Hello community, here is the log from the commit of package hostapd for openSUSE:Factory checked in at 2015-11-22 11:01:02 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/hostapd (Old) and /work/SRC/openSUSE:Factory/.hostapd.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "hostapd" Changes: -------- --- /work/SRC/openSUSE:Factory/hostapd/hostapd.changes 2015-05-15 09:03:45.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.hostapd.new/hostapd.changes 2015-11-22 11:03:02.000000000 +0100 @@ -1,0 +2,46 @@ +Sun Oct 18 12:59:02 UTC 2015 - [email protected] + +- update to upstream release 2.5 +- removed 0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch + (CVE-2015-1863) because it's fixed in upstream release 2.5 +- rebased hostapd-2.4-defconfig.patch -> hostapd-2.5-defconfig.patch + +ChangeLog for hostapd since 2.4: + +2015-09-27 - v2.5 + * fixed WPS UPnP vulnerability with HTTP chunked transfer encoding + [http://w1.fi/security/2015-2/] (CVE-2015-4141 bsc#930077) + * fixed WMM Action frame parser + [http://w1.fi/security/2015-3/] (CVE-2015-4142 bsc#930078) + * fixed EAP-pwd server missing payload length validation + [http://w1.fi/security/2015-4/] + (CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, bsc#930079) + * fixed validation of WPS and P2P NFC NDEF record payload length + [http://w1.fi/security/2015-5/] + * nl80211: + - fixed vendor command handling to check OUI properly + * fixed hlr_auc_gw build with OpenSSL + * hlr_auc_gw: allow Milenage RES length to be reduced + * disable HT for a station that does not support WMM/QoS + * added support for hashed password (NtHash) in EAP-pwd server + * fixed and extended dynamic VLAN cases + * added EAP-EKE server support for deriving Session-Id + * set Acct-Session-Id to a random value to make it more likely to be + unique even if the device does not have a proper clock + * added more 2.4 GHz channels for 20/40 MHz HT co-ex scan + * modified SAE routines to be more robust and PWE generation to be + stronger against timing attacks + * added support for Brainpool Elliptic Curves with SAE + * increases maximum value accepted for cwmin/cwmax + * added support for CCMP-256 and GCMP-256 as group ciphers with FT + * added Fast Session Transfer (FST) module + * removed optional fields from RSNE when using FT with PMF + (workaround for interoperability issues with iOS 8.4) + * added EAP server support for TLS session resumption + * fixed key derivation for Suite B 192-bit AKM (this breaks + compatibility with the earlier version) + * added mechanism to track unconnected stations and do minimal band + steering + * number of small fixes + +------------------------------------------------------------------- Old: ---- 0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch hostapd-2.4-defconfig.patch hostapd-2.4.tar.gz New: ---- hostapd-2.5-defconfig.patch hostapd-2.5.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ hostapd.spec ++++++ --- /var/tmp/diff_new_pack.sGKPxT/_old 2015-11-22 11:03:03.000000000 +0100 +++ /var/tmp/diff_new_pack.sGKPxT/_new 2015-11-22 11:03:03.000000000 +0100 @@ -26,15 +26,13 @@ Summary: Turns Your WLAN Card into a WPA capable Access Point License: GPL-2.0 or BSD-3-Clause Group: Hardware/Wifi -Version: 2.4 +Version: 2.5 Release: 0 BuildRoot: %{_tmppath}/%{name}-%{version}-build Url: http://w1.fi/ Source: http://w1.fi/releases/hostapd-%{version}.tar.gz Source1: hostapd.service -Patch0: hostapd-2.4-defconfig.patch -# CVE-2015-1863 -Patch1: 0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch +Patch0: hostapd-2.5-defconfig.patch %{?systemd_requires} %description @@ -49,7 +47,6 @@ %prep %setup -q -n hostapd-%{version} %patch0 -p0 -%patch1 -p1 cd hostapd cp defconfig .config ++++++ hostapd-2.4-defconfig.patch -> hostapd-2.5-defconfig.patch ++++++ --- /work/SRC/openSUSE:Factory/hostapd/hostapd-2.4-defconfig.patch 2015-05-15 09:03:45.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.hostapd.new/hostapd-2.5-defconfig.patch 2015-11-22 11:03:02.000000000 +0100 @@ -1,5 +1,5 @@ ---- hostapd/defconfig.orig 2015-04-23 22:09:41.502518110 +0200 -+++ hostapd/defconfig 2015-04-23 22:15:09.225421010 +0200 +--- ./hostapd/defconfig.orig 2015-10-18 15:11:32.152380752 +0200 ++++ ./hostapd/defconfig 2015-10-18 15:18:07.240441471 +0200 @@ -28,7 +28,7 @@ #CONFIG_LIBNL20=y @@ -18,7 +18,7 @@ # IEEE 802.11F/IAPP CONFIG_IAPP=y -@@ -78,50 +78,50 @@ +@@ -78,53 +78,53 @@ CONFIG_EAP_TTLS=y # EAP-SIM for the integrated EAP server @@ -83,7 +83,11 @@ +CONFIG_EAP_TNC=y # EAP-EKE for the integrated EAP server - #CONFIG_EAP_EKE=y +-#CONFIG_EAP_EKE=y ++CONFIG_EAP_EKE=y + + # PKCS#12 (PFX) support (used to read private key and certificate file from + # a file that usually has extension .p12 or .pfx) @@ -132,27 +132,27 @@ # RADIUS authentication server. This provides access to the integrated EAP @@ -127,7 +131,13 @@ # Use netlink-based kernel API for VLAN operations instead of ioctl() # Note: This requires libnl 3.1 or newer. -@@ -250,11 +250,11 @@ +@@ -251,16 +251,16 @@ + # gnutls = GnuTLS + # internal = Internal TLSv1 implementation (experimental) + # none = Empty template +-#CONFIG_TLS=openssl ++CONFIG_TLS=openssl + # TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1) # can be enabled to get a stronger construction of messages when block ciphers # are used. @@ -141,7 +151,7 @@ # If CONFIG_TLS=internal is used, additional library and include paths are # needed for LibTomMath. Alternatively, an integrated, minimal version of -@@ -275,13 +275,13 @@ +@@ -281,13 +281,13 @@ # Interworking (IEEE 802.11u) # This can be used to enable functionality to improve interworking with # external networks. @@ -156,5 +166,5 @@ -#CONFIG_SQLITE=y +CONFIG_SQLITE=y - # Testing options - # This can be used to enable some testing options (see also the example + # Enable Fast Session Transfer (FST) + #CONFIG_FST=y ++++++ hostapd-2.4.tar.gz -> hostapd-2.5.tar.gz ++++++ ++++ 30576 lines of diff (skipped)
