Hello community, here is the log from the commit of package hostapd for openSUSE:Factory checked in at 2018-12-24 11:47:19 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/hostapd (Old) and /work/SRC/openSUSE:Factory/.hostapd.new.28833 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "hostapd" Mon Dec 24 11:47:19 2018 rev:34 rq:660560 version:2.7 Changes: -------- --- /work/SRC/openSUSE:Factory/hostapd/hostapd.changes 2018-10-23 20:38:22.184689147 +0200 +++ /work/SRC/openSUSE:Factory/.hostapd.new.28833/hostapd.changes 2018-12-24 11:47:19.569137295 +0100 @@ -1,0 +2,80 @@ +Mon Dec 17 09:07:15 UTC 2018 - Karol Babioch <[email protected]> + +- Applied spec-cleaner +- Added bug reference +- Use defconfig file as template for configuration instead of patching it + during build. This is easier to maintain in the long run. This removes the + patch hostapd-2.6-defconfig.patch in favor of a simple config file, which is + copied over from the source directory. +- Enabled CLI editing and history support. + +------------------------------------------------------------------- +Fri Dec 7 20:46:47 UTC 2018 - [email protected] + +- Update to version 2.7 + * fixed WPA packet number reuse with replayed messages and key + reinstallation + [http://w1.fi/security/2017-1/] (CVE-2017-13082) (bsc#1056061) + * added support for FILS (IEEE 802.11ai) shared key authentication + * added support for OWE (Opportunistic Wireless Encryption, RFC 8110; + and transition mode defined by WFA) + * added support for DPP (Wi-Fi Device Provisioning Protocol) + * FT: + - added local generation of PMK-R0/PMK-R1 for FT-PSK + (ft_psk_generate_local=1) + - replaced inter-AP protocol with a cleaner design that is more + easily extensible; this breaks backward compatibility and requires + all APs in the ESS to be updated at the same time to maintain FT + functionality + - added support for wildcard R0KH/R1KH + - replaced r0_key_lifetime (minutes) parameter with + ft_r0_key_lifetime (seconds) + - fixed wpa_psk_file use for FT-PSK + - fixed FT-SAE PMKID matching + - added expiration to PMK-R0 and PMK-R1 cache + - added IEEE VLAN support (including tagged VLANs) + - added support for SHA384 based AKM + * SAE + - fixed some PMKSA caching cases with SAE + - added support for configuring SAE password separately of the + WPA2 PSK/passphrase + - added option to require MFP for SAE associations + (sae_require_pmf=1) + - fixed PTK and EAPOL-Key integrity and key-wrap algorithm selection + for SAE; + note: this is not backwards compatible, i.e., both the AP and + station side implementations will need to be update at the same + time to maintain interoperability + - added support for Password Identifier + * hostapd_cli: added support for command history and completion + * added support for requesting beacon report + * large number of other fixes, cleanup, and extensions + * added option to configure EAPOL-Key retry limits + (wpa_group_update_count and wpa_pairwise_update_count) + * removed all PeerKey functionality + * fixed nl80211 AP mode configuration regression with Linux 4.15 and + newer + * added support for using wolfSSL cryptographic library + * fixed some 20/40 MHz coexistence cases where the BSS could drop to + 20 MHz even when 40 MHz would be allowed + * Hotspot 2.0 + - added support for setting Venue URL ANQP-element (venue_url) + - added support for advertising Hotspot 2.0 operator icons + - added support for Roaming Consortium Selection element + - added support for Terms and Conditions + - added support for OSEN connection in a shared RSN BSS + * added support for using OpenSSL 1.1.1 + * added EAP-pwd server support for salted passwords + +- Remove not longer needed patches (fixed upstream) + * rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch + * rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch + * rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch + * rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch + * rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch + * rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch + * rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch + * rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch +- Verify source signature + +------------------------------------------------------------------- Old: ---- hostapd-2.6-defconfig.patch hostapd-2.6.tar.gz rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch New: ---- config hostapd-2.7.tar.gz hostapd-2.7.tar.gz.asc hostapd.keyring ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ hostapd.spec ++++++ --- /var/tmp/diff_new_pack.5MN4o7/_old 2018-12-24 11:47:20.077136849 +0100 +++ /var/tmp/diff_new_pack.5MN4o7/_new 2018-12-24 11:47:20.081136846 +0100 @@ -17,30 +17,24 @@ Name: hostapd +Version: 2.7 +Release: 0 +Summary: Turns Your WLAN Card into a WPA capable Access Point +License: GPL-2.0-only OR BSD-3-Clause +Group: Hardware/Wifi +URL: https://w1.fi/ +Source: https://w1.fi/releases/hostapd-%{version}.tar.gz +Source1: https://w1.fi/releases/hostapd-%{version}.tar.gz.asc +# https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x2B6EF432EFC895FA#/%%{name}.keyring +Source2: %{name}.keyring +Source3: config +Source4: hostapd.service BuildRequires: libnl3-devel BuildRequires: openssl-devel -BuildRequires: pkg-config +BuildRequires: pkgconfig BuildRequires: sqlite3-devel BuildRequires: pkgconfig(libnl-3.0) >= 3.0 BuildRequires: pkgconfig(systemd) -Summary: Turns Your WLAN Card into a WPA capable Access Point -License: GPL-2.0-only OR BSD-3-Clause -Group: Hardware/Wifi -Version: 2.6 -Release: 0 -BuildRoot: %{_tmppath}/%{name}-%{version}-build -Url: http://w1.fi/ -Source: http://w1.fi/releases/hostapd-%{version}.tar.gz -Source1: hostapd.service -Patch0: hostapd-2.6-defconfig.patch -Patch1: rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch -Patch2: rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch -Patch3: rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch -Patch4: rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch -Patch5: rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch -Patch6: rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch -Patch7: rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch -Patch8: rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch %{?systemd_requires} %description @@ -51,44 +45,32 @@ madwifi, and prism54 drivers. It also supports wired IEEE 802.1X authentication via any ethernet driver. - %prep -%setup -q -n hostapd-%{version} -%patch0 -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 -%patch8 -p1 - -cd hostapd -cp defconfig .config +%setup -q +cp %{SOURCE3} hostapd/.config %build cd hostapd -CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE $(getconf LFS_CFLAGS)" CC="%{__cc}" make %{?_smp_mflags} V=1 +CFLAGS="%{optflags} -D_GNU_SOURCE $(getconf LFS_CFLAGS)" CC="gcc" make %{?_smp_mflags} V=1 %install cd hostapd -mkdir -p %{buildroot}/%{_sbindir} -mkdir %{buildroot}/etc -mkdir -p %{buildroot}/%{_mandir}/man8 +install -d %{buildroot}/%{_sbindir} +install -d %{buildroot}%{_sysconfdir} +install -d %{buildroot}/%{_mandir}/man8 install -m 755 hostapd %{buildroot}/%{_sbindir} -ln -s /usr/sbin/service %{buildroot}/%{_sbindir}/rchostapd +ln -s %{_sbindir}/service %{buildroot}/%{_sbindir}/rchostapd install -m 755 hostapd_cli %{buildroot}/%{_sbindir} -install -m 600 hostapd.conf %{buildroot}/etc -install -m 644 hostapd.accept %{buildroot}/etc -install -m 644 hostapd.deny %{buildroot}/etc -install -m 600 hostapd.eap_user %{buildroot}/etc -install -m 600 hostapd.radius_clients %{buildroot}/etc -install -m 644 hostapd.sim_db %{buildroot}/etc -install -m 644 hostapd.vlan %{buildroot}/etc -install -m 600 hostapd.wpa_psk %{buildroot}/etc +install -m 600 hostapd.conf %{buildroot}%{_sysconfdir} +install -m 644 hostapd.accept %{buildroot}%{_sysconfdir} +install -m 644 hostapd.deny %{buildroot}%{_sysconfdir} +install -m 600 hostapd.eap_user %{buildroot}%{_sysconfdir} +install -m 600 hostapd.radius_clients %{buildroot}%{_sysconfdir} +install -m 644 hostapd.sim_db %{buildroot}%{_sysconfdir} +install -m 644 hostapd.vlan %{buildroot}%{_sysconfdir} +install -m 600 hostapd.wpa_psk %{buildroot}%{_sysconfdir} install -m 644 hostapd.8 %{buildroot}/%{_mandir}/man8 -install -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/hostapd.service +install -D -m 0644 %{SOURCE4} %{buildroot}%{_unitdir}/hostapd.service %pre %service_add_pre hostapd.service @@ -103,11 +85,11 @@ %service_del_postun hostapd.service %files -%defattr(-,root,root) -%config(noreplace) /etc/hostapd.* +%config(noreplace) %{_sysconfdir}/hostapd.* %{_sbindir}/* -%doc hostapd/ChangeLog COPYING hostapd/README hostapd/wired.conf hostapd/hostapd.conf -%doc %{_mandir}/man8/* +%license COPYING +%doc hostapd/ChangeLog hostapd/README hostapd/wired.conf hostapd/hostapd.conf +%{_mandir}/man8/* %{_unitdir}/hostapd.service %changelog ++++++ config ++++++ # Example hostapd build time configuration # # This file lists the configuration options that are used when building the # hostapd binary. All lines starting with # are ignored. Configuration option # lines must be commented out complete, if they are not to be included, i.e., # just setting VARIABLE=n is not disabling that variable. # # This file is included in Makefile, so variables like CFLAGS and LIBS can also # be modified from here. In most cass, these lines should use += in order not # to override previous values of the variables. # Driver interface for Host AP driver CONFIG_DRIVER_HOSTAP=y # Driver interface for wired authenticator #CONFIG_DRIVER_WIRED=y # Driver interface for drivers using the nl80211 kernel interface CONFIG_DRIVER_NL80211=y # QCA vendor extensions to nl80211 #CONFIG_DRIVER_NL80211_QCA=y # driver_nl80211.c requires libnl. If you are compiling it yourself # you may need to point hostapd to your version of libnl. # #CFLAGS += -I$<path to libnl include files> #LIBS += -L$<path to libnl library files> # Use libnl v2.0 (or 3.0) libraries. #CONFIG_LIBNL20=y # Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored) CONFIG_LIBNL32=y # Driver interface for FreeBSD net80211 layer (e.g., Atheros driver) #CONFIG_DRIVER_BSD=y #CFLAGS += -I/usr/local/include #LIBS += -L/usr/local/lib #LIBS_p += -L/usr/local/lib #LIBS_c += -L/usr/local/lib # Driver interface for no driver (e.g., RADIUS server only) CONFIG_DRIVER_NONE=y # IEEE 802.11F/IAPP CONFIG_IAPP=y # WPA2/IEEE 802.11i RSN pre-authentication CONFIG_RSN_PREAUTH=y # IEEE 802.11w (management frame protection) CONFIG_IEEE80211W=y # Integrated EAP server CONFIG_EAP=y # EAP Re-authentication Protocol (ERP) in integrated EAP server CONFIG_ERP=y # EAP-MD5 for the integrated EAP server CONFIG_EAP_MD5=y # EAP-TLS for the integrated EAP server CONFIG_EAP_TLS=y # EAP-MSCHAPv2 for the integrated EAP server CONFIG_EAP_MSCHAPV2=y # EAP-PEAP for the integrated EAP server CONFIG_EAP_PEAP=y # EAP-GTC for the integrated EAP server CONFIG_EAP_GTC=y # EAP-TTLS for the integrated EAP server CONFIG_EAP_TTLS=y # EAP-SIM for the integrated EAP server CONFIG_EAP_SIM=y # EAP-AKA for the integrated EAP server CONFIG_EAP_AKA=y # EAP-AKA' for the integrated EAP server # This requires CONFIG_EAP_AKA to be enabled, too. CONFIG_EAP_AKA_PRIME=y # EAP-PAX for the integrated EAP server CONFIG_EAP_PAX=y # EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK) CONFIG_EAP_PSK=y # EAP-pwd for the integrated EAP server (secure authentication with a password) CONFIG_EAP_PWD=y # EAP-SAKE for the integrated EAP server CONFIG_EAP_SAKE=y # EAP-GPSK for the integrated EAP server CONFIG_EAP_GPSK=y # Include support for optional SHA256 cipher suite in EAP-GPSK CONFIG_EAP_GPSK_SHA256=y # EAP-FAST for the integrated EAP server # Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed # for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g., # with openssl-0.9.8x-tls-extensions.patch, to add the needed functions. #CONFIG_EAP_FAST=y # Wi-Fi Protected Setup (WPS) CONFIG_WPS=y # Enable UPnP support for external WPS Registrars CONFIG_WPS_UPNP=y # Enable WPS support with NFC config method CONFIG_WPS_NFC=y # EAP-IKEv2 CONFIG_EAP_IKEV2=y # Trusted Network Connect (EAP-TNC) CONFIG_EAP_TNC=y # EAP-EKE for the integrated EAP server CONFIG_EAP_EKE=y # PKCS#12 (PFX) support (used to read private key and certificate file from # a file that usually has extension .p12 or .pfx) CONFIG_PKCS12=y # RADIUS authentication server. This provides access to the integrated EAP # server from external hosts using RADIUS. #CONFIG_RADIUS_SERVER=y # Build IPv6 support for RADIUS operations CONFIG_IPV6=y # IEEE Std 802.11r-2008 (Fast BSS Transition) CONFIG_IEEE80211R=y # Use the hostapd's IEEE 802.11 authentication (ACL), but without # the IEEE 802.11 Management capability (e.g., FreeBSD/net80211) CONFIG_DRIVER_RADIUS_ACL=y # IEEE 802.11n (High Throughput) support CONFIG_IEEE80211N=y # Wireless Network Management (IEEE Std 802.11v-2011) # Note: This is experimental and not complete implementation. CONFIG_WNM=y # IEEE 802.11ac (Very High Throughput) support CONFIG_IEEE80211AC=y # IEEE 802.11ax HE support # Note: This is experimental and work in progress. The definitions are still # subject to change and this should not be expected to interoperate with the # final IEEE 802.11ax version. #CONFIG_IEEE80211AX=y # Remove debugging code that is printing out debug messages to stdout. # This can be used to reduce the size of the hostapd considerably if debugging # code is not needed. #CONFIG_NO_STDOUT_DEBUG=y # Add support for writing debug log to a file: -f /tmp/hostapd.log # Disabled by default. #CONFIG_DEBUG_FILE=y # Send debug messages to syslog instead of stdout #CONFIG_DEBUG_SYSLOG=y # Add support for sending all debug messages (regardless of debug verbosity) # to the Linux kernel tracing facility. This helps debug the entire stack by # making it easy to record everything happening from the driver up into the # same file, e.g., using trace-cmd. #CONFIG_DEBUG_LINUX_TRACING=y # Remove support for RADIUS accounting #CONFIG_NO_ACCOUNTING=y # Remove support for RADIUS #CONFIG_NO_RADIUS=y # Remove support for VLANs #CONFIG_NO_VLAN=y # Enable support for fully dynamic VLANs. This enables hostapd to # automatically create bridge and VLAN interfaces if necessary. CONFIG_FULL_DYNAMIC_VLAN=y # Use netlink-based kernel API for VLAN operations instead of ioctl() # Note: This requires libnl 3.1 or newer. CONFIG_VLAN_NETLINK=y # Remove support for dumping internal state through control interface commands # This can be used to reduce binary size at the cost of disabling a debugging # option. #CONFIG_NO_DUMP_STATE=y # Enable tracing code for developer debugging # This tracks use of memory allocations and other registrations and reports # incorrect use with a backtrace of call (or allocation) location. #CONFIG_WPA_TRACE=y # For BSD, comment out these. #LIBS += -lexecinfo #LIBS_p += -lexecinfo #LIBS_c += -lexecinfo # Use libbfd to get more details for developer debugging # This enables use of libbfd to get more detailed symbols for the backtraces # generated by CONFIG_WPA_TRACE=y. #CONFIG_WPA_TRACE_BFD=y # For BSD, comment out these. #LIBS += -lbfd -liberty -lz #LIBS_p += -lbfd -liberty -lz #LIBS_c += -lbfd -liberty -lz # hostapd depends on strong random number generation being available from the # operating system. os_get_random() function is used to fetch random data when # needed, e.g., for key generation. On Linux and BSD systems, this works by # reading /dev/urandom. It should be noted that the OS entropy pool needs to be # properly initialized before hostapd is started. This is important especially # on embedded devices that do not have a hardware random number generator and # may by default start up with minimal entropy available for random number # generation. # # As a safety net, hostapd is by default trying to internally collect # additional entropy for generating random data to mix in with the data # fetched from the OS. This by itself is not considered to be very strong, but # it may help in cases where the system pool is not initialized properly. # However, it is very strongly recommended that the system pool is initialized # with enough entropy either by using hardware assisted random number # generator or by storing state over device reboots. # # hostapd can be configured to maintain its own entropy store over restarts to # enhance random number generation. This is not perfect, but it is much more # secure than using the same sequence of random numbers after every reboot. # This can be enabled with -e<entropy file> command line option. The specified # file needs to be readable and writable by hostapd. # # If the os_get_random() is known to provide strong random data (e.g., on # Linux/BSD, the board in question is known to have reliable source of random # data from /dev/urandom), the internal hostapd random pool can be disabled. # This will save some in binary size and CPU use. However, this should only be # considered for builds that are known to be used on devices that meet the # requirements described above. #CONFIG_NO_RANDOM_POOL=y # Should we use poll instead of select? Select is used by default. #CONFIG_ELOOP_POLL=y # Should we use epoll instead of select? Select is used by default. #CONFIG_ELOOP_EPOLL=y # Should we use kqueue instead of select? Select is used by default. #CONFIG_ELOOP_KQUEUE=y # Select TLS implementation # openssl = OpenSSL (default) # gnutls = GnuTLS # internal = Internal TLSv1 implementation (experimental) # linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental) # none = Empty template CONFIG_TLS=openssl # TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1) # can be enabled to get a stronger construction of messages when block ciphers # are used. CONFIG_TLSV11=y # TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2) # can be enabled to enable use of stronger crypto algorithms. CONFIG_TLSV12=y # Select which ciphers to use by default with OpenSSL if the user does not # specify them. #CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW" # If CONFIG_TLS=internal is used, additional library and include paths are # needed for LibTomMath. Alternatively, an integrated, minimal version of # LibTomMath can be used. See beginning of libtommath.c for details on benefits # and drawbacks of this option. #CONFIG_INTERNAL_LIBTOMMATH=y #ifndef CONFIG_INTERNAL_LIBTOMMATH #LTM_PATH=/usr/src/libtommath-0.39 #CFLAGS += -I$(LTM_PATH) #LIBS += -L$(LTM_PATH) #LIBS_p += -L$(LTM_PATH) #endif # At the cost of about 4 kB of additional binary size, the internal LibTomMath # can be configured to include faster routines for exptmod, sqr, and div to # speed up DH and RSA calculation considerably #CONFIG_INTERNAL_LIBTOMMATH_FAST=y # Interworking (IEEE 802.11u) # This can be used to enable functionality to improve interworking with # external networks. CONFIG_INTERWORKING=y # Hotspot 2.0 CONFIG_HS20=y # Enable SQLite database support in hlr_auc_gw, EAP-SIM DB, and eap_user_file CONFIG_SQLITE=y # Enable Fast Session Transfer (FST) CONFIG_FST=y # Enable CLI commands for FST testing CONFIG_FST_TEST=y # Testing options # This can be used to enable some testing options (see also the example # configuration file) that are really useful only for testing clients that # connect to this hostapd. These options allow, for example, to drop a # certain percentage of probe requests or auth/(re)assoc frames. # #CONFIG_TESTING_OPTIONS=y # Automatic Channel Selection # This will allow hostapd to pick the channel automatically when channel is set # to "acs_survey" or "0". Eventually, other ACS algorithms can be added in # similar way. # # Automatic selection is currently only done through initialization, later on # we hope to do background checks to keep us moving to more ideal channels as # time goes by. ACS is currently only supported through the nl80211 driver and # your driver must have survey dump capability that is filled by the driver # during scanning. # # You can customize the ACS survey algorithm with the hostapd.conf variable # acs_num_scans. # # Supported ACS drivers: # * ath9k # * ath5k # * ath10k # # For more details refer to: # http://wireless.kernel.org/en/users/Documentation/acs # CONFIG_ACS=y # Multiband Operation support # These extentions facilitate efficient use of multiple frequency bands # available to the AP and the devices that may associate with it. CONFIG_MBO=y # Client Taxonomy # Has the AP retain the Probe Request and (Re)Association Request frames from # a client, from which a signature can be produced which can identify the model # of client device like "Nexus 6P" or "iPhone 5s". #CONFIG_TAXONOMY=y # Fast Initial Link Setup (FILS) (IEEE 802.11ai) # Note: This is an experimental and not yet complete implementation. This # should not be enabled for production use. #CONFIG_FILS=y # FILS shared key authentication with PFS #CONFIG_FILS_SK_PFS=y # Include internal line edit mode in hostapd_cli. This can be used to provide # limited command line editing and history support. CONFIG_WPA_CLI_EDIT=y # Opportunistic Wireless Encryption (OWE) # Experimental implementation of draft-harkins-owe-07.txt #CONFIG_OWE=y # Override default value for the wpa_disable_eapol_key_retries configuration # parameter. See that parameter in hostapd.conf for more details. #CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1 ++++++ hostapd-2.6.tar.gz -> hostapd-2.7.tar.gz ++++++ ++++ 86420 lines of diff (skipped)
