commit wpa_supplicant for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package wpa_supplicant for openSUSE:Factory 
checked in at 2020-11-02 09:40:26

Comparing /work/SRC/openSUSE:Factory/wpa_supplicant (Old)
 and  /work/SRC/openSUSE:Factory/.wpa_supplicant.new.3463 (New)


Package is "wpa_supplicant"

Mon Nov  2 09:40:26 2020 rev:84 rq:844881 version:2.9

Changes:

--- /work/SRC/openSUSE:Factory/wpa_supplicant/wpa_supplicant.changes
2020-10-29 09:21:46.278656980 +0100
+++ /work/SRC/openSUSE:Factory/.wpa_supplicant.new.3463/wpa_supplicant.changes  
2020-11-02 09:40:33.949619854 +0100
@@ -92 +92 @@
-   [https://w1.fi/security/2019-1/] (CVE-2019-9494)
+   [https://w1.fi/security/2019-1/] (CVE-2019-9494, bsc#1131868)
@@ -95 +95 @@
-   [https://w1.fi/security/2019-2/] (CVE-2019-9495)
+   [https://w1.fi/security/2019-2/] (CVE-2019-9495, bsc#1131870)
@@ -97 +97,2 @@
-   [https://w1.fi/security/2019-4/] (CVE-2019-9497, CVE-2019-9498, 
CVE-2019-9499)
+   [https://w1.fi/security/2019-4/] (CVE-2019-9497, CVE-2019-9498,
+   CVE-2019-9499, bsc#1131874, bsc#1131872, bsc#1131871, bsc#1131644)
@@ -99 +100 @@
-   [https://w1.fi/security/2019-5/] (CVE-2019-11555)
+   [https://w1.fi/security/2019-5/] (CVE-2019-11555, bsc#1133640)
@@ -105 +106 @@
-   [https://w1.fi/security/2019-6/] (CVE-2019-13377)
+   [https://w1.fi/security/2019-6/] (CVE-2019-13377, bsc#113)



Other differences:
--
++ wpa_supplicant.service ++
--- /var/tmp/diff_new_pack.Y6HkI9/_old  2020-11-02 09:40:34.901620767 +0100
+++ /var/tmp/diff_new_pack.Y6HkI9/_new  2020-11-02 09:40:34.901620767 +0100
@@ -1,7 +1,7 @@
 [Unit]
 Description=WPA Supplicant daemon
 After=dbus.service
-Before=network-pre.target 
+Before=network-pre.target
 Wants=network-pre.target
 
 [Service]

commit wpa_supplicant for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package wpa_supplicant for openSUSE:Factory 
checked in at 2020-10-29 09:21:41

Comparing /work/SRC/openSUSE:Factory/wpa_supplicant (Old)
 and  /work/SRC/openSUSE:Factory/.wpa_supplicant.new.3463 (New)


Package is "wpa_supplicant"

Thu Oct 29 09:21:41 2020 rev:83 rq:844643 version:2.9

Changes:

--- /work/SRC/openSUSE:Factory/wpa_supplicant/wpa_supplicant.changes
2020-10-13 15:32:58.516973023 +0200
+++ /work/SRC/openSUSE:Factory/.wpa_supplicant.new.3463/wpa_supplicant.changes  
2020-10-29 09:21:46.278656980 +0100
@@ -97 +97 @@
-   [https://w1.fi/security/2019-4/] (CVE-2019-9499)
+   [https://w1.fi/security/2019-4/] (CVE-2019-9497, CVE-2019-9498, 
CVE-2019-9499)
@@ -99 +99 @@
-   [https://w1.fi/security/2019-5/]
+   [https://w1.fi/security/2019-5/] (CVE-2019-11555)
@@ -103,0 +104,2 @@
+ - SAE/EAP-pwd side-channel attack update
+   [https://w1.fi/security/2019-6/] (CVE-2019-13377)
@@ -547 +549 @@
-[http://w1.fi/security/2015-5/]
+[http://w1.fi/security/2015-5/] (CVE-2015-8041)
@@ -602 +604 @@
-- added patch for bnc#930077
+- added patch for bnc#930077 CVE-2015-4141
@@ -604 +606 @@
-- added patch for bnc#930078
+- added patch for bnc#930078 CVE-2015-4142
@@ -606 +608 @@
-- added patches for bnc#930079
+- added patches for bnc#930079 CVE-2015-4143



Other differences:
--

commit wpa_supplicant for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package wpa_supplicant for openSUSE:Factory 
checked in at 2020-10-13 15:32:46

Comparing /work/SRC/openSUSE:Factory/wpa_supplicant (Old)
 and  /work/SRC/openSUSE:Factory/.wpa_supplicant.new.3486 (New)


Package is "wpa_supplicant"

Tue Oct 13 15:32:46 2020 rev:82 rq:841440 version:2.9

Changes:

--- /work/SRC/openSUSE:Factory/wpa_supplicant/wpa_supplicant.changes
2020-10-08 13:10:52.923101699 +0200
+++ /work/SRC/openSUSE:Factory/.wpa_supplicant.new.3486/wpa_supplicant.changes  
2020-10-13 15:32:58.516973023 +0200
@@ -40,0 +41,5 @@
+Fri Feb 28 12:42:14 UTC 2020 - Tomáš Chvátal 
+
+- Adjust the service to start after network.target wrt bsc#1165266
+
+---



Other differences:
--

commit wpa_supplicant for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package wpa_supplicant for openSUSE:Factory 
checked in at 2020-10-08 13:09:48

Comparing /work/SRC/openSUSE:Factory/wpa_supplicant (Old)
 and  /work/SRC/openSUSE:Factory/.wpa_supplicant.new.4249 (New)


Package is "wpa_supplicant"

Thu Oct  8 13:09:48 2020 rev:81 rq:839970 version:2.9

Changes:

--- /work/SRC/openSUSE:Factory/wpa_supplicant/wpa_supplicant.changes
2020-09-25 16:21:35.347362019 +0200
+++ /work/SRC/openSUSE:Factory/.wpa_supplicant.new.4249/wpa_supplicant.changes  
2020-10-08 13:10:52.923101699 +0200
@@ -1,0 +2,6 @@
+Tue Oct  6 15:20:18 UTC 2020 - Florian 
+
+- Add wpa_supplicant-p2p_iname_size.diff -- Limit P2P_DEVICE name to 
appropriate ifname size
+  
(https://patchwork.ozlabs.org/project/hostap/patch/20200825062902.124600-1-benja...@sipsolutions.net/)
+
+---

New:

  wpa_supplicant-p2p_iname_size.diff



Other differences:
--
++ wpa_supplicant.spec ++
--- /var/tmp/diff_new_pack.OZDmYP/_old  2020-10-08 13:10:53.851102539 +0200
+++ /var/tmp/diff_new_pack.OZDmYP/_new  2020-10-08 13:10:53.855102543 +0200
@@ -41,6 +41,7 @@
 Patch5: wpa_supplicant-dump-certificate-as-PEM-in-debug-mode.diff
 Patch6: restore-old-dbus-interface.patch
 Patch7: CVE-2019-16275.patch
+Patch8: wpa_supplicant-p2p_iname_size.diff
 BuildRequires:  pkgconfig
 BuildRequires:  readline-devel
 BuildRequires:  systemd-rpm-macros

++ wpa_supplicant-p2p_iname_size.diff ++
diff --git a/wpa_supplicant/p2p_supplicant.c b/wpa_supplicant/p2p_supplicant.c
index e94bffe52..17c25889c 100644
--- a/wpa_supplicant/p2p_supplicant.c
+++ b/wpa_supplicant/p2p_supplicant.c
@@ -3929,6 +3929,10 @@ int wpas_p2p_add_p2pdev_interface(struct wpa_supplicant 
*wpa_s,
  wpa_s->ifname);
if (os_snprintf_error(sizeof(ifname), ret))
return -1;
+   /* Cut length at the maximum size. Note that we don't need to ensure
+* collision free names here as the created interface is not a netdev.
+*/
+   ifname[IFNAMSIZ-1] = '\0';
force_name[0] = '\0';
wpa_s->pending_interface_type = WPA_IF_P2P_DEVICE;
ret = wpa_drv_if_add(wpa_s, WPA_IF_P2P_DEVICE, ifname, NULL, NULL,

commit wpa_supplicant for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package wpa_supplicant for openSUSE:Factory 
checked in at 2020-09-25 16:21:07

Comparing /work/SRC/openSUSE:Factory/wpa_supplicant (Old)
 and  /work/SRC/openSUSE:Factory/.wpa_supplicant.new.4249 (New)


Package is "wpa_supplicant"

Fri Sep 25 16:21:07 2020 rev:80 rq:836233 version:2.9

Changes:

--- /work/SRC/openSUSE:Factory/wpa_supplicant/wpa_supplicant.changes
2020-04-27 23:30:55.994651315 +0200
+++ /work/SRC/openSUSE:Factory/.wpa_supplicant.new.4249/wpa_supplicant.changes  
2020-09-25 16:21:35.347362019 +0200
@@ -1,0 +2,10 @@
+Tue Sep 22 13:06:32 UTC 2020 - Clemens Famulla-Conrad 
+
+- Fix spec file for SLE12, use make %{?_smp_mflags} instead of %make_build
+
+---
+Tue Sep 22 08:29:15 UTC 2020 - Jonathan Kang 
+
+- Enable SAE support(jsc#SLE-14992).
+
+---



Other differences:
--
++ wpa_supplicant.spec ++
--- /var/tmp/diff_new_pack.sZN6kD/_old  2020-09-25 16:21:36.179362756 +0200
+++ /var/tmp/diff_new_pack.sZN6kD/_new  2020-09-25 16:21:36.183362759 +0200
@@ -77,7 +77,7 @@
 CFLAGS="%{optflags}" make V=1 %{?_smp_mflags} eapol_test
 cd wpa_gui-qt4
 %qmake5
-%make_build
+make %{?_smp_mflags}
 
 %install
 install -d %{buildroot}/%{_sbindir}

++ config ++
--- /var/tmp/diff_new_pack.sZN6kD/_old  2020-09-25 16:21:36.219362791 +0200
+++ /var/tmp/diff_new_pack.sZN6kD/_new  2020-09-25 16:21:36.219362791 +0200
@@ -501,3 +501,6 @@
 
 # Enable RSN IBSS/AdHoc
 CONFIG_IBSS_RSN=y
+
+# Enable SAE support
+CONFIG_SAE=y

commit wpa_supplicant for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package wpa_supplicant for openSUSE:Factory 
checked in at 2020-04-27 23:30:40

Comparing /work/SRC/openSUSE:Factory/wpa_supplicant (Old)
 and  /work/SRC/openSUSE:Factory/.wpa_supplicant.new.2738 (New)


Package is "wpa_supplicant"

Mon Apr 27 23:30:40 2020 rev:79 rq:797131 version:2.9

Changes:

--- /work/SRC/openSUSE:Factory/wpa_supplicant/wpa_supplicant.changes
2020-04-23 18:29:21.871964558 +0200
+++ /work/SRC/openSUSE:Factory/.wpa_supplicant.new.2738/wpa_supplicant.changes  
2020-04-27 23:30:55.994651315 +0200
@@ -1,0 +2,6 @@
+Thu Apr 23 21:51:17 UTC 2020 - Clemens Famulla-Conrad 
+
+- Add CVE-2019-16275.patch -- AP mode PMF disconnection protection bypass
+  (bsc#1150934)
+
+---

New:

  CVE-2019-16275.patch



Other differences:
--
++ wpa_supplicant.spec ++
--- /var/tmp/diff_new_pack.DgWW5e/_old  2020-04-27 23:30:56.846652977 +0200
+++ /var/tmp/diff_new_pack.DgWW5e/_new  2020-04-27 23:30:56.850652986 +0200
@@ -40,6 +40,7 @@
 Patch4: wpa_supplicant-getrandom.patch
 Patch5: wpa_supplicant-dump-certificate-as-PEM-in-debug-mode.diff
 Patch6: restore-old-dbus-interface.patch
+Patch7: CVE-2019-16275.patch
 BuildRequires:  pkgconfig
 BuildRequires:  readline-devel
 BuildRequires:  systemd-rpm-macros

++ CVE-2019-16275.patch ++
>From 8c07fa9eda13e835f3f968b2e1c9a8be3a851ff9 Mon Sep 17 00:00:00 2001
From: Jouni Malinen 
Date: Thu, 29 Aug 2019 11:52:04 +0300
Subject: [PATCH] AP: Silently ignore management frame from unexpected source
 address

Do not process any received Management frames with unexpected/invalid SA
so that we do not add any state for unexpected STA addresses or end up
sending out frames to unexpected destination. This prevents unexpected
sequences where an unprotected frame might end up causing the AP to send
out a response to another device and that other device processing the
unexpected response.

In particular, this prevents some potential denial of service cases
where the unexpected response frame from the AP might result in a
connected station dropping its association.

Signed-off-by: Jouni Malinen 
---
 src/ap/drv_callbacks.c | 13 +
 src/ap/ieee802_11.c| 12 
 2 files changed, 25 insertions(+)

diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c
index 31587685fe3b..34ca379edc3d 100644
--- a/src/ap/drv_callbacks.c
+++ b/src/ap/drv_callbacks.c
@@ -131,6 +131,19 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const 
u8 *addr,
   "hostapd_notif_assoc: Skip event with no address");
return -1;
}
+
+   if (is_multicast_ether_addr(addr) ||
+   is_zero_ether_addr(addr) ||
+   os_memcmp(addr, hapd->own_addr, ETH_ALEN) == 0) {
+   /* Do not process any frames with unexpected/invalid SA so that
+* we do not add any state for unexpected STA addresses or end
+* up sending out frames to unexpected destination. */
+   wpa_printf(MSG_DEBUG, "%s: Invalid SA=" MACSTR
+  " in received indication - ignore this indication 
silently",
+  __func__, MAC2STR(addr));
+   return 0;
+   }
+
random_add_randomness(addr, ETH_ALEN);
 
hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,
diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index c85a28db44b7..e7065372e158 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -4626,6 +4626,18 @@ int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 
*buf, size_t len,
fc = le_to_host16(mgmt->frame_control);
stype = WLAN_FC_GET_STYPE(fc);
 
+   if (is_multicast_ether_addr(mgmt->sa) ||
+   is_zero_ether_addr(mgmt->sa) ||
+   os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) {
+   /* Do not process any frames with unexpected/invalid SA so that
+* we do not add any state for unexpected STA addresses or end
+* up sending out frames to unexpected destination. */
+   wpa_printf(MSG_DEBUG, "MGMT: Invalid SA=" MACSTR
+  " in received frame - ignore this frame silently",
+  MAC2STR(mgmt->sa));
+   return 0;
+   }
+
if (stype == WLAN_FC_STYPE_BEACON) {
handle_beacon(hapd, mgmt, len, fi);
return 1;
-- 
2.20.1

commit wpa_supplicant for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package wpa_supplicant for openSUSE:Factory 
checked in at 2020-04-23 18:29:10

Comparing /work/SRC/openSUSE:Factory/wpa_supplicant (Old)
 and  /work/SRC/openSUSE:Factory/.wpa_supplicant.new.2738 (New)


Package is "wpa_supplicant"

Thu Apr 23 18:29:10 2020 rev:78 rq:796019 version:2.9

Changes:

--- /work/SRC/openSUSE:Factory/wpa_supplicant/wpa_supplicant.changes
2020-04-04 12:18:09.247558620 +0200
+++ /work/SRC/openSUSE:Factory/.wpa_supplicant.new.2738/wpa_supplicant.changes  
2020-04-23 18:29:21.871964558 +0200
@@ -1,0 +2,6 @@
+Fri Apr 17 08:37:34 UTC 2020 - Bernhard Wiedemann 
+
+- Add restore-old-dbus-interface.patch to fix wicked wlan (boo#1156920)
+- Restore fi.epitest.hostap.WPASupplicant.service (bsc#1167331)
+
+---

New:

  fi.epitest.hostap.WPASupplicant.service
  restore-old-dbus-interface.patch



Other differences:
--
++ wpa_supplicant.spec ++
--- /var/tmp/diff_new_pack.7rMK0a/_old  2020-04-23 18:29:23.355967397 +0200
+++ /var/tmp/diff_new_pack.7rMK0a/_new  2020-04-23 18:29:23.355967397 +0200
@@ -25,6 +25,7 @@
 Source0:https://w1.fi/releases/%{name}-%{version}.tar.gz
 Source1:config
 Source2:%{name}.conf
+Source3:fi.epitest.hostap.WPASupplicant.service
 Source4:logrotate.wpa_supplicant
 Source5:fi.w1.wpa_supplicant1.service
 Source6:wpa_supplicant.service
@@ -38,6 +39,7 @@
 Patch3: wpa_supplicant-alloc_size.patch
 Patch4: wpa_supplicant-getrandom.patch
 Patch5: wpa_supplicant-dump-certificate-as-PEM-in-debug-mode.diff
+Patch6: restore-old-dbus-interface.patch
 BuildRequires:  pkgconfig
 BuildRequires:  readline-devel
 BuildRequires:  systemd-rpm-macros
@@ -87,6 +89,7 @@
 install -d %{buildroot}/%{_sysconfdir}/%{name}
 install -m 0600 %{SOURCE2} %{buildroot}/%{_sysconfdir}/%{name}
 install -d %{buildroot}/%{_datadir}/dbus-1/system-services
+install -m 0644 %{SOURCE3} %{buildroot}/%{_datadir}/dbus-1/system-services
 install -m 0644 %{SOURCE5} %{buildroot}/%{_datadir}/dbus-1/system-services
 install -d %{buildroot}/%{_sysconfdir}/logrotate.d/
 install -m 644 %{SOURCE4} 
%{buildroot}/%{_sysconfdir}/logrotate.d/wpa_supplicant
@@ -104,6 +107,7 @@
 # avoid spurious dependency on /usr/bin/python
 chmod -x wpa_supplicant/examples/*.py
 # dbus auto activation boo#966535
+ln -s wpa_supplicant.service 
%{buildroot}%{_unitdir}/dbus-fi.epitest.hostap.WPASupplicant.service
 ln -s wpa_supplicant.service 
%{buildroot}%{_unitdir}/dbus-fi.w1.wpa_supplicant1.service
 
 %pre
@@ -134,6 +138,7 @@
 %ghost %{_rundir}/%{name}
 %{_unitdir}/wpa_supplicant.service
 %{_unitdir}/wpa_supplicant@.service
+%{_unitdir}/dbus-fi.epitest.hostap.WPASupplicant.service
 %{_unitdir}/dbus-fi.w1.wpa_supplicant1.service
 %dir %{_sysconfdir}/%{name}
 %{_mandir}/man8/*

++ fi.epitest.hostap.WPASupplicant.service ++
[D-BUS Service]
Name=fi.epitest.hostap.WPASupplicant
Exec=/usr/sbin/wpa_supplicant -c /etc/wpa_supplicant/wpa_supplicant.conf -u -t 
-f /var/log/wpa_supplicant.log
User=root
SystemdService=wpa_supplicant.service
++ restore-old-dbus-interface.patch ++
 3180 lines (skipped)

commit wpa_supplicant for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package wpa_supplicant for openSUSE:Factory 
checked in at 2020-04-04 12:18:07

Comparing /work/SRC/openSUSE:Factory/wpa_supplicant (Old)
 and  /work/SRC/openSUSE:Factory/.wpa_supplicant.new.3248 (New)


Package is "wpa_supplicant"

Sat Apr  4 12:18:07 2020 rev:77 rq:789823 version:2.9

Changes:

--- /work/SRC/openSUSE:Factory/wpa_supplicant/wpa_supplicant.changes
2019-11-11 12:57:38.505515671 +0100
+++ /work/SRC/openSUSE:Factory/.wpa_supplicant.new.3248/wpa_supplicant.changes  
2020-04-04 12:18:09.247558620 +0200
@@ -1,0 +2,11 @@
+Thu Mar 26 16:03:38 UTC 2020 - Clemens Famulla-Conrad 
+
+- With v2.9 fi.epitest.hostap.WPASupplicant.service is obsolete (bsc#1167331)
+
+---
+Thu Mar 26 10:02:31 UTC 2020 - Илья Индиго 
+
+- Change wpa_supplicant.service to ensure wpa_supplicant gets started before
+  network. Fix WLAN config on boot with wicked. (boo#1166933)
+
+---

Old:

  fi.epitest.hostap.WPASupplicant.service



Other differences:
--
++ wpa_supplicant.spec ++
--- /var/tmp/diff_new_pack.3REf9Y/_old  2020-04-04 12:18:11.731560754 +0200
+++ /var/tmp/diff_new_pack.3REf9Y/_new  2020-04-04 12:18:11.735560758 +0200
@@ -1,7 +1,7 @@
 #
 # spec file for package wpa_supplicant
 #
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -25,7 +25,6 @@
 Source0:https://w1.fi/releases/%{name}-%{version}.tar.gz
 Source1:config
 Source2:%{name}.conf
-Source3:fi.epitest.hostap.WPASupplicant.service
 Source4:logrotate.wpa_supplicant
 Source5:fi.w1.wpa_supplicant1.service
 Source6:wpa_supplicant.service
@@ -88,7 +87,6 @@
 install -d %{buildroot}/%{_sysconfdir}/%{name}
 install -m 0600 %{SOURCE2} %{buildroot}/%{_sysconfdir}/%{name}
 install -d %{buildroot}/%{_datadir}/dbus-1/system-services
-install -m 0644 %{SOURCE3} %{buildroot}/%{_datadir}/dbus-1/system-services
 install -m 0644 %{SOURCE5} %{buildroot}/%{_datadir}/dbus-1/system-services
 install -d %{buildroot}/%{_sysconfdir}/logrotate.d/
 install -m 644 %{SOURCE4} 
%{buildroot}/%{_sysconfdir}/logrotate.d/wpa_supplicant
@@ -106,7 +104,6 @@
 # avoid spurious dependency on /usr/bin/python
 chmod -x wpa_supplicant/examples/*.py
 # dbus auto activation boo#966535
-ln -s wpa_supplicant.service 
%{buildroot}%{_unitdir}/dbus-fi.epitest.hostap.WPASupplicant.service
 ln -s wpa_supplicant.service 
%{buildroot}%{_unitdir}/dbus-fi.w1.wpa_supplicant1.service
 
 %pre
@@ -137,7 +134,6 @@
 %ghost %{_rundir}/%{name}
 %{_unitdir}/wpa_supplicant.service
 %{_unitdir}/wpa_supplicant@.service
-%{_unitdir}/dbus-fi.epitest.hostap.WPASupplicant.service
 %{_unitdir}/dbus-fi.w1.wpa_supplicant1.service
 %dir %{_sysconfdir}/%{name}
 %{_mandir}/man8/*

++ wpa_supplicant.service ++
--- /var/tmp/diff_new_pack.3REf9Y/_old  2020-04-04 12:18:11.843560851 +0200
+++ /var/tmp/diff_new_pack.3REf9Y/_new  2020-04-04 12:18:11.847560854 +0200
@@ -1,6 +1,8 @@
 [Unit]
 Description=WPA Supplicant daemon
-After=dbus.service network.target
+After=dbus.service
+Before=network-pre.target 
+Wants=network-pre.target
 
 [Service]
 Type=dbus

commit wpa_supplicant for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package wpa_supplicant for openSUSE:Factory 
checked in at 2019-11-11 12:57:37

Comparing /work/SRC/openSUSE:Factory/wpa_supplicant (Old)
 and  /work/SRC/openSUSE:Factory/.wpa_supplicant.new.2990 (New)


Package is "wpa_supplicant"

Mon Nov 11 12:57:37 2019 rev:76 rq:745943 version:2.9

Changes:

--- /work/SRC/openSUSE:Factory/wpa_supplicant/wpa_supplicant.changes
2019-08-05 10:29:22.863452296 +0200
+++ /work/SRC/openSUSE:Factory/.wpa_supplicant.new.2990/wpa_supplicant.changes  
2019-11-11 12:57:38.505515671 +0100
@@ -1,0 +2,185 @@
+Mon Nov  4 10:57:57 UTC 2019 - Tomáš Chvátal 
+
+- Update to 2.9 release:
+   * SAE changes
+ - disable use of groups using Brainpool curves
+ - improved protection against side channel attacks
+ [https://w1.fi/security/2019-6/]
+   * EAP-pwd changes
+ - disable use of groups using Brainpool curves
+ - allow the set of groups to be configured (eap_pwd_groups)
+ - improved protection against side channel attacks
+ [https://w1.fi/security/2019-6/]
+   * fixed FT-EAP initial mobility domain association using PMKSA caching
+ (disabled by default for backwards compatibility; can be enabled
+ with ft_eap_pmksa_caching=1)
+   * fixed a regression in OpenSSL 1.1+ engine loading
+   * added validation of RSNE in (Re)Association Response frames
+   * fixed DPP bootstrapping URI parser of channel list
+   * extended EAP-SIM/AKA fast re-authentication to allow use with FILS
+   * extended ca_cert_blob to support PEM format
+   * improved robustness of P2P Action frame scheduling
+   * added support for EAP-SIM/AKA using anonymous@realm identity
+   * fixed Hotspot 2.0 credential selection based on roaming consortium
+ to ignore credentials without a specific EAP method
+   * added experimental support for EAP-TEAP peer (RFC 7170)
+   * added experimental support for EAP-TLS peer with TLS v1.3
+   * fixed a regression in WMM parameter configuration for a TDLS peer
+   * fixed a regression in operation with drivers that offload 802.1X
+ 4-way handshake
+   * fixed an ECDH operation corner case with OpenSSL
+   * SAE changes
+ - added support for SAE Password Identifier
+ - changed default configuration to enable only groups 19, 20, 21
+   (i.e., disable groups 25 and 26) and disable all unsuitable groups
+   completely based on REVmd changes
+ - do not regenerate PWE unnecessarily when the AP uses the
+   anti-clogging token mechanisms
+ - fixed some association cases where both SAE and FT-SAE were enabled
+   on both the station and the selected AP
+ - started to prefer FT-SAE over SAE AKM if both are enabled
+ - started to prefer FT-SAE over FT-PSK if both are enabled
+ - fixed FT-SAE when SAE PMKSA caching is used
+ - reject use of unsuitable groups based on new implementation guidance
+   in REVmd (allow only FFC groups with prime >= 3072 bits and ECC
+   groups with prime >= 256)
+ - minimize timing and memory use differences in PWE derivation
+   [https://w1.fi/security/2019-1/] (CVE-2019-9494)
+   * EAP-pwd changes
+ - minimize timing and memory use differences in PWE derivation
+   [https://w1.fi/security/2019-2/] (CVE-2019-9495)
+ - verify server scalar/element
+   [https://w1.fi/security/2019-4/] (CVE-2019-9499)
+ - fix message reassembly issue with unexpected fragment
+   [https://w1.fi/security/2019-5/]
+ - enforce rand,mask generation rules more strictly
+ - fix a memory leak in PWE derivation
+ - disallow ECC groups with a prime under 256 bits (groups 25, 26, and
+   27)
+   * fixed CONFIG_IEEE80211R=y (FT) build without CONFIG_FILS=y
+   * Hotspot 2.0 changes
+ - do not indicate release number that is higher than the one
+   AP supports
+ - added support for release number 3
+ - enable PMF automatically for network profiles created from
+   credentials
+   * fixed OWE network profile saving
+   * fixed DPP network profile saving
+   * added support for RSN operating channel validation
+ (CONFIG_OCV=y and network profile parameter ocv=1)
+   * added Multi-AP backhaul STA support
+   * fixed build with LibreSSL
+   * number of MKA/MACsec fixes and extensions
+   * extended domain_match and domain_suffix_match to allow list of values
+   * fixed dNSName matching in domain_match and domain_suffix_match when
+ using wolfSSL
+   * started to prefer FT-EAP-SHA384 over WPA-EAP-SUITE-B-192 AKM if both
+ are enabled
+   * extended nl80211 Connect and external authentication to support
+ SAE, FT-SAE, FT-EAP-SHA384
+   * fixed KEK2 derivation for FILS+FT
+   * extended client_cert file to allow loading of a chain of PEM
+ encoded certificates
+   * extended beacon reporting functionality
+   * 

commit wpa_supplicant for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package wpa_supplicant for openSUSE:Factory 
checked in at 2019-08-05 10:29:21

Comparing /work/SRC/openSUSE:Factory/wpa_supplicant (Old)
 and  /work/SRC/openSUSE:Factory/.wpa_supplicant.new.4126 (New)


Package is "wpa_supplicant"

Mon Aug  5 10:29:21 2019 rev:75 rq:719803 version:2.6

Changes:

--- /work/SRC/openSUSE:Factory/wpa_supplicant/wpa_supplicant.changes
2018-12-10 12:26:06.102661006 +0100
+++ /work/SRC/openSUSE:Factory/.wpa_supplicant.new.4126/wpa_supplicant.changes  
2019-08-05 10:29:22.863452296 +0200
@@ -1,0 +2,11 @@
+Mon Jul 29 12:08:59 UTC 2019 - Илья Индиго 
+
+- Refresh spec-file via spec-cleaner and manual optimizations.
+  * Change URL and Source0 to actual project homepage.
+  * Remove macro %{?systemd_requires} and rm (not needed).
+  * Add %autopatch macro.
+  * Add %make_build macro.
+- Chenged patch wpa_supplicant-flush-debug-output.patch (to -p1).
+- Changed service-files for start after network (systemd-networkd).
+
+---



Other differences:
--
++ wpa_supplicant.spec ++
--- /var/tmp/diff_new_pack.jyorip/_old  2019-08-05 10:29:23.635452210 +0200
+++ /var/tmp/diff_new_pack.jyorip/_new  2019-08-05 10:29:23.639452209 +0200
@@ -1,7 +1,7 @@
 #
 # spec file for package wpa_supplicant
 #
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -22,8 +22,8 @@
 Summary:WPA supplicant implementation
 License:BSD-3-Clause AND GPL-2.0-or-later
 Group:  Productivity/Networking/Other
-URL:http://hostap.epitest.fi/wpa_supplicant/
-Source: 
http://hostap.epitest.fi/releases/wpa_supplicant-%{version}.tar.gz
+URL:https://w1.fi/wpa_supplicant
+Source0:https://w1.fi/releases/%{name}-%{version}.tar.gz
 Source1:config
 Source2:%{name}.conf
 Source3:fi.epitest.hostap.WPASupplicant.service
@@ -65,7 +65,6 @@
 BuildRequires:  pkgconfig(dbus-1)
 BuildRequires:  pkgconfig(libnl-3.0)
 Requires:   logrotate
-%{?systemd_requires}
 
 %description
 wpa_supplicant is an implementation of the WPA Supplicant component,
@@ -84,28 +83,8 @@
 
 %prep
 %setup -q -n wpa_supplicant-%{version}
-rm -rf wpa_supplicant-%{version}/patches
 cp %{SOURCE1} wpa_supplicant/.config
-%patch1
-%patch2 -p1
-%patch3 -p1
-%patch4 -p1
-%patch5 -p1
-%patch10 -p1
-%patch11 -p1
-%patch12 -p1
-%patch13 -p1
-%patch14 -p1
-%patch15 -p1
-%patch16 -p1
-%patch17 -p1
-%patch18 -p1
-%patch19 -p1
-%patch20 -p1
-%patch21 -p1
-%patch22 -p1
-%patch23 -p1
-%patch24 -p1
+%autopatch -p1
 
 %build
 cd wpa_supplicant
@@ -113,7 +92,7 @@
 CFLAGS="%{optflags}" make V=1 %{?_smp_mflags} eapol_test
 cd wpa_gui-qt4
 %qmake5
-make %{?_smp_mflags}
+%make_build
 
 %install
 install -d %{buildroot}/%{_sbindir}

++ wpa_supplicant-flush-debug-output.patch ++
--- /var/tmp/diff_new_pack.jyorip/_old  2019-08-05 10:29:23.727452199 +0200
+++ /var/tmp/diff_new_pack.jyorip/_new  2019-08-05 10:29:23.731452199 +0200
@@ -1,7 +1,7 @@
 Index: src/utils/wpa_debug.c
 ===
 src/utils/wpa_debug.c.orig
-+++ src/utils/wpa_debug.c
+--- a/src/utils/wpa_debug.c
 b/src/utils/wpa_debug.c
 @@ -45,6 +45,7 @@ void wpa_debug_print_timestamp(void)
if (out_file) {
fprintf(out_file, "%ld.%06u: ", (long) tv.sec,

++ wpa_supplicant.service ++
--- /var/tmp/diff_new_pack.jyorip/_old  2019-08-05 10:29:23.775452194 +0200
+++ /var/tmp/diff_new_pack.jyorip/_new  2019-08-05 10:29:23.775452194 +0200
@@ -1,7 +1,6 @@
 [Unit]
 Description=WPA Supplicant daemon
-Before=network.target
-After=dbus.service
+After=dbus.service network.target
 
 [Service]
 Type=dbus
@@ -10,4 +9,3 @@
 
 [Install]
 WantedBy=multi-user.target
-

++ wpa_supplicant@.service ++
--- /var/tmp/diff_new_pack.jyorip/_old  2019-08-05 10:29:23.795452192 +0200
+++ /var/tmp/diff_new_pack.jyorip/_new  2019-08-05 10:29:23.795452192 +0200
@@ -1,7 +1,6 @@
 [Unit]
 Description=WPA Supplicant daemon (interface %i)
-Before=network.target
-After=dbus.service
+After=dbus.service network.target
 
 [Service]
 Type=dbus
@@ -10,4 +9,3 @@
 
 [Install]
 WantedBy=multi-user.target
-

commit wpa_supplicant for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package wpa_supplicant for openSUSE:Factory 
checked in at 2018-12-10 12:25:58

Comparing /work/SRC/openSUSE:Factory/wpa_supplicant (Old)
 and  /work/SRC/openSUSE:Factory/.wpa_supplicant.new.19453 (New)


Package is "wpa_supplicant"

Mon Dec 10 12:25:58 2018 rev:74 rq:653718 version:2.6

Changes:

--- /work/SRC/openSUSE:Factory/wpa_supplicant/wpa_supplicant.changes
2018-10-25 08:10:23.000265005 +0200
+++ /work/SRC/openSUSE:Factory/.wpa_supplicant.new.19453/wpa_supplicant.changes 
2018-12-10 12:26:06.102661006 +0100
@@ -1,0 +2,5 @@
+Fri Nov  2 09:50:48 UTC 2018 - Илья Индиго 
+
+- Refresh spec-file: add %license tag.
+
+---



Other differences:
--
++ wpa_supplicant.spec ++
--- /var/tmp/diff_new_pack.1qBf8a/_old  2018-12-10 12:26:06.786660323 +0100
+++ /var/tmp/diff_new_pack.1qBf8a/_new  2018-12-10 12:26:06.790660319 +0100
@@ -22,7 +22,7 @@
 Summary:WPA supplicant implementation
 License:BSD-3-Clause AND GPL-2.0-or-later
 Group:  Productivity/Networking/Other
-Url:http://hostap.epitest.fi/wpa_supplicant/
+URL:http://hostap.epitest.fi/wpa_supplicant/
 Source: 
http://hostap.epitest.fi/releases/wpa_supplicant-%{version}.tar.gz
 Source1:config
 Source2:%{name}.conf
@@ -40,7 +40,6 @@
 Patch3: wpa_supplicant-alloc_size.patch
 Patch4: wpa_supplicant-getrandom.patch
 Patch5: wpa_supplicant-dump-certificate-as-PEM-in-debug-mode.diff
-
 Patch10:
rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
 Patch11:
rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
 Patch12:
rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
@@ -56,7 +55,6 @@
 Patch22:wpa_supplicant-log-file-cloexec.patch
 Patch23:
wpa_supplicant-git-fa67debf4c6ddbc881a212b175faa6d5d0d90c8c.patch
 Patch24:
wpa_supplicant-git-f5b74b966c942feb95a8ddbb7d130540b15b796d.patch
-
 BuildRequires:  openssl-devel
 BuildRequires:  pkgconfig
 BuildRequires:  readline-devel
@@ -67,7 +65,6 @@
 BuildRequires:  pkgconfig(dbus-1)
 BuildRequires:  pkgconfig(libnl-3.0)
 Requires:   logrotate
-BuildRoot:  %{_tmppath}/%{name}-%{version}-build
 %{?systemd_requires}
 
 %description
@@ -163,8 +160,8 @@
 %service_del_postun wpa_supplicant.service
 
 %files
-%defattr(-,root,root)
-%doc wpa_supplicant/ChangeLog COPYING README wpa_supplicant/todo.txt 
wpa_supplicant/examples wpa_supplicant/wpa_supplicant.conf
+%license COPYING
+%doc wpa_supplicant/ChangeLog README wpa_supplicant/todo.txt 
wpa_supplicant/examples wpa_supplicant/wpa_supplicant.conf
 %{_sbindir}/eapol_test
 %{_sbindir}/rcwpa_supplicant
 %{_sbindir}/wpa_cli
@@ -186,7 +183,6 @@
 %{_mandir}/man5/*
 
 %files gui
-%defattr(-,root,root)
 %{_sbindir}/wpa_gui
 %{_mandir}/man8/wpa_gui*
 

commit wpa_supplicant for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package wpa_supplicant for openSUSE:Factory 
checked in at 2018-10-25 08:10:20

Comparing /work/SRC/openSUSE:Factory/wpa_supplicant (Old)
 and  /work/SRC/openSUSE:Factory/.wpa_supplicant.new (New)


Package is "wpa_supplicant"

Thu Oct 25 08:10:20 2018 rev:73 rq:643170 version:2.6

Changes:

--- /work/SRC/openSUSE:Factory/wpa_supplicant/wpa_supplicant.changes
2018-10-01 09:04:43.475928644 +0200
+++ /work/SRC/openSUSE:Factory/.wpa_supplicant.new/wpa_supplicant.changes   
2018-10-25 08:10:23.000265005 +0200
@@ -1,0 +2,37 @@
+Tue Oct 16 06:45:59 UTC 2018 - Karol Babioch 
+
+- Renamed patches:
+  - wpa-supplicant-log-file-permission.patch -> 
wpa_supplicant-log-file-permission.patch
+  - wpa-supplicant-log-file-cloexec.patch -> 
wpa_supplicant-log-file-cloexec.patch
+- wpa_supplicant-log-file-permission.patch: Using O_WRONLY flag
+- Enabled timestamps in log files (bsc#1080798)
+
+---
+Mon Oct 15 16:20:25 CEST 2018 - r...@suse.de
+
+- compile eapol_test binary to allow testing via radius proxy and server
+  (note: this does not match CONFIG_EAPOL_TEST which sets -Werror
+  and activates an assert call inside the code of wpa_supplicant)
+  (bsc#873), (fate#326725)
+- add patch to fix wrong operator precedence in ieee802_11.c
+  wpa_supplicant-git-fa67debf4c6ddbc881a212b175faa6d5d0d90c8c.patch
+- add patch to avoid redefinition of __bitwise macro
+  wpa_supplicant-git-f5b74b966c942feb95a8ddbb7d130540b15b796d.patch
+
+---
+Fri Oct 12 06:55:06 UTC 2018 - Karol Babioch 
+
+- Added wpa-supplicant-log-file-permission.patch: Fixes the default file
+  permissions of the debug log file to more sane values, i.e. it is no longer
+  world-readable (bsc#1098854).
+- Added wpa-supplicant-log-file-cloexec.patch: Open the debug log file with
+  O_CLOEXEC, which will prevent file descriptor leaking to child processes
+  (bsc#1098854).
+
+---
+Thu Oct 11 11:58:33 UTC 2018 - Karol Babioch 
+
+- Added 
rebased-v2.6-0009-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch:
+  Ignore unauthenticated encrypted EAPOL-Key data (CVE-2018-14526, 
bsc#1104205).
+
+---

New:

  rebased-v2.6-0009-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch
  wpa_supplicant-git-f5b74b966c942feb95a8ddbb7d130540b15b796d.patch
  wpa_supplicant-git-fa67debf4c6ddbc881a212b175faa6d5d0d90c8c.patch
  wpa_supplicant-log-file-cloexec.patch
  wpa_supplicant-log-file-permission.patch



Other differences:
--
++ wpa_supplicant.spec ++
--- /var/tmp/diff_new_pack.qNXEZ1/_old  2018-10-25 08:10:23.732264525 +0200
+++ /var/tmp/diff_new_pack.qNXEZ1/_new  2018-10-25 08:10:23.732264525 +0200
@@ -12,7 +12,7 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
 
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 
 
@@ -51,6 +51,11 @@
 Patch17:
rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
 Patch18:wpa_supplicant-bnc-1099835-fix-private-key-password.patch
 Patch19:wpa_supplicant-bnc-1099835-clear-default_passwd_cb.patch
+Patch20:
rebased-v2.6-0009-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch
+Patch21:wpa_supplicant-log-file-permission.patch
+Patch22:wpa_supplicant-log-file-cloexec.patch
+Patch23:
wpa_supplicant-git-fa67debf4c6ddbc881a212b175faa6d5d0d90c8c.patch
+Patch24:
wpa_supplicant-git-f5b74b966c942feb95a8ddbb7d130540b15b796d.patch
 
 BuildRequires:  openssl-devel
 BuildRequires:  pkgconfig
@@ -99,10 +104,16 @@
 %patch17 -p1
 %patch18 -p1
 %patch19 -p1
+%patch20 -p1
+%patch21 -p1
+%patch22 -p1
+%patch23 -p1
+%patch24 -p1
 
 %build
 cd wpa_supplicant
 CFLAGS="%{optflags}" make V=1 %{?_smp_mflags}
+CFLAGS="%{optflags}" make V=1 %{?_smp_mflags} eapol_test
 cd wpa_gui-qt4
 %qmake5
 make %{?_smp_mflags}
@@ -112,6 +123,7 @@
 install -m 0755 wpa_supplicant/wpa_cli %{buildroot}%{_sbindir}
 install -m 0755 wpa_supplicant/wpa_passphrase %{buildroot}%{_sbindir}
 install -m 0755 wpa_supplicant/wpa_supplicant %{buildroot}%{_sbindir}
+install -m 0755 wpa_supplicant/eapol_test %{buildroot}%{_sbindir}
 install -d %{buildroot}%{_sysconfdir}/dbus-1/system.d
 install -m 0644 wpa_supplicant/dbus/dbus-wpa_supplicant.conf 
%{buildroot}%{_sysconfdir}/dbus-1/system.d/wpa_supplicant.conf
 install -d %{buildroot}/%{_sysconfdir}/%{name}
@@ -124,9 +136,8 @@
 

commit wpa_supplicant for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package wpa_supplicant for openSUSE:Factory 
checked in at 2018-10-01 09:04:39

Comparing /work/SRC/openSUSE:Factory/wpa_supplicant (Old)
 and  /work/SRC/openSUSE:Factory/.wpa_supplicant.new (New)


Package is "wpa_supplicant"

Mon Oct  1 09:04:39 2018 rev:72 rq:637020 version:2.6

Changes:

--- /work/SRC/openSUSE:Factory/wpa_supplicant/wpa_supplicant.changes
2018-07-23 17:57:36.249184828 +0200
+++ /work/SRC/openSUSE:Factory/.wpa_supplicant.new/wpa_supplicant.changes   
2018-10-01 09:04:43.475928644 +0200
@@ -1,0 +2,7 @@
+Fri Sep 21 09:15:34 UTC 2018 - Karol Babioch 
+
+- Enabled PWD as EAP method. This allows for password-based authentication,
+  which is easier to setup than most of the other methods, and is used by the
+  Eduroam network (bsc#1109209).
+
+---



Other differences:
--
++ config ++
--- /var/tmp/diff_new_pack.A0X2Ig/_old  2018-10-01 09:04:44.051928147 +0200
+++ /var/tmp/diff_new_pack.A0X2Ig/_new  2018-10-01 09:04:44.051928147 +0200
@@ -118,7 +118,7 @@
 #CONFIG_EAP_PSK=y
 
 # EAP-pwd (secure authentication using only a password)
-#CONFIG_EAP_PWD=y
+CONFIG_EAP_PWD=y
 
 # EAP-PAX
 CONFIG_EAP_PAX=y

commit wpa_supplicant for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package wpa_supplicant for openSUSE:Factory 
checked in at 2018-07-23 17:57:32

Comparing /work/SRC/openSUSE:Factory/wpa_supplicant (Old)
 and  /work/SRC/openSUSE:Factory/.wpa_supplicant.new (New)


Package is "wpa_supplicant"

Mon Jul 23 17:57:32 2018 rev:71 rq:624261 version:2.6

Changes:

--- /work/SRC/openSUSE:Factory/wpa_supplicant/wpa_supplicant.changes
2017-10-18 12:51:01.697684332 +0200
+++ /work/SRC/openSUSE:Factory/.wpa_supplicant.new/wpa_supplicant.changes   
2018-07-23 17:57:36.249184828 +0200
@@ -1,0 +2,10 @@
+Fri Jul 20 13:48:52 CEST 2018 - r...@suse.de
+
+- add two patches from upstream to fix reading private key
+  passwords from the configuration file (bsc#1099835)
+  - add patch for git 89971d8b1e328a2f79699c953625d1671fd40384
+wpa_supplicant-bnc-1099835-clear-default_passwd_cb.patch
+  - add patch for git f665c93e1d28fbab3d9127a8c3985cc32940824f
+wpa_supplicant-bnc-1099835-fix-private-key-password.patch
+
+---

New:

  wpa_supplicant-bnc-1099835-clear-default_passwd_cb.patch
  wpa_supplicant-bnc-1099835-fix-private-key-password.patch



Other differences:
--
++ wpa_supplicant.spec ++
--- /var/tmp/diff_new_pack.DJdbO3/_old  2018-07-23 17:57:38.337182221 +0200
+++ /var/tmp/diff_new_pack.DJdbO3/_new  2018-07-23 17:57:38.341182216 +0200
@@ -1,7 +1,7 @@
 #
 # spec file for package wpa_supplicant
 #
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -20,7 +20,7 @@
 Version:2.6
 Release:0
 Summary:WPA supplicant implementation
-License:BSD-3-Clause and GPL-2.0+
+License:BSD-3-Clause AND GPL-2.0-or-later
 Group:  Productivity/Networking/Other
 Url:http://hostap.epitest.fi/wpa_supplicant/
 Source: 
http://hostap.epitest.fi/releases/wpa_supplicant-%{version}.tar.gz
@@ -49,6 +49,8 @@
 Patch15:rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch
 Patch16:
rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
 Patch17:
rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
+Patch18:wpa_supplicant-bnc-1099835-fix-private-key-password.patch
+Patch19:wpa_supplicant-bnc-1099835-clear-default_passwd_cb.patch
 
 BuildRequires:  openssl-devel
 BuildRequires:  pkgconfig
@@ -95,6 +97,8 @@
 %patch15 -p1
 %patch16 -p1
 %patch17 -p1
+%patch18 -p1
+%patch19 -p1
 
 %build
 cd wpa_supplicant

++ wpa_supplicant-bnc-1099835-clear-default_passwd_cb.patch ++
commit 89971d8b1e328a2f79699c953625d1671fd40384
Author: Jouni Malinen 
Date:   Mon Jul 17 12:06:17 2017 +0300

OpenSSL: Clear default_passwd_cb more thoroughly

Previously, the pointer to strdup passwd was left in OpenSSL library
default_passwd_cb_userdata and even the default_passwd_cb was left set
on an error path. To avoid unexpected behavior if something were to
manage to use there pointers, clear them explicitly once done with
loading of the private key.

Signed-off-by: Jouni Malinen 

diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index c790b53ea..903c38cff 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -2775,6 +2775,19 @@ static int tls_connection_engine_private_key(struct 
tls_connection *conn)
 }
 
 
+static void tls_clear_default_passwd_cb(SSL_CTX *ssl_ctx, SSL *ssl)
+{
+#if OPENSSL_VERSION_NUMBER >= 0x1010L && !defined(LIBRESSL_VERSION_NUMBER)
+   if (ssl) {
+   SSL_set_default_passwd_cb(ssl, NULL);
+   SSL_set_default_passwd_cb_userdata(ssl, NULL);
+   }
+#endif /* >= 1.1.0f && !LibreSSL */
+   SSL_CTX_set_default_passwd_cb(ssl_ctx, NULL);
+   SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, NULL);
+}
+
+
 static int tls_connection_private_key(struct tls_data *data,
  struct tls_connection *conn,
  const char *private_key,
@@ -2891,14 +2904,12 @@ static int tls_connection_private_key(struct tls_data 
*data,
if (!ok) {
tls_show_errors(MSG_INFO, __func__,
"Failed to load private key");
+   tls_clear_default_passwd_cb(ssl_ctx, conn->ssl);
os_free(passwd);
return -1;
}
ERR_clear_error();
-#if OPENSSL_VERSION_NUMBER >= 0x1010L && !defined(LIBRESSL_VERSION_NUMBER)
-   

commit wpa_supplicant for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package wpa_supplicant for openSUSE:Factory 
checked in at 2017-10-18 12:50:59

Comparing /work/SRC/openSUSE:Factory/wpa_supplicant (Old)
 and  /work/SRC/openSUSE:Factory/.wpa_supplicant.new (New)


Package is "wpa_supplicant"

Wed Oct 18 12:50:59 2017 rev:70 rq:534370 version:2.6

Changes:

--- /work/SRC/openSUSE:Factory/wpa_supplicant/wpa_supplicant.changes
2017-06-20 10:59:18.056805366 +0200
+++ /work/SRC/openSUSE:Factory/.wpa_supplicant.new/wpa_supplicant.changes   
2017-10-18 12:51:01.697684332 +0200
@@ -1,0 +2,13 @@
+Mon Oct 16 13:32:07 UTC 2017 - meiss...@suse.com
+
+- Fix KRACK attacks (bsc#1056061, CVE-2017-13078, CVE-2017-13079, 
CVE-2017-13080, CVE-2017-13081, CVE-2017-13087, CVE-2017-13088):
+  - rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
+  - 
rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
+  - 
rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
+  - rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch
+  - rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
+  - rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch
+  - 
rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
+  - 
rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
+
+---

New:

  rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
  rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
  rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
  rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch
  rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
  rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch
  rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
  rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch



Other differences:
--
++ wpa_supplicant.spec ++
--- /var/tmp/diff_new_pack.hvdXE7/_old  2017-10-18 12:51:02.985624010 +0200
+++ /var/tmp/diff_new_pack.hvdXE7/_new  2017-10-18 12:51:02.985624010 +0200
@@ -40,6 +40,16 @@
 Patch3: wpa_supplicant-alloc_size.patch
 Patch4: wpa_supplicant-getrandom.patch
 Patch5: wpa_supplicant-dump-certificate-as-PEM-in-debug-mode.diff
+
+Patch10:
rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
+Patch11:
rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
+Patch12:
rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
+Patch13:rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch
+Patch14:
rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
+Patch15:rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch
+Patch16:
rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
+Patch17:
rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
+
 BuildRequires:  openssl-devel
 BuildRequires:  pkgconfig
 BuildRequires:  readline-devel
@@ -77,6 +87,14 @@
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
+%patch10 -p1
+%patch11 -p1
+%patch12 -p1
+%patch13 -p1
+%patch14 -p1
+%patch15 -p1
+%patch16 -p1
+%patch17 -p1
 
 %build
 cd wpa_supplicant

++ rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch 
++
>From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001
From: Mathy Vanhoef 
Date: Fri, 14 Jul 2017 15:15:35 +0200
Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake

Do not reinstall TK to the driver during Reassociation Response frame
processing if the first attempt of setting the TK succeeded. This avoids
issues related to clearing the TX/RX PN that could result in reusing
same PN values for transmitted frames (e.g., due to CCM nonce reuse and
also hitting replay protection on the receiver) and accepting replayed
frames on RX side.

This issue was introduced by the commit
0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in
authenticator') which allowed wpa_ft_install_ptk() to be called multiple
times with the same PTK. While the second configuration attempt is
needed with some drivers, it must be done only if the first attempt
failed.

Signed-off-by: Mathy Vanhoef 
---
 src/ap/ieee802_11.c  | 16 +---
 src/ap/wpa_auth.c| 11 +++
 src/ap/wpa_auth.h|  3 ++-
 src/ap/wpa_auth_ft.c | 10 ++
 src/ap/wpa_auth_i.h  |  1 +
 5 files changed, 37 

commit wpa_supplicant for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package wpa_supplicant for openSUSE:Factory 
checked in at 2017-06-20 10:58:09

Comparing /work/SRC/openSUSE:Factory/wpa_supplicant (Old)
 and  /work/SRC/openSUSE:Factory/.wpa_supplicant.new (New)


Package is "wpa_supplicant"

Tue Jun 20 10:58:09 2017 rev:69 rq:503688 version:2.6

Changes:

--- /work/SRC/openSUSE:Factory/wpa_supplicant/wpa_supplicant.changes
2016-12-26 21:40:11.323876142 +0100
+++ /work/SRC/openSUSE:Factory/.wpa_supplicant.new/wpa_supplicant.changes   
2017-06-20 10:59:18.056805366 +0200
@@ -1,0 +2,6 @@
+Fri Apr 21 11:02:18 UTC 2017 - o...@botter.cc
+
+- fix wpa_supplicant-sigusr1-changes-debuglevel.patch to match
+  eloop_signal_handler type (needed to build eapol_test via config) 
+
+---



Other differences:
--
++ wpa_supplicant.spec ++
--- /var/tmp/diff_new_pack.Pu8Bk7/_old  2017-06-20 10:59:18.732710093 +0200
+++ /var/tmp/diff_new_pack.Pu8Bk7/_new  2017-06-20 10:59:18.736709530 +0200
@@ -1,7 +1,7 @@
 #
 # spec file for package wpa_supplicant
 #
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed

++ wpa_supplicant-sigusr1-changes-debuglevel.patch ++
--- /var/tmp/diff_new_pack.Pu8Bk7/_old  2017-06-20 10:59:18.876689799 +0200
+++ /var/tmp/diff_new_pack.Pu8Bk7/_new  2017-06-20 10:59:18.880689235 +0200
@@ -8,7 +8,7 @@
return set;
  }
  
-+static void wpa_supplicant_handle_sigusr1(int sig, void *eloop_ctx,
++static void wpa_supplicant_handle_sigusr1(int sig,
 +   void *signal_ctx)
 +{
 +  /* Increase verbosity (by decreasing the debug level) and wrap back

commit wpa_supplicant for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package wpa_supplicant for openSUSE:Factory 
checked in at 2016-10-14 03:37:07

Comparing /work/SRC/openSUSE:Factory/wpa_supplicant (Old)
 and  /work/SRC/openSUSE:Factory/.wpa_supplicant.new (New)


Package is "wpa_supplicant"

Changes:

--- /work/SRC/openSUSE:Factory/wpa_supplicant/wpa_supplicant.changes
2016-08-03 11:36:09.0 +0200
+++ /work/SRC/openSUSE:Factory/.wpa_supplicant.new/wpa_supplicant.changes   
2016-10-14 03:37:08.0 +0200
@@ -1,0 +2,149 @@
+Thu Oct  6 15:42:23 UTC 2016 - meiss...@suse.com
+
+- updated to 2.6 / 2016-10-02
+  * fixed WNM Sleep Mode processing when PMF is not enabled
+[http://w1.fi/security/2015-6/] (CVE-2015-5310 bsc#952254)
+  * fixed EAP-pwd last fragment validation
+[http://w1.fi/security/2015-7/] (CVE-2015-5315 bsc#953115)
+  * fixed EAP-pwd unexpected Confirm message processing
+[http://w1.fi/security/2015-8/] (CVE-2015-5316 bsc#953115)
+  * fixed WPS configuration update vulnerability with malformed passphrase
+[http://w1.fi/security/2016-1/] (CVE-2016-4476 bsc#978172)
+  * fixed configuration update vulnerability with malformed parameters set
+over the local control interface
+[http://w1.fi/security/2016-1/] (CVE-2016-4477 bsc#978175)
+  * fixed TK configuration to the driver in EAPOL-Key 3/4 retry case
+  * extended channel switch support for P2P GO
+  * started to throttle control interface event message bursts to avoid
+issues with monitor sockets running out of buffer space
+  * mesh mode fixes/improvements
+- generate proper AID for peer
+- enable WMM by default
+- add VHT support
+- fix PMKID derivation
+- improve robustness on various exchanges
+- fix peer link counting in reconnect case
+- improve mesh joining behavior
+- allow DTIM period to be configured
+- allow HT to be disabled (disable_ht=1)
+- add MESH_PEER_ADD and MESH_PEER_REMOVE commands
+- add support for PMKSA caching
+- add minimal support for SAE group negotiation
+- allow pairwise/group cipher to be configured in the network profile
+- use ieee80211w profile parameter to enable/disable PMF and derive
+  a separate TX IGTK if PMF is enabled instead of using MGTK
+  incorrectly
+- fix AEK and MTK derivation
+- remove GTKdata and IGTKdata from Mesh Peering Confirm/Close
+- note: these changes are not fully backwards compatible for secure
+  (RSN) mesh network
+  * fixed PMKID derivation with SAE
+  * added support for requesting and fetching arbitrary ANQP-elements
+without internal support in wpa_supplicant for the specific element
+(anqp[265]= in "BSS " command output)
+  * P2P
+- filter control characters in group client device names to be
+  consistent with other P2P peer cases
+- support VHT 80+80 MHz and 160 MHz
+- indicate group completion in P2P Client role after data association
+  instead of already after the WPS provisioning step
+- improve group-join operation to use SSID, if known, to filter BSS
+  entries
+- added optional ssid= argument to P2P_CONNECT for join case
+- added P2P_GROUP_MEMBER command to fetch client interface address
+  * P2PS
+- fix follow-on PD Response behavior
+- fix PD Response generation for unknown peer
+- fix persistent group reporting
+- add channel policy to PD Request
+- add group SSID to the P2PS-PROV-DONE event
+- allow "P2P_CONNECT  p2ps" to be used without specifying the
+  default PIN
+  * BoringSSL
+- support for OCSP stapling
+- support building of h20-osu-client
+  * D-Bus
+- add ExpectDisconnect()
+- add global config parameters as properties
+- add SaveConfig()
+- add VendorElemAdd(), VendorElemGet(), VendorElemRem()
+  * fixed Suite B 192-bit AKM to use proper PMK length
+(note: this makes old releases incompatible with the fixed behavior)
+  * improved PMF behavior for cases where the AP and STA has different
+configuration by not trying to connect in some corner cases where the
+connection cannot succeed
+  * added option to reopen debug log (e.g., to rotate the file) upon
+receipt of SIGHUP signal
+  * EAP-pwd: added support for Brainpool Elliptic Curves
+(with OpenSSL 1.0.2 and newer)
+  * fixed EAPOL reauthentication after FT protocol run
+  * fixed FTIE generation for 4-way handshake after FT protocol run
+  * extended INTERFACE_ADD command to allow certain type (sta/ap)
+interface to be created
+  * fixed and improved various FST operations
+  * added 80+80 MHz and 160 MHz VHT support for IBSS/mesh
+  * fixed SIGNAL_POLL in IBSS and mesh cases
+  * added an option to abort an ongoing scan (used to speed up connection
+and can also be done with the new ABORT_SCAN command)
+  * TLS client

commit wpa_supplicant for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package wpa_supplicant for openSUSE:Factory 
checked in at 2016-08-03 11:36:07

Comparing /work/SRC/openSUSE:Factory/wpa_supplicant (Old)
 and  /work/SRC/openSUSE:Factory/.wpa_supplicant.new (New)


Package is "wpa_supplicant"

Changes:

--- /work/SRC/openSUSE:Factory/wpa_supplicant/wpa_supplicant.changes
2016-03-29 09:53:47.0 +0200
+++ /work/SRC/openSUSE:Factory/.wpa_supplicant.new/wpa_supplicant.changes   
2016-08-03 11:36:09.0 +0200
@@ -1,0 +2,8 @@
+Wed Jul 20 11:54:37 UTC 2016 - tchva...@suse.com
+
+- Remove support for <12.3 as we are unresolvable there anyway
+- Use qt5 on 13.2 if someone pulls this package in
+- Convert to pkgconfig dependencies over the devel pkgs
+- Use the %qmake5 macro to build the qt5 gui
+
+---



Other differences:
--
++ wpa_supplicant.spec ++
--- /var/tmp/diff_new_pack.zIRy8Q/_old  2016-08-03 11:36:10.0 +0200
+++ /var/tmp/diff_new_pack.zIRy8Q/_new  2016-08-03 11:36:10.0 +0200
@@ -16,9 +16,6 @@
 #
 
 
-%if ! %{defined _rundir}
-%define _rundir %{_localstatedir}/run
-%endif
 Name:   wpa_supplicant
 Version:2.5
 Release:0
@@ -41,25 +38,18 @@
 Patch2: wpa_supplicant-sigusr1-changes-debuglevel.patch
 Patch3: wpa_supplicant-alloc_size.patch
 Patch4: wpa_supplicant-getrandom.patch
-BuildRequires:  dbus-1-devel
-BuildRequires:  libnl3-devel
-%if 0%{?suse_version} < 1320
-BuildRequires:  libqt4
-BuildRequires:  libqt4-devel
-%else
+BuildRequires:  openssl-devel
+BuildRequires:  pkgconfig
+BuildRequires:  readline-devel
+BuildRequires:  systemd-rpm-macros
 BuildRequires:  pkgconfig(Qt5Core)
 BuildRequires:  pkgconfig(Qt5Gui)
 BuildRequires:  pkgconfig(Qt5Widgets)
-%endif
-BuildRequires:  openssl-devel
-BuildRequires:  pkg-config
-BuildRequires:  readline-devel
+BuildRequires:  pkgconfig(dbus-1)
+BuildRequires:  pkgconfig(libnl-3.0)
 Requires:   logrotate
 BuildRoot:  %{_tmppath}/%{name}-%{version}-build
-%if 0%{?suse_version} > 1230
-BuildRequires:  systemd-rpm-macros
-%systemd_requires
-%endif
+%{?systemd_requires}
 
 %description
 wpa_supplicant is an implementation of the WPA Supplicant component,
@@ -84,15 +74,12 @@
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
+
 %build
 cd wpa_supplicant
 CFLAGS="%{optflags}" make V=1 %{?_smp_mflags}
 cd wpa_gui-qt4
-%if 0%{?suse_version} < 1320
-qmake QMAKE_CXXFLAGS="%{optflags}" QMAKE_CFLAGS="%{optflags}"
-%else
-qmake-qt5 QMAKE_CXXFLAGS="%{optflags}" QMAKE_CFLAGS="%{optflags}"
-%endif
+%qmake5
 make %{?_smp_mflags}
 
 %install
@@ -117,19 +104,15 @@
 rm %{buildroot}%{_mandir}/man8/eapol_test.*
 install -m 0644 wpa_supplicant/doc/docbook/*.5 %{buildroot}%{_mandir}/man5
 install -m 755 wpa_supplicant/wpa_gui-qt4/wpa_gui %{buildroot}%{_sbindir}
-%if 0%{?suse_version} > 1230
 install -d %{buildroot}%{_unitdir}
 install -m 0644 %{SOURCE6} %{buildroot}%{_unitdir}
-%endif
+ln -s service %{buildroot}/%{_sbindir}/rcwpa_supplicant
 # avoid spurious dependency on /usr/bin/python
 chmod -x wpa_supplicant/examples/*.py
-%if 0%{?suse_version} > 1230
 # dbus auto activation boo#966535
 ln -s wpa_supplicant.service 
%{buildroot}%{_unitdir}/dbus-fi.epitest.hostap.WPASupplicant.service
 ln -s wpa_supplicant.service 
%{buildroot}%{_unitdir}/dbus-fi.w1.wpa_supplicant1.service
-%endif
 
-%if 0%{?suse_version} > 1230
 %pre
 %service_add_pre wpa_supplicant.service
 
@@ -141,11 +124,11 @@
 
 %postun
 %service_del_postun wpa_supplicant.service
-%endif
 
 %files
 %defattr(-,root,root)
 %doc wpa_supplicant/ChangeLog COPYING README wpa_supplicant/todo.txt 
wpa_supplicant/examples wpa_supplicant/wpa_supplicant.conf
+%{_sbindir}/rcwpa_supplicant
 %{_sbindir}/wpa_cli
 %{_sbindir}/wpa_passphrase
 %{_sbindir}/wpa_supplicant
@@ -154,14 +137,10 @@
 %config %{_sysconfdir}/%{name}/%{name}.conf
 %config(noreplace) %{_sysconfdir}/logrotate.d/wpa_supplicant
 %dir %{_rundir}/%{name}
-%if 0%{?suse_version} > 1140
 %ghost %{_rundir}/%{name}
-%endif
-%if 0%{?suse_version} > 1230
 %{_unitdir}/wpa_supplicant.service
 %{_unitdir}/dbus-fi.epitest.hostap.WPASupplicant.service
 %{_unitdir}/dbus-fi.w1.wpa_supplicant1.service
-%endif
 %dir %{_sysconfdir}/%{name}
 %{_mandir}/man8/*
 %exclude %{_mandir}/man8/wpa_gui.*
@@ -170,6 +149,6 @@
 %files gui
 %defattr(-,root,root)
 %{_sbindir}/wpa_gui
-%{_mandir}/man8/wpa_gui.*
+%{_mandir}/man8/wpa_gui*
 
 %changelog

commit wpa_supplicant for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package wpa_supplicant for openSUSE:Factory 
checked in at 2016-03-29 09:53:46

Comparing /work/SRC/openSUSE:Factory/wpa_supplicant (Old)
 and  /work/SRC/openSUSE:Factory/.wpa_supplicant.new (New)


Package is "wpa_supplicant"

Changes:

--- /work/SRC/openSUSE:Factory/wpa_supplicant/wpa_supplicant.changes
2016-03-01 09:39:21.0 +0100
+++ /work/SRC/openSUSE:Factory/.wpa_supplicant.new/wpa_supplicant.changes   
2016-03-29 09:53:47.0 +0200
@@ -1,0 +2,5 @@
+Wed Mar 23 16:45:16 UTC 2016 - lnus...@suse.de
+
+- add After=dbus.service to prevent too early shutdown (bnc#963652)
+
+---



Other differences:
--
++ wpa_supplicant.service ++
--- /var/tmp/diff_new_pack.sywLCc/_old  2016-03-29 09:53:48.0 +0200
+++ /var/tmp/diff_new_pack.sywLCc/_new  2016-03-29 09:53:48.0 +0200
@@ -1,6 +1,7 @@
 [Unit]
 Description=WPA Supplicant daemon
 Before=network.target
+After=dbus.service
 
 [Service]
 Type=dbus

commit wpa_supplicant for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package wpa_supplicant for openSUSE:Factory 
checked in at 2016-03-01 09:39:14

Comparing /work/SRC/openSUSE:Factory/wpa_supplicant (Old)
 and  /work/SRC/openSUSE:Factory/.wpa_supplicant.new (New)


Package is "wpa_supplicant"

Changes:

--- /work/SRC/openSUSE:Factory/wpa_supplicant/wpa_supplicant.changes
2015-05-10 10:56:19.0 +0200
+++ /work/SRC/openSUSE:Factory/.wpa_supplicant.new/wpa_supplicant.changes   
2016-03-01 09:39:21.0 +0100
@@ -1,0 +2,110 @@
+Fri Feb 26 21:10:55 UTC 2016 - crrodrig...@opensuse.org
+
+- Revert CONFIG_ELOOP_EPOLL=y, it is broken in combination
+  with CONFIG_DBUS=yes.
+
+---
+Sat Feb 20 16:56:01 UTC 2016 - crrodrig...@opensuse.org
+
+- spec: Compile the GUI against QT5 in 13.2 and later.
+
+---
+Thu Feb 18 15:36:23 UTC 2016 - crrodrig...@opensuse.org
+
+- Previous update did not include version 2.5 tarball
+  or changed the version number in spec, only the changelog
+  and removed patches.
+- config: set CONFIG_NO_RANDOM_POOL=y, we have a reliable·
+ random number generator by using /dev/urandom, no need to
+ keep an internal random number pool which draws entropy from 
+ /dev/random.
+- config: prefer using epoll(7) instead of select(2)
+  by setting CONFIG_ELOOP_EPOLL=y
+- wpa_supplicant-getrandom.patch: Prefer to use the getrandom(2)
+ system call to collect entropy. if it is not present disable
+ buffering when reading /dev/urandom, otherwise each os_get_random()
+ call will request BUFSIZ of entropy instead of the few needed bytes.
+
+---
+Wed Feb 17 13:47:43 UTC 2016 - lnus...@suse.de
+
+- add aliases for both provided dbus names to avoid systemd stopping the
+  service when switching runlevels (boo#966535)
+
+---
+Thu Feb  4 10:18:54 UTC 2016 - mich...@stroeder.com
+
+- removed obsolete security patches:
+  * 0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch
+  * 0001-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch
+  * 0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch
+  * 0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch
+  * wpa_s-D-Bus-Fix-operations-when-P2P-management-interface-is-used.patch
+  * 0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch
+  * 0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch
+  * 0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch
+  * 0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch
+- Update to upstream release 2.5
+  * fixed P2P validation of SSID element length before copying it
+[http://w1.fi/security/2015-1/] (CVE-2015-1863)
+  * fixed WPS UPnP vulnerability with HTTP chunked transfer encoding
+[http://w1.fi/security/2015-2/] (CVE-2015-4141)
+  * fixed WMM Action frame parser (AP mode)
+[http://w1.fi/security/2015-3/] (CVE-2015-4142)
+  * fixed EAP-pwd peer missing payload length validation
+[http://w1.fi/security/2015-4/]
+(CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146)
+  * fixed validation of WPS and P2P NFC NDEF record payload length
+[http://w1.fi/security/2015-5/]
+  * nl80211:
+- added VHT configuration for IBSS
+- fixed vendor command handling to check OUI properly
+- allow driver-based roaming to change ESS
+  * added AVG_BEACON_RSSI to SIGNAL_POLL output
+  * wpa_cli: added tab completion for number of commands
+  * removed unmaintained and not yet completed SChannel/CryptoAPI support
+  * modified Extended Capabilities element use in Probe Request frames to
+include all cases if any of the values are non-zero
+  * added support for dynamically creating/removing a virtual interface
+with interface_add/interface_remove
+  * added support for hashed password (NtHash) in EAP-pwd peer
+  * added support for memory-only PSK/passphrase (mem_only_psk=1 and
+CTRL-REQ/RSP-PSK_PASSPHRASE)
+  * P2P
+- optimize scan frequencies list when re-joining a persistent group
+- fixed number of sequences with nl80211 P2P Device interface
+- added operating class 125 for P2P use cases (this allows 5 GHz
+  channels 161 and 169 to be used if they are enabled in the current
+  regulatory domain)
+- number of fixes to P2PS functionality
+- do not allow 40 MHz co-ex PRI/SEC switch to force MCC
+- extended support for preferred channel listing
+  * D-Bus:
+- fixed WPS property of fi.w1.wpa_supplicant1.BSS interface
+- fixed PresenceRequest to use group interface
+- added new signals: FindStopped, WPS pbc-overlap,
+  GroupFormationFailure, WPS timeout, 

commit wpa_supplicant for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package wpa_supplicant for openSUSE:Factory 
checked in at 2015-05-10 10:56:17

Comparing /work/SRC/openSUSE:Factory/wpa_supplicant (Old)
 and  /work/SRC/openSUSE:Factory/.wpa_supplicant.new (New)


Package is wpa_supplicant

Changes:

--- /work/SRC/openSUSE:Factory/wpa_supplicant/wpa_supplicant.changes
2015-05-06 07:46:44.0 +0200
+++ /work/SRC/openSUSE:Factory/.wpa_supplicant.new/wpa_supplicant.changes   
2015-05-10 10:56:19.0 +0200
@@ -1,0 +2,14 @@
+Thu May  7 17:18:29 CEST 2015 - r...@suse.de
+
+- added patch for bnc#930077
+  0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch
+- added patch for bnc#930078
+  0001-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch
+- added patches for bnc#930079
+  0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch
+  0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch
+  0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch
+  0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch
+  0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch
+
+---

New:

  0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch
  0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch
  0001-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch
  0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch
  0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch
  0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch
  0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch



Other differences:
--
++ wpa_supplicant.spec ++
--- /var/tmp/diff_new_pack.KZKhqV/_old  2015-05-10 10:56:20.0 +0200
+++ /var/tmp/diff_new_pack.KZKhqV/_new  2015-05-10 10:56:20.0 +0200
@@ -51,6 +51,21 @@
 Patch4: wpa_supplicant-alloc_size.patch
 # PATCH-FIX-UPSTREAM 
wpa_s-D-Bus-Fix-operations-when-P2P-management-interface-is-used.patch 
arch#44740 zai...@opensuse.org -- Fix Segmentation fault in wpa_supplicant. 
Patch taken from upstream master git.
 Patch5: 
wpa_s-D-Bus-Fix-operations-when-P2P-management-interface-is-used.patch 
+# PATCH-FIX-UPSTREAM 0001-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch 
bnc#930077
+Patch6: 0001-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch
+# PATCH-FIX-UPSTREAM 
0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch bnc#930078
+Patch7: 0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch
+# PATCH-FIX-UPSTREAM 
0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch bnc#930079
+Patch8: 0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch
+# PATCH-FIX-UPSTREAM 
0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch bnc#930079
+Patch9: 0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch
+# PATCH-FIX-UPSTREAM 
0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch bnc#930079
+Patch10:0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch
+# PATCH-FIX-UPSTREAM 
0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch bnc#930079
+Patch11:0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch
+# PATCH-FIX-UPSTREAM 
0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch bnc#930079
+Patch12:0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch
+
 BuildRoot:  %{_tmppath}/%{name}-%{version}-build
 Requires:   logrotate
 %if ! %{defined _rundir}
@@ -91,6 +106,14 @@
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
+%patch6 -p1
+%patch7 -p1
+%patch8 -p1
+%patch9 -p1
+%patch10 -p1
+%patch11 -p1
+%patch12 -p1
+
 %build
 cd wpa_supplicant
 CFLAGS=$RPM_OPT_FLAGS make V=1 %{?_smp_mflags}

++ 0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch ++
From ef566a4d4f74022e1fdb0a2addfe81e6de9f4aae Mon Sep 17 00:00:00 2001
From: Jouni Malinen j...@w1.fi
Date: Wed, 29 Apr 2015 02:21:53 +0300
Subject: [PATCH] AP WMM: Fix integer underflow in WMM Action frame parser

The length of the WMM Action frame was not properly validated and the
length of the information elements (int left) could end up being
negative. This would result in reading significantly past the stack
buffer while parsing the IEs in ieee802_11_parse_elems() and while doing
so, resulting in segmentation fault.

This can result in an invalid frame being used for a denial of service
attack (hostapd process killed) against an AP with a driver that uses
hostapd for management frame processing (e.g., all mac80211-based
drivers).

Thanks to Kostya Kortchinsky of Google security team for discovering and
reporting this issue.

commit wpa_supplicant for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package wpa_supplicant for openSUSE:Factory 
checked in at 2015-05-06 07:46:42

Comparing /work/SRC/openSUSE:Factory/wpa_supplicant (Old)
 and  /work/SRC/openSUSE:Factory/.wpa_supplicant.new (New)


Package is wpa_supplicant

Changes:

--- /work/SRC/openSUSE:Factory/wpa_supplicant/wpa_supplicant.changes
2015-04-27 12:58:30.0 +0200
+++ /work/SRC/openSUSE:Factory/.wpa_supplicant.new/wpa_supplicant.changes   
2015-05-06 07:46:44.0 +0200
@@ -1,0 +2,7 @@
+Fri May  1 21:14:01 UTC 2015 - zai...@opensuse.org
+
+- Add wpa_s-D-Bus-Fix-operations-when-P2P-management-interface-is-used.patch
+  Fix Segmentation fault in wpa_supplicant. Patch taken from
+  upstream master git (arch#44740).
+
+---

New:

  wpa_s-D-Bus-Fix-operations-when-P2P-management-interface-is-used.patch



Other differences:
--
++ wpa_supplicant.spec ++
--- /var/tmp/diff_new_pack.JaB43r/_old  2015-05-06 07:46:45.0 +0200
+++ /var/tmp/diff_new_pack.JaB43r/_new  2015-05-06 07:46:45.0 +0200
@@ -49,6 +49,8 @@
 Patch2: wpa_supplicant-sigusr1-changes-debuglevel.patch
 Patch3: 0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch
 Patch4: wpa_supplicant-alloc_size.patch
+# PATCH-FIX-UPSTREAM 
wpa_s-D-Bus-Fix-operations-when-P2P-management-interface-is-used.patch 
arch#44740 zai...@opensuse.org -- Fix Segmentation fault in wpa_supplicant. 
Patch taken from upstream master git.
+Patch5: 
wpa_s-D-Bus-Fix-operations-when-P2P-management-interface-is-used.patch 
 BuildRoot:  %{_tmppath}/%{name}-%{version}-build
 Requires:   logrotate
 %if ! %{defined _rundir}
@@ -88,6 +90,7 @@
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
+%patch5 -p1
 %build
 cd wpa_supplicant
 CFLAGS=$RPM_OPT_FLAGS make V=1 %{?_smp_mflags}

++ wpa_s-D-Bus-Fix-operations-when-P2P-management-interface-is-used.patch 
++
 913 lines (skipped)

commit wpa_supplicant for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package wpa_supplicant for openSUSE:Factory 
checked in at 2015-04-27 12:58:29

Comparing /work/SRC/openSUSE:Factory/wpa_supplicant (Old)
 and  /work/SRC/openSUSE:Factory/.wpa_supplicant.new (New)


Package is wpa_supplicant

Changes:

--- /work/SRC/openSUSE:Factory/wpa_supplicant/wpa_supplicant.changes
2015-04-22 01:12:08.0 +0200
+++ /work/SRC/openSUSE:Factory/.wpa_supplicant.new/wpa_supplicant.changes   
2015-04-27 12:58:30.0 +0200
@@ -1,0 +2,9 @@
+Thu Apr 23 19:49:28 UTC 2015 - crrodrig...@opensuse.org
+
+- 0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch 
+  Fix CVE-2015-1863, memcpy overflow.
+- wpa_supplicant-alloc_size.patch: annotate two wrappers
+  with attribute alloc_size, which may help warning us of
+  bugs such as the above.
+
+---

New:

  0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch
  wpa_supplicant-alloc_size.patch



Other differences:
--
++ wpa_supplicant.spec ++
--- /var/tmp/diff_new_pack.Q8sCwr/_old  2015-04-27 12:58:31.0 +0200
+++ /var/tmp/diff_new_pack.Q8sCwr/_new  2015-04-27 12:58:31.0 +0200
@@ -47,6 +47,8 @@
 # wpa_supplicant-sigusr1-changes-debuglevel.patch won't go upstream as it
 # is not portable
 Patch2: wpa_supplicant-sigusr1-changes-debuglevel.patch
+Patch3: 0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch
+Patch4: wpa_supplicant-alloc_size.patch
 BuildRoot:  %{_tmppath}/%{name}-%{version}-build
 Requires:   logrotate
 %if ! %{defined _rundir}
@@ -84,7 +86,8 @@
 cp %{SOURCE1} wpa_supplicant/.config
 %patch1 -p0
 %patch2 -p1
-
+%patch3 -p1
+%patch4 -p1
 %build
 cd wpa_supplicant
 CFLAGS=$RPM_OPT_FLAGS make V=1 %{?_smp_mflags}

++ 0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch ++
From 9ed4eee345f85e3025c33c6e20aa25696e341ccd Mon Sep 17 00:00:00 2001
From: Jouni Malinen jo...@qca.qualcomm.com
Date: Tue, 7 Apr 2015 11:32:11 +0300
Subject: [PATCH] P2P: Validate SSID element length before copying it
 (CVE-2015-1863)

This fixes a possible memcpy overflow for P2P dev-oper_ssid in
p2p_add_device(). The length provided by the peer device (0..255 bytes)
was used without proper bounds checking and that could have resulted in
arbitrary data of up to 223 bytes being written beyond the end of the
dev-oper_ssid[] array (of which about 150 bytes would be beyond the
heap allocation) when processing a corrupted management frame for P2P
peer discovery purposes.

This could result in corrupted state in heap, unexpected program
behavior due to corrupted P2P peer device information, denial of service
due to process crash, exposure of memory contents during GO Negotiation,
and potentially arbitrary code execution.

Thanks to Google security team for reporting this issue and smart
hardware research group of Alibaba security team for discovering it.

Signed-off-by: Jouni Malinen jo...@qca.qualcomm.com
---
 src/p2p/p2p.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/p2p/p2p.c b/src/p2p/p2p.c
index f584fae..a45fe73 100644
--- a/src/p2p/p2p.c
+++ b/src/p2p/p2p.c
@@ -778,6 +778,7 @@ int p2p_add_device(struct p2p_data *p2p, const u8 *addr, 
int freq,
if (os_memcmp(addr, p2p_dev_addr, ETH_ALEN) != 0)
os_memcpy(dev-interface_addr, addr, ETH_ALEN);
if (msg.ssid 
+   msg.ssid[1] = sizeof(dev-oper_ssid) 
(msg.ssid[1] != P2P_WILDCARD_SSID_LEN ||
 os_memcmp(msg.ssid + 2, P2P_WILDCARD_SSID, P2P_WILDCARD_SSID_LEN)
 != 0)) {
-- 
1.9.1

++ wpa_supplicant-alloc_size.patch ++
--- wpa_supplicant-2.4.orig/src/utils/os.h
+++ wpa_supplicant-2.4/src/utils/os.h
@@ -253,7 +253,7 @@ int os_file_exists(const char *fname);
  *
  * Caller is responsible for freeing the returned buffer with os_free().
  */
-void * os_zalloc(size_t size);
+void * os_zalloc(size_t size) __attribute((malloc, alloc_size(1)));
 
 /**
  * os_calloc - Allocate and zero memory for an array
@@ -267,6 +267,8 @@ void * os_zalloc(size_t size);
  *
  * Caller is responsible for freeing the returned buffer with os_free().
  */
+
+__attribute((malloc, alloc_size(1,2)))
 static inline void * os_calloc(size_t nmemb, size_t size)
 {
if (size  nmemb  (~(size_t) 0) / size)

commit wpa_supplicant for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package wpa_supplicant for openSUSE:Factory 
checked in at 2015-04-22 01:12:07

Comparing /work/SRC/openSUSE:Factory/wpa_supplicant (Old)
 and  /work/SRC/openSUSE:Factory/.wpa_supplicant.new (New)


Package is wpa_supplicant

Changes:

--- /work/SRC/openSUSE:Factory/wpa_supplicant/wpa_supplicant.changes
2014-10-25 08:32:31.0 +0200
+++ /work/SRC/openSUSE:Factory/.wpa_supplicant.new/wpa_supplicant.changes   
2015-04-22 01:12:08.0 +0200
@@ -1,0 +2,87 @@
+Fri Apr 10 23:05:28 UTC 2015 - stefan.bru...@rwth-aachen.de
+
+- Delete wpa_priv and eapol_test man pages, these are disabled in config
+- Move wpa_gui man page to gui package
+
+---
+Thu Apr  2 01:02:11 UTC 2015 - stefan.bru...@rwth-aachen.de
+
+- Update to 2.4
+  * allow OpenSSL cipher configuration to be set for internal EAP server
+(openssl_ciphers parameter)
+  * fixed number of small issues based on hwsim test case failures and
+static analyzer reports
+  * P2P:
+- add new=0/1 flag to P2P-DEVICE-FOUND events
+- add passive channels in invitation response from P2P Client
+- enable nl80211 P2P_DEVICE support by default
+- fix regresssion in disallow_freq preventing search on social
+  channels
+- fix regressions in P2P SD query processing
+- try to re-invite with social operating channel if no common channels
+  in invitation
+- allow cross connection on parent interface (this fixes number of
+  use cases with nl80211)
+- add support for P2P services (P2PS)
+- add p2p_go_ctwindow configuration parameter to allow GO CTWindow to
+  be configured
+  * increase postponing of EAPOL-Start by one second with AP/GO that
+supports WPS 2.0 (this makes it less likely to trigger extra roundtrip
+of identity frames)
+  * add support for PMKSA caching with SAE
+  * add support for control mesh BSS (IEEE 802.11s) operations
+  * fixed number of issues with D-Bus P2P commands
+  * fixed regression in ap_scan=2 special case for WPS
+  * fixed macsec_validate configuration
+  * add a workaround for incorrectly behaving APs that try to use
+EAPOL-Key descriptor version 3 when the station supports PMF even if
+PMF is not enabled on the AP
+  * allow TLS v1.1 and v1.2 to be negotiated by default; previous behavior
+of disabling these can be configured to work around issues with broken
+servers with phase1=tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1
+  * add support for Suite B (128-bit and 192-bit level) key management and
+cipher suites
+  * add WMM-AC support (WMM_AC_ADDTS/WMM_AC_DELTS)
+  * improved BSS Transition Management processing
+  * add support for neighbor report
+  * add support for link measurement
+  * fixed expiration of BSS entry with all-zeros BSSID
+  * add optional LAST_ID=x argument to LIST_NETWORK to allow all
+configured networks to be listed even with huge number of network
+profiles
+  * add support for EAP Re-Authentication Protocol (ERP)
+  * fixed EAP-IKEv2 fragmentation reassembly
+  * improved PKCS#11 configuration for OpenSSL
+  * set stdout to be line-buffered
+  * add TDLS channel switch configuration
+  * add support for MAC address randomization in scans with nl80211
+  * enable HT for IBSS if supported by the driver
+  * add BSSID black and white lists (bssid_blacklist, bssid_whitelist)
+  * add support for domain_suffix_match with GnuTLS
+  * add OCSP stapling client support with GnuTLS
+  * include peer certificate in EAP events even without a separate probe
+operation; old behavior can be restored with cert_in_cb=0
+  * add peer ceritficate alt subject name to EAP events
+(CTRL-EVENT-EAP-PEER-ALT)
+  * add domain_match network profile parameter (similar to
+domain_suffix_match, but full match is required)
+  * enable AP/GO mode HT Tx STBC automatically based on driver support
+  * add ANQP-QUERY-DONE event to provide information on ANQP parsing
+status
+  * allow passive scanning to be forced with passive_scan=1
+  * add a workaround for Linux packet socket behavior when interface is in
+bridge
+  * increase 5 GHz band preference in BSS selection (estimate SNR, if info
+not available from driver; estimate maximum throughput based on common
+HT/VHT/specific TX rate support)
+  * add INTERWORKING_ADD_NETWORK ctrl_iface command; this can be used to
+implement Interworking network selection behavior in upper layers
+software components
+  * add optional reassoc_same_bss_optim=1 (disabled by default)
+optimization to avoid unnecessary Authentication frame exchange
+  * extend TDLS frame padding workaround to cover all packets
+  * allow wpa_supplicant to recover nl80211 functionality if the cfg80211
+module gets 

commit wpa_supplicant for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package wpa_supplicant for openSUSE:Factory 
checked in at 2014-10-25 08:32:27

Comparing /work/SRC/openSUSE:Factory/wpa_supplicant (Old)
 and  /work/SRC/openSUSE:Factory/.wpa_supplicant.new (New)


Package is wpa_supplicant

Changes:

--- /work/SRC/openSUSE:Factory/wpa_supplicant/wpa_supplicant.changes
2014-09-20 07:26:40.0 +0200
+++ /work/SRC/openSUSE:Factory/.wpa_supplicant.new/wpa_supplicant.changes   
2014-10-25 08:32:31.0 +0200
@@ -1,0 +2,68 @@
+Sat Oct 18 21:08:01 UTC 2014 - stefan.bru...@rwth-aachen.de
+
+- Update to 2.3
+  * fixed number of minor issues identified in static analyzer warnings
+  * fixed wfd_dev_info to be more careful and not read beyond the buffer
+when parsing invalid information for P2P-DEVICE-FOUND
+  * extended P2P and GAS query operations to support drivers that have
+maximum remain-on-channel time below 1000 ms (500 ms is the current
+minimum supported value)
+  * added p2p_search_delay parameter to make the default p2p_find delay
+configurable
+  * improved P2P operating channel selection for various multi-channel
+concurrency cases
+  * fixed some TDLS failure cases to clean up driver state
+  * fixed dynamic interface addition cases with nl80211 to avoid adding
+ifindex values to incorrect interface to skip foreign interface events
+properly
+  * added TDLS workaround for some APs that may add extra data to the
+end of a short frame
+  * fixed EAP-AKA' message parser with multiple AT_KDF attributes
+  * added configuration option (p2p_passphrase_len) to allow longer
+passphrases to be generated for P2P groups
+  * fixed IBSS channel configuration in some corner cases
+  * improved HT/VHT/QoS parameter setup for TDLS
+  * modified D-Bus interface for P2P peers/groups
+  * started to use constant time comparison for various password and hash
+values to reduce possibility of any externally measurable timing
+differences
+  * extended explicit clearing of freed memory and expired keys to avoid
+keeping private data in memory longer than necessary
+  * added optional scan_id parameter to the SCAN command to allow manual
+scan requests for active scans for specific configured SSIDs
+  * fixed CTRL-EVENT-REGDOM-CHANGE event init parameter value
+  * added option to set Hotspot 2.0 Rel 2 update_identifier in network
+configuration to support external configuration
+  * modified Android PNO functionality to send Probe Request frames only
+for hidden SSIDs (based on scan_ssid=1)
+  * added generic mechanism for adding vendor elements into frames at
+runtime (VENDOR_ELEM_ADD, VENDOR_ELEM_GET, VENDOR_ELEM_REMOVE)
+  * added fields to show unrecognized vendor elements in P2P_PEER
+  * removed EAP-TTLS/MSCHAPv2 interoperability workaround so that
+MS-CHAP2-Success is required to be present regardless of
+eap_workaround configuration
+  * modified EAP fast session resumption to allow results to be used only
+with the same network block that generated them
+  * extended freq_list configuration to apply for sched_scan as well as
+normal scan
+  * modified WPS to merge mixed-WPA/WPA2 credentials from a single session
+  * fixed nl80211/RTM_DELLINK processing when a P2P GO interface is
+removed from a bridge
+  * fixed number of small P2P issues to make negotiations more robust in
+corner cases
+  * added experimental support for using temporary, random local MAC
+address (mac_addr and preassoc_mac_addr parameters); this is disabled
+by default (i.e., previous behavior of using permanent address is
+maintained if configuration is not changed)
+  * added D-Bus interface for setting/clearing WFD IEs
+  * fixed TDLS AID configuration for VHT
+  * modified -mconf configuration file to be used only for the P2P
+non-netdev management device and do not load this for the default
+station interface or load the station interface configuration for
+the P2P management interface
+  * fixed external MAC address changes while wpa_supplicant is running
+  * started to enable HT (if supported by the driver) for IBSS
+  * fixed wpa_cli action script execution to use more robust mechanism
+(CVE-2014-3686)
+
+---

Old:

  wpa_supplicant-2.2.tar.gz

New:

  wpa_supplicant-2.3.tar.gz



Other differences:
--
++ wpa_supplicant.spec ++
--- /var/tmp/diff_new_pack.qTS2qu/_old  2014-10-25 08:32:32.0 +0200
+++ /var/tmp/diff_new_pack.qTS2qu/_new  2014-10-25 08:32:32.0 +0200
@@ -29,7 +29,7 @@
 %endif
 BuildRequires:  libnl3-devel
 Url:http://hostap.epitest.fi/wpa_supplicant/
-Version: 

commit wpa_supplicant for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package wpa_supplicant for openSUSE:Factory 
checked in at 2014-09-20 07:26:38

Comparing /work/SRC/openSUSE:Factory/wpa_supplicant (Old)
 and  /work/SRC/openSUSE:Factory/.wpa_supplicant.new (New)


Package is wpa_supplicant

Changes:

--- /work/SRC/openSUSE:Factory/wpa_supplicant/wpa_supplicant.changes
2014-08-25 11:03:14.0 +0200
+++ /work/SRC/openSUSE:Factory/.wpa_supplicant.new/wpa_supplicant.changes   
2014-09-20 07:26:40.0 +0200
@@ -1,0 +2,5 @@
+Thu Sep 18 12:32:57 UTC 2014 - sch...@suse.de
+
+- Avoid spurious dependency on /usr/bin/python due to executable doc files
+
+---



Other differences:
--
++ wpa_supplicant.spec ++
--- /var/tmp/diff_new_pack.scqHz5/_old  2014-09-20 07:26:41.0 +0200
+++ /var/tmp/diff_new_pack.scqHz5/_new  2014-09-20 07:26:41.0 +0200
@@ -115,6 +115,8 @@
 install -d %{buildroot}%{_unitdir}
 install -m 0644 %{SOURCE6} %{buildroot}%{_unitdir}
 %endif
+# avoid spurious dependency on /usr/bin/python
+chmod -x wpa_supplicant/examples/*.py
 
 %if 0%{?suse_version}  1230
 %pre

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

commit wpa_supplicant for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package wpa_supplicant for openSUSE:Factory 
checked in at 2014-08-25 11:02:52

Comparing /work/SRC/openSUSE:Factory/wpa_supplicant (Old)
 and  /work/SRC/openSUSE:Factory/.wpa_supplicant.new (New)


Package is wpa_supplicant

Changes:

--- /work/SRC/openSUSE:Factory/wpa_supplicant/wpa_supplicant.changes
2014-07-10 08:16:37.0 +0200
+++ /work/SRC/openSUSE:Factory/.wpa_supplicant.new/wpa_supplicant.changes   
2014-08-25 11:03:14.0 +0200
@@ -1,0 +2,5 @@
+Wed Aug 20 08:39:19 UTC 2014 - lnus...@suse.de
+
+- fix dbus systemd activation (bnc#892683)
+
+---



Other differences:
--
++ fi.epitest.hostap.WPASupplicant.service ++
--- /var/tmp/diff_new_pack.chrvOA/_old  2014-08-25 11:03:15.0 +0200
+++ /var/tmp/diff_new_pack.chrvOA/_new  2014-08-25 11:03:15.0 +0200
@@ -2,4 +2,4 @@
 Name=fi.epitest.hostap.WPASupplicant
 Exec=/usr/sbin/wpa_supplicant -c /etc/wpa_supplicant/wpa_supplicant.conf -u -f 
/var/log/wpa_supplicant.log
 User=root
-
+SystemdService=wpa_supplicant.service

++ fi.w1.wpa_supplicant1.service ++
--- /var/tmp/diff_new_pack.chrvOA/_old  2014-08-25 11:03:15.0 +0200
+++ /var/tmp/diff_new_pack.chrvOA/_new  2014-08-25 11:03:15.0 +0200
@@ -2,3 +2,4 @@
 Name=fi.w1.wpa_supplicant1
 Exec=/usr/sbin/wpa_supplicant -c /etc/wpa_supplicant/wpa_supplicant.conf -u -f 
/var/log/wpa_supplicant.log
 User=root
+SystemdService=wpa_supplicant.service

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

commit wpa_supplicant for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package wpa_supplicant for openSUSE:Factory 
checked in at 2014-07-10 08:16:33

Comparing /work/SRC/openSUSE:Factory/wpa_supplicant (Old)
 and  /work/SRC/openSUSE:Factory/.wpa_supplicant.new (New)


Package is wpa_supplicant

Changes:

--- /work/SRC/openSUSE:Factory/wpa_supplicant/wpa_supplicant.changes
2014-06-25 06:58:10.0 +0200
+++ /work/SRC/openSUSE:Factory/.wpa_supplicant.new/wpa_supplicant.changes   
2014-07-10 08:16:37.0 +0200
@@ -1,0 +2,5 @@
+Thu Jun 26 11:30:11 UTC 2014 - lnus...@suse.de
+
+- don't use systemctl enable in %post. Needs to be handled by presets.
+
+---



Other differences:
--
++ wpa_supplicant.spec ++
--- /var/tmp/diff_new_pack.0w9VwL/_old  2014-07-10 08:16:39.0 +0200
+++ /var/tmp/diff_new_pack.0w9VwL/_new  2014-07-10 08:16:39.0 +0200
@@ -122,7 +122,6 @@
 
 %post
 %service_add_post wpa_supplicant.service
-systemctl --quiet enable wpa_supplicant.service || :
 
 %preun
 %service_del_preun wpa_supplicant.service

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

commit wpa_supplicant for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package wpa_supplicant for openSUSE:Factory 
checked in at 2014-06-25 06:57:59

Comparing /work/SRC/openSUSE:Factory/wpa_supplicant (Old)
 and  /work/SRC/openSUSE:Factory/.wpa_supplicant.new (New)


Package is wpa_supplicant

Changes:

--- /work/SRC/openSUSE:Factory/wpa_supplicant/wpa_supplicant.changes
2014-06-19 13:08:29.0 +0200
+++ /work/SRC/openSUSE:Factory/.wpa_supplicant.new/wpa_supplicant.changes   
2014-06-25 06:58:10.0 +0200
@@ -1,0 +2,6 @@
+Thu Jun 19 07:34:35 UTC 2014 - g...@suse.com
+
+- Update the build config based on the new defconfig
+- Remove the libnl1 requirement. It's not supported.
+
+---



Other differences:
--
++ wpa_supplicant.spec ++
--- /var/tmp/diff_new_pack.qV3a44/_old  2014-06-25 06:58:11.0 +0200
+++ /var/tmp/diff_new_pack.qV3a44/_new  2014-06-25 06:58:11.0 +0200
@@ -27,12 +27,7 @@
 BuildRequires:  systemd-rpm-macros
 %systemd_requires
 %endif
-%if 0%{?suse_version}  1140
-BuildRequires:  libnl-1_1-devel
 BuildRequires:  libnl3-devel
-%else
-BuildRequires:  libnl-devel
-%endif
 Url:http://hostap.epitest.fi/wpa_supplicant/
 Version:2.2
 Release:0
@@ -87,9 +82,6 @@
 %setup -q -n wpa_supplicant-%{version}
 rm -rf wpa_supplicant-%{version}/patches
 cp %{SOURCE1} wpa_supplicant/.config
-%if 0%{?suse_version}  1140
-echo CONFIG_LIBNL32=y  wpa_supplicant/.config
-%endif
 %patch1 -p0
 %patch2 -p1
 

++ config ++
--- /var/tmp/diff_new_pack.qV3a44/_old  2014-06-25 06:58:11.0 +0200
+++ /var/tmp/diff_new_pack.qV3a44/_new  2014-06-25 06:58:11.0 +0200
@@ -20,63 +20,6 @@
 # used to fix build issues on such systems (krb5.h not found).
 #CFLAGS += -I/usr/include/kerberos
 
-# Example configuration for various cross-compilation platforms
-
- sveasoft (e.g., for Linksys WRT54G) ##
-#CC=mipsel-uclibc-gcc
-#CC=/opt/brcm/hndtools-mipsel-uclibc/bin/mipsel-uclibc-gcc
-#CFLAGS += -Os
-#CPPFLAGS += -I../src/include -I../../src/router/openssl/include
-#LIBS += -L/opt/brcm/hndtools-mipsel-uclibc-0.9.19/lib -lssl
-###
-
- openwrt (e.g., for Linksys WRT54G) ###
-#CC=mipsel-uclibc-gcc
-#CC=/opt/brcm/hndtools-mipsel-uclibc/bin/mipsel-uclibc-gcc
-#CFLAGS += -Os
-#CPPFLAGS=-I../src/include -I../openssl-0.9.7d/include \
-#  -I../WRT54GS/release/src/include
-#LIBS = -lssl
-###
-
-
-# Driver interface for Host AP driver
-CONFIG_DRIVER_HOSTAP=y
-
-# Driver interface for Agere driver
-#CONFIG_DRIVER_HERMES=y
-# Change include directories to match with the local setup
-#CFLAGS += -I../../hcf -I../../include -I../../include/hcf
-#CFLAGS += -I../../include/wireless
-
-# Driver interface for madwifi driver
-# Deprecated; use CONFIG_DRIVER_WEXT=y instead.
-#CONFIG_DRIVER_MADWIFI=y
-# Set include directory to the madwifi source tree
-#CFLAGS += -I../../madwifi
-
-# Driver interface for ndiswrapper
-# Deprecated; use CONFIG_DRIVER_WEXT=y instead.
-CONFIG_DRIVER_NDISWRAPPER=y
-
-# Driver interface for Atmel driver
-CONFIG_DRIVER_ATMEL=y
-
-# Driver interface for old Broadcom driver
-# Please note that the newer Broadcom driver (hybrid Linux driver) supports
-# Linux wireless extensions and does not need (or even work) with the old
-# driver wrapper. Use CONFIG_DRIVER_WEXT=y with that driver.
-#CONFIG_DRIVER_BROADCOM=y
-# Example path for wlioctl.h; change to match your configuration
-#CFLAGS += -I/opt/WRT54GS/release/src/include
-
-# Driver interface for Intel ipw2100/2200 driver
-# Deprecated; use CONFIG_DRIVER_WEXT=y instead.
-#CONFIG_DRIVER_IPW=y
-
-# Driver interface for Ralink driver
-#CONFIG_DRIVER_RALINK=y
-
 # Driver interface for generic Linux wireless extensions
 # Note: WEXT is deprecated in the current Linux kernel version and no new
 # functionality is added to it. nl80211-based interface is the new
@@ -88,6 +31,19 @@
 # Driver interface for Linux drivers using the nl80211 kernel interface
 CONFIG_DRIVER_NL80211=y
 
+# driver_nl80211.c requires libnl. If you are compiling it yourself
+# you may need to point hostapd to your version of libnl.
+#
+#CFLAGS += -I$path to libnl include files
+#LIBS += -L$path to libnl library files
+
+# Use libnl v2.0 (or 3.0) libraries.
+#CONFIG_LIBNL20=y
+
+# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
+CONFIG_LIBNL32=y
+
+
 # Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
 #CONFIG_DRIVER_BSD=y
 #CFLAGS += -I/usr/local/include
@@ -147,10 +103,9 @@

commit wpa_supplicant for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package wpa_supplicant for openSUSE:Factory 
checked in at 2014-06-19 13:08:27

Comparing /work/SRC/openSUSE:Factory/wpa_supplicant (Old)
 and  /work/SRC/openSUSE:Factory/.wpa_supplicant.new (New)


Package is wpa_supplicant

Changes:

--- /work/SRC/openSUSE:Factory/wpa_supplicant/wpa_supplicant.changes
2014-05-22 20:37:58.0 +0200
+++ /work/SRC/openSUSE:Factory/.wpa_supplicant.new/wpa_supplicant.changes   
2014-06-19 13:08:29.0 +0200
@@ -1,0 +2,57 @@
+Mon Jun 16 04:28:45 UTC 2014 - g...@suse.com
+
+- Update to 2.2
+  * added DFS indicator to get_capability freq
+  * added/fixed nl80211 functionality
+  * removed unused NFC_RX_HANDOVER_REQ and NFC_RX_HANDOVER_SEL
+control interface commands (the more generic
+NFC_REPORT_HANDOVER is now used)
+  * fixed MSCHAP UTF-8 to UCS-2 conversion for three-byte encoding
+  * P2P enhancements/fixes
+  * added phase1 network parameter options for disabling TLS v1.1
+and v1.2 to allow workarounds with misbehaving AAA servers
+  * Interworking/Hotspot 2.0 enhancements
+  * fixed TDLS interoperability issues with supported operating
+class in
+  * some deployed stations
+  * internal TLS implementation enhancements/fixes
+  * fixed PTK derivation for CCMP-256 and GCMP-256
+  * added reattach command for fast reassociate-back-to-same-BSS
+  * added get_capability tdls command
+  * D-Bus interface extensions/fixes
+  * fixed potential segmentation fault and memory leaks in WNM
+neighbor report processing
+  * EAP-pwd fixes
+  * added MACsec/IEEE Std 802.1X-2010 PAE implementation
+  * fixed a memory leak in SAE random number generation
+  * fixed EAPOL-Key exchange when GCMP is used with SHA256-based
+AKM
+  * added support for simultaneous authentication of equals (SAE)
+for stronger password-based authentication with WPA2-Personal
+  * improved P2P negotiation and group formation robustness
+  * improved P2P channel selection
+  * added nl80211 functionality
+- VHT configuration for nl80211
+- MFP (IEEE 802.11w) information for nl80211 command API
+- support split wiphy dump
+- FT (IEEE 802.11r) with driver-based SME
+- use advertised number of supported concurrent channels
+- QoS Mapping configuration
+  * improved TDLS negotiation robustness
+  * added 'SCAN TYPE=ONLY' ctrl_iface command to request manual
+scan without executing roaming/network re-selection on scan
+results
+  * added Session-Id derivation for EAP peer methods
+  * allow AP/Enrollee to be specified with BSSID instead of UUID
+for WPS ER operations
+  * changed the default driver interface from wext to nl80211 if
+both are included in the build
+  * added domain_suffix_match (and domain_suffix_match2 for Phase 2
+EAP-TLS) to specify additional constraint for the server
+certificate domain name
+  * added support for WPS+NFC updates and P2P+NFC
+- Drop wpa_supplicant-driver-wext-debug.patch and
+  wpa_supplicant-errormsg.patch: wext is deprecated
+- Enable AP mode, P2P, RSN IBSS, EAP FAST, EAP AKA, and WPS NFC
+
+---

Old:

  wpa_supplicant-2.0.tar.gz
  wpa_supplicant-driver-wext-debug.patch
  wpa_supplicant-errormsg.patch

New:

  wpa_supplicant-2.2.tar.gz



Other differences:
--
++ wpa_supplicant.spec ++
--- /var/tmp/diff_new_pack.eQZ1LI/_old  2014-06-19 13:08:30.0 +0200
+++ /var/tmp/diff_new_pack.eQZ1LI/_new  2014-06-19 13:08:30.0 +0200
@@ -34,7 +34,7 @@
 BuildRequires:  libnl-devel
 %endif
 Url:http://hostap.epitest.fi/wpa_supplicant/
-Version:2.0
+Version:2.2
 Release:0
 Summary:WPA supplicant implementation
 License:BSD-3-Clause and GPL-2.0+
@@ -46,14 +46,12 @@
 Source4:logrotate.wpa_supplicant
 Source5:fi.w1.wpa_supplicant1.service
 Source6:wpa_supplicant.service
-Patch0: wpa_supplicant-driver-wext-debug.patch
 # wpa_supplicant-flush-debug-output.patch won't go upstream as it might
 # change timings
 Patch1: wpa_supplicant-flush-debug-output.patch
 # wpa_supplicant-sigusr1-changes-debuglevel.patch won't go upstream as it
 # is not portable
 Patch2: wpa_supplicant-sigusr1-changes-debuglevel.patch
-Patch3: wpa_supplicant-errormsg.patch
 BuildRoot:  %{_tmppath}/%{name}-%{version}-build
 Requires:   logrotate
 %if ! %{defined _rundir}
@@ -92,10 +90,8 @@
 %if 0%{?suse_version}  1140
 echo CONFIG_LIBNL32=y  wpa_supplicant/.config
 %endif
-%patch0 -p0
 %patch1 -p0
-%patch2 -p0
-%patch3 -p0
+%patch2 -p1
 
 %build
 cd wpa_supplicant

++ config ++
--- /var/tmp/diff_new_pack.eQZ1LI/_old  2014-06-19 

commit wpa_supplicant for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package wpa_supplicant for openSUSE:Factory 
checked in at 2014-05-22 20:37:52

Comparing /work/SRC/openSUSE:Factory/wpa_supplicant (Old)
 and  /work/SRC/openSUSE:Factory/.wpa_supplicant.new (New)


Package is wpa_supplicant

Changes:

--- /work/SRC/openSUSE:Factory/wpa_supplicant/wpa_supplicant.changes
2013-09-11 13:24:50.0 +0200
+++ /work/SRC/openSUSE:Factory/.wpa_supplicant.new/wpa_supplicant.changes   
2014-05-22 20:37:58.0 +0200
@@ -1,0 +2,5 @@
+Thu May  8 11:18:08 CEST 2014 - r...@suse.de
+
+- use _rundir macro 
+
+---



Other differences:
--
++ wpa_supplicant.spec ++
--- /var/tmp/diff_new_pack.ZudmEK/_old  2014-05-22 20:37:59.0 +0200
+++ /var/tmp/diff_new_pack.ZudmEK/_new  2014-05-22 20:37:59.0 +0200
@@ -1,7 +1,7 @@
 #
 # spec file for package wpa_supplicant
 #
-# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -56,6 +56,9 @@
 Patch3: wpa_supplicant-errormsg.patch
 BuildRoot:  %{_tmppath}/%{name}-%{version}-build
 Requires:   logrotate
+%if ! %{defined _rundir}
+%define _rundir %{_localstatedir}/run
+%endif
 
 %description
 wpa_supplicant is an implementation of the WPA Supplicant component,
@@ -115,7 +118,7 @@
 install -m 0644 %{SOURCE5} %{buildroot}/%{_datadir}/dbus-1/system-services
 install -d %{buildroot}/%{_sysconfdir}/logrotate.d/
 install -m 644 %{SOURCE4} 
%{buildroot}/%{_sysconfdir}/logrotate.d/wpa_supplicant
-install -d %{buildroot}/%{_localstatedir}/run/%{name}
+install -d %{buildroot}/%{_rundir}/%{name}
 install -d %{buildroot}%{_mandir}/man{5,8}
 install -m 0644 wpa_supplicant/doc/docbook/*.8 %{buildroot}%{_mandir}/man8
 install -m 0644 wpa_supplicant/doc/docbook/*.5 %{buildroot}%{_mandir}/man5
@@ -150,9 +153,9 @@
 %{_datadir}/dbus-1/system-services
 %config %{_sysconfdir}/%{name}/%{name}.conf
 %config(noreplace) %{_sysconfdir}/logrotate.d/wpa_supplicant
-%dir %{_localstatedir}/run/%{name}
+%dir %{_rundir}/%{name}
 %if 0%{?suse_version}  1140
-%ghost %{_localstatedir}/run/%{name}
+%ghost %{_rundir}/%{name}
 %endif
 %if 0%{?suse_version}  1230
 %{_unitdir}/wpa_supplicant.service

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

commit wpa_supplicant for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package wpa_supplicant for openSUSE:Factory 
checked in at 2013-09-11 13:24:49

Comparing /work/SRC/openSUSE:Factory/wpa_supplicant (Old)
 and  /work/SRC/openSUSE:Factory/.wpa_supplicant.new (New)


Package is wpa_supplicant

Changes:

--- /work/SRC/openSUSE:Factory/wpa_supplicant/wpa_supplicant.changes
2013-04-26 12:37:31.0 +0200
+++ /work/SRC/openSUSE:Factory/.wpa_supplicant.new/wpa_supplicant.changes   
2013-09-11 13:24:50.0 +0200
@@ -1,0 +2,7 @@
+Mon Sep  9 09:18:17 UTC 2013 - fcro...@suse.com
+
+- Add systemd service file, to properly track wpa_supplicant in
+  its own systemd service (and not in dbus one).
+- Always enable systemd service, it is still dbus activated.
+
+---

New:

  wpa_supplicant.service



Other differences:
--
++ wpa_supplicant.spec ++
--- /var/tmp/diff_new_pack.HzOlSI/_old  2013-09-11 13:24:50.0 +0200
+++ /var/tmp/diff_new_pack.HzOlSI/_new  2013-09-11 13:24:50.0 +0200
@@ -23,6 +23,10 @@
 BuildRequires:  openssl-devel
 BuildRequires:  pkg-config
 BuildRequires:  readline-devel
+%if 0%{?suse_version}  1230
+BuildRequires:  systemd-rpm-macros
+%systemd_requires
+%endif
 %if 0%{?suse_version}  1140
 BuildRequires:  libnl-1_1-devel
 BuildRequires:  libnl3-devel
@@ -41,6 +45,7 @@
 Source3:fi.epitest.hostap.WPASupplicant.service
 Source4:logrotate.wpa_supplicant
 Source5:fi.w1.wpa_supplicant1.service
+Source6:wpa_supplicant.service
 Patch0: wpa_supplicant-driver-wext-debug.patch
 # wpa_supplicant-flush-debug-output.patch won't go upstream as it might
 # change timings
@@ -115,6 +120,25 @@
 install -m 0644 wpa_supplicant/doc/docbook/*.8 %{buildroot}%{_mandir}/man8
 install -m 0644 wpa_supplicant/doc/docbook/*.5 %{buildroot}%{_mandir}/man5
 install -m 755 wpa_supplicant/wpa_gui-qt4/wpa_gui %{buildroot}%{_sbindir}
+%if 0%{?suse_version}  1230
+install -d %{buildroot}%{_unitdir}
+install -m 0644 %{SOURCE6} %{buildroot}%{_unitdir}
+%endif
+
+%if 0%{?suse_version}  1230
+%pre
+%service_add_pre wpa_supplicant.service
+
+%post
+%service_add_post wpa_supplicant.service
+systemctl --quiet enable wpa_supplicant.service || :
+
+%preun
+%service_del_preun wpa_supplicant.service
+
+%postun
+%service_del_postun wpa_supplicant.service
+%endif
 
 %files
 %defattr(-,root,root)
@@ -130,6 +154,9 @@
 %if 0%{?suse_version}  1140
 %ghost %{_localstatedir}/run/%{name}
 %endif
+%if 0%{?suse_version}  1230
+%{_unitdir}/wpa_supplicant.service
+%endif
 %dir %{_sysconfdir}/%{name}
 %doc %{_mandir}/man8/*
 %doc %{_mandir}/man5/*

++ wpa_supplicant.service ++
[Unit]
Description=WPA Supplicant daemon
Before=network.target

[Service]
Type=dbus
BusName=fi.w1.wpa_supplicant1
ExecStart=/usr/sbin/wpa_supplicant -c /etc/wpa_supplicant/wpa_supplicant.conf 
-u -f /var/log/wpa_supplicant.log

[Install]
WantedBy=multi-user.target

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

commit wpa_supplicant for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package wpa_supplicant for openSUSE:Factory 
checked in at 2013-04-26 07:47:06

Comparing /work/SRC/openSUSE:Factory/wpa_supplicant (Old)
 and  /work/SRC/openSUSE:Factory/.wpa_supplicant.new (New)


Package is wpa_supplicant, Maintainer is g...@suse.com

Changes:

--- /work/SRC/openSUSE:Factory/wpa_supplicant/wpa_supplicant.changes
2012-12-19 14:51:19.0 +0100
+++ /work/SRC/openSUSE:Factory/.wpa_supplicant.new/wpa_supplicant.changes   
2013-04-26 07:47:11.0 +0200
@@ -1,0 +2,259 @@
+Wed Apr 24 03:48:27 UTC 2013 - g...@suse.com
+
+- Update to 2.0
+  * removed Qt3-based wpa_gui (obsoleted by wpa_qui-qt4)
+  * removed unmaintained driver wrappers broadcom, iphone, osx,
+ralink, hostap, madwifi (hostap and madwifi remain available
+for hostapd; their wpa_supplicant functionality is obsoleted
+by wext)
+  * improved debug logging (human readable event names, interface
+name included in more entries)
+  * changed AP mode behavior to enable WPS only for open and
+WPA/WPA2-Personal configuration
+  * improved P2P concurrency operations
+- better coordination of concurrent scan and P2P search
+  operations
+- avoid concurrent remain-on-channel operation requests by
+  canceling previous operations prior to starting a new one
+- reject operations that would require multi-channel
+  concurrency if the driver does not support it
+- add parameter to select whether STA or P2P connection is
+  preferred if the driver cannot support both at the same time
+- allow driver to indicate channel changes
+- added optional delay=search delay in milliseconds parameter
+  for p2p_find to avoid taking all radio resources
+- use 500 ms p2p_find search delay by default during concurrent
+  operations
+- allow all channels in GO Negotiation if the driver supports
+  multi-channel concurrency
+  * added number of small changes to make it easier for static
+analyzers to understand the implementation
+  * fixed number of small bugs (see git logs for more details)
+  * nl80211: number of updates to use new cfg80211/nl80211
+functionality
+- replace monitor interface with nl80211 commands for AP mode
+- additional information for driver-based AP SME
+- STA entry authorization in RSN IBSS
+  * EAP-pwd:
+- fixed KDF for group 21 and zero-padding
+- added support for fragmentation
+- increased maximum number of hunting-and-pecking iterations
+  * avoid excessive Probe Response retries for broadcast Probe
+Request frames (only with drivers using wpa_supplicant AP mode
+SME/MLME)
+  * added GET country ctrl_iface command
+  * do not save an invalid network block in wpa_supplicant.conf to
+avoid problems reading the file on next start
+  * send STA connected/disconnected ctrl_iface events to both the
+P2P group and parent interfaces
+  * added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
+  * added SET pno 1/0 ctrl_iface command to start/stop
+preferred network offload with sched_scan driver command
+  * merged in number of changes from Android repository for P2P,
+nl80211, and build parameters
+  * changed P2P GO mode configuration to use driver capabilities
+to automatically enable HT operations when supported
+  * added wpa_cli status wps command to fetch WPA2-Personal
+passhrase for WPS use cases in AP mode
+  * EAP-AKA: keep pseudonym identity across EAP exchanges to match
+EAP-SIM behavior
+  * improved reassociation behavior in cases where association is
+rejected or when an AP disconnects us to handle common load
+balancing mechanisms
+- try to avoid extra scans when the needed information is
+  available
+  * added optional join argument for p2p_prov_disc ctrl_iface
+command
+  * added group ifname to P2P-PROV-DISC-* events
+  * added P2P Device Address to AP-STA-DISCONNECTED event and use
+p2p_dev_addr parameter name with AP-STA-CONNECTED
+  * added workarounds for WPS PBC overlap detection for some P2P
+use cases where deployed stations work incorrectly
+  * optimize WPS connection speed by disconnecting prior to WPS
+scan and by using single channel scans when AP channel is
+known
+  * PCSC and SIM/USIM improvements:
+- accept 0x67 (Wrong length) as a response to READ RECORD to
+  fix issues with some USIM cards
+- try to read MNC length from SIM/USIM
+- build realm according to 3GPP TS 23.003 with identity from
+  the SIM
+- allow T1 protocol to be enabled
+  * added more WPS and P2P information available through D-Bus
+  * improve P2P negotiation robustness
+- extra waits to get ACK frames through
+- longer timeouts for cases where deployed devices have been
+  identified have 

commit wpa_supplicant for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package wpa_supplicant for openSUSE:Factory 
checked in at 2012-12-19 14:51:16

Comparing /work/SRC/openSUSE:Factory/wpa_supplicant (Old)
 and  /work/SRC/openSUSE:Factory/.wpa_supplicant.new (New)


Package is wpa_supplicant, Maintainer is g...@suse.com

Changes:

--- /work/SRC/openSUSE:Factory/wpa_supplicant/wpa_supplicant.changes
2012-05-15 17:42:49.0 +0200
+++ /work/SRC/openSUSE:Factory/.wpa_supplicant.new/wpa_supplicant.changes   
2012-12-19 14:51:19.0 +0100
@@ -1,0 +2,90 @@
+Tue Dec 11 10:16:40 UTC 2012 - g...@suse.com
+
+- Update to 1.1
+  * Fix EAPOL supplicant port authorization with PMKSA caching.
+  * Fix EAPOL processing when STA switches between multi-BSSes.
+  * Fix EAP-FAST with OpenSSL 1.0.1.
+  * EAP-pwd: Increase maximum number of hunting-and-pecking
+iterations, which results in less authentication attempts
+failing.
+  * Set state to DISCONNECTED on AP creation errors. Previously the
+supplicant would stay in SCANNING state forever.
+  * Fix REMOVE_NETWORK to not run operations with invalid
+current_ssid.
+  * EAP-SIM peer: Fix AT_COUNTER_TOO_SMALL use.
+  * Interworking: Fix PLMN matching with multiple entries to compare
+all entries, not just the first one.
+  * Handle long configuration file lines more gracefully.
+  * Fix adding extra IEs in sched scan.
+  * PMKSA: Set cur_pmksa pointer during initial association.
+  * PMKSA: Do not evict the active cache entry when adding new ones.
+  * Set state consistently to DISCONNECTED on auth/assoc failures.
+  * Fix BSSID enforcement with driver-based BSS selection. Set BSSID
+and channel when the network block has an explicit bssid
+parameter to select which BSS is to be used.
+  * wpa_gui: Fix compilation with gcc/g++ 4.7.
+  * EAP-AKA'
+- Update to RFC 5448 in the leading characters used in the
+  username. This will make EAP-AKA' not interoperate between the
+  earlier draft version and the new version.
+- Fix SIM/USIM determination to support EAP-AKA'.
+  * dbus:
+- Add global capabilities property.
+- Fix bss_expire_count getter, which was returning the wrong
+  value.
+- P2P: Remove network_object dictionary entry from signal
+  GroupStarted.
+- Fix D-Bus build without ctrl_iface.
+  * WPS:
+- Fix nonce comparisons to compare all bytes, not just the first
+  byte.
+- Fix NFC password token building with WPS 2.0 to avoid wpabuf
+  overflow and application abort if NFC out-of-band mechanism is
+  used with WPS 2.0 enabled.
+- Fix cleanup of WPS operations (by clearing them) in
+  WPA_SCANNING and WPA_DISCONNECTED states.
+- Fix issue with BSSID filter handling that could cause only a
+  single one of the available BSSes to be available or could
+  cause issues connecting.
+- Fix overlapping memcpy on WPS interface addition.
+  * P2P:
+- Remove channel 14 from supported P2P channels.
+- Fix Provision Discovery retries on delay in off channel
+  transmission, to avoid unnecessary retries.
+- Limit maximum number of stored P2P clients (the
+  p2p_client_list parameter) to 100.
+- Improve p2p_client_list updates in configuration file,
+  reording entries so that the most recently added values are
+  maintained in the list if the list gets truncated due to
+  size.
+- Fix Provision Discovery retries during p2p_find by making the
+  p2p_find case behave consistently with the limited retry
+  behavior used with Provision Discovery retries in the IDLE
+  state.
+- Fix P2P Client Discoverability bit updates so that the bit is
+  only updated based on P2P Group Info attribute from a GO.
+- Fix GO Negotiation race condition where both devices may
+  believe they are the GO. (Ignore unexpected GO Neg Response
+  if we have already sent GO Neg Response.)
+- Deinitialize global P2P context on P2P management interface
+  removal.
+- Wait 100 ms if driver fails to start listen operation. This
+  is a workaround for some drivers that may accept the
+  remain-on-channel command, but instead of indicating start
+  event for remain-on-channel, just indicate that the operation
+  has been cancelled immediately.
+- Clone max_sta_num parameter for group interfaces, allowing
+  this parameter set in the main config file to apply to
+  dynamically created P2P group interfaces.
+- Fix Device ID matching for Probe Request frames, which was
+  checking only the first octet of the P2P Device Address.
+- Do not update peer Listen channel based on PD Request
+  Invitation Request frames (just on Probe Response frames).
+- Fix p2p_listen to disallow scheduling a new after scan
+  operation in 

commit wpa_supplicant for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package wpa_supplicant for openSUSE:Factory 
checked in at 2012-05-15 17:42:46

Comparing /work/SRC/openSUSE:Factory/wpa_supplicant (Old)
 and  /work/SRC/openSUSE:Factory/.wpa_supplicant.new (New)


Package is wpa_supplicant, Maintainer is g...@suse.com

Changes:

--- /work/SRC/openSUSE:Factory/wpa_supplicant/wpa_supplicant.changes
2012-03-20 11:36:30.0 +0100
+++ /work/SRC/openSUSE:Factory/.wpa_supplicant.new/wpa_supplicant.changes   
2012-05-15 17:42:49.0 +0200
@@ -1,0 +2,118 @@
+Tue May 15 04:35:01 UTC 2012 - g...@suse.com
+
+- Update to 1.0
+* Delay STA entry removal until Deauth/Disassoc TX status
+  in AP mode. This allows the driver to use PS buffering of
+  Deauthentication and Disassociation frames when the STA
+  is in power save sleep. Only available with drivers that
+  provide TX status events for Deauth/Disassoc frames
+  (nl80211).
+* Drop oldest unknown BSS table entries first. This makes
+  it less likely to hit connection issues in environments
+  with huge number of visible APs.
+* Add systemd support.
+* Add support for setting the syslog facility from the
+  config file at build time.
+* atheros: Add support for IEEE 802.11w configuration.
+* AP mode: Allow enable HT20 if driver supports it, by
+  setting the config parameter ieee80211n.
+* Allow AP mode to disconnect STAs based on low ACK
+  condition (when the data connection is not working
+  properly, e.g., due to the STA going outside the range
+  of the AP).
+* nl80211:
+ - Support GTK rekey offload.
+ - Support PMKSA candidate events. This adds support for
+   RSN pre-authentication with nl80211 interface and
+   drivers that handle roaming internally.
+* Improved dbus interface
+* New wpa_cli commands to setup the scan interval and
+  to support P2P and WPS/WPS ER
+* AP mode: Add max_num_sta config option, which can be used
+  to limit the number of stations allowed to connect to the
+  AP.
+* wext: Increase scan timeout from 5 to 10 seconds.
+* Allow an external program to manage the BSS blacklist
+  and display its current contents.
+* WPS:
+  - Add wpa_cli wps_pin get command for generating random
+PINs. This can be used in a UI to generate a PIN
+without starting WPS (or P2P) operation.
+  - Set RF bands based on driver capabilities, instead of
+hardcoding them.
+  - Add mechanism for indicating non-standard WPS errors.
+  - Add wps_ap_pin cli command for wpa_supplicant AP mode.
+  - Add wps_check_pin cli command for processing PIN from
+user input. UIs can use this command to process a PIN
+entered by a user and to validate the checksum digit
+(if present).
+  - Cancel WPS operation on PBC session overlap detection.
+  - New wps_cancel command in wpa_cli will cancel a
+pending WPS operation.
+  - wpa_cli action: Add WPS_EVENT_SUCCESS and
+WPS_EVENT_FAIL handlers.
+  - Trigger WPS config update on Manufacturer, Model Name,
+Model Number, and Serial Number changes.
+  - Fragment size is now configurable for EAP-WSC peer.
+Use wpa_cli set wps_fragment_size val.
+  - Disable AP PIN after 10 consecutive failures. Slow down
+attacks on failures up to 10.
+  - Allow AP to start in Enrollee mode without AP PIN for
+probing, to be compatible with Windows 7.
+  - Add Config Error into WPS-FAIL events to provide more
+info to the user on how to resolve the issue.
+  - Label and Display config methods are not allowed to be
+enabled at the same time, since it is unclear which
+PIN to use if both methods are advertised.
+  - When controlling multiple interfaces:
+- apply WPS commands to all interfaces configured to
+  use WPS
+- apply WPS config changes to all interfaces that use
+  WPS
+- when an attack is detected on any interface, disable
+  AP PIN on all interfaces
+* WPS ER:
+  - Add special AP Setup Locked mode to allow read only ER.
+  - Show SetSelectedRegistrar events as ctrl_iface events
+  - Add wps_er_set_config to enroll a network based on a
+local network configuration block instead of having to
+(re-)learn the current AP settings with wps_er_learn.
+  - Allow AP filtering based on IP address, add 

commit wpa_supplicant for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package wpa_supplicant for openSUSE:Factory 
checked in at 2012-03-20 11:36:28

Comparing /work/SRC/openSUSE:Factory/wpa_supplicant (Old)
 and  /work/SRC/openSUSE:Factory/.wpa_supplicant.new (New)


Package is wpa_supplicant, Maintainer is g...@suse.com

Changes:

--- /work/SRC/openSUSE:Factory/wpa_supplicant/wpa_supplicant.changes
2012-01-10 14:51:40.0 +0100
+++ /work/SRC/openSUSE:Factory/.wpa_supplicant.new/wpa_supplicant.changes   
2012-03-20 11:36:30.0 +0100
@@ -1,0 +2,5 @@
+Sat Mar 17 22:30:51 UTC 2012 - dims...@opensuse.org
+
+- Add wpa_supplicant-gcc47.patch: Fix build with gcc 4.7.
+
+---

New:

  wpa_supplicant-gcc47.patch



Other differences:
--
++ wpa_supplicant.spec ++
--- /var/tmp/diff_new_pack.F1XdSW/_old  2012-03-20 11:36:34.0 +0100
+++ /var/tmp/diff_new_pack.F1XdSW/_new  2012-03-20 11:36:34.0 +0100
@@ -15,11 +15,14 @@
 # Please submit bugfixes or comments via http://bugs.opensuse.org/
 #
 
-# norootforbuild
-
 
 Name:   wpa_supplicant
-BuildRequires:  dbus-1-devel libqt4 libqt4-devel openssl-devel pkg-config 
readline-devel
+BuildRequires:  dbus-1-devel
+BuildRequires:  libqt4
+BuildRequires:  libqt4-devel
+BuildRequires:  openssl-devel
+BuildRequires:  pkg-config
+BuildRequires:  readline-devel
 %if 0%{?suse_version}  1140
 BuildRequires:  libnl-1_1-devel
 %else
@@ -27,10 +30,10 @@
 %endif
 Url:http://hostap.epitest.fi/wpa_supplicant/
 Version:0.7.3
-Release:6
+Release:0
+Summary:WPA supplicant implementation
 License:BSD-3-Clause ; GPL-2.0+
 Group:  Productivity/Networking/Other
-Summary:WPA supplicant implementation
 Source: 
http://hostap.epitest.fi/releases/wpa_supplicant-%{version}.tar.bz2
 Source1:config
 Source2:%{name}.conf
@@ -49,6 +52,8 @@
 Patch5: wpa_supplicant-dbus-events.patch
 # PATCH-FIX-UPSTREAM wpa_supplicant-probed-cert-dbus-signal.patch bnc#574266 
g...@suse.com -- emit a D-Bus signal when the AP returned the certificate of 
the RADIUS server
 Patch6: wpa_supplicant-probed-cert-dbus-signal.patch
+# PATCH-FIX-UPSTREAM wpa_supplicant-gcc47.patch dims...@opensuse.org -- Fix 
build with gcc 4.7.
+Patch7: wpa_supplicant-gcc47.patch
 BuildRoot:  %{_tmppath}/%{name}-%{version}-build
 Requires:   logrotate
 
@@ -64,10 +69,9 @@
 Jouni Malinen jkmal...@cc.hut.fi
 
 %package gui
-License:BSD-3-Clause ; GPL-2.0+
 Summary:WPA supplicant graphical front-end
-Requires:   wpa_supplicant
 Group:  System/Monitoring
+Requires:   wpa_supplicant
 
 %description gui
 This package contains a graphical front-end to wpa_supplicant, an
@@ -88,6 +92,7 @@
 %patch4 -p0
 %patch5 -p1
 %patch6 -p1
+%patch7 -p1
 
 %build
 cd wpa_supplicant

++ wpa_supplicant-gcc47.patch ++
Only in wpa_supplicant-0.7.3/wpa_supplicant/wpa_gui-qt4/.obj: 
moc_networkconfig.o
Only in wpa_supplicant-0.7.3/wpa_supplicant/wpa_gui-qt4/.obj: moc_peers.o
Only in wpa_supplicant-0.7.3/wpa_supplicant/wpa_gui-qt4/.obj: moc_scanresults.o
Only in wpa_supplicant-0.7.3/wpa_supplicant/wpa_gui-qt4/.obj: 
moc_userdatarequest.o
Only in wpa_supplicant-0.7.3/wpa_supplicant/wpa_gui-qt4/.obj: moc_wpagui.o
Only in wpa_supplicant-0.7.3/wpa_supplicant/wpa_gui-qt4/.obj: wpagui.o
Only in wpa_supplicant-0.7.3/wpa_supplicant/wpa_gui-qt4: wpa_gui
diff -ur -p wpa_supplicant-0.7.3.orig/wpa_supplicant/wpa_gui-qt4/wpagui.cpp 
wpa_supplicant-0.7.3/wpa_supplicant/wpa_gui-qt4/wpagui.cpp
--- wpa_supplicant-0.7.3.orig/wpa_supplicant/wpa_gui-qt4/wpagui.cpp 
2010-09-07 15:43:39.0 +
+++ wpa_supplicant-0.7.3/wpa_supplicant/wpa_gui-qt4/wpagui.cpp  2012-03-17 
22:27:50.791658139 +
@@ -12,10 +12,8 @@
  * See README and COPYING for more details.
  */
 
-#ifdef __MINGW32__
 /* Need to get getopt() */
 #include unistd.h
-#endif
 
 #ifdef CONFIG_NATIVE_WINDOWS
 #include windows.h
-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

commit wpa_supplicant for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package wpa_supplicant for openSUSE:Factory 
checked in at 2012-01-10 14:51:38

Comparing /work/SRC/openSUSE:Factory/wpa_supplicant (Old)
 and  /work/SRC/openSUSE:Factory/.wpa_supplicant.new (New)


Package is wpa_supplicant, Maintainer is g...@suse.com

Changes:

--- /work/SRC/openSUSE:Factory/wpa_supplicant/wpa_supplicant.changes
2011-10-11 17:06:33.0 +0200
+++ /work/SRC/openSUSE:Factory/.wpa_supplicant.new/wpa_supplicant.changes   
2012-01-10 14:51:40.0 +0100
@@ -1,0 +2,7 @@
+Tue Jan 10 08:08:15 UTC 2012 - g...@suse.com
+
+- Add wpa_supplicant-probed-cert-dbus-signal.patch to emit a D-Bus
+  signal when the AP returned the certificate of the RADIUS server
+  (bnc#574266)
+
+---

New:

  wpa_supplicant-probed-cert-dbus-signal.patch



Other differences:
--
++ wpa_supplicant.spec ++
--- /var/tmp/diff_new_pack.7j8EBa/_old  2012-01-10 14:51:41.0 +0100
+++ /var/tmp/diff_new_pack.7j8EBa/_new  2012-01-10 14:51:41.0 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package wpa_supplicant
 #
-# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -47,6 +47,8 @@
 Patch4: wpa_supplicant-errormsg.patch
 # PATCH-FIX-UPSTREAM wpa_supplicant-dbus-events.patch dims...@opensuse.org -- 
dbus: Emit property changed events when adding/removing BSSes, taken from git.
 Patch5: wpa_supplicant-dbus-events.patch
+# PATCH-FIX-UPSTREAM wpa_supplicant-probed-cert-dbus-signal.patch bnc#574266 
g...@suse.com -- emit a D-Bus signal when the AP returned the certificate of 
the RADIUS server
+Patch6: wpa_supplicant-probed-cert-dbus-signal.patch
 BuildRoot:  %{_tmppath}/%{name}-%{version}-build
 Requires:   logrotate
 
@@ -85,6 +87,7 @@
 %patch2 -p0
 %patch4 -p0
 %patch5 -p1
+%patch6 -p1
 
 %build
 cd wpa_supplicant

++ wpa_supplicant-probed-cert-dbus-signal.patch ++
commit ade74830b45466abb41b8e8dbc2f595d8bacb793
Author: Michael Chang mch...@novell.com
Date:   Tue Jul 5 12:22:32 2011 +0300

Add dbus signal for information about server certification

In general, this patch attemps to extend commit
00468b4650998144f794762206c695c962c54734 with dbus support.

This can be used by dbus client to implement subject match text
entry with preset value probed from server. This preset value, if
user accepts it, is remembered and passed to subject_match config
for any future authentication.

Signed-off-by: Michael Chang mch...@novell.com

Index: wpa_supplicant-0.7.3/src/eap_peer/eap.c
===
--- wpa_supplicant-0.7.3.orig/src/eap_peer/eap.c
+++ wpa_supplicant-0.7.3/src/eap_peer/eap.c
@@ -1206,6 +1206,13 @@ static void eap_peer_sm_tls_event(void *
 data-peer_cert.subject,
 cert_hex);
}
+   if (sm-eapol_cb-notify_cert) {
+   sm-eapol_cb-notify_cert(sm-eapol_ctx,
+ data-peer_cert.depth,
+ data-peer_cert.subject,
+ hash_hex,
+ data-peer_cert.cert);
+   }
break;
}
 
Index: wpa_supplicant-0.7.3/src/eap_peer/eap.h
===
--- wpa_supplicant-0.7.3.orig/src/eap_peer/eap.h
+++ wpa_supplicant-0.7.3/src/eap_peer/eap.h
@@ -221,6 +221,17 @@ struct eapol_callbacks {
 */
void (*eap_param_needed)(void *ctx, const char *field,
 const char *txt);
+
+   /**
+* notify_cert - Notification of a peer certificate
+* @ctx: eapol_ctx from eap_peer_sm_init() call
+* @depth: Depth in certificate chain (0 = server)
+* @subject: Subject of the peer certificate
+* @cert_hash: SHA-256 hash of the certificate
+* @cert: Peer certificate
+*/
+   void (*notify_cert)(void *ctx, int depth, const char *subject,
+   const char *cert_hash, const struct wpabuf *cert);
 };
 
 /**
Index: wpa_supplicant-0.7.3/src/eapol_supp/eapol_supp_sm.c
===
--- wpa_supplicant-0.7.3.orig/src/eapol_supp/eapol_supp_sm.c
+++ 

commit wpa_supplicant for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package wpa_supplicant for openSUSE:Factory 
checked in at 2011-12-06 19:13:17

Comparing /work/SRC/openSUSE:Factory/wpa_supplicant (Old)
 and  /work/SRC/openSUSE:Factory/.wpa_supplicant.new (New)


Package is wpa_supplicant, Maintainer is g...@suse.com

Changes:




Other differences:
--
++ wpa_supplicant.spec ++
--- /var/tmp/diff_new_pack.BQRIxI/_old  2011-12-06 19:53:04.0 +0100
+++ /var/tmp/diff_new_pack.BQRIxI/_new  2011-12-06 19:53:04.0 +0100
@@ -28,7 +28,7 @@
 Url:http://hostap.epitest.fi/wpa_supplicant/
 Version:0.7.3
 Release:6
-License:BSD3c(or similar) ; GPLv2+
+License:BSD-3-Clause ; GPL-2.0+
 Group:  Productivity/Networking/Other
 Summary:WPA supplicant implementation
 Source: 
http://hostap.epitest.fi/releases/wpa_supplicant-%{version}.tar.bz2
@@ -62,7 +62,7 @@
 Jouni Malinen jkmal...@cc.hut.fi
 
 %package gui
-License:BSD3c(or similar) ; GPLv2+
+License:BSD-3-Clause ; GPL-2.0+
 Summary:WPA supplicant graphical front-end
 Requires:   wpa_supplicant
 Group:  System/Monitoring

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

commit wpa_supplicant for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package wpa_supplicant for openSUSE:Factory
checked in at Tue Oct 11 17:06:32 CEST 2011.




--- openSUSE:Factory/wpa_supplicant/wpa_supplicant.changes  2011-09-23 
12:50:45.0 +0200
+++ /mounts/work_src_done/STABLE/wpa_supplicant/wpa_supplicant.changes  
2011-10-10 16:05:21.0 +0200
@@ -1,0 +2,9 @@
+Mon Oct 10 13:28:43 UTC 2011 - lnus...@suse.de
+
+- use same exec line in fi.w1.wpa_supplicant1.service as in
+  fi.epitest.hostap.WPASupplicant.service
+- fix build on older distros
+- fix not using RPM_OPT_FLAGS
+- use %_smp_mflags
+
+---

calling whatdependson for head-i586




Other differences:
--
++ wpa_supplicant.spec ++
--- /var/tmp/diff_new_pack.wgs9Bb/_old  2011-10-11 17:06:26.0 +0200
+++ /var/tmp/diff_new_pack.wgs9Bb/_new  2011-10-11 17:06:26.0 +0200
@@ -19,7 +19,12 @@
 
 
 Name:   wpa_supplicant
-BuildRequires:  dbus-1-devel libnl-1_1-devel libqt4 libqt4-devel openssl-devel 
pkg-config readline-devel
+BuildRequires:  dbus-1-devel libqt4 libqt4-devel openssl-devel pkg-config 
readline-devel
+%if 0%{?suse_version}  1140
+BuildRequires:  libnl-1_1-devel
+%else
+BuildRequires:  libnl-devel
+%endif
 Url:http://hostap.epitest.fi/wpa_supplicant/
 Version:0.7.3
 Release:6
@@ -83,10 +88,10 @@
 
 %build
 cd wpa_supplicant
-CFLAGS=$RPM_OPT_FLAGS make %{?jobs:-j%jobs} 
+CFLAGS=$RPM_OPT_FLAGS make V=1 %{?_smp_mflags}
 cd wpa_gui-qt4
-qmake QMAKE_CXXFLAGS=$RPM_OPT_FLAGS
-make %{?jobs:-j%jobs}
+qmake QMAKE_CXXFLAGS=$RPM_OPT_FLAGS QMAKE_CFLAGS=$RPM_OPT_FLAGS
+make %{?_smp_mflags}
 
 %install
 install -d %{buildroot}/%{_sbindir}

++ fi.w1.wpa_supplicant1.service ++
--- /var/tmp/diff_new_pack.wgs9Bb/_old  2011-10-11 17:06:26.0 +0200
+++ /var/tmp/diff_new_pack.wgs9Bb/_new  2011-10-11 17:06:26.0 +0200
@@ -1,4 +1,4 @@
 [D-BUS Service]
 Name=fi.w1.wpa_supplicant1
-Exec=/usr/sbin/wpa_supplicant -u
+Exec=/usr/sbin/wpa_supplicant -c /etc/wpa_supplicant/wpa_supplicant.conf -u -f 
/var/log/wpa_supplicant.log
 User=root

continue with q...



Remember to have fun...

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

commit wpa_supplicant for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package wpa_supplicant for openSUSE:Factory
checked in at Mon Sep 19 18:08:18 CEST 2011.




--- wpa_supplicant/wpa_supplicant.changes   2011-08-31 13:48:54.0 
+0200
+++ wpa_supplicant/wpa_supplicant.changes   2011-09-16 14:21:53.0 
+0200
@@ -1,0 +2,5 @@
+Fri Sep 16 12:02:37 UTC 2011 - jeng...@medozas.de
+
+- Select libnl-1_1-devel
+
+---

calling whatdependson for head-i586




Other differences:
--
++ wpa_supplicant.spec ++
--- /var/tmp/diff_new_pack.dHncaB/_old  2011-09-19 18:08:14.0 +0200
+++ /var/tmp/diff_new_pack.dHncaB/_new  2011-09-19 18:08:14.0 +0200
@@ -19,7 +19,7 @@
 
 
 Name:   wpa_supplicant
-BuildRequires:  dbus-1-devel libnl-devel libqt4 libqt4-devel openssl-devel 
pkg-config readline-devel
+BuildRequires:  dbus-1-devel libnl-1_1-devel libqt4 libqt4-devel openssl-devel 
pkg-config readline-devel
 Url:http://hostap.epitest.fi/wpa_supplicant/
 Version:0.7.3
 Release:6






Remember to have fun...

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

commit wpa_supplicant for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package wpa_supplicant for openSUSE:Factory
checked in at Thu Sep 1 15:15:20 CEST 2011.




--- wpa_supplicant/wpa_supplicant.changes   2011-03-20 13:55:23.0 
+0100
+++ /mounts/work_src_done/STABLE/wpa_supplicant/wpa_supplicant.changes  
2011-08-31 13:48:54.0 +0200
@@ -1,0 +2,6 @@
+Wed Aug 31 13:46:53 CEST 2011 - vbo...@suse.de
+
+- %ghost directive for /var/run/wpa_supplicant added for tmpfs
+  (bnc 710281)
+
+---

calling whatdependson for head-i586




Other differences:
--
++ wpa_supplicant.spec ++
--- /var/tmp/diff_new_pack.uMpQgp/_old  2011-09-01 15:14:02.0 +0200
+++ /var/tmp/diff_new_pack.uMpQgp/_new  2011-09-01 15:14:02.0 +0200
@@ -1,7 +1,7 @@
 #
-# spec file for package wpa_supplicant (Version 0.7.3)
+# spec file for package wpa_supplicant
 #
-# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -22,7 +22,7 @@
 BuildRequires:  dbus-1-devel libnl-devel libqt4 libqt4-devel openssl-devel 
pkg-config readline-devel
 Url:http://hostap.epitest.fi/wpa_supplicant/
 Version:0.7.3
-Release:1
+Release:6
 License:BSD3c(or similar) ; GPLv2+
 Group:  Productivity/Networking/Other
 Summary:WPA supplicant implementation
@@ -119,6 +119,9 @@
 %config %{_sysconfdir}/%{name}/%{name}.conf
 %config(noreplace) %{_sysconfdir}/logrotate.d/wpa_supplicant
 %dir %{_localstatedir}/run/%{name}
+%if 0%{?suse_version}  1140
+%ghost %{_localstatedir}/run/%{name}
+%endif
 %dir %{_sysconfdir}/%{name}
 %doc %{_mandir}/man8/*
 %doc %{_mandir}/man5/*






Remember to have fun...

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org