Hello community, here is the log from the commit of package hostapd for openSUSE:Factory checked in at 2015-01-08 23:02:34 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/hostapd (Old) and /work/SRC/openSUSE:Factory/.hostapd.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "hostapd" Changes: -------- --- /work/SRC/openSUSE:Factory/hostapd/hostapd.changes 2014-06-02 07:00:55.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.hostapd.new/hostapd.changes 2015-01-08 23:02:40.000000000 +0100 @@ -1,0 +2,116 @@ +Mon Jan 5 19:23:24 UTC 2015 - [email protected] + +- update version 2.3 +- removed patch hostapd-2.1-be-host_to_le.patch because it + seems obsolete +- hostapd-2.1-defconfig.patch rediffed and renamed to hostapd-2.3-defconfig.patch + +ChangeLog for hostapd since 2.1: + +2014-10-09 - v2.3 + * fixed number of minor issues identified in static analyzer warnings + * fixed DFS and channel switch operation for multi-BSS cases + * started to use constant time comparison for various password and hash + values to reduce possibility of any externally measurable timing + differences + * extended explicit clearing of freed memory and expired keys to avoid + keeping private data in memory longer than necessary + * added support for number of new RADIUS attributes from RFC 7268 + (Mobility-Domain-Id, WLAN-HESSID, WLAN-Pairwise-Cipher, + WLAN-Group-Cipher, WLAN-AKM-Suite, WLAN-Group-Mgmt-Pairwise-Cipher) + * fixed GET_CONFIG wpa_pairwise_cipher value + * added code to clear bridge FDB entry on station disconnection + * fixed PMKSA cache timeout from Session-Timeout for WPA/WPA2 cases + * fixed OKC PMKSA cache entry fetch to avoid a possible infinite loop + in case the first entry does not match + * fixed hostapd_cli action script execution to use more robust mechanism + (CVE-2014-3686) + +2014-06-04 - v2.2 + * fixed SAE confirm-before-commit validation to avoid a potential + segmentation fault in an unexpected message sequence that could be + triggered remotely + * extended VHT support + - Operating Mode Notification + - Power Constraint element (local_pwr_constraint) + - Spectrum management capability (spectrum_mgmt_required=1) + - fix VHT80 segment picking in ACS + - fix vht_capab 'Maximum A-MPDU Length Exponent' handling + - fix VHT20 + * fixed HT40 co-ex scan for some pri/sec channel switches + * extended HT40 co-ex support to allow dynamic channel width changes + during the lifetime of the BSS + * fixed HT40 co-ex support to check for overlapping 20 MHz BSS + * fixed MSCHAP UTF-8 to UCS-2 conversion for three-byte encoding; + this fixes password with include UTF-8 characters that use + three-byte encoding EAP methods that use NtPasswordHash + * reverted TLS certificate validation step change in v2.1 that rejected + any AAA server certificate with id-kp-clientAuth even if + id-kp-serverAuth EKU was included + * fixed STA validation step for WPS ER commands to prevent a potential + crash if an ER sends an unexpected PutWLANResponse to a station that + is disassociated, but not fully removed + * enforce full EAP authentication after RADIUS Disconnect-Request by + removing the PMKSA cache entry + * added support for NAS-IP-Address, NAS-identifier, and NAS-IPv6-Address + in RADIUS Disconnect-Request + * added mechanism for removing addresses for MAC ACLs by prefixing an + entry with "-" + * Interworking/Hotspot 2.0 enhancements + - support Hotspot 2.0 Release 2 + * OSEN network for online signup connection + * subscription remediation (based on RADIUS server request or + control interface HS20_WNM_NOTIF for testing purposes) + * Hotspot 2.0 release number indication in WFA RADIUS VSA + * deauthentication request (based on RADIUS server request or + control interface WNM_DEAUTH_REQ for testing purposes) + * Session Info URL RADIUS AVP to trigger ESS Disassociation Imminent + * hs20_icon config parameter to configure icon files for OSU + * osu_* config parameters for OSU Providers list + - do not use Interworking filtering rules on Probe Request if + Interworking is disabled to avoid interop issues + * added/fixed nl80211 functionality + - AP interface teardown optimization + - support vendor specific driver command + (VENDOR <vendor id> <sub command id> [<hex formatted data>]) + * fixed PMF protection of Deauthentication frame when this is triggered + by session timeout + * internal TLS implementation enhancements/fixes + - add SHA256-based cipher suites + - add DHE-RSA cipher suites + - fix X.509 validation of PKCS#1 signature to check for extra data + * RADIUS server functionality + - add minimal RADIUS accounting server support (hostapd-as-server); + this is mainly to enable testing coverage with hwsim scripts + - allow authentication log to be written into SQLite databse + - added option for TLS protocol testing of an EAP peer by simulating + various misbehaviors/known attacks + - MAC ACL support for testing purposes + * fixed PTK derivation for CCMP-256 and GCMP-256 + * extended WPS per-station PSK to support ER case + * added option to configure the management group cipher + (group_mgmt_cipher=AES-128-CMAC (default), BIP-GMAC-128, BIP-GMAC-256, + BIP-CMAC-256) + * fixed AP mode default TXOP Limit values for AC_VI and AC_VO (these + were rounded incorrectly) + * added support for postponing FT response in case PMK-R1 needs to be + pulled from R0KH + * added option to advertise 40 MHz intolerant HT capability with + ht_capab=[40-INTOLERANT] + * remove WPS 1.0 only support, i.e., WSC 2.0 support is now enabled + whenever CONFIG_WPS=y is set + * EAP-pwd fixes + - fix possible segmentation fault on EAP method deinit if an invalid + group is negotiated + * fixed RADIUS client retransmit/failover behavior + - there was a potential ctash due to freed memory being accessed + - failover to a backup server mechanism did not work properly + * fixed a possible crash on double DISABLE command when multiple BSSes + are enabled + * fixed a memory leak in SAE random number generation + * fixed GTK rekeying when the station uses FT protocol + * fixed off-by-one bounds checking in printf_encode() + - this could result in deinial of service in some EAP server cases + * various bug fixes + +------------------------------------------------------------------- Old: ---- hostapd-2.1-be-host_to_le.patch hostapd-2.1-defconfig.patch hostapd-2.1.tar.gz New: ---- hostapd-2.3-defconfig.patch hostapd-2.3.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ hostapd.spec ++++++ --- /var/tmp/diff_new_pack.Cmoar9/_old 2015-01-08 23:02:40.000000000 +0100 +++ /var/tmp/diff_new_pack.Cmoar9/_new 2015-01-08 23:02:40.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package hostapd # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -24,14 +24,13 @@ Summary: Turns Your WLAN Card into a WPA capable Access Point License: GPL-2.0 or BSD-3-Clause Group: Hardware/Wifi -Version: 2.1 +Version: 2.3 Release: 0 BuildRoot: %{_tmppath}/%{name}-%{version}-build Url: http://hostap.epitest.fi/ Source: http://hostap.epitest.fi/releases/hostapd-%{version}.tar.gz Source1: hostapd.service -Patch0: hostapd-2.1-defconfig.patch -Patch1: hostapd-2.1-be-host_to_le.patch +Patch0: hostapd-2.3-defconfig.patch %{?systemd_requires} %description @@ -45,8 +44,7 @@ %prep %setup -q -n hostapd-%{version} -%patch0 -p1 -%patch1 -p1 +%patch0 -p0 cd hostapd cp defconfig .config ++++++ hostapd-2.1-defconfig.patch -> hostapd-2.3-defconfig.patch ++++++ --- /work/SRC/openSUSE:Factory/hostapd/hostapd-2.1-defconfig.patch 2014-06-02 07:00:55.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.hostapd.new/hostapd-2.3-defconfig.patch 2015-01-08 23:02:39.000000000 +0100 @@ -1,6 +1,6 @@ ---- hostapd-2.1.orig/hostapd/defconfig -+++ hostapd-2.1/hostapd/defconfig -@@ -32,7 +32,7 @@ CONFIG_DRIVER_NL80211=y +--- hostapd/defconfig.orig 2015-01-05 20:43:43.726052529 +0100 ++++ hostapd/defconfig 2015-01-05 20:48:46.758264105 +0100 +@@ -32,7 +32,7 @@ #CONFIG_LIBNL20=y # Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored) @@ -9,7 +9,7 @@ # Driver interface for FreeBSD net80211 layer (e.g., Atheros driver) -@@ -43,7 +43,7 @@ CONFIG_DRIVER_NL80211=y +@@ -43,7 +43,7 @@ #LIBS_c += -L/usr/local/lib # Driver interface for no driver (e.g., RADIUS server only) @@ -18,16 +18,7 @@ # IEEE 802.11F/IAPP CONFIG_IAPP=y -@@ -58,7 +58,7 @@ CONFIG_PEERKEY=y - # This version is an experimental implementation based on IEEE 802.11w/D1.0 - # draft and is subject to change since the standard has not yet been finalized. - # Driver support is also needed for IEEE 802.11w. --#CONFIG_IEEE80211W=y -+CONFIG_IEEE80211W=y - - # Integrated EAP server - CONFIG_EAP=y -@@ -82,52 +82,52 @@ CONFIG_EAP_GTC=y +@@ -79,50 +79,50 @@ CONFIG_EAP_TTLS=y # EAP-SIM for the integrated EAP server @@ -76,9 +67,6 @@ # Wi-Fi Protected Setup (WPS) -#CONFIG_WPS=y +CONFIG_WPS=y - # Enable WSC 2.0 support --#CONFIG_WPS2=y -+CONFIG_WPS2=y # Enable UPnP support for external WPS Registrars -#CONFIG_WPS_UPNP=y +CONFIG_WPS_UPNP=y @@ -96,7 +84,7 @@ # EAP-EKE for the integrated EAP server #CONFIG_EAP_EKE=y -@@ -138,27 +138,27 @@ CONFIG_PKCS12=y +@@ -133,27 +133,27 @@ # RADIUS authentication server. This provides access to the integrated EAP # server from external hosts using RADIUS. @@ -130,7 +118,7 @@ # Remove debugging code that is printing out debug messages to stdout. # This can be used to reduce the size of the hostapd considerably if debugging -@@ -186,7 +186,7 @@ CONFIG_IPV6=y +@@ -181,7 +181,7 @@ # Enable support for fully dynamic VLANs. This enables hostapd to # automatically create bridge and VLAN interfaces if necessary. @@ -139,7 +127,7 @@ # Use netlink-based kernel API for VLAN operations instead of ioctl() # Note: This requires libnl 3.1 or newer. -@@ -256,11 +256,11 @@ CONFIG_IPV6=y +@@ -251,11 +251,11 @@ # TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1) # can be enabled to get a stronger construction of messages when block ciphers # are used. @@ -153,7 +141,7 @@ # If CONFIG_TLS=internal is used, additional library and include paths are # needed for LibTomMath. Alternatively, an integrated, minimal version of -@@ -281,13 +281,13 @@ CONFIG_IPV6=y +@@ -276,13 +276,13 @@ # Interworking (IEEE 802.11u) # This can be used to enable functionality to improve interworking with # external networks. ++++++ hostapd-2.1.tar.gz -> hostapd-2.3.tar.gz ++++++ ++++ 47839 lines of diff (skipped) -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
