Hello community,
here is the log from the commit of package hostapd.995 for openSUSE:12.1:Update
checked in at 2012-10-19 09:43:59
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:12.1:Update/hostapd.995 (Old)
and /work/SRC/openSUSE:12.1:Update/.hostapd.995.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "hostapd.995", Maintainer is ""
Changes:
--------
New Changes file:
--- /dev/null 2012-08-23 02:41:28.555381587 +0200
+++ /work/SRC/openSUSE:12.1:Update/.hostapd.995.new/hostapd.changes
2012-10-19 09:44:00.000000000 +0200
@@ -0,0 +1,634 @@
+-------------------------------------------------------------------
+Tue Sep 25 07:03:03 UTC 2012 - g...@suse.com
+
+- add hostapd_eap_tls_msg_len_validation.diff to validate the
+ message length of EAP-TLS messages (bnc#781740, CVE-2012-4445)
+
+-------------------------------------------------------------------
+Wed Oct 12 08:46:43 UTC 2011 - lnus...@suse.de
+
+- update to version 0.7.3
+- don't use /tmp for dump file in default config
+- verbose build
+- fix build for older distros
+- enable driver 'none' for radius only mode
+- add init script
+
+-------------------------------------------------------------------
+Fri Sep 30 15:22:48 UTC 2011 - u...@suse.com
+
+- cross-build fix: use %__cc macro
+
+-------------------------------------------------------------------
+Fri Sep 16 12:02:37 UTC 2011 - jeng...@medozas.de
+
+- Select libnl-1_1-devel
+
+-------------------------------------------------------------------
+Sun Oct 31 12:37:02 UTC 2010 - jeng...@medozas.de
+
+- Use %_smp_mflags
+
+-------------------------------------------------------------------
+Wed Jun 9 05:32:08 CEST 2010 - sndir...@suse.de
+
+- udpated to release 0.6.10
+- updated hostapd.dif
+- git-commit-eb1f744.diff:
+ * Move DTIM period configuration into Beacon set operation; fixes
+ "Could not set DTIM period for kernel driver; wlan0: Unable to
+ setup interface.rmdir[ctrl_interface]: No such file or
+ directory" error when using "nl80211" driver
+
+-------------------------------------------------------------------
+Wed Sep 24 00:58:59 CEST 2008 - r...@suse.de
+
+- drop buildreq for madwifi (dropped package)
+
+-------------------------------------------------------------------
+Tue Sep 23 01:14:12 CEST 2008 - r...@suse.de
+
+- updae to version 0.5.10, changes:
+ * fixed EAP-SIM and EAP-AKA message parser to validate attribute
+ lengths properly to avoid potential crash caused by invalid messages
+ * fixed Reassociation Response callback processing when using internal
+ MLME (driver_{hostap,devicescape,test}.c)
+ * fixed EAP-SIM/AKA realm processing to allow decorated usernames to
+ be used
+ * added a workaround for EAP-SIM/AKA peers that include incorrect null
+ termination in the username
+ * fixed EAP-SIM Start response processing for fast reauthentication
+ case
+ * copy optional Proxy-State attributes into RADIUS response when acting
+ as a RADIUS authentication server
+
+- update to version 0.5.9, changes:
+ * updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest
+ draft (draft-ietf-emu-eap-gpsk-07.txt)
+ * fixed debugging code not to use potentially unaligned read to fetch
+ IPv4 addresses
+
+-------------------------------------------------------------------
+Mon Jan 21 14:54:48 CET 2008 - csten...@suse.de
+
+- fixed madwifi include dir (b.n.c #350982)
+
+-------------------------------------------------------------------
+Mon Jul 30 16:57:16 CEST 2007 - j...@suse.de
+
+- update to version 0.5.8, changes:
+ * updated driver_devicescape.c to build with the current
+ wireless-dev.git tree and net/d80211 changes
+ * updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest
+ draft (draft-ietf-emu-eap-gpsk-03.txt)
+ * fixed EAP-MSCHAPv2 server to use a space between S and M parameters
+ in Success Request [Bug 203]
+ * added support for sending EAP-AKA Notifications in error cases
+ * RADIUS server: added support for processing duplicate messages
+ (retransmissions from RADIUS client) by replying with the previous
+ reply
+
+-------------------------------------------------------------------
+Wed Mar 14 17:27:32 CET 2007 - j...@suse.de
+
+- split off hostapd in its own package
+- update to version 0.5.7, changes (shortened):
+ * fixed EAP-PSK bit ordering of the Flags field
+ * fixed configuration reloading (SIGHUP) to re-initialize WPA PSKs
+ * fixed IPv6 connection to RADIUS accounting server
+ * added support for configuring and controlling multiple BSSes per
+ radio interface (bss=<ifname> in hostapd.conf)
+ * added support for dynamic VLAN configuration
+ * driver_madwifi: fixed configuration of unencrypted modes
+ * added preliminary implementation of IEEE 802.11w/D1.0 (management
+ frame protection)
+ * fixed session timeout processing with drivers that do not use
+ ieee802_11.c (e.g., madwifi)
+ * added 'hostapd_cli new_sta <addr>' command for adding a new STA
+ into hostapd
+ * fixed hostapd to add PMKID KDE into 4-Way Handshake Message 1
+ when using WPA2 even if PMKSA caching is not used
+ * added -P<pid file> argument for hostapd to write the current
+ process id into a file
+ * added support for RADIUS Authentication Server MIB (RFC 2619)
+ * added support for EAP Generalized Pre-Shared Key
+ * fixed a segmentation fault when RSN pre-authentication was
+ completed successfully
+ * added support for EAP-SAKE
+ * driver_madwifi: added support for getting station RSN IE from
+ madwifi-ng svn r1453 and newer
+ * fixed WPA message 3/4 not to encrypt Key Data field (WPA IE)
+ * added ap_max_inactivity configuration parameter
+ * added support for EAP expanded type (vendor specific EAP methods)
+ * added support for using EAP-SIM pseudonyms and fast re-authentication
+ * added support for EAP-AKA in the integrated EAP authenticator
+
+-------------------------------------------------------------------
+Mon Sep 18 14:13:31 CEST 2006 - j...@suse.de
+
+- hostap-utils: Fixed usage of uninitialised variable (bug 184410)
+- hostapd: Update to version 0.4.9, changes:
+ * added a new configuration option, eapol_version, that can be
+ used to set EAPOL version to 1 (default is 2) to work around
+ broken client implementations that drop EAPOL frames which use
+ version number 2 [Bug 89]
+ * fixed EAP-MSCHAPv2 message length validation
+ * fixed stdarg use in hostapd_logger(): if both stdout and syslog
+ logging was enabled, hostapd could trigger a segmentation fault
+ in vsyslog on some CPU -- C library combinations
+
+-------------------------------------------------------------------
+Sun Feb 5 19:37:30 CET 2006 - r...@suse.de
+
+- use madwifi-devel in BuildRequires
+
+-------------------------------------------------------------------
+Sun Feb 5 17:09:48 CET 2006 - a...@suse.de
+
+- Remove BuildRequires on km_wlan.
+
+-------------------------------------------------------------------
+Wed Jan 25 21:36:28 CET 2006 - m...@suse.de
+
+- converted neededforbuild to BuildRequires
+
+-------------------------------------------------------------------
+Mon Nov 21 14:00:48 CET 2005 - j...@suse.de
+
+- hostapd: update to 0.4.7, changes:
+ * driver_wired: fixed EAPOL sending to optionally use PAE group
+ address as the destination instead of supplicant MAC address
+ * driver_madwifi: configure driver to use TKIP countermeasures in
+ order to get correct behavior
+ * driver_madwifi: added support for madwifi-ng
+- hostapd: remove obsolete madwifi patch
+- hostapd: updated config file
+- hostap-utils: update to 0.4.7 (no changes)
+- use %{jobs}
+
+-------------------------------------------------------------------
+Tue Nov 8 15:28:33 CET 2005 - j...@suse.de
+
+- do not build as root
+
+-------------------------------------------------------------------
+Fri Nov 4 17:51:44 CET 2005 - j...@suse.de
+
+- hostapd, update to 0.4.6, changes:
+ * added support for replacing user identity from EAP with RADIUS
+ User-Name attribute from Access-Accept message, if that is included,
+ for the RADIUS accounting messages (e.g., for EAP-PEAP/TTLS to get
+ tunneled identity into accounting messages when the RADIUS server
+ does not support better way of doing this with Class attribute)
+ * driver_madwifi: fixed EAPOL packet receive for configuration where
+ ath# is part of a bridge interface
+ * added a configuration file and log analyzer script for logwatch
+ * fixed EAPOL state machine step function to process all state
+ transitions before processing new events; this resolves a race
+ condition in which EAPOL-Start message could trigger hostapd to send
+ two EAP-Response/Identity frames to the authentication server
+- hostapd: added support for madwifi-ng
+- removed hostap-driver, is part of the kernel now
+
+-------------------------------------------------------------------
+Thu Oct 13 16:29:17 CEST 2005 - j...@suse.de
+
+- hostapd: update to 0.4.5, changes (shortened):
+ * added client CA list to the TLS certificate request in order to
++++ 437 more lines (skipped)
++++ between /dev/null
++++ and /work/SRC/openSUSE:12.1:Update/.hostapd.995.new/hostapd.changes
New:
----
hostapd-0.7.3.tar.gz
hostapd-tmp.diff
hostapd.changes
hostapd.dif
hostapd.init
hostapd.spec
hostapd_eap_tls_msg_len_validation.diff
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ hostapd.spec ++++++
#
# spec file for package hostapd
#
# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Name: hostapd
%if 0%{?suse_version} > 1140
BuildRequires: libnl-1_1-devel
%else
BuildRequires: libnl-devel
%endif
BuildRequires: openssl-devel
Summary: Turns Your WLAN Card into a WPA capable Access Point
License: BSD-3-Clause ; GPL-2.0+
Group: Hardware/Wifi
Version: 0.7.3
Release: 0
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Url: http://hostap.epitest.fi/
PreReq: %insserv_prereq
Source: http://hostap.epitest.fi/releases/hostapd-%{version}.tar.gz
Source1: hostapd.init
Patch: hostapd.dif
Patch1: hostapd-tmp.diff
Patch2: hostapd_eap_tls_msg_len_validation.diff
%description
hostapd is a user space daemon for access point and authentication
servers. It implements IEEE 802.11 access point management, IEEE
802.1X/WPA/WPA2/EAP Authenticators, RADIUS client, EAP server, and
RADIUS authentication server. Currently, hostapd supports HostAP,
madwifi, and prism54 drivers. It also supports wired IEEE 802.1X
authentication via any ethernet driver.
Authors:
--------
Jouni Malinen <jkmal...@cc.hut.fi>
%prep
%setup -n hostapd-%{version}
%patch -p1
%patch1 -p1
%patch2 -p1
cd hostapd
cp defconfig .config
%build
cd hostapd
CFLAGS="$RPM_OPT_FLAGS" CC="%{__cc}" make %{?_smp_mflags} V=1
%install
cd hostapd
mkdir -p %{buildroot}/%{_sbindir}
mkdir %{buildroot}/etc
mkdir -p %{buildroot}/%{_mandir}/man8
install -m 755 hostapd %{buildroot}/%{_sbindir}
install -D -m 755 %{SOURCE1} %{buildroot}/etc/init.d/hostapd
ln -s /etc/init.d/hostapd %{buildroot}/%{_sbindir}/rchostapd
install -m 755 hostapd_cli %{buildroot}/%{_sbindir}
install -m 644 hostapd.conf %{buildroot}/etc
install -m 644 hostapd.accept %{buildroot}/etc
install -m 644 hostapd.deny %{buildroot}/etc
install -m 644 hostapd.eap_user %{buildroot}/etc
install -m 644 hostapd.radius_clients %{buildroot}/etc
install -m 644 hostapd.sim_db %{buildroot}/etc
install -m 644 hostapd.vlan %{buildroot}/etc
install -m 644 hostapd.wpa_psk %{buildroot}/etc
install -m 644 hostapd.8 %{buildroot}/%{_mandir}/man8
%post
%insserv_cleanup
%preun
%{stop_on_removal hostapd}
%postun
%{restart_on_update hostapd}
%insserv_cleanup
%clean
rm -rf $RPM_BUILD_ROOT
%files
%defattr(-,root,root)
%config(noreplace) /etc/*
/etc/init.d/hostapd
%{_sbindir}/*
%doc hostapd/ChangeLog COPYING hostapd/README hostapd/wired.conf
hostapd/hostapd.conf
%doc %{_mandir}/man8/*
%changelog
++++++ hostapd-tmp.diff ++++++
Index: hostapd-0.7.3/hostapd/hostapd.conf
===================================================================
--- hostapd-0.7.3.orig/hostapd/hostapd.conf
+++ hostapd-0.7.3/hostapd/hostapd.conf
@@ -52,7 +52,7 @@ logger_stdout=-1
logger_stdout_level=2
# Dump file for state information (on SIGUSR1)
-dump_file=/tmp/hostapd.dump
+dump_file=/var/run/hostapd.dump
# Interface for separate control program. If this is specified, hostapd
# will create this directory and a UNIX domain socket for listening to requests
++++++ hostapd.dif ++++++
Index: hostapd-0.7.3/hostapd/defconfig
===================================================================
--- hostapd-0.7.3.orig/hostapd/defconfig
+++ hostapd-0.7.3/hostapd/defconfig
@@ -13,14 +13,14 @@
CONFIG_DRIVER_HOSTAP=y
# Driver interface for wired authenticator
-#CONFIG_DRIVER_WIRED=y
+CONFIG_DRIVER_WIRED=y
# Driver interface for madwifi driver
#CONFIG_DRIVER_MADWIFI=y
#CFLAGS += -I../../madwifi # change to the madwifi source directory
# Driver interface for drivers using the nl80211 kernel interface
-#CONFIG_DRIVER_NL80211=y
+CONFIG_DRIVER_NL80211=y
# driver_nl80211.c requires a rather new libnl (version 1.1) which may not be
# shipped with your distribution yet. If that is the case, you need to build
# newer libnl version and point the hostapd build to use it.
@@ -36,7 +36,7 @@ CONFIG_DRIVER_HOSTAP=y
#LIBS_c += -L/usr/local/lib
# Driver interface for no driver (e.g., RADIUS server only)
-#CONFIG_DRIVER_NONE=y
+CONFIG_DRIVER_NONE=y
# IEEE 802.11F/IAPP
CONFIG_IAPP=y
@@ -75,7 +75,7 @@ CONFIG_EAP_GTC=y
CONFIG_EAP_TTLS=y
# EAP-SIM for the integrated EAP server
-#CONFIG_EAP_SIM=y
+CONFIG_EAP_SIM=y
# EAP-AKA for the integrated EAP server
#CONFIG_EAP_AKA=y
@@ -85,10 +85,10 @@ CONFIG_EAP_TTLS=y
#CONFIG_EAP_AKA_PRIME=y
# EAP-PAX for the integrated EAP server
-#CONFIG_EAP_PAX=y
+CONFIG_EAP_PAX=y
# EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK)
-#CONFIG_EAP_PSK=y
+CONFIG_EAP_PSK=y
# EAP-SAKE for the integrated EAP server
#CONFIG_EAP_SAKE=y
@@ -122,7 +122,7 @@ CONFIG_PKCS12=y
# RADIUS authentication server. This provides access to the integrated EAP
# server from external hosts using RADIUS.
-#CONFIG_RADIUS_SERVER=y
+CONFIG_RADIUS_SERVER=y
# Build IPv6 support for RADIUS operations
CONFIG_IPV6=y
@@ -135,7 +135,7 @@ CONFIG_IPV6=y
#CONFIG_DRIVER_RADIUS_ACL=y
# IEEE 802.11n (High Throughput) support
-#CONFIG_IEEE80211N=y
+CONFIG_IEEE80211N=y
# Remove debugging code that is printing out debug messages to stdout.
# This can be used to reduce the size of the hostapd considerably if debugging
++++++ hostapd.init ++++++
#!/bin/sh
#
# SUSE system startup script for hostapd
# Copyright (C) 1995--2005 Kurt Garloff, SUSE / Novell Inc.
# Copyright (C) 2011 SUSE Linux Products GmbH
#
# This library is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or (at
# your option) any later version.
#
# This library is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307,
# USA.
#
# /etc/init.d/hostapd
# and its symbolic link
# /usr/sbin/rchostapd
#
### BEGIN INIT INFO
# Provides: hostapd
# Required-Start: $syslog $remote_fs
# Required-Stop: $syslog $remote_fs
# Default-Start: 3 5
# Default-Stop: 0 1 2 6
# Short-Description: hostap deamon
# Description: IEEE 802.11 access point and authenticator
### END INIT INFO
HOSTAPD_BIN=/usr/sbin/hostapd
HOSTAPD_PID=/var/run/hostapd.pid
HOSTAPD_ARGS="-B -P $HOSTAPD_PID"
HOSTAPD_CONF=/etc/hostapd.conf
sysconf=/etc/sysconfig/hostapd
if [ -e $sysconf ]; then
. $sysconf
fi
. /etc/rc.status
rc_reset
case "$1" in
start)
echo -n "Starting hostapd "
/sbin/start_daemon -p $HOSTAPD_PID $HOSTAPD_BIN $HOSTAPD_ARGS
$HOSTAPD_CONF
rc_status -v
;;
stop)
echo -n "Shutting down hostapd "
/sbin/killproc $HOSTAPD_BIN
rc_status -v
;;
try-restart|condrestart)
$0 status
if test $? = 0; then
$0 restart
else
rc_reset
fi
rc_status
;;
restart)
$0 stop
$0 start
rc_status
;;
force-reload)
echo -n "Reload service hostapd "
/sbin/killproc -HUP $HOSTAPD_BIN
touch $HOSTAPD_PID
rc_status -v
;;
reload)
echo -n "Reload service hostapd "
/sbin/killproc -HUP $HOSTAPD_BIN
touch $HOSTAPD_PID
rc_status -v
;;
status)
echo -n "Checking for service hostapd "
/sbin/checkproc $HOSTAPD_BIN
rc_status -v
;;
probe)
test $HOSTAPD_CONF -nt $HOSTAPD_PID && echo reload
;;
*)
echo "Usage: $0
{start|stop|status|try-restart|restart|force-reload|reload|probe}"
exit 1
;;
esac
rc_exit
++++++ hostapd_eap_tls_msg_len_validation.diff ++++++
---
src/eap_server/eap_server_tls_common.c | 8 ++++++++
1 file changed, 8 insertions(+)
--- a/src/eap_server/eap_server_tls_common.c
+++ b/src/eap_server/eap_server_tls_common.c
@@ -224,6 +224,14 @@ static int eap_server_tls_process_fragme
return -1;
}
+ if (len > message_length) {
+ wpa_printf(MSG_INFO, "SSL: Too much data (%d bytes) in "
+ "first fragment of frame (TLS Message "
+ "Length %d bytes)",
+ (int) len, (int) message_length);
+ return -1;
+ }
+
data->tls_in = wpabuf_alloc(message_length);
if (data->tls_in == NULL) {
wpa_printf(MSG_DEBUG, "SSL: No memory for message");
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
