.5.1
- Add WE auth fallback to actually work with older drivers
* Thu Jan 26 2006 Dan Williams <dcbw@redhat.com> 0.4.7-2
- Bring package into Fedora Core
- Add ap_scan control interface patch
- Enable madwifi-ng driver
* Sun Jan 15 2006 Douglas E. Warner <silfreed@silfreed.net> 0.4.7-1
- upgrade to 0.4.7
- added package w/ wpa_gui in it
* Mon Nov 14 2005 Douglas E. Warner <silfreed@silfreed.net> 0.4.6-1
- upgrade to 0.4.6
- adding ctrl interface changes recommended
by Hugo Paredes <hugo.paredes@e-know.org>
* Sun Oct 9 2005 Douglas E. Warner <silfreed@silfreed.net> 0.4.5-1
- upgrade to 0.4.5
- updated config file wpa_supplicant is built with
especially, the ipw2100 driver changed to just ipw
and enabled a bunch more EAP
- disabled dist tag
* Thu Jun 30 2005 Douglas E. Warner <silfreed@silfreed.net> 0.4.2-3
- fix typo in init script
* Thu Jun 30 2005 Douglas E. Warner <silfreed@silfreed.net> 0.4.2-2
- fixing init script using fedora-extras' template
- removing chkconfig default startup
* Tue Jun 21 2005 Douglas E. Warner <silfreed@silfreed.net> 0.4.2-1
- upgrade to 0.4.2
- new sample conf file that will use any unrestricted AP
- make sysconfig config entry
- new BuildRoot for Fedora Extras
- adding dist tag to Release
* Fri May 06 2005 Douglas E. Warner <silfreed@silfreed.net> 0.3.8-1
- upgrade to 0.3.8
* Thu Feb 10 2005 Douglas E. Warner <silfreed@silfreed.net> 0.3.6-2
- compile ipw driver in
* Wed Feb 09 2005 Douglas E. Warner <silfreed@silfreed.net> 0.3.6-1
- upgrade to 0.3.6
* Thu Dec 23 2004 Douglas E. Warner <silfreed@silfreed.net> 0.2.5-4
- fixing init script
* Mon Dec 20 2004 Douglas E. Warner <silfreed@silfreed.net> 0.2.5-3
- fixing init script
- adding post/preun items to add/remove via chkconfig
* Mon Dec 20 2004 Douglas E. Warner <silfreed@silfreed.net> 0.2.5-2
- adding sysV scripts
* Mon Dec 20 2004 Douglas E. Warner <silfreed@silfreed.net> 0.2.5-1
- Initial RPM release.
Write Preview
Loading…
Cancel
Save