Hello community,

here is the log from the commit of package hostapd.995 for openSUSE:12.1:Update 
checked in at 2012-10-19 09:43:59
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:12.1:Update/hostapd.995 (Old)
 and      /work/SRC/openSUSE:12.1:Update/.hostapd.995.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "hostapd.995", Maintainer is ""

Changes:
--------
New Changes file:

--- /dev/null   2012-08-23 02:41:28.555381587 +0200
+++ /work/SRC/openSUSE:12.1:Update/.hostapd.995.new/hostapd.changes     
2012-10-19 09:44:00.000000000 +0200
@@ -0,0 +1,634 @@
+-------------------------------------------------------------------
+Tue Sep 25 07:03:03 UTC 2012 - g...@suse.com
+
+- add hostapd_eap_tls_msg_len_validation.diff to validate the
+  message length of EAP-TLS messages (bnc#781740, CVE-2012-4445)
+
+-------------------------------------------------------------------
+Wed Oct 12 08:46:43 UTC 2011 - lnus...@suse.de
+
+- update to version 0.7.3
+- don't use /tmp for dump file in default config
+- verbose build
+- fix build for older distros
+- enable driver 'none' for radius only mode
+- add init script
+
+-------------------------------------------------------------------
+Fri Sep 30 15:22:48 UTC 2011 - u...@suse.com
+
+- cross-build fix: use %__cc macro
+
+-------------------------------------------------------------------
+Fri Sep 16 12:02:37 UTC 2011 - jeng...@medozas.de
+
+- Select libnl-1_1-devel
+
+-------------------------------------------------------------------
+Sun Oct 31 12:37:02 UTC 2010 - jeng...@medozas.de
+
+- Use %_smp_mflags
+
+-------------------------------------------------------------------
+Wed Jun  9 05:32:08 CEST 2010 - sndir...@suse.de
+
+- udpated to release 0.6.10 
+- updated hostapd.dif
+- git-commit-eb1f744.diff:
+  * Move DTIM period configuration into Beacon set operation; fixes
+    "Could not set DTIM period for kernel driver; wlan0: Unable to
+    setup interface.rmdir[ctrl_interface]: No such file or
+    directory" error when using "nl80211" driver
+
+-------------------------------------------------------------------
+Wed Sep 24 00:58:59 CEST 2008 - r...@suse.de
+
+- drop buildreq for madwifi (dropped package) 
+
+-------------------------------------------------------------------
+Tue Sep 23 01:14:12 CEST 2008 - r...@suse.de
+
+- updae to version 0.5.10, changes:
+  * fixed EAP-SIM and EAP-AKA message parser to validate attribute
+    lengths properly to avoid potential crash caused by invalid messages
+  * fixed Reassociation Response callback processing when using internal
+    MLME (driver_{hostap,devicescape,test}.c)
+  * fixed EAP-SIM/AKA realm processing to allow decorated usernames to
+    be used
+  * added a workaround for EAP-SIM/AKA peers that include incorrect null
+    termination in the username
+  * fixed EAP-SIM Start response processing for fast reauthentication
+    case
+  * copy optional Proxy-State attributes into RADIUS response when acting
+    as a RADIUS authentication server
+
+- update to version 0.5.9, changes:
+  * updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest
+    draft (draft-ietf-emu-eap-gpsk-07.txt)
+  * fixed debugging code not to use potentially unaligned read to fetch
+    IPv4 addresses
+
+-------------------------------------------------------------------
+Mon Jan 21 14:54:48 CET 2008 - csten...@suse.de
+
+- fixed madwifi include dir (b.n.c #350982)
+
+-------------------------------------------------------------------
+Mon Jul 30 16:57:16 CEST 2007 - j...@suse.de
+
+- update to version 0.5.8, changes:
+  * updated driver_devicescape.c to build with the current
+    wireless-dev.git tree and net/d80211 changes
+  * updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest
+    draft (draft-ietf-emu-eap-gpsk-03.txt)
+  * fixed EAP-MSCHAPv2 server to use a space between S and M parameters
+    in Success Request [Bug 203]
+  * added support for sending EAP-AKA Notifications in error cases
+  * RADIUS server: added support for processing duplicate messages
+    (retransmissions from RADIUS client) by replying with the previous
+    reply
+
+-------------------------------------------------------------------
+Wed Mar 14 17:27:32 CET 2007 - j...@suse.de
+
+- split off hostapd in its own package
+- update to version 0.5.7, changes (shortened):
+  * fixed EAP-PSK bit ordering of the Flags field
+  * fixed configuration reloading (SIGHUP) to re-initialize WPA PSKs
+  * fixed IPv6 connection to RADIUS accounting server
+  * added support for configuring and controlling multiple BSSes per
+    radio interface (bss=<ifname> in hostapd.conf)
+  * added support for dynamic VLAN configuration
+  * driver_madwifi: fixed configuration of unencrypted modes
+  * added preliminary implementation of IEEE 802.11w/D1.0 (management
+    frame protection)
+  * fixed session timeout processing with drivers that do not use
+    ieee802_11.c (e.g., madwifi)
+  * added 'hostapd_cli new_sta <addr>' command for adding a new STA
+    into hostapd
+  * fixed hostapd to add PMKID KDE into 4-Way Handshake Message 1
+    when using WPA2 even if PMKSA caching is not used
+  * added -P<pid file> argument for hostapd to write the current
+    process id into a file
+  * added support for RADIUS Authentication Server MIB (RFC 2619)
+  * added support for EAP Generalized Pre-Shared Key
+  * fixed a segmentation fault when RSN pre-authentication was
+    completed successfully
+  * added support for EAP-SAKE
+  * driver_madwifi: added support for getting station RSN IE from
+    madwifi-ng svn r1453 and newer
+  * fixed WPA message 3/4 not to encrypt Key Data field (WPA IE)
+  * added ap_max_inactivity configuration parameter
+  * added support for EAP expanded type (vendor specific EAP methods)
+  * added support for using EAP-SIM pseudonyms and fast re-authentication
+  * added support for EAP-AKA in the integrated EAP authenticator
+
+-------------------------------------------------------------------
+Mon Sep 18 14:13:31 CEST 2006 - j...@suse.de
+
+- hostap-utils: Fixed usage of uninitialised variable (bug 184410)
+- hostapd: Update to version 0.4.9, changes:
+  * added a new configuration option, eapol_version, that can be
+    used to set EAPOL version to 1 (default is 2) to work around
+    broken client implementations that drop EAPOL frames which use
+    version number 2 [Bug 89]
+  * fixed EAP-MSCHAPv2 message length validation
+  * fixed stdarg use in hostapd_logger(): if both stdout and syslog
+    logging was enabled, hostapd could trigger a segmentation fault
+    in vsyslog on some CPU -- C library combinations
+
+-------------------------------------------------------------------
+Sun Feb  5 19:37:30 CET 2006 - r...@suse.de
+
+- use madwifi-devel in BuildRequires 
+
+-------------------------------------------------------------------
+Sun Feb  5 17:09:48 CET 2006 - a...@suse.de
+
+- Remove BuildRequires on km_wlan.
+
+-------------------------------------------------------------------
+Wed Jan 25 21:36:28 CET 2006 - m...@suse.de
+
+- converted neededforbuild to BuildRequires
+
+-------------------------------------------------------------------
+Mon Nov 21 14:00:48 CET 2005 - j...@suse.de
+
+- hostapd: update to 0.4.7, changes:
+  * driver_wired: fixed EAPOL sending to optionally use PAE group
+    address as the destination instead of supplicant MAC address
+  * driver_madwifi: configure driver to use TKIP countermeasures in
+    order to get correct behavior
+  * driver_madwifi: added support for madwifi-ng
+- hostapd: remove obsolete madwifi patch
+- hostapd: updated config file
+- hostap-utils: update to 0.4.7 (no changes)
+- use %{jobs}
+
+-------------------------------------------------------------------
+Tue Nov  8 15:28:33 CET 2005 - j...@suse.de
+
+- do not build as root
+
+-------------------------------------------------------------------
+Fri Nov  4 17:51:44 CET 2005 - j...@suse.de
+
+- hostapd, update to 0.4.6, changes:
+  * added support for replacing user identity from EAP with RADIUS
+    User-Name attribute from Access-Accept message, if that is included,
+    for the RADIUS accounting messages (e.g., for EAP-PEAP/TTLS to get
+    tunneled identity into accounting messages when the RADIUS server
+    does not support better way of doing this with Class attribute)
+  * driver_madwifi: fixed EAPOL packet receive for configuration where
+     ath# is part of a bridge interface
+  * added a configuration file and log analyzer script for logwatch
+  * fixed EAPOL state machine step function to process all state
+    transitions before processing new events; this resolves a race
+    condition in which EAPOL-Start message could trigger hostapd to send
+    two EAP-Response/Identity frames to the authentication server
+- hostapd: added support for madwifi-ng
+- removed hostap-driver, is part of the kernel now
+
+-------------------------------------------------------------------
+Thu Oct 13 16:29:17 CEST 2005 - j...@suse.de
+
+- hostapd: update to 0.4.5, changes (shortened):
+  * added client CA list to the TLS certificate request in order to
++++ 437 more lines (skipped)
++++ between /dev/null
++++ and /work/SRC/openSUSE:12.1:Update/.hostapd.995.new/hostapd.changes

New:
----
  hostapd-0.7.3.tar.gz
  hostapd-tmp.diff
  hostapd.changes
  hostapd.dif
  hostapd.init
  hostapd.spec
  hostapd_eap_tls_msg_len_validation.diff

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ hostapd.spec ++++++
#
# spec file for package hostapd
#
# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via http://bugs.opensuse.org/
#


Name:           hostapd
%if 0%{?suse_version} > 1140
BuildRequires:  libnl-1_1-devel
%else
BuildRequires:  libnl-devel
%endif
BuildRequires:  openssl-devel
Summary:        Turns Your WLAN Card into a WPA capable Access Point
License:        BSD-3-Clause ; GPL-2.0+
Group:          Hardware/Wifi
Version:        0.7.3
Release:        0
BuildRoot:      %{_tmppath}/%{name}-%{version}-build
Url:            http://hostap.epitest.fi/
PreReq:         %insserv_prereq
Source:         http://hostap.epitest.fi/releases/hostapd-%{version}.tar.gz
Source1:        hostapd.init
Patch:          hostapd.dif
Patch1:         hostapd-tmp.diff
Patch2:         hostapd_eap_tls_msg_len_validation.diff

%description
hostapd is a user space daemon for access point and authentication
servers. It implements IEEE 802.11 access point management, IEEE
802.1X/WPA/WPA2/EAP Authenticators, RADIUS client, EAP server, and
RADIUS authentication server. Currently, hostapd supports HostAP,
madwifi, and prism54 drivers. It also supports wired IEEE 802.1X
authentication via any ethernet driver.



Authors:
--------
    Jouni Malinen <jkmal...@cc.hut.fi>

%prep
%setup -n hostapd-%{version}
%patch -p1
%patch1 -p1
%patch2 -p1

cd hostapd
cp defconfig .config

%build
cd hostapd
CFLAGS="$RPM_OPT_FLAGS" CC="%{__cc}" make  %{?_smp_mflags} V=1

%install
cd hostapd
mkdir -p %{buildroot}/%{_sbindir}
mkdir %{buildroot}/etc
mkdir -p %{buildroot}/%{_mandir}/man8
install -m 755 hostapd %{buildroot}/%{_sbindir}
install -D -m 755 %{SOURCE1} %{buildroot}/etc/init.d/hostapd
ln -s /etc/init.d/hostapd %{buildroot}/%{_sbindir}/rchostapd
install -m 755 hostapd_cli %{buildroot}/%{_sbindir}
install -m 644 hostapd.conf %{buildroot}/etc
install -m 644 hostapd.accept %{buildroot}/etc
install -m 644 hostapd.deny %{buildroot}/etc
install -m 644 hostapd.eap_user %{buildroot}/etc
install -m 644 hostapd.radius_clients %{buildroot}/etc
install -m 644 hostapd.sim_db %{buildroot}/etc
install -m 644 hostapd.vlan %{buildroot}/etc
install -m 644 hostapd.wpa_psk %{buildroot}/etc
install -m 644 hostapd.8 %{buildroot}/%{_mandir}/man8

%post
%insserv_cleanup

%preun
%{stop_on_removal hostapd}

%postun
%{restart_on_update hostapd}
%insserv_cleanup

%clean
rm -rf $RPM_BUILD_ROOT

%files
%defattr(-,root,root)
%config(noreplace) /etc/*
/etc/init.d/hostapd
%{_sbindir}/*
%doc hostapd/ChangeLog COPYING hostapd/README hostapd/wired.conf 
hostapd/hostapd.conf
%doc %{_mandir}/man8/*

%changelog
++++++ hostapd-tmp.diff ++++++
Index: hostapd-0.7.3/hostapd/hostapd.conf
===================================================================
--- hostapd-0.7.3.orig/hostapd/hostapd.conf
+++ hostapd-0.7.3/hostapd/hostapd.conf
@@ -52,7 +52,7 @@ logger_stdout=-1
 logger_stdout_level=2
 
 # Dump file for state information (on SIGUSR1)
-dump_file=/tmp/hostapd.dump
+dump_file=/var/run/hostapd.dump
 
 # Interface for separate control program. If this is specified, hostapd
 # will create this directory and a UNIX domain socket for listening to requests
++++++ hostapd.dif ++++++
Index: hostapd-0.7.3/hostapd/defconfig
===================================================================
--- hostapd-0.7.3.orig/hostapd/defconfig
+++ hostapd-0.7.3/hostapd/defconfig
@@ -13,14 +13,14 @@
 CONFIG_DRIVER_HOSTAP=y
 
 # Driver interface for wired authenticator
-#CONFIG_DRIVER_WIRED=y
+CONFIG_DRIVER_WIRED=y
 
 # Driver interface for madwifi driver
 #CONFIG_DRIVER_MADWIFI=y
 #CFLAGS += -I../../madwifi # change to the madwifi source directory
 
 # Driver interface for drivers using the nl80211 kernel interface
-#CONFIG_DRIVER_NL80211=y
+CONFIG_DRIVER_NL80211=y
 # driver_nl80211.c requires a rather new libnl (version 1.1) which may not be
 # shipped with your distribution yet. If that is the case, you need to build
 # newer libnl version and point the hostapd build to use it.
@@ -36,7 +36,7 @@ CONFIG_DRIVER_HOSTAP=y
 #LIBS_c += -L/usr/local/lib
 
 # Driver interface for no driver (e.g., RADIUS server only)
-#CONFIG_DRIVER_NONE=y
+CONFIG_DRIVER_NONE=y
 
 # IEEE 802.11F/IAPP
 CONFIG_IAPP=y
@@ -75,7 +75,7 @@ CONFIG_EAP_GTC=y
 CONFIG_EAP_TTLS=y
 
 # EAP-SIM for the integrated EAP server
-#CONFIG_EAP_SIM=y
+CONFIG_EAP_SIM=y
 
 # EAP-AKA for the integrated EAP server
 #CONFIG_EAP_AKA=y
@@ -85,10 +85,10 @@ CONFIG_EAP_TTLS=y
 #CONFIG_EAP_AKA_PRIME=y
 
 # EAP-PAX for the integrated EAP server
-#CONFIG_EAP_PAX=y
+CONFIG_EAP_PAX=y
 
 # EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK)
-#CONFIG_EAP_PSK=y
+CONFIG_EAP_PSK=y
 
 # EAP-SAKE for the integrated EAP server
 #CONFIG_EAP_SAKE=y
@@ -122,7 +122,7 @@ CONFIG_PKCS12=y
 
 # RADIUS authentication server. This provides access to the integrated EAP
 # server from external hosts using RADIUS.
-#CONFIG_RADIUS_SERVER=y
+CONFIG_RADIUS_SERVER=y
 
 # Build IPv6 support for RADIUS operations
 CONFIG_IPV6=y
@@ -135,7 +135,7 @@ CONFIG_IPV6=y
 #CONFIG_DRIVER_RADIUS_ACL=y
 
 # IEEE 802.11n (High Throughput) support
-#CONFIG_IEEE80211N=y
+CONFIG_IEEE80211N=y
 
 # Remove debugging code that is printing out debug messages to stdout.
 # This can be used to reduce the size of the hostapd considerably if debugging
++++++ hostapd.init ++++++
#!/bin/sh
#
#     SUSE system startup script for hostapd
#     Copyright (C) 1995--2005  Kurt Garloff, SUSE / Novell Inc.
#     Copyright (C) 2011  SUSE Linux Products GmbH
#          
#     This library is free software; you can redistribute it and/or modify it
#     under the terms of the GNU Lesser General Public License as published by
#     the Free Software Foundation; either version 2.1 of the License, or (at
#     your option) any later version.
#                             
#     This library is distributed in the hope that it will be useful, but
#     WITHOUT ANY WARRANTY; without even the implied warranty of
#     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
#     Lesser General Public License for more details.
#      
#     You should have received a copy of the GNU Lesser General Public
#     License along with this library; if not, write to the Free Software
#     Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307,
#     USA.
#
# /etc/init.d/hostapd
#   and its symbolic link
# /usr/sbin/rchostapd
#
### BEGIN INIT INFO
# Provides:          hostapd
# Required-Start:    $syslog $remote_fs
# Required-Stop:     $syslog $remote_fs
# Default-Start:     3 5
# Default-Stop:      0 1 2 6
# Short-Description: hostap deamon
# Description:       IEEE 802.11 access point and authenticator
### END INIT INFO

HOSTAPD_BIN=/usr/sbin/hostapd
HOSTAPD_PID=/var/run/hostapd.pid
HOSTAPD_ARGS="-B -P $HOSTAPD_PID"
HOSTAPD_CONF=/etc/hostapd.conf

sysconf=/etc/sysconfig/hostapd
if [ -e $sysconf ]; then
        . $sysconf
fi

. /etc/rc.status

rc_reset
case "$1" in
    start)
        echo -n "Starting hostapd "
        /sbin/start_daemon -p $HOSTAPD_PID $HOSTAPD_BIN $HOSTAPD_ARGS 
$HOSTAPD_CONF
        rc_status -v
        ;;
    stop)
        echo -n "Shutting down hostapd "
        /sbin/killproc $HOSTAPD_BIN
        rc_status -v
        ;;
    try-restart|condrestart)
        $0 status
        if test $? = 0; then
                $0 restart
        else
                rc_reset
        fi
        rc_status
        ;;
    restart)
        $0 stop
        $0 start
        rc_status
        ;;
    force-reload)
        echo -n "Reload service hostapd "
        /sbin/killproc -HUP $HOSTAPD_BIN
        touch $HOSTAPD_PID
        rc_status -v
        ;;
    reload)
        echo -n "Reload service hostapd "
        /sbin/killproc -HUP $HOSTAPD_BIN
        touch $HOSTAPD_PID
        rc_status -v
        ;;
    status)
        echo -n "Checking for service hostapd "
        /sbin/checkproc $HOSTAPD_BIN
        rc_status -v
        ;;
    probe)
        test $HOSTAPD_CONF -nt $HOSTAPD_PID && echo reload
        ;;
    *)
        echo "Usage: $0 
{start|stop|status|try-restart|restart|force-reload|reload|probe}"
        exit 1
        ;;
esac
rc_exit
++++++ hostapd_eap_tls_msg_len_validation.diff ++++++
---
 src/eap_server/eap_server_tls_common.c |    8 ++++++++
 1 file changed, 8 insertions(+)

--- a/src/eap_server/eap_server_tls_common.c
+++ b/src/eap_server/eap_server_tls_common.c
@@ -224,6 +224,14 @@ static int eap_server_tls_process_fragme
                        return -1;
                }
 
+               if (len > message_length) {
+                       wpa_printf(MSG_INFO, "SSL: Too much data (%d bytes) in "
+                                  "first fragment of frame (TLS Message "
+                                  "Length %d bytes)",
+                                  (int) len, (int) message_length);
+                       return -1;
+               }
+
                data->tls_in = wpabuf_alloc(message_length);
                if (data->tls_in == NULL) {
                        wpa_printf(MSG_DEBUG, "SSL: No memory for message");
-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

Reply via email to